From ca1d6b3588395f3e940fcaefc0914777db33ca38 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 28 Nov 2016 13:06:00 +0100 Subject: l 3 iptables: set defaults correctly --- krebs/3modules/iptables.nix | 30 +++++------------------------- 1 file changed, 5 insertions(+), 25 deletions(-) diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix index a4a4de6f9..09b493c20 100644 --- a/krebs/3modules/iptables.nix +++ b/krebs/3modules/iptables.nix @@ -29,9 +29,10 @@ let tables = mkOption { type = with types; attrsOf (attrsOf (submodule ({ options = { + #TODO: find out good defaults. policy = mkOption { type = str; - default = "-"; + default = "ACCEPT"; }; rules = mkOption { type = nullOr (listOf (submodule ({ @@ -133,30 +134,9 @@ let #===== rules = iptables-version: - let - #TODO: find out good defaults. - tables-defaults = { - nat.PREROUTING.policy = "ACCEPT"; - nat.INPUT.policy = "ACCEPT"; - nat.OUTPUT.policy = "ACCEPT"; - nat.POSTROUTING.policy = "ACCEPT"; - filter.INPUT.policy = "ACCEPT"; - filter.FORWARD.policy = "ACCEPT"; - filter.OUTPUT.policy = "ACCEPT"; - - #if someone specifies any other rules on this chain, the default rules get lost. - #is this wanted beahiviour or a bug? - #TODO: implement abstraction of rules - filter.INPUT.rules = [ - { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; } - ]; - }; - tables = tables-defaults // cfg.tables; - - in - pkgs.writeText "krebs-iptables-rules${iptables-version}" '' - ${buildTables iptables-version tables} - ''; + pkgs.writeText "krebs-iptables-rules${iptables-version}" '' + ${buildTables iptables-version cfg.tables} + ''; startScript = pkgs.writeDash "krebs-iptables_start" '' set -euf -- cgit v1.2.3 From b1260b5eaa60dd648e596773089561276da222db Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 28 Nov 2016 13:06:22 +0100 Subject: l 2 nixpkgs: ee52e98 -> ece0cea --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index caca98746..be54d120a 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "ee52e9809185bdf44452f2913e3f6ef839c15c4e"; + ref = "ece0cea127f0a8799a6bd3b12c368193491f9058"; }; } -- cgit v1.2.3 From d8da51621e44f6577e6d725b6263837cfa70f2bd Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 28 Nov 2016 19:06:00 +0100 Subject: l 2 vim: add trailing space to buffer bindings --- lass/2configs/vim.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index aac2b96d4..bfaae24c8 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -175,8 +175,8 @@ let "Syntastic config let g:syntastic_python_checkers=['flake8'] - nmap q :buffer - nmap :buffer + nmap q :buffer + nmap :buffer cnoremap -- cgit v1.2.3 From 70dd1341b37e70866e811ab787031e4e74e98b09 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 28 Nov 2016 23:29:05 +0100 Subject: m 1 x: shuffle imports ;) --- makefu/1systems/x.nix | 37 ++++++++++++++++++++----------------- 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix index e1aec360d..6fe3883a1 100644 --- a/makefu/1systems/x.nix +++ b/makefu/1systems/x.nix @@ -5,25 +5,39 @@ { imports = - [ # Include the results of the hardware scan. + [ # base ../. - ../2configs/main-laptop.nix #< base-gui + zsh + ../2configs/main-laptop.nix ../2configs/laptop-utils.nix ../2configs/laptop-backup.nix - # Krebs - #../2configs/disable_v6.nix - ../2configs/rad1o.nix + # testing + #../2configs/elchos/search.nix + #../2configs/temp/share-samba.nix + # ../2configs/mediawiki.nix + # ../2configs/wordpress.nix + # ../2configs/nginx/public_html.nix + # ../2configs/nginx/icecult.nix + ../2configs/laptop-backup.nix + #../2configs/temp/elkstack.nix + # ../2configs/temp/sabnzbd.nix + ../2configs/tinc/siem.nix + #../2configs/torrent.nix - # applications + # Krebs + ../2configs/disable_v6.nix + ../2configs/tinc/retiolum.nix + + # applications ../2configs/exim-retiolum.nix ../2configs/mail-client.nix ../2configs/printer.nix ../2configs/virtualization.nix ../2configs/virtualization-virtualbox.nix ../2configs/wwan.nix + ../2configs/rad1o.nix # services ../2configs/git/brain-retiolum.nix @@ -37,19 +51,8 @@ ../2configs/hw/bcm4352.nix # mount points ../2configs/fs/sda-crypto-root-home.nix - # ../2configs/mediawiki.nix - #../2configs/wordpress.nix - #../2configs/nginx/public_html.nix - ../2configs/nginx/icecult.nix - ../2configs/tinc/retiolum.nix # temporary modules - ../2configs/temp/share-samba.nix - ../2configs/laptop-backup.nix - #../2configs/temp/elkstack.nix - # ../2configs/temp/sabnzbd.nix - ../2configs/tinc/siem.nix - #../2configs/torrent.nix ]; makefu.full-populate = true; -- cgit v1.2.3 From 5518fcf25a4872bdca797bd830aebe8570aa2915 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 28 Nov 2016 23:24:47 +0100 Subject: l 2 buildbot: fix indentation --- lass/2configs/buildbot-standalone.nix | 74 +++++++++++++++++++++++------------ 1 file changed, 50 insertions(+), 24 deletions(-) diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index e7fbccb77..9ff96089b 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -18,25 +18,34 @@ in { }; change_source.stockholm = '' stockholm_repo = '${stockholm-mirror-url}' - cs.append(changes.GitPoller( + cs.append( + changes.GitPoller( stockholm_repo, workdir='stockholm-poller', branches=True, project='stockholm', - pollinterval=120)) + pollinterval=120 + ) + ) ''; scheduler = { build-scheduler = '' # build all hosts - sched.append(schedulers.SingleBranchScheduler( - change_filter=util.ChangeFilter(branch_re=".*"), - treeStableTimer=10, - name="build-all-branches", - builderNames=["build-all", "build-pkgs"])) + sched.append( + schedulers.SingleBranchScheduler( + change_filter=util.ChangeFilter(branch_re=".*"), + treeStableTimer=10, + name="build-all-branches", + builderNames=["build-all", "build-pkgs"] + ) + ) ''; }; builder_pre = '' # prepare grab_repo step for stockholm - grab_repo = steps.Git(repourl=stockholm_repo, mode='full') + grab_repo = steps.Git( + repourl=stockholm_repo, + mode='full' + ) # TODO: get nixpkgs/stockholm paths from krebs env_lass = { @@ -57,13 +66,21 @@ in { # prepare nix-shell # the dependencies which are used by the test script - deps = [ "gnumake", "jq", "nix", "(import ).pkgs.populate", "openssh" ] + deps = [ + "gnumake", + "jq", + "nix", + "(import ).pkgs.populate", + "openssh" + ] # TODO: --pure , prepare ENV in nix-shell command: # SSL_CERT_FILE,LOGNAME,NIX_REMOTE - nixshell = ["nix-shell", - "-I", "stockholm=.", - "-I", "nixpkgs=/var/src/nixpkgs", - "-p" ] + deps + [ "--run" ] + nixshell = [ + "nix-shell", + "-I", "stockholm=.", + "-I", "nixpkgs=/var/src/nixpkgs", + "-p" + ] + deps + [ "--run" ] # prepare addShell function def addShell(factory,**kwargs): @@ -73,29 +90,38 @@ in { build-all = '' f = util.BuildFactory() f.addStep(grab_repo) + for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]: - addShell(f,name="build-{}".format(i),env=env_lass, - command=nixshell + \ - ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ + addShell(f,name="build-{}".format(i),env=env_lass, + command=nixshell + \ + ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ make \ test \ target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \ method=build \ - system={}".format(i)]) + system={}".format(i) + ] + ) for i in [ "x", "wry", "vbob", "wbob", "shoney" ]: - addShell(f,name="build-{}".format(i),env=env_makefu, - command=nixshell + \ - ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ + addShell(f,name="build-{}".format(i),env=env_makefu, + command=nixshell + \ + ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ make \ test \ target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \ method=build \ - system={}".format(i)]) + system={}".format(i) + ] + ) - bu.append(util.BuilderConfig(name="build-all", - workernames=workernames, - factory=f)) + bu.append( + util.BuilderConfig( + name="build-all", + workernames=workernames, + factory=f + ) + ) ''; -- cgit v1.2.3 From f55fceaa63d9f830a70d031fdde360c1862bbd32 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 29 Nov 2016 13:56:59 +0100 Subject: l 2 buildbot: add shared hosts to build-all --- lass/2configs/buildbot-standalone.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 9ff96089b..23dd0ae09 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -90,6 +90,17 @@ in { build-all = '' f = util.BuildFactory() f.addStep(grab_repo) + for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" ]: + addShell(f,name="build-{}".format(i),env=env_shared, + command=nixshell + \ + ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ + make \ + test \ + target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \ + method=build \ + system={}".format(i) + ] + ) for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]: addShell(f,name="build-{}".format(i),env=env_lass, -- cgit v1.2.3 From dbc68c5e1bc0ff9ee2b5674098a6221255a03f61 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 29 Nov 2016 11:15:57 +0100 Subject: l 2 buildbot: rename build-all -> build-hosts --- lass/2configs/buildbot-standalone.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 23dd0ae09..72cd66420 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -35,7 +35,7 @@ in { change_filter=util.ChangeFilter(branch_re=".*"), treeStableTimer=10, name="build-all-branches", - builderNames=["build-all", "build-pkgs"] + builderNames=["build-hosts", "build-pkgs"] ) ) ''; @@ -87,7 +87,7 @@ in { factory.addStep(steps.ShellCommand(**kwargs)) ''; builder = { - build-all = '' + build-hosts = '' f = util.BuildFactory() f.addStep(grab_repo) for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" ]: @@ -128,7 +128,7 @@ in { bu.append( util.BuilderConfig( - name="build-all", + name="build-hosts", workernames=workernames, factory=f ) -- cgit v1.2.3 From 61c38e4c2dca1c55d80b87bc7c09b00337ca9f38 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 1 Dec 2016 16:57:29 +0100 Subject: k 3: remove Mic92 from eloop-ml --- krebs/3modules/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 7f5d2c7bd..bf09b7424 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -155,14 +155,13 @@ let to = concatMapStringsSep "," (getAttr "mail") (toList to); }; in mapAttrsToList format (with config.krebs.users; let - eloop-ml = spam-ml ++ [ ciko Mic92 ]; + eloop-ml = spam-ml ++ [ ciko ]; spam-ml = [ lass makefu tv ]; ciko.mail = "wieczorek.stefan@gmail.com"; - Mic92.mail = "joerg@higgsboson.tk"; in { "anmeldung@eloop.org" = eloop-ml; "cfp@eloop.org" = eloop-ml; -- cgit v1.2.3 From fe05d5ac603201d9dc97f5d28b6c10e19682abcb Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 1 Dec 2016 17:10:13 +0100 Subject: l 2 baseX: add ncdu to pkgs --- lass/2configs/baseX.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index fbab23500..cdb6d34ab 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -36,6 +36,7 @@ in { gitAndTools.qgit lm_sensors much + ncdu nmap pavucontrol powertop -- cgit v1.2.3 From 26705829d8e6aeb7bfb7cdb6dde8054f0ee5d073 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 1 Dec 2016 17:10:31 +0100 Subject: l 2 games: add doom{1,2} wrappers --- lass/2configs/games.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 0eec97922..82b7eb2c9 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -2,10 +2,28 @@ let mainUser = config.users.extraUsers.mainUser; + doom = pkgs.writeDash "doom" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${pkgs.zandronum}/bin/zandronum \ + -file $DOOM_DIR/lib/brutalv20.pk3 \ + -file $DOOM_DIR/lib/RebotStarcraftMarines.pk3 \ + -fov 120 \ + "$@" + ''; + doom1 = pkgs.writeDashBin "doom1" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${doom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@" + ''; + doom2 = pkgs.writeDashBin "doom2" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${doom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" + ''; in { environment.systemPackages = with pkgs; [ dwarf_fortress + doom1 + doom2 ]; users.extraUsers = { -- cgit v1.2.3 From f4ce5ea248c6dcb965f9367a4569a39f4be747af Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 1 Dec 2016 21:50:23 +0100 Subject: l 2 nixpkgs: ece0cea -> e360c72 --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index be54d120a..48472f7a1 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "ece0cea127f0a8799a6bd3b12c368193491f9058"; + ref = "e360c7205f84be180d80b97f3980fb809a951486"; }; } -- cgit v1.2.3