From f113b93aa8416b74cf6d2796913147893cc78e49 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 25 Jun 2017 16:15:18 +0200 Subject: tv: properly use symlinkJoin paths Because earlier entries override later ones. --- tv/2configs/htop.nix | 2 +- tv/2configs/vim.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tv/2configs/htop.nix b/tv/2configs/htop.nix index 5d7e0272b..d7d2d7bfd 100644 --- a/tv/2configs/htop.nix +++ b/tv/2configs/htop.nix @@ -7,7 +7,6 @@ with import ; htop = pkgs.symlinkJoin { name = "htop"; paths = [ - super.htop (pkgs.writeDashBin "htop" '' export HTOPRC=${pkgs.writeText "htoprc" '' fields=0 48 17 18 38 39 40 2 46 47 49 1 @@ -37,6 +36,7 @@ with import ; ''} exec ${super.htop}/bin/htop "$@" '') + super.htop ]; }; }; diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index 93ed46dc8..a3af93772 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -300,7 +300,6 @@ let { vim-wrapper = pkgs.symlinkJoin { name = "vim"; paths = [ - pkgs.vim_configurable (pkgs.writeDashBin "vim" '' set -efu (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) @@ -310,6 +309,7 @@ let { # vim-orgmode needs Python, thus vim_configurable instead of just vim exec ${pkgs.vim_configurable}/bin/vim "$@" '') + pkgs.vim_configurable ]; }; -- cgit v1.3.1 From 74429f245d366e783ecbcfb0ebd83a7f57e78e6a Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 27 Jun 2017 10:01:16 +0200 Subject: tv: add htop to default systemPackages --- tv/1systems/cd.nix | 1 - tv/1systems/wu.nix | 1 - tv/1systems/xu.nix | 1 - tv/1systems/zu.nix | 1 - tv/2configs/default.nix | 3 ++- 5 files changed, 2 insertions(+), 5 deletions(-) diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix index 108006f34..9f2cec574 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd.nix @@ -25,7 +25,6 @@ with import ; }; environment.systemPackages = with pkgs; [ - htop iftop iotop iptables diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 60f9fa100..4b3bf8538 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -31,7 +31,6 @@ with import ; get gnupg1compat haskellPackages.hledger - htop jq mkpasswd netcat diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 3add01748..d82f45ac0 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -34,7 +34,6 @@ with import ; file gnupg1compat haskellPackages.hledger - htop jq krebszones mkpasswd diff --git a/tv/1systems/zu.nix b/tv/1systems/zu.nix index 5552ef065..4fae3ca75 100644 --- a/tv/1systems/zu.nix +++ b/tv/1systems/zu.nix @@ -36,7 +36,6 @@ with import ; file gnupg1compat haskellPackages.hledger - htop jq mkpasswd netcat diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 4a1247ef5..d248bf578 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -158,9 +158,10 @@ with import ; { environment.systemPackages = [ pkgs.get + pkgs.htop pkgs.krebspaste - pkgs.ovh-zone pkgs.nix-prefetch-scripts + pkgs.ovh-zone pkgs.push ]; } -- cgit v1.3.1 From 0e607fe1bc50b596301086b064a74232d7126f5c Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Jun 2017 19:46:56 +0200 Subject: l nixpkgs: 4847963 -> e84de79 --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 2adba34bb..34f0a064b 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://cgit.lassul.us/nixpkgs; - ref = "4847963"; + ref = "e84de79"; }; } -- cgit v1.3.1 From 3789c7698b4e076d907e31ab8c0ba60597ee3721 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 27 Jun 2017 19:55:49 +0200 Subject: tv alnus nixpkgs: e924319 -> 9b948ea --- tv/1systems/alnus.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/1systems/alnus.nix b/tv/1systems/alnus.nix index 4bc0318e8..ef2a0500f 100644 --- a/tv/1systems/alnus.nix +++ b/tv/1systems/alnus.nix @@ -58,7 +58,7 @@ with import ; krebs.build = { host = config.krebs.hosts.alnus; user = mkForce config.krebs.users.dv; - source.nixpkgs.git.ref = mkForce "e924319cb6c74aa2a9c943eddeb0caef79db01bc"; + source.nixpkgs.git.ref = mkForce "9b948ea439ddbaa26740ce35543e7e35d2aa6d18"; }; networking.networkmanager.enable = true; -- cgit v1.3.1 From b836a43a395e0f2860b3243702caf53c53a6664a Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 18 Jun 2017 23:23:28 +0200 Subject: m 2 dirctator: bump to latest logstash5 --- makefu/2configs/deployment/dirctator.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/deployment/dirctator.nix b/makefu/2configs/deployment/dirctator.nix index b8e61955d..4f2f8818d 100644 --- a/makefu/2configs/deployment/dirctator.nix +++ b/makefu/2configs/deployment/dirctator.nix @@ -25,6 +25,10 @@ in { stdout { codec => rubydebug } exec { command => "${runit} '%{message}" } ''; - plugins = [ ]; + extraSettings = '' + path.plugins: [ "${pkgs.logstash-output-exec}" ] + ''; + ## NameError: `@path.plugins' is not allowable as an instance variable name + # plugins = [ pkgs.logstash-output-exec ]; }; } -- cgit v1.3.1 From 8c5cc416ace4bf4a251c878ad660e3a043bdb0ab Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 26 Jun 2017 15:32:38 +0200 Subject: doc: init Commit Messages Guideline Based on the discussion irc://ni.r/#retiolum at 2017-06-26 --- doc/Commit_Messages_Guideline.md | 53 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 doc/Commit_Messages_Guideline.md diff --git a/doc/Commit_Messages_Guideline.md b/doc/Commit_Messages_Guideline.md new file mode 100644 index 000000000..e704ee575 --- /dev/null +++ b/doc/Commit_Messages_Guideline.md @@ -0,0 +1,53 @@ +# Commit Messages Guideline + +Commits SHOULD have the following format: + +``` + : + + + +(: )? +``` + +## `` +Defines where the change took place. This can be omitted if the +namespace is `krebs`. Namespaces may be shortened to one to four characters ( +lassulus -> lass, makefu -> make, tv -> tv, shared -> sha) + +## `` +Name of the component which was touched. `component` is +rather fuzzy and may mean different things, just choose what would fit best. + +Here are a numbers of samples for defining the component: + +* Change `gum` in `krebs/3modules/makefu/default.nix`: `gum.r: change ip` +* Change `prepare.sh` in `krebs/4libs/infest`: `infest: prepare stockholm ISO` +* Remove `concat` in `krebs/5pkgs`: `concat: RIP`, this commit may like some `` +* Update `types` in `krebs/3modules`: `lib/types: add managed bool to host type` +* Change host `gum` in `makefu/1systems/gum`: `ma gum.r: add taskserver` +* Change `tinc` module in `krebs/3modules`: `tinc module: add option enableLegacy` + +## `` +Describe some trivia why the commit was done: +``` +whatsupnix: init + +Import from https://github.com/NixOS/nix/issues/443#issuecomment-296752535 +``` + +## `` +Defines external resouces related to the commit: +``` +Closes: #123533 +CVE: CVE-2016-00001 +URL: https://example.com/CVE-2016-00001 +``` + +## Remarks +As a general rule of thumb you can check out: https://www.slideshare.net/TarinGamberini/commit-messages-goodpractices +Of course the pattern not always fits perfectly (for example for refactoring), +just apply some common sense and define a useful commit message, +like `refactor krebs.setuid`. + + -- cgit v1.3.1 From d8f6c52b76feaeac9240a9749f2b38c19f155b9e Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 26 Jun 2017 16:00:37 +0200 Subject: ma hw: refactor --- makefu/2configs/hw/exfat-nofuse.nix | 4 ++++ makefu/2configs/hw/stk1160.nix | 3 +-- makefu/2configs/hw/wwan.nix | 8 ++++++++ makefu/2configs/wwan.nix | 8 -------- 4 files changed, 13 insertions(+), 10 deletions(-) create mode 100644 makefu/2configs/hw/exfat-nofuse.nix create mode 100644 makefu/2configs/hw/wwan.nix delete mode 100644 makefu/2configs/wwan.nix diff --git a/makefu/2configs/hw/exfat-nofuse.nix b/makefu/2configs/hw/exfat-nofuse.nix new file mode 100644 index 000000000..ca3485e9f --- /dev/null +++ b/makefu/2configs/hw/exfat-nofuse.nix @@ -0,0 +1,4 @@ +{ config, ... }: +{ + boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; +} diff --git a/makefu/2configs/hw/stk1160.nix b/makefu/2configs/hw/stk1160.nix index b4d033d76..e73741e26 100644 --- a/makefu/2configs/hw/stk1160.nix +++ b/makefu/2configs/hw/stk1160.nix @@ -1,9 +1,8 @@ { pkgs, ... }: { # TODO: un-pin linuxPackages somehow - boot.kernelPackages = builtins.trace "Warning: overriding kernel Packages with 4.9" pkgs.linuxPackages_4_9; nixpkgs.config.packageOverrides = pkgs: { - linux_4_9 = pkgs.linux_4_9.override { + linux_latest = pkgs.linux_latest.override { extraConfig = '' MEDIA_ANALOG_TV_SUPPORT y VIDEO_STK1160_COMMON m diff --git a/makefu/2configs/hw/wwan.nix b/makefu/2configs/hw/wwan.nix new file mode 100644 index 000000000..0eb0c97d7 --- /dev/null +++ b/makefu/2configs/hw/wwan.nix @@ -0,0 +1,8 @@ +_: + +{ + makefu.umts = { + enable = true; + modem-device = "/dev/serial/by-id/usb-Lenovo_H5321_gw_2D5A51BA0D3C3A90-if01"; + }; +} diff --git a/makefu/2configs/wwan.nix b/makefu/2configs/wwan.nix deleted file mode 100644 index 0eb0c97d7..000000000 --- a/makefu/2configs/wwan.nix +++ /dev/null @@ -1,8 +0,0 @@ -_: - -{ - makefu.umts = { - enable = true; - modem-device = "/dev/serial/by-id/usb-Lenovo_H5321_gw_2D5A51BA0D3C3A90-if01"; - }; -} -- cgit v1.3.1 From 0b88f7d2fee456eb0a5c8ec426e5d6f5d7d2e1f3 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 26 Jun 2017 16:00:54 +0200 Subject: ma x.r: cleanup imports --- makefu/1systems/x.nix | 49 ++++++++++++++++++------------------------------- 1 file changed, 18 insertions(+), 31 deletions(-) diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix index ee3a7bb1b..77b9915ae 100644 --- a/makefu/1systems/x.nix +++ b/makefu/1systems/x.nix @@ -13,59 +13,48 @@ with import ; ../2configs/tools/all.nix ../2configs/laptop-backup.nix ../2configs/dnscrypt.nix + ../2configs/avahi.nix - # testing - # ../2configs/openvpn/vpngate.nix - #../2configs/temp/share-samba.nix - # ../2configs/mediawiki.nix - # ../2configs/wordpress.nix - # ../2configs/nginx/public_html.nix - # ../2configs/nginx/icecult.nix - - # ../2configs/elchos/irc-token.nix - # ../2configs/elchos/log.nix - - #../2configs/elchos/search.nix - #../2configs/elchos/stats.nix - #../2configs/elchos/test/ftpservers.nix - - # ../2configs/tinc/siem.nix - #../2configs/torrent.nix - # temporary modules - - # ../2configs/torrent.nix - #../2configs/temp/elkstack.nix - # ../2configs/temp/sabnzbd.nix + # Debugging + # ../2configs/disable_v6.nix + # Testing + # ../2configs/deployment/dirctator.nix + # ../2configs/vncserver.nix + # ../2configs/deployment/led-fader + # ../2configs/deployment/hound # development ../2configs/sources # Krebs - # ../2configs/disable_v6.nix ../2configs/tinc/retiolum.nix # applications ../2configs/exim-retiolum.nix ../2configs/mail-client.nix ../2configs/printer.nix + + # Virtualization ../2configs/virtualization.nix + ../2configs/docker.nix ../2configs/virtualization-virtualbox.nix - ../2configs/wwan.nix - ../2configs/rad1o.nix - # services + # Services ../2configs/git/brain-retiolum.nix ../2configs/tor.nix ../2configs/steam.nix # ../2configs/buildbot-standalone.nix - # hardware specifics are in here + # Hardware ../2configs/hw/tp-x230.nix ../2configs/hw/rtl8812au.nix - ../2configs/hw/stk1160.nix + ../2configs/hw/exfat-nofuse.nix + ../2configs/hw/wwan.nix + # ../2configs/hw/stk1160.nix + # ../2configs/rad1o.nix - # mount points + # Filesystem ../2configs/fs/sda-crypto-root-home.nix ]; @@ -76,10 +65,8 @@ with import ; nixpkgs.config.allowUnfree = true; - boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; environment.systemPackages = [ pkgs.passwdqc-utils ]; - virtualisation.docker.enable = true; # configure pulseAudio to provide a HDMI sink as well networking.firewall.enable = true; -- cgit v1.3.1 From 02eeb5a550728213c0777ccb1a5b2392f8fef18a Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 26 Jun 2017 16:01:36 +0200 Subject: ma tools: add more software --- makefu/2configs/tools/dev.nix | 2 ++ makefu/2configs/tools/extra-gui.nix | 5 ++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index 4fe7f8bf4..e40f5b36f 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -12,5 +12,7 @@ cac-api cac-panel ovh-zone + whatsupnix + brain ]; } diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index 56cdccd1f..1e68e935c 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -2,13 +2,16 @@ { krebs.per-user.makefu.packages = with pkgs;[ + # media gimp inkscape libreoffice - saleae-logic skype synergy tdesktop virtmanager + # Dev + saleae-logic + arduino-user-env ]; } -- cgit v1.3.1 From 4221210d5a495f9033d9e566b6f926d3fcc9aec5 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 26 Jun 2017 16:01:50 +0200 Subject: ma docker: init config --- makefu/2configs/docker.nix | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 makefu/2configs/docker.nix diff --git a/makefu/2configs/docker.nix b/makefu/2configs/docker.nix new file mode 100644 index 000000000..98fd980cc --- /dev/null +++ b/makefu/2configs/docker.nix @@ -0,0 +1,4 @@ +{...}: +{ + virtualisation.docker.enable = true; +} -- cgit v1.3.1 From 319add434302276a52590f1bca3701ee45443cc5 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 26 Jun 2017 16:08:27 +0200 Subject: doc/makefu: init logbook add the logbooks i created for install_fileleech and transfer of gum --- doc/makefu/logbook/install_fileleech.md | 17 +++++++++++++++++ doc/makefu/logbook/transfer_gum.md | 16 ++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 doc/makefu/logbook/install_fileleech.md create mode 100644 doc/makefu/logbook/transfer_gum.md diff --git a/doc/makefu/logbook/install_fileleech.md b/doc/makefu/logbook/install_fileleech.md new file mode 100644 index 000000000..15f8c1bca --- /dev/null +++ b/doc/makefu/logbook/install_fileleech.md @@ -0,0 +1,17 @@ +# install fileleech + +``` +builder$ python3 host.py --create-ssh-keys --create-passwords fileleech +iso$ fdisk /dev/sda # 3 partitions, grub,boot,crypt +iso$ cryptsetup luksFormat /dev/sda3 --cipher aes-xts-plain64 -s 512 -h sha512 +iso$ cryptsetup luksAddKey /dev/sda3 hddkey +iso$ cryptsetup luksOpen --keyfile-size=4096 -d /dev/disk/by-id/usb-Intuix_DiskOnKey_09A07360336198F8-0:0 /dev/disk/by-id/ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN-part3 luksroot +iso$ mkfs.ext4 -Lnixboot /dev/sda2 +iso$ mkfs.ext4 -Lroot /dev/mapper/luksroot +iso$ echo 1 > /proc/sys/net/ipv6/conf/enp8s0f0/disable_ipv6 +iso$ mount /dev/mapper/luksroot /mnt +iso$ mkdir /mnt/boot +iso$ mount /dev/sda2 /mnt/boot +iso$ mkdir -p /mnt/var/src +iso$ touch /mnt/var/src/.populate +``` diff --git a/doc/makefu/logbook/transfer_gum.md b/doc/makefu/logbook/transfer_gum.md new file mode 100644 index 000000000..5f9c88256 --- /dev/null +++ b/doc/makefu/logbook/transfer_gum.md @@ -0,0 +1,16 @@ +# transfer gum to new hosts + +``` +builder$ vim krebs/3modules/makefu/default.nix +## update ip +builder$ vim makefu/1systems/gum.nix +## update hardware config + +old-gum$ rsync --progress -lprtvzF . :/mnt/ + +new-gum$ touch /mnt/var/src/.populate +new-gum$ gdisk /dev/sda r;g;w # gpt to mbr + +builder$ make -C ~/stockholm system=gum target=vcygfnhdxyxr47zu.onion install + +``` -- cgit v1.3.1 From 622d0dc0f266f94cfd5e6a5eec0ae254fec60ba3 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 26 Jun 2017 16:22:47 +0200 Subject: ma task-client: systemPackages -> per-user --- makefu/2configs/task-client.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 makefu/2configs/task-client.nix diff --git a/makefu/2configs/task-client.nix b/makefu/2configs/task-client.nix new file mode 100644 index 000000000..330616f4a --- /dev/null +++ b/makefu/2configs/task-client.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: +{ + krebs.per-user.makefu.packages = [ + pkgs.taskwarrior + ]; + + environment.shellAliases = { + tshack = "task project:shack"; + twork = "task project:soc"; + tpki = "task project:pki"; + tkrebs = "task project:krebs"; + t = "task project: "; + }; +} -- cgit v1.3.1 From 1f72a5d66bbbc9f213e3fa5de071d06a1818d930 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 26 Jun 2017 17:06:22 +0200 Subject: ma arduino-user-env: init --- makefu/5pkgs/arduino-user-env/default.nix | 35 +++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 makefu/5pkgs/arduino-user-env/default.nix diff --git a/makefu/5pkgs/arduino-user-env/default.nix b/makefu/5pkgs/arduino-user-env/default.nix new file mode 100644 index 000000000..7339c50a2 --- /dev/null +++ b/makefu/5pkgs/arduino-user-env/default.nix @@ -0,0 +1,35 @@ +{ lib, pkgs, ... }: let + +#TODO: make sure env exists prior to running +env_nix = pkgs.writeText "env.nix" '' + { pkgs ? import {} }: + + (pkgs.buildFHSUserEnv { + name = "arduino-user-env"; + targetPkgs = pkgs: with pkgs; [ + coreutils + ]; + multiPkgs = pkgs: with pkgs; [ + arduino + alsaLib + zlib + xorg.libXxf86vm + curl + openal + openssl_1_0_2 + xorg.libXext + xorg.libX11 + xorg.libXrandr + xorg.libXcursor + xorg.libXinerama + xorg.libXi + mesa_glu + ]; + runScript = "zsh"; + }).env +''; + + +in pkgs.writeDashBin "arduino-user-env" '' + nix-shell ${env_nix} +'' -- cgit v1.3.1 From d58e8035b4101b20539279247ec083b72ba0a647 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 26 Jun 2017 14:22:11 +0200 Subject: k 4 infest: prepare Regression for stockholm --- krebs/4lib/infest/prepare.sh | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index 50d521e17..8e921ce06 100644 --- a/krebs/4lib/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh @@ -36,14 +36,7 @@ prepare() {( ;; esac ;; - nixos) - case $(cat /proc/cmdline) in - *' root=LABEL=NIXOS_ISO '*) - prepare_nixos_iso "$@" - exit - esac - ;; - stockholm) + nixos|stockholm) case $(cat /proc/cmdline) in *' root=LABEL=NIXOS_ISO '*) prepare_nixos_iso "$@" @@ -102,7 +95,8 @@ prepare_nixos_iso() { mkdir -p bin rm -f bin/nixos-install cp "$(type -p nixos-install)" bin/nixos-install - sed -i "s@^NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install + sed -i 's@^\(\(export \|\)NIX_PATH\)=\"[^\"]*\"@\1=$target_path@' bin/nixos-install + } get_nixos_install() { @@ -217,7 +211,7 @@ prepare_common() {( mkdir -p bin rm -f bin/nixos-install cp "$(type -p nixos-install)" bin/nixos-install - sed -i "s@^NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install + sed -i 's@^\(\(export \|\)NIX_PATH\)=\"[^\"]*\"@\1=$target_path@' bin/nixos-install if ! grep -q '^PATH.*#krebs' .bashrc; then echo '. /root/.nix-profile/etc/profile.d/nix.sh' >> .bashrc -- cgit v1.3.1 From 1b2a4d09ed9e30c6874697ca9421087a5573a0ad Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Jun 2017 20:59:02 +0200 Subject: l nixpkgs: e84de79 -> 0a4db15 --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 34f0a064b..1c68d58d5 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://cgit.lassul.us/nixpkgs; - ref = "e84de79"; + ref = "0a4db15"; }; } -- cgit v1.3.1 From b28b68250d13bfa15b6cc58e597873737e616e93 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 27 Jun 2017 21:01:40 +0200 Subject: make x.r: init lancache prepare deployment of lan party steam cache --- makefu/1systems/x.nix | 1 + makefu/2configs/lancache.nix | 79 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 80 insertions(+) create mode 100644 makefu/2configs/lancache.nix diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix index 77b9915ae..b37c32944 100644 --- a/makefu/1systems/x.nix +++ b/makefu/1systems/x.nix @@ -34,6 +34,7 @@ with import ; ../2configs/exim-retiolum.nix ../2configs/mail-client.nix ../2configs/printer.nix + ../2configs/task-client.nix # Virtualization ../2configs/virtualization.nix diff --git a/makefu/2configs/lancache.nix b/makefu/2configs/lancache.nix new file mode 100644 index 000000000..8ec401361 --- /dev/null +++ b/makefu/2configs/lancache.nix @@ -0,0 +1,79 @@ +{ pkgs, lib, config, ... }: +with import ; +let + # see https://github.com/zeropingheroes/lancache for full docs + cachedir = "/var/lancache/cache"; + logdir = "/var/lancache/log"; + + lancache= pkgs.stdenv.mkDerivation rec { + name = "lancache-2017-06-26"; + src = pkgs.fetchFromGitHub { + # origin: https://github.com/multiplay/lancache + # forked: https://github.com/zeropingheroes/lancache + repo = "lancache"; + owner = "zeropingheroes"; + rev = "143f7bb"; + sha256 = "1ra4l7qz3k231j5wabr89s5hh80n1kk8vgd3dsh0xx5mdpjhvdl6"; + }; + phases = [ "unpackPhase" "installPhase" ]; + # here we can chance to edit `includes/proxy-cache-paths.conf` + installPhase = '' + mkdir -p $out + cp -r * $out/ + sed -i -e 's/^\(user\).*/\1 ${cfg.user} ${cfg.group};/' \ + -e 's/^\(error_log\).*/\1 stderr;\ndaemon off;/' $out/nginx.conf + ''; + }; + cfg = { + group = "nginx-lancache"; + user = "nginx-lancache"; + stateDir = "/var/lancache"; + package = pkgs.stdenv.lib.overrideDerivation pkgs.nginx (old:{ + configureFlags = old.configureFlags ++ [ + "--with-http_slice_module" + "--with-stream" + "--with-pcre" + ]; + }); + }; +in { + systemd.services.nginx-lancache = { + description = "Nginx lancache Server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + restartIfChanged = true; + + preStart = '' + PATH_CACHE="/var/lancache/cache" + PATH_LOGS="/var/lancache/logs" + WWW_USER="${cfg.user}" + WWW_GROUP="${cfg.group}" + + mkdir -p $PATH_CACHE + cd $PATH_CACHE + mkdir -p installers tmp + mkdir -p $PATH_LOGS + + chown -R $WWW_USER:$WWW_USER $PATH_CACHE + chown -R $WWW_USER:$WWW_USER $PATH_LOGS + ''; + serviceConfig = { + ExecStart = "${cfg.package}/bin/nginx -c ${lancache}/nginx.conf -p ${lancache}"; + ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + Restart = "always"; + RestartSec = "10s"; + StartLimitInterval = "1min"; + }; + }; + users.extraUsers = (singleton + { name = cfg.user; + group = cfg.group; + uid = genid cfg.group; + }); + + users.extraGroups = (singleton + { name = "${cfg.group}"; + gid = genid cfg.group; + }); + +} -- cgit v1.3.1 From dca58fbc212468cb97e15ac1fc2f47a1693c7ff3 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 27 Jun 2017 21:02:36 +0200 Subject: make led-fader: after networ-online.target --- makefu/2configs/deployment/led-fader.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/deployment/led-fader.nix b/makefu/2configs/deployment/led-fader.nix index 50023693d..678370c69 100644 --- a/makefu/2configs/deployment/led-fader.nix +++ b/makefu/2configs/deployment/led-fader.nix @@ -31,6 +31,7 @@ in { }; # after = [ (lib.optional config.services.mosqitto.enable "mosquitto.service") ]; wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; serviceConfig = { # User = "nobody"; # need a user with permissions to run nix-shell ExecStart = "${pkg}/bin/ampel 4 ${pkg}/share/times.json"; -- cgit v1.3.1 From ebb68ee1f89d9387402effe0726809831e6de9b6 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 27 Jun 2017 21:30:05 +0200 Subject: tv mu: security.wrappers.slock.{slock => source} --- tv/1systems/mu.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/1systems/mu.nix b/tv/1systems/mu.nix index fcd0a2178..cb8e7d97a 100644 --- a/tv/1systems/mu.nix +++ b/tv/1systems/mu.nix @@ -101,7 +101,7 @@ with import ; security.wrappers = { sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron - slock.slock = "${pkgs.slock}/bin/slock"; + slock.source = "${pkgs.slock}/bin/slock"; }; security.pam.loginLimits = [ -- cgit v1.3.1 From 24adece79e47af6602ce1fc48a2d5b772c225b61 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 27 Jun 2017 21:30:22 +0200 Subject: tv mu: kde4 -> plasma5, maybe --- tv/1systems/mu.nix | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/tv/1systems/mu.nix b/tv/1systems/mu.nix index cb8e7d97a..8e527b021 100644 --- a/tv/1systems/mu.nix +++ b/tv/1systems/mu.nix @@ -82,12 +82,9 @@ with import ; chromiumDev skype libreoffice - kde4.l10n.de - kde4.plasma-nm pidgin-with-plugins pidginotr - kde4.print_manager #foomatic_filters #gutenprint #cups_pdf_filter @@ -138,7 +135,9 @@ with import ; twoFingerScroll = true; }; - services.xserver.desktopManager.kde4.enable = true; + services.xserver.desktopManager.plasma5 = { + enable = true; + }; services.xserver.displayManager.auto = { enable = true; user = "vv"; -- cgit v1.3.1 From 4fc9f53f7a44a52fafc4ba7e7d3bf8e3dd865dd5 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 27 Jun 2017 22:29:46 +0200 Subject: tv mu: chromiumDev -> chromium --- tv/1systems/mu.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/1systems/mu.nix b/tv/1systems/mu.nix index 8e527b021..3f3b2c2f4 100644 --- a/tv/1systems/mu.nix +++ b/tv/1systems/mu.nix @@ -79,7 +79,7 @@ with import ; gimp xsane firefoxWrapper - chromiumDev + chromium skype libreoffice pidgin-with-plugins -- cgit v1.3.1 From 954996f78fbd65f89d2e768d09e2bcc41c080d17 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 27 Jun 2017 22:57:34 +0200 Subject: tv: configure stockholm for buildbot --- tv/2configs/default.nix | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index d248bf578..5d61cb941 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -1,20 +1,24 @@ -{ config, lib, pkgs, ... }: - with import ; - -{ +{ config, lib, pkgs, ... }: let + builder = if getEnv "dummy_secrets" == "true" + then "buildbot" + else "tv"; +in { krebs.enable = true; krebs.build = { user = config.krebs.users.tv; source = let inherit (config.krebs.build) host; in { nixos-config.symlink = "stockholm/tv/1systems/${host.name}.nix"; - secrets.file = - if getEnv "dummy_secrets" == "true" - then toString - else "/home/tv/secrets/${host.name}"; + secrets.file = getAttr builder { + buildbot = toString ; + tv = "/home/tv/secrets/${host.name}"; + }; secrets-common.file = "/home/tv/secrets/common"; - stockholm.file = "/home/tv/stockholm"; + stockholm.file = getAttr builder { + buildbot = getEnv "PWD"; + tv = "/home/tv/stockholm"; + }; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; ref = "412b0a17aa2975e092c7ab95a38561c5f82908d4"; # nixos-17.03 -- cgit v1.3.1 From 62638ad7f17a4ed536a1842e36130c264d1e2bc2 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 27 Jun 2017 23:28:41 +0200 Subject: Makefile: call build with whatsupnix --- Makefile | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index ce6205c5b..ecc2f493d 100644 --- a/Makefile +++ b/Makefile @@ -51,13 +51,23 @@ $(if $(target_user),,$(error unbound variable: target_user)) $(if $(target_port),,$(error unbound variable: target_port)) $(if $(target_path),,$(error unbound variable: target_path)) +whatsupnix = \ + if type whatsupnix >/dev/null 2>&1; then \ + whatsupnix $(1); \ + else \ + cat; \ + fi + build = \ nix-build \ + -Q \ --no-out-link \ --show-trace \ -I nixos-config=$(nixos-config) \ -I stockholm=$(stockholm) \ - -E "with import ; $(1)" + -E "with import ; $(1)" \ + $(2) \ + |& $(call whatsupnix) evaluate = \ nix-instantiate \ @@ -84,11 +94,7 @@ deploy: $(ssh) $(target_user)@$(target_host) -p $(target_port) \ env STOCKHOLM_VERSION="$$STOCKHOLM_VERSION" \ nixos-rebuild -Q $(rebuild-command) --show-trace -I $(target_path) \ - |& if type whatsupnix 2>/dev/null; then \ - whatsupnix $(target_user)@$(target_host):$(target_port); \ - else \ - cat; \ - fi + |& $(call whatsupnix,$(target_user)@$(target_host):$(target_port)) # usage: make populate system=foo populate: populate-target = \ -- cgit v1.3.1 From f61a6d03e3ad27b18fcf96f586717ba99c588c4a Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 27 Jun 2017 23:29:43 +0200 Subject: make test: use build and evaluate --- Makefile | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index ecc2f493d..cab53d52a 100644 --- a/Makefile +++ b/Makefile @@ -76,7 +76,8 @@ evaluate = \ --show-trace \ -I nixos-config=$(nixos-config) \ -I stockholm=$(stockholm) \ - -E "let eval = import ; in with eval; $(1)" + -E "let eval = import ; in with eval; $(1)" \ + $(2) ifeq ($(MAKECMDGOALS),) $(error No goals specified) @@ -132,10 +133,10 @@ install: # usage: make test system=foo [target=bar] [method={eval,build}] method ?= eval ifeq ($(method),build) -test: command = nix-build --no-out-link +test: test = $(call build,$(1),$(2)) else ifeq ($(method),eval) -test: command ?= nix-instantiate --eval --json --readonly-mode --strict +test: test ?= $(call evaluate,$(1),$(2)) --json --strict | jq -r . else $(error bad method: $(method)) endif @@ -147,6 +148,4 @@ else test: wrapper = $(ssh) $(target_user)@$(target_host) -p $(target_port) endif test: populate - $(wrapper) \ - $(command) --show-trace -I $(target_path) \ - -A config.system.build.toplevel $(target_path)/stockholm + $(wrapper) $(call test,config.system.build.toplevel,-I $(target_path)) -- cgit v1.3.1 From ee08824427c0a8dbc92aa2858300f7aae5d70df0 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 27 Jun 2017 23:40:38 +0200 Subject: tv: stockholm is really just --- tv/2configs/default.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 5d61cb941..aae7c5a1b 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -15,10 +15,7 @@ in { tv = "/home/tv/secrets/${host.name}"; }; secrets-common.file = "/home/tv/secrets/common"; - stockholm.file = getAttr builder { - buildbot = getEnv "PWD"; - tv = "/home/tv/stockholm"; - }; + stockholm.file = toString ; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; ref = "412b0a17aa2975e092c7ab95a38561c5f82908d4"; # nixos-17.03 -- cgit v1.3.1 From 62e50105badbe23a3e448d8ca9f5770f7698b22b Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 27 Jun 2017 23:48:05 +0200 Subject: krebs.build.source: stockholm default is --- krebs/3modules/build.nix | 2 ++ tv/2configs/default.nix | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix index 51f192703..976d378f9 100644 --- a/krebs/3modules/build.nix +++ b/krebs/3modules/build.nix @@ -24,4 +24,6 @@ with import ; type = types.user; }; }; + + config.krebs.build.source.stockholm.file = mkDefault (toString ); } diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index aae7c5a1b..bab1c72b6 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -15,7 +15,6 @@ in { tv = "/home/tv/secrets/${host.name}"; }; secrets-common.file = "/home/tv/secrets/common"; - stockholm.file = toString ; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; ref = "412b0a17aa2975e092c7ab95a38561c5f82908d4"; # nixos-17.03 -- cgit v1.3.1 From 10adb2d27e3005c7239585eb38dbbe3b5b01a400 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 28 Jun 2017 03:31:14 +0200 Subject: whatsupnix: use gawk and nix-store explicitly --- krebs/5pkgs/simple/whatsupnix/whatsupnix.bash | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash b/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash index 042763048..127209570 100644 --- a/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash +++ b/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash @@ -17,15 +17,12 @@ # 2 Build error; at least one failed derivation could be found. # -GAWK=${GAWK:-gawk} -NIX_STORE=${NIX_STORE:-nix-store} - failed_drvs=$(mktemp --tmpdir whatsupnix.XXXXXXXX) trap 'rm -f -- "$failed_drvs"' EXIT exec >&2 -$GAWK -v failed_drvs="$failed_drvs" ' +gawk -v failed_drvs="$failed_drvs" ' match($0, /^builder for ‘(\/nix\/store\/[^’]+\.drv)’ failed/, m) { print m[1] >> failed_drvs } @@ -35,7 +32,7 @@ $GAWK -v failed_drvs="$failed_drvs" ' case $# in 0) print_log() { - NIX_PAGER= $NIX_STORE -l "$1" + NIX_PAGER= nix-store -l "$1" } ;; 1) -- cgit v1.3.1 From 9bd7f9ebf4055534ace98002a1a9ddbb243805d1 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 28 Jun 2017 08:46:55 +0200 Subject: ma lancache: fix nginx prefix issues nginx is unable to have a config with relativ paths and a statedir somewhere else. this is why i now prepare the 'prefix' with everything in it. --- makefu/2configs/lancache.nix | 28 +++++++++++----------------- 1 file changed, 11 insertions(+), 17 deletions(-) diff --git a/makefu/2configs/lancache.nix b/makefu/2configs/lancache.nix index 8ec401361..ff5b0d788 100644 --- a/makefu/2configs/lancache.nix +++ b/makefu/2configs/lancache.nix @@ -2,9 +2,6 @@ with import ; let # see https://github.com/zeropingheroes/lancache for full docs - cachedir = "/var/lancache/cache"; - logdir = "/var/lancache/log"; - lancache= pkgs.stdenv.mkDerivation rec { name = "lancache-2017-06-26"; src = pkgs.fetchFromGitHub { @@ -21,13 +18,14 @@ let mkdir -p $out cp -r * $out/ sed -i -e 's/^\(user\).*/\1 ${cfg.user} ${cfg.group};/' \ - -e 's/^\(error_log\).*/\1 stderr;\ndaemon off;/' $out/nginx.conf + -e '1 idaemon off;' \ + $out/nginx.conf ''; }; cfg = { group = "nginx-lancache"; user = "nginx-lancache"; - stateDir = "/var/lancache"; + statedir = "/var/lancache"; package = pkgs.stdenv.lib.overrideDerivation pkgs.nginx (old:{ configureFlags = old.configureFlags ++ [ "--with-http_slice_module" @@ -44,27 +42,23 @@ in { restartIfChanged = true; preStart = '' - PATH_CACHE="/var/lancache/cache" - PATH_LOGS="/var/lancache/logs" - WWW_USER="${cfg.user}" - WWW_GROUP="${cfg.group}" - - mkdir -p $PATH_CACHE - cd $PATH_CACHE - mkdir -p installers tmp - mkdir -p $PATH_LOGS + mkdir -p ${cfg.statedir} && cd ${cfg.statedir} + PATH_CACHE=$PATH_BASE/cache + PATH_LOGS=$PATH_BASE/logs - chown -R $WWW_USER:$WWW_USER $PATH_CACHE - chown -R $WWW_USER:$WWW_USER $PATH_LOGS + mkdir -p cache/{installers,tmp} logs + rm -f conf; ln -s ${lancache} conf + chown -R ${cfg.user}:${cfg.group} . ''; serviceConfig = { - ExecStart = "${cfg.package}/bin/nginx -c ${lancache}/nginx.conf -p ${lancache}"; + ExecStart = "${cfg.package}/bin/nginx -p ${cfg.statedir}"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; Restart = "always"; RestartSec = "10s"; StartLimitInterval = "1min"; }; }; + environment.etc.nginx.source = lancache; users.extraUsers = (singleton { name = cfg.user; group = cfg.group; -- cgit v1.3.1 From 984b7fd31b47bfbbee0e8adf8a1e6caa69376c2e Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 28 Jun 2017 12:00:18 +0200 Subject: ma: mv {,lanparty}/lancache --- makefu/2configs/lancache.nix | 73 ----------------------------------- makefu/2configs/lanparty/lancache.nix | 73 +++++++++++++++++++++++++++++++++++ 2 files changed, 73 insertions(+), 73 deletions(-) delete mode 100644 makefu/2configs/lancache.nix create mode 100644 makefu/2configs/lanparty/lancache.nix diff --git a/makefu/2configs/lancache.nix b/makefu/2configs/lancache.nix deleted file mode 100644 index ff5b0d788..000000000 --- a/makefu/2configs/lancache.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ pkgs, lib, config, ... }: -with import ; -let - # see https://github.com/zeropingheroes/lancache for full docs - lancache= pkgs.stdenv.mkDerivation rec { - name = "lancache-2017-06-26"; - src = pkgs.fetchFromGitHub { - # origin: https://github.com/multiplay/lancache - # forked: https://github.com/zeropingheroes/lancache - repo = "lancache"; - owner = "zeropingheroes"; - rev = "143f7bb"; - sha256 = "1ra4l7qz3k231j5wabr89s5hh80n1kk8vgd3dsh0xx5mdpjhvdl6"; - }; - phases = [ "unpackPhase" "installPhase" ]; - # here we can chance to edit `includes/proxy-cache-paths.conf` - installPhase = '' - mkdir -p $out - cp -r * $out/ - sed -i -e 's/^\(user\).*/\1 ${cfg.user} ${cfg.group};/' \ - -e '1 idaemon off;' \ - $out/nginx.conf - ''; - }; - cfg = { - group = "nginx-lancache"; - user = "nginx-lancache"; - statedir = "/var/lancache"; - package = pkgs.stdenv.lib.overrideDerivation pkgs.nginx (old:{ - configureFlags = old.configureFlags ++ [ - "--with-http_slice_module" - "--with-stream" - "--with-pcre" - ]; - }); - }; -in { - systemd.services.nginx-lancache = { - description = "Nginx lancache Server"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - restartIfChanged = true; - - preStart = '' - mkdir -p ${cfg.statedir} && cd ${cfg.statedir} - PATH_CACHE=$PATH_BASE/cache - PATH_LOGS=$PATH_BASE/logs - - mkdir -p cache/{installers,tmp} logs - rm -f conf; ln -s ${lancache} conf - chown -R ${cfg.user}:${cfg.group} . - ''; - serviceConfig = { - ExecStart = "${cfg.package}/bin/nginx -p ${cfg.statedir}"; - ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; - Restart = "always"; - RestartSec = "10s"; - StartLimitInterval = "1min"; - }; - }; - environment.etc.nginx.source = lancache; - users.extraUsers = (singleton - { name = cfg.user; - group = cfg.group; - uid = genid cfg.group; - }); - - users.extraGroups = (singleton - { name = "${cfg.group}"; - gid = genid cfg.group; - }); - -} diff --git a/makefu/2configs/lanparty/lancache.nix b/makefu/2configs/lanparty/lancache.nix new file mode 100644 index 000000000..ff5b0d788 --- /dev/null +++ b/makefu/2configs/lanparty/lancache.nix @@ -0,0 +1,73 @@ +{ pkgs, lib, config, ... }: +with import ; +let + # see https://github.com/zeropingheroes/lancache for full docs + lancache= pkgs.stdenv.mkDerivation rec { + name = "lancache-2017-06-26"; + src = pkgs.fetchFromGitHub { + # origin: https://github.com/multiplay/lancache + # forked: https://github.com/zeropingheroes/lancache + repo = "lancache"; + owner = "zeropingheroes"; + rev = "143f7bb"; + sha256 = "1ra4l7qz3k231j5wabr89s5hh80n1kk8vgd3dsh0xx5mdpjhvdl6"; + }; + phases = [ "unpackPhase" "installPhase" ]; + # here we can chance to edit `includes/proxy-cache-paths.conf` + installPhase = '' + mkdir -p $out + cp -r * $out/ + sed -i -e 's/^\(user\).*/\1 ${cfg.user} ${cfg.group};/' \ + -e '1 idaemon off;' \ + $out/nginx.conf + ''; + }; + cfg = { + group = "nginx-lancache"; + user = "nginx-lancache"; + statedir = "/var/lancache"; + package = pkgs.stdenv.lib.overrideDerivation pkgs.nginx (old:{ + configureFlags = old.configureFlags ++ [ + "--with-http_slice_module" + "--with-stream" + "--with-pcre" + ]; + }); + }; +in { + systemd.services.nginx-lancache = { + description = "Nginx lancache Server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + restartIfChanged = true; + + preStart = '' + mkdir -p ${cfg.statedir} && cd ${cfg.statedir} + PATH_CACHE=$PATH_BASE/cache + PATH_LOGS=$PATH_BASE/logs + + mkdir -p cache/{installers,tmp} logs + rm -f conf; ln -s ${lancache} conf + chown -R ${cfg.user}:${cfg.group} . + ''; + serviceConfig = { + ExecStart = "${cfg.package}/bin/nginx -p ${cfg.statedir}"; + ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + Restart = "always"; + RestartSec = "10s"; + StartLimitInterval = "1min"; + }; + }; + environment.etc.nginx.source = lancache; + users.extraUsers = (singleton + { name = cfg.user; + group = cfg.group; + uid = genid cfg.group; + }); + + users.extraGroups = (singleton + { name = "${cfg.group}"; + gid = genid cfg.group; + }); + +} -- cgit v1.3.1 From 2dd0b055588ee5bf3262ec138265a881df4c01a5 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 28 Jun 2017 12:00:28 +0200 Subject: ma lancache-dns: init --- makefu/2configs/lanparty/lancache-dns.nix | 55 +++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 makefu/2configs/lanparty/lancache-dns.nix diff --git a/makefu/2configs/lanparty/lancache-dns.nix b/makefu/2configs/lanparty/lancache-dns.nix new file mode 100644 index 000000000..4b4ebf0a0 --- /dev/null +++ b/makefu/2configs/lanparty/lancache-dns.nix @@ -0,0 +1,55 @@ +{ pkgs, lib, config, ... }: +with import ; +let + # see https://github.com/zeropingheroes/lancache for full docs + lancache-dns = pkgs.stdenv.mkDerivation rec { + name = "lancache-dns-2017-06-28"; + src = pkgs.fetchFromGitHub { + # forked: https://github.com/zeropingheroes/lancache-dns + repo = "lancache-dns"; + owner = "zeropingheroes"; + rev = "420aa62"; + sha256 = "0ik7by7ripdv2avyy5kk9jp1i7rz9ksc8xmg7n9iik365q9pv94m"; + }; + phases = [ "unpackPhase" "installPhase" ]; + # here we can chance to edit `includes/proxy-cache-paths.conf` + installPhase = '' + mkdir -p $out + cp -r * $out/ + ''; + }; + stateDir = "/var/lib/unbound"; + user = "unbound"; + upstream-server = "8.8.8.8"; +in { + services.unbound = { + enable = true; + allowedAccess = [ "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" ]; + interfaces = ["0.0.0.0" "::" ]; + forwardAddresses = [ upstream-server ]; + extraConfig = '' + include: "${stateDir}/lancache/*.conf" + ''; + }; + services.dnscrypt-proxy.enable = lib.mkForce false; + virtualisation.libvirtd.enable = lib.mkForce false; + systemd.services.dns-lancache-prepare = { + wantedBy = [ "unbound.service" ]; + before = [ "unbound.service" ]; + after = [ "network-online.target" ]; + partOf= [ "unbound.service" ]; + + path = [ pkgs.gawk pkgs.iproute pkgs.gnused ]; + script = '' + set -xeu + current_ip=$(ip route get 8.8.8.8 | awk '/8.8.8.8/ {print $NF}') + old_ip=10.1.1.250 + mkdir -p ${stateDir} + rm -rvf ${stateDir}/lancache + cp -r ${lancache-dns}/upstreams-available ${stateDir}/lancache + sed -i "s/$old_ip/$current_ip/g" ${stateDir}/lancache/*.conf + chown -R unbound ${stateDir} + ''; + }; + networking.firewall.allowedUDPPorts = [ 53 ]; +} -- cgit v1.3.1 From 890e20f59ca67c612ce29dd356497062b935e81b Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 28 Jun 2017 23:46:27 +0200 Subject: ma vbob: remove videodrivers workaround --- makefu/1systems/vbob.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix index 7421125e4..53ee11474 100644 --- a/makefu/1systems/vbob.nix +++ b/makefu/1systems/vbob.nix @@ -14,8 +14,6 @@ ]; networking.extraHosts = import (toString ); - # workaround for https://github.com/NixOS/nixpkgs/issues/16641 - services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ]; nixpkgs.config.allowUnfree = true; fileSystems."/nix" = { -- cgit v1.3.1 From 89fd62c21a65fc129c9f6dd59513a55a6298d921 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 29 Jun 2017 00:14:54 +0200 Subject: ma vbob: realtime kernel with jack-audio --- makefu/1systems/vbob.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix index 53ee11474..b79ec64c0 100644 --- a/makefu/1systems/vbob.nix +++ b/makefu/1systems/vbob.nix @@ -9,9 +9,19 @@ (toString ) ../2configs/main-laptop.nix #< base-gui + # Tools + ../2configs/tools/core.nix + ../2configs/tools/core-gui.nix + ../2configs/tools/dev.nix + ../2configs/tools/extra-gui.nix + ../2configs/tools/sec.nix + # environment ../2configs/tinc/retiolum.nix + ../2configs/audio/jack-on-pulse.nix + ../2configs/audio/realtime-audio.nix + ]; networking.extraHosts = import (toString ); -- cgit v1.3.1 From f8c534dc0e93e781563ce230b521dde49a361293 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 29 Jun 2017 00:15:21 +0200 Subject: ma jack-on-pulse: include jack_capture --- makefu/2configs/audio/jack-on-pulse.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/audio/jack-on-pulse.nix b/makefu/2configs/audio/jack-on-pulse.nix index 49b61d5a2..a8ee05c7d 100644 --- a/makefu/2configs/audio/jack-on-pulse.nix +++ b/makefu/2configs/audio/jack-on-pulse.nix @@ -11,7 +11,10 @@ in package = pulse; }; - environment.systemPackages = with pkgs; [ jack2Full ]; + environment.systemPackages = with pkgs; [ + jack2Full + jack_capture + ]; # from http://anderspapitto.com/posts/2015-11-26-overtone-on-nixos-with-jack-and-pulseaudio.html systemd.user.services = { -- cgit v1.3.1 From 47e4bafae5e183a1dfbcd5224b29d752b0103033 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 29 Jun 2017 00:15:56 +0200 Subject: ma audio: use latest kernel for musnix --- makefu/2configs/audio/realtime-audio.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/audio/realtime-audio.nix b/makefu/2configs/audio/realtime-audio.nix index fbeacd025..6cb18c45c 100644 --- a/makefu/2configs/audio/realtime-audio.nix +++ b/makefu/2configs/audio/realtime-audio.nix @@ -10,7 +10,7 @@ in musnix.enable = true; musnix.kernel.optimize = true; musnix.kernel.realtime = true; - # TODO: musnix.kernel.packages = pkgs.linuxPackages_latest_rt; + musnix.kernel.packages = pkgs.linuxPackages_latest_rt; users.users."${user}".extraGroups = [ "audio" ]; } -- cgit v1.3.1 From 51e091c7c3fb52579bc9ed59d1c7db633cd24e5b Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 29 Jun 2017 00:16:15 +0200 Subject: ma sources: bump musnix --- makefu/2configs/sources/musnix.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/sources/musnix.nix b/makefu/2configs/sources/musnix.nix index d02dd4a48..a5be303e9 100644 --- a/makefu/2configs/sources/musnix.nix +++ b/makefu/2configs/sources/musnix.nix @@ -1,6 +1,6 @@ { krebs.build.source.musnix.git = { url = https://github.com/musnix/musnix.git; - ref = "37a8378"; + ref = "f0ec1f3"; }; } -- cgit v1.3.1 From ed71d568831941632d2fa6e783d10d703c4ceee6 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 29 Jun 2017 22:06:13 +0200 Subject: shell: init --- shell.nix | 210 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 210 insertions(+) create mode 100644 shell.nix diff --git a/shell.nix b/shell.nix new file mode 100644 index 000000000..d6e09e1a8 --- /dev/null +++ b/shell.nix @@ -0,0 +1,210 @@ +{ nixpkgs ? import {} }: let + + inherit (nixpkgs) lib pkgs; + slib = import ./lib; + spkgs = { + populate = pkgs.callPackage ./krebs/5pkgs/simple/populate {}; + whatsupnix = pkgs.callPackage ./krebs/5pkgs/simple/whatsupnix {}; + }; + + # usage: deploy system=SYSTEM [target=TARGET] + cmds.deploy = pkgs.writeScript "cmds.deploy" /* sh */ '' + #! ${pkgs.dash}/bin/dash + set -efu + + command=deploy + . ${init.args} + \test -n "''${target-}" || target=$system + . ${init.env} + + exec ${utils.deploy} + ''; + + # usage: test system=SYSTEM target=TARGET + cmds.test = pkgs.writeScript "cmds.test" /* sh */ '' + #! ${pkgs.dash}/bin/dash + set -efu + + command=test + . ${init.args} + . ${init.env} + + export dummy_secrets=true + exec ${utils.build} config.system.build.toplevel + ''; + + init.args = pkgs.writeText "init.args" /* sh */ '' + fail= + for arg; do + case $arg in + system=*) system=''${arg#*=};; + target=*) target=''${arg#*=};; + *) echo "$command: bad argument: $arg" >&2; fail=1 + esac + done + if \test -n "$fail"; then + exit 1 + fi + unset fail + ''; + + init.env = pkgs.writeText "init.env" /* sh */ '' + config=''${config-$LOGNAME/1systems/$system.nix} + + export config + export system + export target + + export target_object="$(${init.env.parsetarget} $target)" + export target_user="$(echo $target_object | ${pkgs.jq}/bin/jq -r .user)" + export target_host="$(echo $target_object | ${pkgs.jq}/bin/jq -r .host)" + export target_port="$(echo $target_object | ${pkgs.jq}/bin/jq -r .port)" + export target_path="$(echo $target_object | ${pkgs.jq}/bin/jq -r .path)" + export target_local="$(echo $target_object | ${pkgs.jq}/bin/jq -r .local)" + + export qtarget="$target_user@$target_host:$target_port$target_path" + + ${init.env.populate} + + if \test "$target_local" != true && \test "''${DISABLE_PROXY-}" != 1; then + exec ${init.env.proxy} "$command" "$@" + fi + '' // { + parsetarget = pkgs.writeScript "init.env.parsetarget" /* sh */ '' + #! ${pkgs.dash}/bin/dash + set -efu + exec ${pkgs.jq}/bin/jq \ + -enr \ + --arg target "$1" \ + -f ${init.env.parsetarget.jq} + '' // { + jq = pkgs.writeText "init.env.parsetarget.jq" '' + def when(c; f): if c then f else . end; + def capturesDef(i; v): .captures[i].string | when(. == null; v); + $target | match("^(?:([^@]+)@)?([^:/]+)?(?::([0-9]+))?(/.*)?$") | { + user: capturesDef(0; "root"), + host: capturesDef(1; env.system), + port: capturesDef(2; "22"), + path: capturesDef(3; "/var/src"), + } | . + { + local: (.user == env.LOGNAME and .host == env.HOSTNAME), + } + ''; + }; + populate = pkgs.writeScript "init.env.populate" /* sh */ '' + #! ${pkgs.dash}/bin/dash + set -efu + if \test "''${DISABLE_POPULATE-}" = 1; then + exit + fi + set -x + ${pkgs.nix}/bin/nix-instantiate \ + --eval \ + --json \ + --readonly-mode \ + --show-trace \ + --strict \ + -I nixos-config="$config" \ + -E 'with import ; config.krebs.build.source' \ + | + ${spkgs.populate}/bin/populate "$qtarget" >&2 + ''; + proxy = pkgs.writeScript "init.env.proxy" /* sh */ '' + #! ${pkgs.dash}/bin/dash + set -efu + q() { + ${pkgs.jq}/bin/jq -nr --arg x "$*" '$x | @sh "\(.)"' + } + exec ${pkgs.openssh}/bin/ssh \ + "$target_user@$target_host" -p "$target_port" \ + cd "$target_path/stockholm" \; \ + NIX_PATH=$(q "$target_path") \ + STOCKHOLM_VERSION=$STOCKHOLM_VERSION \ + nix-shell \ + --command $(q \ + config=$config \ + system=$system \ + target=$target \ + DISABLE_POPULATE=1 \ + DISABLE_PROXY=1 \ + "$*" + ) + ''; + }; + + utils.build = pkgs.writeScript "utils.build" /* sh */ '' + #! ${pkgs.dash}/bin/dash + set -efu + expr=$1 + shift + ${pkgs.nix}/bin/nix-build \ + -Q \ + --no-out-link \ + --show-trace \ + -E "with import ; $expr" \ + -I "$target_path" \ + "$@" \ + 2>&1 | + ${pkgs.coreutils}/bin/stdbuf -oL ${spkgs.whatsupnix}/bin/whatsupnix + ''; + + utils.deploy = pkgs.writeScript "utils.deploy" /* sh */ '' + #! ${pkgs.dash}/bin/dash + set -efu + PATH=/run/current-system/sw/bin nixos-rebuild \ + switch \ + -Q \ + --show-trace \ + -I "$target_path" \ + "$@" \ + 2>&1 | + ${pkgs.coreutils}/bin/stdbuf -oL ${spkgs.whatsupnix}/bin/whatsupnix + ''; + + hook.get-version = pkgs.writeScript "hook.get-version" /* sh */ '' + #! ${pkgs.dash}/bin/dash + set -efu + version=git.$(${pkgs.git}/bin/git describe --always --dirty) + case $version in (*-dirty) + version=$version@$HOSTNAME + esac + date=$(${pkgs.coreutils}/bin/date +%y.%m) + echo "$date.$version" + ''; + + hook.pkg = pkgs.runCommand "hook.pkg" {} /* sh */ '' + mkdir -p $out/bin + ${lib.concatStrings (lib.mapAttrsToList (name: path: /* sh */ '' + ln -s ${path} $out/bin/${name} + '') cmds)} + ''; + +in pkgs.stdenv.mkDerivation { + name = "stockholm"; + shellHook = '' + export NIX_PATH="stockholm=$PWD''${NIX_PATH+:$NIX_PATH}" + export PATH=${lib.makeBinPath [ + hook.pkg + ]} + + eval "$(declare -F | ${pkgs.gnused}/bin/sed s/declare/unset/)" + shopt -u no_empty_cmd_completion + unalias -a + + enable -n \ + . [ alias bg bind break builtin caller cd command compgen complete \ + compopt continue dirs disown eval exec false fc fg getopts hash \ + help history jobs kill let local logout mapfile popd printf pushd \ + pwd read readarray readonly shift source suspend test times trap \ + true typeset ulimit umask unalias wait + + exitHandler() { + : + } + + export HOSTNAME="$(${pkgs.nettools}/bin/hostname)" + export STOCKHOLM_VERSION="''${STOCKHOLM_VERSION-$(${hook.get-version})}" + + PS1='\[\e[38;5;162m\]\w\[\e[0m\] ' + ''; +} -- cgit v1.3.1 From 0d9ded0b58b79fd35fa14f41726d9f8a4aa4a78e Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 29 Jun 2017 23:51:16 +0200 Subject: Revert "k 4 infest: prepare Regression for stockholm" This reverts commit d58e8035b4101b20539279247ec083b72ba0a647. --- krebs/4lib/infest/prepare.sh | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index 8e921ce06..50d521e17 100644 --- a/krebs/4lib/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh @@ -36,7 +36,14 @@ prepare() {( ;; esac ;; - nixos|stockholm) + nixos) + case $(cat /proc/cmdline) in + *' root=LABEL=NIXOS_ISO '*) + prepare_nixos_iso "$@" + exit + esac + ;; + stockholm) case $(cat /proc/cmdline) in *' root=LABEL=NIXOS_ISO '*) prepare_nixos_iso "$@" @@ -95,8 +102,7 @@ prepare_nixos_iso() { mkdir -p bin rm -f bin/nixos-install cp "$(type -p nixos-install)" bin/nixos-install - sed -i 's@^\(\(export \|\)NIX_PATH\)=\"[^\"]*\"@\1=$target_path@' bin/nixos-install - + sed -i "s@^NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install } get_nixos_install() { @@ -211,7 +217,7 @@ prepare_common() {( mkdir -p bin rm -f bin/nixos-install cp "$(type -p nixos-install)" bin/nixos-install - sed -i 's@^\(\(export \|\)NIX_PATH\)=\"[^\"]*\"@\1=$target_path@' bin/nixos-install + sed -i "s@^NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install if ! grep -q '^PATH.*#krebs' .bashrc; then echo '. /root/.nix-profile/etc/profile.d/nix.sh' >> .bashrc -- cgit v1.3.1 From b9c11e44e779769ca0a6b13eedee82782bc63927 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 30 Jun 2017 03:16:24 +0200 Subject: shell: mark shellHook as sh --- shell.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shell.nix b/shell.nix index d6e09e1a8..26db52c32 100644 --- a/shell.nix +++ b/shell.nix @@ -181,7 +181,7 @@ in pkgs.stdenv.mkDerivation { name = "stockholm"; - shellHook = '' + shellHook = /* sh */ '' export NIX_PATH="stockholm=$PWD''${NIX_PATH+:$NIX_PATH}" export PATH=${lib.makeBinPath [ hook.pkg -- cgit v1.3.1 From 849d0ba98f03dc8700e6b9bb724b9afdbde68713 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 30 Jun 2017 04:27:02 +0200 Subject: shell: using proxy implies populated target --- shell.nix | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/shell.nix b/shell.nix index 26db52c32..9cc740663 100644 --- a/shell.nix +++ b/shell.nix @@ -64,10 +64,11 @@ export qtarget="$target_user@$target_host:$target_port$target_path" - ${init.env.populate} - - if \test "$target_local" != true && \test "''${DISABLE_PROXY-}" != 1; then - exec ${init.env.proxy} "$command" "$@" + if \test "''${using_proxy-}" != true; then + ${init.env.populate} + if \test "$target_local" != true; then + exec ${init.env.proxy} "$command" "$@" + fi fi '' // { parsetarget = pkgs.writeScript "init.env.parsetarget" /* sh */ '' @@ -94,10 +95,6 @@ populate = pkgs.writeScript "init.env.populate" /* sh */ '' #! ${pkgs.dash}/bin/dash set -efu - if \test "''${DISABLE_POPULATE-}" = 1; then - exit - fi - set -x ${pkgs.nix}/bin/nix-instantiate \ --eval \ --json \ @@ -125,8 +122,7 @@ config=$config \ system=$system \ target=$target \ - DISABLE_POPULATE=1 \ - DISABLE_PROXY=1 \ + using_proxy=true \ "$*" ) ''; -- cgit v1.3.1 From 7d983f09c8433b623ffb49435807d3417a93776b Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 30 Jun 2017 04:27:25 +0200 Subject: shell: inline qtarget --- shell.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/shell.nix b/shell.nix index 9cc740663..e16f172e9 100644 --- a/shell.nix +++ b/shell.nix @@ -62,8 +62,6 @@ export target_path="$(echo $target_object | ${pkgs.jq}/bin/jq -r .path)" export target_local="$(echo $target_object | ${pkgs.jq}/bin/jq -r .local)" - export qtarget="$target_user@$target_host:$target_port$target_path" - if \test "''${using_proxy-}" != true; then ${init.env.populate} if \test "$target_local" != true; then @@ -104,7 +102,9 @@ -I nixos-config="$config" \ -E 'with import ; config.krebs.build.source' \ | - ${spkgs.populate}/bin/populate "$qtarget" >&2 + ${spkgs.populate}/bin/populate \ + "$target_user@$target_host:$target_port$target_path" \ + >&2 ''; proxy = pkgs.writeScript "init.env.proxy" /* sh */ '' #! ${pkgs.dash}/bin/dash -- cgit v1.3.1 From 74522bba94a3a62dcaed15c6ab9ff4e064a654ab Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 30 Jun 2017 04:40:45 +0200 Subject: shell: use stockholm overlay --- shell.nix | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/shell.nix b/shell.nix index e16f172e9..d8f3184db 100644 --- a/shell.nix +++ b/shell.nix @@ -1,11 +1,7 @@ -{ nixpkgs ? import {} }: let +{ nixpkgs ? import { overlays = [(import ./krebs/5pkgs)]; } }: let inherit (nixpkgs) lib pkgs; slib = import ./lib; - spkgs = { - populate = pkgs.callPackage ./krebs/5pkgs/simple/populate {}; - whatsupnix = pkgs.callPackage ./krebs/5pkgs/simple/whatsupnix {}; - }; # usage: deploy system=SYSTEM [target=TARGET] cmds.deploy = pkgs.writeScript "cmds.deploy" /* sh */ '' @@ -102,7 +98,7 @@ -I nixos-config="$config" \ -E 'with import ; config.krebs.build.source' \ | - ${spkgs.populate}/bin/populate \ + ${pkgs.populate}/bin/populate \ "$target_user@$target_host:$target_port$target_path" \ >&2 ''; @@ -141,7 +137,7 @@ -I "$target_path" \ "$@" \ 2>&1 | - ${pkgs.coreutils}/bin/stdbuf -oL ${spkgs.whatsupnix}/bin/whatsupnix + ${pkgs.coreutils}/bin/stdbuf -oL ${pkgs.whatsupnix}/bin/whatsupnix ''; utils.deploy = pkgs.writeScript "utils.deploy" /* sh */ '' @@ -154,7 +150,7 @@ -I "$target_path" \ "$@" \ 2>&1 | - ${pkgs.coreutils}/bin/stdbuf -oL ${spkgs.whatsupnix}/bin/whatsupnix + ${pkgs.coreutils}/bin/stdbuf -oL ${pkgs.whatsupnix}/bin/whatsupnix ''; hook.get-version = pkgs.writeScript "hook.get-version" /* sh */ '' -- cgit v1.3.1 From dbe4cc21e33ccc22b9dd352dd8c6913d60a0cbc0 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 30 Jun 2017 04:53:34 +0200 Subject: pkgs.whatsupnix: print gawk output ASAP --- krebs/5pkgs/simple/whatsupnix/whatsupnix.bash | 2 +- shell.nix | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash b/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash index 127209570..2ad9aadc9 100644 --- a/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash +++ b/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash @@ -26,7 +26,7 @@ gawk -v failed_drvs="$failed_drvs" ' match($0, /^builder for ‘(\/nix\/store\/[^’]+\.drv)’ failed/, m) { print m[1] >> failed_drvs } - { print $0 } + { print $0; fflush("/dev/stdout") } ' case $# in diff --git a/shell.nix b/shell.nix index d8f3184db..302429a4c 100644 --- a/shell.nix +++ b/shell.nix @@ -137,7 +137,7 @@ -I "$target_path" \ "$@" \ 2>&1 | - ${pkgs.coreutils}/bin/stdbuf -oL ${pkgs.whatsupnix}/bin/whatsupnix + ${pkgs.whatsupnix}/bin/whatsupnix ''; utils.deploy = pkgs.writeScript "utils.deploy" /* sh */ '' @@ -150,7 +150,7 @@ -I "$target_path" \ "$@" \ 2>&1 | - ${pkgs.coreutils}/bin/stdbuf -oL ${pkgs.whatsupnix}/bin/whatsupnix + ${pkgs.whatsupnix}/bin/whatsupnix ''; hook.get-version = pkgs.writeScript "hook.get-version" /* sh */ '' -- cgit v1.3.1 From a2ea8740a40d5e9f5dc8e86d33e605a78963fc2f Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 30 Jun 2017 04:56:21 +0200 Subject: shell: use writeDash --- shell.nix | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/shell.nix b/shell.nix index 302429a4c..d6d215861 100644 --- a/shell.nix +++ b/shell.nix @@ -4,8 +4,7 @@ slib = import ./lib; # usage: deploy system=SYSTEM [target=TARGET] - cmds.deploy = pkgs.writeScript "cmds.deploy" /* sh */ '' - #! ${pkgs.dash}/bin/dash + cmds.deploy = pkgs.writeDash "cmds.deploy" '' set -efu command=deploy @@ -17,8 +16,7 @@ ''; # usage: test system=SYSTEM target=TARGET - cmds.test = pkgs.writeScript "cmds.test" /* sh */ '' - #! ${pkgs.dash}/bin/dash + cmds.test = pkgs.writeDash "cmds.test" /* sh */ '' set -efu command=test @@ -65,8 +63,7 @@ fi fi '' // { - parsetarget = pkgs.writeScript "init.env.parsetarget" /* sh */ '' - #! ${pkgs.dash}/bin/dash + parsetarget = pkgs.writeDash "init.env.parsetarget" '' set -efu exec ${pkgs.jq}/bin/jq \ -enr \ @@ -86,8 +83,7 @@ } ''; }; - populate = pkgs.writeScript "init.env.populate" /* sh */ '' - #! ${pkgs.dash}/bin/dash + populate = pkgs.writeDash "init.env.populate" '' set -efu ${pkgs.nix}/bin/nix-instantiate \ --eval \ @@ -102,8 +98,7 @@ "$target_user@$target_host:$target_port$target_path" \ >&2 ''; - proxy = pkgs.writeScript "init.env.proxy" /* sh */ '' - #! ${pkgs.dash}/bin/dash + proxy = pkgs.writeDash "init.env.proxy" '' set -efu q() { ${pkgs.jq}/bin/jq -nr --arg x "$*" '$x | @sh "\(.)"' @@ -124,8 +119,7 @@ ''; }; - utils.build = pkgs.writeScript "utils.build" /* sh */ '' - #! ${pkgs.dash}/bin/dash + utils.build = pkgs.writeDash "utils.build" '' set -efu expr=$1 shift @@ -140,8 +134,7 @@ ${pkgs.whatsupnix}/bin/whatsupnix ''; - utils.deploy = pkgs.writeScript "utils.deploy" /* sh */ '' - #! ${pkgs.dash}/bin/dash + utils.deploy = pkgs.writeDash "utils.deploy" '' set -efu PATH=/run/current-system/sw/bin nixos-rebuild \ switch \ @@ -153,8 +146,7 @@ ${pkgs.whatsupnix}/bin/whatsupnix ''; - hook.get-version = pkgs.writeScript "hook.get-version" /* sh */ '' - #! ${pkgs.dash}/bin/dash + hook.get-version = pkgs.writeDash "hook.get-version" '' set -efu version=git.$(${pkgs.git}/bin/git describe --always --dirty) case $version in (*-dirty) -- cgit v1.3.1 From c500d72ad855418b7d4d9d852d423a8a9440285c Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 30 Jun 2017 09:43:33 +0200 Subject: shell: rename hook attribute to shell --- shell.nix | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/shell.nix b/shell.nix index d6d215861..782b4fa31 100644 --- a/shell.nix +++ b/shell.nix @@ -121,32 +121,27 @@ utils.build = pkgs.writeDash "utils.build" '' set -efu - expr=$1 - shift ${pkgs.nix}/bin/nix-build \ -Q \ --no-out-link \ --show-trace \ - -E "with import ; $expr" \ + -E "with import ; $1" \ -I "$target_path" \ - "$@" \ 2>&1 | ${pkgs.whatsupnix}/bin/whatsupnix ''; utils.deploy = pkgs.writeDash "utils.deploy" '' set -efu - PATH=/run/current-system/sw/bin nixos-rebuild \ - switch \ + PATH=/run/current-system/sw/bin nixos-rebuild switch \ -Q \ --show-trace \ -I "$target_path" \ - "$@" \ 2>&1 | ${pkgs.whatsupnix}/bin/whatsupnix ''; - hook.get-version = pkgs.writeDash "hook.get-version" '' + shell.get-version = pkgs.writeDash "shell.get-version" '' set -efu version=git.$(${pkgs.git}/bin/git describe --always --dirty) case $version in (*-dirty) @@ -156,7 +151,7 @@ echo "$date.$version" ''; - hook.pkg = pkgs.runCommand "hook.pkg" {} /* sh */ '' + shell.cmdspkg = pkgs.runCommand "shell.cmdspkg" {} /* sh */ '' mkdir -p $out/bin ${lib.concatStrings (lib.mapAttrsToList (name: path: /* sh */ '' ln -s ${path} $out/bin/${name} @@ -168,7 +163,7 @@ in pkgs.stdenv.mkDerivation { shellHook = /* sh */ '' export NIX_PATH="stockholm=$PWD''${NIX_PATH+:$NIX_PATH}" export PATH=${lib.makeBinPath [ - hook.pkg + shell.cmdspkg ]} eval "$(declare -F | ${pkgs.gnused}/bin/sed s/declare/unset/)" @@ -187,7 +182,7 @@ in pkgs.stdenv.mkDerivation { } export HOSTNAME="$(${pkgs.nettools}/bin/hostname)" - export STOCKHOLM_VERSION="''${STOCKHOLM_VERSION-$(${hook.get-version})}" + export STOCKHOLM_VERSION="''${STOCKHOLM_VERSION-$(${shell.get-version})}" PS1='\[\e[38;5;162m\]\w\[\e[0m\] ' ''; -- cgit v1.3.1 From aa8fb19044cebff2d9687ab975340a7c0c96990d Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 30 Jun 2017 09:44:28 +0200 Subject: shell: use writeOut to create cmdspkg --- shell.nix | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/shell.nix b/shell.nix index 782b4fa31..dbc2b14fc 100644 --- a/shell.nix +++ b/shell.nix @@ -151,12 +151,9 @@ echo "$date.$version" ''; - shell.cmdspkg = pkgs.runCommand "shell.cmdspkg" {} /* sh */ '' - mkdir -p $out/bin - ${lib.concatStrings (lib.mapAttrsToList (name: path: /* sh */ '' - ln -s ${path} $out/bin/${name} - '') cmds)} - ''; + shell.cmdspkg = pkgs.writeOut "shell.cmdspkg" (lib.mapAttrs' (name: link: + lib.nameValuePair "/bin/${name}" { inherit link; } + ) cmds); in pkgs.stdenv.mkDerivation { name = "stockholm"; -- cgit v1.3.1 From babbed38df4c0ff90eea9daa00cea3a105fb3ab2 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 30 Jun 2017 11:04:17 +0200 Subject: shell: use getopt --- shell.nix | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/shell.nix b/shell.nix index dbc2b14fc..541a7d68d 100644 --- a/shell.nix +++ b/shell.nix @@ -3,7 +3,7 @@ inherit (nixpkgs) lib pkgs; slib = import ./lib; - # usage: deploy system=SYSTEM [target=TARGET] + # usage: deploy --system=SYSTEM [--target=TARGET] cmds.deploy = pkgs.writeDash "cmds.deploy" '' set -efu @@ -15,7 +15,7 @@ exec ${utils.deploy} ''; - # usage: test system=SYSTEM target=TARGET + # usage: test --system=SYSTEM --target=TARGET cmds.test = pkgs.writeDash "cmds.test" /* sh */ '' set -efu @@ -28,18 +28,19 @@ ''; init.args = pkgs.writeText "init.args" /* sh */ '' - fail= - for arg; do - case $arg in - system=*) system=''${arg#*=};; - target=*) target=''${arg#*=};; - *) echo "$command: bad argument: $arg" >&2; fail=1 - esac - done - if \test -n "$fail"; then - exit 1 - fi - unset fail + args=$(${pkgs.utillinux}/bin/getopt -n "$command" -s sh \ + -o s:t: \ + -l system:,target: \ + -- "$@") + if \test $? != 0; then exit 1; fi + eval set -- "$args" + while :; do case $1 in + -s|--system) system=$2; shift 2;; + -t|--target) target=$2; shift 2;; + --) shift; break;; + esac; done + for arg; do echo "$command: bad argument: $arg" >&2; done + if \test $# != 0; then exit 2; fi ''; init.env = pkgs.writeText "init.env" /* sh */ '' -- cgit v1.3.1 From 9ee286644d050e68292776e02357549801fd20b6 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 30 Jun 2017 11:04:58 +0200 Subject: shell: use stockholm lib --- shell.nix | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/shell.nix b/shell.nix index 541a7d68d..3e7ba81c1 100644 --- a/shell.nix +++ b/shell.nix @@ -1,7 +1,6 @@ -{ nixpkgs ? import { overlays = [(import ./krebs/5pkgs)]; } }: let - - inherit (nixpkgs) lib pkgs; - slib = import ./lib; +let + lib = import ./lib; + pkgs = import { overlays = [(import ./krebs/5pkgs)]; }; # usage: deploy --system=SYSTEM [--target=TARGET] cmds.deploy = pkgs.writeDash "cmds.deploy" '' -- cgit v1.3.1 From 3be018f9f65e4d7ca2681c9fa20b9f7d2cd32287 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Jun 2017 13:11:17 +0200 Subject: l exim: add polo@lassul.us & shack@lassul.us --- lass/2configs/exim-smarthost.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index b8d00e7d4..fd2f1f765 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -32,6 +32,8 @@ with import ; { from = "feed@lassul.us"; to = lass.mail; } { from = "art@lassul.us"; to = lass.mail; } { from = "irgendwas@lassul.us"; to = lass.mail; } + { from = "polo@lassul.us"; to = lass.mail; } + { from = "shack@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } -- cgit v1.3.1 From bc07a6043eecb26c5a995e2dab02e84ef52ebea0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Jun 2017 13:14:57 +0200 Subject: l pkgs.init: use grub with EFI, remove /bku --- lass/5pkgs/init/default.nix | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/lass/5pkgs/init/default.nix b/lass/5pkgs/init/default.nix index b484d2c38..679187531 100644 --- a/lass/5pkgs/init/default.nix +++ b/lass/5pkgs/init/default.nix @@ -19,14 +19,15 @@ pkgs.writeText "init" '' disk=${disk} - luksdev=${disk}2 + luksdev=${disk}3 luksmap=/dev/mapper/${luksmap} vgname=${vgname} + bootdev=/dev/sda2 + rootdev=/dev/mapper/${vgname}-root homedev=/dev/mapper/${vgname}-home - bkudev=/dev/mapper/${vgname}-bku # #generate keyfile @@ -49,7 +50,8 @@ pkgs.writeText "init" '' mklabel gpt \ mkpart no-fs 0 1024KiB \ set 1 bios_grub on \ - mkpart primary 1025KiB 100% + mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \ + mkpart primary 1025MiB 100% fi if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = primary; then @@ -78,9 +80,8 @@ pkgs.writeText "init" '' lvchange -a y /dev/mapper/"$vgname" - if ! test -e "$rootdev"; then lvcreate -L 100G -n root "$vgname"; fi - if ! test -e "$homedev"; then lvcreate -L 100G -n home "$vgname"; fi - if ! test -e "$bkudev"; then lvcreate -L 200G -n bku "$vgname"; fi + if ! test -e "$rootdev"; then lvcreate -L 7G -n root "$vgname"; fi + if ! test -e "$homedev"; then lvcreate -L 100M -n home "$vgname"; fi # lvchange -a n "$vgname" @@ -89,6 +90,10 @@ pkgs.writeText "init" '' # formatting # + if ! test "$(blkid -o value -s TYPE "$bootdev")" = vfat; then + mkfs.vfat "$bootdev" + fi + if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then mkfs.btrfs "$rootdev" fi @@ -97,22 +102,18 @@ pkgs.writeText "init" '' mkfs.btrfs "$homedev" fi - if ! test "$(blkid -o value -s TYPE "$bkudev")" = btrfs; then - mkfs.btrfs "$bkudev" - fi - if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then mount "$rootdev" /mnt fi + if ! test "$(lsblk -n -o MOUNTPOINT "$bootdev")" = /mnt/boot; then + mkdir -m 0000 -p /mnt/boot + mount "$bootdev" /mnt/boot + fi if ! test "$(lsblk -n -o MOUNTPOINT "$homedev")" = /mnt/home; then mkdir -m 0000 -p /mnt/home mount "$homedev" /mnt/home fi - if ! test "$(lsblk -n -o MOUNTPOINT "$bkudev")" = /mnt/bku; then - mkdir -m 0000 -p /mnt/bku - mount "$bkudev" /mnt/bku - fi # umount -R /mnt @@ -122,6 +123,7 @@ pkgs.writeText "init" '' nix-env -iA nixos.git + # TODO: get sentinal file from target_path mkdir -p /mnt/var/src touch /mnt/var/src/.populate -- cgit v1.3.1 From ee95efd51080341f8be19a685152ecdb4a1f12f5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Jun 2017 13:44:07 +0200 Subject: l icarus: use new fileSystem layout --- lass/1systems/icarus.nix | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/lass/1systems/icarus.nix b/lass/1systems/icarus.nix index b869a67a7..13c517e3b 100644 --- a/lass/1systems/icarus.nix +++ b/lass/1systems/icarus.nix @@ -6,9 +6,9 @@ with import ; ../. ../2configs/retiolum.nix ../2configs/hw/tp-x220.nix - ../2configs/baseX.nix ../2configs/git.nix ../2configs/exim-retiolum.nix + ../2configs/baseX.nix ../2configs/browsers.nix ../2configs/programs.nix ../2configs/fetchWallpaper.nix @@ -22,9 +22,9 @@ with import ; loader.grub.enable = true; loader.grub.version = 2; loader.grub.device = "/dev/sda"; - loader.grub.enableCryptodisk = true; + loader.grub.efiSupport = true; - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ]; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; }; @@ -34,11 +34,14 @@ with import ; fsType = "btrfs"; options = ["defaults" "noatime" "ssd" "compress=lzo"]; }; - "/bku" = { - device = "/dev/mapper/pool-bku"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; + "/boot" = { + device = "/dev/sda2"; }; + #"/bku" = { + # device = "/dev/mapper/pool-bku"; + # fsType = "btrfs"; + # options = ["defaults" "noatime" "ssd" "compress=lzo"]; + #}; "/home" = { device = "/dev/mapper/pool-home"; fsType = "btrfs"; -- cgit v1.3.1 From e05591d73e4400a901525dc18a54981a5be6f82f Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Jun 2017 13:44:29 +0200 Subject: l mors: use new fileSystem layout --- lass/1systems/mors.nix | 47 ++++++++++++++--------------------------------- 1 file changed, 14 insertions(+), 33 deletions(-) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index b9ab54503..0bfd54515 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -96,49 +96,30 @@ with import ; loader.grub.enable = true; loader.grub.version = 2; loader.grub.device = "/dev/sda"; + loader.grub.efiSupport = true; - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ]; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; }; fileSystems = { "/" = { - device = "/dev/big/nix"; - fsType = "ext4"; + device = "/dev/mapper/pool-root"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; }; - "/boot" = { - device = "/dev/sda1"; - }; - - "/mnt/loot" = { - device = "/dev/big/loot"; - fsType = "ext4"; + device = "/dev/sda2"; }; - + #"/bku" = { + # device = "/dev/mapper/pool-bku"; + # fsType = "btrfs"; + # options = ["defaults" "noatime" "ssd" "compress=lzo"]; + #}; "/home" = { - device = "/dev/big/home"; - fsType = "ext4"; - }; - - "/home/lass" = { - device = "/dev/big/home-lass"; - fsType = "ext4"; - }; - - "/home/games/.local/share/Steam" = { - device = "/dev/big/steam"; - fsType = "ext4"; - }; - - "/home/virtual/virtual" = { - device = "/dev/big/virtual"; - fsType = "ext4"; - }; - - "/mnt/conf" = { - device = "/dev/big/conf"; - fsType = "ext4"; + device = "/dev/mapper/pool-home"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; }; "/tmp" = { device = "tmpfs"; -- cgit v1.3.1 From d5aca8696caeac6d88923e1f668af213abc987fa Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Jun 2017 13:48:55 +0200 Subject: l buildbot: tests hosts in correct order --- lass/2configs/buildbot-standalone.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index e765ddbb4..449feb382 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -120,9 +120,6 @@ in { system={}".format(host)] ) - for i in [ "alnus", "mu", "nomic", "wu", "xu", "zu" ]: - build_host(env_tv, i) - for i in [ "mors", "uriel", "shodan", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]: build_host(env_lass, i) @@ -135,6 +132,9 @@ in { for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" ]: build_host(env_shared, i) + for i in [ "alnus", "mu", "nomic", "wu", "xu", "zu" ]: + build_host(env_tv, i) + bu.append( util.BuilderConfig( name="build-hosts", -- cgit v1.3.1 From d9cc50653d0c7998052284cfb66b2229e0ce849b Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 30 Jun 2017 22:36:25 +0200 Subject: ma gen-oath-safe: init --- makefu/5pkgs/gen-oath-safe/default.nix | 37 ++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 makefu/5pkgs/gen-oath-safe/default.nix diff --git a/makefu/5pkgs/gen-oath-safe/default.nix b/makefu/5pkgs/gen-oath-safe/default.nix new file mode 100644 index 000000000..245e65174 --- /dev/null +++ b/makefu/5pkgs/gen-oath-safe/default.nix @@ -0,0 +1,37 @@ +{ coreutils, makeWrapper, openssl, libcaca, qrencode, fetchFromGitHub, yubikey-manager, python, stdenv, ... }: + +stdenv.mkDerivation { + name = "geno-oath-safe-2017-06-30"; + src = fetchFromGitHub { + owner = "mcepl"; + repo = "gen-oath-safe"; + rev = "fb53841"; + sha256 = "0018kqmhg0861r5xkbis2a1rx49gyn0dxcyj05wap5ms7zz69m0m"; + }; + + phases = [ + "unpackPhase" + "installPhase" + "fixupPhase" + ]; + + buildInputs = [ makeWrapper ]; + + installPhase = + let + path = stdenv.lib.makeBinPath [ + coreutils + openssl + qrencode + yubikey-manager + libcaca + python + ]; + in + '' + mkdir -p $out/bin + cp gen-oath-safe $out/bin/ + wrapProgram $out/bin/gen-oath-safe \ + --prefix PATH : ${path} + ''; +} -- cgit v1.3.1 From 7cd2ff2679b688e8fa0c98bc9ecf1d99602c0421 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 30 Jun 2017 23:49:05 +0200 Subject: ma 2fa: init and enable for gum --- makefu/1systems/gum.nix | 3 +++ makefu/2configs/sshd-totp.nix | 18 ++++++++++++++++++ 2 files changed, 21 insertions(+) create mode 100644 makefu/2configs/sshd-totp.nix diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 519313f57..6e57d1404 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -26,6 +26,9 @@ in { ../2configs/tinc/retiolum.nix ../2configs/urlwatch.nix + # Security + ../2configs/sshd-totp.nix + # Tools ../2configs/tools/core.nix ../2configs/tools/dev.nix diff --git a/makefu/2configs/sshd-totp.nix b/makefu/2configs/sshd-totp.nix new file mode 100644 index 000000000..f9984e245 --- /dev/null +++ b/makefu/2configs/sshd-totp.nix @@ -0,0 +1,18 @@ +{ pkgs, ... }: +# Enables second factor for ssh password login + +## Usage: +# gen-oath-safe totp +## scan the qrcode with google authenticator (or FreeOTP) +## copy last line into secrets//users.oath (chmod 700) +{ + security.pam.oath = { + # enabling it will make it a requisite of `all` services + # enable = true; + digits = 6; + # TODO assert existing + usersFile = (toString ) + "/users.oath"; + }; + # I want TFA only active for sshd with password-auth + security.pam.services.sshd.oathAuth = true; +} -- cgit v1.3.1 From 09e31fb8a27d1f9f7acfc1f40f0b2ae598a22e34 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 1 Jul 2017 01:10:31 +0200 Subject: ma lancache: retab --- makefu/2configs/lanparty/lancache.nix | 59 ++++++++++++++++++----------------- 1 file changed, 30 insertions(+), 29 deletions(-) diff --git a/makefu/2configs/lanparty/lancache.nix b/makefu/2configs/lanparty/lancache.nix index ff5b0d788..3df2e3f59 100644 --- a/makefu/2configs/lanparty/lancache.nix +++ b/makefu/2configs/lanparty/lancache.nix @@ -36,38 +36,39 @@ let }; in { systemd.services.nginx-lancache = { - description = "Nginx lancache Server"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - restartIfChanged = true; + description = "Nginx lancache Server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + restartIfChanged = true; - preStart = '' - mkdir -p ${cfg.statedir} && cd ${cfg.statedir} - PATH_CACHE=$PATH_BASE/cache - PATH_LOGS=$PATH_BASE/logs + preStart = '' + mkdir -p ${cfg.statedir} && cd ${cfg.statedir} + PATH_CACHE=$PATH_BASE/cache + PATH_LOGS=$PATH_BASE/logs - mkdir -p cache/{installers,tmp} logs - rm -f conf; ln -s ${lancache} conf - chown -R ${cfg.user}:${cfg.group} . - ''; - serviceConfig = { - ExecStart = "${cfg.package}/bin/nginx -p ${cfg.statedir}"; - ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; - Restart = "always"; - RestartSec = "10s"; - StartLimitInterval = "1min"; - }; + mkdir -p cache/{installers,tmp} logs + rm -f conf; ln -s ${lancache} conf + chown -R ${cfg.user}:${cfg.group} . + ''; + serviceConfig = { + ExecStart = "${cfg.package}/bin/nginx -p ${cfg.statedir}"; + ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + Restart = "always"; + RestartSec = "10s"; + StartLimitInterval = "1min"; }; - environment.etc.nginx.source = lancache; - users.extraUsers = (singleton - { name = cfg.user; - group = cfg.group; - uid = genid cfg.group; - }); + }; - users.extraGroups = (singleton - { name = "${cfg.group}"; - gid = genid cfg.group; - }); + environment.etc.nginx.source = lancache; + users.extraUsers = (singleton + { name = cfg.user; + group = cfg.group; + uid = genid cfg.group; + }); + users.extraGroups = (singleton + { name = "${cfg.group}"; + gid = genid cfg.group; + }); + networking.firewall.allowedTCPPorts = [ 80 443 ]; } -- cgit v1.3.1 From 4d9d70c6cc7c47cf62a83e838d70134c33594065 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 1 Jul 2017 01:11:31 +0200 Subject: ma: add gen-oath-safe to dev tools --- makefu/2configs/tools/dev.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index e40f5b36f..42006eb22 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -14,5 +14,6 @@ ovh-zone whatsupnix brain + gen-oath-safe ]; } -- cgit v1.3.1 From d95039620550368bcee37f74d9828db97d38722f Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 1 Jul 2017 01:12:52 +0200 Subject: ma vbob: enable totp --- makefu/1systems/vbob.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix index b79ec64c0..d8e275bf6 100644 --- a/makefu/1systems/vbob.nix +++ b/makefu/1systems/vbob.nix @@ -8,6 +8,7 @@ (toString ) (toString ) ../2configs/main-laptop.nix #< base-gui + ../2configs/sshd-totp.nix # Tools ../2configs/tools/core.nix -- cgit v1.3.1 From 38a9f8f6d51bbaa83c7bbd50525844a3039f53fc Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 1 Jul 2017 01:13:28 +0200 Subject: ma x.r: enable 2fa for sshd --- makefu/1systems/x.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix index b37c32944..235862e85 100644 --- a/makefu/1systems/x.nix +++ b/makefu/1systems/x.nix @@ -19,6 +19,8 @@ with import ; # ../2configs/disable_v6.nix # Testing + # ../2configs/lanparty/lancache.nix + # ../2configs/lanparty/lancache-dns.nix # ../2configs/deployment/dirctator.nix # ../2configs/vncserver.nix # ../2configs/deployment/led-fader @@ -58,6 +60,9 @@ with import ; # Filesystem ../2configs/fs/sda-crypto-root-home.nix + # Security + ../2configs/sshd-totp.nix + ]; makefu.server.primary-itf = "wlp3s0"; -- cgit v1.3.1 From 4f1821f3971708a8f7d4db5f15b8c9651138518d Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 2 Jul 2017 00:09:16 +0200 Subject: tv: turn pkgs into an overlay --- tv/5pkgs/default.nix | 88 ++++++++++++++++++++++++++++++---------------------- tv/default.nix | 4 +-- 2 files changed, 53 insertions(+), 39 deletions(-) diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index ae47ab0f3..284e42a79 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -1,40 +1,54 @@ -{ config, pkgs, ... }: with import ; -{ - nixpkgs.config.packageOverrides = super: let - - # This callPackage will try to detect obsolete overrides. - callPackage = path: args: let - override = super.callPackage path args; - upstream = optionalAttrs (override ? "name") - (super.${(parseDrvName override.name).name} or {}); - in if upstream ? "name" && - override ? "name" && - compareVersions upstream.name override.name != -1 - then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override - else override; - - in {} - // mapAttrs (_: flip callPackage {}) - (filterAttrs (_: dir: pathExists (dir + "/default.nix")) - (subdirsOf ./.)) - // { - # TODO use XDG_RUNTIME_DIR? - cr = pkgs.writeDashBin "cr" '' - set -efu - export LC_TIME=de_DE.utf8 - exec ${pkgs.chromium}/bin/chromium \ - --ssl-version-min=tls1 \ - --disk-cache-dir=/tmp/chromium-disk-cache_"$LOGNAME" \ - --disk-cache-size=50000000 \ - "$@" - ''; - ejabberd = callPackage ./ejabberd { - erlang = pkgs.erlangR16; - }; - ff = pkgs.writeDashBin "ff" '' - exec ${pkgs.firefoxWrapper}/bin/firefox "$@" - ''; - gnupg = pkgs.gnupg21; +self: super: let + + # This callPackage will try to detect obsolete overrides. + callPackage = path: args: let + override = super.callPackage path args; + upstream = optionalAttrs (override ? "name") + (super.${(parseDrvName override.name).name} or {}); + in if upstream ? "name" && + override ? "name" && + compareVersions upstream.name override.name != -1 + then + trace + "Upstream `${upstream.name}' gets overridden by `${override.name}'." + override + else override; + +in { + + # TODO use XDG_RUNTIME_DIR? + cr = self.writeDashBin "cr" '' + set -efu + export LC_TIME=de_DE.utf8 + exec ${self.chromium}/bin/chromium \ + --ssl-version-min=tls1 \ + --disk-cache-dir=/tmp/chromium-disk-cache_"$LOGNAME" \ + --disk-cache-size=50000000 \ + "$@" + ''; + + ejabberd = callPackage ./ejabberd { + erlang = self.erlangR16; }; + + ff = self.writeDashBin "ff" '' + exec ${self.firefoxWrapper}/bin/firefox "$@" + ''; + + gnupg = self.gnupg21; + + # https://github.com/NixOS/nixpkgs/issues/16113 + wvdial = let + nixpkgs-1509 = import (self.fetchFromGitHub { + owner = "NixOS"; repo = "nixpkgs-channels"; + rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda"; + sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73"; + }) {}; + in nixpkgs-1509.wvdial; + } + +// mapAttrs (_: flip callPackage {}) + (filterAttrs (_: dir: pathExists (dir + "/default.nix")) + (subdirsOf ./.)) diff --git a/tv/default.nix b/tv/default.nix index b1c7c1be8..d077cc09f 100644 --- a/tv/default.nix +++ b/tv/default.nix @@ -1,9 +1,9 @@ -_: +{ pkgs, ... }: { imports = [ ../krebs ./2configs ./3modules - ./5pkgs ]; + nixpkgs.config.packageOverrides = import ./5pkgs pkgs; } -- cgit v1.3.1 From 01a4ed89c72af0beefd2ba4bcd894017002720ff Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 2 Jul 2017 12:41:14 +0200 Subject: gum.r: provide iodine endpoint gum now runs io.krebsco.de (was configured before but not exposed via the DNS zone file) --- krebs/3modules/makefu/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 4c0ce0fe3..c517ac1d8 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -308,7 +308,6 @@ with import ; extraZones = { "krebsco.de" = '' wry IN A ${nets.internet.ip4.addr} - io IN NS wry.krebsco.de. tinc IN A ${nets.internet.ip4.addr} ''; }; @@ -470,6 +469,7 @@ with import ; wiki.euer IN A ${nets.internet.ip4.addr} graph IN A ${nets.internet.ip4.addr} ghook IN A ${nets.internet.ip4.addr} + io IN NS gum.krebsco.de. ''; }; nets = rec { -- cgit v1.3.1 From c36d644059049dba69cf4e5a072f2c5b4c6f5856 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 2 Jul 2017 21:06:04 +0200 Subject: urlwatch: set dataDir to home of urlwatch user otherwise /var/empty will be used which then will clash with exim which tries to create Maildir in this folder explicitly setting the home directory in users also avoids the usage of execstartpre in favor of createHome --- krebs/3modules/urlwatch.nix | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix index c06e5ddb1..380e30ae3 100644 --- a/krebs/3modules/urlwatch.nix +++ b/krebs/3modules/urlwatch.nix @@ -142,17 +142,6 @@ let PrivateTmp = "true"; SyslogIdentifier = "urlwatch"; Type = "oneshot"; - ExecStartPre = - pkgs.writeDash "urlwatch-prestart" '' - set -euf - - dataDir=$HOME - - if ! test -e "$dataDir"; then - mkdir -m 0700 -p "$dataDir" - chown ${user.name}: "$dataDir" - fi - ''; ExecStart = pkgs.writeDash "urlwatch" '' set -euf @@ -185,6 +174,8 @@ let }; users.extraUsers = singleton { inherit (user) name uid; + home = cfg.dataDir; + createHome = true; }; }; -- cgit v1.3.1 From b4bcf2b0a4dd5fbc69a4b539b32f82fb3eccc4a2 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 2 Jul 2017 23:06:36 +0200 Subject: ma urlwatch: use hook for json api --- makefu/2configs/urlwatch.nix | 27 --------------------------- makefu/2configs/urlwatch/default.nix | 35 +++++++++++++++++++++++++++++++++++ makefu/2configs/urlwatch/hook.py | 12 ++++++++++++ 3 files changed, 47 insertions(+), 27 deletions(-) delete mode 100644 makefu/2configs/urlwatch.nix create mode 100644 makefu/2configs/urlwatch/default.nix create mode 100644 makefu/2configs/urlwatch/hook.py diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix deleted file mode 100644 index 9493b2b7b..000000000 --- a/makefu/2configs/urlwatch.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, lib, ... }: - -{ - krebs.urlwatch = { - enable = true; - mailto = config.krebs.users.makefu.mail; - onCalendar = "*-*-* 05:00:00"; - urls = [ - ## nixpkgs maintenance - https://api.github.com/repos/ovh/python-ovh/tags - https://api.github.com/repos/embray/d2to1/tags - https://api.github.com/repos/Mic92/vicious/tags - https://pypi.python.org/simple/bepasty/ - https://pypi.python.org/simple/xstatic/ - http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/ - http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/ - https://github.com/amadvance/snapraid/releases.atom - https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack - https://api.github.com/repos/embray/d2to1/tags - https://api.github.com/repos/dorimanx/exfat-nofuse/commits - https://api.github.com/repos/dorimanx/exfat-nofuse/tags - https://api.github.com/repos/radare/radare2/tags - https://api.github.com/repos/rapid7/metasploit-framework/tags - ]; - }; -} - diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix new file mode 100644 index 000000000..54c8ee924 --- /dev/null +++ b/makefu/2configs/urlwatch/default.nix @@ -0,0 +1,35 @@ +{ config, lib, ... }: + +{ + krebs.urlwatch = { + enable = true; + mailto = config.krebs.users.makefu.mail; + onCalendar = "*-*-* 05:00:00"; + hooksFile = ./hook.py; + urls = [ + ## nixpkgs maintenance + https://api.github.com/repos/ovh/python-ovh/tags + https://api.github.com/repos/embray/d2to1/tags + https://api.github.com/repos/Mic92/vicious/tags + https://pypi.python.org/simple/bepasty/ + https://pypi.python.org/simple/xstatic/ + https://pypi.python.org/simple/devpi-client/ + http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/ + http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/ + https://github.com/amadvance/snapraid/releases.atom + https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack + https://api.github.com/repos/embray/d2to1/tags + https://api.github.com/repos/dorimanx/exfat-nofuse/commits + https://api.github.com/repos/dorimanx/exfat-nofuse/tags + https://api.github.com/repos/radare/radare2/tags + https://api.github.com/repos/rapid7/metasploit-framework/tags + https://api.github.com/repos/mcepl/gen-oath-safe/commits + https://api.github.com/repos/naim94a/udpt/commits + https://git.tasktools.org/TM/taskd/info/refs?service=git-upload-pack + https://api.github.com/repos/dirkvdb/ps3netsrv--/commits + # TODO: dymo cups + + ]; + }; +} + diff --git a/makefu/2configs/urlwatch/hook.py b/makefu/2configs/urlwatch/hook.py new file mode 100644 index 000000000..fc598423f --- /dev/null +++ b/makefu/2configs/urlwatch/hook.py @@ -0,0 +1,12 @@ +import logging +logging.basicConfig(level=logging.INFO) +log = logging.getLogger() +# log.setLevel(level=logging.INFO) +def filter(url, data): + log.info("handling url '{}'".format(url)) + if "api.github.com" in url: + import json + log.info("url is a github api link, assuming json") + return json.dumps(json.loads(data),indent=2) + + return data -- cgit v1.3.1 From 5c26d65ae48aa73c8a738e4ef22dcb3ad6daa00d Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 2 Jul 2017 23:08:09 +0200 Subject: urlwatch: filter _module with kv before this commit { url= ...; filter=... } didn't work because the result contained _module --- krebs/3modules/urlwatch.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix index 380e30ae3..463fa26ba 100644 --- a/krebs/3modules/urlwatch.nix +++ b/krebs/3modules/urlwatch.nix @@ -60,6 +60,7 @@ let description = "URL to watch."; example = [ https://nixos.org/channels/nixos-unstable/git-revision + { url = http://localhost ; filter = "grep:important.*stuff"; } ]; apply = map (x: getAttr (typeOf x) { set = x; @@ -79,7 +80,8 @@ let }; urlsFile = pkgs.writeText "urls" - (concatMapStringsSep "\n---\n" toJSON cfg.urls); + (concatMapStringsSep "\n---\n" + (x: toJSON (filterAttrs (n: v: n != "_module") x)) cfg.urls); hooksFile = cfg.hooksFile; -- cgit v1.3.1 From 2eb910183a92bd6e8d3796d821c783d878ae956b Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 2 Jul 2017 23:09:12 +0200 Subject: ma urlwatch: refactor --- makefu/2configs/urlwatch/default.nix | 36 +++++++++++++++++++++++------------- makefu/2configs/urlwatch/hook.py | 22 +++++++++++++--------- 2 files changed, 36 insertions(+), 22 deletions(-) diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix index 54c8ee924..f17bcdc3a 100644 --- a/makefu/2configs/urlwatch/default.nix +++ b/makefu/2configs/urlwatch/default.nix @@ -8,27 +8,37 @@ hooksFile = ./hook.py; urls = [ ## nixpkgs maintenance - https://api.github.com/repos/ovh/python-ovh/tags - https://api.github.com/repos/embray/d2to1/tags - https://api.github.com/repos/Mic92/vicious/tags + # github + ## No rate limit + https://github.com/amadvance/snapraid/releases.atom + https://github.com/radare/radare2/releases.atom + https://github.com/ovh/python-ovh/releases.atom + https://github.com/embray/d2to1/releases.atom + https://github.com/Mic92/vicious/releases.atom + https://github.com/embray/d2to1/releases.atom + https://github.com/dorimanx/exfat-nofuse/releases.atom + https://github.com/rapid7/metasploit-framework/releases.atom + ## rate limited + # https://api.github.com/repos/dorimanx/exfat-nofuse/commits + # https://api.github.com/repos/mcepl/gen-oath-safe/commits + https://api.github.com/repos/naim94a/udpt/commits + https://api.github.com/repos/dirkvdb/ps3netsrv--/commits + + # pypi https://pypi.python.org/simple/bepasty/ https://pypi.python.org/simple/xstatic/ https://pypi.python.org/simple/devpi-client/ + # weird shit http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/ http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/ - https://github.com/amadvance/snapraid/releases.atom https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack - https://api.github.com/repos/embray/d2to1/tags - https://api.github.com/repos/dorimanx/exfat-nofuse/commits - https://api.github.com/repos/dorimanx/exfat-nofuse/tags - https://api.github.com/repos/radare/radare2/tags - https://api.github.com/repos/rapid7/metasploit-framework/tags - https://api.github.com/repos/mcepl/gen-oath-safe/commits - https://api.github.com/repos/naim94a/udpt/commits https://git.tasktools.org/TM/taskd/info/refs?service=git-upload-pack - https://api.github.com/repos/dirkvdb/ps3netsrv--/commits - # TODO: dymo cups + { + url = https://newellrubbermaid.secure.force.com/dymopkb/articles/en_US/FAQ/Dymo-Drivers-and-Downloads/?l=en_US&c=Segment:Dymo&fs=Search&pn=1 ; + filter = "grep:Software/Linux/dymo-cups-drivers"; + } + # TODO: dymo cups ]; }; } diff --git a/makefu/2configs/urlwatch/hook.py b/makefu/2configs/urlwatch/hook.py index fc598423f..7d9282c7e 100644 --- a/makefu/2configs/urlwatch/hook.py +++ b/makefu/2configs/urlwatch/hook.py @@ -1,12 +1,16 @@ import logging logging.basicConfig(level=logging.INFO) log = logging.getLogger() -# log.setLevel(level=logging.INFO) -def filter(url, data): - log.info("handling url '{}'".format(url)) - if "api.github.com" in url: - import json - log.info("url is a github api link, assuming json") - return json.dumps(json.loads(data),indent=2) - - return data +log.setLevel(level=logging.INFO) + +import re +import json + +from urlwatch import filters + + +class JsonFilter(filters.RegexMatchFilter): + MATCH = {'url': re.compile('https?://api.github.com/.*')} + + def filter(self, data): + return json.dumps(json.loads(data),indent=2,sort_keys=True) -- cgit v1.3.1 From 5f3bece0d647f65c2354ae0944a50d775a3b488e Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 2 Jul 2017 23:09:30 +0200 Subject: ma gum: use urlwatch folder --- makefu/1systems/gum.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 6e57d1404..51761d3fd 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -24,7 +24,7 @@ in { # ../2configs/disable_v6.nix ../2configs/exim-retiolum.nix ../2configs/tinc/retiolum.nix - ../2configs/urlwatch.nix + ../2configs/urlwatch # Security ../2configs/sshd-totp.nix -- cgit v1.3.1 From 70e5b248691010a81a121d206d039cce816a8a79 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 3 Jul 2017 00:07:38 +0200 Subject: l prism.r: fetch nixpkgs only once per day --- lass/1systems/prism.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index af847333d..531dec9df 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -229,6 +229,10 @@ in { OnUnitInactiveSec = "2min"; RandomizedDelaySec = "2min"; }; + krebs.repo-sync.repos.nixpkgs.timerConfig = { + OnBootSec = "90min"; + OnUnitInactiveSec = "24h"; + }; } { lass.usershadow = { -- cgit v1.3.1 From ed257db34c2225c26912ad05e31493f94b6897d7 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 3 Jul 2017 08:26:33 +0200 Subject: ma: nixpkgs -> 06734d --- makefu/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index bcd998826..0b4ef8909 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -22,7 +22,7 @@ with import ; user = config.krebs.users.makefu; source = let inherit (config.krebs.build) host user; - ref = "7a7c39c"; # unstable @ 2017-05-09 + graceful requests2 + logstash5 + ref = "06734d1"; # unstable @ 2017-07-03 + graceful requests2 (a772c3aa) in { nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then { -- cgit v1.3.1 From d3af8d37f8e3d806ca3744b7086f8d5e30f72875 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 3 Jul 2017 11:44:47 +0200 Subject: ma x230/pulseaudio: use extraConfig --- makefu/2configs/hw/tp-x230.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/makefu/2configs/hw/tp-x230.nix b/makefu/2configs/hw/tp-x230.nix index 2de32dd94..c705b52a7 100644 --- a/makefu/2configs/hw/tp-x230.nix +++ b/makefu/2configs/hw/tp-x230.nix @@ -44,8 +44,7 @@ with import ; ''; # enable HDMI output switching with pulseaudio - hardware.pulseaudio.configFile = pkgs.writeText "pulse-default-pa" '' - ${builtins.readFile "${config.hardware.pulseaudio.package.out}/etc/pulse/default.pa"} + hardware.pulseaudio.extraConfig = '' load-module module-alsa-sink device=hw:0,3 sink_properties=device.description="HDMIOutput" sink_name="HDMI" ''; -- cgit v1.3.1 From 9adfb0d7f2bc70a78f08f078625beec1d067e596 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 4 Jul 2017 16:35:27 +0200 Subject: l shodan.r: install wine --- lass/1systems/shodan.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index dca616936..044e2ccf8 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -13,6 +13,7 @@ with import ; ../2configs/programs.nix ../2configs/fetchWallpaper.nix ../2configs/backups.nix + ../2configs/wine.nix #{ # users.extraUsers = { # root = { -- cgit v1.3.1 From 1f755eac1f1b5cc7dd00279c1628ebea7b5de0df Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 4 Jul 2017 16:39:10 +0200 Subject: l buildbot: refactor to use nix-shell --- lass/2configs/buildbot-standalone.nix | 76 +++++++++-------------------------- 1 file changed, 18 insertions(+), 58 deletions(-) diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 449feb382..6c2a92c08 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -56,51 +56,6 @@ in { mode='full' ) - # TODO: get nixpkgs/stockholm paths from krebs - env_lass = { - "LOGNAME": "lass", - "NIX_REMOTE": "daemon", - "dummy_secrets": "true", - } - env_makefu = { - "LOGNAME": "makefu", - "NIX_REMOTE": "daemon", - "dummy_secrets": "true", - } - env_nin = { - "LOGNAME": "nin", - "NIX_REMOTE": "daemon", - "dummy_secrets": "true", - } - env_shared = { - "LOGNAME": "shared", - "NIX_REMOTE": "daemon", - "dummy_secrets": "true", - } - env_tv = { - "LOGNAME": "tv", - "NIX_REMOTE": "daemon", - "dummy_secrets": "true", - } - - # prepare nix-shell - # the dependencies which are used by the test script - deps = [ - "gnumake", - "jq", - "nix", - "(import ).pkgs.populate", - "openssh" - ] - # TODO: --pure , prepare ENV in nix-shell command: - # SSL_CERT_FILE,LOGNAME,NIX_REMOTE - nixshell = [ - "nix-shell", - "-I", "/var/src", - "-I", "stockholm=.", - "-p" - ] + deps + [ "--run" ] - # prepare addShell function def addShell(factory,**kwargs): factory.addStep(steps.ShellCommand(**kwargs)) @@ -110,30 +65,35 @@ in { f = util.BuildFactory() f.addStep(grab_repo) - def build_host(env, host): - addShell(f,name="build-{}".format(i),env=env, - command=nixshell + ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ - echo $HOME; echo $LOGNAME; \ - test -e $HOME/$LOGNAME/nixpkgs || cp -r /var/src/nixpkgs $HOME/$LOGNAME/; \ - make NIX_PATH=$HOME/$LOGNAME:secrets=/var/src/stockholm/null test method=build \ - target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \ - system={}".format(host)] + def build_host(user, host): + addShell(f, + name="{}".format(i), + env={ + "LOGNAME": user, + "NIX_PATH": "secrets=/var/src/stockholm/null:/var/src", + "NIX_REMOTE": "daemon", + "dummy_secrets": "true", + }, + command=[ + "nix-shell", "--run", + "test --system={} --target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME".format(host) + ] ) for i in [ "mors", "uriel", "shodan", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]: - build_host(env_lass, i) + build_host("lass", i) for i in [ "x", "wry", "vbob", "wbob", "shoney" ]: - build_host(env_makefu, i) + build_host("makefu", i) for i in [ "hiawatha", "onondaga" ]: - build_host(env_nin, i) + build_host("nin", i) for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" ]: - build_host(env_shared, i) + build_host("shared", i) for i in [ "alnus", "mu", "nomic", "wu", "xu", "zu" ]: - build_host(env_tv, i) + build_host("tv", i) bu.append( util.BuilderConfig( -- cgit v1.3.1 From 589440efcc2644c6d1cb7364ea56083a6541ae99 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 4 Jul 2017 16:40:07 +0200 Subject: l mail: sort = threads as default --- lass/2configs/mail.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index feb532709..e39c09b84 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -48,6 +48,8 @@ let set use_from=yes set envelope_from=yes + set sort=threads + set index_format="%4C %Z %?GI?%GI& ? %[%d/%b] %-16.15F %?M?(%3M)& ? %s %> %?g?%g?" virtual-mailboxes \ -- cgit v1.3.1 From dad5dc23cc4883b40299436616220410e6b1cb05 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 4 Jul 2017 16:42:10 +0200 Subject: l nixpkgs: 0a4db15 -> 2e983f1 --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 1c68d58d5..151242e45 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://cgit.lassul.us/nixpkgs; - ref = "0a4db15"; + ref = "2e983f1"; }; } -- cgit v1.3.1 From 04f315090f024cffacc489157702a5ea3a9757e3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 4 Jul 2017 16:42:41 +0200 Subject: l domsen-websites: add some new domains --- lass/2configs/websites/domsen.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index aaf311576..36ded3b30 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -61,6 +61,11 @@ in { "karlaskop.ubikmedia.de" "nb.ubikmedia.de" "youthtube.ubikmedia.de" + "weirdwednesday.ubikmedia.de" + "weirdwednesday.de" + "www.weirdwednesday.de" + "freemonkey.ubikmedia.de" + "jarugadesign.ubikmedia.de" ]) ]; -- cgit v1.3.1 From b338c2e73c30368d5288b0b1e222c0113cb55b0c Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 4 Jul 2017 16:43:03 +0200 Subject: l default.nix: don't set stockholm.file --- lass/2configs/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index d7deb3165..27b74a30b 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -79,7 +79,6 @@ with import ; if getEnv "dummy_secrets" == "true" then toString else "/home/lass/secrets/${host.name}"; - stockholm.file = getEnv "PWD"; }; }; }; -- cgit v1.3.1 From e86202da34332c6cd1a270a6d6b105dd2fb6e888 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 4 Jul 2017 17:39:43 +0200 Subject: pkgs.ucspi-tcp: init current stable of this pkg is broken, so we vendor it in nixpkgs. We removed the setuid bit from the build binaries --- krebs/5pkgs/simple/ucspi-tcp/chmod.patch | 15 ++++++ krebs/5pkgs/simple/ucspi-tcp/default.nix | 86 ++++++++++++++++++++++++++++++++ 2 files changed, 101 insertions(+) create mode 100644 krebs/5pkgs/simple/ucspi-tcp/chmod.patch create mode 100644 krebs/5pkgs/simple/ucspi-tcp/default.nix diff --git a/krebs/5pkgs/simple/ucspi-tcp/chmod.patch b/krebs/5pkgs/simple/ucspi-tcp/chmod.patch new file mode 100644 index 000000000..dd6933208 --- /dev/null +++ b/krebs/5pkgs/simple/ucspi-tcp/chmod.patch @@ -0,0 +1,15 @@ +diff --git a/hier.c b/hier.c +index 5663ada..1d73b84 100644 +--- a/hier.c ++++ b/hier.c +@@ -2,8 +2,8 @@ + + void hier() + { +- h(auto_home,-1,-1,02755); +- d(auto_home,"bin",-1,-1,02755); ++ h(auto_home,-1,-1,0755); ++ d(auto_home,"bin",-1,-1,0755); + + c(auto_home,"bin","tcpserver",-1,-1,0755); + c(auto_home,"bin","tcprules",-1,-1,0755); diff --git a/krebs/5pkgs/simple/ucspi-tcp/default.nix b/krebs/5pkgs/simple/ucspi-tcp/default.nix new file mode 100644 index 000000000..3b043be06 --- /dev/null +++ b/krebs/5pkgs/simple/ucspi-tcp/default.nix @@ -0,0 +1,86 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + name = "ucspi-tcp-0.88"; + + src = fetchurl { + url = "http://cr.yp.to/ucspi-tcp/${name}.tar.gz"; + sha256 = "171yl9kfm8w7l17dfxild99mbf877a9k5zg8yysgb1j8nz51a1ja"; + }; + + # Plain upstream tarball doesn't build, get patches from Debian + patches = [ + (fetchurl { + url = "http://ftp.de.debian.org/debian/pool/main/u/ucspi-tcp/ucspi-tcp_0.88-3.diff.gz"; + sha256 = "0mzmhz8hjkrs0khmkzs5i0s1kgmgaqz07h493bd5jj5fm5njxln6"; + }) + ./chmod.patch + ]; + + # Apply Debian patches + postPatch = '' + for fname in debian/diff/*.diff; do + echo "Applying patch $fname" + patch < "$fname" + done + ''; + + # The build system is weird; 'make install' doesn't install anything, instead + # it builds an executable called ./install (from C code) which installs + # binaries to the directory given on line 1 in ./conf-home. + # + # Also, assume getgroups and setgroups work, instead of doing a build time + # test that breaks on NixOS (I think because nixbld users lack CAP_SETGID + # capability). + preBuild = '' + echo "$out" > conf-home + + echo "main() { return 0; }" > chkshsgr.c + ''; + + installPhase = '' + mkdir -p "$out/bin" + mkdir -p "$out/share/man/man1" + + # run the newly built installer + ./install + + # Install Debian man pages (upstream has none) + cp debian/ucspi-tcp-man/*.1 "$out/share/man/man1" + ''; + + meta = with stdenv.lib; { + description = "Command-line tools for building TCP client-server applications"; + longDescription = '' + tcpserver waits for incoming connections and, for each connection, runs a + program of your choice. Your program receives environment variables + showing the local and remote host names, IP addresses, and port numbers. + + tcpserver offers a concurrency limit to protect you from running out of + processes and memory. When you are handling 40 (by default) simultaneous + connections, tcpserver smoothly defers acceptance of new connections. + + tcpserver also provides TCP access control features, similar to + tcp-wrappers/tcpd's hosts.allow but much faster. Its access control rules + are compiled into a hashed format with cdb, so it can easily deal with + thousands of different hosts. + + This package includes a recordio tool that monitors all the input and + output of a server. + + tcpclient makes a TCP connection and runs a program of your choice. It + sets up the same environment variables as tcpserver. + + This package includes several sample clients built on top of tcpclient: + who@, date@, finger@, http@, tcpcat, and mconnect. + + tcpserver and tcpclient conform to UCSPI, the UNIX Client-Server Program + Interface, using the TCP protocol. UCSPI tools are available for several + different networks. + ''; + homepage = http://cr.yp.to/ucspi-tcp.html; + license = licenses.publicDomain; + platforms = platforms.linux; + maintainers = [ maintainers.bjornfor ]; + }; +} -- cgit v1.3.1 From 438fdd2bd8e363567f544966e49d00f728921301 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 4 Jul 2017 18:08:32 +0200 Subject: shared nixpkgs: 58e2270 -> 72c9ed7 --- shared/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/2configs/default.nix b/shared/2configs/default.nix index 894f8a997..398f125e4 100644 --- a/shared/2configs/default.nix +++ b/shared/2configs/default.nix @@ -11,7 +11,7 @@ with import ; nixos-config.symlink = "stockholm/${user.name}/1systems/${host.name}.nix"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "58e227052d40021d82d015f3f8da011ae54ea430"; # nixos-17.03 @ 2017-05-24 + ref = "72c9ed78d0b1d9d5f531805ddf5bf06bfd447614"; # nixos-17.03 @ 2017-06-17 }; secrets.file = if getEnv "dummy_secrets" == "true" -- cgit v1.3.1