From 7a53169d3ab17125c9966eea54482aeb89b0433a Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 6 Mar 2018 21:12:30 +0100 Subject: kops: init at 1.0.0 --- krebs/5pkgs/simple/kops.nix | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 krebs/5pkgs/simple/kops.nix diff --git a/krebs/5pkgs/simple/kops.nix b/krebs/5pkgs/simple/kops.nix new file mode 100644 index 000000000..a6c82f3ca --- /dev/null +++ b/krebs/5pkgs/simple/kops.nix @@ -0,0 +1,7 @@ +{ fetchgit, ... }: + +fetchgit { + url = https://cgit.krebsco.de/kops; + rev = "refs/tags/v1.0.0"; + sha256 = "0wg8d80sxa46z4i7ir79sci2hwmv3qskzqdg0si64p6vazy8vckb"; +} -- cgit v1.2.3 From 2e8dd5027bb71f1a329f63e2035f24647843c67e Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 18 Mar 2018 20:37:48 +0100 Subject: ma bluetooth-mpd: make abstract --- makefu/1systems/omo/config.nix | 8 ++++- makefu/1systems/wbob/config.nix | 61 +------------------------------- makefu/2configs/bluetooth-mpd.nix | 74 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 82 insertions(+), 61 deletions(-) create mode 100644 makefu/2configs/bluetooth-mpd.nix diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 01438397e..c31d27c8f 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -9,7 +9,7 @@ let keyFile = byid "usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0"; rootDisk = byid "ata-SanDisk_SD8SNAT128G1122_162099420904"; rootPartition = byid "ata-SanDisk_SD8SNAT128G1122_162099420904-part2"; - primaryInterface = "enp1s0"; + primaryInterface = "enp2s0"; # cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512 # cryptsetup luksAddKey $dev tmpkey # cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096 @@ -54,6 +54,7 @@ in { # # + # @@ -72,6 +73,11 @@ in { + + { + hardware.pulseaudio.systemWide = true; + makefu.mpd.musicDirectory = "/media/cryptX/music"; + } # security diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index 637d8e2d8..cfbcf0e9c 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -32,66 +32,7 @@ in { - (let - musicDirectory = "/data/music"; - in { - services.mpd = { - enable = true; - inherit musicDirectory; - # dataDir = "/home/anders/.mpd"; - network.listenAddress = "any"; - extraConfig = '' - audio_output { - type "pulse" - name "Local MPD" - server "127.0.0.1" - } - ''; - }; - # open because of truestedInterfaces - # networking.firewall.allowedTCPPorts = [ 6600 4713 ]; - services.samba.shares.music = { - path = musicDirectory; - "read only" = "no"; - browseable = "yes"; - "guest ok" = "yes"; - }; - - sound.enable = true; - hardware.pulseaudio = { - enable = true; - package = pkgs.pulseaudioFull; - # systemWide = true; - support32Bit = true; - zeroconf.discovery.enable = true; - zeroconf.publish.enable = true; - tcp = { - enable = true; - anonymousClients.allowAll = true; - anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.8.0/24" ]; - }; - configFile = pkgs.writeText "default.pa" '' - load-module module-udev-detect - load-module module-bluetooth-policy - load-module module-bluetooth-discover - load-module module-native-protocol-unix - load-module module-always-sink - load-module module-console-kit - load-module module-systemd-login - load-module module-intended-roles - load-module module-position-event-sounds - load-module module-filter-heuristics - load-module module-filter-apply - load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 - load-module module-switch-on-connect - # may be required for "system-wide" pulse to connect to bluetooth - #module-bluez5-device - #module-bluez5-discover - ''; - }; - # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio - hardware.bluetooth.enable = true; - }) + # Sensors diff --git a/makefu/2configs/bluetooth-mpd.nix b/makefu/2configs/bluetooth-mpd.nix new file mode 100644 index 000000000..f7fa999ca --- /dev/null +++ b/makefu/2configs/bluetooth-mpd.nix @@ -0,0 +1,74 @@ +{ pkgs, config, lib, ... }: + +let + cfg = config.makefu.mpd; +in { + options.makefu.mpd.musicDirectory = lib.mkOption { + description = "music Directory"; + default = "/data/music"; + type = lib.types.str; + }; + config = { + services.mpd = { + enable = true; + inherit (cfg) musicDirectory; + network.listenAddress = "0.0.0.0"; + extraConfig = '' + audio_output { + type "pulse" + name "Local MPD" + server "127.0.0.1" + } + ''; + }; + # open because of truestedInterfaces + # networking.firewall.allowedTCPPorts = [ 6600 4713 ]; + services.samba.shares.music = { + path = cfg.musicDirectory; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + + sound.enable = true; + hardware.pulseaudio = { + enable = true; + package = pkgs.pulseaudioFull; + # systemWide = true; + support32Bit = true; + zeroconf.discovery.enable = true; + zeroconf.publish.enable = true; + tcp = { + enable = true; + # PULSE_SERVER=192.168.1.11 pavucontrol + anonymousClients.allowAll = true; + # anonymousClients.allowedIpRanges = [ "127.0.0.1" ]; + }; + configFile = pkgs.writeText "default.pa" '' + load-module module-udev-detect + load-module module-bluetooth-policy + load-module module-bluetooth-discover + load-module module-native-protocol-unix + load-module module-always-sink + load-module module-console-kit + load-module module-systemd-login + load-module module-intended-roles + load-module module-position-event-sounds + load-module module-filter-heuristics + load-module module-filter-apply + # will be enabled by pulseaudio.tcp.enable + # load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 + load-module module-switch-on-connect + # may be required for "system-wide" pulse to connect to bluetooth + #module-bluez5-device + #module-bluez5-discover + ''; + }; + # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio + hardware.bluetooth.enable = true; + #hardware.bluetooth.extraConfig = '' + # [general] + # Enable=Source,Sink,Media,Socket + #''; + }; +} -- cgit v1.2.3 From 78486827c3ed1e7d5777a41d2b6798a9b61ae8d4 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 18 Mar 2018 20:38:48 +0100 Subject: ma bluetooth-mpd: remove obsolete comments --- makefu/2configs/bluetooth-mpd.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/makefu/2configs/bluetooth-mpd.nix b/makefu/2configs/bluetooth-mpd.nix index f7fa999ca..226f5cf1f 100644 --- a/makefu/2configs/bluetooth-mpd.nix +++ b/makefu/2configs/bluetooth-mpd.nix @@ -42,7 +42,6 @@ in { enable = true; # PULSE_SERVER=192.168.1.11 pavucontrol anonymousClients.allowAll = true; - # anonymousClients.allowedIpRanges = [ "127.0.0.1" ]; }; configFile = pkgs.writeText "default.pa" '' load-module module-udev-detect @@ -56,12 +55,7 @@ in { load-module module-position-event-sounds load-module module-filter-heuristics load-module module-filter-apply - # will be enabled by pulseaudio.tcp.enable - # load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 load-module module-switch-on-connect - # may be required for "system-wide" pulse to connect to bluetooth - #module-bluez5-device - #module-bluez5-discover ''; }; # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio -- cgit v1.2.3 From 26eb236cd9cce469be2a7cb227083742e037fac8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 17:22:14 +0100 Subject: nixpkgs: c5bc83b -> 2a32f6b (18.03) --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index 733601a21..e12175b66 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -24,7 +24,7 @@ in stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "c665fcca9e7be8cd06c1f3c5bbe2b00d4c8f2a92"; # nixos-17.09 @ 2018-03-18 + ref = "2a32f6bc0ccfbe8f158a40b96d828fbba921fd54"; # nixos-18.03 # 2018-03-16 }; } override -- cgit v1.2.3 From e5f3827fc84ba1c769c1422d92fa93ebcb0fc5d1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 17:31:59 +0100 Subject: os-release: follow renamed modules --- krebs/3modules/os-release.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/os-release.nix b/krebs/3modules/os-release.nix index 8f71a357f..5fbfe6614 100644 --- a/krebs/3modules/os-release.nix +++ b/krebs/3modules/os-release.nix @@ -1,8 +1,11 @@ { config, ... }: with import ; let - nixos-version-id = "${config.system.nixosVersion}"; - nixos-version = "${nixos-version-id} (${config.system.nixosCodeName})"; + nixos-version-id = if (hasAttr "nixos" config.system) then + "${config.system.nixos.version}" else "${config.system.nixosVersion}"; + nixos-codeName = if (hasAttr "nixos" config.system) then + "${config.system.nixos.codeName}" else "${config.system.nixosCodeName}"; + nixos-version = "${nixos-version-id} (${nixos-codeName})"; nixos-pretty-name = "NixOS ${nixos-version}"; stockholm-version-id = let -- cgit v1.2.3 From 84adc28a3b70bd6a93c79d36f0247393d801b32b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 17:36:46 +0100 Subject: l privoxy: RIP polipo --- lass/2configs/privoxy.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/lass/2configs/privoxy.nix b/lass/2configs/privoxy.nix index 33e8d1e46..e0a086421 100644 --- a/lass/2configs/privoxy.nix +++ b/lass/2configs/privoxy.nix @@ -3,10 +3,5 @@ { services.privoxy = { enable = true; - extraConfig = '' - #use polipo - forward / localhost:8123 - ''; }; - services.polipo.enable = true; } -- cgit v1.2.3 From f859b7d7f8fe0c9968c961711ec7a6578a4d36a2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 20:51:52 +0100 Subject: nixpkgs: 2a32f6b -> 0e7c9b3 --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index e12175b66..f275460e1 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -24,7 +24,7 @@ in stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "2a32f6bc0ccfbe8f158a40b96d828fbba921fd54"; # nixos-18.03 # 2018-03-16 + ref = "0e7c9b32817e5cbe61212d47a6cf9bcd71789322"; # nixos-18.03 # 2018-03-18 }; } override -- cgit v1.2.3 From 9b3d1c8b31006d92590e4f8e78fd5662d8ed390b Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 23 Mar 2018 10:28:33 +0100 Subject: ma nginx/wiki: index to makefu.html --- makefu/2configs/nginx/euer.wiki.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix index 08bc5659f..99533b25c 100644 --- a/makefu/2configs/nginx/euer.wiki.nix +++ b/makefu/2configs/nginx/euer.wiki.nix @@ -17,6 +17,7 @@ let # contains: # user1 = pass1 # userN = passN + # afterwards put /var/www//user1.html as tiddlywiki tw-pass-file = "${sec}/tw-pass.ini"; in { @@ -45,7 +46,7 @@ in { systemd.services.prepare-tw = { wantedBy = [ "local-fs.target" ]; - before = [ "phpfpm.service" ]; + before = [ "phpfpm.service" "nginx.service" ]; serviceConfig = { ExecStart = pkgs.writeScript "prepare-tw-service" '' #!/bin/sh @@ -92,6 +93,7 @@ in { locations = { "/" = { root = wiki-dir; + index = "makefu.html"; extraConfig = '' expires -1; autoindex on; -- cgit v1.2.3 From b27dfa5a37b1345d36b57aa24b940287293418e0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 23 Mar 2018 20:53:23 +0100 Subject: 0e7c9b3 -> 48856a9 --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index f275460e1..0bd797a16 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -24,7 +24,7 @@ in stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "0e7c9b32817e5cbe61212d47a6cf9bcd71789322"; # nixos-18.03 # 2018-03-18 + ref = "48856a91c02b456c80c37c863d8610090b38707a"; # nixos-18.03 # 2018-03-24 }; } override -- cgit v1.2.3 From d810727b985bbdce57ae2de515111949c141c3bd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 24 Mar 2018 12:19:52 +0100 Subject: exim: krebs.setuid -> security.wrappers --- krebs/3modules/exim.nix | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix index cfcbbc438..274a943b1 100644 --- a/krebs/3modules/exim.nix +++ b/krebs/3modules/exim.nix @@ -50,15 +50,9 @@ in { ''; systemPackages = [ pkgs.exim ]; }; - krebs.setuid = { - exim = { - filename = "${pkgs.exim}/bin/exim"; - mode = "4111"; - }; - sendmail = { - filename = "${pkgs.exim}/bin/exim"; - mode = "4111"; - }; + security.wrappers = { + exim.source = "${pkgs.exim}/bin/exim"; + sendmail.source = "${pkgs.exim}/bin/exim"; }; systemd.services.exim = { restartTriggers = [ -- cgit v1.2.3 From 99cc82a53b9f51752b684c081d0aa6b49504516a Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 26 Mar 2018 11:12:38 +0200 Subject: ma source: new signal-desktop --- makefu/source.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/makefu/source.nix b/makefu/source.nix index 6b32a1b40..d25fe5528 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -21,9 +21,9 @@ let ]; }; # TODO: automate updating of this ref + cherry-picks - ref = "6b6e72b"; # nixos-17.09 @ 2018-03-07 + ref = "6583793"; # nixos-17.09 @ 2018-03-07 # + do_sqlite3 ruby: 55a952be5b5 - # + signal: 0f19beef3 + # + signal: 0f19beef3, 50ad913, 9449782, b7046ab2 in evalSource (toString _file) [ -- cgit v1.2.3 From 6a94383764130a9a28a990d4e1e4413b0bbf3d06 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 26 Mar 2018 13:00:23 +0200 Subject: tv xmonad: add passmenu --- tv/5pkgs/simple/xmonad-tv/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tv/5pkgs/simple/xmonad-tv/default.nix b/tv/5pkgs/simple/xmonad-tv/default.nix index 94c70153d..d474b7edd 100644 --- a/tv/5pkgs/simple/xmonad-tv/default.nix +++ b/tv/5pkgs/simple/xmonad-tv/default.nix @@ -133,6 +133,8 @@ myKeys conf = Map.fromList $ [ ((_4 , xK_Escape ), forkFile "/run/wrappers/bin/slock" [] Nothing) , ((_4S , xK_c ), kill) + , ((_4 , xK_p ), forkFile "${pkgs.pass}/bin/passmenu" ["--type"] Nothing) + , ((_4 , xK_x ), chooseAction spawnTermAt) , ((_4C , xK_x ), spawnRootTerm) -- cgit v1.2.3 From f76401ef002851cca81218de3d879b4829668ebe Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 27 Mar 2018 20:06:23 +0200 Subject: tv pkgs: init font-size --- tv/5pkgs/simple/font-size.nix | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 tv/5pkgs/simple/font-size.nix diff --git a/tv/5pkgs/simple/font-size.nix b/tv/5pkgs/simple/font-size.nix new file mode 100644 index 000000000..21097ed6a --- /dev/null +++ b/tv/5pkgs/simple/font-size.nix @@ -0,0 +1,26 @@ +{ writeDashBin }: +writeDashBin "font-size" '' + set -efu + + # set_font NORMAL_FONT BOLD_FONT + set_font() { + printf '\033]710;%s\007' "$1" + printf '\033]711;%s\007' "$2" + } + + case ''${1-} in + '''|0|--reset) + set_font \ + -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1 \ + -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1 \ + ;; + [1-9]|[1-9][0-9]|[1-9][0-9][0-9]) + set_font \ + xft:Monospace:size=$1 \ + xft:Monospace:size=$1:bold \ + ;; + *) + echo "$0: bad argument: $1" >&2 + exit 1 + esac +'' -- cgit v1.2.3 From bd70fe17cbe4f99b2c5027e7b23f96cf92317a61 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 27 Mar 2018 20:06:48 +0200 Subject: tv xserver: systemPackages += font-size --- tv/2configs/xserver/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 7ba78b974..6ef8a8768 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -11,6 +11,7 @@ in { environment.systemPackages = [ pkgs.ff + pkgs.font-size pkgs.gitAndTools.qgit pkgs.mpv pkgs.sxiv -- cgit v1.2.3 From 5f9622bbdae0a9a459fd6a70cc9a3147f382162b Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 27 Mar 2018 20:46:56 +0200 Subject: haskellPackages.nix-diff: RIP --- krebs/5pkgs/haskell/nix-diff/default.nix | 25 ----------- krebs/5pkgs/haskell/nix-diff/nixos-system.patch | 18 -------- krebs/5pkgs/simple/stockholm/default.nix | 60 ------------------------- tv/2configs/urlwatch.nix | 5 --- 4 files changed, 108 deletions(-) delete mode 100644 krebs/5pkgs/haskell/nix-diff/default.nix delete mode 100644 krebs/5pkgs/haskell/nix-diff/nixos-system.patch diff --git a/krebs/5pkgs/haskell/nix-diff/default.nix b/krebs/5pkgs/haskell/nix-diff/default.nix deleted file mode 100644 index df0315048..000000000 --- a/krebs/5pkgs/haskell/nix-diff/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ mkDerivation, attoparsec, base, containers, Diff, fetchgit, mtl -, nix-derivation, optparse-generic, stdenv, system-filepath, text -, unix, vector -}: -mkDerivation { - pname = "nix-diff"; - version = "1.0.0-krebs1"; - src = fetchgit { - url = "https://github.com/Gabriel439/nix-diff"; - sha256 = "1k00nx8pannqmpzadkwfrs6bf79yk22ynhd033z5rsyw0m8fcz9k"; - rev = "e32ffa2c7f38b47a71325a042c1d887fb46cdf7d"; - }; - patches = [ - ./nixos-system.patch - ]; - isLibrary = false; - isExecutable = true; - executableHaskellDepends = [ - attoparsec base containers Diff mtl nix-derivation optparse-generic - system-filepath text unix vector - ]; - homepage = "https://github.com/Gabriel439/nix-diff"; - description = "Explain why two Nix derivations differ"; - license = stdenv.lib.licenses.bsd3; -} diff --git a/krebs/5pkgs/haskell/nix-diff/nixos-system.patch b/krebs/5pkgs/haskell/nix-diff/nixos-system.patch deleted file mode 100644 index 03e186aa9..000000000 --- a/krebs/5pkgs/haskell/nix-diff/nixos-system.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff --git a/src/Main.hs b/src/Main.hs -index 959ab8e..d3b6077 100644 ---- a/src/Main.hs -+++ b/src/Main.hs -@@ -95,7 +95,12 @@ pathToText path = - underneath `/nix/store`, but this is the overwhelmingly common use case - -} - derivationName :: FilePath -> Text --derivationName = Data.Text.dropEnd 4 . Data.Text.drop 44 . pathToText -+derivationName p = -+ if Data.Text.isPrefixOf "nixos-system" s -+ then "nixos-system" -+ else s -+ where -+ s = Data.Text.dropEnd 4 . Data.Text.drop 44 . pathToText $ p - - -- | Group input derivations by their name - groupByName :: Map FilePath (Set Text) -> Map Text (Map FilePath (Set Text)) diff --git a/krebs/5pkgs/simple/stockholm/default.nix b/krebs/5pkgs/simple/stockholm/default.nix index 4d15e7ac2..9afe79510 100644 --- a/krebs/5pkgs/simple/stockholm/default.nix +++ b/krebs/5pkgs/simple/stockholm/default.nix @@ -9,7 +9,6 @@ # cmds.deploy = pkgs.withGetopt { - diff = { default = /* sh */ "false"; switch = true; }; force-populate = { default = /* sh */ "false"; switch = true; }; quiet = { default = /* sh */ "false"; switch = true; }; source_file = { @@ -25,65 +24,6 @@ . ${init.env} . ${init.proxy "deploy" opts} - if \test ${opts.diff.ref} = true; then - - system_profile=/nix/var/nix/profiles/system - system_drv_cur=/etc/system.drv - - system_drv_new=$( - ${pkgs.nix}/bin/nix-instantiate \ - -Q \ - -I "$target_path" \ - -E ' - (import { - modules = [ ]; - }).config.system.build.toplevel - ' - ) - - if \test -e "$system_drv_cur"; then - - system_drv_cur_c=$(${pkgs.coreutils}/bin/readlink -f "$system_drv_cur") - system_drv_new_c=$(${pkgs.coreutils}/bin/readlink -f "$system_drv_new") - - if \test "$system_drv_cur_c" = "$system_drv_new_c"; then - echo "$0: system up to date" >&2 - exit 0 - fi - - system_drv_cur=$system_drv_cur_c \ - system_drv_new=$system_drv_new_c \ - ${pkgs.utillinux}/bin/script \ - --command ' - ${pkgs.haskellPackages.nix-diff}/bin/nix-diff \ - "$system_drv_cur" "$system_drv_new" - ' \ - --quiet \ - --return \ - /dev/null - - printf 'deploy? [N/y] ' >&2 - read -r REPLY - if \test "$REPLY" != y; then - echo "$0: abort!" >&2 - exit 1 - fi - else - echo "$0: --${opts.diff.long} has no effect because "$system_drv_cur" doesn't exist" >&2 - fi - - new_system=$(${pkgs.nix}/bin/nix-store --realize "$system_drv_new") - - ${pkgs.nix}/bin/nix-env -p "$system_profile" --set "$new_system" - PATH=${lib.makeBinPath [ - pkgs.systemd - ]} \ - "$system_profile"/bin/switch-to-configuration switch - - ${pkgs.coreutils}/bin/ln -fns "$system_drv_new" "$system_drv_cur" - exit - fi - # Use system's nixos-rebuild, which is not self-contained export PATH=/run/current-system/sw/bin exec ${utils.with-whatsupnix} \ diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix index 509257c48..897def8c9 100644 --- a/tv/2configs/urlwatch.nix +++ b/tv/2configs/urlwatch.nix @@ -13,11 +13,6 @@ with import ; http://www.exim.org/ - { - url = https://api.github.com/repos/Gabriel439/nix-diff/git/refs/heads/master; - filter = "system:${pkgs.jq}/bin/jq -r .object.sha"; - } - # ref src/nixpkgs/pkgs/tools/admin/sec/default.nix { url = https://api.github.com/repos/simple-evcorr/sec/tags; -- cgit v1.2.3 From 2cc1d9a54eaf512a2fddb57990df3462931990a4 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 27 Mar 2018 21:32:14 +0200 Subject: writeC: use binutils-unwrapped --- krebs/5pkgs/writers.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/5pkgs/writers.nix b/krebs/5pkgs/writers.nix index a48fc0f87..23773e17f 100644 --- a/krebs/5pkgs/writers.nix +++ b/krebs/5pkgs/writers.nix @@ -57,7 +57,7 @@ with import ; passAsFile = [ "text" ]; } /* sh */ '' PATH=${makeBinPath (with pkgs; [ - binutils + binutils-unwrapped coreutils gcc ])} -- cgit v1.2.3 From 7e62c44607f193d3c9740f7c56df976b0db3c417 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Mar 2018 21:35:27 +0200 Subject: Revert "exim: krebs.setuid -> security.wrappers" This reverts commit d810727b985bbdce57ae2de515111949c141c3bd. --- krebs/3modules/exim.nix | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix index 274a943b1..cfcbbc438 100644 --- a/krebs/3modules/exim.nix +++ b/krebs/3modules/exim.nix @@ -50,9 +50,15 @@ in { ''; systemPackages = [ pkgs.exim ]; }; - security.wrappers = { - exim.source = "${pkgs.exim}/bin/exim"; - sendmail.source = "${pkgs.exim}/bin/exim"; + krebs.setuid = { + exim = { + filename = "${pkgs.exim}/bin/exim"; + mode = "4111"; + }; + sendmail = { + filename = "${pkgs.exim}/bin/exim"; + mode = "4111"; + }; }; systemd.services.exim = { restartTriggers = [ -- cgit v1.2.3 From d82c2f228b7179319cdea4d16a59fa553f249505 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 28 Mar 2018 11:06:40 +0200 Subject: ma gum.r: disable vpnws --- makefu/1systems/gum/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index b859efc94..40fa233d3 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -52,7 +52,7 @@ in { # network - + # -- cgit v1.2.3 From 650090bb3541e2b3ffd15af241481afb120e3522 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 28 Mar 2018 11:07:22 +0200 Subject: ma photostore: expire -1 --- makefu/2configs/deployment/photostore.krebsco.de.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/deployment/photostore.krebsco.de.nix b/makefu/2configs/deployment/photostore.krebsco.de.nix index ecbca9ea3..19a8df235 100644 --- a/makefu/2configs/deployment/photostore.krebsco.de.nix +++ b/makefu/2configs/deployment/photostore.krebsco.de.nix @@ -30,6 +30,7 @@ in { forceSSL = true; locations = { "/".extraConfig = '' + expires -1; uwsgi_pass unix://${wsgi-sock}; uwsgi_param UWSGI_CHDIR ${workdir}; uwsgi_param UWSGI_MODULE cuserver.main; -- cgit v1.2.3 From ba31c34013519b26883faf8321df11298b37085f Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 28 Mar 2018 11:07:35 +0200 Subject: ma arafetch: init --- makefu/2configs/stats/arafetch.nix | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 makefu/2configs/stats/arafetch.nix diff --git a/makefu/2configs/stats/arafetch.nix b/makefu/2configs/stats/arafetch.nix new file mode 100644 index 000000000..e04b12f9c --- /dev/null +++ b/makefu/2configs/stats/arafetch.nix @@ -0,0 +1,36 @@ +{ pkgs, lib, ...}: +with import ; +let + pkg = with pkgs.python3Packages;buildPythonPackage rec { + rev = "762d747"; + name = "europastats-${rev}"; + propagatedBuildInputs = [ + requests + docopt + influxdb + beautifulsoup4 + ]; + src = pkgs.fetchgit { + url = "http://cgit.euer.krebsco.de/arafetch"; + inherit rev; + sha256 = "164xiqbrr914lz0nh3i1dxz8iwg6vm2af3i3803cd3242nznw0ws"; + }; + }; + home = "/var/lib/arafetch"; +in { + users.users.arafetch = { + uid = genid "arafetch"; + inherit home; + createHome = true; + }; + + systemd.services.arafetch = { + startAt = "Mon 09:15:00"; + wantedBy = [ "multi-user.target" ]; + environment = { + OUTDIR = home; + }; + path = [ pkg pkgs.git pkgs.wget ]; + script = "${pkg}/bin/weekrun"; + }; +} -- cgit v1.2.3 From fc774f31fb0cdbc49f60d33d800e66ced3786b2c Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 28 Mar 2018 11:07:48 +0200 Subject: ma omo.r: enable arafetch --- makefu/1systems/omo/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index c31d27c8f..bed6ae9fd 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -66,6 +66,7 @@ in { + # services -- cgit v1.2.3 From 9c1e215dd500458d37832f234ecb33f455ed4c64 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Mar 2018 21:08:35 +0200 Subject: l xephyrify: handle resize --- lass/5pkgs/xephyrify/default.nix | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/lass/5pkgs/xephyrify/default.nix b/lass/5pkgs/xephyrify/default.nix index 8b18ea949..f1711891c 100644 --- a/lass/5pkgs/xephyrify/default.nix +++ b/lass/5pkgs/xephyrify/default.nix @@ -2,15 +2,18 @@ let - minimalXmonad = writeHaskell "minimalXmonad" { + xephyrify-xmonad = writeHaskell "xephyrify-xmonad" { executables.xmonad = { extra-depends = [ "containers" + "unix" "xmonad" ]; text = /* haskell */ '' module Main where import XMonad + import Data.Monoid + import System.Posix.Process (executeFile) import qualified Data.Map as Map main :: IO () @@ -21,8 +24,18 @@ let , keys = myKeys , normalBorderColor = "#000000" , focusedBorderColor = "#000000" + , handleEventHook = myEventHook } + myEventHook :: Event -> X All + + myEventHook (ConfigureEvent { ev_event_type = 22 }) = do + spawn "${xorg.xrandr}/bin/xrandr >/dev/null 2>&1" + return (All True) + + myEventHook _ = do + return (All True) + myLayoutHook = Full myKeys _ = Map.fromList [] ''; -- cgit v1.2.3 From 28e1b8d3a51e2405ecc60b04e321f1f7dba364ad Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Mar 2018 21:11:51 +0200 Subject: l xephyrify: change ownership of socket if wanted --- lass/5pkgs/xephyrify/default.nix | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/lass/5pkgs/xephyrify/default.nix b/lass/5pkgs/xephyrify/default.nix index f1711891c..8d6036843 100644 --- a/lass/5pkgs/xephyrify/default.nix +++ b/lass/5pkgs/xephyrify/default.nix @@ -43,13 +43,20 @@ let }; in writeDashBin "xephyrify" '' - NDISPLAY=:$(${coreutils}/bin/shuf -i 100-65536 -n 1) + NDISPLAY=''${NDISPLAY:-$(${coreutils}/bin/shuf -i 100-65536 -n 1)} echo "using DISPLAY $NDISPLAY" - ${xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable $NDISPLAY & + ${xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable -dpi 60 -nolisten local :$NDISPLAY & + if test -n $DROP_TO_USER; then + sleep 1 + ls /tmp/.X11-unix/ + id + ${coreutils}/bin/chgrp "$DROP_TO_USER" "/tmp/.X11-unix/X$NDISPLAY" + ${coreutils}/bin/chmod 770 "/tmp/.X11-unix/X$NDISPLAY" + fi XEPHYR_PID=$! - DISPLAY=$NDISPLAY ${minimalXmonad}/bin/xmonad & + DISPLAY=:$NDISPLAY ${xephyrify-xmonad}/bin/xmonad & XMONAD_PID=$! - DISPLAY=$NDISPLAY ${virtualgl}/bin/vglrun "$@" + DISPLAY=:$NDISPLAY ${virtualgl}/bin/vglrun "$@" kill $XMONAD_PID kill $XEPHYR_PID '' -- cgit v1.2.3 From 92540f5cf1628cfaceee6c19f08b3c13b05cf6b4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Mar 2018 21:12:53 +0200 Subject: l xjails: init --- lass/3modules/default.nix | 1 + lass/3modules/xjail.nix | 87 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 88 insertions(+) create mode 100644 lass/3modules/xjail.nix diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index fd77b2262..0c10e1ec2 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -11,6 +11,7 @@ _: ./screenlock.nix ./umts.nix ./usershadow.nix + ./xjail.nix ./xserver ]; } diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix new file mode 100644 index 000000000..af851760b --- /dev/null +++ b/lass/3modules/xjail.nix @@ -0,0 +1,87 @@ +{ config, pkgs, ... }: + +with import ; +{ + options.lass.xjail = mkOption { + type = types.attrsOf (types.submodule ({ config, ...}: { + options = { + user = mkOption { + type = types.string; + default = "nobody"; + }; + groups = mkOption { + type = types.listOf types.str; + default = []; + }; + name = mkOption { + type = types.string; + default = config._module.args.name; + }; + display = mkOption { + type = types.string; + default = toString (genid_signed config._module.args.name); + }; + script = mkOption { + type = types.path; + default = pkgs.writeScript "echo_lol" "echo lol"; + }; + from = mkOption { + type = types.string; + default = "lass"; + }; + }; + })); + default = {}; + }; + + options.lass.xjail-bins = mkOption { + type = types.attrsOf types.path; + }; + + # implementation + config = { + + users.users = mapAttrs' (_: cfg: + nameValuePair cfg.name { + uid = genid cfg.name; + home = "/home/${cfg.name}"; + useDefaultShell = true; + createHome = true; + extraGroups = cfg.groups; + } + ) config.lass.xjail; + + users.groups = mapAttrs' (_: cfg: + nameValuePair cfg.name { + members = [ + cfg.name + cfg.from + ]; + } + ) config.lass.xjail; + + security.sudo.extraConfig = (concatStringsSep "\n" (mapAttrsToList (_: cfg: + # TODO allow just the right script with sudo + "${cfg.from} ALL=(${cfg.name}) NOPASSWD: ALL" + ) config.lass.xjail)); + + lass.xjail-bins = mapAttrs' (name: cfg: + let + sudo-wrapper = pkgs.writeScript name '' + /var/run/wrappers/bin/sudo -u ${cfg.name} -i ${cfg.script} "$@" + ''; + in nameValuePair name (pkgs.writeScriptBin cfg.name '' + export NDISPLAY=${cfg.display} + DISPLAY=:$NDISPLAY ${pkgs.xorg.xrandr}/bin/xrandr + if test $? -eq 0; then + echo xephyr already running + export DISPLAY=:$NDISPLAY + ${sudo-wrapper} "$@" + else + echo xephyr not running + DROP_TO_USER=${cfg.name} ${pkgs.xephyrify}/bin/xephyrify ${sudo-wrapper} "$@" + fi + '') + ) config.lass.xjail; + }; +} -- cgit v1.2.3 From 30068c17c9c8dc807feab2856b40012c3fffcce4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Mar 2018 21:13:57 +0200 Subject: l browsers: use xjails --- lass/2configs/browsers.nix | 77 ++++++++++++++++++++++------------------------ 1 file changed, 37 insertions(+), 40 deletions(-) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index cbbd54b6b..153c386cf 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -21,58 +21,55 @@ let $BIN "$@" ''; - createChromiumUser = name: extraGroups: precedence: - let - bin = pkgs.writeScriptBin name '' - /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@ - ''; - in { - users.extraUsers.${name} = { - inherit name; - inherit extraGroups; - home = "/home/${name}"; - uid = genid name; - useDefaultShell = true; - createHome = true; + createChromiumUser = name: groups: precedence: + { + lass.xjail.${name} = { + user = name; + script = pkgs.writeDash name '' + ${pkgs.chromium}/bin/chromium "$@" + ''; + inherit groups; + }; + environment.systemPackages = [ config.lass.xjail-bins.${name} ]; + lass.browser.paths.${name} = { + path = config.lass.xjail-bins.${name}; + inherit precedence; + }; + }; + + createFirefoxUser = name: groups: precedence: + { + lass.xjail.${name} = { + user = name; + script = pkgs.writeDash name '' + ${pkgs.firefox-devedition-bin}/bin/firefox-devedition "$@" + ''; + inherit groups; }; + environment.systemPackages = [ config.lass.xjail-bins.${name} ]; lass.browser.paths.${name} = { - path = bin; + path = config.lass.xjail-bins.${name}; inherit precedence; }; - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(${name}) NOPASSWD: ALL - ''; - environment.systemPackages = [ - bin - ]; }; - createFirefoxUser = name: extraGroups: precedence: - let - bin = pkgs.writeScriptBin name '' - /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox-devedition-bin}/bin/firefox-devedition $@ - ''; - in { - users.extraUsers.${name} = { - inherit name; - inherit extraGroups; - home = "/home/${name}"; - uid = genid name; - useDefaultShell = true; - createHome = true; + createQuteUser = name: groups: precedence: + { + lass.xjail.${name} = { + user = name; + script = pkgs.writeDash name '' + ${pkgs.qutebrowser}/bin/qutebrowser "$@" + ''; + inherit groups; }; + environment.systemPackages = [ config.lass.xjail-bins.${name} ]; lass.browser.paths.${name} = { - path = bin; + path = config.lass.xjail-bins.${name}; inherit precedence; }; - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(${name}) NOPASSWD: ALL - ''; - environment.systemPackages = [ - bin - ]; }; + #TODO: abstract this in { -- cgit v1.2.3 From e7b4686c7ac46e08a526e5d74eb6cd45af23b1da Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Mar 2018 21:15:20 +0200 Subject: l browsers: remove video group from most users --- lass/2configs/browsers.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 153c386cf..351f15154 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -108,11 +108,11 @@ in { }; } ( createFirefoxUser "ff" [ "audio" ] 10 ) - ( createChromiumUser "cr" [ "video" "audio" ] 9 ) + ( createChromiumUser "cr" [ "audio" ] 9 ) ( createChromiumUser "gm" [ "video" "audio" ] 8 ) - ( createChromiumUser "wk" [ "video" "audio" ] 0 ) - ( createChromiumUser "fb" [ "video" "audio" ] 0 ) - ( createChromiumUser "com" [ "video" "audio" ] 0 ) + ( createChromiumUser "wk" [ "audio" ] 0 ) + ( createChromiumUser "fb" [ "audio" ] 0 ) + ( createChromiumUser "com" [ "audio" ] 0 ) ( createChromiumUser "fin" [] (-1) ) ]; } -- cgit v1.2.3 From 1b050f22d44711c4f296c6bba371528d0cf44cf9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Mar 2018 21:15:42 +0200 Subject: l browsers: add qb --- lass/2configs/browsers.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 351f15154..75a86db6a 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -107,6 +107,7 @@ in { })); }; } + ( createQuteUser "qb" [ "audio" ] 20 ) ( createFirefoxUser "ff" [ "audio" ] 10 ) ( createChromiumUser "cr" [ "audio" ] 9 ) ( createChromiumUser "gm" [ "video" "audio" ] 8 ) -- cgit v1.2.3 From 22f33b8e99cf9ffe575905370df736ddc3517338 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Mar 2018 21:16:03 +0200 Subject: reaktor-plugins sed: limit output --- krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py b/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py index da8e2f726..51ac7a071 100644 --- a/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py +++ b/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py @@ -18,20 +18,27 @@ def is_regex(line): myre = re.compile(r'^s/(?:\\/|[^/])+/(?:\\/|[^/])*/[ig]?$') return myre.match(line) + line = argv[1] if is_regex(line): last = d.get(usr, None) if last: from subprocess import Popen, PIPE - p = Popen(['sed', line], stdin=PIPE, stdout=PIPE) + p = Popen(['sed', line], stdin=PIPE, stdout=PIPE, stderr=PIPE) so, se = p.communicate(bytes("{}\n".format(last), "UTF-8")) if p.returncode: - print("something went wrong when trying to process your regex: {}".format(se.decode())) + print("something went wrong when trying to process your regex: {}".format(line.strip())) ret = so.decode() - print("\x1b[1m{}\x1b[0m meant: {}".format(usr, ret.strip())) - if ret: - d[usr] = ret + if len(ret) > 512: + print('message to long, skipped') + elif len(ret.split('\n')) > 5: + print('to many lines, skipped') + else: + if last.strip() != ret.strip(): + print("\x1b[1m{}\x1b[0m meant: {}".format(usr, ret.strip())) + if ret: + d[usr] = ret else: print("no last message") -- cgit v1.2.3 From 10bcf2db927692818a948c755fdfbf961a2ac3d7 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 29 Mar 2018 11:15:13 +0200 Subject: buildbot: bump to 0.8.15 --- krebs/5pkgs/simple/buildbot-classic/default.nix | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/krebs/5pkgs/simple/buildbot-classic/default.nix b/krebs/5pkgs/simple/buildbot-classic/default.nix index 9eeccee64..77ba0342d 100644 --- a/krebs/5pkgs/simple/buildbot-classic/default.nix +++ b/krebs/5pkgs/simple/buildbot-classic/default.nix @@ -2,16 +2,15 @@ python2Packages.buildPythonApplication rec { name = "buildbot-classic-${version}"; - version = "0.8.14"; + version = "0.8.15"; namePrefix = ""; patches = []; src = fetchFromGitHub { owner = "krebscode"; repo = "buildbot-classic"; - # rev = "v${version}"; - rev = "843463911"; - sha256 = "1ybl52ybjw5p09yik6bck9i1pvnvg94i0d32zqrwy67s77yx1mfd"; + rev = version; + sha256 = "0hmmpqxs1i3nvwj9681yi0q3qz0xdcbbm0774lkn1ic5fg3c68fm"; }; postUnpack = "sourceRoot=\${sourceRoot}/master"; -- cgit v1.2.3 From 1710530cae5189cdc779212084ea3091fefc275b Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 29 Mar 2018 14:10:23 +0200 Subject: writers writeC: 17.09 workaround --- krebs/5pkgs/writers.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/krebs/5pkgs/writers.nix b/krebs/5pkgs/writers.nix index 23773e17f..1939bf854 100644 --- a/krebs/5pkgs/writers.nix +++ b/krebs/5pkgs/writers.nix @@ -57,7 +57,8 @@ with import ; passAsFile = [ "text" ]; } /* sh */ '' PATH=${makeBinPath (with pkgs; [ - binutils-unwrapped + # TODO remove if everyone migrated to 18.03 + (if hasAttr "binutils-unwrapped" pkgs then binutils-unwrapped else binutils) coreutils gcc ])} -- cgit v1.2.3 From 23e797744017d984d67ba66d879e35913bbac4d7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 29 Mar 2018 16:39:08 +0200 Subject: l mail: track neomutt name change --- lass/2configs/mail.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index b9682c5ee..81db59617 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -75,7 +75,7 @@ let muttrc = pkgs.writeText "muttrc" '' # gpg - source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc + source ${pkgs.neomutt}/share/doc/neomutt/samples/gpg.rc set pgp_use_gpg_agent = yes set pgp_sign_as = 0xDC2A43EF4F11E854B44D599A89E82952976A7E4D set crypt_autosign = yes @@ -195,7 +195,7 @@ let name = "mutt"; paths = [ (pkgs.writeDashBin "mutt" '' - exec ${pkgs.neomutt}/bin/mutt -F ${muttrc} $@ + exec ${pkgs.neomutt}/bin/neomutt -F ${muttrc} $@ '') pkgs.neomutt ]; -- cgit v1.2.3 From e4d0f7d81f5ff80eef4da50d15d5fdc0d824acf1 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 29 Mar 2018 18:55:15 +0200 Subject: ma torrent-secrets: enable for drop and fileleech --- makefu/1systems/drop/source.nix | 1 + makefu/1systems/fileleech/source.nix | 3 ++- makefu/6tests/data/secrets/torrent-secrets/auth.nix | 1 - 3 files changed, 3 insertions(+), 2 deletions(-) delete mode 100644 makefu/6tests/data/secrets/torrent-secrets/auth.nix diff --git a/makefu/1systems/drop/source.nix b/makefu/1systems/drop/source.nix index 74de846c0..45bd6f97e 100644 --- a/makefu/1systems/drop/source.nix +++ b/makefu/1systems/drop/source.nix @@ -1,3 +1,4 @@ import { name="drop"; + torrent = true; } diff --git a/makefu/1systems/fileleech/source.nix b/makefu/1systems/fileleech/source.nix index 699267e21..caca1fbcb 100644 --- a/makefu/1systems/fileleech/source.nix +++ b/makefu/1systems/fileleech/source.nix @@ -1,3 +1,4 @@ import { - name="fileleech"; + name = "fileleech"; + torrent = true; } diff --git a/makefu/6tests/data/secrets/torrent-secrets/auth.nix b/makefu/6tests/data/secrets/torrent-secrets/auth.nix deleted file mode 100644 index 0967ef424..000000000 --- a/makefu/6tests/data/secrets/torrent-secrets/auth.nix +++ /dev/null @@ -1 +0,0 @@ -{} -- cgit v1.2.3 From a64238e7660ab92c7dcdf33d13ee4222bfe5eadf Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 29 Mar 2018 19:08:44 +0200 Subject: buildbot: 0.8.15 -> 0.8.16 --- krebs/5pkgs/simple/buildbot-classic/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/simple/buildbot-classic/default.nix b/krebs/5pkgs/simple/buildbot-classic/default.nix index 77ba0342d..3cb691f53 100644 --- a/krebs/5pkgs/simple/buildbot-classic/default.nix +++ b/krebs/5pkgs/simple/buildbot-classic/default.nix @@ -2,7 +2,7 @@ python2Packages.buildPythonApplication rec { name = "buildbot-classic-${version}"; - version = "0.8.15"; + version = "0.8.16"; namePrefix = ""; patches = []; @@ -10,7 +10,7 @@ python2Packages.buildPythonApplication rec { owner = "krebscode"; repo = "buildbot-classic"; rev = version; - sha256 = "0hmmpqxs1i3nvwj9681yi0q3qz0xdcbbm0774lkn1ic5fg3c68fm"; + sha256 = "0g686n6m0cjfyympl0ksansllx503gby3hx9gmc8hiyx6x5fkjha"; }; postUnpack = "sourceRoot=\${sourceRoot}/master"; -- cgit v1.2.3 From a75858a8ced30f9ed46e282e75a3cdccd515abd7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Apr 2018 14:11:14 +0200 Subject: nixpkgs: 48856a9 -> b6ddb99 --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index 0bd797a16..e5fb6c5e1 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -24,7 +24,7 @@ in stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "48856a91c02b456c80c37c863d8610090b38707a"; # nixos-18.03 # 2018-03-24 + ref = "b6ddb9913f2b8206837e0f137db907bdefb9275e"; # nixos-18.03 # 2018-03-24 }; } override -- cgit v1.2.3 From 0f47b98e81755494df19325e91974f8d9d2c8617 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Apr 2018 16:17:45 +0200 Subject: l xjail: add working GPU acceleration --- lass/3modules/xjail.nix | 121 +++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 99 insertions(+), 22 deletions(-) diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix index af851760b..325ebcc99 100644 --- a/lass/3modules/xjail.nix +++ b/lass/3modules/xjail.nix @@ -1,33 +1,88 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: with import ; { options.lass.xjail = mkOption { type = types.attrsOf (types.submodule ({ config, ...}: { options = { + name = mkOption { + type = types.string; + default = config._module.args.name; + }; user = mkOption { type = types.string; - default = "nobody"; + default = config.name; }; groups = mkOption { type = types.listOf types.str; default = []; }; - name = mkOption { + from = mkOption { type = types.string; - default = config._module.args.name; + default = "lass"; }; display = mkOption { type = types.string; default = toString (genid_signed config._module.args.name); }; + dpi = mkOption { + type = types.int; + default = 90; + }; + extraXephyrArgs = mkOption { + type = types.str; + default = ""; + }; + extraVglrunArgs = mkOption { + type = types.str; + default = ""; + }; script = mkOption { type = types.path; default = pkgs.writeScript "echo_lol" "echo lol"; }; - from = mkOption { + wm = mkOption { + #TODO find type type = types.string; - default = "lass"; + default = "${pkgs.writeHaskell "xephyrify-xmonad" { + executables.xmonad = { + extra-depends = [ + "containers" + "unix" + "xmonad" + ]; + text = /* haskell */ '' + module Main where + import XMonad + import Data.Monoid + import System.Posix.Process (executeFile) + import qualified Data.Map as Map + + main :: IO () + main = do + xmonad def + { workspaces = [ "1" ] + , layoutHook = myLayoutHook + , keys = myKeys + , normalBorderColor = "#000000" + , focusedBorderColor = "#000000" + , handleEventHook = myEventHook + } + + myEventHook :: Event -> X All + + myEventHook (ConfigureEvent { ev_event_type = 22 }) = do + spawn "${pkgs.xorg.xrandr}/bin/xrandr >/dev/null 2>&1" + return (All True) + + myEventHook _ = do + return (All True) + + myLayoutHook = Full + myKeys _ = Map.fromList [] + ''; + }; + }}/bin/xmonad"; }; }; })); @@ -39,7 +94,42 @@ with import ; }; # implementation - config = { + config = let + scripts = mapAttrs' (name: cfg: + let + newOrExisting = pkgs.writeDash "${cfg.name}-existing" '' + DISPLAY=:${cfg.display} ${pkgs.xorg.xrandr}/bin/xrandr + if test $? -eq 0; then + echo using existing xephyr + ${sudo_} "$@" + else + echo starting new xephyr + ${xephyr_} "$@" + fi + ''; + xephyr_ = pkgs.writeDash "${cfg.name}-xephyr" '' + ${pkgs.xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable -nolisten local -dpi ${toString cfg.dpi} ${cfg.extraXephyrArgs} :${cfg.display} & + XEPHYR_PID=$! + DISPLAY=:${cfg.display} ${cfg.wm} & + WM_PID=$! + ${sudo_} "$@" + ${pkgs.coreutils}/bin/kill $WM_PID + ${pkgs.coreutils}/bin/kill $XEPHYR_PID + ''; + sudo_ = pkgs.writeDash "${cfg.name}-sudo" '' + /var/run/wrappers/bin/sudo -u ${cfg.name} -i ${vglrun_} "$@" + ''; + vglrun_ = pkgs.writeDash "${cfg.name}-vglrun" '' + DISPLAY=:${cfg.display} ${pkgs.virtualgl}/bin/vglrun ${cfg.extraVglrunArgs} ${cfg.script} "$@" + ''; + in nameValuePair name { + existing = newOrExisting; + xephyr = xephyr_; + sudo = sudo_; + vglrun = vglrun_; + } + ) config.lass.xjail; + in { users.users = mapAttrs' (_: cfg: nameValuePair cfg.name { @@ -66,21 +156,8 @@ with import ; ) config.lass.xjail)); lass.xjail-bins = mapAttrs' (name: cfg: - let - sudo-wrapper = pkgs.writeScript name '' - /var/run/wrappers/bin/sudo -u ${cfg.name} -i ${cfg.script} "$@" - ''; - in nameValuePair name (pkgs.writeScriptBin cfg.name '' - export NDISPLAY=${cfg.display} - DISPLAY=:$NDISPLAY ${pkgs.xorg.xrandr}/bin/xrandr - if test $? -eq 0; then - echo xephyr already running - export DISPLAY=:$NDISPLAY - ${sudo-wrapper} "$@" - else - echo xephyr not running - DROP_TO_USER=${cfg.name} ${pkgs.xephyrify}/bin/xephyrify ${sudo-wrapper} "$@" - fi + nameValuePair name (pkgs.writeScriptBin cfg.name '' + ${scripts.${name}.existing} "$@" '') ) config.lass.xjail; }; -- cgit v1.2.3 From 1a5b58c828409ce9bf1639f3f26ebeb142e0148a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Apr 2018 16:19:28 +0200 Subject: l browsers: use new xjail interface --- lass/2configs/browsers.nix | 50 ++++++++++++---------------------------------- 1 file changed, 13 insertions(+), 37 deletions(-) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 75a86db6a..91ee08bfd 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -21,14 +21,10 @@ let $BIN "$@" ''; - createChromiumUser = name: groups: precedence: + createUser = script: name: groups: precedence: dpi: { lass.xjail.${name} = { - user = name; - script = pkgs.writeDash name '' - ${pkgs.chromium}/bin/chromium "$@" - ''; - inherit groups; + inherit script groups dpi; }; environment.systemPackages = [ config.lass.xjail-bins.${name} ]; lass.browser.paths.${name} = { @@ -37,40 +33,20 @@ let }; }; + createChromiumUser = name: groups: precedence: + createUser (pkgs.writeDash name '' + ${pkgs.chromium}/bin/chromium "$@" + '') name groups precedence 80; + createFirefoxUser = name: groups: precedence: - { - lass.xjail.${name} = { - user = name; - script = pkgs.writeDash name '' - ${pkgs.firefox-devedition-bin}/bin/firefox-devedition "$@" - ''; - inherit groups; - }; - environment.systemPackages = [ config.lass.xjail-bins.${name} ]; - lass.browser.paths.${name} = { - path = config.lass.xjail-bins.${name}; - inherit precedence; - }; - }; + createUser (pkgs.writeDash name '' + ${pkgs.firefox-devedition-bin}/bin/firefox-devedition "$@" + '') name groups precedence 80; createQuteUser = name: groups: precedence: - { - lass.xjail.${name} = { - user = name; - script = pkgs.writeDash name '' - ${pkgs.qutebrowser}/bin/qutebrowser "$@" - ''; - inherit groups; - }; - environment.systemPackages = [ config.lass.xjail-bins.${name} ]; - lass.browser.paths.${name} = { - path = config.lass.xjail-bins.${name}; - inherit precedence; - }; - }; - - - #TODO: abstract this + createUser (pkgs.writeDash name '' + ${pkgs.qutebrowser}/bin/qutebrowser "$@" + '') name groups precedence 60; in { -- cgit v1.2.3 From 8d3db0fcb75f65d6074e8c60e05bd4cfda32e1e9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 2 Apr 2018 23:06:03 +0200 Subject: nixpkgs: b6ddb99 -> 09bca91 --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index e5fb6c5e1..1f83d29f7 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -24,7 +24,7 @@ in stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "b6ddb9913f2b8206837e0f137db907bdefb9275e"; # nixos-18.03 # 2018-03-24 + ref = "09bca91e3b5a18d7f37f7632175ac71f2bf369ff"; # nixos-18.03 # 2018-04-02 }; } override -- cgit v1.2.3 From 1604ecfc706d2921248d0c9ac7cef02274842272 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 3 Apr 2018 12:02:31 +0200 Subject: l virtualbox: enable usb passthrough --- lass/2configs/virtualbox.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/virtualbox.nix b/lass/2configs/virtualbox.nix index f7d196057..8171def2d 100644 --- a/lass/2configs/virtualbox.nix +++ b/lass/2configs/virtualbox.nix @@ -6,6 +6,8 @@ let in { #services.virtualboxHost.enable = true; virtualisation.virtualbox.host.enable = true; + nixpkgs.config.virtualbox.enableExtensionPack = true; + virtualisation.virtualbox.host.enableHardening = false; users.extraUsers = { virtual = { -- cgit v1.2.3 From 3108c4323806eee9798a6ba42977ea8f16343731 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 3 Apr 2018 21:57:51 +0200 Subject: ejabberd: init at 17.07 --- krebs/5pkgs/simple/ejabberd/default.nix | 118 ++++++++++++++++++++++++++++++++ 1 file changed, 118 insertions(+) create mode 100644 krebs/5pkgs/simple/ejabberd/default.nix diff --git a/krebs/5pkgs/simple/ejabberd/default.nix b/krebs/5pkgs/simple/ejabberd/default.nix new file mode 100644 index 000000000..2799241fa --- /dev/null +++ b/krebs/5pkgs/simple/ejabberd/default.nix @@ -0,0 +1,118 @@ +{ stdenv, writeScriptBin, lib, fetchurl, git, cacert +, erlang, openssl, expat, libyaml, bash, gnused, gnugrep, coreutils, utillinux, procps +, withMysql ? false +, withPgsql ? false +, withSqlite ? false, sqlite +, withPam ? false, pam +, withZlib ? true, zlib +, withRiak ? false +, withElixir ? false, elixir +, withIconv ? true +, withTools ? false +, withRedis ? false +}: + +let + fakegit = writeScriptBin "git" '' + #! ${stdenv.shell} -e + if [ "$1" = "describe" ]; then + [ -r .rev ] && cat .rev || true + fi + ''; + + ctlpath = lib.makeBinPath [ bash gnused gnugrep coreutils utillinux procps ]; + +in stdenv.mkDerivation rec { + version = "17.07"; + name = "ejabberd-${version}"; + + src = fetchurl { + url = "http://www.process-one.net/downloads/ejabberd/${version}/${name}.tgz"; + sha256 = "1p8ppp2czjgnq8xnhyksd82npvvx99fwr0g3rrq1wvnwh2vgb8km"; + }; + + nativeBuildInputs = [ fakegit ]; + + buildInputs = [ erlang openssl expat libyaml ] + ++ lib.optional withSqlite sqlite + ++ lib.optional withPam pam + ++ lib.optional withZlib zlib + ++ lib.optional withElixir elixir + ; + + # Apparently needed for Elixir + LANG = "en_US.UTF-8"; + + deps = stdenv.mkDerivation { + name = "ejabberd-deps-${version}"; + + inherit src; + + configureFlags = [ "--enable-all" "--with-sqlite3=${sqlite.dev}" ]; + + buildInputs = [ git erlang openssl expat libyaml sqlite pam zlib elixir ]; + + GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt"; + + makeFlags = [ "deps" ]; + + phases = [ "unpackPhase" "configurePhase" "buildPhase" "installPhase" ]; + + installPhase = '' + for i in deps/*; do + ( cd $i + git reset --hard + git clean -ffdx + git describe --always --tags > .rev + rm -rf .git + ) + done + rm deps/.got + + cp -r deps $out + ''; + + outputHashMode = "recursive"; + outputHashAlgo = "sha256"; + outputHash = "1q9yzccn4zf5i4hibq1r0i34q4986a93ph4792l1ph07aiisc8p7"; + }; + + configureFlags = + [ (lib.enableFeature withMysql "mysql") + (lib.enableFeature withPgsql "pgsql") + (lib.enableFeature withSqlite "sqlite") + (lib.enableFeature withPam "pam") + (lib.enableFeature withZlib "zlib") + (lib.enableFeature withRiak "riak") + (lib.enableFeature withElixir "elixir") + (lib.enableFeature withIconv "iconv") + (lib.enableFeature withTools "tools") + (lib.enableFeature withRedis "redis") + ] ++ lib.optional withSqlite "--with-sqlite3=${sqlite.dev}"; + + enableParallelBuilding = true; + + preBuild = '' + cp -r $deps deps + chmod -R +w deps + patchShebangs deps + ''; + + postInstall = '' + sed -i \ + -e '2iexport PATH=${ctlpath}:$PATH' \ + -e 's,\(^ *FLOCK=\).*,\1${utillinux}/bin/flock,' \ + -e 's,\(^ *JOT=\).*,\1,' \ + -e 's,\(^ *CONNLOCKDIR=\).*,\1/var/lock/ejabberdctl,' \ + $out/sbin/ejabberdctl + ''; + + meta = { + description = "Open-source XMPP application server written in Erlang"; + license = lib.licenses.gpl2; + homepage = http://www.ejabberd.im; + platforms = lib.platforms.linux; + maintainers = [ lib.maintainers.sander lib.maintainers.abbradar ]; + broken = withElixir; + }; +} -- cgit v1.2.3 From c89016b00630495698cd23177c6fe26ed989cbe4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Apr 2018 16:36:12 +0200 Subject: go: fix build on 18.03 --- krebs/5pkgs/simple/go-shortener/default.nix | 35 +++++------ krebs/5pkgs/simple/go-shortener/node-packages.nix | 76 +++++++++++++++++++++++ krebs/5pkgs/simple/go-shortener/packages.nix | 44 ------------- krebs/5pkgs/simple/go-shortener/pkgs.json | 4 ++ krebs/5pkgs/simple/go-shortener/update.sh | 2 + 5 files changed, 99 insertions(+), 62 deletions(-) create mode 100644 krebs/5pkgs/simple/go-shortener/node-packages.nix delete mode 100644 krebs/5pkgs/simple/go-shortener/packages.nix create mode 100644 krebs/5pkgs/simple/go-shortener/pkgs.json create mode 100755 krebs/5pkgs/simple/go-shortener/update.sh diff --git a/krebs/5pkgs/simple/go-shortener/default.nix b/krebs/5pkgs/simple/go-shortener/default.nix index 996f7072a..4d1bef2be 100644 --- a/krebs/5pkgs/simple/go-shortener/default.nix +++ b/krebs/5pkgs/simple/go-shortener/default.nix @@ -1,25 +1,26 @@ -{ stdenv, makeWrapper, callPackage, lib, buildEnv, fetchgit, nodePackages, nodejs }: +{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodejs-8_x, pkgs }: with lib; let - np = (callPackage ) { - generated = ./packages.nix; - self = np; + nodeEnv = import { + inherit (pkgs) stdenv python2 utillinux runCommand writeTextFile; + nodejs = nodejs-8_x; + libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null; }; - node_env = buildEnv { - name = "node_env"; - paths = [ - np.redis - np."formidable" - ]; - pathsToLink = [ "/lib" ]; - ignoreCollisions = true; + node_env = pkgs.buildEnv { + name = "go-node_env"; + paths = attrValues (import ./node-packages.nix { + inherit (pkgs) fetchurl fetchgit; + inherit nodeEnv; + }); }; -in np.buildNodePackage { +in stdenv.mkDerivation { + packageName = "go"; name = "go-shortener"; + version = "0.0.0"; src = fetchgit { url = "http://cgit.lassul.us/go/"; @@ -32,10 +33,8 @@ in np.buildNodePackage { "installPhase" ]; - deps = (filter (v: nixType v == "derivation") (attrValues np)); - buildInputs = [ - nodejs + nodejs-8_x makeWrapper ]; @@ -44,14 +43,14 @@ in np.buildNodePackage { cp index.js $out/ cat > $out/go << EOF -