From 3be5ccd67f28feefb75f8339ae46b42cdbe06fa7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 14 Mar 2017 11:17:10 +0100 Subject: k 3 fetchWallpaper: don't use user services --- krebs/3modules/fetchWallpaper.nix | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index e226a9060..e00c0ec9b 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -21,10 +21,9 @@ let OnCalendar = "*:00,10,20,30,40,50"; }; }; - # TODO find a better default stateDir stateDir = mkOption { type = types.str; - default = "$HOME/wallpaper"; + default = "/var/lib/wallpaper"; }; display = mkOption { type = types.str; @@ -52,27 +51,35 @@ let mkdir -p ${cfg.stateDir} cd ${cfg.stateDir} (curl --max-time ${toString cfg.maxTime} -s -o wallpaper.tmp -z wallpaper ${shell.escape cfg.url} && mv wallpaper.tmp wallpaper) || : - feh --no-fehbg --bg-scale wallpaper + feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper ''; imp = { - systemd.user.timers.fetchWallpaper = { + users.users.fetchWallpaper = { + name = "fetchWallpaper"; + uid = genid "fetchWallpaper"; + description = "fetchWallpaper user"; + home = cfg.stateDir; + createHome = true; + }; + + systemd.timers.fetchWallpaper = { description = "fetch wallpaper timer"; wantedBy = [ "timers.target" ]; timerConfig = cfg.timerConfig; }; - systemd.user.services.fetchWallpaper = { + systemd.services.fetchWallpaper = { description = "fetch wallpaper"; - wantedBy = [ "default.target" ]; + after = [ "network.target" ]; path = with pkgs; [ curl feh - coreutils ]; environment = { + URL = cfg.url; DISPLAY = cfg.display; }; restartIfChanged = true; @@ -80,6 +87,7 @@ let serviceConfig = { Type = "simple"; ExecStart = fetchWallpaperScript; + User = "fetchWallpaper"; }; unitConfig = cfg.unitConfig; -- cgit v1.2.3 From 7a293af6dbacf863627870ecf62d8b1f15933ad2 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 14 Mar 2017 19:19:28 +0100 Subject: ni,xu: define canonical name first for krebs.backup --- krebs/3modules/tv/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index d44c322aa..3f00f30c2 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -224,8 +224,8 @@ with import ; internet = { ip4.addr = "188.68.36.196"; aliases = [ - "cgit.ni.i" "ni.i" + "cgit.ni.i" ]; ssh.port = 11423; }; @@ -360,8 +360,8 @@ with import ; gg23 = { ip4.addr = "10.23.1.38"; aliases = [ - "cache.xu.gg23" "xu.gg23" + "cache.xu.gg23" ]; ssh.port = 11423; }; -- cgit v1.2.3 From df2ee4e726a784548faf8a9957bd0444c5cd0f71 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 14 Mar 2017 20:57:21 +0100 Subject: * iptables: fix ordering refs nixpkgs fb46df8a9a4102e265f4b14af48a5df90d5b06c3 --- krebs/3modules/iptables.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix index 09b493c20..d64ed86de 100644 --- a/krebs/3modules/iptables.nix +++ b/krebs/3modules/iptables.nix @@ -68,8 +68,8 @@ let networking.firewall.enable = false; systemd.services.krebs-iptables = { - description = "krebs-iptables"; - wantedBy = [ "network-pre.target" ]; + wantedBy = [ "sysinit.target" ]; + wants = [ "network-pre.target" ]; before = [ "network-pre.target" ]; after = [ "systemd-modules-load.service" ]; @@ -85,6 +85,8 @@ let Restart = "always"; ExecStart = startScript; }; + + unitConfig.DefaultDependencies = false; }; }; -- cgit v1.2.3 From 9a1da1342b098d8f30379800dd40a22590c56aaa Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 14 Mar 2017 23:07:11 +0100 Subject: krebspaste: .retiolum -> .r --- krebs/5pkgs/krebspaste/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/5pkgs/krebspaste/default.nix b/krebs/5pkgs/krebspaste/default.nix index dd7616a05..8ce84058a 100644 --- a/krebs/5pkgs/krebspaste/default.nix +++ b/krebs/5pkgs/krebspaste/default.nix @@ -2,5 +2,5 @@ # TODO use `execve` instead? writeDashBin "krebspaste" '' - exec ${bepasty-client-cli}/bin/bepasty-cli --url http://paste.retiolum "$@" + exec ${bepasty-client-cli}/bin/bepasty-cli --url http://paste.r "$@" '' -- cgit v1.2.3 From 79387ddfc3e395d40bf644ce373d037d23e20910 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 14 Mar 2017 23:08:09 +0100 Subject: krebpsate: set max lifetime to 1 month --- krebs/5pkgs/krebspaste/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/5pkgs/krebspaste/default.nix b/krebs/5pkgs/krebspaste/default.nix index 8ce84058a..8c6676d0e 100644 --- a/krebs/5pkgs/krebspaste/default.nix +++ b/krebs/5pkgs/krebspaste/default.nix @@ -2,5 +2,5 @@ # TODO use `execve` instead? writeDashBin "krebspaste" '' - exec ${bepasty-client-cli}/bin/bepasty-cli --url http://paste.r "$@" + exec ${bepasty-client-cli}/bin/bepasty-cli -L 1m --url http://paste.r "$@" '' -- cgit v1.2.3 From 90a3a1910433cc678d6b55943dd2936b637a3b59 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Mar 2017 20:56:08 +0100 Subject: htgen: init --- krebs/5pkgs/htgen/default.nix | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 krebs/5pkgs/htgen/default.nix (limited to 'krebs') diff --git a/krebs/5pkgs/htgen/default.nix b/krebs/5pkgs/htgen/default.nix new file mode 100644 index 000000000..86e9f2b65 --- /dev/null +++ b/krebs/5pkgs/htgen/default.nix @@ -0,0 +1,30 @@ +{ bash, coreutils, gnused, stdenv, fetchgit, script ? "", ucspi-tcp }: +with import ; +let + version = "1.0"; +in stdenv.mkDerivation { + name = "htgen-${version}"; + + src = fetchgit { + url = "http://cgit.krebsco.de/htgen"; + rev = "refs/v1.0"; + sha256 = "15z451f57ddaxm21dlqqx2kavzyqx4sgnnzz4ql6vl237979g09s"; + }; + + installPhase = '' + find + mkdir -p $out/bin + { + echo '#! ${bash}/bin/bash' + echo 'export PATH=${makeBinPath [ + ucspi-tcp + coreutils + gnused + ]}' + sed -n '/^reply_404$/q;p' < htgen + printf '%s' ${shell.escape script} + echo 'reply_404' + } > $out/bin/htgen + chmod +x $out/bin/htgen + ''; +} -- cgit v1.2.3 From 552a3e8f284e86fd1a8aec1182ef4d4ebeab8d0c Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Mar 2017 20:56:28 +0100 Subject: k 3: add htgen --- krebs/3modules/default.nix | 1 + krebs/3modules/htgen.nix | 68 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+) create mode 100644 krebs/3modules/htgen.nix (limited to 'krebs') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index f336c966f..d24cea1a2 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -20,6 +20,7 @@ let ./github-hosts-sync.nix ./git.nix ./go.nix + ./htgen.nix ./iptables.nix ./kapacitor.nix ./monit.nix diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix new file mode 100644 index 000000000..2fe726049 --- /dev/null +++ b/krebs/3modules/htgen.nix @@ -0,0 +1,68 @@ +{ config, lib, pkgs, ... }: + +with import ; +let + cfg = config.krebs.htgen; + + out = { + options.krebs.htgen = api; + config = imp; + }; + + api = mkOption { + type = types.attrsOf (types.submodule ({ config, ... }: { + options = { + enable = mkEnableOption "krebs.htgen-${config.name}"; + + name = mkOption { + type = types.username; + default = config._module.args.name; + }; + + port = mkOption { + type = types.uint; + }; + + script = mkOption { + type = types.str; + }; + user = mkOption { + type = types.user; + default = { + name = "htgen-${config.name}"; + home = "/var/lib/htgen-${config.name}"; + }; + }; + }; + })); + }; + imp = { + + systemd.services = mapAttrs' (name: htgen: + nameValuePair "htgen-${name}" { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + environment = { + HTGEN_PORT = toString htgen.port; + }; + serviceConfig = { + SyslogIdentifier = "htgen"; + User = htgen.user.name; + PrivateTmp = true; + Restart = "always"; + ExecStart = "${pkgs.htgen.override { + inherit (htgen) script; + }}/bin/htgen --serve"; + }; + } + ) cfg; + + users.users = mapAttrs' (name: htgen: + nameValuePair htgen.user.name { + inherit (htgen.user) home name uid; + createHome = true; + } + ) cfg; + + }; +in out -- cgit v1.2.3 From e599c372bfa590e898812ed59284724881a76d98 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Mar 2017 21:53:05 +0100 Subject: htgen: 1.0 -> 1.1 --- krebs/5pkgs/htgen/default.nix | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) (limited to 'krebs') diff --git a/krebs/5pkgs/htgen/default.nix b/krebs/5pkgs/htgen/default.nix index 86e9f2b65..f9dfeb3d1 100644 --- a/krebs/5pkgs/htgen/default.nix +++ b/krebs/5pkgs/htgen/default.nix @@ -1,18 +1,17 @@ -{ bash, coreutils, gnused, stdenv, fetchgit, script ? "", ucspi-tcp }: +{ bash, coreutils, gnused, stdenv, fetchgit, ucspi-tcp }: with import ; let - version = "1.0"; + version = "1.1"; in stdenv.mkDerivation { name = "htgen-${version}"; src = fetchgit { url = "http://cgit.krebsco.de/htgen"; - rev = "refs/v1.0"; - sha256 = "15z451f57ddaxm21dlqqx2kavzyqx4sgnnzz4ql6vl237979g09s"; + rev = "refs/tags/v${version}"; + sha256 = "1zxj0fv9vdrqyl3x2hgq7a6xdlzpclf93akygysrzsqk9wjapp4z"; }; installPhase = '' - find mkdir -p $out/bin { echo '#! ${bash}/bin/bash' @@ -20,11 +19,10 @@ in stdenv.mkDerivation { ucspi-tcp coreutils gnused - ]}' - sed -n '/^reply_404$/q;p' < htgen - printf '%s' ${shell.escape script} - echo 'reply_404' + ]}''${PATH+":$PATH"}' + cat htgen } > $out/bin/htgen chmod +x $out/bin/htgen + cp -r examples $out ''; } -- cgit v1.2.3 From 5718517f60275a8dd66f3a230792e72bcc8d29c9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Mar 2017 21:53:34 +0100 Subject: k 3 htgen: use htgen-1.1 --- krebs/3modules/htgen.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix index 2fe726049..3c8872be2 100644 --- a/krebs/3modules/htgen.nix +++ b/krebs/3modules/htgen.nix @@ -44,15 +44,14 @@ let after = [ "network.target" ]; environment = { HTGEN_PORT = toString htgen.port; + HTGEN_SCRIPT = htgen.script; }; serviceConfig = { SyslogIdentifier = "htgen"; User = htgen.user.name; PrivateTmp = true; Restart = "always"; - ExecStart = "${pkgs.htgen.override { - inherit (htgen) script; - }}/bin/htgen --serve"; + ExecStart = "${pkgs.htgen}/bin/htgen --serve"; }; } ) cfg; -- cgit v1.2.3 From 8809797f1063945c03ebd70666c108c45d5d724a Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Mar 2017 22:12:11 +0100 Subject: k 3 htgen: add default option --- krebs/3modules/htgen.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs') diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix index 3c8872be2..0dddca6c8 100644 --- a/krebs/3modules/htgen.nix +++ b/krebs/3modules/htgen.nix @@ -10,6 +10,7 @@ let }; api = mkOption { + default = {}; type = types.attrsOf (types.submodule ({ config, ... }: { options = { enable = mkEnableOption "krebs.htgen-${config.name}"; -- cgit v1.2.3