From d6ee59430d800fe2cb14ab71143c3fba7bbf9089 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Oct 2018 15:09:15 +0200 Subject: add charybdis module until it's fixed in 18.09 --- krebs/2configs/ircd.nix | 2 +- krebs/3modules/charybdis.nix | 110 +++++++++++++++++++++++++++++++++++++++++++ krebs/3modules/default.nix | 1 + 3 files changed, 112 insertions(+), 1 deletion(-) create mode 100644 krebs/3modules/charybdis.nix (limited to 'krebs') diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index 962dbf49c..65972aacc 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -5,7 +5,7 @@ 6667 6669 ]; - services.charybdis = { + krebs.charybdis = { enable = true; motd = '' hello diff --git a/krebs/3modules/charybdis.nix b/krebs/3modules/charybdis.nix new file mode 100644 index 000000000..f4a7c1313 --- /dev/null +++ b/krebs/3modules/charybdis.nix @@ -0,0 +1,110 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkEnableOption mkIf mkOption singleton types; + inherit (pkgs) coreutils charybdis; + cfg = config.krebs.charybdis; + + configFile = pkgs.writeText "charybdis.conf" '' + ${cfg.config} + ''; +in + +{ + + ###### interface + + options = { + + krebs.charybdis = { + + enable = mkEnableOption "Charybdis IRC daemon"; + + config = mkOption { + type = types.string; + description = '' + Charybdis IRC daemon configuration file. + ''; + }; + + statedir = mkOption { + type = types.string; + default = "/var/lib/charybdis"; + description = '' + Location of the state directory of charybdis. + ''; + }; + + user = mkOption { + type = types.string; + default = "ircd"; + description = '' + Charybdis IRC daemon user. + ''; + }; + + group = mkOption { + type = types.string; + default = "ircd"; + description = '' + Charybdis IRC daemon group. + ''; + }; + + motd = mkOption { + type = types.nullOr types.lines; + default = null; + description = '' + Charybdis MOTD text. + + Charybdis will read its MOTD from /etc/charybdis/ircd.motd . + If set, the value of this option will be written to this path. + ''; + }; + + }; + + }; + + + ###### implementation + + config = mkIf cfg.enable (lib.mkMerge [ + { + users.users = singleton { + name = cfg.user; + description = "Charybdis IRC daemon user"; + uid = config.ids.uids.ircd; + group = cfg.group; + }; + + users.groups = singleton { + name = cfg.group; + gid = config.ids.gids.ircd; + }; + + systemd.services.charybdis = { + description = "Charybdis IRC daemon"; + wantedBy = [ "multi-user.target" ]; + environment = { + BANDB_DBPATH = "${cfg.statedir}/ban.db"; + }; + serviceConfig = { + ExecStart = "${charybdis}/bin/charybdis -foreground -logfile /dev/stdout -configfile ${configFile}"; + Group = cfg.group; + User = cfg.user; + PermissionsStartOnly = true; # preStart needs to run with root permissions + }; + preStart = '' + ${coreutils}/bin/mkdir -p ${cfg.statedir} + ${coreutils}/bin/chown ${cfg.user}:${cfg.group} ${cfg.statedir} + ''; + }; + + } + + (mkIf (cfg.motd != null) { + environment.etc."charybdis/ircd.motd".text = cfg.motd; + }) + ]); +} diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 6307649e3..dd682bf4d 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -14,6 +14,7 @@ let ./buildbot/master.nix ./buildbot/slave.nix ./build.nix + ./charybdis.nix ./ci.nix ./current.nix ./exim.nix -- cgit v1.2.3 From 4c73914d128e8d5b36a0644834db7cbd09be7434 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Oct 2018 17:08:01 +0200 Subject: krops: import from submodules --- krebs/krops.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'krebs') diff --git a/krebs/krops.nix b/krebs/krops.nix index 864cc8066..89354c1ea 100644 --- a/krebs/krops.nix +++ b/krebs/krops.nix @@ -1,9 +1,6 @@ { name }: rec { - krops = builtins.fetchGit { - url = https://cgit.krebsco.de/krops/; - rev = "c46166d407c7d246112f13346621a3fbdb25889e"; - }; + krops = ../submodules/krops; lib = import "${krops}/lib"; -- cgit v1.2.3 From 6b08d5aa46adc80d8a1ab4ed1d3e320c61a19f01 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Oct 2018 20:57:53 +0200 Subject: remove nin --- krebs/3modules/default.nix | 1 - krebs/3modules/nin/default.nix | 111 ----------------------------------------- 2 files changed, 112 deletions(-) delete mode 100644 krebs/3modules/nin/default.nix (limited to 'krebs') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index dd682bf4d..8f2e22acf 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -112,7 +112,6 @@ let { krebs = import ./krebs { inherit config; }; } { krebs = import ./lass { inherit config; }; } { krebs = import ./makefu { inherit config; }; } - { krebs = import ./nin { inherit config; }; } { krebs = import ./tv { inherit config; }; } { krebs.dns.providers = { diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix deleted file mode 100644 index 1531a2c89..000000000 --- a/krebs/3modules/nin/default.nix +++ /dev/null @@ -1,111 +0,0 @@ -{ config, ... }: - -with import ; - -{ - hosts = mapAttrs (_: recursiveUpdate { - owner = config.krebs.users.nin; - ci = true; - }) { - hiawatha = { - cores = 2; - nets = { - retiolum = { - ip4.addr = "10.243.132.96"; - ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342"; - aliases = [ - "hiawatha.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAucIe5yLzKJ8F982XRpZT6CvyXuPrtnNTmw/E/T6Oyq88m/OVHh6o - Viho1XAlJZZwqNniItD0AQB98uFB3+3yA7FepnwwC+PEceIfBG4bTDNyYD3ZCsAB - iWpmRar9SQ7LFnoZ6X2lYaJkUD9afmvXqJJLR5MClnRQo5OSqXaFdp7ryWinHP7E - UkPSNByu4LbQ9CnBEW8mmCVZSBLb8ezxg3HpJSigmUcJgiDBJ6aj22BsZ5L+j1Sr - lvUuaCr8WOS41AYsD5dbTYk7EG42tU5utrOS6z5yHmhbA5r8Ro2OFi/R3Td68BIJ - yw/m8sfItBCvjJSMEpKHEDfGMBCfQKltCwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx"; - }; - axon= { - cores = 2; - nets = { - retiolum = { - ip4.addr = "10.243.134.66"; - ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379"; - aliases = [ - "axon.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIECgKCBAEA89h5SLDQL/ENM//3SMzNkVnW4dBdg1GOXs/SdRCTcgygJC0TzsAo - glfQhfS+OhFSC/mXAjP8DnN7Ys6zXzMfJgH7TgVRJ8tCo5ETehICA19hMjMFINLj - KZhhthPuX7u2Jr4uDMQ0eLJnKVHF4PmHnkA+JGcOqO7VSkgcqPvqPMnJFcMkGWvH - L3KAz1KGPHZWrAB2NBDrD/bOZj4L39nS4nJIYVOraP7ze1GTTC7s/0CnZj3qwS5j - VdUYgAR+bdxlWm1B1PPOjkslP6UOklQQK4SjK3ceLYb2yM7BVICeznjWCbkbMACY - PUSvdxyiD7nZcLvuM3cJ1M45zUK+tAHHDB5FFUUAZ+YY/Xml4+JOINekpQdGQqkN - X4VsdRGKpjqi+OXNP4ktDcVkl8uALmNR6TFfAEwQJdjgcMxgJGW9PkqvPl3Mqgoh - m89lHPpO0Cpf40o6lZRG42gH1OR7Iy1M234uA08a3eFf+IQutHaOBt/Oi0YeiaQp - OtJHmWtpsQRz24/m+uroSUtKZ63sESli28G1jP73Qv7CiB8KvSX0Z4zKJOV/CyaT - LLguAyeWdNLtVg4bGRd7VExoWA+Rd9YKHCiE5duhETZk0Hb9WZmgPdM7A0RBb+1H - /F9BPKSZFl2e42VEsy8yNmBqO8lL7DVbAjLhtikTpPLcyjNeqN99a8jFX4c5nhIK - MVsSLKsmNGQq+dylXMbErsGu3P/OuCZ4mRkC32Kp4qwJ+JMrJc8+ZbhKl6Fhwu0w - 7DwwoUaRoMqtr2AwR+X67eJsYiOVo5EkqBo6DrWIM6mO2GrWHg5LTBIShn08q/Nm - ofPK2TmLdfqBycUR0kRCCPVi82f9aElmg3pzzPJnLAn9JLL43q6l+sefvtr9sTs3 - 1co6m8k5mO8zTb8BCmX2nFMkCopuHeF1nQ33y6woq0D8WsXHfHtbPwN9eYRVrbBF - 29YBp5E+Q1pQB+0rJ4A5N1I3VUKhDGKc72pbQc8cYoAbDXA+RKYbsFOra5z585dt - 4HQXpwj3a/JGJYRT6FVbJp4p8PjwAtN9VkpXNl4//3lXQdDD6aQ6ssXaKxVAp2Xj - FjPjx6J6ok4mRvofKNAREt4eZUdDub34bff6G0zI7Vls9t4ul0uHsJ6+ic3CG+Yl - buLfOkDp4hVCAlMPQ2NJfWKSggoVao7OTBPTMB3NiM56YOPptfZgu2ttDRTyuQ7p - hrOwutxoy/abH3hA8bWj1+C23vDtQ2gj0r16SWxpPdb3sselquzKp9NIvtyRVfnG - yYZTWRHg9mahMC2P0/wWAQVjKb0LnTib4lSe21uqFkWzp+3/Uu+hiwP5xGez/NIi - ahyL7t0D9r9y+i1RPjYWypgyR568fiGheQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4ubHA2pQzV4tQq9D1zRTD1xOSR6xZM3z6te+5A1ekc"; - }; - onondaga = { - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.132.55"; - ip6.addr = "42:0000:0000:0000:0000:0000:0000:1357"; - aliases = [ - "onondaga.r" - "cgit.onondaga.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAqj6NPhRVsr8abz9FFx9+ld3amfxN7SRNccbksUOqkufGS0vaupFR - OWsgj4Qmt3lQ82YVt5yjx0FZHkAsenCEKM3kYoIb4nipT0e1MWkQ7plVveMfGkiu - htaJ1aCbI2Adxfmk4YbyAr8k3G+Zl9t7gTikBRh7cf5PMiu2JhGUZHzx9urR0ieH - xyashZFjl4TtIy4q6QTiyST9kfzteh8k7CJ72zfYkdHl9dPlr5Nk22zH9xPkyzmO - kCNeknuDqKeTT9erNtRLk6pjEcyutt0y2/Uq6iZ38z5qq9k4JzcMuQ3YPpNy8bxn - hVuk2qBu6kBTUW3iLchoh0d4cfFLWLx1SQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmQk7AXsYLzjUrOjsuhZ3+gT7FjhPtjwxv5XnuU8GJO"; - }; - - }; - users = { - nin = { - mail = "nin@axon.r"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon"; - }; - nin_h = { - mail = "nin@hiawatha.r"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha"; - }; - }; -} -- cgit v1.2.3 From 550f8fce2571537b23588b41e363c27a6cd46c0e Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 30 Oct 2018 22:47:57 +0100 Subject: krebs.tinc: add tincUpExtra --- krebs/3modules/tinc.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index b032f3148..ecd449b09 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -75,6 +75,7 @@ let ${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname} ${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname} ''} + ${tinc.config.tincUpExtra} ''; description = '' tinc-up script to be used. Defaults to setting the @@ -83,6 +84,11 @@ let ''; }; + tincUpExtra = mkOption { + type = types.str; + default = ""; + }; + tincPackage = mkOption { type = types.package; default = pkgs.tinc; -- cgit v1.2.3 From 100ca928ad483471d61b36bd9e977e34441d404b Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 5 Nov 2018 10:33:28 +0100 Subject: nixpkgs: 06fb025 -> bf7930d --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'krebs') diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index b761246cd..e013645ea 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "06fb0253afabb8cc7dc85db742e2de94a4d68ca0", - "date": "2018-10-24T10:37:15-04:00", - "sha256": "0jkldgvdm8pl9cfw5faw90n0qbbzrdssgwgbihk1by4xq66khf1b", + "rev": "bf7930d582bcf7953c3b87e649858f3f1873eb9c", + "date": "2018-11-04T19:36:25+01:00", + "sha256": "0nvn6g0pxp0glqjg985qxs7ash0cmcdc80h8jxxk6z4pnr3f2n1m", "fetchSubmodules": false } -- cgit v1.2.3 From 72cd32c0bc7d66536e163b42a9404986e479c597 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 5 Nov 2018 16:22:39 +0100 Subject: ma nextgum.r becomes gum.r --- krebs/3modules/makefu/default.nix | 92 ++++++++++++--------------------------- 1 file changed, 28 insertions(+), 64 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index e2152ea1a..94af67fc7 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -494,6 +494,8 @@ in { ip6.addr = "42:f9f0::10"; aliases = [ "omo.r" + "dcpp.omo.r" + "torrent.omo.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -554,7 +556,7 @@ in { ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr"; }; - nextgum = rec { + gum = rec { ci = true; extraZones = { "krebsco.de" = '' @@ -563,6 +565,23 @@ in { graph IN A ${nets.internet.ip4.addr} gold IN A ${nets.internet.ip4.addr} iso.euer IN A ${nets.internet.ip4.addr} + wg.euer IN A ${nets.internet.ip4.addr} + photostore IN A ${nets.internet.ip4.addr} + o.euer IN A ${nets.internet.ip4.addr} + mon.euer IN A ${nets.internet.ip4.addr} + boot.euer IN A ${nets.internet.ip4.addr} + wiki.euer IN A ${nets.internet.ip4.addr} + pigstarter IN A ${nets.internet.ip4.addr} + cgit.euer IN A ${nets.internet.ip4.addr} + git.euer IN A ${nets.internet.ip4.addr} + euer IN A ${nets.internet.ip4.addr} + share.euer IN A ${nets.internet.ip4.addr} + gum IN A ${nets.internet.ip4.addr} + wikisearch IN A ${nets.internet.ip4.addr} + dl.euer IN A ${nets.internet.ip4.addr} + ghook IN A ${nets.internet.ip4.addr} + dockerhub IN A ${nets.internet.ip4.addr} + io IN NS gum.krebsco.de. ''; }; cores = 8; @@ -571,6 +590,7 @@ in { ip4.addr = "144.76.26.247"; ip6.addr = "2a01:4f8:191:12f6::2"; aliases = [ + "gum.i" "nextgum.i" ]; }; @@ -594,65 +614,10 @@ in { "stats.makefu.r" "backup.makefu.r" "dcpp.nextgum.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAucCebFmS96WorD+Br4UQudmAhMlLpacErjwA/u2argBTT2nGHTR8 - aN4e0xf3IYLA+iogLIW/JuQfKLe8evEK21iZ3jleW8N7mbCulhasi/0lqWlirrpO - npJAiSNF1m7ijoylkEKxtmehze+8ojprUT2hx1ImMlHMWGxvs+TmBbZBMgxAGMJh - 6cMMDJQi+4d9XrJQ3+XUVK3MkviLA91oIAXsLdFptL6b12siUaz4StQXDJUHemBF - 3ZwlO+W2Es69ifEhmV6NaDDRcSRdChGbHTz1OU8wYaFNaxWla/iprQQ+jEUldpcN - VC18QGYRUAgZ0PCIpKurjWNehJFB3zXt+wIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum"; - }; - - gum = rec { - ci = true; - cores = 2; - - extraZones = { - "krebsco.de" = '' - share.euer IN A ${nets.internet.ip4.addr} - mattermost.euer IN A ${nets.internet.ip4.addr} - gum IN A ${nets.internet.ip4.addr} - wikisearch IN A ${nets.internet.ip4.addr} - pigstarter IN A ${nets.internet.ip4.addr} - cgit.euer IN A ${nets.internet.ip4.addr} - euer IN A ${nets.internet.ip4.addr} - o.euer IN A ${nets.internet.ip4.addr} - git.euer IN A ${nets.internet.ip4.addr} - dl.euer IN A ${nets.internet.ip4.addr} - boot.euer IN A ${nets.internet.ip4.addr} - wiki.euer IN A ${nets.internet.ip4.addr} - mon.euer IN A ${nets.internet.ip4.addr} - ghook IN A ${nets.internet.ip4.addr} - dockerhub IN A ${nets.internet.ip4.addr} - photostore IN A ${nets.internet.ip4.addr} - io IN NS gum.krebsco.de. - ''; - }; - nets = rec { - internet = { - ip4.addr = "185.194.143.140"; - ip6.addr = "2a03:4000:1c:43f::1"; - aliases = [ - "gum.i" - ]; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.0.211"; - ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d2"; - aliases = [ "gum.r" "cgit.gum.r" "o.gum.r" "tracker.makefu.r" - "search.makefu.r" "wiki.makefu.r" "wiki.gum.r" @@ -662,20 +627,19 @@ in { ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY - BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3 - i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7 - 09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS - u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa - OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB + MIIBCgKCAQEAucCebFmS96WorD+Br4UQudmAhMlLpacErjwA/u2argBTT2nGHTR8 + aN4e0xf3IYLA+iogLIW/JuQfKLe8evEK21iZ3jleW8N7mbCulhasi/0lqWlirrpO + npJAiSNF1m7ijoylkEKxtmehze+8ojprUT2hx1ImMlHMWGxvs+TmBbZBMgxAGMJh + 6cMMDJQi+4d9XrJQ3+XUVK3MkviLA91oIAXsLdFptL6b12siUaz4StQXDJUHemBF + 3ZwlO+W2Es69ifEhmV6NaDDRcSRdChGbHTz1OU8wYaFNaxWla/iprQQ+jEUldpcN + VC18QGYRUAgZ0PCIpKurjWNehJFB3zXt+wIDAQAB -----END RSA PUBLIC KEY----- ''; }; }; - # configured manually - # ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum"; }; + shoney = rec { ci = true; cores = 1; -- cgit v1.2.3 From 70bffd8b90a7740546a20dbbdd6730ab00c7158b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 18:47:06 +0100 Subject: hotdog.r: remove import of gitlab-runner-shackspace --- krebs/1systems/hotdog/config.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'krebs') diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 0a848426c..cf72e0d73 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -10,7 +10,6 @@ - -- cgit v1.2.3 From 6416e2637665a99c7efc07d036a023463500fefe Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 18:47:34 +0100 Subject: realwallpaper: e056328 -> 847faeb --- krebs/5pkgs/simple/realwallpaper/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'krebs') diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix index 15cc277a5..7c9812117 100644 --- a/krebs/5pkgs/simple/realwallpaper/default.nix +++ b/krebs/5pkgs/simple/realwallpaper/default.nix @@ -5,8 +5,8 @@ stdenv.mkDerivation { src = fetchgit { url = https://github.com/Lassulus/realwallpaper; - rev = "e0563289c2ab592b669ce4549fc40130246e9d79"; - sha256 = "1zgk8ips2d686216h203w62wrw7zy9z0lrndx9f8z6f1vpvjcmqc"; + rev = "847faebc9b7e87e4bea078e3a2304ec00b4cdfc0"; + sha256 = "10zihkwj9vpshlxw2jk67zbsy8g4i8b1y4jzna9fdcsgn7s12jrr"; }; phases = [ -- cgit v1.2.3 From 125f9d7fd9336d59f66166f3efc6811c3ad881dd Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 10 Nov 2018 19:27:17 +0100 Subject: airdcpp module: after local-fs.target --- krebs/3modules/airdcpp.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/airdcpp.nix b/krebs/3modules/airdcpp.nix index 1633840f7..56fb31795 100644 --- a/krebs/3modules/airdcpp.nix +++ b/krebs/3modules/airdcpp.nix @@ -243,7 +243,7 @@ let in { systemd.services.airdcpp = { description = "airdcpp webui"; - after = [ "network.target" ]; + after = [ "network.target" "local-fs.target" ]; wantedBy = [ "multi-user.target" ]; restartIfChanged = true; serviceConfig = { -- cgit v1.2.3 From dfb9c237607b73f00cd52ca5c5b731f45d83f932 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 10 Nov 2018 20:06:31 +0100 Subject: krebs: add youtube@eloop.org --- krebs/3modules/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 8f2e22acf..ca67ce65c 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -201,6 +201,7 @@ let "cfp@eloop.org" = eloop-ml; "kontakt@eloop.org" = eloop-ml; "root@eloop.org" = eloop-ml; + "youtube@eloop.org" = eloop-ml; "eloop2016@krebsco.de" = eloop-ml; "eloop2017@krebsco.de" = eloop-ml; "postmaster@krebsco.de" = spam-ml; # RFC 822 -- cgit v1.2.3 From cd720e1a9ed12413504ddae2d381279ec30ce24a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 20:18:41 +0100 Subject: l: add cache.krebsco.de & cache.lassul.us --- krebs/3modules/lass/default.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 9b9f052a5..08fd85737 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -17,6 +17,7 @@ with import ; "krebsco.de" = '' prism IN A ${nets.internet.ip4.addr} paste IN A ${nets.internet.ip4.addr} + cache IN A ${nets.internet.ip4.addr} ''; "lassul.us" = '' $TTL 3600 @@ -34,6 +35,7 @@ with import ; paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; }; nets = rec { -- cgit v1.2.3 From f2dd2793cd1dad28a65d78d307e59b74fb63f23c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 20:29:39 +0100 Subject: l dns-stuff: sort --- krebs/3modules/lass/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 08fd85737..836ecb3f6 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -15,9 +15,9 @@ with import ; cores = 4; extraZones = { "krebsco.de" = '' - prism IN A ${nets.internet.ip4.addr} - paste IN A ${nets.internet.ip4.addr} cache IN A ${nets.internet.ip4.addr} + paste IN A ${nets.internet.ip4.addr} + prism IN A ${nets.internet.ip4.addr} ''; "lassul.us" = '' $TTL 3600 @@ -28,14 +28,14 @@ with import ; 60 IN TXT v=spf1 mx a:lassul.us -all 60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" ) default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" + cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} io 60 IN NS ions.lassul.us. ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; }; nets = rec { -- cgit v1.2.3 From 0c235a88a8391a6c3b67573f85fc03931e5402a2 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 10 Nov 2018 21:11:23 +0100 Subject: ma: disable some host ci --- krebs/3modules/makefu/default.nix | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 94af67fc7..bea0f1c0e 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -60,7 +60,7 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGaV5Ga5R8RTrA+nclxw6uy5Z+hPBLitQTfuXdsmbVW6 crapi"; }; drop = rec { - ci = true; + ci = false; cores = 1; nets = { retiolum = { @@ -83,7 +83,7 @@ in { }; }; studio = rec { - ci = true; + ci = false; cores = 4; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio"; @@ -109,7 +109,7 @@ in { }; fileleech = rec { - ci = true; + ci = false; cores = 4; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech"; @@ -134,7 +134,7 @@ in { }; }; latte = rec { - ci = true; + ci = false; cores = 1; ssh.privkey.path = ; # ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte"; @@ -166,7 +166,7 @@ in { }; pnp = { - ci = true; + ci = false; cores = 1; nets = { retiolum = { @@ -190,7 +190,7 @@ in { }; }; darth = { - ci = true; + ci = false; cores = 4; nets = { retiolum = { @@ -404,7 +404,7 @@ in { }; }; wry = rec { - ci = true; + ci = false; cores = 1; extraZones = { "krebsco.de" = '' @@ -449,7 +449,7 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH4Tjx9qK6uWtxT1HCpeC0XvDZKO/kaPygyKatpAqU6I root@wry"; }; filepimp = rec { - ci = true; + ci = false; cores = 1; nets = { lan = { @@ -639,9 +639,9 @@ in { }; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum"; }; - + shoney = rec { - ci = true; + ci = false; cores = 1; nets = rec { siem = { -- cgit v1.2.3 From 8f6dc4a1316ff6812a248923a974e044576583fe Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 13 Nov 2018 20:55:04 +0100 Subject: ejabberd: replaced by upstream --- krebs/5pkgs/simple/ejabberd/default.nix | 122 -------------------------- krebs/5pkgs/simple/ejabberd/ejabberdctl.patch | 32 ------- 2 files changed, 154 deletions(-) delete mode 100644 krebs/5pkgs/simple/ejabberd/default.nix delete mode 100644 krebs/5pkgs/simple/ejabberd/ejabberdctl.patch (limited to 'krebs') diff --git a/krebs/5pkgs/simple/ejabberd/default.nix b/krebs/5pkgs/simple/ejabberd/default.nix deleted file mode 100644 index b4ab13b43..000000000 --- a/krebs/5pkgs/simple/ejabberd/default.nix +++ /dev/null @@ -1,122 +0,0 @@ -{ stdenv, writeScriptBin, lib, fetchurl, git, cacert -, erlang, openssl, expat, libyaml, bash, gnused, gnugrep, coreutils, utillinux, procps, gd -, withMysql ? false -, withPgsql ? false -, withSqlite ? false, sqlite -, withPam ? false, pam -, withZlib ? true, zlib -, withRiak ? false -, withElixir ? false, elixir -, withIconv ? true -, withTools ? false -, withRedis ? false -}: - -let - fakegit = writeScriptBin "git" '' - #! ${stdenv.shell} -e - if [ "$1" = "describe" ]; then - [ -r .rev ] && cat .rev || true - fi - ''; - - ctlpath = lib.makeBinPath [ bash gnused gnugrep coreutils utillinux procps ]; - -in stdenv.mkDerivation rec { - version = "18.01"; - name = "ejabberd-${version}"; - - src = fetchurl { - url = "http://www.process-one.net/downloads/ejabberd/${version}/${name}.tgz"; - sha256 = "01i2n8mlgw293jdf4172f9q8ca8m35vysjws791p7nynpfdb4cn6"; - }; - - nativeBuildInputs = [ fakegit ]; - - buildInputs = [ erlang openssl expat libyaml gd ] - ++ lib.optional withSqlite sqlite - ++ lib.optional withPam pam - ++ lib.optional withZlib zlib - ++ lib.optional withElixir elixir - ; - - # Apparently needed for Elixir - LANG = "en_US.UTF-8"; - - deps = stdenv.mkDerivation { - name = "ejabberd-deps-${version}"; - - inherit src; - - configureFlags = [ "--enable-all" "--with-sqlite3=${sqlite.dev}" ]; - - nativeBuildInputs = [ git erlang openssl expat libyaml sqlite pam zlib elixir ]; - - GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt"; - - makeFlags = [ "deps" ]; - - phases = [ "unpackPhase" "configurePhase" "buildPhase" "installPhase" ]; - - installPhase = '' - for i in deps/*; do - ( cd $i - git reset --hard - git clean -ffdx - git describe --always --tags > .rev - rm -rf .git - ) - done - rm deps/.got - - cp -r deps $out - ''; - - outputHashMode = "recursive"; - outputHashAlgo = "sha256"; - outputHash = "1v3h0c7kfifb6wsfxyv5j1wc7rlxbb7r0pgd4s340wiyxnllzzhk"; - }; - - configureFlags = - [ (lib.enableFeature withMysql "mysql") - (lib.enableFeature withPgsql "pgsql") - (lib.enableFeature withSqlite "sqlite") - (lib.enableFeature withPam "pam") - (lib.enableFeature withZlib "zlib") - (lib.enableFeature withRiak "riak") - (lib.enableFeature withElixir "elixir") - (lib.enableFeature withIconv "iconv") - (lib.enableFeature withTools "tools") - (lib.enableFeature withRedis "redis") - ] ++ lib.optional withSqlite "--with-sqlite3=${sqlite.dev}"; - - enableParallelBuilding = true; - - patches = [ - ./ejabberdctl.patch - ]; - - preBuild = '' - cp -r $deps deps - chmod -R +w deps - patchShebangs deps - ''; - - postInstall = '' - sed -i \ - -e '2iexport PATH=${ctlpath}:$PATH' \ - -e 's,\(^ *FLOCK=\).*,\1${utillinux}/bin/flock,' \ - -e 's,\(^ *JOT=\).*,\1,' \ - -e 's,\(^ *CONNLOCKDIR=\).*,\1/var/lock/ejabberdctl,' \ - $out/sbin/ejabberdctl - ''; - - meta = with stdenv.lib; { - description = "Open-source XMPP application server written in Erlang"; - license = licenses.gpl2; - homepage = http://www.ejabberd.im; - platforms = platforms.linux; - maintainers = with maintainers; [ sander abbradar ]; - broken = withElixir; - }; -} diff --git a/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch b/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch deleted file mode 100644 index f7c842b7b..000000000 --- a/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch +++ /dev/null @@ -1,32 +0,0 @@ ---- a/ejabberdctl.template 1970-01-01 01:00:01.000000000 +0100 -+++ b/ejabberdctl.template 2018-04-24 23:06:54.127715441 +0200 -@@ -42,19 +42,18 @@ - esac - - # parse command line parameters --for arg; do -- case $arg in -- -n|--node) ERLANG_NODE_ARG=$2; shift;; -- -s|--spool) SPOOL_DIR=$2; shift;; -- -l|--logs) LOGS_DIR=$2; shift;; -- -f|--config) EJABBERD_CONFIG_PATH=$2; shift;; -- -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift;; -- -d|--config-dir) ETC_DIR=$2; shift;; -- -t|--no-timeout) NO_TIMEOUT="--no-timeout";; -- --) :;; -+while test $# -gt 0; do -+ case $1 in -+ -n|--node) ERLANG_NODE_ARG=$2; shift 2;; -+ -s|--spool) SPOOL_DIR=$2; shift 2;; -+ -l|--logs) LOGS_DIR=$2; shift 2;; -+ -f|--config) EJABBERD_CONFIG_PATH=$2; shift 2;; -+ -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift 2;; -+ -d|--config-dir) ETC_DIR=$2; shift 2;; -+ -t|--no-timeout) NO_TIMEOUT="--no-timeout"; shift 1;; -+ # --) :;; what is this for? - *) break;; - esac -- shift - done - - # define ejabberd variables if not already defined from the command line -- cgit v1.2.3 From ddfddbe7563ff6004c9bfba709269fb8441a6605 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 13 Nov 2018 21:38:28 +0100 Subject: ci: register GC roots --- krebs/3modules/ci.nix | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index 16c6d4315..4cfe598d6 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -30,6 +30,8 @@ let nix-instantiate --quiet -Q --eval --strict --json ./ci.nix ''; + profileRoot = "/nix/var/nix/profiles/ci"; + imp = { krebs.buildbot.master = { slaves = { @@ -98,9 +100,16 @@ let self.addBuildSteps([steps.ShellCommand( name=str(new_step), command=[ - new_steps[new_step] + "${pkgs.writeDash "build-stepper.sh" '' + set -efu + profile=${shell.escape profileRoot}/$build_name + result=$("$build_script") + ${pkgs.nix}/bin/nix-env -p "$profile" --set "$result" + ''}" ], env={ + "build_name": new_step, + "build_script": new_steps[new_step], "NIX_REMOTE": "daemon", "NIX_PATH": "secrets=/var/src/stockholm/null:/var/src", }, @@ -163,6 +172,20 @@ let password = "lasspass"; packages = with pkgs; [ gnumake jq nix populate gnutar lzma gzip ]; }; + + system.activationScripts.buildbots-nix-profile = '' + ${pkgs.coreutils}/bin/mkdir -p ${shell.escape profileRoot} + ${pkgs.coreutils}/bin/chmod 0770 ${shell.escape profileRoot} + ${pkgs.coreutils}/bin/chgrp buildbots ${shell.escape profileRoot} + ''; + + users = { + groups.buildbots.gid = genid "buildbots"; + users = { + buildbotMaster.extraGroups = [ "buildbots" ]; + buildbotSlave.extraGroups = [ "buildbots" ]; + }; + }; }; in out -- cgit v1.2.3 From b073ee1fd4a879a29166422269733604a6454fc3 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 21 Nov 2018 00:03:49 +0100 Subject: puyak.r: add cache.nsupdate.info --- krebs/1systems/puyak/config.nix | 1 + krebs/2configs/cache.nsupdate.info.nix | 33 +++++++ krebs/3modules/cachecache.nix | 171 +++++++++++++++++++++++++++++++++ krebs/3modules/default.nix | 1 + 4 files changed, 206 insertions(+) create mode 100644 krebs/2configs/cache.nsupdate.info.nix create mode 100644 krebs/3modules/cachecache.nix (limited to 'krebs') diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 67257eacd..2cc97a24f 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -10,6 +10,7 @@ + diff --git a/krebs/2configs/cache.nsupdate.info.nix b/krebs/2configs/cache.nsupdate.info.nix new file mode 100644 index 000000000..056667d8c --- /dev/null +++ b/krebs/2configs/cache.nsupdate.info.nix @@ -0,0 +1,33 @@ +{lib, ... }: +with lib; +let + domain = "cache.nsupdate.info"; +in { + # This only works for a single domain for nsupdate.info as multiple usernames + # and passwords are required for multiple domains + services.ddclient = { + enable = true; + server = "ipv4.nsupdate.info"; + username = domain; + password = import ((toString ) + "/nsupdate-cache.nix"); + domains = [ domain ]; + use= "if, if=et0"; + # use = "web, web=http://ipv4.nsupdate.info/myip"; + + }; + krebs.cachecache = { + enable = true; + enableSSL = false; # disable letsencrypt for testing + cacheDir = "/var/cache/nix-cache-cache"; + maxSize = "10g"; + + # assumes that the domain is reachable from the internet + virtualHost = domain; + }; + + boot.kernelModules = [ "tcp_bbr" ]; + + boot.kernel.sysctl."net.ipv4.tcp_congestion_control" = "bbr"; + boot.kernel.sysctl."net.core.default_qdisc" = "fq"; + networking.firewall.allowedTCPPorts = [ 80 443 ]; +} diff --git a/krebs/3modules/cachecache.nix b/krebs/3modules/cachecache.nix new file mode 100644 index 000000000..c02c7c80c --- /dev/null +++ b/krebs/3modules/cachecache.nix @@ -0,0 +1,171 @@ +{ config, lib, ... }: + + +# fork of https://gist.github.com/rycee/f495fc6cc4130f155e8b670609a1e57b +# related: https://github.com/nh2/nix-binary-cache-proxy + +with lib; + +let + + cfg = config.krebs.cachecache; + + nginxCfg = config.services.nginx; + + cacheFallbackConfig = { + proxyPass = "$upstream_endpoint"; + extraConfig = '' + # Default is HTTP/1, keepalive is only enabled in HTTP/1.1. + proxy_http_version 1.1; + + # Remove the Connection header if the client sends it, it could + # be "close" to close a keepalive connection + proxy_set_header Connection ""; + + # Needed for CloudFront. + proxy_ssl_server_name on; + + proxy_set_header Host $proxy_host; + proxy_cache nix_cache_cache; + proxy_cache_valid 200 302 60m; + proxy_cache_valid 404 1m; + + expires max; + add_header Cache-Control $nix_cache_cache_header always; + ''; + }; + +in + +{ + options = { + krebs.cachecache = { + enable = mkEnableOption "Nix binary cache cache"; + + virtualHost = mkOption { + type = types.str; + default = "nix-cache"; + description = '' + Name of the nginx virtualhost to use and setup. If null, do + not setup any virtualhost. + ''; + }; + enableSSL = mkOption { + type = types.bool; + default = true; + description = '' + enable SSL via letsencrypt. Requires working dns resolution and open + internet tls port. + ''; + }; + + # webRoot = mkOption { + # type = types.str; + # default = "/"; + # description = '' + # Directory on virtual host that serves the cache. Must end in + # /. + # ''; + # }; + + resolver = mkOption { + type = types.str; + description = "Address of DNS resolver."; + default = "8.8.8.8 ipv6=off"; + example = "127.0.0.1 ipv6=off"; + }; + + cacheDir = mkOption { + type = types.str; + default = "/var/cache/nix-cache-cache"; + description = '' + Where nginx should store cached data. + ''; + }; + + maxSize = mkOption { + type = types.str; + default = "50g"; + description = "Maximum cache size."; + }; + }; + }; + + config = { + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + + systemd.services.nginx.preStart = '' + mkdir -p ${cfg.cacheDir} /srv/www/nix-cache-cache + chmod 700 ${cfg.cacheDir} /srv/www/nix-cache-cache + chown ${nginxCfg.user}:${nginxCfg.group} \ + ${cfg.cacheDir} /srv/www/nix-cache-cache + ''; + + services.nginx = { + enable = true; + + appendHttpConfig = '' + proxy_cache_path ${cfg.cacheDir} + levels=1:2 + keys_zone=nix_cache_cache:100m + max_size=${cfg.maxSize} + inactive=365d + use_temp_path=off; + + # Cache only success status codes; in particular we don't want + # to cache 404s. See https://serverfault.com/a/690258/128321. + map $status $nix_cache_cache_header { + 200 "public"; + 302 "public"; + default "no-cache"; + } + ''; + + virtualHosts.${cfg.virtualHost} = { + addSSL = cfg.enableSSL; + enableACME = cfg.enableSSL; + extraConfig = '' + # Using a variable for the upstream endpoint to ensure that it is + # resolved at runtime as opposed to once when the config file is loaded + # and then cached forever (we don't want that): + # see https://tenzer.dk/nginx-with-dynamic-upstreams/ + # This fixes errors like + # + # nginx: [emerg] host not found in upstream "upstream.example.com" + # + # when the upstream host is not reachable for a short time when + # nginx is started. + resolver ${cfg.resolver} valid=10s; + set $upstream_endpoint https://cache.nixos.org; + ''; + + locations."/" = + { + root = "/srv/www/nix-cache-cache"; + extraConfig = '' + expires max; + add_header Cache-Control $nix_cache_cache_header always; + + # Ask the upstream server if a file isn't available + # locally. + error_page 404 = @fallback; + + # Don't bother logging the above 404. + log_not_found off; + ''; + }; + + locations."@fallback" = cacheFallbackConfig; + + # We always want to copy cache.nixos.org's nix-cache-info + # file, and ignore our own, because `nix-push` by default + # generates one without `Priority` field, and thus that file + # by default has priority 50 (compared to cache.nixos.org's + # `Priority: 40`), which will make download clients prefer + # `cache.nixos.org` over our binary cache. + locations."= /nix-cache-info" = cacheFallbackConfig; + }; + }; + }; +} diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index ca67ce65c..24cbd9cc9 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -14,6 +14,7 @@ let ./buildbot/master.nix ./buildbot/slave.nix ./build.nix + ./cachecache.nix ./charybdis.nix ./ci.nix ./current.nix -- cgit v1.2.3 From c4484dee1a7fb1bfc3952cf4211a22fa0d6002ca Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 21 Nov 2018 00:06:05 +0100 Subject: puyak.r: disable cache again --- krebs/1systems/puyak/config.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'krebs') diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 2cc97a24f..67257eacd 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -10,7 +10,6 @@ - -- cgit v1.2.3 From 105a0b6515b2e193b883ee8fb00d8454b8049588 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 21 Nov 2018 04:10:07 +0100 Subject: cachecache: enable only if enabled --- krebs/3modules/cachecache.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/cachecache.nix b/krebs/3modules/cachecache.nix index c02c7c80c..989320480 100644 --- a/krebs/3modules/cachecache.nix +++ b/krebs/3modules/cachecache.nix @@ -91,7 +91,7 @@ in }; }; - config = { + config = mkIf cfg.enable { networking.firewall.allowedTCPPorts = [ 80 443 ]; -- cgit v1.2.3 From a6f4d27da624cce5f9001b371a03b34ba4a68b8e Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 22 Nov 2018 09:38:33 +0100 Subject: ma: gum.r also resolves to torrent.gum.r --- krebs/3modules/makefu/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index bea0f1c0e..881f082c6 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -624,6 +624,7 @@ in { "blog.makefu.r" "blog.gum.r" "dcpp.gum.r" + "torrent.gum.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- -- cgit v1.2.3 From 91e4f7fd9202086c137920e712ed810afafca6e7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 25 Nov 2018 18:20:40 +0100 Subject: nixpkgs: bf7930d -> 5d4a1a3 --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'krebs') diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index e013645ea..61fd085be 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "bf7930d582bcf7953c3b87e649858f3f1873eb9c", - "date": "2018-11-04T19:36:25+01:00", - "sha256": "0nvn6g0pxp0glqjg985qxs7ash0cmcdc80h8jxxk6z4pnr3f2n1m", + "rev": "5d4a1a3897e2d674522bcb3aa0026c9e32d8fd7c", + "date": "2018-11-24T00:40:22-05:00", + "sha256": "19kryzx9a6x68mpyxks3dajraf92hkbnw1zf952k73s2k4qw9jlq", "fetchSubmodules": false } -- cgit v1.2.3 From 4fedcb814791363ce89f8ba0a31291fc2a1ca138 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 25 Nov 2018 23:45:27 +0100 Subject: ma gum.r: fix pubkey which accidentally got overwritten ... --- krebs/3modules/makefu/default.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 881f082c6..188fbc461 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -628,12 +628,12 @@ in { ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAucCebFmS96WorD+Br4UQudmAhMlLpacErjwA/u2argBTT2nGHTR8 - aN4e0xf3IYLA+iogLIW/JuQfKLe8evEK21iZ3jleW8N7mbCulhasi/0lqWlirrpO - npJAiSNF1m7ijoylkEKxtmehze+8ojprUT2hx1ImMlHMWGxvs+TmBbZBMgxAGMJh - 6cMMDJQi+4d9XrJQ3+XUVK3MkviLA91oIAXsLdFptL6b12siUaz4StQXDJUHemBF - 3ZwlO+W2Es69ifEhmV6NaDDRcSRdChGbHTz1OU8wYaFNaxWla/iprQQ+jEUldpcN - VC18QGYRUAgZ0PCIpKurjWNehJFB3zXt+wIDAQAB + MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY + BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3 + i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7 + 09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS + u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa + OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB -----END RSA PUBLIC KEY----- ''; }; -- cgit v1.2.3 From c35bc044dba5260bea5574a86897c6c45b4e525a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 00:55:59 +0100 Subject: ci: abort if an error occurs in get_steps --- krebs/3modules/ci.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs') diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index 4cfe598d6..62efce44b 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -26,6 +26,7 @@ let hostname = config.networking.hostName; getJobs = pkgs.writeDash "get_jobs" '' + set -efu nix-build --no-out-link --quiet -Q ./ci.nix > /dev/null nix-instantiate --quiet -Q --eval --strict --json ./ci.nix ''; -- cgit v1.2.3 From 09ee7ca4d832bfdc836c9463513891f1e97db10b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 00:58:07 +0100 Subject: ci: add gcroot for build-scripts --- krebs/3modules/ci.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index 62efce44b..d8d0e7f3d 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -28,7 +28,13 @@ let getJobs = pkgs.writeDash "get_jobs" '' set -efu nix-build --no-out-link --quiet -Q ./ci.nix > /dev/null - nix-instantiate --quiet -Q --eval --strict --json ./ci.nix + js="$(nix-instantiate --quiet -Q --eval --strict --json ./ci.nix)" + echo "$js" | jq -r 'to_entries[] | [.key, .value] | @tsv' \ + | while read -r host builder; do + gcroot=${shell.escape profileRoot}/$host-builder + ${pkgs.nix}/bin/nix-env -p "$gcroot" --set "$builder" + done + echo "$js" ''; profileRoot = "/nix/var/nix/profiles/ci"; -- cgit v1.2.3 From 593b2baf031dac70bff4d0484f87b28d674ccbed Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 00:58:57 +0100 Subject: fetchWallpaper: remove broken maxTime --- krebs/3modules/fetchWallpaper.nix | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index f67188122..5a5065565 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -38,11 +38,6 @@ let ''; default = {}; }; - maxTime = mkOption { - type = types.int; - default = 0; - description = "Time to wait before download is aborted"; - }; }; fetchWallpaperScript = pkgs.writeDash "fetchWallpaper" '' @@ -51,8 +46,8 @@ let mkdir -p ${cfg.stateDir} chmod o+rx ${cfg.stateDir} cd ${cfg.stateDir} - (curl --max-time ${toString cfg.maxTime} -s -o wallpaper.tmp -z wallpaper.tmp ${shell.escape cfg.url} && cp wallpaper.tmp wallpaper) || : - feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper + (curl -s -o wallpaper.tmp -z wallpaper.tmp ${shell.escape cfg.url} && cp wallpaper.tmp wallpaper) || : + feh --no-fehbg --bg-scale wallpaper ''; imp = { -- cgit v1.2.3 From 0b6c07ad7203634af4131ed3fb6f64c1c7fc45ff Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 01:11:35 +0100 Subject: buildbot: don't fuckup permissions --- krebs/3modules/buildbot/master.nix | 2 +- krebs/3modules/buildbot/slave.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index 209dbe980..8995753ac 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -362,7 +362,7 @@ let # normally we should write buildbot.tac by our own # ${pkgs.buildbot-classic}/bin/buildbot upgrade-master ${workdir} - chmod 700 -R ${workdir} + chmod 700 ${workdir} chown buildbotMaster:buildbotMaster -R ${workdir} ''; ExecStart = "${pkgs.buildbot-classic}/bin/buildbot start --nodaemon ${workdir}"; diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix index 544f9c4e0..c15169fba 100644 --- a/krebs/3modules/buildbot/slave.nix +++ b/krebs/3modules/buildbot/slave.nix @@ -166,7 +166,7 @@ let echo ${description} > ${workdir}/info/host chown buildbotSlave:buildbotSlave -R ${workdir} - chmod 700 -R ${workdir} + chmod 700 ${workdir} ''; ExecStart = "${pkgs.buildbot-classic-slave}/bin/buildslave start ${workdir}"; ExecStop = "${pkgs.buildbot-classic-slave}/bin/buildslave stop ${workdir}"; -- cgit v1.2.3 From dae35c44c7cf67d10152a4fb32d212310f86199a Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 27 Nov 2018 11:53:19 +0100 Subject: krebs: integrate 5pkgs as overlay --- krebs/default.nix | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) (limited to 'krebs') diff --git a/krebs/default.nix b/krebs/default.nix index d99f60aaa..7ec791529 100644 --- a/krebs/default.nix +++ b/krebs/default.nix @@ -1,12 +1,14 @@ -{ config, lib, pkgs, ... }: -with import ; { + imports = [ ./3modules - { - nixpkgs.config.packageOverrides = - import ../submodules/nix-writers/pkgs pkgs; - } ]; - nixpkgs.config.packageOverrides = import ./5pkgs pkgs; + + nixpkgs = { + overlays = [ + (import ./5pkgs) + (import ../submodules/nix-writers/pkgs) + ]; + }; + } -- cgit v1.2.3 From 00ff16d540721a5ae605cb753c7d874b44307c22 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 20:38:59 +0100 Subject: ci get_steps: explicit pkg references --- krebs/3modules/ci.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index d8d0e7f3d..bbc58361d 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -27,9 +27,9 @@ let hostname = config.networking.hostName; getJobs = pkgs.writeDash "get_jobs" '' set -efu - nix-build --no-out-link --quiet -Q ./ci.nix > /dev/null - js="$(nix-instantiate --quiet -Q --eval --strict --json ./ci.nix)" - echo "$js" | jq -r 'to_entries[] | [.key, .value] | @tsv' \ + ${pkgs.nix}/bin/nix-build --no-out-link --quiet -Q ./ci.nix > /dev/null + js="$(${pkgs.nix}/bin/nix-instantiate --quiet -Q --eval --strict --json ./ci.nix)" + echo "$js" | ${pkgs.jq}/bin/jq -r 'to_entries[] | [.key, .value] | @tsv' \ | while read -r host builder; do gcroot=${shell.escape profileRoot}/$host-builder ${pkgs.nix}/bin/nix-env -p "$gcroot" --set "$builder" -- cgit v1.2.3 From 856c4777d11c45c11c5cb9a74154f2fb99992d18 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 21:06:20 +0100 Subject: ci: js -> json, output to stderr --- krebs/3modules/ci.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index bbc58361d..a47dbe611 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -27,14 +27,14 @@ let hostname = config.networking.hostName; getJobs = pkgs.writeDash "get_jobs" '' set -efu - ${pkgs.nix}/bin/nix-build --no-out-link --quiet -Q ./ci.nix > /dev/null - js="$(${pkgs.nix}/bin/nix-instantiate --quiet -Q --eval --strict --json ./ci.nix)" - echo "$js" | ${pkgs.jq}/bin/jq -r 'to_entries[] | [.key, .value] | @tsv' \ + ${pkgs.nix}/bin/nix-build --no-out-link --quiet -Q ./ci.nix >&2 + json="$(${pkgs.nix}/bin/nix-instantiate --quiet -Q --eval --strict --json ./ci.nix)" + echo "$json" | ${pkgs.jq}/bin/jq -r 'to_entries[] | [.key, .value] | @tsv' \ | while read -r host builder; do gcroot=${shell.escape profileRoot}/$host-builder ${pkgs.nix}/bin/nix-env -p "$gcroot" --set "$builder" done - echo "$js" + echo "$json" ''; profileRoot = "/nix/var/nix/profiles/ci"; -- cgit v1.2.3 From 61f1aba8bc69dc522710d5871545cf4b4ec8645b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 21:06:20 +0100 Subject: * krops: get nixpkgs from store for ci --- krebs/krops.nix | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/krops.nix b/krebs/krops.nix index 763e76b83..425fba8f5 100644 --- a/krebs/krops.nix +++ b/krebs/krops.nix @@ -7,11 +7,24 @@ # TODO document why pkgs should be used like this pkgs = import "${krops}/pkgs" {}; - krebs-source = { + krebs-nixpkgs = { test ? false }: if test then { + nixpkgs.file = { + path = toString (pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; + rev = (lib.importJSON ./nixpkgs.json).rev; + sha256 = (lib.importJSON ./nixpkgs.json).sha256; + }); + useChecksum = true; + }; + } else { nixpkgs.git = { ref = (lib.importJSON ./nixpkgs.json).rev; url = https://github.com/NixOS/nixpkgs; }; + }; + + krebs-source = { stockholm.file = toString ../.; stockholm-version.pipe = toString (pkgs.writeDash "${name}-version" '' set -efu @@ -28,6 +41,7 @@ }; source ={ test }: lib.evalSource [ + (krebs-nixpkgs { test = test; }) krebs-source { nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix"; -- cgit v1.2.3 From f69a078f90d3cddfd5d3146ce39fbd294a14fb57 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 21:14:40 +0100 Subject: krops: reformat secrets (style) --- krebs/krops.nix | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) (limited to 'krebs') diff --git a/krebs/krops.nix b/krebs/krops.nix index 425fba8f5..1058e73c0 100644 --- a/krebs/krops.nix +++ b/krebs/krops.nix @@ -45,18 +45,14 @@ krebs-source { nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix"; - secrets = - if test - then { - file = toString ; - } - else { - pass = { - dir = "${lib.getEnv "HOME"}/brain"; - name = "krebs-secrets/${name}"; - }; - } - ; + secrets = if test then { + file = toString ; + } else { + pass = { + dir = "${lib.getEnv "HOME"}/brain"; + name = "krebs-secrets/${name}"; + }; + }; } ]; -- cgit v1.2.3 From 95f6255f586e93e096d56de75add76d7560b9df1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Nov 2018 21:30:46 +0100 Subject: * krops: merge krebs-nixpkgs into krebs-source --- krebs/krops.nix | 38 ++++++++++++++++++-------------------- 1 file changed, 18 insertions(+), 20 deletions(-) (limited to 'krebs') diff --git a/krebs/krops.nix b/krebs/krops.nix index 1058e73c0..ab7524941 100644 --- a/krebs/krops.nix +++ b/krebs/krops.nix @@ -7,28 +7,27 @@ # TODO document why pkgs should be used like this pkgs = import "${krops}/pkgs" {}; - krebs-nixpkgs = { test ? false }: if test then { - nixpkgs.file = { - path = toString (pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs"; - rev = (lib.importJSON ./nixpkgs.json).rev; - sha256 = (lib.importJSON ./nixpkgs.json).sha256; - }); - useChecksum = true; - }; - } else { - nixpkgs.git = { - ref = (lib.importJSON ./nixpkgs.json).rev; - url = https://github.com/NixOS/nixpkgs; + krebs-source = { test ? false }: rec { + nixpkgs = if test then { + file = { + path = toString (pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; + rev = (lib.importJSON ./nixpkgs.json).rev; + sha256 = (lib.importJSON ./nixpkgs.json).sha256; + }); + useChecksum = true; + }; + } else { + git = { + ref = (lib.importJSON ./nixpkgs.json).rev; + url = https://github.com/NixOS/nixpkgs; + }; }; - }; - - krebs-source = { stockholm.file = toString ../.; stockholm-version.pipe = toString (pkgs.writeDash "${name}-version" '' set -efu - cd ${lib.escapeShellArg krebs-source.stockholm.file} + cd ${lib.escapeShellArg stockholm.file} V=$(${pkgs.coreutils}/bin/date +%y.%m) if test -d .git; then V=$V.git.$(${pkgs.git}/bin/git describe --always --dirty) @@ -41,8 +40,7 @@ }; source ={ test }: lib.evalSource [ - (krebs-nixpkgs { test = test; }) - krebs-source + (krebs-source { test = test; }) { nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix"; secrets = if test then { -- cgit v1.2.3 From 53359a60f5f0114b013c6241b52aa7387d1b922a Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 29 Nov 2018 21:24:31 +0100 Subject: xmonad-stockholm: 1.2.0 -> 1.3.0 --- krebs/5pkgs/haskell/xmonad-stockholm.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'krebs') diff --git a/krebs/5pkgs/haskell/xmonad-stockholm.nix b/krebs/5pkgs/haskell/xmonad-stockholm.nix index 7f6bb299d..228d365a3 100644 --- a/krebs/5pkgs/haskell/xmonad-stockholm.nix +++ b/krebs/5pkgs/haskell/xmonad-stockholm.nix @@ -1,16 +1,16 @@ -{ mkDerivation, base, containers, fetchgit, stdenv, X11, X11-xft, X11-xshape -, xmonad, xmonad-contrib +{ mkDerivation, base, containers, fetchgit, filepath, stdenv, unix, X11, X11-xft +, X11-xshape, xmonad, xmonad-contrib }: mkDerivation rec { pname = "xmonad-stockholm"; - version = "1.2.0"; + version = "1.3.0"; src = fetchgit { url = http://cgit.ni.krebsco.de/xmonad-stockholm; - rev = "refs/tags/v${version}"; - sha256 = "13mvmh3kk9a79l1nii028p0n7l95pb78wz9c4j42l90m02mg6cis"; + rev = "refs/tags/v1.3.0"; + sha256 = "1np5126wn67y0a1r60rnkq828s0w9zjnvai4b8zy3yc02xlkrjm9"; }; libraryHaskellDepends = [ - base containers X11 X11-xft X11-xshape xmonad xmonad-contrib + base containers filepath unix X11 X11-xft X11-xshape xmonad xmonad-contrib ]; license = stdenv.lib.licenses.mit; } -- cgit v1.2.3 From 740f8c8ccfca38d7fc164a8c99bb6df6249c0d22 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 04:35:00 +0100 Subject: l: move download stuff to yellow.r --- krebs/3modules/lass/default.nix | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 836ecb3f6..35b1e1b83 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -716,6 +716,36 @@ with import ; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp"; }; + yellow = { + cores = 1; + nets = { + retiolum = { + ip4.addr =