From 6154dd151372339df10f12c3594004350deb9ad7 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 17 Jun 2018 22:54:59 +0200 Subject: ma gum.r: split sw/hw config --- makefu/1systems/gum/config.nix | 50 +++++++++------------------------ makefu/1systems/gum/hardware-config.nix | 44 +++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+), 36 deletions(-) create mode 100644 makefu/1systems/gum/hardware-config.nix (limited to 'makefu') diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 9b6d9d571..951ec0104 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -2,28 +2,14 @@ with import ; let - # hw-specific - external-mac = "2a:c5:6e:d2:fc:7f"; - main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0"; - external-gw = "185.194.140.1"; - # single partition, label "nixos" - # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate - - - # static external-ip = config.krebs.build.host.nets.internet.ip4.addr; - external-ip6 = config.krebs.build.host.nets.internet.ip6.addr; - external-gw6 = "fe80::1"; - external-netmask = 22; - external-netmask6 = 64; - internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; - ext-if = "et0"; # gets renamed on the fly + ext-if = config.makefu.server.primary-itf; in { imports = [ + ./hardware-config.nix - # @@ -49,6 +35,7 @@ in { # + # network @@ -90,6 +77,15 @@ in { # + + { # ncdc + environment.systemPackages = [ pkgs.ncdc ]; + networking.firewall = { + allowedUDPPorts = [ 51411 ]; + allowedTCPPorts = [ 51411 ]; + }; + } + # @@ -187,7 +183,6 @@ in { ]; }; - makefu.server.primary-itf = ext-if; # access users.users = { @@ -200,6 +195,7 @@ in { weechat bepasty-client-cli get + tmux ]; services.bitlbee = { enable = true; @@ -207,15 +203,8 @@ in { }; # Hardware - boot.loader.grub.device = main-disk; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; # Network - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" - ''; - boot.kernelParams = [ ]; networking = { firewall = { allowPing = true; @@ -249,19 +238,8 @@ in { 21032 ]; }; - interfaces."${ext-if}" = { - ip4 = [{ - address = external-ip; - prefixLength = external-netmask; - }]; - ip6 = [{ - address = external-ip6; - prefixLength = external-netmask6; - }]; - }; - defaultGateway6 = external-gw6; - defaultGateway = external-gw; nameservers = [ "8.8.8.8" ]; }; + users.users.makefu.extraGroups = [ "download" "nginx" ]; } diff --git a/makefu/1systems/gum/hardware-config.nix b/makefu/1systems/gum/hardware-config.nix new file mode 100644 index 000000000..e83f94a9f --- /dev/null +++ b/makefu/1systems/gum/hardware-config.nix @@ -0,0 +1,44 @@ +{ config, ... }: +let + external-mac = "2a:c5:6e:d2:fc:7f"; + main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0"; + external-gw = "185.194.140.1"; + # single partition, label "nixos" + # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate + + + # static + external-ip = config.krebs.build.host.nets.internet.ip4.addr; + external-ip6 = config.krebs.build.host.nets.internet.ip6.addr; + external-gw6 = "fe80::1"; + external-netmask = 22; + external-netmask6 = 64; + internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; + ext-if = "et0"; # gets renamed on the fly +in { + imports = [ + + ]; + makefu.server.primary-itf = ext-if; + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" + ''; + networking = { + interfaces."${ext-if}" = { + ipv4.addresses = [{ + address = external-ip; + prefixLength = external-netmask; + }]; + ipv6.addresses = [{ + address = external-ip6; + prefixLength = external-netmask6; + }]; + }; + defaultGateway6 = external-gw6; + defaultGateway = external-gw; + }; + boot.kernelParams = [ ]; + boot.loader.grub.device = main-disk; + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; + boot.kernelModules = [ "kvm-intel" ]; +} -- cgit v1.3.1 From 1665703c4562ca454e5aafd62105715fb8561238 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 19 Jun 2018 21:23:35 +0200 Subject: nix-writers: init submodule --- .gitmodules | 3 + jeschli/5pkgs/simple/xmonad-jeschli/default.nix | 2 +- jeschli/source.nix | 1 + krebs/3modules/git.nix | 2 +- krebs/5pkgs/simple/Reaktor/plugins.nix | 2 +- krebs/5pkgs/simple/brain/default.nix | 4 +- krebs/5pkgs/simple/stockholm/default.nix | 2 +- krebs/5pkgs/writers.nix | 318 ------------------------ krebs/default.nix | 4 + krebs/source.nix | 1 + lass/2configs/mc.nix | 2 +- lass/2configs/reaktor-coders.nix | 2 +- lass/3modules/usershadow.nix | 2 +- lass/3modules/xjail.nix | 2 +- lass/5pkgs/custom/xmonad-lass/default.nix | 2 +- lass/5pkgs/dpass/default.nix | 4 +- lass/5pkgs/xephyrify/default.nix | 4 +- lass/source.nix | 1 + makefu/source.nix | 1 + mv/source.nix | 1 + nin/source.nix | 1 + shell.nix | 7 +- submodules/nix-writers | 1 + tv/2configs/vim.nix | 2 +- tv/5pkgs/simple/xmonad-tv/default.nix | 2 +- tv/source.nix | 1 + 26 files changed, 38 insertions(+), 336 deletions(-) create mode 100644 .gitmodules delete mode 100644 krebs/5pkgs/writers.nix create mode 160000 submodules/nix-writers (limited to 'makefu') diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 000000000..c96fec739 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "submodules/nix-writers"] + path = submodules/nix-writers + url = http://cgit.krebsco.de/nix-writers diff --git a/jeschli/5pkgs/simple/xmonad-jeschli/default.nix b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix index 578a51c8f..60dbbc50c 100644 --- a/jeschli/5pkgs/simple/xmonad-jeschli/default.nix +++ b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix @@ -1,5 +1,5 @@ { pkgs, ... }: -pkgs.writeHaskell "xmonad-jeschli" { +pkgs.writeHaskellPackage "xmonad-jeschli" { executables.xmonad = { extra-depends = [ "containers" diff --git a/jeschli/source.nix b/jeschli/source.nix index 29cf9d818..fc1413ee4 100644 --- a/jeschli/source.nix +++ b/jeschli/source.nix @@ -7,6 +7,7 @@ host@{ name, secure ? false, override ? {} }: let pkgs = import { overlays = map import [ + ]; }; in diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index ba0924681..5ae24b40b 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -484,7 +484,7 @@ let reponames = rules: sort lessThan (unique (map (x: x.repo.name) rules)); - # TODO use `writeOut` + # TODO use pkgs.write (from nix-writers) scriptFarm = farm-name: scripts: let diff --git a/krebs/5pkgs/simple/Reaktor/plugins.nix b/krebs/5pkgs/simple/Reaktor/plugins.nix index c39e39799..2df76fb2f 100644 --- a/krebs/5pkgs/simple/Reaktor/plugins.nix +++ b/krebs/5pkgs/simple/Reaktor/plugins.nix @@ -120,7 +120,7 @@ rec { url-title = (buildSimpleReaktorPlugin "url-title" { pattern = "^.*(?Phttp[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$$"; path = with pkgs; [ curl perl ]; - script = pkgs.writePython3 [ "beautifulsoup4" "lxml" ] "url-title" '' + script = pkgs.writePython3 "url-title" [ "beautifulsoup4" "lxml" ] '' import sys import urllib.request from bs4 import BeautifulSoup diff --git a/krebs/5pkgs/simple/brain/default.nix b/krebs/5pkgs/simple/brain/default.nix index e69b44f0f..9b125862b 100644 --- a/krebs/5pkgs/simple/brain/default.nix +++ b/krebs/5pkgs/simple/brain/default.nix @@ -1,6 +1,6 @@ -{ pass, writeOut, writeDash, ... }: +{ pass, write, writeDash, ... }: -writeOut "brain" { +write "brain" { "/bin/brain".link = writeDash "brain" '' PASSWORD_STORE_DIR=$HOME/brain \ exec ${pass}/bin/pass $@ diff --git a/krebs/5pkgs/simple/stockholm/default.nix b/krebs/5pkgs/simple/stockholm/default.nix index 9afe79510..c973386d6 100644 --- a/krebs/5pkgs/simple/stockholm/default.nix +++ b/krebs/5pkgs/simple/stockholm/default.nix @@ -225,6 +225,6 @@ in - pkgs.writeOut "stockholm" (lib.mapAttrs' (name: link: + pkgs.write "stockholm" (lib.mapAttrs' (name: link: lib.nameValuePair "/bin/${name}" { inherit link; } ) cmds) diff --git a/krebs/5pkgs/writers.nix b/krebs/5pkgs/writers.nix deleted file mode 100644 index 1939bf854..000000000 --- a/krebs/5pkgs/writers.nix +++ /dev/null @@ -1,318 +0,0 @@ -pkgs: oldpkgs: -with import ; - { - execve = name: { filename, argv ? null, envp ? {}, destination ? "" }: let - in pkgs.writeC name { inherit destination; } /* c */ '' - #include - - static char *const filename = ${toC filename}; - - ${if argv == null - then /* Propagate arguments */ /* c */ '' - #define MAIN_ARGS int argc, char **argv - '' - else /* Provide fixed arguments */ /* c */ '' - #define MAIN_ARGS void - static char *const argv[] = ${toC (argv ++ [null])}; - ''} - - static char *const envp[] = ${toC ( - mapAttrsToList (k: v: "${k}=${v}") envp ++ [null] - )}; - - int main (MAIN_ARGS) { - execve(filename, argv, envp); - return -1; - } - ''; - - execveBin = name: cfg: - pkgs.execve name (cfg // { destination = "/bin/${name}"; }); - - makeScriptWriter = { interpreter, check ? null }: name: text: - assert (with types; either absolute-pathname filename).check name; - pkgs.writeOut (baseNameOf name) { - ${optionalString (types.absolute-pathname.check name) name} = { - inherit check; - executable = true; - text = "#! ${interpreter}\n${text}"; - }; - }; - - writeBash = name: text: - assert (with types; either absolute-pathname filename).check name; - pkgs.writeOut (baseNameOf name) { - ${optionalString (types.absolute-pathname.check name) name} = { - executable = true; - text = "#! ${pkgs.bash}/bin/bash\n${text}"; - }; - }; - - writeBashBin = name: - assert types.filename.check name; - pkgs.writeBash "/bin/${name}"; - - writeC = name: { destination ? "" }: text: pkgs.runCommand name { - inherit text; - passAsFile = [ "text" ]; - } /* sh */ '' - PATH=${makeBinPath (with pkgs; [ - # TODO remove if everyone migrated to 18.03 - (if hasAttr "binutils-unwrapped" pkgs then binutils-unwrapped else binutils) - coreutils - gcc - ])} - exe=$out${destination} - mkdir -p "$(dirname "$exe")" - gcc -O -Wall -o "$exe" -x c "$textPath" - strip --strip-unneeded "$exe" - ''; - - writeDash = pkgs.makeScriptWriter { - interpreter = "${pkgs.dash}/bin/dash"; - }; - - writeDashBin = name: - assert types.filename.check name; - pkgs.writeDash "/bin/${name}"; - - writeEximConfig = name: text: pkgs.runCommand name { - inherit text; - passAsFile = [ "text" ]; - } /* sh */ '' - # TODO validate exim config even with config.nix.useChroot == true - # currently doing so will fail because "user exim was not found" - #${pkgs.exim}/bin/exim -C "$textPath" -bV >/dev/null - mv "$textPath" $out - ''; - - writeOut = name: specs0: - let - writers.link = - { path - , link - }: - assert path == "" || types.absolute-pathname.check path; - assert types.package.check link; - { - install = /* sh */ '' - ${optionalString (path != "") /* sh */ '' - ${pkgs.coreutils}/bin/mkdir -p $out${dirOf path} - ''} - ${pkgs.coreutils}/bin/ln -s ${link} $out${path} - ''; - }; - - writers.text = - { path - , check ? null - , executable ? false - , mode ? if executable then "0755" else "0644" - , text - }: - assert path == "" || types.absolute-pathname.check path; - assert types.bool.check executable; - assert types.file-mode.check mode; - rec { - var = "file_${hashString "sha1" path}"; - val = text; - install = /* sh */ '' - ${optionalString (check != null) /* sh */ '' - ${check} ''$${var}Path - ''} - ${pkgs.coreutils}/bin/install \ - -m ${mode} \ - -D \ - ''$${var}Path $out${path} - ''; - }; - - write = spec: writers.${spec.type} (removeAttrs spec ["type"]); - - specs = - mapAttrsToList - (path: spec: let - known-types = [ "link" "text" ]; - found-types = attrNames (getAttrs known-types spec); - type = assert length found-types == 1; head found-types; - in spec // { inherit path type; }) - specs0; - - files = map write specs; - - filevars = genAttrs' (filter (hasAttr "var") files) - (spec: nameValuePair spec.var spec.val); - - env = filevars // { passAsFile = attrNames filevars; }; - in - # Use a subshell because 's genericBuild - # sources (or evaluates) the buildCommand and we don't want to modify its - # shell. In particular, exitHandler breaks in multiple ways with set -u. - pkgs.runCommand name env /* sh */ '' - ( - set -efu - ${concatMapStringsSep "\n" (getAttr "install") files} - ) - ''; - - writeHaskell = - k: - let - k' = parseDrvName k; - name = k'.name; - version = if k'.version != "" then k'.version else "0"; - in - { base-depends ? ["base"] - , executables ? {} - , ghc-options ? ["-Wall" "-O3" "-threaded" "-rtsopts"] - , haskellPackages ? pkgs.haskellPackages - , library ? null - , license ? "WTFPL" - }: - let - isExecutable = executables != {}; - isLibrary = library != null; - - cabal-file = pkgs.writeText "${name}-${version}.cabal" /* cabal */ '' - build-type: Simple - cabal-version: >= 1.2 - name: ${name} - version: ${version} - ${concatStringsSep "\n" (mapAttrsToList exe-section executables)} - ${optionalString isLibrary (lib-section library)} - ''; - - exe-install = - exe-name: - { file ? pkgs.writeText "${name}-${exe-name}.hs" text - , relpath ? "${exe-name}.hs" - , text - , ... }: - if types.filename.check exe-name - then /* sh */ "install -D ${file} $out/${relpath}" - else throw "argument ‘exe-name’ is not a ${types.filename.name}"; - - exe-section = - exe-name: - { build-depends ? base-depends ++ extra-depends - , extra-depends ? [] - , file ? pkgs.writeText "${name}-${exe-name}.hs" text - , relpath ? "${exe-name}.hs" - , text - , ... }: /* cabal */ '' - executable ${exe-name} - build-depends: ${concatStringsSep "," build-depends} - ghc-options: ${toString ghc-options} - main-is: ${relpath} - ''; - - get-depends = - { build-depends ? base-depends ++ extra-depends - , extra-depends ? [] - , ... - }: - build-depends; - - lib-install = - { exposed-modules - , ... }: - concatStringsSep "\n" (mapAttrsToList mod-install exposed-modules); - - lib-section = - { build-depends ? base-depends ++ extra-depends - , extra-depends ? [] - , exposed-modules - , ... }: /* cabal */ '' - library - build-depends: ${concatStringsSep "," build-depends} - ghc-options: ${toString ghc-options} - exposed-modules: ${concatStringsSep "," (attrNames exposed-modules)} - ''; - - mod-install = - mod-name: - { file ? pkgs.writeText "${name}-${mod-name}.hs" text - , relpath ? "${replaceStrings ["."] ["/"] mod-name}.hs" - , text - , ... }: - if types.haskell.modid.check mod-name - then /* sh */ "install -D ${file} $out/${relpath}" - else throw "argument ‘mod-name’ is not a ${types.haskell.modid.name}"; - in - haskellPackages.mkDerivation { - inherit isExecutable isLibrary license version; - executableHaskellDepends = - attrVals - (concatMap get-depends (attrValues executables)) - haskellPackages; - libraryHaskellDepends = - attrVals - (optionals isLibrary (get-depends library)) - haskellPackages; - pname = name; - src = pkgs.runCommand "${name}-${version}-src" {} /* sh */ '' - install -D ${cabal-file} $out/${cabal-file.name} - ${optionalString isLibrary (lib-install library)} - ${concatStringsSep "\n" (mapAttrsToList exe-install executables)} - ''; - }; - - writeJq = name: text: - assert (with types; either absolute-pathname filename).check name; - pkgs.writeOut (baseNameOf name) { - ${optionalString (types.absolute-pathname.check name) name} = { - check = pkgs.writeDash "jqcheck.sh" '' - exec ${pkgs.jq}/bin/jq -f "$1" < /dev/null - ''; - inherit text; - }; - }; - - writeJSON = name: value: pkgs.runCommand name { - json = toJSON value; - passAsFile = [ "json" ]; - } /* sh */ '' - ${pkgs.jq}/bin/jq . "$jsonPath" > "$out" - ''; - - writeNixFromCabal = - trace (toString [ - "The function `writeNixFromCabal` has been deprecated in favour of" - "`writeHaskell`." - ]) - (name: path: pkgs.runCommand name {} /* sh */ '' - ${pkgs.cabal2nix}/bin/cabal2nix ${path} > $out - ''); - - writePython2 = deps: - let - py = pkgs.python2.withPackages(ps: attrVals deps ps); - in - pkgs.makeScriptWriter { - interpreter = "${py}/bin/python"; - check = pkgs.writeDash "python2check.sh" '' - exec ${pkgs.python2Packages.flake8}/bin/flake8 --show-source "$1" - ''; - }; - - writePython2Bin = d: name: - pkgs.writePython2 d "/bin/${name}"; - - writePython3 = deps: - let - py = pkgs.python3.withPackages(ps: attrVals deps ps); - in - pkgs.makeScriptWriter { - interpreter = "${py}/bin/python"; - check = pkgs.writeDash "python3check.sh" '' - exec ${pkgs.python3Packages.flake8}/bin/flake8 --show-source "$1" - ''; - }; - - writePython3Bin = d: name: - pkgs.writePython3 d "/bin/${name}"; - - writeSed = pkgs.makeScriptWriter { - interpreter = "${pkgs.gnused}/bin/sed -f"; - }; - } diff --git a/krebs/default.nix b/krebs/default.nix index 55bf66f77..d99f60aaa 100644 --- a/krebs/default.nix +++ b/krebs/default.nix @@ -3,6 +3,10 @@ with import ; { imports = [ ./3modules + { + nixpkgs.config.packageOverrides = + import ../submodules/nix-writers/pkgs pkgs; + } ]; nixpkgs.config.packageOverrides = import ./5pkgs pkgs; } diff --git a/krebs/source.nix b/krebs/source.nix index 2aaa27b2b..5b86e89c6 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -7,6 +7,7 @@ host@{ name, secure ? false, override ? {} }: let pkgs = import { overlays = map import [ + ]; }; in diff --git a/lass/2configs/mc.nix b/lass/2configs/mc.nix index 3bd1852a8..eb457b7d3 100644 --- a/lass/2configs/mc.nix +++ b/lass/2configs/mc.nix @@ -326,7 +326,7 @@ in { name = "mc"; paths = [ (pkgs.writeDashBin "mc" '' - export MC_DATADIR=${pkgs.writeOut "mc-ext" { + export MC_DATADIR=${pkgs.write "mc-ext" { "/mc.ext".link = mcExt; "/sfs.ini".text = ""; }}; diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix index 5a39f7115..0ce147acd 100644 --- a/lass/2configs/reaktor-coders.nix +++ b/lass/2configs/reaktor-coders.nix @@ -65,7 +65,7 @@ with import ; }) (buildSimpleReaktorPlugin "random-unicorn-porn" { pattern = "^!rup$$"; - script = pkgs.writePython2 [] "rup" '' + script = pkgs.writePython2 "rup" [] '' t1 = """ _. ;=',_ () diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix index fc9e63e31..cb2890969 100644 --- a/lass/3modules/usershadow.nix +++ b/lass/3modules/usershadow.nix @@ -45,7 +45,7 @@ "pwstore-fast" "bytestring" ]; - body = pkgs.writeHaskell "passwords" { + body = pkgs.writeHaskellPackage "passwords" { executables.verify_pam = { extra-depends = deps; text = '' diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix index 325ebcc99..4c0023a76 100644 --- a/lass/3modules/xjail.nix +++ b/lass/3modules/xjail.nix @@ -44,7 +44,7 @@ with import ; wm = mkOption { #TODO find type type = types.string; - default = "${pkgs.writeHaskell "xephyrify-xmonad" { + default = "${pkgs.writeHaskellPackage "xephyrify-xmonad" { executables.xmonad = { extra-depends = [ "containers" diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index 868c1072a..7180f2a69 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -1,5 +1,5 @@ { config, pkgs, ... }: -pkgs.writeHaskell "xmonad-lass" { +pkgs.writeHaskellPackage "xmonad-lass" { executables.xmonad = { extra-depends = [ "containers" diff --git a/lass/5pkgs/dpass/default.nix b/lass/5pkgs/dpass/default.nix index 7e75d50c7..c1e803bcb 100644 --- a/lass/5pkgs/dpass/default.nix +++ b/lass/5pkgs/dpass/default.nix @@ -1,6 +1,6 @@ -{ pass, writeOut, writeDash, ... }: +{ pass, write, writeDash, ... }: -writeOut "dsco-pass" { +write "dsco-pass" { "/bin/dpass".link = writeDash "dpass" '' PASSWORD_STORE_DIR=$HOME/.dpasswordstore \ exec ${pass}/bin/pass $@ diff --git a/lass/5pkgs/xephyrify/default.nix b/lass/5pkgs/xephyrify/default.nix index 8d6036843..20c546dbb 100644 --- a/lass/5pkgs/xephyrify/default.nix +++ b/lass/5pkgs/xephyrify/default.nix @@ -1,8 +1,8 @@ -{ writeDashBin, writeHaskell, coreutils, xorg, virtualgl, ... }: +{ writeDashBin, writeHaskellPackage, coreutils, xorg, virtualgl, ... }: let - xephyrify-xmonad = writeHaskell "xephyrify-xmonad" { + xephyrify-xmonad = writeHaskellPackage "xephyrify-xmonad" { executables.xmonad = { extra-depends = [ "containers" diff --git a/lass/source.nix b/lass/source.nix index e7991da2a..49f919faf 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -7,6 +7,7 @@ host@{ name, secure ? false, override ? {} }: let pkgs = import { overlays = map import [ + ]; }; in diff --git a/makefu/source.nix b/makefu/source.nix index 56d9095b2..ecc4dddf0 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -20,6 +20,7 @@ let pkgs = import { overlays = map import [ + ]; }; # TODO: automate updating of this ref + cherry-picks diff --git a/mv/source.nix b/mv/source.nix index 1a7b83961..29dfe9723 100644 --- a/mv/source.nix +++ b/mv/source.nix @@ -7,6 +7,7 @@ host@{ name, override ? {} }: let pkgs = import { overlays = map import [ + ]; }; in diff --git a/nin/source.nix b/nin/source.nix index ae13c5583..a4bf0a98c 100644 --- a/nin/source.nix +++ b/nin/source.nix @@ -7,6 +7,7 @@ host@{ name, secure ? false }: let pkgs = import { overlays = map import [ + ]; }; in diff --git a/shell.nix b/shell.nix index bfdf1b3ca..3695ed3ac 100644 --- a/shell.nix +++ b/shell.nix @@ -1,6 +1,11 @@ let lib = import ./lib; - pkgs = import { overlays = [(import ./krebs/5pkgs)]; }; + pkgs = import { + overlays = [ + (import ./krebs/5pkgs) + (import ./submodules/nix-writers/pkgs) + ]; + }; in pkgs.stdenv.mkDerivation { name = "stockholm"; diff --git a/submodules/nix-writers b/submodules/nix-writers new file mode 160000 index 000000000..4d0829328 --- /dev/null +++ b/submodules/nix-writers @@ -0,0 +1 @@ +Subproject commit 4d0829328e885a6d7163b513998a975e60dd0a72 diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index 6598393a2..400d179d0 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -111,7 +111,7 @@ let { command! -n=0 -bar ShowSyntax :call ShowSyntax() ''; }))) - ((rtp: rtp // { inherit rtp; }) (pkgs.writeOut "vim-tv" { + ((rtp: rtp // { inherit rtp; }) (pkgs.write "vim-tv" { "/syntax/haskell.vim".text = /* vim */ '' syn region String start=+\[[[:alnum:]]*|+ end=+|]+ diff --git a/tv/5pkgs/simple/xmonad-tv/default.nix b/tv/5pkgs/simple/xmonad-tv/default.nix index cb59e8517..1168f10c8 100644 --- a/tv/5pkgs/simple/xmonad-tv/default.nix +++ b/tv/5pkgs/simple/xmonad-tv/default.nix @@ -1,5 +1,5 @@ { pkgs, ... }: -pkgs.writeHaskell "xmonad-tv" { +pkgs.writeHaskellPackage "xmonad-tv" { executables.xmonad = { extra-depends = [ "containers" diff --git a/tv/source.nix b/tv/source.nix index 14527d956..c0df06567 100644 --- a/tv/source.nix +++ b/tv/source.nix @@ -9,6 +9,7 @@ with import ; pkgs = import { overlays = map import [ + ]; }; in -- cgit v1.3.1 From 522148ec0e642b739b79de16aa7fe51832f90a30 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 24 Jun 2018 23:43:19 +0200 Subject: ma source: cherry-pick forecastio and uhub/sqlite --- makefu/source.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/source.nix b/makefu/source.nix index 56d9095b2..85953615e 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -23,9 +23,11 @@ let ]; }; # TODO: automate updating of this ref + cherry-picks - ref = "60b6ab055ad"; # nixos-18.03 @ 2018-05-31 + ref = "ef4c5fbf5c2"; # nixos-18.03 @ 2018-05-31 # + do_sqlite3 ruby: 55a952be5b5 # + exfat-nofuse bump: ee6a5296a35 + # + uhub/sqlite: 5dd7610401747 + # + forecastio: f27584df02337 in evalSource (toString _file) [ -- cgit v1.3.1 From 2f4f8a1a27ae1742dc412074d2a9294f367add84 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 24 Jun 2018 23:45:12 +0200 Subject: ma kexec: init dummy host for deploying kexec tarballs --- makefu/1systems/kexec/config.nix | 25 +++++++++++++++++++++++++ makefu/1systems/kexec/source.nix | 3 +++ 2 files changed, 28 insertions(+) create mode 100644 makefu/1systems/kexec/config.nix create mode 100644 makefu/1systems/kexec/source.nix (limited to 'makefu') diff --git a/makefu/1systems/kexec/config.nix b/makefu/1systems/kexec/config.nix new file mode 100644 index 000000000..5bf19f978 --- /dev/null +++ b/makefu/1systems/kexec/config.nix @@ -0,0 +1,25 @@ +{ config, pkgs, lib, ... }: + +with import ; +{ + imports = [ + + # + + + ]; + # cd ~/stockholm ; nix-build '' -A config.system.build.kexec_tarball -j 4 -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso + + krebs.build.host = config.krebs.hosts.iso; + krebs.hidden-ssh.enable = true; + environment.extraInit = '' + EDITOR=vim + ''; + services.openssh = { + enable = true; + hostKeys = [ + { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } + ]; + }; + systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ]; +} diff --git a/makefu/1systems/kexec/source.nix b/makefu/1systems/kexec/source.nix new file mode 100644 index 000000000..e200dbfd2 --- /dev/null +++ b/makefu/1systems/kexec/source.nix @@ -0,0 +1,3 @@ +import { + name="iso"; +} -- cgit v1.3.1 From 6ddad27d009181ca2cc8ae2ad20715477e604fd6 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 24 Jun 2018 23:45:48 +0200 Subject: ma nextgum.r: in preparation to move nextgum -> gum --- makefu/1systems/gum/config.nix | 3 +- makefu/1systems/gum/hardware-config.nix | 2 + makefu/1systems/nextgum/config.nix | 247 ++++++++++++++++++++++++++++ makefu/1systems/nextgum/hardware-config.nix | 80 +++++++++ makefu/1systems/nextgum/source.nix | 5 + makefu/1systems/nextgum/transfer-config.nix | 7 + 6 files changed, 342 insertions(+), 2 deletions(-) create mode 100644 makefu/1systems/nextgum/config.nix create mode 100644 makefu/1systems/nextgum/hardware-config.nix create mode 100644 makefu/1systems/nextgum/source.nix create mode 100644 makefu/1systems/nextgum/transfer-config.nix (limited to 'makefu') diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 951ec0104..3dbf5da19 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -8,7 +8,6 @@ in { imports = [ ./hardware-config.nix - # @@ -241,5 +240,5 @@ in { nameservers = [ "8.8.8.8" ]; }; users.users.makefu.extraGroups = [ "download" "nginx" ]; - + boot.tmpOnTmpfs = true; } diff --git a/makefu/1systems/gum/hardware-config.nix b/makefu/1systems/gum/hardware-config.nix index e83f94a9f..a40709169 100644 --- a/makefu/1systems/gum/hardware-config.nix +++ b/makefu/1systems/gum/hardware-config.nix @@ -17,8 +17,10 @@ let ext-if = "et0"; # gets renamed on the fly in { imports = [ + ]; + makefu.server.primary-itf = ext-if; services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" diff --git a/makefu/1systems/nextgum/config.nix b/makefu/1systems/nextgum/config.nix new file mode 100644 index 000000000..a23ccf7b2 --- /dev/null +++ b/makefu/1systems/nextgum/config.nix @@ -0,0 +1,247 @@ +{ config, lib, pkgs, ... }: + +with import ; +let + external-ip = config.krebs.build.host.nets.internet.ip4.addr; + ext-if = config.makefu.server.primary-itf; +in { + imports = [ + + ./hardware-config.nix + ./transfer-config.nix + + # + + # Security + + + # Tools + + + + + + + + + + + + # services + + + # sharing + + + # + ## + # + { # ncdc + environment.systemPackages = [ pkgs.ncdc ]; + networking.firewall = { + allowedUDPPorts = [ 51411 ]; + allowedTCPPorts = [ 51411 ]; + }; + } + # + + ## network + + # + + + + ## buildbot + # + + # Removed until move: no extra mails + # + # Removed until move: avoid double-update of domain + # + # Removed until move: avoid letsencrypt ban + ### Web + # + # + # + # + # + ## + # + # + # + + # + # + # + # + # + + { + services.taskserver.enable = true; + services.taskserver.fqdn = config.krebs.build.host.name; + services.taskserver.listenHost = "::"; + services.taskserver.organisations.home.users = [ "makefu" ]; + networking.firewall.extraCommands = '' + iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT + ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT + ''; + } + + + + # + + ## Temporary: + # + + + #{ + # services.dockerRegistry.enable = true; + # networking.firewall.allowedTCPPorts = [ 8443 ]; + + # services.nginx.virtualHosts."euer.krebsco.de" = { + # forceSSL = true; + # enableACME = true; + # extraConfig = '' + # client_max_body_size 1000M; + # ''; + # locations."/".proxyPass = "http://localhost:5000"; + # }; + #} + { # wireguard server + + # opkg install wireguard luci-proto-wireguard + + # TODO: networking.nat + + # boot.kernel.sysctl."net.ipv4.ip_forward" = 1; + # conf.all.proxy_arp =1 + networking.firewall = { + allowedUDPPorts = [ 51820 ]; + extraCommands = '' + iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE + ''; + }; + + networking.wireguard.interfaces.wg0 = { + ips = [ "10.244.0.1/24" ]; + listenPort = 51820; + privateKeyFile = (toString ) + "/wireguard.key"; + allowedIPsAsRoutes = true; + peers = [ + { + # x + allowedIPs = [ "10.244.0.2/32" ]; + publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; + } + { + # vbob + allowedIPs = [ "10.244.0.3/32" ]; + publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; + } + { + # x-test + allowedIPs = [ "10.244.0.4/32" ]; + publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY="; + } + { + # work-router + allowedIPs = [ "10.244.0.5/32" ]; + publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw="; + } + { + # workr + allowedIPs = [ "10.244.0.6/32" ]; + publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA="; + } + ]; + }; + } + { # iperf3 + networking.firewall.allowedUDPPorts = [ 5201 ]; + networking.firewall.allowedTCPPorts = [ 5201 ]; + } + + ]; + makefu.dl-dir = "/var/download"; + + services.openssh.hostKeys = [ + { bits = 4096; path = (toString ); type = "rsa"; } + { path = (toString ); type = "ed25519"; } ]; + ###### stable + services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ]; + krebs.build.host = config.krebs.hosts.gum; + + krebs.tinc.retiolum = { + extraConfig = '' + ListenAddress = ${external-ip} 53 + ListenAddress = ${external-ip} 655 + ListenAddress = ${external-ip} 21031 + ''; + connectTo = [ + "muhbaasu" "tahoe" "flap" "wry" + "ni" + "fastpoke" "prism" "dishfire" "echelon" "cloudkrebs" + ]; + }; + + + # access + users.users = { + root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ]; + makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ]; + }; + + # Chat + environment.systemPackages = with pkgs;[ + weechat + bepasty-client-cli + get + tmux + ]; + services.bitlbee = { + enable = true; + libpurple_plugins = [ pkgs.telegram-purple ]; + }; + + # Hardware + + # Network + networking = { + firewall = { + allowPing = true; + logRefusedConnections = false; + allowedTCPPorts = [ + # smtp + 25 + # http + 80 443 + # httptunnel + 8080 8443 + # tinc + 655 + # tinc-shack + 21032 + # tinc-retiolum + 21031 + # taskserver + 53589 + # temp vnc + 18001 + # temp reverseshell + 31337 + ]; + allowedUDPPorts = [ + # tinc + 655 53 + # tinc-retiolum + 21031 + # tinc-shack + 21032 + ]; + }; + nameservers = [ "8.8.8.8" ]; + }; + users.users.makefu.extraGroups = [ "download" "nginx" ]; + boot.tmpOnTmpfs = true; +} diff --git a/makefu/1systems/nextgum/hardware-config.nix b/makefu/1systems/nextgum/hardware-config.nix new file mode 100644 index 000000000..36fea6544 --- /dev/null +++ b/makefu/1systems/nextgum/hardware-config.nix @@ -0,0 +1,80 @@ +{ config, ... }: +let + external-mac = "50:46:5d:9f:63:6b"; + main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS"; + sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS"; + external-gw = "144.76.26.225"; + # single partition, label "nixos" + # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate + + + # static + external-ip = "144.76.26.247"; + external-ip6 = "2a01:4f8:191:12f6::2"; + external-gw6 = "fe80::1"; + external-netmask = 27; + external-netmask6 = 64; + internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; + ext-if = "et0"; # gets renamed on the fly +in { + imports = [ + ]; + makefu.server.primary-itf = ext-if; + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" + ''; + networking = { + interfaces."${ext-if}" = { + ipv4.addresses = [{ + address = external-ip; + prefixLength = external-netmask; + }]; + ipv6.addresses = [{ + address = external-ip6; + prefixLength = external-netmask6; + }]; + }; + defaultGateway6 = external-gw6; + defaultGateway = external-gw; + }; + boot.kernelParams = [ ]; + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.devices = [ main-disk ]; + boot.initrd.availableKernelModules = [ + "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci" + "xhci_pci" "ehci_pci" "ahci" "sd_mod" + ]; + boot.kernelModules = [ "kvm-intel" ]; + hardware.enableRedistributableFirmware = true; + fileSystems."/" = { + device = "/dev/mapper/nixos-root"; + fsType = "ext4"; + }; + fileSystems."/boot" = { + device = "/dev/sda2"; + fsType = "vfat"; + }; + # parted -s -a optimal "$disk" \ + # mklabel gpt \ + # mkpart no-fs 0 1024KiB \ + # set 1 bios_grub on \ + # mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \ + # mkpart primary 1025MiB 100% + # parted -s -a optimal "/dev/sdb" \ + # mklabel gpt \ + # mkpart primary 1M 100% + + #mkfs.vfat /dev/sda2 + #pvcreate /dev/sda3 + #pvcreate /dev/sdb1 + #vgcreate nixos /dev/sda3 /dev/sdb1 + #lvcreate -L 120G -n root nixos + #mkfs.ext4 /dev/mapper/nixos-root + #mount /dev/mapper/nixos-root /mnt + #mkdir /mnt/boot + #mount /dev/sda2 /mnt/boot + #mkdir -p /mnt/var/src + #touch /mnt/var/src/.populate + +} diff --git a/makefu/1systems/nextgum/source.nix b/makefu/1systems/nextgum/source.nix new file mode 100644 index 000000000..413889c47 --- /dev/null +++ b/makefu/1systems/nextgum/source.nix @@ -0,0 +1,5 @@ +import { + name="nextgum"; + torrent = true; + clever_kexec = true; +} diff --git a/makefu/1systems/nextgum/transfer-config.nix b/makefu/1systems/nextgum/transfer-config.nix new file mode 100644 index 000000000..92df60195 --- /dev/null +++ b/makefu/1systems/nextgum/transfer-config.nix @@ -0,0 +1,7 @@ +{ config, lib, ... }: +# configuration which is only required for the time of the transfer +{ + krebs.tinc.retiolum.connectTo = [ "gum" ]; + krebs.build.host = lib.mkForce config.krebs.hosts.nextgum; +} + -- cgit v1.3.1 From 4d07a747298fca730ba42f29e3f054be390dbab6 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 25 Jun 2018 09:18:41 +0200 Subject: ma gum.r: remove retroshare import --- makefu/1systems/gum/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 3dbf5da19..998ecd0fb 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -34,7 +34,7 @@ in { # - + # # network -- cgit v1.3.1 From 80d8dc92f92545d3fa5ddd8a877aa4e4b7155974 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 26 Jun 2018 20:18:46 +0200 Subject: ma git: add fenkins --- makefu/2configs/git/cgit-retiolum.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'makefu') diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index c209b83f6..61182f6c3 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -38,6 +38,7 @@ let priv-repos = mapAttrs make-priv-repo { autosync = { }; + fenkins = { }; pass = { }; }; -- cgit v1.3.1 From d433c7724e296f18bf6496359494c628d81a41af Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Jun 2018 14:47:46 +0200 Subject: ma source: bump to latest source --- makefu/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/source.nix b/makefu/source.nix index c1e291b8a..fac1c0282 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -24,7 +24,7 @@ let ]; }; # TODO: automate updating of this ref + cherry-picks - ref = "ef4c5fbf5c2"; # nixos-18.03 @ 2018-05-31 + ref = "14946ec63a1"; # nixos-18.03 @ 2018-05-31 # + do_sqlite3 ruby: 55a952be5b5 # + exfat-nofuse bump: ee6a5296a35 # + uhub/sqlite: 5dd7610401747 -- cgit v1.3.1 From bd44fc0f49a48fcc3d49e09252b7f12a3b80a954 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Jun 2018 15:16:37 +0200 Subject: ma hub: init --- makefu/2configs/hub.nix | 102 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 102 insertions(+) create mode 100644 makefu/2configs/hub.nix (limited to 'makefu') diff --git a/makefu/2configs/hub.nix b/makefu/2configs/hub.nix new file mode 100644 index 000000000..a121157d4 --- /dev/null +++ b/makefu/2configs/hub.nix @@ -0,0 +1,102 @@ +{ config, lib, pkgs, ... }: + +# search also generates ddclient entries for all other logs + +with import ; +let + ddclientUser = "ddclient"; + sec = toString ; + nsupdate = import "${sec}/nsupdate-hub.nix"; + stateDir = "/var/spool/ddclient"; + cfg = "${stateDir}/cfg"; + ext-if = config.makefu.server.primary-itf; + ddclientPIDFile = "${stateDir}/ddclient.pid"; + + # TODO: correct cert generation requires a `real` internet ip address + + gen-cfg = dict: '' + ssl=yes + cache=${stateDir}/ddclient.cache + pid=${ddclientPIDFile} + ${concatStringsSep "\n" (mapAttrsToList (user: pass: '' + + protocol=dyndns2 + use=web, web=http://ipv4.nsupdate.info/myip + ssl=yes + server=ipv4.nsupdate.info + login=${user} + password='${pass}' + ${user} + + '') dict)} + ''; + +in { + users.extraUsers = singleton { + name = ddclientUser; + uid = genid "ddclient"; + description = "ddclient daemon user"; + home = stateDir; + createHome = true; + }; + + systemd.services = { + redis.serviceConfig.LimitNOFILE=10032; + ddclient-nsupdate-uhub = { + wantedBy = [ "multi-user.target" ]; + after = [ "ip-up.target" ]; + serviceConfig = { + Type = "forking"; + User = ddclientUser; + PIDFile = ddclientPIDFile; + ExecStartPre = pkgs.writeDash "init-nsupdate" '' + cp -vf ${pkgs.writeText "ddclient-config" (gen-cfg nsupdate)} ${cfg} + chmod 700 ${cfg} + ''; + ExecStart = "${pkgs.ddclient}/bin/ddclient -verbose -daemon 1 -noquiet -file ${cfg}"; + }; + }; + }; + + networking.firewall.extraCommands = '' + iptables -A PREROUTING -t nat -i ${ext-if} -p tcp --dport 411 -j REDIRECT --to-port 1511 + ''; + systemd.services.uhub.serviceConfig = { + PrivateTmp = true; + PermissionsStartOnly = true; + ExecStartPre = pkgs.writeDash "uhub-pre" '' + cp ${toString } /tmp/uhub.crt + cp ${toString } /tmp/uhub.key + cp ${toString } /tmp/uhub.sql + chown uhub /tmp/* + ''; + + }; + services.uhub = { + enable = true; + port = 1511; + enableTLS = true; + hubConfig = '' + hub_name = "krebshub" + tls_certificate = /tmp/uhub.crt + tls_private_key = /tmp/uhub.key + registered_users_only = true + ''; + plugins = { + welcome = { + enable = true; + motd = "shareit"; + rules = "1. Don't be an asshole"; + }; + history = { + enable = true; + }; + authSqlite = { + enable = true; + file = "/tmp/uhub.sql"; + }; + + }; + }; + networking.firewall.allowedTCPPorts = [ 411 1511 ]; +} -- cgit v1.3.1 From 0dc886c68b4f7dc341ad770aede2c8c7b8cfc4cb Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Jun 2018 22:12:19 +0200 Subject: ma 0data: add nsupdate-hub.nix --- makefu/0tests/data/secrets/nsupdate-hub.nix | 1 + 1 file changed, 1 insertion(+) create mode 100644 makefu/0tests/data/secrets/nsupdate-hub.nix (limited to 'makefu') diff --git a/makefu/0tests/data/secrets/nsupdate-hub.nix b/makefu/0tests/data/secrets/nsupdate-hub.nix new file mode 100644 index 000000000..e76c0e87e --- /dev/null +++ b/makefu/0tests/data/secrets/nsupdate-hub.nix @@ -0,0 +1 @@ +{ "lol" = "wut"; } -- cgit v1.3.1 From afc051e6cc6a6c9e8d170a3f7b01ff0cc6cd99b2 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Jun 2018 23:05:20 +0200 Subject: ma secrets: uhub.sql --- makefu/0tests/data/secrets/uhub.sql | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 makefu/0tests/data/secrets/uhub.sql (limited to 'makefu') diff --git a/makefu/0tests/data/secrets/uhub.sql b/makefu/0tests/data/secrets/uhub.sql new file mode 100644 index 000000000..e69de29bb -- cgit v1.3.1