From 6ec1a6296930569c97cf029bad17c998d4fae66d Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 13 Mar 2017 23:54:15 +0100 Subject: [PATCH 01/30] m 2 urlwatch: supervise radare2 --- makefu/2configs/urlwatch.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix index 20eb031a1..6402b364a 100644 --- a/makefu/2configs/urlwatch.nix +++ b/makefu/2configs/urlwatch.nix @@ -19,6 +19,7 @@ https://api.github.com/repos/embray/d2to1/tags https://api.github.com/repos/dorimanx/exfat-nofuse/commits https://api.github.com/repos/dorimanx/exfat-nofuse/tags + https://api.github.com/repos/radare/radare2/tags ]; }; } From 839ffcd0ae307e514e72729701410f679874ab5b Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Mar 2017 15:09:39 +0100 Subject: [PATCH 02/30] l 2: add sections for cgit --- lass/2configs/git.nix | 7 +++++-- lass/2configs/repo-sync.nix | 1 + 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 710eb9461..be08d0ec1 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -32,10 +32,13 @@ let public-repos = mapAttrs make-public-repo { stockholm = { cgit.desc = "take all the computers hostage, they'll love you!"; + cgit.section = "configuration"; }; - kimsufi-check = {}; } // mapAttrs make-public-repo-silent { - the_playlist = {}; + the_playlist = { + cgit.desc = "Good Music collection + tools"; + cgit.section = "art"; + }; }; restricted-repos = mapAttrs make-restricted-repo ( diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index dfea637ed..74e508549 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -10,6 +10,7 @@ let public = true; name = mkDefault "${name}"; cgit.desc = mkDefault "mirror for ${name}"; + cgit.section = mkDefault "mirror"; hooks = mkIf announce (mkDefault { post-receive = pkgs.git-hooks.irc-announce { nick = config.networking.hostName; From 8a04d2a55ce6c4a5d0df37261a0ae7528666b16a Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Mar 2017 15:09:57 +0100 Subject: [PATCH 03/30] l 2 websites domsen: allow send from ubikmedia.de --- lass/2configs/websites/domsen.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index daecdcd2f..fde3f7c2b 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -120,6 +120,7 @@ in { sender_domains = [ "jla-trading.com" "ubikmedia.eu" + "ubikmedia.de" ]; ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem"; ssl_key = "/var/lib/acme/lassul.us/key.pem"; From 90a3a1910433cc678d6b55943dd2936b637a3b59 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Mar 2017 20:56:08 +0100 Subject: [PATCH 04/30] htgen: init --- krebs/5pkgs/htgen/default.nix | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 krebs/5pkgs/htgen/default.nix diff --git a/krebs/5pkgs/htgen/default.nix b/krebs/5pkgs/htgen/default.nix new file mode 100644 index 000000000..86e9f2b65 --- /dev/null +++ b/krebs/5pkgs/htgen/default.nix @@ -0,0 +1,30 @@ +{ bash, coreutils, gnused, stdenv, fetchgit, script ? "", ucspi-tcp }: +with import ; +let + version = "1.0"; +in stdenv.mkDerivation { + name = "htgen-${version}"; + + src = fetchgit { + url = "http://cgit.krebsco.de/htgen"; + rev = "refs/v1.0"; + sha256 = "15z451f57ddaxm21dlqqx2kavzyqx4sgnnzz4ql6vl237979g09s"; + }; + + installPhase = '' + find + mkdir -p $out/bin + { + echo '#! ${bash}/bin/bash' + echo 'export PATH=${makeBinPath [ + ucspi-tcp + coreutils + gnused + ]}' + sed -n '/^reply_404$/q;p' < htgen + printf '%s' ${shell.escape script} + echo 'reply_404' + } > $out/bin/htgen + chmod +x $out/bin/htgen + ''; +} From 552a3e8f284e86fd1a8aec1182ef4d4ebeab8d0c Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Mar 2017 20:56:28 +0100 Subject: [PATCH 05/30] k 3: add htgen --- krebs/3modules/default.nix | 1 + krebs/3modules/htgen.nix | 68 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+) create mode 100644 krebs/3modules/htgen.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index f336c966f..d24cea1a2 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -20,6 +20,7 @@ let ./github-hosts-sync.nix ./git.nix ./go.nix + ./htgen.nix ./iptables.nix ./kapacitor.nix ./monit.nix diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix new file mode 100644 index 000000000..2fe726049 --- /dev/null +++ b/krebs/3modules/htgen.nix @@ -0,0 +1,68 @@ +{ config, lib, pkgs, ... }: + +with import ; +let + cfg = config.krebs.htgen; + + out = { + options.krebs.htgen = api; + config = imp; + }; + + api = mkOption { + type = types.attrsOf (types.submodule ({ config, ... }: { + options = { + enable = mkEnableOption "krebs.htgen-${config.name}"; + + name = mkOption { + type = types.username; + default = config._module.args.name; + }; + + port = mkOption { + type = types.uint; + }; + + script = mkOption { + type = types.str; + }; + user = mkOption { + type = types.user; + default = { + name = "htgen-${config.name}"; + home = "/var/lib/htgen-${config.name}"; + }; + }; + }; + })); + }; + imp = { + + systemd.services = mapAttrs' (name: htgen: + nameValuePair "htgen-${name}" { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + environment = { + HTGEN_PORT = toString htgen.port; + }; + serviceConfig = { + SyslogIdentifier = "htgen"; + User = htgen.user.name; + PrivateTmp = true; + Restart = "always"; + ExecStart = "${pkgs.htgen.override { + inherit (htgen) script; + }}/bin/htgen --serve"; + }; + } + ) cfg; + + users.users = mapAttrs' (name: htgen: + nameValuePair htgen.user.name { + inherit (htgen.user) home name uid; + createHome = true; + } + ) cfg; + + }; +in out From e599c372bfa590e898812ed59284724881a76d98 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Mar 2017 21:53:05 +0100 Subject: [PATCH 06/30] htgen: 1.0 -> 1.1 --- krebs/5pkgs/htgen/default.nix | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/krebs/5pkgs/htgen/default.nix b/krebs/5pkgs/htgen/default.nix index 86e9f2b65..f9dfeb3d1 100644 --- a/krebs/5pkgs/htgen/default.nix +++ b/krebs/5pkgs/htgen/default.nix @@ -1,18 +1,17 @@ -{ bash, coreutils, gnused, stdenv, fetchgit, script ? "", ucspi-tcp }: +{ bash, coreutils, gnused, stdenv, fetchgit, ucspi-tcp }: with import ; let - version = "1.0"; + version = "1.1"; in stdenv.mkDerivation { name = "htgen-${version}"; src = fetchgit { url = "http://cgit.krebsco.de/htgen"; - rev = "refs/v1.0"; - sha256 = "15z451f57ddaxm21dlqqx2kavzyqx4sgnnzz4ql6vl237979g09s"; + rev = "refs/tags/v${version}"; + sha256 = "1zxj0fv9vdrqyl3x2hgq7a6xdlzpclf93akygysrzsqk9wjapp4z"; }; installPhase = '' - find mkdir -p $out/bin { echo '#! ${bash}/bin/bash' @@ -20,11 +19,10 @@ in stdenv.mkDerivation { ucspi-tcp coreutils gnused - ]}' - sed -n '/^reply_404$/q;p' < htgen - printf '%s' ${shell.escape script} - echo 'reply_404' + ]}''${PATH+":$PATH"}' + cat htgen } > $out/bin/htgen chmod +x $out/bin/htgen + cp -r examples $out ''; } From 5718517f60275a8dd66f3a230792e72bcc8d29c9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Mar 2017 21:53:34 +0100 Subject: [PATCH 07/30] k 3 htgen: use htgen-1.1 --- krebs/3modules/htgen.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix index 2fe726049..3c8872be2 100644 --- a/krebs/3modules/htgen.nix +++ b/krebs/3modules/htgen.nix @@ -44,15 +44,14 @@ let after = [ "network.target" ]; environment = { HTGEN_PORT = toString htgen.port; + HTGEN_SCRIPT = htgen.script; }; serviceConfig = { SyslogIdentifier = "htgen"; User = htgen.user.name; PrivateTmp = true; Restart = "always"; - ExecStart = "${pkgs.htgen.override { - inherit (htgen) script; - }}/bin/htgen --serve"; + ExecStart = "${pkgs.htgen}/bin/htgen --serve"; }; } ) cfg; From 8809797f1063945c03ebd70666c108c45d5d724a Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Mar 2017 22:12:11 +0100 Subject: [PATCH 08/30] k 3 htgen: add default option --- krebs/3modules/htgen.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix index 3c8872be2..0dddca6c8 100644 --- a/krebs/3modules/htgen.nix +++ b/krebs/3modules/htgen.nix @@ -10,6 +10,7 @@ let }; api = mkOption { + default = {}; type = types.attrsOf (types.submodule ({ config, ... }: { options = { enable = mkEnableOption "krebs.htgen-${config.name}"; From 679a03403f0b5152c091f23c4dc1b94625f5771b Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 17 Mar 2017 01:21:20 +0100 Subject: [PATCH 09/30] m 1 x: re-enable virtualbox want to test 3d acceleration --- makefu/1systems/x.nix | 3 ++- makefu/2configs/extra-fonts.nix | 14 ++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 makefu/2configs/extra-fonts.nix diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix index 9666f50ff..9cedc04a8 100644 --- a/makefu/1systems/x.nix +++ b/makefu/1systems/x.nix @@ -8,6 +8,7 @@ [ # base ../. ../2configs/main-laptop.nix + ../2configs/extra-fonts.nix ../2configs/tools/all.nix ../2configs/laptop-backup.nix ../2configs/dnscrypt.nix @@ -46,7 +47,7 @@ ../2configs/mail-client.nix ../2configs/printer.nix ../2configs/virtualization.nix - # ../2configs/virtualization-virtualbox.nix + ../2configs/virtualization-virtualbox.nix ../2configs/wwan.nix ../2configs/rad1o.nix diff --git a/makefu/2configs/extra-fonts.nix b/makefu/2configs/extra-fonts.nix new file mode 100644 index 000000000..7b3a5f197 --- /dev/null +++ b/makefu/2configs/extra-fonts.nix @@ -0,0 +1,14 @@ + { pkgs, ... }: + { + fonts = { + enableFontDir = true; + enableGhostscriptFonts = true; + fonts = with pkgs; [ + inconsolata # monospaced + ubuntu_font_family # Ubuntu fonts + unifont # some international languages + dejavu_fonts + terminus_font + ]; + }; + } From 8eb9bde68a5d2b3bfcc6086b8bc18588c1017448 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 24 Mar 2017 13:00:22 +0100 Subject: [PATCH 10/30] s 1 wolf: share directory --- shared/1systems/wolf.nix | 1 + shared/2configs/share-shack.nix | 38 +++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+) create mode 100644 shared/2configs/share-shack.nix diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix index b0b822780..722a08812 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf.nix @@ -15,6 +15,7 @@ in ../2configs/cgit-mirror.nix ../2configs/repo-sync.nix ../2configs/graphite.nix + ../2configs/share-shack.nix ]; # use your own binary cache, fallback use cache.nixos.org (which is used by # apt-cacher-ng in first place) diff --git a/shared/2configs/share-shack.nix b/shared/2configs/share-shack.nix new file mode 100644 index 000000000..247b9ee7d --- /dev/null +++ b/shared/2configs/share-shack.nix @@ -0,0 +1,38 @@ +{config, ... }:{ + users.users.smbguest = { + name = "smbguest"; + uid = config.ids.uids.smbguest; + group = "share"; + description = "smb guest user"; + home = "/home/share"; + createHome = true; + }; + + networking.firewall.allowedTCPPorts = [ + 139 445 # samba + ]; + + networking.firewall.allowedUDPPorts = [ + 137 138 + ]; + services.samba = { + enable = true; + shares = { + share-home = { + path = "/home/share/"; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; + extraConfig = '' + guest account = smbguest + map to guest = bad user + # disable printing + load printers = no + printing = bsd + printcap name = /dev/null + disable spoolss = yes + ''; + }; +} From 12161121598deeb8467d50a25b540e436de9b0c1 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 24 Mar 2017 13:01:58 +0100 Subject: [PATCH 11/30] k 5 at-cacher-ng: bump to version 2 --- krebs/5pkgs/apt-cacher-ng/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/apt-cacher-ng/default.nix b/krebs/5pkgs/apt-cacher-ng/default.nix index 53736dcfb..e3986713b 100644 --- a/krebs/5pkgs/apt-cacher-ng/default.nix +++ b/krebs/5pkgs/apt-cacher-ng/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "apt-cacher-ng-${version}"; - version = "0.9.3.2"; + version = "2"; src = fetchurl { url = "http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/apt-cacher-ng_${version}.orig.tar.xz"; - sha256 = "1bvng9mwrggvc93q2alj0x72i56wifnjs2dsycr17mapsv0f2gnc"; + sha256 = "0bkc3012vinridl5ch46pwnxjalymx4wf6nxax64nm7bdkcj9azf"; }; NIX_LDFLAGS = "-lpthread"; From defaf14983770e880285c358f175e91244eaf2da Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 24 Mar 2017 13:02:26 +0100 Subject: [PATCH 12/30] m 2 base-gui: enable GS fonts --- makefu/2configs/base-gui.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix index 43b37cd8c..55dd44575 100644 --- a/makefu/2configs/base-gui.nix +++ b/makefu/2configs/base-gui.nix @@ -41,7 +41,7 @@ in fonts = { enableCoreFonts = true; enableFontDir = true; - enableGhostscriptFonts = false; + enableGhostscriptFonts = true; fonts = [ pkgs.terminus_font ]; }; From 5a004c891096b805f26fef818fa75227fe1d071f Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 24 Mar 2017 13:03:46 +0100 Subject: [PATCH 13/30] m 1 wry: mv Reaktor to omo --- makefu/1systems/omo.nix | 12 ++++++++++++ makefu/1systems/wry.nix | 14 +------------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index a6a336fed..f77a19c11 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -182,5 +182,17 @@ in { zramSwap.enable = true; + krebs.Reaktor.reaktor = { + nickname = "Reaktor|bot"; + channels = [ "#krebs" "#shackspace" "#binaergewitter" ]; + plugins = with pkgs.ReaktorPlugins;[ + titlebot + # stockholm-issue + nixos-version + shack-correct + sed-plugin + random-emoji ]; + }; + krebs.build.host = config.krebs.hosts.omo; } diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index 2457ab92e..c403d2352 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -33,18 +33,6 @@ in { krebs.build.host = config.krebs.hosts.wry; - krebs.Reaktor.reaktor = { - nickname = "Reaktor|bot"; - channels = [ "#krebs" "#shackspace" "#binaergewitter" ]; - plugins = with pkgs.ReaktorPlugins;[ - titlebot - # stockholm-issue - nixos-version - shack-correct - sed-plugin - random-emoji ]; - }; - # prepare graphs services.nginx.enable = true; krebs.retiolum-bootstrap.enable = true; @@ -64,7 +52,7 @@ in { return 403; } ''; - serverAliases = [ "graphs.retiolum" "graphs.wry" "graphs.retiolum" "graphs.wry.retiolum" ]; + serverAliases = [ "graphs.r" "graphs.retiolum" "graphs.wry" "graphs.retiolum" "graphs.wry.retiolum" ]; }; anonymous = { enableSSL = true; From 4ddfc208e14bfb1b307a65960fa883166e49005e Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 24 Mar 2017 13:16:52 +0100 Subject: [PATCH 14/30] m 2 default: bump to 73a6832 --- makefu/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 1ad7f0710..6d5a2f688 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -22,7 +22,7 @@ with import ; user = config.krebs.users.makefu; source = let inherit (config.krebs.build) host user; - ref = "53a2baa"; # unstable @ 2017-02-28 + ref = "73a6832"; # unstable @ 2017-03-24 in { nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then { From a81a624345947848ed08a876c5ddd86a0dede62f Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 25 Mar 2017 00:39:56 +0100 Subject: [PATCH 15/30] m 5 dymo-cups-drivers: nuke --- makefu/5pkgs/dymo-cups-drivers/default.nix | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 makefu/5pkgs/dymo-cups-drivers/default.nix diff --git a/makefu/5pkgs/dymo-cups-drivers/default.nix b/makefu/5pkgs/dymo-cups-drivers/default.nix deleted file mode 100644 index d47bae6dd..000000000 --- a/makefu/5pkgs/dymo-cups-drivers/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ stdenv, lib, pkgs, fetchurl, cups, ... }: - -stdenv.mkDerivation rec { - name = "dymo-cups-drivers-${version}"; - version = "1.4.0"; - src = fetchurl { - url = "http://download.dymo.com/dymo/Software/Download%20Drivers/Linux/Download/${name}.tar.gz"; - sha256 = "0wagsrz3q7yrkzb5ws0m5faq68rqnqfap9p98sgk5jl6x7krf1y6"; - }; - buildInputs = [ cups ]; - makeFlags = [ "cupsfilterdir=$(out)/lib/cups/filter" "cupsmodeldir=$(out)/share/cups/model" ]; - - # acd_cli gets dumped in bin and gets overwritten by fixupPhase - meta = { - description = "Dymo printer drivers"; - }; -} From 79737faaa693ee775f1b3e99ebb33a9729d95f9f Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 25 Mar 2017 16:37:10 +0100 Subject: [PATCH 16/30] m 2: fix printer --- makefu/2configs/printer.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix index 7c7b00abc..509ed512d 100644 --- a/makefu/2configs/printer.nix +++ b/makefu/2configs/printer.nix @@ -5,7 +5,7 @@ enable = true; drivers = [ pkgs.samsungUnifiedLinuxDriver - pkgs.dymo-cups-drivers + pkgs.cups-dymo ]; }; From 8c93fa4c740fde141697300f85fa756fcfb61a2f Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 29 Mar 2017 21:27:33 +0200 Subject: [PATCH 17/30] m 5 taskserver: rip --- makefu/5pkgs/taskserver/default.nix | 43 ----------------------------- 1 file changed, 43 deletions(-) delete mode 100644 makefu/5pkgs/taskserver/default.nix diff --git a/makefu/5pkgs/taskserver/default.nix b/makefu/5pkgs/taskserver/default.nix deleted file mode 100644 index a1502b4d6..000000000 --- a/makefu/5pkgs/taskserver/default.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ stdenv, fetchurl, cmake, libuuid, gnutls, makeWrapper }: - -stdenv.mkDerivation rec { - name = "taskserver-${version}"; - version = "1.1.0"; - - enableParallelBuilding = true; - - src = fetchurl { - url = "http://www.taskwarrior.org/download/taskd-${version}.tar.gz"; - sha256 = "1d110q9vw8g5syzihxymik7hd27z1592wkpz55kya6lphzk8i13v"; - }; - - patchPhase = '' - pkipath=$out/share/taskd/pki - mkdir -p $pkipath - cp -r pki/* $pkipath - echo "patching paths in pki/generate" - sed -i "s#^\.#$pkipath#" $pkipath/generate - for f in $pkipath/generate* ;do - i=$(basename $f) - echo patching $i - sed -i \ - -e 's/which/type -p/g' \ - -e 's#^\. ./vars#if test -e ./vars;then . ./vars; else echo "cannot find ./vars - copy the template from '$pkipath'/vars into the working directory";exit 1; fi#' $f - - echo wrapping $i - makeWrapper $pkipath/$i $out/bin/taskd-pki-$i \ - --prefix PATH : ${gnutls}/bin/ - done - ''; - - buildInputs = [ makeWrapper ]; - nativeBuildInputs = [ cmake libuuid gnutls ]; - - meta = { - description = "Server for synchronising Taskwarrior clients"; - homepage = http://taskwarrior.org; - license = stdenv.lib.licenses.mit; - platforms = stdenv.lib.platforms.linux; - maintainers = with stdenv.lib.maintainers; [ matthiasbeyer makefu ]; - }; -} From 52eac8085972d6d042f48b26fcc429e6379ddc62 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 30 Mar 2017 16:48:30 +0200 Subject: [PATCH 18/30] m 1 omo: do not watch urls --- makefu/1systems/omo.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index f77a19c11..99303b604 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -43,7 +43,6 @@ in { # TODO: unlock home partition via ssh ../2configs/fs/sda-crypto-root.nix ../2configs/zsh-user.nix - ../2configs/urlwatch.nix ../2configs/backup.nix ../2configs/exim-retiolum.nix ../2configs/smart-monitor.nix From 6688dfbabe8ea9fa271ace59dad6650ff37e1fae Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 31 Mar 2017 13:00:52 +0200 Subject: [PATCH 19/30] m 2 urlwatch: Mic92 is the new maintainer of vicious --- makefu/2configs/urlwatch.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix index 6402b364a..5b82d8107 100644 --- a/makefu/2configs/urlwatch.nix +++ b/makefu/2configs/urlwatch.nix @@ -10,6 +10,7 @@ https://api.github.com/repos/ovh/python-ovh/tags https://api.github.com/repos/embray/d2to1/tags http://git.sysphere.org/vicious/log/?qt=grep&q=Next+release + https://api.github.com/repos/Mic92/vicious/tags https://pypi.python.org/simple/bepasty/ https://pypi.python.org/simple/xstatic/ http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/ From 1d1b113465878e69f3511e1092f4ec2ff592502c Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 31 Mar 2017 13:01:26 +0200 Subject: [PATCH 20/30] m 2 backup: wry on standby --- makefu/2configs/backup.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/backup.nix b/makefu/2configs/backup.nix index 280dc1df4..9ed890326 100644 --- a/makefu/2configs/backup.nix +++ b/makefu/2configs/backup.nix @@ -29,7 +29,7 @@ let }; in { krebs.backup.plans = { - wry-to-omo_root = defaultPull config.krebs.hosts.wry "/"; + # wry-to-omo_root = defaultPull config.krebs.hosts.wry "/"; gum-to-omo_root = defaultPull config.krebs.hosts.gum "/"; }; } From f9555d014ac6c87cd5a361765728f611b0c30c32 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 31 Mar 2017 13:39:13 +0200 Subject: [PATCH 21/30] m 2 default: use cups-dymo patch --- makefu/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 6d5a2f688..2f340a678 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -22,7 +22,7 @@ with import ; user = config.krebs.users.makefu; source = let inherit (config.krebs.build) host user; - ref = "73a6832"; # unstable @ 2017-03-24 + ref = "3ff00fa"; # unstable @ 2017-03-31 + cups-dymo in { nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then { From fac92f5b2828095b421b5be3fc55e7e7bf0e1735 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 31 Mar 2017 14:22:42 +0200 Subject: [PATCH 22/30] k 3 m: disable v6 address for gum --- krebs/3modules/makefu/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 489f62b65..7a6a88e85 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -464,7 +464,7 @@ with import ; retiolum = { via = internet; ip4.addr = "10.243.0.211"; - ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d2"; + # ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d2"; aliases = [ "gum.r" "gum.retiolum" From 9a5cd35de345db85480df7f7dabe561439cf2e69 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 31 Mar 2017 18:25:54 +0200 Subject: [PATCH 23/30] m 2 base-gui: Terminus naming fuckup https://bbs.archlinux.org/viewtopic.php?id=221794 --- makefu/2configs/base-gui.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix index 55dd44575..ba4c551b3 100644 --- a/makefu/2configs/base-gui.nix +++ b/makefu/2configs/base-gui.nix @@ -62,7 +62,7 @@ in cat |derp < Date: Mon, 3 Apr 2017 08:26:13 +0200 Subject: [PATCH 24/30] m 2 urlwatch: remove old vicious url --- makefu/2configs/urlwatch.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix index 5b82d8107..d1dcec657 100644 --- a/makefu/2configs/urlwatch.nix +++ b/makefu/2configs/urlwatch.nix @@ -9,7 +9,6 @@ ## nixpkgs maintenance https://api.github.com/repos/ovh/python-ovh/tags https://api.github.com/repos/embray/d2to1/tags - http://git.sysphere.org/vicious/log/?qt=grep&q=Next+release https://api.github.com/repos/Mic92/vicious/tags https://pypi.python.org/simple/bepasty/ https://pypi.python.org/simple/xstatic/ From 16b8fef4f59583d8fa8ef0e7806ef1b3175bce40 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 11 Apr 2017 21:35:49 +0200 Subject: [PATCH 25/30] m 2 deployment: add graphs --- makefu/2configs/deployment/graphs.nix | 37 +++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 makefu/2configs/deployment/graphs.nix diff --git a/makefu/2configs/deployment/graphs.nix b/makefu/2configs/deployment/graphs.nix new file mode 100644 index 000000000..35a724f6a --- /dev/null +++ b/makefu/2configs/deployment/graphs.nix @@ -0,0 +1,37 @@ +{ config, lib, pkgs, ... }: + +with import ; +let + external-ip = config.krebs.build.host.nets.internet.ip4.addr; + internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; + hn = config.krebs.build.host.name; +in { + krebs.bepasty.servers."paste.r".nginx.extraConfig = '' + if ( $server_addr = "${external-ip}" ) { + return 403; + } + ''; + krebs.tinc_graphs = { + enable = true; + nginx = { + enable = true; + # TODO: remove hard-coded hostname + complete = { + extraConfig = '' + if ( $server_addr = "${external-ip}" ) { + return 403; + } + ''; + serverAliases = [ + "graphs.r" "graphs.retiolum" + "graphs.${hn}" "graphs.${hn}.retiolum" + ]; + }; + anonymous = { + enableSSL = true; + forceSSL = true; + enableACME = true; + }; + }; + }; +} From 63a35e7bd7a5f402d9c6805b9e6d13806b82b118 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 11 Apr 2017 21:36:10 +0200 Subject: [PATCH 26/30] m 2 deployment: uwsgi add --- makefu/2configs/deployment/uwsgi.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 makefu/2configs/deployment/uwsgi.nix diff --git a/makefu/2configs/deployment/uwsgi.nix b/makefu/2configs/deployment/uwsgi.nix new file mode 100644 index 000000000..4ad9961f6 --- /dev/null +++ b/makefu/2configs/deployment/uwsgi.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: +# more than just nginx config but not enough to become a module +with import ; +let + external-ip = config.krebs.build.host.nets.internet.ip4.addr; + wsgi-sock = "${config.services.uwsgi.runDir}/uwsgi.sock"; + elch-sock = "${config.services.uwsgi.runDir}/uwsgi-elch.sock"; +in { + + services.uwsgi = { + enable = true; + user = "nginx"; + plugins = [ "python2" ]; + instance.type = "emperor"; + }; +} From e0a423e1f0a228dbcaa70dd5037404608af8daeb Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 11 Apr 2017 21:36:27 +0200 Subject: [PATCH 27/30] m 2 deployment/uwsgi: purge --- makefu/2configs/deployment/uwsgi.nix | 16 ---------------- 1 file changed, 16 deletions(-) delete mode 100644 makefu/2configs/deployment/uwsgi.nix diff --git a/makefu/2configs/deployment/uwsgi.nix b/makefu/2configs/deployment/uwsgi.nix deleted file mode 100644 index 4ad9961f6..000000000 --- a/makefu/2configs/deployment/uwsgi.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, lib, pkgs, ... }: -# more than just nginx config but not enough to become a module -with import ; -let - external-ip = config.krebs.build.host.nets.internet.ip4.addr; - wsgi-sock = "${config.services.uwsgi.runDir}/uwsgi.sock"; - elch-sock = "${config.services.uwsgi.runDir}/uwsgi-elch.sock"; -in { - - services.uwsgi = { - enable = true; - user = "nginx"; - plugins = [ "python2" ]; - instance.type = "emperor"; - }; -} From 4c7f5909d82c368d9dc316d0987eadb4a1ff03e1 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 11 Apr 2017 21:36:41 +0200 Subject: [PATCH 28/30] m 5 awesomecfg: add todo --- makefu/5pkgs/awesomecfg/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/5pkgs/awesomecfg/default.nix b/makefu/5pkgs/awesomecfg/default.nix index c2276887e..b94b6fa54 100644 --- a/makefu/5pkgs/awesomecfg/default.nix +++ b/makefu/5pkgs/awesomecfg/default.nix @@ -1,6 +1,7 @@ _: { + # TODO: requires in path: amixer, xlock, xbacklight full = ./full.cfg; kiosk = ./kiosk.lua; } From 8a40e9346e9fbfd20cf53d733f0c2790b1a7f7b1 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 11 Apr 2017 21:37:37 +0200 Subject: [PATCH 29/30] m 2 bepasty-dual: use secretKeyFile --- makefu/2configs/bepasty-dual.nix | 6 +++--- makefu/2configs/default.nix | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix index 936aaf004..ecf5f8a38 100644 --- a/makefu/2configs/bepasty-dual.nix +++ b/makefu/2configs/bepasty-dual.nix @@ -14,7 +14,7 @@ with import ; let sec = toString ; # secKey is nothing worth protecting on a local machine - secKey = import ; + secKey = "${secrets}/bepasty-secret"; acmepath = "/var/lib/acme/"; acmechall = acmepath + "/challenges/"; ext-dom = "paste.krebsco.de" ; @@ -31,7 +31,7 @@ in { serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ]; }; defaultPermissions = "admin,list,create,read,delete"; - secretKey = secKey; + secretKeyFile = secKey; }; "${ext-dom}" = { @@ -41,7 +41,7 @@ in { enableACME = true; }; defaultPermissions = "read"; - secretKey = secKey; + secretKeyFile = secKey; }; }; }; diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 2f340a678..7b2e6b617 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -22,7 +22,7 @@ with import ; user = config.krebs.users.makefu; source = let inherit (config.krebs.build) host user; - ref = "3ff00fa"; # unstable @ 2017-03-31 + cups-dymo + ref = "2982661"; # unstable @ 2017-03-31 + cups-dymo + snapraid-11.1 in { nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then { From 9224e9c4c8432ce8d7788592b9d25cfc29440ee6 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 11 Apr 2017 21:38:27 +0200 Subject: [PATCH 30/30] m: gum takes over euer,wiki,graphs from wry --- krebs/3modules/makefu/default.nix | 23 ++++++++++++----------- makefu/1systems/gum.nix | 3 +++ makefu/1systems/wry.nix | 27 --------------------------- 3 files changed, 15 insertions(+), 38 deletions(-) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 7a6a88e85..8e5927f9d 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -285,12 +285,9 @@ with import ; cores = 1; extraZones = { "krebsco.de" = '' - euer IN A ${nets.internet.ip4.addr} - wiki.euer IN A ${nets.internet.ip4.addr} - wry IN A ${nets.internet.ip4.addr} - io IN NS wry.krebsco.de. - graphs IN A ${nets.internet.ip4.addr} - tinc IN A ${nets.internet.ip4.addr} + wry IN A ${nets.internet.ip4.addr} + io IN NS wry.krebsco.de. + tinc IN A ${nets.internet.ip4.addr} ''; }; nets = rec { @@ -307,13 +304,8 @@ with import ; ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad"; aliases = [ "graphs.wry.retiolum" - "graphs.r" "graphs.retiolum" "paste.wry.retiolum" "wry.r" "wry.retiolum" - "wiki.makefu.retiolum" - "wiki.wry.retiolum" - "blog.makefu.retiolum" - "blog.wry.retiolum" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -452,6 +444,9 @@ with import ; cgit.euer IN A ${nets.internet.ip4.addr} o.euer IN A ${nets.internet.ip4.addr} dl.euer IN A ${nets.internet.ip4.addr} + euer IN A ${nets.internet.ip4.addr} + wiki.euer IN A ${nets.internet.ip4.addr} + graphs IN A ${nets.internet.ip4.addr} ''; }; nets = rec { @@ -473,6 +468,12 @@ with import ; "o.gum.retiolum" "tracker.makefu.r" "tracker.makefu.retiolum" + + "graphs.r" "graphs.retiolum" + "wiki.makefu.retiolum" + "wiki.wry.retiolum" + "blog.makefu.retiolum" + "blog.wry.retiolum" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 910493026..c39997ebf 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -29,9 +29,12 @@ in { ../2configs/deployment/owncloud.nix ../2configs/nginx/share-download.nix ../2configs/nginx/euer.test.nix + ../2configs/nginx/euer.wiki.nix + ../2configs/nginx/euer.blog.nix ../2configs/nginx/public_html.nix ../2configs/nginx/update.connector.one.nix ../2configs/deployment/mycube.connector.one.nix + ../2configs/deployment/graphs.nix # ../2configs/opentracker.nix ../2configs/logging/central-stats-client.nix diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index c403d2352..a5c4d3cca 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -19,8 +19,6 @@ in { ../2configs/backup.nix # other nginx - ../2configs/nginx/euer.wiki.nix - ../2configs/nginx/euer.blog.nix # ../2configs/nginx/euer.test.nix # collectd @@ -36,31 +34,6 @@ in { # prepare graphs services.nginx.enable = true; krebs.retiolum-bootstrap.enable = true; - krebs.bepasty.servers."paste.r".nginx.extraConfig = '' - if ( $server_addr = "${external-ip}" ) { - return 403; - } - ''; - krebs.tinc_graphs = { - enable = true; - nginx = { - enable = true; - # TODO: remove hard-coded hostname - complete = { - extraConfig = '' - if ( $server_addr = "${external-ip}" ) { - return 403; - } - ''; - serverAliases = [ "graphs.r" "graphs.retiolum" "graphs.wry" "graphs.retiolum" "graphs.wry.retiolum" ]; - }; - anonymous = { - enableSSL = true; - forceSSL = true; - enableACME = true; - }; - }; - }; networking = { firewall = {