diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 1b28628d6..38e310908 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -26,9 +26,8 @@ with import ; Port = ${toString tinc.config.host.nets.${netname}.tinc.port} ${tinc.config.extraConfig} ''; - "tinc-up" = pkgs.writeScript "${netname}-tinc-up" '' - #!/bin/sh - ip link set ${netname} up + "tinc-up" = pkgs.writeDash "${netname}-tinc-up" '' + ${tinc.config.iproutePackage}/sbin/ip link set ${netname} up ${tinc.config.tincUp} ''; }); @@ -60,14 +59,15 @@ with import ; type = types.str; default = let net = tinc.config.host.nets.${netname}; + iproute = tinc.config.iproutePackage; in '' ${optionalString (net.ip4 != null) /* sh */ '' - ip -4 addr add ${net.ip4.addr} dev ${netname} - ip -4 route add ${net.ip4.prefix} dev ${netname} + ${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${netname} + ${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${netname} ''} ${optionalString (net.ip6 != null) /* sh */ '' - ip -6 addr add ${net.ip6.addr} dev ${netname} - ip -6 route add ${net.ip6.prefix} dev ${netname} + ${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname} + ${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname} ''} ${tinc.config.tincUpExtra} ''; @@ -238,39 +238,41 @@ with import ; description = "Tinc daemon for ${netname}"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - path = [ - cfg.iproutePackage - cfg.tincPackage - ]; - reloadIfChanged = true; + # Restart the service in a single step in order to prevent potential + # connection timeouts and subsequent issues while deploying via tinc. + stopIfChanged = false; serviceConfig = { Restart = "always"; LoadCredential = filter (x: x != "") [ (optionalString (cfg.privkey_ed25519 != null) - "ed25519_key:${cfg.privkey_ed25519}" + "ed25519_key.priv:${cfg.privkey_ed25519}" ) - "rsa_key:${cfg.privkey}" + "rsa_key.priv:${cfg.privkey}" ]; ExecStartPre = pkgs.writers.writeDash "init-tinc-${netname}" '' + set -efu ${pkgs.coreutils}/bin/mkdir -p /etc/tinc - ${pkgs.rsync}/bin/rsync -vaL --delete \ + ${pkgs.rsync}/bin/rsync -Lacv --delete \ --chown ${cfg.user.name} \ --chmod u=rwX,g=rX \ + --exclude='/*.priv' \ ${cfg.confDir}/ /etc/tinc/${netname}/ + ${optionalString (cfg.privkey_ed25519 != null) /* sh */ '' + ${pkgs.coreutils}/bin/ln -fns \ + "$CREDENTIALS_DIRECTORY"/ed25519_key.priv \ + /etc/tinc/${netname}/ + ''} + ${pkgs.coreutils}/bin/ln -fns \ + "$CREDENTIALS_DIRECTORY"/rsa_key.priv \ + /etc/tinc/${netname}/ ''; ExecStart = toString [ "${cfg.tincPackage}/sbin/tincd" "-D" "-U ${cfg.user.name}" - "-c /etc/tinc/${netname}" "-d 0" - (optionalString (cfg.privkey_ed25519 != null) - "-o Ed25519PrivateKeyFile=\${CREDENTIALS_DIRECTORY}/ed25519_key" - ) - "-o PrivateKeyFile=\${CREDENTIALS_DIRECTORY}/rsa_key" - "--pidfile=/var/run/tinc.${netname}.pid" + "-n ${netname}" ]; - ExecReload = "${cfg.tincPackage}/sbin/tinc -n ${netname} restart"; SyslogIdentifier = netname; }; }) config.krebs.tinc; diff --git a/tv/2configs/retiolum.nix b/tv/2configs/retiolum.nix index 9940b1026..3c3b2adf0 100644 --- a/tv/2configs/retiolum.nix +++ b/tv/2configs/retiolum.nix @@ -6,9 +6,9 @@ with import ; krebs.tinc.retiolum = { enable = true; connectTo = filter (ne config.krebs.build.host.name) [ - "gum" "ni" "prism" + "eve" ]; extraConfig = '' LocalDiscovery = yes diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index cae5da112..2b9bdeeba 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -1,47 +1,20 @@ with import ; +let + pushBack = x: xs: + if elem x xs then + remove x xs ++ [ x ] + else + names; +in self: super: # Import files and subdirectories like they are overlays. -foldl' mergeAttrs {} - (map - (name: import (./. + "/${name}") self super) - (filter - (name: name != "default.nix" && !hasPrefix "." name) - (attrNames (readDir ./.)))) - -// - -{ - cr = self.writeDashBin "cr" '' - set -efu - if test -n "''${XDG_RUNTIME_DIR-}"; then - cache_dir=$XDG_RUNTIME_DIR/chromium-disk-cache - else - cache_dir=/tmp/chromium-disk-cache_$LOGNAME - fi - export LC_TIME=de_DE.utf8 - exec ${self.chromium}/bin/chromium \ - --ssl-version-min=tls1 \ - --disk-cache-dir="$cache_dir" \ - --disk-cache-size=50000000 \ - "$@" - ''; - - dhcpcd = overrideDerivation super.dhcpcd (old: { - configureFlags = old.configureFlags ++ [ - "--dbdir=/var/lib/dhcpcd" - ]; - }); - - gitAndTools = super.gitAndTools // { - inherit (self) diff-so-fancy; - }; - - ff = self.writeDashBin "ff" '' - exec ${self.firefoxWrapper}/bin/firefox "$@" - ''; - - gnupg = self.gnupg22; - -} +fix + (foldl' (flip extends) (_: super) + (map + (name: import (./. + "/${name}")) + (filter + (name: name != "default.nix" && !hasPrefix "." name) + (pushBack "override" + (attrNames (readDir ./.)))))) diff --git a/tv/5pkgs/override/anbox.nix b/tv/5pkgs/override/anbox.nix new file mode 100644 index 000000000..394061733 --- /dev/null +++ b/tv/5pkgs/override/anbox.nix @@ -0,0 +1,72 @@ +self: super: + +# https://github.com/NixOS/nixpkgs/pull/125600 +super.anbox.overrideAttrs (old: + assert old.version == "unstable-2020-11-29"; + rec { + version = "unstable-2021-05-26"; + + src = self.fetchFromGitHub { + owner = old.pname; + repo = old.pname; + rev = "ad377ff25354d68b76e2b8da24a404850f8514c6"; + sha256 = "1bj07ixwbkli4ycjh41mnqdbsjz9haiwg2nhf9anbi29z1d0819w"; + fetchSubmodules = true; + }; + + postPatch = old.patchPhase; + + # patchPhase() from + # TODO patchPhase = default.patchPhase; or something + patchPhase = '' + runHook prePatch + + for i in ''${patches:-}; do + header "applying patch $i" 3 + local uncompress=cat + case "$i" in + *.gz) + uncompress="gzip -d" + ;; + *.bz2) + uncompress="bzip2 -d" + ;; + *.xz) + uncompress="xz -d" + ;; + *.lzma) + uncompress="lzma -d" + ;; + esac + # "2>&1" is a hack to make patch fail if the decompressor fails (nonexistent patch, etc.) + # shellcheck disable=SC2086 + $uncompress < "$i" 2>&1 | patch ''${patchFlags:--p1} + done + + runHook postPatch + ''; + + patches = [ + # Fixes compatibility with lxc 4 + (self.fetchpatch { + url = "https://git.alpinelinux.org/aports/plain/community/anbox/lxc4.patch?id=64243590a16aee8d4e72061886fc1b15256492c3"; + sha256 = "1da5xyzyjza1g2q9nbxb4p3njj2sf3q71vkpvmmdphia5qnb0gk5"; + }) + # Wait 10× more time when starting + # Not *strictly* needed, but helps a lot on slower hardware + (self.fetchpatch { + url = "https://git.alpinelinux.org/aports/plain/community/anbox/give-more-time-to-start.patch?id=058b56d4b332ef3379551b343bf31e0f2004321a"; + sha256 = "0iiz3c7fgfgl0dvx8sf5hv7a961xqnihwpz6j8r0ib9v8piwxh9a"; + }) + # Ensures generated desktop files work on store path change + (self.fetchpatch { + url = "https://raw.githubusercontent.com/NixOS/nixpkgs/fdf7b4be1a659ed8b96586c2fc8ff90850e25feb/pkgs/os-specific/linux/anbox/0001-NixOS-Use-anbox-from-PATH-in-desktop-files.patch"; + sha256 = "173z84g1r8h367a2dgk6945is6vxg4j1hs2hkfd3m3bbpwfw9221"; + }) + # Provide window icons + (self.fetchpatch { + url = "https://github.com/samueldr/anbox/commit/2387f4fcffc0e19e52e58fb6f8264fbe87aafe4d.patch"; + sha256 = "12lmr0kxw1n68g3abh1ak5awmpczfh75c26f53jc8qpvdvv1ywha"; + }) + ]; +}) diff --git a/tv/5pkgs/override/default.nix b/tv/5pkgs/override/default.nix index 4fb2e8061..4cc4749d0 100644 --- a/tv/5pkgs/override/default.nix +++ b/tv/5pkgs/override/default.nix @@ -1,24 +1,4 @@ with import ; -self: super: { - fzf = super.fzf.overrideAttrs (old: { - # XXX cannot use `patches` because fzf has a custom patchPhase - patchPhase = '' - patch -Np1 < ${./fzf.complete1.patch} - ${old.patchPhase or ""} - ''; - }); - input-fonts = super.input-fonts.overrideAttrs (old: rec { - src = self.fetchzip { - url = "http://xu.r/~tv/mirrors/input-fonts/Input-Font-2.zip"; - sha256 = "1q58x92nm7dk9ylp09pvgj74nxkywvqny3xmfighnsl30dv42fcr"; - stripRoot = false; - }; - sourceRoot = null; - outputHash = null; - outputHashAlgo = null; - outputHashMode = null; - }); +self: super: - nix-prefetch-github = - self.python3Packages.callPackage ./nix-prefetch-github.nix {}; -} +mapNixDir (path: import path self super) ./. diff --git a/tv/5pkgs/override/dhcpcd.nix b/tv/5pkgs/override/dhcpcd.nix new file mode 100644 index 000000000..202b8e5da --- /dev/null +++ b/tv/5pkgs/override/dhcpcd.nix @@ -0,0 +1,7 @@ +self: super: + +self.lib.overrideDerivation super.dhcpcd (old: { + configureFlags = old.configureFlags ++ [ + "--dbdir=/var/lib/dhcpcd" + ]; +}) diff --git a/tv/5pkgs/override/fzf.complete1.patch b/tv/5pkgs/override/fzf/complete1.patch similarity index 100% rename from tv/5pkgs/override/fzf.complete1.patch rename to tv/5pkgs/override/fzf/complete1.patch diff --git a/tv/5pkgs/override/fzf/default.nix b/tv/5pkgs/override/fzf/default.nix new file mode 100644 index 000000000..661db0ed5 --- /dev/null +++ b/tv/5pkgs/override/fzf/default.nix @@ -0,0 +1,9 @@ +self: super: + +super.fzf.overrideAttrs (old: { + # XXX cannot use `patches` because fzf has a custom patchPhase + patchPhase = '' + patch -Np1 < ${./complete1.patch} + ${old.patchPhase or ""} + ''; +}) diff --git a/tv/5pkgs/override/gitAndTools.nix b/tv/5pkgs/override/gitAndTools.nix new file mode 100644 index 000000000..a460773b8 --- /dev/null +++ b/tv/5pkgs/override/gitAndTools.nix @@ -0,0 +1,5 @@ +self: super: + +super.gitAndTools // { + inherit (self) diff-so-fancy; +} diff --git a/tv/5pkgs/override/input-fonts.nix b/tv/5pkgs/override/input-fonts.nix new file mode 100644 index 000000000..6ee7afac1 --- /dev/null +++ b/tv/5pkgs/override/input-fonts.nix @@ -0,0 +1,13 @@ +self: super: + +super.input-fonts.overrideAttrs (old: rec { + src = self.fetchzip { + url = "http://xu.r/~tv/mirrors/input-fonts/Input-Font-2.zip"; + sha256 = "1q58x92nm7dk9ylp09pvgj74nxkywvqny3xmfighnsl30dv42fcr"; + stripRoot = false; + }; + sourceRoot = null; + outputHash = null; + outputHashAlgo = null; + outputHashMode = null; +}) diff --git a/tv/5pkgs/override/nix-prefetch-github.nix b/tv/5pkgs/override/nix-prefetch-github.nix deleted file mode 100644 index 67873f929..000000000 --- a/tv/5pkgs/override/nix-prefetch-github.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ fetchPypi -, lib -, buildPythonPackage -, pythonOlder -, attrs -, click -, effect -, jinja2 -, git -, pytestCheckHook -, pytest-black -, pytestcov -, pytest-isort -}: - -buildPythonPackage rec { - pname = "nix-prefetch-github"; - version = "3.0"; - - src = fetchPypi { - inherit pname version; - sha256 = "sha256-EN+EbVXUaf+id5UsK4EBm/9k9FYaH79g08kblvW60XA="; - }; - - propagatedBuildInputs = [ - attrs - click - effect - jinja2 - ]; - - checkInputs = [ pytestCheckHook pytest-black pytestcov pytest-isort git ]; - checkPhase = '' - pytest -m 'not network' - ''; - - # latest version of isort will cause tests to fail - # ignore tests which are impure - disabledTests = [ "isort" "life" "outputs" "fetch_submodules" ]; - - meta = with lib; { - description = "Prefetch sources from github"; - homepage = "https://github.com/seppeljordan/nix-prefetch-github"; - license = licenses.gpl3; - maintainers = with maintainers; [ seppeljordan ]; - }; -} diff --git a/tv/5pkgs/simple/cr.nix b/tv/5pkgs/simple/cr.nix new file mode 100644 index 000000000..048d77953 --- /dev/null +++ b/tv/5pkgs/simple/cr.nix @@ -0,0 +1,16 @@ +{ pkgs }: + +pkgs.writeDashBin "cr" '' + set -efu + if test -n "''${XDG_RUNTIME_DIR-}"; then + cache_dir=$XDG_RUNTIME_DIR/chromium-disk-cache + else + cache_dir=/tmp/chromium-disk-cache_$LOGNAME + fi + export LC_TIME=de_DE.utf8 + exec ${pkgs.chromium}/bin/chromium \ + --ssl-version-min=tls1 \ + --disk-cache-dir="$cache_dir" \ + --disk-cache-size=50000000 \ + "$@" +'' diff --git a/tv/5pkgs/simple/ff.nix b/tv/5pkgs/simple/ff.nix new file mode 100644 index 000000000..ec20c4a2f --- /dev/null +++ b/tv/5pkgs/simple/ff.nix @@ -0,0 +1,5 @@ +{ pkgs }: + +pkgs.writeDashBin "ff" '' + exec ${pkgs.firefoxWrapper}/bin/firefox "$@" +''