From 1d571e614d993bf747fff7c5211d50315744de94 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 5 Mar 2022 08:53:22 +0100 Subject: [PATCH 01/21] tv nix-prefetch-github: rip --- tv/5pkgs/override/default.nix | 2 - tv/5pkgs/override/nix-prefetch-github.nix | 47 ----------------------- 2 files changed, 49 deletions(-) delete mode 100644 tv/5pkgs/override/nix-prefetch-github.nix diff --git a/tv/5pkgs/override/default.nix b/tv/5pkgs/override/default.nix index 4fb2e8061..9d06e1067 100644 --- a/tv/5pkgs/override/default.nix +++ b/tv/5pkgs/override/default.nix @@ -19,6 +19,4 @@ self: super: { outputHashMode = null; }); - nix-prefetch-github = - self.python3Packages.callPackage ./nix-prefetch-github.nix {}; } diff --git a/tv/5pkgs/override/nix-prefetch-github.nix b/tv/5pkgs/override/nix-prefetch-github.nix deleted file mode 100644 index 67873f929..000000000 --- a/tv/5pkgs/override/nix-prefetch-github.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ fetchPypi -, lib -, buildPythonPackage -, pythonOlder -, attrs -, click -, effect -, jinja2 -, git -, pytestCheckHook -, pytest-black -, pytestcov -, pytest-isort -}: - -buildPythonPackage rec { - pname = "nix-prefetch-github"; - version = "3.0"; - - src = fetchPypi { - inherit pname version; - sha256 = "sha256-EN+EbVXUaf+id5UsK4EBm/9k9FYaH79g08kblvW60XA="; - }; - - propagatedBuildInputs = [ - attrs - click - effect - jinja2 - ]; - - checkInputs = [ pytestCheckHook pytest-black pytestcov pytest-isort git ]; - checkPhase = '' - pytest -m 'not network' - ''; - - # latest version of isort will cause tests to fail - # ignore tests which are impure - disabledTests = [ "isort" "life" "outputs" "fetch_submodules" ]; - - meta = with lib; { - description = "Prefetch sources from github"; - homepage = "https://github.com/seppeljordan/nix-prefetch-github"; - license = licenses.gpl3; - maintainers = with maintainers; [ seppeljordan ]; - }; -} From 34f290f69e9f96e5bf27a8c4c9d354f9e88c515c Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 5 Mar 2022 08:54:54 +0100 Subject: [PATCH 02/21] tv overrides: mapNixDir --- tv/5pkgs/override/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tv/5pkgs/override/default.nix b/tv/5pkgs/override/default.nix index 9d06e1067..dc8fc5907 100644 --- a/tv/5pkgs/override/default.nix +++ b/tv/5pkgs/override/default.nix @@ -20,3 +20,5 @@ self: super: { }); } +// +mapNixDir (path: import path self super) ./. From b7f21925de63a03eec47aa42e206d0a5cdb82f2d Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 5 Mar 2022 09:00:16 +0100 Subject: [PATCH 03/21] tv pkgs: move fzf to override --- tv/5pkgs/override/default.nix | 7 ------- .../{fzf.complete1.patch => fzf/complete1.patch} | 0 tv/5pkgs/override/fzf/default.nix | 9 +++++++++ 3 files changed, 9 insertions(+), 7 deletions(-) rename tv/5pkgs/override/{fzf.complete1.patch => fzf/complete1.patch} (100%) create mode 100644 tv/5pkgs/override/fzf/default.nix diff --git a/tv/5pkgs/override/default.nix b/tv/5pkgs/override/default.nix index dc8fc5907..8a0c10872 100644 --- a/tv/5pkgs/override/default.nix +++ b/tv/5pkgs/override/default.nix @@ -1,12 +1,5 @@ with import ; self: super: { - fzf = super.fzf.overrideAttrs (old: { - # XXX cannot use `patches` because fzf has a custom patchPhase - patchPhase = '' - patch -Np1 < ${./fzf.complete1.patch} - ${old.patchPhase or ""} - ''; - }); input-fonts = super.input-fonts.overrideAttrs (old: rec { src = self.fetchzip { url = "http://xu.r/~tv/mirrors/input-fonts/Input-Font-2.zip"; diff --git a/tv/5pkgs/override/fzf.complete1.patch b/tv/5pkgs/override/fzf/complete1.patch similarity index 100% rename from tv/5pkgs/override/fzf.complete1.patch rename to tv/5pkgs/override/fzf/complete1.patch diff --git a/tv/5pkgs/override/fzf/default.nix b/tv/5pkgs/override/fzf/default.nix new file mode 100644 index 000000000..661db0ed5 --- /dev/null +++ b/tv/5pkgs/override/fzf/default.nix @@ -0,0 +1,9 @@ +self: super: + +super.fzf.overrideAttrs (old: { + # XXX cannot use `patches` because fzf has a custom patchPhase + patchPhase = '' + patch -Np1 < ${./complete1.patch} + ${old.patchPhase or ""} + ''; +}) From ad6e957a51d0e7f3e4090ed3eadc910e8ce75695 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 5 Mar 2022 09:04:34 +0100 Subject: [PATCH 04/21] tv pkgs: move input-font to override --- tv/5pkgs/override/default.nix | 15 +-------------- tv/5pkgs/override/input-fonts.nix | 13 +++++++++++++ 2 files changed, 14 insertions(+), 14 deletions(-) create mode 100644 tv/5pkgs/override/input-fonts.nix diff --git a/tv/5pkgs/override/default.nix b/tv/5pkgs/override/default.nix index 8a0c10872..4cc4749d0 100644 --- a/tv/5pkgs/override/default.nix +++ b/tv/5pkgs/override/default.nix @@ -1,17 +1,4 @@ with import ; -self: super: { - input-fonts = super.input-fonts.overrideAttrs (old: rec { - src = self.fetchzip { - url = "http://xu.r/~tv/mirrors/input-fonts/Input-Font-2.zip"; - sha256 = "1q58x92nm7dk9ylp09pvgj74nxkywvqny3xmfighnsl30dv42fcr"; - stripRoot = false; - }; - sourceRoot = null; - outputHash = null; - outputHashAlgo = null; - outputHashMode = null; - }); +self: super: -} -// mapNixDir (path: import path self super) ./. diff --git a/tv/5pkgs/override/input-fonts.nix b/tv/5pkgs/override/input-fonts.nix new file mode 100644 index 000000000..6ee7afac1 --- /dev/null +++ b/tv/5pkgs/override/input-fonts.nix @@ -0,0 +1,13 @@ +self: super: + +super.input-fonts.overrideAttrs (old: rec { + src = self.fetchzip { + url = "http://xu.r/~tv/mirrors/input-fonts/Input-Font-2.zip"; + sha256 = "1q58x92nm7dk9ylp09pvgj74nxkywvqny3xmfighnsl30dv42fcr"; + stripRoot = false; + }; + sourceRoot = null; + outputHash = null; + outputHashAlgo = null; + outputHashMode = null; +}) From 09fa6fbad69eed0083f950afbe0bbb6226b2043a Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 5 Mar 2022 09:46:11 +0100 Subject: [PATCH 05/21] tv pkgs: import files and dirs as overlays harder --- tv/5pkgs/default.nix | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index cae5da112..9e9a3a9b8 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -3,12 +3,13 @@ with import ; self: super: # Import files and subdirectories like they are overlays. -foldl' mergeAttrs {} - (map - (name: import (./. + "/${name}") self super) - (filter - (name: name != "default.nix" && !hasPrefix "." name) - (attrNames (readDir ./.)))) +fix + (foldl' (flip extends) (_: super) + (map + (name: import (./. + "/${name}")) + (filter + (name: name != "default.nix" && !hasPrefix "." name) + (attrNames (readDir ./.))))) // From 5aff05de1b6130d45b7cd52cd18aab511de112a7 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 5 Mar 2022 09:53:21 +0100 Subject: [PATCH 06/21] tv pkgs: import override last --- tv/5pkgs/default.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index 9e9a3a9b8..ea860c7d2 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -1,4 +1,11 @@ with import ; +let + pushBack = x: xs: + if elem x xs then + remove x xs ++ [ x ] + else + names; +in self: super: @@ -9,7 +16,8 @@ fix (name: import (./. + "/${name}")) (filter (name: name != "default.nix" && !hasPrefix "." name) - (attrNames (readDir ./.))))) + (pushBack "override" + (attrNames (readDir ./.)))))) // From 066dba941a7b6eebe34290a0973acddf60239896 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 5 Mar 2022 10:03:50 +0100 Subject: [PATCH 07/21] tv pkgs: move cr to simple --- tv/5pkgs/default.nix | 15 --------------- tv/5pkgs/simple/cr.nix | 16 ++++++++++++++++ 2 files changed, 16 insertions(+), 15 deletions(-) create mode 100644 tv/5pkgs/simple/cr.nix diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index ea860c7d2..d1b73dbb2 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -22,21 +22,6 @@ fix // { - cr = self.writeDashBin "cr" '' - set -efu - if test -n "''${XDG_RUNTIME_DIR-}"; then - cache_dir=$XDG_RUNTIME_DIR/chromium-disk-cache - else - cache_dir=/tmp/chromium-disk-cache_$LOGNAME - fi - export LC_TIME=de_DE.utf8 - exec ${self.chromium}/bin/chromium \ - --ssl-version-min=tls1 \ - --disk-cache-dir="$cache_dir" \ - --disk-cache-size=50000000 \ - "$@" - ''; - dhcpcd = overrideDerivation super.dhcpcd (old: { configureFlags = old.configureFlags ++ [ "--dbdir=/var/lib/dhcpcd" diff --git a/tv/5pkgs/simple/cr.nix b/tv/5pkgs/simple/cr.nix new file mode 100644 index 000000000..048d77953 --- /dev/null +++ b/tv/5pkgs/simple/cr.nix @@ -0,0 +1,16 @@ +{ pkgs }: + +pkgs.writeDashBin "cr" '' + set -efu + if test -n "''${XDG_RUNTIME_DIR-}"; then + cache_dir=$XDG_RUNTIME_DIR/chromium-disk-cache + else + cache_dir=/tmp/chromium-disk-cache_$LOGNAME + fi + export LC_TIME=de_DE.utf8 + exec ${pkgs.chromium}/bin/chromium \ + --ssl-version-min=tls1 \ + --disk-cache-dir="$cache_dir" \ + --disk-cache-size=50000000 \ + "$@" +'' From 63654bf03a7ec1d97828b196369249ec8fb742f9 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 5 Mar 2022 10:05:06 +0100 Subject: [PATCH 08/21] tv pkgs: move dhcpcd to override --- tv/5pkgs/default.nix | 6 ------ tv/5pkgs/override/dhcpcd.nix | 7 +++++++ 2 files changed, 7 insertions(+), 6 deletions(-) create mode 100644 tv/5pkgs/override/dhcpcd.nix diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index d1b73dbb2..e2575300e 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -22,12 +22,6 @@ fix // { - dhcpcd = overrideDerivation super.dhcpcd (old: { - configureFlags = old.configureFlags ++ [ - "--dbdir=/var/lib/dhcpcd" - ]; - }); - gitAndTools = super.gitAndTools // { inherit (self) diff-so-fancy; }; diff --git a/tv/5pkgs/override/dhcpcd.nix b/tv/5pkgs/override/dhcpcd.nix new file mode 100644 index 000000000..202b8e5da --- /dev/null +++ b/tv/5pkgs/override/dhcpcd.nix @@ -0,0 +1,7 @@ +self: super: + +self.lib.overrideDerivation super.dhcpcd (old: { + configureFlags = old.configureFlags ++ [ + "--dbdir=/var/lib/dhcpcd" + ]; +}) From 9958dc259074188fc315d2889629a05d6d0e6e01 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 5 Mar 2022 10:05:55 +0100 Subject: [PATCH 09/21] tv pkgs: move gitAndTools to override --- tv/5pkgs/default.nix | 4 ---- tv/5pkgs/override/gitAndTools.nix | 5 +++++ 2 files changed, 5 insertions(+), 4 deletions(-) create mode 100644 tv/5pkgs/override/gitAndTools.nix diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index e2575300e..59b8f82cc 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -22,10 +22,6 @@ fix // { - gitAndTools = super.gitAndTools // { - inherit (self) diff-so-fancy; - }; - ff = self.writeDashBin "ff" '' exec ${self.firefoxWrapper}/bin/firefox "$@" ''; diff --git a/tv/5pkgs/override/gitAndTools.nix b/tv/5pkgs/override/gitAndTools.nix new file mode 100644 index 000000000..a460773b8 --- /dev/null +++ b/tv/5pkgs/override/gitAndTools.nix @@ -0,0 +1,5 @@ +self: super: + +super.gitAndTools // { + inherit (self) diff-so-fancy; +} From 7a11725440213d698701ed3430a239061780b9e5 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 5 Mar 2022 10:07:46 +0100 Subject: [PATCH 10/21] tv pkgs: move ff to simple --- tv/5pkgs/default.nix | 4 ---- tv/5pkgs/simple/ff.nix | 5 +++++ 2 files changed, 5 insertions(+), 4 deletions(-) create mode 100644 tv/5pkgs/simple/ff.nix diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index 59b8f82cc..dc553b8ed 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -22,10 +22,6 @@ fix // { - ff = self.writeDashBin "ff" '' - exec ${self.firefoxWrapper}/bin/firefox "$@" - ''; - gnupg = self.gnupg22; } diff --git a/tv/5pkgs/simple/ff.nix b/tv/5pkgs/simple/ff.nix new file mode 100644 index 000000000..ec20c4a2f --- /dev/null +++ b/tv/5pkgs/simple/ff.nix @@ -0,0 +1,5 @@ +{ pkgs }: + +pkgs.writeDashBin "ff" '' + exec ${pkgs.firefoxWrapper}/bin/firefox "$@" +'' From b4e2179efecd5b5d6915f8107e335a309de7c67e Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 5 Mar 2022 10:09:18 +0100 Subject: [PATCH 11/21] tv pkgs: don't override gnupg --- tv/5pkgs/default.nix | 7 ------- 1 file changed, 7 deletions(-) diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index dc553b8ed..2b9bdeeba 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -18,10 +18,3 @@ fix (name: name != "default.nix" && !hasPrefix "." name) (pushBack "override" (attrNames (readDir ./.)))))) - -// - -{ - gnupg = self.gnupg22; - -} From 6bcbb9adae290249988c86da35b2b5236df6ce96 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 5 Mar 2022 08:56:43 +0100 Subject: [PATCH 12/21] tv anbox: init at unstable-2021-05-26 --- tv/5pkgs/override/anbox.nix | 72 +++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 tv/5pkgs/override/anbox.nix diff --git a/tv/5pkgs/override/anbox.nix b/tv/5pkgs/override/anbox.nix new file mode 100644 index 000000000..394061733 --- /dev/null +++ b/tv/5pkgs/override/anbox.nix @@ -0,0 +1,72 @@ +self: super: + +# https://github.com/NixOS/nixpkgs/pull/125600 +super.anbox.overrideAttrs (old: + assert old.version == "unstable-2020-11-29"; + rec { + version = "unstable-2021-05-26"; + + src = self.fetchFromGitHub { + owner = old.pname; + repo = old.pname; + rev = "ad377ff25354d68b76e2b8da24a404850f8514c6"; + sha256 = "1bj07ixwbkli4ycjh41mnqdbsjz9haiwg2nhf9anbi29z1d0819w"; + fetchSubmodules = true; + }; + + postPatch = old.patchPhase; + + # patchPhase() from + # TODO patchPhase = default.patchPhase; or something + patchPhase = '' + runHook prePatch + + for i in ''${patches:-}; do + header "applying patch $i" 3 + local uncompress=cat + case "$i" in + *.gz) + uncompress="gzip -d" + ;; + *.bz2) + uncompress="bzip2 -d" + ;; + *.xz) + uncompress="xz -d" + ;; + *.lzma) + uncompress="lzma -d" + ;; + esac + # "2>&1" is a hack to make patch fail if the decompressor fails (nonexistent patch, etc.) + # shellcheck disable=SC2086 + $uncompress < "$i" 2>&1 | patch ''${patchFlags:--p1} + done + + runHook postPatch + ''; + + patches = [ + # Fixes compatibility with lxc 4 + (self.fetchpatch { + url = "https://git.alpinelinux.org/aports/plain/community/anbox/lxc4.patch?id=64243590a16aee8d4e72061886fc1b15256492c3"; + sha256 = "1da5xyzyjza1g2q9nbxb4p3njj2sf3q71vkpvmmdphia5qnb0gk5"; + }) + # Wait 10× more time when starting + # Not *strictly* needed, but helps a lot on slower hardware + (self.fetchpatch { + url = "https://git.alpinelinux.org/aports/plain/community/anbox/give-more-time-to-start.patch?id=058b56d4b332ef3379551b343bf31e0f2004321a"; + sha256 = "0iiz3c7fgfgl0dvx8sf5hv7a961xqnihwpz6j8r0ib9v8piwxh9a"; + }) + # Ensures generated desktop files work on store path change + (self.fetchpatch { + url = "https://raw.githubusercontent.com/NixOS/nixpkgs/fdf7b4be1a659ed8b96586c2fc8ff90850e25feb/pkgs/os-specific/linux/anbox/0001-NixOS-Use-anbox-from-PATH-in-desktop-files.patch"; + sha256 = "173z84g1r8h367a2dgk6945is6vxg4j1hs2hkfd3m3bbpwfw9221"; + }) + # Provide window icons + (self.fetchpatch { + url = "https://github.com/samueldr/anbox/commit/2387f4fcffc0e19e52e58fb6f8264fbe87aafe4d.patch"; + sha256 = "12lmr0kxw1n68g3abh1ak5awmpczfh75c26f53jc8qpvdvv1ywha"; + }) + ]; +}) From 560371d038888dc028bdda51d55ff81cbf82eeb9 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 6 Mar 2022 10:50:41 +0100 Subject: [PATCH 13/21] Revert "tinc tinc-up: don't rely on store path interpreter" This reverts commit 6002189225e347418f07a99d6a85b033fa0edaf7. --- krebs/3modules/tinc.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 1b28628d6..96d17e2de 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -26,8 +26,7 @@ with import ; Port = ${toString tinc.config.host.nets.${netname}.tinc.port} ${tinc.config.extraConfig} ''; - "tinc-up" = pkgs.writeScript "${netname}-tinc-up" '' - #!/bin/sh + "tinc-up" = pkgs.writeDash "${netname}-tinc-up" '' ip link set ${netname} up ${tinc.config.tincUp} ''; From ccc7796402ccdb9e2c10d6f7ebd46957d23b3cbb Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 6 Mar 2022 10:51:05 +0100 Subject: [PATCH 14/21] Revert "tinc: use ip from path" This reverts commit 332d4f5e1719df2b27f835c4fd0718317867043c. --- krebs/3modules/tinc.nix | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 96d17e2de..8fb8961c6 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -27,7 +27,7 @@ with import ; ${tinc.config.extraConfig} ''; "tinc-up" = pkgs.writeDash "${netname}-tinc-up" '' - ip link set ${netname} up + ${tinc.config.iproutePackage}/sbin/ip link set ${netname} up ${tinc.config.tincUp} ''; }); @@ -59,14 +59,15 @@ with import ; type = types.str; default = let net = tinc.config.host.nets.${netname}; + iproute = tinc.config.iproutePackage; in '' ${optionalString (net.ip4 != null) /* sh */ '' - ip -4 addr add ${net.ip4.addr} dev ${netname} - ip -4 route add ${net.ip4.prefix} dev ${netname} + ${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${netname} + ${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${netname} ''} ${optionalString (net.ip6 != null) /* sh */ '' - ip -6 addr add ${net.ip6.addr} dev ${netname} - ip -6 route add ${net.ip6.prefix} dev ${netname} + ${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname} + ${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname} ''} ${tinc.config.tincUpExtra} ''; From 4fa1783c64dccdc7ddc11057894fe44c0b100aaa Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 6 Mar 2022 11:35:22 +0100 Subject: [PATCH 15/21] tinc: stopIfChanged = false instead of reload --- krebs/3modules/tinc.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 8fb8961c6..9e0688d75 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -242,7 +242,9 @@ with import ; cfg.iproutePackage cfg.tincPackage ]; - reloadIfChanged = true; + # Restart the service in a single step in order to prevent potential + # connection timeouts and subsequent issues while deploying via tinc. + stopIfChanged = false; serviceConfig = { Restart = "always"; LoadCredential = filter (x: x != "") [ @@ -270,7 +272,6 @@ with import ; "-o PrivateKeyFile=\${CREDENTIALS_DIRECTORY}/rsa_key" "--pidfile=/var/run/tinc.${netname}.pid" ]; - ExecReload = "${cfg.tincPackage}/sbin/tinc -n ${netname} restart"; SyslogIdentifier = netname; }; }) config.krebs.tinc; From f6cba3d856da8a95fcb3b2fd2b932c81ae3cfa9a Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 6 Mar 2022 11:35:44 +0100 Subject: [PATCH 16/21] tinc: drop unused path definition --- krebs/3modules/tinc.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 9e0688d75..444436149 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -238,10 +238,6 @@ with import ; description = "Tinc daemon for ${netname}"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - path = [ - cfg.iproutePackage - cfg.tincPackage - ]; # Restart the service in a single step in order to prevent potential # connection timeouts and subsequent issues while deploying via tinc. stopIfChanged = false; From dd1584574a454bc628ebadc2be41c93e7cc0418b Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 6 Mar 2022 14:24:02 +0100 Subject: [PATCH 17/21] tinc: rsync using checksum Because timestamps in the Nix store cannot be used. --- krebs/3modules/tinc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 444436149..4feb02d10 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -251,7 +251,7 @@ with import ; ]; ExecStartPre = pkgs.writers.writeDash "init-tinc-${netname}" '' ${pkgs.coreutils}/bin/mkdir -p /etc/tinc - ${pkgs.rsync}/bin/rsync -vaL --delete \ + ${pkgs.rsync}/bin/rsync -Lacv --delete \ --chown ${cfg.user.name} \ --chmod u=rwX,g=rX \ ${cfg.confDir}/ /etc/tinc/${netname}/ From 3f5851a4bb2b8677d0a969319267b72ade34e09b Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 6 Mar 2022 15:14:21 +0100 Subject: [PATCH 18/21] tinc: start tincd using -n --- krebs/3modules/tinc.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 4feb02d10..fc7b0e8e3 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -260,13 +260,12 @@ with import ; "${cfg.tincPackage}/sbin/tincd" "-D" "-U ${cfg.user.name}" - "-c /etc/tinc/${netname}" "-d 0" + "-n ${netname}" (optionalString (cfg.privkey_ed25519 != null) "-o Ed25519PrivateKeyFile=\${CREDENTIALS_DIRECTORY}/ed25519_key" ) "-o PrivateKeyFile=\${CREDENTIALS_DIRECTORY}/rsa_key" - "--pidfile=/var/run/tinc.${netname}.pid" ]; SyslogIdentifier = netname; }; From 7f4aef1ffbf21ae3c199ad63a371a0498d521e19 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 6 Mar 2022 15:55:04 +0100 Subject: [PATCH 19/21] tinc: use default key locations This fixes a warning about missing keys wenn reloading tinc services. --- krebs/3modules/tinc.nix | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index fc7b0e8e3..36ee906d8 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -245,16 +245,25 @@ with import ; Restart = "always"; LoadCredential = filter (x: x != "") [ (optionalString (cfg.privkey_ed25519 != null) - "ed25519_key:${cfg.privkey_ed25519}" + "ed25519_key.priv:${cfg.privkey_ed25519}" ) - "rsa_key:${cfg.privkey}" + "rsa_key.priv:${cfg.privkey}" ]; ExecStartPre = pkgs.writers.writeDash "init-tinc-${netname}" '' ${pkgs.coreutils}/bin/mkdir -p /etc/tinc ${pkgs.rsync}/bin/rsync -Lacv --delete \ --chown ${cfg.user.name} \ --chmod u=rwX,g=rX \ + --exclude='/*.priv' \ ${cfg.confDir}/ /etc/tinc/${netname}/ + ${optionalString (cfg.privkey_ed25519 != null) /* sh */ '' + ${pkgs.coreutils}/bin/ln -fns \ + "$CREDENTIALS_DIRECTORY"/ed25519_key.priv \ + /etc/tinc/${netname}/ + ''} + ${pkgs.coreutils}/bin/ln -fns \ + "$CREDENTIALS_DIRECTORY"/rsa_key.priv \ + /etc/tinc/${netname}/ ''; ExecStart = toString [ "${cfg.tincPackage}/sbin/tincd" @@ -262,10 +271,6 @@ with import ; "-U ${cfg.user.name}" "-d 0" "-n ${netname}" - (optionalString (cfg.privkey_ed25519 != null) - "-o Ed25519PrivateKeyFile=\${CREDENTIALS_DIRECTORY}/ed25519_key" - ) - "-o PrivateKeyFile=\${CREDENTIALS_DIRECTORY}/rsa_key" ]; SyslogIdentifier = netname; }; From 54f5cca6a5bd30454aa2f70903ca5533319eaa81 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 6 Mar 2022 16:07:07 +0100 Subject: [PATCH 20/21] tinc: allow initialization to fail fast --- krebs/3modules/tinc.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 36ee906d8..38e310908 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -250,6 +250,7 @@ with import ; "rsa_key.priv:${cfg.privkey}" ]; ExecStartPre = pkgs.writers.writeDash "init-tinc-${netname}" '' + set -efu ${pkgs.coreutils}/bin/mkdir -p /etc/tinc ${pkgs.rsync}/bin/rsync -Lacv --delete \ --chown ${cfg.user.name} \ From 15595864d2b70573b2ae0f08fce976226704491b Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 6 Mar 2022 11:54:47 +0100 Subject: [PATCH 21/21] tv retiolum: use eve instead of gum --- tv/2configs/retiolum.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/retiolum.nix b/tv/2configs/retiolum.nix index 9940b1026..3c3b2adf0 100644 --- a/tv/2configs/retiolum.nix +++ b/tv/2configs/retiolum.nix @@ -6,9 +6,9 @@ with import ; krebs.tinc.retiolum = { enable = true; connectTo = filter (ne config.krebs.build.host.name) [ - "gum" "ni" "prism" + "eve" ]; extraConfig = '' LocalDiscovery = yes