Merge remote-tracking branch 'gum/master'

krebs/3modules/makefu/default.nix

@@ -263,6 +263,31 @@ with lib;
         };
       };
     };
+
+    omo = rec {
+      cores = 2;
+      dc = "makefu"; #AMD E350
+
+      nets = {
+        retiolum = {
+          addrs4 = ["10.243.0.89"];
+          addrs6 = ["42:f9f0::10"];
+          aliases = [
+            "omo.retiolum"
+          ];
+          tinc.pubkey = ''
+              -----BEGIN RSA PUBLIC KEY-----
+              MIIBCgKCAQEAuHQEeowvxRkoHJUw6cUp431pnoIy4MVv7kTLgWEK46nzgZtld9LM
+              ZdNMJB9CuOVVMHEaiY6Q5YchUmapGxwEObc0y+8zQxTPw3I4q0GkSJqKLPrsTpkn
+              sgEkHPfs2GVdtIBXDn9I8i5JsY2+U8QF8fbIQSOO08/Vpa3nknDAMege9yEa3NFm
+              s/+x+2pS+xV6uzf/H21XNv0oufInXwZH1NCNXAy5I2V6pz7BmAHilVOGCT7g2zn6
+              GasmofiYEnro4V5s8gDlQkb7bCZEIA9EgX/HP6fZJQezSUHcDCQFI0vg26xywbr6
+              5+9tTn8fN2mWS5+Pdmx3haX1qFcBP5HglwIDAQAB
+              -----END RSA PUBLIC KEY-----
+            '';
+        };
+      };
+    };
     gum = rec {
       cores = 1;
       dc = "online.net"; #root-server
@@ -273,6 +298,7 @@ with lib;
           mattermost.euer   IN A      ${head nets.internet.addrs4}
           git.euer          IN A      ${head nets.internet.addrs4}
           gum               IN A      ${head nets.internet.addrs4}
+          cgit.euer         IN A      ${head nets.internet.addrs4}
         '';
       };
       nets = {
@@ -287,6 +313,7 @@ with lib;
           addrs6 = ["42:f9f0:0000:0000:0000:0000:0000:70d2"];
           aliases = [
             "gum.retiolum"
+            "cgit.gum.retiolum"
           ];
           tinc.pubkey = ''
             -----BEGIN RSA PUBLIC KEY-----
@@ -302,10 +329,26 @@ with lib;
       };
     };
   };
-  users = addNames {
+  users = addNames rec {
     makefu = {
       mail = "makefu@pornocauster.retiolum";
-      pubkey = readFile ../../Zpubkeys/makefu_arch.ssh.pub;
+      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster";
+    };
+    makefu-omo = {
+      inherit (makefu) mail;
+      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch";
+    };
+    makefu-tsp = {
+      inherit (makefu) mail;
+      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp";
+    };
+    makefu-vbob = {
+      inherit (makefu) mail;
+      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@vbob";
+    };
+    exco = {
+      mail = "dickbutt@excogitation.de";
+      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== dickbutt@excogitation.de";
     };
   };
 }

krebs/5pkgs/fortclientsslvpn/default.nix

@@ -0,0 +1,87 @@
+{ stdenv, lib, fetchurl, gtk, glib, libSM, gdk_pixbuf, libX11, libXinerama, iproute,
+  makeWrapper, libredirect, ppp, coreutils, gawk, pango }:
+stdenv.mkDerivation rec {
+  name = "forticlientsslvpn";
+  # forticlient will be copied into /tmp before execution. this is necessary as
+  # the software demands $base to be writeable
+
+  src = fetchurl {
+    # archive.org mirror:
+    # https://archive.org/download/ForticlientsslvpnLinux4.4.23171.tar/forticlientsslvpn_linux_4.4.2317.tar.gz
+    url = http://www.zen.co.uk/userfiles/knowledgebase/FortigateSSLVPNClient/forticlientsslvpn_linux_4.4.2317.tar.gz;
+    sha256 = "19clnf9rgrnwazlpah8zz5kvz6kc8lxawrgmksx25k5ywflmbcrr";
+  };
+  phases = [ "unpackPhase" "buildPhase" "installPhase" "fixupPhase" ];
+
+  buildInputs = [ makeWrapper ];
+
+  binPath = lib.makeSearchPath "bin" [
+    coreutils
+    gawk
+  ];
+
+
+  libPath = lib.makeLibraryPath [
+    stdenv.cc.cc
+  ];
+
+  guiLibPath = lib.makeLibraryPath [
+    gtk
+    glib
+    libSM
+    gdk_pixbuf
+    libX11
+    libXinerama
+    pango
+  ];
+
+  buildPhase = ''
+    # TODO: 32bit, use the 32bit folder
+    patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \
+      --set-rpath "$libPath" \
+      64bit/forticlientsslvpn_cli
+
+    patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \
+      --set-rpath "$libPath:$guiLibPath" \
+      64bit/forticlientsslvpn
+
+    patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \
+      --set-rpath "$libPath" \
+      64bit/helper/subproc
+
+    sed -i 's#\(export PATH=\).*#\1"${binPath}"#' 64bit/helper/waitppp.sh
+  '';
+
+  installPhase = ''
+    mkdir -p "$out/opt/fortinet"
+
+    cp -r 64bit/. "$out/opt/fortinet"
+    wrapProgram $out/opt/fortinet/forticlientsslvpn \
+      --set LD_PRELOAD "${libredirect}/lib/libredirect.so" \
+      --set NIX_REDIRECTS /usr/sbin/ip=${iproute}/bin/ip:/usr/sbin/ppp=${ppp}/bin/ppp
+
+    mkdir -p "$out/bin/"
+
+    cat > $out/bin/forticlientsslvpn <<EOF
+    #!/bin/sh
+    # prepare suid bit in tmp
+    # TODO maybe tmp does not support suid
+    set -euf
+    tmpforti=\$(${coreutils}/bin/mktemp -d)
+    trap "rm -rf \$tmpforti;" INT TERM EXIT
+    cp -r $out/opt/fortinet/. \$tmpforti
+    chmod +s \$tmpforti/helper/subproc
+    cd \$tmpforti
+    "./forticlientsslvpn" "\$@"
+    EOF
+
+    chmod +x $out/bin/forticlientsslvpn
+    chmod -x $out/opt/fortinet/helper/showlicense
+  '';
+  meta = {
+    homepage = http://www.fortinet.com;
+    description = "Forticlient SSL-VPN client";
+    license = lib.licenses.nonfree;
+    maintainers = [ lib.maintainers.makefu ];
+  };
+}

krebs/5pkgs/snapraid/default.nix

@@ -0,0 +1,33 @@
+{stdenv, fetchurl}:
+let
+  s = # Generated upstream information
+  rec {
+    baseName="jq";
+    version="1.5";
+    name="${baseName}-${version}";
+    url=https://github.com/stedolan/jq/releases/download/jq-1.5/jq-1.5.tar.gz;
+    sha256="0g29kyz4ykasdcrb0zmbrp2jqs9kv1wz9swx849i2d1ncknbzln4";
+  };
+  buildInputs = [
+  ];
+in
+stdenv.mkDerivation {
+  inherit (s) name version;
+  inherit buildInputs;
+  src = fetchurl {
+    inherit (s) url sha256;
+  };
+
+  # jq is linked to libjq:
+  configureFlags = [
+    "LDFLAGS=-Wl,-rpath,\\\${libdir}"
+  ];
+  meta = {
+    inherit (s) version;
+    description = ''A lightweight and flexible command-line JSON processor'';
+    license = stdenv.lib.licenses.mit ;
+    maintainers = [stdenv.lib.maintainers.raskin];
+    platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin;
+  };
+}
+

krebs/Zpubkeys/exco.ssh.pub

@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== christian.stoeveken@gmail.com

krebs/Zpubkeys/makefu_arch.ssh.pub

@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster

krebs/Zpubkeys/makefu_omo.ssh.pub

@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch

krebs/Zpubkeys/makefu_tsp.ssh.pub

@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp

krebs/Zpubkeys/makefu_vbob.ssh.pub

@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@nixos

makefu/1systems/omo.nix

@@ -0,0 +1,37 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ../2configs/fs/single-partition-ext4.nix
+      ../2configs/tinc-basic-retiolum.nix
+      ../2configs/exim-retiolum.nix
+    ];
+  krebs.build.host = config.krebs.hosts.omo;
+
+  # AMD E350
+  boot = {
+    loader.grub.device = "/dev/sda";
+
+    initrd.availableKernelModules = [
+      "usb_storage"
+      "ahci"
+      "xhci_hcd"
+      "ata_piix"
+      "uhci_hcd"
+      "ehci_pci"
+    ];
+
+    kernelModules = [ ];
+    extraModulePackages = [ ];
+  };
+
+  hardware.enableAllFirmware = true;
+  hardware.cpu.amd.updateMicrocode = true;
+
+  networking.firewall.allowPing = true;
+}

makefu/1systems/pornocauster.nix

@@ -6,14 +6,12 @@
 {
   imports =
     [ # Include the results of the hardware scan.
-      ../2configs/main-laptop.nix #< base-gui
+      ../2configs/main-laptop.nix #< base-gui + zsh
 
       # Krebs
       ../2configs/tinc-basic-retiolum.nix
       #../2configs/disable_v6.nix
 
-      # environment
-      ../2configs/zsh-user.nix
 
       # applications
 
@@ -36,11 +34,17 @@
       # ../2configs/mediawiki.nix
       #../2configs/wordpress.nix
     ];
-  nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
+  nixpkgs.config.packageOverrides = pkgs: {
+    tinc = pkgs.tinc_pre;
+    buildbot = let
+      pkgs1509 = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {};
+      in pkgs1509.buildbot;
+  };
+  makefu.buildbot.master.enable = true;
+
   #krebs.Reaktor.enable = true;
   #krebs.Reaktor.nickname = "makefu|r";
-
-  krebs.build.host = config.krebs.hosts.pornocauster;
+  # nix.binaryCaches = [ "http://acng.shack/nixos" "https://cache.nixos.org" ];
 
   environment.systemPackages = with pkgs;[
     get
@@ -58,4 +62,5 @@
     25
   ];
 
+  krebs.build.host = config.krebs.hosts.pornocauster;
 }

makefu/1systems/vbob.nix

@@ -1,9 +1,10 @@
 #
 #
 #
-{ config, pkgs, ... }:
-
-{
+{ lib, config, pkgs, ... }:
+let
+    pkgs-unst = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {};
+in {
   krebs.build.host = config.krebs.hosts.vbob;
   krebs.build.target = "root@10.10.10.220";
   imports =
@@ -12,13 +13,52 @@
       ../2configs/main-laptop.nix #< base-gui
 
       # environment
-      ../2configs/zsh-user.nix
-      ../2configs/virtualization.nix
+
     ];
-  nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
+  nixpkgs.config.packageOverrides = pkgs: {
+    tinc = pkgs.tinc_pre;
+    buildbot = pkgs-unst.buildbot;
+    buildbot-slave = pkgs-unst.buildbot-slave;
+  };
+
+  makefu.buildbot.master = {
+    enable = true;
+    irc = {
+      enable = true;
+      server = "cd.retiolum";
+      channel = "retiolum";
+      allowForce = true;
+    };
+  };
+  makefu.buildbot.slave = {
+    enable = true;
+    masterhost = "localhost";
+    username = "testslave";
+    password = "krebspass";
+  };
+
+  krebs.build.source.git.nixpkgs = {
+    #url = https://github.com/nixos/nixpkgs;
+    # HTTP Everywhere
+    rev = "a3974e";
+  };
+  fileSystems."/nix" = {
+    device ="/dev/disk/by-label/nixstore";
+    fsType = "ext4";
+  };
+  #makefu.buildbot.master.enable = true;
+  # allow vbob to deploy self
+  users.extraUsers = {
+    root = {
+        openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey  ];
+    };
+  };
   environment.systemPackages = with pkgs;[
+    buildbot
+    buildbot-slave
     get
-    ];
+    genid
+  ];
 
   networking.firewall.allowedTCPPorts = [
     25
@@ -32,8 +72,8 @@
     connectTo = [
       "gum"
     ];
-
   };
+
   networking.proxy.default = "http://global.proxy.alcatel-lucent.com:8000";
   fileSystems."/media/share" = {
     fsType = "vboxsf";
@@ -42,3 +82,4 @@
   };
 
 }
+

makefu/2configs/Reaktor/full.nix

@@ -0,0 +1,18 @@
+_:
+{
+  # implementation of the complete Reaktor bot
+  imports = [
+      #./stockholmLentil.nix
+      ./simpleExtend.nix
+      ./random-emoji.nix
+      ./titlebot.nix
+      ./shack-correct.nix
+      ./sed-plugin.nix
+  ];
+  krebs.Reaktor.nickname = "Reaktor|bot";
+  krebs.Reaktor.enable = true;
+
+  krebs.Reaktor.extraEnviron = {
+    REAKTOR_CHANNELS = "#krebs,#binaergewitter,#shackspace";
+  };
+}

makefu/2configs/Reaktor/sed-plugin.nix

@@ -7,7 +7,7 @@ in {
   #TODO: this will eat up the last regex, fix Reaktor
   krebs.Reaktor.extraConfig = ''
   public_commands.append({
-    'capname' : "shack-correct",
+    'capname' : "sed-plugin",
     # only support s///gi
     'pattern' : '^(?P<args>.*)$$',
     'argv'    : ["${pkgs.python3}/bin/python3","${script}"],

makefu/2configs/base-gui.nix

@@ -73,4 +73,33 @@ in
      enable = true;
    #  systemWide = true;
   };
+  services.xserver.displayManager.sessionCommands = let
+    xdefaultsfile = pkgs.writeText "Xdefaults"  ''
+      cat |derp <<EOF
+      XTerm*background: black
+      XTerm*foreground: white
+      XTerm*FaceName  : Terminus:pixelsize=14
+
+      URxvt*termName:         rxvt
+      URxvt.scrollBar : False
+      URxvt*scrollBar_right:  false
+      URxvt*borderLess:       false
+      URxvt.foreground: white
+      URxvt.background: black
+      URxvt.urgentOnBell: true
+      URxvt.visualBell: false
+      URxvt.font : xft:Terminus
+
+      ! blue
+      URxvt*color4:                         #268bd2
+
+
+      URxvt.perl-ext:      default,url-select
+      URxvt.keysym.M-u:    perl:url-select:select_next
+      #URxvt.url-select.launcher:   firefox -new-tab
+      URxvt.url-select.launcher:   chromium
+      URxvt.url-select.underline: true
+      URxvt.searchable-scrollback: CM-s
+    '';
+    in "cat ${xdefaultsfile} | xrdb -merge";
 }

makefu/2configs/default.nix

@@ -104,6 +104,8 @@ with lib;
       HISTSIZE=900001
       HISTFILESIZE=$HISTSIZE
 
+      PYTHONSTARTUP="~/.pythonrc";
+
       shopt -s checkhash
       shopt -s histappend histreedit histverify
       shopt -s no_empty_cmd_completion
@@ -123,6 +125,9 @@ with lib;
 
   environment.shellAliases = {
     lsl = "ls -lAtr";
+    psg = "ps -ef | grep";
+    nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml";
+    grep = "grep --color=auto";
   };
 
   nixpkgs.config.packageOverrides = pkgs: {

makefu/2configs/git/cgit-retiolum.nix

@@ -80,26 +80,6 @@ let
       };
 
 in {
-  imports = [{
-    krebs.users = {
-      makefu-omo = {
-        name = "makefu-omo" ;
-        pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_omo.ssh.pub;
-      };
-      makefu-vbob = {
-        name = "makefu-vbob" ;
-        pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_vbob.ssh.pub;
-      };
-      makefu-tsp = {
-        name = "makefu-tsp" ;
-        pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub;
-      };
-      exco = {
-        name = "exco";
-        pubkey= with builtins; readFile ../../../krebs/Zpubkeys/exco.ssh.pub;
-      };
-    };
-  }];
   krebs.git = {
     enable = true;
     root-title = "public repositories";

makefu/2configs/main-laptop.nix

@@ -9,6 +9,7 @@ with lib;
   imports = [
     ./base-gui.nix
     ./fetchWallpaper.nix
+    ./zsh-user.nix
   ];
   environment.systemPackages = with pkgs;[
     vlc

makefu/2configs/nginx/euer.test.nix

@@ -0,0 +1,26 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+  hostname = config.krebs.build.host.name;
+  user = config.services.nginx.user;
+  group = config.services.nginx.group;
+  external-ip = head config.krebs.build.host.nets.internet.addrs4;
+  internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
+in {
+  krebs.nginx = {
+    enable = mkDefault true;
+    servers = {
+      euer-share = {
+        listen = [ ];
+        server-names = [ "share.euer.krebsco.de" ];
+        locations = singleton (nameValuePair "/" ''
+          proxy_set_header   Host $host;
+          proxy_set_header   X-Real-IP          $remote_addr;
+          proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_pass http://localhost:8000/;
+        '');
+      };
+    };
+  };
+}

makefu/2configs/wwan.nix

@@ -9,6 +9,10 @@ in {
     wvdial
   ];
 
+  environment.shellAliases = {
+    umts = "sudo wvdial netzclub";
+  };
+
   # configure for NETZCLUB
   environment.wvdial.dialerDefaults = ''
     Phone = *99***1#

makefu/2configs/zsh-user.nix

@@ -5,6 +5,46 @@ let
   mainUser = config.krebs.build.user.name;
 in
 {
-  programs.zsh.enable = true;
   users.extraUsers.${mainUser}.shell = "/run/current-system/sw/bin/zsh";
+  programs.zsh= {
+    enable = true;
+    interactiveShellInit = ''
+      HISTSIZE=900001
+      HISTFILESIZE=$HISTSIZE
+      SAVEHIST=$HISTSIZE
+
+      setopt HIST_IGNORE_ALL_DUPS
+      setopt HIST_IGNORE_SPACE
+      setopt HIST_FIND_NO_DUPS
+      bindkey -e
+      # shift-tab
+      bindkey '^[[Z' reverse-menu-complete
+
+      autoload -U compinit && compinit
+      zstyle ':completion:*' menu select
+
+      # load gpg-agent
+      envfile="$HOME/.gnupg/gpg-agent.env"
+      if [ -e "$envfile" ] && kill -0 $(grep GPG_AGENT_INFO "$envfile" | cut -d: -f 2) 2>/dev/null; then
+        eval "$(cat "$envfile")"
+      else
+        eval "$(${pkgs.gnupg}/bin/gpg-agent --daemon --enable-ssh-support --write-env-file "$envfile")"
+      fi
+      export GPG_AGENT_INFO
+      export SSH_AUTH_SOCK
+      '';
+
+    promptInit = ''
+      RPROMPT=""
+      autoload colors && colors
+      case $UID in
+         0) PROMPT="%{$fg[red]%}%~%{$reset_color%} " ;;
+      9001) PROMPT="%{$fg[green]%}%~%{$reset_color%} " ;;
+         *) PROMPT="%{$fg[yellow]%}%n %{$fg[green]%}%~%{$reset_color%} " ;;
+      esac
+      if test -n "$SSH_CLIENT"; then
+        PROMPT="%{$fg[magenta]%}%m $PROMPT"
+      fi
+      '';
+  };
 }

makefu/3modules/buildbot/master.nix

@@ -0,0 +1,226 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+let
+  buildbot = pkgs.buildbot;
+  buildbot-master-config = pkgs.writeText "buildbot-master.cfg" ''
+    # -*- python -*-
+    from buildbot.plugins import *
+
+    c = BuildmasterConfig = {}
+
+    c['slaves'] = []
+    # TODO: template potential buildslaves
+    # TODO: set password?
+    slavenames= [ 'testslave' ]
+    for i in slavenames:
+      c['slaves'].append(buildslave.BuildSlave(i, "krebspass"))
+
+    c['protocols'] = {'pb': {'port': 9989}}
+
+    ####### Build Inputs
+    stockholm_repo = 'http://cgit.gum/stockholm'
+    c['change_source'] = []
+    c['change_source'].append(changes.GitPoller(
+            stockholm_repo,
+            workdir='stockholm-poller', branch='master',
+            project='stockholm',
+            pollinterval=300))
+
+    ####### Build Scheduler
+    # TODO: configure scheduler
+    important_files = util.ChangeFilter(
+                  project_re="^((krebs|share)/.*|Makefile|default.nix)",
+                  branch='master')
+    c['schedulers'] = []
+    c['schedulers'].append(schedulers.SingleBranchScheduler(
+                                name="all-important-files",
+                                change_filter=important_files,
+                                # 3 minutes stable tree
+                                treeStableTimer=3*60,
+                                builderNames=["runtests"]))
+    c['schedulers'].append(schedulers.ForceScheduler(
+                                name="force",
+                                builderNames=["runtests"]))
+    ###### The actual build
+    factory = util.BuildFactory()
+    factory.addStep(steps.Git(repourl=stockholm_repo, mode='incremental'))
+
+    deps = [ "gnumake", "jq" ]
+    factory.addStep(steps.ShellCommand(command=["nix-shell", "-p" ] + deps ))
+    factory.addStep(steps.ShellCommand(env={"LOGNAME": "shared"},
+                                       command=["make", "get=krebs.deploy",
+                                                        "system=test-centos7"]))
+
+    # TODO: different Builders?
+    c['builders'] = []
+    c['builders'].append(
+        util.BuilderConfig(name="runtests",
+          # TODO: only some slaves being used in builder?
+          slavenames=slavenames,
+          factory=factory))
+
+    ####### Status of Builds
+    c['status'] = []
+
+    from buildbot.status import html
+    from buildbot.status.web import authz, auth
+    # TODO: configure if http is wanted
+    authz_cfg=authz.Authz(
+        # TODO: configure user/pw
+        auth=auth.BasicAuth([("krebs","bob")]),
+        gracefulShutdown = False,
+        forceBuild = 'auth',
+        forceAllBuilds = 'auth',
+        pingBuilder = False,
+        stopBuild = False,
+        stopAllBuilds = False,
+        cancelPendingBuild = False,
+    )
+    # TODO: configure nginx
+    c['status'].append(html.WebStatus(http_port=8010, authz=authz_cfg))
+
+    from buildbot.status import words
+    ${optionalString (cfg.irc.enable) ''
+      irc = words.IRC("${cfg.irc.server}", "krebsbuild",
+                      # TODO: multiple channels
+                      channels=["${cfg.irc.channel}"],
+                      notify_events={
+                        'success': 1,
+                        'failure': 1,
+                        'exception': 1,
+                        'successToFailure': 1,
+                        'failureToSuccess': 1,
+                      }${optionalString cfg.irc.allowForce ",allowForce=True"})
+      c['status'].append(irc)
+      ''}
+
+    ####### PROJECT IDENTITY
+    c['title'] = "Stockholm"
+    c['titleURL'] = "http://krebsco.de"
+
+    c['buildbotURL'] = "http://buildbot.krebsco.de/"
+
+    ####### DB URL
+    c['db'] = {
+        'db_url' : "sqlite:///state.sqlite",
+    }
+    ${cfg.extraConfig}
+    '';
+
+  cfg = config.makefu.buildbot.master;
+
+  api = {
+    enable = mkEnableOption "Buildbot Master";
+
+    workDir = mkOption {
+      default = "/var/lib/buildbot/master";
+      type = types.str;
+      description = ''
+        Path to build bot master directory.
+        Will be created on startup.
+      '';
+    };
+    irc = mkOption {
+      default = {};
+      type = types.submodule ({ config, ... }: {
+        options = {
+          enable = mkEnableOption "Buildbot Master IRC Status";
+          channel = mkOption {
+            default = "nix-buildbot-meetup";
+            type = types.str;
+            description = ''
+              irc channel the bot should connect to
+            '';
+          };
+          allowForce = mkOption {
+            default = false;
+            type = types.bool;
+            description = ''
+              Determines if builds can be forced via IRC
+            '';
+          };
+          nick = mkOption {
+            default = "nix-buildbot";
+            type = types.str;
+            description = ''
+              nickname for IRC
+            '';
+          };
+          server = mkOption {
+            default = "irc.freenode.net";
+            type = types.str;
+            description = ''
+              Buildbot Status IRC Server to connect to
+            '';
+          };
+        };
+      });
+    };
+    extraConfig = mkOption {
+      default = "";
+      type = types.lines;
+      description = ''
+        extra config appended to the generated master.cfg
+      '';
+    };
+  };
+
+  imp = {
+
+    users.extraUsers.buildbotMaster = {
+      uid = 672626386; #genid buildbotMaster
+      description = "Buildbot Master";
+      home = cfg.workDir;
+      createHome = false;
+    };
+
+    users.extraGroups.buildbotMaster = {
+      gid = 672626386;
+    };
+
+    systemd.services.buildbotMaster = {
+      description = "Buildbot Master";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = let
+        workdir="${lib.shell.escape cfg.workDir}";
+      in {
+        PermissionsStartOnly = true;
+        Type = "forking";
+        PIDFile = "${workdir}/twistd.pid";
+        # TODO: maybe also prepare buildbot.tac?
+        ExecStartPre = pkgs.writeScript "buildbot-master-init" ''
+          #!/bin/sh
+          set -efux
+          if [ ! -e ${workdir} ];then
+            mkdir -p ${workdir}
+            ${buildbot}/bin/buildbot create-master -r -l 10 -f ${workdir}
+          fi
+          # always override the master.cfg
+          cp ${buildbot-master-config} ${workdir}/master.cfg
+          # sanity
+          ${buildbot}/bin/buildbot checkconfig ${workdir}
+
+          # TODO: maybe upgrade? not sure about this
+          #       normally we should write buildbot.tac by our own
+          # ${buildbot}/bin/buildbot upgrade-master ${workdir}
+
+          chmod 700 -R ${workdir}
+          chown buildbotMaster:buildbotMaster -R ${workdir}
+        '';
+        ExecStart = "${buildbot}/bin/buildbot start ${workdir}";
+        ExecStop = "${buildbot}/bin/buildbot stop ${workdir}";
+        ExecReload = "${buildbot}/bin/buildbot reconfig ${workdir}";
+        PrivateTmp = "true";
+        User = "buildbotMaster";
+        Restart = "always";
+        RestartSec = "10";
+      };
+    };
+  };
+in
+{
+  options.makefu.buildbot.master = api;
+  config = mkIf cfg.enable imp;
+}

makefu/3modules/buildbot/slave.nix

@@ -0,0 +1,159 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+let
+  buildbot-slave-init = pkgs.writeText "buildbot-slave.tac" ''
+    import os
+
+    from buildslave.bot import BuildSlave
+    from twisted.application import service
+
+    basedir = '${cfg.workDir}'
+    rotateLength = 10000000
+    maxRotatedFiles = 10
+
+    application = service.Application('buildslave')
+
+    from twisted.python.logfile import LogFile
+    from twisted.python.log import ILogObserver, FileLogObserver
+    logfile = LogFile.fromFullPath(os.path.join(basedir, "twistd.log"), rotateLength=rotateLength,
+                                  maxRotatedFiles=maxRotatedFiles)
+    application.setComponent(ILogObserver, FileLogObserver(logfile).emit)
+
+    buildmaster_host = '${cfg.masterhost}'
+    # TODO: masterport?
+    port = 9989
+    slavename = '${cfg.username}'
+    passwd = '${cfg.password}'
+    keepalive = 600
+    usepty = 0
+    umask = None
+    maxdelay = 300
+    allow_shutdown = None
+
+    ${cfg.extraConfig}
+
+    s = BuildSlave(buildmaster_host, port, slavename, passwd, basedir,
+                  keepalive, usepty, umask=umask, maxdelay=maxdelay,
+                  allow_shutdown=allow_shutdown)
+    s.setServiceParent(application)
+    '';
+
+  cfg = config.makefu.buildbot.slave;
+
+  api = {
+    enable = mkEnableOption "Buildbot Slave";
+
+    workDir = mkOption {
+      default = "/var/lib/buildbot/slave";
+      type = types.str;
+      description = ''
+        Path to build bot slave directory.
+        Will be created on startup.
+      '';
+    };
+
+    masterhost = mkOption {
+      default = "localhost";
+      type = types.str;
+      description = ''
+        Hostname/IP of the buildbot master
+      '';
+    };
+
+    username = mkOption {
+      type = types.str;
+      description = ''
+        slavename used to authenticate with master
+      '';
+    };
+
+    password = mkOption {
+      type = types.str;
+      description = ''
+        slave password used to authenticate with master
+      '';
+    };
+
+    contact = mkOption {
+      default = "nix slave <buildslave@${config.networking.hostName}>";
+      type = types.str;
+      description = ''
+        contact to be announced by buildslave
+      '';
+    };
+
+    description = mkOption {
+      default = "Nix Generated BuildSlave";
+      type = types.str;
+      description = ''
+        description for hostto be announced by buildslave
+      '';
+    };
+
+    extraConfig = mkOption {
+      default = "";
+      type = types.lines;
+      example = ''
+        port = 443
+        keepalive = 600
+      '';
+      description = ''
+        extra config evaluated before calling BuildSlave init in .tac file
+      '';
+    };
+  };
+
+  imp = {
+
+    users.extraUsers.buildbotSlave = {
+      uid = 1408105834; #genid buildbotMaster
+      description = "Buildbot Slave";
+      home = cfg.workDir;
+      createHome = false;
+    };
+
+    users.extraGroups.buildbotSlave = {
+      gid = 1408105834;
+    };
+
+    systemd.services."buildbotSlave-${cfg.username}-${cfg.masterhost}" = {
+      description = "Buildbot Slave for ${cfg.username}@${cfg.masterhost}";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = let
+        workdir = "${lib.shell.escape cfg.workDir}";
+        contact = "${lib.shell.escape cfg.contact}";
+        description = "${lib.shell.escape cfg.description}";
+        buildbot = pkgs.buildbot-slave;
+        # TODO:make this
+      in {
+        PermissionsStartOnly = true;
+        Type = "forking";
+        PIDFile = "${workdir}/twistd.pid";
+        # TODO: maybe also prepare buildbot.tac?
+        ExecStartPre = pkgs.writeScript "buildbot-master-init" ''
+          #!/bin/sh
+          set -efux
+          mkdir -p ${workdir}/info
+          cp ${buildbot-slave-init} ${workdir}/buildbot.tac
+          echo ${contact} > ${workdir}/info/admin
+          echo ${description} > ${workdir}/info/host
+
+          chown buildbotSlave:buildbotSlave -R ${workdir}
+          chmod 700 -R ${workdir}
+        '';
+        ExecStart = "${buildbot}/bin/buildslave start ${workdir}";
+        ExecStop = "${buildbot}/bin/buildslave stop ${workdir}";
+        PrivateTmp = "true";
+        User = "buildbotSlave";
+        Restart = "always";
+        RestartSec = "10";
+      };
+    };
+  };
+in
+{
+  options.makefu.buildbot.slave = api;
+  config = mkIf cfg.enable imp;
+}

makefu/3modules/default.nix

@@ -2,6 +2,7 @@ _:
 
 {
   imports = [
+    ./buildbot/master.nix
   ];
 }
 

shared/1systems/wolf.nix

@@ -11,6 +11,7 @@ in
     ../2configs/collectd-base.nix
     ../2configs/shack-nix-cacher.nix
     ../2configs/shack-drivedroid.nix
+    ../2configs/cac-ci.nix
   ];
   # use your own binary cache, fallback use cache.nixos.org (which is used by
   # apt-cacher-ng in first place)
@@ -24,7 +25,7 @@ in
     }];
 
     defaultGateway = "10.42.0.1";
-    nameservers = [ "8.8.8.8" ];
+    nameservers = [ "10.42.0.100" "10.42.0.200" ];
   };
 
   #####################

shared/2configs/cac-ci.nix

@@ -0,0 +1,11 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+  environment.systemPackages = with pkgs;[
+    get
+    cac
+    cacpanel
+    jq
+  ];
+}

shared/2configs/graphite.nix

@@ -0,0 +1,37 @@
+{ config, lib, pkgs, ... }:
+
+# graphite-web on port 8080
+# carbon cache on port 2003 (tcp/udp)
+
+# TODO: krebs.graphite.minimal.enable
+# TODO: configure firewall
+with lib;
+{
+  imports = [ ];
+
+  services.graphite = {
+    web = {
+      enable = true;
+      host = "0.0.0.0";
+    };
+    carbon = {
+      enableCache = true;
+      # save disk usage by restricting to 1 bulk update per second
+      config = ''
+        [cache]
+        MAX_CACHE_SIZE = inf
+        MAX_UPDATES_PER_SECOND = 1
+        MAX_CREATES_PER_MINUTE = 50
+        '';
+      storageSchemas = ''
+        [carbon]
+        pattern = ^carbon\.
+        retentions = 60:90d
+
+        [default]
+        pattern = .*
+        retentions = 60s:30d,300s:1y
+        '';
+    };
+  };
+}