diff --git a/krebs/2configs/ergo.nix b/krebs/2configs/ergo.nix new file mode 100644 index 000000000..db0bc5748 --- /dev/null +++ b/krebs/2configs/ergo.nix @@ -0,0 +1,13 @@ +{ config, pkgs, ... }: + +{ + networking.firewall.allowedTCPPorts = [ + 6667 + ]; + + krebs.ergo = { + enable = true; + }; +} + + diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix index 3780e0d7d..bb273652d 100644 --- a/krebs/2configs/hw/x220.nix +++ b/krebs/2configs/hw/x220.nix @@ -22,8 +22,6 @@ with import ; pkgs.vaapiVdpau ]; - security.rngd.enable = mkDefault true; - services.xserver = { videoDriver = "intel"; }; diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index 2823aabef..14e0a3d7a 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -119,6 +119,7 @@ in { users.users.reaktor2 = { uid = genid_uint31 "reaktor2"; home = stateDir; + isSystemUser = true; }; krebs.reaktor2 = { diff --git a/krebs/2configs/shack/muell_mail.nix b/krebs/2configs/shack/muell_mail.nix index 481564719..951450200 100644 --- a/krebs/2configs/shack/muell_mail.nix +++ b/krebs/2configs/shack/muell_mail.nix @@ -12,6 +12,7 @@ let in { users.users.muell_mail = { inherit home; + isSystemUser = true; createHome = true; }; systemd.services.muell_mail = { diff --git a/krebs/2configs/shack/muellshack.nix b/krebs/2configs/shack/muellshack.nix index e894b9394..b032b4299 100644 --- a/krebs/2configs/shack/muellshack.nix +++ b/krebs/2configs/shack/muellshack.nix @@ -13,6 +13,7 @@ let in { users.users.muellshack = { inherit home; + isSystemUser = true; createHome = true; }; services.nginx.virtualHosts."muell.shack" = { diff --git a/krebs/2configs/shack/node-light.nix b/krebs/2configs/shack/node-light.nix index 4a981ea87..2e69d5aaa 100644 --- a/krebs/2configs/shack/node-light.nix +++ b/krebs/2configs/shack/node-light.nix @@ -14,6 +14,7 @@ in { networking.firewall.allowedUDPPorts = [ 2342 ]; users.users.node-light = { inherit home; + isSystemUser = true; createHome = true; }; services.nginx.virtualHosts."lounge.light.shack" = { diff --git a/krebs/2configs/shack/powerraw.nix b/krebs/2configs/shack/powerraw.nix index cc3692e85..43c743587 100644 --- a/krebs/2configs/shack/powerraw.nix +++ b/krebs/2configs/shack/powerraw.nix @@ -14,7 +14,10 @@ let in { # receive response from light.shack / standby.shack networking.firewall.allowedUDPPorts = [ 11111 ]; - users.users.powermeter.extraGroups = [ "dialout" ]; + users.users.powermeter = { + extraGroups = [ "dialout" ]; + isSystemUser = true; + }; # we make sure that usb-ttl has the correct permissions # creates /dev/powerraw diff --git a/krebs/2configs/shack/s3-power.nix b/krebs/2configs/shack/s3-power.nix index f3ea67f79..0ce8a8786 100644 --- a/krebs/2configs/shack/s3-power.nix +++ b/krebs/2configs/shack/s3-power.nix @@ -14,6 +14,7 @@ in { users.users.s3_power = { inherit home; createHome = true; + isSystemUser = true; }; systemd.services.s3-power = { startAt = "daily"; diff --git a/krebs/2configs/shack/shackDNS.nix b/krebs/2configs/shack/shackDNS.nix index 807bb7e65..c9cdfd24b 100644 --- a/krebs/2configs/shack/shackDNS.nix +++ b/krebs/2configs/shack/shackDNS.nix @@ -30,6 +30,7 @@ in { users.users.shackDNS = { inherit home; createHome = true; + isSystemUser = true; }; services.nginx.virtualHosts."leases.shack" = { locations."/" = { diff --git a/krebs/2configs/shack/share.nix b/krebs/2configs/shack/share.nix index d8d65d309..3eb30964e 100644 --- a/krebs/2configs/shack/share.nix +++ b/krebs/2configs/shack/share.nix @@ -1,7 +1,7 @@ {config, ... }:{ users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; #effectively systemUser group = "share"; description = "smb guest user"; home = "/home/share"; diff --git a/krebs/2configs/wiki.nix b/krebs/2configs/wiki.nix index e4f05a6e6..9a18b8dff 100644 --- a/krebs/2configs/wiki.nix +++ b/krebs/2configs/wiki.nix @@ -4,9 +4,9 @@ let setupGit = '' export PATH=${makeBinPath [ pkgs.git ]} - export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.krebs.gollum.stateDir}/.ssh/id_ed25519' + export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.services.gollum.stateDir}/.ssh/id_ed25519' repo='git@localhost:wiki' - cd ${config.krebs.gollum.stateDir} + cd ${config.services.gollum.stateDir} if ! url=$(git config remote.origin.url); then git remote add origin "$repo" elif test "$url" != "$repo"; then @@ -27,7 +27,7 @@ let in { - krebs.gollum = { + services.gollum = { enable = true; extraConfig = '' Gollum::Hook.register(:post_commit, :hook_id) do |committer, sha1| @@ -36,6 +36,8 @@ in ''; }; + systemd.services.gollum.environment.LC_ALL = "en_US.UTF-8"; + networking.firewall.allowedTCPPorts = [ 80 ]; services.nginx = { enable = true; @@ -87,7 +89,7 @@ in }; krebs.secret.files.gollum = { - path = "${config.krebs.gollum.stateDir}/.ssh/id_ed25519"; + path = "${config.services.gollum.stateDir}/.ssh/id_ed25519"; owner = { name = "gollum"; }; source-path = "${}"; }; diff --git a/krebs/3modules/airdcpp.nix b/krebs/3modules/airdcpp.nix index 56fb31795..0ac9d3350 100644 --- a/krebs/3modules/airdcpp.nix +++ b/krebs/3modules/airdcpp.nix @@ -268,6 +268,7 @@ let uid = genid "airdcpp"; home = cfg.stateDir; createHome = true; + isSystemUser = true; inherit (cfg) extraGroups; }; groups.airdcpp.gid = genid "airdcpp"; diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index ffa9a29e9..051646b63 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -146,6 +146,7 @@ let uid = genid_uint31 "bepasty"; group = "bepasty"; home = "/var/lib/bepasty-server"; + isSystemUser = true; }; users.extraGroups.bepasty = { gid = genid_uint31 "bepasty"; diff --git a/krebs/3modules/brockman.nix b/krebs/3modules/brockman.nix index 9b2ed4a71..7a78880ea 100644 --- a/krebs/3modules/brockman.nix +++ b/krebs/3modules/brockman.nix @@ -12,7 +12,7 @@ in { users.extraUsers.brockman = { home = "/var/lib/brockman"; createHome = true; - isNormalUser = false; + isSystemUser = true; uid = genid_uint31 "brockman"; }; diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index 8995753ac..a845bb281 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -322,6 +322,7 @@ let description = "Buildbot Master"; home = cfg.workDir; createHome = false; + isSystemUser = true; }; users.extraGroups.buildbotMaster = { diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix index c15169fba..d877b9911 100644 --- a/krebs/3modules/buildbot/slave.nix +++ b/krebs/3modules/buildbot/slave.nix @@ -131,6 +131,7 @@ let description = "Buildbot Slave"; home = cfg.workDir; createHome = false; + isSystemUser = true; }; users.extraGroups.buildbotSlave = { diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index e75afad1d..30ca82b97 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -20,6 +20,7 @@ let ./ci.nix ./current.nix ./dns.nix + ./ergo.nix ./exim.nix ./exim-retiolum.nix ./exim-smarthost.nix @@ -28,7 +29,6 @@ let ./github-known-hosts.nix ./git.nix ./go.nix - ./gollum.nix ./hidden-ssh.nix ./hosts.nix ./htgen.nix diff --git a/krebs/3modules/ergo.nix b/krebs/3modules/ergo.nix new file mode 100644 index 000000000..14f85c4d7 --- /dev/null +++ b/krebs/3modules/ergo.nix @@ -0,0 +1,136 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkEnableOption mkIf mkOption types; + inherit (pkgs) coreutils ergo; + cfg = config.krebs.ergo; + + configFile = pkgs.writeText "ergo.conf" (builtins.toJSON cfg.config); +in + +{ + + ###### interface + + options = { + + krebs.ergo = { + + enable = mkEnableOption "Ergo IRC daemon"; + + config = mkOption { + type = (pkgs.formats.json {}).type; + description = '' + Ergo IRC daemon configuration file. + ''; + default = { + network = { + name = "krebstest"; + }; + server = { + name = "${config.networking.hostName}.r"; + listeners = { + ":6667" = {}; + }; + casemapping = "permissive"; + enforce-utf = true; + lookup-hostnames = false; + ip-cloaking = { + enabled = false; + }; + forward-confirm-hostnames = false; + check-ident = false; + relaymsg = { + enabled = false; + }; + max-sendq = "1M"; + ip-limits = { + count = false; + throttle = false; + }; + }; + datastore = { + path = "${cfg.statedir}/ircd.db"; + }; + accounts = { + authentication-enabled = true; + registration = { + enabled = true; + email-verification = { + enabled = false; + }; + }; + }; + channels = { + default-modes = "+nt"; + }; + limits = { + nicklen = 32; + identlen = 20; + channellen = 64; + awaylen = 390; + kicklen = 390; + topiclen = 390; + }; + }; + }; + + statedir = mkOption { + type = types.path; + default = "/var/lib/ergo"; + description = '' + Location of the state directory of ergo. + ''; + }; + + user = mkOption { + type = types.str; + default = "ergo"; + description = '' + Ergo IRC daemon user. + ''; + }; + + group = mkOption { + type = types.str; + default = "ergo"; + description = '' + Ergo IRC daemon group. + ''; + }; + + }; + + }; + + + ###### implementation + + config = mkIf cfg.enable ({ + users.users.${cfg.user} = { + description = "Ergo IRC daemon user"; + uid = config.ids.uids.ircd; + group = cfg.group; + }; + + users.groups.${cfg.group} = { + gid = config.ids.gids.ircd; + }; + + systemd.tmpfiles.rules = [ + "d ${cfg.statedir} - ${cfg.user} ${cfg.group} - -" + ]; + + systemd.services.ergo = { + description = "Ergo IRC daemon"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStartPre = "${ergo}/bin/ergo initdb --conf ${configFile}"; + ExecStart = "${ergo}/bin/ergo run --conf ${configFile}"; + Group = cfg.group; + User = cfg.user; + }; + }; + + }); +} diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 123bbac47..8e6fa225a 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -589,6 +589,32 @@ in { }; }; }; + nxnv = { + owner = config.krebs.users.rtjure; + nets = { + retiolum = { + ip4.addr = "10.243.122.127"; + aliases = [ + "nxnv.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxEs92W/wRl3wlB6fNS2KUS+ubFAPLkgQYhk4JXeEeTpUq1H27oxB + ZWgWOlLMqnvn3w+aHQviWWPl5F6jXCxDOWCwyLhZU4cs45+ub9KKezCeE8IN+gAt + NKDqmRFzao9EXoT7sR65BblqEUR/Aqpykv7n4JdL5pGDbw1GGJ6Xf5QZo2sYm4wp + wdqOROn/V2Sm8NgmD1K6Sa2i6BLHSvHqunI4qoTyMfGXl8sbw6I2iclpQy8td9bt + 1WA7F9kVTZdhaWgfpiZ8sKQ9LoFKoy6jnoppQcl/E8V2XNnjPy8obaLX9rTJ/deT + eW9qmfZeYiFSaDLLWEIZjhaU2l9z72oWyUW8w8GZQD+ypGi+UDMkbAhRHiaVGOZy + S7AodiEL2Ebzj6XJaNYC3LYm5R8U6XlvcHwn4FDtgKkqwXz08cZsPwQLoBjXUEi/ + 9/A5WEwrmp62TJ/ZRcRwV8/dBklrc/4FT0q0CiMuCWcbjF891d68TvcXlVU3gCwN + ld80CS17o2dOsBBW4nft7+9tL545p7mMjw6Oa4kRUTo2n1mYkMdTGZR+tOCD6hvW + 45IG7vGq5EnRwolekGoMRf8RthajU2RXcIoNWnVon0so0Rja+AU9G7dobd/2qila + jta1Mou2vzUSAbdwXtBwJHlV9882p1utMlU9XVEZwQXfWSt488tQqzsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; ada = { owner = config.krebs.users.filly; nets = { @@ -675,6 +701,7 @@ in { 1T6DILDF71H92PNylujKSPA0CKI160xJ61Xy/T6MYl5u0+RblAgYr77o5HJwmXCe jFrCu3SKUIlJWYHWE8yNoR+VVYeXakbDFYE3KpVyBDG+ljUbia+Oel8CAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = 3IKIoZqg0jm9+pOOka2FEtihx0y8qAdJqKTuRfJtMpK ''; }; }; diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 15136cbce..bbefb8ed8 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -39,6 +39,7 @@ in { DKhcgvE6xHCwZnVyJN8MMy1CVyDmnHVYoaTEZ2cCvNi/hXIXgO9KWjSpAv5tP764 UkOE4dlDpEW6G1pNf84BERfRYGDj29A/Jk9LJC/6D09QJXNu18HR0sUCAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = 6VktF9Fg9E0hCW5g+rwGnrPACPSx/8vkl+hPNaFYeND ''; }; }; @@ -72,6 +73,7 @@ in { UU8cQZ3yBLIhTtC+38pRlsdBQHt526q0j0rrnd30JXVAUdWBunP2UJ5QGtA8/mWn cWSlvRf5sfbyrISz6+mLPM2qGHnCkKwORNxmv/1DY07O3Rn6hX0OY4ECAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = qnJmS6W7QSKG3mjW1kPnHGeVmKzhGkyP9xBLGwH5XvD ''; }; }; @@ -148,6 +150,7 @@ in { IzbYu49VO/B1rktYzZ2l2ENQy6OILXWbvFjC8Pt8f1ZZQ4A21PyNA1AdyJ/rbVj7 awm3OnnvKSvMCXWnwHPFHjksb3qMx96Aep1cw3ZBx0sQQ41UWBoOsi8CAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = ikUmx5IC1dvfaHFhpZM9xotwF2LH6EkvpcPTRm6TjeD ''; }; }; @@ -240,10 +243,10 @@ in { 61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13 Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ== -----END RSA PUBLIC KEY----- + + Ed25519PublicKey = 7J1JgVyiy540akMdd/kONta0fMHSl5+FQJ1QhN84TzP ''; tinc.subnets = [ - # ohorn lan - "fd42:4492:6a6d:500:8526:2adf:7451:8bbb" # docker network "42:0000:002b:1605:3::/80" ]; @@ -269,21 +272,26 @@ in { ''; }; }; - anindya = { + aendernix = { owner = config.krebs.users.mic92; nets.retiolum = { - ip4.addr = "10.243.29.191"; + ip4.addr = "10.243.29.172"; aliases = [ - "anindya.r" + "aendernix.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA8yWr01WlmM4RYuJdxvzvfdN3C5T3DOknWvK7U3y92HYgtQfYtZwu - +J8r1fpTsdIS8wKdSEqz7Mjhb1JabJBB1fv/2mkAF4V/gkMbP0jqZ6QQL29kgkNP - aI/+zG1yh4kEDgSn843J6XnTsJ/4Na2zmbVP1iIIQYMXyh+meWsBVR6DKV5ighjz - 4h3wKbuMmDrS50aTk8ahgWoiqcE2DTUMeprw4SIL+RTepmsCINQtAJui5Ys6AAbK - ab6gxMzRH2txLBcTfSrbqTX3qHZHLlB9Ai5FEItWqMBxquD6OCxn8DNU+5LgGpt1 - Z37SI1U0c4uu1oo7kOSx6wYP2ZVOatys6QIDAQAB + MIICCgKCAgEAt/dCDTvJU5jugP+5pk2CNM8X6cOnFonJv2eS253nsmKI97T9FSUa + QDt417MoqAJNEeZw7o4ve1fmdZmtfKgmXYdDJi2HSJCJoKY6FUgVOKevtzGg4akl + 4mKTy2z59CxyIbA41MHyLq18W3NLabQ41NpWGBRt9jvHQpZfd+wI8t5IIzdvFrKo + JSOFRbzEBL5//Hc3N/443cUg4IMyDBTemS7/jaZ2/Mn+PVZAdoIPLEZjFeWewmTF + Jd8Bsc2thzAREYHYnawhq3PLJSebMJd91pCdkD0NB0i59VKORcQTFady3fzE9+w4 + RSTqAdBTUDuxzU/B8g1dp89/qW+fVPiFuB5Pf7D9t2DgxTDAeSXMiId/4Hwa0B1G + QCnCedz0Qk2UdId16BTS8DSq8Pd9fawU6qCmPY6ahSiw5ZQ6odMvDISb480cKj41 + pslLjhIItTk3WEs8MwnQCzweNABuCK7GzT7CNaYm3f9pznBlOB+KfoZ6mrlzKkEK + u+gFJXTFym0ZF0wheXO7FCJ1jp4LFHqKGS3zWQyT7isjLsbcQzpOe8/FdiFlQvlG + vltL+5JjcahAMHc/ba+pRa5rSy8ebqf68fg4jlkT94Za13bCIHdK5w7eAXR3s/9z + H2wZmhvajUIZAxQSgFUy+7kKWOIkWqFkGPIdmbdwTaHC88OWshvRv8ECAwEAAQ== -----END RSA PUBLIC KEY----- ''; }; @@ -356,6 +364,7 @@ in { 4frtEIGbfdKqQ6nNTvTpCrAo+WAm3NE3khTYqGe4LqX/JMoGtWXp/Ex9IdG+sflM mESMjuHp9vPY4aZGPtYPP93Cxv3q7gm+EfIGebajISpaG28J+XjiNNsCAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = emKq1mfkW4/aCoCwmeFU3DtppKs+KsTvd9YGoFkFgdC ''; }; }; @@ -381,8 +390,6 @@ in { /vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ== -----END RSA PUBLIC KEY----- ''; - # ohorn lan - tinc.subnets = [ "fd42:4492:6a6d:500::/64" ]; }; }; }; @@ -410,6 +417,7 @@ in { 74oJVJgBT5M1rTH2+u+MU+kC+x2UD+jjXEjS55owFWsEM1jI4rGra+dpsDuzdGdG 67wl9JlpDBy4Tkf2Bl3CQWZHsWDsR6jCqwIDAQAB -----END RSA PUBLIC KEY----- + Ed25519PublicKey = Z5+fArxMfP8oLqlHpXadkGc9ROOPHBqugAMD2czmNlJ ''; }; }; @@ -417,6 +425,11 @@ in { bill = { owner = config.krebs.users.mic92; nets = rec { + internet = { + ip4.addr = "131.159.38.191"; + ip6.addr = "2a09:80c0:38::191"; + aliases = [ "bill.i" ]; + }; retiolum = { addrs = [ config.krebs.hosts.bill.nets.retiolum.ip4.addr @@ -426,13 +439,19 @@ in { aliases = [ "bill.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAzg0wJuDvsbflRKSJ7+ug9y7Gn+BH3CR44fuCPZpWmIcGIUbA6rXj - CD8pF5heOvXNCFlEip2wqTkaCJPnUs3x8BRtORmD6OxDdmqt0xH54u7CixKzrPp9 - GIQydv+ZsGA2z3aDbmBydRPDIvYGhW68FJn10qlGRjCZ5zCl1eVEZ/wMddFXc0B8 - KDbxh7qOkjXon6EOGACVbnrnUR3F1GsIvCxX0cCDrO0P8XHwwsZiAfUwXYkiqw7t - zPcty6Bbr34mSJbb9cFb/qQlfPWT0HVgo+Q65HVkr/64o/9tTyREZcj1dk5PpEPE - bt7PGlOF1oPZpVFQh8S+NviHTtqrvkuISQIDAQAB + MIICCgKCAgEAvzM5dWPpmzzmogjuZC5boNvz+MJcIO0WnE9IINBY+CLSw5ZpNDVB + b97EG0Irs92OLJ5eesdPdF5LIyfFcFHOpPN+NdVEfLDWpFZVgOYh4BRy5+JdEk6O + ybcxLFIdgBHxahd3W27FxXC1ALu/AInAA2b4rwYoNBi23idj8+wtL4MJldkr5QaQ + sx8VQxIMy1xY4AbKcHdOt/nMrPoU6GnE9ObdcLys5cGUl/7Vc0NAMK6RrFQo+jfn + 2N0uWA1hZPAfZEEKP91xiOiRSx15WG3q9R/rqPmBh6l+rdPyWdRKcPVndCzVDrgw + WWPcR9A9Yzr0ZrpEIHOfrDOqb2Ur1HlrXHZRpt55IYOKwC7ZimZzKkMj7zl1t2Rq + nC07IJS7OI38amgLI0PSFI/Mx+mAPdYjd0fDcp8q7reOL63QT7cbrOw+cyOzNzGb + I7U7QaHaA2unOa1EYj5Ocd6jI1IyHqQe9FkUqgTaDVU44U3WEo/KY6FZfhqSPPHs + PsFzMj9nOWUGUr0cAn7DloIfNL49voO1C4HaiEvvhbSFIT/8suq3JznFxmP/q+Ph + qYbXI/LXzU2Ln1Abiu9m1OfxTmEOlH9C54zyUvkAfhjcD2/aZWc76g06Oj2L6kZ6 + EC9Ku7Hk37rVOgZjtXUjuf3eUAvImknQ/JMRM3YDQgmu4iU0tJ1UnqkCAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = bN+knMGCqK+HkdOucynEXxeqGFOS2u8oWLRDV/gNIZI ''; }; }; @@ -440,6 +459,11 @@ in { nardole = { owner = config.krebs.users.mic92; nets = rec { + internet = { + ip4.addr = "131.159.102.2"; + ip6.addr = "2a09:80c0:102::2"; + aliases = [ "nardole.i" ]; + }; retiolum = { addrs = [ config.krebs.hosts.nardole.nets.retiolum.ip4.addr @@ -449,13 +473,19 @@ in { aliases = [ "nardole.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA05JzZLPH4+t2X8TI1nYsv4WCQ/OUmuMy9YbKUIRITE2EVA+x47Cf - qdYPucWUpF7ap1rykxHBcPnmORO/NjAymlt25FDyyYQ2uWm17VE7P7jefAUnX7xj - 80Rt7aWCXfldQuRAbza35G+Kl50Y6ydkZYkKCbyQ8fMhuzNp6Wn/pAJD3yr+zdka - AsIoir9Ut9/9CKayRqGF+zaIf2Lj7nl5GL8bCAVJydU98GjlnXt7iuaWCt0H7NiK - FWOjkGhAUlQI9I6l+5ELWClpyk5X+isfbUbYaCCspZJvos+vDE8hJuH5PrH8NuJj - fJv8HrHkcGphn/Nn1TotpHBkyMyE5h6akwIDAQAB + MIICCgKCAgEAyYIN9FYtTmJTXUlBO4QYp9J7SZbglMEq0QCMpF9xQvCqJHl+C1vm + NzAswlhbaK5J1spi6+zUXtYJEVQyP1xesDlVm9G+hntS7woEWtuLO7VUL9whWINb + mO0OmYIEaWTMPIOKPTgc3tYsUhk7dw962/6I81JQczCHg1z2ItsRho/Kwi/Jo2Gj + jnPJQoRek45+xIzlf9Jx38ntioTQIaLuSw7/lplT1cHNcefLje8FQmVEojY79Ijc + 6Ij4b9tPln8eQErw2sANS6kSUOVRnVkfeRW+3a4iRtd8SzXJ+aX5TCsq910Z1+/H + ClK91GctU0V11s/m8LCp/Wz+o+4Z89JLxnil/ZS/6NHsaHysQPFPbx0Uh5nASF64 + RoWhzp2CSJTC9/UJKdPIpIokMIEGgKjy8Up3nY4yjoUnf6SZfzr4jmXfRmYmVaMp + cCjbMbxBo+MjfXlGRxJAFGkS9zO9/21SEDiWqfOVThg5jbBR/q9ysRGcXndS0ea7 + NzsCbU1/0StxxmZLpBRz2MxGSHqlZbwInm9RjsXbCGa32tTiUz8VxjR3LTUMU8AP + xpPLaIo7TIPdkDvCFL+DtXB9lE2PDpnSHbxyXKVKqxmCW1i/+msrBs/gnQ9VjzyA + L1Ip2MBQd+CFUtaj+VdhjfulvpVcpr5e3nZe7cl38qucUp46tbVsJ3UCAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = BA8uWkeHofZb5s9bNy6PjefKNZwemETWAA+Q6okKn1M ''; }; }; @@ -467,7 +497,6 @@ in { ip4.addr = "10.243.29.171"; aliases = [ "rock.r" - "loki.r" ]; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- @@ -518,6 +547,7 @@ in { W3jpl1y5zShr5Hz90QoYcUTsxg9uk/+yqKpwUySZ6Gh4q0bo5k7nkM9i8mCMfNGZ 0UU94QmwS9RoV4Mt4pSLYRcCs0mVeEjLuIfTFHkXc6LCjBWMn8ICfeMCAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = 0O1LrgXAFOuei1NfU0vow+qUfim3htBOyCJvPrQFwHE ''; }; }; @@ -544,9 +574,8 @@ in { W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = bXEnZa/jn2ntL0R4sMsRd7NIoHgzrzUnJ3ReJUQ8iFG ''; - # ohorn lan - tinc.subnets = [ "fd42:4492:6a6d:500:f610:15d1:27a3:674b" ]; }; }; }; @@ -621,8 +650,8 @@ in { nets = rec { internet = { # eva.thalheim.io - ip4.addr = "52.59.172.193"; - ip6.addr = "2a05:d014:301:a601:ef0e:5434:d814:b8ed"; + ip4.addr = "157.90.232.92"; + ip6.addr = "2a01:4f8:1c1c:9a9::1"; aliases = [ "eva.i" ]; }; retiolum = { @@ -630,6 +659,7 @@ in { ip4.addr = "10.243.29.185"; aliases = [ "eva.r" + "loki.r" "prometheus.r" "alertmanager.r" ]; @@ -648,6 +678,7 @@ in { 6uuTTsn7s0PYBJDNdccOf1Qt8fqPPgzqUKqeUciHojYDDPTC5KQh5m2PBv4I4iIR LnKOqNUX7UCqbdaE/tfFRG0CAwEAAQ== -----END PUBLIC KEY----- + Ed25519PublicKey = 7rbs+10zzfwOPj5RoS1i/01QXuw7uIHGOHIgsjB2fHK ''; }; }; @@ -671,6 +702,7 @@ in { EMp7y5QJySmKwJ/XsS6yiHeYXLFwWvfReja/IRFL4RiDSW+6ES4PTEXxoLVDpqgv KF44qim4UBabCMTPVtZcU3Rr+ufBALKJCwIDAQAB -----END RSA PUBLIC KEY----- + Ed25519PublicKey = PmZ8i6lB0Ij/d8qjA0y3QI2rMAlrTZn1ES/hUSNNWMP ''; }; }; @@ -699,6 +731,7 @@ in { fuXAsh5UbnE5kt6vKL5aducScatyd5FRkNumKG5ji26eZR4lZmXn380JLDInV4n7 SODZL2fQFBnSD1wTWcq9Q/luPh4FitzJUZzHexvNxR/KBZycZJtdVw8CAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = pjCpkZToBUBbjUNVMWfYJePZ6g7m7Ccr9WedfKEFsXD ''; }; }; diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index e89b86e32..852c8f630 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -57,6 +57,7 @@ let description = "fetchWallpaper user"; home = cfg.stateDir; createHome = true; + isSystemUser = true; }; systemd.timers.fetchWallpaper = { diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index 7d618ebfd..d385ec355 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -65,6 +65,7 @@ let users.users.${user.name} = { inherit (user) uid; home = cfg.dataDir; + isSystemUser = true; }; }; diff --git a/krebs/3modules/gollum.nix b/krebs/3modules/gollum.nix deleted file mode 100644 index 4b4e04d16..000000000 --- a/krebs/3modules/gollum.nix +++ /dev/null @@ -1,112 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.krebs.gollum; -in - -{ - options.krebs.gollum = { - enable = mkOption { - type = types.bool; - default = false; - description = "Enable the Gollum service."; - }; - - address = mkOption { - type = types.str; - default = "0.0.0.0"; - description = "IP address on which the web server will listen."; - }; - - port = mkOption { - type = types.int; - default = 4567; - description = "Port on which the web server will run."; - }; - - extraConfig = mkOption { - type = types.lines; - default = ""; - description = "Content of the configuration file"; - }; - - mathjax = mkOption { - type = types.bool; - default = false; - description = "Enable support for math rendering using MathJax"; - }; - - allowUploads = mkOption { - type = types.nullOr (types.enum [ "dir" "page" ]); - default = null; - description = "Enable uploads of external files"; - }; - - emoji = mkOption { - type = types.bool; - default = false; - description = "Parse and interpret emoji tags"; - }; - - branch = mkOption { - type = types.str; - default = "master"; - example = "develop"; - description = "Git branch to serve"; - }; - - stateDir = mkOption { - type = types.path; - default = "/var/lib/gollum"; - description = "Specifies the path of the repository directory. If it does not exist, Gollum will create it on startup."; - }; - - }; - - config = mkIf cfg.enable { - - users.users.gollum = { - group = config.users.users.gollum.name; - description = "Gollum user"; - home = cfg.stateDir; - createHome = false; - isSystemUser = true; - }; - - users.groups.gollum = { }; - - systemd.tmpfiles.rules = [ - "d '${cfg.stateDir}' - ${config.users.users.gollum.name} ${config.users.groups.gollum.name} - -" - ]; - - systemd.services.gollum = { - description = "Gollum wiki"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - path = [ pkgs.git ]; - - preStart = '' - # This is safe to be run on an existing repo - git init ${cfg.stateDir} - ''; - - serviceConfig = { - User = config.users.users.gollum.name; - Group = config.users.groups.gollum.name; - ExecStart = '' - ${pkgs.gollum}/bin/gollum \ - --port ${toString cfg.port} \ - --host ${cfg.address} \ - --config ${pkgs.writeText "gollum-config.rb" cfg.extraConfig} \ - --ref ${cfg.branch} \ - ${optionalString cfg.mathjax "--mathjax"} \ - ${optionalString cfg.emoji "--emoji"} \ - ${optionalString (cfg.allowUploads != null) "--allow-uploads ${cfg.allowUploads}"} \ - ${cfg.stateDir} - ''; - }; - }; - }; -} diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix index 390f7585f..41743612a 100644 --- a/krebs/3modules/jeschli/default.nix +++ b/krebs/3modules/jeschli/default.nix @@ -49,6 +49,7 @@ in { }; }; enklave = { + ci = false; nets = rec { internet = { ip4.addr = "88.198.164.182"; diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index 86b74a8ca..76f333963 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -60,6 +60,7 @@ let uid = genid "realwallpaper"; home = cfg.workingDir; createHome = true; + isSystemUser = true; }; }; diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index 33a24871f..19cce8aa4 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -127,6 +127,7 @@ let users.extraUsers.tinc_graphs = { uid = genid_uint31 "tinc_graphs"; home = "/var/spool/tinc_graphs"; + isSystemUser = true; }; services.nginx = mkIf cfg.nginx.enable { enable = mkDefault true; diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix index 0b7a71db5..6a159a5b2 100644 --- a/krebs/3modules/urlwatch.nix +++ b/krebs/3modules/urlwatch.nix @@ -193,6 +193,7 @@ let inherit (user) uid; home = cfg.dataDir; createHome = true; + isSystemUser = true; }; }; diff --git a/krebs/5pkgs/simple/buildbot-classic/default.nix b/krebs/5pkgs/simple/buildbot-classic/default.nix index c127d2987..5e075f1a1 100644 --- a/krebs/5pkgs/simple/buildbot-classic/default.nix +++ b/krebs/5pkgs/simple/buildbot-classic/default.nix @@ -1,6 +1,9 @@ -{ pkgs, fetchFromGitHub, python2Packages, git, ... }: +{ pkgs, fetchFromGitHub, python2Packages, git, ... }: let -python2Packages.buildPythonApplication rec { + # we need the old sqlparse since the new one is python2 incompatible + sqlparse = python2Packages.callPackage ./sqlparse.nix {}; + +in python2Packages.buildPythonApplication rec { name = "buildbot-classic-${version}"; version = "0.8.18"; namePrefix = ""; @@ -18,7 +21,7 @@ python2Packages.buildPythonApplication rec { python2Packages.jinja2 python2Packages.twisted python2Packages.dateutil - python2Packages.sqlalchemy_migrate + (python2Packages.sqlalchemy_migrate.override { sqlparse = sqlparse; }) python2Packages.pysqlite pkgs.coreutils ]; diff --git a/krebs/5pkgs/simple/buildbot-classic/sqlparse.nix b/krebs/5pkgs/simple/buildbot-classic/sqlparse.nix new file mode 100644 index 000000000..b6aee633e --- /dev/null +++ b/krebs/5pkgs/simple/buildbot-classic/sqlparse.nix @@ -0,0 +1,34 @@ +{ stdenv +, buildPythonPackage +, fetchPypi +, pytest +, isPy3k +}: + +buildPythonPackage rec { + pname = "sqlparse"; + version = "0.3.1"; + + src = fetchPypi { + inherit pname version; + sha256 = "e162203737712307dfe78860cc56c8da8a852ab2ee33750e33aeadf38d12c548"; + }; + + checkInputs = [ pytest ]; + checkPhase = '' + py.test + ''; + + # Package supports 3.x, but tests are clearly 2.x only. + doCheck = !isPy3k; + + meta = with stdenv.lib; { + description = "Non-validating SQL parser for Python"; + longDescription = '' + Provides support for parsing, splitting and formatting SQL statements. + ''; + homepage = "https://github.com/andialbrecht/sqlparse"; + license = licenses.bsd3; + }; + +} diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix index 8728c0ae7..2fbc7ff86 100644 --- a/krebs/5pkgs/simple/realwallpaper/default.nix +++ b/krebs/5pkgs/simple/realwallpaper/default.nix @@ -9,8 +9,7 @@ pkgs.writers.writeDashBin "generate-wallpaper" '' gnused file findutils - grib2json - imagemagick + imagemagick6 inkscape jq nomads-cloud diff --git a/krebs/5pkgs/simple/solanum/default.nix b/krebs/5pkgs/simple/solanum/default.nix deleted file mode 100644 index 3fa765c94..000000000 --- a/krebs/5pkgs/simple/solanum/default.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ lib, stdenv -, fetchFromGitHub -, autoreconfHook -, pkg-config -, bison -, flex -, openssl -, sqlite -, lksctp-tools -}: - -stdenv.mkDerivation rec { - pname = "solanum"; - version = "unstable-2021-04-27"; - - src = fetchFromGitHub { - owner = "solanum-ircd"; - repo = pname; - rev = "3ff5a12e75662e9a642f2a4364797bd361eb0925"; - sha256 = "14ywmfdv8cncbyg08y2qdis00kwg8lvhkcgj185is67smh0qf88f"; - }; - - patches = [ - ./dont-create-logdir.patch - ]; - - configureFlags = [ - "--enable-epoll" - "--enable-ipv6" - "--enable-openssl=${openssl.dev}" - "--with-program-prefix=solanum-" - "--localstatedir=/var/lib" - "--with-rundir=/run" - "--with-logdir=/var/log" - ] ++ lib.optionals (stdenv.isLinux) [ - "--enable-sctp=${lksctp-tools.out}/lib" - ]; - - nativeBuildInputs = [ - autoreconfHook - bison - flex - pkg-config - ]; - - buildInputs = [ - openssl - sqlite - ]; - - doCheck = !stdenv.isDarwin; - - enableParallelBuilding = true; - - meta = with lib; { - description = "An IRCd for unified networks"; - homepage = "https://github.com/solanum-ircd/solanum"; - license = licenses.gpl2Only; - maintainers = with maintainers; [ hexa ]; - platforms = platforms.unix; - }; -} diff --git a/krebs/5pkgs/simple/solanum/dont-create-logdir.patch b/krebs/5pkgs/simple/solanum/dont-create-logdir.patch deleted file mode 100644 index e348dd7b8..000000000 --- a/krebs/5pkgs/simple/solanum/dont-create-logdir.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff --git a/Makefile.am b/Makefile.am -index 19e7b396..21093521 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -35,9 +35,6 @@ include/serno.h: - echo '#define DATECODE 0UL' >>include/serno.h; \ - fi - --install-data-hook: -- test -d ${DESTDIR}${logdir} || mkdir -p ${DESTDIR}${logdir} -- - install-exec-hook: - rm -f ${DESTDIR}${libdir}/*.la - rm -f ${DESTDIR}${moduledir}/*.la diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index fe46ec022..aaf66e428 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "7a1fbc38a4b538450ac0d42aec8a3e513b4d723e", - "date": "2021-05-16T12:16:31+02:00", - "path": "/nix/store/iq2sy65gmwad2prm8lcdh6k5f7ywxci5-nixpkgs", - "sha256": "0jg8dilsw0gr4jfshkk3wd50gddd11hvd836fxkw43m6m47885p7", + "rev": "fbfb79400a08bf754e32b4d4fc3f7d8f8055cf94", + "date": "2021-06-06T04:54:09-03:00", + "path": "/nix/store/51dsmanfc179xy70kn2rl0qvg45cn6qr-nixpkgs", + "sha256": "0pgyx1l1gj33g5i9kwjar7dc3sal2g14mhfljcajj8bqzzrbc3za", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 06b865cc8..18e9ecd83 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "33824cdf8e4fec30c5b9ddc91b18991c3c375227", - "date": "2021-05-18T19:08:44-04:00", - "path": "/nix/store/s3f1q2a5hn60jdnz8h66z7yahrmzifin-nixpkgs", - "sha256": "1sad0x998k3iid2vp57kv4skvf90yh4gbs61dv3p45c2qi3sql46", + "rev": "60cce7e5e1fdf62421ef6d4184ee399b46209366", + "date": "2021-06-09T01:18:50-04:00", + "path": "/nix/store/fixgn194626rb7gf99l9jaqm0hbqn2ix-nixpkgs", + "sha256": "100xrb925cana1kfd0c7gwkjjalq891vfgr0rn1gl9j8gp3l3gx6", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false diff --git a/krebs/update-nixpkgs.sh b/krebs/update-nixpkgs.sh index 9a0ea7ed4..368a3ecb3 100755 --- a/krebs/update-nixpkgs.sh +++ b/krebs/update-nixpkgs.sh @@ -3,7 +3,7 @@ dir=$(dirname $0) oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ --url https://github.com/NixOS/nixpkgs \ - --rev refs/heads/nixos-20.09' \ + --rev refs/heads/nixos-21.05' \ > $dir/nixpkgs.json newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev" diff --git a/lass/1systems/coaxmetal/config.nix b/lass/1systems/coaxmetal/config.nix index 3e0b1674a..227c5e1e9 100644 --- a/lass/1systems/coaxmetal/config.nix +++ b/lass/1systems/coaxmetal/config.nix @@ -16,38 +16,54 @@ - + # + + + + + # ]; krebs.build.host = config.krebs.hosts.coaxmetal; - environment.shellAliases = { - deploy = pkgs.writeDash "deploy" '' + environment.systemPackages = with pkgs; [ + brain + bank + l-gen-secrets + (pkgs.writeDashBin "deploy" '' set -eu export SYSTEM="$1" $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) - ''; - usb-tether-on = pkgs.writeDash "usb-tether-on" '' + '') + (pkgs.writeDashBin "usb-tether-on" '' adb shell su -c service call connectivity 33 i32 1 s16 text - ''; - usb-tether-off = pkgs.writeDash "usb-tether-off" '' + '') + (pkgs.writeDashBin "usb-tether-off" '' adb shell su -c service call connectivity 33 i32 0 s16 text - ''; - }; + '') + ]; programs.adb.enable = true; hardware.bluetooth = { enable = true; powerOnBoot = true; - # config.General.Disable = "Headset"; - extraConfig = '' - [General] - Disable = Headset - ''; }; hardware.pulseaudio.package = pkgs.pulseaudioFull; + + lass.browser.config = { + dc = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; }; + ff = { browser = "firefox"; groups = [ "audio" "video" ]; hidden = true; }; + fy = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; }; + }; + + nix.trustedUsers = [ "root" "lass" ]; + + services.tor = { + enable = true; + client.enable = true; + }; } diff --git a/lass/1systems/coaxmetal/physical.nix b/lass/1systems/coaxmetal/physical.nix index c94740c54..3632ffd3e 100644 --- a/lass/1systems/coaxmetal/physical.nix +++ b/lass/1systems/coaxmetal/physical.nix @@ -7,6 +7,7 @@ networking.hostId = "e0c335ea"; boot.zfs.requestEncryptionCredentials = true; + boot.zfs.enableUnstable = true; boot.loader.efi.canTouchEfiVariables = true; boot.loader.grub = { enable = true; diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index d84502b3f..b84ce6acf 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -19,6 +19,7 @@ with import ; "networkmanager" ]; useDefaultShell = true; + isNormalUser = true; }; networking.networkmanager.enable = true; networking.wireless.enable = mkForce false; diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix index fbd2d223f..d7bf62b40 100644 --- a/lass/1systems/green/config.nix +++ b/lass/1systems/green/config.nix @@ -23,7 +23,7 @@ with import ; users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMe23IAHn4Ow4J4i8M9GJshqvY80U11NKPLum6b1XLn" # weechat ssh tunnel + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0rn3003CkJMk3jZrh/3MC6nVorHRymlFSI4x1brCKY" # weechat ssh tunnel ]; krebs.bindfs = { diff --git a/lass/1systems/icarus/physical.nix b/lass/1systems/icarus/physical.nix index 837872bf5..0b1aff4a8 100644 --- a/lass/1systems/icarus/physical.nix +++ b/lass/1systems/icarus/physical.nix @@ -45,16 +45,5 @@ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" ''; - services.thinkfan.enable = true; - services.thinkfan.levels = '' - (0, 0, 55) - (1, 48, 60) - (2, 50, 61) - (3, 52, 63) - (6, 60, 85) - (7, 80, 90) - (127, 89, 32767) - ''; - services.logind.lidSwitch = "ignore"; } diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 25d688696..89a386139 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -345,6 +345,7 @@ with import ; home = "/var/download"; useDefaultShell = true; uid = genid "download"; + isSystemUser = true; openssh.authorizedKeys.keys = with config.krebs.users; [ lass.pubkey lass-android.pubkey diff --git a/lass/1systems/uriel/config.nix b/lass/1systems/uriel/config.nix index b50dc63f5..c3ce8fced 100644 --- a/lass/1systems/uriel/config.nix +++ b/lass/1systems/uriel/config.nix @@ -23,6 +23,7 @@ with import ; "networkmanager" ]; useDefaultShell = true; + isNormalUser = true; }; networking.networkmanager.enable = true; hardware.pulseaudio = { diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix index 22c80b4da..bf818a9b2 100644 --- a/lass/1systems/xerxes/config.nix +++ b/lass/1systems/xerxes/config.nix @@ -81,11 +81,6 @@ hardware.bluetooth = { enable = true; powerOnBoot = true; - # config.General.Disable = "Headset"; - extraConfig = '' - [General] - Disable = Headset - ''; }; hardware.pulseaudio.package = pkgs.pulseaudioFull; # hardware.pulseaudio.configFile = pkgs.writeText "default.pa" '' diff --git a/lass/2configs/bitcoin.nix b/lass/2configs/bitcoin.nix index 9f6fd3bf0..9aa97a8ce 100644 --- a/lass/2configs/bitcoin.nix +++ b/lass/2configs/bitcoin.nix @@ -4,12 +4,6 @@ let mainUser = config.users.extraUsers.mainUser; in { - krebs.per-user.bch.packages = [ - pkgs.electron-cash - ]; - krebs.per-user.bitcoin.packages = [ - pkgs.electrum - ]; users.extraUsers = { bch = { name = "bch"; @@ -17,6 +11,8 @@ in { home = "/home/bch"; useDefaultShell = true; createHome = true; + packages = [ pkgs.electron-cash ]; + isNormalUser = true; }; bitcoin = { name = "bitcoin"; @@ -24,10 +20,25 @@ in { home = "/home/bitcoin"; useDefaultShell = true; createHome = true; + packages = [ pkgs.electrum ]; + isNormalUser = true; + }; + monero = { + name = "monero"; + description = "user for monero stuff"; + home = "/home/monero"; + useDefaultShell = true; + createHome = true; + packages = [ + pkgs.monero + pkgs.monero-gui + ]; + isNormalUser = true; }; }; security.sudo.extraConfig = '' - ${mainUser.name} ALL=(bitcoin) NOPASSWD: ALL - ${mainUser.name} ALL=(bch) NOPASSWD: ALL + ${mainUser.name} ALL=(bch) ALL + ${mainUser.name} ALL=(bitcoin) ALL + ${mainUser.name} ALL=(monero) ALL ''; } diff --git a/lass/2configs/ciko.nix b/lass/2configs/ciko.nix index 3d87fb620..f32f062ff 100644 --- a/lass/2configs/ciko.nix +++ b/lass/2configs/ciko.nix @@ -10,6 +10,7 @@ with import ; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTUWm/fISw/gbuHvf3kwxGEuk1aY5HrNNvr8QXCQv0khDdaYmZSELbtFQtE04WGTWmackNcLpld5mETVyCM0BjOgqMJYQNhtywxfYcodEY5xxHCuGgA3S1t94MZub+DRodXCfB0yUV85Wbb0sltkMTJufMwYmLEGxSLRukxAOcNsXdjlyro96csmYrIiV6R7+REnz8OcR7sKlI4tvKA1mbvWmjbDBd1MZ8Jc0Lwf+b0H/rH69wEQIcB5HRHHJIChoAk0t2azSjXagk1+4AebONZTCKvTHxs/D2wUBIzoxyjmh5S0aso/cKw8qpKcl/A2mZiIvW3KMlJAM5U+RQKMrr" ]; + isNormalUser = true; }; system.activationScripts.user-shadow = '' diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 7b6f01148..193f4bef1 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -32,6 +32,7 @@ with import ; group = "users"; createHome = true; useDefaultShell = true; + isNormalUser = true; extraGroups = [ "audio" "fuse" @@ -88,9 +89,7 @@ with import ; services.timesyncd.enable = mkForce true; - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" - ]; + boot.tmpOnTmpfs = true; # multiple-definition-problem when defining environment.variables.EDITOR environment.extraInit = '' diff --git a/lass/2configs/elster.nix b/lass/2configs/elster.nix index e3a88c789..5d68def35 100644 --- a/lass/2configs/elster.nix +++ b/lass/2configs/elster.nix @@ -12,6 +12,7 @@ in { useDefaultShell = true; extraGroups = []; createHome = true; + isNormalUser = true; }; }; krebs.per-user.elster.packages = [ diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 67f250ef3..829773b87 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -78,6 +78,7 @@ in { # vdoomserver retroarchBare ]; + isNormalUser = true; }; }; diff --git a/lass/2configs/gg23.nix b/lass/2configs/gg23.nix index 3d4c1e306..89ccae408 100644 --- a/lass/2configs/gg23.nix +++ b/lass/2configs/gg23.nix @@ -8,6 +8,8 @@ with import ; prefixLength = 24; }]; + networking.domain = "gg23"; + services.dhcpd4 = { enable = true; interfaces = [ "int0" ]; diff --git a/lass/2configs/htop.nix b/lass/2configs/htop.nix index d9307347e..629d74235 100644 --- a/lass/2configs/htop.nix +++ b/lass/2configs/htop.nix @@ -3,7 +3,6 @@ with import ; { - security.hideProcessInformation = true; nixpkgs.config.packageOverrides = super: { htop = pkgs.symlinkJoin { name = "htop"; diff --git a/lass/2configs/pass.nix b/lass/2configs/pass.nix index 6b2a0142a..48070ea06 100644 --- a/lass/2configs/pass.nix +++ b/lass/2configs/pass.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: { - users.users.lass.packages = with pkgs; [ + users.users.mainUser.packages = with pkgs; [ (pass.withExtensions (ext: [ ext.pass-otp ])) gnupg ]; diff --git a/lass/2configs/power-action.nix b/lass/2configs/power-action.nix index c7bdb525d..648ffc784 100644 --- a/lass/2configs/power-action.nix +++ b/lass/2configs/power-action.nix @@ -32,9 +32,12 @@ in { user = "lass"; }; - users.users.power-action.extraGroups = [ - "audio" - ]; + users.users.power-action = { + isNormalUser = true; + extraGroups = [ + "audio" + ]; + }; security.sudo.extraConfig = '' ${config.krebs.power-action.user} ALL= (root) NOPASSWD: ${suspend} diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index cfc280e50..a474b0ebc 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -4,7 +4,6 @@ with import ; let name = "radio"; - mainUser = config.users.extraUsers.mainUser; music_dir = "/home/radio/music"; @@ -84,6 +83,17 @@ let }' ''; + set_irc_topic = pkgs.writeDash "set_irc_topic" '' + ${pkgs.curl}/bin/curl -fsSv --unix-socket /home/radio/reaktor.sock http://z/ \ + -H content-type:application/json \ + -d "$(${pkgs.jq}/bin/jq -n \ + --arg text "$1" '{ + command:"TOPIC", + params:["#the_playlist",$text] + }' + )" + ''; + write_to_irc = pkgs.writeDash "write_to_irc" '' ${pkgs.curl}/bin/curl -fsSv --unix-socket /home/radio/reaktor.sock http://z/ \ -H content-type:application/json \ @@ -128,11 +138,25 @@ in { services.mpd = { enable = true; - group = "radio"; + user = "radio"; musicDirectory = "${music_dir}"; + dataDir = "/home/radio/state"; # TODO create this somwhere extraConfig = '' log_level "default" auto_update "yes" + volume_normalization "yes" + + audio_output { + type "httpd" + name "lassulus radio mp3" + encoder "lame" # optional + port "8002" + quality "5.0" # do not define if bitrate is defined + # bitrate "128" # do not define if quality is defined + format "44100:16:2" + always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped. + tags "yes" # httpd supports sending tags to listening streams. + } audio_output { type "httpd" @@ -152,6 +176,7 @@ in { tables = { filter.INPUT.rules = [ { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 8002"; target = "ACCEPT"; } { predicate = "-i retiolum -p tcp --dport 8001"; target = "ACCEPT"; } ]; }; @@ -200,10 +225,10 @@ in { ${pkgs.mpc_cli}/bin/mpc idle player > /dev/null ${pkgs.mpc_cli}/bin/mpc current -f %file% done | while read track; do - listeners=$(${pkgs.iproute}/bin/ss -Hno state established 'sport = :8000' | wc -l) + listeners=$(${pkgs.iproute}/bin/ss -Hno state established 'sport = :8000' | grep '^mptcp' | wc -l) echo "$(date -Is)" "$track" | tee -a "$HISTORY_FILE" echo "$(tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE" - ${write_to_irc} "playing: $track listeners: $listeners" + ${set_irc_topic} "playing: $track listeners: $listeners" done ''; in { @@ -349,7 +374,7 @@ in { }; services.syncthing.declarative.folders."the_playlist" = { path = "/home/radio/music/the_playlist"; - devices = [ "mors" "phone" "prism" "xerxes" ]; + devices = [ "mors" "phone" "prism" ]; }; krebs.permown."/home/radio/music/the_playlist" = { owner = "radio"; diff --git a/lass/2configs/review.nix b/lass/2configs/review.nix new file mode 100644 index 000000000..658f32084 --- /dev/null +++ b/lass/2configs/review.nix @@ -0,0 +1,14 @@ +{ config, pkgs, ... }: + +let + mainUser = config.users.extraUsers.mainUser; +in { + + users.users.review = { + isNormalUser = true; + packages = [ pkgs.nixpkgs-review ]; + }; + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(review) NOPASSWD: ALL + ''; +} diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index c43c8c902..e603f49da 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -170,6 +170,7 @@ in { home = "/home/UBIK-SFTP"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.xanf = { @@ -178,6 +179,7 @@ in { home = "/home/xanf"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.domsen = { @@ -185,8 +187,9 @@ in { description = "maintenance acc for domsen"; home = "/home/domsen"; useDefaultShell = true; - extraGroups = [ "nginx" "download" ]; + extraGroups = [ "syncthing" "download" "xanf" ]; createHome = true; + isNormalUser = true; }; users.users.bruno = { @@ -194,6 +197,7 @@ in { home = "/home/bruno"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.jla-trading = { @@ -201,6 +205,7 @@ in { home = "/home/jla-trading"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.jms = { @@ -208,6 +213,7 @@ in { home = "/home/jms"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.ms = { @@ -215,6 +221,7 @@ in { home = "/home/ms"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.testuser = { @@ -222,20 +229,23 @@ in { home = "/home/testuser"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; - users.users.akayguen = { - uid = genid_uint31 "akayguen"; - home = "/home/akayguen"; - useDefaultShell = true; - createHome = true; - }; + #users.users.akayguen = { + # uid = genid_uint31 "akayguen"; + # home = "/home/akayguen"; + # useDefaultShell = true; + # createHome = true; + # isNormalUser = true; + #}; users.users.bui = { uid = genid_uint31 "bui"; home = "/home/bui"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.klabusterbeere = { @@ -243,6 +253,7 @@ in { home = "/home/klabusterbeere"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.kasia = { @@ -250,6 +261,7 @@ in { home = "/home/kasia"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.XANF_TEAM = { @@ -258,6 +270,25 @@ in { home = "/home/XANF_TEAM"; useDefaultShell = true; createHome = true; + isNormalUser = true; + }; + + users.users.dif = { + uid = genid_uint31 "dif"; + home = "/home/dif"; + useDefaultShell = true; + extraGroups = [ "xanf" ]; + createHome = true; + isNormalUser = true; + }; + + users.users.lavafilms = { + uid = genid_uint31 "lavafilms"; + home = "/home/lavafilms"; + useDefaultShell = true; + extraGroups = [ "xanf" ]; + createHome = true; + isNormalUser = true; }; users.groups.xanf = {}; diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 17df71310..bb983b78e 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -97,6 +97,7 @@ in { home = "/srv/http/lassul.us"; useDefaultShell = true; createHome = true; + isSystemUser = true; openssh.authorizedKeys.keys = with config.krebs.users; [ lass.pubkey lass-mors.pubkey diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix index 5cb019c13..5476624c9 100644 --- a/lass/2configs/wine.nix +++ b/lass/2configs/wine.nix @@ -14,8 +14,9 @@ in { ]; createHome = true; packages = [ - pkgs.wineMinimal + pkgs.wineWowPackages.stable ]; + isNormalUser = true; }; }; security.sudo.extraConfig = '' diff --git a/lass/2configs/xonsh.nix b/lass/2configs/xonsh.nix new file mode 100644 index 000000000..23ed28847 --- /dev/null +++ b/lass/2configs/xonsh.nix @@ -0,0 +1,7 @@ +{ config, lib, pkgs, ... }: +{ + environment.systemPackages = [ + pkgs.xonsh + pkgs.xonsh2 + ]; +} diff --git a/lass/3modules/browsers.nix b/lass/3modules/browsers.nix index 0c77d4da8..4171abdb6 100644 --- a/lass/3modules/browsers.nix +++ b/lass/3modules/browsers.nix @@ -5,7 +5,9 @@ let cfg = config.lass.browser; browserScripts = { - chromium = "${pkgs.chromium}/bin/chromium"; + brave = "${pkgs.brave}/bin/brave"; + chrome = "${pkgs.google-chrome}/bin/chrome"; + chromium = "${pkgs.ungoogled-chromium}/bin/chromium"; firefox = "${pkgs.firefox.override { extraNativeMessagingHosts = [ pkgs.tridactyl-native ]; }}/bin/firefox"; @@ -14,8 +16,9 @@ let browser-select = let sortedPaths = sort (a: b: a.value.precedence > b.value.precedence) + (filter (x: ! x.value.hidden) (mapAttrsToList (name: value: { inherit name value; }) - cfg.config); + cfg.config)); in if (lib.length sortedPaths) > 1 then pkgs.writeScriptBin "browser-select" '' BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu) @@ -48,6 +51,10 @@ in { type = types.str; default = config._module.args.name; }; + hidden = mkOption { + type = types.bool; + default = false; + }; precedence = mkOption { type = types.int; default = 0; @@ -58,7 +65,7 @@ in { }; browser = mkOption { type = types.enum (attrNames browserScripts); - default = "chromium"; + default = "brave"; }; groups = mkOption { type = types.listOf types.str; diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix index 37f90ee1c..526e12db7 100644 --- a/lass/3modules/xjail.nix +++ b/lass/3modules/xjail.nix @@ -147,6 +147,7 @@ with import ; useDefaultShell = true; createHome = true; extraGroups = cfg.groups; + isNormalUser = true; } ) config.lass.xjail; diff --git a/lass/5pkgs/tdlib-purple/default.nix b/lass/5pkgs/tdlib-purple/default.nix index 54841588e..d7937da58 100644 --- a/lass/5pkgs/tdlib-purple/default.nix +++ b/lass/5pkgs/tdlib-purple/default.nix @@ -1,6 +1,24 @@ -{ stdenv, fetchFromGitHub, cmake, tdlib, pidgin, libwebp, libtgvoip } : +{ stdenv, pkgs, fetchFromGitHub, cmake, pidgin, libwebp, libtgvoip } : -stdenv.mkDerivation rec { +let + + tdlib = stdenv.mkDerivation rec { + version = "1.6.0"; + pname = "tdlib"; + + src = fetchFromGitHub { + owner = "tdlib"; + repo = "td"; + rev = "v${version}"; + sha256 = "0zlzpl6fgszg18kwycyyyrnkm255dvc6fkq0b0y32m5wvwwl36cv"; + }; + + buildInputs = with pkgs; [ gperf openssl readline zlib ]; + nativeBuildInputs = [ pkgs.cmake ]; + + }; + +in stdenv.mkDerivation rec { pname = "tdlib-purple"; version = "0.7.8"; diff --git a/lass/5pkgs/xonsh2/default.nix b/lass/5pkgs/xonsh2/default.nix new file mode 100644 index 000000000..d55d22445 --- /dev/null +++ b/lass/5pkgs/xonsh2/default.nix @@ -0,0 +1,56 @@ +{ lib, stdenv +, fetchFromGitHub +, python39Packages +, glibcLocales +, coreutils +, git +, extraInputs ? [] +}: let + + python3Packages = python39Packages; + +in python3Packages.buildPythonApplication rec { + pname = "xonsh2"; + version = "master"; + + # fetch from github because the pypi package ships incomplete tests + src = fetchFromGitHub { + owner = "anki-code"; + repo = "xonsh2"; + rev = "bd96fcdce9319ab6b90c7d9ac47d2249b61144d0"; + sha256 = "0b632rac8macfp2mmvhh1f34cf1m5qfpjajwnf676qk7jzn79vx6"; + }; + + LC_ALL = "en_US.UTF-8"; + + postPatch = '' + sed -ie 's|/usr/bin/env|${coreutils}/bin/env|' scripts/xon.sh + find scripts -name 'xonsh*' -exec sed -i -e "s|env -S|env|" {} \; + find -name "*.xsh" | xargs sed -ie 's|/usr/bin/env|${coreutils}/bin/env|' + patchShebangs . + ''; + + doCheck = false; + + checkPhase = '' + HOME=$TMPDIR pytest -k 'not test_repath_backslash and not test_os and not test_man_completion and not test_builtins and not test_main and not test_ptk_highlight and not test_pyghooks' + HOME=$TMPDIR pytest -k 'test_builtins or test_main' --reruns 5 + HOME=$TMPDIR pytest -k 'test_ptk_highlight' + ''; + + checkInputs = [ python3Packages.pytest python3Packages.pytest-rerunfailures glibcLocales git ]; + + propagatedBuildInputs = with python3Packages; [ ply prompt_toolkit pygments ] ++ extraInputs; + + meta = with lib; { + description = "A Python-ish, BASHwards-compatible shell"; + homepage = "https://xon.sh/"; + # changelog = "https://github.com/xonsh/xonsh/releases/tag/${version}"; + license = licenses.bsd3; + platforms = platforms.all; + }; + + passthru = { + shellPath = "/bin/xonsh2"; + }; +} diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 763d36841..1cfa8e4a4 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -126,6 +126,9 @@ in { + { # recent changes mediawiki bot + networking.firewall.allowedUDPPorts = [ 5005 5006 ]; + } # Removed until move: no extra mails # # Removed until move: avoid letsencrypt ban diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 13918a9b1..6afe792ec 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -43,7 +43,6 @@ in { - { environment.systemPackages = [ pkgs.esniper ]; } # # @@ -97,7 +96,7 @@ in { - + # { @@ -141,6 +140,7 @@ in { ]; makefu.full-populate = true; nixpkgs.config.allowUnfree = true; + users.users.share.isNormalUser = true; users.groups.share = { gid = (import ).genid "share"; members = [ "makefu" "misa" ]; @@ -152,6 +152,7 @@ in { users.users.misa = { uid = 9002; name = "misa"; + isNormalUser = true; }; zramSwap.enable = true; diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 80655f998..fee4145b9 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -130,7 +130,7 @@ # Virtualization # - # + #{ # networking.firewall.allowedTCPPorts = [ 8080 ]; # networking.nat = { diff --git a/makefu/1systems/x/x13/default.nix b/makefu/1systems/x/x13/default.nix index ac601845a..ea557bbef 100644 --- a/makefu/1systems/x/x13/default.nix +++ b/makefu/1systems/x/x13/default.nix @@ -8,7 +8,7 @@ # close enough # - + # ]; boot.zfs.requestEncryptionCredentials = true; networking.hostId = "f8b8e0a2"; @@ -32,5 +32,9 @@ users.groups.video = {}; users.users.makefu.extraGroups = [ "video" ]; + + boot.extraModprobeConfig = '' + options thinkpad_acpi fan_control=1 + ''; } diff --git a/makefu/1systems/x/x13/zfs.nix b/makefu/1systems/x/x13/zfs.nix index adfebbf96..d6b99df41 100644 --- a/makefu/1systems/x/x13/zfs.nix +++ b/makefu/1systems/x/x13/zfs.nix @@ -13,6 +13,7 @@ boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; + boot.zfs.enableUnstable = true; # required for 21.05 fileSystems."/" = { device = "zroot/root/nixos"; fsType = "zfs"; diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix index 4abc7d345..6ce0606a8 100644 --- a/makefu/2configs/bgt/download.binaergewitter.de.nix +++ b/makefu/2configs/bgt/download.binaergewitter.de.nix @@ -22,6 +22,7 @@ in { uid = genid "auphonic"; group = "nginx"; useDefaultShell = true; + isSystemUser = true; openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ]; }; diff --git a/makefu/2configs/bgt/hidden_service.nix b/makefu/2configs/bgt/hidden_service.nix index c1a31b8dc..56d319e39 100644 --- a/makefu/2configs/bgt/hidden_service.nix +++ b/makefu/2configs/bgt/hidden_service.nix @@ -41,8 +41,8 @@ in services.tor = { enable = true; hiddenServices."${name}".map = [ - { port = "80"; } - # { port = "443"; toHost = "blog.binaergewitter.de"; } + { port = 80; } + # { port = 443; toHost = "blog.binaergewitter.de"; } ]; }; } diff --git a/makefu/2configs/bgt/social-to-irc.nix b/makefu/2configs/bgt/social-to-irc.nix index 8e81f9b50..d02e60695 100644 --- a/makefu/2configs/bgt/social-to-irc.nix +++ b/makefu/2configs/bgt/social-to-irc.nix @@ -13,7 +13,7 @@ channel = "#binaergewitter"; notifyErrors = false; irc = { - host = "irc.freenode.net"; + host = "irc.libera.chat"; port = 6667; }; #controller = { diff --git a/makefu/2configs/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix index 669754caf..46bf05963 100644 --- a/makefu/2configs/bureautomation/default.nix +++ b/makefu/2configs/bureautomation/default.nix @@ -6,7 +6,7 @@ in { imports = [ ./ota.nix ./comic-updater.nix - ./puppy-proxy.nix + # ./puppy-proxy.nix ./zigbee2mqtt diff --git a/makefu/2configs/dcpp/hub.nix b/makefu/2configs/dcpp/hub.nix index fbbce1f09..d9a2869cc 100644 --- a/makefu/2configs/dcpp/hub.nix +++ b/makefu/2configs/dcpp/hub.nix @@ -33,10 +33,11 @@ let uhubDir = "/var/lib/uhub"; in { - users.extraUsers."${ddclientUser}" = { + users.users."${ddclientUser}" = { uid = genid "ddclient"; description = "ddclient daemon user"; home = stateDir; + isSystemUser = true; createHome = true; }; diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index be64e402e..52206c380 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -23,6 +23,7 @@ with import ; group = "users"; home = "/home/makefu"; createHome = true; + isNormalUser = true; useDefaultShell = true; extraGroups = [ "wheel" ]; openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; diff --git a/makefu/2configs/deployment/dirctator.nix b/makefu/2configs/deployment/dirctator.nix index 4f2f8818d..7303bb414 100644 --- a/makefu/2configs/deployment/dirctator.nix +++ b/makefu/2configs/deployment/dirctator.nix @@ -15,7 +15,7 @@ in { inputConfig = '' irc { channels => [ "#krebs", "#afra" ] - host => "irc.freenode.net" + host => "irc.hackint.org" nick => "dirctator" } ''; diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index 86bd4b524..0593cf7fc 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -75,7 +75,7 @@ in { }; }; services.redis.enable = true; - systemd.services.redis.serviceConfig.LimitNOFILE=65536; + systemd.services.redis.serviceConfig.LimitNOFILE=mkForce "65536"; services.postgresql = { enable = true; # Ensure the database, user, and permissions always exist diff --git a/makefu/2configs/deployment/rss.euer.krebsco.de.nix b/makefu/2configs/deployment/rss.euer.krebsco.de.nix index a7ada9395..098ffcdd5 100644 --- a/makefu/2configs/deployment/rss.euer.krebsco.de.nix +++ b/makefu/2configs/deployment/rss.euer.krebsco.de.nix @@ -7,6 +7,11 @@ in { virtualHost = fqdn; selfUrlPath = "https://${fqdn}"; }; + + nixpkgs.config.permittedInsecurePackages = [ + "python2.7-Pillow-6.2.2" + ]; + systemd.services.tt-rss.serviceConfig.ExecStart = lib.mkForce "${pkgs.php}/bin/php /var/lib/tt-rss/update_daemon2.php"; services.postgresql.package = pkgs.postgresql_9_6; state = [ config.services.postgresqlBackup.location ]; diff --git a/makefu/2configs/elchos/irc-token.nix b/makefu/2configs/elchos/irc-token.nix index a91223b28..4844bf29f 100644 --- a/makefu/2configs/elchos/irc-token.nix +++ b/makefu/2configs/elchos/irc-token.nix @@ -17,7 +17,7 @@ in { echo "$message" LOGNAME=sec-announcer HOSTNAME=$(${pkgs.systemd}/bin/hostnamectl --transient) - IRC_SERVER=irc.freenode.net + IRC_SERVER=irc.hackint.org IRC_PORT=6667 IRC_NICK=$HOSTNAME-$$ IRC_CHANNEL='#eloop' diff --git a/makefu/2configs/filepimp-share.nix b/makefu/2configs/filepimp-share.nix index 70c0320a1..abbdcbbb2 100644 --- a/makefu/2configs/filepimp-share.nix +++ b/makefu/2configs/filepimp-share.nix @@ -6,7 +6,7 @@ let in { users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; # effectively systemUser description = "smb guest user"; home = "/var/empty"; }; diff --git a/makefu/2configs/home/ham/automation/fenster_auf.nix b/makefu/2configs/home/ham/automation/fenster_auf.nix index 871f248b9..b24f6445d 100644 --- a/makefu/2configs/home/ham/automation/fenster_auf.nix +++ b/makefu/2configs/home/ham/automation/fenster_auf.nix @@ -19,8 +19,8 @@ let [ { service = "notify.signal_home"; - data = { - message= "${name} seit ${toString min} Minuten offen\nBitte einmal checken ob das ok ist :)"; + data_template = { + message = "${name} seit ${toString min} Minuten offen und draussen ist es gerade {{states.sensor.dark_sky_temperature.state}}°C bei {{states.sensor.dark_sky_humidity.state}}% Luftfeuchte"; }; } { @@ -36,6 +36,7 @@ let platform = "state"; entity_id = entity; to = "off"; + for.seconds = 10; } ]; condition = [ @@ -61,12 +62,13 @@ let in { services.home-assistant.config = { input_boolean = { - badezimmerfinester_lang_offen.name = "Badezimmer lange offen"; + badezimmerfenster_lang_offen.name = "Badezimmer lange offen"; duschfenster_lang_offen.name = "Duschfenster lange offen"; }; automation = [ (fenster_geschlossen_lang "Badezimmerfenster" "binary_sensor.badezimmer_fenster_contact") - (fenster_geschlossen_lang "Duschfenster" "binary_sensor.badezimmer_fenster_contact") + (fenster_geschlossen_lang "Duschfenster" "binary_sensor.dusche_fenster_contact") + (fenster_offen "Badezimmerfenster" "binary_sensor.badezimmer_fenster_contact") (fenster_offen "Duschfenster" "binary_sensor.dusche_fenster_contact") ]; diff --git a/makefu/2configs/home/ham/automation/pflanzen_giessen_erinnerung.nix b/makefu/2configs/home/ham/automation/pflanzen_giessen_erinnerung.nix index 3aaa57bd6..32a373edc 100644 --- a/makefu/2configs/home/ham/automation/pflanzen_giessen_erinnerung.nix +++ b/makefu/2configs/home/ham/automation/pflanzen_giessen_erinnerung.nix @@ -5,22 +5,22 @@ let }; notify_home = message: { service = "notify.signal_home"; - data.message = message; + data_template.message = message; }; in { services.home-assistant.config.automation = [ - { - alias = "Pflanzen Giessen Erinnerung Daily"; - trigger = { - platform = "time"; - at = "12:15:00"; - }; - action = [ - (notify_felix "Es ist Mittagszeit und du kannst ruhig einmal alle Blumen im Zimmer giessen") - ]; - } + #{ + # alias = "Pflanzen Giessen Erinnerung Daily"; + # trigger = { + # platform = "time"; + # at = "12:15:00"; + # }; + # action = [ + # (notify_felix "Es ist Mittagszeit und du kannst ruhig einmal alle Blumen im Zimmer giessen") + # ]; + #} { alias = "Pflanzen Giessen Erinnerung Weekly"; trigger = { @@ -32,7 +32,11 @@ in weekday = [ "sat" ]; }; action = [ - (notify_home "Es ist Wochenende und die Pflanzen würden sich über ein bisschen Wasser freuen.") + (notify_home + ''Es ist Wochenende und die Pflanzen würden sich über ein bisschen Wasser freuen. + Die Wettervorhersage: {{states.sensor.dark_sky_summary.state}} mit einer Regenwahrscheinlichkeit von {{states.sensor.dark_sky_precip_probability.state}}%. + Aktuell sind es {{states.sensor.dark_sky_temperature.state}}°C bei {{states.sensor.dark_sky_humidity.state}}% Luftfeuchte. + Der UV Index liegt bei {{states.sensor.dark_sky_uv_index.state}}'') ]; } ]; diff --git a/makefu/2configs/home/ham/default.nix b/makefu/2configs/home/ham/default.nix index 11894906e..79f26a053 100644 --- a/makefu/2configs/home/ham/default.nix +++ b/makefu/2configs/home/ham/default.nix @@ -180,7 +180,8 @@ in { frontend = { }; http = { use_x_forwarded_for = true; - server_host = "127.0.0.1"; + #server_host = "127.0.0.1"; + server_host = "0.0.0.0"; trusted_proxies = [ "127.0.0.1" ]; #trusted_proxies = [ "192.168.1.0/24" ]; }; diff --git a/makefu/2configs/home/metube.nix b/makefu/2configs/home/metube.nix index 50646d210..e6008d475 100644 --- a/makefu/2configs/home/metube.nix +++ b/makefu/2configs/home/metube.nix @@ -26,7 +26,10 @@ in ]; user = "metube"; }; - users.users.metube.uid = uid; + users.users.metube = { + uid = uid; + isSystemUser = true; + }; systemd.services.docker-metube.serviceConfig = { StandardOutput = lib.mkForce "journal"; diff --git a/makefu/2configs/home/zigbee2mqtt/default.nix b/makefu/2configs/home/zigbee2mqtt/default.nix index 95ee56835..1c4582ed5 100644 --- a/makefu/2configs/home/zigbee2mqtt/default.nix +++ b/makefu/2configs/home/zigbee2mqtt/default.nix @@ -20,7 +20,7 @@ in services.zigbee2mqtt = { enable = true; inherit dataDir; - config = { + settings = { permit_join = true; serial.port = "/dev/cc2531"; homeassistant = true; diff --git a/makefu/2configs/lanparty/samba.nix b/makefu/2configs/lanparty/samba.nix index 4176d7b35..0bd29497d 100644 --- a/makefu/2configs/lanparty/samba.nix +++ b/makefu/2configs/lanparty/samba.nix @@ -3,7 +3,7 @@ networking.firewall.allowedTCPPorts = [ 139 445 ]; users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; #effectively systemUser description = "smb guest user"; home = "/data/lanparty"; createHome = true; diff --git a/makefu/2configs/nsupdate-data.nix b/makefu/2configs/nsupdate-data.nix index cfa6193c6..2f8f4acc4 100644 --- a/makefu/2configs/nsupdate-data.nix +++ b/makefu/2configs/nsupdate-data.nix @@ -34,6 +34,7 @@ in { description = "ddclient daemon user"; home = stateDir; createHome = true; + isSystemUser = true; }; systemd.services = { diff --git a/makefu/2configs/remote-build/slave.nix b/makefu/2configs/remote-build/slave.nix index 0227f512a..039698f1d 100644 --- a/makefu/2configs/remote-build/slave.nix +++ b/makefu/2configs/remote-build/slave.nix @@ -1,11 +1,12 @@ {config,...}:{ nix.trustedUsers = [ "nixBuild" ]; users.users.nixBuild = { - name = "nixBuild"; - useDefaultShell = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.buildbotSlave.pubkey - config.krebs.users.makefu-remote-builder.pubkey - ]; - }; + name = "nixBuild"; + isNormalUser = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.buildbotSlave.pubkey + config.krebs.users.makefu-remote-builder.pubkey + ]; + }; } diff --git a/makefu/2configs/share-user-sftp.nix b/makefu/2configs/share-user-sftp.nix index 2c93143ec..26f1d3ba3 100644 --- a/makefu/2configs/share-user-sftp.nix +++ b/makefu/2configs/share-user-sftp.nix @@ -5,6 +5,7 @@ share = { uid = 9002; home = "/var/empty"; + isNormalUser = true; openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; }; }; diff --git a/makefu/2configs/share/gum.nix b/makefu/2configs/share/gum.nix index 27e0c638b..fd81f28ca 100644 --- a/makefu/2configs/share/gum.nix +++ b/makefu/2configs/share/gum.nix @@ -11,7 +11,10 @@ in { # home = "/var/empty"; # }; environment.systemPackages = [ pkgs.samba ]; - users.users.download.uid = genid "download"; + users.users.download = { + uid = genid "download"; + isNormalUser = true; + }; services.samba = { enable = true; shares = { diff --git a/makefu/2configs/share/temp-share-samba.nix b/makefu/2configs/share/temp-share-samba.nix index ac0eaa978..56beb5b42 100644 --- a/makefu/2configs/share/temp-share-samba.nix +++ b/makefu/2configs/share/temp-share-samba.nix @@ -9,7 +9,7 @@ networking.firewall.allowedTCPPorts = [ 139 445 ]; users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; # effectively systemUser description = "smb guest user"; home = "/home/share"; createHome = true; diff --git a/makefu/2configs/share/wbob.nix b/makefu/2configs/share/wbob.nix index 9695751ff..f2c36b551 100644 --- a/makefu/2configs/share/wbob.nix +++ b/makefu/2configs/share/wbob.nix @@ -3,7 +3,7 @@ networking.firewall.allowedTCPPorts = [ 139 445 ]; users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; # effectively systemUser description = "smb guest user"; home = "/home/share"; createHome = true; diff --git a/makefu/2configs/stats/arafetch.nix b/makefu/2configs/stats/arafetch.nix index e96daa038..c8ccbfbb9 100644 --- a/makefu/2configs/stats/arafetch.nix +++ b/makefu/2configs/stats/arafetch.nix @@ -23,6 +23,7 @@ in { uid = genid "arafetch"; inherit home; createHome = true; + isSystemUser = true; }; systemd.services.ara2mqtt = { diff --git a/makefu/2configs/systemdultras/ircbot.nix b/makefu/2configs/systemdultras/ircbot.nix index 006cafec0..20cdf7ba7 100644 --- a/makefu/2configs/systemdultras/ircbot.nix +++ b/makefu/2configs/systemdultras/ircbot.nix @@ -11,7 +11,7 @@ config = { channel = "#systemdultras"; irc = { - host = "irc.freenode.net"; + host = "irc.hackint.org"; port = 6667; }; notifyErrors = false; diff --git a/makefu/2configs/temp/share-samba.nix b/makefu/2configs/temp/share-samba.nix index 34f0ab0b4..106f8fac6 100644 --- a/makefu/2configs/temp/share-samba.nix +++ b/makefu/2configs/temp/share-samba.nix @@ -1,7 +1,7 @@ {config, ... }:{ users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; # effectively systemUser group = "share"; description = "smb guest user"; home = "/var/empty"; diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index 5a29eea85..763603dfd 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -16,7 +16,10 @@ saleae-logic gitAndTools.gitFull signal-desktop + element-desktop # rambox + vscode + chitubox ]; } diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix index d66ea7760..14e782e3f 100644 --- a/makefu/2configs/tools/media.nix +++ b/makefu/2configs/tools/media.nix @@ -15,6 +15,6 @@ streamripper youtube-dl - pulseeffects + pulseeffects-legacy # for pulse ]; } diff --git a/makefu/2configs/tools/sec.nix b/makefu/2configs/tools/sec.nix index 17a980ef7..acc22d647 100644 --- a/makefu/2configs/tools/sec.nix +++ b/makefu/2configs/tools/sec.nix @@ -4,7 +4,7 @@ users.users.makefu.packages = with pkgs; [ aria2 # mitmproxy - pythonPackages.binwalk-full + python3Packages.binwalk-full dnsmasq iodine mtr diff --git a/makefu/3modules/ps3netsrv.nix b/makefu/3modules/ps3netsrv.nix index 5222e50ac..30070430c 100644 --- a/makefu/3modules/ps3netsrv.nix +++ b/makefu/3modules/ps3netsrv.nix @@ -50,6 +50,7 @@ let # TODO only create if user is ps3netsrv users.users.ps3netsrv = { uid = genid "ps3netsrv"; + isSystemUser = true; }; users.groups.ps3netsrv.gid = genid "ps3netsrv"; }; diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg index bbf15e603..049c145dd 100644 --- a/makefu/5pkgs/awesomecfg/full.cfg +++ b/makefu/5pkgs/awesomecfg/full.cfg @@ -489,6 +489,8 @@ awful.rules.rules = { properties = { tag = tags[4] } }, { rule = { class = "telegram-desktop" }, properties = { tag = tags[4] } }, + { rule = { class = "element-desktop" }, + properties = { tag = tags[4] } }, { rule = { class = "mutt" }, properties = { tag = tags[5] } }, { rule = { class = "mosh" }, diff --git a/makefu/5pkgs/chitubox/default.nix b/makefu/5pkgs/chitubox/default.nix new file mode 100644 index 000000000..bea33e64f --- /dev/null +++ b/makefu/5pkgs/chitubox/default.nix @@ -0,0 +1,67 @@ +{ stdenv, autoPatchelfHook, libglvnd +, libgcrypt,zlib,glib,fontconfig,freetype,libdrm +, libxkbcommon +, libpulseaudio +, xlibs +, gst_all_1 +, kerberos +, alsaLib +}: +# via https://raw.githubusercontent.com/simon-the-sourcerer-ab/chitubox/main/default.nix +stdenv.mkDerivation rec { + pname = "chitubox"; + + version = "1.8.1"; + + src = builtins.fetchTarball { + #url = "https://sac.chitubox.com/software/download.do?softwareId=17839&softwareVersionId=v${version}&fileName=CHITUBOX_V${version}.tar.gz"; + url = "https://archive.org/download/chitubox-v-1.8.1.tar/CHITUBOX_V${version}.tar.gz"; + sha256 = "08fh8w7s5qvlx6bhdg24g81a7zprq7n8m27w2vdv0cd8j0wixbsx"; + }; + nativeBuildInputs = [ autoPatchelfHook ]; + + buildInputs = with xlibs; [ stdenv.cc.cc.lib libglvnd libgcrypt zlib glib fontconfig freetype libdrm + libxkbcommon libpulseaudio kerberos alsaLib + xcbutilwm xcbutilimage xcbutilrenderutil xcbutilkeysyms + gst_all_1.gst-plugins-base gst_all_1.gstreamer +]; + + buildPhase = '' + mkdir -p bin + mv CHITUBOX bin/chitubox + + # Remove unused stuff + rm AppRun + + # Place resources where ChiTuBox can expect to find them + mkdir ChiTuBox + mv resource ChiTuBox/ + + # Configure Qt paths + cat << EOF > bin/qt.conf + [Paths] + Prefix = $out + Plugins = plugins + Imports = qml + Qml2Imports = qml + EOF + ''; + + installPhase = '' + mkdir -p $out + mv * $out/ + ''; + + autoPatchelfIgnoreMissingDeps=true; + + meta = { + description = "A Revolutionary Tool to Change 3D Printing Processes within One Click"; + homepage = "https://www.chitubox.com"; + license = { + fullName = "ChiTuBox EULA"; + shortName = "ChiTuBox"; + url = "https://www.chitubox.com"; + }; + }; +} + diff --git a/makefu/5pkgs/droidcam/default.nix b/makefu/5pkgs/droidcam/default.nix deleted file mode 100644 index d30fb01a6..000000000 --- a/makefu/5pkgs/droidcam/default.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ stdenv, fetchFromGitHub -, pkg-config -, alsaLib -, libjpeg_turbo -, ffmpeg -, libusbmuxd -, speex -, gtk3 -, libappindicator-gtk3 -}: - -stdenv.mkDerivation rec { - pname = "droidcam"; - version = "1.6"; - - src = fetchFromGitHub { - owner = "aramg"; - repo = "droidcam"; - rev = "v${version}"; - sha256 = "1d9qpnmqa3pfwsrpjnxdz76ipk4w37bbxyrazchh4vslnfc886fx"; - }; - - sourceRoot = "source/linux"; - - nativeBuildInputs = [ pkg-config ]; - buildInputs = [ - alsaLib - libjpeg_turbo - ffmpeg - libusbmuxd - speex - gtk3 - libappindicator-gtk3 - ]; - - buildPhase = '' - runHook preBuild - make JPEG_DIR="" JPEG_INCLUDE="" JPEG_LIB="" JPEG="$(pkg-config --libs --cflags libturbojpeg)" - ''; - installPhase = '' - runHook preInstall - install -Dm755 "droidcam" "$out/bin/droidcam" - install -Dm755 "droidcam-cli" "$out/bin/droidcam-cli" - install -Dm644 icon2.png "$out/share/pixmaps/droidcam.png" - install -Dm644 README.md "$out/share/licenses/droidcam/LICENSE" - ''; - - meta = with stdenv.lib; { - description = "A kernel module to create V4L2 loopback devices"; - homepage = "https://github.com/aramg/droidcam"; - license = licenses.gpl2; - maintainers = [ maintainers.makefu ]; - platforms = platforms.linux; - }; -} diff --git a/makefu/5pkgs/hdl-dump/default.nix b/makefu/5pkgs/hdl-dump/default.nix deleted file mode 100644 index bd454223a..000000000 --- a/makefu/5pkgs/hdl-dump/default.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub, upx, wine }: -stdenv.mkDerivation rec { - pname = "hdl-dump"; - version = "75df8d7"; - name = "${pname}-${version}"; - - src = fetchFromGitHub { - owner = "AKuHAK"; - repo = "hdl-dump"; - rev = version; - sha256 = "10jjr6p5yn0c182x17m7q68jmf8gizcny7wjxw7z5yh0fv5s48z4"; - }; - - buildInputs = [ upx wine ]; - - makeFlags = [ "RELEASE=yes" ]; - - # uses wine, currently broken - #postBuild = '' - # make -C gui - #''; - - installPhase = '' - mkdir -p $out/bin - cp hdl_dump $out/bin - ''; - - meta = { - homepage = https://github.com/AKuHAK/hdl-dump ; - description = "copy isos to psx hdd"; - license = lib.licenses.gpl2; - }; -} diff --git a/makefu/5pkgs/shiori/default.nix b/makefu/5pkgs/shiori/default.nix index ee4aa9304..7de1e5ae1 100644 --- a/makefu/5pkgs/shiori/default.nix +++ b/makefu/5pkgs/shiori/default.nix @@ -1,6 +1,6 @@ -{ go_1_14, buildGoPackage, fetchFromGitHub }: +{ buildGoPackage, fetchFromGitHub }: let - builder = buildGoPackage.override { go = go_1_14; }; + builder = buildGoPackage; in builder rec { name = "shiori-${version}"; diff --git a/makefu/5pkgs/tt-rss/default.nix b/makefu/5pkgs/tt-rss/default.nix deleted file mode 100644 index 4907a73a5..000000000 --- a/makefu/5pkgs/tt-rss/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ stdenv, fetchurl }: - -stdenv.mkDerivation rec { - pname = "tt-rss"; - version = "2020-09-23"; - rev = "d0ed7890df"; - - src = fetchurl { - url = "https://git.tt-rss.org/git/tt-rss/archive/${rev}.tar.gz"; - sha256 = "1b2fczd41bqg9bq37r99svrqswr9qrp35m6gn3nz032yqcwc22ij"; - }; - - installPhase = '' - mkdir $out - cp -ra * $out/ - ''; - - meta = with stdenv.lib; { - description = "Web-based news feed (RSS/Atom) aggregator"; - license = licenses.gpl2Plus; - homepage = "https://tt-rss.org"; - maintainers = with maintainers; [ globin zohl ]; - platforms = platforms.all; - }; -} diff --git a/makefu/krops.nix b/makefu/krops.nix index 697039720..fd53f004e 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -77,7 +77,7 @@ (lib.mkIf ( host-src.home-manager ) { home-manager.git = { url = https://github.com/rycee/home-manager; - ref = "63f299b"; + ref = "fd5fbb0a241f644908cdf01ccd1821d0606fb4fd"; }; }) ];