From 1aa069d3b734107e0e0a62c8c7e08bd87f8f7b67 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 May 2021 10:47:31 +0200 Subject: [PATCH 001/108] ma pkgs.chitubox: init at 1.8.1 --- makefu/5pkgs/chitubox/default.nix | 66 +++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 makefu/5pkgs/chitubox/default.nix diff --git a/makefu/5pkgs/chitubox/default.nix b/makefu/5pkgs/chitubox/default.nix new file mode 100644 index 000000000..2e01949bb --- /dev/null +++ b/makefu/5pkgs/chitubox/default.nix @@ -0,0 +1,66 @@ +{ stdenv, autoPatchelfHook, libglvnd +, libgcrypt,zlib,glib,fontconfig,freetype,libdrm +, libxkbcommon +, libpulseaudio +, xlibs +, gst_all_1 +, kerberos +, alsaLib +}: +# via https://raw.githubusercontent.com/simon-the-sourcerer-ab/chitubox/main/default.nix +stdenv.mkDerivation rec { + pname = "chitubox"; + + version = "1.8.1"; + + src = builtins.fetchTarball { + url = "https://sac.chitubox.com/software/download.do?softwareId=17839&softwareVersionId=v${version}&fileName=CHITUBOX_V${version}.tar.gz"; + sha256 = "08fh8w7s5qvlx6bhdg24g81a7zprq7n8m27w2vdv0cd8j0wixbsx"; + }; + nativeBuildInputs = [ autoPatchelfHook ]; + + buildInputs = with xlibs; [ stdenv.cc.cc.lib libglvnd libgcrypt zlib glib fontconfig freetype libdrm + libxkbcommon libpulseaudio kerberos alsaLib + xcbutilwm xcbutilimage xcbutilrenderutil xcbutilkeysyms + gst_all_1.gst-plugins-base gst_all_1.gstreamer +]; + + buildPhase = '' + mkdir -p bin + mv CHITUBOX bin/chitubox + + # Remove unused stuff + rm AppRun + + # Place resources where ChiTuBox can expect to find them + mkdir ChiTuBox + mv resource ChiTuBox/ + + # Configure Qt paths + cat << EOF > bin/qt.conf + [Paths] + Prefix = $out + Plugins = plugins + Imports = qml + Qml2Imports = qml + EOF + ''; + + installPhase = '' + mkdir -p $out + mv * $out/ + ''; + + autoPatchelfIgnoreMissingDeps=true; + + meta = { + description = "A Revolutionary Tool to Change 3D Printing Processes within One Click"; + homepage = "https://www.chitubox.com"; + license = { + fullName = "ChiTuBox EULA"; + shortName = "ChiTuBox"; + url = "https://www.chitubox.com"; + }; + }; +} + From ba58fde0957b5801322ba30e82efd0575d9a7b7b Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 May 2021 10:49:40 +0200 Subject: [PATCH 002/108] ma ham: fix typo for fenster_auf automation --- makefu/2configs/home/ham/automation/fenster_auf.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/home/ham/automation/fenster_auf.nix b/makefu/2configs/home/ham/automation/fenster_auf.nix index 871f248b9..b4459a31d 100644 --- a/makefu/2configs/home/ham/automation/fenster_auf.nix +++ b/makefu/2configs/home/ham/automation/fenster_auf.nix @@ -61,7 +61,7 @@ let in { services.home-assistant.config = { input_boolean = { - badezimmerfinester_lang_offen.name = "Badezimmer lange offen"; + badezimmerfenster_lang_offen.name = "Badezimmer lange offen"; duschfenster_lang_offen.name = "Duschfenster lange offen"; }; automation = [ From dbf138ec8c9af6b66cd571f663a8362967604d23 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 25 May 2021 09:51:36 +0200 Subject: [PATCH 003/108] ma hw/x13: allow fan control --- makefu/1systems/x/x13/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/makefu/1systems/x/x13/default.nix b/makefu/1systems/x/x13/default.nix index ac601845a..f0d663ee9 100644 --- a/makefu/1systems/x/x13/default.nix +++ b/makefu/1systems/x/x13/default.nix @@ -32,5 +32,9 @@ users.groups.video = {}; users.users.makefu.extraGroups = [ "video" ]; + + boot.extraModprobeConfig = '' + options thinkpad_acpi fan_control=1 + ''; } From 49db565ce830f18df6cec6fdb6291b9773f57161 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 25 May 2021 09:52:00 +0200 Subject: [PATCH 004/108] ma: move away from freenode --- makefu/2configs/bgt/social-to-irc.nix | 2 +- makefu/2configs/deployment/dirctator.nix | 2 +- makefu/2configs/elchos/irc-token.nix | 2 +- makefu/2configs/systemdultras/ircbot.nix | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/makefu/2configs/bgt/social-to-irc.nix b/makefu/2configs/bgt/social-to-irc.nix index 8e81f9b50..d02e60695 100644 --- a/makefu/2configs/bgt/social-to-irc.nix +++ b/makefu/2configs/bgt/social-to-irc.nix @@ -13,7 +13,7 @@ channel = "#binaergewitter"; notifyErrors = false; irc = { - host = "irc.freenode.net"; + host = "irc.libera.chat"; port = 6667; }; #controller = { diff --git a/makefu/2configs/deployment/dirctator.nix b/makefu/2configs/deployment/dirctator.nix index 4f2f8818d..7303bb414 100644 --- a/makefu/2configs/deployment/dirctator.nix +++ b/makefu/2configs/deployment/dirctator.nix @@ -15,7 +15,7 @@ in { inputConfig = '' irc { channels => [ "#krebs", "#afra" ] - host => "irc.freenode.net" + host => "irc.hackint.org" nick => "dirctator" } ''; diff --git a/makefu/2configs/elchos/irc-token.nix b/makefu/2configs/elchos/irc-token.nix index a91223b28..4844bf29f 100644 --- a/makefu/2configs/elchos/irc-token.nix +++ b/makefu/2configs/elchos/irc-token.nix @@ -17,7 +17,7 @@ in { echo "$message" LOGNAME=sec-announcer HOSTNAME=$(${pkgs.systemd}/bin/hostnamectl --transient) - IRC_SERVER=irc.freenode.net + IRC_SERVER=irc.hackint.org IRC_PORT=6667 IRC_NICK=$HOSTNAME-$$ IRC_CHANNEL='#eloop' diff --git a/makefu/2configs/systemdultras/ircbot.nix b/makefu/2configs/systemdultras/ircbot.nix index 006cafec0..20cdf7ba7 100644 --- a/makefu/2configs/systemdultras/ircbot.nix +++ b/makefu/2configs/systemdultras/ircbot.nix @@ -11,7 +11,7 @@ config = { channel = "#systemdultras"; irc = { - host = "irc.freenode.net"; + host = "irc.hackint.org"; port = 6667; }; notifyErrors = false; From a94c6a5011250433e6fc17dcdf5b90799c2718c4 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 25 May 2021 09:52:28 +0200 Subject: [PATCH 005/108] ma ham: fix fenster_auf automation --- makefu/2configs/home/ham/automation/fenster_auf.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/home/ham/automation/fenster_auf.nix b/makefu/2configs/home/ham/automation/fenster_auf.nix index b4459a31d..0c57fc760 100644 --- a/makefu/2configs/home/ham/automation/fenster_auf.nix +++ b/makefu/2configs/home/ham/automation/fenster_auf.nix @@ -36,6 +36,7 @@ let platform = "state"; entity_id = entity; to = "off"; + for.seconds = 10; } ]; condition = [ @@ -66,7 +67,8 @@ in { }; automation = [ (fenster_geschlossen_lang "Badezimmerfenster" "binary_sensor.badezimmer_fenster_contact") - (fenster_geschlossen_lang "Duschfenster" "binary_sensor.badezimmer_fenster_contact") + (fenster_geschlossen_lang "Duschfenster" "binary_sensor.dusche_fenster_contact") + (fenster_offen "Badezimmerfenster" "binary_sensor.badezimmer_fenster_contact") (fenster_offen "Duschfenster" "binary_sensor.dusche_fenster_contact") ]; From 43654edcc3e30e62de559d8d66484b0aba79e18c Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 29 May 2021 10:08:21 +0200 Subject: [PATCH 006/108] ma x: re-enable vbox --- makefu/1systems/x/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 80655f998..fee4145b9 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -130,7 +130,7 @@ # Virtualization # - # + #{ # networking.firewall.allowedTCPPorts = [ 8080 ]; # networking.nat = { From 3b601871b7b73c917275ac4f0a19c575a7744b7f Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 1 Jun 2021 19:05:58 +0200 Subject: [PATCH 007/108] external: add nxnv (rtjure) --- krebs/3modules/external/default.nix | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 123bbac47..31cd9e2c3 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -589,6 +589,32 @@ in { }; }; }; + nxnv = { + owner = config.krebs.users.rtjure; + nets = { + retiolum = { + ip4.addr = "10.243.122.127"; + aliases = [ + "nxnv.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxEs92W/wRl3wlB6fNS2KUS+ubFAPLkgQYhk4JXeEeTpUq1H27oxB + ZWgWOlLMqnvn3w+aHQviWWPl5F6jXCxDOWCwyLhZU4cs45+ub9KKezCeE8IN+gAt + NKDqmRFzao9EXoT7sR65BblqEUR/Aqpykv7n4JdL5pGDbw1GGJ6Xf5QZo2sYm4wp + wdqOROn/V2Sm8NgmD1K6Sa2i6BLHSvHqunI4qoTyMfGXl8sbw6I2iclpQy8td9bt + 1WA7F9kVTZdhaWgfpiZ8sKQ9LoFKoy6jnoppQcl/E8V2XNnjPy8obaLX9rTJ/deT + eW9qmfZeYiFSaDLLWEIZjhaU2l9z72oWyUW8w8GZQD+ypGi+UDMkbAhRHiaVGOZy + S7AodiEL2Ebzj6XJaNYC3LYm5R8U6XlvcHwn4FDtgKkqwXz08cZsPwQLoBjXUEi/ + 9/A5WEwrmp62TJ/ZRcRwV8/dBklrc/4FT0q0CiMuCWcbjF891d68TvcXlVU3gCwN + ld80CS17o2dOsBBW4nft7+9tL545p7mMjw6Oa4kRUTo2n1mYkMdTGZR+tOCD6hvW + 45IG7vGq5EnRwolekGoMRf8RthajU2RXcIoNWnVon0so0Rja+AU9G7dobd/2qila + jta1Mou2vzUSAbdwXtBwJHlV9882p1utMlU9XVEZwQXfWSt488tQqzsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; ada = { owner = config.krebs.users.filly; nets = { From d4c67bfb14f48ef8783284d4079191ae10982137 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 3 Jun 2021 19:44:48 +0200 Subject: [PATCH 008/108] nixpkgs: 33824cd -> eaba787 --- krebs/nixpkgs.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 06b865cc8..803b11d32 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "33824cdf8e4fec30c5b9ddc91b18991c3c375227", - "date": "2021-05-18T19:08:44-04:00", - "path": "/nix/store/s3f1q2a5hn60jdnz8h66z7yahrmzifin-nixpkgs", - "sha256": "1sad0x998k3iid2vp57kv4skvf90yh4gbs61dv3p45c2qi3sql46", + "rev": "eaba7870ffc3400eca4407baa24184b7fe337ec1", + "date": "2021-06-02T10:22:59+02:00", + "path": "/nix/store/lcr7kwnx934b1z6wmb1zlqjycdlbaw9x-nixpkgs", + "sha256": "115disiz4b08iw46cidc7lm0advrxn5g2ldmlrxd53zf03skyb2w", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false From 75d139b0bee8a60af81d1477dd1d4f8c4ef5167d Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 3 Jun 2021 19:45:09 +0200 Subject: [PATCH 009/108] nixpkgs: 20.09 -> 21.05 --- krebs/update-nixpkgs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/update-nixpkgs.sh b/krebs/update-nixpkgs.sh index 9a0ea7ed4..368a3ecb3 100755 --- a/krebs/update-nixpkgs.sh +++ b/krebs/update-nixpkgs.sh @@ -3,7 +3,7 @@ dir=$(dirname $0) oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ --url https://github.com/NixOS/nixpkgs \ - --rev refs/heads/nixos-20.09' \ + --rev refs/heads/nixos-21.05' \ > $dir/nixpkgs.json newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev" From a4a29163c5f54006cdf56f1021b594c3bc33f7bf Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 3 Jun 2021 20:02:42 +0200 Subject: [PATCH 010/108] l security: remove deprecated hideProcessInformation --- lass/2configs/htop.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/htop.nix b/lass/2configs/htop.nix index d9307347e..629d74235 100644 --- a/lass/2configs/htop.nix +++ b/lass/2configs/htop.nix @@ -3,7 +3,6 @@ with import ; { - security.hideProcessInformation = true; nixpkgs.config.packageOverrides = super: { htop = pkgs.symlinkJoin { name = "htop"; From ddb9edc6eeb66e2c37244e7ab9c58dfa96e39d5d Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 3 Jun 2021 20:15:00 +0200 Subject: [PATCH 011/108] l xjail: set isNormalUser --- lass/3modules/xjail.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix index 37f90ee1c..526e12db7 100644 --- a/lass/3modules/xjail.nix +++ b/lass/3modules/xjail.nix @@ -147,6 +147,7 @@ with import ; useDefaultShell = true; createHome = true; extraGroups = cfg.groups; + isNormalUser = true; } ) config.lass.xjail; From a400657702a75f928aae7ee5328068a3c8331d27 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 3 Jun 2021 20:15:42 +0200 Subject: [PATCH 012/108] fetchWallpaper: set isSystemUser --- krebs/3modules/fetchWallpaper.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index e89b86e32..852c8f630 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -57,6 +57,7 @@ let description = "fetchWallpaper user"; home = cfg.stateDir; createHome = true; + isSystemUser = true; }; systemd.timers.fetchWallpaper = { From 9d7abe58bb842ef59d5a1132ac1d3c4c9eaac98d Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 3 Jun 2021 20:18:42 +0200 Subject: [PATCH 013/108] l: set isNormalUser --- lass/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 7b6f01148..2d8da72b4 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -32,6 +32,7 @@ with import ; group = "users"; createHome = true; useDefaultShell = true; + isNormalUser = true; extraGroups = [ "audio" "fuse" From 6068c4f75ba4a371841c22581c022bcf930cc964 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 3 Jun 2021 21:33:42 +0200 Subject: [PATCH 014/108] l power-action: set isNormalUser --- lass/2configs/power-action.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/lass/2configs/power-action.nix b/lass/2configs/power-action.nix index c7bdb525d..648ffc784 100644 --- a/lass/2configs/power-action.nix +++ b/lass/2configs/power-action.nix @@ -32,9 +32,12 @@ in { user = "lass"; }; - users.users.power-action.extraGroups = [ - "audio" - ]; + users.users.power-action = { + isNormalUser = true; + extraGroups = [ + "audio" + ]; + }; security.sudo.extraConfig = '' ${config.krebs.power-action.user} ALL= (root) NOPASSWD: ${suspend} From d854866c188bcc299564f413ddbf89acf3b1b243 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 12:07:43 +0200 Subject: [PATCH 015/108] l coaxmetal: update config --- lass/1systems/coaxmetal/config.nix | 40 +++++++++++++++++++++++------- 1 file changed, 31 insertions(+), 9 deletions(-) diff --git a/lass/1systems/coaxmetal/config.nix b/lass/1systems/coaxmetal/config.nix index 3e0b1674a..4fa22e293 100644 --- a/lass/1systems/coaxmetal/config.nix +++ b/lass/1systems/coaxmetal/config.nix @@ -16,27 +16,36 @@ - + # + + + + + # + ]; krebs.build.host = config.krebs.hosts.coaxmetal; - environment.shellAliases = { - deploy = pkgs.writeDash "deploy" '' + environment.systemPackages = with pkgs; [ + brain + bank + l-gen-secrets + (pkgs.writeDashBin "deploy" '' set -eu export SYSTEM="$1" $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) - ''; - usb-tether-on = pkgs.writeDash "usb-tether-on" '' + '') + (pkgs.writeDashBin "usb-tether-on" '' adb shell su -c service call connectivity 33 i32 1 s16 text - ''; - usb-tether-off = pkgs.writeDash "usb-tether-off" '' + '') + (pkgs.writeDashBin "usb-tether-off" '' adb shell su -c service call connectivity 33 i32 0 s16 text - ''; - }; + '') + ]; programs.adb.enable = true; @@ -50,4 +59,17 @@ ''; }; hardware.pulseaudio.package = pkgs.pulseaudioFull; + + lass.browser.config = { + dc = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; }; + ff = { browser = "firefox"; groups = [ "audio" "video" ]; hidden = true; }; + fy = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; }; + }; + + nix.trustedUsers = [ "root" "lass" ]; + + services.tor = { + enable = true; + client.enable = true; + }; } From 28d92fd55cbaa87c832a4e59f5fad49a13597e04 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 12:11:17 +0200 Subject: [PATCH 016/108] l: set tmpOnTmpfs --- lass/2configs/default.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 2d8da72b4..193f4bef1 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -89,9 +89,7 @@ with import ; services.timesyncd.enable = mkForce true; - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" - ]; + boot.tmpOnTmpfs = true; # multiple-definition-problem when defining environment.variables.EDITOR environment.extraInit = '' From af6a87e1bc8bc968f2b343a47040b7120759248b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 12:11:54 +0200 Subject: [PATCH 017/108] l green.r: update android weechat key --- lass/1systems/green/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix index fbd2d223f..d7bf62b40 100644 --- a/lass/1systems/green/config.nix +++ b/lass/1systems/green/config.nix @@ -23,7 +23,7 @@ with import ; users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMe23IAHn4Ow4J4i8M9GJshqvY80U11NKPLum6b1XLn" # weechat ssh tunnel + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0rn3003CkJMk3jZrh/3MC6nVorHRymlFSI4x1brCKY" # weechat ssh tunnel ]; krebs.bindfs = { From f4a5add5a16104bbf416ff68ad1faad71f567539 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 12:16:08 +0200 Subject: [PATCH 018/108] l bitcoin: set isNormalUser, cleanup --- lass/2configs/bitcoin.nix | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/lass/2configs/bitcoin.nix b/lass/2configs/bitcoin.nix index 9f6fd3bf0..9aa97a8ce 100644 --- a/lass/2configs/bitcoin.nix +++ b/lass/2configs/bitcoin.nix @@ -4,12 +4,6 @@ let mainUser = config.users.extraUsers.mainUser; in { - krebs.per-user.bch.packages = [ - pkgs.electron-cash - ]; - krebs.per-user.bitcoin.packages = [ - pkgs.electrum - ]; users.extraUsers = { bch = { name = "bch"; @@ -17,6 +11,8 @@ in { home = "/home/bch"; useDefaultShell = true; createHome = true; + packages = [ pkgs.electron-cash ]; + isNormalUser = true; }; bitcoin = { name = "bitcoin"; @@ -24,10 +20,25 @@ in { home = "/home/bitcoin"; useDefaultShell = true; createHome = true; + packages = [ pkgs.electrum ]; + isNormalUser = true; + }; + monero = { + name = "monero"; + description = "user for monero stuff"; + home = "/home/monero"; + useDefaultShell = true; + createHome = true; + packages = [ + pkgs.monero + pkgs.monero-gui + ]; + isNormalUser = true; }; }; security.sudo.extraConfig = '' - ${mainUser.name} ALL=(bitcoin) NOPASSWD: ALL - ${mainUser.name} ALL=(bch) NOPASSWD: ALL + ${mainUser.name} ALL=(bch) ALL + ${mainUser.name} ALL=(bitcoin) ALL + ${mainUser.name} ALL=(monero) ALL ''; } From 5d7f515f41c6843c5b5e3fddb8b6341cd42e0748 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 12:16:40 +0200 Subject: [PATCH 019/108] l games: isNormalUser --- lass/2configs/games.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 67f250ef3..829773b87 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -78,6 +78,7 @@ in { # vdoomserver retroarchBare ]; + isNormalUser = true; }; }; From e7a50da8c52af710c197320eeecb7d463918ff76 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 12:17:19 +0200 Subject: [PATCH 020/108] l wine: isNormalUser, winestable --- lass/2configs/wine.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix index 5cb019c13..5476624c9 100644 --- a/lass/2configs/wine.nix +++ b/lass/2configs/wine.nix @@ -14,8 +14,9 @@ in { ]; createHome = true; packages = [ - pkgs.wineMinimal + pkgs.wineWowPackages.stable ]; + isNormalUser = true; }; }; security.sudo.extraConfig = '' From 00abb8943913ebaacb4e2dfa61ba87bb0cd19c5c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 12:18:55 +0200 Subject: [PATCH 021/108] l coaxmetal.r: remove old bluetooth settings --- lass/1systems/coaxmetal/config.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/lass/1systems/coaxmetal/config.nix b/lass/1systems/coaxmetal/config.nix index 4fa22e293..3b51ea679 100644 --- a/lass/1systems/coaxmetal/config.nix +++ b/lass/1systems/coaxmetal/config.nix @@ -52,11 +52,6 @@ hardware.bluetooth = { enable = true; powerOnBoot = true; - # config.General.Disable = "Headset"; - extraConfig = '' - [General] - Disable = Headset - ''; }; hardware.pulseaudio.package = pkgs.pulseaudioFull; From 2181f1dcda28b062ec55076cd8ec9150ec637bad Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 12:34:00 +0200 Subject: [PATCH 022/108] l mpv: disable autosub for now --- lass/2configs/mpv.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/mpv.nix b/lass/2configs/mpv.nix index 210551a62..7512787fe 100644 --- a/lass/2configs/mpv.nix +++ b/lass/2configs/mpv.nix @@ -80,7 +80,7 @@ let name = "mpv"; paths = [ (pkgs.writeDashBin "mpv" '' - exec ${pkgs.mpv}/bin/mpv -vo=gpu --no-config --script=${autosub} "$@" + exec ${pkgs.mpv}/bin/mpv -vo=gpu --no-config "$@" # TODO renable autosub when subliminal is in 21.05 again '') pkgs.mpv ]; From cd08cd0ce24d94e94e5ddc9ce9d4049759c7c5f6 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 12:47:16 +0200 Subject: [PATCH 023/108] ma pkgs.chitubox: use archive.org link --- makefu/2configs/home/ham/automation/fenster_auf.nix | 2 +- .../home/ham/automation/pflanzen_giessen_erinnerung.nix | 7 +++++-- makefu/5pkgs/chitubox/default.nix | 3 ++- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/makefu/2configs/home/ham/automation/fenster_auf.nix b/makefu/2configs/home/ham/automation/fenster_auf.nix index 0c57fc760..4fc0da485 100644 --- a/makefu/2configs/home/ham/automation/fenster_auf.nix +++ b/makefu/2configs/home/ham/automation/fenster_auf.nix @@ -20,7 +20,7 @@ let { service = "notify.signal_home"; data = { - message= "${name} seit ${toString min} Minuten offen\nBitte einmal checken ob das ok ist :)"; + message_template = "${name} seit ${toString min} Minuten offen und draussen ist es gerade {{states.sensor.dark_sky_temperature.state}}°C bei {{states.sensor.dark_sky_humidity.state}}% Luftfeuchte"; }; } { diff --git a/makefu/2configs/home/ham/automation/pflanzen_giessen_erinnerung.nix b/makefu/2configs/home/ham/automation/pflanzen_giessen_erinnerung.nix index 3aaa57bd6..68604659e 100644 --- a/makefu/2configs/home/ham/automation/pflanzen_giessen_erinnerung.nix +++ b/makefu/2configs/home/ham/automation/pflanzen_giessen_erinnerung.nix @@ -5,7 +5,7 @@ let }; notify_home = message: { service = "notify.signal_home"; - data.message = message; + data.message_template = message; }; in { @@ -32,7 +32,10 @@ in weekday = [ "sat" ]; }; action = [ - (notify_home "Es ist Wochenende und die Pflanzen würden sich über ein bisschen Wasser freuen.") + (notify_home + ''Es ist Wochenende und die Pflanzen würden sich über ein bisschen Wasser freuen. + Die Wettervorhersage: {{sensor.dark_sky_summary}} mit einer Regenwahrscheinlichkeit von {{states.sensor.dark_sky_precip_probability.state}}%. + Aktuell sind es {{states.sensor.dark_sky_temperature.state}}°C bei {{states.sensor.dark_sky_humidity.state}}% Luftfeuchte'') ]; } ]; diff --git a/makefu/5pkgs/chitubox/default.nix b/makefu/5pkgs/chitubox/default.nix index 2e01949bb..bea33e64f 100644 --- a/makefu/5pkgs/chitubox/default.nix +++ b/makefu/5pkgs/chitubox/default.nix @@ -14,7 +14,8 @@ stdenv.mkDerivation rec { version = "1.8.1"; src = builtins.fetchTarball { - url = "https://sac.chitubox.com/software/download.do?softwareId=17839&softwareVersionId=v${version}&fileName=CHITUBOX_V${version}.tar.gz"; + #url = "https://sac.chitubox.com/software/download.do?softwareId=17839&softwareVersionId=v${version}&fileName=CHITUBOX_V${version}.tar.gz"; + url = "https://archive.org/download/chitubox-v-1.8.1.tar/CHITUBOX_V${version}.tar.gz"; sha256 = "08fh8w7s5qvlx6bhdg24g81a7zprq7n8m27w2vdv0cd8j0wixbsx"; }; nativeBuildInputs = [ autoPatchelfHook ]; From 1ba7cf64f17854c392cb5bb4c7dc009652667e68 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 12:50:26 +0200 Subject: [PATCH 024/108] nixpkgs: eaba787 -> aa57635 --- krebs/nixpkgs.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 803b11d32..3887ab917 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "eaba7870ffc3400eca4407baa24184b7fe337ec1", - "date": "2021-06-02T10:22:59+02:00", - "path": "/nix/store/lcr7kwnx934b1z6wmb1zlqjycdlbaw9x-nixpkgs", - "sha256": "115disiz4b08iw46cidc7lm0advrxn5g2ldmlrxd53zf03skyb2w", + "rev": "aa576357673d609e618d87db43210e49d4bb1789", + "date": "2021-06-04T17:36:38+02:00", + "path": "/nix/store/qqz5xq0dg8zm8blba5cg7704kbrhqhki-nixpkgs", + "sha256": "1868s3mp0lwg1jpxsgmgijzddr90bjkncf6k6zhdjqihf0i1n2np", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false From e0dab53c8cf306732979fcffea65c5ef0c6e8c6e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 12:56:07 +0200 Subject: [PATCH 025/108] l coaxmetal.r: enable zfs unstable --- lass/1systems/coaxmetal/physical.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/coaxmetal/physical.nix b/lass/1systems/coaxmetal/physical.nix index c94740c54..3632ffd3e 100644 --- a/lass/1systems/coaxmetal/physical.nix +++ b/lass/1systems/coaxmetal/physical.nix @@ -7,6 +7,7 @@ networking.hostId = "e0c335ea"; boot.zfs.requestEncryptionCredentials = true; + boot.zfs.enableUnstable = true; boot.loader.efi.canTouchEfiVariables = true; boot.loader.grub = { enable = true; From f6ce4552e0cd4488ea767feacd7a3bd813eecf33 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 12:57:33 +0200 Subject: [PATCH 026/108] l gg23: set domain --- lass/2configs/gg23.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/gg23.nix b/lass/2configs/gg23.nix index 3d4c1e306..89ccae408 100644 --- a/lass/2configs/gg23.nix +++ b/lass/2configs/gg23.nix @@ -8,6 +8,8 @@ with import ; prefixLength = 24; }]; + networking.domain = "gg23"; + services.dhcpd4 = { enable = true; interfaces = [ "int0" ]; From 45e031cd6b9ad15881f2f69e649234337aa26e4c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 13:05:55 +0200 Subject: [PATCH 027/108] hw x220: disable deprecated rngd --- krebs/2configs/hw/x220.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix index 3780e0d7d..bb273652d 100644 --- a/krebs/2configs/hw/x220.nix +++ b/krebs/2configs/hw/x220.nix @@ -22,8 +22,6 @@ with import ; pkgs.vaapiVdpau ]; - security.rngd.enable = mkDefault true; - services.xserver = { videoDriver = "intel"; }; From 9b97e73d540d5bc42e5c619c2e1ef7acd068272e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 13:08:04 +0200 Subject: [PATCH 028/108] l xerxes.r: disable some bluetooth stuff --- lass/1systems/xerxes/config.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix index 22c80b4da..bf818a9b2 100644 --- a/lass/1systems/xerxes/config.nix +++ b/lass/1systems/xerxes/config.nix @@ -81,11 +81,6 @@ hardware.bluetooth = { enable = true; powerOnBoot = true; - # config.General.Disable = "Headset"; - extraConfig = '' - [General] - Disable = Headset - ''; }; hardware.pulseaudio.package = pkgs.pulseaudioFull; # hardware.pulseaudio.configFile = pkgs.writeText "default.pa" '' From 26a1458a032531ac51a4b4f984a7efe152a121de Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 13:12:18 +0200 Subject: [PATCH 029/108] brockman: isSystemUser --- krebs/3modules/brockman.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/brockman.nix b/krebs/3modules/brockman.nix index 9b2ed4a71..7a78880ea 100644 --- a/krebs/3modules/brockman.nix +++ b/krebs/3modules/brockman.nix @@ -12,7 +12,7 @@ in { users.extraUsers.brockman = { home = "/var/lib/brockman"; createHome = true; - isNormalUser = false; + isSystemUser = true; uid = genid_uint31 "brockman"; }; From d30071705229d8e6a716214669ae6c4957bdec25 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 13:17:36 +0200 Subject: [PATCH 030/108] l pass: set correct user --- lass/2configs/pass.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/pass.nix b/lass/2configs/pass.nix index 6b2a0142a..48070ea06 100644 --- a/lass/2configs/pass.nix +++ b/lass/2configs/pass.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: { - users.users.lass.packages = with pkgs; [ + users.users.mainUser.packages = with pkgs; [ (pass.withExtensions (ext: [ ext.pass-otp ])) gnupg ]; From b08f2002770c69caf2d02aafb74bf131a6a17573 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:01:47 +0200 Subject: [PATCH 031/108] l: add xonsh.nix --- lass/2configs/xonsh.nix | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 lass/2configs/xonsh.nix diff --git a/lass/2configs/xonsh.nix b/lass/2configs/xonsh.nix new file mode 100644 index 000000000..23ed28847 --- /dev/null +++ b/lass/2configs/xonsh.nix @@ -0,0 +1,7 @@ +{ config, lib, pkgs, ... }: +{ + environment.systemPackages = [ + pkgs.xonsh + pkgs.xonsh2 + ]; +} From 032341bd35c6e387b7e0e0600f74a9c45dacc159 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:14:56 +0200 Subject: [PATCH 032/108] reaktor2: isSystemUser --- krebs/2configs/reaktor2.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index 2823aabef..14e0a3d7a 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -119,6 +119,7 @@ in { users.users.reaktor2 = { uid = genid_uint31 "reaktor2"; home = stateDir; + isSystemUser = true; }; krebs.reaktor2 = { From 47f3dd93452ed40f4fef64b7bcb327d379c499a2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:15:10 +0200 Subject: [PATCH 033/108] buildbot: isSystemUser --- krebs/3modules/buildbot/master.nix | 1 + krebs/3modules/buildbot/slave.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index 8995753ac..a845bb281 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -322,6 +322,7 @@ let description = "Buildbot Master"; home = cfg.workDir; createHome = false; + isSystemUser = true; }; users.extraGroups.buildbotMaster = { diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix index c15169fba..d877b9911 100644 --- a/krebs/3modules/buildbot/slave.nix +++ b/krebs/3modules/buildbot/slave.nix @@ -131,6 +131,7 @@ let description = "Buildbot Slave"; home = cfg.workDir; createHome = false; + isSystemUser = true; }; users.extraGroups.buildbotSlave = { From 8b3cd5aef173520cbea8967a3beae807e508943b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:15:30 +0200 Subject: [PATCH 034/108] github-hosts-sync: isSystemUser --- krebs/3modules/github-hosts-sync.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index 7d618ebfd..2aa26fa2b 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -72,6 +72,7 @@ let mail = "${name}@${config.krebs.build.host.name}"; name = "github-hosts-sync"; uid = genid_uint31 name; + isSystemUser = true; }; # TODO move to lib? From 5d08fe185a5c4922af8901fe04fda700bb980f14 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:17:01 +0200 Subject: [PATCH 035/108] l icarus.r: disable thinkfan --- lass/1systems/icarus/physical.nix | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/lass/1systems/icarus/physical.nix b/lass/1systems/icarus/physical.nix index 837872bf5..0b1aff4a8 100644 --- a/lass/1systems/icarus/physical.nix +++ b/lass/1systems/icarus/physical.nix @@ -45,16 +45,5 @@ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" ''; - services.thinkfan.enable = true; - services.thinkfan.levels = '' - (0, 0, 55) - (1, 48, 60) - (2, 50, 61) - (3, 52, 63) - (6, 60, 85) - (7, 80, 90) - (127, 89, 32767) - ''; - services.logind.lidSwitch = "ignore"; } From 79f77a996cdccba69c38f72705a6d91e65e13ced Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:17:30 +0200 Subject: [PATCH 036/108] l elster: isNormalUser --- lass/2configs/elster.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/elster.nix b/lass/2configs/elster.nix index e3a88c789..5d68def35 100644 --- a/lass/2configs/elster.nix +++ b/lass/2configs/elster.nix @@ -12,6 +12,7 @@ in { useDefaultShell = true; extraGroups = []; createHome = true; + isNormalUser = true; }; }; krebs.per-user.elster.packages = [ From 25b7ad33435ba6611856eef0bb70b09fb39ed42e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:18:01 +0200 Subject: [PATCH 037/108] l uriel: isNormalUser --- lass/1systems/uriel/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/uriel/config.nix b/lass/1systems/uriel/config.nix index b50dc63f5..c3ce8fced 100644 --- a/lass/1systems/uriel/config.nix +++ b/lass/1systems/uriel/config.nix @@ -23,6 +23,7 @@ with import ; "networkmanager" ]; useDefaultShell = true; + isNormalUser = true; }; networking.networkmanager.enable = true; hardware.pulseaudio = { From b55dc75dc62afe544f667bbf6c4ef0c7cec86f22 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:18:34 +0200 Subject: [PATCH 038/108] l daedalus.r: isNormaluser --- lass/1systems/daedalus/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index d84502b3f..b84ce6acf 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -19,6 +19,7 @@ with import ; "networkmanager" ]; useDefaultShell = true; + isNormalUser = true; }; networking.networkmanager.enable = true; networking.wireless.enable = mkForce false; From 74b63fceb8f5e1bbeb87963e86207b83c7486c3d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:22:49 +0200 Subject: [PATCH 039/108] l tdlib-purple: inline old tdlib --- lass/5pkgs/tdlib-purple/default.nix | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/lass/5pkgs/tdlib-purple/default.nix b/lass/5pkgs/tdlib-purple/default.nix index 54841588e..d7937da58 100644 --- a/lass/5pkgs/tdlib-purple/default.nix +++ b/lass/5pkgs/tdlib-purple/default.nix @@ -1,6 +1,24 @@ -{ stdenv, fetchFromGitHub, cmake, tdlib, pidgin, libwebp, libtgvoip } : +{ stdenv, pkgs, fetchFromGitHub, cmake, pidgin, libwebp, libtgvoip } : -stdenv.mkDerivation rec { +let + + tdlib = stdenv.mkDerivation rec { + version = "1.6.0"; + pname = "tdlib"; + + src = fetchFromGitHub { + owner = "tdlib"; + repo = "td"; + rev = "v${version}"; + sha256 = "0zlzpl6fgszg18kwycyyyrnkm255dvc6fkq0b0y32m5wvwwl36cv"; + }; + + buildInputs = with pkgs; [ gperf openssl readline zlib ]; + nativeBuildInputs = [ pkgs.cmake ]; + + }; + +in stdenv.mkDerivation rec { pname = "tdlib-purple"; version = "0.7.8"; From b5cd1dc9c5f46971e67817915f5c9b04563bb85b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:26:26 +0200 Subject: [PATCH 040/108] l: add review.nix --- lass/2configs/review.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 lass/2configs/review.nix diff --git a/lass/2configs/review.nix b/lass/2configs/review.nix new file mode 100644 index 000000000..658f32084 --- /dev/null +++ b/lass/2configs/review.nix @@ -0,0 +1,14 @@ +{ config, pkgs, ... }: + +let + mainUser = config.users.extraUsers.mainUser; +in { + + users.users.review = { + isNormalUser = true; + packages = [ pkgs.nixpkgs-review ]; + }; + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(review) NOPASSWD: ALL + ''; +} From 887139e2bc44c7fcfb31e8bef3799b1583edf58d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:29:22 +0200 Subject: [PATCH 041/108] solanum: use upstream --- krebs/5pkgs/simple/solanum/default.nix | 62 ------------------- .../simple/solanum/dont-create-logdir.patch | 14 ----- 2 files changed, 76 deletions(-) delete mode 100644 krebs/5pkgs/simple/solanum/default.nix delete mode 100644 krebs/5pkgs/simple/solanum/dont-create-logdir.patch diff --git a/krebs/5pkgs/simple/solanum/default.nix b/krebs/5pkgs/simple/solanum/default.nix deleted file mode 100644 index 3fa765c94..000000000 --- a/krebs/5pkgs/simple/solanum/default.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ lib, stdenv -, fetchFromGitHub -, autoreconfHook -, pkg-config -, bison -, flex -, openssl -, sqlite -, lksctp-tools -}: - -stdenv.mkDerivation rec { - pname = "solanum"; - version = "unstable-2021-04-27"; - - src = fetchFromGitHub { - owner = "solanum-ircd"; - repo = pname; - rev = "3ff5a12e75662e9a642f2a4364797bd361eb0925"; - sha256 = "14ywmfdv8cncbyg08y2qdis00kwg8lvhkcgj185is67smh0qf88f"; - }; - - patches = [ - ./dont-create-logdir.patch - ]; - - configureFlags = [ - "--enable-epoll" - "--enable-ipv6" - "--enable-openssl=${openssl.dev}" - "--with-program-prefix=solanum-" - "--localstatedir=/var/lib" - "--with-rundir=/run" - "--with-logdir=/var/log" - ] ++ lib.optionals (stdenv.isLinux) [ - "--enable-sctp=${lksctp-tools.out}/lib" - ]; - - nativeBuildInputs = [ - autoreconfHook - bison - flex - pkg-config - ]; - - buildInputs = [ - openssl - sqlite - ]; - - doCheck = !stdenv.isDarwin; - - enableParallelBuilding = true; - - meta = with lib; { - description = "An IRCd for unified networks"; - homepage = "https://github.com/solanum-ircd/solanum"; - license = licenses.gpl2Only; - maintainers = with maintainers; [ hexa ]; - platforms = platforms.unix; - }; -} diff --git a/krebs/5pkgs/simple/solanum/dont-create-logdir.patch b/krebs/5pkgs/simple/solanum/dont-create-logdir.patch deleted file mode 100644 index e348dd7b8..000000000 --- a/krebs/5pkgs/simple/solanum/dont-create-logdir.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff --git a/Makefile.am b/Makefile.am -index 19e7b396..21093521 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -35,9 +35,6 @@ include/serno.h: - echo '#define DATECODE 0UL' >>include/serno.h; \ - fi - --install-data-hook: -- test -d ${DESTDIR}${logdir} || mkdir -p ${DESTDIR}${logdir} -- - install-exec-hook: - rm -f ${DESTDIR}${libdir}/*.la - rm -f ${DESTDIR}${moduledir}/*.la From c093edb49670bca7dccadae09a060aab81a23789 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:33:57 +0200 Subject: [PATCH 042/108] l websites: isNormalUser --- lass/2configs/websites/domsen.nix | 45 ++++++++++++++++++++++++++----- 1 file changed, 38 insertions(+), 7 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index c43c8c902..e603f49da 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -170,6 +170,7 @@ in { home = "/home/UBIK-SFTP"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.xanf = { @@ -178,6 +179,7 @@ in { home = "/home/xanf"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.domsen = { @@ -185,8 +187,9 @@ in { description = "maintenance acc for domsen"; home = "/home/domsen"; useDefaultShell = true; - extraGroups = [ "nginx" "download" ]; + extraGroups = [ "syncthing" "download" "xanf" ]; createHome = true; + isNormalUser = true; }; users.users.bruno = { @@ -194,6 +197,7 @@ in { home = "/home/bruno"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.jla-trading = { @@ -201,6 +205,7 @@ in { home = "/home/jla-trading"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.jms = { @@ -208,6 +213,7 @@ in { home = "/home/jms"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.ms = { @@ -215,6 +221,7 @@ in { home = "/home/ms"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.testuser = { @@ -222,20 +229,23 @@ in { home = "/home/testuser"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; - users.users.akayguen = { - uid = genid_uint31 "akayguen"; - home = "/home/akayguen"; - useDefaultShell = true; - createHome = true; - }; + #users.users.akayguen = { + # uid = genid_uint31 "akayguen"; + # home = "/home/akayguen"; + # useDefaultShell = true; + # createHome = true; + # isNormalUser = true; + #}; users.users.bui = { uid = genid_uint31 "bui"; home = "/home/bui"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.klabusterbeere = { @@ -243,6 +253,7 @@ in { home = "/home/klabusterbeere"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.kasia = { @@ -250,6 +261,7 @@ in { home = "/home/kasia"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.XANF_TEAM = { @@ -258,6 +270,25 @@ in { home = "/home/XANF_TEAM"; useDefaultShell = true; createHome = true; + isNormalUser = true; + }; + + users.users.dif = { + uid = genid_uint31 "dif"; + home = "/home/dif"; + useDefaultShell = true; + extraGroups = [ "xanf" ]; + createHome = true; + isNormalUser = true; + }; + + users.users.lavafilms = { + uid = genid_uint31 "lavafilms"; + home = "/home/lavafilms"; + useDefaultShell = true; + extraGroups = [ "xanf" ]; + createHome = true; + isNormalUser = true; }; users.groups.xanf = {}; From dd2513e21cc53ae86286c008a507a229160cd1ec Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:38:43 +0200 Subject: [PATCH 043/108] l coaxmetal.r: remove ergo again --- lass/1systems/coaxmetal/config.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/1systems/coaxmetal/config.nix b/lass/1systems/coaxmetal/config.nix index 3b51ea679..227c5e1e9 100644 --- a/lass/1systems/coaxmetal/config.nix +++ b/lass/1systems/coaxmetal/config.nix @@ -25,7 +25,6 @@ # - ]; krebs.build.host = config.krebs.hosts.coaxmetal; From b9d9b711b89a1d5a8eba6e2a68a8bffd454496c7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:45:43 +0200 Subject: [PATCH 044/108] github-hosts-sync: set isSystemUser at correct location --- krebs/3modules/github-hosts-sync.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index 2aa26fa2b..d385ec355 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -65,6 +65,7 @@ let users.users.${user.name} = { inherit (user) uid; home = cfg.dataDir; + isSystemUser = true; }; }; @@ -72,7 +73,6 @@ let mail = "${name}@${config.krebs.build.host.name}"; name = "github-hosts-sync"; uid = genid_uint31 name; - isSystemUser = true; }; # TODO move to lib? From 50741642f471530c695164070f6e5ee16e2c040d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:51:50 +0200 Subject: [PATCH 045/108] l browsers: add more browser, add hidden flag --- lass/3modules/browsers.nix | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/lass/3modules/browsers.nix b/lass/3modules/browsers.nix index 0c77d4da8..4171abdb6 100644 --- a/lass/3modules/browsers.nix +++ b/lass/3modules/browsers.nix @@ -5,7 +5,9 @@ let cfg = config.lass.browser; browserScripts = { - chromium = "${pkgs.chromium}/bin/chromium"; + brave = "${pkgs.brave}/bin/brave"; + chrome = "${pkgs.google-chrome}/bin/chrome"; + chromium = "${pkgs.ungoogled-chromium}/bin/chromium"; firefox = "${pkgs.firefox.override { extraNativeMessagingHosts = [ pkgs.tridactyl-native ]; }}/bin/firefox"; @@ -14,8 +16,9 @@ let browser-select = let sortedPaths = sort (a: b: a.value.precedence > b.value.precedence) + (filter (x: ! x.value.hidden) (mapAttrsToList (name: value: { inherit name value; }) - cfg.config); + cfg.config)); in if (lib.length sortedPaths) > 1 then pkgs.writeScriptBin "browser-select" '' BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu) @@ -48,6 +51,10 @@ in { type = types.str; default = config._module.args.name; }; + hidden = mkOption { + type = types.bool; + default = false; + }; precedence = mkOption { type = types.int; default = 0; @@ -58,7 +65,7 @@ in { }; browser = mkOption { type = types.enum (attrNames browserScripts); - default = "chromium"; + default = "brave"; }; groups = mkOption { type = types.listOf types.str; From f21ebcf4dc6a15779f0b5410fa7af295d1858411 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:52:48 +0200 Subject: [PATCH 046/108] bepasty-server: isSystemUser --- krebs/3modules/bepasty-server.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index ffa9a29e9..051646b63 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -146,6 +146,7 @@ let uid = genid_uint31 "bepasty"; group = "bepasty"; home = "/var/lib/bepasty-server"; + isSystemUser = true; }; users.extraGroups.bepasty = { gid = genid_uint31 "bepasty"; From 7025410ea69517e6c19ededfdf0c345b5e2297f0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:53:26 +0200 Subject: [PATCH 047/108] l blog: isSystemUser = true --- lass/2configs/websites/lassulus.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 17df71310..bb983b78e 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -97,6 +97,7 @@ in { home = "/srv/http/lassul.us"; useDefaultShell = true; createHome = true; + isSystemUser = true; openssh.authorizedKeys.keys = with config.krebs.users; [ lass.pubkey lass-mors.pubkey From c66abb2e2088bea91f4bdfe9a3b7f50ec8e0a192 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:53:47 +0200 Subject: [PATCH 048/108] l ciko: isNormalUser --- lass/2configs/ciko.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/ciko.nix b/lass/2configs/ciko.nix index 3d87fb620..f32f062ff 100644 --- a/lass/2configs/ciko.nix +++ b/lass/2configs/ciko.nix @@ -10,6 +10,7 @@ with import ; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTUWm/fISw/gbuHvf3kwxGEuk1aY5HrNNvr8QXCQv0khDdaYmZSELbtFQtE04WGTWmackNcLpld5mETVyCM0BjOgqMJYQNhtywxfYcodEY5xxHCuGgA3S1t94MZub+DRodXCfB0yUV85Wbb0sltkMTJufMwYmLEGxSLRukxAOcNsXdjlyro96csmYrIiV6R7+REnz8OcR7sKlI4tvKA1mbvWmjbDBd1MZ8Jc0Lwf+b0H/rH69wEQIcB5HRHHJIChoAk0t2azSjXagk1+4AebONZTCKvTHxs/D2wUBIzoxyjmh5S0aso/cKw8qpKcl/A2mZiIvW3KMlJAM5U+RQKMrr" ]; + isNormalUser = true; }; system.activationScripts.user-shadow = '' From 795a31502499d0f5ef81be70fdbd6a1a03a85985 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:56:14 +0200 Subject: [PATCH 049/108] l prism.r: download isSystemUser --- lass/1systems/prism/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 25d688696..89a386139 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -345,6 +345,7 @@ with import ; home = "/var/download"; useDefaultShell = true; uid = genid "download"; + isSystemUser = true; openssh.authorizedKeys.keys = with config.krebs.users; [ lass.pubkey lass-android.pubkey From a9f43dff4997510e8845286aabc0f0f059fa459a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:56:41 +0200 Subject: [PATCH 050/108] realwallpaper: isSystemUser --- krebs/3modules/realwallpaper.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index 86b74a8ca..76f333963 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -60,6 +60,7 @@ let uid = genid "realwallpaper"; home = cfg.workingDir; createHome = true; + isSystemUser = true; }; }; From 7fa69b3399d8b52526928df81b2a6cad3f931a28 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:57:08 +0200 Subject: [PATCH 051/108] tinc_graphs: isSystemUser --- krebs/3modules/tinc_graphs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index 33a24871f..19cce8aa4 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -127,6 +127,7 @@ let users.extraUsers.tinc_graphs = { uid = genid_uint31 "tinc_graphs"; home = "/var/spool/tinc_graphs"; + isSystemUser = true; }; services.nginx = mkIf cfg.nginx.enable { enable = mkDefault true; From fb8907aa1c0e4c0b0c5dc421f55ef8b94c5db193 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 14:58:56 +0200 Subject: [PATCH 052/108] ma gum.r: open firewall --- makefu/1systems/gum/config.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 763d36841..1cfa8e4a4 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -126,6 +126,9 @@ in { + { # recent changes mediawiki bot + networking.firewall.allowedUDPPorts = [ 5005 5006 ]; + } # Removed until move: no extra mails # # Removed until move: avoid letsencrypt ban From 18c1da0012737ec39385499b2447f85251b37cdc Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 15:02:20 +0200 Subject: [PATCH 053/108] ma: pulseeffects{,-legacy} , add isNormalUser --- makefu/2configs/default.nix | 1 + makefu/2configs/tools/media.nix | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index be64e402e..52206c380 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -23,6 +23,7 @@ with import ; group = "users"; home = "/home/makefu"; createHome = true; + isNormalUser = true; useDefaultShell = true; extraGroups = [ "wheel" ]; openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix index d66ea7760..14e782e3f 100644 --- a/makefu/2configs/tools/media.nix +++ b/makefu/2configs/tools/media.nix @@ -15,6 +15,6 @@ streamripper youtube-dl - pulseeffects + pulseeffects-legacy # for pulse ]; } From df9a52962597126894d3f73f6f286076b22211c9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 15:05:30 +0200 Subject: [PATCH 054/108] buildbot-classic: build with python 3 --- krebs/5pkgs/simple/buildbot-classic/default.nix | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/krebs/5pkgs/simple/buildbot-classic/default.nix b/krebs/5pkgs/simple/buildbot-classic/default.nix index c127d2987..49d6ff322 100644 --- a/krebs/5pkgs/simple/buildbot-classic/default.nix +++ b/krebs/5pkgs/simple/buildbot-classic/default.nix @@ -1,6 +1,6 @@ -{ pkgs, fetchFromGitHub, python2Packages, git, ... }: +{ pkgs, fetchFromGitHub, python3Packages, git, ... }: -python2Packages.buildPythonApplication rec { +python3Packages.buildPythonApplication rec { name = "buildbot-classic-${version}"; version = "0.8.18"; namePrefix = ""; @@ -15,11 +15,10 @@ python2Packages.buildPythonApplication rec { postUnpack = "sourceRoot=\${sourceRoot}/master"; propagatedBuildInputs = [ - python2Packages.jinja2 - python2Packages.twisted - python2Packages.dateutil - python2Packages.sqlalchemy_migrate - python2Packages.pysqlite + python3Packages.jinja2 + python3Packages.twisted + python3Packages.dateutil + python3Packages.sqlalchemy_migrate pkgs.coreutils ]; doCheck = false; From d36ef2fd4bf38e43f7e682b0e32ddfa11eaf2253 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 15:07:00 +0200 Subject: [PATCH 055/108] l: xonsh2 init --- lass/5pkgs/xonsh2/default.nix | 56 +++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 lass/5pkgs/xonsh2/default.nix diff --git a/lass/5pkgs/xonsh2/default.nix b/lass/5pkgs/xonsh2/default.nix new file mode 100644 index 000000000..d55d22445 --- /dev/null +++ b/lass/5pkgs/xonsh2/default.nix @@ -0,0 +1,56 @@ +{ lib, stdenv +, fetchFromGitHub +, python39Packages +, glibcLocales +, coreutils +, git +, extraInputs ? [] +}: let + + python3Packages = python39Packages; + +in python3Packages.buildPythonApplication rec { + pname = "xonsh2"; + version = "master"; + + # fetch from github because the pypi package ships incomplete tests + src = fetchFromGitHub { + owner = "anki-code"; + repo = "xonsh2"; + rev = "bd96fcdce9319ab6b90c7d9ac47d2249b61144d0"; + sha256 = "0b632rac8macfp2mmvhh1f34cf1m5qfpjajwnf676qk7jzn79vx6"; + }; + + LC_ALL = "en_US.UTF-8"; + + postPatch = '' + sed -ie 's|/usr/bin/env|${coreutils}/bin/env|' scripts/xon.sh + find scripts -name 'xonsh*' -exec sed -i -e "s|env -S|env|" {} \; + find -name "*.xsh" | xargs sed -ie 's|/usr/bin/env|${coreutils}/bin/env|' + patchShebangs . + ''; + + doCheck = false; + + checkPhase = '' + HOME=$TMPDIR pytest -k 'not test_repath_backslash and not test_os and not test_man_completion and not test_builtins and not test_main and not test_ptk_highlight and not test_pyghooks' + HOME=$TMPDIR pytest -k 'test_builtins or test_main' --reruns 5 + HOME=$TMPDIR pytest -k 'test_ptk_highlight' + ''; + + checkInputs = [ python3Packages.pytest python3Packages.pytest-rerunfailures glibcLocales git ]; + + propagatedBuildInputs = with python3Packages; [ ply prompt_toolkit pygments ] ++ extraInputs; + + meta = with lib; { + description = "A Python-ish, BASHwards-compatible shell"; + homepage = "https://xon.sh/"; + # changelog = "https://github.com/xonsh/xonsh/releases/tag/${version}"; + license = licenses.bsd3; + platforms = platforms.all; + }; + + passthru = { + shellPath = "/bin/xonsh2"; + }; +} From e044c3121ac1f886eab15a350c4ab9fd909716e9 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 15:08:59 +0200 Subject: [PATCH 056/108] ma: isSystemUser everything --- krebs/3modules/airdcpp.nix | 1 + makefu/2configs/bgt/download.binaergewitter.de.nix | 1 + makefu/2configs/dcpp/hub.nix | 3 ++- makefu/2configs/nsupdate-data.nix | 1 + 4 files changed, 5 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/airdcpp.nix b/krebs/3modules/airdcpp.nix index 56fb31795..0ac9d3350 100644 --- a/krebs/3modules/airdcpp.nix +++ b/krebs/3modules/airdcpp.nix @@ -268,6 +268,7 @@ let uid = genid "airdcpp"; home = cfg.stateDir; createHome = true; + isSystemUser = true; inherit (cfg) extraGroups; }; groups.airdcpp.gid = genid "airdcpp"; diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix index 4abc7d345..6ce0606a8 100644 --- a/makefu/2configs/bgt/download.binaergewitter.de.nix +++ b/makefu/2configs/bgt/download.binaergewitter.de.nix @@ -22,6 +22,7 @@ in { uid = genid "auphonic"; group = "nginx"; useDefaultShell = true; + isSystemUser = true; openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ]; }; diff --git a/makefu/2configs/dcpp/hub.nix b/makefu/2configs/dcpp/hub.nix index fbbce1f09..d9a2869cc 100644 --- a/makefu/2configs/dcpp/hub.nix +++ b/makefu/2configs/dcpp/hub.nix @@ -33,10 +33,11 @@ let uhubDir = "/var/lib/uhub"; in { - users.extraUsers."${ddclientUser}" = { + users.users."${ddclientUser}" = { uid = genid "ddclient"; description = "ddclient daemon user"; home = stateDir; + isSystemUser = true; createHome = true; }; diff --git a/makefu/2configs/nsupdate-data.nix b/makefu/2configs/nsupdate-data.nix index cfa6193c6..2f8f4acc4 100644 --- a/makefu/2configs/nsupdate-data.nix +++ b/makefu/2configs/nsupdate-data.nix @@ -34,6 +34,7 @@ in { description = "ddclient daemon user"; home = stateDir; createHome = true; + isSystemUser = true; }; systemd.services = { From 670828202b8866ff761da285735854ccb30e6ec1 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 15:34:42 +0200 Subject: [PATCH 057/108] ma pkgs.tt-rss: rip --- makefu/5pkgs/tt-rss/default.nix | 25 ------------------------- 1 file changed, 25 deletions(-) delete mode 100644 makefu/5pkgs/tt-rss/default.nix diff --git a/makefu/5pkgs/tt-rss/default.nix b/makefu/5pkgs/tt-rss/default.nix deleted file mode 100644 index 4907a73a5..000000000 --- a/makefu/5pkgs/tt-rss/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ stdenv, fetchurl }: - -stdenv.mkDerivation rec { - pname = "tt-rss"; - version = "2020-09-23"; - rev = "d0ed7890df"; - - src = fetchurl { - url = "https://git.tt-rss.org/git/tt-rss/archive/${rev}.tar.gz"; - sha256 = "1b2fczd41bqg9bq37r99svrqswr9qrp35m6gn3nz032yqcwc22ij"; - }; - - installPhase = '' - mkdir $out - cp -ra * $out/ - ''; - - meta = with stdenv.lib; { - description = "Web-based news feed (RSS/Atom) aggregator"; - license = licenses.gpl2Plus; - homepage = "https://tt-rss.org"; - maintainers = with maintainers; [ globin zohl ]; - platforms = platforms.all; - }; -} From e097e3c577ea4a83e508b3aa2a37dc86b8295131 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 15:52:06 +0200 Subject: [PATCH 058/108] ma treewide: make 21.05 compatible (is*User, other fixes) --- makefu/1systems/omo/config.nix | 3 ++- makefu/2configs/bgt/hidden_service.nix | 4 ++-- makefu/2configs/deployment/owncloud.nix | 2 +- .../2configs/deployment/rss.euer.krebsco.de.nix | 5 +++++ makefu/2configs/home/metube.nix | 5 ++++- makefu/2configs/home/zigbee2mqtt/default.nix | 2 +- makefu/2configs/lanparty/samba.nix | 1 + makefu/2configs/remote-build/slave.nix | 15 ++++++++------- makefu/2configs/share-user-sftp.nix | 1 + makefu/2configs/share/gum.nix | 5 ++++- makefu/2configs/temp/share-samba.nix | 1 + makefu/3modules/ps3netsrv.nix | 1 + makefu/5pkgs/shiori/default.nix | 4 ++-- 13 files changed, 33 insertions(+), 16 deletions(-) diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 13918a9b1..ba97e2f6f 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -43,7 +43,6 @@ in { - { environment.systemPackages = [ pkgs.esniper ]; } # # @@ -141,6 +140,7 @@ in { ]; makefu.full-populate = true; nixpkgs.config.allowUnfree = true; + users.users.share.isNormalUser = true; users.groups.share = { gid = (import ).genid "share"; members = [ "makefu" "misa" ]; @@ -152,6 +152,7 @@ in { users.users.misa = { uid = 9002; name = "misa"; + isNormalUser = true; }; zramSwap.enable = true; diff --git a/makefu/2configs/bgt/hidden_service.nix b/makefu/2configs/bgt/hidden_service.nix index c1a31b8dc..56d319e39 100644 --- a/makefu/2configs/bgt/hidden_service.nix +++ b/makefu/2configs/bgt/hidden_service.nix @@ -41,8 +41,8 @@ in services.tor = { enable = true; hiddenServices."${name}".map = [ - { port = "80"; } - # { port = "443"; toHost = "blog.binaergewitter.de"; } + { port = 80; } + # { port = 443; toHost = "blog.binaergewitter.de"; } ]; }; } diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index 86bd4b524..0593cf7fc 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -75,7 +75,7 @@ in { }; }; services.redis.enable = true; - systemd.services.redis.serviceConfig.LimitNOFILE=65536; + systemd.services.redis.serviceConfig.LimitNOFILE=mkForce "65536"; services.postgresql = { enable = true; # Ensure the database, user, and permissions always exist diff --git a/makefu/2configs/deployment/rss.euer.krebsco.de.nix b/makefu/2configs/deployment/rss.euer.krebsco.de.nix index a7ada9395..098ffcdd5 100644 --- a/makefu/2configs/deployment/rss.euer.krebsco.de.nix +++ b/makefu/2configs/deployment/rss.euer.krebsco.de.nix @@ -7,6 +7,11 @@ in { virtualHost = fqdn; selfUrlPath = "https://${fqdn}"; }; + + nixpkgs.config.permittedInsecurePackages = [ + "python2.7-Pillow-6.2.2" + ]; + systemd.services.tt-rss.serviceConfig.ExecStart = lib.mkForce "${pkgs.php}/bin/php /var/lib/tt-rss/update_daemon2.php"; services.postgresql.package = pkgs.postgresql_9_6; state = [ config.services.postgresqlBackup.location ]; diff --git a/makefu/2configs/home/metube.nix b/makefu/2configs/home/metube.nix index 50646d210..e6008d475 100644 --- a/makefu/2configs/home/metube.nix +++ b/makefu/2configs/home/metube.nix @@ -26,7 +26,10 @@ in ]; user = "metube"; }; - users.users.metube.uid = uid; + users.users.metube = { + uid = uid; + isSystemUser = true; + }; systemd.services.docker-metube.serviceConfig = { StandardOutput = lib.mkForce "journal"; diff --git a/makefu/2configs/home/zigbee2mqtt/default.nix b/makefu/2configs/home/zigbee2mqtt/default.nix index 95ee56835..1c4582ed5 100644 --- a/makefu/2configs/home/zigbee2mqtt/default.nix +++ b/makefu/2configs/home/zigbee2mqtt/default.nix @@ -20,7 +20,7 @@ in services.zigbee2mqtt = { enable = true; inherit dataDir; - config = { + settings = { permit_join = true; serial.port = "/dev/cc2531"; homeassistant = true; diff --git a/makefu/2configs/lanparty/samba.nix b/makefu/2configs/lanparty/samba.nix index 4176d7b35..0a9694f60 100644 --- a/makefu/2configs/lanparty/samba.nix +++ b/makefu/2configs/lanparty/samba.nix @@ -7,6 +7,7 @@ description = "smb guest user"; home = "/data/lanparty"; createHome = true; + isNormalUser = true; }; services.samba = { enable = true; diff --git a/makefu/2configs/remote-build/slave.nix b/makefu/2configs/remote-build/slave.nix index 0227f512a..039698f1d 100644 --- a/makefu/2configs/remote-build/slave.nix +++ b/makefu/2configs/remote-build/slave.nix @@ -1,11 +1,12 @@ {config,...}:{ nix.trustedUsers = [ "nixBuild" ]; users.users.nixBuild = { - name = "nixBuild"; - useDefaultShell = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.buildbotSlave.pubkey - config.krebs.users.makefu-remote-builder.pubkey - ]; - }; + name = "nixBuild"; + isNormalUser = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.buildbotSlave.pubkey + config.krebs.users.makefu-remote-builder.pubkey + ]; + }; } diff --git a/makefu/2configs/share-user-sftp.nix b/makefu/2configs/share-user-sftp.nix index 2c93143ec..26f1d3ba3 100644 --- a/makefu/2configs/share-user-sftp.nix +++ b/makefu/2configs/share-user-sftp.nix @@ -5,6 +5,7 @@ share = { uid = 9002; home = "/var/empty"; + isNormalUser = true; openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; }; }; diff --git a/makefu/2configs/share/gum.nix b/makefu/2configs/share/gum.nix index 27e0c638b..fd81f28ca 100644 --- a/makefu/2configs/share/gum.nix +++ b/makefu/2configs/share/gum.nix @@ -11,7 +11,10 @@ in { # home = "/var/empty"; # }; environment.systemPackages = [ pkgs.samba ]; - users.users.download.uid = genid "download"; + users.users.download = { + uid = genid "download"; + isNormalUser = true; + }; services.samba = { enable = true; shares = { diff --git a/makefu/2configs/temp/share-samba.nix b/makefu/2configs/temp/share-samba.nix index 34f0ab0b4..33d68da00 100644 --- a/makefu/2configs/temp/share-samba.nix +++ b/makefu/2configs/temp/share-samba.nix @@ -4,6 +4,7 @@ uid = config.ids.uids.smbguest; group = "share"; description = "smb guest user"; + isNormalUser = true; home = "/var/empty"; }; users.groups.share.members = [ "makefu" ]; diff --git a/makefu/3modules/ps3netsrv.nix b/makefu/3modules/ps3netsrv.nix index 5222e50ac..30070430c 100644 --- a/makefu/3modules/ps3netsrv.nix +++ b/makefu/3modules/ps3netsrv.nix @@ -50,6 +50,7 @@ let # TODO only create if user is ps3netsrv users.users.ps3netsrv = { uid = genid "ps3netsrv"; + isSystemUser = true; }; users.groups.ps3netsrv.gid = genid "ps3netsrv"; }; diff --git a/makefu/5pkgs/shiori/default.nix b/makefu/5pkgs/shiori/default.nix index ee4aa9304..7de1e5ae1 100644 --- a/makefu/5pkgs/shiori/default.nix +++ b/makefu/5pkgs/shiori/default.nix @@ -1,6 +1,6 @@ -{ go_1_14, buildGoPackage, fetchFromGitHub }: +{ buildGoPackage, fetchFromGitHub }: let - builder = buildGoPackage.override { go = go_1_14; }; + builder = buildGoPackage; in builder rec { name = "shiori-${version}"; From eb801fa458de69cfecafe172b178838f2cd97d08 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 15:52:49 +0200 Subject: [PATCH 059/108] module urlwatch: add isSystemUser --- krebs/3modules/urlwatch.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix index 0b7a71db5..6a159a5b2 100644 --- a/krebs/3modules/urlwatch.nix +++ b/krebs/3modules/urlwatch.nix @@ -193,6 +193,7 @@ let inherit (user) uid; home = cfg.dataDir; createHome = true; + isSystemUser = true; }; }; From a6f2ed0c998092c55dcf09982ff18da571d77274 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 17:59:55 +0200 Subject: [PATCH 060/108] ma: update home-manager --- makefu/krops.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/krops.nix b/makefu/krops.nix index 697039720..fd53f004e 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -77,7 +77,7 @@ (lib.mkIf ( host-src.home-manager ) { home-manager.git = { url = https://github.com/rycee/home-manager; - ref = "63f299b"; + ref = "fd5fbb0a241f644908cdf01ccd1821d0606fb4fd"; }; }) ]; From 0ec91f780275da036c7bdba85897645d6c4c101b Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 18:00:52 +0200 Subject: [PATCH 061/108] ma tools: disable binwalk --- makefu/2configs/tools/sec.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/tools/sec.nix b/makefu/2configs/tools/sec.nix index 17a980ef7..5a30b8d64 100644 --- a/makefu/2configs/tools/sec.nix +++ b/makefu/2configs/tools/sec.nix @@ -4,7 +4,7 @@ users.users.makefu.packages = with pkgs; [ aria2 # mitmproxy - pythonPackages.binwalk-full + # pythonPackages.binwalk-full dnsmasq iodine mtr From b37a74c688e272587433874cb779bdc367e127a2 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 19:13:25 +0200 Subject: [PATCH 062/108] puyak.r/shack: isSystemUser everything --- krebs/2configs/shack/muell_mail.nix | 1 + krebs/2configs/shack/muellshack.nix | 1 + krebs/2configs/shack/node-light.nix | 1 + krebs/2configs/shack/powerraw.nix | 5 ++++- krebs/2configs/shack/s3-power.nix | 1 + krebs/2configs/shack/shackDNS.nix | 1 + krebs/2configs/shack/share.nix | 1 + 7 files changed, 10 insertions(+), 1 deletion(-) diff --git a/krebs/2configs/shack/muell_mail.nix b/krebs/2configs/shack/muell_mail.nix index 481564719..951450200 100644 --- a/krebs/2configs/shack/muell_mail.nix +++ b/krebs/2configs/shack/muell_mail.nix @@ -12,6 +12,7 @@ let in { users.users.muell_mail = { inherit home; + isSystemUser = true; createHome = true; }; systemd.services.muell_mail = { diff --git a/krebs/2configs/shack/muellshack.nix b/krebs/2configs/shack/muellshack.nix index e894b9394..b032b4299 100644 --- a/krebs/2configs/shack/muellshack.nix +++ b/krebs/2configs/shack/muellshack.nix @@ -13,6 +13,7 @@ let in { users.users.muellshack = { inherit home; + isSystemUser = true; createHome = true; }; services.nginx.virtualHosts."muell.shack" = { diff --git a/krebs/2configs/shack/node-light.nix b/krebs/2configs/shack/node-light.nix index 4a981ea87..2e69d5aaa 100644 --- a/krebs/2configs/shack/node-light.nix +++ b/krebs/2configs/shack/node-light.nix @@ -14,6 +14,7 @@ in { networking.firewall.allowedUDPPorts = [ 2342 ]; users.users.node-light = { inherit home; + isSystemUser = true; createHome = true; }; services.nginx.virtualHosts."lounge.light.shack" = { diff --git a/krebs/2configs/shack/powerraw.nix b/krebs/2configs/shack/powerraw.nix index cc3692e85..43c743587 100644 --- a/krebs/2configs/shack/powerraw.nix +++ b/krebs/2configs/shack/powerraw.nix @@ -14,7 +14,10 @@ let in { # receive response from light.shack / standby.shack networking.firewall.allowedUDPPorts = [ 11111 ]; - users.users.powermeter.extraGroups = [ "dialout" ]; + users.users.powermeter = { + extraGroups = [ "dialout" ]; + isSystemUser = true; + }; # we make sure that usb-ttl has the correct permissions # creates /dev/powerraw diff --git a/krebs/2configs/shack/s3-power.nix b/krebs/2configs/shack/s3-power.nix index f3ea67f79..0ce8a8786 100644 --- a/krebs/2configs/shack/s3-power.nix +++ b/krebs/2configs/shack/s3-power.nix @@ -14,6 +14,7 @@ in { users.users.s3_power = { inherit home; createHome = true; + isSystemUser = true; }; systemd.services.s3-power = { startAt = "daily"; diff --git a/krebs/2configs/shack/shackDNS.nix b/krebs/2configs/shack/shackDNS.nix index 807bb7e65..c9cdfd24b 100644 --- a/krebs/2configs/shack/shackDNS.nix +++ b/krebs/2configs/shack/shackDNS.nix @@ -30,6 +30,7 @@ in { users.users.shackDNS = { inherit home; createHome = true; + isSystemUser = true; }; services.nginx.virtualHosts."leases.shack" = { locations."/" = { diff --git a/krebs/2configs/shack/share.nix b/krebs/2configs/shack/share.nix index d8d65d309..d08eb8ab5 100644 --- a/krebs/2configs/shack/share.nix +++ b/krebs/2configs/shack/share.nix @@ -4,6 +4,7 @@ uid = config.ids.uids.smbguest; group = "share"; description = "smb guest user"; + isNormalUser = true; home = "/home/share"; createHome = true; }; From ffafc5dd3a889480893610b513bef4f1ca68f01b Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 19:21:36 +0200 Subject: [PATCH 063/108] ma arafetch: isSystemUser --- makefu/2configs/stats/arafetch.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/stats/arafetch.nix b/makefu/2configs/stats/arafetch.nix index e96daa038..c8ccbfbb9 100644 --- a/makefu/2configs/stats/arafetch.nix +++ b/makefu/2configs/stats/arafetch.nix @@ -23,6 +23,7 @@ in { uid = genid "arafetch"; inherit home; createHome = true; + isSystemUser = true; }; systemd.services.ara2mqtt = { From 9f2a1f8db104853fc74ae0f21c64e0fe42b3ad98 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 19:23:13 +0200 Subject: [PATCH 064/108] ma smbguest: isNormalUser --- makefu/2configs/share/omo.nix | 1 + makefu/2configs/share/temp-share-samba.nix | 1 + makefu/2configs/share/wbob.nix | 1 + 3 files changed, 3 insertions(+) diff --git a/makefu/2configs/share/omo.nix b/makefu/2configs/share/omo.nix index 308142f03..32ac018e3 100644 --- a/makefu/2configs/share/omo.nix +++ b/makefu/2configs/share/omo.nix @@ -14,6 +14,7 @@ in { uid = config.ids.uids.smbguest; description = "smb guest user"; home = "/var/empty"; + isNormalUser = true; }; services.samba = { enable = true; diff --git a/makefu/2configs/share/temp-share-samba.nix b/makefu/2configs/share/temp-share-samba.nix index ac0eaa978..8d597f33a 100644 --- a/makefu/2configs/share/temp-share-samba.nix +++ b/makefu/2configs/share/temp-share-samba.nix @@ -12,6 +12,7 @@ uid = config.ids.uids.smbguest; description = "smb guest user"; home = "/home/share"; + isNormalUser = true; createHome = true; }; services.samba = { diff --git a/makefu/2configs/share/wbob.nix b/makefu/2configs/share/wbob.nix index 9695751ff..fd07d6ad5 100644 --- a/makefu/2configs/share/wbob.nix +++ b/makefu/2configs/share/wbob.nix @@ -7,6 +7,7 @@ description = "smb guest user"; home = "/home/share"; createHome = true; + isNormalUser = true; }; users.groups.mpd.members = [ "makefu" ]; services.samba = { From bc71d49f1e02ca04a5a0bdffd6515795c9e7e6f8 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 19:23:34 +0200 Subject: [PATCH 065/108] ma tools/extra-gui: add chitubox --- makefu/2configs/tools/extra-gui.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index 5a29eea85..841d0c85e 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -18,5 +18,6 @@ signal-desktop # rambox vscode + chitubox ]; } From 3af3e6dab39e4c30d867d67228cb4c70bfc48446 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 19:23:51 +0200 Subject: [PATCH 066/108] ma tools/sec: use py3 binwalk --- makefu/2configs/tools/sec.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/tools/sec.nix b/makefu/2configs/tools/sec.nix index 5a30b8d64..acc22d647 100644 --- a/makefu/2configs/tools/sec.nix +++ b/makefu/2configs/tools/sec.nix @@ -4,7 +4,7 @@ users.users.makefu.packages = with pkgs; [ aria2 # mitmproxy - # pythonPackages.binwalk-full + python3Packages.binwalk-full dnsmasq iodine mtr From f7dfc2c43ad99f5971b12a6f6a8c88cca3634f77 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 20:06:00 +0200 Subject: [PATCH 067/108] ma samba: remove isNormalUser again --- krebs/2configs/shack/share.nix | 3 +-- makefu/2configs/filepimp-share.nix | 2 +- makefu/2configs/lanparty/samba.nix | 3 +-- makefu/2configs/share/omo.nix | 1 - makefu/2configs/share/temp-share-samba.nix | 3 +-- makefu/2configs/share/wbob.nix | 3 +-- makefu/2configs/temp/share-samba.nix | 3 +-- 7 files changed, 6 insertions(+), 12 deletions(-) diff --git a/krebs/2configs/shack/share.nix b/krebs/2configs/shack/share.nix index d08eb8ab5..3eb30964e 100644 --- a/krebs/2configs/shack/share.nix +++ b/krebs/2configs/shack/share.nix @@ -1,10 +1,9 @@ {config, ... }:{ users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; #effectively systemUser group = "share"; description = "smb guest user"; - isNormalUser = true; home = "/home/share"; createHome = true; }; diff --git a/makefu/2configs/filepimp-share.nix b/makefu/2configs/filepimp-share.nix index 70c0320a1..abbdcbbb2 100644 --- a/makefu/2configs/filepimp-share.nix +++ b/makefu/2configs/filepimp-share.nix @@ -6,7 +6,7 @@ let in { users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; # effectively systemUser description = "smb guest user"; home = "/var/empty"; }; diff --git a/makefu/2configs/lanparty/samba.nix b/makefu/2configs/lanparty/samba.nix index 0a9694f60..0bd29497d 100644 --- a/makefu/2configs/lanparty/samba.nix +++ b/makefu/2configs/lanparty/samba.nix @@ -3,11 +3,10 @@ networking.firewall.allowedTCPPorts = [ 139 445 ]; users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; #effectively systemUser description = "smb guest user"; home = "/data/lanparty"; createHome = true; - isNormalUser = true; }; services.samba = { enable = true; diff --git a/makefu/2configs/share/omo.nix b/makefu/2configs/share/omo.nix index 32ac018e3..308142f03 100644 --- a/makefu/2configs/share/omo.nix +++ b/makefu/2configs/share/omo.nix @@ -14,7 +14,6 @@ in { uid = config.ids.uids.smbguest; description = "smb guest user"; home = "/var/empty"; - isNormalUser = true; }; services.samba = { enable = true; diff --git a/makefu/2configs/share/temp-share-samba.nix b/makefu/2configs/share/temp-share-samba.nix index 8d597f33a..56beb5b42 100644 --- a/makefu/2configs/share/temp-share-samba.nix +++ b/makefu/2configs/share/temp-share-samba.nix @@ -9,10 +9,9 @@ networking.firewall.allowedTCPPorts = [ 139 445 ]; users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; # effectively systemUser description = "smb guest user"; home = "/home/share"; - isNormalUser = true; createHome = true; }; services.samba = { diff --git a/makefu/2configs/share/wbob.nix b/makefu/2configs/share/wbob.nix index fd07d6ad5..f2c36b551 100644 --- a/makefu/2configs/share/wbob.nix +++ b/makefu/2configs/share/wbob.nix @@ -3,11 +3,10 @@ networking.firewall.allowedTCPPorts = [ 139 445 ]; users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; # effectively systemUser description = "smb guest user"; home = "/home/share"; createHome = true; - isNormalUser = true; }; users.groups.mpd.members = [ "makefu" ]; services.samba = { diff --git a/makefu/2configs/temp/share-samba.nix b/makefu/2configs/temp/share-samba.nix index 33d68da00..106f8fac6 100644 --- a/makefu/2configs/temp/share-samba.nix +++ b/makefu/2configs/temp/share-samba.nix @@ -1,10 +1,9 @@ {config, ... }:{ users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; # effectively systemUser group = "share"; description = "smb guest user"; - isNormalUser = true; home = "/var/empty"; }; users.groups.share.members = [ "makefu" ]; From ae057d079518df8d335be90d8ba281bb5bf20159 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 6 Jun 2021 08:24:46 +0200 Subject: [PATCH 068/108] ma x13: boot.zfs.enableUnstable = true; --- makefu/1systems/x/x13/zfs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/1systems/x/x13/zfs.nix b/makefu/1systems/x/x13/zfs.nix index adfebbf96..d6b99df41 100644 --- a/makefu/1systems/x/x13/zfs.nix +++ b/makefu/1systems/x/x13/zfs.nix @@ -13,6 +13,7 @@ boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; + boot.zfs.enableUnstable = true; # required for 21.05 fileSystems."/" = { device = "zroot/root/nixos"; fsType = "zfs"; From b83fef58edde2d029885aff51d3d7a019865dec5 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 6 Jun 2021 09:26:01 +0200 Subject: [PATCH 069/108] ma x.r: disable xm7370 kmod --- makefu/1systems/x/x13/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/1systems/x/x13/default.nix b/makefu/1systems/x/x13/default.nix index f0d663ee9..ea557bbef 100644 --- a/makefu/1systems/x/x13/default.nix +++ b/makefu/1systems/x/x13/default.nix @@ -8,7 +8,7 @@ # close enough # - + # ]; boot.zfs.requestEncryptionCredentials = true; networking.hostId = "f8b8e0a2"; From 05a77771087ecc02df036739c5e7c0cd29846ff1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 6 Jun 2021 09:34:49 +0200 Subject: [PATCH 070/108] jeschli enklave.r: disable ci --- krebs/3modules/jeschli/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix index 390f7585f..41743612a 100644 --- a/krebs/3modules/jeschli/default.nix +++ b/krebs/3modules/jeschli/default.nix @@ -49,6 +49,7 @@ in { }; }; enklave = { + ci = false; nets = rec { internet = { ip4.addr = "88.198.164.182"; From 167d866212a7db8da99fcf741eb1b26bbe127796 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 6 Jun 2021 13:17:33 +0200 Subject: [PATCH 071/108] ma omo.r: disable metube --- makefu/1systems/omo/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 13918a9b1..857e7d6e7 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -97,7 +97,7 @@ in { - + # { From 891373717500f2551d4b2e1f88605fae6bc91d7a Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 6 Jun 2021 13:18:24 +0200 Subject: [PATCH 072/108] ma ham: fix notifications --- .../home/ham/automation/fenster_auf.nix | 4 +-- .../pflanzen_giessen_erinnerung.nix | 27 ++++++++++--------- 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/makefu/2configs/home/ham/automation/fenster_auf.nix b/makefu/2configs/home/ham/automation/fenster_auf.nix index 4fc0da485..b24f6445d 100644 --- a/makefu/2configs/home/ham/automation/fenster_auf.nix +++ b/makefu/2configs/home/ham/automation/fenster_auf.nix @@ -19,8 +19,8 @@ let [ { service = "notify.signal_home"; - data = { - message_template = "${name} seit ${toString min} Minuten offen und draussen ist es gerade {{states.sensor.dark_sky_temperature.state}}°C bei {{states.sensor.dark_sky_humidity.state}}% Luftfeuchte"; + data_template = { + message = "${name} seit ${toString min} Minuten offen und draussen ist es gerade {{states.sensor.dark_sky_temperature.state}}°C bei {{states.sensor.dark_sky_humidity.state}}% Luftfeuchte"; }; } { diff --git a/makefu/2configs/home/ham/automation/pflanzen_giessen_erinnerung.nix b/makefu/2configs/home/ham/automation/pflanzen_giessen_erinnerung.nix index 68604659e..32a373edc 100644 --- a/makefu/2configs/home/ham/automation/pflanzen_giessen_erinnerung.nix +++ b/makefu/2configs/home/ham/automation/pflanzen_giessen_erinnerung.nix @@ -5,22 +5,22 @@ let }; notify_home = message: { service = "notify.signal_home"; - data.message_template = message; + data_template.message = message; }; in { services.home-assistant.config.automation = [ - { - alias = "Pflanzen Giessen Erinnerung Daily"; - trigger = { - platform = "time"; - at = "12:15:00"; - }; - action = [ - (notify_felix "Es ist Mittagszeit und du kannst ruhig einmal alle Blumen im Zimmer giessen") - ]; - } + #{ + # alias = "Pflanzen Giessen Erinnerung Daily"; + # trigger = { + # platform = "time"; + # at = "12:15:00"; + # }; + # action = [ + # (notify_felix "Es ist Mittagszeit und du kannst ruhig einmal alle Blumen im Zimmer giessen") + # ]; + #} { alias = "Pflanzen Giessen Erinnerung Weekly"; trigger = { @@ -34,8 +34,9 @@ in action = [ (notify_home ''Es ist Wochenende und die Pflanzen würden sich über ein bisschen Wasser freuen. - Die Wettervorhersage: {{sensor.dark_sky_summary}} mit einer Regenwahrscheinlichkeit von {{states.sensor.dark_sky_precip_probability.state}}%. - Aktuell sind es {{states.sensor.dark_sky_temperature.state}}°C bei {{states.sensor.dark_sky_humidity.state}}% Luftfeuchte'') + Die Wettervorhersage: {{states.sensor.dark_sky_summary.state}} mit einer Regenwahrscheinlichkeit von {{states.sensor.dark_sky_precip_probability.state}}%. + Aktuell sind es {{states.sensor.dark_sky_temperature.state}}°C bei {{states.sensor.dark_sky_humidity.state}}% Luftfeuchte. + Der UV Index liegt bei {{states.sensor.dark_sky_uv_index.state}}'') ]; } ]; From eacd9c4893c0fb27b2ec99ae887fed820dc9ea89 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 6 Jun 2021 13:18:37 +0200 Subject: [PATCH 073/108] ma ham: listen to 0.0.0.0 --- makefu/2configs/home/ham/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/home/ham/default.nix b/makefu/2configs/home/ham/default.nix index 11894906e..79f26a053 100644 --- a/makefu/2configs/home/ham/default.nix +++ b/makefu/2configs/home/ham/default.nix @@ -180,7 +180,8 @@ in { frontend = { }; http = { use_x_forwarded_for = true; - server_host = "127.0.0.1"; + #server_host = "127.0.0.1"; + server_host = "0.0.0.0"; trusted_proxies = [ "127.0.0.1" ]; #trusted_proxies = [ "192.168.1.0/24" ]; }; From 5af3440b85b47b2b3d8eb660217bc0ee66f7a76c Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 6 Jun 2021 13:18:53 +0200 Subject: [PATCH 074/108] ma tools: add element-desktop --- makefu/2configs/tools/extra-gui.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index 5a29eea85..5a6ef7c97 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -16,7 +16,9 @@ saleae-logic gitAndTools.gitFull signal-desktop + element-desktop # rambox + vscode ]; } From 88a845f7a1a037bf6bcf23863d41f36c4cedcd7e Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 6 Jun 2021 13:19:55 +0200 Subject: [PATCH 075/108] ma awesomecfg: autostart element-desktop --- makefu/5pkgs/awesomecfg/full.cfg | 2 ++ 1 file changed, 2 insertions(+) diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg index bbf15e603..049c145dd 100644 --- a/makefu/5pkgs/awesomecfg/full.cfg +++ b/makefu/5pkgs/awesomecfg/full.cfg @@ -489,6 +489,8 @@ awful.rules.rules = { properties = { tag = tags[4] } }, { rule = { class = "telegram-desktop" }, properties = { tag = tags[4] } }, + { rule = { class = "element-desktop" }, + properties = { tag = tags[4] } }, { rule = { class = "mutt" }, properties = { tag = tags[5] } }, { rule = { class = "mosh" }, From 0a0d7cbf9719f8c11924a7221f11411eadbaf1d8 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 6 Jun 2021 13:28:36 +0200 Subject: [PATCH 076/108] ma pkgs.droidcam: rip --- makefu/5pkgs/droidcam/default.nix | 55 ------------------------------- 1 file changed, 55 deletions(-) delete mode 100644 makefu/5pkgs/droidcam/default.nix diff --git a/makefu/5pkgs/droidcam/default.nix b/makefu/5pkgs/droidcam/default.nix deleted file mode 100644 index d30fb01a6..000000000 --- a/makefu/5pkgs/droidcam/default.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ stdenv, fetchFromGitHub -, pkg-config -, alsaLib -, libjpeg_turbo -, ffmpeg -, libusbmuxd -, speex -, gtk3 -, libappindicator-gtk3 -}: - -stdenv.mkDerivation rec { - pname = "droidcam"; - version = "1.6"; - - src = fetchFromGitHub { - owner = "aramg"; - repo = "droidcam"; - rev = "v${version}"; - sha256 = "1d9qpnmqa3pfwsrpjnxdz76ipk4w37bbxyrazchh4vslnfc886fx"; - }; - - sourceRoot = "source/linux"; - - nativeBuildInputs = [ pkg-config ]; - buildInputs = [ - alsaLib - libjpeg_turbo - ffmpeg - libusbmuxd - speex - gtk3 - libappindicator-gtk3 - ]; - - buildPhase = '' - runHook preBuild - make JPEG_DIR="" JPEG_INCLUDE="" JPEG_LIB="" JPEG="$(pkg-config --libs --cflags libturbojpeg)" - ''; - installPhase = '' - runHook preInstall - install -Dm755 "droidcam" "$out/bin/droidcam" - install -Dm755 "droidcam-cli" "$out/bin/droidcam-cli" - install -Dm644 icon2.png "$out/share/pixmaps/droidcam.png" - install -Dm644 README.md "$out/share/licenses/droidcam/LICENSE" - ''; - - meta = with stdenv.lib; { - description = "A kernel module to create V4L2 loopback devices"; - homepage = "https://github.com/aramg/droidcam"; - license = licenses.gpl2; - maintainers = [ maintainers.makefu ]; - platforms = platforms.linux; - }; -} From a5bc9126db72f59062ff9d6a72b2fa35437b42cb Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 6 Jun 2021 13:34:37 +0200 Subject: [PATCH 077/108] ma bureautomation: disable puppy-proxy for now --- makefu/2configs/bureautomation/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix index 669754caf..46bf05963 100644 --- a/makefu/2configs/bureautomation/default.nix +++ b/makefu/2configs/bureautomation/default.nix @@ -6,7 +6,7 @@ in { imports = [ ./ota.nix ./comic-updater.nix - ./puppy-proxy.nix + # ./puppy-proxy.nix ./zigbee2mqtt From fe368cabb7d82eddd2cc0edc7fac362320ad63f7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 6 Jun 2021 16:21:29 +0200 Subject: [PATCH 078/108] realwallpaper: use imagemagick6 (future lassulus has to understand 7) --- krebs/5pkgs/simple/realwallpaper/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix index 8728c0ae7..2fbc7ff86 100644 --- a/krebs/5pkgs/simple/realwallpaper/default.nix +++ b/krebs/5pkgs/simple/realwallpaper/default.nix @@ -9,8 +9,7 @@ pkgs.writers.writeDashBin "generate-wallpaper" '' gnused file findutils - grib2json - imagemagick + imagemagick6 inkscape jq nomads-cloud From 9d5bedb40485c55eb125c29cd609d725aee2c40c Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 7 Jun 2021 08:45:35 +0200 Subject: [PATCH 079/108] l radio: fix starting with 21.05 --- lass/2configs/radio.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index cfc280e50..528d12069 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -4,7 +4,6 @@ with import ; let name = "radio"; - mainUser = config.users.extraUsers.mainUser; music_dir = "/home/radio/music"; @@ -128,8 +127,9 @@ in { services.mpd = { enable = true; - group = "radio"; + user = "radio"; musicDirectory = "${music_dir}"; + dataDir = "/home/radio/state"; # TODO create this somwhere extraConfig = '' log_level "default" auto_update "yes" From bb79bf0ae8aeb47c6f6c74bf205ca43c74d42213 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 7 Jun 2021 08:46:01 +0200 Subject: [PATCH 080/108] l radio: set irc topic --- lass/2configs/radio.nix | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 528d12069..040f5b943 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -83,6 +83,17 @@ let }' ''; + set_irc_topic = pkgs.writeDash "set_irc_topic" '' + ${pkgs.curl}/bin/curl -fsSv --unix-socket /home/radio/reaktor.sock http://z/ \ + -H content-type:application/json \ + -d "$(${pkgs.jq}/bin/jq -n \ + --arg text "$1" '{ + command:"TOPIC", + params:["#the_playlist",$text] + }' + )" + ''; + write_to_irc = pkgs.writeDash "write_to_irc" '' ${pkgs.curl}/bin/curl -fsSv --unix-socket /home/radio/reaktor.sock http://z/ \ -H content-type:application/json \ @@ -203,7 +214,7 @@ in { listeners=$(${pkgs.iproute}/bin/ss -Hno state established 'sport = :8000' | wc -l) echo "$(date -Is)" "$track" | tee -a "$HISTORY_FILE" echo "$(tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE" - ${write_to_irc} "playing: $track listeners: $listeners" + ${set_irc_topic} "playing: $track listeners: $listeners" done ''; in { From 87c02755d0572fd21f31bc35ca5bcf967ea58b29 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 7 Jun 2021 08:46:17 +0200 Subject: [PATCH 081/108] l radio: add mp3 output --- lass/2configs/radio.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 040f5b943..05412caf2 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -144,6 +144,19 @@ in { extraConfig = '' log_level "default" auto_update "yes" + volume_normalization "yes" + + audio_output { + type "httpd" + name "lassulus radio mp3" + encoder "lame" # optional + port "8002" + quality "5.0" # do not define if bitrate is defined + # bitrate "128" # do not define if quality is defined + format "44100:16:2" + always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped. + tags "yes" # httpd supports sending tags to listening streams. + } audio_output { type "httpd" @@ -163,6 +176,7 @@ in { tables = { filter.INPUT.rules = [ { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 8002"; target = "ACCEPT"; } { predicate = "-i retiolum -p tcp --dport 8001"; target = "ACCEPT"; } ]; }; From 2bd87750465c09ef975ac278c80040222c46ee98 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 7 Jun 2021 08:46:27 +0200 Subject: [PATCH 082/108] l radio: stop sharing with xerxes --- lass/2configs/radio.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 05412caf2..5affdb8cd 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -374,7 +374,7 @@ in { }; services.syncthing.declarative.folders."the_playlist" = { path = "/home/radio/music/the_playlist"; - devices = [ "mors" "phone" "prism" "xerxes" ]; + devices = [ "mors" "phone" "prism" ]; }; krebs.permown."/home/radio/music/the_playlist" = { owner = "radio"; From 4a3fef3881b26daa77a7c36bbfafc7fadf5a2f21 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 7 Jun 2021 09:06:56 +0200 Subject: [PATCH 083/108] l radio: fix counting of listeners --- lass/2configs/radio.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 5affdb8cd..a474b0ebc 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -225,7 +225,7 @@ in { ${pkgs.mpc_cli}/bin/mpc idle player > /dev/null ${pkgs.mpc_cli}/bin/mpc current -f %file% done | while read track; do - listeners=$(${pkgs.iproute}/bin/ss -Hno state established 'sport = :8000' | wc -l) + listeners=$(${pkgs.iproute}/bin/ss -Hno state established 'sport = :8000' | grep '^mptcp' | wc -l) echo "$(date -Is)" "$track" | tee -a "$HISTORY_FILE" echo "$(tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE" ${set_irc_topic} "playing: $track listeners: $listeners" From bcdae546a136722b58913e4f65061c8cb6537272 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 7 Jun 2021 18:19:11 +0200 Subject: [PATCH 084/108] nixpkgs: aa57635 -> 5de44c1 --- krebs/nixpkgs.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 3887ab917..5b1cbe781 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "aa576357673d609e618d87db43210e49d4bb1789", - "date": "2021-06-04T17:36:38+02:00", - "path": "/nix/store/qqz5xq0dg8zm8blba5cg7704kbrhqhki-nixpkgs", - "sha256": "1868s3mp0lwg1jpxsgmgijzddr90bjkncf6k6zhdjqihf0i1n2np", + "rev": "5de44c15758465f8ddf84d541ba300b48e56eda4", + "date": "2021-06-05T20:40:48+01:00", + "path": "/nix/store/p5mhp3syp0aqkcrwmf8zi3ik7mgxrlgx-nixpkgs", + "sha256": "05darjv3zc5lfqx9ck7by6p90xgbgs1ni6193pw5zvi7xp2qlg4x", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false From 5e58f74fde72762925407db7d16109662a6407d0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 7 Jun 2021 18:22:50 +0200 Subject: [PATCH 085/108] nixpkgs-unstable: 7a1fbc3 -> fbfb794 --- krebs/nixpkgs-unstable.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index fe46ec022..aaf66e428 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "7a1fbc38a4b538450ac0d42aec8a3e513b4d723e", - "date": "2021-05-16T12:16:31+02:00", - "path": "/nix/store/iq2sy65gmwad2prm8lcdh6k5f7ywxci5-nixpkgs", - "sha256": "0jg8dilsw0gr4jfshkk3wd50gddd11hvd836fxkw43m6m47885p7", + "rev": "fbfb79400a08bf754e32b4d4fc3f7d8f8055cf94", + "date": "2021-06-06T04:54:09-03:00", + "path": "/nix/store/51dsmanfc179xy70kn2rl0qvg45cn6qr-nixpkgs", + "sha256": "0pgyx1l1gj33g5i9kwjar7dc3sal2g14mhfljcajj8bqzzrbc3za", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false From 463d01ef5c58f5750922cf76da6a0b10a0a5eb04 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 8 Jun 2021 16:57:54 +0200 Subject: [PATCH 086/108] flameshot-once: 1.3.0 -> 1.4.0 --- krebs/5pkgs/haskell/flameshot-once.nix | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/krebs/5pkgs/haskell/flameshot-once.nix b/krebs/5pkgs/haskell/flameshot-once.nix index 1b54f7db6..737722875 100644 --- a/krebs/5pkgs/haskell/flameshot-once.nix +++ b/krebs/5pkgs/haskell/flameshot-once.nix @@ -1,14 +1,13 @@ { mkDerivation, async, base, blessings, bytestring, dbus, fetchgit -, iso8601-time, process, random, stdenv, text, time, unagi-chan -, unix +, iso8601-time, lib, process, random, text, time, unagi-chan, unix }: mkDerivation { pname = "flameshot-once"; - version = "1.3.0"; + version = "1.4.0"; src = fetchgit { url = "https://cgit.krebsco.de/flameshot-once"; - sha256 = "1jy73379srnkq79i7k3al406r0kb3pxwgg6f64i89jhzxjn7zmzl"; - rev = "81ce6b9bb68c2739ec5bda067fcfaeab931d55dd"; + sha256 = "03g6sxgp6hcmbww5lzbs5llssgii1w469i5pz14x94542l06cmkq"; + rev = "5f0ba1cf326d215bd5c50ad74c634e92c785ae46"; fetchSubmodules = true; }; isLibrary = false; @@ -17,5 +16,5 @@ mkDerivation { async base blessings bytestring dbus iso8601-time process random text time unagi-chan unix ]; - license = stdenv.lib.licenses.mit; + license = lib.licenses.mit; } From 0b5c89dae9242e1817ae6add75253018f9ac644d Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 8 Jun 2021 17:41:21 +0200 Subject: [PATCH 087/108] module ergo: init --- krebs/2configs/ergo.nix | 13 ++++ krebs/3modules/default.nix | 1 + krebs/3modules/ergo.nix | 136 +++++++++++++++++++++++++++++++++++++ 3 files changed, 150 insertions(+) create mode 100644 krebs/2configs/ergo.nix create mode 100644 krebs/3modules/ergo.nix diff --git a/krebs/2configs/ergo.nix b/krebs/2configs/ergo.nix new file mode 100644 index 000000000..db0bc5748 --- /dev/null +++ b/krebs/2configs/ergo.nix @@ -0,0 +1,13 @@ +{ config, pkgs, ... }: + +{ + networking.firewall.allowedTCPPorts = [ + 6667 + ]; + + krebs.ergo = { + enable = true; + }; +} + + diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index e75afad1d..8866e91ae 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -20,6 +20,7 @@ let ./ci.nix ./current.nix ./dns.nix + ./ergo.nix ./exim.nix ./exim-retiolum.nix ./exim-smarthost.nix diff --git a/krebs/3modules/ergo.nix b/krebs/3modules/ergo.nix new file mode 100644 index 000000000..14f85c4d7 --- /dev/null +++ b/krebs/3modules/ergo.nix @@ -0,0 +1,136 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkEnableOption mkIf mkOption types; + inherit (pkgs) coreutils ergo; + cfg = config.krebs.ergo; + + configFile = pkgs.writeText "ergo.conf" (builtins.toJSON cfg.config); +in + +{ + + ###### interface + + options = { + + krebs.ergo = { + + enable = mkEnableOption "Ergo IRC daemon"; + + config = mkOption { + type = (pkgs.formats.json {}).type; + description = '' + Ergo IRC daemon configuration file. + ''; + default = { + network = { + name = "krebstest"; + }; + server = { + name = "${config.networking.hostName}.r"; + listeners = { + ":6667" = {}; + }; + casemapping = "permissive"; + enforce-utf = true; + lookup-hostnames = false; + ip-cloaking = { + enabled = false; + }; + forward-confirm-hostnames = false; + check-ident = false; + relaymsg = { + enabled = false; + }; + max-sendq = "1M"; + ip-limits = { + count = false; + throttle = false; + }; + }; + datastore = { + path = "${cfg.statedir}/ircd.db"; + }; + accounts = { + authentication-enabled = true; + registration = { + enabled = true; + email-verification = { + enabled = false; + }; + }; + }; + channels = { + default-modes = "+nt"; + }; + limits = { + nicklen = 32; + identlen = 20; + channellen = 64; + awaylen = 390; + kicklen = 390; + topiclen = 390; + }; + }; + }; + + statedir = mkOption { + type = types.path; + default = "/var/lib/ergo"; + description = '' + Location of the state directory of ergo. + ''; + }; + + user = mkOption { + type = types.str; + default = "ergo"; + description = '' + Ergo IRC daemon user. + ''; + }; + + group = mkOption { + type = types.str; + default = "ergo"; + description = '' + Ergo IRC daemon group. + ''; + }; + + }; + + }; + + + ###### implementation + + config = mkIf cfg.enable ({ + users.users.${cfg.user} = { + description = "Ergo IRC daemon user"; + uid = config.ids.uids.ircd; + group = cfg.group; + }; + + users.groups.${cfg.group} = { + gid = config.ids.gids.ircd; + }; + + systemd.tmpfiles.rules = [ + "d ${cfg.statedir} - ${cfg.user} ${cfg.group} - -" + ]; + + systemd.services.ergo = { + description = "Ergo IRC daemon"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStartPre = "${ergo}/bin/ergo initdb --conf ${configFile}"; + ExecStart = "${ergo}/bin/ergo run --conf ${configFile}"; + Group = cfg.group; + User = cfg.user; + }; + }; + + }); +} From 3724069be654a3da3d32ca9ce8c3b9ee7eeabdea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 5 May 2021 06:48:15 +0200 Subject: [PATCH 088/108] mic92: change ip address of eva --- krebs/3modules/external/mic92.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 15136cbce..262c7cdb3 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -621,8 +621,8 @@ in { nets = rec { internet = { # eva.thalheim.io - ip4.addr = "52.59.172.193"; - ip6.addr = "2a05:d014:301:a601:ef0e:5434:d814:b8ed"; + ip4.addr = "157.90.232.92"; + ip6.addr = "2a01:4f8:1c1c:9a9::1"; aliases = [ "eva.i" ]; }; retiolum = { From c8c3f359c97ef81932d841c20473c5f7d4a3df77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 5 May 2021 08:24:34 +0200 Subject: [PATCH 089/108] mic92: move loki.r to eva --- krebs/3modules/external/mic92.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 262c7cdb3..3a2e7f40e 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -467,7 +467,6 @@ in { ip4.addr = "10.243.29.171"; aliases = [ "rock.r" - "loki.r" ]; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- @@ -630,6 +629,7 @@ in { ip4.addr = "10.243.29.185"; aliases = [ "eva.r" + "loki.r" "prometheus.r" "alertmanager.r" ]; From a0b63d8afb02b9e318af3215db2f66d8a9de60d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 5 May 2021 10:11:11 +0200 Subject: [PATCH 090/108] bill: add ip addresses + new key --- krebs/3modules/external/mic92.nix | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 3a2e7f40e..c5ae0831a 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -417,6 +417,11 @@ in { bill = { owner = config.krebs.users.mic92; nets = rec { + internet = { + ip4.addr = "131.159.38.191"; + ip6.addr = "2a09:80c0:38::191"; + aliases = [ "bill.i" ]; + }; retiolum = { addrs = [ config.krebs.hosts.bill.nets.retiolum.ip4.addr @@ -426,12 +431,17 @@ in { aliases = [ "bill.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAzg0wJuDvsbflRKSJ7+ug9y7Gn+BH3CR44fuCPZpWmIcGIUbA6rXj - CD8pF5heOvXNCFlEip2wqTkaCJPnUs3x8BRtORmD6OxDdmqt0xH54u7CixKzrPp9 - GIQydv+ZsGA2z3aDbmBydRPDIvYGhW68FJn10qlGRjCZ5zCl1eVEZ/wMddFXc0B8 - KDbxh7qOkjXon6EOGACVbnrnUR3F1GsIvCxX0cCDrO0P8XHwwsZiAfUwXYkiqw7t - zPcty6Bbr34mSJbb9cFb/qQlfPWT0HVgo+Q65HVkr/64o/9tTyREZcj1dk5PpEPE - bt7PGlOF1oPZpVFQh8S+NviHTtqrvkuISQIDAQAB + MIICCgKCAgEAvzM5dWPpmzzmogjuZC5boNvz+MJcIO0WnE9IINBY+CLSw5ZpNDVB + b97EG0Irs92OLJ5eesdPdF5LIyfFcFHOpPN+NdVEfLDWpFZVgOYh4BRy5+JdEk6O + ybcxLFIdgBHxahd3W27FxXC1ALu/AInAA2b4rwYoNBi23idj8+wtL4MJldkr5QaQ + sx8VQxIMy1xY4AbKcHdOt/nMrPoU6GnE9ObdcLys5cGUl/7Vc0NAMK6RrFQo+jfn + 2N0uWA1hZPAfZEEKP91xiOiRSx15WG3q9R/rqPmBh6l+rdPyWdRKcPVndCzVDrgw + WWPcR9A9Yzr0ZrpEIHOfrDOqb2Ur1HlrXHZRpt55IYOKwC7ZimZzKkMj7zl1t2Rq + nC07IJS7OI38amgLI0PSFI/Mx+mAPdYjd0fDcp8q7reOL63QT7cbrOw+cyOzNzGb + I7U7QaHaA2unOa1EYj5Ocd6jI1IyHqQe9FkUqgTaDVU44U3WEo/KY6FZfhqSPPHs + PsFzMj9nOWUGUr0cAn7DloIfNL49voO1C4HaiEvvhbSFIT/8suq3JznFxmP/q+Ph + qYbXI/LXzU2Ln1Abiu9m1OfxTmEOlH9C54zyUvkAfhjcD2/aZWc76g06Oj2L6kZ6 + EC9Ku7Hk37rVOgZjtXUjuf3eUAvImknQ/JMRM3YDQgmu4iU0tJ1UnqkCAwEAAQ== -----END RSA PUBLIC KEY----- ''; }; From 63964fda5cde0d00c9f54cbd9777745a974725bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 5 May 2021 10:32:40 +0200 Subject: [PATCH 091/108] mic92: nardole: update key + add ip addresses --- krebs/3modules/external/mic92.nix | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index c5ae0831a..4e4c6ea65 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -450,6 +450,11 @@ in { nardole = { owner = config.krebs.users.mic92; nets = rec { + internet = { + ip4.addr = "131.159.38.202"; + ip6.addr = "2a09:80c0:38::202"; + aliases = [ "nardole.i" ]; + }; retiolum = { addrs = [ config.krebs.hosts.nardole.nets.retiolum.ip4.addr @@ -459,12 +464,17 @@ in { aliases = [ "nardole.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA05JzZLPH4+t2X8TI1nYsv4WCQ/OUmuMy9YbKUIRITE2EVA+x47Cf - qdYPucWUpF7ap1rykxHBcPnmORO/NjAymlt25FDyyYQ2uWm17VE7P7jefAUnX7xj - 80Rt7aWCXfldQuRAbza35G+Kl50Y6ydkZYkKCbyQ8fMhuzNp6Wn/pAJD3yr+zdka - AsIoir9Ut9/9CKayRqGF+zaIf2Lj7nl5GL8bCAVJydU98GjlnXt7iuaWCt0H7NiK - FWOjkGhAUlQI9I6l+5ELWClpyk5X+isfbUbYaCCspZJvos+vDE8hJuH5PrH8NuJj - fJv8HrHkcGphn/Nn1TotpHBkyMyE5h6akwIDAQAB + MIICCgKCAgEAyYIN9FYtTmJTXUlBO4QYp9J7SZbglMEq0QCMpF9xQvCqJHl+C1vm + NzAswlhbaK5J1spi6+zUXtYJEVQyP1xesDlVm9G+hntS7woEWtuLO7VUL9whWINb + mO0OmYIEaWTMPIOKPTgc3tYsUhk7dw962/6I81JQczCHg1z2ItsRho/Kwi/Jo2Gj + jnPJQoRek45+xIzlf9Jx38ntioTQIaLuSw7/lplT1cHNcefLje8FQmVEojY79Ijc + 6Ij4b9tPln8eQErw2sANS6kSUOVRnVkfeRW+3a4iRtd8SzXJ+aX5TCsq910Z1+/H + ClK91GctU0V11s/m8LCp/Wz+o+4Z89JLxnil/ZS/6NHsaHysQPFPbx0Uh5nASF64 + RoWhzp2CSJTC9/UJKdPIpIokMIEGgKjy8Up3nY4yjoUnf6SZfzr4jmXfRmYmVaMp + cCjbMbxBo+MjfXlGRxJAFGkS9zO9/21SEDiWqfOVThg5jbBR/q9ysRGcXndS0ea7 + NzsCbU1/0StxxmZLpBRz2MxGSHqlZbwInm9RjsXbCGa32tTiUz8VxjR3LTUMU8AP + xpPLaIo7TIPdkDvCFL+DtXB9lE2PDpnSHbxyXKVKqxmCW1i/+msrBs/gnQ9VjzyA + L1Ip2MBQd+CFUtaj+VdhjfulvpVcpr5e3nZe7cl38qucUp46tbVsJ3UCAwEAAQ== -----END RSA PUBLIC KEY----- ''; }; From e967ad3c6e401b660526b4bc0223312bf038a5f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 10 May 2021 12:28:02 +0200 Subject: [PATCH 092/108] mic92: add aendernix --- krebs/3modules/external/mic92.nix | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 4e4c6ea65..40fdbd4ee 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -269,6 +269,30 @@ in { ''; }; }; + aendernix = { + owner = config.krebs.users.mic92; + nets.retiolum = { + ip4.addr = "10.243.29.172"; + aliases = [ + "aendernix.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAt/dCDTvJU5jugP+5pk2CNM8X6cOnFonJv2eS253nsmKI97T9FSUa + QDt417MoqAJNEeZw7o4ve1fmdZmtfKgmXYdDJi2HSJCJoKY6FUgVOKevtzGg4akl + 4mKTy2z59CxyIbA41MHyLq18W3NLabQ41NpWGBRt9jvHQpZfd+wI8t5IIzdvFrKo + JSOFRbzEBL5//Hc3N/443cUg4IMyDBTemS7/jaZ2/Mn+PVZAdoIPLEZjFeWewmTF + Jd8Bsc2thzAREYHYnawhq3PLJSebMJd91pCdkD0NB0i59VKORcQTFady3fzE9+w4 + RSTqAdBTUDuxzU/B8g1dp89/qW+fVPiFuB5Pf7D9t2DgxTDAeSXMiId/4Hwa0B1G + QCnCedz0Qk2UdId16BTS8DSq8Pd9fawU6qCmPY6ahSiw5ZQ6odMvDISb480cKj41 + pslLjhIItTk3WEs8MwnQCzweNABuCK7GzT7CNaYm3f9pznBlOB+KfoZ6mrlzKkEK + u+gFJXTFym0ZF0wheXO7FCJ1jp4LFHqKGS3zWQyT7isjLsbcQzpOe8/FdiFlQvlG + vltL+5JjcahAMHc/ba+pRa5rSy8ebqf68fg4jlkT94Za13bCIHdK5w7eAXR3s/9z + H2wZmhvajUIZAxQSgFUy+7kKWOIkWqFkGPIdmbdwTaHC88OWshvRv8ECAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; anindya = { owner = config.krebs.users.mic92; nets.retiolum = { From 2c87eb31e0ce9357e5746eb317f424a9c83290c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 18 May 2021 19:18:01 +0200 Subject: [PATCH 093/108] mic92: remove anindya --- krebs/3modules/external/mic92.nix | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 40fdbd4ee..332665e37 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -293,25 +293,6 @@ in { ''; }; }; - anindya = { - owner = config.krebs.users.mic92; - nets.retiolum = { - ip4.addr = "10.243.29.191"; - aliases = [ - "anindya.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA8yWr01WlmM4RYuJdxvzvfdN3C5T3DOknWvK7U3y92HYgtQfYtZwu - +J8r1fpTsdIS8wKdSEqz7Mjhb1JabJBB1fv/2mkAF4V/gkMbP0jqZ6QQL29kgkNP - aI/+zG1yh4kEDgSn843J6XnTsJ/4Na2zmbVP1iIIQYMXyh+meWsBVR6DKV5ighjz - 4h3wKbuMmDrS50aTk8ahgWoiqcE2DTUMeprw4SIL+RTepmsCINQtAJui5Ys6AAbK - ab6gxMzRH2txLBcTfSrbqTX3qHZHLlB9Ai5FEItWqMBxquD6OCxn8DNU+5LgGpt1 - Z37SI1U0c4uu1oo7kOSx6wYP2ZVOatys6QIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; dimitra = { owner = config.krebs.users.mic92; nets.retiolum = { From 8545edfa9adf3b49cc47ddbfbd68959871f961b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sat, 5 Jun 2021 08:04:53 +0200 Subject: [PATCH 094/108] mic92: fix nardole's public ips --- krebs/3modules/external/mic92.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 332665e37..0fca8b815 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -456,8 +456,8 @@ in { owner = config.krebs.users.mic92; nets = rec { internet = { - ip4.addr = "131.159.38.202"; - ip6.addr = "2a09:80c0:38::202"; + ip4.addr = "131.159.102.2"; + ip6.addr = "2a09:80c0:102::2"; aliases = [ "nardole.i" ]; }; retiolum = { From 3aa5d855e1d3406ef41b00a4502109c7f1e464bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sat, 5 Jun 2021 09:15:36 +0200 Subject: [PATCH 095/108] mic92: start adding ed25519 as well --- krebs/3modules/external/mic92.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 0fca8b815..6f1e408f0 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -448,6 +448,7 @@ in { qYbXI/LXzU2Ln1Abiu9m1OfxTmEOlH9C54zyUvkAfhjcD2/aZWc76g06Oj2L6kZ6 EC9Ku7Hk37rVOgZjtXUjuf3eUAvImknQ/JMRM3YDQgmu4iU0tJ1UnqkCAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = bN+knMGCqK+HkdOucynEXxeqGFOS2u8oWLRDV/gNIZI ''; }; }; @@ -481,6 +482,7 @@ in { xpPLaIo7TIPdkDvCFL+DtXB9lE2PDpnSHbxyXKVKqxmCW1i/+msrBs/gnQ9VjzyA L1Ip2MBQd+CFUtaj+VdhjfulvpVcpr5e3nZe7cl38qucUp46tbVsJ3UCAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = BA8uWkeHofZb5s9bNy6PjefKNZwemETWAA+Q6okKn1M ''; }; }; From 1a14d5b95ec22d0cf1103d5900a7fa583fdbcb25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 6 Jun 2021 07:34:54 +0200 Subject: [PATCH 096/108] mic92: add more ed25519 retiolum keys --- krebs/3modules/external/mic92.nix | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 6f1e408f0..64c85c12d 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -39,6 +39,7 @@ in { DKhcgvE6xHCwZnVyJN8MMy1CVyDmnHVYoaTEZ2cCvNi/hXIXgO9KWjSpAv5tP764 UkOE4dlDpEW6G1pNf84BERfRYGDj29A/Jk9LJC/6D09QJXNu18HR0sUCAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = 6VktF9Fg9E0hCW5g+rwGnrPACPSx/8vkl+hPNaFYeND ''; }; }; @@ -72,6 +73,7 @@ in { UU8cQZ3yBLIhTtC+38pRlsdBQHt526q0j0rrnd30JXVAUdWBunP2UJ5QGtA8/mWn cWSlvRf5sfbyrISz6+mLPM2qGHnCkKwORNxmv/1DY07O3Rn6hX0OY4ECAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = qnJmS6W7QSKG3mjW1kPnHGeVmKzhGkyP9xBLGwH5XvD ''; }; }; @@ -148,6 +150,7 @@ in { IzbYu49VO/B1rktYzZ2l2ENQy6OILXWbvFjC8Pt8f1ZZQ4A21PyNA1AdyJ/rbVj7 awm3OnnvKSvMCXWnwHPFHjksb3qMx96Aep1cw3ZBx0sQQ41UWBoOsi8CAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = ikUmx5IC1dvfaHFhpZM9xotwF2LH6EkvpcPTRm6TjeD ''; }; }; @@ -242,8 +245,6 @@ in { -----END RSA PUBLIC KEY----- ''; tinc.subnets = [ - # ohorn lan - "fd42:4492:6a6d:500:8526:2adf:7451:8bbb" # docker network "42:0000:002b:1605:3::/80" ]; @@ -361,6 +362,7 @@ in { 4frtEIGbfdKqQ6nNTvTpCrAo+WAm3NE3khTYqGe4LqX/JMoGtWXp/Ex9IdG+sflM mESMjuHp9vPY4aZGPtYPP93Cxv3q7gm+EfIGebajISpaG28J+XjiNNsCAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = emKq1mfkW4/aCoCwmeFU3DtppKs+KsTvd9YGoFkFgdC ''; }; }; @@ -386,8 +388,6 @@ in { /vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ== -----END RSA PUBLIC KEY----- ''; - # ohorn lan - tinc.subnets = [ "fd42:4492:6a6d:500::/64" ]; }; }; }; @@ -415,6 +415,7 @@ in { 74oJVJgBT5M1rTH2+u+MU+kC+x2UD+jjXEjS55owFWsEM1jI4rGra+dpsDuzdGdG 67wl9JlpDBy4Tkf2Bl3CQWZHsWDsR6jCqwIDAQAB -----END RSA PUBLIC KEY----- + Ed25519PublicKey = Z5+fArxMfP8oLqlHpXadkGc9ROOPHBqugAMD2czmNlJ ''; }; }; @@ -544,6 +545,7 @@ in { W3jpl1y5zShr5Hz90QoYcUTsxg9uk/+yqKpwUySZ6Gh4q0bo5k7nkM9i8mCMfNGZ 0UU94QmwS9RoV4Mt4pSLYRcCs0mVeEjLuIfTFHkXc6LCjBWMn8ICfeMCAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = PmZ8i6lB0Ij/d8qjA0y3QI2rMAlrTZn1ES/hUSNNWMP ''; }; }; @@ -570,9 +572,8 @@ in { W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = bXEnZa/jn2ntL0R4sMsRd7NIoHgzrzUnJ3ReJUQ8iFG ''; - # ohorn lan - tinc.subnets = [ "fd42:4492:6a6d:500:f610:15d1:27a3:674b" ]; }; }; }; @@ -698,6 +699,7 @@ in { EMp7y5QJySmKwJ/XsS6yiHeYXLFwWvfReja/IRFL4RiDSW+6ES4PTEXxoLVDpqgv KF44qim4UBabCMTPVtZcU3Rr+ufBALKJCwIDAQAB -----END RSA PUBLIC KEY----- + Ed25519PublicKey = PmZ8i6lB0Ij/d8qjA0y3QI2rMAlrTZn1ES/hUSNNWMP ''; }; }; @@ -726,6 +728,7 @@ in { fuXAsh5UbnE5kt6vKL5aducScatyd5FRkNumKG5ji26eZR4lZmXn380JLDInV4n7 SODZL2fQFBnSD1wTWcq9Q/luPh4FitzJUZzHexvNxR/KBZycZJtdVw8CAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = pjCpkZToBUBbjUNVMWfYJePZ6g7m7Ccr9WedfKEFsXD ''; }; }; From b8374d440e509dca4e920f917236eaa9ba5251e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 6 Jun 2021 07:54:56 +0200 Subject: [PATCH 097/108] mic92: add ed25519 keys for eve/eva --- krebs/3modules/external/mic92.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 64c85c12d..a31075d33 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -243,6 +243,8 @@ in { 61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13 Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ== -----END RSA PUBLIC KEY----- + + Ed25519PublicKey = 7J1JgVyiy540akMdd/kONta0fMHSl5+FQJ1QhN84TzP ''; tinc.subnets = [ # docker network @@ -676,6 +678,7 @@ in { 6uuTTsn7s0PYBJDNdccOf1Qt8fqPPgzqUKqeUciHojYDDPTC5KQh5m2PBv4I4iIR LnKOqNUX7UCqbdaE/tfFRG0CAwEAAQ== -----END PUBLIC KEY----- + Ed25519PublicKey = 7rbs+10zzfwOPj5RoS1i/01QXuw7uIHGOHIgsjB2fHK ''; }; }; From 8740d705b95dfa5afa91cee99b7797891d73aac2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 6 Jun 2021 08:05:52 +0200 Subject: [PATCH 098/108] mic92: new ed25519 key for rose --- krebs/3modules/external/mic92.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index a31075d33..bbefb8ed8 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -547,7 +547,7 @@ in { W3jpl1y5zShr5Hz90QoYcUTsxg9uk/+yqKpwUySZ6Gh4q0bo5k7nkM9i8mCMfNGZ 0UU94QmwS9RoV4Mt4pSLYRcCs0mVeEjLuIfTFHkXc6LCjBWMn8ICfeMCAwEAAQ== -----END RSA PUBLIC KEY----- - Ed25519PublicKey = PmZ8i6lB0Ij/d8qjA0y3QI2rMAlrTZn1ES/hUSNNWMP + Ed25519PublicKey = 0O1LrgXAFOuei1NfU0vow+qUfim3htBOyCJvPrQFwHE ''; }; }; From 8b18facc0202706766faf2fa4e947b3920b19adc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 8 Jun 2021 18:09:03 +0200 Subject: [PATCH 099/108] mic92: add ed25519 keys for hydrogen --- krebs/3modules/external/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 31cd9e2c3..8f49b64ce 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -701,6 +701,7 @@ in { 1T6DILDF71H92PNylujKSPA0CKI160xJ61Xy/T6MYl5u0+RblAgYr77o5HJwmXCe jFrCu3SKUIlJWYHWE8yNoR+VVYeXakbDFYE3KpVyBDG+ljUbia+Oel8CAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = 3IKIoZqg0jm9+pOOka2FEtihx0y8qAdJqKTuRfJtM ''; }; }; From 899b6874ab1b8925d7f28742583939ad00101fee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 9 Jun 2021 10:24:23 +0200 Subject: [PATCH 100/108] mic92: fix key for hydrogen --- krebs/3modules/external/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 8f49b64ce..8e6fa225a 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -701,7 +701,7 @@ in { 1T6DILDF71H92PNylujKSPA0CKI160xJ61Xy/T6MYl5u0+RblAgYr77o5HJwmXCe jFrCu3SKUIlJWYHWE8yNoR+VVYeXakbDFYE3KpVyBDG+ljUbia+Oel8CAwEAAQ== -----END RSA PUBLIC KEY----- - Ed25519PublicKey = 3IKIoZqg0jm9+pOOka2FEtihx0y8qAdJqKTuRfJtM + Ed25519PublicKey = 3IKIoZqg0jm9+pOOka2FEtihx0y8qAdJqKTuRfJtMpK ''; }; }; From 85cd96ed8bffc97307400e80933548fbfbb353f9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 9 Jun 2021 11:37:27 +0200 Subject: [PATCH 101/108] gollum: follow upstream --- krebs/2configs/wiki.nix | 2 +- krebs/3modules/default.nix | 1 - krebs/3modules/gollum.nix | 112 ------------------------------------- 3 files changed, 1 insertion(+), 114 deletions(-) delete mode 100644 krebs/3modules/gollum.nix diff --git a/krebs/2configs/wiki.nix b/krebs/2configs/wiki.nix index e4f05a6e6..c3d126187 100644 --- a/krebs/2configs/wiki.nix +++ b/krebs/2configs/wiki.nix @@ -27,7 +27,7 @@ let in { - krebs.gollum = { + services.gollum = { enable = true; extraConfig = '' Gollum::Hook.register(:post_commit, :hook_id) do |committer, sha1| diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 8866e91ae..30ca82b97 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -29,7 +29,6 @@ let ./github-known-hosts.nix ./git.nix ./go.nix - ./gollum.nix ./hidden-ssh.nix ./hosts.nix ./htgen.nix diff --git a/krebs/3modules/gollum.nix b/krebs/3modules/gollum.nix deleted file mode 100644 index 4b4e04d16..000000000 --- a/krebs/3modules/gollum.nix +++ /dev/null @@ -1,112 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.krebs.gollum; -in - -{ - options.krebs.gollum = { - enable = mkOption { - type = types.bool; - default = false; - description = "Enable the Gollum service."; - }; - - address = mkOption { - type = types.str; - default = "0.0.0.0"; - description = "IP address on which the web server will listen."; - }; - - port = mkOption { - type = types.int; - default = 4567; - description = "Port on which the web server will run."; - }; - - extraConfig = mkOption { - type = types.lines; - default = ""; - description = "Content of the configuration file"; - }; - - mathjax = mkOption { - type = types.bool; - default = false; - description = "Enable support for math rendering using MathJax"; - }; - - allowUploads = mkOption { - type = types.nullOr (types.enum [ "dir" "page" ]); - default = null; - description = "Enable uploads of external files"; - }; - - emoji = mkOption { - type = types.bool; - default = false; - description = "Parse and interpret emoji tags"; - }; - - branch = mkOption { - type = types.str; - default = "master"; - example = "develop"; - description = "Git branch to serve"; - }; - - stateDir = mkOption { - type = types.path; - default = "/var/lib/gollum"; - description = "Specifies the path of the repository directory. If it does not exist, Gollum will create it on startup."; - }; - - }; - - config = mkIf cfg.enable { - - users.users.gollum = { - group = config.users.users.gollum.name; - description = "Gollum user"; - home = cfg.stateDir; - createHome = false; - isSystemUser = true; - }; - - users.groups.gollum = { }; - - systemd.tmpfiles.rules = [ - "d '${cfg.stateDir}' - ${config.users.users.gollum.name} ${config.users.groups.gollum.name} - -" - ]; - - systemd.services.gollum = { - description = "Gollum wiki"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - path = [ pkgs.git ]; - - preStart = '' - # This is safe to be run on an existing repo - git init ${cfg.stateDir} - ''; - - serviceConfig = { - User = config.users.users.gollum.name; - Group = config.users.groups.gollum.name; - ExecStart = '' - ${pkgs.gollum}/bin/gollum \ - --port ${toString cfg.port} \ - --host ${cfg.address} \ - --config ${pkgs.writeText "gollum-config.rb" cfg.extraConfig} \ - --ref ${cfg.branch} \ - ${optionalString cfg.mathjax "--mathjax"} \ - ${optionalString cfg.emoji "--emoji"} \ - ${optionalString (cfg.allowUploads != null) "--allow-uploads ${cfg.allowUploads}"} \ - ${cfg.stateDir} - ''; - }; - }; - }; -} From 824a1e8d059cadf83cd70d4cc90e2b6406cb93bb Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 9 Jun 2021 11:37:56 +0200 Subject: [PATCH 102/108] wiki: fix ascii error --- krebs/2configs/wiki.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/krebs/2configs/wiki.nix b/krebs/2configs/wiki.nix index c3d126187..7624c2058 100644 --- a/krebs/2configs/wiki.nix +++ b/krebs/2configs/wiki.nix @@ -36,6 +36,8 @@ in ''; }; + systemd.services.gollum.environment.LC_ALL = "en_US.UTF-8"; + networking.firewall.allowedTCPPorts = [ 80 ]; services.nginx = { enable = true; From 9b3adfdaa3c968c858e6442322f6da7b14510147 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 9 Jun 2021 19:22:51 +0200 Subject: [PATCH 103/108] ma pkgs.hdl-dump: rip --- makefu/5pkgs/hdl-dump/default.nix | 33 ------------------------------- 1 file changed, 33 deletions(-) delete mode 100644 makefu/5pkgs/hdl-dump/default.nix diff --git a/makefu/5pkgs/hdl-dump/default.nix b/makefu/5pkgs/hdl-dump/default.nix deleted file mode 100644 index bd454223a..000000000 --- a/makefu/5pkgs/hdl-dump/default.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub, upx, wine }: -stdenv.mkDerivation rec { - pname = "hdl-dump"; - version = "75df8d7"; - name = "${pname}-${version}"; - - src = fetchFromGitHub { - owner = "AKuHAK"; - repo = "hdl-dump"; - rev = version; - sha256 = "10jjr6p5yn0c182x17m7q68jmf8gizcny7wjxw7z5yh0fv5s48z4"; - }; - - buildInputs = [ upx wine ]; - - makeFlags = [ "RELEASE=yes" ]; - - # uses wine, currently broken - #postBuild = '' - # make -C gui - #''; - - installPhase = '' - mkdir -p $out/bin - cp hdl_dump $out/bin - ''; - - meta = { - homepage = https://github.com/AKuHAK/hdl-dump ; - description = "copy isos to psx hdd"; - license = lib.licenses.gpl2; - }; -} From ec84cdad83b9548428c23e142ee8252c144782f0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 9 Jun 2021 21:17:27 +0200 Subject: [PATCH 104/108] Revert "buildbot-classic: build with python 3" This reverts commit df9a52962597126894d3f73f6f286076b22211c9. --- krebs/5pkgs/simple/buildbot-classic/default.nix | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/krebs/5pkgs/simple/buildbot-classic/default.nix b/krebs/5pkgs/simple/buildbot-classic/default.nix index 49d6ff322..c127d2987 100644 --- a/krebs/5pkgs/simple/buildbot-classic/default.nix +++ b/krebs/5pkgs/simple/buildbot-classic/default.nix @@ -1,6 +1,6 @@ -{ pkgs, fetchFromGitHub, python3Packages, git, ... }: +{ pkgs, fetchFromGitHub, python2Packages, git, ... }: -python3Packages.buildPythonApplication rec { +python2Packages.buildPythonApplication rec { name = "buildbot-classic-${version}"; version = "0.8.18"; namePrefix = ""; @@ -15,10 +15,11 @@ python3Packages.buildPythonApplication rec { postUnpack = "sourceRoot=\${sourceRoot}/master"; propagatedBuildInputs = [ - python3Packages.jinja2 - python3Packages.twisted - python3Packages.dateutil - python3Packages.sqlalchemy_migrate + python2Packages.jinja2 + python2Packages.twisted + python2Packages.dateutil + python2Packages.sqlalchemy_migrate + python2Packages.pysqlite pkgs.coreutils ]; doCheck = false; From ca4f0024cc5538eac13b26baf8a9860feeef03d9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 9 Jun 2021 21:21:48 +0200 Subject: [PATCH 105/108] nixpkgs: 5de44c1 -> 60cce7e --- krebs/nixpkgs.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 5b1cbe781..18e9ecd83 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "5de44c15758465f8ddf84d541ba300b48e56eda4", - "date": "2021-06-05T20:40:48+01:00", - "path": "/nix/store/p5mhp3syp0aqkcrwmf8zi3ik7mgxrlgx-nixpkgs", - "sha256": "05darjv3zc5lfqx9ck7by6p90xgbgs1ni6193pw5zvi7xp2qlg4x", + "rev": "60cce7e5e1fdf62421ef6d4184ee399b46209366", + "date": "2021-06-09T01:18:50-04:00", + "path": "/nix/store/fixgn194626rb7gf99l9jaqm0hbqn2ix-nixpkgs", + "sha256": "100xrb925cana1kfd0c7gwkjjalq891vfgr0rn1gl9j8gp3l3gx6", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false From d8d6fe24a0d4de0b6a1c3d20b9eac11031b0eaae Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 9 Jun 2021 22:20:33 +0200 Subject: [PATCH 106/108] buildbot-classic: fix build on 21.05 --- .../5pkgs/simple/buildbot-classic/default.nix | 9 +++-- .../simple/buildbot-classic/sqlparse.nix | 34 +++++++++++++++++++ 2 files changed, 40 insertions(+), 3 deletions(-) create mode 100644 krebs/5pkgs/simple/buildbot-classic/sqlparse.nix diff --git a/krebs/5pkgs/simple/buildbot-classic/default.nix b/krebs/5pkgs/simple/buildbot-classic/default.nix index c127d2987..5e075f1a1 100644 --- a/krebs/5pkgs/simple/buildbot-classic/default.nix +++ b/krebs/5pkgs/simple/buildbot-classic/default.nix @@ -1,6 +1,9 @@ -{ pkgs, fetchFromGitHub, python2Packages, git, ... }: +{ pkgs, fetchFromGitHub, python2Packages, git, ... }: let -python2Packages.buildPythonApplication rec { + # we need the old sqlparse since the new one is python2 incompatible + sqlparse = python2Packages.callPackage ./sqlparse.nix {}; + +in python2Packages.buildPythonApplication rec { name = "buildbot-classic-${version}"; version = "0.8.18"; namePrefix = ""; @@ -18,7 +21,7 @@ python2Packages.buildPythonApplication rec { python2Packages.jinja2 python2Packages.twisted python2Packages.dateutil - python2Packages.sqlalchemy_migrate + (python2Packages.sqlalchemy_migrate.override { sqlparse = sqlparse; }) python2Packages.pysqlite pkgs.coreutils ]; diff --git a/krebs/5pkgs/simple/buildbot-classic/sqlparse.nix b/krebs/5pkgs/simple/buildbot-classic/sqlparse.nix new file mode 100644 index 000000000..b6aee633e --- /dev/null +++ b/krebs/5pkgs/simple/buildbot-classic/sqlparse.nix @@ -0,0 +1,34 @@ +{ stdenv +, buildPythonPackage +, fetchPypi +, pytest +, isPy3k +}: + +buildPythonPackage rec { + pname = "sqlparse"; + version = "0.3.1"; + + src = fetchPypi { + inherit pname version; + sha256 = "e162203737712307dfe78860cc56c8da8a852ab2ee33750e33aeadf38d12c548"; + }; + + checkInputs = [ pytest ]; + checkPhase = '' + py.test + ''; + + # Package supports 3.x, but tests are clearly 2.x only. + doCheck = !isPy3k; + + meta = with stdenv.lib; { + description = "Non-validating SQL parser for Python"; + longDescription = '' + Provides support for parsing, splitting and formatting SQL statements. + ''; + homepage = "https://github.com/andialbrecht/sqlparse"; + license = licenses.bsd3; + }; + +} From 2447bc7d8c496562f03e0cf71a3d90c62fae5764 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 9 Jun 2021 22:21:06 +0200 Subject: [PATCH 107/108] wiki: fix old references to krebs.gollum --- krebs/2configs/wiki.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/2configs/wiki.nix b/krebs/2configs/wiki.nix index 7624c2058..9a18b8dff 100644 --- a/krebs/2configs/wiki.nix +++ b/krebs/2configs/wiki.nix @@ -4,9 +4,9 @@ let setupGit = '' export PATH=${makeBinPath [ pkgs.git ]} - export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.krebs.gollum.stateDir}/.ssh/id_ed25519' + export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.services.gollum.stateDir}/.ssh/id_ed25519' repo='git@localhost:wiki' - cd ${config.krebs.gollum.stateDir} + cd ${config.services.gollum.stateDir} if ! url=$(git config remote.origin.url); then git remote add origin "$repo" elif test "$url" != "$repo"; then @@ -89,7 +89,7 @@ in }; krebs.secret.files.gollum = { - path = "${config.krebs.gollum.stateDir}/.ssh/id_ed25519"; + path = "${config.services.gollum.stateDir}/.ssh/id_ed25519"; owner = { name = "gollum"; }; source-path = "${}"; }; From 04a081a3be600cc5e74aadd4f0fee899d6987a85 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 9 Jun 2021 22:52:03 +0200 Subject: [PATCH 108/108] Revert "l mpv: disable autosub for now" This reverts commit 2181f1dcda28b062ec55076cd8ec9150ec637bad. --- lass/2configs/mpv.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/mpv.nix b/lass/2configs/mpv.nix index 7512787fe..210551a62 100644 --- a/lass/2configs/mpv.nix +++ b/lass/2configs/mpv.nix @@ -80,7 +80,7 @@ let name = "mpv"; paths = [ (pkgs.writeDashBin "mpv" '' - exec ${pkgs.mpv}/bin/mpv -vo=gpu --no-config "$@" # TODO renable autosub when subliminal is in 21.05 again + exec ${pkgs.mpv}/bin/mpv -vo=gpu --no-config --script=${autosub} "$@" '') pkgs.mpv ];