diff --git a/.gitmodules b/.gitmodules index f35a9250d..5b4336510 100644 --- a/.gitmodules +++ b/.gitmodules @@ -4,3 +4,6 @@ [submodule "submodules/krops"] path = submodules/krops url = https://cgit.krebsco.de/krops +[submodule "lass/5pkgs/autowifi"] + path = lass/5pkgs/autowifi + url = https://github.com/Lassulus/autowifi diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index c770391c7..fcdbcbc19 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -103,7 +103,6 @@ let { krebs = import ./krebs { inherit config; }; } { krebs = import ./lass { inherit config; }; } { krebs = import ./makefu { inherit config; }; } - { krebs = import ./mb { inherit config; }; } { krebs = import ./nin { inherit config; }; } { krebs = import ./external/palo.nix { inherit config; }; } { krebs = import ./tv { inherit config; }; } diff --git a/krebs/3modules/mb/default.nix b/krebs/3modules/mb/default.nix deleted file mode 100644 index 31e01c4ab..000000000 --- a/krebs/3modules/mb/default.nix +++ /dev/null @@ -1,151 +0,0 @@ -with import ; -{ config, ... }: let - - hostDefaults = hostName: host: flip recursiveUpdate host { - ci = true; - owner = config.krebs.users.mb; - }; - -in { - hosts = mapAttrs hostDefaults { - orange = { - nets = { - retiolum = { - ip4.addr = "10.243.42.23"; - aliases = [ - "orange.r" - "or4ng3.r" - "0r4n93.r" - ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7P0CkmC5HWnTdgGFzmA - zQuJzHSkSjcGgSkIt0pvqU6xi8P/d4eJlmeXeGTpH62JfM1xhEMpxMVd/4NOON2u - IlWnfu5bB763145IJwE0HmZziWjQXWRPAZMqYdQ5f2Pvmxv1yr3uBNzr8UlV6BjD - FXn8sCvikXttYzts9szlz5+pkY09qfiz48+DMzRBNO6JzXYQ9kPyS+TIXlGpN4Jp - C1TRF38eF2DTEZ58Yx8Z99dGrXVuqlSe77fehTQGxCckTpaZ0HS3XfZNa/cas8JY - /0RzH2n2AndnPirISDZ7r4ZIFuKAaivqaEkM8v7llI77URVB9ZJb/IqCrBzueAbt - V/5ts2HpfBAUhw0RoiH8ql+IQZsuSOpRUC2gUN8460V4SQkVtDcsVTENiD+NM5Mg - ImBv041CsW/rSJOilT2r/rWDN8RFnz/RrAQn+L31KXr81kg1TOLxO0ybs/eMJM3r - RnHFZPiiKdqPlA60g0AnzKXPR2JTszHIgHHoRUW16I1WJeuAJNjg0JDQ0JM7pZ27 - JEaCc7uR12TPiuExKaNEaxKZVY1J0hzxOzF2MFIbAMVz/3K2ycvvuLxKojqIAXxA - D+UtcOfJ62k2WnLXOEIZqFU0J2bvhxYUZOFS55wIn1UJF7hemD/LUFHBiWnuhwHk - TAEl8M851t+Zp3hZeJzgx2kCAwEAAQ== - -----END PUBLIC KEY----- - ''; - }; - }; - }; - rofl = { - nets = { - retiolum = { - ip4.addr = "10.243.42.43"; - aliases = [ - "rofl.r" - ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnysdVVwxkmSroNUleYZm - xdaIB9EdZYCo2xj3WyhsD2lWMpj51FzSH6Y052Vy1V1TCuIXIwjidpmMohBvflG8 - txKCaBGQOZbVqRgzyCDXsNisbr05ayYuHcRrXTpn5ask4HN0Vtx2uJOn8YmOxA0D - VhyEnf8xWu+vi8dwDqRVR17QnPBYqgenzIBmAuRngvNqg6WZg+E9X2e1Dco/PMzb - VW0AgC2+zFCl4+G7dEW7uhsI6IJLy4LsJuEN4TlvWAf7tfdFEnBzTfODW8quGdts - 1Yzah4svPNNt9F1ZhOR/1bDsfVoOjI76BgB0G+ZZPQAGV1zxgn8DXSKi/tJTLNu1 - vj/n9sUJfXMYQdTAOkABghCyEDFUspPKCffQqUXUcJbLKY9fNssGGBeanMsobUQC - Ch9z7kIJ52JDcP/D58z9Yf62P5ENqXzeVPCcodIOey1EizOu/FH3jVo52we1M5sp - 1iM4hMc3ZINUBI9AA1nLWWlB3lBnErAXrhmMMHjcO4nO7/M0YU+EalkDB5eIhqiH - QJx7VnOE2UZYU9Y0vVNSWfYocU12aABK98T7lr5Tde4dI1J81sk2MUZcbNHger3f - NxpvNzOBpeC5xvq/ENCRR7MDf/59xWW5P5N7PbGprLQAi8cfdSoIEhSPz17Taq1f - 3aAAePgBsZvRQozxXZfqp58CAwEAAQ== - -----END PUBLIC KEY----- - ''; - }; - }; - }; - p1nk = { - nets = { - retiolum = { - ip4.addr = "10.243.42.42"; - aliases = [ - "p1nk.r" - ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5YVML71oW3iJrzZKuX48 - AKrGitO5zNvsAHOI8BVsGfZTyxAAZgG4OaDX45kr27K39NcBU43LdDD0I1yjNvGe - zAoL5MIiCPD/QR1kAvLmgpMUSqOVvrk+uoGLVt6dOGvxlOiG1AAaN0gA8Q0B/jZV - 4tZlBpZ7MX9xeK10wqVT56msN69P3EzKQn1uoVRrBxEnNvI1iqmmkgMLcrFVJFBQ - 888Uuw9Hx5MO7ES/ATe8mt0zReUGvn91jYVVsPpmAopWnjCol271gflY0RomFXKy - XaIuvbeF+3otF0+MNqJfm4IsAKJjvl92pjVX0f0eBCSPCYR7D1EtgQrqflLkZKZ8 - jBGDlgpsFWt/Omz1BYcuGZU/djM4+SNxr4YRYMi3lMix3s2PmHvm304I7eEEBlC9 - qy1jq/sLaf8mHJrF6Htl7W5WS/Famkwv/VreI92iHrhsmIDiX7OIbXzYDCxT/PQa - 6uCm/3jIbcHG/ZHZ12H6thkafK0Aoe009+p1n+5Y7V2oNvYe3KzZTnCN5t6z1QHZ - V5iypsd6lNDzlodjleTgGK8FmHGRPRdq1wb3eOLE8mWZj7ygDT50FwaC8FzAcHgC - bLN/zlHvCbYmk9IJhktO3B6wtMrZl60+XCpb5rTulM94RirifFYsnTIDJApI11yb - 3AYi5dQXHjab/lvj6917xa0CAwEAAQ== - -----END PUBLIC KEY----- - ''; - }; - }; - }; - gr33n = { - nets = { - retiolum = { - ip4.addr = "10.243.42.123"; - aliases = [ - "gr33n.r" - ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvcqecLfk8TlGFF7JJpv8 - kjLFNgoNfu9FYRMNG4GSxWL5w+49n6b+GC5ciOC+RJ+N56jfB9JYE0MtbuOmkY5M - JUphuvgOCNhTbBJsjnmG9n02evpxZn9HWypNC3oQCvY2K7vHpIxGKR5PyTVKPO0P - OOYKAbCLD9F2bmuLaBQ/dFXFQxfu3tjvJI9mYDWBpSkh1mYeMZLw2xxnRZLs0bEO - ZWdzxCh9UM/mgb4WYuNED9+sz7MSsaMPAqquarFCguUxhjp6rElGFcNWjXaxA5zt - JGS6VompUViVSHjSaQ5/3VRKoIQjr4NOFYQqLpmB5S2OpiggV6I9OpB7QUGlvcYd - I3j+1AeK11HuEyPqSwxjNCCrI12bSIo3685BPHbl+AMhWGhzrCkAGcOCbAefreXQ - 5v4SaKUIDlCYhN+vyNdlu2jvqQlxfJrPAfBt+jJBK6gMcAEKc7P/Oj4B9Fsl331X - s0kWH5G9t6OhO/Of8/kb2/P+YEbM6zi1QQdZAOr6Cg0y4cMt9zxLWknaM4yEDAXH - oSM33PTv9DOvBjfxRXqOHqOHRq5ayqZdIFgfLUlPTdbWRkhNzjG8f7k7p32m20A6 - Kal+OF//I2c9E9vKFzyepyTcnwi3B8+cFJ74+XYaNApdwHSb1BU/+c3O9RJExZGV - jtTSbSJHU5esECtAuXy1XH8CAwEAAQ== - -----END PUBLIC KEY----- - ''; - }; - }; - }; - sunsh1n3 = { - ci = false; - nets = { - retiolum = { - ip4.addr = "10.243.42.142"; - aliases = [ - "sunsh1n3.r" - ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo2VCqp6mUbyo3n+1XpKf - QavpgRYQyv9wAZzYSYHjxThuLmNb/wERPbWJFMZfAGuku0blKWJISSgFWd9YL7dU - pZQZxfqo/9xnS/r0xIKrKSsBiTZt7JZmTQzj1ri11TIO0S1QPjIP5HsxlZZAw0nz - idEDlKmgWs74FPdezlXqvJyEUKDqL/ZQBtdhZZIDMkSJnCdBzXxKwv+uLVE46ZBf - 4HrtQjcj+dyVMogMIoseAgf5lS6V3pyCM7/NHZFxrIxoIAxSsUoB59i2EbK6aUK5 - yuiWHI6ZHToxN2K/0SX96hzxcwrUmdk49tTHBY0Zhn2ku6NjQPU3LuxgIwrSaSJD - /KWh6XkqR7EsCVN0AIsLvFelI2ckSyNyAlnYbMAHDt7GwHlNp4Lsy+x4ZQ6m0xTY - Z+/jt6sfoMiulPcwWEpqNCCf5A65lF77DldQhH3qYrdQ756n/kOqSfQtPCnVNYXy - LlN5rKCOgxKxxtKkwMUif2OM9RPHpM7wS09Rvek6zpL9ymhU5THF7UylLKxKGjYj - 6dTooyRVQRJdrwIYLrJIy0MfGyYiGAJxf/C0KOOZnJPCW2b51+bo5Zh+BhKZYN8H - C2DEGc8+4h5hX1TAaUfTpfVm3mMTh8H2m9N8Pdl5ji+A0m0IwHDLQyaoskcxSjvU - 9IxYLfkSD6AJqasnHlz0L08CAwEAAQ== - -----END PUBLIC KEY----- - ''; - }; - }; - }; - }; - users = { - mb = { - mail = "mb0@codemonkey.cc"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCHAdKGHP/De/GLEsPo5RBfbaiiitMw4Y/akOekJbImswT6Np2lzqno/WBJcfVs3D39wgPKNld4P/QZc5IwxC26q/PnBFu93KES0GqnlAqUNE63IOJ8UzNdyEqWggnRiLrBU+ZgyFZvmqp6NoSO4YEGEK4RZRMJM/GcAuQMj/nGjx2AHwPGZCkIRgz8/ctBOzX1/knZd3cOnNowH1wlqUKX6UcEzJdAVDQijHF1wl0Ri8tJKq9u8s/fw+1PSOpOHaeF1BALsXSKgeJDqUCTnZW5mAVUWJ86LvvyfCP4In9lhhLisbDm2cD96QaVvJyV6HfmegdSxZ1Phh+9Qz+3WhDJRedBTSKWfK/9j7VWSb+z/KV37q72W25ZfFMSay58LmCqn3v5fGt9qj4nlPw0By4baGLiGlA7xyvkJfdt8ZVPps5d2g6UprTbSA79lYN4qtWKq2Z9t317xch7Lix6EunQcoTkJ6QXEbDrAIk3zvkWr/CtpwEhNcSdWvQsua42dkD2oOI2F2IgFyYgOx9Iba2yj8A0TD2iqfYVhsJIYuk12QfeaR7ovQ6DhHlUxyQzeF6h0Y+I4AN6Sq/Mmj/cxfQoIaAEybUQMX+7KjFceIszT3JbGlz7DCxi7DMmNYuc7LELMRG3jNAOk+fW8u42Bhgc44tzvAondojerUGqCbUDw== mb0@codemonkey.cc"; - }; - }; -} diff --git a/krebs/5pkgs/simple/newsbot-js/default.nix b/krebs/5pkgs/simple/newsbot-js/default.nix index 055e6b476..0ac66f433 100644 --- a/krebs/5pkgs/simple/newsbot-js/default.nix +++ b/krebs/5pkgs/simple/newsbot-js/default.nix @@ -1,11 +1,11 @@ -{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodejs-12_x, pkgs, icu }: +{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodejs, pkgs, icu }: with lib; let nodeEnv = import { inherit (pkgs) stdenv python2 utillinux runCommand writeTextFile; - nodejs = nodejs-12_x; + nodejs = nodejs; libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null; }; @@ -36,7 +36,7 @@ in stdenv.mkDerivation { ]; buildInputs = [ - nodejs-12_x + nodejs makeWrapper ]; @@ -45,7 +45,7 @@ in stdenv.mkDerivation { cp newsbot.js $out/ cat > $out/newsbot << EOF - ${nodejs-12_x}/bin/node $out/newsbot.js + ${nodejs}/bin/node $out/newsbot.js EOF chmod +x $out/newsbot diff --git a/krebs/5pkgs/simple/newsbot-js/node-packages.nix b/krebs/5pkgs/simple/newsbot-js/node-packages.nix index d6b2a06dd..ea45b93f3 100644 --- a/krebs/5pkgs/simple/newsbot-js/node-packages.nix +++ b/krebs/5pkgs/simple/newsbot-js/node-packages.nix @@ -1,4 +1,4 @@ -# This file has been generated by node2nix 1.5.3. Do not edit! +# This file has been generated by node2nix 1.7.0. Do not edit! {nodeEnv, fetchurl, fetchgit, globalBuildInputs ? []}: @@ -13,22 +13,13 @@ let sha1 = "47afbe1a2a9262191db6838e4fd1d39b40821746"; }; }; - "ajv-5.5.2" = { + "ajv-6.10.2" = { name = "ajv"; packageName = "ajv"; - version = "5.5.2"; + version = "6.10.2"; src = fetchurl { - url = "https://registry.npmjs.org/ajv/-/ajv-5.5.2.tgz"; - sha1 = "73b5eeca3fab653e3d3f9422b341ad42205dc965"; - }; - }; - "array-filter-0.0.1" = { - name = "array-filter"; - packageName = "array-filter"; - version = "0.0.1"; - src = fetchurl { - url = "https://registry.npmjs.org/array-filter/-/array-filter-0.0.1.tgz"; - sha1 = "7da8cf2e26628ed732803581fd21f67cacd2eeec"; + url = "https://registry.npmjs.org/ajv/-/ajv-6.10.2.tgz"; + sha512 = "TXtUUEYHuaTEbLZWIKUr5pmBuhDLy+8KYtPYdcV8qC+pOZL+NKqYwvWSRrVXHn+ZmRRAu8vJTAznH7Oag6RVRw=="; }; }; "array-indexofobject-0.0.1" = { @@ -40,31 +31,13 @@ let sha1 = "aaa128e62c9b3c358094568c219ff64fe489d42a"; }; }; - "array-map-0.0.0" = { - name = "array-map"; - packageName = "array-map"; - version = "0.0.0"; - src = fetchurl { - url = "https://registry.npmjs.org/array-map/-/array-map-0.0.0.tgz"; - sha1 = "88a2bab73d1cf7bcd5c1b118a003f66f665fa662"; - }; - }; - "array-reduce-0.0.0" = { - name = "array-reduce"; - packageName = "array-reduce"; - version = "0.0.0"; - src = fetchurl { - url = "https://registry.npmjs.org/array-reduce/-/array-reduce-0.0.0.tgz"; - sha1 = "173899d3ffd1c7d9383e4479525dbe278cab5f2b"; - }; - }; - "asn1-0.2.3" = { + "asn1-0.2.4" = { name = "asn1"; packageName = "asn1"; - version = "0.2.3"; + version = "0.2.4"; src = fetchurl { - url = "https://registry.npmjs.org/asn1/-/asn1-0.2.3.tgz"; - sha1 = "dac8787713c9966849fc8180777ebe9c1ddf3b86"; + url = "https://registry.npmjs.org/asn1/-/asn1-0.2.4.tgz"; + sha512 = "jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg=="; }; }; "assert-plus-1.0.0" = { @@ -94,40 +67,22 @@ let sha1 = "b46e890934a9591f2d2f6f86d7e6a9f1b3fe76a8"; }; }; - "aws4-1.6.0" = { + "aws4-1.8.0" = { name = "aws4"; packageName = "aws4"; - version = "1.6.0"; + version = "1.8.0"; src = fetchurl { - url = "https://registry.npmjs.org/aws4/-/aws4-1.6.0.tgz"; - sha1 = "83ef5ca860b2b32e4a0deedee8c771b9db57471e"; + url = "https://registry.npmjs.org/aws4/-/aws4-1.8.0.tgz"; + sha512 = "ReZxvNHIOv88FlT7rxcXIIC0fPt4KZqZbOlivyWtXLt8ESx84zd3kMC6iK5jVeS2qt+g7ftS7ye4fi06X5rtRQ=="; }; }; - "bcrypt-pbkdf-1.0.1" = { + "bcrypt-pbkdf-1.0.2" = { name = "bcrypt-pbkdf"; packageName = "bcrypt-pbkdf"; - version = "1.0.1"; + version = "1.0.2"; src = fetchurl { - url = "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.1.tgz"; - sha1 = "63bc5dcb61331b92bc05fd528953c33462a06f8d"; - }; - }; - "boom-4.3.1" = { - name = "boom"; - packageName = "boom"; - version = "4.3.1"; - src = fetchurl { - url = "https://registry.npmjs.org/boom/-/boom-4.3.1.tgz"; - sha1 = "4f8a3005cb4a7e3889f749030fd25b96e01d2e31"; - }; - }; - "boom-5.2.0" = { - name = "boom"; - packageName = "boom"; - version = "5.2.0"; - src = fetchurl { - url = "https://registry.npmjs.org/boom/-/boom-5.2.0.tgz"; - sha512 = "19h20yqpvca08dns1rs4f057f10w63v0snxfml4h5khsk266x3x1im0w72bza4k2xn0kfz6jlv001dhcvxsjr09bmbqnysils9m7437"; + url = "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz"; + sha1 = "a4301d389b6a43f9b67ff3ca11a3f6637e360e9e"; }; }; "caseless-0.12.0" = { @@ -139,22 +94,13 @@ let sha1 = "1b681c21ff84033c826543090689420d187151dc"; }; }; - "co-4.6.0" = { - name = "co"; - packageName = "co"; - version = "4.6.0"; - src = fetchurl { - url = "https://registry.npmjs.org/co/-/co-4.6.0.tgz"; - sha1 = "6ea6bdf3d853ae54ccb8e47bfa0bf3f9031fb184"; - }; - }; - "combined-stream-1.0.6" = { + "combined-stream-1.0.8" = { name = "combined-stream"; packageName = "combined-stream"; - version = "1.0.6"; + version = "1.0.8"; src = fetchurl { - url = "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.6.tgz"; - sha1 = "723e7df6e801ac5613113a7e445a9b69cb632818"; + url = "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz"; + sha512 = "FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg=="; }; }; "core-util-is-1.0.2" = { @@ -166,15 +112,6 @@ let sha1 = "b5fd54220aa2bc5ab57aab7140c940754503c1a7"; }; }; - "cryptiles-3.1.2" = { - name = "cryptiles"; - packageName = "cryptiles"; - version = "3.1.2"; - src = fetchurl { - url = "https://registry.npmjs.org/cryptiles/-/cryptiles-3.1.2.tgz"; - sha1 = "a89fbb220f5ce25ec56e8c4aa8a4fd7b5b0d29fe"; - }; - }; "dashdash-1.14.1" = { name = "dashdash"; packageName = "dashdash"; @@ -193,22 +130,22 @@ let sha1 = "df3ae199acadfb7d440aaae0b29e2272b24ec619"; }; }; - "ecc-jsbn-0.1.1" = { + "ecc-jsbn-0.1.2" = { name = "ecc-jsbn"; packageName = "ecc-jsbn"; - version = "0.1.1"; + version = "0.1.2"; src = fetchurl { - url = "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.1.tgz"; - sha1 = "0fc73a9ed5f0d53c38193398523ef7e543777505"; + url = "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz"; + sha1 = "3a83a904e54353287874c564b7549386849a98c9"; }; }; - "extend-3.0.1" = { + "extend-3.0.2" = { name = "extend"; packageName = "extend"; - version = "3.0.1"; + version = "3.0.2"; src = fetchurl { - url = "https://registry.npmjs.org/extend/-/extend-3.0.1.tgz"; - sha1 = "a755ea7bc1adfcc5a31ce7e762dbaadc5e636444"; + url = "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz"; + sha512 = "fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g=="; }; }; "extsprintf-1.3.0" = { @@ -220,13 +157,13 @@ let sha1 = "96918440e3041a7a414f8c52e3c574eb3c3e1e05"; }; }; - "fast-deep-equal-1.1.0" = { + "fast-deep-equal-2.0.1" = { name = "fast-deep-equal"; packageName = "fast-deep-equal"; - version = "1.1.0"; + version = "2.0.1"; src = fetchurl { - url = "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-1.1.0.tgz"; - sha1 = "c053477817c86b51daa853c81e059b733d023614"; + url = "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-2.0.1.tgz"; + sha1 = "7b05218ddf9667bf7f370bf7fdb2cb15fdd0aa49"; }; }; "fast-json-stable-stringify-2.0.0" = { @@ -247,13 +184,13 @@ let sha1 = "fbc71f0c41adeb37f96c577ad1ed42d8fdacca91"; }; }; - "form-data-2.3.2" = { + "form-data-2.3.3" = { name = "form-data"; packageName = "form-data"; - version = "2.3.2"; + version = "2.3.3"; src = fetchurl { - url = "https://registry.npmjs.org/form-data/-/form-data-2.3.2.tgz"; - sha1 = "4970498be604c20c005d4f5c23aecd21d6b49099"; + url = "https://registry.npmjs.org/form-data/-/form-data-2.3.3.tgz"; + sha512 = "1lLKB2Mu3aGP1Q/2eCOx0fNbRMe7XdwktwOruhfqqd0rIJWwN4Dh+E3hrPSlDCXnSR7UtZ1N38rVXm+6+MEhJQ=="; }; }; "getpass-0.1.7" = { @@ -274,31 +211,13 @@ let sha1 = "a94c2224ebcac04782a0d9035521f24735b7ec92"; }; }; - "har-validator-5.0.3" = { + "har-validator-5.1.3" = { name = "har-validator"; packageName = "har-validator"; - version = "5.0.3"; + version = "5.1.3"; src = fetchurl { - url = "https://registry.npmjs.org/har-validator/-/har-validator-5.0.3.tgz"; - sha1 = "ba402c266194f15956ef15e0fcf242993f6a7dfd"; - }; - }; - "hawk-6.0.2" = { - name = "hawk"; - packageName = "hawk"; - version = "6.0.2"; - src = fetchurl { - url = "https://registry.npmjs.org/hawk/-/hawk-6.0.2.tgz"; - sha512 = "1nl2hjr2mnhj5jlaz8mh54z7acwz5j5idkch04qgjk78756gw5d0fjk4a2immil5ij9ijdssb9ndpryvnh2xpcbgcjv8lxybn330als"; - }; - }; - "hoek-4.2.1" = { - name = "hoek"; - packageName = "hoek"; - version = "4.2.1"; - src = fetchurl { - url = "https://registry.npmjs.org/hoek/-/hoek-4.2.1.tgz"; - sha512 = "1y8kprb3qldxqj31zai5n8dvhydsl9nn5w4rskhnbzzhldn6pm6n5lcyam3sfkb61a62d5m58k8im7z6ngwbd9cw9zp4zm4y7ckrf20"; + url = "https://registry.npmjs.org/har-validator/-/har-validator-5.1.3.tgz"; + sha512 = "sNvOCzEQNr/qrvJgc3UG/kD4QtlHycrzwS+6mfTrrSq97BvaYcPZZI1ZSqGSPR73Cxn4LKTD4PttRwfU7jWq5g=="; }; }; "http-signature-1.2.0" = { @@ -319,22 +238,22 @@ let sha1 = "e084d60eeb7d73da7f0a9c096e4c8abe090bfaed"; }; }; - "inherits-2.0.3" = { + "inherits-2.0.4" = { name = "inherits"; packageName = "inherits"; - version = "2.0.3"; + version = "2.0.4"; src = fetchurl { - url = "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz"; - sha1 = "633c2c83e3da42a502f52466022480f4208261de"; + url = "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz"; + sha512 = "k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="; }; }; - "irc-colors-1.4.2" = { + "irc-colors-1.5.0" = { name = "irc-colors"; packageName = "irc-colors"; - version = "1.4.2"; + version = "1.5.0"; src = fetchurl { - url = "https://registry.npmjs.org/irc-colors/-/irc-colors-1.4.2.tgz"; - sha512 = "0f75yhavbhr8lbh3lh83rvyfrrrcxjawnd2rz7sacjd3zxj5524xr28j66f2l11vlngdkbplxz5xsq9dnwrcyqa0jh64k2pvzhn17a1"; + url = "https://registry.npmjs.org/irc-colors/-/irc-colors-1.5.0.tgz"; + sha512 = "HtszKchBQTcqw1DC09uD7i7vvMayHGM1OCo6AHt5pkgZEyo99ClhHTMJdf+Ezc9ovuNNxcH89QfyclGthjZJOw=="; }; }; "is-typedarray-1.0.0" = { @@ -382,13 +301,13 @@ let sha1 = "b480c892e59a2f05954ce727bd3f2a4e882f9e13"; }; }; - "json-schema-traverse-0.3.1" = { + "json-schema-traverse-0.4.1" = { name = "json-schema-traverse"; packageName = "json-schema-traverse"; - version = "0.3.1"; + version = "0.4.1"; src = fetchurl { - url = "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.3.1.tgz"; - sha1 = "349a6d44c53a51de89b40805c5d5e59b417d3340"; + url = "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz"; + sha512 = "xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg=="; }; }; "json-stringify-safe-5.0.1" = { @@ -400,15 +319,6 @@ let sha1 = "1296a2d58fd45f19a0f6ce01d65701e2c735b6eb"; }; }; - "jsonify-0.0.0" = { - name = "jsonify"; - packageName = "jsonify"; - version = "0.0.0"; - src = fetchurl { - url = "https://registry.npmjs.org/jsonify/-/jsonify-0.0.0.tgz"; - sha1 = "2c74b6ee41d93ca51b7b5aaee8f503631d252a73"; - }; - }; "jsprim-1.4.1" = { name = "jsprim"; packageName = "jsprim"; @@ -454,40 +364,40 @@ let sha1 = "d0225373aeb652adc1bc82e4945339a842754773"; }; }; - "mime-db-1.33.0" = { + "mime-db-1.42.0" = { name = "mime-db"; packageName = "mime-db"; - version = "1.33.0"; + version = "1.42.0"; src = fetchurl { - url = "https://registry.npmjs.org/mime-db/-/mime-db-1.33.0.tgz"; - sha512 = "36xnw59ik9fqym00cmwb5nyzg0l03k70cp413f7639j93wgmzk1mh0xjc7i6zz3r6k9xnwh0g5cm5a1f3y8c6plgy4qld7fm887ywh4"; + url = "https://registry.npmjs.org/mime-db/-/mime-db-1.42.0.tgz"; + sha512 = "UbfJCR4UAVRNgMpfImz05smAXK7+c+ZntjaA26ANtkXLlOe947Aag5zdIcKQULAiF9Cq4WxBi9jUs5zkA84bYQ=="; }; }; - "mime-types-2.1.18" = { + "mime-types-2.1.25" = { name = "mime-types"; packageName = "mime-types"; - version = "2.1.18"; + version = "2.1.25"; src = fetchurl { - url = "https://registry.npmjs.org/mime-types/-/mime-types-2.1.18.tgz"; - sha512 = "22krj1kw7n9z10zdyx7smcaim4bzwqsqzhspwha06q58gcrxfp93hw2cd0vk5crhq5p2dwzqlpacg32lrmp5sjzb798zdzy35mdmkwm"; + url = "https://registry.npmjs.org/mime-types/-/mime-types-2.1.25.tgz"; + sha512 = "5KhStqB5xpTAeGqKBAMgwaYMnQik7teQN4IAzC7npDv6kzeU6prfkR67bc87J1kWMPGkoaZSq1npmexMgkmEVg=="; }; }; - "mri-1.1.0" = { + "mri-1.1.4" = { name = "mri"; packageName = "mri"; - version = "1.1.0"; + version = "1.1.4"; src = fetchurl { - url = "https://registry.npmjs.org/mri/-/mri-1.1.0.tgz"; - sha1 = "5c0a3f29c8ccffbbb1ec941dcec09d71fa32f36a"; + url = "https://registry.npmjs.org/mri/-/mri-1.1.4.tgz"; + sha512 = "6y7IjGPm8AzlvoUrwAaw1tLnUBudaS3752vcd8JtrpGGQn+rXIe63LFVHm/YMwtqAuh+LJPCFdlLYPWM1nYn6w=="; }; }; - "nan-2.10.0" = { + "nan-2.14.0" = { name = "nan"; packageName = "nan"; - version = "2.10.0"; + version = "2.14.0"; src = fetchurl { - url = "https://registry.npmjs.org/nan/-/nan-2.10.0.tgz"; - sha512 = "349rr7x0djrlkav4gbhkg355852ingn965r0kkch8rr4cwp7qki9676zpq8cq988yszzd2hld6szsbbnd1v6rghzf11abn1nyzlj1vc"; + url = "https://registry.npmjs.org/nan/-/nan-2.14.0.tgz"; + sha512 = "INOFj37C7k3AfaNTtX8RhsTw7qRy7eLET14cROi9+5HAVbbHuIWUHEauBv5qT4Av2tWasiTY1Jw6puUNqRJXQg=="; }; }; "node-icu-charset-detector-0.2.0" = { @@ -499,13 +409,13 @@ let sha1 = "c2320da374ddcb671fc54cb4a0e041e156ffd639"; }; }; - "oauth-sign-0.8.2" = { + "oauth-sign-0.9.0" = { name = "oauth-sign"; packageName = "oauth-sign"; - version = "0.8.2"; + version = "0.9.0"; src = fetchurl { - url = "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.8.2.tgz"; - sha1 = "46a6ab7f0aead8deae9ec0565780b7d4efeb9d43"; + url = "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.9.0.tgz"; + sha512 = "fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ=="; }; }; "performance-now-2.1.0" = { @@ -517,13 +427,22 @@ let sha1 = "6309f4e0e5fa913ec1c69307ae364b4b377c9e7b"; }; }; - "process-nextick-args-2.0.0" = { + "process-nextick-args-2.0.1" = { name = "process-nextick-args"; packageName = "process-nextick-args"; - version = "2.0.0"; + version = "2.0.1"; src = fetchurl { - url = "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.0.tgz"; - sha512 = "0rw8xpqqkhs91722slvzf8icxfaimqp4w8zb3840jxr7r8n8035byl6dhdi5bm0yr6x7sdws0gf3m025fg6hqgaklwlbl4d7bah5l9j"; + url = "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz"; + sha512 = "3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag=="; + }; + }; + "psl-1.4.0" = { + name = "psl"; + packageName = "psl"; + version = "1.4.0"; + src = fetchurl { + url = "https://registry.npmjs.org/psl/-/psl-1.4.0.tgz"; + sha512 = "HZzqCGPecFLyoRj5HLfuDSKYTJkAfB5thKBIkRHtGjWwY7p1dAyveIbXIq4tO0KYfDF2tHqPUgY9SDnGm00uFw=="; }; }; "punycode-1.4.1" = { @@ -535,13 +454,22 @@ let sha1 = "c0d5a63b2718800ad8e1eb0fa5269c84dd41845e"; }; }; - "qs-6.5.1" = { + "punycode-2.1.1" = { + name = "punycode"; + packageName = "punycode"; + version = "2.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz"; + sha512 = "XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A=="; + }; + }; + "qs-6.5.2" = { name = "qs"; packageName = "qs"; - version = "6.5.1"; + version = "6.5.2"; src = fetchurl { - url = "https://registry.npmjs.org/qs/-/qs-6.5.1.tgz"; - sha512 = "3waqapyj1k4g135sgj636rmswiaixq19is1rw0rpv4qp6k7dl0a9nwy06m7yl5lbdk9p6xpwwngnggbzlzaz6rh11c86j2nvnnf273r"; + url = "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz"; + sha512 = "N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA=="; }; }; "readable-stream-2.3.6" = { @@ -550,16 +478,34 @@ let version = "2.3.6"; src = fetchurl { url = "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz"; - sha512 = "0mj9b6190amln9rg89x5pq2n195s3v0gzicpdamv1kbabg69aw5m71l34jsjn7bqil7405l6l35x9ijnb3h4jz5vx2i00l8sl1ll2xm"; + sha512 = "tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw=="; }; }; - "safe-buffer-5.1.1" = { + "safe-buffer-5.1.2" = { name = "safe-buffer"; packageName = "safe-buffer"; - version = "5.1.1"; + version = "5.1.2"; src = fetchurl { - url = "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.1.tgz"; - sha512 = "1p28rllll1w65yzq5azi4izx962399xdsdlfbaynn7vmp981hiss05jhiy9hm7sbbfk3b4dhlcv0zy07fc59mnc07hdv6wcgqkcvawh"; + url = "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz"; + sha512 = "Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="; + }; + }; + "safe-buffer-5.2.0" = { + name = "safe-buffer"; + packageName = "safe-buffer"; + version = "5.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.0.tgz"; + sha512 = "fZEwUGbVl7kouZs1jCdMLdt95hdIv0ZeHg6L7qPeciMZhZ+/gdesW4wgTARkrFWEpspjEATAzUGPG8N2jJiwbg=="; + }; + }; + "safer-buffer-2.1.2" = { + name = "safer-buffer"; + packageName = "safer-buffer"; + version = "2.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz"; + sha512 = "YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="; }; }; "sax-1.2.4" = { @@ -568,25 +514,16 @@ let version = "1.2.4"; src = fetchurl { url = "https://registry.npmjs.org/sax/-/sax-1.2.4.tgz"; - sha512 = "1dn291mjsda42w8kldlbmngk6dhjxfbvvd5lckyqmwbjaj6069iq3wx0nvcfglwnpddz2qa93lzf4hv77iz43bd2qixa079sjzl799n"; + sha512 = "NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw=="; }; }; - "sntp-2.1.0" = { - name = "sntp"; - packageName = "sntp"; - version = "2.1.0"; - src = fetchurl { - url = "https://registry.npmjs.org/sntp/-/sntp-2.1.0.tgz"; - sha512 = "0k2smmr24w5hb1cpql6vcgh58vzp4pmh9anf0bgz3arlsgq1mapnlq9fjqr6xs10aq1cmxaw987fwknqi62frax0fvs9bj3q3kmpg8l"; - }; - }; - "sshpk-1.14.1" = { + "sshpk-1.16.1" = { name = "sshpk"; packageName = "sshpk"; - version = "1.14.1"; + version = "1.16.1"; src = fetchurl { - url = "https://registry.npmjs.org/sshpk/-/sshpk-1.14.1.tgz"; - sha1 = "130f5975eddad963f1d56f92b9ac6c51fa9f83eb"; + url = "https://registry.npmjs.org/sshpk/-/sshpk-1.16.1.tgz"; + sha512 = "HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg=="; }; }; "string_decoder-1.1.1" = { @@ -595,25 +532,16 @@ let version = "1.1.1"; src = fetchurl { url = "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz"; - sha512 = "315yd4vzwrwk3vwj1klf46y1cj2jbvf88066y2rnwhksb98phj46jkxixbwsp3h607w7czy7cby522s7sx8mvspdpdm3s72y2ga3x4z"; + sha512 = "n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg=="; }; }; - "stringstream-0.0.5" = { - name = "stringstream"; - packageName = "stringstream"; - version = "0.0.5"; - src = fetchurl { - url = "https://registry.npmjs.org/stringstream/-/stringstream-0.0.5.tgz"; - sha1 = "4e484cd4de5a0bbbee18e46307710a8a81621878"; - }; - }; - "tough-cookie-2.3.4" = { + "tough-cookie-2.4.3" = { name = "tough-cookie"; packageName = "tough-cookie"; - version = "2.3.4"; + version = "2.4.3"; src = fetchurl { - url = "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.3.4.tgz"; - sha512 = "0ncm6j3cjq1f26mzjf04k9bkw1b08w53s4qa3a11c1bdj4pgnqv1422c1xs5jyy6y1psppjx52fhagq5zkjkgrcpdkxcdiry96r77jd"; + url = "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.4.3.tgz"; + sha512 = "Q5srk/4vDM54WJsJio3XNn6K2sCG+CQ8G5Wz6bZhRZoAe/+TxjWB/GlFAnYEbkYVlON9FMk/fE3h2RLpPXo4lQ=="; }; }; "tunnel-agent-0.6.0" = { @@ -634,6 +562,15 @@ let sha1 = "5ae68177f192d4456269d108afa93ff8743f4f64"; }; }; + "uri-js-4.2.2" = { + name = "uri-js"; + packageName = "uri-js"; + version = "4.2.2"; + src = fetchurl { + url = "https://registry.npmjs.org/uri-js/-/uri-js-4.2.2.tgz"; + sha512 = "KY9Frmirql91X2Qgjry0Wd4Y+YTdrdZheS8TFwvkbLWf/G5KNJDCh6pKL5OZctEW4+0Baa5idK2ZQuELRwPznQ=="; + }; + }; "util-deprecate-1.0.2" = { name = "util-deprecate"; packageName = "util-deprecate"; @@ -643,13 +580,13 @@ let sha1 = "450d4dc9fa70de732762fbd2d4a28981419a0ccf"; }; }; - "uuid-3.2.1" = { + "uuid-3.3.3" = { name = "uuid"; packageName = "uuid"; - version = "3.2.1"; + version = "3.3.3"; src = fetchurl { - url = "https://registry.npmjs.org/uuid/-/uuid-3.2.1.tgz"; - sha512 = "0843vl1c974n8kw5kn0kvhvhwk8y8jydr0xkwwl2963xxmkw4ingk6xj9c8m48jw2i95giglxzq5aw5v5mij9kv7fzln8pxav1cr6cd"; + url = "https://registry.npmjs.org/uuid/-/uuid-3.3.3.tgz"; + sha512 = "pW0No1RGHgzlpHJO1nsVrHKpOEIxkGg1xB+v0ZmdNH5OAeAwzAVrCnI2/6Mtx+Uys6iaylxa+D3g4j63IKKjSQ=="; }; }; "verror-1.10.0" = { @@ -676,16 +613,16 @@ in sources."addressparser-1.0.1" sources."array-indexofobject-0.0.1" sources."core-util-is-1.0.2" - sources."inherits-2.0.3" + sources."inherits-2.0.4" sources."isarray-1.0.0" sources."lodash.assign-4.2.0" sources."lodash.get-4.4.2" sources."lodash.has-4.5.2" sources."lodash.uniq-4.5.0" - sources."mri-1.1.0" - sources."process-nextick-args-2.0.0" + sources."mri-1.1.4" + sources."process-nextick-args-2.0.1" sources."readable-stream-2.3.6" - sources."safe-buffer-5.1.1" + sources."safe-buffer-5.1.2" sources."sax-1.2.4" sources."string_decoder-1.1.1" sources."util-deprecate-1.0.2" @@ -698,29 +635,32 @@ in }; production = true; bypassCache = true; + reconstructLock = true; }; form-data = nodeEnv.buildNodePackage { name = "form-data"; packageName = "form-data"; - version = "2.3.2"; + version = "3.0.0"; src = fetchurl { - url = "https://registry.npmjs.org/form-data/-/form-data-2.3.2.tgz"; - sha1 = "4970498be604c20c005d4f5c23aecd21d6b49099"; + url = "https://registry.npmjs.org/form-data/-/form-data-3.0.0.tgz"; + sha512 = "CKMFDglpbMi6PyN+brwB9Q/GOw0eAnsrEZDgcsH5Krhz5Od/haKHAX0NmQfha2zPPz0JpWzA7GJHGSnvCRLWsg=="; }; dependencies = [ sources."asynckit-0.4.0" - sources."combined-stream-1.0.6" + sources."combined-stream-1.0.8" sources."delayed-stream-1.0.0" - sources."mime-db-1.33.0" - sources."mime-types-2.1.18" + sources."mime-db-1.42.0" + sources."mime-types-2.1.25" ]; buildInputs = globalBuildInputs; meta = { description = "A library to create readable \"multipart/form-data\" streams. Can be used to submit forms and file uploads to other web applications."; + homepage = "https://github.com/form-data/form-data#readme"; license = "MIT"; }; production = true; bypassCache = true; + reconstructLock = true; }; irc = nodeEnv.buildNodePackage { name = "irc"; @@ -732,8 +672,8 @@ in }; dependencies = [ sources."iconv-2.2.3" - sources."irc-colors-1.4.2" - sources."nan-2.10.0" + sources."irc-colors-1.5.0" + sources."nan-2.14.0" sources."node-icu-charset-detector-0.2.0" ]; buildInputs = globalBuildInputs; @@ -744,69 +684,66 @@ in }; production = true; bypassCache = true; + reconstructLock = true; }; request = nodeEnv.buildNodePackage { name = "request"; packageName = "request"; - version = "2.85.0"; + version = "2.88.0"; src = fetchurl { - url = "https://registry.npmjs.org/request/-/request-2.85.0.tgz"; - sha512 = "2d3hg10zs5ycnr8prmiwdhacf88fl0x0bi6szs0z2r07zcbk419laixwpjp8sqapbc2ifyyih7p3r60wgr58bmcncz3pqnx523c8zph"; + url = "https://registry.npmjs.org/request/-/request-2.88.0.tgz"; + sha512 = "NAqBSrijGLZdM0WZNsInLJpkJokL72XYjUpnB0iwsRgxh7dB6COrHnTBNwN0E+lHDAJzu7kLAkDeY08z2/A0hg=="; }; dependencies = [ - sources."ajv-5.5.2" - sources."asn1-0.2.3" + sources."ajv-6.10.2" + sources."asn1-0.2.4" sources."assert-plus-1.0.0" sources."asynckit-0.4.0" sources."aws-sign2-0.7.0" - sources."aws4-1.6.0" - sources."bcrypt-pbkdf-1.0.1" - sources."boom-4.3.1" + sources."aws4-1.8.0" + sources."bcrypt-pbkdf-1.0.2" sources."caseless-0.12.0" - sources."co-4.6.0" - sources."combined-stream-1.0.6" + sources."combined-stream-1.0.8" sources."core-util-is-1.0.2" - (sources."cryptiles-3.1.2" // { - dependencies = [ - sources."boom-5.2.0" - ]; - }) sources."dashdash-1.14.1" sources."delayed-stream-1.0.0" - sources."ecc-jsbn-0.1.1" - sources."extend-3.0.1" + sources."ecc-jsbn-0.1.2" + sources."extend-3.0.2" sources."extsprintf-1.3.0" - sources."fast-deep-equal-1.1.0" + sources."fast-deep-equal-2.0.1" sources."fast-json-stable-stringify-2.0.0" sources."forever-agent-0.6.1" - sources."form-data-2.3.2" + sources."form-data-2.3.3" sources."getpass-0.1.7" sources."har-schema-2.0.0" - sources."har-validator-5.0.3" - sources."hawk-6.0.2" - sources."hoek-4.2.1" + sources."har-validator-5.1.3" sources."http-signature-1.2.0" sources."is-typedarray-1.0.0" sources."isstream-0.1.2" sources."jsbn-0.1.1" sources."json-schema-0.2.3" - sources."json-schema-traverse-0.3.1" + sources."json-schema-traverse-0.4.1" sources."json-stringify-safe-5.0.1" sources."jsprim-1.4.1" - sources."mime-db-1.33.0" - sources."mime-types-2.1.18" - sources."oauth-sign-0.8.2" + sources."mime-db-1.42.0" + sources."mime-types-2.1.25" + sources."oauth-sign-0.9.0" sources."performance-now-2.1.0" - sources."punycode-1.4.1" - sources."qs-6.5.1" - sources."safe-buffer-5.1.1" - sources."sntp-2.1.0" - sources."sshpk-1.14.1" - sources."stringstream-0.0.5" - sources."tough-cookie-2.3.4" + sources."psl-1.4.0" + sources."punycode-2.1.1" + sources."qs-6.5.2" + sources."safe-buffer-5.2.0" + sources."safer-buffer-2.1.2" + sources."sshpk-1.16.1" + (sources."tough-cookie-2.4.3" // { + dependencies = [ + sources."punycode-1.4.1" + ]; + }) sources."tunnel-agent-0.6.0" sources."tweetnacl-0.14.5" - sources."uuid-3.2.1" + sources."uri-js-4.2.2" + sources."uuid-3.3.3" sources."verror-1.10.0" ]; buildInputs = globalBuildInputs; @@ -817,28 +754,24 @@ in }; production = true; bypassCache = true; + reconstructLock = true; }; shell-quote = nodeEnv.buildNodePackage { name = "shell-quote"; packageName = "shell-quote"; - version = "1.6.1"; + version = "1.7.2"; src = fetchurl { - url = "https://registry.npmjs.org/shell-quote/-/shell-quote-1.6.1.tgz"; - sha1 = "f4781949cce402697127430ea3b3c5476f481767"; + url = "https://registry.npmjs.org/shell-quote/-/shell-quote-1.7.2.tgz"; + sha512 = "mRz/m/JVscCrkMyPqHc/bczi3OQHkLTqXHEFu0zDhK/qfv3UcOA4SVmRCLmos4bhjr9ekVQubj/R7waKapmiQg=="; }; - dependencies = [ - sources."array-filter-0.0.1" - sources."array-map-0.0.0" - sources."array-reduce-0.0.0" - sources."jsonify-0.0.0" - ]; buildInputs = globalBuildInputs; meta = { description = "quote and parse shell commands"; - homepage = "https://github.com/substack/node-shell-quote#readme"; + homepage = https://github.com/substack/node-shell-quote; license = "MIT"; }; production = true; bypassCache = true; + reconstructLock = true; }; } \ No newline at end of file diff --git a/krebs/5pkgs/simple/newsbot-js/update.sh b/krebs/5pkgs/simple/newsbot-js/update.sh index 0c1ecc58c..ee7e43f1a 100755 --- a/krebs/5pkgs/simple/newsbot-js/update.sh +++ b/krebs/5pkgs/simple/newsbot-js/update.sh @@ -1,2 +1,4 @@ -node2nix -8 -i pkgs.json -c combine.nix +#! /usr/bin/env nix-shell +#! nix-shell -i bash -p nodePackages.node2nix +node2nix -12 -i pkgs.json -c combine.nix rm node-env.nix combine.nix diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index be96d5f7e..d77432258 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "c1966522d7d5fa54db068140d212cba18731dd98", - "date": "2019-11-15T22:50:52+00:00", - "sha256": "104481nxv0hi1rk3g0fjzyki1668p4b46bz0j3lsqv5gv1nm43vm", + "rev": "e89b21504f3e61e535229afa0b121defb52d2a50", + "date": "2019-11-19T07:59:43-05:00", + "sha256": "0jqcv3rfki3mwda00g66d27k6q2y7ca5mslrnshfpbdm7j8ya0kj", "fetchSubmodules": false } diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index ba4b327f3..bb35a51b0 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "07e66484e679d0e28533543f762be20d6d425b66", - "date": "2019-11-16T11:23:08+00:00", - "sha256": "1d3n1yfp9xhl7nh377sp2wwnh0gscislg6gzj8sgdq169d18lgsg", + "rev": "4ad6f1404a8cd69a11f16edba09cc569e5012e42", + "date": "2019-11-23T00:42:36+01:00", + "sha256": "1pclh0hvma66g3yxrrh9rlzpscqk5ylypnmiczz1bwwrl8n21q3h", "fetchSubmodules": false } diff --git a/lass/2configs/codimd.nix b/lass/2configs/codimd.nix index b2d44d135..e55090de9 100644 --- a/lass/2configs/codimd.nix +++ b/lass/2configs/codimd.nix @@ -1,18 +1,6 @@ { config, pkgs, lib, ... }: with import ; -let - - nixpkgs_pre_node_10_17 = import (pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs"; - rev = "81f4c491afbc8f0fe994ef946b1ac61cf1261577"; - sha256 = "0xvawrd9nq3ybvq2pdp5gyi8gygf0yimgp0bx1xggq6l8mvgrj71"; - }) {}; -in { - nixpkgs.config.packageOverrides = pkgs: { - codimd = nixpkgs_pre_node_10_17.codimd; - }; - +{ services.nginx.virtualHosts.codimd = { enableACME = true; addSSL = true; diff --git a/lass/5pkgs/autowifi b/lass/5pkgs/autowifi new file mode 160000 index 000000000..cf3ae8f6f --- /dev/null +++ b/lass/5pkgs/autowifi @@ -0,0 +1 @@ +Subproject commit cf3ae8f6fe285eab67db4f36f9a3da3762c35317 diff --git a/lass/5pkgs/autowifi/autowifi.py b/lass/5pkgs/autowifi/autowifi.py deleted file mode 100644 index fa3d007e7..000000000 --- a/lass/5pkgs/autowifi/autowifi.py +++ /dev/null @@ -1,228 +0,0 @@ -import subprocess -import time -import urllib.request -import logging -import argparse -import socket -import struct -import signal -import os - -wifiDB = '' -logger = logging.getLogger() -got_signal = False - - -def signal_handler(signum, frame): - global got_signal - got_signal = True - - -def get_default_gateway() -> str: - """Read the default gateway directly from /proc.""" - with open("/proc/net/route") as fh: - for line in fh: - fields = line.strip().split() - if fields[1] != '00000000' or not int(fields[3], 16) & 2: - continue - - return socket.inet_ntoa(struct.pack(" { config = { allowUnfree = true; }; }; -in { - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - - ]; - - krebs.build.host = config.krebs.hosts.gr33n; - - boot.kernelPackages = pkgs.linuxPackages_latest; - boot.extraModulePackages = with config.boot.kernelPackages; [ wireguard ]; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - fileSystems."/".options = [ "noatime" "nodiratime" "discard" ]; - fileSystems."/mnt/public" = { - device = "//192.168.0.4/public"; - fsType = "cifs"; - options = let - automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; - in [ "${automount_opts},user,rw,username=mb0,iocharset=utf8,credentials=${config.users.users.mb.home}/.smbcredentials" ]; - }; - - i18n = { - consoleFont = "Lat2-Terminus16"; - consoleKeyMap = "de"; - defaultLocale = "en_US.UTF-8"; - }; - - time.timeZone = "Europe/Berlin"; - - nixpkgs.config.allowUnfree = true; - - nixpkgs.config.packageOverrides = super: { - openvpn = super.openvpn.override { - pkcs11Support = true; - useSystemd = false; - }; - }; - - environment.shellAliases = { - ll = "ls -alh"; - ls = "ls --color=tty"; - }; - - environment.systemPackages = with pkgs; [ - curl - fish - git - htop - nmap - ranger - tcpdump - tmux - traceroute - tree - vim - wcalc - wget - xz - zbackup - ]; - - programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; - - sound.enable = false; - - services.openssh.enable = true; - services.openssh.passwordAuthentication = false; - - services.codimd = { - enable = true; - workDir = "/storage/codimd"; - configuration = { - port = 1337; - host = "0.0.0.0"; - db = { - dialect = "sqlite"; - storage = "/storage/codimd/db.codimd.sqlite"; - }; - }; - }; - - networking.wireless.enable = false; - networking.networkmanager.enable = false; - krebs.iptables.enable = true; - networking.enableIPv6 = false; - - programs.fish = { - enable = true; - shellInit = '' - function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity' - if begin - set -q SSH_AGENT_PID - and kill -0 $SSH_AGENT_PID - and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline - end - echo "ssh-agent running on pid $SSH_AGENT_PID" - else - eval (command ssh-agent -c | sed 's/^setenv/set -Ux/') - end - set -l identity $HOME/.ssh/id_rsa - set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}') - ssh-add -l | grep -q $fingerprint - or ssh-add $identity - end - ''; - promptInit = '' - function fish_prompt --description 'Write out the prompt' - set -l color_cwd - set -l suffix - set -l nix_shell_info ( - if test "$IN_NIX_SHELL" != "" - echo -n " " - end - ) - switch "$USER" - case root toor - if set -q fish_color_cwd_root - set color_cwd $fish_color_cwd_root - else - set color_cwd $fish_color_cwd - end - set suffix '#' - case '*' - set color_cwd $fish_color_cwd - set suffix '>' - end - - echo -n -s "$USER" @ (set_color green) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix " - end - ''; - }; - - nix.buildCores = 4; - system.autoUpgrade.enable = false; - system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03"; - system.stateVersion = "19.03"; - -} diff --git a/mb/1systems/gr33n/hardware-configuration.nix b/mb/1systems/gr33n/hardware-configuration.nix deleted file mode 100644 index 1d13b8dc7..000000000 --- a/mb/1systems/gr33n/hardware-configuration.nix +++ /dev/null @@ -1,37 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ - ]; - - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - boot.initrd.mdadmConf = '' - ARRAY /dev/md0 level=raid6 num-devices=4 metadata=1.2 name=gr33n:0 UUID=5b715fd9:0be6bfa6:19f07db4:c16836d6 - devices=/dev/sda1,/dev/sdb1,/dev/sdc1,/dev/sdd1 - ''; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/a9f2c19b-f60f-450c-87f1-146a54c4198b"; - fsType = "ext4"; - }; - fileSystems."/storage" = - { device = "/dev/disk/by-label/storage"; - fsType = "ext4"; - }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/93EB-BCA3"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; -} diff --git a/mb/1systems/orange/configuration.nix b/mb/1systems/orange/configuration.nix deleted file mode 100644 index b43bd8a0f..000000000 --- a/mb/1systems/orange/configuration.nix +++ /dev/null @@ -1,238 +0,0 @@ -{ config, pkgs, callPackage, ... }: let - unstable = import { config = { allowUnfree = true; }; }; -in { - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - - - ]; - - krebs.build.host = config.krebs.hosts.orange; - - boot.kernelPackages = pkgs.linuxPackages_latest; - boot.extraModulePackages = with config.boot.kernelPackages; [ wireguard ]; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - boot.initrd.luks.devices = [ - { - name = "root"; - device = "/dev/disk/by-uuid/09a36f91-a713-4b82-8b41-4e7a6acc4acf"; - preLVM = true; - allowDiscards = true; - } - ]; - - fileSystems."/".options = [ "noatime" "nodiratime" "discard" ]; - fileSystems."/mnt/public" = { - device = "//192.168.0.4/public"; - fsType = "cifs"; - options = let - automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; - in [ "${automount_opts},user,rw,username=mb0,iocharset=utf8,credentials=${config.users.users.mb.home}/.smbcredentials" ]; - }; - - - # Select internationalisation properties. - i18n = { - consoleFont = "Lat2-Terminus16"; - consoleKeyMap = "de"; - defaultLocale = "en_US.UTF-8"; - }; - - time.timeZone = "Europe/Berlin"; - - nixpkgs.config.packageOverrides = super: { - openvpn = super.openvpn.override { pkcs11Support = true; useSystemd = false; }; - }; - - nixpkgs.config.allowUnfree = true; - - fonts = { - enableCoreFonts = true; - enableGhostscriptFonts = true; - fonts = with pkgs; [ - anonymousPro - corefonts - dejavu_fonts - envypn-font - fira - gentium - gohufont - inconsolata - liberation_ttf - powerline-fonts - source-code-pro - terminus_font - ttf_bitstream_vera - ubuntu_font_family - unifont - unstable.cherry - xorg.fontbitstream100dpi - xorg.fontbitstream75dpi - xorg.fontbitstreamtype1 - ]; - }; - - environment.systemPackages = with pkgs; [ - adapta-gtk-theme - aircrackng - ag - arandr - binutils - chromium - cifs-utils - curl - evince - exfat - feh - file - firefox - freetype - gimp - git - gnupg - graphite2 - hicolor_icon_theme - htop - i3lock - jq - keepassx2 - kvm - lxappearance - man-pages - moc - mpv - mpvc - mupdf - ncdu - nmap - openvpn - pass - p7zip - powertop - ranger - rofi - sshfs - tcpdump - tmux - traceroute - tree - unstable.alacritty - unstable.ponyc - unstable.sublime3 - unstable.youtube-dl - virt-viewer - virtmanager - vulnix - wcalc - wget - xz - zbackup - ]; - - environment.variables = { - EDITOR = ["nvim"]; - }; - - environment.shellAliases = { - ll = "ls -alh"; - ls = "ls --color=tty"; - }; - - virtualisation.libvirtd.enable = true; - #virtualisation.kvmgt.enable = true; - - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - - sound.enable = true; - hardware.pulseaudio.enable = true; - hardware.pulseaudio.support32Bit = true; - nixpkgs.config.pulseaudio = true; - - services.xserver = { - enable = true; - layout = "de"; - xkbVariant = "nodeadkeys"; - libinput.enable = true; - desktopManager = { - default = "xfce"; - xterm.enable = false; - xfce = { - enable = true; - noDesktop = true; - enableXfwm = false; - }; - }; - windowManager.ratpoison.enable = true; - }; - - services.openssh.enable = true; - #services.openssh.permitRootLogin = "yes"; - services.openssh.passwordAuthentication = false; - - networking.wireless.enable = false; - networking.networkmanager.enable = false; - krebs.iptables.enable = true; - #networking.nameservers = [ "8.8.8.8" "141.1.1.1" ]; - networking.enableIPv6 = false; - - programs.fish = { - enable = true; - shellInit = '' - function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity' - if begin - set -q SSH_AGENT_PID - and kill -0 $SSH_AGENT_PID - and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline - end - echo "ssh-agent running on pid $SSH_AGENT_PID" - else - eval (command ssh-agent -c | sed 's/^setenv/set -Ux/') - end - set -l identity $HOME/.ssh/id_rsa - set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}') - ssh-add -l | grep -q $fingerprint - or ssh-add $identity - end - ''; - promptInit = '' - function fish_prompt --description 'Write out the prompt' - set -l color_cwd - set -l suffix - set -l nix_shell_info ( - if test "$IN_NIX_SHELL" != "" - echo -n " " - end - ) - switch "$USER" - case root toor - if set -q fish_color_cwd_root - set color_cwd $fish_color_cwd_root - else - set color_cwd $fish_color_cwd - end - set suffix '#' - case '*' - set color_cwd $fish_color_cwd - set suffix '>' - end - - echo -n -s "$USER" @ (set_color yellow) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix " - end - ''; - }; - - nix.maxJobs = 4; - nix.buildCores = 4; - system.autoUpgrade.enable = false; - system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03"; - system.stateVersion = "19.03"; - -} diff --git a/mb/1systems/orange/hardware-configuration.nix b/mb/1systems/orange/hardware-configuration.nix deleted file mode 100644 index 8aa191269..000000000 --- a/mb/1systems/orange/hardware-configuration.nix +++ /dev/null @@ -1,28 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ohci_pci" "ehci_pci" "pata_atiixp" "usb_storage" "usbhid" "sd_mod" "sr_mod" ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/b1d32c54-35f8-4bf1-9fd2-82adc760af01"; - fsType = "btrfs"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/BF9B-03A2"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; -} diff --git a/mb/1systems/p1nk/configuration.nix b/mb/1systems/p1nk/configuration.nix deleted file mode 100644 index 19efc75b0..000000000 --- a/mb/1systems/p1nk/configuration.nix +++ /dev/null @@ -1,227 +0,0 @@ -{ config, pkgs, callPackage, ... }: let - unstable = import { config = { allowUnfree = true; }; }; -in { - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - - - ]; - - krebs.build.host = config.krebs.hosts.p1nk; - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - boot.initrd.luks.devices = [ - { - name = "root"; - device = "/dev/disk/by-uuid/0392257b-f6cf-484d-8c46-e20aab4fddb7"; - preLVM = true; - allowDiscards = true; - } - ]; - fileSystems."/".options = [ "noatime" "nodiratime" "discard" ]; - fileSystems."/mnt/public" = { - device = "//192.168.0.4/public"; - fsType = "cifs"; - options = let - automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; - in [ "${automount_opts},user,rw,username=mb0,iocharset=utf8,credentials=${config.users.users.mb.home}/.smbcredentials" ]; - }; - - - i18n = { - consoleFont = "Lat2-Terminus16"; - consoleKeyMap = "de"; - defaultLocale = "en_US.UTF-8"; - }; - - time.timeZone = "Europe/Berlin"; - - fonts = { - enableCoreFonts = true; - enableGhostscriptFonts = true; - fonts = with pkgs; [ - anonymousPro - corefonts - dejavu_fonts - envypn-font - fira - gentium - gohufont - inconsolata - liberation_ttf - powerline-fonts - source-code-pro - terminus_font - ttf_bitstream_vera - ubuntu_font_family - unifont - unstable.cherry - xorg.fontbitstream100dpi - xorg.fontbitstream75dpi - xorg.fontbitstreamtype1 - ]; - }; - - nixpkgs.config.packageOverrides = super: { - openvpn = super.openvpn.override { pkcs11Support = true; useSystemd = false; }; - }; - - nixpkgs.config.allowUnfree = true; - - environment.systemPackages = with pkgs; [ - adapta-gtk-theme - aircrackng - ag - arandr - binutils - chromium - cifs-utils - curl - evince - exfat - feh - file - firefox - freetype - gimp - git - gnupg - graphite2 - hicolor_icon_theme - htop - i3lock - jq - keepassx2 - kvm - lxappearance - man-pages - moc - mpv - mpvc - mupdf - ncdu - nmap - openvpn - pass - p7zip - powertop - ranger - rofi - sshfs - tcpdump - tmux - traceroute - tree - unstable.alacritty - unstable.ponyc - unstable.sublime3 - youtube-dl - virt-viewer - virtmanager - vulnix - wcalc - wget - xz - zbackup - ]; - - environment.shellAliases = { - ll = "ls -alh"; - ls = "ls --color=tty"; - }; - - virtualisation.libvirtd.enable = true; - virtualisation.kvmgt.enable = true; - - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - - sound.enable = true; - hardware.pulseaudio.enable = true; - hardware.pulseaudio.support32Bit = true; - - services.xserver = { - enable = true; - layout = "de"; - xkbOptions = "nodeadkeys"; - libinput.enable = true; - desktopManager = { - default = "xfce"; - xterm.enable = false; - xfce = { - enable = true; - noDesktop = true; - enableXfwm = false; - }; - }; - windowManager.ratpoison.enable = true; - windowManager.pekwm.enable = true; - }; - - services.openssh.enable = true; - services.openssh.passwordAuthentication = false; - - krebs.iptables.enable = true; - networking.networkmanager.enable = false; - networking.wireless.enable = true; - networking.nameservers = [ "8.8.8.8" "141.1.1.1" ]; - networking.enableIPv6 = false; - - programs.fish = { - enable = true; - shellInit = '' - function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity' - if begin - set -q SSH_AGENT_PID - and kill -0 $SSH_AGENT_PID - and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline - end - echo "ssh-agent running on pid $SSH_AGENT_PID" - else - eval (command ssh-agent -c | sed 's/^setenv/set -Ux/') - end - set -l identity $HOME/.ssh/id_rsa - set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}') - ssh-add -l | grep -q $fingerprint - or ssh-add $identity - end - ''; - promptInit = '' - function fish_prompt --description 'Write out the prompt' - set -l color_cwd - set -l suffix - set -l nix_shell_info ( - if test "$IN_NIX_SHELL" != "" - echo -n " " - end - ) - switch "$USER" - case root toor - if set -q fish_color_cwd_root - set color_cwd $fish_color_cwd_root - else - set color_cwd $fish_color_cwd - end - set suffix '#' - case '*' - set color_cwd $fish_color_cwd - set suffix '>' - end - - echo -n -s "$USER" @ (set_color magenta) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix " - end - ''; - }; - - nix.maxJobs = 4; - nix.buildCores = 4; - system.autoUpgrade.enable = false; - system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03"; - system.stateVersion = "19.03"; - -} diff --git a/mb/1systems/p1nk/hardware-configuration.nix b/mb/1systems/p1nk/hardware-configuration.nix deleted file mode 100644 index ab5b6e204..000000000 --- a/mb/1systems/p1nk/hardware-configuration.nix +++ /dev/null @@ -1,29 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/4cc2add6-ed19-4685-bbd9-b992bd8d51fb"; - fsType = "btrfs"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/9F87-AEAA"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; -} diff --git a/mb/1systems/rofl/configuration.nix b/mb/1systems/rofl/configuration.nix deleted file mode 100644 index 3c5c56c84..000000000 --- a/mb/1systems/rofl/configuration.nix +++ /dev/null @@ -1,103 +0,0 @@ -{ config, pkgs, callPackage, ... }: let - unstable = import { config = { allowUnfree = true; }; }; -in { - imports = - [ # Include the results of the hardware scan. - - - ]; - - krebs.build.host = config.krebs.hosts.rofl; - - i18n = { - consoleFont = "Lat2-Terminus16"; - consoleKeyMap = "de"; - defaultLocale = "en_US.UTF-8"; - }; - - time.timeZone = "Europe/Berlin"; - - nixpkgs.config.allowUnfree = true; - - environment.shellAliases = { - ll = "ls -alh"; - ls = "ls --color=tty"; - }; - - environment.systemPackages = with pkgs; [ - curl - fish - git - htop - nmap - ranger - tcpdump - tmux - traceroute - tree - vim - xz - zbackup - ]; - - sound.enable = false; - - services.openssh.enable = true; - services.openssh.passwordAuthentication = false; - - networking.wireless.enable = false; - networking.networkmanager.enable = false; - krebs.iptables.enable = true; - networking.enableIPv6 = false; - - programs.fish = { - enable = true; - shellInit = '' - function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity' - if begin - set -q SSH_AGENT_PID - and kill -0 $SSH_AGENT_PID - and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline - end - echo "ssh-agent running on pid $SSH_AGENT_PID" - else - eval (command ssh-agent -c | sed 's/^setenv/set -Ux/') - end - set -l identity $HOME/.ssh/id_rsa - set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}') - ssh-add -l | grep -q $fingerprint - or ssh-add $identity - end - ''; - promptInit = '' - function fish_prompt --description 'Write out the prompt' - set -l color_cwd - set -l suffix - set -l nix_shell_info ( - if test "$IN_NIX_SHELL" != "" - echo -n " " - end - ) - switch "$USER" - case root toor - if set -q fish_color_cwd_root - set color_cwd $fish_color_cwd_root - else - set color_cwd $fish_color_cwd - end - set suffix '#' - case '*' - set color_cwd $fish_color_cwd - set suffix '>' - end - - echo -n -s "$USER" @ (set_color green) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix " - end - ''; - }; - - system.autoUpgrade.enable = false; - system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03"; - system.stateVersion = "19.03"; - -} diff --git a/mb/1systems/sunsh1n3/configuration.nix b/mb/1systems/sunsh1n3/configuration.nix deleted file mode 100644 index 633d122ea..000000000 --- a/mb/1systems/sunsh1n3/configuration.nix +++ /dev/null @@ -1,181 +0,0 @@ - -{ config, pkgs, ... }: let - unstable = import { config = { allowUnfree = true; }; }; -in { - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - - ]; - - krebs.build.host = config.krebs.hosts.sunsh1n3; - - boot.kernelPackages = pkgs.linuxPackages_latest; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - fileSystems."/".options = [ "noatime" "nodiratime" "discard" ]; - - boot.initrd.luks.devices = [ - { - name = "root"; - device = "/dev/disk/by-uuid/5354ba31-c7de-4b55-8f86-a2a437dfbb21"; - preLVM = true; - allowDiscards = true; - } - ]; - - i18n = { - consoleFont = "Lat2-Terminus16"; - consoleKeyMap = "de"; - defaultLocale = "en_US.UTF-8"; - }; - - time.timeZone = "Europe/Berlin"; - - nixpkgs.config.packageOverrides = super : { - openvpn = super.openvpn.override { pkcs11Support = true; useSystemd = true ; }; - }; - - nixpkgs.config.allowUnfree = true; - - fonts = { - enableCoreFonts = true; - enableGhostscriptFonts = true; - fonts = with pkgs; [ - anonymousPro - corefonts - dejavu_fonts - envypn-font - fira - gentium - gohufont - inconsolata - liberation_ttf - powerline-fonts - source-code-pro - terminus_font - ttf_bitstream_vera - ubuntu_font_family - unifont - unstable.cherry - xorg.fontbitstream100dpi - xorg.fontbitstream75dpi - xorg.fontbitstreamtype1 - ]; - }; - - environment.systemPackages = with pkgs; [ - wget vim git curl fish - ag - chromium - firefox - gimp - p7zip - htop - mpv - mpvc - nmap - ntfs3g - keepassx2 - sshfs - #unstable.skrooge - skrooge - unstable.alacritty - tmux - tree - wcalc - virtmanager - virt-viewer - (wine.override { wineBuild = "wineWow"; }) - xz - zbackup - ]; - - virtualisation.libvirtd.enable = true; - virtualisation.kvmgt.enable = true; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - - programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; - programs.dconf.enable = true; - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - services.openssh.passwordAuthentication = false; - - krebs.iptables.enable = true; - #networking.wireless.enable = true; - networking.networkmanager.enable = true; - networking.enableIPv6 = false; - - # Enable sound. - sound.enable = true; - hardware.pulseaudio.enable = true; - hardware.pulseaudio.support32Bit = true; - nixpkgs.config.pulseaudio = true; - - services.xserver.enable = true; - services.xserver.layout = "de"; - services.xserver.xkbOptions = "nodeadkeys"; - services.xserver.libinput.enable = true; - - # Enable the KDE Desktop Environment. - services.xserver.displayManager.sddm.enable = true; - services.xserver.desktopManager.plasma5.enable = true; - - programs.fish = { - enable = true; - shellInit = '' - function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity' - if begin - set -q SSH_AGENT_PID - and kill -0 $SSH_AGENT_PID - and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline - end - echo "ssh-agent running on pid $SSH_AGENT_PID" - else - eval (command ssh-agent -c | sed 's/^setenv/set -Ux/') - end - set -l identity $HOME/.ssh/id_rsa - set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}') - ssh-add -l | grep -q $fingerprint - or ssh-add $identity - end - ''; - promptInit = '' - function fish_prompt --description 'Write out the prompt' - set -l color_cwd - set -l suffix - set -l nix_shell_info ( - if test "$IN_NIX_SHELL" != "" - echo -n " " - end - ) - switch "$USER" - case root toor - if set -q fish_color_cwd_root - set color_cwd $fish_color_cwd_root - else - set color_cwd $fish_color_cwd - end - set suffix '#' - case '*' - set color_cwd $fish_color_cwd - set suffix '>' - end - - echo -n -s "$USER" @ (set_color yellow) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix " - end - ''; - }; - - nix.buildCores = 4; - - system.stateVersion = "19.09"; - -} diff --git a/mb/1systems/sunsh1n3/hardware-configuration.nix b/mb/1systems/sunsh1n3/hardware-configuration.nix deleted file mode 100644 index 2beee7c4f..000000000 --- a/mb/1systems/sunsh1n3/hardware-configuration.nix +++ /dev/null @@ -1,29 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ - ]; - - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" "rtsx_usb_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/a3257922-d2d4-45ae-87cc-cc38d32e0774"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/60A6-4DAB"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; -} diff --git a/mb/2configs/default.nix b/mb/2configs/default.nix deleted file mode 100644 index 3066d1c36..000000000 --- a/mb/2configs/default.nix +++ /dev/null @@ -1,222 +0,0 @@ -with import ; -{ config, pkgs, ... }: -{ - imports = [ - { - users.users = { - root = { - openssh.authorizedKeys.keys = [ - config.krebs.users.mb.pubkey - ]; - }; - mb = { - name = "mb"; - uid = 1337; - home = "/home/mb"; - group = "users"; - createHome = true; - shell = "/run/current-system/sw/bin/fish"; - extraGroups = [ - "audio" - "video" - "fuse" - "wheel" - "kvm" - "qemu-libvirtd" - "libvirtd" - ]; - openssh.authorizedKeys.keys = [ - config.krebs.users.mb.pubkey - ]; - }; - xo = { - name = "xo"; - uid = 2323; - home = "/home/xo"; - group = "users"; - createHome = true; - shell = "/run/current-system/sw/bin/fish"; - extraGroups = [ - "audio" - "video" - "fuse" - "wheel" - "kvm" - "qemu-libvirtd" - "libvirtd" - ]; - openssh.authorizedKeys.keys = [ - config.krebs.users.mb.pubkey - ]; - }; - }; - } - { - environment.variables = { - NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; - }; - } - (let ca-bundle = "/etc/ssl/certs/ca-bundle.crt"; in { - environment.variables = { - CURL_CA_BUNDLE = ca-bundle; - GIT_SSL_CAINFO = ca-bundle; - SSL_CERT_FILE = ca-bundle; - }; - }) - ]; - - networking.hostName = config.krebs.build.host.name; - - krebs = { - enable = true; - build.user = config.krebs.users.mb; - }; - - users.mutableUsers = true; - - services.timesyncd.enable = mkForce true; - - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" - ]; - - # multiple-definition-problem when defining environment.variables.EDITOR - environment.extraInit = '' - EDITOR=vim - ''; - - nixpkgs.config.allowUnfree = true; - - environment.systemPackages = with pkgs; [ - #stockholm - git - git-preview - gnumake - jq - parallel - proot - populate - - #style - most - rxvt_unicode.terminfo - - #monitoring tools - htop - iotop - - #network - iptables - iftop - tcpdump - - #stuff for dl - aria2 - - #neat utils - fish - file - kpaste - krebspaste - mosh - pciutils - psmisc - tmux - untilport - usbutils - - #unpack stuff - p7zip - - (pkgs.writeDashBin "sshn" '' - ${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@" - '') - ]; - - services.openssh = { - enable = true; - permitRootLogin = "yes"; - passwordAuthentication = false; - hostKeys = [ - # XXX bits here make no science - { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; - - programs.fish = { - enable = true; - shellInit = '' - function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity' - if begin - set -q SSH_AGENT_PID - and kill -0 $SSH_AGENT_PID - and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline - end - echo "ssh-agent running on pid $SSH_AGENT_PID" - else - eval (command ssh-agent -c | sed 's/^setenv/set -Ux/') - end - set -l identity $HOME/.ssh/id_rsa - set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}') - ssh-add -l | grep -q $fingerprint - or ssh-add $identity - end - ''; - promptInit = '' - function fish_prompt --description 'Write out the prompt' - set -l color_cwd - set -l suffix - set -l nix_shell_info ( - if test "$IN_NIX_SHELL" != "" - echo -n " " - end - ) - switch "$USER" - case root toor - if set -q fish_color_cwd_root - set color_cwd $fish_color_cwd_root - else - set color_cwd $fish_color_cwd - end - set suffix '#' - case '*' - set color_cwd $fish_color_cwd - set suffix '>' - end - - echo -n -s "$USER" @ (set_color yellow) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix " - end - ''; - }; - - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; - - krebs.iptables = { - enable = true; - tables = { - nat.PREROUTING.rules = [ - { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } - { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } - ]; - nat.OUTPUT.rules = [ - { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; } - ]; - filter.INPUT.policy = "DROP"; - filter.FORWARD.policy = "DROP"; - filter.INPUT.rules = [ - { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";} - { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } - { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } - { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; } - { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } - { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } - { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } - { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; } - { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; } - ]; - }; - }; -} diff --git a/mb/2configs/google-compute-config.nix b/mb/2configs/google-compute-config.nix deleted file mode 100644 index b201bd4b8..000000000 --- a/mb/2configs/google-compute-config.nix +++ /dev/null @@ -1,231 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; -let - gce = pkgs.google-compute-engine; -in -{ - imports = [ - ./headless.nix - ./qemu-guest.nix - ]; - - fileSystems."/" = { - device = "/dev/disk/by-label/nixos"; - autoResize = true; - }; - - boot.growPartition = true; - boot.kernelParams = [ "console=ttyS0" "panic=1" "boot.panic_on_fail" ]; - boot.initrd.kernelModules = [ "virtio_scsi" ]; - boot.kernelModules = [ "virtio_pci" "virtio_net" ]; - - # Generate a GRUB menu. Amazon's pv-grub uses this to boot our kernel/initrd. - boot.loader.grub.device = "/dev/sda"; - boot.loader.timeout = 0; - - # Don't put old configurations in the GRUB menu. The user has no - # way to select them anyway. - boot.loader.grub.configurationLimit = 0; - - # Allow root logins only using the SSH key that the user specified - # at instance creation time. - #services.openssh.enable = true; - #services.openssh.permitRootLogin = "prohibit-password"; - #services.openssh.passwordAuthentication = mkDefault false; - - # Use GCE udev rules for dynamic disk volumes - services.udev.packages = [ gce ]; - - # Force getting the hostname from Google Compute. - networking.hostName = mkDefault ""; - - # Always include cryptsetup so that NixOps can use it. - environment.systemPackages = [ pkgs.cryptsetup ]; - - # Make sure GCE image does not replace host key that NixOps sets - environment.etc."default/instance_configs.cfg".text = lib.mkDefault '' - [InstanceSetup] - set_host_keys = false - ''; - - # Rely on GCP's firewall instead - networking.firewall.enable = mkDefault false; - - # Configure default metadata hostnames - networking.extraHosts = '' - 169.254.169.254 metadata.google.internal metadata - ''; - - networking.timeServers = [ "metadata.google.internal" ]; - - networking.usePredictableInterfaceNames = false; - - # GC has 1460 MTU - networking.interfaces.eth0.mtu = 1460; - - security.googleOsLogin.enable = true; - - systemd.services.google-clock-skew-daemon = { - description = "Google Compute Engine Clock Skew Daemon"; - after = [ - "network.target" - "google-instance-setup.service" - "google-network-setup.service" - ]; - requires = ["network.target"]; - wantedBy = ["multi-user.target"]; - serviceConfig = { - Type = "simple"; - ExecStart = "${gce}/bin/google_clock_skew_daemon --debug"; - }; - }; - - systemd.services.google-instance-setup = { - description = "Google Compute Engine Instance Setup"; - after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service"]; - before = ["sshd.service"]; - wants = ["local-fs.target" "network-online.target" "network.target"]; - wantedBy = [ "sshd.service" "multi-user.target" ]; - path = with pkgs; [ ethtool openssh ]; - serviceConfig = { - ExecStart = "${gce}/bin/google_instance_setup --debug"; - Type = "oneshot"; - }; - }; - - systemd.services.google-network-daemon = { - description = "Google Compute Engine Network Daemon"; - after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service" "google-instance-setup.service"]; - wants = ["local-fs.target" "network-online.target" "network.target"]; - requires = ["network.target"]; - partOf = ["network.target"]; - wantedBy = [ "multi-user.target" ]; - path = with pkgs; [ iproute ]; - serviceConfig = { - ExecStart = "${gce}/bin/google_network_daemon --debug"; - }; - }; - - systemd.services.google-shutdown-scripts = { - description = "Google Compute Engine Shutdown Scripts"; - after = [ - "local-fs.target" - "network-online.target" - "network.target" - "rsyslog.service" - "systemd-resolved.service" - "google-instance-setup.service" - "google-network-daemon.service" - ]; - wants = [ "local-fs.target" "network-online.target" "network.target"]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - ExecStart = "${pkgs.coreutils}/bin/true"; - ExecStop = "${gce}/bin/google_metadata_script_runner --debug --script-type shutdown"; - Type = "oneshot"; - RemainAfterExit = true; - TimeoutStopSec = "infinity"; - }; - }; - - systemd.services.google-startup-scripts = { - description = "Google Compute Engine Startup Scripts"; - after = [ - "local-fs.target" - "network-online.target" - "network.target" - "rsyslog.service" - "google-instance-setup.service" - "google-network-daemon.service" - ]; - wants = ["local-fs.target" "network-online.target" "network.target"]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - ExecStart = "${gce}/bin/google_metadata_script_runner --debug --script-type startup"; - KillMode = "process"; - Type = "oneshot"; - }; - }; - - - # Settings taken from https://github.com/GoogleCloudPlatform/compute-image-packages/blob/master/google_config/sysctl/11-gce-network-security.conf - boot.kernel.sysctl = { - # Turn on SYN-flood protections. Starting with 2.6.26, there is no loss - # of TCP functionality/features under normal conditions. When flood - # protections kick in under high unanswered-SYN load, the system - # should remain more stable, with a trade off of some loss of TCP - # functionality/features (e.g. TCP Window scaling). - "net.ipv4.tcp_syncookies" = mkDefault "1"; - - # ignores source-routed packets - "net.ipv4.conf.all.accept_source_route" = mkDefault "0"; - - # ignores source-routed packets - "net.ipv4.conf.default.accept_source_route" = mkDefault "0"; - - # ignores ICMP redirects - "net.ipv4.conf.all.accept_redirects" = mkDefault "0"; - - # ignores ICMP redirects - "net.ipv4.conf.default.accept_redirects" = mkDefault "0"; - - # ignores ICMP redirects from non-GW hosts - "net.ipv4.conf.all.secure_redirects" = mkDefault "1"; - - # ignores ICMP redirects from non-GW hosts - "net.ipv4.conf.default.secure_redirects" = mkDefault "1"; - - # don't allow traffic between networks or act as a router - "net.ipv4.ip_forward" = mkDefault "0"; - - # don't allow traffic between networks or act as a router - "net.ipv4.conf.all.send_redirects" = mkDefault "0"; - - # don't allow traffic between networks or act as a router - "net.ipv4.conf.default.send_redirects" = mkDefault "0"; - - # reverse path filtering - IP spoofing protection - "net.ipv4.conf.all.rp_filter" = mkDefault "1"; - - # reverse path filtering - IP spoofing protection - "net.ipv4.conf.default.rp_filter" = mkDefault "1"; - - # ignores ICMP broadcasts to avoid participating in Smurf attacks - "net.ipv4.icmp_echo_ignore_broadcasts" = mkDefault "1"; - - # ignores bad ICMP errors - "net.ipv4.icmp_ignore_bogus_error_responses" = mkDefault "1"; - - # logs spoofed, source-routed, and redirect packets - "net.ipv4.conf.all.log_martians" = mkDefault "1"; - - # log spoofed, source-routed, and redirect packets - "net.ipv4.conf.default.log_martians" = mkDefault "1"; - - # implements RFC 1337 fix - "net.ipv4.tcp_rfc1337" = mkDefault "1"; - - # randomizes addresses of mmap base, heap, stack and VDSO page - "kernel.randomize_va_space" = mkDefault "2"; - - # Reboot the machine soon after a kernel panic. - "kernel.panic" = mkDefault "10"; - - ## Not part of the original config - - # provides protection from ToCToU races - "fs.protected_hardlinks" = mkDefault "1"; - - # provides protection from ToCToU races - "fs.protected_symlinks" = mkDefault "1"; - - # makes locating kernel addresses more difficult - "kernel.kptr_restrict" = mkDefault "1"; - - # set ptrace protections - "kernel.yama.ptrace_scope" = mkOverride 500 "1"; - - # set perf only available to root - "kernel.perf_event_paranoid" = mkDefault "2"; - }; -} diff --git a/mb/2configs/headless.nix b/mb/2configs/headless.nix deleted file mode 100644 index 46a9b6a7d..000000000 --- a/mb/2configs/headless.nix +++ /dev/null @@ -1,25 +0,0 @@ -# Common configuration for headless machines (e.g., Amazon EC2 -# instances). - -{ lib, ... }: - -with lib; - -{ - boot.vesa = false; - - # Don't start a tty on the serial consoles. - systemd.services."serial-getty@ttyS0".enable = false; - systemd.services."serial-getty@hvc0".enable = false; - systemd.services."getty@tty1".enable = false; - systemd.services."autovt@".enable = false; - - # Since we can't manually respond to a panic, just reboot. - boot.kernelParams = [ "panic=1" "boot.panic_on_fail" ]; - - # Don't allow emergency mode, because we don't have a console. - systemd.enableEmergencyMode = false; - - # Being headless, we don't need a GRUB splash image. - boot.loader.grub.splashImage = null; -} diff --git a/mb/2configs/neovimrc b/mb/2configs/neovimrc deleted file mode 100644 index 8dbeaec7b..000000000 --- a/mb/2configs/neovimrc +++ /dev/null @@ -1,446 +0,0 @@ - -"***************************************************************************** -"" Functions -"***************************************************************************** - -function! GetBufferList() - redir =>buflist - silent! ls! - redir END - return buflist -endfunction - -function! ToggleList(bufname, pfx) - let buflist = GetBufferList() - for bufnum in map(filter(split(buflist, '\n'), 'v:val =~ "'.a:bufname.'"'), 'str2nr(matchstr(v:val, "\\d\\+"))') - if bufwinnr(bufnum) != -1 - exec(a:pfx.'close') - return - endif - endfor - if a:pfx == 'l' && len(getloclist(0)) == 0 - echohl ErrorMsg - echo "Location List is Empty." - return - endif - let winnr = winnr() - exec(a:pfx.'open') - if winnr() != winnr - wincmd p - endif -endfunction - - -"***************************************************************************** -"" Basic Setup -"*****************************************************************************" -" General -let no_buffers_menu=1 -syntax on -set ruler -set number -set mousemodel=popup -set t_Co=256 -set guioptions=egmrti -set gfn=Monospace\ 10 - -" TODO: Testing if this works against automatically setting paste mode -" Issue: https://github.com/neovim/neovim/issues/7994 -au InsertLeave * set nopaste - - -" undofile - This allows you to use undos after exiting and restarting -" This, like swap and backups, uses .vim-undo first, then ~/.vim/undo -" :help undo-persistence -if exists("+undofile") - if isdirectory($HOME . '/.vim/undo') == 0 - :silent !mkdir -p ~/.vim/undo > /dev/null 2>&1 - endif - set undodir=./.vim-undo// - set undodir+=~/.vim/undo// - set undofile -endif - -" Encoding -set encoding=utf-8 -set fileencoding=utf-8 -set fileencodings=utf-8 -set bomb -set binary - -" Fix backspace indent -set backspace=indent,eol,start - -" Tabs. May be overriten by autocmd rules -set tabstop=4 -set softtabstop=0 -set shiftwidth=4 -set expandtab - -" Map leader to , -let mapleader=',' - -" Enable hidden buffers -set hidden - -" Searching -set hlsearch -set incsearch -set ignorecase -set smartcase - -" Directories for swp files -set nobackup -set noswapfile - -set fileformats=unix,dos,mac - -" File overview -set wildmode=list:longest,list:full -set wildignore+=*.o,*.obj,.git,*.rbc,*.pyc,__pycache__ - -" Shell to emulate -if exists('$SHELL') - set shell=$SHELL -else - set shell=/bin/bash -endif - -" Set color scheme -colorscheme molokai - -"Show always Status bar -set laststatus=2 - -" Use modeline overrides -set modeline -set modelines=10 - -" Set terminal title -set title -set titleold="Terminal" -set titlestring=%F - -" search will center on the line it's found in. -nnoremap n nzzzv -nnoremap N Nzzzv - - - -"***************************************************************************** -"" Abbreviations -"***************************************************************************** -" no one is really happy until you have this shortcuts -cnoreabbrev W! w! -cnoreabbrev Q! q! -cnoreabbrev Qall! qall! -cnoreabbrev Wq wq -cnoreabbrev Wa wa -cnoreabbrev wQ wq -cnoreabbrev WQ wq -cnoreabbrev W w -cnoreabbrev Q q -cnoreabbrev Qall qall - -" NERDTree configuration -let g:NERDTreeChDirMode=2 -let g:NERDTreeIgnore=['\.rbc$', '\~$', '\.pyc$', '\.db$', '\.sqlite$', '__pycache__'] -let g:NERDTreeSortOrder=['^__\.py$', '\/$', '*', '\.swp$', '\.bak$', '\~$'] -let g:NERDTreeShowBookmarks=1 -let g:nerdtree_tabs_focus_on_files=1 -let g:NERDTreeMapOpenInTabSilent = '' -let g:NERDTreeWinSize = 50 -set wildignore+=*/tmp/*,*.so,*.swp,*.zip,*.pyc,*.db,*.sqlite -nnoremap :NERDTreeFind -nnoremap :NERDTreeToggle - -" open terminal emulation -nnoremap sh :terminal:startinsert - -"***************************************************************************** -"" Autocmd Rules -"***************************************************************************** -"" The PC is fast enough, do syntax highlight syncing from start unless 200 lines -augroup vimrc-sync-fromstart - autocmd! - autocmd BufEnter * :syntax sync maxlines=200 -augroup END - -" Nasm filetype -augroup nasm - autocmd! - autocmd BufRead,BufNewFile *.nasm set ft=nasm -augroup END - -" Binary filetype -augroup Binary - au! - au BufReadPre *.bin,*.exe,*.elf let &bin=1 - au BufReadPost *.bin,*.exe,*.elf if &bin | %!xxd - au BufReadPost *.bin,*.exe,*.elf set ft=xxd | endif - au BufWritePre *.bin,*.exe,*.elf if &bin | %!xxd -r - au BufWritePre *.bin,*.exe,*.elf endif - au BufWritePost *.bin,*.exe,*.elf if &bin | %!xxd - au BufWritePost *.bin,*.exe,*.elf set nomod | endif -augroup END - -" Binary filetype -augroup fasm - au! - au BufReadPost *.fasm set ft=fasm -augroup END - -augroup deoplete-update - autocmd! - autocmd VimEnter * UpdateRemotePlugin -augroup END - -"" Remember cursor position -augroup vimrc-remember-cursor-position - autocmd! - autocmd BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g`\"" | endif -augroup END - -"" txt -" augroup vimrc-wrapping -" autocmd! -" autocmd BufRead,BufNewFile *.txt call s:setupWrapping() -" augroup END - -"" make/cmake -augroup vimrc-make-cmake - autocmd! - autocmd FileType make setlocal noexpandtab - autocmd BufNewFile,BufRead CMakeLists.txt setlocal filetype=cmake -augroup END - -set autoread - -"***************************************************************************** -"" Mappings -"***************************************************************************** - -" Split -noremap h :split -noremap v :vsplit - -" Git -noremap ga :Gwrite -noremap gc :Gcommit -noremap gsh :Gpush -noremap gll :Gpull -noremap gs :Gstatus -noremap gb :Gblame -noremap gd :Gvdiff -noremap gr :Gremove - -" Tabs -nnoremap gt -nnoremap gT -nnoremap :tabnew - -" Set working directory -nnoremap . :lcd %:p:h - -" Opens an edit command with the path of the currently edited file filled in -noremap e :e =expand("%:p:h") . "/" - -" Opens a tab edit command with the path of the currently edited file filled -noremap te :tabe =expand("%:p:h") . "/" - -" Tagbar -nmap :TagbarToggle -let g:tagbar_autofocus = 1 - -" Copy/Paste/Cut -set clipboard^=unnamed,unnamedplus - -noremap YY "+y -noremap p "+gP -noremap XX "+x - -" Enable mouse for vim -set mouse=a - -" Buffer nav -noremap z :bp -noremap q :bp -noremap x :bn -noremap w :bn - -" Close buffer -noremap c :bd - -" Clean search (highlight) -nnoremap :noh - -" Switching windows -noremap j -noremap k -noremap l -noremap h - -" Vmap for maintain Visual Mode after shifting > and < -vmap < >gv - -" Move visual block -vnoremap J :m '>+1gv=gv -vnoremap K :m '<-2gv=gv - -" Open current line on GitHub -nnoremap o :.Gbrowse - - -" Save on strg+s if not in paste mode -nmap :w -vmap gv -imap - -" Quit on strg+q in normal mode -nnoremap :q - -" Strg+d to replace word under cursor -nnoremap :%s/\<\>//g - -" Strg+f ro find word under cursor -nnoremap :/ - -" Remove unneccessary spaces -nnoremap :let _s=@/ :%s/\s\+$//e :let @/=_s :nohl :unlet _s - -" Reindent whole file with F6 -map mzgg=G`z - -" Toggle location list -nmap :call ToggleList("Quickfix List", 'c') - -" Replacing text in visual mode doesn't copy it anymore -xmap p ReplaceWithRegisterVisual -xmap ReplaceWithRegisterVisual - -" ALE mappings -nmap i (ale_hover) -nmap d (ale_go_to_definition_in_tab) -nmap rf (ale_find_references) -nmap (ale_fix) - -" Vim-Go mappings -au FileType go nmap i :GoDoc -au FileType go nmap d :GoDef -au FileType go nmap rf :GoReferrers - - -"" Opens an edit command with the path of the currently edited file filled in -noremap e :e =expand("%:p:h") . "/" - -" Use tab for navigatin in autocompletion window -inoremap pumvisible() ? "\" : "\" -inoremap pumvisible() ? "\" : "\" - - -"***************************************************************************** -"" Plugin settings -"***************************************************************************** - -" vim-airline -set statusline+=%{fugitive#statusline()} -let g:airline_theme = 'powerlineish' -let g:airline#extensions#syntastic#enabled = 1 -let g:airline#extensions#branch#enabled = 1 -let g:airline#extensions#tabline#enabled = 1 -let g:airline#extensions#tagbar#enabled = 1 -let g:airline_skip_empty_sections = 1 -let g:airline#extensions#ale#enabled = 1 - -" show indent lines -let g:indent_guides_enable_on_vim_startup = 1 -let g:indent_guides_auto_colors = 0 -hi IndentGuidesOdd ctermbg=235 -hi IndentGuidesEven ctermbg=235 -let g:indent_guides_guide_size = 1 -let g:indent_guides_start_level = 2 - -" Enable autocompletion -let g:deoplete#enable_at_startup = 1 -set completeopt-=preview - -" Ale no preview on hover -let g:ale_close_preview_on_insert = 0 -let g:ale_cursor_detail = 0 - -" Ale skip if file size over 2G -let g:ale_maximum_file_size = "2147483648" - -" Ale to loclist and quickfix -let g:ale_set_quickfix = 1 -" let g:ale_set_loclist = 1 - - -" Ale language server -let g:ale_linters = { - \ 'python': ['pyls'], - \ 'c': ['cquery'], - \ 'cpp': ['cquery'], - \ 'xml': ['xmllint'] - \ } - - -" ALE fixers -let g:ale_fixers = { '*': ['remove_trailing_lines', 'trim_whitespace'] } -let g:ale_fixers.python = ['black'] -let g:ale_fixers.go = ['gofmt'] -let g:ale_fixers.c = ['clang-format'] -let g:ale_fixers.cpp = ['clang-format'] -let g:ale_fixers.json = ['jq'] -let g:ale_fixers.xml = ['xmllint'] - -let g:ale_completion_enabled = 1 -let g:ale_sign_error = '⤫' -let g:ale_sign_warning = '⚠' -let g:ale_lint_on_insert_leave = 1 - -" Vim-Go Settings -let g:go_auto_sameids = 1 -let g:go_fmt_command = "goimports" -let g:go_auto_type_info = 1 - -" Disable syntastic for langserver supported languages -let g:syntastic_mode_map = { - \ "mode": "active", - \ "passive_filetypes": ["go", "python", "c", "cpp", "xml" ] - \ } -let g:syntastic_always_populate_loc_list = 1 -let g:syntastic_auto_loc_list = 2 -let g:syntastic_aggregate_errors = 1 -let g:syntastic_check_on_open = 1 -let g:syntastic_check_on_wq = 0 -let g:syntastic_error_symbol='✗' -let g:syntastic_warning_symbol='⚠' -let g:syntastic_style_error_symbol = '✗' -let g:syntastic_style_warning_symbol = '⚠' - -"***************************************************************************** -"" Shortcuts overview -"***************************************************************************** -" Shortcuts overview -" F1 --> Filetree find -" F2 --> Filetree toggle -" F3 --> Function overview -" F4 --> Toggle error bar - -" F5 --> Remove trailing whitespaces -" F6 --> Reindent whole file -" F7 --> Format and lint file -" ,i --> Information about function -" ,d --> Jump to definition -" ,r --> Rename in all occurences -" ,rf --> Find references of function/variable -" ,e --> Change current file -" ,te --> Open file in new tab -" strg+f --> Find current selected word -" strg+d --> Replace current selected word -" strg+s --> Save file -" strg+q --> Close current file -" space+, --> Stop highlighting words after search - diff --git a/mb/2configs/nvim.nix b/mb/2configs/nvim.nix deleted file mode 100644 index a8e4173e2..000000000 --- a/mb/2configs/nvim.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ pkgs, config, ... }: let - #unstable = import { }; -in - -{ - environment.variables = { - EDITOR = ["nvim"]; - }; - - nixpkgs.config.packageOverrides = pkgs: with pkgs;{ - neovim_custom = neovim.override { - configure = { - customRC = builtins.readFile ./neovimrc; - - packages.myVimPackage = with pkgs.vimPlugins; - { - # loaded on launch - start = [ - nerdtree # file manager - commentary # comment stuff out based on language - fugitive # full git integration - vim-airline-themes # lean & mean status/tabline - vim-airline # status bar - gitgutter # git diff in the gutter (sign column) - vim-trailing-whitespace # trailing whitspaces in red - tagbar # F3 function overview - syntastic # Fallback to singlethreaded but huge syntax support - ReplaceWithRegister # For better copying/replacing - polyglot # Language pack - vim-indent-guides # for displaying indent levels - ale # threaded language client - vim-go # go linting - deoplete-go # go autocompletion completion - deoplete-nvim # general autocompletion - molokai # color scheme - ]; - - # manually loadable by calling `:packadd $plugin-name` - opt = []; - }; - }; - }; - }; - - environment.systemPackages = with pkgs; [ - ctags - neovim_custom - jq # For fixing json files - xxd # .bin files will be displayed with xxd - shellcheck # Shell linting - ansible-lint # Ansible linting - unzip # To vim into unzipped files - nodePackages.jsonlint # json linting - #python36Packages.python-language-server # python linting - #python36Packages.pyls-mypy # Python static type checker - #python36Packages.black # Python code formatter - #python37Packages.yamllint # For linting yaml files - #python37Packages.libxml2 # For fixing yaml files - cquery # C/C++ support - clang-tools # C++ fixer - ]; - - fonts = { - fonts = with pkgs; [ - font-awesome_5 - ]; - }; - -} - diff --git a/mb/2configs/qemu-guest.nix b/mb/2configs/qemu-guest.nix deleted file mode 100644 index 315d04093..000000000 --- a/mb/2configs/qemu-guest.nix +++ /dev/null @@ -1,19 +0,0 @@ -# Common configuration for virtual machines running under QEMU (using -# virtio). - -{ ... }: - -{ - boot.initrd.availableKernelModules = [ "virtio_net" "virtio_pci" "virtio_mmio" "virtio_blk" "virtio_scsi" "9p" "9pnet_virtio" ]; - boot.initrd.kernelModules = [ "virtio_balloon" "virtio_console" "virtio_rng" ]; - - boot.initrd.postDeviceCommands = - '' - # Set the system time from the hardware clock to work around a - # bug in qemu-kvm > 1.5.2 (where the VM clock is initialised - # to the *boot time* of the host). - hwclock -s - ''; - - security.rngd.enable = false; -} diff --git a/mb/2configs/retiolum.nix b/mb/2configs/retiolum.nix deleted file mode 100644 index 5a87d52af..000000000 --- a/mb/2configs/retiolum.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, pkgs, ... }: - -{ - - krebs.iptables = { - tables = { - filter.INPUT.rules = let - tincport = toString config.krebs.build.host.nets.retiolum.tinc.port; - in [ - { predicate = "-p tcp --dport ${tincport}"; target = "ACCEPT"; } - { predicate = "-p udp --dport ${tincport}"; target = "ACCEPT"; } - ]; - }; - }; - - krebs.tinc.retiolum = { - enableLegacy = true; - enable = true; - connectTo = [ - "prism" - "gum" - "ni" - ]; - }; - - nixpkgs.config.packageOverrides = pkgs: { - tinc = pkgs.tinc_pre; - }; - - environment.systemPackages = [ - pkgs.tinc - ]; -} diff --git a/mb/2configs/tests/dummy-secrets/retiolum.rsa b/mb/2configs/tests/dummy-secrets/retiolum.rsa deleted file mode 100644 index 99a4033f6..000000000 --- a/mb/2configs/tests/dummy-secrets/retiolum.rsa +++ /dev/null @@ -1,4 +0,0 @@ - ------BEGIN RSA PRIVATE KEY----- -this is a private key ------END RSA PRIVATE KEY----- diff --git a/mb/3modules/default.nix b/mb/3modules/default.nix deleted file mode 100644 index 99d09d4ec..000000000 --- a/mb/3modules/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -_: -{ - imports = [ - ./hosts.nix - ]; -} diff --git a/mb/3modules/hosts.nix b/mb/3modules/hosts.nix deleted file mode 100644 index 5dc9b5ca4..000000000 --- a/mb/3modules/hosts.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, ... }: - -with import ; - -{ - options.mb.hosts = mkOption { - type = types.attrsOf types.host; - default = - filterAttrs (_: host: host.owner.name == "mb" && host.ci) - config.krebs.hosts; - }; -} diff --git a/mb/5pkgs/default.nix b/mb/5pkgs/default.nix deleted file mode 100644 index 3fa5b5e85..000000000 --- a/mb/5pkgs/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -with import ; - -self: super: - -# Import files and subdirectories like they are overlays. -foldl' mergeAttrs {} - (map - (name: import (./. + "/${name}") self super) - (filter - (name: name != "default.nix" && !hasPrefix "." name) - (attrNames (readDir ./.)))) diff --git a/mb/default.nix b/mb/default.nix deleted file mode 100644 index 0bec0c2c2..000000000 --- a/mb/default.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, pkgs, ... }: -{ - imports = [ - ../krebs - ./2configs - ./3modules - ]; - nixpkgs.config.packageOverrides = import ./5pkgs pkgs; - krebs.tinc.retiolum.privkey = { - source-path = toString + "/${config.krebs.tinc.retiolum.netname}.rsa"; - path = "${config.krebs.tinc.retiolum.user.home}/tinc.rsa_key.priv"; - owner = config.krebs.tinc.retiolum.user; - }; -} diff --git a/mb/krops.nix b/mb/krops.nix deleted file mode 100644 index cb9ab3fdb..000000000 --- a/mb/krops.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ name }: let - inherit (import ../krebs/krops.nix { inherit name; }) - krebs-source - lib - pkgs - ; - - host-source = if lib.pathExists (./. + "/1systems/${name}/source.nix") then - import (./. + "/1systems/${name}/source.nix") { inherit lib pkgs; } - else - {} - ; - - source = { test }: lib.evalSource ([ - (krebs-source { test = test; }) - { - nixos-config.symlink = "stockholm/mb/1systems/${name}/configuration.nix"; - nixpkgs-unstable.git = { - url = "https://github.com/nixos/nixpkgs-channels"; - ref = "nixos-unstable"; - }; - secrets = if test then { - file = toString ./2configs/tests/dummy-secrets; - } else { - pass = { - dir = "${lib.getEnv "HOME"}/.password-store"; - name = "hosts/${name}"; - }; - }; - } - ] ++ (lib.optional (! test) host-source)); - -in { - - # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) - deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeDeploy "${name}-deploy" { - source = source { test = false; }; - inherit target; - }; - - # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A populate) - populate = { target, force ? false }: pkgs.populate { - inherit force; - source = source { test = false; }; - target = lib.mkTarget target; - }; - - # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) - test = { target }: pkgs.krops.writeTest "${name}-test" { - force = true; - inherit target; - source = source { test = true; }; - }; -}