Merge remote-tracking branch 'prism/master'
This commit is contained in:
commit
20fa5109af
@ -2,10 +2,10 @@
|
|||||||
|
|
||||||
with import <stockholm/lib>;
|
with import <stockholm/lib>;
|
||||||
let
|
let
|
||||||
gunicorn = pkgs.python3Packages.gunicorn;
|
gunicorn = pkgs.python27Packages.gunicorn;
|
||||||
bepasty = pkgs.bepasty;
|
bepasty = pkgs.bepasty.override { python3Packages = pkgs.python27Packages; };
|
||||||
gevent = pkgs.python3Packages.gevent;
|
gevent = pkgs.python27Packages.gevent;
|
||||||
python = pkgs.python3Packages.python;
|
python = pkgs.python27Packages.python;
|
||||||
cfg = config.krebs.bepasty;
|
cfg = config.krebs.bepasty;
|
||||||
|
|
||||||
out = {
|
out = {
|
||||||
|
@ -108,10 +108,12 @@ let
|
|||||||
name=str(new_step),
|
name=str(new_step),
|
||||||
command=[
|
command=[
|
||||||
"${pkgs.writeDash "build-stepper.sh" ''
|
"${pkgs.writeDash "build-stepper.sh" ''
|
||||||
set -efu
|
set -xefu
|
||||||
profile=${shell.escape profileRoot}/$build_name
|
profile=${shell.escape profileRoot}/$build_name
|
||||||
result=$("$build_script")
|
result=$("$build_script")
|
||||||
${pkgs.nix}/bin/nix-env -p "$profile" --set "$result"
|
if [ -n "$result" ]; then
|
||||||
|
${pkgs.nix}/bin/nix-env -p "$profile" --set "$result"
|
||||||
|
fi
|
||||||
''}"
|
''}"
|
||||||
],
|
],
|
||||||
env={
|
env={
|
||||||
|
@ -15,9 +15,11 @@ with import <stockholm/lib>;
|
|||||||
|
|
||||||
krebs.syncthing.folders = [
|
krebs.syncthing.folders = [
|
||||||
{ id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
|
{ id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
|
||||||
|
{ path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; }
|
||||||
];
|
];
|
||||||
lass.ensure-permissions = [
|
lass.ensure-permissions = [
|
||||||
{ folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
|
{ folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
|
||||||
|
{ folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; }
|
||||||
];
|
];
|
||||||
|
|
||||||
environment.shellAliases = {
|
environment.shellAliases = {
|
||||||
|
@ -52,10 +52,12 @@ with import <stockholm/lib>;
|
|||||||
krebs.syncthing.folders = [
|
krebs.syncthing.folders = [
|
||||||
{ id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
|
{ id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
|
||||||
{ id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" ]; }
|
{ id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" ]; }
|
||||||
|
{ path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; }
|
||||||
];
|
];
|
||||||
lass.ensure-permissions = [
|
lass.ensure-permissions = [
|
||||||
{ folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
|
{ folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
|
||||||
{ folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; }
|
{ folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; }
|
||||||
|
{ folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; }
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
@ -30,8 +30,7 @@
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.logind.extraConfig = ''
|
services.logind.lidSwitch = "ignore";
|
||||||
HandleLidSwitch=ignore
|
services.logind.lidSwitchDocked = "ignore";
|
||||||
'';
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -4,6 +4,7 @@ with import <stockholm/lib>;
|
|||||||
services.syncthing = {
|
services.syncthing = {
|
||||||
enable = true;
|
enable = true;
|
||||||
group = "syncthing";
|
group = "syncthing";
|
||||||
|
configDir = "/var/lib/syncthing";
|
||||||
};
|
};
|
||||||
krebs.iptables.tables.filter.INPUT.rules = [
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
{ predicate = "-p tcp --dport 22000"; target = "ACCEPT";}
|
{ predicate = "-p tcp --dport 22000"; target = "ACCEPT";}
|
||||||
|
@ -31,13 +31,20 @@
|
|||||||
session required pam_loginuid.so
|
session required pam_loginuid.so
|
||||||
'';
|
'';
|
||||||
|
|
||||||
security.pam.services.dovecot2.text = ''
|
security.pam.services.dovecot2 = {
|
||||||
auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
|
text = ''
|
||||||
auth required pam_permit.so
|
auth required pam_exec.so debug expose_authtok log=/tmp/lol /run/wrappers/bin/shadow_verify_pam ${cfg.pattern}
|
||||||
account required pam_permit.so
|
auth required pam_permit.so
|
||||||
session required pam_permit.so
|
account required pam_permit.so
|
||||||
session required pam_env.so envfile=${config.system.build.pamEnvironment}
|
session required pam_permit.so
|
||||||
'';
|
session required pam_env.so envfile=${config.system.build.pamEnvironment}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
security.wrappers.shadow_verify_pam = {
|
||||||
|
source = "${usershadow}/bin/verify_pam";
|
||||||
|
owner = "root";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
usershadow = let {
|
usershadow = let {
|
||||||
@ -46,10 +53,13 @@
|
|||||||
"bytestring"
|
"bytestring"
|
||||||
];
|
];
|
||||||
body = pkgs.writeHaskellPackage "passwords" {
|
body = pkgs.writeHaskellPackage "passwords" {
|
||||||
|
ghc-options = [
|
||||||
|
"-rtsopts"
|
||||||
|
"-Wall"
|
||||||
|
];
|
||||||
executables.verify_pam = {
|
executables.verify_pam = {
|
||||||
extra-depends = deps;
|
extra-depends = deps;
|
||||||
text = ''
|
text = ''
|
||||||
import Data.Monoid
|
|
||||||
import System.IO
|
import System.IO
|
||||||
import Data.Char (chr)
|
import Data.Char (chr)
|
||||||
import System.Environment (getEnv, getArgs)
|
import System.Environment (getEnv, getArgs)
|
||||||
@ -72,7 +82,6 @@
|
|||||||
executables.verify_arg = {
|
executables.verify_arg = {
|
||||||
extra-depends = deps;
|
extra-depends = deps;
|
||||||
text = ''
|
text = ''
|
||||||
import Data.Monoid
|
|
||||||
import System.Environment (getArgs)
|
import System.Environment (getArgs)
|
||||||
import Crypto.PasswordStore (verifyPasswordWith, pbkdf2)
|
import Crypto.PasswordStore (verifyPasswordWith, pbkdf2)
|
||||||
import qualified Data.ByteString.Char8 as BS8
|
import qualified Data.ByteString.Char8 as BS8
|
||||||
|
17
makefu/5pkgs/nixpkgs-pytools/default.nix
Normal file
17
makefu/5pkgs/nixpkgs-pytools/default.nix
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
{pkgs, fetchFromGitHub}:
|
||||||
|
with pkgs.python3.pkgs;
|
||||||
|
|
||||||
|
buildPythonPackage rec {
|
||||||
|
pname = "nixpkgs-pytools";
|
||||||
|
version = "1.0.0-dev";
|
||||||
|
src = fetchFromGitHub {
|
||||||
|
owner = "nix-community";
|
||||||
|
repo = pname;
|
||||||
|
rev = "593443b5689333cad3b6fa5b42e96587df68b0f8";
|
||||||
|
sha256 = "1cjpngr1rn5q59a1krgmpq2qm96wbiirc8yf1xmm21p3mskb2db4";
|
||||||
|
};
|
||||||
|
propagatedBuildInputs = [
|
||||||
|
jinja2 setuptools
|
||||||
|
];
|
||||||
|
checkInputs = [ black ];
|
||||||
|
}
|
@ -1,6 +1,6 @@
|
|||||||
{ config ? config, name, target ? name }: let
|
{ config ? config, name, target ? name }: let
|
||||||
krops = ../submodules/krops;
|
krops = ../submodules/krops;
|
||||||
nixpkgs-src = lib.importJSON ./nixpkgs.json;
|
nixpkgs-src = lib.importJSON ../krebs/nixpkgs.json;
|
||||||
|
|
||||||
lib = import "${krops}/lib";
|
lib = import "${krops}/lib";
|
||||||
pkgs = import "${krops}/pkgs" {};
|
pkgs = import "${krops}/pkgs" {};
|
||||||
@ -20,10 +20,6 @@
|
|||||||
} // import (./. + "/1systems/${name}/source.nix");
|
} // import (./. + "/1systems/${name}/source.nix");
|
||||||
source = { test }: lib.evalSource [
|
source = { test }: lib.evalSource [
|
||||||
{
|
{
|
||||||
# nixos-18.09 @ 2018-09-18
|
|
||||||
# + uhub/sqlite: 5dd7610401747
|
|
||||||
# + hovercraft: 7134801b17d72
|
|
||||||
# + PR#53934: eac6797380af1
|
|
||||||
nixpkgs = if host-src.arm6 then {
|
nixpkgs = if host-src.arm6 then {
|
||||||
# TODO: we want to track the unstable channel
|
# TODO: we want to track the unstable channel
|
||||||
symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/";
|
symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/";
|
||||||
@ -31,7 +27,7 @@
|
|||||||
derivation = ''
|
derivation = ''
|
||||||
with import <nixpkgs> {};
|
with import <nixpkgs> {};
|
||||||
pkgs.fetchFromGitHub {
|
pkgs.fetchFromGitHub {
|
||||||
owner = "makefu";
|
owner = "nixos";
|
||||||
repo = "nixpkgs";
|
repo = "nixpkgs";
|
||||||
rev = "${nixpkgs-src.rev}";
|
rev = "${nixpkgs-src.rev}";
|
||||||
sha256 = "${nixpkgs-src.sha256}";
|
sha256 = "${nixpkgs-src.sha256}";
|
||||||
|
Loading…
Reference in New Issue
Block a user