Merge remote-tracking branch 'prism/master'

This commit is contained in:
tv 2019-04-17 17:17:25 +02:00
commit 20fa5109af
9 changed files with 52 additions and 24 deletions

View File

@ -2,10 +2,10 @@
with import <stockholm/lib>; with import <stockholm/lib>;
let let
gunicorn = pkgs.python3Packages.gunicorn; gunicorn = pkgs.python27Packages.gunicorn;
bepasty = pkgs.bepasty; bepasty = pkgs.bepasty.override { python3Packages = pkgs.python27Packages; };
gevent = pkgs.python3Packages.gevent; gevent = pkgs.python27Packages.gevent;
python = pkgs.python3Packages.python; python = pkgs.python27Packages.python;
cfg = config.krebs.bepasty; cfg = config.krebs.bepasty;
out = { out = {

View File

@ -108,10 +108,12 @@ let
name=str(new_step), name=str(new_step),
command=[ command=[
"${pkgs.writeDash "build-stepper.sh" '' "${pkgs.writeDash "build-stepper.sh" ''
set -efu set -xefu
profile=${shell.escape profileRoot}/$build_name profile=${shell.escape profileRoot}/$build_name
result=$("$build_script") result=$("$build_script")
${pkgs.nix}/bin/nix-env -p "$profile" --set "$result" if [ -n "$result" ]; then
${pkgs.nix}/bin/nix-env -p "$profile" --set "$result"
fi
''}" ''}"
], ],
env={ env={

View File

@ -15,9 +15,11 @@ with import <stockholm/lib>;
krebs.syncthing.folders = [ krebs.syncthing.folders = [
{ id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
{ path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; }
]; ];
lass.ensure-permissions = [ lass.ensure-permissions = [
{ folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
{ folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; }
]; ];
environment.shellAliases = { environment.shellAliases = {

View File

@ -52,10 +52,12 @@ with import <stockholm/lib>;
krebs.syncthing.folders = [ krebs.syncthing.folders = [
{ id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
{ id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" ]; } { id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" ]; }
{ path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; }
]; ];
lass.ensure-permissions = [ lass.ensure-permissions = [
{ folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
{ folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; } { folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; }
{ folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; }
]; ];
} }
{ {

View File

@ -30,8 +30,7 @@
}; };
}; };
services.logind.extraConfig = '' services.logind.lidSwitch = "ignore";
HandleLidSwitch=ignore services.logind.lidSwitchDocked = "ignore";
'';
} }

View File

@ -4,6 +4,7 @@ with import <stockholm/lib>;
services.syncthing = { services.syncthing = {
enable = true; enable = true;
group = "syncthing"; group = "syncthing";
configDir = "/var/lib/syncthing";
}; };
krebs.iptables.tables.filter.INPUT.rules = [ krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 22000"; target = "ACCEPT";} { predicate = "-p tcp --dport 22000"; target = "ACCEPT";}

View File

@ -31,13 +31,20 @@
session required pam_loginuid.so session required pam_loginuid.so
''; '';
security.pam.services.dovecot2.text = '' security.pam.services.dovecot2 = {
auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern} text = ''
auth required pam_permit.so auth required pam_exec.so debug expose_authtok log=/tmp/lol /run/wrappers/bin/shadow_verify_pam ${cfg.pattern}
account required pam_permit.so auth required pam_permit.so
session required pam_permit.so account required pam_permit.so
session required pam_env.so envfile=${config.system.build.pamEnvironment} session required pam_permit.so
''; session required pam_env.so envfile=${config.system.build.pamEnvironment}
'';
};
security.wrappers.shadow_verify_pam = {
source = "${usershadow}/bin/verify_pam";
owner = "root";
};
}; };
usershadow = let { usershadow = let {
@ -46,10 +53,13 @@
"bytestring" "bytestring"
]; ];
body = pkgs.writeHaskellPackage "passwords" { body = pkgs.writeHaskellPackage "passwords" {
ghc-options = [
"-rtsopts"
"-Wall"
];
executables.verify_pam = { executables.verify_pam = {
extra-depends = deps; extra-depends = deps;
text = '' text = ''
import Data.Monoid
import System.IO import System.IO
import Data.Char (chr) import Data.Char (chr)
import System.Environment (getEnv, getArgs) import System.Environment (getEnv, getArgs)
@ -72,7 +82,6 @@
executables.verify_arg = { executables.verify_arg = {
extra-depends = deps; extra-depends = deps;
text = '' text = ''
import Data.Monoid
import System.Environment (getArgs) import System.Environment (getArgs)
import Crypto.PasswordStore (verifyPasswordWith, pbkdf2) import Crypto.PasswordStore (verifyPasswordWith, pbkdf2)
import qualified Data.ByteString.Char8 as BS8 import qualified Data.ByteString.Char8 as BS8

View File

@ -0,0 +1,17 @@
{pkgs, fetchFromGitHub}:
with pkgs.python3.pkgs;
buildPythonPackage rec {
pname = "nixpkgs-pytools";
version = "1.0.0-dev";
src = fetchFromGitHub {
owner = "nix-community";
repo = pname;
rev = "593443b5689333cad3b6fa5b42e96587df68b0f8";
sha256 = "1cjpngr1rn5q59a1krgmpq2qm96wbiirc8yf1xmm21p3mskb2db4";
};
propagatedBuildInputs = [
jinja2 setuptools
];
checkInputs = [ black ];
}

View File

@ -1,6 +1,6 @@
{ config ? config, name, target ? name }: let { config ? config, name, target ? name }: let
krops = ../submodules/krops; krops = ../submodules/krops;
nixpkgs-src = lib.importJSON ./nixpkgs.json; nixpkgs-src = lib.importJSON ../krebs/nixpkgs.json;
lib = import "${krops}/lib"; lib = import "${krops}/lib";
pkgs = import "${krops}/pkgs" {}; pkgs = import "${krops}/pkgs" {};
@ -20,10 +20,6 @@
} // import (./. + "/1systems/${name}/source.nix"); } // import (./. + "/1systems/${name}/source.nix");
source = { test }: lib.evalSource [ source = { test }: lib.evalSource [
{ {
# nixos-18.09 @ 2018-09-18
# + uhub/sqlite: 5dd7610401747
# + hovercraft: 7134801b17d72
# + PR#53934: eac6797380af1
nixpkgs = if host-src.arm6 then { nixpkgs = if host-src.arm6 then {
# TODO: we want to track the unstable channel # TODO: we want to track the unstable channel
symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/"; symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/";
@ -31,7 +27,7 @@
derivation = '' derivation = ''
with import <nixpkgs> {}; with import <nixpkgs> {};
pkgs.fetchFromGitHub { pkgs.fetchFromGitHub {
owner = "makefu"; owner = "nixos";
repo = "nixpkgs"; repo = "nixpkgs";
rev = "${nixpkgs-src.rev}"; rev = "${nixpkgs-src.rev}";
sha256 = "${nixpkgs-src.sha256}"; sha256 = "${nixpkgs-src.sha256}";