Merge remote-tracking branch 'gum/master'

2022-12-13 14:51:58 +01:00 · 2022-12-13 14:51:58 +01:00 · 248d3f592a
commit 248d3f592a
parent 2ab781fca9 d4281b3dbe
12 changed files with 35 additions and 46 deletions
--- a/kartei/makefu/default.nix
+++ b/kartei/makefu/default.nix
@ -151,6 +151,12 @@ in {
        };
      };
    };
    # pixel3a
    telex.nets.wiregrill = {
      aliases =  ["telex.w"];
      ip6.addr = (krebs.genipv6 "wiregrill" "makefu" { hostName = "telex"; }).address;
    };
    latte = rec {
      ci = true;
      extraZones = {
--- a/kartei/makefu/wiregrill/telex.pub
+++ b/kartei/makefu/wiregrill/telex.pub
@ -0,0 +1 @@
 T7Cr80dBbtPFCPdz4OS7whDlQJzn2Orclq5rLVtD+Ds=
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@ -110,7 +110,8 @@
    <stockholm/krebs/2configs/shack/prometheus/server.nix>
    <stockholm/krebs/2configs/shack/prometheus/blackbox.nix>
    #<stockholm/krebs/2configs/shack/prometheus/unifi.nix>
-    <stockholm/krebs/2configs/shack/prometheus/alertmanager-telegram.nix>
+    # TODO: alertmanager 0.24+ supports telegram
    # <stockholm/krebs/2configs/shack/prometheus/alertmanager-telegram.nix>
  ];
  krebs.build.host = config.krebs.hosts.puyak;
--- a/krebs/2configs/shack/prometheus/alertmanager-telegram.nix
+++ b/krebs/2configs/shack/prometheus/alertmanager-telegram.nix
@ -1,17 +0,0 @@
 { pkgs, ...}:
 {
  systemd.services.alertmanager-bot-telegram = {
    wantedBy = [ "multi-user.target" ];
    after = [ "ip-up.target" ];
    serviceConfig = {
      EnvironmentFile = toString <secrets/shack/telegram_bot.env>;
      DynamicUser = true;
      StateDirectory = "alertbot";
      ExecStart = ''${pkgs.alertmanager-bot-telegram}/bin/alertmanager-bot \
        --alertmanager.url=http://alert.prometheus.shack --log.level=info \
        --store=bolt --bolt.path=/var/lib/alertbot/bot.db \
        --listen.addr="0.0.0.0:16320" \
        --template.paths=${./templates}/shack.tmpl'';
    };
  };
 }
--- a/krebs/5pkgs/simple/passwdqc-utils/default.nix
+++ b/krebs/5pkgs/simple/passwdqc-utils/default.nix
@ -1,17 +1,17 @@
 { fetchurl, lib, stdenv
 , libxcrypt
-, pam
+, linux-pam
 , wordset-file ? null, # set your own wordset-file
 }:
 stdenv.mkDerivation rec {
-  name = "passwdqc-utils-${version}";
+  pname = "passwdqc-utils";
-  version = "1.3.0";
+  version = "2.0.2";
-  buildInputs = [ libxcrypt pam ];
+  buildInputs = [ libxcrypt linux-pam ];
  src = fetchurl {
    url = "http://www.openwall.com/passwdqc/passwdqc-${version}.tar.gz";
-    sha256 = "0l3zbrp4pvah0dz33m48aqlz9nx663cc1fqhnlwr0p853b10la93";
+    hash = "sha256-/x9QV2TAIPakSEseDMT9vy4/cbUikm2QtHCRBMoGBKs=";
  };
  buildTargets = "utils";
--- a/makefu/2configs/bgt/download.binaergewitter.de.nix
+++ b/makefu/2configs/bgt/download.binaergewitter.de.nix
@ -43,16 +43,13 @@ in {
  services.logrotate = {
    enable = true;
-    config = ''
+    settings.bgt = {
-    ${bgtaccess} ${bgterror} {
+      files = [ bgtaccess bgterror ];
-      rotate 5
+      rotate = 5;
-      weekly
+      frequency = "weekly";
-      create 600 nginx nginx
+      create = "600 nginx nginx";
-      postrotate
+      postrotate = "${pkgs.systemd}/bin/systemctl reload nginx";
-        ${pkgs.systemd}/bin/systemctl reload nginx
+    };
      endscript
    }
    '';
  };
  # 20.09 unharden nginx to write logs
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@ -11,7 +11,7 @@ with import <stockholm/lib>;
    ./editor/vim.nix
    ./binary-cache/nixos.nix
    ./minimal.nix
-    ./security/hotfix.nix
+    # ./security/hotfix.nix
  ];
  # users are super important
--- a/makefu/2configs/gui/look-up.nix
+++ b/makefu/2configs/gui/look-up.nix
@ -1,3 +1,8 @@
 {pkgs, config, ... }:
 let
  user = config.krebs.build.user.name;
  window-manager = "awesome";
 in
  {
  systemd.services.look-up = {
    startAt = "*:30";
--- a/makefu/2configs/security/hotfix.nix
+++ b/makefu/2configs/security/hotfix.nix
@ -1,4 +0,0 @@
 { pkgs, lib,... }: {
  # https://github.com/berdav/CVE-2021-4034
  security.wrappers.pkexec.source = lib.mkForce (pkgs.writeText "pkexec" "");
 }
--- a/makefu/5pkgs/pkgrename/default.nix
+++ b/makefu/5pkgs/pkgrename/default.nix
@ -2,19 +2,19 @@
 }:
 stdenv.mkDerivation rec {
  name = "pkgrename";
-  version = "1.03";
+  version = "1.05";
  src = fetchFromGitHub {
    owner = "hippie68";
    repo = "pkgrename";
-    rev = "c3e5c47ed9367273bd09577af46d3d9bf87b2a50";
+    rev = "c7c95f0ea49324433db4a7df8db8b0905198e62e";
    sha256 = "0cphxdpj04h1i0qf5mji3xqdsbyilvd5b4gwp4vx914r6k5f0xf3";
  };
  buildInputs = [ curl.dev ];
  buildPhase = ''
    cd pkgrename.c
-    gcc pkgrename.c src/*.c -o pkgrename -lcurl -s -O1 $(curl-config  --cflags --libs)
+    $CC pkgrename.c src/*.c -o pkgrename -s -O3 $(curl-config  --cflags --libs) -Wl,--allow-multiple-definition
  '';
  installPhase = ''
    install -D pkgrename $out/bin/pkgrename
--- a/makefu/5pkgs/ratt/default.nix
+++ b/makefu/5pkgs/ratt/default.nix
@ -11,7 +11,7 @@ buildGoModule rec {
  };
  proxyVendor = true;
-  vendorSha256 = "sha256-AOtWR7Ew+0I7+TrMZOCxOKGCv+mlvcqy9s+gX2JKwnE=";
+  vendorSha256 = "sha256-tCSwyusVstEkz2pXYGX5JmS+VgqErSPtnh4LomaaFcE=";
  # tests try to access the internet to scrape websites
  doCheck = false;
--- a/makefu/krops.nix
+++ b/makefu/krops.nix
@ -75,20 +75,20 @@
    (lib.mkIf ( host-src.hw ) {
      nixos-hardware.git = {
        url = https://github.com/nixos/nixos-hardware.git;
-        ref = "12620020f76b1b5d2b0e6fbbda831ed4f5fe56e1";
+        ref = "9d87bc030a0bf3f00e953dbf095a7d8e852dab6b";
      };
    })
    (lib.mkIf ( host-src.nix-ld ) {
      nix-ld.git = {
        url = https://github.com/Mic92/nix-ld.git;
-        ref = "c25cc4b";
+        ref = "7d251c0c5adf6b9b003499243be257d0f130b3d6";
      };
    })
    (lib.mkIf ( host-src.home-manager ) {
      home-manager.git = {
        url = https://github.com/rycee/home-manager;
-        ref = "1de492f";
+        ref = "054d9e3187ca00479e8036dc0e92900a384f30fd";
      };
    })
  ];
		`@ -0,0 +1 @@`
							`T7Cr80dBbtPFCPdz4OS7whDlQJzn2Orclq5rLVtD+Ds=`