Merge remote-tracking branch 'gum/master'
This commit is contained in:
lassulus
commit
248d3f592a
@ -151,6 +151,12 @@ in {
|
||||
};
|
||||
};
|
||||
};
|
||||
# pixel3a
|
||||
telex.nets.wiregrill = {
|
||||
aliases = ["telex.w"];
|
||||
ip6.addr = (krebs.genipv6 "wiregrill" "makefu" { hostName = "telex"; }).address;
|
||||
};
|
||||
|
||||
latte = rec {
|
||||
ci = true;
|
||||
extraZones = {
|
||||
|
||||
1
kartei/makefu/wiregrill/telex.pub
Normal file
1
kartei/makefu/wiregrill/telex.pub
Normal file
@ -0,0 +1 @@
|
||||
T7Cr80dBbtPFCPdz4OS7whDlQJzn2Orclq5rLVtD+Ds=
|
||||
@ -110,7 +110,8 @@
|
||||
<stockholm/krebs/2configs/shack/prometheus/server.nix>
|
||||
<stockholm/krebs/2configs/shack/prometheus/blackbox.nix>
|
||||
#<stockholm/krebs/2configs/shack/prometheus/unifi.nix>
|
||||
<stockholm/krebs/2configs/shack/prometheus/alertmanager-telegram.nix>
|
||||
# TODO: alertmanager 0.24+ supports telegram
|
||||
# <stockholm/krebs/2configs/shack/prometheus/alertmanager-telegram.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.puyak;
|
||||
|
||||
@ -1,17 +0,0 @@
|
||||
{ pkgs, ...}:
|
||||
{
|
||||
systemd.services.alertmanager-bot-telegram = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "ip-up.target" ];
|
||||
serviceConfig = {
|
||||
EnvironmentFile = toString <secrets/shack/telegram_bot.env>;
|
||||
DynamicUser = true;
|
||||
StateDirectory = "alertbot";
|
||||
ExecStart = ''${pkgs.alertmanager-bot-telegram}/bin/alertmanager-bot \
|
||||
--alertmanager.url=http://alert.prometheus.shack --log.level=info \
|
||||
--store=bolt --bolt.path=/var/lib/alertbot/bot.db \
|
||||
--listen.addr="0.0.0.0:16320" \
|
||||
--template.paths=${./templates}/shack.tmpl'';
|
||||
};
|
||||
};
|
||||
}
|
||||
@ -1,17 +1,17 @@
|
||||
{ fetchurl, lib, stdenv
|
||||
, libxcrypt
|
||||
, pam
|
||||
, linux-pam
|
||||
, wordset-file ? null, # set your own wordset-file
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "passwdqc-utils-${version}";
|
||||
version = "1.3.0";
|
||||
buildInputs = [ libxcrypt pam ];
|
||||
pname = "passwdqc-utils";
|
||||
version = "2.0.2";
|
||||
buildInputs = [ libxcrypt linux-pam ];
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://www.openwall.com/passwdqc/passwdqc-${version}.tar.gz";
|
||||
sha256 = "0l3zbrp4pvah0dz33m48aqlz9nx663cc1fqhnlwr0p853b10la93";
|
||||
hash = "sha256-/x9QV2TAIPakSEseDMT9vy4/cbUikm2QtHCRBMoGBKs=";
|
||||
};
|
||||
|
||||
buildTargets = "utils";
|
||||
|
||||
@ -43,16 +43,13 @@ in {
|
||||
|
||||
services.logrotate = {
|
||||
enable = true;
|
||||
config = ''
|
||||
${bgtaccess} ${bgterror} {
|
||||
rotate 5
|
||||
weekly
|
||||
create 600 nginx nginx
|
||||
postrotate
|
||||
${pkgs.systemd}/bin/systemctl reload nginx
|
||||
endscript
|
||||
}
|
||||
'';
|
||||
settings.bgt = {
|
||||
files = [ bgtaccess bgterror ];
|
||||
rotate = 5;
|
||||
frequency = "weekly";
|
||||
create = "600 nginx nginx";
|
||||
postrotate = "${pkgs.systemd}/bin/systemctl reload nginx";
|
||||
};
|
||||
};
|
||||
|
||||
# 20.09 unharden nginx to write logs
|
||||
|
||||
@ -11,7 +11,7 @@ with import <stockholm/lib>;
|
||||
./editor/vim.nix
|
||||
./binary-cache/nixos.nix
|
||||
./minimal.nix
|
||||
./security/hotfix.nix
|
||||
# ./security/hotfix.nix
|
||||
];
|
||||
|
||||
# users are super important
|
||||
|
||||
@ -1,4 +1,9 @@
|
||||
{
|
||||
{pkgs, config, ... }:
|
||||
let
|
||||
user = config.krebs.build.user.name;
|
||||
window-manager = "awesome";
|
||||
in
|
||||
{
|
||||
systemd.services.look-up = {
|
||||
startAt = "*:30";
|
||||
serviceConfig = {
|
||||
|
||||
@ -1,4 +0,0 @@
|
||||
{ pkgs, lib,... }: {
|
||||
# https://github.com/berdav/CVE-2021-4034
|
||||
security.wrappers.pkexec.source = lib.mkForce (pkgs.writeText "pkexec" "");
|
||||
}
|
||||
@ -2,19 +2,19 @@
|
||||
}:
|
||||
stdenv.mkDerivation rec {
|
||||
name = "pkgrename";
|
||||
version = "1.03";
|
||||
version = "1.05";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "hippie68";
|
||||
repo = "pkgrename";
|
||||
rev = "c3e5c47ed9367273bd09577af46d3d9bf87b2a50";
|
||||
rev = "c7c95f0ea49324433db4a7df8db8b0905198e62e";
|
||||
sha256 = "0cphxdpj04h1i0qf5mji3xqdsbyilvd5b4gwp4vx914r6k5f0xf3";
|
||||
};
|
||||
|
||||
buildInputs = [ curl.dev ];
|
||||
buildPhase = ''
|
||||
cd pkgrename.c
|
||||
gcc pkgrename.c src/*.c -o pkgrename -lcurl -s -O1 $(curl-config --cflags --libs)
|
||||
$CC pkgrename.c src/*.c -o pkgrename -s -O3 $(curl-config --cflags --libs) -Wl,--allow-multiple-definition
|
||||
'';
|
||||
installPhase = ''
|
||||
install -D pkgrename $out/bin/pkgrename
|
||||
|
||||
@ -11,7 +11,7 @@ buildGoModule rec {
|
||||
};
|
||||
|
||||
proxyVendor = true;
|
||||
vendorSha256 = "sha256-AOtWR7Ew+0I7+TrMZOCxOKGCv+mlvcqy9s+gX2JKwnE=";
|
||||
vendorSha256 = "sha256-tCSwyusVstEkz2pXYGX5JmS+VgqErSPtnh4LomaaFcE=";
|
||||
|
||||
# tests try to access the internet to scrape websites
|
||||
doCheck = false;
|
||||
|
||||
@ -75,20 +75,20 @@
|
||||
(lib.mkIf ( host-src.hw ) {
|
||||
nixos-hardware.git = {
|
||||
url = https://github.com/nixos/nixos-hardware.git;
|
||||
ref = "12620020f76b1b5d2b0e6fbbda831ed4f5fe56e1";
|
||||
ref = "9d87bc030a0bf3f00e953dbf095a7d8e852dab6b";
|
||||
};
|
||||
})
|
||||
|
||||
(lib.mkIf ( host-src.nix-ld ) {
|
||||
nix-ld.git = {
|
||||
url = https://github.com/Mic92/nix-ld.git;
|
||||
ref = "c25cc4b";
|
||||
ref = "7d251c0c5adf6b9b003499243be257d0f130b3d6";
|
||||
};
|
||||
})
|
||||
(lib.mkIf ( host-src.home-manager ) {
|
||||
home-manager.git = {
|
||||
url = https://github.com/rycee/home-manager;
|
||||
ref = "1de492f";
|
||||
ref = "054d9e3187ca00479e8036dc0e92900a384f30fd";
|
||||
};
|
||||
})
|
||||
];
|
||||
|
||||
Loading…
Reference in New Issue
Block a user