From 8d8f26db46a739f6eb7d78a2cbd23ef8fc4e10d5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 22 Feb 2017 21:57:48 +0100 Subject: [PATCH 01/68] l 2 git: also start nginx --- lass/2configs/git.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index bdd65ce09..3e1b2c6e3 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -5,6 +5,7 @@ with import ; let out = { + services.nginx.enable = true; krebs.git = { enable = true; cgit = { From 953b7f0a8e99ee5925276001d1eeacbc54cb6d36 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 22 Feb 2017 21:58:13 +0100 Subject: [PATCH 02/68] l 2: add xresources.nix --- lass/2configs/baseX.nix | 1 + lass/2configs/xresources.nix | 54 ++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 lass/2configs/xresources.nix diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 539fdc875..446814c50 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -8,6 +8,7 @@ in { ./power-action.nix ./screenlock.nix ./copyq.nix + ./xresources.nix { hardware.pulseaudio = { enable = true; diff --git a/lass/2configs/xresources.nix b/lass/2configs/xresources.nix new file mode 100644 index 000000000..58f1623b8 --- /dev/null +++ b/lass/2configs/xresources.nix @@ -0,0 +1,54 @@ +{ config, pkgs, ... }: + +with import ; + +let + + xresources = pkgs.writeText "Xresources" '' + URxvt*scrollBar: false + URxvt*urgentOnBell: true + URxvt*SaveLines: 4096 + URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1 + URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1 + + ! ref https://github.com/muennich/urxvt-perls + URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl + URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select + URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select + URxvt.url-select.underline: true + URxvt.keysym.M-u: perl:url-select:select_next + URxvt.keysym.M-Escape: perl:keyboard-select:activate + URxvt.keysym.M-s: perl:keyboard-select:search + + URxvt.intensityStyles: false + + URxvt*background: #000000 + URxvt*foreground: #d0d7d0 + + URxvt*cursorColor: #f042b0 + URxvt*cursorColor2: #f0b000 + URxvt*cursorBlink: off + + URxvt*.pointerBlank: true + URxvt*.pointerBlankDelay: 987654321 + URxvt*.pointerColor: #f042b0 + URxvt*.pointerColor2: #050505 + ''; + +in { + systemd.user.services.xresources = { + description = "xresources"; + wantedBy = [ "default.target" ]; + + environment = { + DISPLAY = ":0"; + }; + + restartIfChanged = true; + + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.xorg.xrdb}/bin/xrdb -merge ${xresources}"; + }; + }; +} From 6b289f8b2cd51d56c84049eab474b3f6a538bd53 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Feb 2017 16:31:52 +0100 Subject: [PATCH 03/68] l 2 baseX: automatically login --- lass/2configs/baseX.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 446814c50..179d5dbe3 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -77,7 +77,13 @@ in { enable = true; desktopManager.xterm.enable = false; - displayManager.slim.enable = true; + desktopManager.default = "none"; + displayManager.lightdm.enable = true; + displayManager.lightdm.autoLogin = { + enable = true; + user = "lass"; + }; + windowManager.default = "xmonad"; windowManager.session = [{ name = "xmonad"; start = '' From 923e6edb155259d198ea5f1742426d3d6b75503b Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Feb 2017 16:32:16 +0100 Subject: [PATCH 04/68] l 2 binary-cache: add cache.nixos.org --- lass/2configs/binary-cache/client.nix | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/lass/2configs/binary-cache/client.nix b/lass/2configs/binary-cache/client.nix index 108ff7a1e..9dba5fbfb 100644 --- a/lass/2configs/binary-cache/client.nix +++ b/lass/2configs/binary-cache/client.nix @@ -2,8 +2,14 @@ { nix = { - binaryCaches = ["http://cache.prism.r"]; - binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="]; + binaryCaches = [ + "http://cache.prism.r" + "https://cache.nixos.org/" + ]; + binaryCachePublicKeys = [ + "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" + "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" + ]; }; } From 4aee8108bd8863d52bc23cfd573d68abef0f562a Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Feb 2017 16:32:46 +0100 Subject: [PATCH 05/68] l 2 games: open doom port for udp --- lass/2configs/games.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 58051560a..d114a826d 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -84,5 +84,6 @@ in { krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 10666"; target = "ACCEPT"; } + { predicate = "-p udp --dport 10666"; target = "ACCEPT"; } ]; } From 20be651e7a8ed0c0cd99d6147331912099f8a7de Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Feb 2017 16:33:00 +0100 Subject: [PATCH 06/68] l 2 xresources: try until success --- lass/2configs/xresources.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/xresources.nix b/lass/2configs/xresources.nix index 58f1623b8..35dbe2044 100644 --- a/lass/2configs/xresources.nix +++ b/lass/2configs/xresources.nix @@ -49,6 +49,7 @@ in { serviceConfig = { Type = "simple"; ExecStart = "${pkgs.xorg.xrdb}/bin/xrdb -merge ${xresources}"; + Restart = "on-failure"; }; }; } From d780569d78a28ec4fb2722a699cedc6839406009 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 2 Mar 2017 19:42:44 +0100 Subject: [PATCH 07/68] tv nixpkgs: 5d03aab -> 53a2baa --- tv/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index dc26a6c6f..1d3ee3980 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -14,7 +14,7 @@ with import ; stockholm.file = "/home/tv/stockholm"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "5d03aab044970e72a9c6cb07dab734c9c2a391e4"; + ref = "53a2baa"; # nixos-unstable (17.03-rc) }; } // optionalAttrs host.secure { secrets-master.file = "/home/tv/secrets/master"; From 863bb9f912413054156c96d1c39770187736dbfc Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 2 Mar 2017 19:43:10 +0100 Subject: [PATCH 08/68] krebs.setuid: update for nixos-unstable --- krebs/3modules/setuid.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix index 13f981437..c9677fd24 100644 --- a/krebs/3modules/setuid.nix +++ b/krebs/3modules/setuid.nix @@ -73,7 +73,7 @@ let }; imp = { - system.activationScripts."krebs.setuid" = stringAfter [ "setuid" ] + system.activationScripts."krebs.setuid" = stringAfter [ "wrappers" ] (concatMapStringsSep "\n" (getAttr "activate") (attrValues cfg)); }; From ed3585bfcfd154688a7e95b2f1179133a1a53734 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 2 Mar 2017 19:57:52 +0100 Subject: [PATCH 09/68] krebs,tv: /var/setuid-wrappers -> /run/wrappers/bin --- krebs/3modules/exim.nix | 2 +- krebs/3modules/on-failure.nix | 2 +- krebs/3modules/urlwatch.nix | 2 +- tv/2configs/xserver/default.nix | 2 +- tv/5pkgs/xmonad-tv/default.nix | 4 ++-- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix index 1127c0a50..0044f5b32 100644 --- a/krebs/3modules/exim.nix +++ b/krebs/3modules/exim.nix @@ -40,7 +40,7 @@ in { etc."exim.conf".source = pkgs.writeEximConfig "exim.conf" '' exim_user = ${cfg.user.name} exim_group = ${cfg.group.name} - exim_path = /var/setuid-wrappers/exim + exim_path = /run/wrappers/bin/exim spool_directory = ${cfg.user.home} ${cfg.config} ''; diff --git a/krebs/3modules/on-failure.nix b/krebs/3modules/on-failure.nix index 8bb022442..4da303dec 100644 --- a/krebs/3modules/on-failure.nix +++ b/krebs/3modules/on-failure.nix @@ -58,7 +58,7 @@ }; sendmail = mkOption { type = types.str; - default = "/var/setuid-wrappers/sendmail"; + default = "/run/wrappers/bin/sendmail"; }; }; diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix index e43f8de4a..126fc33bb 100644 --- a/krebs/3modules/urlwatch.nix +++ b/krebs/3modules/urlwatch.nix @@ -178,7 +178,7 @@ let echo To: ${shell.escape cfg.mailto} echo cat changes - } | /var/setuid-wrappers/sendmail -t + } | /run/wrappers/bin/sendmail -t fi ''; }; diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 7dcfecce6..deb929c34 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -18,7 +18,7 @@ in { ]; # TODO dedicated group, i.e. with a single user [per-user-setuid] - # TODO krebs.setuid.slock.path vs /var/setuid-wrappers + # TODO krebs.setuid.slock.path vs /run/wrappers/bin krebs.setuid.slock = { filename = "${pkgs.slock}/bin/slock"; group = "wheel"; diff --git a/tv/5pkgs/xmonad-tv/default.nix b/tv/5pkgs/xmonad-tv/default.nix index c6a622bd1..5ac8f8372 100644 --- a/tv/5pkgs/xmonad-tv/default.nix +++ b/tv/5pkgs/xmonad-tv/default.nix @@ -132,7 +132,7 @@ spawnRootTerm :: X () spawnRootTerm = forkFile urxvtcPath - ["-name", "root-urxvt", "-e", "/var/setuid-wrappers/su", "-"] + ["-name", "root-urxvt", "-e", "/run/wrappers/bin/su", "-"] Nothing spawnTermAt :: String -> X () @@ -143,7 +143,7 @@ spawnTermAt ws = do myKeys :: XConfig Layout -> Map (KeyMask, KeySym) (X ()) myKeys conf = Map.fromList $ - [ ((_4 , xK_Escape ), forkFile "/var/setuid-wrappers/slock" [] Nothing) + [ ((_4 , xK_Escape ), forkFile "/run/wrappers/bin/slock" [] Nothing) , ((_4S , xK_c ), kill) , ((_4 , xK_x ), chooseAction spawnTermAt) From 6435001c48d865ba96f0f784ee9c0bcf03204e1e Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 2 Mar 2017 20:02:01 +0100 Subject: [PATCH 10/68] mv,tv: security.setuidPrograms -> security.wrappers --- mv/1systems/stro.nix | 6 +++--- tv/1systems/mu.nix | 8 ++++---- tv/1systems/wu.nix | 6 +++--- tv/1systems/xu.nix | 6 +++--- tv/1systems/zu.nix | 6 +++--- 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/mv/1systems/stro.nix b/mv/1systems/stro.nix index e371db788..c8035b88e 100644 --- a/mv/1systems/stro.nix +++ b/mv/1systems/stro.nix @@ -143,9 +143,9 @@ with import ; }; }; - security.setuidPrograms = [ - "sendmail" - ]; + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + }; security.sudo.extraConfig = '' Defaults env_keep+="SSH_CLIENT" diff --git a/tv/1systems/mu.nix b/tv/1systems/mu.nix index e9a8a131a..fcd0a2178 100644 --- a/tv/1systems/mu.nix +++ b/tv/1systems/mu.nix @@ -99,10 +99,10 @@ with import ; programs.ssh.startAgent = false; - security.setuidPrograms = [ - "sendmail" # for cron - "slock" - ]; + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + slock.slock = "${pkgs.slock}/bin/slock"; + }; security.pam.loginLimits = [ # for jack diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index a9d7e94eb..4cde8b903 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -157,9 +157,9 @@ with import ; #jack2 ]; - security.setuidPrograms = [ - "sendmail" # for cron - ]; + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + }; services.printing.enable = true; diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 974d820d5..4b8fe8da2 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -167,9 +167,9 @@ with import ; gptfdisk ]; - security.setuidPrograms = [ - "sendmail" # for cron - ]; + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + }; services.printing.enable = true; diff --git a/tv/1systems/zu.nix b/tv/1systems/zu.nix index 59e8b1c7f..194ac2928 100644 --- a/tv/1systems/zu.nix +++ b/tv/1systems/zu.nix @@ -167,9 +167,9 @@ with import ; gptfdisk ]; - security.setuidPrograms = [ - "sendmail" # for cron - ]; + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + }; services.printing.enable = true; From 9a20022a93c3fc9617fb028582e6f625aca33213 Mon Sep 17 00:00:00 2001 From: nin Date: Wed, 22 Feb 2017 21:35:38 +0100 Subject: [PATCH 11/68] n 2 nixpkgs: d2cd8a0 -> 6651c72 --- nin/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nin/2configs/nixpkgs.nix b/nin/2configs/nixpkgs.nix index 27a845bd5..ad39848b6 100644 --- a/nin/2configs/nixpkgs.nix +++ b/nin/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "d2cd8a0"; + ref = "6651c72"; }; } From 8a3515e1a6fa8dfc6b7377a0567426d11774e144 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Feb 2017 16:34:29 +0100 Subject: [PATCH 12/68] l 2: add termite.nix --- lass/2configs/termite.nix | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 lass/2configs/termite.nix diff --git a/lass/2configs/termite.nix b/lass/2configs/termite.nix new file mode 100644 index 000000000..245b89e9c --- /dev/null +++ b/lass/2configs/termite.nix @@ -0,0 +1,22 @@ +{ config, pkgs, ... }: +with import ; + +{ + environment.systemPackages = [ + pkgs.termite + ]; + + krebs.per-user.lass.packages = let + termitecfg = pkgs.writeTextFile { + name = "termite-config"; + destination = "/etc/xdg/termite/config"; + text = '' + [colors] + foreground = #d0d7d0 + background = #000000 + ''; + }; + in [ + termitecfg + ]; +} From 21ccde0d722c49a584486e882e5d4a304468949e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 26 Feb 2017 00:02:06 +0100 Subject: [PATCH 13/68] l 2: add security-workarounds --- lass/2configs/default.nix | 4 ++-- lass/2configs/security-workarounds.nix | 8 ++++++++ 2 files changed, 10 insertions(+), 2 deletions(-) create mode 100644 lass/2configs/security-workarounds.nix diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 8100a433f..5f383a91d 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -1,5 +1,4 @@ -{ config, lib, pkgs, ... }: - +{ config, pkgs, ... }: with import ; { imports = [ @@ -11,6 +10,7 @@ with import ; ../2configs/vim.nix ../2configs/monitoring/client.nix ./backups.nix + ./security-workarounds.nix { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) diff --git a/lass/2configs/security-workarounds.nix b/lass/2configs/security-workarounds.nix new file mode 100644 index 000000000..537c8a59b --- /dev/null +++ b/lass/2configs/security-workarounds.nix @@ -0,0 +1,8 @@ +{ config, pkgs, ... }: +with import ; +{ + # http://seclists.org/oss-sec/2017/q1/471 + boot.extraModprobeConfig = '' + install dccp /run/current-system/sw/bin/false + ''; +} From 26ccfbc834f0312b9c439c92994982c616008d3f Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 28 Feb 2017 17:45:42 +0100 Subject: [PATCH 14/68] l 2 vim: ignore E501 with flake8 --- lass/2configs/vim.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index 4d6dfe366..4e0af0dc7 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -66,6 +66,7 @@ let "Syntastic config let g:syntastic_python_checkers=['flake8'] + let g:syntastic_python_flake8_post_args='--ignore=E501' nmap q :buffer nmap :buffer From b8949604aae84355d52cdba884f3da919fb67dfb Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 28 Feb 2017 17:47:11 +0100 Subject: [PATCH 15/68] l 5 xmonad: use new wallpaper location --- lass/5pkgs/xmonad-lass.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index 22ec7efa9..bc70417f5 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -95,7 +95,7 @@ displaySomeException = displayException myKeyMap :: [([Char], X ())] myKeyMap = - [ ("M4-", spawn "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f") + [ ("M4-", spawn "${pkgs.i3lock}/bin/i3lock -i $HOME/wallpaper -f") , ("M4-C-p", spawn "${pkgs.scrot}/bin/scrot ~/public_html/scrot.png") , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%") From 836a7186a03623ad34d8c523ae66fc184180a01b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 18 Feb 2017 20:31:42 +0100 Subject: [PATCH 16/68] l 1 prism: use lambdabot from nixpkgs lambdabot is broken with LTS Haskell 8.0 so we use the commit prior --- lass/1systems/prism.nix | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 81520ad5f..1f983da1e 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -247,7 +247,13 @@ in { ]; } { - krebs.Reaktor.coders = { + krebs.Reaktor.coders = let + lambdabot = (import (pkgs.fetchFromGitHub { + owner = "NixOS"; repo = "nixpkgs"; + rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac"; + sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy"; + }) {}).lambdabot; + in { nickname = "reaktor-lass"; channels = [ "#coders" ]; extraEnviron = { @@ -263,7 +269,7 @@ in { (buildSimpleReaktorPlugin "lambdabot-pl" { pattern = "^@pl (?P.*)$$"; script = pkgs.writeDash "lambda-pl" '' - exec ${pkgs.lambdabot}/bin/lambdabot \ + exec ${lambdabot}/bin/lambdabot \ ${indent lambdabotflags} -e "@pl $1" ''; @@ -271,7 +277,7 @@ in { (buildSimpleReaktorPlugin "lambdabot-type" { pattern = "^@type (?P.*)$$"; script = pkgs.writeDash "lambda-type" '' - exec ${pkgs.lambdabot}/bin/lambdabot \ + exec ${lambdabot}/bin/lambdabot \ ${indent lambdabotflags} -e "@type $1" ''; @@ -279,7 +285,7 @@ in { (buildSimpleReaktorPlugin "lambdabot-let" { pattern = "^@let (?P.*)$$"; script = pkgs.writeDash "lambda-let" '' - exec ${pkgs.lambdabot}/bin/lambdabot \ + exec ${lambdabot}/bin/lambdabot \ ${indent lambdabotflags} -e "@let $1" ''; @@ -287,7 +293,7 @@ in { (buildSimpleReaktorPlugin "lambdabot-run" { pattern = "^@run (?P.*)$$"; script = pkgs.writeDash "lambda-run" '' - exec ${pkgs.lambdabot}/bin/lambdabot \ + exec ${lambdabot}/bin/lambdabot \ ${indent lambdabotflags} -e "@run $1" ''; @@ -295,7 +301,7 @@ in { (buildSimpleReaktorPlugin "lambdabot-kind" { pattern = "^@kind (?P.*)$$"; script = pkgs.writeDash "lambda-kind" '' - exec ${pkgs.lambdabot}/bin/lambdabot \ + exec ${lambdabot}/bin/lambdabot \ ${indent lambdabotflags} -e "@kind $1" ''; @@ -303,7 +309,7 @@ in { (buildSimpleReaktorPlugin "lambdabot-kind" { pattern = "^@kind (?P.*)$$"; script = pkgs.writeDash "lambda-kind" '' - exec ${pkgs.lambdabot}/bin/lambdabot \ + exec ${lambdabot}/bin/lambdabot \ ${indent lambdabotflags} -e "@kind $1" ''; From 984a21d274089e51ae39f6fb6f2b201f705fe3f1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 18 Feb 2017 20:38:41 +0100 Subject: [PATCH 17/68] l 2 baesX: remove obsolete setuid for xlock --- lass/2configs/baseX.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 179d5dbe3..bca7e93d6 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -33,8 +33,6 @@ in { programs.ssh.startAgent = false; - security.setuidPrograms = [ "slock" ]; - services.printing = { enable = true; drivers = [ pkgs.foomatic_filters ]; From 567668c6c95241a125447765c81d506d651c30a5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 18 Feb 2017 20:39:14 +0100 Subject: [PATCH 18/68] l 2 browsers: use new setuid location --- lass/2configs/browsers.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 88ee70802..6c381863c 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -20,7 +20,7 @@ let createChromiumUser = name: extraGroups: let bin = pkgs.writeScriptBin name '' - /var/setuid-wrappers/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@ + /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@ ''; in { users.extraUsers.${name} = { @@ -43,7 +43,7 @@ let createFirefoxUser = name: extraGroups: let bin = pkgs.writeScriptBin name '' - /var/setuid-wrappers/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@ + /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@ ''; in { users.extraUsers.${name} = { From 8901f987309486c85607e2da02f1d357ff157911 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 18 Feb 2017 20:39:34 +0100 Subject: [PATCH 19/68] l 2 exim-smarthost: use ipv6 addresses of hosts --- lass/2configs/exim-smarthost.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index d120dfcad..360d839db 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -12,7 +12,7 @@ with import ; "lassul.us" "aidsballs.de" ]; - relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ + relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [ config.krebs.hosts.mors config.krebs.hosts.uriel config.krebs.hosts.helios From 3503876c06f510f99c2184ddbcd57dbb79a3a91f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 18 Feb 2017 20:40:54 +0100 Subject: [PATCH 20/68] l 2 nixpkgs: 6651c72 -> a9584c9 --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index ad39848b6..a0ba8116f 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "6651c72"; + ref = "a9584c9"; }; } From 9541497b437d713bb9a9d6ddcaafca190d17d45d Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 1 Mar 2017 16:02:35 +0100 Subject: [PATCH 21/68] l 2 websites util: use php56 for owncloud --- lass/2configs/websites/util.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index d596e9db9..f83463bb1 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -32,6 +32,7 @@ rec { let domain = head domains; in { + services.phpfpm.phpPackage = pkgs.php56; services.nginx.virtualHosts."${domain}" = { enableACME = true; enableSSL = true; From f081d1577784f6493bb99919f81c31df3432569a Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 1 Mar 2017 16:03:12 +0100 Subject: [PATCH 22/68] l 2 websites util: more power for wordpress --- lass/2configs/websites/util.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index f83463bb1..6d14de731 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -182,10 +182,10 @@ rec { user = nginx group = nginx pm = dynamic - pm.max_children = 5 - pm.start_servers = 2 + pm.max_children = 15 + pm.start_servers = 3 pm.min_spare_servers = 1 - pm.max_spare_servers = 3 + pm.max_spare_servers = 10 listen.owner = nginx listen.group = nginx php_admin_value[error_log] = 'stderr' From d51656224f5fe0b73f13739044c467db9b878387 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 2 Mar 2017 15:15:25 +0100 Subject: [PATCH 23/68] l 2 baseX: install gutenprint for cups --- lass/2configs/baseX.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index bca7e93d6..a8d9b4ff4 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -35,7 +35,10 @@ in { services.printing = { enable = true; - drivers = [ pkgs.foomatic_filters ]; + drivers = [ + pkgs.foomatic_filters + pkgs.gutenprint + ]; }; environment.systemPackages = with pkgs; [ From ee9695482704af0c8371399bdf74045d5723f450 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 2 Mar 2017 15:15:45 +0100 Subject: [PATCH 24/68] l 2 hfos: remove lass pubkey from riot --- lass/2configs/hfos.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/hfos.nix b/lass/2configs/hfos.nix index dcd50dd7b..a28a6a5d2 100644 --- a/lass/2configs/hfos.nix +++ b/lass/2configs/hfos.nix @@ -8,7 +8,6 @@ with import ; extraGroups = [ "libvirtd" ]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMkyCwdwBrsbs3qrNQcy/SqQpex4aaQoAMuT+NDefFc8KVHOMfmkDccEyAggDTgQhUrEVIvo/fFUmGBd9sm1vN1IthO2Qh5nX+qiK/A2R7sxci0Ry6piU03R27JfpZqi6g8TSPNi1C9rC8eBqOfO3OB8oQOkFmM48Q9cmS8AV3ERLR0LaHoEqUbs86JELbtHrMdKk4Hzo8zTM/isP3GO8iDHRt4dBS/03Ve7+WVxgNwWU2HW3a3jJd3tWHrqGmS/ZfCEC/47eIj4WSW+JiH9Q0BarNEbkkMV1Mvm32MX52stGPd5FaIIUtFqD4745iVSiw8esUGFUxJ1RjWgUHr99h riot@vortex" - config.krebs.users.lass.pubkey ]; }; From 7f0dd39a8fa8872c7cc02830ab3b86dc675b8691 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 2 Mar 2017 19:28:52 +0100 Subject: [PATCH 25/68] l 2 nixpkgs: a9584c9 -> 53a2baa --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index a0ba8116f..fbf671874 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "a9584c9"; + ref = "53a2baa"; }; } From 5a9df2cc0b4255e015797993569815787a819529 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 2 Mar 2017 19:42:44 +0100 Subject: [PATCH 26/68] tv nixpkgs: 5d03aab -> 53a2baa --- tv/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index dc26a6c6f..1d3ee3980 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -14,7 +14,7 @@ with import ; stockholm.file = "/home/tv/stockholm"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "5d03aab044970e72a9c6cb07dab734c9c2a391e4"; + ref = "53a2baa"; # nixos-unstable (17.03-rc) }; } // optionalAttrs host.secure { secrets-master.file = "/home/tv/secrets/master"; From c5830150d0fd7b66fbf24f6fa58faa021d2aba00 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 2 Mar 2017 19:43:10 +0100 Subject: [PATCH 27/68] krebs.setuid: update for nixos-unstable --- krebs/3modules/setuid.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix index 13f981437..c9677fd24 100644 --- a/krebs/3modules/setuid.nix +++ b/krebs/3modules/setuid.nix @@ -73,7 +73,7 @@ let }; imp = { - system.activationScripts."krebs.setuid" = stringAfter [ "setuid" ] + system.activationScripts."krebs.setuid" = stringAfter [ "wrappers" ] (concatMapStringsSep "\n" (getAttr "activate") (attrValues cfg)); }; From e71534f237057dedfcd0cd53bd89afc9ce33f1fc Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 2 Mar 2017 19:57:52 +0100 Subject: [PATCH 28/68] krebs,tv: /var/setuid-wrappers -> /run/wrappers/bin --- krebs/3modules/exim.nix | 2 +- krebs/3modules/on-failure.nix | 2 +- krebs/3modules/urlwatch.nix | 2 +- tv/2configs/xserver/default.nix | 2 +- tv/5pkgs/xmonad-tv/default.nix | 4 ++-- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix index 1127c0a50..0044f5b32 100644 --- a/krebs/3modules/exim.nix +++ b/krebs/3modules/exim.nix @@ -40,7 +40,7 @@ in { etc."exim.conf".source = pkgs.writeEximConfig "exim.conf" '' exim_user = ${cfg.user.name} exim_group = ${cfg.group.name} - exim_path = /var/setuid-wrappers/exim + exim_path = /run/wrappers/bin/exim spool_directory = ${cfg.user.home} ${cfg.config} ''; diff --git a/krebs/3modules/on-failure.nix b/krebs/3modules/on-failure.nix index 8bb022442..4da303dec 100644 --- a/krebs/3modules/on-failure.nix +++ b/krebs/3modules/on-failure.nix @@ -58,7 +58,7 @@ }; sendmail = mkOption { type = types.str; - default = "/var/setuid-wrappers/sendmail"; + default = "/run/wrappers/bin/sendmail"; }; }; diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix index e43f8de4a..126fc33bb 100644 --- a/krebs/3modules/urlwatch.nix +++ b/krebs/3modules/urlwatch.nix @@ -178,7 +178,7 @@ let echo To: ${shell.escape cfg.mailto} echo cat changes - } | /var/setuid-wrappers/sendmail -t + } | /run/wrappers/bin/sendmail -t fi ''; }; diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 7dcfecce6..deb929c34 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -18,7 +18,7 @@ in { ]; # TODO dedicated group, i.e. with a single user [per-user-setuid] - # TODO krebs.setuid.slock.path vs /var/setuid-wrappers + # TODO krebs.setuid.slock.path vs /run/wrappers/bin krebs.setuid.slock = { filename = "${pkgs.slock}/bin/slock"; group = "wheel"; diff --git a/tv/5pkgs/xmonad-tv/default.nix b/tv/5pkgs/xmonad-tv/default.nix index c6a622bd1..5ac8f8372 100644 --- a/tv/5pkgs/xmonad-tv/default.nix +++ b/tv/5pkgs/xmonad-tv/default.nix @@ -132,7 +132,7 @@ spawnRootTerm :: X () spawnRootTerm = forkFile urxvtcPath - ["-name", "root-urxvt", "-e", "/var/setuid-wrappers/su", "-"] + ["-name", "root-urxvt", "-e", "/run/wrappers/bin/su", "-"] Nothing spawnTermAt :: String -> X () @@ -143,7 +143,7 @@ spawnTermAt ws = do myKeys :: XConfig Layout -> Map (KeyMask, KeySym) (X ()) myKeys conf = Map.fromList $ - [ ((_4 , xK_Escape ), forkFile "/var/setuid-wrappers/slock" [] Nothing) + [ ((_4 , xK_Escape ), forkFile "/run/wrappers/bin/slock" [] Nothing) , ((_4S , xK_c ), kill) , ((_4 , xK_x ), chooseAction spawnTermAt) From cf289c9aec98fcb87e1debeb48f991f0256cdbb1 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 2 Mar 2017 20:02:01 +0100 Subject: [PATCH 29/68] mv,tv: security.setuidPrograms -> security.wrappers --- mv/1systems/stro.nix | 6 +++--- tv/1systems/mu.nix | 8 ++++---- tv/1systems/wu.nix | 6 +++--- tv/1systems/xu.nix | 6 +++--- tv/1systems/zu.nix | 6 +++--- 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/mv/1systems/stro.nix b/mv/1systems/stro.nix index e371db788..c8035b88e 100644 --- a/mv/1systems/stro.nix +++ b/mv/1systems/stro.nix @@ -143,9 +143,9 @@ with import ; }; }; - security.setuidPrograms = [ - "sendmail" - ]; + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + }; security.sudo.extraConfig = '' Defaults env_keep+="SSH_CLIENT" diff --git a/tv/1systems/mu.nix b/tv/1systems/mu.nix index e9a8a131a..fcd0a2178 100644 --- a/tv/1systems/mu.nix +++ b/tv/1systems/mu.nix @@ -99,10 +99,10 @@ with import ; programs.ssh.startAgent = false; - security.setuidPrograms = [ - "sendmail" # for cron - "slock" - ]; + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + slock.slock = "${pkgs.slock}/bin/slock"; + }; security.pam.loginLimits = [ # for jack diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index a9d7e94eb..4cde8b903 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -157,9 +157,9 @@ with import ; #jack2 ]; - security.setuidPrograms = [ - "sendmail" # for cron - ]; + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + }; services.printing.enable = true; diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 974d820d5..4b8fe8da2 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -167,9 +167,9 @@ with import ; gptfdisk ]; - security.setuidPrograms = [ - "sendmail" # for cron - ]; + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + }; services.printing.enable = true; diff --git a/tv/1systems/zu.nix b/tv/1systems/zu.nix index 59e8b1c7f..194ac2928 100644 --- a/tv/1systems/zu.nix +++ b/tv/1systems/zu.nix @@ -167,9 +167,9 @@ with import ; gptfdisk ]; - security.setuidPrograms = [ - "sendmail" # for cron - ]; + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + }; services.printing.enable = true; From dd30ebef45b63b4c8bb8b586f750ff877f60f565 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 4 Mar 2017 19:49:39 +0100 Subject: [PATCH 30/68] l 2: add livestream.nix --- lass/2configs/baseX.nix | 2 +- lass/2configs/livestream.nix | 12 ++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 lass/2configs/livestream.nix diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index a8d9b4ff4..275b93f26 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -9,6 +9,7 @@ in { ./screenlock.nix ./copyq.nix ./xresources.nix + ./livestream.nix { hardware.pulseaudio = { enable = true; @@ -42,7 +43,6 @@ in { }; environment.systemPackages = with pkgs; [ - acpi dic dmenu diff --git a/lass/2configs/livestream.nix b/lass/2configs/livestream.nix new file mode 100644 index 000000000..25d54e26d --- /dev/null +++ b/lass/2configs/livestream.nix @@ -0,0 +1,12 @@ +{ config, pkgs, ... }: +with import ; + +let + + stream = pkgs.writeDashBin "stream" '' + ${pkgs.python35Packages.livestreamer}/bin/livestreamer --http-header Client-ID=jzkbprff40iqj646a697cyrvl0zt2m6 -p mpv "$@" + ''; + +in { + environment.systemPackages = [ stream ]; +} From 6344a9ff6a9926364b34a8556e794157b686bd05 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 4 Mar 2017 19:59:36 +0100 Subject: [PATCH 31/68] exim: add primary_host to local_domains --- krebs/3modules/exim-smarthost.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index bda563f8d..0ad952e3b 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -55,7 +55,7 @@ let local_domains = mkOption { type = with types; listOf hostname; - default = ["localhost"] ++ config.krebs.build.host.nets.retiolum.aliases; + default = unique (["localhost" cfg.primary_hostname] ++ config.krebs.build.host.nets.retiolum.aliases); }; relay_from_hosts = mkOption { From 40faf4bdb7aea50c8e298af673b4fd92df0523a8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 4 Mar 2017 20:03:19 +0100 Subject: [PATCH 32/68] l 2 exim-smarthost: set lassul.us as primary --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 360d839db..3353cdac0 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -8,6 +8,7 @@ with import ; dkim = [ { domain = "lassul.us"; } ]; + primary_hostname = "lassul.us"; sender_domains = [ "lassul.us" "aidsballs.de" From 6874e0f4ed1f638280878cd3e0878a943a0e282a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 4 Mar 2017 20:04:39 +0100 Subject: [PATCH 33/68] l 2: add mosh to systemPackages --- lass/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 5f383a91d..3e7881fb4 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -135,6 +135,7 @@ with import ; #neat utils krebspaste + mosh pciutils pop psmisc From 8ec271445d5c42a4058ddd05cc0efec3cd68336a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 4 Mar 2017 20:42:05 +0100 Subject: [PATCH 34/68] l 2 nixpkgs: 53a2baa -> 5b0c9d4 using 17.03 now --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index fbf671874..9c3eafffd 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "53a2baa"; + ref = "5b0c9d4"; }; } From e8b575db8dd94e92785015ff3479ceeb7ba3197d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 4 Mar 2017 20:46:59 +0100 Subject: [PATCH 35/68] s 2: bump nixpkgs to 17.03 --- shared/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/2configs/default.nix b/shared/2configs/default.nix index cae2bc814..bf2ce84b6 100644 --- a/shared/2configs/default.nix +++ b/shared/2configs/default.nix @@ -11,7 +11,7 @@ with import ; nixos-config.symlink = "stockholm/${user.name}/1systems/${host.name}.nix"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "b8ede35d2efa96490857c22c751e75d600bea44f"; # nixos-16.09 @ 2016-10-19 + ref = "5b0c9d4f92f15f171afa65caf13a29ac1c068a10"; # nixos-17.03 @ 2017-03-04 }; secrets.file = if getEnv "dummy_secrets" == "true" From e1bb6d8c27d3be94e3fa18eb8958f2c885322126 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 4 Mar 2017 22:01:03 +0100 Subject: [PATCH 36/68] l 2 livestream: use python27 --- lass/2configs/livestream.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/livestream.nix b/lass/2configs/livestream.nix index 25d54e26d..c877a8c0a 100644 --- a/lass/2configs/livestream.nix +++ b/lass/2configs/livestream.nix @@ -4,7 +4,7 @@ with import ; let stream = pkgs.writeDashBin "stream" '' - ${pkgs.python35Packages.livestreamer}/bin/livestreamer --http-header Client-ID=jzkbprff40iqj646a697cyrvl0zt2m6 -p mpv "$@" + ${pkgs.python27Packages.livestreamer}/bin/livestreamer --http-header Client-ID=jzkbprff40iqj646a697cyrvl0zt2m6 -p mpv "$@" ''; in { From 286fc7045b3ad8dea36386d8de4a1fc59fd70c80 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 4 Mar 2017 22:49:24 +0100 Subject: [PATCH 37/68] git-hooks.irc-announce: simplify file structure --- krebs/5pkgs/git-hooks/default.nix | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/krebs/5pkgs/git-hooks/default.nix b/krebs/5pkgs/git-hooks/default.nix index 9355a878c..3b9d1b3b0 100644 --- a/krebs/5pkgs/git-hooks/default.nix +++ b/krebs/5pkgs/git-hooks/default.nix @@ -1,13 +1,10 @@ -{ lib, pkgs, ... }: +{ pkgs, ... }: -with lib; - -let - out = { - inherit irc-announce; - }; +with import ; +{ # TODO irc-announce should return a derivation + # but it cannot because krebs.git.repos.*.hooks :: attrsOf str irc-announce = { nick, channel, server, port ? 6667, verbose ? false, branches ? [] }: '' #! /bin/sh set -euf @@ -99,7 +96,7 @@ let done if test -n "''${message-}"; then - exec ${irc-announce-script} \ + exec ${pkgs.irc-announce}/bin/irc-announce \ "$server" \ "$port" \ "$nick" \ @@ -107,6 +104,4 @@ let "$message" fi ''; - - irc-announce-script = "${pkgs.irc-announce}/bin/irc-announce"; -in out +} From b690768e28170cd0227f5132ca39451a43cf573f Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 4 Mar 2017 22:49:44 +0100 Subject: [PATCH 38/68] git-hooks.irc-announce: append .r to cgit_endpoint --- krebs/5pkgs/git-hooks/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/5pkgs/git-hooks/default.nix b/krebs/5pkgs/git-hooks/default.nix index 3b9d1b3b0..4017b873b 100644 --- a/krebs/5pkgs/git-hooks/default.nix +++ b/krebs/5pkgs/git-hooks/default.nix @@ -34,7 +34,7 @@ with import ; port=${toString port} host=$nick - cgit_endpoint=http://cgit.$host + cgit_endpoint=http://cgit.$host.r empty=0000000000000000000000000000000000000000 From 1689862147c7bb4b9d8b0ef8fb645b6bde8b2838 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 4 Mar 2017 23:04:07 +0100 Subject: [PATCH 39/68] wolf: drop packageOverride for nano --- shared/2configs/default.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/shared/2configs/default.nix b/shared/2configs/default.nix index cae2bc814..0f72b2b60 100644 --- a/shared/2configs/default.nix +++ b/shared/2configs/default.nix @@ -30,10 +30,6 @@ with import ; ]; nix.useSandbox = true; - nixpkgs.config.packageOverrides = pkgs: { - nano = pkgs.vim; - }; - environment.systemPackages = with pkgs; [ git rxvt_unicode.terminfo From 4a3a44df416818d7ef0f644e8e6c064ff84768db Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 4 Mar 2017 23:04:26 +0100 Subject: [PATCH 40/68] shared nixpkgs: b8ede35 -> 5b0c9d4 --- shared/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/2configs/default.nix b/shared/2configs/default.nix index 0f72b2b60..49c0d3d95 100644 --- a/shared/2configs/default.nix +++ b/shared/2configs/default.nix @@ -11,7 +11,7 @@ with import ; nixos-config.symlink = "stockholm/${user.name}/1systems/${host.name}.nix"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "b8ede35d2efa96490857c22c751e75d600bea44f"; # nixos-16.09 @ 2016-10-19 + ref = "5b0c9d4f92f15f171afa65caf13a29ac1c068a10"; # nixos-17.03 @ 2017-03-03 }; secrets.file = if getEnv "dummy_secrets" == "true" From 4f3ece51f7e775bcad1df209bc8881cdbcd5c516 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 4 Mar 2017 23:15:56 +0100 Subject: [PATCH 41/68] tv urlwatch: nixos-16.09 -> nixos-17.03 --- tv/2configs/urlwatch.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix index 6e11e0251..5779240ba 100644 --- a/tv/2configs/urlwatch.nix +++ b/tv/2configs/urlwatch.nix @@ -31,7 +31,7 @@ with import ; ## other - https://nixos.org/channels/nixos-16.09/git-revision + https://nixos.org/channels/nixos-17.03/git-revision https://nixos.org/channels/nixos-unstable/git-revision ## 2014-10-17 From d7761aed6559adba3cfa61d822165c42c90fc276 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 4 Mar 2017 23:21:53 +0100 Subject: [PATCH 42/68] tv nixpkgs: 53a2baa -> 5b0c9d4 --- tv/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 1d3ee3980..33fb7e492 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -14,7 +14,7 @@ with import ; stockholm.file = "/home/tv/stockholm"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "53a2baa"; # nixos-unstable (17.03-rc) + ref = "5b0c9d4f92f15f171afa65caf13a29ac1c068a10"; # nixos-17.03 }; } // optionalAttrs host.secure { secrets-master.file = "/home/tv/secrets/master"; From 39fd77b84c7c14d6460722721726b378bdab7acd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 Mar 2017 00:21:53 +0100 Subject: [PATCH 43/68] l 1 prism: start repo-sync 5mins after boot --- lass/1systems/prism.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 1f983da1e..b55732f65 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -215,6 +215,7 @@ in { } { krebs.repo-sync.timerConfig = { + OnBootSec = "5min"; OnUnitInactiveSec = "3min"; RandomizedDelaySec = "2min"; }; From fd6c056a720544319f02cf02b64fa8dd2b657aa8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 Mar 2017 01:02:19 +0100 Subject: [PATCH 44/68] l 2 programs: remove obsolete livestreamer --- lass/2configs/programs.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/programs.nix b/lass/2configs/programs.nix index 6cf23deaf..241d263f8 100644 --- a/lass/2configs/programs.nix +++ b/lass/2configs/programs.nix @@ -12,7 +12,6 @@ pavucontrol pv pwgen - python34Packages.livestreamer remmina silver-searcher wget From c05764274e5043912204b56cb1f032e1d5db6717 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 15 Feb 2017 08:15:35 +0100 Subject: [PATCH 45/68] k 5 dymo-cups-drivers: init at 1.4.0 --- makefu/5pkgs/dymo-cups-drivers/default.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 makefu/5pkgs/dymo-cups-drivers/default.nix diff --git a/makefu/5pkgs/dymo-cups-drivers/default.nix b/makefu/5pkgs/dymo-cups-drivers/default.nix new file mode 100644 index 000000000..d47bae6dd --- /dev/null +++ b/makefu/5pkgs/dymo-cups-drivers/default.nix @@ -0,0 +1,17 @@ +{ stdenv, lib, pkgs, fetchurl, cups, ... }: + +stdenv.mkDerivation rec { + name = "dymo-cups-drivers-${version}"; + version = "1.4.0"; + src = fetchurl { + url = "http://download.dymo.com/dymo/Software/Download%20Drivers/Linux/Download/${name}.tar.gz"; + sha256 = "0wagsrz3q7yrkzb5ws0m5faq68rqnqfap9p98sgk5jl6x7krf1y6"; + }; + buildInputs = [ cups ]; + makeFlags = [ "cupsfilterdir=$(out)/lib/cups/filter" "cupsmodeldir=$(out)/share/cups/model" ]; + + # acd_cli gets dumped in bin and gets overwritten by fixupPhase + meta = { + description = "Dymo printer drivers"; + }; +} From d5f26f28317a923397a36309554396194bfcad27 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 16 Feb 2017 18:28:59 +0100 Subject: [PATCH 46/68] m umts: add apn option --- makefu/1systems/x.nix | 1 + makefu/3modules/umts.nix | 9 ++++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix index 08da92068..57e120e63 100644 --- a/makefu/1systems/x.nix +++ b/makefu/1systems/x.nix @@ -66,6 +66,7 @@ ]; makefu.server.primary-itf = "wlp2s0"; makefu.full-populate = true; + makefu.umts.apn = "web.vodafone.de"; nixpkgs.config.allowUnfree = true; krebs.nginx = { diff --git a/makefu/3modules/umts.nix b/makefu/3modules/umts.nix index 91ac13755..86669945a 100644 --- a/makefu/3modules/umts.nix +++ b/makefu/3modules/umts.nix @@ -26,7 +26,7 @@ let Dial Command = ATDT Modem = ${cfg.modem-device} Baud = 460800 - Init1 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 + Init1 = AT+CGDCONT=1,"IP","${config.makefu.umts.apn}","",0,0 Init2 = ATZ Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 ISDN = 0 @@ -54,6 +54,13 @@ let to avoid race conditions. ''; }; + apn = mkOption { + default = "pinternet.interkom.de"; + type = types.str; + description = '' + apn to use for dailing + ''; + }; }; imp = { From 3f3325a55e4a581cc3c7ab066e9fb883b1639bdc Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 18 Feb 2017 05:11:59 +0100 Subject: [PATCH 47/68] m x: replace laptop with new x230 (without coreboot) --- makefu/2configs/hw/tp-x230.nix | 10 ++++++++-- makefu/5pkgs/awesomecfg/full.cfg | 4 ++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/hw/tp-x230.nix b/makefu/2configs/hw/tp-x230.nix index 99563a771..855fda952 100644 --- a/makefu/2configs/hw/tp-x230.nix +++ b/makefu/2configs/hw/tp-x230.nix @@ -9,20 +9,26 @@ with import ; kernelModules = [ "kvm-intel" "thinkpad_ec" - # "acpi_call" + "acpi_call" # "thinkpad_acpi" # "tpm-rng" ]; extraModulePackages = [ - # config.boot.kernelPackages.acpi_call + config.boot.kernelPackages.acpi_call ]; }; + + # configured media keys inside awesomerc + # sound.mediaKeys.enable = true; + hardware.bluetooth.enable = true; + services.acpid.enable = true; hardware.opengl.extraPackages = [ pkgs.vaapiIntel pkgs.vaapiVdpau ]; services.xserver = { videoDriver = "intel"; deviceSection = '' Option "AccelMethod" "sna" + Option "Backlight" "intel_backlight" ''; }; # no entropy source working diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg index 8036e5765..e43341d25 100644 --- a/makefu/5pkgs/awesomecfg/full.cfg +++ b/makefu/5pkgs/awesomecfg/full.cfg @@ -364,6 +364,10 @@ globalkeys = awful.util.table.join( end, {description = "restore minimized", group = "client"}), + awful.key({ }, "XF86MonBrightnessUp", function () + awful.util.spawn("xbacklight -inc 5", false) end), + awful.key({ }, "XF86MonBrightnessDown", function () + awful.util.spawn("xbacklight -dec 5", false) end), awful.key({ }, "XF86AudioRaiseVolume", function () awful.util.spawn("amixer set Master 5%+", false) end), From 01b5372467faf232d59aa49b2a1e670ae5f4599a Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 28 Feb 2017 14:25:44 +0100 Subject: [PATCH 48/68] unstable @ 2017-02-28 --- makefu/2configs/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 45f7315b0..74d3635bd 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -22,7 +22,7 @@ with import ; user = config.krebs.users.makefu; source = let inherit (config.krebs.build) host user; - ref = "f66d782"; # unstable @ 2017-02-04 + ref = "53a2baa"; # unstable @ 2017-02-28 in { nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then { @@ -159,7 +159,7 @@ with import ; auto-optimise-store = true ''; - security.setuidPrograms = [ "sendmail" ]; + security.wrappers.sendmail.source = "${pkgs.exim}/bin/sendmail"; services.journald.extraConfig = '' SystemMaxUse=1G RuntimeMaxUse=128M From f32d84e23d1785463af9242bb616325b6ae58ada Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 1 Mar 2017 15:43:15 +0100 Subject: [PATCH 49/68] m 5 wol: rm, is now upstream --- makefu/5pkgs/wol/default.nix | 22 ---------------------- 1 file changed, 22 deletions(-) delete mode 100644 makefu/5pkgs/wol/default.nix diff --git a/makefu/5pkgs/wol/default.nix b/makefu/5pkgs/wol/default.nix deleted file mode 100644 index a6d54b8a2..000000000 --- a/makefu/5pkgs/wol/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ stdenv, fetchurl }: - -stdenv.mkDerivation rec { - proj = "wake-on-lan"; - name = "wol-${version}"; - version = "0.7.1"; - - enableParallelBuilding = true; - - src = fetchurl { - url = "mirror://sourceforge/${proj}/${name}.tar.gz"; - sha256 = "08i6l5lr14mh4n3qbmx6kyx7vjqvzdnh3j9yfvgjppqik2dnq270"; - }; - - meta = { - description = "simple wake-on-lan client"; - homepage = https://sourceforge.net/projects/wake-on-lan/; - license = stdenv.lib.licenses.gpl2; - platforms = stdenv.lib.platforms.linux; - maintainers = with stdenv.lib.maintainers; [ makefu ]; - }; -} From 8bacb23ad46c7c4feb8ba097ce2c221579065c2e Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 1 Mar 2017 15:45:50 +0100 Subject: [PATCH 50/68] m 5 esptool: ninit --- makefu/2configs/base-gui.nix | 2 +- makefu/2configs/laptop-utils.nix | 65 ----------------------------- makefu/2configs/tools/all.nix | 10 +++++ makefu/2configs/tools/core-gui.nix | 25 +++++++++++ makefu/2configs/tools/core.nix | 41 ++++++++++++++++++ makefu/2configs/tools/dev.nix | 10 +++++ makefu/2configs/tools/extra-gui.nix | 12 ++++++ makefu/2configs/tools/media.nix | 12 ++++++ makefu/2configs/tools/sec.nix | 15 +++++++ makefu/5pkgs/esptool/default.nix | 32 ++++++++++++++ 10 files changed, 158 insertions(+), 66 deletions(-) delete mode 100644 makefu/2configs/laptop-utils.nix create mode 100644 makefu/2configs/tools/all.nix create mode 100644 makefu/2configs/tools/core-gui.nix create mode 100644 makefu/2configs/tools/core.nix create mode 100644 makefu/2configs/tools/dev.nix create mode 100644 makefu/2configs/tools/extra-gui.nix create mode 100644 makefu/2configs/tools/media.nix create mode 100644 makefu/2configs/tools/sec.nix create mode 100644 makefu/5pkgs/esptool/default.nix diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix index 95ebabc44..43b37cd8c 100644 --- a/makefu/2configs/base-gui.nix +++ b/makefu/2configs/base-gui.nix @@ -82,7 +82,7 @@ in URxvt.perl-ext: default,url-select URxvt.keysym.M-u: perl:url-select:select_next - URxvt.url-select.launcher: chromium + URxvt.url-select.launcher: firefox -new-tab URxvt.url-select.underline: true URxvt.searchable-scrollback: CM-s ''; diff --git a/makefu/2configs/laptop-utils.nix b/makefu/2configs/laptop-utils.nix deleted file mode 100644 index ec6d4adec..000000000 --- a/makefu/2configs/laptop-utils.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ pkgs, ... }: - -# tools i use when actually working with the host. -# package version will now be maintained by nix-rebuild -# -# essentially `nix-env -q` of the main user -# TODO: split gui and non-gui -{ - nixpkgs.config.firefox = { - enableAdobeFlash = true; - }; - - krebs.per-user.makefu.packages = with pkgs; [ - # core - at_spi2_core - acpi - bc - exif - file - ntfs3g - pv - proot - sshpass - unzip - unrar - usbutils - zip - - # dev - python35Packages.virtualenv - - - # gui - chromium - clipit - feh - firefox - keepassx - pcmanfm - skype - mirage - tightvnc - gnome3.dconf - vlc - virtmanager - wireshark - xdotool - - # sectools - aria2 - pythonPackages.binwalk-full - dnsmasq - iodine - mtr - nmap - - - # stuff - cac-api - cac-panel - krebspaste - ledger - pass - ]; -} diff --git a/makefu/2configs/tools/all.nix b/makefu/2configs/tools/all.nix new file mode 100644 index 000000000..09344d99d --- /dev/null +++ b/makefu/2configs/tools/all.nix @@ -0,0 +1,10 @@ +{ + imports = [ + ./core.nix + ./core-gui.nix + ./extra-gui.nix + ./dev.nix + ./sec.nix + ./media.nix + ]; +} diff --git a/makefu/2configs/tools/core-gui.nix b/makefu/2configs/tools/core-gui.nix new file mode 100644 index 000000000..518a60eac --- /dev/null +++ b/makefu/2configs/tools/core-gui.nix @@ -0,0 +1,25 @@ +{ pkgs, ... }: + +{ + nixpkgs.config.firefox = { + enableAdobeFlash = true; + }; + + krebs.per-user.makefu.packages = with pkgs; [ + chromium + clipit + feh + firefox + keepassx + pcmanfm + skype + mirage + tightvnc + gnome3.dconf + vlc + wireshark + xdotool + scrot + + ]; +} diff --git a/makefu/2configs/tools/core.nix b/makefu/2configs/tools/core.nix new file mode 100644 index 000000000..56d60812e --- /dev/null +++ b/makefu/2configs/tools/core.nix @@ -0,0 +1,41 @@ +{ pkgs, ... }: + +# tools i use when actually working with the host. +# package version will now be maintained by nix-rebuild +# +# essentially `nix-env -q` of the main user +{ + krebs.per-user.makefu.packages = with pkgs; [ + at_spi2_core + acpi + bc + exif + file + ntfs3g + pv + proot + sshpass + usbutils + p7zip + hdparm + inetutils + ncftp + mutt + tcpdump + sysstat + which + weechat + curl + wget + wol + tmux + smartmontools + iftop + + cac-api + cac-panel + krebspaste + ledger + pass + ]; +} diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix new file mode 100644 index 000000000..8acc25fcc --- /dev/null +++ b/makefu/2configs/tools/dev.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: + +{ + krebs.per-user.makefu.packages = with pkgs;[ + nodemcu-uploader + esptool + python35Packages.virtualenv + flashrom + ]; +} diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix new file mode 100644 index 000000000..6b8a5af66 --- /dev/null +++ b/makefu/2configs/tools/extra-gui.nix @@ -0,0 +1,12 @@ +{ pkgs, ... }: + +{ + krebs.per-user.makefu.packages = with pkgs;[ + inkscape + gimp + skype + virtmanager + synergy + + ]; +} diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix new file mode 100644 index 000000000..67159a176 --- /dev/null +++ b/makefu/2configs/tools/media.nix @@ -0,0 +1,12 @@ +{ pkgs, ... }: + +{ + nixpkgs.config.firefox = { + enableAdobeFlash = true; + }; + + krebs.per-user.makefu.packages = with pkgs; [ + kodi + streamripper + ]; +} diff --git a/makefu/2configs/tools/sec.nix b/makefu/2configs/tools/sec.nix new file mode 100644 index 000000000..3a2a84556 --- /dev/null +++ b/makefu/2configs/tools/sec.nix @@ -0,0 +1,15 @@ +{ pkgs, ... }: + +{ + krebs.per-user.makefu.packages = with pkgs; [ + aria2 + mitmproxy + pythonPackages.binwalk-full + dnsmasq + iodine + mtr + nmap + msf + thc-hydra + ]; +} diff --git a/makefu/5pkgs/esptool/default.nix b/makefu/5pkgs/esptool/default.nix new file mode 100644 index 000000000..84bb232cd --- /dev/null +++ b/makefu/5pkgs/esptool/default.nix @@ -0,0 +1,32 @@ +{ pkgs, fetchFromGitHub, ... }: +with pkgs.python2Packages; +let + pyaes = buildPythonPackage rec { + name = "pyaes-${version}"; + version = "1.6.0"; + src = fetchFromGitHub { + owner = "ricmoo"; + repo = "pyaes"; + rev = "v${version}"; + sha256 = "04934a9zgwc8g3qhfrkcfv0bs557paigllnkrnfhp9m1azr3bfqb"; + }; + doCheck = false; + }; +in +buildPythonPackage rec { + name = "esptool-${version}"; + version = "2.0beta2"; + propagatedBuildInputs = [ + pyserial + flake8 + ecdsa + pyaes + ]; + src = fetchFromGitHub { + owner = "themadinventor"; + repo = "esptool"; + rev = "v${version}"; + sha256 = "0n96pyi1k4qlyfqk5k7xpgq8726wz74qvd3gqjg0bpsl3wr7l94i"; + }; + doCheck = false; +} From 0412d9c1156d78f0db3c2408ac224c50ebf43c7e Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 1 Mar 2017 15:46:23 +0100 Subject: [PATCH 51/68] m 2 central-stats-server: use updated kapacitor --- makefu/2configs/logging/central-stats-server.nix | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/makefu/2configs/logging/central-stats-server.nix b/makefu/2configs/logging/central-stats-server.nix index 8151d4939..30ad63879 100644 --- a/makefu/2configs/logging/central-stats-server.nix +++ b/makefu/2configs/logging/central-stats-server.nix @@ -5,10 +5,9 @@ let collectd-port = 25826; influx-port = 8086; grafana-port = 3000; # TODO nginx forward + db = "collectd_db"; + logging-interface = config.makefu.server.primary-itf; in { - imports = [ - ../../../lass/3modules/kapacitor.nix - ]; services.grafana.enable = true; services.grafana.addr = "0.0.0.0"; @@ -27,11 +26,11 @@ in { collectd = [{ enabled = true; typesdb = "${pkgs.collectd}/share/collectd/types.db"; - database = "collectd_db"; + database = db; port = collectd-port; }]; }; - lass.kapacitor = + krebs.kapacitor = let echoToIrc = pkgs.writeDash "echo_irc" '' set -euf @@ -43,7 +42,8 @@ in { in { enable = true; alarms = { - cpu_deadman = '' + cpu_deadman.database = db; + cpu_deadman.text = '' var data = batch |query(${"'''"} SELECT mean("value") AS mean @@ -68,5 +68,8 @@ in { iptables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT iptables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT iptables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT + iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT + iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT + iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT ''; } From d88b9ded5f09d5df8784a75d2ae92f3500bd9f6d Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 1 Mar 2017 15:46:43 +0100 Subject: [PATCH 52/68] m 2 omo-share: expose media-rw --- makefu/2configs/omo-share.nix | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/makefu/2configs/omo-share.nix b/makefu/2configs/omo-share.nix index 8a3eab98a..7d7a4ec57 100644 --- a/makefu/2configs/omo-share.nix +++ b/makefu/2configs/omo-share.nix @@ -48,15 +48,8 @@ in { browseable = "yes"; "guest ok" = "yes"; }; - crypt0-rw = { - path = "/media/crypt0/"; - "read only" = "no"; - browseable = "yes"; - "guest ok" = "no"; - "valid users" = "makefu"; - }; - crypt1-rw = { - path = "/media/crypt1/"; + media-rw = { + path = "/media/"; "read only" = "no"; browseable = "yes"; "guest ok" = "no"; From af83dea03c002e0dc1c907c429b378ba97da0ba3 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 1 Mar 2017 15:47:27 +0100 Subject: [PATCH 53/68] k 2 tools/sec: do not deploy mitmproxy (broken) --- makefu/2configs/tools/sec.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/tools/sec.nix b/makefu/2configs/tools/sec.nix index 3a2a84556..5ab699f35 100644 --- a/makefu/2configs/tools/sec.nix +++ b/makefu/2configs/tools/sec.nix @@ -3,7 +3,7 @@ { krebs.per-user.makefu.packages = with pkgs; [ aria2 - mitmproxy + # mitmproxy pythonPackages.binwalk-full dnsmasq iodine From 5b53760ee406c662dad7121def60d82c14e6d743 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 1 Mar 2017 15:48:11 +0100 Subject: [PATCH 54/68] m 1 filepimp: new interface --- makefu/1systems/filepimp.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix index 0fabf6d93..e143d0046 100644 --- a/makefu/1systems/filepimp.nix +++ b/makefu/1systems/filepimp.nix @@ -3,7 +3,7 @@ let byid = dev: "/dev/disk/by-id/" + dev; part1 = disk: disk + "-part1"; rootDisk = byid "ata-SanDisk_SDSSDP064G_140237402890"; - primary-interface = "enp2s0"; # c8:cb:b8:cf:e4:dc + primary-interface = "enp3s0"; # c8:cb:b8:cf:e4:dc # N54L Chassis: # ____________________ # |______FRONT_______| From c96761176276f39e23767f92582aa1af13ee7a26 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 1 Mar 2017 15:50:58 +0100 Subject: [PATCH 55/68] main-laptop: use tools,security wrappers --- makefu/2configs/main-laptop.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix index e1c3d20ff..eaf6dec97 100644 --- a/makefu/2configs/main-laptop.nix +++ b/makefu/2configs/main-laptop.nix @@ -14,7 +14,8 @@ in { ./base-gui.nix ./fetchWallpaper.nix ./zsh-user.nix - ./laptop-utils.nix + ./tools/core.nix + ./tools/core-gui.nix ]; users.users.${config.krebs.build.user.name}.extraGroups = [ "dialout" ]; @@ -60,7 +61,7 @@ in { sleep 1 '') [ 5 4 3 2 1 ]} - /var/setuid-wrappers/sudo ${pkgs.systemd}/bin/systemctl suspend + /var/run/wrappers/bin/sudo ${pkgs.systemd}/bin/systemctl suspend ''; }; }; From f23801beae6c54ca225df3d60d3dc1b0cda5471b Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 1 Mar 2017 15:51:18 +0100 Subject: [PATCH 56/68] m 2 printer: use dymo cups driver --- makefu/2configs/printer.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix index d288748f9..7c7b00abc 100644 --- a/makefu/2configs/printer.nix +++ b/makefu/2configs/printer.nix @@ -5,6 +5,7 @@ enable = true; drivers = [ pkgs.samsungUnifiedLinuxDriver + pkgs.dymo-cups-drivers ]; }; From 4eeecc9dbde44592451ef1295593e69fe80473cc Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 1 Mar 2017 15:51:48 +0100 Subject: [PATCH 57/68] m 1 x: do not use virtualbox, build with exfat-nofuse --- makefu/1systems/x.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix index 57e120e63..1e29876e7 100644 --- a/makefu/1systems/x.nix +++ b/makefu/1systems/x.nix @@ -8,7 +8,7 @@ [ # base ../. ../2configs/main-laptop.nix - ../2configs/laptop-utils.nix + ../2configs/tools/all.nix ../2configs/laptop-backup.nix ../2configs/dnscrypt.nix @@ -46,7 +46,7 @@ ../2configs/mail-client.nix ../2configs/printer.nix ../2configs/virtualization.nix - ../2configs/virtualization-virtualbox.nix + # ../2configs/virtualization-virtualbox.nix ../2configs/wwan.nix ../2configs/rad1o.nix @@ -64,7 +64,9 @@ ../2configs/fs/sda-crypto-root-home.nix ]; - makefu.server.primary-itf = "wlp2s0"; + boot.kernelParams = [ "acpi_osi=Linux" "acpi_backlight=vendor" ]; + + makefu.server.primary-itf = "wlp3s0"; makefu.full-populate = true; makefu.umts.apn = "web.vodafone.de"; @@ -75,6 +77,7 @@ servers.default.server-names = [ "_" ]; }; + boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; environment.systemPackages = [ pkgs.passwdqc-utils pkgs.bintray-upload ]; virtualisation.docker.enable = true; From 1135487724b442b78d7f4d863c02ab6b7fb801b2 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 1 Mar 2017 15:53:16 +0100 Subject: [PATCH 58/68] m x230: move specific config to general config --- makefu/1systems/x.nix | 1 - makefu/2configs/hw/tp-x230.nix | 2 ++ 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix index 1e29876e7..9666f50ff 100644 --- a/makefu/1systems/x.nix +++ b/makefu/1systems/x.nix @@ -64,7 +64,6 @@ ../2configs/fs/sda-crypto-root-home.nix ]; - boot.kernelParams = [ "acpi_osi=Linux" "acpi_backlight=vendor" ]; makefu.server.primary-itf = "wlp3s0"; makefu.full-populate = true; diff --git a/makefu/2configs/hw/tp-x230.nix b/makefu/2configs/hw/tp-x230.nix index 855fda952..2de32dd94 100644 --- a/makefu/2configs/hw/tp-x230.nix +++ b/makefu/2configs/hw/tp-x230.nix @@ -16,6 +16,8 @@ with import ; extraModulePackages = [ config.boot.kernelPackages.acpi_call ]; + # support backlight adjustment + kernelParams = [ "acpi_osi=Linux" "acpi_backlight=vendor" ]; }; # configured media keys inside awesomerc From 798e80de7c522afbf619ab4b1519849f2c33ca9b Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 1 Mar 2017 15:54:39 +0100 Subject: [PATCH 59/68] m 2 owncloud: do not use mysql --- makefu/2configs/deployment/owncloud.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index d692ef72d..c6fb9c8e5 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -131,11 +131,15 @@ in { ( serveCloud [ "o.euer.krebsco.de" ] ) ]; - services.mysql = { - enable = true; + services.mysql = { # TODO: currently nextcloud uses sqlite + enable = false; package = pkgs.mariadb; rootPassword = config.krebs.secret.files.mysql_rootPassword.path; }; + services.mysqlBackup = { + enable = false; + databases = [ "nextcloud" ]; + }; krebs.secret.files.mysql_rootPassword = { path = "${config.services.mysql.dataDir}/mysql_rootPassword"; From ab88b75e1d36078d6dbb104803b0421f84a2abe9 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 1 Mar 2017 15:55:02 +0100 Subject: [PATCH 60/68] m 2 urlwatch: watch exfat-nofuse --- makefu/2configs/urlwatch.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix index d575d18bc..20eb031a1 100644 --- a/makefu/2configs/urlwatch.nix +++ b/makefu/2configs/urlwatch.nix @@ -16,6 +16,9 @@ http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/ https://github.com/amadvance/snapraid/releases.atom https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack + https://api.github.com/repos/embray/d2to1/tags + https://api.github.com/repos/dorimanx/exfat-nofuse/commits + https://api.github.com/repos/dorimanx/exfat-nofuse/tags ]; }; } From 7d6945babb1366099beaa453dc86a7410a55db3d Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 1 Mar 2017 15:55:22 +0100 Subject: [PATCH 61/68] m 5 default: auto-detect packages --- makefu/5pkgs/default.nix | 41 +++++++++++++++++++--------------------- 1 file changed, 19 insertions(+), 22 deletions(-) diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 71354a015..25ae2fe4b 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -1,38 +1,35 @@ { pkgs, ... }: -let - inherit (pkgs) callPackage; -in +with import ; { - nixpkgs.config.packageOverrides = rec { - acdcli = callPackage ./acdcli {}; + nixpkgs.config.packageOverrides = oldpkgs: let + + # This callPackage will try to detect obsolete overrides. + callPackage = path: args: let + override = pkgs.callPackage path args; + upstream = optionalAttrs (override ? "name") + (oldpkgs.${(parseDrvName override.name).name} or {}); + in if upstream ? "name" && + override ? "name" && + compareVersions upstream.name override.name != -1 + then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override + else override; + + in {} + // mapAttrs (_: flip callPackage {}) + (filterAttrs (_: dir: pathExists (dir + "/default.nix")) + (subdirsOf ./.)) + // { alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";}; alsa-hdspmixer = callPackage ./alsa-tools { alsaToolTarget="hdspmixer";}; alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";}; - awesomecfg = callPackage ./awesomecfg {}; - bintray-upload = callPackage ./bintray-upload {}; - debmirror = callPackage ./debmirror {}; inherit (callPackage ./devpi {}) devpi-web devpi-server devpi-client; - elchhub = callPackage ./elchhub {}; - f3 = callPackage ./f3 {}; - farpd = callPackage ./farpd {}; - git-xlsx-textconv = callPackage ./git-xlsx-textconv {}; - mergerfs = callPackage ./mergerfs {}; - mycube-flask = callPackage ./mycube-flask {}; nodemcu-uploader = callPackage ./nodemcu-uploader {}; - ps3netsrv = callPackage ./ps3netsrv {}; pwqgen-ger = callPackage ../../krebs/5pkgs/passwdqc-utils { wordset-file = pkgs.fetchurl { url = https://gist.githubusercontent.com/makefu/b56f5554c9ef03fe6e09878962e6fd8d/raw/1f147efec51325bc9f80c823bad8381d5b7252f6/wordset_4k.c ; sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb"; }; }; - qcma = pkgs.qt5.callPackage ./qcma {}; - tw-upload-plugin = callPackage ./tw-upload-plugin {}; - skytraq-logger = callPackage ./skytraq-logger {}; - taskserver = callPackage ./taskserver {}; - udpt = callPackage ./udpt {}; - wol = callPackage ./wol {}; - snapraid = callPackage ./snapraid {}; }; } From 87cd7cd9afc1f28927f3b605f1fe97047eeaf18c Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 1 Mar 2017 16:23:12 +0100 Subject: [PATCH 62/68] m 2 tools: update --- makefu/2configs/tools/all.nix | 5 +++-- makefu/2configs/tools/core-gui.nix | 1 - makefu/2configs/tools/core.nix | 5 +++++ makefu/2configs/tools/extra-gui.nix | 2 +- makefu/2configs/tools/games.nix | 7 +++++++ makefu/2configs/tools/media.nix | 8 ++++---- 6 files changed, 20 insertions(+), 8 deletions(-) create mode 100644 makefu/2configs/tools/games.nix diff --git a/makefu/2configs/tools/all.nix b/makefu/2configs/tools/all.nix index 09344d99d..e64e216e0 100644 --- a/makefu/2configs/tools/all.nix +++ b/makefu/2configs/tools/all.nix @@ -2,9 +2,10 @@ imports = [ ./core.nix ./core-gui.nix - ./extra-gui.nix ./dev.nix - ./sec.nix + ./extra-gui.nix + ./games.nix ./media.nix + ./sec.nix ]; } diff --git a/makefu/2configs/tools/core-gui.nix b/makefu/2configs/tools/core-gui.nix index 518a60eac..654e83baa 100644 --- a/makefu/2configs/tools/core-gui.nix +++ b/makefu/2configs/tools/core-gui.nix @@ -16,7 +16,6 @@ mirage tightvnc gnome3.dconf - vlc wireshark xdotool scrot diff --git a/makefu/2configs/tools/core.nix b/makefu/2configs/tools/core.nix index 56d60812e..86d72c662 100644 --- a/makefu/2configs/tools/core.nix +++ b/makefu/2configs/tools/core.nix @@ -9,12 +9,14 @@ at_spi2_core acpi bc + rsync exif file ntfs3g pv proot sshpass + populate usbutils p7zip hdparm @@ -30,7 +32,10 @@ wol tmux smartmontools + cifs-utils iftop + taskwarrior + mplayer cac-api cac-panel diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index 6b8a5af66..9cfacf408 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -7,6 +7,6 @@ skype virtmanager synergy - + saleae-logic ]; } diff --git a/makefu/2configs/tools/games.nix b/makefu/2configs/tools/games.nix new file mode 100644 index 000000000..34c686451 --- /dev/null +++ b/makefu/2configs/tools/games.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: + +{ + krebs.per-user.makefu.packages = with pkgs; [ + steam + ]; +} diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix index 67159a176..4fc3413e8 100644 --- a/makefu/2configs/tools/media.nix +++ b/makefu/2configs/tools/media.nix @@ -1,12 +1,12 @@ { pkgs, ... }: { - nixpkgs.config.firefox = { - enableAdobeFlash = true; - }; - krebs.per-user.makefu.packages = with pkgs; [ kodi streamripper + youtube-dl + calibre + vlc + mumble ]; } From e495e59af040ba517843c572c4884f1434eefccb Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 5 Mar 2017 16:59:34 +0100 Subject: [PATCH 63/68] m 2 default: suid for sendmail --- makefu/2configs/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 74d3635bd..bf70ebe08 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -159,7 +159,10 @@ with import ; auto-optimise-store = true ''; - security.wrappers.sendmail.source = "${pkgs.exim}/bin/sendmail"; + security.wrappers.sendmail = { + source = "${pkgs.exim}/bin/sendmail"; + setuid = true; + }; services.journald.extraConfig = '' SystemMaxUse=1G RuntimeMaxUse=128M From ef300aeb9e2c9230ce47ff306d4f5e4b684d69f1 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 1 Mar 2017 22:02:47 +0100 Subject: [PATCH 64/68] m 2 default: timesyncd replaced ntp in defaults --- makefu/2configs/default.nix | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index bf70ebe08..1ad7f0710 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -145,16 +145,13 @@ with import ; tinc = pkgs.tinc_pre; }; - services.cron.enable = false; - services.nscd.enable = false; - services.ntp.enable = false; - services.timesyncd.enable = true; - services.ntp.servers = [ + networking.timeServers = [ "pool.ntp.org" "time.windows.com" "time.apple.com" "time.nist.gov" ]; + nix.extraOptions = '' auto-optimise-store = true ''; From cb48e9371a337d23e1f3f09b5d024ee60451d9d2 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 1 Mar 2017 22:03:20 +0100 Subject: [PATCH 65/68] m 2 tools: xbacklight --- makefu/2configs/tools/core-gui.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/tools/core-gui.nix b/makefu/2configs/tools/core-gui.nix index 654e83baa..6d62e92c0 100644 --- a/makefu/2configs/tools/core-gui.nix +++ b/makefu/2configs/tools/core-gui.nix @@ -18,7 +18,7 @@ gnome3.dconf wireshark xdotool + xorg.xbacklight scrot - ]; } From ea303cfd559599463eab912277faed072ba82a0f Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 6 Mar 2017 12:45:56 +0100 Subject: [PATCH 66/68] tv q: respect terminal width when printing calenders --- tv/5pkgs/q/default.nix | 38 +++++++++++++++++++++++++++++--------- 1 file changed, 29 insertions(+), 9 deletions(-) diff --git a/tv/5pkgs/q/default.nix b/tv/5pkgs/q/default.nix index a3a7cd739..2e7aa5cf2 100644 --- a/tv/5pkgs/q/default.nix +++ b/tv/5pkgs/q/default.nix @@ -1,7 +1,19 @@ { pkgs, ... }: +with import ; let q-cal = let - # XXX 23 is the longest line of cal's output + + # Maximum width of cal's output. + calwidth = 23; + + # Number of space characters between two calendars. + hspace = 2; + + # Return number of columns required to print n calenders side by side. + need_width = n: + assert n >= 1; + n * calwidth + (n - 1) * hspace; + pad = ''{ ${pkgs.gnused}/bin/sed ' # rtrim @@ -10,7 +22,7 @@ let # delete last empty line ''${/^$/d} ' \ - | ${pkgs.gawk}/bin/awk '{printf "%-23s\n", $0}' \ + | ${pkgs.gawk}/bin/awk '{printf "%-${toString calwidth}s\n", $0}' \ | ${pkgs.gnused}/bin/sed ' # colorize header 1,2s/.*/&/ @@ -20,23 +32,31 @@ let ' }''; in '' + cols=$(${pkgs.ncurses}/bin/tput cols) ${pkgs.coreutils}/bin/paste \ - <(${pkgs.utillinux}/bin/cal -mw \ + <(if test $cols -ge ${toString (need_width 3)}; then + ${pkgs.utillinux}/bin/cal -mw \ $(${pkgs.coreutils}/bin/date +'%m %Y' -d 'last month') \ | ${pad} - ) \ - <(${pkgs.utillinux}/bin/cal -mw \ + fi) \ + <(if test $cols -ge ${toString (need_width 1)}; then + ${pkgs.utillinux}/bin/cal -mw \ | ${pkgs.gnused}/bin/sed ' # colorize day of month s/\(^\| \)'"$(${pkgs.coreutils}/bin/date +%e)"'\>/&/ ' \ | ${pad} - ) \ - <(${pkgs.utillinux}/bin/cal -mw \ + fi) \ + <(if test $cols -ge ${toString (need_width 2)}; then + ${pkgs.utillinux}/bin/cal -mw \ $(${pkgs.coreutils}/bin/date +'%m %Y' -d 'next month') \ | ${pad} - ) \ - | ${pkgs.gnused}/bin/sed 's/\t/ /g' + fi) \ + | ${pkgs.gnused}/bin/sed ' + s/^\t// + s/\t$// + s/\t/${lpad hspace " " ""}/g + ' ''; q-isodate = '' From 0953240b832117aef4d2ee3cc9cb1ff0e606242e Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 6 Mar 2017 13:11:21 +0100 Subject: [PATCH 67/68] tv pulse: talk about hijacking audio devices --- tv/2configs/pulse.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tv/2configs/pulse.nix b/tv/2configs/pulse.nix index 2a3b5cbc1..418551213 100644 --- a/tv/2configs/pulse.nix +++ b/tv/2configs/pulse.nix @@ -76,6 +76,9 @@ in }; }; + # TODO assert that pulse is the only user with "audio" in group/extraGroups + # otherwise the audio device can be hijacked while the pulse service restarts + # (e.g. when mpv is running) and then the service will fail. users = { groups.pulse.gid = config.users.users.pulse.uid; users.pulse = { From c05db2409061f721ba454f4bf79e635ee13a6f11 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 7 Mar 2017 15:32:31 +0100 Subject: [PATCH 68/68] Revert "cd: hart eingeCACt" This reverts commit 3607bd0832d0f47a4bf56cae7e4cb14f6e257bc9. --- krebs/3modules/tv/default.nix | 2 +- tv/1systems/cd.nix | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 1220143a7..d44c322aa 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -85,7 +85,7 @@ with import ; }; nets = { internet = { - ip4.addr = "64.137.177.226"; + ip4.addr = "45.62.237.203"; aliases = [ "cd.i" "cd.krebsco.de" diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix index b718d19b8..108006f34 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd.nix @@ -16,11 +16,11 @@ with import ; networking = { interfaces.enp2s1.ip4 = singleton { address = let - addr = "64.137.177.226"; + addr = "45.62.237.203"; in assert config.krebs.build.host.nets.internet.ip4.addr == addr; addr; prefixLength = 24; }; - defaultGateway = "64.137.177.1"; + defaultGateway = "45.62.237.1"; nameservers = ["8.8.8.8"]; };