From 82fecfe30e6e6e74eb144bd943235d3901b641e9 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 15 Aug 2017 14:43:35 +0200 Subject: [PATCH 01/24] ma source: bump to 9d4bd6b --- makefu/source.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/makefu/source.nix b/makefu/source.nix index 0c74585b2..31243c2fd 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -11,7 +11,10 @@ let then "buildbot" else "makefu"; _file = + "/makefu/1systems/${name}/source.nix"; - ref = "1e47827"; # unstable @ 2017-07-31 + graceful requests2 (a772c3aa) + libpurple bitlbee ( ce6fe1a, 65e38b7 ) + ref = "9d4bd6b"; # unstable @ 2017-07-31 + # + graceful requests2 (a772c3aa) + # + libpurple bitlbee ( ce6fe1a, 65e38b7 ) + # + buildbot-runner ( f3cecc5 ) in evalSource (toString _file) [ From 34c654b7149702a2fff64d36fe7bedb0f09e74d6 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Aug 2017 08:42:57 +0200 Subject: [PATCH 02/24] ma gitlab-runner-shackspace: init --- .../2configs/git/gitlab-runner-shackspace.nix | 32 +++++++++++++++++++ .../secrets/shackspace-gitlab-ci-token.nix | 1 + 2 files changed, 33 insertions(+) create mode 100644 makefu/2configs/git/gitlab-runner-shackspace.nix create mode 100644 makefu/6tests/data/secrets/shackspace-gitlab-ci-token.nix diff --git a/makefu/2configs/git/gitlab-runner-shackspace.nix b/makefu/2configs/git/gitlab-runner-shackspace.nix new file mode 100644 index 000000000..a5a1247ba --- /dev/null +++ b/makefu/2configs/git/gitlab-runner-shackspace.nix @@ -0,0 +1,32 @@ +{ config, ... }: +let + url = "https://git.shackspace.de/"; + # generate token from CI-token via: + ## gitlab-runner register + token = import ; +in { + virtualisation.docker.enable = true; + services.gitlab-runner = { + enable = true; + gracefulTimeout = "120min"; + # configFile = "/var/src/secrets/runner.toml"; + configOptions = { + concurrent = 2; + runners = [{ + name = "nix-krebs-1.11"; + inherit token url; + executor = "docker"; + builds_dir = ""; + docker = { + host = ""; + image = "nixos/nix:1.11"; + privileged = false; + disable_cache = false; + volumes = ["/cache"]; + shm_size = 0; + }; + cache = {}; + }]; + }; + }; +} diff --git a/makefu/6tests/data/secrets/shackspace-gitlab-ci-token.nix b/makefu/6tests/data/secrets/shackspace-gitlab-ci-token.nix new file mode 100644 index 000000000..963e6db8b --- /dev/null +++ b/makefu/6tests/data/secrets/shackspace-gitlab-ci-token.nix @@ -0,0 +1 @@ +"lol" From ab219696a6c8d02ecb75baa7f0f590ce4964b06b Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Aug 2017 08:43:28 +0200 Subject: [PATCH 03/24] ma gitlab: init --- makefu/2configs/deployment/gitlab.nix | 39 +++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 makefu/2configs/deployment/gitlab.nix diff --git a/makefu/2configs/deployment/gitlab.nix b/makefu/2configs/deployment/gitlab.nix new file mode 100644 index 000000000..d61f50c1d --- /dev/null +++ b/makefu/2configs/deployment/gitlab.nix @@ -0,0 +1,39 @@ +{ lib, config, ... }: +let + web-port = 19453; + hostn = "gitlab.makefu.r"; + internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; +in { + + services.gitlab = { + enable = true; + https = false; + port = web-port; + secrets = import ; + databasePassword = import ; + initialRootEmail = "makefu@x.r"; + initialRootPassword = import ; + host = hostn; + smtp = { + enable = true; + domain = "r"; + enableStartTLSAuto = false; + port = 25; + }; + }; + + services.nginx = { + enable = lib.mkDefault true; + virtualHosts."${hostn}".locations."/" = { + proxyPass = "http://localhost:${toString web-port}/"; + extraConfig = '' + if ( $server_addr != "${internal-ip}" ) { + return 403; + } + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + ''; + }; + }; +} From f390dcb8b5169ca77131e9398cae50d46023a979 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Aug 2017 08:44:57 +0200 Subject: [PATCH 04/24] ma tools: add gitFull --- makefu/2configs/tools/extra-gui.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index 1e68e935c..b2d616764 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -13,5 +13,6 @@ # Dev saleae-logic arduino-user-env + gitAndTools.gitFull ]; } From 68ee2d5c674fe3930dd8e93fc2ad0c0d1f1a97db Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Aug 2017 08:46:48 +0200 Subject: [PATCH 05/24] ma nsupdate-data: init --- makefu/2configs/nsupdate-data.nix | 55 ++++++++++++++++++++ makefu/6tests/data/secrets/nsupdate-data.nix | 1 + 2 files changed, 56 insertions(+) create mode 100644 makefu/2configs/nsupdate-data.nix create mode 100644 makefu/6tests/data/secrets/nsupdate-data.nix diff --git a/makefu/2configs/nsupdate-data.nix b/makefu/2configs/nsupdate-data.nix new file mode 100644 index 000000000..cfa6193c6 --- /dev/null +++ b/makefu/2configs/nsupdate-data.nix @@ -0,0 +1,55 @@ +{ config, lib, pkgs, ... }: + +# search also generates ddclient entries for all other logs + +with import ; +let + #primary-itf = "eth0"; + #primary-itf = "wlp2s0"; + primary-itf = config.makefu.server.primary-itf; + ddclientUser = "ddclient"; + sec = toString ; + nsupdate = import "${sec}/nsupdate-data.nix"; + stateDir = "/var/spool/ddclient"; + cfg = "${stateDir}/cfg"; + ddclientPIDFile = "${stateDir}/ddclient.pid"; + + # TODO: correct cert generation requires a `real` internet ip address + + gen-cfg = dict: '' + ssl=yes + cache=${stateDir}/ddclient.cache + pid=${ddclientPIDFile} + ${concatStringsSep "\n" (mapAttrsToList (user: pass: '' + + use=if, if=${primary-itf} protocol=dyndns2, server=ipv4.nsupdate.info, login=${user}, password='${pass}' ${user} + usev6=if, if=${primary-itf} protocol=dyndns2, server=ipv6.nsupdate.info, login=${user}, password='${pass}' ${user} + '') dict)} + ''; + +in { + users.extraUsers = singleton { + name = ddclientUser; + uid = genid "ddclient"; + description = "ddclient daemon user"; + home = stateDir; + createHome = true; + }; + + systemd.services = { + ddclient-nsupdate-elchos = { + wantedBy = [ "multi-user.target" ]; + after = [ "ip-up.target" ]; + serviceConfig = { + Type = "forking"; + User = ddclientUser; + PIDFile = ddclientPIDFile; + ExecStartPre = pkgs.writeDash "init-nsupdate" '' + cp -vf ${pkgs.writeText "ddclient-config" (gen-cfg nsupdate)} ${cfg} + chmod 700 ${cfg} + ''; + ExecStart = "${pkgs.ddclient}/bin/ddclient -verbose -daemon 1 -noquiet -file ${cfg}"; + }; + }; + }; +} diff --git a/makefu/6tests/data/secrets/nsupdate-data.nix b/makefu/6tests/data/secrets/nsupdate-data.nix new file mode 100644 index 000000000..e76c0e87e --- /dev/null +++ b/makefu/6tests/data/secrets/nsupdate-data.nix @@ -0,0 +1 @@ +{ "lol" = "wut"; } From 1342a5ab5dad9553e20016e91aa8c641629ecf82 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Aug 2017 08:47:19 +0200 Subject: [PATCH 06/24] ma lanparty: add samba --- makefu/2configs/lanparty/samba.nix | 31 ++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 makefu/2configs/lanparty/samba.nix diff --git a/makefu/2configs/lanparty/samba.nix b/makefu/2configs/lanparty/samba.nix new file mode 100644 index 000000000..de834ab16 --- /dev/null +++ b/makefu/2configs/lanparty/samba.nix @@ -0,0 +1,31 @@ +{config, ... }:{ + networking.firewall.allowedUDPPorts = [ 137 138 ]; + networking.firewall.allowedTCPPorts = [ 139 445 ]; + users.users.smbguest = { + name = "smbguest"; + uid = config.ids.uids.smbguest; + description = "smb guest user"; + home = "/data/lanparty"; + createHome = true; + }; + services.samba = { + enable = true; + shares = { + share-home = { + path = "/data/lanparty/"; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; + extraConfig = '' + guest account = smbguest + map to guest = bad user + # disable printing + load printers = no + printing = bsd + printcap name = /dev/null + disable spoolss = yes + ''; + }; +} From 5b35e728d1da88900147639f7203df1b589b69e5 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Aug 2017 08:48:13 +0200 Subject: [PATCH 07/24] ma pkgs.cmpforopenssl: init --- makefu/5pkgs/cmpforopenssl/default.nix | 82 +++++++++++++++++++ .../cmpforopenssl/nix-ssl-cert-file.patch | 14 ++++ 2 files changed, 96 insertions(+) create mode 100644 makefu/5pkgs/cmpforopenssl/default.nix create mode 100644 makefu/5pkgs/cmpforopenssl/nix-ssl-cert-file.patch diff --git a/makefu/5pkgs/cmpforopenssl/default.nix b/makefu/5pkgs/cmpforopenssl/default.nix new file mode 100644 index 000000000..3b9a20098 --- /dev/null +++ b/makefu/5pkgs/cmpforopenssl/default.nix @@ -0,0 +1,82 @@ +{ stdenv, fetchurl, buildPackages, perl, fetchgit +, hostPlatform +}: + +with stdenv.lib; + +let + + common = args@{ rev, sha256, patches ? [] }: stdenv.mkDerivation rec { + name = "cmpforopenssl-${rev}"; + + src = fetchgit { + url = "https://git.code.sf.net/p/cmpforopenssl/git"; + inherit sha256 rev; + fetchSubmodules = false; + deepClone = false; + }; + + patches = + (args.patches or []) + ++ [ ./nix-ssl-cert-file.patch ]; + + outputs = [ "bin" "dev" "out" "man" ]; + setOutputFlags = false; + separateDebugInfo = stdenv.isLinux; + + nativeBuildInputs = [ perl ]; + + configureScript = "./config"; + + configureFlags = [ + "shared" + "--libdir=lib" + "--openssldir=etc/ssl" + ] ; + + makeFlags = [ "MANDIR=$(man)/share/man" ]; + + # Parallel building is broken in OpenSSL. + enableParallelBuilding = false; + + postInstall = '' + # If we're building dynamic libraries, then don't install static + # libraries. + if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib $out/lib/*.dll)" ]; then + rm "$out/lib/"*.a + fi + + mkdir -p $bin + mv $out/bin $bin/ + + mkdir $dev + mv $out/include $dev/ + + # remove dependency on Perl at runtime + rm -r $out/etc/ssl/misc + + rmdir $out/etc/ssl/{certs,private} + ''; + + postFixup = '' + # Check to make sure the main output doesn't depend on perl + if grep -r '${buildPackages.perl}' $out; then + echo "Found an erroneous dependency on perl ^^^" >&2 + exit 1 + fi + ''; + + + meta = { + homepage = https://sourceforge.net/p/cmpforopenssl ; + description = "A cryptographic library that implements the SSL and TLS protocols"; + platforms = stdenv.lib.platforms.all; + maintainers = [ stdenv.lib.maintainers.makefu ]; + priority = 0; # resolves collision with ‘man-pages’ + }; + }; + +in common { + rev = "462b3"; + sha256 = "1h2k1c4lg27gmsyd72zrlr303jw765x8sscxblq2jwb44jag85na"; + } diff --git a/makefu/5pkgs/cmpforopenssl/nix-ssl-cert-file.patch b/makefu/5pkgs/cmpforopenssl/nix-ssl-cert-file.patch new file mode 100644 index 000000000..b615f1482 --- /dev/null +++ b/makefu/5pkgs/cmpforopenssl/nix-ssl-cert-file.patch @@ -0,0 +1,14 @@ +diff -ru -x '*~' openssl-1.0.2j-orig/crypto/x509/by_file.c openssl-1.0.2j/crypto/x509/by_file.c +--- openssl-1.0.2j-orig/crypto/x509/by_file.c 2016-09-26 11:49:07.000000000 +0200 ++++ openssl-1.0.2j/crypto/x509/by_file.c 2016-10-13 16:54:31.400288302 +0200 +@@ -97,7 +97,9 @@ + switch (cmd) { + case X509_L_FILE_LOAD: + if (argl == X509_FILETYPE_DEFAULT) { +- file = (char *)getenv(X509_get_default_cert_file_env()); ++ file = (char *)getenv("NIX_SSL_CERT_FILE"); ++ if (!file) ++ file = (char *)getenv(X509_get_default_cert_file_env()); + if (file) + ok = (X509_load_cert_crl_file(ctx, file, + X509_FILETYPE_PEM) != 0); From 8f14ff2f54167c8505de82f65d640a1bb0018f17 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Aug 2017 11:49:17 +0200 Subject: [PATCH 08/24] ma darth: init full-disk-encryption --- makefu/1systems/darth/config.nix | 95 ++++++++++++++++++-------------- 1 file changed, 55 insertions(+), 40 deletions(-) diff --git a/makefu/1systems/darth/config.nix b/makefu/1systems/darth/config.nix index 9dbe67429..7accb13d3 100644 --- a/makefu/1systems/darth/config.nix +++ b/makefu/1systems/darth/config.nix @@ -3,44 +3,62 @@ with import ; let byid = dev: "/dev/disk/by-id/" + dev; - rootDisk = byid "ata-ADATA_SSD_S599_64GB_10460000000000000039"; - auxDisk = byid "ata-HGST_HTS721010A9E630_JR10006PH3A02F"; - dataPartition = auxDisk + "-part1"; + rootDisk = byid "ata-INTEL_SSDSC2BW480H6_CVTR53120385480EGN"; + bootPart = rootDisk + "-part1"; + rootPart = rootDisk + "-part2"; allDisks = [ rootDisk ]; # auxDisk in { imports = [ - + + - + # - - ]; - services.samba.shares = { - isos = { - path = "/data/isos/"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - }; - services.tinc.networks.siem = { - name = "sdarth"; - extraConfig = "ConnectTo = sjump"; - }; + + + + + # SIEM + # + # {services.tinc.networks.siem = { + # name = "sdarth"; + # extraConfig = "ConnectTo = sjump"; + # }; + # } + + # { + # makefu.forward-journal = { + # enable = true; + # src = "10.8.10.2"; + # dst = "10.8.10.6"; + # }; + # } + + ## Sharing + # + #{ + # services.samba.shares = { + # isos = { + # path = "/data/isos/"; + # "read only" = "yes"; + # browseable = "yes"; + # "guest ok" = "yes"; + # }; + # }; + #} + + ]; + - makefu.forward-journal = { - enable = true; - src = "10.8.10.2"; - dst = "10.8.10.6"; - }; #networking.firewall.enable = false; - + makefu.server.primary-itf = "enp0s25"; + krebs.hidden-ssh.enable = true; boot.kernelModules = [ "coretemp" "f71882fg" ]; hardware.enableAllFirmware = true; nixpkgs.config.allowUnfree = true; @@ -49,31 +67,28 @@ in { firewall = { allowPing = true; logRefusedConnections = false; - trustedInterfaces = [ "eno1" ]; + # trustedInterfaces = [ "eno1" ]; allowedUDPPorts = [ 80 655 1655 67 ]; allowedTCPPorts = [ 80 655 1655 ]; }; # fallback connection to the internal virtual network - interfaces.virbr3.ip4 = [{ - address = "10.8.8.2"; - prefixLength = 24; - }]; + # interfaces.virbr3.ip4 = [{ + # address = "10.8.8.2"; + # prefixLength = 24; + # }]; }; # TODO smartd omo darth gum all-in-one services.smartd.devices = builtins.map (x: { device = x; }) allDisks; - zramSwap.enable = true; - - #fileSystems."/data" = { - # device = dataPartition; - # fsType = "ext4"; - #}; boot.loader.grub.device = rootDisk; - - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.makefu-omo.pubkey - config.krebs.users.makefu-vbob.pubkey + boot.initrd.luks.devices = [ + { name = "luksroot"; + device = rootPart; + allowDiscards = true; + keyFileSize = 4096; + keyFile = "/dev/sdb"; + } ]; krebs.build.host = config.krebs.hosts.darth; From 06a65dd592a62663b15547796b6f11fddb205b31 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Aug 2017 12:03:32 +0200 Subject: [PATCH 09/24] ma 5pkgs: cleanup --- .../5pkgs/{ => custom}/alsa-tools/default.nix | 0 makefu/5pkgs/custom/default.nix | 3 ++ makefu/5pkgs/{ => custom}/qcma/default.nix | 5 +- makefu/5pkgs/default.nix | 11 ++-- makefu/5pkgs/dionaea/default.nix | 50 +++++++++++++++++++ makefu/5pkgs/farpd/default.nix | 2 +- makefu/5pkgs/libopencm3/default.nix | 30 +++++++++++ makefu/5pkgs/logstash-output-exec/default.nix | 32 ++++++++++++ makefu/5pkgs/mcomix/default.nix | 20 ++++++++ makefu/5pkgs/minibar/default.nix | 12 +++++ makefu/5pkgs/nltk/default.nix | 17 +++++++ makefu/5pkgs/novnc/default.nix | 1 - makefu/5pkgs/programs-db/default.nix | 12 +++++ 13 files changed, 186 insertions(+), 9 deletions(-) rename makefu/5pkgs/{ => custom}/alsa-tools/default.nix (100%) create mode 100644 makefu/5pkgs/custom/default.nix rename makefu/5pkgs/{ => custom}/qcma/default.nix (94%) create mode 100644 makefu/5pkgs/dionaea/default.nix create mode 100644 makefu/5pkgs/libopencm3/default.nix create mode 100644 makefu/5pkgs/logstash-output-exec/default.nix create mode 100644 makefu/5pkgs/mcomix/default.nix create mode 100644 makefu/5pkgs/minibar/default.nix create mode 100644 makefu/5pkgs/nltk/default.nix create mode 100644 makefu/5pkgs/programs-db/default.nix diff --git a/makefu/5pkgs/alsa-tools/default.nix b/makefu/5pkgs/custom/alsa-tools/default.nix similarity index 100% rename from makefu/5pkgs/alsa-tools/default.nix rename to makefu/5pkgs/custom/alsa-tools/default.nix diff --git a/makefu/5pkgs/custom/default.nix b/makefu/5pkgs/custom/default.nix new file mode 100644 index 000000000..626938cdc --- /dev/null +++ b/makefu/5pkgs/custom/default.nix @@ -0,0 +1,3 @@ +{}: +{ +} diff --git a/makefu/5pkgs/qcma/default.nix b/makefu/5pkgs/custom/qcma/default.nix similarity index 94% rename from makefu/5pkgs/qcma/default.nix rename to makefu/5pkgs/custom/qcma/default.nix index 6eb1a971d..d67cda142 100644 --- a/makefu/5pkgs/qcma/default.nix +++ b/makefu/5pkgs/custom/qcma/default.nix @@ -1,5 +1,5 @@ { lib, stdenv, fetchFromGitHub, fetchgit, libusb, libtool, autoconf, pkgconfig, git, -gettext, automake, libxml2 , qmakeHook, makeQtWrapper, +gettext, automake, libxml2 , qmake, qtbase, qttools, qtmultimedia, libnotify, ffmpeg, gdk_pixbuf }: let libvitamtp = stdenv.mkDerivation rec { @@ -52,13 +52,14 @@ in stdenv.mkDerivation rec { enableParallelBuilding = true; buildInputs = [ gdk_pixbuf ffmpeg libnotify libvitamtp git qtmultimedia qtbase ]; - nativeBuildInputs = [ qmakeHook qttools pkgconfig makeQtWrapper ]; + nativeBuildInputs = [ qmake qttools pkgconfig ]; meta = { description = "Content Manager Assistant for the PS Vita"; homepage = https://github.com/codestation/qcma; license = stdenv.lib.licenses.gpl2; platforms = stdenv.lib.platforms.linux; + broken = true; maintainers = with stdenv.lib.maintainers; [ makefu ]; }; } diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index bb776ef25..6070fc096 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -20,13 +20,14 @@ self: super: let (filterAttrs (_: eq "directory") (readDir path)); in { - alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";}; - alsa-hdspmixer = callPackage ./alsa-tools { alsaToolTarget="hdspmixer";}; - alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";}; + alsa-hdspconf = callPackage ./custom/alsa-tools { alsaToolTarget="hdspconf";}; + alsa-hdspmixer = callPackage ./custom/alsa-tools { alsaToolTarget="hdspmixer";}; + alsa-hdsploader = callPackage ./custom/alsa-tools { alsaToolTarget="hdsploader";}; + qcma = super.pkgs.libsForQt5.callPackage ./custom/qcma { }; inherit (callPackage ./devpi {}) devpi-web devpi-server devpi-client; - nodemcu-uploader = callPackage ./nodemcu-uploader {}; + nodemcu-uploader = super.pkgs.callPackage ./nodemcu-uploader {}; pwqgen-ger = callPackage { - wordset-file = pkgs.fetchurl { + wordset-file = super.pkgs.fetchurl { url = https://gist.githubusercontent.com/makefu/b56f5554c9ef03fe6e09878962e6fd8d/raw/1f147efec51325bc9f80c823bad8381d5b7252f6/wordset_4k.c ; sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb"; }; diff --git a/makefu/5pkgs/dionaea/default.nix b/makefu/5pkgs/dionaea/default.nix new file mode 100644 index 000000000..fef197c20 --- /dev/null +++ b/makefu/5pkgs/dionaea/default.nix @@ -0,0 +1,50 @@ +{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub, + libpcap, libdnet, libevent, readline, autoconf, automake, libtool, zlib, pcre, + libev, + ... }: +let + liblcfg = stdenv.mkDerivation rec { + name = "liblcfg-${version}"; + version = "750bc90"; + src = fetchFromGitHub { + owner = "ThomasAdam"; + repo = "liblcfg"; + rev = version; + sha256 = "1k3r47p81paw5802jklx9xqbjrxr26pahipxn9nq3177qhxxibkr"; + }; + buildInputs = with pkgs;[ autoconf automake ]; + preConfigure = ''autoreconf -fi''; + sourceRoot = "${name}-src/code"; + }; +in stdenv.mkDerivation rec { + name = "liblcfg-${version}"; + + #version = "1.5c"; #original, does not compile due to libc errors + #src = fetchurl { + # url = "http://www.honeyd.org/uploads/honeyd-${version}.tar.gz"; + # sha256 = "0vcih16fk5pir5ssfil8x79nvi62faw0xvk8s5klnysv111db1ii"; + #}; + + #version = "64d087c"; # honeyd-1.6.7 + # sha256 = "0zhnn13r24y1q494xcfx64vyp84zqk8qmsl41fq2674230bn0p31"; + + version = "6756787f94c4f1ac53d1e5545d052774a0446c04"; + src = fetchFromGitHub { + owner = "rep"; + repo = "dionaea"; + rev = version; + sha256 = "04zjr9b7x0rqwzgb9gfxq6pclb817gz4qaghdl8xa79bqf9vv2p7"; + }; + + buildInputs = with pkgs;[ libtool automake autoconf ]; + configureFlags = [ + "--with-liblcfg=${liblcfg}" + "--with-libpcap=${libpcap}" + ]; + + meta = { + homepage = http://www.honeyd.org/; + description = "virtual Honeypots"; + license = lib.licenses.gpl2; + }; +} diff --git a/makefu/5pkgs/farpd/default.nix b/makefu/5pkgs/farpd/default.nix index d16400016..8dfcee90c 100644 --- a/makefu/5pkgs/farpd/default.nix +++ b/makefu/5pkgs/farpd/default.nix @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { zlib coreutils python - pythonPackages.sqlite3 + pythonPackages.pysqlite ]; patches = [ ( fetchurl { diff --git a/makefu/5pkgs/libopencm3/default.nix b/makefu/5pkgs/libopencm3/default.nix new file mode 100644 index 000000000..ed35fc639 --- /dev/null +++ b/makefu/5pkgs/libopencm3/default.nix @@ -0,0 +1,30 @@ +{ lib, stdenv, fetchFromGitHub, gcc-arm-embedded, python }: +stdenv.mkDerivation rec { + name = "libopencm-${version}"; + version = "2017-04-01"; + + src = fetchFromGitHub { + owner = "libopencm3"; + repo = "libopencm3"; + rev = "383fafc862c0d47f30965f00409d03a328049278"; + sha256 = "0ar67icxl39cf7yb5glx3zd5413vcs7zp1jq0gzv1napvmrv3jv9"; + }; + + buildInputs = [ gcc-arm-embedded python ]; + buildPhase = '' + sed -i 's#/usr/bin/env python#${python}/bin/python#' ./scripts/irq2nvic_h + make + ''; + installPhase = '' + mkdir -p $out + cp -r lib $out/ + ''; + + meta = { + description = "Open Source ARM cortex m microcontroller library"; + homepage = https://github.com/libopencm3/libopencm3; + license = stdenv.lib.licenses.gpl2; + platforms = stdenv.lib.platforms.linux; + maintainers = with stdenv.lib.maintainers; [ makefu ]; + }; +} diff --git a/makefu/5pkgs/logstash-output-exec/default.nix b/makefu/5pkgs/logstash-output-exec/default.nix new file mode 100644 index 000000000..d1de851c7 --- /dev/null +++ b/makefu/5pkgs/logstash-output-exec/default.nix @@ -0,0 +1,32 @@ +{ pkgs, stdenv, lib, fetchFromGitHub }: + + +# TODO: requires ftw ruby package +stdenv.mkDerivation rec { + name = "logstash-input-github-${version}"; + version = "3.1.0"; + + src = fetchFromGitHub { + owner = "logstash-plugins"; + repo = "logstash-output-exec"; + rev = "v${version}"; + sha256 = "0ix5w9l6hrbjaymkh7fzymjvpkiias3hs0l77zdpcwdaa6cz53nf"; + }; + + dontBuild = true; + dontPatchELF = true; + dontStrip = true; + dontPatchShebangs = true; + installPhase = '' + mkdir -p $out/logstash + cp -r lib/* $out + ''; + + meta = with lib; { + description = "logstash output plugin"; + homepage = https://github.com/logstash-plugins/logstash-output-exec; + license = stdenv.lib.licenses.asl20; + platforms = stdenv.lib.platforms.unix; + maintainers = with maintainers; [ makefu ]; + }; +} diff --git a/makefu/5pkgs/mcomix/default.nix b/makefu/5pkgs/mcomix/default.nix new file mode 100644 index 000000000..a12e2e821 --- /dev/null +++ b/makefu/5pkgs/mcomix/default.nix @@ -0,0 +1,20 @@ +{ pkgs, lib ,python2Packages, fetchurl, gtk3}: +python2Packages.buildPythonPackage rec { + name = "mcomix-${version}"; + version = "1.2.1"; + + src = fetchurl { + url = "mirror://sourceforge/mcomix/${name}.tar.bz2"; + sha256 = "0fzsf9pklhfs1rzwzj64c0v30b74nk94p93h371rpg45qnfiahvy"; + }; + + propagatedBuildInputs = with python2Packages; + [ python2Packages.pygtk gtk3 python2Packages.pillow ]; + + meta = { + homepage = https://github.com/pyload/pyload; + description = "Free and Open Source download manager written in Python"; + license = lib.licenses.gpl3; + maintainers = with lib.maintainers; [ makefu ]; + }; +} diff --git a/makefu/5pkgs/minibar/default.nix b/makefu/5pkgs/minibar/default.nix new file mode 100644 index 000000000..384a73261 --- /dev/null +++ b/makefu/5pkgs/minibar/default.nix @@ -0,0 +1,12 @@ +{ lib, pkgs, fetchFromGitHub, ... }: + +with pkgs.python3Packages;buildPythonPackage rec { + name = "minibar-${version}"; + version = "0.5.0"; + src = fetchFromGitHub { + owner = "canassa"; + repo = "minibar"; + rev = "c8ecd61"; + sha256 = "1k718zrjd11rw93nmz2wxvhvsai6lwqfblnwjpmkpnslcdan7641"; + }; +} diff --git a/makefu/5pkgs/nltk/default.nix b/makefu/5pkgs/nltk/default.nix new file mode 100644 index 000000000..b2d88b3fe --- /dev/null +++ b/makefu/5pkgs/nltk/default.nix @@ -0,0 +1,17 @@ +{ lib, pkgs, fetchFromGitHub, ... }: + +with pkgs.pythonPackages;buildPythonPackage rec { + name = "nltk-${version}"; + version = "3.2.1"; + src = pkgs.fetchurl{ + #url = "mirror://pypi/n/${name}.tar.gz"; + url = "https://pypi.python.org/packages/58/85/8fa6f8c488507aab7d6234ce754bbbe61bfeb8382489785e2d764bf8f52a/${name}.tar.gz"; + sha256 = "0skxbhnymwlspjkzga0f7x1hg3y50fwpfghs8g8k7fh6f4nknlym"; + + }; + meta = { + homepage = http://nltk.org; + description = "Natural languages Toolkit"; + license = lib.licenses.asl20; + }; +} diff --git a/makefu/5pkgs/novnc/default.nix b/makefu/5pkgs/novnc/default.nix index b1d62248d..7da8e9be1 100644 --- a/makefu/5pkgs/novnc/default.nix +++ b/makefu/5pkgs/novnc/default.nix @@ -13,7 +13,6 @@ stdenv.mkDerivation rec { }; p = stdenv.lib.makeBinPath [ pkgs.nettools pkgs.python27Packages.websockify pkgs.coreutils pkgs.which pkgs.procps ]; - # TODO: propagatedBuildInputs does not seem to work with shell scripts patchPhase = '' sed -i '1aset -efu\nexport PATH=${p}\n' utils/launch.sh ''; diff --git a/makefu/5pkgs/programs-db/default.nix b/makefu/5pkgs/programs-db/default.nix new file mode 100644 index 000000000..f40b1b96e --- /dev/null +++ b/makefu/5pkgs/programs-db/default.nix @@ -0,0 +1,12 @@ +{ stdenv }: + +stdenv.mkDerivation rec { + name = "programs-db"; + src = builtins.fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz ; + + phases = [ "unpackPhase" "installPhase" ]; + installPhase = '' + cp programs.sqlite $out + ''; + +} From f6d6bae25138349247946fea2bda167a368e4780 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Aug 2017 12:18:42 +0200 Subject: [PATCH 10/24] ma tools/dev: add gi --- makefu/2configs/tools/dev.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index 42006eb22..6681484fd 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -1,9 +1,10 @@ { pkgs, ... }: { - krebs.per-user.makefu.packages = with pkgs;[ + users.users.makefu.packages = with pkgs;[ python35Packages.virtualenv # embedded + gi flashrom mosquitto libcoap From d994a3ec26a20020dd470667ab87e4ded93afd68 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Aug 2017 12:18:06 +0200 Subject: [PATCH 11/24] ma hw/tp-x230: enable rngd again this works for the vanilla firmware but not on coreboot --- makefu/2configs/hw/tp-x230.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/hw/tp-x230.nix b/makefu/2configs/hw/tp-x230.nix index c705b52a7..14572b35c 100644 --- a/makefu/2configs/hw/tp-x230.nix +++ b/makefu/2configs/hw/tp-x230.nix @@ -33,8 +33,8 @@ with import ; Option "Backlight" "intel_backlight" ''; }; - # no entropy source working - # security.rngd.enable = true; + + security.rngd.enable = true; services.xserver.displayManager.sessionCommands ='' xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1 From b4d1a357c4e7df2f40a695bdab269115b4887870 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Aug 2017 12:17:19 +0200 Subject: [PATCH 12/24] ma share/gum: fix download user --- makefu/2configs/share/gum.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/share/gum.nix b/makefu/2configs/share/gum.nix index e578f43d3..f5942a0f7 100644 --- a/makefu/2configs/share/gum.nix +++ b/makefu/2configs/share/gum.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let hostname = config.krebs.build.host.name; in { @@ -11,7 +11,7 @@ in { # home = "/var/empty"; # }; - users.users.download = { }; + users.users.download.uid = genid "download"; services.samba = { enable = true; shares = { From 512869d4e3257a06115c09b67538cebf543c6c52 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Aug 2017 12:16:59 +0200 Subject: [PATCH 13/24] ma anon-ftp: replace ftpdir --- makefu/2configs/share/anon-ftp.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/share/anon-ftp.nix b/makefu/2configs/share/anon-ftp.nix index 471f22cba..d2a535f97 100644 --- a/makefu/2configs/share/anon-ftp.nix +++ b/makefu/2configs/share/anon-ftp.nix @@ -1,6 +1,6 @@ { config, lib, ... }: let - ftpdir = "/home/ftp"; + ftpdir = "/data"; in { networking.firewall = { allowedTCPPorts = [ 20 21 ]; From 94bec25995287c4eee65924c3e6794b6333aeca6 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Aug 2017 12:16:39 +0200 Subject: [PATCH 14/24] ma sda-crypto-root: add notes for formatting the harddrive --- makefu/2configs/fs/sda-crypto-root.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/makefu/2configs/fs/sda-crypto-root.nix b/makefu/2configs/fs/sda-crypto-root.nix index cfa703aaf..55cfd74f5 100644 --- a/makefu/2configs/fs/sda-crypto-root.nix +++ b/makefu/2configs/fs/sda-crypto-root.nix @@ -4,6 +4,12 @@ # sda1: boot ext4 (label nixboot) - must be unlocked on boot if required: # boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; # sda2: cryptoluks -> ext4 + +# fdisk /dev/sda + # boot 500M + # rest rest +# cryptsetup luksFormat /dev/sda2 +# with import ; { boot = { From c84615a0315cc285c25b52ed1785e057f2535168 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Aug 2017 12:15:52 +0200 Subject: [PATCH 15/24] ma elchos/search: refactor dyndns code --- makefu/2configs/elchos/search.nix | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/makefu/2configs/elchos/search.nix b/makefu/2configs/elchos/search.nix index 5777be373..521bfc80a 100644 --- a/makefu/2configs/elchos/search.nix +++ b/makefu/2configs/elchos/search.nix @@ -23,10 +23,21 @@ let pid=${ddclientPIDFile} ${concatStringsSep "\n" (mapAttrsToList (user: pass: '' + protocol=dyndns2 use=if, if=${primary-itf} - protocol=dyndns2, server=ipv4.nsupdate.info, login=${user}, password='${pass}' ${user} - #usev6=if, if=${primary-itf} - #protocol=dyndns2, server=ipv6.nsupdate.info, login=${user}, password='${pass}' ${user} + ssl=yes + server=ipv4.nsupdate.info + login=${user} + password='${pass}' + ${user} + + protocol=dyndns2 + usev5=if, if=${primary-itf} + ssl=yes + server=ipv6.nsupdate.info + login=${user} + password='${pass}' + ${user} '') dict)} ''; From efb0ea1ab63db828bafb905acee13571a905c639 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Aug 2017 12:15:06 +0200 Subject: [PATCH 16/24] ma backup: add placeholder for wolf backup --- makefu/2configs/backup.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/backup.nix b/makefu/2configs/backup.nix index 1cc78bfc1..166365ba0 100644 --- a/makefu/2configs/backup.nix +++ b/makefu/2configs/backup.nix @@ -31,6 +31,7 @@ in { krebs.backup.plans = { # wry-to-omo_root = defaultPull config.krebs.hosts.wry "/"; gum-to-omo_root = defaultPull config.krebs.hosts.gum "/"; + # wolf-to-omo_root = defaultPull config.krebs.hosts.wolf "/"; }; environment.systemPackages = [ pkgs.borgbackup From 842c62e6cd12df0fbbfe3ceda00242e366009cb4 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Aug 2017 12:14:30 +0200 Subject: [PATCH 17/24] ma jack-on-pulse: depend on sound.target --- makefu/2configs/audio/jack-on-pulse.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/audio/jack-on-pulse.nix b/makefu/2configs/audio/jack-on-pulse.nix index a8ee05c7d..e18b2192a 100644 --- a/makefu/2configs/audio/jack-on-pulse.nix +++ b/makefu/2configs/audio/jack-on-pulse.nix @@ -45,7 +45,7 @@ in Restart = "always"; RestartSec = "5"; }; - # after = [ "display-manager.service" "sound.target" ]; + after = [ "display-manager.service" "sound.target" ]; wantedBy = [ "default.target" ]; }; }; From edb24e8d7ca7028217f4eebd0354e2f48ec2ef22 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Aug 2017 12:14:00 +0200 Subject: [PATCH 18/24] ma x: allow virtualbox firewall --- makefu/1systems/x/config.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 368655575..8e8c8a736 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -42,6 +42,14 @@ with import ; + { + networking.firewall.allowedTCPPorts = [ 8080 ]; + networking.nat = { + enable = true; + externalInterface = "wlp3s0"; + internalInterfaces = [ "vboxnet0" ]; + }; + } # Services @@ -81,6 +89,7 @@ with import ; networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ]; networking.firewall.allowedUDPPorts = [ 665 26061 ]; + networking.firewall.trustedInterfaces = [ "vboxnet0" ]; krebs.build.host = config.krebs.hosts.x; From 94f7791024b658556e950603846035eacc3e3337 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Aug 2017 12:12:27 +0200 Subject: [PATCH 19/24] ma tools: add jdk and jre to android packages --- makefu/2configs/tools/android-pentest.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/makefu/2configs/tools/android-pentest.nix b/makefu/2configs/tools/android-pentest.nix index 3f65424cc..da8a357ae 100644 --- a/makefu/2configs/tools/android-pentest.nix +++ b/makefu/2configs/tools/android-pentest.nix @@ -10,5 +10,8 @@ apktool jd-gui android-studio + jdk + jre + openssl ]; } From efa73b9e9a557ce711b8ef32d034d69972a4758a Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Aug 2017 12:11:24 +0200 Subject: [PATCH 20/24] ma urlwatch: github-rss --- makefu/2configs/urlwatch/default.nix | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix index f17bcdc3a..47b5d7fc3 100644 --- a/makefu/2configs/urlwatch/default.nix +++ b/makefu/2configs/urlwatch/default.nix @@ -1,6 +1,11 @@ { config, lib, ... }: -{ +let + grss = name: { #github rss feed + url = "https://github.com/${name}/releases.atom"; + filter = "grepi:( Date: Wed, 16 Aug 2017 12:10:55 +0200 Subject: [PATCH 21/24] ma vim: show tabs --- makefu/2configs/vim.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/makefu/2configs/vim.nix b/makefu/2configs/vim.nix index 227d73c81..524caf8f5 100644 --- a/makefu/2configs/vim.nix +++ b/makefu/2configs/vim.nix @@ -21,6 +21,9 @@ in { vimrcConfig.customRC = '' set nocompatible syntax on + set list + set listchars=tab:▸ + "set list listchars=tab:>-,trail:.,extends:> filetype off filetype plugin indent on From 583c8b6b4ef588874bc5efbbaff07b0cf2e84b75 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Aug 2017 12:09:59 +0200 Subject: [PATCH 22/24] ma docker: add dockertools to systemPackages --- makefu/2configs/virtualisation/docker.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/virtualisation/docker.nix b/makefu/2configs/virtualisation/docker.nix index 98fd980cc..ddef9e371 100644 --- a/makefu/2configs/virtualisation/docker.nix +++ b/makefu/2configs/virtualisation/docker.nix @@ -1,4 +1,8 @@ -{...}: +{ pkgs, ... }: { virtualisation.docker.enable = true; + environment.systemPackages = with pkgs;[ + docker + docker_compose + ]; } From da17fa410386eb7aed50d3f9db61cb6e8c32582d Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Aug 2017 12:09:18 +0200 Subject: [PATCH 23/24] ma gum: un-hardcode interface --- makefu/1systems/gum/config.nix | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index bbb8cfe11..110edc130 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -9,6 +9,7 @@ let external-gw6 = "fe80::1"; external-netmask = 22; external-netmask6 = 64; + ext-if = "et0"; # gets renamed on the fly internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0"; in { @@ -41,6 +42,7 @@ in { + ## Web @@ -94,7 +96,7 @@ in { ]; }; - + makefu.server.primary-itf = ext-if; # access users.users = { @@ -120,7 +122,7 @@ in { # Network services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="et0" + SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" ''; boot.kernelParams = [ ]; networking = { @@ -152,14 +154,16 @@ in { 21032 ]; }; - interfaces.et0.ip4 = [{ - address = external-ip; - prefixLength = external-netmask; - }]; - interfaces.et0.ip6 = [{ - address = external-ip6; - prefixLength = external-netmask6; - }]; + interfaces."${ext-if}" = { + ip4 = [{ + address = external-ip; + prefixLength = external-netmask; + }]; + ip6 = [{ + address = external-ip6; + prefixLength = external-netmask6; + }]; + }; defaultGateway6 = external-gw6; defaultGateway = external-gw; nameservers = [ "8.8.8.8" ]; From a795766f3a881d43f92dcafcf26eeb765e993ed7 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Aug 2017 12:08:14 +0200 Subject: [PATCH 24/24] ma configs/default: add vim as default --- krebs/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix index daf9bd9d0..e7ece87b6 100644 --- a/krebs/2configs/default.nix +++ b/krebs/2configs/default.nix @@ -22,6 +22,7 @@ with import ; environment.systemPackages = with pkgs; [ git + vim rxvt_unicode.terminfo ];