Merge remote-tracking branch 'gum/master'
This commit is contained in:
commit
428a5f037e
5
.gitlab-ci.yml
Normal file
5
.gitlab-ci.yml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
nix-shell test:
|
||||||
|
script:
|
||||||
|
- env
|
||||||
|
- nix-shell --pure --command 'true' -p stdenv && echo success
|
||||||
|
- nix-shell --pure --command 'false' -p stdenv || echo success
|
@ -10,6 +10,7 @@
|
|||||||
<stockholm/krebs/2configs>
|
<stockholm/krebs/2configs>
|
||||||
|
|
||||||
<stockholm/krebs/2configs/buildbot-all.nix>
|
<stockholm/krebs/2configs/buildbot-all.nix>
|
||||||
|
<stockholm/krebs/2configs/gitlab-runner-shackspace.nix>
|
||||||
<stockholm/krebs/2configs/binary-cache/nixos.nix>
|
<stockholm/krebs/2configs/binary-cache/nixos.nix>
|
||||||
];
|
];
|
||||||
|
|
||||||
|
34
krebs/2configs/gitlab-runner-shackspace.nix
Normal file
34
krebs/2configs/gitlab-runner-shackspace.nix
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
{ config, ... }:
|
||||||
|
let
|
||||||
|
url = "https://git.shackspace.de/";
|
||||||
|
# generate token from CI-token via:
|
||||||
|
## gitlab-runner register
|
||||||
|
## cat /etc/gitlab-runner/config.toml
|
||||||
|
token = import <secrets/shackspace-gitlab-ci-token.nix> ;
|
||||||
|
in {
|
||||||
|
systemd.services.gitlab-runner.path = [
|
||||||
|
"/run/wrappers" # /run/wrappers/bin/su
|
||||||
|
"/" # /bin/sh
|
||||||
|
];
|
||||||
|
systemd.services.gitlab-runner.serviceConfig.PrivateTmp = true;
|
||||||
|
virtualisation.docker.enable = true;
|
||||||
|
services.gitlab-runner = {
|
||||||
|
enable = true;
|
||||||
|
# configFile, configOptions and gracefulTimeout not yet in stable
|
||||||
|
# gracefulTimeout = "120min";
|
||||||
|
configText = ''
|
||||||
|
concurrent = 1
|
||||||
|
check_interval = 0
|
||||||
|
|
||||||
|
[[runners]]
|
||||||
|
name = "krebs-shell"
|
||||||
|
url = "${url}"
|
||||||
|
token = "${token}"
|
||||||
|
executor = "shell"
|
||||||
|
shell = "sh"
|
||||||
|
environment = ["PATH=/bin:/run/wrappers/bin:/etc/per-user/gitlab-runner/bin:/etc/per-user-pkgs/gitlab-runner/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"]
|
||||||
|
[runners.cache]
|
||||||
|
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
@ -13,6 +13,11 @@ let
|
|||||||
|
|
||||||
api = {
|
api = {
|
||||||
enable = mkEnableOption "Enable krebs newsbot";
|
enable = mkEnableOption "Enable krebs newsbot";
|
||||||
|
package = mkOption {
|
||||||
|
type = types.package;
|
||||||
|
default = pkgs.newsbot-js;
|
||||||
|
description = "newsbot package to use";
|
||||||
|
};
|
||||||
ircServer = mkOption {
|
ircServer = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "echelon.retiolum";
|
default = "echelon.retiolum";
|
||||||
@ -79,7 +84,7 @@ let
|
|||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
User = "newsbot-js";
|
User = "newsbot-js";
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
ExecStart = "${pkgs.newsbot-js}/bin/newsbot";
|
ExecStart = "${cfg.package}/bin/newsbot";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -32,6 +32,7 @@ in np.buildNodePackage {
|
|||||||
|
|
||||||
phases = [
|
phases = [
|
||||||
"unpackPhase"
|
"unpackPhase"
|
||||||
|
"patchPhase"
|
||||||
"installPhase"
|
"installPhase"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
1
krebs/6tests/data/secrets/shackspace-gitlab-ci-token.nix
Normal file
1
krebs/6tests/data/secrets/shackspace-gitlab-ci-token.nix
Normal file
@ -0,0 +1 @@
|
|||||||
|
"lol"
|
@ -43,6 +43,7 @@ in {
|
|||||||
<stockholm/makefu/2configs/torrent.nix>
|
<stockholm/makefu/2configs/torrent.nix>
|
||||||
<stockholm/makefu/2configs/iodined.nix>
|
<stockholm/makefu/2configs/iodined.nix>
|
||||||
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
|
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
|
||||||
|
<stockholm/makefu/2configs/dnscrypt/server.nix>
|
||||||
|
|
||||||
## Web
|
## Web
|
||||||
<stockholm/makefu/2configs/nginx/share-download.nix>
|
<stockholm/makefu/2configs/nginx/share-download.nix>
|
||||||
@ -55,9 +56,7 @@ in {
|
|||||||
<stockholm/makefu/2configs/deployment/mycube.connector.one.nix>
|
<stockholm/makefu/2configs/deployment/mycube.connector.one.nix>
|
||||||
<stockholm/makefu/2configs/deployment/graphs.nix>
|
<stockholm/makefu/2configs/deployment/graphs.nix>
|
||||||
<stockholm/makefu/2configs/deployment/owncloud.nix>
|
<stockholm/makefu/2configs/deployment/owncloud.nix>
|
||||||
<stockholm/makefu/2configs/deployment/wiki-irc-bot>
|
|
||||||
<stockholm/makefu/2configs/deployment/boot-euer.nix>
|
<stockholm/makefu/2configs/deployment/boot-euer.nix>
|
||||||
<stockholm/makefu/2configs/deployment/hound>
|
|
||||||
{
|
{
|
||||||
services.taskserver.enable = true;
|
services.taskserver.enable = true;
|
||||||
services.taskserver.fqdn = config.krebs.build.host.name;
|
services.taskserver.fqdn = config.krebs.build.host.name;
|
||||||
|
@ -194,16 +194,6 @@ in {
|
|||||||
|
|
||||||
zramSwap.enable = true;
|
zramSwap.enable = true;
|
||||||
|
|
||||||
krebs.Reaktor.reaktor = {
|
|
||||||
nickname = "Reaktor|krebs";
|
|
||||||
workdir = "/var/lib/Reaktor/krebs";
|
|
||||||
channels = [ "#krebs" ];
|
|
||||||
plugins = with pkgs.ReaktorPlugins;[
|
|
||||||
stockholm-issue
|
|
||||||
nixos-version
|
|
||||||
sed-plugin
|
|
||||||
random-emoji ];
|
|
||||||
};
|
|
||||||
krebs.Reaktor.reaktor-shack = {
|
krebs.Reaktor.reaktor-shack = {
|
||||||
nickname = "Reaktor|shack";
|
nickname = "Reaktor|shack";
|
||||||
workdir = "/var/lib/Reaktor/shack";
|
workdir = "/var/lib/Reaktor/shack";
|
||||||
|
@ -12,7 +12,7 @@ with import <stockholm/lib>;
|
|||||||
<stockholm/makefu/2configs/extra-fonts.nix>
|
<stockholm/makefu/2configs/extra-fonts.nix>
|
||||||
<stockholm/makefu/2configs/tools/all.nix>
|
<stockholm/makefu/2configs/tools/all.nix>
|
||||||
<stockholm/makefu/2configs/laptop-backup.nix>
|
<stockholm/makefu/2configs/laptop-backup.nix>
|
||||||
<stockholm/makefu/2configs/dnscrypt.nix>
|
<stockholm/makefu/2configs/dnscrypt/client.nix>
|
||||||
<stockholm/makefu/2configs/avahi.nix>
|
<stockholm/makefu/2configs/avahi.nix>
|
||||||
|
|
||||||
# Debugging
|
# Debugging
|
||||||
@ -20,6 +20,7 @@ with import <stockholm/lib>;
|
|||||||
|
|
||||||
# Testing
|
# Testing
|
||||||
# <stockholm/makefu/2configs/deployment/gitlab.nix>
|
# <stockholm/makefu/2configs/deployment/gitlab.nix>
|
||||||
|
# <stockholm/makefu/2configs/deployment/wiki-irc-bot>
|
||||||
|
|
||||||
# <stockholm/makefu/2configs/torrent.nix>
|
# <stockholm/makefu/2configs/torrent.nix>
|
||||||
# <stockholm/makefu/2configs/lanparty/lancache.nix>
|
# <stockholm/makefu/2configs/lanparty/lancache.nix>
|
||||||
@ -54,6 +55,7 @@ with import <stockholm/lib>;
|
|||||||
# Services
|
# Services
|
||||||
<stockholm/makefu/2configs/git/brain-retiolum.nix>
|
<stockholm/makefu/2configs/git/brain-retiolum.nix>
|
||||||
<stockholm/makefu/2configs/tor.nix>
|
<stockholm/makefu/2configs/tor.nix>
|
||||||
|
<stockholm/makefu/2configs/vpn/vpngate.nix>
|
||||||
<stockholm/makefu/2configs/steam.nix>
|
<stockholm/makefu/2configs/steam.nix>
|
||||||
# <stockholm/makefu/2configs/buildbot-standalone.nix>
|
# <stockholm/makefu/2configs/buildbot-standalone.nix>
|
||||||
|
|
||||||
|
@ -39,10 +39,10 @@ with import <stockholm/lib>;
|
|||||||
};
|
};
|
||||||
|
|
||||||
networking.hostName = config.krebs.build.host.name;
|
networking.hostName = config.krebs.build.host.name;
|
||||||
nix.maxJobs = config.krebs.build.host.cores;
|
nix.maxJobs = 2;
|
||||||
|
nix.buildCores = config.krebs.build.host.cores;
|
||||||
|
|
||||||
time.timeZone = "Europe/Berlin";
|
time.timeZone = "Europe/Berlin";
|
||||||
#nix.maxJobs = 1;
|
|
||||||
|
|
||||||
programs.ssh = {
|
programs.ssh = {
|
||||||
startAgent = false;
|
startAgent = false;
|
||||||
@ -145,15 +145,6 @@ with import <stockholm/lib>;
|
|||||||
"net.ipv6.conf.default.use_tempaddr" = 2;
|
"net.ipv6.conf.default.use_tempaddr" = 2;
|
||||||
};
|
};
|
||||||
|
|
||||||
system.activationScripts.nix-defexpr = ''
|
|
||||||
(set -euf
|
|
||||||
for i in /home/makefu /root/;do
|
|
||||||
f="$i/.nix-defexpr"
|
|
||||||
rm -fr "$f"
|
|
||||||
ln -s /var/src/nixpkgs "$f"
|
|
||||||
done)
|
|
||||||
'';
|
|
||||||
|
|
||||||
i18n = {
|
i18n = {
|
||||||
consoleKeyMap = "us";
|
consoleKeyMap = "us";
|
||||||
defaultLocale = "en_US.UTF-8";
|
defaultLocale = "en_US.UTF-8";
|
||||||
|
@ -1,67 +1,19 @@
|
|||||||
{ pkgs, lib, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
with lib;
|
|
||||||
let
|
let
|
||||||
port = 18872;
|
pkg = pkgs.lib.overrideDerivation pkgs.newsbot-js (original: {
|
||||||
|
patches = [ ./wiki-output.patch ];
|
||||||
|
});
|
||||||
|
newsfile = pkgs.writeText "feeds" ''
|
||||||
|
nixoswiki-bot|https://nixos.wiki/api.php?days=7&limit=50&hidecategorization=1&action=feedrecentchanges&feedformat=rss|#krebs
|
||||||
|
'';
|
||||||
in {
|
in {
|
||||||
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
|
krebs.newsbot-js = {
|
||||||
logstash = pkgs.stdenv.lib.overrideDerivation pkgs.logstash (old: {
|
|
||||||
patches = [ ./irc-out-notice.patch ]; });
|
|
||||||
};
|
|
||||||
services.logstash = {
|
|
||||||
enable = true;
|
enable = true;
|
||||||
inputConfig = ''
|
package = pkg;
|
||||||
http {
|
ircServer = "chat.freenode.net";
|
||||||
port => ${toString port}
|
feeds = newsfile;
|
||||||
host => "127.0.0.1"
|
urlShortenerHost = "go";
|
||||||
}
|
urlShortenerPort = "80";
|
||||||
'';
|
|
||||||
filterConfig = ''
|
|
||||||
if ([pages]) {
|
|
||||||
ruby {
|
|
||||||
code => '
|
|
||||||
require "net/http"
|
|
||||||
require "net/https"
|
|
||||||
http = Net::HTTP.new("git.io", 443)
|
|
||||||
http.use_ssl = true
|
|
||||||
lines = []
|
|
||||||
event["pages"].each {|p|
|
|
||||||
url = "#{p["html_url"]}/_compare/#{p["sha"]}"
|
|
||||||
short_url = begin
|
|
||||||
request = Net::HTTP::Post.new "/"
|
|
||||||
request.set_form_data ({"url" => url })
|
|
||||||
response = http.request(request)
|
|
||||||
response["location"]
|
|
||||||
end
|
|
||||||
lines << "\"#{p["title"]}\" #{p["action"]} by #{event["sender"]["login"]} #{short_url}"
|
|
||||||
}
|
|
||||||
event["output"] = lines.join("\n")
|
|
||||||
'
|
|
||||||
}
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
outputConfig = ''
|
|
||||||
file { path => "/tmp/logs.json" codec => "json_lines" }
|
|
||||||
if [output] {
|
|
||||||
irc {
|
|
||||||
channels => [ "#krebs", "#nixos" ]
|
|
||||||
host => "irc.freenode.net"
|
|
||||||
nick => "nixos-users-wiki"
|
|
||||||
format => "%{output}"
|
|
||||||
notice => true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
plugins = [ ];
|
|
||||||
};
|
|
||||||
|
|
||||||
services.nginx = {
|
|
||||||
enable = lib.mkDefault true;
|
|
||||||
virtualHosts."ghook.krebsco.de" = {
|
|
||||||
locations."/".proxyPass = "http://localhost:${toString port}/";
|
|
||||||
enableSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
forceSSL = true;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -1,26 +0,0 @@
|
|||||||
index b63339d..8c8c747 100644
|
|
||||||
--- a/vendor/bundle/jruby/1.9/gems/logstash-output-irc-2.0.4/lib/logstash/outputs/irc.rb
|
|
||||||
+++ b/vendor/bundle/jruby/1.9/gems/logstash-output-irc-2.0.4/lib/logstash/outputs/irc.rb
|
|
||||||
@@ -48,6 +48,9 @@ class LogStash::Outputs::Irc < LogStash::Outputs::Base
|
|
||||||
# Static string after event
|
|
||||||
config :post_string, :validate => :string, :required => false
|
|
||||||
|
|
||||||
+ # Set this to true to send messages as notice
|
|
||||||
+ config :notice, :validate => :boolean, :default => false
|
|
||||||
+
|
|
||||||
public
|
|
||||||
|
|
||||||
def inject_bot(bot)
|
|
||||||
@@ -90,9 +93,9 @@ class LogStash::Outputs::Irc < LogStash::Outputs::Base
|
|
||||||
|
|
||||||
@bot.channels.each do |channel|
|
|
||||||
@logger.debug("Sending to...", :channel => channel, :text => text)
|
|
||||||
- channel.msg(pre_string) if !@pre_string.nil?
|
|
||||||
- channel.msg(text)
|
|
||||||
- channel.msg(post_string) if !@post_string.nil?
|
|
||||||
+ channel.send(pre_string, :notice => @notice) if !@pre_string.nil?
|
|
||||||
+ channel.send(text, :notice => @notice)
|
|
||||||
+ channel.send(post_string, :notice => @notice) if !@post_string.nil?
|
|
||||||
end # channels.each
|
|
||||||
end # def receive
|
|
||||||
end # class LogStash::Outputs::Irc
|
|
45
makefu/2configs/deployment/wiki-irc-bot/wiki-output.patch
Normal file
45
makefu/2configs/deployment/wiki-irc-bot/wiki-output.patch
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
diff --git a/newsbot.js b/newsbot.js
|
||||||
|
index 42d0666..a284011 100644
|
||||||
|
--- a/newsbot.js
|
||||||
|
+++ b/newsbot.js
|
||||||
|
@@ -92,8 +92,9 @@ function create_feedbot (nick, uri, channels) {
|
||||||
|
}
|
||||||
|
|
||||||
|
function broadcast_new_item (item) {
|
||||||
|
+ console.log('Broadcasting item ',item.link)
|
||||||
|
return getShortLink(item.link, function (error, shortlink) {
|
||||||
|
- return broadcast(item.title + ' ' + shortlink)
|
||||||
|
+ return broadcast('"'+ item.title + '" edited by ' + item.author + ' ' + shortlink)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -152,15 +153,18 @@ function create_feedbot (nick, uri, channels) {
|
||||||
|
|
||||||
|
if (client.lastItems) {
|
||||||
|
items.forEach(function (item) {
|
||||||
|
- if (!client.lastItems.hasOwnProperty(item.title)) {
|
||||||
|
+
|
||||||
|
+ if (!client.lastItems.hasOwnProperty(item.guid)) {
|
||||||
|
broadcast_new_item(item)
|
||||||
|
+ }else {
|
||||||
|
+ console.log("Item already seen:",item.guid)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
client.lastItems = {}
|
||||||
|
items.forEach(function (item) {
|
||||||
|
- client.lastItems[item.title] = true
|
||||||
|
+ client.lastItems[item.guid] = true
|
||||||
|
})
|
||||||
|
|
||||||
|
return continue_loop()
|
||||||
|
@@ -199,6 +203,8 @@ function run_command (methodname, params, callback) {
|
||||||
|
}
|
||||||
|
|
||||||
|
function getShortLink (link, callback) {
|
||||||
|
+ callback(null,link)
|
||||||
|
+ return
|
||||||
|
var form = new FormData()
|
||||||
|
try {
|
||||||
|
form.append('uri', link)
|
@ -1,7 +0,0 @@
|
|||||||
{
|
|
||||||
services.dnscrypt-proxy.enable = true;
|
|
||||||
services.dnscrypt-proxy.resolverName = "cs-de";
|
|
||||||
networking.extraResolvconfConf = ''
|
|
||||||
name_servers='127.0.0.1'
|
|
||||||
'';
|
|
||||||
}
|
|
19
makefu/2configs/dnscrypt/client.nix
Normal file
19
makefu/2configs/dnscrypt/client.nix
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
{ config, ... }:
|
||||||
|
let
|
||||||
|
customResolver = {
|
||||||
|
# TODO: put this somewhere else
|
||||||
|
address = config.krebs.hosts.gum.nets.internet.ip4.addr;
|
||||||
|
port = 15251;
|
||||||
|
name = "2.dnscrypt-cert.euer.krebsco.de";
|
||||||
|
# dnscrypt-wrapper --show-provider-publickey --provider-publickey-file public.key
|
||||||
|
key = "1AFC:E58D:F242:0FBB:9EE9:4E51:47F4:5373:D9AE:C2AB:DD96:8448:333D:5D79:272C:A44C";
|
||||||
|
};
|
||||||
|
in {
|
||||||
|
services.dnscrypt-proxy = {
|
||||||
|
enable = true;
|
||||||
|
inherit customResolver;
|
||||||
|
};
|
||||||
|
networking.extraResolvconfConf = ''
|
||||||
|
name_servers='127.0.0.1'
|
||||||
|
'';
|
||||||
|
}
|
26
makefu/2configs/dnscrypt/server.nix
Normal file
26
makefu/2configs/dnscrypt/server.nix
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
{ config, ... }:
|
||||||
|
let
|
||||||
|
# TODO: dataDir is currently not provided by upstream
|
||||||
|
# data = config.services.dnscrypt-wrapper.dataDir;
|
||||||
|
data = "/var/lib/dnscrypt-wrapper";
|
||||||
|
sec = toString <secrets>;
|
||||||
|
port = 15251;
|
||||||
|
user = "dnscrypt-wrapper";
|
||||||
|
in {
|
||||||
|
services.dnscrypt-wrapper = {
|
||||||
|
enable = true;
|
||||||
|
address = "0.0.0.0";
|
||||||
|
upstream.address = "8.8.8.8";
|
||||||
|
providerName = "2.dnscrypt-cert.euer.krebsco.de";
|
||||||
|
inherit port;
|
||||||
|
};
|
||||||
|
networking.firewall.allowedUDPPorts = [ port ];
|
||||||
|
systemd.services.prepare-dnscrypt-wrapper-keys = {
|
||||||
|
wantedBy = [ "dnscrypt-wrapper.service" ];
|
||||||
|
before = [ "dnscrypt-wrapper.service" ];
|
||||||
|
script = ''
|
||||||
|
install -m700 -o ${user} -v ${sec}/dnscrypt-public.key ${data}/public.key
|
||||||
|
install -m700 -o ${user} -v ${sec}/dnscrypt-secret.key ${data}/secret.key
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
@ -22,6 +22,7 @@ let
|
|||||||
cgit.desc = "Build new Stockholm hosts";
|
cgit.desc = "Build new Stockholm hosts";
|
||||||
};
|
};
|
||||||
cac-api = { };
|
cac-api = { };
|
||||||
|
euer_blog = { };
|
||||||
ampel = { };
|
ampel = { };
|
||||||
init-stockholm = {
|
init-stockholm = {
|
||||||
cgit.desc = "Init stuff for stockholm";
|
cgit.desc = "Init stuff for stockholm";
|
||||||
|
@ -2,6 +2,9 @@
|
|||||||
|
|
||||||
with import <stockholm/lib>;
|
with import <stockholm/lib>;
|
||||||
{
|
{
|
||||||
|
imports = [
|
||||||
|
./tpm.nix
|
||||||
|
];
|
||||||
networking.wireless.enable = lib.mkDefault true;
|
networking.wireless.enable = lib.mkDefault true;
|
||||||
|
|
||||||
hardware.enableAllFirmware = true;
|
hardware.enableAllFirmware = true;
|
||||||
|
6
makefu/2configs/hw/tpm.nix
Normal file
6
makefu/2configs/hw/tpm.nix
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
|
services.tcsd.enable = true;
|
||||||
|
# see https://wiki.archlinux.org/index.php/Trusted_Platform_Module
|
||||||
|
environment.systemPackages = with pkgs; [ opencryptoki tpm-tools ];
|
||||||
|
}
|
@ -8,5 +8,7 @@
|
|||||||
./games.nix
|
./games.nix
|
||||||
./media.nix
|
./media.nix
|
||||||
./sec.nix
|
./sec.nix
|
||||||
|
./sec-gui.nix
|
||||||
|
./studio.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
@ -20,6 +20,5 @@
|
|||||||
xdotool
|
xdotool
|
||||||
xorg.xbacklight
|
xorg.xbacklight
|
||||||
scrot
|
scrot
|
||||||
wireshark
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
8
makefu/2configs/tools/sec-gui.nix
Normal file
8
makefu/2configs/tools/sec-gui.nix
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
krebs.per-user.makefu.packages = with pkgs; [
|
||||||
|
tpmmanager
|
||||||
|
wireshark
|
||||||
|
];
|
||||||
|
}
|
@ -13,5 +13,6 @@
|
|||||||
thc-hydra
|
thc-hydra
|
||||||
borgbackup
|
borgbackup
|
||||||
ledger
|
ledger
|
||||||
|
u3_tool
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
10
makefu/2configs/tools/studio.nix
Normal file
10
makefu/2configs/tools/studio.nix
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
users.users.makefu.packages = with pkgs; [
|
||||||
|
obs-studio
|
||||||
|
studio-link
|
||||||
|
audacity
|
||||||
|
owncloudclient
|
||||||
|
];
|
||||||
|
}
|
@ -22,7 +22,7 @@ in {
|
|||||||
set nocompatible
|
set nocompatible
|
||||||
syntax on
|
syntax on
|
||||||
set list
|
set list
|
||||||
set listchars=tab:▸
|
set listchars=tab:▸\
|
||||||
"set list listchars=tab:>-,trail:.,extends:>
|
"set list listchars=tab:>-,trail:.,extends:>
|
||||||
|
|
||||||
filetype off
|
filetype off
|
||||||
|
@ -1,5 +1,113 @@
|
|||||||
{ pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
{
|
{
|
||||||
|
services.openvpn.servers.vpngate-france = {
|
||||||
|
config = ''
|
||||||
|
dev tun
|
||||||
|
proto udp
|
||||||
|
remote coreeu1.opengw.net 1194
|
||||||
|
cipher AES-128-CBC
|
||||||
|
auth SHA1
|
||||||
|
resolv-retry infinite
|
||||||
|
nobind
|
||||||
|
persist-key
|
||||||
|
persist-tun
|
||||||
|
client
|
||||||
|
verb 3
|
||||||
|
|
||||||
|
<ca>
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB
|
||||||
|
hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
|
||||||
|
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV
|
||||||
|
BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5
|
||||||
|
MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT
|
||||||
|
EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
|
||||||
|
Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh
|
||||||
|
dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR
|
||||||
|
6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8X
|
||||||
|
pz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC
|
||||||
|
9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu/Nio5JIk2kNrYrhV
|
||||||
|
/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEf
|
||||||
|
Zd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z
|
||||||
|
+pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7w
|
||||||
|
qP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZah
|
||||||
|
SL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVIC
|
||||||
|
u9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma/RMhnEw6abf
|
||||||
|
Fobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq/yapiq
|
||||||
|
crxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E
|
||||||
|
FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB
|
||||||
|
/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvl
|
||||||
|
wFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM
|
||||||
|
4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV
|
||||||
|
2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSgtZx8jb8uk2Intzna
|
||||||
|
FxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwWsRqZ
|
||||||
|
CuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiK
|
||||||
|
boHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmcke
|
||||||
|
jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL
|
||||||
|
S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb
|
||||||
|
QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl
|
||||||
|
0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB
|
||||||
|
NVOFBkpdn627G190
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
||||||
|
</ca>
|
||||||
|
|
||||||
|
|
||||||
|
<cert>
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIICxjCCAa4CAQAwDQYJKoZIhvcNAQEFBQAwKTEaMBgGA1UEAxMRVlBOR2F0ZUNs
|
||||||
|
aWVudENlcnQxCzAJBgNVBAYTAkpQMB4XDTEzMDIxMTAzNDk0OVoXDTM3MDExOTAz
|
||||||
|
MTQwN1owKTEaMBgGA1UEAxMRVlBOR2F0ZUNsaWVudENlcnQxCzAJBgNVBAYTAkpQ
|
||||||
|
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5h2lgQQYUjwoKYJbzVZA
|
||||||
|
5VcIGd5otPc/qZRMt0KItCFA0s9RwReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD
|
||||||
|
4W8GmJe8zapJnLsD39OSMRCzZJnczW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQ
|
||||||
|
CjntLIWk5OLLVkFt9/tScc1GDtci55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67
|
||||||
|
XCKJnGB5nlQ+HsMYPV/O49Ld91ZN/2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6h
|
||||||
|
p/0yXnTB//mWutBGpdUlIbwiITbAmrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGD
|
||||||
|
ywIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQChO5hgcw/4oWfoEFLu9kBa1B//kxH8
|
||||||
|
hQkChVNn8BRC7Y0URQitPl3DKEed9URBDdg2KOAz77bb6ENPiliD+a38UJHIRMqe
|
||||||
|
UBHhllOHIzvDhHFbaovALBQceeBzdkQxsKQESKmQmR832950UCovoyRB61UyAV7h
|
||||||
|
+mZhYPGRKXKSJI6s0Egg/Cri+Cwk4bjJfrb5hVse11yh4D9MHhwSfCOH+0z4hPUT
|
||||||
|
Fku7dGavURO5SVxMn/sL6En5D+oSeXkadHpDs+Airym2YHh15h0+jPSOoR6yiVp/
|
||||||
|
6zZeZkrN43kuS73KpKDFjfFPh8t4r1gOIjttkNcQqBccusnplQ7HJpsk
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
||||||
|
</cert>
|
||||||
|
|
||||||
|
<key>
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIIEpAIBAAKCAQEA5h2lgQQYUjwoKYJbzVZA5VcIGd5otPc/qZRMt0KItCFA0s9R
|
||||||
|
wReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD4W8GmJe8zapJnLsD39OSMRCzZJnc
|
||||||
|
zW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQCjntLIWk5OLLVkFt9/tScc1GDtci
|
||||||
|
55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67XCKJnGB5nlQ+HsMYPV/O49Ld91ZN
|
||||||
|
/2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6hp/0yXnTB//mWutBGpdUlIbwiITbA
|
||||||
|
mrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGDywIDAQABAoIBAERV7X5AvxA8uRiK
|
||||||
|
k8SIpsD0dX1pJOMIwakUVyvc4EfN0DhKRNb4rYoSiEGTLyzLpyBc/A28Dlkm5eOY
|
||||||
|
fjzXfYkGtYi/Ftxkg3O9vcrMQ4+6i+uGHaIL2rL+s4MrfO8v1xv6+Wky33EEGCou
|
||||||
|
QiwVGRFQXnRoQ62NBCFbUNLhmXwdj1akZzLU4p5R4zA3QhdxwEIatVLt0+7owLQ3
|
||||||
|
lP8sfXhppPOXjTqMD4QkYwzPAa8/zF7acn4kryrUP7Q6PAfd0zEVqNy9ZCZ9ffho
|
||||||
|
zXedFj486IFoc5gnTp2N6jsnVj4LCGIhlVHlYGozKKFqJcQVGsHCqq1oz2zjW6LS
|
||||||
|
oRYIHgECgYEA8zZrkCwNYSXJuODJ3m/hOLVxcxgJuwXoiErWd0E42vPanjjVMhnt
|
||||||
|
KY5l8qGMJ6FhK9LYx2qCrf/E0XtUAZ2wVq3ORTyGnsMWre9tLYs55X+ZN10Tc75z
|
||||||
|
4hacbU0hqKN1HiDmsMRY3/2NaZHoy7MKnwJJBaG48l9CCTlVwMHocIECgYEA8jby
|
||||||
|
dGjxTH+6XHWNizb5SRbZxAnyEeJeRwTMh0gGzwGPpH/sZYGzyu0SySXWCnZh3Rgq
|
||||||
|
5uLlNxtrXrljZlyi2nQdQgsq2YrWUs0+zgU+22uQsZpSAftmhVrtvet6MjVjbByY
|
||||||
|
DADciEVUdJYIXk+qnFUJyeroLIkTj7WYKZ6RjksCgYBoCFIwRDeg42oK89RFmnOr
|
||||||
|
LymNAq4+2oMhsWlVb4ejWIWeAk9nc+GXUfrXszRhS01mUnU5r5ygUvRcarV/T3U7
|
||||||
|
TnMZ+I7Y4DgWRIDd51znhxIBtYV5j/C/t85HjqOkH+8b6RTkbchaX3mau7fpUfds
|
||||||
|
Fq0nhIq42fhEO8srfYYwgQKBgQCyhi1N/8taRwpk+3/IDEzQwjbfdzUkWWSDk9Xs
|
||||||
|
H/pkuRHWfTMP3flWqEYgW/LW40peW2HDq5imdV8+AgZxe/XMbaji9Lgwf1RY005n
|
||||||
|
KxaZQz7yqHupWlLGF68DPHxkZVVSagDnV/sztWX6SFsCqFVnxIXifXGC4cW5Nm9g
|
||||||
|
va8q4QKBgQCEhLVeUfdwKvkZ94g/GFz731Z2hrdVhgMZaU/u6t0V95+YezPNCQZB
|
||||||
|
wmE9Mmlbq1emDeROivjCfoGhR3kZXW1pTKlLh6ZMUQUOpptdXva8XxfoqQwa3enA
|
||||||
|
M7muBbF0XN7VO80iJPv+PmIZdEIAkpwKfi201YB+BafCIuGxIF50Vg==
|
||||||
|
-----END RSA PRIVATE KEY-----
|
||||||
|
|
||||||
|
</key>
|
||||||
|
'';
|
||||||
|
autoStart = false;
|
||||||
|
updateResolvConf = false;
|
||||||
|
};
|
||||||
services.openvpn.servers.vpngate-japan = {
|
services.openvpn.servers.vpngate-japan = {
|
||||||
config = ''
|
config = ''
|
||||||
dev tun
|
dev tun
|
||||||
|
@ -88,7 +88,7 @@ in
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
krebs.per-user.${mainUser}.packages = [
|
users.users.${mainUser}.packages = [
|
||||||
pkgs.nix-zsh-completions
|
pkgs.nix-zsh-completions
|
||||||
pkgs.fzf
|
pkgs.fzf
|
||||||
];
|
];
|
||||||
|
@ -15,6 +15,7 @@ _:
|
|||||||
./torrent.nix
|
./torrent.nix
|
||||||
./udpt.nix
|
./udpt.nix
|
||||||
./umts.nix
|
./umts.nix
|
||||||
|
./wvdial.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
70
makefu/3modules/wvdial.nix
Normal file
70
makefu/3modules/wvdial.nix
Normal file
@ -0,0 +1,70 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
# from 17.03/nixos/modules/programs/wvdial.nix
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
|
||||||
|
configFile = ''
|
||||||
|
[Dialer Defaults]
|
||||||
|
PPPD PATH = ${pkgs.ppp}/sbin/pppd
|
||||||
|
${config.environment.wvdial.dialerDefaults}
|
||||||
|
'';
|
||||||
|
|
||||||
|
cfg = config.environment.wvdial;
|
||||||
|
|
||||||
|
in
|
||||||
|
{
|
||||||
|
###### interface
|
||||||
|
|
||||||
|
options = {
|
||||||
|
|
||||||
|
environment.wvdial = {
|
||||||
|
|
||||||
|
dialerDefaults = mkOption {
|
||||||
|
default = "";
|
||||||
|
type = types.str;
|
||||||
|
example = ''Init1 = AT+CGDCONT=1,"IP","internet.t-mobile"'';
|
||||||
|
description = ''
|
||||||
|
Contents of the "Dialer Defaults" section of
|
||||||
|
<filename>/etc/wvdial.conf</filename>.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
pppDefaults = mkOption {
|
||||||
|
default = ''
|
||||||
|
noipdefault
|
||||||
|
usepeerdns
|
||||||
|
defaultroute
|
||||||
|
persist
|
||||||
|
noauth
|
||||||
|
'';
|
||||||
|
type = types.str;
|
||||||
|
description = "Default ppp settings for wvdial.";
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
###### implementation
|
||||||
|
|
||||||
|
config = mkIf (cfg.dialerDefaults != "") {
|
||||||
|
|
||||||
|
environment = {
|
||||||
|
|
||||||
|
etc =
|
||||||
|
[
|
||||||
|
{ source = pkgs.writeText "wvdial.conf" configFile;
|
||||||
|
target = "wvdial.conf";
|
||||||
|
}
|
||||||
|
{ source = pkgs.writeText "wvdial" cfg.pppDefaults;
|
||||||
|
target = "ppp/peers/wvdial";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
@ -5,9 +5,10 @@ pythonPackages.buildPythonApplication rec {
|
|||||||
version = "2.4.3";
|
version = "2.4.3";
|
||||||
buildInputs = [ jdk7 ];
|
buildInputs = [ jdk7 ];
|
||||||
propagatedBuildInputs = with pythonPackages; [
|
propagatedBuildInputs = with pythonPackages; [
|
||||||
protobuf
|
protobuf3_2
|
||||||
pyopenssl
|
pyopenssl
|
||||||
pyyaml
|
pyyaml
|
||||||
|
] ++ [
|
||||||
jre7
|
jre7
|
||||||
twisted
|
twisted
|
||||||
];
|
];
|
||||||
|
@ -1,7 +1,8 @@
|
|||||||
{ coreutils, makeWrapper, openssl, libcaca, qrencode, fetchFromGitHub, yubikey-manager, python, stdenv, ... }:
|
{ coreutils, makeWrapper, openssl, libcaca, qrencode, fetchFromGitHub, yubikey-manager, python, stdenv, ... }:
|
||||||
|
|
||||||
|
builtins.trace "Warning: HTOP mode of gen-oath-safe is currently broken"
|
||||||
stdenv.mkDerivation {
|
stdenv.mkDerivation {
|
||||||
name = "geno-oath-safe-2017-06-30";
|
name = "gen-oath-safe-2017-06-30";
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "mcepl";
|
owner = "mcepl";
|
||||||
repo = "gen-oath-safe";
|
repo = "gen-oath-safe";
|
||||||
@ -23,7 +24,7 @@ stdenv.mkDerivation {
|
|||||||
coreutils
|
coreutils
|
||||||
openssl
|
openssl
|
||||||
qrencode
|
qrencode
|
||||||
yubikey-manager
|
#yubikey-manager
|
||||||
libcaca
|
libcaca
|
||||||
python
|
python
|
||||||
];
|
];
|
||||||
|
22
makefu/5pkgs/u3_tool/default.nix
Normal file
22
makefu/5pkgs/u3_tool/default.nix
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
{ stdenv, fetchurl }:
|
||||||
|
|
||||||
|
stdenv.mkDerivation rec {
|
||||||
|
proj = "u3-tool";
|
||||||
|
name = "${proj}-${version}";
|
||||||
|
version = "0.3";
|
||||||
|
|
||||||
|
enableParallelBuilding = true;
|
||||||
|
|
||||||
|
src = fetchurl {
|
||||||
|
url = "mirror://sourceforge/${proj}/${name}.tar.gz";
|
||||||
|
sha256 = "1p9c9kibd1pdbdfa0nd0i3n7bvzi3xg0chm38jg3xfl8gsn0390f";
|
||||||
|
};
|
||||||
|
|
||||||
|
meta = {
|
||||||
|
description = "Tool for controlling the special features of a 'U3 smart drive' USB Flash disk.";
|
||||||
|
homepage = https://sourceforge.net/projects/u3-tool/ ;
|
||||||
|
license = stdenv.lib.licenses.gpl2;
|
||||||
|
platforms = stdenv.lib.platforms.linux;
|
||||||
|
maintainers = with stdenv.lib.maintainers; [ makefu ];
|
||||||
|
};
|
||||||
|
}
|
@ -11,10 +11,10 @@ let
|
|||||||
then "buildbot"
|
then "buildbot"
|
||||||
else "makefu";
|
else "makefu";
|
||||||
_file = <stockholm> + "/makefu/1systems/${name}/source.nix";
|
_file = <stockholm> + "/makefu/1systems/${name}/source.nix";
|
||||||
ref = "9d4bd6b"; # unstable @ 2017-07-31
|
ref = "c91346e"; # unstable @ 2017-09-04
|
||||||
# + graceful requests2 (a772c3aa)
|
# + graceful requests2 (a772c3aa)
|
||||||
# + libpurple bitlbee ( ce6fe1a, 65e38b7 )
|
# + mitmproxy fix (eee2d174)
|
||||||
# + buildbot-runner ( f3cecc5 )
|
# + tpm-tools fix (5cb9987)
|
||||||
|
|
||||||
in
|
in
|
||||||
evalSource (toString _file) [
|
evalSource (toString _file) [
|
||||||
|
Loading…
Reference in New Issue
Block a user