From 4feafd70204f9c13500bd427d250fac60ca595ef Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 14 Dec 2017 11:18:14 +0100 Subject: [PATCH 01/46] ma pkgs.vpn-ws: init at 0.2 --- makefu/5pkgs/vpn-ws/default.nix | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 makefu/5pkgs/vpn-ws/default.nix diff --git a/makefu/5pkgs/vpn-ws/default.nix b/makefu/5pkgs/vpn-ws/default.nix new file mode 100644 index 000000000..71573384d --- /dev/null +++ b/makefu/5pkgs/vpn-ws/default.nix @@ -0,0 +1,30 @@ +{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub, openssl }: +stdenv.mkDerivation rec { + pname = "vpn-ws"; + version = "9d0e866"; + name = "${pname}-${version}"; + + src = fetchFromGitHub { + owner = "unbit"; + repo = "vpn-ws"; + rev = version; + sha256 = "068vzrpzgksadb31khancnpkgzhdcr6kh6k9wgm77q68skwl3w0k"; + }; + + patchPhase = '' + sed -i 's/-Werror//' Makefile + ''; + + installPhase = '' + mkdir -p $out/bin + cp vpn-ws vpn-ws-client $out/bin + ''; + + buildInputs = [ openssl.dev ]; + + meta = { + homepage = https://github.com/unbit/vpn-ws; + description = "A VPN system over websockets"; + license = lib.licenses.mit; + }; +} From 1fff5ae3724a811c6205e1e7abf5052e05412757 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 18 Dec 2017 21:26:45 +0100 Subject: [PATCH 02/46] ma nginx: add vpn-ws prototype --- makefu/2configs/nginx/euer.blog.vpn.nix | 35 +++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 makefu/2configs/nginx/euer.blog.vpn.nix diff --git a/makefu/2configs/nginx/euer.blog.vpn.nix b/makefu/2configs/nginx/euer.blog.vpn.nix new file mode 100644 index 000000000..b3db0bc60 --- /dev/null +++ b/makefu/2configs/nginx/euer.blog.vpn.nix @@ -0,0 +1,35 @@ +{pkgs, options, ... }: +let + pkg = pkgs.vpn-ws; + uid = "nginx"; + gid = "nginx"; + ip = "${pkgs.iproute}/bin/ip"; +in { + services.nginx.virtualHosts."euer.krebsco.de".locations."/vpn" = { + # TODO client auth + extraConfig = '' + uwsgi_pass unix:/run/vpn.sock; + include ${pkgs.nginx}/conf/uwsgi_params; + ''; + }; + + networking.interfaces.vpnws = { + virtual = true; + virtualType = "tap"; + }; + systemd.services.vpnws = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + Restart = "always"; + PrivateTmp = true; + ExecStartPre = pkgs.writeDash "vpnws-pre" '' + ${ip} link set vpnws up + ${ip} addr add 10.244.1.1/24 dev vpnws || : + ''; + ExecStart = pkgs.writeDash "vpnws-start" '' + ${pkg}/bin/vpn-ws --tuntap vpnws /run/vpn.sock + ''; + }; + }; +} From 4d4d11a76501246e485ed73f33277ce470d32dfd Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 18 Dec 2017 21:26:59 +0100 Subject: [PATCH 03/46] ma stats: add bamstats --- makefu/2configs/stats/telegraf/bamstats.nix | 35 +++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 makefu/2configs/stats/telegraf/bamstats.nix diff --git a/makefu/2configs/stats/telegraf/bamstats.nix b/makefu/2configs/stats/telegraf/bamstats.nix new file mode 100644 index 000000000..ae5301204 --- /dev/null +++ b/makefu/2configs/stats/telegraf/bamstats.nix @@ -0,0 +1,35 @@ +{ pkgs, ...}: + +let + genTopic = name: topic: tags: { + servers = [ "tcp://localhost:1883" ]; + qos = 0; + connection_timeout = "30s"; + topics = [ topic ]; + tags = tags; + persistent_session = false; + name_override = name; + data_format = "value"; + data_type = "float"; + }; + bamStat = stat: # Temperature or Humidity + host: # easy{1-4} + sensor: # dht11, dht22, ds18 + (genTopic stat + "/bam/${host}/${sensor}/${stat}" + {"host" = host; + "scope" = "bam"; + "sensor" = sensor; + } ); + dht22 = host: [(bamStat "Temperature" host "dht22") + (bamStat "Humidity" host "dht22")]; + dht11 = host: [(bamStat "Temperature" host "dht11") + (bamStat "Humidity" host "dht11")]; + ds18 = host: [(bamStat "Temperature" host "ds18")]; +in { + services.telegraf.extraConfig.inputs.mqtt_consumer = + (dht22 "easy1") + ++ (dht22 "easy2") + ++ (dht11 "easy3") + ++ (ds18 "easy3"); +} From e2369d551e211c0eeb360868c2bba30564e33ca0 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 18 Dec 2017 21:27:26 +0100 Subject: [PATCH 04/46] ma vpn: add vpnws client and server --- makefu/2configs/vpn/vpnws/client.nix | 9 +++++++++ .../euer.blog.vpn.nix => vpn/vpnws/server.nix} | 17 ++++++++++++----- 2 files changed, 21 insertions(+), 5 deletions(-) create mode 100644 makefu/2configs/vpn/vpnws/client.nix rename makefu/2configs/{nginx/euer.blog.vpn.nix => vpn/vpnws/server.nix} (55%) diff --git a/makefu/2configs/vpn/vpnws/client.nix b/makefu/2configs/vpn/vpnws/client.nix new file mode 100644 index 000000000..d06bc27db --- /dev/null +++ b/makefu/2configs/vpn/vpnws/client.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: +{ + users.users.makefu.packages = with pkgs; [ iproute vpn-ws ]; + # vpn-ws-client vpnws wss://localhost/vpn --no-verify --exec "ip link set vpnws up;ip addr add 10.244.1.2/24 dev vpnws" + networking.interfaces.vpnws = { + virtual = true; + virtualType = "tap"; + }; +} diff --git a/makefu/2configs/nginx/euer.blog.vpn.nix b/makefu/2configs/vpn/vpnws/server.nix similarity index 55% rename from makefu/2configs/nginx/euer.blog.vpn.nix rename to makefu/2configs/vpn/vpnws/server.nix index b3db0bc60..6baa5ff11 100644 --- a/makefu/2configs/nginx/euer.blog.vpn.nix +++ b/makefu/2configs/vpn/vpnws/server.nix @@ -4,11 +4,20 @@ let uid = "nginx"; gid = "nginx"; ip = "${pkgs.iproute}/bin/ip"; + socket = "/run/vpn.sock"; + htpasswd = (toString ) + "/vpn-ws-auth"; + nginx-prepared-secrets = "/var/spool/nginx/vpn-ws-auth"; in { + systemd.services.vpn-ws-auth-prepare = { + wantedBy = [ "multi-user.target" ]; + before = [ "nginx.service" ]; + script = "install -m700 -o${uid} -g${gid} ${htpasswd} ${nginx-prepared-secrets}"; + }; services.nginx.virtualHosts."euer.krebsco.de".locations."/vpn" = { - # TODO client auth extraConfig = '' - uwsgi_pass unix:/run/vpn.sock; + auth_basic "please stand by..."; + auth_basic_user_file ${nginx-prepared-secrets}; + uwsgi_pass unix:${socket}; include ${pkgs.nginx}/conf/uwsgi_params; ''; }; @@ -27,9 +36,7 @@ in { ${ip} link set vpnws up ${ip} addr add 10.244.1.1/24 dev vpnws || : ''; - ExecStart = pkgs.writeDash "vpnws-start" '' - ${pkg}/bin/vpn-ws --tuntap vpnws /run/vpn.sock - ''; + ExecStart = "${pkg}/bin/vpn-ws --uid ${uid} --gid ${gid} --tuntap vpnws ${socket}"; }; }; } From 96c7074c08e914a230124073ef6209bb9b888108 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 18 Dec 2017 21:29:13 +0100 Subject: [PATCH 05/46] ma remote-build: update to only use hotdog --- makefu/2configs/remote-build/master.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/makefu/2configs/remote-build/master.nix b/makefu/2configs/remote-build/master.nix index 4ad2c5ed8..2a2c68119 100644 --- a/makefu/2configs/remote-build/master.nix +++ b/makefu/2configs/remote-build/master.nix @@ -8,7 +8,7 @@ in { { inherit hostName sshKey; sshUser = "nixBuild"; system = "x86_64-linux"; - maxJobs = 1; - }) [ "omo.r" "gum.r" "latte.r" ]; - # puyak.r "wbob.r" + maxJobs = 8; + }) [ "hotdog.r" ]; + # puyak.r "wbob.r" "omo.r" "gum.r" "latte.r" } From 2589f81f9a9f53ccfc40d946ca693a83f2c81900 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 26 Dec 2017 23:20:56 +0100 Subject: [PATCH 06/46] x: use nixos-hardware --- makefu/1systems/x/source.nix | 2 ++ makefu/2configs/hw/tp-x230.nix | 30 +++--------------------------- makefu/2configs/hw/tp-x2x0.nix | 2 ++ makefu/source.nix | 18 +++++++++++++++++- 4 files changed, 24 insertions(+), 28 deletions(-) diff --git a/makefu/1systems/x/source.nix b/makefu/1systems/x/source.nix index 6dc17b656..6278877c3 100644 --- a/makefu/1systems/x/source.nix +++ b/makefu/1systems/x/source.nix @@ -1,5 +1,7 @@ import { name="x"; full = true; + python = true; + hw = true; # torrent = true; } diff --git a/makefu/2configs/hw/tp-x230.nix b/makefu/2configs/hw/tp-x230.nix index 14572b35c..ec4e05d1b 100644 --- a/makefu/2configs/hw/tp-x230.nix +++ b/makefu/2configs/hw/tp-x230.nix @@ -3,38 +3,14 @@ with import ; { - imports = [ ./tp-x2x0.nix ]; - boot = { - # tp-smapi is not supported bt x230 anymore - kernelModules = [ - "kvm-intel" - "thinkpad_ec" - "acpi_call" - # "thinkpad_acpi" - # "tpm-rng" - ]; - extraModulePackages = [ - config.boot.kernelPackages.acpi_call - ]; - # support backlight adjustment - kernelParams = [ "acpi_osi=Linux" "acpi_backlight=vendor" ]; - }; + imports = [ ./tp-x2x0.nix ]; # configured media keys inside awesomerc # sound.mediaKeys.enable = true; hardware.bluetooth.enable = true; - services.acpid.enable = true; - hardware.opengl.extraPackages = [ pkgs.vaapiIntel pkgs.vaapiVdpau ]; - services.xserver = { - videoDriver = "intel"; - deviceSection = '' - Option "AccelMethod" "sna" - Option "Backlight" "intel_backlight" - ''; - }; - - security.rngd.enable = true; + # possible i915 powersave options: + # options i915 enable_rc6=1 enable_fbc=1 semaphores=1 services.xserver.displayManager.sessionCommands ='' xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1 diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index 81c4bf4c8..680545c99 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -17,6 +17,8 @@ with import ; # enable synaptics so we can easily disable the touchpad # enable the touchpad with `synclient TouchpadOff=0` + + services.xserver.libinput.enable = false; services.xserver.synaptics = { enable = true; additionalOptions = ''Option "TouchpadOff" "1"''; diff --git a/makefu/source.nix b/makefu/source.nix index ce5855430..2456dc76e 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -4,7 +4,9 @@ host@{ name, secure ? false, full ? false, torrent ? false, - musnix ? false + hw ? false, + musnix ? false, + python ? false }: let builder = if getEnv "dummy_secrets" == "true" @@ -45,6 +47,20 @@ in ref = "d8b989f"; }; }) + + (mkIf ( hw ) { + nixos-hardware.git = { + url = https://github.com/makefu/nixos-hardware.git; + ref = "1fef1c1"; + }; + }) + + (mkIf ( python ) { + python.git = { + url = https://github.com/garbas/nixpkgs-python; + ref = "cac319b"; + }; + }) (mkIf ( torrent ) { torrent-secrets.file = getAttr builder { buildbot = toString ; From 6124dfffcf321c52a7a83880ec8a1ce0183009ba Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 27 Dec 2017 06:12:07 +0100 Subject: [PATCH 07/46] hw/exfat-nofuse -> tools/mobility --- makefu/2configs/hw/exfat-nofuse.nix | 4 ---- makefu/2configs/tools/all.nix | 1 + makefu/2configs/tools/dev.nix | 3 ++- makefu/2configs/tools/mobility.nix | 8 ++++++++ 4 files changed, 11 insertions(+), 5 deletions(-) delete mode 100644 makefu/2configs/hw/exfat-nofuse.nix create mode 100644 makefu/2configs/tools/mobility.nix diff --git a/makefu/2configs/hw/exfat-nofuse.nix b/makefu/2configs/hw/exfat-nofuse.nix deleted file mode 100644 index ca3485e9f..000000000 --- a/makefu/2configs/hw/exfat-nofuse.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ config, ... }: -{ - boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; -} diff --git a/makefu/2configs/tools/all.nix b/makefu/2configs/tools/all.nix index 7755e2872..1ac22e34c 100644 --- a/makefu/2configs/tools/all.nix +++ b/makefu/2configs/tools/all.nix @@ -7,6 +7,7 @@ ./extra-gui.nix ./games.nix ./media.nix + ./mobility.nix ./scanner-tools.nix ./sec.nix ./sec-gui.nix diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index 26e9808b2..0f8a76c29 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -2,8 +2,9 @@ { users.users.makefu.packages = with pkgs;[ - python3Packages.virtualenv + python3 python3Packages.pyserial + python3Packages.virtualenv # embedded gi flashrom diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix new file mode 100644 index 000000000..70d376608 --- /dev/null +++ b/makefu/2configs/tools/mobility.nix @@ -0,0 +1,8 @@ +{ config, pkgs, ... }: +{ + users.users.makefu.packages = with pkgs;[ + go-mtpfs + ]; + + boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; +} From 9d4436644115c2cc5c130d9c210c201bb506c789 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 15:10:22 +0100 Subject: [PATCH 08/46] ma source: use official nixos-hardware --- makefu/source.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/makefu/source.nix b/makefu/source.nix index 2456dc76e..fde1d9680 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -50,8 +50,8 @@ in (mkIf ( hw ) { nixos-hardware.git = { - url = https://github.com/makefu/nixos-hardware.git; - ref = "1fef1c1"; + url = https://github.com/nixos/nixos-hardware.git; + ref = "8a05dc9"; }; }) From 4cc193cffd02ca5352d47ab4772f468acb3973b6 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 16:00:14 +0100 Subject: [PATCH 09/46] ma hw: add kvm-intel --- makefu/2configs/hw/tp-x2x0.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index 680545c99..f33c12a8f 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -5,6 +5,11 @@ with import ; imports = [ ./tpm.nix ]; + + boot.kernelModules = [ + "kvm-intel" + ]; + networking.wireless.enable = lib.mkDefault true; hardware.enableAllFirmware = true; From 4414e50bb84c307627e5c9ec71510ab907d87c62 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 16:00:40 +0100 Subject: [PATCH 10/46] ma vpn-ws: fix sha256 --- makefu/5pkgs/vpn-ws/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/5pkgs/vpn-ws/default.nix b/makefu/5pkgs/vpn-ws/default.nix index 71573384d..1f2e45fe4 100644 --- a/makefu/5pkgs/vpn-ws/default.nix +++ b/makefu/5pkgs/vpn-ws/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation rec { owner = "unbit"; repo = "vpn-ws"; rev = version; - sha256 = "068vzrpzgksadb31khancnpkgzhdcr6kh6k9wgm77q68skwl3w0k"; + sha256 = "0k7338xxvg1k988zz3nb681nsqmfiik9bnkk7jmxjz7j0wfwq8nj"; }; patchPhase = '' From 4ab161be0aed7598ebbc32ed95d13e979ab2dbcf Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 16:01:57 +0100 Subject: [PATCH 11/46] pkgs.Reaktor: add help for shack-correct --- krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh b/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh index 3b4d04f80..d500b3cb3 100644 --- a/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh +++ b/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh @@ -2,5 +2,5 @@ set -eu printf "Sie meinten wohl \"" echo -n $@ | sed 's/Shack/shack/g' -echo "\"" +echo "\" check out https://wiki.shackspace.de/project/logo_and_ci#name_ci" echo "${_from}--" From 161c810b7470727da320b617b874002f43c8fd6f Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 16:02:32 +0100 Subject: [PATCH 12/46] forticlientsslvpn: use archive.org --- krebs/5pkgs/simple/fortclientsslvpn/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/simple/fortclientsslvpn/default.nix b/krebs/5pkgs/simple/fortclientsslvpn/default.nix index cbcfab05f..1f86d6fe4 100644 --- a/krebs/5pkgs/simple/fortclientsslvpn/default.nix +++ b/krebs/5pkgs/simple/fortclientsslvpn/default.nix @@ -12,8 +12,8 @@ stdenv.mkDerivation rec { src = fetchurl { # archive.org mirror: - # https://archive.org/download/ForticlientsslvpnLinux4.4.23171.tar/forticlientsslvpn_linux_4.4.2317.tar.gz - url = http://www.zen.co.uk/userfiles/knowledgebase/FortigateSSLVPNClient/forticlientsslvpn_linux_4.4.2317.tar.gz; + url = https://archive.org/download/ForticlientsslvpnLinux4.4.23171.tar/forticlientsslvpn_linux_4.4.2317.tar.gz; + # url = http://www.zen.co.uk/userfiles/knowledgebase/FortigateSSLVPNClient/forticlientsslvpn_linux_4.4.2317.tar.gz; sha256 = "19clnf9rgrnwazlpah8zz5kvz6kc8lxawrgmksx25k5ywflmbcrr"; }; phases = [ "unpackPhase" "buildPhase" "installPhase" "fixupPhase" ]; From 14634592a67b874d3fe9b47efd0d06aca72f5e5e Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 16:03:05 +0100 Subject: [PATCH 13/46] ma fileleech: retab, use torrent --- makefu/1systems/fileleech/config.nix | 75 +++++++++++++++------------- 1 file changed, 40 insertions(+), 35 deletions(-) diff --git a/makefu/1systems/fileleech/config.nix b/makefu/1systems/fileleech/config.nix index b5ec370a5..e36afecd5 100644 --- a/makefu/1systems/fileleech/config.nix +++ b/makefu/1systems/fileleech/config.nix @@ -6,18 +6,18 @@ let rootDisk = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN"; rootPartition = rootDisk + "-part3"; - dataDisks = let - idpart = dev: byid dev + "-part1"; - in [ - { name = "crypt0"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GDLJEF";} - { name = "crypt1"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GGWG8F";} - { name = "crypt2"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GH5NAF";} - { name = "crypt3"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GJWGDF";} - { name = "crypt4"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXHF";} - { name = "crypt5"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXVF";} - { name = "crypt6"; device = idpart "scsi-1ATA_HUA722020ALA330_YAJJ8WRV";} - { name = "crypt7"; device = idpart "scsi-1ATA_HUA722020ALA330_YBKTUS4F";} # parity - ]; + dataDisks = let + idpart = dev: byid dev + "-part1"; + in [ + { name = "crypt0"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GDLJEF";} + { name = "crypt1"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GGWG8F";} + { name = "crypt2"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GH5NAF";} + { name = "crypt3"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GJWGDF";} + { name = "crypt4"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXHF";} + { name = "crypt5"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXVF";} + { name = "crypt6"; device = idpart "scsi-1ATA_HUA722020ALA330_YAJJ8WRV";} + { name = "crypt7"; device = idpart "scsi-1ATA_HUA722020ALA330_YBKTUS4F";} # parity + ]; disks = [ { name = "luksroot"; device = rootPartition; } ] ++ dataDisks; in { @@ -25,13 +25,13 @@ in { - # + # - - - + # + # + # ]; systemd.services.grafana.serviceConfig.LimitNOFILE=10032; @@ -42,8 +42,8 @@ in { enable = true; build.host = config.krebs.hosts.fileleech; }; - # git clone https://github.com/makefu/docker-pyload - # docker build . + # git clone https://github.com/makefu/docker-pyload + # docker build . # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P docker-pyload virtualisation.docker.enable = true; # for pyload @@ -60,7 +60,7 @@ in { ]; services.nginx.virtualHosts._download = { default = true; - root = "/media/cryptX"; + root = config.makefu.dl-dir; extraConfig = '' autoindex on; ''; @@ -80,10 +80,11 @@ in { services.sabnzbd.enable = true; systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + # TODO use users.motd and pam.services.sshd.showMotd services.openssh.extraConfig = let banner = pkgs.writeText "openssh-banner" '' Services: - ssh://download@fileleech - ssh via filebitch.shack - ftp://download@fileleech - access to /media/cryptX + ssh://download@fileleech - ssh via filebitch + ftp://download@fileleech - access to ${config.makefu.dl-dir} http://fileleech:8112 - rutorrent http://fileleech:8113 - pyload https://fileleech:9090 - sabnzb @@ -104,13 +105,13 @@ in { cryptMount = name: { "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };}; in cryptMount "crypt0" - // cryptMount "crypt1" - // cryptMount "crypt2" - // cryptMount "crypt3" - // cryptMount "crypt4" - // cryptMount "crypt5" - // cryptMount "crypt6" - // cryptMount "crypt7" + // cryptMount "crypt1" + // cryptMount "crypt2" + // cryptMount "crypt3" + // cryptMount "crypt4" + // cryptMount "crypt5" + // cryptMount "crypt6" + // cryptMount "crypt7" # this entry sometimes creates issues // { "/media/cryptX" = { @@ -121,10 +122,10 @@ in { } ; + makefu.dl-dir = "/media/cryptX"; users.users.download = { useDefaultShell = true; # name = "download"; - home = "/media/cryptX/"; # createHome = true; openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey @@ -132,7 +133,7 @@ in { "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7betFnMWVeBYRhJ+2f0B5WbDdbpteIVg/BlyimXbx79R7lZ7nUq5GyMLrp7B00frUuA0su8oFFN3ODPJDstgBslBIP7kWPR2zW8NOXorrbFo3J2fKvlO77k6/wD5/M11m5nS01/aVJgAgMGLg2W12G7EMf5Wq75YsQJC/S9p8kMca589djMPRuQETu7fWq0t/Gmwq+2ELLL0csRK87LvybA92JYkAIneRnGzIlCguOXq0Vcq6pGQ1J1PfVEP76Do33X29l2hZc/+vR9ExW6s2g7fs5/5LDX9Wnq7+AEsxiEf4IOeL0hCG4/CGGCN23J+6cDrNKOP94AHO1si0O2lxFsxgNU2vdVWPNgSLottiUFBPPNEZFD++sZyutzH6PIz6D90hB2Q52X6WN9ZUtlDfQ91rHd+S2BhR6f4dAqiRDXlI5MNNDdoTT4S5R0wU/UrNwjiV/xiu/hWZYGQK7YgY4grFRblr378r8FqjLvumPDFMDLVa9eJKq1ad1x/GV5tZpsttzWj4nbixaKlZOg+TN2GHboujLx3bANz1Jqfvfto8UOeKTtA8pkb8E1PJPpBMOZcA7oHaqJrp6Vuf/SkmglHnQvGbi60OK3s61nuRmIcBiTXd+4qeAJpq1QyEDj3X/+hV0Gwz8rCo6JGkF1ETW37ZYvqU9rxNXjS+/Pfktw== jules@kvasir-2015-02-13" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDINUD+p2yrc9KoTbCiuYhdfLlRu/eNX6BftToSMLs8O9qWQORjgXbDn8M9iUWXCHzdUZ9sm6Rz8TMdEV0jZq/nB01zYnW4NhMrt+NGtrmGqDa+eYrRZ4G7Rx8AYzM/ZSwERKX10txAVugV44xswRxWvFbCedujjXyWsxelf1ngb+Hiy9/CPuWNYEhTZs/YuvNkupCui2BuKuoSivJAkLhGk5YqwwcllCr39YXa/tFJWsgoQNcB9hwpzfhFm6Cc7m5DhmTWSVhQHEWyaas8Lukmd4v+mRY+KZpuhbomCHWzkxqzdBun8SXiiAKlgem9rtBIgeTEfz9OtOfF3/6VfqE7 toerb@mittagspause ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0IP143FAHBHWjEEKGOnM8SSTIgNF1MJxGCMKaJvTHf momo@k2.local" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1ZJSpBb7Cxo+c2r2JJIcbYOTm/sJxOv2NFRoDfjxGS9CCwzRbzrwJcv2d23j35mu97x3+fUvo8DyMFLvLvume2PFCijqhMDzZZvjYXZdvXA+hnh53nqZf+Pjq8Xc3tSWBHQxUokaBmZbd4LlKHh8NgKVrP2zve6OPZMzo/Es93v37KEmT8d/PfVMrQEMPZzFrCVdq2RbpdQ1nhx09zRFW7OJOazgotafjx6IYXbVq2VDnjffXInsE9ZxDzYq1cNKIH0c2BLpTd3mv76iD9i+nD6W6s48+usFQnVLt2TY1uKkfMr7043E6jBxx5kNHBe5Xxr6Zs0SkR8kKOEhMO//4ucviUYKZJn8wk2SLkAyMYVBexx8jrTdlI4xgQ7RLpSIDTCm9dfbZY/YhZDJ21lsWduQqu7DFWMe05gg4NZDjf2kwYQOzATyqISGA7ttSEPT1iymr/ffAOgLBLSqWQAteUbI2U5cnflWZGwm33JF/Pyb4S3k3/f2mIBKiRx2lsGv6mx1w0SaYRtJxDWqGYMHuFiNYbq9r/bZfLqV3Fy9kRODFJTfJh8mcTnC4zabpiQ7fnqbh1qHu0WrrBSgFW0PR2WWCJ0e5Btj1yRgXp0+d5OuxxlVInRs+l2HogdxjonMhAHrTCzJtI8UJTKXKN0FBPRDRcepeExhvNqcOUz4Kvw== me@andreaskist.de" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo2z8zsI+YF3ho0hvYzzCZi05mNyjk4iFK08+nNFCdXSG07jmRROWzTcC2ysTKZ56XD2al2abLxy4FZfmDcu9b2zJoPnIiXv/Jw0TKeZ71OyN3bILtv+6Xj1FTJ+kAUMXBfEew7UCgZZ8u8RQsFmlhqB9XqCBXmzP7I2EM1wWSzwEAgG/k6C+Ir054JjAj+fLr/wBduD1GAe8bXXF3Ojiky8OMs2oJaoGV96mrVAtVN+ftfWSvHCK31Y/KgCoPDE4LdoTir1IRfx2pZUMPkyzRW/etXT0PKD96I+/3d1xNPzNNjFpd6GqADC3xnfY3WslNgjL7gqwsC9SlEyuT1Xkd lotho@mercurius" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo2z8zsI+YF3ho0hvYzzCZi05mNyjk4iFK08+nNFCdXSG07jmRROWzTcC2ysTKZ56XD2al2abLxy4FZfmDcu9b2zJoPnIiXv/Jw0TKeZ71OyN3bILtv+6Xj1FTJ+kAUMXBfEew7UCgZZ8u8RQsFmlhqB9XqCBXmzP7I2EM1wWSzwEAgG/k6C+Ir054JjAj+fLr/wBduD1GAe8bXXF3Ojiky8OMs2oJaoGV96mrVAtVN+ftfWSvHCK31Y/KgCoPDE4LdoTir1IRfx2pZUMPkyzRW/etXT0PKD96I+/3d1xNPzNNjFpd6GqADC3xnfY3WslNgjL7gqwsC9SlEyuT1Xkd lotho@mercurius" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClaVl9Fwp4wdGLeTZdfy5MpJf+hM6fpL1k6UmtYXWgVYU7tgmStdlpLlbyMQspoFRtT7/76n4kPwCmM0c82xNXaJJMuWa98pwMp+bAwSSdOGAP/vjfzL/TUAX+Xtrw6ehF7r1O+zqw/E/bWt6UezKj08wDLWjByzdDQwslJV6lrGek4mmYRdgmHHeZ1oG89ePEZJZOM6jcZqv0AfIj0NID3ir9Z0kz9uSSXb1279Qt4953mfjs5xwhtc1B7vrxJ3qtTZUsBoAkUkLeulUEIjkfn60wvDGu/66GP5ZClXyk2gck/ZNmtFYrQoqx9EtF1KK02cC17A0nfRySQy5BnfWn root@filebitch" ]; }; @@ -142,15 +143,19 @@ in { parity = toMapper 7; }; networking.nameservers = [ "8.8.8.8" ]; - #networking.interfaces.enp6s0f0.ip4 = [{ - # address = "151.217.173.20"; - # prefixLength = 22; - #}]; - #networking.defaultGateway = "151.217.172.1"; + # SPF + networking.defaultGateway = "151.217.176.1"; + networking.interfaces.enp6s0f0.ip4 = [{ + address = "151.217.178.63"; + prefixLength = 22; + }]; + + # Gigabit networking.interfaces.enp8s0f1.ip4 = [{ address = "192.168.126.1"; prefixLength = 24; }]; + #interfaces.enp6s0f1.ip4 = [{ # address = external-ip; # prefixLength = 22; From 6f150a4ab47f037c1b8ec5e8d1675d86b0738155 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 16:03:38 +0100 Subject: [PATCH 14/46] ma gum.r: use wireguard, vpnws --- makefu/1systems/gum/config.nix | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index b66ef1ab8..4981872c0 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -48,9 +48,14 @@ in { # - + + # network + + + + # buildbot ## Web @@ -103,15 +108,16 @@ in { #} { # wireguard server networking.firewall.allowedUDPPorts = [ 51820 ]; - #networking.wireguard.interfaces.wg0 = { - # ips = [ "10.244.0.1/24" ]; - # privateKeyFile = (toString ) + "/wireguard.key"; - # allowedIPsAsRoutes = true; - # peers = [{ - # allowedIPs = [ "0.0.0.0/0" "::/0" ]; - # publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; - # }]; - #}; + networking.wireguard.interfaces.wg0 = { + ips = [ "10.244.0.1/24" ]; + privateKeyFile = (toString ) + "/wireguard.key"; + allowedIPsAsRoutes = true; + peers = [{ + # allowedIPs = [ "0.0.0.0/0" "::/0" ]; + allowedIPs = [ "10.244.0.2/32" ]; + publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; + }]; + }; } ]; From 040f6f9f5c7808ea188444f15a704818f94624f7 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 16:04:47 +0100 Subject: [PATCH 15/46] ma vbob.r: prepare pppd --- makefu/1systems/vbob/config.nix | 64 +++++++++++++++++++++------------ 1 file changed, 41 insertions(+), 23 deletions(-) diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix index f71634501..f318c0e61 100644 --- a/makefu/1systems/vbob/config.nix +++ b/makefu/1systems/vbob/config.nix @@ -3,37 +3,57 @@ krebs.build.host = config.krebs.hosts.vbob; makefu.awesome.modkey = "Mod1"; imports = - [ # Include the results of the hardware scan. + [ - (toString ) - (toString ) + { + imports = [ ]; + boot.loader.grub.device = "/dev/vda"; + } + # { + # imports = [ + # + # ]; + # virtualbox.baseImageSize = 35 * 1024; + # fileSystems."/media/share" = { + # fsType = "vboxsf"; + # device = "share"; + # options = [ "rw" "uid=9001" "gid=9001" ]; + # }; + # } + + # { + # imports = [ + # + # ]; + # fileSystems."/nix" = { + # device ="/dev/disk/by-label/nixstore"; + # fsType = "ext4"; + # }; + # } + + # base gui - + # + # + + # security # Tools - - - + # + # # environment - - - ]; networking.extraHosts = import (toString ); nixpkgs.config.allowUnfree = true; - fileSystems."/nix" = { - device ="/dev/disk/by-label/nixstore"; - fsType = "ext4"; - }; # allow vbob to deploy self users.extraUsers = { @@ -45,9 +65,13 @@ environment.shellAliases = { forti = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn"; }; - # TODO: for forticleintsslpn - # ln -s /r/current-system/sw/bin/pppd /usr/sbin/pppd - # ln -s /r/current-system/sw/bin/tail /usr/bin/tail + + system.activationScripts.prepare-fortclientvpnssl = '' + # TODO: for forticlientsslpn + mkdir -p /usr/{s,}bin + ln -fs ${pkgs.ppp}/bin/pppd /usr/sbin/pppd + ln -fs ${pkgs.coreutils}/bin/tail /usr/bin/tail + ''; environment.systemPackages = with pkgs;[ fortclientsslvpn ppp xclip get @@ -55,7 +79,6 @@ # docker #devpi-web #devpi-client - debmirror ansible ]; # virtualisation.docker.enable = true; @@ -67,10 +90,5 @@ 8010 ]; - fileSystems."/media/share" = { - fsType = "vboxsf"; - device = "share"; - options = [ "rw" "uid=9001" "gid=9001" ]; - }; } From a7e031c91c65928452b2ba426bfcb22be238262d Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 16:05:12 +0100 Subject: [PATCH 16/46] ma vbob.source: do not deploy musnix --- makefu/1systems/vbob/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/1systems/vbob/source.nix b/makefu/1systems/vbob/source.nix index 5b726e40b..5419215e2 100644 --- a/makefu/1systems/vbob/source.nix +++ b/makefu/1systems/vbob/source.nix @@ -1,4 +1,4 @@ import { name="vbob"; - musnix = true; + # musnix = true; } From 555a0ec0f368b5b594446096c7e9b93f6926f7a6 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 16:05:39 +0100 Subject: [PATCH 17/46] ma wbob.r: receive bamstats --- makefu/1systems/wbob/config.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index c30ee4c58..f44211b93 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -32,10 +32,13 @@ in { + # Sensors + # + (let collectd-port = 25826; From 5af2f438441c46bc508a038303b6e36946f7f5d4 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 16:06:49 +0100 Subject: [PATCH 18/46] ma stats.airsensor: generate Topic receiver --- makefu/2configs/stats/telegraf/airsensor.nix | 36 ++++++++++++++++++-- 1 file changed, 33 insertions(+), 3 deletions(-) diff --git a/makefu/2configs/stats/telegraf/airsensor.nix b/makefu/2configs/stats/telegraf/airsensor.nix index 09d23e7d4..9d481000f 100644 --- a/makefu/2configs/stats/telegraf/airsensor.nix +++ b/makefu/2configs/stats/telegraf/airsensor.nix @@ -1,11 +1,36 @@ { pkgs, ...}: - -{ +let + genTopic = name: topic: tags: { + servers = [ "tcp://localhost:1883" ]; + qos = 0; + connection_timeout = "30s"; + topics = [ topic ]; + tags = tags; + persistent_session = false; + name_override = name; + data_format = "value"; + data_type = "float"; + }; + bamStat = stat: # Temperature or Humidity + host: # easy{1-4} + sensor: # dht11, dht22, ds18 + (genTopic stat + "/bam/${host}/${sensor}/${stat}" + {"host" = host; + "scope" = "bam"; + "sensor" = sensor; + } ); + dht22 = host: [(bamStat "Temperature" host "dht22") + (bamStat "Humidity" host "dht22")]; + dht11 = host: [(bamStat "Temperature" host "dht11") + (bamStat "Humidity" host "dht11")]; + ds18 = host: [(bamStat "Temperature" host "ds18")]; +in { services.udev.extraRules = '' SUBSYSTEMS=="usb", ATTRS{product}=="iAQ Stick", GROUP="input" ''; users.users.telegraf.extraGroups = [ "input" ]; - services.telegraf.extraConfig.inputs.exec = [ + services.telegraf.extraConfig.inputs.exec = [ { commands = [ "${pkgs.airsensor-py}/bin/airsensor-py"]; timeout = "10s"; @@ -16,4 +41,9 @@ tags.unit="VOC"; } ]; + services.telegraf.extraConfig.inputs.mqtt_consumer = + (dht22 "easy1") + ++ (dht22 "easy2") + ++ (dht11 "easy3") + ++ (ds18 "easy3"); } From ce8efbc80bc05f27f55ea87be2d826134afec6fd Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 16:10:07 +0100 Subject: [PATCH 19/46] ma torrent: set workDir instead of downloadDir --- makefu/2configs/torrent.nix | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/makefu/2configs/torrent.nix b/makefu/2configs/torrent.nix index d063ad3e3..a076479c2 100644 --- a/makefu/2configs/torrent.nix +++ b/makefu/2configs/torrent.nix @@ -8,13 +8,13 @@ let peer-port = 51412; web-port = 8112; daemon-port = 58846; - dl-dir = config.makefu.dl-dir; + torrent-dir = config.makefu.dl-dir; in { users.users = { download = { name = "download"; - home = dl-dir; + home = torrent-dir; uid = mkDefault (genid "download"); createHome = true; useDefaultShell = true; @@ -26,9 +26,9 @@ in { # todo: race condition, do this after download user has been created system.activationScripts."download-dir-chmod" = '' for i in finished watch torrents; do - mkdir -p "${dl-dir}/$i" - chown download:download "${dl-dir}/$i" - chmod 770 "${dl-dir}/$i" + mkdir -p "${torrent-dir}/$i" + chown download:download "${torrent-dir}/$i" + chmod 770 "${torrent-dir}/$i" done ''; @@ -54,9 +54,8 @@ in { rutorrent.enable = true; enableXMLRPC = true; listenPort = peer-port; - downloadDir = dl-dir + "/finished"; + workDir = torrent-dir; # dump old torrents into watch folder to have them re-added - watchDir = dl-dir +"/watch"; }; networking.firewall.extraCommands = '' From b7954ebe00060a93191253d40ad5869e65b50966 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Dec 2017 00:12:37 +0100 Subject: [PATCH 20/46] ma mosh: init --- makefu/1systems/gum/config.nix | 1 + makefu/1systems/omo/config.nix | 1 + makefu/2configs/mosh.nix | 3 +++ makefu/2configs/tools/mobility.nix | 1 + 4 files changed, 6 insertions(+) create mode 100644 makefu/2configs/mosh.nix diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 4981872c0..1fe0b62f9 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -48,6 +48,7 @@ in { # + # network diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 4af87dc10..aaecebadc 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -47,6 +47,7 @@ in { + # # # diff --git a/makefu/2configs/mosh.nix b/makefu/2configs/mosh.nix new file mode 100644 index 000000000..1c2e34e0b --- /dev/null +++ b/makefu/2configs/mosh.nix @@ -0,0 +1,3 @@ +{ + programs.mosh.enable = true; +} diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix index 70d376608..1993a5212 100644 --- a/makefu/2configs/tools/mobility.nix +++ b/makefu/2configs/tools/mobility.nix @@ -2,6 +2,7 @@ { users.users.makefu.packages = with pkgs;[ go-mtpfs + mosh ]; boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; From a6891271f1bfd3b130dedec51961288f37853420 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Dec 2017 02:44:11 +0100 Subject: [PATCH 21/46] ma tools: add tig --- makefu/2configs/tools/dev.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index 0f8a76c29..04a65df26 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -21,5 +21,7 @@ gen-oath-safe cdrtools stockholm + # git-related + tig ]; } From dd817f9e26ee2aeae839dddc73b869d218a337cb Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 29 Dec 2017 15:27:06 +0100 Subject: [PATCH 22/46] l nixpkgs: 53e6d67 -> 3aec59c --- lass/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/source.nix b/lass/source.nix index de7351604..473dd2cf2 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "53e6d67"; + ref = "3aec59c"; }; secrets = getAttr builder { buildbot.file = toString ; From 181bd547f370848df1a49f886355e6fe8853c02f Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 30 Dec 2017 14:11:43 +0100 Subject: [PATCH 23/46] ma x.r: remove exfat-nofuse --- makefu/1systems/x/config.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 1dd1a070f..3686acb6e 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -60,7 +60,6 @@ with import ; # Hardware - # # From a1a2ab22950e3217a4a0496b3ae350de861e595e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 31 Dec 2017 02:37:32 +0100 Subject: [PATCH 24/46] hw x220: force rngd off --- krebs/2configs/hw/x220.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix index 44743b87d..09b10fcbb 100644 --- a/krebs/2configs/hw/x220.nix +++ b/krebs/2configs/hw/x220.nix @@ -23,7 +23,7 @@ with import ; pkgs.vaapiVdpau ]; - security.rngd.enable = true; + security.rngd.enable = mkForce true; services.xserver = { videoDriver = "intel"; From 9babbab936696b12ee850274529492a57cff523b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 31 Dec 2017 02:39:22 +0100 Subject: [PATCH 25/46] init bitlbee-discord --- .../5pkgs/simple/bitlbee-discord/default.nix | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 krebs/5pkgs/simple/bitlbee-discord/default.nix diff --git a/krebs/5pkgs/simple/bitlbee-discord/default.nix b/krebs/5pkgs/simple/bitlbee-discord/default.nix new file mode 100644 index 000000000..da6a58801 --- /dev/null +++ b/krebs/5pkgs/simple/bitlbee-discord/default.nix @@ -0,0 +1,29 @@ +{ fetchurl, fetchFromGitHub, stdenv, bitlbee, autoconf, automake, libtool, pkgconfig, glib }: + +with stdenv.lib; +stdenv.mkDerivation rec { + name = "bitlbee-discord-2017-12-27"; + + src = fetchFromGitHub { + rev = "6a03db169ad44fee55609ecd16e19f3c0f99a182"; + owner = "sm00th"; + repo = "bitlbee-discord"; + sha256 = "1ci9a12c6zg8d6i9f95pq6dal79cp4klmmsyj8ag2gin90kl3x95"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ bitlbee autoconf automake libtool glib ]; + + preConfigure = '' + export BITLBEE_PLUGINDIR=$out/lib/bitlbee + ./autogen.sh + ''; + + meta = { + description = "Bitlbee plugin for Discord"; + + homepage = https://github.com/sm00th/bitlbee-discord; + license = licenses.gpl2Plus; + platforms = stdenv.lib.platforms.linux; + }; +} From f53dac60601ee2d10731e859f09f541342979b82 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 31 Dec 2017 02:40:30 +0100 Subject: [PATCH 26/46] l bitlbee: add more plugins --- lass/2configs/bitlbee.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/bitlbee.nix b/lass/2configs/bitlbee.nix index b23628dc5..e7be0a61c 100644 --- a/lass/2configs/bitlbee.nix +++ b/lass/2configs/bitlbee.nix @@ -7,6 +7,8 @@ plugins = [ pkgs.bitlbee-facebook pkgs.bitlbee-steam + pkgs.bitlbee-discord ]; + libpurple_plugins = [ pkgs.telegram-purple ]; }; } From 91e13324ec4d16f15ab2f4113802752f0cb4d7e6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 31 Dec 2017 02:42:01 +0100 Subject: [PATCH 27/46] l weechat: add service --- lass/2configs/weechat.nix | 52 +++++++++++++++++++++++---------------- 1 file changed, 31 insertions(+), 21 deletions(-) diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix index d5496ac09..b94cb0634 100644 --- a/lass/2configs/weechat.nix +++ b/lass/2configs/weechat.nix @@ -1,12 +1,24 @@ +with (import ); { config, lib, pkgs, ... }: let - inherit (import ) genid; + tmux = pkgs.writeDash "tmux" '' + exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" '' + set-option -g prefix ` + unbind-key C-b + bind ` send-prefix + + set-option -g status off + set-option -g default-terminal screen-256color + + #use session instead of windows + bind-key c new-session + bind-key p switch-client -p + bind-key n switch-client -n + bind-key C-s switch-client -l + ''} "$@" + ''; in { - krebs.per-user.chat.packages = with pkgs; [ - mosh - weechat - ]; users.extraUsers.chat = { home = "/home/chat"; @@ -24,24 +36,22 @@ in { # mosh krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} + { predicate = "-p tcp --dport 9999"; target = "ACCEPT";} ]; - #systemd.services.chat = { - # description = "chat environment setup"; - # after = [ "network.target" ]; - # wantedBy = [ "multi-user.target" ]; + systemd.services.chat = { + description = "chat environment setup"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; - # path = with pkgs; [ - # weechat - # tmux - # ]; + restartIfChanged = false; - # restartIfChanged = true; - - # serviceConfig = { - # User = "chat"; - # Restart = "always"; - # ExecStart = "${pkgs.tmux}/bin/tmux new -s IM weechat"; - # }; - #}; + serviceConfig = { + User = "chat"; + RemainAfterExit = true; + Type = "oneshot"; + ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat"; + ExecStop = "${tmux} kill-session -t IM"; + }; + }; } From 5ff41af39e8ce98b8ba9f3e4f3f76bffda7e096d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 31 Dec 2017 02:43:36 +0100 Subject: [PATCH 28/46] l news: default ircServer is localhost --- lass/3modules/news.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/3modules/news.nix b/lass/3modules/news.nix index 06b80df8d..b6061736c 100644 --- a/lass/3modules/news.nix +++ b/lass/3modules/news.nix @@ -38,7 +38,7 @@ let }; ircServer = mkOption { type = types.str; - default = "echelon.r"; + default = "localhost"; description = "to which server the bot should connect"; }; }; From 448746ebbc7c8c0258fe88185f32b94c7fcc728d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 31 Dec 2017 02:44:20 +0100 Subject: [PATCH 29/46] l: force timesyncd off --- lass/2configs/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 0e00dc2fd..c68aee330 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -1,5 +1,5 @@ -{ config, pkgs, ... }: with import ; +{ config, pkgs, ... }: { imports = [ ../2configs/binary-cache/client.nix @@ -78,7 +78,7 @@ with import ; users.mutableUsers = false; - services.timesyncd.enable = true; + services.timesyncd.enable = mkForce true; #why is this on in the first place? services.nscd.enable = false; From ae028952a605666e2e7f1c7c063381c775a42df3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 31 Dec 2017 02:45:43 +0100 Subject: [PATCH 30/46] l: enable ssh-agent --- lass/1systems/helios/config.nix | 2 -- lass/2configs/baseX.nix | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 8bd9735a9..fc30a3478 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -120,8 +120,6 @@ with import ; ]; }; - programs.ssh.startAgent = lib.mkForce true; - services.tlp.enable = true; services.xserver.videoDrivers = [ "nvidia" ]; diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 6f5533b0d..59ea0ecb7 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -53,7 +53,7 @@ in { time.timeZone = "Europe/Berlin"; - programs.ssh.startAgent = false; + programs.ssh.startAgent = true; services.openssh.forwardX11 = true; services.printing = { From e66f702fc62331a1c06169179929bf2510d41604 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 31 Dec 2017 02:47:21 +0100 Subject: [PATCH 31/46] l mails: add more aliases --- lass/2configs/exim-smarthost.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 2d848773f..94191fcb7 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -49,6 +49,11 @@ with import ; { from = "aliexpress@lassul.us"; to = lass.mail; } { from = "business@lassul.us"; to = lass.mail; } { from = "payeer@lassul.us"; to = lass.mail; } + { from = "github@lassul.us"; to = lass.mail; } + { from = "bitwala@lassul.us"; to = lass.mail; } + { from = "bitstamp@lassul.us"; to = lass.mail; } + { from = "bitcoin.de@lassul.us"; to = lass.mail; } + { from = "ableton@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } From 9084e063938558e31c1e4342c7a3352d7db3b955 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 31 Dec 2017 02:48:02 +0100 Subject: [PATCH 32/46] l xmonad: float pinentry --- lass/5pkgs/xmonad-lass.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index d3f76903d..2dd352bd4 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -66,7 +66,7 @@ main' = do { terminal = myTerm , modMask = mod4Mask , layoutHook = smartBorders $ myLayoutHook - , manageHook = placeHook (smart (1,0)) <+> floatNextHook + , manageHook = placeHook (smart (1,0)) <+> floatNextHook <+> floatHooks , startupHook = whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK")) (\path -> forkFile path [] Nothing) @@ -80,6 +80,14 @@ myLayoutHook = defLayout where defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 ||| simplestFloat) +floatHooks = composeAll . concat $ + [ [ title =? t --> doFloat | t <- myTitleFloats] + , [ className =? c --> doFloat | c <- myClassFloats ] ] + where + myTitleFloats = [] -- for the KDE "open link" popup from konsole + myClassFloats = ["Pinentry"] -- for gpg passphrase entry + + myKeyMap :: [([Char], X ())] myKeyMap = [ ("M4-", spawn "${config.lass.screenlock.command}") From efb159a059e9bf1652ccfc86a81f5bbe5785814a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 31 Dec 2017 02:49:09 +0100 Subject: [PATCH 33/46] l vim: save x-ed text in clipboard again --- lass/2configs/vim.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index f6c736fbc..5fe9e1450 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -103,7 +103,6 @@ let cnoreabbrev Ack Ack! " copy/paste from/to xclipboard - noremap x "_x set clipboard=unnamedplus ''; From 8bee3a7b1a463665bc69f25d3d119ef2b5c587d3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 31 Dec 2017 02:49:38 +0100 Subject: [PATCH 34/46] l reaktor-coders: add sed-plugin --- lass/2configs/reaktor-coders.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix index 61cc7cfe0..f9cf0d96a 100644 --- a/lass/2configs/reaktor-coders.nix +++ b/lass/2configs/reaktor-coders.nix @@ -21,6 +21,7 @@ with import ; -XFlexibleInstances -XMultiParamTypeClasses \ -XOverloadedStrings -XFunctionalDependencies \''; in [ + sed-plugin url-title (buildSimpleReaktorPlugin "lambdabot-pl" { pattern = "^@pl (?P.*)$$"; From d5a69ce257d44c804d1edb679e5667eae6a71853 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 31 Dec 2017 02:52:18 +0100 Subject: [PATCH 35/46] l: merge bitlbee and weechat into IM.nix --- lass/1systems/prism/config.nix | 3 +-- lass/2configs/{weechat.nix => IM.nix} | 0 lass/2configs/bitlbee.nix | 14 -------------- 3 files changed, 1 insertion(+), 16 deletions(-) rename lass/2configs/{weechat.nix => IM.nix} (100%) delete mode 100644 lass/2configs/bitlbee.nix diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 1cca76331..593a1fc9c 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -234,8 +234,7 @@ in { } - - + diff --git a/lass/2configs/weechat.nix b/lass/2configs/IM.nix similarity index 100% rename from lass/2configs/weechat.nix rename to lass/2configs/IM.nix diff --git a/lass/2configs/bitlbee.nix b/lass/2configs/bitlbee.nix deleted file mode 100644 index e7be0a61c..000000000 --- a/lass/2configs/bitlbee.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, pkgs, ... }: - -{ - services.bitlbee = { - enable = true; - portNumber = 6666; - plugins = [ - pkgs.bitlbee-facebook - pkgs.bitlbee-steam - pkgs.bitlbee-discord - ]; - libpurple_plugins = [ pkgs.telegram-purple ]; - }; -} From 073c2a9cb18725f82e45c9e74e51fdea17c73fa3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 31 Dec 2017 03:47:15 +0100 Subject: [PATCH 36/46] tests: add default.nix --- krebs/6tests/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 krebs/6tests/default.nix diff --git a/krebs/6tests/default.nix b/krebs/6tests/default.nix new file mode 100644 index 000000000..c0ca00296 --- /dev/null +++ b/krebs/6tests/default.nix @@ -0,0 +1,6 @@ +with import ; +{ ... }: + +{ + deploy = import ./deploy.nix; +} From 76e1b56c841937fa4b12b8a94aff6e21b8cd27dd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 31 Dec 2017 03:59:13 +0100 Subject: [PATCH 37/46] tests deploy: get pkgs with overlays --- krebs/6tests/deploy.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/krebs/6tests/deploy.nix b/krebs/6tests/deploy.nix index 842bbc22a..99a66dd59 100644 --- a/krebs/6tests/deploy.nix +++ b/krebs/6tests/deploy.nix @@ -1,7 +1,8 @@ with import ; -import ({ pkgs, ... }: +import ({ ... }: let + pkgs = import { overlays = [(import ../5pkgs)]; }; test-config = ; privKey = '' -----BEGIN OPENSSH PRIVATE KEY----- From 9ee5c02e755799e50f265e31c1694190cc2e703a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 31 Dec 2017 04:14:30 +0100 Subject: [PATCH 38/46] tests deploy: cleanup --- krebs/6tests/deploy.nix | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/krebs/6tests/deploy.nix b/krebs/6tests/deploy.nix index 99a66dd59..156e9239f 100644 --- a/krebs/6tests/deploy.nix +++ b/krebs/6tests/deploy.nix @@ -42,15 +42,12 @@ let cd ${} export NIX_PATH=stockholm=${}:nixpkgs=${}:$NIX_PATH exec >&2 - : ${minimalSystem} source=${pkgs.writeJSON "source.json" populate-source} - cat > /tmp/derp < { @@ -71,22 +68,20 @@ in { imports = [ test-config ]; environment.variables = { NIX_PATH = mkForce "nixpkgs=${}"; - #LOL = minimalSystem; }; services.openssh.enable = true; users.extraUsers.root.openssh.authorizedKeys.keys = [ pubKey ]; - #virtualisation.writableStore = true; virtualisation.pathsInNixDB = [ minimalSystem - pkgs.stockholm ]; + environment.systemPackages = [ pkgs.git ]; }; client = - { config, pkgs, ... }: { }; - + { config, pkgs, ... }: + { }; }; testScript = '' From c4a8cc56ef8e900ffa934d965f15d77e23aedc43 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 31 Dec 2017 13:30:17 +0100 Subject: [PATCH 39/46] ci: add tests option --- krebs/3modules/ci.nix | 48 ++++++++++++++++++++++++++++++++++++++----- 1 file changed, 43 insertions(+), 5 deletions(-) diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index b56f5c543..bb19f0602 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -24,6 +24,13 @@ in List of hosts that should be build ''; }; + tests = mkOption { + type = types.listOf types.str; + default = []; + description = '' + List of tests that should be build + ''; + }; }; config = mkIf cfg.enable { @@ -56,14 +63,14 @@ in ''; scheduler = { build-scheduler = '' - # build all hosts sched.append( schedulers.SingleBranchScheduler( change_filter=util.ChangeFilter(branch_re=".*"), treeStableTimer=${toString cfg.treeStableTimer}*60, name="build-all-branches", builderNames=[ - "build-hosts" + ${optionalString (cfg.hosts != []) ''"hosts",''} + ${optionalString (cfg.tests != []) ''"tests",''} ] ) ) @@ -73,7 +80,8 @@ in schedulers.ForceScheduler( name="force", builderNames=[ - "build-hosts" + ${optionalString (cfg.hosts != []) ''"hosts",''} + ${optionalString (cfg.tests != []) ''"tests",''} ] ) ) @@ -91,7 +99,7 @@ in factory.addStep(steps.ShellCommand(**kwargs)) ''; builder = { - build-hosts = '' + hosts = mkIf (cfg.hosts != []) '' f = util.BuildFactory() f.addStep(grab_repo) @@ -120,12 +128,42 @@ in bu.append( util.BuilderConfig( - name="build-hosts", + name="hosts", slavenames=slavenames, factory=f ) ) + ''; + tests = mkIf (cfg.tests != []) '' + f = util.BuildFactory() + f.addStep(grab_repo) + def run_test(test): + addShell(f, + name="{}".format(test), + env={ + "NIX_PATH": "secrets=/var/src/stockholm/null:/var/src", + "NIX_REMOTE": "daemon", + "dummy_secrets": "true", + }, + command=[ + "nix-build", "-I", "stockholm=.", "krebs/6tests", + "-A", "{}".format(test) + ], + timeout=90001 + ) + + ${concatMapStringsSep "\n" (test: + "run_test(\"${test}\")" + ) cfg.tests} + + bu.append( + util.BuilderConfig( + name="tests", + slavenames=slavenames, + factory=f + ) + ) ''; }; enable = true; From fb778e69a208eb8cb2feb2a1c4585e5a12d2efb6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 31 Dec 2017 13:30:35 +0100 Subject: [PATCH 40/46] buildbot-all: run deploy test --- krebs/2configs/buildbot-all.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/2configs/buildbot-all.nix b/krebs/2configs/buildbot-all.nix index 8a647012f..ca994e996 100644 --- a/krebs/2configs/buildbot-all.nix +++ b/krebs/2configs/buildbot-all.nix @@ -9,5 +9,6 @@ with import ; krebs.ci.enable = true; krebs.ci.treeStableTimer = 1; krebs.ci.hosts = filter (getAttr "ci") (attrValues config.krebs.hosts); + krebs.ci.tests = [ "deploy" ]; } From bfde8bea27144c441f023fca6ac888c3baec0aeb Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 2 Jan 2018 12:53:44 +0100 Subject: [PATCH 41/46] bitlbee-discord: cleanup --- krebs/5pkgs/simple/bitlbee-discord/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/5pkgs/simple/bitlbee-discord/default.nix b/krebs/5pkgs/simple/bitlbee-discord/default.nix index da6a58801..c01b87d6b 100644 --- a/krebs/5pkgs/simple/bitlbee-discord/default.nix +++ b/krebs/5pkgs/simple/bitlbee-discord/default.nix @@ -1,4 +1,4 @@ -{ fetchurl, fetchFromGitHub, stdenv, bitlbee, autoconf, automake, libtool, pkgconfig, glib }: +{ fetchurl, fetchFromGitHub, stdenv, bitlbee, autoreconfHook, pkgconfig, glib }: with stdenv.lib; stdenv.mkDerivation rec { @@ -11,8 +11,8 @@ stdenv.mkDerivation rec { sha256 = "1ci9a12c6zg8d6i9f95pq6dal79cp4klmmsyj8ag2gin90kl3x95"; }; - nativeBuildInputs = [ pkgconfig ]; - buildInputs = [ bitlbee autoconf automake libtool glib ]; + nativeBuildInputs = [ autoreconfHook pkgconfig ]; + buildInputs = [ bitlbee glib ]; preConfigure = '' export BITLBEE_PLUGINDIR=$out/lib/bitlbee From c25054b4a0c034b9c410799bf29486820d9778d7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 2 Jan 2018 12:59:01 +0100 Subject: [PATCH 42/46] writers: add deps & flake8 to writePython{2,3} --- krebs/5pkgs/writers.nix | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/krebs/5pkgs/writers.nix b/krebs/5pkgs/writers.nix index 6e67ed699..0cc4efb51 100644 --- a/krebs/5pkgs/writers.nix +++ b/krebs/5pkgs/writers.nix @@ -283,27 +283,27 @@ with import ; ${pkgs.cabal2nix}/bin/cabal2nix ${path} > $out ''); - writePython2 = name: text: - assert (with types; either absolute-pathname filename).check name; - pkgs.writeOut (baseNameOf name) { - ${optionalString (types.absolute-pathname.check name) name} = { - check = pkgs.writeDash "python2check.sh" '' - exec ${pkgs.python2}/bin/python -m py_compile "$1" - ''; - inherit text; - }; - }; + writePython2 = deps: + let + py = pkgs.python2.withPackages(ps: attrVals deps ps); + in + pkgs.makeScriptWriter { + interpreter = "${py}/bin/python"; + check = pkgs.writeDash "python2check.sh" '' + exec ${pkgs.python2Packages.flake8}/bin/flake8 --show-source "$1" + ''; + }; - writePython3 = name: text: - assert (with types; either absolute-pathname filename).check name; - pkgs.writeOut (baseNameOf name) { - ${optionalString (types.absolute-pathname.check name) name} = { - check = pkgs.writeDash "python3check.sh" '' - exec ${pkgs.python3}/bin/python -m py_compile "$textPath" - ''; - inherit text; - }; - }; + writePython3 = deps: + let + py = pkgs.python3.withPackages(ps: attrVals deps ps); + in + pkgs.makeScriptWriter { + interpreter = "${py}/bin/python"; + check = pkgs.writeDash "python3check.sh" '' + exec ${pkgs.python3Packages.flake8}/bin/flake8 --show-source "$1" + ''; + }; writeSed = pkgs.makeScriptWriter { interpreter = "${pkgs.gnused}/bin/sed -f"; From 5d7c8bf5b4e718772e56512a878c0e65c154c190 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 2 Jan 2018 12:59:18 +0100 Subject: [PATCH 43/46] writers: add writePython{2,3}Bin --- krebs/5pkgs/writers.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/krebs/5pkgs/writers.nix b/krebs/5pkgs/writers.nix index 0cc4efb51..a48fc0f87 100644 --- a/krebs/5pkgs/writers.nix +++ b/krebs/5pkgs/writers.nix @@ -294,6 +294,9 @@ with import ; ''; }; + writePython2Bin = d: name: + pkgs.writePython2 d "/bin/${name}"; + writePython3 = deps: let py = pkgs.python3.withPackages(ps: attrVals deps ps); @@ -305,6 +308,9 @@ with import ; ''; }; + writePython3Bin = d: name: + pkgs.writePython3 d "/bin/${name}"; + writeSed = pkgs.makeScriptWriter { interpreter = "${pkgs.gnused}/bin/sed -f"; }; From 115b4c0afebe1f7a7a53c4d82842a7072a3bf2dd Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 2 Jan 2018 13:12:16 +0100 Subject: [PATCH 44/46] l reaktor-coders: use new writePython2 --- lass/2configs/reaktor-coders.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix index f9cf0d96a..2541df3a6 100644 --- a/lass/2configs/reaktor-coders.nix +++ b/lass/2configs/reaktor-coders.nix @@ -65,8 +65,7 @@ with import ; }) (buildSimpleReaktorPlugin "random-unicorn-porn" { pattern = "^!rup$$"; - script = pkgs.writePython2 "rup" '' - #!${pkgs.python2}/bin/python + script = pkgs.writePython2 [] "rup" '' t1 = """ _. ;=',_ () From 67458e15f442d16d645f92b8f3de5f226212696a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 2 Jan 2018 18:24:40 +0100 Subject: [PATCH 45/46] iptables: set empty default rules --- krebs/3modules/iptables.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix index d64ed86de..6298a05a5 100644 --- a/krebs/3modules/iptables.nix +++ b/krebs/3modules/iptables.nix @@ -61,6 +61,15 @@ let }; }; }))); + default = { + filter.INPUT.policy = "ACCEPT"; + filter.FORWARD.policy = "ACCEPT"; + filter.OUTPUT.policy = "ACCEPT"; + nat.PREROUTING.policy = "ACCEPT"; + nat.INPUT.policy = "ACCEPT"; + nat.OUTPUT.policy = "ACCEPT"; + nat.POSTROUTING.policy = "ACCEPT"; + }; }; }; From e48b4eb4606f6d0ec0b930016a53e7e7cfcbfb64 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 2 Jan 2018 20:58:32 +0100 Subject: [PATCH 46/46] hw x220 rngd: mkForce -> mkDefault --- krebs/2configs/hw/x220.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix index 09b10fcbb..90a1a111f 100644 --- a/krebs/2configs/hw/x220.nix +++ b/krebs/2configs/hw/x220.nix @@ -23,7 +23,7 @@ with import ; pkgs.vaapiVdpau ]; - security.rngd.enable = mkForce true; + security.rngd.enable = mkDefault true; services.xserver = { videoDriver = "intel";