From 490cee4a2f941efa5a45c0ba87daa5cc35636cc3 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 7 Mar 2017 23:18:49 +0100 Subject: [PATCH 01/32] xu,zu: drop redundant "im" --- tv/1systems/xu.nix | 12 ------------ tv/1systems/zu.nix | 12 ------------ 2 files changed, 24 deletions(-) diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 4b8fe8da2..2bab0f4b0 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -25,18 +25,6 @@ with import ; hashPassword #haskellPackages.lentil parallel - (pkgs.writeBashBin "im" '' - export PATH=${makeSearchPath "bin" (with pkgs; [ - tmux - gnugrep - weechat - ])} - if tmux list-sessions -F\#S | grep -q '^im''$'; then - exec tmux attach -t im - else - exec tmux new -s im weechat - fi - '') # root cryptsetup diff --git a/tv/1systems/zu.nix b/tv/1systems/zu.nix index 194ac2928..cabe7f6a5 100644 --- a/tv/1systems/zu.nix +++ b/tv/1systems/zu.nix @@ -30,18 +30,6 @@ with import ; hashPassword haskellPackages.lentil parallel - (pkgs.writeBashBin "im" '' - export PATH=${makeSearchPath "bin" (with pkgs; [ - tmux - gnugrep - weechat - ])} - if tmux list-sessions -F\#S | grep -q '^im''$'; then - exec tmux attach -t im - else - exec tmux new -s im weechat - fi - '') # root cryptsetup From c432c6646159569088452cc4caea1d3820ebe0f7 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 7 Mar 2017 23:24:31 +0100 Subject: [PATCH 02/32] tv: stockholm dependencies are default --- tv/1systems/wu.nix | 6 ------ tv/1systems/xu.nix | 5 ----- tv/1systems/zu.nix | 6 ------ tv/2configs/default.nix | 2 ++ 4 files changed, 2 insertions(+), 17 deletions(-) diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 4cde8b903..328e71fdc 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -19,12 +19,6 @@ with import ; ../2configs/xserver { environment.systemPackages = with pkgs; [ - - # stockholm - gnumake - hashPassword - parallel - # root cryptsetup diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 2bab0f4b0..8cf6146b5 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -20,11 +20,6 @@ with import ; { environment.systemPackages = with pkgs; [ - # stockholm - gnumake - hashPassword - #haskellPackages.lentil - parallel # root cryptsetup diff --git a/tv/1systems/zu.nix b/tv/1systems/zu.nix index cabe7f6a5..b1b2d58ce 100644 --- a/tv/1systems/zu.nix +++ b/tv/1systems/zu.nix @@ -25,12 +25,6 @@ with import ; { environment.systemPackages = with pkgs; [ - # stockholm - gnumake - hashPassword - haskellPackages.lentil - parallel - # root cryptsetup diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index e170156a4..4c10b2a28 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -38,6 +38,8 @@ with import ; # stockholm dependencies environment.systemPackages = with pkgs; [ git + gnumake + hashPassword populate ]; } From 42639587fd0f28b8568f2aee8cf3463b0cc0e239 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 8 Mar 2017 14:22:04 +0100 Subject: [PATCH 03/32] s 2 repo-sync: fix latest --- shared/2configs/repo-sync.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/shared/2configs/repo-sync.nix b/shared/2configs/repo-sync.nix index 004ea5942..637a26e3c 100644 --- a/shared/2configs/repo-sync.nix +++ b/shared/2configs/repo-sync.nix @@ -23,7 +23,8 @@ with lib; }; }; latest = { - mirror.url = mirror; + url = mirror; + ref = "heads/master"; }; }; }; From 4ccb7a1a2ccff15a9338de93924bda8e1640bb7d Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 8 Mar 2017 16:06:05 +0100 Subject: [PATCH 04/32] l 2 nixpkgs: c0ecd31 -> c554a0c --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index a6409b7db..20918d294 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://cgit.lassul.us/nixpkgs; - ref = "c0ecd31"; + ref = "c554a0c97f5030a66cc81d41e1f39bff5095efba"; }; } From cf9c5ee222931f65bf9b37a3f66e849dee3a57ac Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 8 Mar 2017 17:12:26 +0100 Subject: [PATCH 05/32] s 1 wolf: add prism as binary cache --- shared/1systems/wolf.nix | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix index ce3c63f28..b0b822780 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf.nix @@ -32,7 +32,17 @@ in security = import ; }; - nix.binaryCaches = [ "http://localhost:3142/nixos" "https://cache.nixos.org" ]; + nix = { + binaryCaches = [ + "http://localhost:3142/nixos" + "http://cache.prism.r" + "https://cache.nixos.org/" + ]; + binaryCachePublicKeys = [ + "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" + "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" + ]; + }; networking = { firewall.enable = false; From 4ebc0e7adc7605e154916aefad47331761036abb Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 8 Mar 2017 17:12:48 +0100 Subject: [PATCH 06/32] l 2 htop: hide process information from other user --- lass/2configs/htop.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/htop.nix b/lass/2configs/htop.nix index 0296101ac..69e04a05b 100644 --- a/lass/2configs/htop.nix +++ b/lass/2configs/htop.nix @@ -3,6 +3,7 @@ with import ; { + security.hideProcessInformation = true; nixpkgs.config.packageOverrides = super: { htop = pkgs.concat "htop" [ super.htop From c8668be63cdb6a28655e5201495d3d2c8d06b455 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 9 Mar 2017 14:20:00 +0100 Subject: [PATCH 07/32] l 2 mc: remove redundant pkgs.concat --- lass/2configs/mc.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/lass/2configs/mc.nix b/lass/2configs/mc.nix index fc347ba3c..513ee1bd0 100644 --- a/lass/2configs/mc.nix +++ b/lass/2configs/mc.nix @@ -325,12 +325,10 @@ in { (pkgs.concat "mc" [ pkgs.mc (pkgs.writeDashBin "mc" '' - export MC_DATADIR=${pkgs.concat "mc-datadir" [ - (pkgs.writeOut "mc-ext" { + export MC_DATADIR=${pkgs.writeOut "mc-ext" { "/mc.ext".link = mcExt; "/sfs.ini".text = ""; - }) - ]} + }}; export TERM=xterm-256color exec ${pkgs.mc}/bin/mc -S xoria256 "$@" '') From e4225f826cfba6faf9c582c0e043dc58864a56a5 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 9 Mar 2017 16:54:58 +0100 Subject: [PATCH 08/32] tv exim-smarthost: relay_from_hosts += ip6.addr --- tv/2configs/exim-smarthost.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix index cc3bdf95d..816dce78d 100644 --- a/tv/2configs/exim-smarthost.nix +++ b/tv/2configs/exim-smarthost.nix @@ -13,7 +13,7 @@ with import ; "shackspace.de" "viljetic.de" ]; - relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ + relay_from_hosts = concatMap (host: host.nets.retiolum.addrs) [ config.krebs.hosts.nomic config.krebs.hosts.wu config.krebs.hosts.xu From 3b45f3f79199c7c4d18ff4b69424319f21780074 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 10 Mar 2017 15:35:01 +0100 Subject: [PATCH 09/32] l 1 mors: activate exfat-nofuse for ps Vita --- lass/1systems/mors.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 223e16bae..534d65162 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -86,6 +86,10 @@ with import ; pkgs.krebszones ]; } + { + #ps vita stuff + boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; + } ]; krebs.build.host = config.krebs.hosts.mors; @@ -180,8 +184,6 @@ with import ; ''; environment.systemPackages = with pkgs; [ - exfat - acronym cac-api sshpass From 55c05c18c73873772bb02877114d581c4edbc593 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 10 Mar 2017 15:35:24 +0100 Subject: [PATCH 10/32] l 2 hfos: restart iptables after libvirtd restart --- lass/2configs/hfos.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/lass/2configs/hfos.nix b/lass/2configs/hfos.nix index a28a6a5d2..f63e5ea53 100644 --- a/lass/2configs/hfos.nix +++ b/lass/2configs/hfos.nix @@ -36,5 +36,12 @@ with import ; { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; } ]; - systemd.services.krebs-iptables.after = [ "libvirtd.service" ]; + # TODO use bridge interfaces instead of this crap + systemd.services.libvirtd.serviceConfig.ExecStartPost = let + restart-iptables = pkgs.writeDash "restart-iptables" '' + #soo hacky + ${pkgs.coreutils}/bin/sleep 1s + ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service + ''; + in restart-iptables; } From 6af17a9ef6d6326614c00a8ea0e53fa8e9e77e01 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 14 Mar 2017 11:16:41 +0100 Subject: [PATCH 11/32] l 2: don't use user serivces --- lass/2configs/copyq.nix | 8 ++++---- lass/2configs/xresources.nix | 6 ++++-- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/lass/2configs/copyq.nix b/lass/2configs/copyq.nix index 0616c4025..e0546194e 100644 --- a/lass/2configs/copyq.nix +++ b/lass/2configs/copyq.nix @@ -19,10 +19,9 @@ let ${pkgs.copyq}/bin/copyq config text_wrap true ''; in { - systemd.user.services.copyq = { - after = [ "graphical.target" ]; - wants = [ "graphical.target" ]; - wantedBy = [ "default.target" ]; + systemd.services.copyq = { + wantedBy = [ "multi-user.target" ]; + requires = [ "display-manager.service" ]; environment = { DISPLAY = ":0"; }; @@ -33,6 +32,7 @@ in { Restart = "always"; RestartSec = "2s"; StartLimitBurst = 0; + User = "lass"; }; }; } diff --git a/lass/2configs/xresources.nix b/lass/2configs/xresources.nix index 35dbe2044..b5e721483 100644 --- a/lass/2configs/xresources.nix +++ b/lass/2configs/xresources.nix @@ -36,9 +36,10 @@ let ''; in { - systemd.user.services.xresources = { + systemd.services.xresources = { description = "xresources"; - wantedBy = [ "default.target" ]; + wantedBy = [ "multi-user.target" ]; + after = [ "display-manager.service" ]; environment = { DISPLAY = ":0"; @@ -50,6 +51,7 @@ in { Type = "simple"; ExecStart = "${pkgs.xorg.xrdb}/bin/xrdb -merge ${xresources}"; Restart = "on-failure"; + User = "lass"; }; }; } From 3be5ccd67f28feefb75f8339ae46b42cdbe06fa7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 14 Mar 2017 11:17:10 +0100 Subject: [PATCH 12/32] k 3 fetchWallpaper: don't use user services --- krebs/3modules/fetchWallpaper.nix | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index e226a9060..e00c0ec9b 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -21,10 +21,9 @@ let OnCalendar = "*:00,10,20,30,40,50"; }; }; - # TODO find a better default stateDir stateDir = mkOption { type = types.str; - default = "$HOME/wallpaper"; + default = "/var/lib/wallpaper"; }; display = mkOption { type = types.str; @@ -52,27 +51,35 @@ let mkdir -p ${cfg.stateDir} cd ${cfg.stateDir} (curl --max-time ${toString cfg.maxTime} -s -o wallpaper.tmp -z wallpaper ${shell.escape cfg.url} && mv wallpaper.tmp wallpaper) || : - feh --no-fehbg --bg-scale wallpaper + feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper ''; imp = { - systemd.user.timers.fetchWallpaper = { + users.users.fetchWallpaper = { + name = "fetchWallpaper"; + uid = genid "fetchWallpaper"; + description = "fetchWallpaper user"; + home = cfg.stateDir; + createHome = true; + }; + + systemd.timers.fetchWallpaper = { description = "fetch wallpaper timer"; wantedBy = [ "timers.target" ]; timerConfig = cfg.timerConfig; }; - systemd.user.services.fetchWallpaper = { + systemd.services.fetchWallpaper = { description = "fetch wallpaper"; - wantedBy = [ "default.target" ]; + after = [ "network.target" ]; path = with pkgs; [ curl feh - coreutils ]; environment = { + URL = cfg.url; DISPLAY = cfg.display; }; restartIfChanged = true; @@ -80,6 +87,7 @@ let serviceConfig = { Type = "simple"; ExecStart = fetchWallpaperScript; + User = "fetchWallpaper"; }; unitConfig = cfg.unitConfig; From 1fe183047471f582e2fc4d2becede82809655b55 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 14 Mar 2017 11:17:26 +0100 Subject: [PATCH 13/32] l 2 copyq: escape & in script --- lass/2configs/copyq.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/copyq.nix b/lass/2configs/copyq.nix index e0546194e..b255254f2 100644 --- a/lass/2configs/copyq.nix +++ b/lass/2configs/copyq.nix @@ -9,7 +9,7 @@ let ${pkgs.copyq}/bin/copyq config activate_closes true ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0 - ${pkgs.copyq}/bin/copyq config clipboard_tab clipboard + ${pkgs.copyq}/bin/copyq config clipboard_tab \&clipboard ${pkgs.copyq}/bin/copyq config disable_tray true ${pkgs.copyq}/bin/copyq config hide_tabs true ${pkgs.copyq}/bin/copyq config hide_toolbar true From 95233bbf0ae9314d39d2642006d0e8d70f0e4a21 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 14 Mar 2017 11:17:42 +0100 Subject: [PATCH 14/32] l 2: use alternate dnscrypt resolver --- lass/2configs/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 96f70d312..f4e4cd2cc 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -64,7 +64,10 @@ with import ; ]; } { - services.dnscrypt-proxy.enable = true; + services.dnscrypt-proxy = { + enable = true; + resolverName = "d0wn-nl-ns3"; + }; networking.extraResolvconfConf = '' name_servers='127.0.0.1' ''; From a65124b2f120412c61deb60484ad3e6d48f4d35d Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 14 Mar 2017 11:17:57 +0100 Subject: [PATCH 15/32] l 2 mail: extend default keybindings --- lass/2configs/mail.nix | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index e4b319528..a08dc88da 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -66,7 +66,6 @@ let # notmuch bindings macro index \\\\ "" # looks up a hand made query - macro index A "+archive -unread -inbox\n" # tag as Archived macro index + "+*\n" # tag as starred macro index - "-*\n" # tag as unstarred @@ -75,9 +74,25 @@ let bind index d noop bind pager d noop + bind index S noop + bind index s noop bind pager S noop + bind pager s noop macro index S "-inbox -unread +junk\n" # tag as Junk mail + macro index s "-junk\n" # tag as Junk mail macro pager S "-inbox -unread +junk\n" # tag as Junk mail + macro pager s "-junk\n" # tag as Junk mail + + + bind index A noop + bind index a noop + bind pager A noop + bind pager a noop + macro index A "+archive -unread -inbox\n" # tag as Archived + macro index a "-archive\n" # tag as Archived + macro pager A "+archive -unread -inbox\n" # tag as Archived + macro pager a "-archive\n" # tag as Archived + bind index t noop bind pager t noop From 8e1bf00367ecb385a2591f3ed5c9909b1a17f4e6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 14 Mar 2017 11:29:56 +0100 Subject: [PATCH 16/32] l 2 nixpkgs: c554a0c -> ade5837 --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 20918d294..7f6512552 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://cgit.lassul.us/nixpkgs; - ref = "c554a0c97f5030a66cc81d41e1f39bff5095efba"; + ref = "ade5837"; }; } From a4076bbb895318385572fe0c5a8ee354fa755189 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 14 Mar 2017 11:30:06 +0100 Subject: [PATCH 17/32] l 2 power-action: use new sudo path --- lass/2configs/power-action.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/power-action.nix b/lass/2configs/power-action.nix index f22bf451a..c7bdb525d 100644 --- a/lass/2configs/power-action.nix +++ b/lass/2configs/power-action.nix @@ -26,7 +26,7 @@ in { lowerLimit = 0; charging = false; action = pkgs.writeDash "suspend-wrapper" '' - /var/setuid-wrappers/sudo ${suspend} + /run/wrappers/bin/sudo ${suspend} ''; }; user = "lass"; From 7a293af6dbacf863627870ecf62d8b1f15933ad2 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 14 Mar 2017 19:19:28 +0100 Subject: [PATCH 18/32] ni,xu: define canonical name first for krebs.backup --- krebs/3modules/tv/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index d44c322aa..3f00f30c2 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -224,8 +224,8 @@ with import ; internet = { ip4.addr = "188.68.36.196"; aliases = [ - "cgit.ni.i" "ni.i" + "cgit.ni.i" ]; ssh.port = 11423; }; @@ -360,8 +360,8 @@ with import ; gg23 = { ip4.addr = "10.23.1.38"; aliases = [ - "cache.xu.gg23" "xu.gg23" + "cache.xu.gg23" ]; ssh.port = 11423; }; From 7c6bf8f43739950a6888ebfe78e17ea3b87f9182 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 14 Mar 2017 20:53:16 +0100 Subject: [PATCH 19/32] l 2 git: don't announce newest --- lass/2configs/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 3e1b2c6e3..710eb9461 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -58,7 +58,7 @@ let server = "ni.r"; verbose = config.krebs.build.host.name == "prism"; # TODO define branches in some kind of option per repo - branches = [ "master" "newest" ]; + branches = [ "master" ]; }; }; }; From df2ee4e726a784548faf8a9957bd0444c5cd0f71 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 14 Mar 2017 20:57:21 +0100 Subject: [PATCH 20/32] * iptables: fix ordering refs nixpkgs fb46df8a9a4102e265f4b14af48a5df90d5b06c3 --- krebs/3modules/iptables.nix | 6 ++++-- tv/3modules/iptables.nix | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix index 09b493c20..d64ed86de 100644 --- a/krebs/3modules/iptables.nix +++ b/krebs/3modules/iptables.nix @@ -68,8 +68,8 @@ let networking.firewall.enable = false; systemd.services.krebs-iptables = { - description = "krebs-iptables"; - wantedBy = [ "network-pre.target" ]; + wantedBy = [ "sysinit.target" ]; + wants = [ "network-pre.target" ]; before = [ "network-pre.target" ]; after = [ "systemd-modules-load.service" ]; @@ -85,6 +85,8 @@ let Restart = "always"; ExecStart = startScript; }; + + unitConfig.DefaultDependencies = false; }; }; diff --git a/tv/3modules/iptables.nix b/tv/3modules/iptables.nix index 803ed6fbf..56861dc74 100644 --- a/tv/3modules/iptables.nix +++ b/tv/3modules/iptables.nix @@ -57,8 +57,8 @@ let { networking.firewall.enable = false; systemd.services.tv-iptables = { - description = "tv-iptables"; - wantedBy = [ "network-pre.target" ]; + wantedBy = [ "sysinit.target" ]; + wants = [ "network-pre.target" ]; before = [ "network-pre.target" ]; after = [ "systemd-modules-load.service" ]; @@ -79,6 +79,8 @@ let { ip6tables-restore < ${rules 6} ''; }; + + unitConfig.DefaultDependencies = false; }; }; From 9a1da1342b098d8f30379800dd40a22590c56aaa Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 14 Mar 2017 23:07:11 +0100 Subject: [PATCH 21/32] krebspaste: .retiolum -> .r --- krebs/5pkgs/krebspaste/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/5pkgs/krebspaste/default.nix b/krebs/5pkgs/krebspaste/default.nix index dd7616a05..8ce84058a 100644 --- a/krebs/5pkgs/krebspaste/default.nix +++ b/krebs/5pkgs/krebspaste/default.nix @@ -2,5 +2,5 @@ # TODO use `execve` instead? writeDashBin "krebspaste" '' - exec ${bepasty-client-cli}/bin/bepasty-cli --url http://paste.retiolum "$@" + exec ${bepasty-client-cli}/bin/bepasty-cli --url http://paste.r "$@" '' From 79387ddfc3e395d40bf644ce373d037d23e20910 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 14 Mar 2017 23:08:09 +0100 Subject: [PATCH 22/32] krebpsate: set max lifetime to 1 month --- krebs/5pkgs/krebspaste/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/5pkgs/krebspaste/default.nix b/krebs/5pkgs/krebspaste/default.nix index 8ce84058a..8c6676d0e 100644 --- a/krebs/5pkgs/krebspaste/default.nix +++ b/krebs/5pkgs/krebspaste/default.nix @@ -2,5 +2,5 @@ # TODO use `execve` instead? writeDashBin "krebspaste" '' - exec ${bepasty-client-cli}/bin/bepasty-cli --url http://paste.r "$@" + exec ${bepasty-client-cli}/bin/bepasty-cli -L 1m --url http://paste.r "$@" '' From 58d123406c66368a551af9c50328321103313d66 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 14 Mar 2017 23:10:53 +0100 Subject: [PATCH 23/32] l 2 bepasty: add paste.krebsco.de to extDoms --- lass/2configs/bepasty.nix | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/lass/2configs/bepasty.nix b/lass/2configs/bepasty.nix index a3c6d0f28..c2bc3f3cd 100644 --- a/lass/2configs/bepasty.nix +++ b/lass/2configs/bepasty.nix @@ -9,7 +9,10 @@ with import ; with import ; let secKey = import ; - ext-dom = "paste.lassul.us" ; + ext-doms = [ + "paste.lassul.us" + "paste.krebsco.de" + ]; in { services.nginx.enable = mkDefault true; @@ -25,16 +28,15 @@ in { defaultPermissions = "admin,list,create,read,delete"; secretKey = secKey; }; - - "${ext-dom}" = { - nginx = { - enableSSL = true; - forceSSL = true; - enableACME = true; - }; - defaultPermissions = "read"; - secretKey = secKey; + } // + genAttrs ext-doms (ext-dom: { + nginx = { + enableSSL = true; + forceSSL = true; + enableACME = true; }; - }; + defaultPermissions = "read"; + secretKey = secKey; + }); }; } From 22daf39ce8a48d960019ca11bf1616883a104373 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 14 Mar 2017 23:15:23 +0100 Subject: [PATCH 24/32] tv: add krebspaste --- tv/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 4c10b2a28..d17e41351 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -154,6 +154,7 @@ with import ; { environment.systemPackages = [ pkgs.get + pkgs.krebspaste pkgs.krebszones pkgs.nix-prefetch-scripts pkgs.push From 75040367ffe94c6c19973ccc1dd5efe24afac78d Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 15 Mar 2017 02:10:31 +0100 Subject: [PATCH 25/32] tv vim: use concat --- tv/2configs/vim.nix | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index 1ffafe9c9..8b83b0503 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -297,14 +297,18 @@ let { alldirs = attrValues dirs ++ map dirOf (attrValues files); in unique (sort lessThan alldirs); - vim = pkgs.writeDashBin "vim" '' - set -efu - (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) - if test $# = 0 && test -e "$PWD/.ctrlpignore"; then - set -- +CtrlP - fi - exec ${pkgs.vim}/bin/vim "$@" - ''; + vim = pkgs.concat "vim" [ + pkgs.vim_configurable + (pkgs.writeDashBin "vim" '' + set -efu + (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) + if test $# = 0 && test -e "$PWD/.ctrlpignore"; then + set -- +CtrlP + fi + # vim-orgmode needs Python, thus vim_configurable instead of just vim + exec ${pkgs.vim_configurable}/bin/vim "$@" + '') + ]; vimrc = pkgs.writeText "vimrc" '' set nocompatible From 839ffcd0ae307e514e72729701410f679874ab5b Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Mar 2017 15:09:39 +0100 Subject: [PATCH 26/32] l 2: add sections for cgit --- lass/2configs/git.nix | 7 +++++-- lass/2configs/repo-sync.nix | 1 + 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 710eb9461..be08d0ec1 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -32,10 +32,13 @@ let public-repos = mapAttrs make-public-repo { stockholm = { cgit.desc = "take all the computers hostage, they'll love you!"; + cgit.section = "configuration"; }; - kimsufi-check = {}; } // mapAttrs make-public-repo-silent { - the_playlist = {}; + the_playlist = { + cgit.desc = "Good Music collection + tools"; + cgit.section = "art"; + }; }; restricted-repos = mapAttrs make-restricted-repo ( diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index dfea637ed..74e508549 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -10,6 +10,7 @@ let public = true; name = mkDefault "${name}"; cgit.desc = mkDefault "mirror for ${name}"; + cgit.section = mkDefault "mirror"; hooks = mkIf announce (mkDefault { post-receive = pkgs.git-hooks.irc-announce { nick = config.networking.hostName; From 8a04d2a55ce6c4a5d0df37261a0ae7528666b16a Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Mar 2017 15:09:57 +0100 Subject: [PATCH 27/32] l 2 websites domsen: allow send from ubikmedia.de --- lass/2configs/websites/domsen.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index daecdcd2f..fde3f7c2b 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -120,6 +120,7 @@ in { sender_domains = [ "jla-trading.com" "ubikmedia.eu" + "ubikmedia.de" ]; ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem"; ssl_key = "/var/lib/acme/lassul.us/key.pem"; From 90a3a1910433cc678d6b55943dd2936b637a3b59 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Mar 2017 20:56:08 +0100 Subject: [PATCH 28/32] htgen: init --- krebs/5pkgs/htgen/default.nix | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 krebs/5pkgs/htgen/default.nix diff --git a/krebs/5pkgs/htgen/default.nix b/krebs/5pkgs/htgen/default.nix new file mode 100644 index 000000000..86e9f2b65 --- /dev/null +++ b/krebs/5pkgs/htgen/default.nix @@ -0,0 +1,30 @@ +{ bash, coreutils, gnused, stdenv, fetchgit, script ? "", ucspi-tcp }: +with import ; +let + version = "1.0"; +in stdenv.mkDerivation { + name = "htgen-${version}"; + + src = fetchgit { + url = "http://cgit.krebsco.de/htgen"; + rev = "refs/v1.0"; + sha256 = "15z451f57ddaxm21dlqqx2kavzyqx4sgnnzz4ql6vl237979g09s"; + }; + + installPhase = '' + find + mkdir -p $out/bin + { + echo '#! ${bash}/bin/bash' + echo 'export PATH=${makeBinPath [ + ucspi-tcp + coreutils + gnused + ]}' + sed -n '/^reply_404$/q;p' < htgen + printf '%s' ${shell.escape script} + echo 'reply_404' + } > $out/bin/htgen + chmod +x $out/bin/htgen + ''; +} From 552a3e8f284e86fd1a8aec1182ef4d4ebeab8d0c Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Mar 2017 20:56:28 +0100 Subject: [PATCH 29/32] k 3: add htgen --- krebs/3modules/default.nix | 1 + krebs/3modules/htgen.nix | 68 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+) create mode 100644 krebs/3modules/htgen.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index f336c966f..d24cea1a2 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -20,6 +20,7 @@ let ./github-hosts-sync.nix ./git.nix ./go.nix + ./htgen.nix ./iptables.nix ./kapacitor.nix ./monit.nix diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix new file mode 100644 index 000000000..2fe726049 --- /dev/null +++ b/krebs/3modules/htgen.nix @@ -0,0 +1,68 @@ +{ config, lib, pkgs, ... }: + +with import ; +let + cfg = config.krebs.htgen; + + out = { + options.krebs.htgen = api; + config = imp; + }; + + api = mkOption { + type = types.attrsOf (types.submodule ({ config, ... }: { + options = { + enable = mkEnableOption "krebs.htgen-${config.name}"; + + name = mkOption { + type = types.username; + default = config._module.args.name; + }; + + port = mkOption { + type = types.uint; + }; + + script = mkOption { + type = types.str; + }; + user = mkOption { + type = types.user; + default = { + name = "htgen-${config.name}"; + home = "/var/lib/htgen-${config.name}"; + }; + }; + }; + })); + }; + imp = { + + systemd.services = mapAttrs' (name: htgen: + nameValuePair "htgen-${name}" { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + environment = { + HTGEN_PORT = toString htgen.port; + }; + serviceConfig = { + SyslogIdentifier = "htgen"; + User = htgen.user.name; + PrivateTmp = true; + Restart = "always"; + ExecStart = "${pkgs.htgen.override { + inherit (htgen) script; + }}/bin/htgen --serve"; + }; + } + ) cfg; + + users.users = mapAttrs' (name: htgen: + nameValuePair htgen.user.name { + inherit (htgen.user) home name uid; + createHome = true; + } + ) cfg; + + }; +in out From e599c372bfa590e898812ed59284724881a76d98 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Mar 2017 21:53:05 +0100 Subject: [PATCH 30/32] htgen: 1.0 -> 1.1 --- krebs/5pkgs/htgen/default.nix | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/krebs/5pkgs/htgen/default.nix b/krebs/5pkgs/htgen/default.nix index 86e9f2b65..f9dfeb3d1 100644 --- a/krebs/5pkgs/htgen/default.nix +++ b/krebs/5pkgs/htgen/default.nix @@ -1,18 +1,17 @@ -{ bash, coreutils, gnused, stdenv, fetchgit, script ? "", ucspi-tcp }: +{ bash, coreutils, gnused, stdenv, fetchgit, ucspi-tcp }: with import ; let - version = "1.0"; + version = "1.1"; in stdenv.mkDerivation { name = "htgen-${version}"; src = fetchgit { url = "http://cgit.krebsco.de/htgen"; - rev = "refs/v1.0"; - sha256 = "15z451f57ddaxm21dlqqx2kavzyqx4sgnnzz4ql6vl237979g09s"; + rev = "refs/tags/v${version}"; + sha256 = "1zxj0fv9vdrqyl3x2hgq7a6xdlzpclf93akygysrzsqk9wjapp4z"; }; installPhase = '' - find mkdir -p $out/bin { echo '#! ${bash}/bin/bash' @@ -20,11 +19,10 @@ in stdenv.mkDerivation { ucspi-tcp coreutils gnused - ]}' - sed -n '/^reply_404$/q;p' < htgen - printf '%s' ${shell.escape script} - echo 'reply_404' + ]}''${PATH+":$PATH"}' + cat htgen } > $out/bin/htgen chmod +x $out/bin/htgen + cp -r examples $out ''; } From 5718517f60275a8dd66f3a230792e72bcc8d29c9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Mar 2017 21:53:34 +0100 Subject: [PATCH 31/32] k 3 htgen: use htgen-1.1 --- krebs/3modules/htgen.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix index 2fe726049..3c8872be2 100644 --- a/krebs/3modules/htgen.nix +++ b/krebs/3modules/htgen.nix @@ -44,15 +44,14 @@ let after = [ "network.target" ]; environment = { HTGEN_PORT = toString htgen.port; + HTGEN_SCRIPT = htgen.script; }; serviceConfig = { SyslogIdentifier = "htgen"; User = htgen.user.name; PrivateTmp = true; Restart = "always"; - ExecStart = "${pkgs.htgen.override { - inherit (htgen) script; - }}/bin/htgen --serve"; + ExecStart = "${pkgs.htgen}/bin/htgen --serve"; }; } ) cfg; From 8809797f1063945c03ebd70666c108c45d5d724a Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Mar 2017 22:12:11 +0100 Subject: [PATCH 32/32] k 3 htgen: add default option --- krebs/3modules/htgen.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix index 3c8872be2..0dddca6c8 100644 --- a/krebs/3modules/htgen.nix +++ b/krebs/3modules/htgen.nix @@ -10,6 +10,7 @@ let }; api = mkOption { + default = {}; type = types.attrsOf (types.submodule ({ config, ... }: { options = { enable = mkEnableOption "krebs.htgen-${config.name}";