From cee893f371fb435e29fdef4d63f8cdd7718d6793 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 16 May 2016 23:08:20 +0200 Subject: [PATCH 01/15] k 3 makefu: add tpsw, owned by ciko --- krebs/3modules/makefu/default.nix | 35 +++++++++++++++++++++++++------ 1 file changed, 29 insertions(+), 6 deletions(-) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index f9af577b6..418224138 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -270,8 +270,8 @@ with config.krebs.lib; ''; }; }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIujMZ3ZFxKpWeB/cjfKfYRr77+VRZk0Eik+92t03NoA root@servarch"; + #ssh.privkey.path = ; + #ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIujMZ3ZFxKpWeB/cjfKfYRr77+VRZk0Eik+92t03NoA root@servarch"; }; wbob = rec { cores = 1; @@ -407,9 +407,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB retiolum = { addrs4 = ["10.243.124.21"]; addrs6 = ["42:9898:a8be:ce56:0ee3:b99c:42c5:109e"]; - aliases = [ - "heidi.r" - ]; + aliases = [ "heidi.r" "heidi.retiolum" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAqRLnAJNZ1OoO1bTS58DQgxi1VKgITHIuTW0fVGDvbXnsjPUB3cgx @@ -424,6 +422,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB }; }; + soundflower = rec { cores = 1; nets = { @@ -594,7 +593,28 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB }; }; }; - + } // { # hosts only maintained in stockholm, not owned by me + tpsw = { + cores = 2; + owner = config.krebs.users.ciko; # main laptop + nets = { + retiolum = { + addrs4 = ["10.243.183.236"]; + addrs6 = ["42:8ca8:d2e4:adf6:5c0f:38cb:e9ef:eb3c"]; + aliases = [ "tpsw.r" "tpsw.retiolum" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAvwYPFAINwV0EH0myFpNzRjVbqXdAmJP616C5JvODklhZWJxFxlKJ + Poczl57j2Z+4bonkTrJmsNtSaQLPKYH4H1qfo/lwz7nqEpPi3Xp4Fgts23w36eML + WBvbw0fQO9R8zZJIIdRkJ2qqlhZiTlor1Gtlm8Z1RmpKkhL9O6Yzj94VhGLhABVl + OsaF2M3PgXJMiLry67jzbAs3+mVaT3iBTzWOaOyREjKQEUg9B9IDxrmZMSWqdXZM + 0wfzaCjS40jD73m7tqi7W3tXzAUP4mEeUqkC+NC2Zgm/lJ5B1KPx7AyNqtRLsBLd + pIdJs6ng63WV1fyHYUWMYqZk9zB/tQ0b0wIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; }; users = rec { makefu = { @@ -615,6 +635,9 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB inherit (makefu) mail pgp; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@vbob"; }; + ciko = { + mail = "wieczorek.stefan@googlemail.com"; + }; exco = { mail = "dickbutt@excogitation.de"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== dickbutt@excogitation.de"; From 0aba999eb80b34b990217e6e12bcf347e0bc72a8 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 24 May 2016 00:28:35 +0200 Subject: [PATCH 02/15] add skytraq-logger --- makefu/5pkgs/default.nix | 1 + makefu/5pkgs/skytraq-logger/default.nix | 31 +++++++++++++++++++++++++ makefu/5pkgs/skytraq-logger/result | 1 + 3 files changed, 33 insertions(+) create mode 100644 makefu/5pkgs/skytraq-logger/default.nix create mode 120000 makefu/5pkgs/skytraq-logger/result diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 9cd2629de..6d227fa6d 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -13,6 +13,7 @@ in nodemcu-uploader = callPackage ./nodemcu-uploader {}; tw-upload-plugin = callPackage ./tw-upload-plugin {}; inherit (callPackage ./devpi {}) devpi-web devpi-server; + skytraq-logger = callPackage ./skytraq-logger/ {}; taskserver = callPackage ./taskserver {}; }; } diff --git a/makefu/5pkgs/skytraq-logger/default.nix b/makefu/5pkgs/skytraq-logger/default.nix new file mode 100644 index 000000000..1ad81594a --- /dev/null +++ b/makefu/5pkgs/skytraq-logger/default.nix @@ -0,0 +1,31 @@ +{ stdenv, lib, pkgs, fetchFromGitHub, ... }: +stdenv.mkDerivation rec { + name = "skytraq-datalogger-${version}"; + version = "4966a8"; + src = fetchFromGitHub { + owner = "makefu"; + repo = "skytraq-datalogger"; + rev = version ; + sha256 = "1qaszrs7638kc9x4qq4m1yxqmk8jw7wajywvdk4wc2i007p89v3y"; + }; + buildFlags = "CC=gcc"; + makeFlags = "PREFIX=bin/ DESTDIR=$(out)"; + + preInstall = '' + mkdir -p $out/bin + ''; + #patchPhase = '' + # sed -i -e 's#/usr/bin/gcc#gcc#' -e Makefile + #''; + + buildInputs = with pkgs;[ + curl + gnugrep + ]; + + meta = { + homepage = http://github.com/makefu/skytraq-datalogger; + description = "datalogger for skytraq"; + license = lib.licenses.gpl2; + }; +} diff --git a/makefu/5pkgs/skytraq-logger/result b/makefu/5pkgs/skytraq-logger/result new file mode 120000 index 000000000..b132d6257 --- /dev/null +++ b/makefu/5pkgs/skytraq-logger/result @@ -0,0 +1 @@ +/nix/store/xpwdwpw2nkgi16yhpxin2kivaz7z588h-skytraq-datalogger-4966a8 \ No newline at end of file From 0d789b0b2c8dc348d427ce82359cc540a9e801ae Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 24 May 2016 00:48:05 +0200 Subject: [PATCH 03/15] ma 2 temp-share: init --- makefu/2configs/temp-share-samba.nix | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 makefu/2configs/temp-share-samba.nix diff --git a/makefu/2configs/temp-share-samba.nix b/makefu/2configs/temp-share-samba.nix new file mode 100644 index 000000000..5f21e3bf7 --- /dev/null +++ b/makefu/2configs/temp-share-samba.nix @@ -0,0 +1,28 @@ +{config, ... }:{ + users.users.smbguest = { + name = "smbguest"; + uid = config.ids.uids.smbguest; + description = "smb guest user"; + home = "/var/empty"; + }; + services.samba = { + enable = true; + shares = { + share-home = { + path = "/home/share/"; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; + extraConfig = '' + guest account = smbguest + map to guest = bad user + # disable printing + load printers = no + printing = bsd + printcap name = /dev/null + disable spoolss = yes + ''; + }; +} From 4de1c87ff62dadc4cbe812a48d10241d79aca183 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 24 May 2016 00:48:40 +0200 Subject: [PATCH 04/15] ma 2 omo-share: simply export crypt devices --- makefu/2configs/omo-share.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/makefu/2configs/omo-share.nix b/makefu/2configs/omo-share.nix index 5f6e6adae..b4bc710c0 100644 --- a/makefu/2configs/omo-share.nix +++ b/makefu/2configs/omo-share.nix @@ -69,15 +69,15 @@ in { browseable = "yes"; "guest ok" = "yes"; }; - usenet-rw = { - path = "/media/crypt0/usenet"; + crypt0-rw = { + path = "/media/crypt0/"; "read only" = "no"; browseable = "yes"; "guest ok" = "no"; "valid users" = "makefu"; }; - emu-rw = { - path = "/media/crypt1/emu"; + crypt1-rw = { + path = "/media/crypt1/"; "read only" = "no"; browseable = "yes"; "guest ok" = "no"; From b4ca66d23ab27f742d49057f28b7b4e03d7dfabe Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 25 May 2016 11:06:22 +0200 Subject: [PATCH 05/15] tv xserver: refactor --- tv/2configs/xserver/default.nix | 223 +++++++++++++++----------------- tv/5pkgs/default.nix | 1 + 2 files changed, 107 insertions(+), 117 deletions(-) diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index b5b116786..10db7f57d 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -1,135 +1,124 @@ -{ config, lib, pkgs, ... }@args: - +{ config, pkgs, ... }@args: with config.krebs.lib; - let # TODO krebs.build.user user = config.users.users.tv; +in { - out = { - services.xserver.display = 11; - services.xserver.tty = 11; + environment.systemPackages = [ + pkgs.ff + pkgs.gitAndTools.qgit + pkgs.mpv + pkgs.sxiv + pkgs.xsel + pkgs.zathura + ]; - services.xserver.synaptics = { + fonts.fonts = [ + pkgs.xlibs.fontschumachermisc + ]; + + # TODO dedicated group, i.e. with a single user + # TODO krebs.setuid.slock.path vs /var/setuid-wrappers + krebs.setuid.slock = { + filename = "${pkgs.slock}/bin/slock"; + group = "wheel"; + envp = { + DISPLAY = ":${toString config.services.xserver.display}"; + USER = user.name; + }; + }; + + services.xserver = { + enable = true; + display = 11; + tty = 11; + + synaptics = { enable = true; twoFingerScroll = true; accelFactor = "0.035"; }; + }; - fonts.fonts = [ - pkgs.xlibs.fontschumachermisc + systemd.services.display-manager.enable = false; + + systemd.services.xmonad = { + wantedBy = [ "multi-user.target" ]; + requires = [ "xserver.service" ]; + environment = { + DISPLAY = ":${toString config.services.xserver.display}"; + + XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" '' + ${pkgs.xorg.xhost}/bin/xhost +LOCAL: & + ${pkgs.xorg.xmodmap}/bin/xmodmap ${import ./Xmodmap.nix args} & + ${pkgs.xorg.xrdb}/bin/xrdb -merge ${import ./Xresources.nix args} & + ${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' & + wait + ''; + + XMONAD_STATE = "/tmp/xmonad.state"; + + # XXX JSON is close enough :) + XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [ + "Dashboard" # we start here + "23" + "cr" + "ff" + "hack" + "im" + "mail" + "stockholm" + "za" "zh" "zj" "zs" + ]); + }; + serviceConfig = { + ExecStart = "${pkgs.xmonad-tv}/bin/xmonad-tv"; + ExecStop = "${pkgs.xmonad-tv}/bin/xmonad-tv --shutdown"; + User = user.name; + WorkingDirectory = user.home; + }; + }; + + systemd.services.xserver = { + after = [ + "systemd-udev-settle.service" + "local-fs.target" + "acpid.service" ]; - - systemd.services.urxvtd = { - wantedBy = [ "multi-user.target" ]; - reloadIfChanged = true; - serviceConfig = { - ExecReload = need-reload "urxvtd.service"; - ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd"; - Restart = "always"; - RestartSec = "2s"; - StartLimitBurst = 0; - User = user.name; - }; + reloadIfChanged = true; + environment = { + XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension. + XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime. + LD_LIBRARY_PATH = concatStringsSep ":" ( + [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ] + ++ concatLists (catAttrs "libPath" config.services.xserver.drivers)); }; - - environment.systemPackages = [ - pkgs.ff - pkgs.gitAndTools.qgit - pkgs.mpv - pkgs.sxiv - pkgs.xsel - pkgs.zathura - ]; - - # TODO dedicated group, i.e. with a single user - # TODO krebs.setuid.slock.path vs /var/setuid-wrappers - krebs.setuid.slock = { - filename = "${pkgs.slock}/bin/slock"; - group = "wheel"; - envp = { - DISPLAY = ":${toString config.services.xserver.display}"; - USER = user.name; - }; - }; - - systemd.services.display-manager.enable = false; - - services.xserver.enable = true; - - systemd.services.xmonad = { - wantedBy = [ "multi-user.target" ]; - requires = [ "xserver.service" ]; - environment = xmonad-environment; - serviceConfig = { - ExecStart = "${pkgs.xmonad-tv}/bin/xmonad-tv"; - ExecStop = "${pkgs.xmonad-tv}/bin/xmonad-tv --shutdown"; - User = user.name; - WorkingDirectory = user.home; - }; - }; - - systemd.services.xserver = { - after = [ - "systemd-udev-settle.service" - "local-fs.target" - "acpid.service" + serviceConfig = { + SyslogIdentifier = "xserver"; + ExecReload = "${pkgs.need-reload}/bin/need-reload xserver.service"; + ExecStart = toString [ + "${pkgs.xorg.xorgserver}/bin/X" + ":${toString config.services.xserver.display}" + "vt${toString config.services.xserver.tty}" + "-config ${import ./xserver.conf.nix args}" + "-logfile /var/log/X.${toString config.services.xserver.display}.log" + "-nolisten tcp" + "-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb" ]; - reloadIfChanged = true; - environment = xserver-environment; - serviceConfig = { - ExecReload = need-reload "xserver.service"; - ExecStart = toString [ - "${pkgs.xorg.xorgserver}/bin/X" - ":${toString config.services.xserver.display}" - "vt${toString config.services.xserver.tty}" - "-config ${import ./xserver.conf.nix args}" - "-logfile /var/log/X.${toString config.services.xserver.display}.log" - "-nolisten tcp" - "-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb" - ]; - }; }; }; - xmonad-environment = { - DISPLAY = ":${toString config.services.xserver.display}"; - - XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" '' - ${pkgs.xorg.xhost}/bin/xhost +LOCAL: & - ${pkgs.xorg.xmodmap}/bin/xmodmap ${import ./Xmodmap.nix args} & - ${pkgs.xorg.xrdb}/bin/xrdb -merge ${import ./Xresources.nix args} & - ${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' & - wait - ''; - - XMONAD_STATE = "/tmp/xmonad.state"; - - # XXX JSON is close enough :) - XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [ - "Dashboard" # we start here - "23" - "cr" - "ff" - "hack" - "im" - "mail" - "stockholm" - "za" "zh" "zj" "zs" - ]); + systemd.services.urxvtd = { + wantedBy = [ "multi-user.target" ]; + reloadIfChanged = true; + serviceConfig = { + ExecReload = "${pkgs.need-reload}/bin/need-reload urxvtd.service"; + ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd"; + Restart = "always"; + RestartSec = "2s"; + StartLimitBurst = 0; + User = user.name; + }; }; - - xserver-environment = { - XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension. - XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime. - LD_LIBRARY_PATH = concatStringsSep ":" ( - [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ] - ++ concatLists (catAttrs "libPath" config.services.xserver.drivers)); - }; - - need-reload = s: toString [ - "${pkgs.writeDashBin "need-reload" ''echo "$*"''}/bin/need-reload" - (shell.escape s) - ]; - -in out +} diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index 05dc02887..dc6082a44 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -17,6 +17,7 @@ erlang = pkgs.erlangR16; }; ff = pkgs.callPackage ./ff {}; + need-reload = pkgs.writeDashBin "need-reload" ''echo "$*"''; viljetic-pages = pkgs.callPackage ./viljetic-pages {}; xmonad-tv = import ./xmonad-tv.nix { inherit pkgs; }; }; From 82220a1fc4a4fa4de21b33f5ce0591b2b859474a Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 25 May 2016 11:06:40 +0200 Subject: [PATCH 06/15] tv xserver: log to journal instead of file This is a partial backport of NixOS/nixpkgs d84741a. --- tv/2configs/xserver/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 10db7f57d..0eafd246b 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -95,14 +95,13 @@ in { ++ concatLists (catAttrs "libPath" config.services.xserver.drivers)); }; serviceConfig = { - SyslogIdentifier = "xserver"; ExecReload = "${pkgs.need-reload}/bin/need-reload xserver.service"; ExecStart = toString [ "${pkgs.xorg.xorgserver}/bin/X" ":${toString config.services.xserver.display}" "vt${toString config.services.xserver.tty}" "-config ${import ./xserver.conf.nix args}" - "-logfile /var/log/X.${toString config.services.xserver.display}.log" + "-logfile /dev/null -logverbose 0 -verbose 3" "-nolisten tcp" "-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb" ]; From 438a445ab64da557526fc896ca14a797afe14a40 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 25 May 2016 11:15:59 +0200 Subject: [PATCH 07/15] tv xserver: normalize syslog identifiers --- tv/2configs/xserver/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 0eafd246b..9e718a48f 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -73,6 +73,7 @@ in { ]); }; serviceConfig = { + SyslogIdentifier = "xmonad"; ExecStart = "${pkgs.xmonad-tv}/bin/xmonad-tv"; ExecStop = "${pkgs.xmonad-tv}/bin/xmonad-tv --shutdown"; User = user.name; @@ -95,6 +96,7 @@ in { ++ concatLists (catAttrs "libPath" config.services.xserver.drivers)); }; serviceConfig = { + SyslogIdentifier = "xserver"; ExecReload = "${pkgs.need-reload}/bin/need-reload xserver.service"; ExecStart = toString [ "${pkgs.xorg.xorgserver}/bin/X" @@ -112,6 +114,7 @@ in { wantedBy = [ "multi-user.target" ]; reloadIfChanged = true; serviceConfig = { + SyslogIdentifier = "urxvtd"; ExecReload = "${pkgs.need-reload}/bin/need-reload urxvtd.service"; ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd"; Restart = "always"; From 6370d2c2e2249f04202b88b35d0c945ce38b5fb8 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 25 May 2016 11:16:38 +0200 Subject: [PATCH 08/15] tv xserver: replace need-reload by echo --- tv/2configs/xserver/default.nix | 4 ++-- tv/5pkgs/default.nix | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 9e718a48f..a4f2499ff 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -97,7 +97,7 @@ in { }; serviceConfig = { SyslogIdentifier = "xserver"; - ExecReload = "${pkgs.need-reload}/bin/need-reload xserver.service"; + ExecReload = "${pkgs.coreutils}/bin/echo NOP"; ExecStart = toString [ "${pkgs.xorg.xorgserver}/bin/X" ":${toString config.services.xserver.display}" @@ -115,7 +115,7 @@ in { reloadIfChanged = true; serviceConfig = { SyslogIdentifier = "urxvtd"; - ExecReload = "${pkgs.need-reload}/bin/need-reload urxvtd.service"; + ExecReload = "${pkgs.coreutils}/bin/echo NOP"; ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd"; Restart = "always"; RestartSec = "2s"; diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index dc6082a44..05dc02887 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -17,7 +17,6 @@ erlang = pkgs.erlangR16; }; ff = pkgs.callPackage ./ff {}; - need-reload = pkgs.writeDashBin "need-reload" ''echo "$*"''; viljetic-pages = pkgs.callPackage ./viljetic-pages {}; xmonad-tv = import ./xmonad-tv.nix { inherit pkgs; }; }; From 8ec65b04dc5010f910bf67f1db8a78bd844202b0 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 25 May 2016 11:29:20 +0200 Subject: [PATCH 09/15] tv ff: use abspath to sudo --- tv/2configs/xserver/default.nix | 2 +- tv/5pkgs/ff/default.nix | 10 +++++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index a4f2499ff..965c3bbe1 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -18,7 +18,7 @@ in { pkgs.xlibs.fontschumachermisc ]; - # TODO dedicated group, i.e. with a single user + # TODO dedicated group, i.e. with a single user [per-user-setuid] # TODO krebs.setuid.slock.path vs /var/setuid-wrappers krebs.setuid.slock = { filename = "${pkgs.slock}/bin/slock"; diff --git a/tv/5pkgs/ff/default.nix b/tv/5pkgs/ff/default.nix index 2db404030..b1d2c579a 100644 --- a/tv/5pkgs/ff/default.nix +++ b/tv/5pkgs/ff/default.nix @@ -1,8 +1,12 @@ { pkgs, ... }: -pkgs.writeScriptBin "ff" '' - #! ${pkgs.bash}/bin/bash - exec sudo -u ff -i < Date: Thu, 2 Jun 2016 11:13:31 +0200 Subject: [PATCH 10/15] add init stockholm --- makefu/2configs/git/cgit-retiolum.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 0b69dbcaf..44d759488 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -15,6 +15,9 @@ let tinc_graphs = { desc = "Tinc Advanced Graph Generation"; }; + stockholm-init = { + desc = "Build new Stockholm hosts"; + }; cac-api = { }; init-stockholm = { desc = "Init stuff for stockholm"; From e89a899c1aa10e55809537d747ee04eee08f6b04 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 2 Jun 2016 14:41:12 +0200 Subject: [PATCH 11/15] m 2 default:use stable branch --- makefu/2configs/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index afdeec40e..62daed8be 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -22,7 +22,7 @@ with config.krebs.lib; source = mapAttrs (_: mkDefault) { nixpkgs = { url = https://github.com/nixos/nixpkgs; - rev = "40c586b7ce2c559374df435f46d673baf711c543"; # unstable @ 2016-02-27, tested on wry + rev = "63b9785"; # stable @ 2016-06-01 }; secrets = "/home/makefu/secrets/${config.krebs.build.host.name}/"; stockholm = "/home/makefu/stockholm"; @@ -75,7 +75,7 @@ with config.krebs.lib; systemd.tmpfiles.rules = [ "d /tmp 1777 root root - -" ]; - + nix.nixPath = [ "/var/src" ]; environment.variables = { NIX_PATH = mkForce "/var/src"; EDITOR = mkForce "vim"; @@ -126,6 +126,7 @@ with config.krebs.lib; nixpkgs.config.packageOverrides = pkgs: { nano = pkgs.runCommand "empty" {} "mkdir -p $out"; tinc = pkgs.tinc_pre; + gnupg1compat = super.gnupg1compat.override { gnupg = self.gnupg21; }; }; services.cron.enable = false; From ff38a9bf0bc37c3a39d1ed872fde441f0b73998e Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 2 Jun 2016 14:41:38 +0200 Subject: [PATCH 12/15] k 3 ma: fix addrs4 for tpsw --- krebs/3modules/makefu/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 79d9a59b4..7d4bef9ad 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -602,8 +602,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB owner = config.krebs.users.ciko; # main laptop nets = { retiolum = { - addrs4 = ["10.243.183.236"]; - addrs6 = ["42:8ca8:d2e4:adf6:5c0f:38cb:e9ef:eb3c"]; + ip4.addr = "10.243.183.236"; + ip6.addr = "42:8ca8:d2e4:adf6:5c0f:38cb:e9ef:eb3c"; aliases = [ "tpsw.r" "tpsw.retiolum" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- From 8d5e5dad8a72993ab5e1da98ac43feb9e9bda44a Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 2 Jun 2016 14:44:11 +0200 Subject: [PATCH 13/15] ma 1 pornocauster: cleanup --- makefu/1systems/pornocauster.nix | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index 88c187758..fa39b121c 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -26,6 +26,7 @@ # services ../2configs/git/brain-retiolum.nix ../2configs/tor.nix + ../2configs/steam.nix # ../2configs/buildbot-standalone.nix # hardware specifics are in here @@ -35,23 +36,36 @@ # ../2configs/mediawiki.nix #../2configs/wordpress.nix ../2configs/nginx/public_html.nix + + # temporary modules + # ../2configs/temp/share-samba.nix + # ../2configs/temp/elkstack.nix + # ../2configs/temp/sabnzbd.nix ]; + krebs.nginx = { default404 = false; servers.default.listen = [ "80 default_server" ]; servers.default.server-names = [ "_" ]; }; - krebs.retiolum.enable = true; - # steam - hardware.opengl.driSupport32Bit = true; - hardware.pulseaudio.support32Bit = true; + + environment.systemPackages = [ pkgs.passwdqc-utils pkgs.bintray-upload ]; + + virtualisation.docker.enable = true; # configure pulseAudio to provide a HDMI sink as well networking.firewall.enable = true; - networking.firewall.allowedTCPPorts = [ - 25 - 80 - ]; + networking.firewall.allowedTCPPorts = [ 80 ]; + networking.firewall.allowedUDPPorts = [ 665 ]; krebs.build.host = config.krebs.hosts.pornocauster; + + krebs.hosts.omo.nets.retiolum.via.ip4.addr = "192.168.1.11"; + krebs.retiolum = { + enable = true; + connectTo = [ "omo" "gum" "prism" ]; + }; + networking.extraHosts = '' + 192.168.1.11 omo.local + ''; } From 3cce6ddda4d143dea1badace98db0d79d4a14199 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 2 Jun 2016 14:44:31 +0200 Subject: [PATCH 14/15] ma 2 exim-retiolum: add firewall exception for exim-retiolum --- makefu/2configs/exim-retiolum.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/exim-retiolum.nix b/makefu/2configs/exim-retiolum.nix index 34943f593..910066e0a 100644 --- a/makefu/2configs/exim-retiolum.nix +++ b/makefu/2configs/exim-retiolum.nix @@ -2,9 +2,10 @@ with config.krebs.lib; { + networking.firewall.allowedTCPPorts = [ 25 ]; + krebs.exim-retiolum.enable = true; environment.systemPackages = with pkgs; [ msmtp ]; - } From 84c014d55f4242a5a9fac4e821e61283ed3d3418 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 2 Jun 2016 14:45:10 +0200 Subject: [PATCH 15/15] k 2 steam.nix: init --- makefu/2configs/steam.nix | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 makefu/2configs/steam.nix diff --git a/makefu/2configs/steam.nix b/makefu/2configs/steam.nix new file mode 100644 index 000000000..d4ec84abf --- /dev/null +++ b/makefu/2configs/steam.nix @@ -0,0 +1,6 @@ +{pkgs, ...}: +{ + environment.systemPackages = [ pkgs.steam ]; + hardware.opengl.driSupport32Bit = true; + hardware.pulseaudio.support32Bit = true; +}