Merge remote-tracking branch 'prism/master'

lass/1systems/prism.nix

@@ -226,7 +226,7 @@ in {
     {
       users.users.tv = {
         uid = genid "tv";
-        home = "/home/tv";
+        inherit (config.krebs.users.tv) home;
         group = "users";
         createHome = true;
         useDefaultShell = true;

lass/2configs/audit.nix

@@ -0,0 +1,9 @@
+{ ... }:
+
+{
+  security.audit = {
+    rules = [
+      "-a task,never"
+    ];
+  };
+}

lass/2configs/buildbot-standalone.nix

@@ -86,17 +86,17 @@ in {
                       ["make \
                             test \
                             ssh=${sshWrapper} \
-                            target=build@localhost:${config.users.users.build.home}/testbuild \
+                            target=build@localhost${config.users.users.build.home}/testbuild \
                             method=build \
                             system={}".format(i)])
 
-        for i in [ "pornocauster", "wry" ]:
+        for i in [ "pornocauster", "wry", "vbob", "wbob", "shoney" ]:
           addShell(f,name="build-{}".format(i),env=env_makefu,
                   command=nixshell + \
                       ["make \
                             test \
                             ssh=${sshWrapper} \
-                            target=build@localhost:${config.users.users.build.home}/testbuild \
+                            target=build@localhost${config.users.users.build.home}/testbuild \
                             method=build \
                             system={}".format(i)])
 
@@ -147,7 +147,7 @@ in {
     password = "lasspass";
     packages = with pkgs; [ gnumake jq nix populate ];
     extraEnviron = {
-      NIX_PATH="nixpkgs=/var/src/nixpkgs";
+      NIX_PATH="/var/src";
     };
   };
   config.krebs.iptables = {

lass/2configs/default.nix

@@ -3,13 +3,14 @@
 with config.krebs.lib;
 {
   imports = [
-    ../2configs/vim.nix
-    ../2configs/zsh.nix
-    ../2configs/mc.nix
-    ../2configs/retiolum.nix
-    ../2configs/nixpkgs.nix
+    ../2configs/audit.nix
     ../2configs/binary-cache/client.nix
     ../2configs/gc.nix
+    ../2configs/mc.nix
+    ../2configs/nixpkgs.nix
+    ../2configs/retiolum.nix
+    ../2configs/vim.nix
+    ../2configs/zsh.nix
     ./backups.nix
     {
       users.extraUsers =

lass/2configs/nixpkgs.nix

@@ -1,8 +1,8 @@
 { ... }:
 
 {
-  krebs.build.source.nixpkgs = {
+  krebs.build.source.nixpkgs.git = {
       url = https://github.com/lassulus/nixpkgs;
-      rev = "446d4c1fc10f53cf97abea1996d067ad93de2ded";
+      ref = "11a7899222929b6eb0951f7a1c0182f65b3b4637";
     };
 }

lass/2configs/websites/fritz.nix

@@ -7,6 +7,7 @@ let
     head
   ;
   inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
+    manageCerts
     ssl
     servePage
     serveWordpress
@@ -48,6 +49,9 @@ in {
 
     (ssl [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ])
     (servePage [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ])
+
+    (manageCerts [ "goldbarrendiebstahl.radical-dreamers.de" ])
+    (serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ])
   ];
 
   lass.mysqlBackup.config.all.databases = [
@@ -74,6 +78,16 @@ in {
     config.krebs.users.fritz.pubkey
   ];
 
+  users.users.goldbarrendiebstahl = {
+    home = "/srv/http/goldbarrendiebstahl.radical-dreamers.de";
+    uid = genid "goldbarrendiebstahl";
+    createHome = true;
+    useDefaultShell = true;
+    openssh.authorizedKeys.keys = [
+      config.krebs.users.fritz.pubkey
+    ];
+  };
+
   services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
      options = ''
       extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so

shared/2configs/repo-sync.nix

@@ -17,7 +17,7 @@ with lib;
         mirror.url = mirror;
       };
       lassulus = {
-        origin.url = http://cgit.cloudkrebs/stockholm ;
+        origin.url = http://cgit.prism/stockholm ;
         mirror.url = mirror;
       };
       "@latest" = {