From c3319b88bdf17d956ff4d80d3f2747fc6c47c176 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Jul 2016 23:49:03 +0200 Subject: [PATCH 1/9] l 2 websites fritz: add golbarrendiebstahl --- lass/2configs/websites/fritz.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index 39f0cce06..48d96b1bf 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -7,6 +7,7 @@ let head ; inherit (import {inherit lib pkgs;}) + manageCerts ssl servePage serveWordpress @@ -48,6 +49,9 @@ in { (ssl [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ]) (servePage [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ]) + + (manageCerts [ "goldbarrendiebstahl.radical-dreamers.de" ]) + (serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ]) ]; lass.mysqlBackup.config.all.databases = [ @@ -74,6 +78,16 @@ in { config.krebs.users.fritz.pubkey ]; + users.users.goldbarrendiebstahl = { + home = "/srv/http/goldbarrendiebstahl.radical-dreamers.de"; + uid = genid "goldbarrendiebstahl"; + createHome = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.fritz.pubkey + ]; + }; + services.phpfpm.phpIni = pkgs.runCommand "php.ini" { options = '' extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so From 169e5e6c4e9dfc14b5929262531141d6d3337767 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 14 Jul 2016 18:33:56 +0200 Subject: [PATCH 2/9] l 2 nixpkgs: 446d4c1 -> 11a7899 --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 0f940a369..bfbd187f4 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs = { url = https://github.com/lassulus/nixpkgs; - rev = "446d4c1fc10f53cf97abea1996d067ad93de2ded"; + rev = "11a7899222929b6eb0951f7a1c0182f65b3b4637"; }; } From 38a50ffaeb10812eaa9530d8df0381f2d13e360c Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 14 Jul 2016 21:18:02 +0200 Subject: [PATCH 3/9] l 2 buildbot: add vbob wbob & shoney --- lass/2configs/buildbot-standalone.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 04bdcf9d8..12e378667 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -90,7 +90,7 @@ in { method=build \ system={}".format(i)]) - for i in [ "pornocauster", "wry" ]: + for i in [ "pornocauster", "wry", "vbob", "wbob", "shoney" ]: addShell(f,name="build-{}".format(i),env=env_makefu, command=nixshell + \ ["make \ From a71a9ed33a92ba901f7c605506bb2c3ee506e6c7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 14 Jul 2016 22:59:34 +0200 Subject: [PATCH 4/9] s 2 repo-sync: change lassulus origin.url to prism --- shared/2configs/repo-sync.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/2configs/repo-sync.nix b/shared/2configs/repo-sync.nix index d1d9ab3f8..753b0f473 100644 --- a/shared/2configs/repo-sync.nix +++ b/shared/2configs/repo-sync.nix @@ -17,7 +17,7 @@ with lib; mirror.url = mirror; }; lassulus = { - origin.url = http://cgit.cloudkrebs/stockholm ; + origin.url = http://cgit.prism/stockholm ; mirror.url = mirror; }; "@latest" = { From ef71793d2507bbee8a5c85842fb90a1f5d00ab3b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Jul 2016 00:01:17 +0200 Subject: [PATCH 5/9] l 1 prism: inherit home from krebs.users.tv --- lass/1systems/prism.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 77d72a5ac..1bc8d5744 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -226,7 +226,7 @@ in { { users.users.tv = { uid = genid "tv"; - home = "/home/tv"; + inherit (config.krebs.users.tv) home; group = "users"; createHome = true; useDefaultShell = true; From 6ba6f28a5361a62ecb495bb10a7bfb820760dbdb Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Jul 2016 00:02:34 +0200 Subject: [PATCH 6/9] l 2: add audit.nix --- lass/2configs/audit.nix | 9 +++++++++ lass/2configs/default.nix | 11 ++++++----- 2 files changed, 15 insertions(+), 5 deletions(-) create mode 100644 lass/2configs/audit.nix diff --git a/lass/2configs/audit.nix b/lass/2configs/audit.nix new file mode 100644 index 000000000..644741a5b --- /dev/null +++ b/lass/2configs/audit.nix @@ -0,0 +1,9 @@ +{ ... }: + +{ + security.audit = { + rules = [ + "-a task,never" + ]; + }; +} diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 81abff3ed..622ef1185 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -3,13 +3,14 @@ with config.krebs.lib; { imports = [ - ../2configs/vim.nix - ../2configs/zsh.nix - ../2configs/mc.nix - ../2configs/retiolum.nix - ../2configs/nixpkgs.nix + ../2configs/audit.nix ../2configs/binary-cache/client.nix ../2configs/gc.nix + ../2configs/mc.nix + ../2configs/nixpkgs.nix + ../2configs/retiolum.nix + ../2configs/vim.nix + ../2configs/zsh.nix ./backups.nix { users.extraUsers = From 12223227b9bb87bd963913d829f0e80b5785b5d4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Jul 2016 20:25:42 +0200 Subject: [PATCH 7/9] l 2 nixpkgs: adapt to new populate --- lass/2configs/nixpkgs.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index bfbd187f4..931aabf08 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -1,8 +1,8 @@ { ... }: { - krebs.build.source.nixpkgs = { + krebs.build.source.nixpkgs.git = { url = https://github.com/lassulus/nixpkgs; - rev = "11a7899222929b6eb0951f7a1c0182f65b3b4637"; + ref = "11a7899222929b6eb0951f7a1c0182f65b3b4637"; }; } From 53d0ca2ddff537495ca96fb134663431a7b4cee3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Jul 2016 21:05:05 +0200 Subject: [PATCH 8/9] l 2 buildbot: fix target string --- lass/2configs/buildbot-standalone.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 46a4157ee..ea6e38dda 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -86,7 +86,7 @@ in { ["make \ test \ ssh=${sshWrapper} \ - target=build@localhost:${config.users.users.build.home}/testbuild \ + target=build@localhost${config.users.users.build.home}/testbuild \ method=build \ system={}".format(i)]) @@ -96,7 +96,7 @@ in { ["make \ test \ ssh=${sshWrapper} \ - target=build@localhost:${config.users.users.build.home}/testbuild \ + target=build@localhost${config.users.users.build.home}/testbuild \ method=build \ system={}".format(i)]) From 461637c92851b2f57a5814ff4b2988bcf9a184a5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Jul 2016 21:05:24 +0200 Subject: [PATCH 9/9] l 2 buildbot: set NIX_PATH to /var/src --- lass/2configs/buildbot-standalone.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index ea6e38dda..5afb23687 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -147,7 +147,7 @@ in { password = "lasspass"; packages = with pkgs; [ gnumake jq nix populate ]; extraEnviron = { - NIX_PATH="nixpkgs=/var/src/nixpkgs"; + NIX_PATH="/var/src"; }; }; config.krebs.iptables = {