From 4a2af184e6846f80b139357c6230558cd8785b10 Mon Sep 17 00:00:00 2001 From: jeschli Date: Wed, 28 Feb 2018 19:54:11 +0000 Subject: [PATCH 001/183] j vim: unsure changes --- jeschli/2configs/vim.nix | 118 ++++++++++++++++++++------------------- 1 file changed, 62 insertions(+), 56 deletions(-) diff --git a/jeschli/2configs/vim.nix b/jeschli/2configs/vim.nix index 1a2231a86..ddf0f9195 100644 --- a/jeschli/2configs/vim.nix +++ b/jeschli/2configs/vim.nix @@ -16,72 +16,78 @@ let owner = "mxw"; repo = "vim-jsx"; rev = "5b968dfa512c57c38ad7fe420f3e8ab75a73949a"; - sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a"; + sha256 = "1z3yhhbmbzfw68qjzyvpbmlyv2a1p814sy5q2knn04kcl30vx94a"; }; }; in { -# { environment.systemPackages = [ (pkgs.vim_configurable.customize { name = "vim"; - - vimrcConfig.customRC = '' - set nocompatible - - :imap jk - :vmap v v - :map gr :GoRun - :nnoremap :bnext - :nnoremap - :map nf :NERDTreeToggle - set autowrite - set number - set ruler - set path+=** - set wildmenu - - noremap x "_x - set clipboard=unnamedplus - - let g:jsx_ext_required = 0 - - let g:go_list_type = "quickfix" - let g:go_test_timeout = '10s' - let g:go_fmt_command = "goimports" - let g:go_snippet_case_type = "camelcase" - let g:go_highlight_types = 1 - let g:go_highlight_fields = 1 - let g:go_highlight_functions = 1 - let g:go_highlight_methods = 1 - let g:go_highlight_extra_types = 1 - autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4 - let g:rehash256 = 1 - let g:molokai_original = 1 - colorscheme molokai - let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck'] - let g:go_metalinter_autosave = 1 - " let g:go_metalinter_autosave_enabled = ['vet', 'golint'] - " let g:go_def_mode = 'godef' - " let g:go_decls_includes = "func,type" - - - " Trigger configuration. Do not use if you use https://github.com/Valloric/YouCompleteMe. - let g:UltiSnipsExpandTrigger="" - let g:UltiSnipsJumpForwardTrigger="" - let g:UltiSnipsJumpBackwardTrigger="" - - " If you want :UltiSnipsEdit to split your window. - let g:UltiSnipsEditSplit="vertical" - - if has('persistent_undo') "check if your vim version supports it - set undofile "turn on the feature - set undodir=$HOME/.vim/undo "directory where the undo files will be stored - endif + vimrcConfig.customRC = let + colorscheme = ''colorscheme molokai''; + setStatements = '' + set autowrite + set clipboard=unnamedplus + set nocompatible + set path+=** + set ruler + set undodir=$HOME/.vim/undo "directory where the undo files will be stored + set undofile "turn on the feature + set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o + set wildmenu + set listchars=trail:¶ + ''; + remapStatements = '' + imap jk + map gr :GoRun " Map gr to execute go run + map nf :NERDTreeToggle + nnoremap + nnoremap :bnext + noremap x "_x + vmap v v + ''; + settingsForGo = '' + let g:go_decls_includes = "func,type" + let g:go_def_mode = 'godef' + let g:go_fmt_command = "goimports" + let g:go_highlight_extra_types = 1 + let g:go_highlight_fields = 1 + let g:go_highlight_functions = 1 + let g:go_highlight_methods = 1 + let g:go_highlight_types = 1 + let g:go_list_type = "quickfix" + let g:go_metalinter_autosave = 1 + let g:go_metalinter_enabled = ['vet', 'golint', 'errcheck'] + let g:syntastic_go_checkers = ['go', 'golint', 'errcheck'] + let g:go_snippet_case_type = "camelcase" + let g:go_test_timeout = '10s' + let g:jsx_ext_required = 0 + let g:molokai_original = 1 + let g:rehash256 = 1 + ''; + settingsForElm = '' + let g:polyglot_disabled = ['elm'] + let g:elm_detailed_complete = 1 + let g:elm_format_autosave = 1 + let g:elm_syntastic_show_warnings = 1 ''; vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; vimrcConfig.vam.pluginDictionaries = [ - { names = [ "undotree" "molokai" "Syntastic" "ctrlp" "surround" "snipmate" "nerdtree" "easymotion"]; } + { + names = [ + "ctrlp" + "easymotion" + "molokai" + "nerdtree" + "snipmate" + "surround" + "Syntastic" + "undotree" + "elm-vim" + "youcompleteme" + ]; + } { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } { names = [ "vim-go" ]; ft_regex = "^go\$"; } # wanted: nsf/gocode { names = [ "vim-javascript" ]; ft_regex = "^js\$"; } From ca1d401aaf7bd760f262cfaea1e4fe42e0e17888 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 5 Mar 2018 23:10:23 +0100 Subject: [PATCH 002/183] ma pkgs.python-firetv: init --- makefu/5pkgs/python-firetv/default.nix | 41 ++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 makefu/5pkgs/python-firetv/default.nix diff --git a/makefu/5pkgs/python-firetv/default.nix b/makefu/5pkgs/python-firetv/default.nix new file mode 100644 index 000000000..04c76ac55 --- /dev/null +++ b/makefu/5pkgs/python-firetv/default.nix @@ -0,0 +1,41 @@ +{ lib, pkgs, python2Packages, ... }: +# requires libusb1 from unstable +with (import {}).python2Packages; let + + python-adb = buildPythonPackage rec { + name = "python-adb-${version}"; + version = "1.2.0"; + + src = pkgs.fetchFromGitHub { + owner = "google"; + repo = "python-adb"; + rev = "28d912a"; + sha256 = "1cy18l96v72hrhf21im5i8hlzd8ilv0vcck026npnxiw095a5hm2"; + }; + + propagatedBuildInputs = [ libusb1 m2crypto ]; + meta = { + homepage = https://github.com/google/python-adb; + description = "Python ADB + Fastboot implementation"; + license = lib.licenses.apache2; + }; + }; +in + buildPythonPackage rec { + name = "python-firetv-${version}"; + version = "1.0.5"; + + src = pkgs.fetchFromGitHub { + owner = "happyleavesaoc"; + repo = "python-firetv"; + rev = version; + sha256 = "0j5p8jg13hc9gcbv0ipxgljrpcxk8b7k4p4kyfhmblpjm51mycs3"; + }; + + propagatedBuildInputs = [ python-adb flask pyyaml ]; + meta = { + homepage = https://github.com/happyleavesaoc/python-firetv; + description = "provides state informations and some control of an amazon firetv"; + license = lib.licenses.mit; + }; +} From 0170701ee6dbcb13073e85d24bec4d67c7f73a28 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 5 Mar 2018 23:37:18 +0100 Subject: [PATCH 003/183] ma pkgs.python-firetv: need to pin adb --- makefu/5pkgs/python-firetv/default.nix | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/makefu/5pkgs/python-firetv/default.nix b/makefu/5pkgs/python-firetv/default.nix index 04c76ac55..1fb772f1f 100644 --- a/makefu/5pkgs/python-firetv/default.nix +++ b/makefu/5pkgs/python-firetv/default.nix @@ -3,21 +3,19 @@ with (import {}).python2Packages; let python-adb = buildPythonPackage rec { - name = "python-adb-${version}"; + pname = "adb"; version = "1.2.0"; - src = pkgs.fetchFromGitHub { - owner = "google"; - repo = "python-adb"; - rev = "28d912a"; - sha256 = "1cy18l96v72hrhf21im5i8hlzd8ilv0vcck026npnxiw095a5hm2"; + src = fetchPypi { + inherit pname version; + sha256 = "0v4my47ikgkbq04gdllpx6kql5cfh7dnpq2fk72x03z74mqri7v8"; }; propagatedBuildInputs = [ libusb1 m2crypto ]; meta = { homepage = https://github.com/google/python-adb; description = "Python ADB + Fastboot implementation"; - license = lib.licenses.apache2; + license = lib.licenses.asl20; }; }; in @@ -28,8 +26,9 @@ in src = pkgs.fetchFromGitHub { owner = "happyleavesaoc"; repo = "python-firetv"; - rev = version; - sha256 = "0j5p8jg13hc9gcbv0ipxgljrpcxk8b7k4p4kyfhmblpjm51mycs3"; + # rev = version; + rev = "55406c6"; + sha256 = "1r2yighilchs0jvcvbngkjxkk7gp588ikcl64x7afqzxc6zxv7wp"; }; propagatedBuildInputs = [ python-adb flask pyyaml ]; From 7a53169d3ab17125c9966eea54482aeb89b0433a Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 6 Mar 2018 21:12:30 +0100 Subject: [PATCH 004/183] kops: init at 1.0.0 --- krebs/5pkgs/simple/kops.nix | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 krebs/5pkgs/simple/kops.nix diff --git a/krebs/5pkgs/simple/kops.nix b/krebs/5pkgs/simple/kops.nix new file mode 100644 index 000000000..a6c82f3ca --- /dev/null +++ b/krebs/5pkgs/simple/kops.nix @@ -0,0 +1,7 @@ +{ fetchgit, ... }: + +fetchgit { + url = https://cgit.krebsco.de/kops; + rev = "refs/tags/v1.0.0"; + sha256 = "0wg8d80sxa46z4i7ir79sci2hwmv3qskzqdg0si64p6vazy8vckb"; +} From 194e7011d42ed75c76dc7a7efea450ba6497d2f1 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 7 Mar 2018 01:48:44 +0100 Subject: [PATCH 005/183] ma source: bump nixpkgs --- makefu/source.nix | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/makefu/source.nix b/makefu/source.nix index 708f0d20c..405740b5c 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -1,12 +1,13 @@ with import ; host@{ name, - override ? {}, - secure ? false, - full ? false, - torrent ? false, - hw ? false, - musnix ? false, - python ? false + override ? {} +, secure ? false +, full ? false +, torrent ? false +, hw ? false +, musnix ? false +, python ? false +, unstable ? false #unstable channel checked out }: let builder = if getEnv "dummy_secrets" == "true" @@ -14,7 +15,7 @@ let else "makefu"; _file = + "/makefu/1systems/${name}/source.nix"; # TODO: automate updating of this ref + cherry-picks - ref = "51810e0"; # nixos-17.09 @ 2018-02-14 + ref = "6b6e72b"; # nixos-17.09 @ 2018-03-07 # + do_sqlite3 ruby: 55a952be5b5 # + signal: 0f19beef3 @@ -53,21 +54,30 @@ in (mkIf ( hw ) { nixos-hardware.git = { url = https://github.com/nixos/nixos-hardware.git; - ref = "8a05dc9"; + ref = "30fdd53"; }; }) (mkIf ( python ) { python.git = { url = https://github.com/garbas/nixpkgs-python; - ref = "cac319b"; + ref = "cac319b7"; }; }) + (mkIf ( torrent ) { torrent-secrets.file = getAttr builder { buildbot = toString ; makefu = "/home/makefu/secrets/torrent" ; }; }) + + (mkIf ( unstable ) { + nixpkgs-unstable.git = { + url = https://github.com/nixos/nixpkgs-channels; + ref = "nixos-unstable"; + }; + }) + override ] From bd8438858ef06737602501cbbb697a7da50de45d Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 7 Mar 2018 01:52:20 +0100 Subject: [PATCH 006/183] ma pkgs.zj-58: init --- makefu/2configs/printer.nix | 1 + makefu/5pkgs/zj-58/default.nix | 30 ++++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) create mode 100644 makefu/5pkgs/zj-58/default.nix diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix index 51e69d8b7..d5fa65ef9 100644 --- a/makefu/2configs/printer.nix +++ b/makefu/2configs/printer.nix @@ -9,6 +9,7 @@ in { pkgs.samsungUnifiedLinuxDriver pkgs.cups-dymo # dymo labelwriter pkgs.foo2zjs # magicolor 1690mf + pkgs.zj-58 ]; }; diff --git a/makefu/5pkgs/zj-58/default.nix b/makefu/5pkgs/zj-58/default.nix new file mode 100644 index 000000000..6eda84959 --- /dev/null +++ b/makefu/5pkgs/zj-58/default.nix @@ -0,0 +1,30 @@ +{stdenv, fetchFromGitHub, cups}: + +stdenv.mkDerivation rec { + name = "cups-zj58-2018-02-22"; + + src = fetchFromGitHub { + owner = "klirichek"; + repo = "zj-58"; + rev = "e4212cd"; + sha256 = "1w2qkspm4qqg5h8n6gmakzhiww7gag64chvy9kf89xsl3wsyp6pi"; + }; + + buildInputs = [cups]; + + installPhase = '' + mkdir -p $out/lib/cups/filter + + cp rastertozj $out/lib/cups/filter + + + mkdir -p $out/share/cups/model/zjiang + cp ZJ-58.ppd $out/share/cups/model/zjiang/ + ''; + + meta = { + description = "CUPS filter for thermal printer Zjiang ZJ-58"; + homepage = https://github.com/klirichek/zj-58; + platforms = stdenv.lib.platforms.linux; + }; +} From 909fe1091fa599a816fbabc274952d3aca63b8c5 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 7 Mar 2018 01:52:40 +0100 Subject: [PATCH 007/183] ma pkgs.nodemcu-uploader: 0.2.2 -> 0.4.1 --- makefu/5pkgs/nodemcu-uploader/default.nix | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/makefu/5pkgs/nodemcu-uploader/default.nix b/makefu/5pkgs/nodemcu-uploader/default.nix index 64476be6e..f3e47be55 100644 --- a/makefu/5pkgs/nodemcu-uploader/default.nix +++ b/makefu/5pkgs/nodemcu-uploader/default.nix @@ -1,19 +1,22 @@ -{ lib, pkgs, pythonPackages, fetchurl, ... }: +{ lib, pkgs, pythonPackages, ... }: with pythonPackages; buildPythonPackage rec { name = "nodemcu-uploader-${version}"; - version = "0.2.2"; - disabled = isPy3k || isPyPy; + version = "0.4.1"; propagatedBuildInputs = [ pyserial + wrapt ]; - src = fetchurl { - url = "https://pypi.python.org/packages/source/n/nodemcu-uploader/nodemcu-uploader-${version}.tar.gz"; - sha256 = "090giz84y9y3idgifp0yh80qqyv2czv6h3y55wyrlgf7qfbwbrvn"; + + src = pkgs.fetchFromGitHub { + owner = "kmpm"; + repo = "nodemcu-uploader"; + rev = "v${version}"; + sha256 = "055pvlg544vb97kaqnnq51fs9f9g75vwgbazc293f3g1sk263gmn"; }; - # ImportError: No module named tests - # not sure what to do here + doCheck = false; + meta = { homepage = https://github.com/kmpm/nodemcu-uploader; description = "tool for uploading files to NodeMCU filesystem"; From c19a5c9b557042e130c90c9c616f91e09d212eb3 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 7 Mar 2018 01:53:41 +0100 Subject: [PATCH 008/183] ma x.r: switch audio on port change --- makefu/1systems/x/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index ad2ad8779..e0417e00d 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -123,6 +123,7 @@ with import ; load-module module-filter-heuristics load-module module-filter-apply load-module module-switch-on-connect + load-module module-switch-on-port-available ''; }; From 3ba773c18e092d327f3d45cede4214e05401ac95 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 7 Mar 2018 01:54:25 +0100 Subject: [PATCH 009/183] ma tp-x2x0: start charging at 95% again --- makefu/2configs/hw/tp-x2x0.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index f33c12a8f..98fe30daf 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -38,7 +38,7 @@ with import ; services.tlp.enable = true; services.tlp.extraConfig = '' # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery - START_CHARGE_THRESH_BAT0=67 + START_CHARGE_THRESH_BAT0=95 STOP_CHARGE_THRESH_BAT0=100 From 574be59987debd726d6a6a8508a697762dca7ca1 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 7 Mar 2018 15:27:06 +0100 Subject: [PATCH 010/183] ma source: add mic92 as source --- makefu/1systems/x/source.nix | 2 ++ makefu/source.nix | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/makefu/1systems/x/source.nix b/makefu/1systems/x/source.nix index 6278877c3..ab6429dc1 100644 --- a/makefu/1systems/x/source.nix +++ b/makefu/1systems/x/source.nix @@ -3,5 +3,7 @@ import { full = true; python = true; hw = true; + unstable = true; + mic92 = true; # torrent = true; } diff --git a/makefu/source.nix b/makefu/source.nix index 474f7e15b..6b32a1b40 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -8,6 +8,7 @@ host@{ name, , musnix ? false , python ? false , unstable ? false #unstable channel checked out +, mic92 ? false }: let builder = if getEnv "dummy_secrets" == "true" @@ -85,5 +86,12 @@ in }; }) + (mkIf ( mic92 ) { + mic92.git = { + url = https://github.com/Mic92/dotfiles/; + ref = "48a1f49"; + }; + }) + override ] From b2c1e1804a28bc88c564a3e7580e4c30c98e6baf Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 7 Mar 2018 17:05:50 +0100 Subject: [PATCH 011/183] ma pkgs.mic92: init overlay --- makefu/1systems/x/config.nix | 5 ++++- makefu/2configs/tools/mic92.nix | 9 +++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 makefu/2configs/tools/mic92.nix diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index e0417e00d..1623ff44f 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -11,6 +11,8 @@ with import ; + + @@ -27,6 +29,8 @@ with import ; # # # + # + # # Krebs @@ -78,7 +82,6 @@ with import ; # # # - # { networking.wireguard.interfaces.wg0 = { diff --git a/makefu/2configs/tools/mic92.nix b/makefu/2configs/tools/mic92.nix new file mode 100644 index 000000000..176e461c7 --- /dev/null +++ b/makefu/2configs/tools/mic92.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: +{ + nixpkgs.overlays = [ + (import ) + ]; + users.users.makefu.packages = [ + pkgs.nix-review + ]; +} From cbb83a487837d06a67f7ed8a6f918ee58fee0eaf Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 7 Mar 2018 17:06:11 +0100 Subject: [PATCH 012/183] ma hass: init config --- .../deployment/bureautomation/hass.nix | 75 +++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 makefu/2configs/deployment/bureautomation/hass.nix diff --git a/makefu/2configs/deployment/bureautomation/hass.nix b/makefu/2configs/deployment/bureautomation/hass.nix new file mode 100644 index 000000000..b62f37bdb --- /dev/null +++ b/makefu/2configs/deployment/bureautomation/hass.nix @@ -0,0 +1,75 @@ +{ pkgs, lib, ... }: +let + firetv = "192.168.1.238"; +in { + imports = [ + + ]; + systemd.services.firetv = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "nobody"; + ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555"; + }; + }; + nixpkgs.config.packageOverrides = oldpkgs: { + home-assistant = (import {}).home-assistant; + }; + ids.uids.hass = 286; + ids.gids.hass = 286; + services.home-assistant = { + #panel_iframe: + #configurator: + # title: Configurator + # icon: mdi:wrench + # url: http://hassio.local:3218 + # sensor: + # - platform: random + enable = true; + config = { + homeassistant = { + name = "Bureautomation"; + time_zone = "Europe/Berlin"; + }; + panel_iframe = { + euer_blog = { + title = "Euer Blog"; + icon = "mdi:wrench"; + url = "https://euer.krebsco.de"; + }; + }; + media_player = [ + { platform = "kodi"; + host = firetv; + } + { platform = "firetv"; + # assumes python-firetv running + } + ]; + sensor = [ + { + platform = "luftdaten"; + name = "Shack 1"; + sensorid = "50"; + monitored_conditions = [ "P1" "P2" ]; + } + { + platform = "luftdaten"; + name = "Shack 2"; + sensorid = "658"; + monitored_conditions = [ "P1" "P2" ]; + } + { + platform = "luftdaten"; + name = "Ditzingen"; + sensorid = "5341"; + monitored_conditions = [ "P1" "P2" ]; + } + { platform = "random"; } + ]; + frontend = { }; + http = { }; + feedreader.urls = [ "https://nixos.org/blogs.xml" ]; + }; + }; +} From 68f2953f7c5351e8584e3b3e747384aea355d523 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 7 Mar 2018 17:06:46 +0100 Subject: [PATCH 013/183] ma cgit-retiolum: make hydra-stockholm krebsroot --- makefu/2configs/git/cgit-retiolum.nix | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 1109e2519..30d90f9e3 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -3,10 +3,15 @@ with import ; let - repos = priv-repos // krebs-repos // connector-repos ; + repos = priv-repos // krebs-repos // connector-repos // krebsroot-repos; rules = concatMap krebs-rules (attrValues krebs-repos) ++ concatMap priv-rules (attrValues priv-repos) - ++ concatMap connector-rules (attrValues connector-repos); + ++ concatMap connector-rules (attrValues connector-repos) + ++ concatMap krebsroot-rules (attrValues krebsroot-repos); + + krebsroot-repos = mapAttrs make-krebs-repo { + hydra-stockholm = { }; + }; krebs-repos = mapAttrs make-krebs-repo { stockholm = { @@ -28,7 +33,6 @@ let init-stockholm = { cgit.desc = "Init stuff for stockholm"; }; - hydra-stockholm = { }; }; priv-repos = mapAttrs make-priv-repo { @@ -70,6 +74,9 @@ let krebs-rules = repo: set-owners repo all-makefu ++ set-ro-access repo krebsminister; + krebsroot-rules = repo: + set-owners repo (all-makefu ++ krebsminister); + set-ro-access = with git; repo: user: optional repo.public { inherit user; From 325be7a661a4bb34d1e2c2cc7332916741cf1a4b Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 13 Mar 2018 11:33:26 +0100 Subject: [PATCH 014/183] ma x.r: re-enable virtualbox --- makefu/1systems/x/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 1623ff44f..f72f2a15b 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -44,7 +44,7 @@ with import ; # Virtualization - # + { networking.firewall.allowedTCPPorts = [ 8080 ]; networking.nat = { From 28324a02d902b0ca31a383f162c585fb8f9b2972 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 13 Mar 2018 11:34:28 +0100 Subject: [PATCH 015/183] ma awesome: make locker configurable --- makefu/3modules/awesome-extra.nix | 4 +++- makefu/5pkgs/awesomecfg/default.nix | 6 +++--- makefu/5pkgs/awesomecfg/full.cfg | 32 ++++++++++++++--------------- makefu/5pkgs/awesomecfg/kiosk.lua | 4 ++-- 4 files changed, 24 insertions(+), 22 deletions(-) diff --git a/makefu/3modules/awesome-extra.nix b/makefu/3modules/awesome-extra.nix index e4a79aa87..6f19f8f72 100644 --- a/makefu/3modules/awesome-extra.nix +++ b/makefu/3modules/awesome-extra.nix @@ -21,7 +21,9 @@ let This module will use substituteAll to replace strings before writing to /etc/xdg/awesome/rc.lua ''; - default = pkgs.awesomecfg.full; + default = pkgs.awesomecfg.full.override { + locker = "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper"; + }; }; }; imp = { diff --git a/makefu/5pkgs/awesomecfg/default.nix b/makefu/5pkgs/awesomecfg/default.nix index 7e9724ec8..e5f62e910 100644 --- a/makefu/5pkgs/awesomecfg/default.nix +++ b/makefu/5pkgs/awesomecfg/default.nix @@ -1,23 +1,23 @@ { pkgs , lib , alsaUtils -, xlockmore , xbacklight , modkey?"Mod4" +, locker? "${pkgs.xlock}/bin/xlock -mode blank" , ... }: { # replace: @alsaUtils@ @xlockmore@ @xbacklight@ @modkey@ full = lib.makeOverridable pkgs.substituteAll { name = "awesome_full_config"; - inherit alsaUtils xlockmore xbacklight modkey; + inherit alsaUtils locker xbacklight modkey; isExecutable = false; src = ./full.cfg; }; kiosk = lib.makeOverridable pkgs.substituteAll { name = "awesome_kiosk_config"; - inherit alsaUtils xlockmore xbacklight modkey; + inherit alsaUtils locker xbacklight modkey; isExecutable = false; src = ./kiosk.lua; }; diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg index 3488d0102..e748981c6 100644 --- a/makefu/5pkgs/awesomecfg/full.cfg +++ b/makefu/5pkgs/awesomecfg/full.cfg @@ -243,7 +243,7 @@ awful.screen.connect_for_each_screen(function(s) set_wallpaper(s) -- Each screen has its own tag table. - awful.tag({ "tmp", "news", "www", "im", "work1","work2","net","misc","remote" }, s, awful.layout.layouts[1]) + awful.tag({ "tmp", "news", "www", "im", "work1","work2","net","misc","remote" }, s, awful.layout.layouts[1]) -- Create a promptbox for each screen s.mypromptbox = awful.widget.prompt() @@ -277,10 +277,10 @@ awful.screen.connect_for_each_screen(function(s) { -- Right widgets layout = wibox.layout.fixed.horizontal, mykeyboardlayout, - mailwidget, + mailwidget, wibox.widget.systray(), - cpuwidget, - batwidget, + cpuwidget, + batwidget, mytextclock, s.mylayoutbox, }, @@ -379,19 +379,19 @@ globalkeys = awful.util.table.join( -- Prompt awful.key({ modkey }, "r", function () awful.screen.focused().mypromptbox:run() end, {description = "run prompt", group = "launcher"}), - awful.key({ modkey,"Control" }, "BackSpace", function () awful.util.spawn("@xlockmore@/bin/xlock -mode blank") end), - awful.key({ }, "XF86ScreenSaver", function () awful.util.spawn("@xlockmore@/bin/xlock -mode blank") end), + awful.key({ modkey,"Control" }, "BackSpace", function () awful.util.spawn("@locker@") end), + awful.key({ }, "XF86ScreenSaver", function () awful.util.spawn("@locker@") end), - awful.key({ modkey }, "x", - function () - awful.prompt.run { - prompt = "Run Lua code: ", - textbox = awful.screen.focused().mypromptbox.widget, - exe_callback = awful.util.eval, - history_path = awful.util.get_cache_dir() .. "/history_eval" - } - end, - {description = "lua execute prompt", group = "awesome"}), + awful.key({ modkey }, "x", + function () + awful.prompt.run { + prompt = "Run Lua code: ", + textbox = awful.screen.focused().mypromptbox.widget, + exe_callback = awful.util.eval, + history_path = awful.util.get_cache_dir() .. "/history_eval" + } + end, + {description = "lua execute prompt", group = "awesome"}), -- Menubar awful.key({ modkey }, "p", function() menubar.show() end) diff --git a/makefu/5pkgs/awesomecfg/kiosk.lua b/makefu/5pkgs/awesomecfg/kiosk.lua index ec255a8af..d0261f798 100644 --- a/makefu/5pkgs/awesomecfg/kiosk.lua +++ b/makefu/5pkgs/awesomecfg/kiosk.lua @@ -331,8 +331,8 @@ globalkeys = awful.util.table.join( -- Prompt awful.key({ modkey }, "r", function () mypromptbox[mouse.screen]:run() end), -- awful.key({ modkey }, "r", function () awful.util.spawn( "dmenu_run" ) end ), - awful.key({ modkey,"Control" }, "BackSpace", function () awful.util.spawn("xlock -mode blank") end), - awful.key({ }, "XF86ScreenSaver", function () awful.util.spawn("xlock -mode blank") end), + awful.key({ modkey,"Control" }, "BackSpace", function () awful.util.spawn("@locker@") end), + awful.key({ }, "XF86ScreenSaver", function () awful.util.spawn("@locker@") end), awful.key({ modkey }, "x", function () From 5fdbd513406ce6a4caef35f60a446cc15104d9ee Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Mar 2018 21:30:04 +0100 Subject: [PATCH 016/183] buildbot-all: remove deploy test (currently broken) --- krebs/2configs/buildbot-all.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/krebs/2configs/buildbot-all.nix b/krebs/2configs/buildbot-all.nix index 5ea78f227..d85cde175 100644 --- a/krebs/2configs/buildbot-all.nix +++ b/krebs/2configs/buildbot-all.nix @@ -5,6 +5,5 @@ with import ; krebs.ci.enable = true; krebs.ci.treeStableTimer = 1; krebs.ci.hosts = filter (getAttr "ci") (attrValues config.krebs.hosts); - krebs.ci.tests = [ "deploy" ]; } From 53c3b2b80593569d736bcced56f97b995f246997 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Mar 2018 21:30:36 +0100 Subject: [PATCH 017/183] l: make spf header more restrictive --- krebs/3modules/lass/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index e269d1fa1..dbdf70008 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -89,7 +89,7 @@ with import ; 60 IN NS ns16.ovh.net. 60 IN NS dns16.ovh.net. 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - 60 IN TXT v=spf1 mx -all + 60 IN TXT v=spf1 mx a:lassul.us -all cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} io 60 IN NS ions.lassul.us. ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} From 666f030b10d8c8ad3ea92fce5c20e013df598cb8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Mar 2018 21:31:02 +0100 Subject: [PATCH 018/183] l helios.r: fix displayManager setup --- lass/1systems/helios/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index c4d99cb2c..c4a171d86 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -131,7 +131,7 @@ with import ; ]; services.xserver.displayManager.sessionCommands = '' - ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal + ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --scale 0.5x0.5 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal ''; networking.hostName = lib.mkForce "BLN02NB0162"; From d5a7a288ba51b6cc21529f610fcfecd90d2664ea Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Mar 2018 21:31:30 +0100 Subject: [PATCH 019/183] l mors.r: minimize deploy script --- lass/1systems/mors/config.nix | 24 ++---------------------- 1 file changed, 2 insertions(+), 22 deletions(-) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index cbb71ab24..f77bc64c2 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -170,31 +170,11 @@ with import ; export PATH=${makeBinPath [ pkgs.bash pkgs.coreutils - pkgs.nix - (pkgs.writeDashBin "is-git-crypt-locked" '' - magic=$(dd status=none if="$1" skip=1 bs=1 count=8) - test "$magic" = GITCRYPT - '') + pkgs.nixUnstable ]} cd ~/stockholm export SYSTEM="$1" - if is-git-crypt-locked ~/secrets/ready; then - echo 'secrets are crypted' >&2 - exit 23 - else - exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"' - fi - ''; - predeploy = pkgs.writeDash "predeploy" '' - set -eu - export PATH=${makeBinPath [ - pkgs.bash - pkgs.coreutils - pkgs.nix - ]} - cd ~/stockholm - export SYSTEM="$1" - exec nix-shell -I stockholm="$PWD" --run 'test --system="$SYSTEM" --target="$SYSTEM/var/test/" --force-populate' + exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"' ''; }; From fbf87b0f7eedc029c111a98662b2e639888d45db Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Mar 2018 21:39:24 +0100 Subject: [PATCH 020/183] l: add allygator@lassul.us mail --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index ae652722a..4455d2761 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -78,6 +78,7 @@ with import ; { from = "github@lassul.us"; to = lass.mail; } { from = "ovh@lassul.us"; to = lass.mail; } { from = "hetzner@lassul.us"; to = lass.mail; } + { from = "allygator@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } From 099bf40e49688ab8946a5b88ac974458eee69469 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Mar 2018 22:39:38 +0100 Subject: [PATCH 021/183] l: add c-base to msmtprc --- lass/2configs/mail.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 03d39ef75..ebe873cf9 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -8,6 +8,16 @@ let logfile ~/.msmtp.log account prism host prism.r + account c-base + from lassulus@c-base.org + host c-mail.c-base.org + port 465 + tls on + tls_starttls off + tls_fingerprint 8C:10:A6:AB:1F:82:C4:8F:B1:B4:22:D5:8B:8B:49:9B:59:0B:22:A4 + auth on + user lassulus + passwordeval pass show c-base/pass account default: prism ''; From 7bc8fc7a44969387621425b1c10c8391e56ba087 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Mar 2018 22:40:46 +0100 Subject: [PATCH 022/183] l mail: add more mailboxes --- lass/2configs/mail.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index ebe873cf9..278ec0ff3 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -46,9 +46,11 @@ let ]; dezentrale = [ "to:dezentrale.space" ]; dhl = [ "to:dhl@lassul.us" ]; + eloop = [ "to:eloop.org" ]; github = [ "to:github@lassul.us" ]; gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ]; kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ]; + lugs = [ "to:lugs@lug-s.org" ]; nix-devel = [ "to:nix-devel@googlegroups.com" ]; patreon = [ "to:patreon@lassul.us" ]; paypal = [ "to:paypal@lassul.us" ]; From 92f8c5f94b88cd837bc77200e70e7fd9f2af88d2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 15 Mar 2018 19:33:43 +0100 Subject: [PATCH 023/183] l mail: update pubkey --- lass/2configs/mail.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 278ec0ff3..b9682c5ee 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -77,7 +77,7 @@ let # gpg source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc set pgp_use_gpg_agent = yes - set pgp_sign_as = 0x976A7E4D + set pgp_sign_as = 0xDC2A43EF4F11E854B44D599A89E82952976A7E4D set crypt_autosign = yes set crypt_replyencrypt = yes set crypt_verify_sig = yes From 2e8dd5027bb71f1a329f63e2035f24647843c67e Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 18 Mar 2018 20:37:48 +0100 Subject: [PATCH 024/183] ma bluetooth-mpd: make abstract --- makefu/1systems/omo/config.nix | 8 +++- makefu/1systems/wbob/config.nix | 61 +------------------------ makefu/2configs/bluetooth-mpd.nix | 74 +++++++++++++++++++++++++++++++ 3 files changed, 82 insertions(+), 61 deletions(-) create mode 100644 makefu/2configs/bluetooth-mpd.nix diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 01438397e..c31d27c8f 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -9,7 +9,7 @@ let keyFile = byid "usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0"; rootDisk = byid "ata-SanDisk_SD8SNAT128G1122_162099420904"; rootPartition = byid "ata-SanDisk_SD8SNAT128G1122_162099420904-part2"; - primaryInterface = "enp1s0"; + primaryInterface = "enp2s0"; # cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512 # cryptsetup luksAddKey $dev tmpkey # cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096 @@ -54,6 +54,7 @@ in { # # + # @@ -72,6 +73,11 @@ in { + + { + hardware.pulseaudio.systemWide = true; + makefu.mpd.musicDirectory = "/media/cryptX/music"; + } # security diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index 637d8e2d8..cfbcf0e9c 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -32,66 +32,7 @@ in { - (let - musicDirectory = "/data/music"; - in { - services.mpd = { - enable = true; - inherit musicDirectory; - # dataDir = "/home/anders/.mpd"; - network.listenAddress = "any"; - extraConfig = '' - audio_output { - type "pulse" - name "Local MPD" - server "127.0.0.1" - } - ''; - }; - # open because of truestedInterfaces - # networking.firewall.allowedTCPPorts = [ 6600 4713 ]; - services.samba.shares.music = { - path = musicDirectory; - "read only" = "no"; - browseable = "yes"; - "guest ok" = "yes"; - }; - - sound.enable = true; - hardware.pulseaudio = { - enable = true; - package = pkgs.pulseaudioFull; - # systemWide = true; - support32Bit = true; - zeroconf.discovery.enable = true; - zeroconf.publish.enable = true; - tcp = { - enable = true; - anonymousClients.allowAll = true; - anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.8.0/24" ]; - }; - configFile = pkgs.writeText "default.pa" '' - load-module module-udev-detect - load-module module-bluetooth-policy - load-module module-bluetooth-discover - load-module module-native-protocol-unix - load-module module-always-sink - load-module module-console-kit - load-module module-systemd-login - load-module module-intended-roles - load-module module-position-event-sounds - load-module module-filter-heuristics - load-module module-filter-apply - load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 - load-module module-switch-on-connect - # may be required for "system-wide" pulse to connect to bluetooth - #module-bluez5-device - #module-bluez5-discover - ''; - }; - # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio - hardware.bluetooth.enable = true; - }) + # Sensors diff --git a/makefu/2configs/bluetooth-mpd.nix b/makefu/2configs/bluetooth-mpd.nix new file mode 100644 index 000000000..f7fa999ca --- /dev/null +++ b/makefu/2configs/bluetooth-mpd.nix @@ -0,0 +1,74 @@ +{ pkgs, config, lib, ... }: + +let + cfg = config.makefu.mpd; +in { + options.makefu.mpd.musicDirectory = lib.mkOption { + description = "music Directory"; + default = "/data/music"; + type = lib.types.str; + }; + config = { + services.mpd = { + enable = true; + inherit (cfg) musicDirectory; + network.listenAddress = "0.0.0.0"; + extraConfig = '' + audio_output { + type "pulse" + name "Local MPD" + server "127.0.0.1" + } + ''; + }; + # open because of truestedInterfaces + # networking.firewall.allowedTCPPorts = [ 6600 4713 ]; + services.samba.shares.music = { + path = cfg.musicDirectory; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + + sound.enable = true; + hardware.pulseaudio = { + enable = true; + package = pkgs.pulseaudioFull; + # systemWide = true; + support32Bit = true; + zeroconf.discovery.enable = true; + zeroconf.publish.enable = true; + tcp = { + enable = true; + # PULSE_SERVER=192.168.1.11 pavucontrol + anonymousClients.allowAll = true; + # anonymousClients.allowedIpRanges = [ "127.0.0.1" ]; + }; + configFile = pkgs.writeText "default.pa" '' + load-module module-udev-detect + load-module module-bluetooth-policy + load-module module-bluetooth-discover + load-module module-native-protocol-unix + load-module module-always-sink + load-module module-console-kit + load-module module-systemd-login + load-module module-intended-roles + load-module module-position-event-sounds + load-module module-filter-heuristics + load-module module-filter-apply + # will be enabled by pulseaudio.tcp.enable + # load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 + load-module module-switch-on-connect + # may be required for "system-wide" pulse to connect to bluetooth + #module-bluez5-device + #module-bluez5-discover + ''; + }; + # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio + hardware.bluetooth.enable = true; + #hardware.bluetooth.extraConfig = '' + # [general] + # Enable=Source,Sink,Media,Socket + #''; + }; +} From 78486827c3ed1e7d5777a41d2b6798a9b61ae8d4 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 18 Mar 2018 20:38:48 +0100 Subject: [PATCH 025/183] ma bluetooth-mpd: remove obsolete comments --- makefu/2configs/bluetooth-mpd.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/makefu/2configs/bluetooth-mpd.nix b/makefu/2configs/bluetooth-mpd.nix index f7fa999ca..226f5cf1f 100644 --- a/makefu/2configs/bluetooth-mpd.nix +++ b/makefu/2configs/bluetooth-mpd.nix @@ -42,7 +42,6 @@ in { enable = true; # PULSE_SERVER=192.168.1.11 pavucontrol anonymousClients.allowAll = true; - # anonymousClients.allowedIpRanges = [ "127.0.0.1" ]; }; configFile = pkgs.writeText "default.pa" '' load-module module-udev-detect @@ -56,12 +55,7 @@ in { load-module module-position-event-sounds load-module module-filter-heuristics load-module module-filter-apply - # will be enabled by pulseaudio.tcp.enable - # load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 load-module module-switch-on-connect - # may be required for "system-wide" pulse to connect to bluetooth - #module-bluez5-device - #module-bluez5-discover ''; }; # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio From 8766727e01f8892b5adab38096264028878d2803 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 21:31:03 +0100 Subject: [PATCH 026/183] electron-cash: RIP --- krebs/5pkgs/simple/electron-cash/default.nix | 64 -------------------- 1 file changed, 64 deletions(-) delete mode 100644 krebs/5pkgs/simple/electron-cash/default.nix diff --git a/krebs/5pkgs/simple/electron-cash/default.nix b/krebs/5pkgs/simple/electron-cash/default.nix deleted file mode 100644 index e51136c60..000000000 --- a/krebs/5pkgs/simple/electron-cash/default.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ stdenv, fetchFromGitHub, python2Packages }: - -python2Packages.buildPythonApplication rec { - name = "electron-cash-${src.rev}"; - - src = fetchFromGitHub { - owner = "fyookball"; - repo = "electrum"; - rev = "a2245ea"; - sha256 = "1a0ym94azfd1yn97n2jcky344ajbj2amr9l6jpx30pqxndffpbgv"; - }; - - propagatedBuildInputs = with python2Packages; [ - dns - ecdsa - jsonrpclib - pbkdf2 - pyaes - pycrypto - pyqt4 - pysocks - qrcode - requests - tlslite - - # plugins - keepkey - trezor - ]; - - preBuild = '' - sed -i 's,usr_share = .*,usr_share = "'$out'/share",g' setup.py - pyrcc4 icons.qrc -o gui/qt/icons_rc.py - # Recording the creation timestamps introduces indeterminism to the build - sed -i '/Created: .*/d' gui/qt/icons_rc.py - ''; - - postInstall = '' - # Despite setting usr_share above, these files are installed under - # $out/nix ... - mv $out/lib/python2.7/site-packages/nix/store"/"*/share $out - rm -rf $out/lib/python2.7/site-packages/nix - - substituteInPlace $out/share/applications/electron.desktop \ - --replace "Exec=electrum %u" "Exec=$out/bin/electrum %u" - ''; - - doInstallCheck = true; - installCheckPhase = '' - $out/bin/electrum help >/dev/null - ''; - - meta = with stdenv.lib; { - description = "A lightweight Bitcoin wallet"; - longDescription = '' - An easy-to-use Bitcoin client featuring wallets generated from - mnemonic seeds (in addition to other, more advanced, wallet options) - and the ability to perform transactions without downloading a copy - of the blockchain. - ''; - homepage = https://electrum.org/; - license = licenses.mit; - }; -} From f4562cf068ee880cfd7a06c7efc6cc19ab8ae729 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 21:34:11 +0100 Subject: [PATCH 027/183] l security: use default kernel --- lass/2configs/security-workarounds.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/lass/2configs/security-workarounds.nix b/lass/2configs/security-workarounds.nix index c3d07d5fe..537c8a59b 100644 --- a/lass/2configs/security-workarounds.nix +++ b/lass/2configs/security-workarounds.nix @@ -5,6 +5,4 @@ with import ; boot.extraModprobeConfig = '' install dccp /run/current-system/sw/bin/false ''; - - boot.kernelPackages = pkgs.linuxPackages_latest; } From 768d9a94967a502e497aada07cafd9521bd08d8e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 21:35:27 +0100 Subject: [PATCH 028/183] l websites domsen: more domains --- lass/2configs/websites/domsen.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 9ece2af77..7a72499c9 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -49,6 +49,7 @@ in { "www.ubikmedia.eu" "www.youthtube.xyz" "www.ubikmedia.de" + "www.joemisch.com" "www.weirdwednesday.de" "aldona2.ubikmedia.de" @@ -63,6 +64,7 @@ in { "weirdwednesday.ubikmedia.de" "freemonkey.ubikmedia.de" "jarugadesign.ubikmedia.de" + "crypto4art.ubikmedia.de" ]) ]; From 8a0e77e2bbe8147e81ccbf1039a6590369b6100d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 21:57:45 +0100 Subject: [PATCH 029/183] l: add cabal --- krebs/3modules/lass/default.nix | 41 +++++++++++++++++++++++++++++++++ lass/1systems/cabal/config.nix | 35 ++++++++++++++++++++++++++++ lass/1systems/cabal/source.nix | 4 ++++ 3 files changed, 80 insertions(+) create mode 100644 lass/1systems/cabal/config.nix create mode 100644 lass/1systems/cabal/source.nix diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index dbdf70008..0c3e68c39 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -618,6 +618,47 @@ with import ; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n"; }; + cabal = { + cores = 2; + nets = rec { + retiolum = { + ip4.addr = "10.243.1.4"; + ip6.addr = "42::1:4"; + aliases = [ + "cabal.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEAukXm8xPpC6/F+wssYqQbqt1QDwsPrF3TJ9ToLFcN1WgDlhDhjM3A + SuRDMNjRT1fvVTuXyplH5g16eokW/yLOpNnznMS3/VR372pLPEOqfuRf7wAy18jj + rZkW3EO7nyZ8KMb+SXA8Q0KIpHY50Ezh+tqGoTZDICwoK6N5dKLgAZShS55JXwwK + qRG3vyzV3mDjgVyT0FNfyL1/BN1qvJ+tQQ40lEbkcQauMunMzNbH058kAd6H2/0e + LK4JkxI9XpZHE6Pf1epXyClHW7vT7APFRp9gL9tZS/XMC18+aEMFfQrNW9jb3FIq + rU5MfJ7aubboe7dT6CRaRSWpduiKLVzY/JCoGvUziyvmR7qHsQWTEjtNuQX9joc3 + 6iq1o+gmLV0G8Xwq8cEcg5USlLxNsGBQPwYnTG6iTPPHqOv7BKucekE/opnVZseE + fSNCGl1+tGwa3soSMI97LkpQTZxdeqf+jWZve0RbSa2Ihyod91ldFCqi1+PZx68v + yBI0PJamlt+dBx6WQKbPngWYeD8hXo7tg0XVRVa3ZQyX+Mq6uCCb2GM8ewMUPl+A + kcY1osFt6+sdkFGdiv3FMyijAiZumPoPprXC/4SGIsMnkoI4JfSAbTpHi2QuesqR + KMeairdB7XGUYlMvWpDLKN2dbMdRc+l3kDUKT7hALjKeyWS/27WYeK/STxvZXEXi + TZGHopvOFv6wcrb6nI49vIJo5mDLFamAPN3ZjeR20wP95UP7cUUSaTYX49M4lX6U + oL5BaFrcLn2PTvS84pUxcXKAp70FgTpvGJbaWwETgDjW+H+qlGmI/BTejpL7flVs + TOtaP/uCMxhVZSFv9bzo0ih10o+4gtU8lqxfJsVxlf2K7LVZ++LQba/u+XxRY+xw + 3IFBfg34tnO6zYlV8XgAiJ6IUOHUZANsuBD4iMoFSVOig6t5eIOkgXR6GEkP8FBD + rkroRMmxcu4lTCOzWIuAVOxCd4XXguoGQ4HAzpGd5ccdcb8Ev4RYEvNJY7B5tIQZ + 4J0F9ECzJuSu1HvWTL+T6a36d2MDTkXU2IJ2tSHciXqiP+QMMF7p9Ux0tiAq4mtf + luA94uKWg3cSyTyEM/jF66CgO6Ts3AivNE0MRNupV6AbUdr+TjzotGn9rxi168py + w/49OVbpR9EIGC2wxx7qcSEk5chFOcgvNQMRqgIx51bbOL7JYb0f4XuA38GUqLkG + 09PXmPeyqGzR9HsV2XZDprZdD3Dy4ojdexw0+YILg9bHaAxLHYs6WFZvzfaLLsf1 + K2I39vvrEEOy8tHi4jvMk7oVX6RWG+DOZMeXTvyUCaBHyYkA0eDlC6NeKOHxnW/g + ZtN1W93UdklEqc5okM0/ZIke1HDRt3ZLdQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + secure = true; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym"; + }; }; users = { lass = { diff --git a/lass/1systems/cabal/config.nix b/lass/1systems/cabal/config.nix new file mode 100644 index 000000000..7eba86c52 --- /dev/null +++ b/lass/1systems/cabal/config.nix @@ -0,0 +1,35 @@ +{ config, pkgs, ... }: + +{ + imports = [ + + + + + + + + + + + + + + + ]; + + krebs.build.host = config.krebs.hosts.cabal; + + #fileSystems = { + # "/bku" = { + # device = "/dev/mapper/pool-bku"; + # fsType = "btrfs"; + # options = ["defaults" "noatime" "ssd" "compress=lzo"]; + # }; + #}; + + #services.udev.extraRules = '' + # SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" + # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" + #''; +} diff --git a/lass/1systems/cabal/source.nix b/lass/1systems/cabal/source.nix new file mode 100644 index 000000000..5d9507f3d --- /dev/null +++ b/lass/1systems/cabal/source.nix @@ -0,0 +1,4 @@ +import { + name = "cabal"; + secure = true; +} From fa724ceab0f5f10b253d806326b7c917814412eb Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 22:03:25 +0100 Subject: [PATCH 030/183] l: use xlockmore as lockscreen --- lass/1systems/helios/config.nix | 2 -- lass/3modules/screenlock.nix | 4 ++-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index c4a171d86..e64cfbe79 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -168,8 +168,6 @@ with import ; '') ]; - lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f"; - programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; diff --git a/lass/3modules/screenlock.nix b/lass/3modules/screenlock.nix index e16ce9868..29c3861f2 100644 --- a/lass/3modules/screenlock.nix +++ b/lass/3modules/screenlock.nix @@ -14,7 +14,7 @@ let enable = mkEnableOption "screenlock"; command = mkOption { type = types.str; - default = "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f"; + default = "${pkgs.xlockmore}/bin/xlock -mode life1d -size 1"; }; }; @@ -28,7 +28,7 @@ let serviceConfig = { SyslogIdentifier = "screenlock"; ExecStart = cfg.command; - Type = "forking"; + Type = "simple"; User = "lass"; }; }; From 1334ab82d0f987c3551ed49d67869bc528f5bd07 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 22:12:55 +0100 Subject: [PATCH 031/183] l websites fritz: simplify msmtprc --- lass/2configs/websites/fritz.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index aa57a9857..14d6ce9ec 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -12,9 +12,8 @@ let ; msmtprc = pkgs.writeText "msmtprc" '' - account localhost + account default host localhost - account default: localhost ''; sendmail = pkgs.writeDash "msmtp" '' From bd4def24bfbd8f034032e3a6e89ce4dd88d6930e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 22:36:44 +0100 Subject: [PATCH 032/183] nixpkgs: c5bc83b -> c665fcc --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index 7e0ea7e47..733601a21 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -24,7 +24,7 @@ in stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "c5bc83b503dfb29eb27c1deb0268f15c1858e7ce"; # nixos-17.09 @ 2018-02-27 + ref = "c665fcca9e7be8cd06c1f3c5bbe2b00d4c8f2a92"; # nixos-17.09 @ 2018-03-18 }; } override From 390375cd8a0c745eb6b4df93f3f6f3e5f2985c90 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 20 Mar 2018 15:17:36 +0100 Subject: [PATCH 033/183] j: dirty merge again --- jeschli/1systems/bln/config.nix | 85 ++++++------------- .../1systems/bln/hardware-configuration.nix | 22 ++--- jeschli/2configs/virtualbox.nix | 2 +- jeschli/source.nix | 2 +- 4 files changed, 38 insertions(+), 73 deletions(-) diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 9c491c8a1..885307b7a 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -12,54 +12,25 @@ ./hardware-configuration.nix # ./dcso-vpn.nix ]; + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # boot.loader.grub.efiSupport = true; - # boot.loader.grub.efiInstallAsRemovable = true; - # boot.loader.efi.efiSysMountPoint = "/boot/efi"; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only - boot.loader.grub.extraEntries = '' - menuentry "Debian GNU/Linux, kernel 4.9.0-4-amd64" { - search --set=drive1 --fs-uuid f169fd32-bf96-4da0-bc34-294249ffa606 - linux ($drive1)/vmlinuz-4.9.0-4-amd64 root=/dev/mapper/pool-debian ro - initrd ($drive1)/initrd.img-4.9.0-4-amd64 - } - ''; - boot.initrd.luks.devices = [ - { - name = "root"; - device = "/dev/disk/by-uuid/cba5d550-c3c8-423e-a913-14b5210bdd32"; - preLVM = true; - allowDiscards = true; - } - ]; - - networking.hostName = lib.mkForce "BLN02NB0154"; # Define your hostname. + environment.shellAliases = { + n = "nix-shell"; + gd = "cd /home/jeschli/go/src/gitlab.dcso.lolcat"; + gh = "cd /home/jeschli/go/src/github.com"; + stocki = pkgs.writeDash "deploy" '' + cd ~/stockholm + LOGNAME=jeschli exec nix-shell -I stockholm="$PWD" --run 'deploy --system="bln"' + ''; + }; + networking.hostName = lib.mkForce "BLN02NB0232"; # Define your hostname. networking.networkmanager.enable = true; - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Select internationalisation properties. - # i18n = { - # consoleFont = "Lat2-Terminus16"; - # consoleKeyMap = "us"; - # defaultLocale = "en_US.UTF-8"; - # }; - # Set your time zone. time.timeZone = "Europe/Berlin"; - - - # List packages installed in system profile. To search by name, run: - # $ nix-env -qaP | grep wget + # Setup Packages nixpkgs.config.allowUnfree = true; - environment.shellAliases = { - n = "nix-shell"; - gd = "cd /home/markus/go/src/gitlab.dcso.lolcat"; - gh = "cd /home/markus/go/src/github.com"; - }; environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; }; environment.systemPackages = with pkgs; [ # system helper @@ -108,9 +79,6 @@ ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. programs.bash.enableCompletion = true; programs.vim.defaultEditor = true; # programs.mtr.enable = true; @@ -132,33 +100,26 @@ services.printing.drivers = [ pkgs.postscript-lexmark ]; # Enable the X11 windowing system. services.xserver.enable = true; + services.xserver.videoDrivers = [ "nvidia" ]; # services.xserver.xrandrHeads = [ # { output = "eDP1"; } # { output = "DP-2-2-8"; primary = true; } # { output = "DP-2-1-8"; monitorConfig = ''Option "Rotate" "left"''; } # ]; - # services.xserver.layout = "us"; - # services.xserver.xkbOptions = "eurosign:e"; - - # Enable touchpad support. - # services.xserver.libinput.enable = true; - - # Enable the KDE Desktop Environment. -# services.xserver.displayManager.lightdm.enable = true; services.xserver.windowManager.xmonad.enable = true; services.xserver.windowManager.xmonad.enableContribAndExtras = true; -# services.xserver.desktopManager.gnome3.enable = true; - # services.xserver.displayManager.gdm.enable = true; services.xserver.displayManager.sddm.enable = true; - #services.xserver.desktopManager.plasma5.enable = true; +# services.xserver.desktopManager.gnome3.enable = true; + services.xserver.dpi = 100; + fonts.fontconfig.dpi = 100; + # services.xserver.displayManager.sessionCommands = '' # (sleep 1 && ${pkgs.xorg.xrandr}/bin/xrandr --output VIRTUAL1 --off --output eDP1 --mode 1920x1080 --pos 5120x688 --rotate normal --output DP1 --off --output DP2-1 --mode 2560x1440 --pos 2560x328 --rotate normal --output DP2-2 --primary --mode 2560x1440 --pos 0x328 --rotate normal --output DP2-3 --off --output HDMI2 --off --output HDMI1 --off --output DP2 --off #''; - # Define a user account. Don't forget to set a password with ‘passwd’. - users.extraUsers.markus = { + users.extraUsers.jeschli = { isNormalUser = true; - extraGroups = ["docker"]; + extraGroups = ["docker" "vboxusers"]; uid = 1000; }; @@ -179,7 +140,7 @@ # }); # }; -# virtualisation.docker.enable = true; + virtualisation.docker.enable = true; # DCSO Certificates @@ -191,6 +152,8 @@ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) + # VBOX certs + ./services.bundled.crt ]; hardware.bluetooth.enable = true; diff --git a/jeschli/1systems/bln/hardware-configuration.nix b/jeschli/1systems/bln/hardware-configuration.nix index 714162271..2b354190c 100644 --- a/jeschli/1systems/bln/hardware-configuration.nix +++ b/jeschli/1systems/bln/hardware-configuration.nix @@ -8,27 +8,29 @@ [ ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sr_mod" "rtsx_pci_sdmmc" ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; + boot.initrd.luks.devices.crypted.device = "/dev/disk/by-uuid/25534522-5748-4dcc-a5ca-80a3ac70f59d"; + fileSystems."/" = - { device = "/dev/disk/by-uuid/02144ea4-947d-440e-bbf9-99cab0dccf05"; + { device = "/dev/disk/by-uuid/496c8889-96db-446d-9bac-60d4347faeac"; + fsType = "ext4"; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/2785adf5-a99e-49d7-86d6-99f393f457ea"; fsType = "ext4"; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/f169fd32-bf96-4da0-bc34-294249ffa606"; - fsType = "ext2"; - }; - - fileSystems."/home" = - { device = "/dev/disk/by-uuid/68ef2163-7b3d-4dbb-add9-d3543ad7c738"; - fsType = "ext4"; + { device = "/dev/disk/by-uuid/927E-01A0"; + fsType = "vfat"; }; swapDevices = [ ]; - nix.maxJobs = lib.mkDefault 4; + nix.maxJobs = lib.mkDefault 8; powerManagement.cpuFreqGovernor = "powersave"; } diff --git a/jeschli/2configs/virtualbox.nix b/jeschli/2configs/virtualbox.nix index b2cb851a1..c9bb8c41f 100644 --- a/jeschli/2configs/virtualbox.nix +++ b/jeschli/2configs/virtualbox.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: let - mainUser = config.users.extraUsers.markus; + mainUser = config.users.extraUsers.jeschli; in { #services.virtualboxHost.enable = true; diff --git a/jeschli/source.nix b/jeschli/source.nix index 382dd61bc..d5cc32a9f 100644 --- a/jeschli/source.nix +++ b/jeschli/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "0653b73"; + ref = "395fe7f"; }; secrets.file = getAttr builder { buildbot = toString ; From 36aaeb793bd19fdc0662d29f242c07abf54a849c Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 20 Mar 2018 16:06:34 +0100 Subject: [PATCH 034/183] bln: fix config again --- jeschli/1systems/bln/config.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 6142933f5..407e913c0 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -19,8 +19,8 @@ jeschliFontSize = 20; # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; +# boot.loader.grub.enable = true; +# boot.loader.grub.version = 2; # boot.loader.grub.efiSupport = true; # boot.loader.grub.efiInstallAsRemovable = true; # boot.loader.efi.efiSysMountPoint = "/boot/efi"; From 0c04595ddfdd25b7d5cbb508609d731736a2f00e Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 20 Mar 2018 16:37:12 +0100 Subject: [PATCH 035/183] jeschli bln: config cosmetics --- jeschli/1systems/bln/config.nix | 75 +++++++++------------------------ 1 file changed, 20 insertions(+), 55 deletions(-) diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 407e913c0..6098f8cfe 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -1,30 +1,18 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - { config, lib, pkgs, ... }: # bln config file { imports = - [ # Include the results of the hardware scan. - + [ ./hardware-configuration.nix - # ./dcso-vpn.nix ]; - # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; jeschliFontSize = 20; - # Use the GRUB 2 boot loader. -# boot.loader.grub.enable = true; -# boot.loader.grub.version = 2; - # boot.loader.grub.efiSupport = true; - # boot.loader.grub.efiInstallAsRemovable = true; - # boot.loader.efi.efiSysMountPoint = "/boot/efi"; - # Define on which hard drive you want to install Grub. + environment.shellAliases = { n = "nix-shell"; gd = "cd /home/markus/go/src/gitlab.dcso.lolcat"; @@ -34,10 +22,12 @@ LOGNAME=jeschli exec nix-shell -I stockholm="$PWD" --run 'deploy --system="bln"' ''; }; - networking.hostName = lib.mkForce "BLN02NB0232"; # Define your hostname. + networking.hostName = lib.mkForce "BLN02NB0232"; networking.networkmanager.enable = true; + # Set your time zone. time.timeZone = "Europe/Berlin"; + # Setup Packages nixpkgs.config.allowUnfree = true; environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; }; @@ -61,7 +51,7 @@ emacs # databases sqlite - # internet + # internet thunderbird hipchat chromium @@ -92,67 +82,42 @@ programs.bash.enableCompletion = true; programs.vim.defaultEditor = true; - # programs.mtr.enable = true; - # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; - # List services that you want to enable: - - # Enable the OpenSSH daemon. services.openssh.enable = true; - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - # Enable CUPS to print documents. services.printing.enable = true; services.printing.drivers = [ pkgs.postscript-lexmark ]; + # Enable the X11 windowing system. services.xserver.enable = true; services.xserver.videoDrivers = [ "nvidia" ]; - # services.xserver.xrandrHeads = [ - # { output = "eDP1"; } - # { output = "DP-2-2-8"; primary = true; } - # { output = "DP-2-1-8"; monitorConfig = ''Option "Rotate" "left"''; } - # ]; + services.xserver.windowManager.xmonad.enable = true; services.xserver.windowManager.xmonad.enableContribAndExtras = true; services.xserver.displayManager.sddm.enable = true; -# services.xserver.desktopManager.gnome3.enable = true; services.xserver.dpi = 100; fonts.fontconfig.dpi = 100; -# services.xserver.displayManager.sessionCommands = '' -# (sleep 1 && ${pkgs.xorg.xrandr}/bin/xrandr --output VIRTUAL1 --off --output eDP1 --mode 1920x1080 --pos 5120x688 --rotate normal --output DP1 --off --output DP2-1 --mode 2560x1440 --pos 2560x328 --rotate normal --output DP2-2 --primary --mode 2560x1440 --pos 0x328 --rotate normal --output DP2-3 --off --output HDMI2 --off --output HDMI1 --off --output DP2 --off -#''; - users.extraUsers.jeschli = { isNormalUser = true; extraGroups = ["docker" "vboxusers"]; uid = 1000; }; - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. - system.stateVersion = "17.09"; # Did you read the comment? - + system.stateVersion = "17.09"; # Gogland Debugger workaround -# nixpkgs.config.packageOverrides = super: { -# idea.gogland = lib.overrideDerivation super.idea.gogland (attrs: { -# postFixup = '' -# interp="$(cat $NIX_CC/nix-support/dynamic-linker)" -# patchelf --set-interpreter $interp $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv -# chmod +x $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv -# ''; -# }); -# }; + # nixpkgs.config.packageOverrides = super: { + # idea.gogland = lib.overrideDerivation super.idea.gogland (attrs: { + # postFixup = '' + # interp="$(cat $NIX_CC/nix-support/dynamic-linker)" + # patchelf --set-interpreter $interp $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv + # chmod +x $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv + # ''; + # }); + # }; virtualisation.docker.enable = true; - # DCSO Certificates security.pki.certificateFiles = [ @@ -165,7 +130,7 @@ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) # VBOX certs ./services.bundled.crt - ]; + ]; hardware.bluetooth.enable = true; krebs.build.host = config.krebs.hosts.bln; From 44843b90627eb95ab98955e6ea51171706b30aca Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 20 Mar 2018 16:42:35 +0100 Subject: [PATCH 036/183] j bln: -VBOX certs --- jeschli/1systems/bln/config.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 6098f8cfe..75f083a05 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -128,8 +128,6 @@ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; }) (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) - # VBOX certs - ./services.bundled.crt ]; hardware.bluetooth.enable = true; From 86cb23a682b6453544942646080c6c62d488e617 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 20 Mar 2018 17:38:26 +0100 Subject: [PATCH 037/183] j: add my-emacs --- jeschli/1systems/bln/config.nix | 1 + jeschli/2configs/emacs.nix | 58 +++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+) create mode 100644 jeschli/2configs/emacs.nix diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 75f083a05..c9a7a34e2 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -5,6 +5,7 @@ [ + ./hardware-configuration.nix ]; diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix new file mode 100644 index 000000000..3c1d6ba06 --- /dev/null +++ b/jeschli/2configs/emacs.nix @@ -0,0 +1,58 @@ +{ config, pkgs, ... }: + +let + emacsFile = '' +(require 'package) ;; You might already have this line +(let* ((no-ssl (and (memq system-type '(windows-nt ms-dos)) + (not (gnutls-available-p)))) + (url (concat (if no-ssl "http" "https") "://melpa.org/packages/"))) + (add-to-list 'package-archives (cons "melpa" url) t) + (add-to-list 'package-archives + '("org" . "http://orgmode.org/elpa/") t) +) +(when (< emacs-major-version 24) + ;; For important compatibility libraries like cl-lib + (add-to-list 'package-archives '("gnu" . "http://elpa.gnu.org/packages/"))) + +(package-initialize) + +;; Evil Mode +(add-to-list 'load-path "~/.emacs.d/evil") +(require 'evil) +(evil-mode 1) +(require 'evil-org) + + + +(custom-set-variables + ;; custom-set-variables was added by Custom. + ;; If you edit it by hand, you could mess it up, so be careful. + ;; Your init file should contain only one such instance. + ;; If there is more than one, they won't work right. + '(inhibit-startup-screen t) + '(org-agenda-files nil) + '(package-selected-packages + (quote + (smex ox-jira org-plus-contrib org-mime org-jira neotree molokai-theme let-alist helm-fuzzy-find go-guru go-autocomplete flymake-go exec-path-from-shell evil-org cl-lib-highlight bbdb atom-one-dark-theme)))) +(custom-set-faces + ;; custom-set-faces was added by Custom. + ;; If you edit it by hand, you could mess it up, so be careful. + ;; Your init file should contain only one such instance. + ;; If there is more than one, they won't work right. + ) + +(tool-bar-mode -1) ; Disable the button bar atop screen +(scroll-bar-mode -1) ; Disable scroll bar +(setq inhibit-startup-screen t) ; Disable startup screen with graphics +(setq-default indent-tabs-mode nil) ; Use spaces instead of tabs +(setq tab-width 2) ; Four spaces is a tab +(setq visible-bell nil) ; Disable annoying visual bell graphic +(setq ring-bell-function 'ignore) ; Disable super annoying audio bell + ''; + dotEmacs = pkgs.writeText "dot-emacs" emacsFile; + myEmacs = pkgs.writeDashBin "my-emacs" ''emacs -q -l ${dotEmacs}''; +in { + environment.systemPackages = [ + myEmacs + ]; +} From 917db24b3f0f3da858d5575ca20fdaeafc007c20 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 20 Mar 2018 17:39:11 +0100 Subject: [PATCH 038/183] j bln: hardware-configuration cosmetics --- jeschli/1systems/bln/hardware-configuration.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/jeschli/1systems/bln/hardware-configuration.nix b/jeschli/1systems/bln/hardware-configuration.nix index 2b354190c..b774bfc19 100644 --- a/jeschli/1systems/bln/hardware-configuration.nix +++ b/jeschli/1systems/bln/hardware-configuration.nix @@ -1,6 +1,3 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. { config, lib, pkgs, ... }: { From c16e7b2ceae1d42d961f9e2aa66ec2bf32ac489b Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 20 Mar 2018 20:12:13 +0100 Subject: [PATCH 039/183] default.nix: add debug code --- default.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/default.nix b/default.nix index 52e8924cd..cab55d40a 100644 --- a/default.nix +++ b/default.nix @@ -3,3 +3,20 @@ import { (import "NIXOS_CONFIG" ) ]; } +// +{ + lib = import ./lib; + systems = with import ./lib; let + ns = getEnv "LOGNAME"; + in + genAttrs + (attrNames (filterAttrs (_: eq "directory") (readDir ( + "/${ns}/1systems")))) + (name: let + config = import ( + "/${ns}/1systems/${name}/config.nix"); + source = import ( + "/${ns}/1systems/${name}/source.nix"); + in import { + modules = [ config ]; + } // { + inherit source; + }); +} From 117ca7ba1c7709fd4249b5e64d06731a302eb970 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 20 Mar 2018 20:14:51 +0100 Subject: [PATCH 040/183] j brauerei: +emacs --- jeschli/1systems/brauerei/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index eb2bb11d2..1203720a5 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -5,6 +5,7 @@ ./hardware-configuration.nix + ]; krebs.build.host = config.krebs.hosts.brauerei; From a94da8573103f3a7ccaf836c6126041dc351b623 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 20 Mar 2018 20:16:12 +0100 Subject: [PATCH 041/183] j brauerei: *emacs with magit --- jeschli/2configs/emacs.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix index 3c1d6ba06..b616acfae 100644 --- a/jeschli/2configs/emacs.nix +++ b/jeschli/2configs/emacs.nix @@ -50,7 +50,12 @@ let (setq ring-bell-function 'ignore) ; Disable super annoying audio bell ''; dotEmacs = pkgs.writeText "dot-emacs" emacsFile; - myEmacs = pkgs.writeDashBin "my-emacs" ''emacs -q -l ${dotEmacs}''; + emacs = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [ + magit + ])); + myEmacs = pkgs.writeDashBin "my-emacs" '' + exec ${emacs}/bin/emacs -q -l ${dotEmacs} "$@" + ''; in { environment.systemPackages = [ myEmacs From 87528e2ab6085a1a0fadcd1aa00870834c878c27 Mon Sep 17 00:00:00 2001 From: jeschli Date: Wed, 21 Mar 2018 08:59:35 +0100 Subject: [PATCH 042/183] j emacs: cosmetics --- jeschli/2configs/emacs.nix | 103 +++++++++++++++++++------------------ 1 file changed, 54 insertions(+), 49 deletions(-) diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix index b616acfae..05e977844 100644 --- a/jeschli/2configs/emacs.nix +++ b/jeschli/2configs/emacs.nix @@ -1,58 +1,63 @@ { config, pkgs, ... }: let + packageRepos = '' + (require 'package) ;; You might already have this line + (let* ((no-ssl (and (memq system-type '(windows-nt ms-dos)) + (not (gnutls-available-p)))) + (url (concat (if no-ssl "http" "https") "://melpa.org/packages/"))) + (add-to-list 'package-archives (cons "melpa" url) t) + (add-to-list 'package-archives + '("org" . "http://orgmode.org/elpa/") t) + ) + (when (< emacs-major-version 24) + ;; For important compatibility libraries like cl-lib + (add-to-list 'package-archives '("gnu" . "http://elpa.gnu.org/packages/"))) + (package-initialize) + ''; + evilMode = '' + ;; Evil Mode + (add-to-list 'load-path "~/.emacs.d/evil") + (require 'evil) + (evil-mode 1) + (require 'evil-org) + ''; + windowCosmetics = '' + (tool-bar-mode -1) ; Disable the button bar atop screen + (scroll-bar-mode -1) ; Disable scroll bar + (setq inhibit-startup-screen t) ; Disable startup screen with graphics + (setq-default indent-tabs-mode nil) ; Use spaces instead of tabs + (setq tab-width 2) ; Four spaces is a tab + (setq visible-bell nil) ; Disable annoying visual bell graphic + (setq ring-bell-function 'ignore) ; Disable super annoying audio bell + ''; emacsFile = '' -(require 'package) ;; You might already have this line -(let* ((no-ssl (and (memq system-type '(windows-nt ms-dos)) - (not (gnutls-available-p)))) - (url (concat (if no-ssl "http" "https") "://melpa.org/packages/"))) - (add-to-list 'package-archives (cons "melpa" url) t) - (add-to-list 'package-archives - '("org" . "http://orgmode.org/elpa/") t) -) -(when (< emacs-major-version 24) - ;; For important compatibility libraries like cl-lib - (add-to-list 'package-archives '("gnu" . "http://elpa.gnu.org/packages/"))) - -(package-initialize) - -;; Evil Mode -(add-to-list 'load-path "~/.emacs.d/evil") -(require 'evil) -(evil-mode 1) -(require 'evil-org) - - - -(custom-set-variables - ;; custom-set-variables was added by Custom. - ;; If you edit it by hand, you could mess it up, so be careful. - ;; Your init file should contain only one such instance. - ;; If there is more than one, they won't work right. - '(inhibit-startup-screen t) - '(org-agenda-files nil) - '(package-selected-packages - (quote - (smex ox-jira org-plus-contrib org-mime org-jira neotree molokai-theme let-alist helm-fuzzy-find go-guru go-autocomplete flymake-go exec-path-from-shell evil-org cl-lib-highlight bbdb atom-one-dark-theme)))) -(custom-set-faces - ;; custom-set-faces was added by Custom. - ;; If you edit it by hand, you could mess it up, so be careful. - ;; Your init file should contain only one such instance. - ;; If there is more than one, they won't work right. - ) - -(tool-bar-mode -1) ; Disable the button bar atop screen -(scroll-bar-mode -1) ; Disable scroll bar -(setq inhibit-startup-screen t) ; Disable startup screen with graphics -(setq-default indent-tabs-mode nil) ; Use spaces instead of tabs -(setq tab-width 2) ; Four spaces is a tab -(setq visible-bell nil) ; Disable annoying visual bell graphic -(setq ring-bell-function 'ignore) ; Disable super annoying audio bell + ${packageRepos} + ${evilMode} + ${windowCosmetics} + (custom-set-variables + ;; custom-set-variables was added by Custom. + ;; If you edit it by hand, you could mess it up, so be careful. + ;; Your init file should contain only one such instance. + ;; If there is more than one, they won't work right. + '(inhibit-startup-screen t) + '(org-agenda-files nil) + '(package-selected-packages + (quote + (smex ox-jira org-plus-contrib org-mime org-jira neotree molokai-theme let-alist helm-fuzzy-find go-guru go-autocomplete flymake-go exec-path-from-shell evil-org cl-lib-highlight bbdb atom-one-dark-theme)))) + (custom-set-faces + ;; custom-set-faces was added by Custom. + ;; If you edit it by hand, you could mess it up, so be careful. + ;; Your init file should contain only one such instance. + ;; If there is more than one, they won't work right. + ) ''; dotEmacs = pkgs.writeText "dot-emacs" emacsFile; - emacs = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [ - magit - ])); + emacs = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: [ + epkgs.melpaStablePackages.magit + epkgs.melpaPackages.mmm-mode + epkgs.melpaPackages.nix-mode + ]); myEmacs = pkgs.writeDashBin "my-emacs" '' exec ${emacs}/bin/emacs -q -l ${dotEmacs} "$@" ''; From 26eb236cd9cce469be2a7cb227083742e037fac8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 17:22:14 +0100 Subject: [PATCH 043/183] nixpkgs: c5bc83b -> 2a32f6b (18.03) --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index 733601a21..e12175b66 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -24,7 +24,7 @@ in stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "c665fcca9e7be8cd06c1f3c5bbe2b00d4c8f2a92"; # nixos-17.09 @ 2018-03-18 + ref = "2a32f6bc0ccfbe8f158a40b96d828fbba921fd54"; # nixos-18.03 # 2018-03-16 }; } override From e5f3827fc84ba1c769c1422d92fa93ebcb0fc5d1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 17:31:59 +0100 Subject: [PATCH 044/183] os-release: follow renamed modules --- krebs/3modules/os-release.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/os-release.nix b/krebs/3modules/os-release.nix index 8f71a357f..5fbfe6614 100644 --- a/krebs/3modules/os-release.nix +++ b/krebs/3modules/os-release.nix @@ -1,8 +1,11 @@ { config, ... }: with import ; let - nixos-version-id = "${config.system.nixosVersion}"; - nixos-version = "${nixos-version-id} (${config.system.nixosCodeName})"; + nixos-version-id = if (hasAttr "nixos" config.system) then + "${config.system.nixos.version}" else "${config.system.nixosVersion}"; + nixos-codeName = if (hasAttr "nixos" config.system) then + "${config.system.nixos.codeName}" else "${config.system.nixosCodeName}"; + nixos-version = "${nixos-version-id} (${nixos-codeName})"; nixos-pretty-name = "NixOS ${nixos-version}"; stockholm-version-id = let From 84adc28a3b70bd6a93c79d36f0247393d801b32b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 17:36:46 +0100 Subject: [PATCH 045/183] l privoxy: RIP polipo --- lass/2configs/privoxy.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/lass/2configs/privoxy.nix b/lass/2configs/privoxy.nix index 33e8d1e46..e0a086421 100644 --- a/lass/2configs/privoxy.nix +++ b/lass/2configs/privoxy.nix @@ -3,10 +3,5 @@ { services.privoxy = { enable = true; - extraConfig = '' - #use polipo - forward / localhost:8123 - ''; }; - services.polipo.enable = true; } From f859b7d7f8fe0c9968c961711ec7a6578a4d36a2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 20:51:52 +0100 Subject: [PATCH 046/183] nixpkgs: 2a32f6b -> 0e7c9b3 --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index e12175b66..f275460e1 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -24,7 +24,7 @@ in stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "2a32f6bc0ccfbe8f158a40b96d828fbba921fd54"; # nixos-18.03 # 2018-03-16 + ref = "0e7c9b32817e5cbe61212d47a6cf9bcd71789322"; # nixos-18.03 # 2018-03-18 }; } override From 7303238443b3a76af6d12df1992ee499d98a7902 Mon Sep 17 00:00:00 2001 From: jeschli Date: Thu, 22 Mar 2018 16:19:29 +0100 Subject: [PATCH 047/183] j emacs: +orgMode +evil-org --- jeschli/2configs/emacs.nix | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix index 05e977844..3eced793c 100644 --- a/jeschli/2configs/emacs.nix +++ b/jeschli/2configs/emacs.nix @@ -21,6 +21,10 @@ let (require 'evil) (evil-mode 1) (require 'evil-org) + (add-hook 'org-mode-hook 'evil-org-mode) + (evil-org-set-key-theme '(navigation insert textobjects additional calendar)) + (require 'evil-org-agenda) + (evil-org-agenda-set-keys) ''; windowCosmetics = '' (tool-bar-mode -1) ; Disable the button bar atop screen @@ -31,6 +35,16 @@ let (setq visible-bell nil) ; Disable annoying visual bell graphic (setq ring-bell-function 'ignore) ; Disable super annoying audio bell ''; + orgMode = '' + (add-to-list 'auto-mode-alist '("\\.\\(org\\|org_archive\\|txt\\)$" . org-mode)) + (global-set-key "\C-cl" 'org-store-link) + (global-set-key "\C-ca" 'org-agenda) + (global-set-key "\C-cb" 'org-iswitchb) + (if (boundp 'org-user-agenda-files) + (setq org-agenda-files org-user-agenda-files) + (setq org-agenda-files (quote ("~/projects/notes"))) + ) + ''; emacsFile = '' ${packageRepos} ${evilMode} @@ -45,12 +59,7 @@ let '(package-selected-packages (quote (smex ox-jira org-plus-contrib org-mime org-jira neotree molokai-theme let-alist helm-fuzzy-find go-guru go-autocomplete flymake-go exec-path-from-shell evil-org cl-lib-highlight bbdb atom-one-dark-theme)))) - (custom-set-faces - ;; custom-set-faces was added by Custom. - ;; If you edit it by hand, you could mess it up, so be careful. - ;; Your init file should contain only one such instance. - ;; If there is more than one, they won't work right. - ) + ${orgMode} ''; dotEmacs = pkgs.writeText "dot-emacs" emacsFile; emacs = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: [ From 9b3d1c8b31006d92590e4f8e78fd5662d8ed390b Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 23 Mar 2018 10:28:33 +0100 Subject: [PATCH 048/183] ma nginx/wiki: index to makefu.html --- makefu/2configs/nginx/euer.wiki.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix index 08bc5659f..99533b25c 100644 --- a/makefu/2configs/nginx/euer.wiki.nix +++ b/makefu/2configs/nginx/euer.wiki.nix @@ -17,6 +17,7 @@ let # contains: # user1 = pass1 # userN = passN + # afterwards put /var/www//user1.html as tiddlywiki tw-pass-file = "${sec}/tw-pass.ini"; in { @@ -45,7 +46,7 @@ in { systemd.services.prepare-tw = { wantedBy = [ "local-fs.target" ]; - before = [ "phpfpm.service" ]; + before = [ "phpfpm.service" "nginx.service" ]; serviceConfig = { ExecStart = pkgs.writeScript "prepare-tw-service" '' #!/bin/sh @@ -92,6 +93,7 @@ in { locations = { "/" = { root = wiki-dir; + index = "makefu.html"; extraConfig = '' expires -1; autoindex on; From e7f3880de27ff00ac5d0a18899dc271675fdc2d0 Mon Sep 17 00:00:00 2001 From: jeschli Date: Sat, 24 Mar 2018 10:30:03 +0000 Subject: [PATCH 049/183] j bolide: +emacs --- jeschli/1systems/bolide/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/jeschli/1systems/bolide/config.nix b/jeschli/1systems/bolide/config.nix index 83640801f..699a85b58 100644 --- a/jeschli/1systems/bolide/config.nix +++ b/jeschli/1systems/bolide/config.nix @@ -10,6 +10,7 @@ ./hardware-configuration.nix + ]; krebs.build.host = config.krebs.hosts.bolide; From e80c081eb7d720fb5584f24b0f38b5d6e61ac41e Mon Sep 17 00:00:00 2001 From: jeschli Date: Sat, 24 Mar 2018 10:30:30 +0000 Subject: [PATCH 050/183] j emacs: +go-mode -evil-mode --- jeschli/2configs/emacs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix index 3eced793c..d9e6c854a 100644 --- a/jeschli/2configs/emacs.nix +++ b/jeschli/2configs/emacs.nix @@ -47,7 +47,6 @@ let ''; emacsFile = '' ${packageRepos} - ${evilMode} ${windowCosmetics} (custom-set-variables ;; custom-set-variables was added by Custom. @@ -66,6 +65,7 @@ let epkgs.melpaStablePackages.magit epkgs.melpaPackages.mmm-mode epkgs.melpaPackages.nix-mode + epkgs.melpaPackages.go-mode ]); myEmacs = pkgs.writeDashBin "my-emacs" '' exec ${emacs}/bin/emacs -q -l ${dotEmacs} "$@" From b27dfa5a37b1345d36b57aa24b940287293418e0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 23 Mar 2018 20:53:23 +0100 Subject: [PATCH 051/183] 0e7c9b3 -> 48856a9 --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index f275460e1..0bd797a16 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -24,7 +24,7 @@ in stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "0e7c9b32817e5cbe61212d47a6cf9bcd71789322"; # nixos-18.03 # 2018-03-18 + ref = "48856a91c02b456c80c37c863d8610090b38707a"; # nixos-18.03 # 2018-03-24 }; } override From 4851f6b43ff2eebecf5f1dc6a808225ee1af0f08 Mon Sep 17 00:00:00 2001 From: jeschli Date: Sat, 24 Mar 2018 12:08:14 +0100 Subject: [PATCH 052/183] j nixpkgs: follow krebs --- jeschli/source.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/jeschli/source.nix b/jeschli/source.nix index 91ff5514f..29cf9d818 100644 --- a/jeschli/source.nix +++ b/jeschli/source.nix @@ -13,10 +13,7 @@ in evalSource (toString _file) [ { nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix"; - nixpkgs.git = { - url = https://github.com/nixos/nixpkgs; - ref = "395fe7f"; - }; + nixpkgs = (import host).nixpkgs; secrets.file = getAttr builder { buildbot = toString ; jeschli = "${getEnv "HOME"}/secrets/${name}"; From d810727b985bbdce57ae2de515111949c141c3bd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 24 Mar 2018 12:19:52 +0100 Subject: [PATCH 053/183] exim: krebs.setuid -> security.wrappers --- krebs/3modules/exim.nix | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix index cfcbbc438..274a943b1 100644 --- a/krebs/3modules/exim.nix +++ b/krebs/3modules/exim.nix @@ -50,15 +50,9 @@ in { ''; systemPackages = [ pkgs.exim ]; }; - krebs.setuid = { - exim = { - filename = "${pkgs.exim}/bin/exim"; - mode = "4111"; - }; - sendmail = { - filename = "${pkgs.exim}/bin/exim"; - mode = "4111"; - }; + security.wrappers = { + exim.source = "${pkgs.exim}/bin/exim"; + sendmail.source = "${pkgs.exim}/bin/exim"; }; systemd.services.exim = { restartTriggers = [ From 2d511ecb4d8a3e75df19e59962a8cee6a8448c8b Mon Sep 17 00:00:00 2001 From: jeschli Date: Mon, 26 Mar 2018 10:15:29 +0200 Subject: [PATCH 054/183] j emacs: default-wdith=2 --- jeschli/2configs/emacs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix index d9e6c854a..2fea47229 100644 --- a/jeschli/2configs/emacs.nix +++ b/jeschli/2configs/emacs.nix @@ -31,6 +31,7 @@ let (scroll-bar-mode -1) ; Disable scroll bar (setq inhibit-startup-screen t) ; Disable startup screen with graphics (setq-default indent-tabs-mode nil) ; Use spaces instead of tabs + (setq default-tab-width 2) ; Two spaces is a tab (setq tab-width 2) ; Four spaces is a tab (setq visible-bell nil) ; Disable annoying visual bell graphic (setq ring-bell-function 'ignore) ; Disable super annoying audio bell From e3445be6dafe4f16e150549baee34055a6b04fef Mon Sep 17 00:00:00 2001 From: jeschli Date: Mon, 26 Mar 2018 10:16:09 +0200 Subject: [PATCH 055/183] j emacs: cosmetics; +recentFiles mode --- jeschli/2configs/emacs.nix | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix index 2fea47229..2286baae3 100644 --- a/jeschli/2configs/emacs.nix +++ b/jeschli/2configs/emacs.nix @@ -46,30 +46,26 @@ let (setq org-agenda-files (quote ("~/projects/notes"))) ) ''; - emacsFile = '' + recentFiles = '' + (recentf-mode 1) + (setq recentf-max-menu-items 25) + (global-set-key "\C-x\ \C-r" 'recentf-open-files) + ''; + dotEmacs = pkgs.writeText "dot-emacs" '' ${packageRepos} ${windowCosmetics} - (custom-set-variables - ;; custom-set-variables was added by Custom. - ;; If you edit it by hand, you could mess it up, so be careful. - ;; Your init file should contain only one such instance. - ;; If there is more than one, they won't work right. - '(inhibit-startup-screen t) - '(org-agenda-files nil) - '(package-selected-packages - (quote - (smex ox-jira org-plus-contrib org-mime org-jira neotree molokai-theme let-alist helm-fuzzy-find go-guru go-autocomplete flymake-go exec-path-from-shell evil-org cl-lib-highlight bbdb atom-one-dark-theme)))) - ${orgMode} + ${orgMode} + ${recentFiles} ''; - dotEmacs = pkgs.writeText "dot-emacs" emacsFile; - emacs = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: [ + emacsWithCustomPackages = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: [ epkgs.melpaStablePackages.magit epkgs.melpaPackages.mmm-mode epkgs.melpaPackages.nix-mode epkgs.melpaPackages.go-mode + epkgs.melpaPackages.google-this ]); myEmacs = pkgs.writeDashBin "my-emacs" '' - exec ${emacs}/bin/emacs -q -l ${dotEmacs} "$@" + exec ${emacsWithCustomPackages}/bin/emacs -q -l ${dotEmacs} "$@" ''; in { environment.systemPackages = [ From 99cc82a53b9f51752b684c081d0aa6b49504516a Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 26 Mar 2018 11:12:38 +0200 Subject: [PATCH 056/183] ma source: new signal-desktop --- makefu/source.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/makefu/source.nix b/makefu/source.nix index 6b32a1b40..d25fe5528 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -21,9 +21,9 @@ let ]; }; # TODO: automate updating of this ref + cherry-picks - ref = "6b6e72b"; # nixos-17.09 @ 2018-03-07 + ref = "6583793"; # nixos-17.09 @ 2018-03-07 # + do_sqlite3 ruby: 55a952be5b5 - # + signal: 0f19beef3 + # + signal: 0f19beef3, 50ad913, 9449782, b7046ab2 in evalSource (toString _file) [ From 6a94383764130a9a28a990d4e1e4413b0bbf3d06 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 26 Mar 2018 13:00:23 +0200 Subject: [PATCH 057/183] tv xmonad: add passmenu --- tv/5pkgs/simple/xmonad-tv/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tv/5pkgs/simple/xmonad-tv/default.nix b/tv/5pkgs/simple/xmonad-tv/default.nix index 94c70153d..d474b7edd 100644 --- a/tv/5pkgs/simple/xmonad-tv/default.nix +++ b/tv/5pkgs/simple/xmonad-tv/default.nix @@ -133,6 +133,8 @@ myKeys conf = Map.fromList $ [ ((_4 , xK_Escape ), forkFile "/run/wrappers/bin/slock" [] Nothing) , ((_4S , xK_c ), kill) + , ((_4 , xK_p ), forkFile "${pkgs.pass}/bin/passmenu" ["--type"] Nothing) + , ((_4 , xK_x ), chooseAction spawnTermAt) , ((_4C , xK_x ), spawnRootTerm) From f76401ef002851cca81218de3d879b4829668ebe Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 27 Mar 2018 20:06:23 +0200 Subject: [PATCH 058/183] tv pkgs: init font-size --- tv/5pkgs/simple/font-size.nix | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 tv/5pkgs/simple/font-size.nix diff --git a/tv/5pkgs/simple/font-size.nix b/tv/5pkgs/simple/font-size.nix new file mode 100644 index 000000000..21097ed6a --- /dev/null +++ b/tv/5pkgs/simple/font-size.nix @@ -0,0 +1,26 @@ +{ writeDashBin }: +writeDashBin "font-size" '' + set -efu + + # set_font NORMAL_FONT BOLD_FONT + set_font() { + printf '\033]710;%s\007' "$1" + printf '\033]711;%s\007' "$2" + } + + case ''${1-} in + '''|0|--reset) + set_font \ + -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1 \ + -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1 \ + ;; + [1-9]|[1-9][0-9]|[1-9][0-9][0-9]) + set_font \ + xft:Monospace:size=$1 \ + xft:Monospace:size=$1:bold \ + ;; + *) + echo "$0: bad argument: $1" >&2 + exit 1 + esac +'' From bd70fe17cbe4f99b2c5027e7b23f96cf92317a61 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 27 Mar 2018 20:06:48 +0200 Subject: [PATCH 059/183] tv xserver: systemPackages += font-size --- tv/2configs/xserver/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 7ba78b974..6ef8a8768 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -11,6 +11,7 @@ in { environment.systemPackages = [ pkgs.ff + pkgs.font-size pkgs.gitAndTools.qgit pkgs.mpv pkgs.sxiv From 5f9622bbdae0a9a459fd6a70cc9a3147f382162b Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 27 Mar 2018 20:46:56 +0200 Subject: [PATCH 060/183] haskellPackages.nix-diff: RIP --- krebs/5pkgs/haskell/nix-diff/default.nix | 25 -------- .../5pkgs/haskell/nix-diff/nixos-system.patch | 18 ------ krebs/5pkgs/simple/stockholm/default.nix | 60 ------------------- tv/2configs/urlwatch.nix | 5 -- 4 files changed, 108 deletions(-) delete mode 100644 krebs/5pkgs/haskell/nix-diff/default.nix delete mode 100644 krebs/5pkgs/haskell/nix-diff/nixos-system.patch diff --git a/krebs/5pkgs/haskell/nix-diff/default.nix b/krebs/5pkgs/haskell/nix-diff/default.nix deleted file mode 100644 index df0315048..000000000 --- a/krebs/5pkgs/haskell/nix-diff/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ mkDerivation, attoparsec, base, containers, Diff, fetchgit, mtl -, nix-derivation, optparse-generic, stdenv, system-filepath, text -, unix, vector -}: -mkDerivation { - pname = "nix-diff"; - version = "1.0.0-krebs1"; - src = fetchgit { - url = "https://github.com/Gabriel439/nix-diff"; - sha256 = "1k00nx8pannqmpzadkwfrs6bf79yk22ynhd033z5rsyw0m8fcz9k"; - rev = "e32ffa2c7f38b47a71325a042c1d887fb46cdf7d"; - }; - patches = [ - ./nixos-system.patch - ]; - isLibrary = false; - isExecutable = true; - executableHaskellDepends = [ - attoparsec base containers Diff mtl nix-derivation optparse-generic - system-filepath text unix vector - ]; - homepage = "https://github.com/Gabriel439/nix-diff"; - description = "Explain why two Nix derivations differ"; - license = stdenv.lib.licenses.bsd3; -} diff --git a/krebs/5pkgs/haskell/nix-diff/nixos-system.patch b/krebs/5pkgs/haskell/nix-diff/nixos-system.patch deleted file mode 100644 index 03e186aa9..000000000 --- a/krebs/5pkgs/haskell/nix-diff/nixos-system.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff --git a/src/Main.hs b/src/Main.hs -index 959ab8e..d3b6077 100644 ---- a/src/Main.hs -+++ b/src/Main.hs -@@ -95,7 +95,12 @@ pathToText path = - underneath `/nix/store`, but this is the overwhelmingly common use case - -} - derivationName :: FilePath -> Text --derivationName = Data.Text.dropEnd 4 . Data.Text.drop 44 . pathToText -+derivationName p = -+ if Data.Text.isPrefixOf "nixos-system" s -+ then "nixos-system" -+ else s -+ where -+ s = Data.Text.dropEnd 4 . Data.Text.drop 44 . pathToText $ p - - -- | Group input derivations by their name - groupByName :: Map FilePath (Set Text) -> Map Text (Map FilePath (Set Text)) diff --git a/krebs/5pkgs/simple/stockholm/default.nix b/krebs/5pkgs/simple/stockholm/default.nix index 4d15e7ac2..9afe79510 100644 --- a/krebs/5pkgs/simple/stockholm/default.nix +++ b/krebs/5pkgs/simple/stockholm/default.nix @@ -9,7 +9,6 @@ # cmds.deploy = pkgs.withGetopt { - diff = { default = /* sh */ "false"; switch = true; }; force-populate = { default = /* sh */ "false"; switch = true; }; quiet = { default = /* sh */ "false"; switch = true; }; source_file = { @@ -25,65 +24,6 @@ . ${init.env} . ${init.proxy "deploy" opts} - if \test ${opts.diff.ref} = true; then - - system_profile=/nix/var/nix/profiles/system - system_drv_cur=/etc/system.drv - - system_drv_new=$( - ${pkgs.nix}/bin/nix-instantiate \ - -Q \ - -I "$target_path" \ - -E ' - (import { - modules = [ ]; - }).config.system.build.toplevel - ' - ) - - if \test -e "$system_drv_cur"; then - - system_drv_cur_c=$(${pkgs.coreutils}/bin/readlink -f "$system_drv_cur") - system_drv_new_c=$(${pkgs.coreutils}/bin/readlink -f "$system_drv_new") - - if \test "$system_drv_cur_c" = "$system_drv_new_c"; then - echo "$0: system up to date" >&2 - exit 0 - fi - - system_drv_cur=$system_drv_cur_c \ - system_drv_new=$system_drv_new_c \ - ${pkgs.utillinux}/bin/script \ - --command ' - ${pkgs.haskellPackages.nix-diff}/bin/nix-diff \ - "$system_drv_cur" "$system_drv_new" - ' \ - --quiet \ - --return \ - /dev/null - - printf 'deploy? [N/y] ' >&2 - read -r REPLY - if \test "$REPLY" != y; then - echo "$0: abort!" >&2 - exit 1 - fi - else - echo "$0: --${opts.diff.long} has no effect because "$system_drv_cur" doesn't exist" >&2 - fi - - new_system=$(${pkgs.nix}/bin/nix-store --realize "$system_drv_new") - - ${pkgs.nix}/bin/nix-env -p "$system_profile" --set "$new_system" - PATH=${lib.makeBinPath [ - pkgs.systemd - ]} \ - "$system_profile"/bin/switch-to-configuration switch - - ${pkgs.coreutils}/bin/ln -fns "$system_drv_new" "$system_drv_cur" - exit - fi - # Use system's nixos-rebuild, which is not self-contained export PATH=/run/current-system/sw/bin exec ${utils.with-whatsupnix} \ diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix index 509257c48..897def8c9 100644 --- a/tv/2configs/urlwatch.nix +++ b/tv/2configs/urlwatch.nix @@ -13,11 +13,6 @@ with import ; http://www.exim.org/ - { - url = https://api.github.com/repos/Gabriel439/nix-diff/git/refs/heads/master; - filter = "system:${pkgs.jq}/bin/jq -r .object.sha"; - } - # ref src/nixpkgs/pkgs/tools/admin/sec/default.nix { url = https://api.github.com/repos/simple-evcorr/sec/tags; From 2cc1d9a54eaf512a2fddb57990df3462931990a4 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 27 Mar 2018 21:32:14 +0200 Subject: [PATCH 061/183] writeC: use binutils-unwrapped --- krebs/5pkgs/writers.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/5pkgs/writers.nix b/krebs/5pkgs/writers.nix index a48fc0f87..23773e17f 100644 --- a/krebs/5pkgs/writers.nix +++ b/krebs/5pkgs/writers.nix @@ -57,7 +57,7 @@ with import ; passAsFile = [ "text" ]; } /* sh */ '' PATH=${makeBinPath (with pkgs; [ - binutils + binutils-unwrapped coreutils gcc ])} From 7e62c44607f193d3c9740f7c56df976b0db3c417 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Mar 2018 21:35:27 +0200 Subject: [PATCH 062/183] Revert "exim: krebs.setuid -> security.wrappers" This reverts commit d810727b985bbdce57ae2de515111949c141c3bd. --- krebs/3modules/exim.nix | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix index 274a943b1..cfcbbc438 100644 --- a/krebs/3modules/exim.nix +++ b/krebs/3modules/exim.nix @@ -50,9 +50,15 @@ in { ''; systemPackages = [ pkgs.exim ]; }; - security.wrappers = { - exim.source = "${pkgs.exim}/bin/exim"; - sendmail.source = "${pkgs.exim}/bin/exim"; + krebs.setuid = { + exim = { + filename = "${pkgs.exim}/bin/exim"; + mode = "4111"; + }; + sendmail = { + filename = "${pkgs.exim}/bin/exim"; + mode = "4111"; + }; }; systemd.services.exim = { restartTriggers = [ From d82c2f228b7179319cdea4d16a59fa553f249505 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 28 Mar 2018 11:06:40 +0200 Subject: [PATCH 063/183] ma gum.r: disable vpnws --- makefu/1systems/gum/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index b859efc94..40fa233d3 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -52,7 +52,7 @@ in { # network - + # From 650090bb3541e2b3ffd15af241481afb120e3522 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 28 Mar 2018 11:07:22 +0200 Subject: [PATCH 064/183] ma photostore: expire -1 --- makefu/2configs/deployment/photostore.krebsco.de.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/deployment/photostore.krebsco.de.nix b/makefu/2configs/deployment/photostore.krebsco.de.nix index ecbca9ea3..19a8df235 100644 --- a/makefu/2configs/deployment/photostore.krebsco.de.nix +++ b/makefu/2configs/deployment/photostore.krebsco.de.nix @@ -30,6 +30,7 @@ in { forceSSL = true; locations = { "/".extraConfig = '' + expires -1; uwsgi_pass unix://${wsgi-sock}; uwsgi_param UWSGI_CHDIR ${workdir}; uwsgi_param UWSGI_MODULE cuserver.main; From ba31c34013519b26883faf8321df11298b37085f Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 28 Mar 2018 11:07:35 +0200 Subject: [PATCH 065/183] ma arafetch: init --- makefu/2configs/stats/arafetch.nix | 36 ++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 makefu/2configs/stats/arafetch.nix diff --git a/makefu/2configs/stats/arafetch.nix b/makefu/2configs/stats/arafetch.nix new file mode 100644 index 000000000..e04b12f9c --- /dev/null +++ b/makefu/2configs/stats/arafetch.nix @@ -0,0 +1,36 @@ +{ pkgs, lib, ...}: +with import ; +let + pkg = with pkgs.python3Packages;buildPythonPackage rec { + rev = "762d747"; + name = "europastats-${rev}"; + propagatedBuildInputs = [ + requests + docopt + influxdb + beautifulsoup4 + ]; + src = pkgs.fetchgit { + url = "http://cgit.euer.krebsco.de/arafetch"; + inherit rev; + sha256 = "164xiqbrr914lz0nh3i1dxz8iwg6vm2af3i3803cd3242nznw0ws"; + }; + }; + home = "/var/lib/arafetch"; +in { + users.users.arafetch = { + uid = genid "arafetch"; + inherit home; + createHome = true; + }; + + systemd.services.arafetch = { + startAt = "Mon 09:15:00"; + wantedBy = [ "multi-user.target" ]; + environment = { + OUTDIR = home; + }; + path = [ pkg pkgs.git pkgs.wget ]; + script = "${pkg}/bin/weekrun"; + }; +} From fc774f31fb0cdbc49f60d33d800e66ced3786b2c Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 28 Mar 2018 11:07:48 +0200 Subject: [PATCH 066/183] ma omo.r: enable arafetch --- makefu/1systems/omo/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index c31d27c8f..bed6ae9fd 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -66,6 +66,7 @@ in { + # services From 9c1e215dd500458d37832f234ecb33f455ed4c64 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Mar 2018 21:08:35 +0200 Subject: [PATCH 067/183] l xephyrify: handle resize --- lass/5pkgs/xephyrify/default.nix | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/lass/5pkgs/xephyrify/default.nix b/lass/5pkgs/xephyrify/default.nix index 8b18ea949..f1711891c 100644 --- a/lass/5pkgs/xephyrify/default.nix +++ b/lass/5pkgs/xephyrify/default.nix @@ -2,15 +2,18 @@ let - minimalXmonad = writeHaskell "minimalXmonad" { + xephyrify-xmonad = writeHaskell "xephyrify-xmonad" { executables.xmonad = { extra-depends = [ "containers" + "unix" "xmonad" ]; text = /* haskell */ '' module Main where import XMonad + import Data.Monoid + import System.Posix.Process (executeFile) import qualified Data.Map as Map main :: IO () @@ -21,8 +24,18 @@ let , keys = myKeys , normalBorderColor = "#000000" , focusedBorderColor = "#000000" + , handleEventHook = myEventHook } + myEventHook :: Event -> X All + + myEventHook (ConfigureEvent { ev_event_type = 22 }) = do + spawn "${xorg.xrandr}/bin/xrandr >/dev/null 2>&1" + return (All True) + + myEventHook _ = do + return (All True) + myLayoutHook = Full myKeys _ = Map.fromList [] ''; From 28e1b8d3a51e2405ecc60b04e321f1f7dba364ad Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Mar 2018 21:11:51 +0200 Subject: [PATCH 068/183] l xephyrify: change ownership of socket if wanted --- lass/5pkgs/xephyrify/default.nix | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/lass/5pkgs/xephyrify/default.nix b/lass/5pkgs/xephyrify/default.nix index f1711891c..8d6036843 100644 --- a/lass/5pkgs/xephyrify/default.nix +++ b/lass/5pkgs/xephyrify/default.nix @@ -43,13 +43,20 @@ let }; in writeDashBin "xephyrify" '' - NDISPLAY=:$(${coreutils}/bin/shuf -i 100-65536 -n 1) + NDISPLAY=''${NDISPLAY:-$(${coreutils}/bin/shuf -i 100-65536 -n 1)} echo "using DISPLAY $NDISPLAY" - ${xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable $NDISPLAY & + ${xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable -dpi 60 -nolisten local :$NDISPLAY & + if test -n $DROP_TO_USER; then + sleep 1 + ls /tmp/.X11-unix/ + id + ${coreutils}/bin/chgrp "$DROP_TO_USER" "/tmp/.X11-unix/X$NDISPLAY" + ${coreutils}/bin/chmod 770 "/tmp/.X11-unix/X$NDISPLAY" + fi XEPHYR_PID=$! - DISPLAY=$NDISPLAY ${minimalXmonad}/bin/xmonad & + DISPLAY=:$NDISPLAY ${xephyrify-xmonad}/bin/xmonad & XMONAD_PID=$! - DISPLAY=$NDISPLAY ${virtualgl}/bin/vglrun "$@" + DISPLAY=:$NDISPLAY ${virtualgl}/bin/vglrun "$@" kill $XMONAD_PID kill $XEPHYR_PID '' From 92540f5cf1628cfaceee6c19f08b3c13b05cf6b4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Mar 2018 21:12:53 +0200 Subject: [PATCH 069/183] l xjails: init --- lass/3modules/default.nix | 1 + lass/3modules/xjail.nix | 87 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 88 insertions(+) create mode 100644 lass/3modules/xjail.nix diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index fd77b2262..0c10e1ec2 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -11,6 +11,7 @@ _: ./screenlock.nix ./umts.nix ./usershadow.nix + ./xjail.nix ./xserver ]; } diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix new file mode 100644 index 000000000..af851760b --- /dev/null +++ b/lass/3modules/xjail.nix @@ -0,0 +1,87 @@ +{ config, pkgs, ... }: + +with import ; +{ + options.lass.xjail = mkOption { + type = types.attrsOf (types.submodule ({ config, ...}: { + options = { + user = mkOption { + type = types.string; + default = "nobody"; + }; + groups = mkOption { + type = types.listOf types.str; + default = []; + }; + name = mkOption { + type = types.string; + default = config._module.args.name; + }; + display = mkOption { + type = types.string; + default = toString (genid_signed config._module.args.name); + }; + script = mkOption { + type = types.path; + default = pkgs.writeScript "echo_lol" "echo lol"; + }; + from = mkOption { + type = types.string; + default = "lass"; + }; + }; + })); + default = {}; + }; + + options.lass.xjail-bins = mkOption { + type = types.attrsOf types.path; + }; + + # implementation + config = { + + users.users = mapAttrs' (_: cfg: + nameValuePair cfg.name { + uid = genid cfg.name; + home = "/home/${cfg.name}"; + useDefaultShell = true; + createHome = true; + extraGroups = cfg.groups; + } + ) config.lass.xjail; + + users.groups = mapAttrs' (_: cfg: + nameValuePair cfg.name { + members = [ + cfg.name + cfg.from + ]; + } + ) config.lass.xjail; + + security.sudo.extraConfig = (concatStringsSep "\n" (mapAttrsToList (_: cfg: + # TODO allow just the right script with sudo + "${cfg.from} ALL=(${cfg.name}) NOPASSWD: ALL" + ) config.lass.xjail)); + + lass.xjail-bins = mapAttrs' (name: cfg: + let + sudo-wrapper = pkgs.writeScript name '' + /var/run/wrappers/bin/sudo -u ${cfg.name} -i ${cfg.script} "$@" + ''; + in nameValuePair name (pkgs.writeScriptBin cfg.name '' + export NDISPLAY=${cfg.display} + DISPLAY=:$NDISPLAY ${pkgs.xorg.xrandr}/bin/xrandr + if test $? -eq 0; then + echo xephyr already running + export DISPLAY=:$NDISPLAY + ${sudo-wrapper} "$@" + else + echo xephyr not running + DROP_TO_USER=${cfg.name} ${pkgs.xephyrify}/bin/xephyrify ${sudo-wrapper} "$@" + fi + '') + ) config.lass.xjail; + }; +} From 30068c17c9c8dc807feab2856b40012c3fffcce4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Mar 2018 21:13:57 +0200 Subject: [PATCH 070/183] l browsers: use xjails --- lass/2configs/browsers.nix | 77 ++++++++++++++++++-------------------- 1 file changed, 37 insertions(+), 40 deletions(-) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index cbbd54b6b..153c386cf 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -21,58 +21,55 @@ let $BIN "$@" ''; - createChromiumUser = name: extraGroups: precedence: - let - bin = pkgs.writeScriptBin name '' - /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@ - ''; - in { - users.extraUsers.${name} = { - inherit name; - inherit extraGroups; - home = "/home/${name}"; - uid = genid name; - useDefaultShell = true; - createHome = true; + createChromiumUser = name: groups: precedence: + { + lass.xjail.${name} = { + user = name; + script = pkgs.writeDash name '' + ${pkgs.chromium}/bin/chromium "$@" + ''; + inherit groups; }; + environment.systemPackages = [ config.lass.xjail-bins.${name} ]; lass.browser.paths.${name} = { - path = bin; + path = config.lass.xjail-bins.${name}; inherit precedence; }; - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(${name}) NOPASSWD: ALL - ''; - environment.systemPackages = [ - bin - ]; }; - createFirefoxUser = name: extraGroups: precedence: - let - bin = pkgs.writeScriptBin name '' - /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox-devedition-bin}/bin/firefox-devedition $@ - ''; - in { - users.extraUsers.${name} = { - inherit name; - inherit extraGroups; - home = "/home/${name}"; - uid = genid name; - useDefaultShell = true; - createHome = true; + createFirefoxUser = name: groups: precedence: + { + lass.xjail.${name} = { + user = name; + script = pkgs.writeDash name '' + ${pkgs.firefox-devedition-bin}/bin/firefox-devedition "$@" + ''; + inherit groups; }; + environment.systemPackages = [ config.lass.xjail-bins.${name} ]; lass.browser.paths.${name} = { - path = bin; + path = config.lass.xjail-bins.${name}; inherit precedence; }; - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(${name}) NOPASSWD: ALL - ''; - environment.systemPackages = [ - bin - ]; }; + createQuteUser = name: groups: precedence: + { + lass.xjail.${name} = { + user = name; + script = pkgs.writeDash name '' + ${pkgs.qutebrowser}/bin/qutebrowser "$@" + ''; + inherit groups; + }; + environment.systemPackages = [ config.lass.xjail-bins.${name} ]; + lass.browser.paths.${name} = { + path = config.lass.xjail-bins.${name}; + inherit precedence; + }; + }; + + #TODO: abstract this in { From e7b4686c7ac46e08a526e5d74eb6cd45af23b1da Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Mar 2018 21:15:20 +0200 Subject: [PATCH 071/183] l browsers: remove video group from most users --- lass/2configs/browsers.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 153c386cf..351f15154 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -108,11 +108,11 @@ in { }; } ( createFirefoxUser "ff" [ "audio" ] 10 ) - ( createChromiumUser "cr" [ "video" "audio" ] 9 ) + ( createChromiumUser "cr" [ "audio" ] 9 ) ( createChromiumUser "gm" [ "video" "audio" ] 8 ) - ( createChromiumUser "wk" [ "video" "audio" ] 0 ) - ( createChromiumUser "fb" [ "video" "audio" ] 0 ) - ( createChromiumUser "com" [ "video" "audio" ] 0 ) + ( createChromiumUser "wk" [ "audio" ] 0 ) + ( createChromiumUser "fb" [ "audio" ] 0 ) + ( createChromiumUser "com" [ "audio" ] 0 ) ( createChromiumUser "fin" [] (-1) ) ]; } From 1b050f22d44711c4f296c6bba371528d0cf44cf9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Mar 2018 21:15:42 +0200 Subject: [PATCH 072/183] l browsers: add qb --- lass/2configs/browsers.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 351f15154..75a86db6a 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -107,6 +107,7 @@ in { })); }; } + ( createQuteUser "qb" [ "audio" ] 20 ) ( createFirefoxUser "ff" [ "audio" ] 10 ) ( createChromiumUser "cr" [ "audio" ] 9 ) ( createChromiumUser "gm" [ "video" "audio" ] 8 ) From 22f33b8e99cf9ffe575905370df736ddc3517338 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Mar 2018 21:16:03 +0200 Subject: [PATCH 073/183] reaktor-plugins sed: limit output --- .../5pkgs/simple/Reaktor/scripts/sed-plugin.py | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py b/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py index da8e2f726..51ac7a071 100644 --- a/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py +++ b/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py @@ -18,20 +18,27 @@ def is_regex(line): myre = re.compile(r'^s/(?:\\/|[^/])+/(?:\\/|[^/])*/[ig]?$') return myre.match(line) + line = argv[1] if is_regex(line): last = d.get(usr, None) if last: from subprocess import Popen, PIPE - p = Popen(['sed', line], stdin=PIPE, stdout=PIPE) + p = Popen(['sed', line], stdin=PIPE, stdout=PIPE, stderr=PIPE) so, se = p.communicate(bytes("{}\n".format(last), "UTF-8")) if p.returncode: - print("something went wrong when trying to process your regex: {}".format(se.decode())) + print("something went wrong when trying to process your regex: {}".format(line.strip())) ret = so.decode() - print("\x1b[1m{}\x1b[0m meant: {}".format(usr, ret.strip())) - if ret: - d[usr] = ret + if len(ret) > 512: + print('message to long, skipped') + elif len(ret.split('\n')) > 5: + print('to many lines, skipped') + else: + if last.strip() != ret.strip(): + print("\x1b[1m{}\x1b[0m meant: {}".format(usr, ret.strip())) + if ret: + d[usr] = ret else: print("no last message") From 10bcf2db927692818a948c755fdfbf961a2ac3d7 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 29 Mar 2018 11:15:13 +0200 Subject: [PATCH 074/183] buildbot: bump to 0.8.15 --- krebs/5pkgs/simple/buildbot-classic/default.nix | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/krebs/5pkgs/simple/buildbot-classic/default.nix b/krebs/5pkgs/simple/buildbot-classic/default.nix index 9eeccee64..77ba0342d 100644 --- a/krebs/5pkgs/simple/buildbot-classic/default.nix +++ b/krebs/5pkgs/simple/buildbot-classic/default.nix @@ -2,16 +2,15 @@ python2Packages.buildPythonApplication rec { name = "buildbot-classic-${version}"; - version = "0.8.14"; + version = "0.8.15"; namePrefix = ""; patches = []; src = fetchFromGitHub { owner = "krebscode"; repo = "buildbot-classic"; - # rev = "v${version}"; - rev = "843463911"; - sha256 = "1ybl52ybjw5p09yik6bck9i1pvnvg94i0d32zqrwy67s77yx1mfd"; + rev = version; + sha256 = "0hmmpqxs1i3nvwj9681yi0q3qz0xdcbbm0774lkn1ic5fg3c68fm"; }; postUnpack = "sourceRoot=\${sourceRoot}/master"; From 1710530cae5189cdc779212084ea3091fefc275b Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 29 Mar 2018 14:10:23 +0200 Subject: [PATCH 075/183] writers writeC: 17.09 workaround --- krebs/5pkgs/writers.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/krebs/5pkgs/writers.nix b/krebs/5pkgs/writers.nix index 23773e17f..1939bf854 100644 --- a/krebs/5pkgs/writers.nix +++ b/krebs/5pkgs/writers.nix @@ -57,7 +57,8 @@ with import ; passAsFile = [ "text" ]; } /* sh */ '' PATH=${makeBinPath (with pkgs; [ - binutils-unwrapped + # TODO remove if everyone migrated to 18.03 + (if hasAttr "binutils-unwrapped" pkgs then binutils-unwrapped else binutils) coreutils gcc ])} From 23e797744017d984d67ba66d879e35913bbac4d7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 29 Mar 2018 16:39:08 +0200 Subject: [PATCH 076/183] l mail: track neomutt name change --- lass/2configs/mail.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index b9682c5ee..81db59617 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -75,7 +75,7 @@ let muttrc = pkgs.writeText "muttrc" '' # gpg - source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc + source ${pkgs.neomutt}/share/doc/neomutt/samples/gpg.rc set pgp_use_gpg_agent = yes set pgp_sign_as = 0xDC2A43EF4F11E854B44D599A89E82952976A7E4D set crypt_autosign = yes @@ -195,7 +195,7 @@ let name = "mutt"; paths = [ (pkgs.writeDashBin "mutt" '' - exec ${pkgs.neomutt}/bin/mutt -F ${muttrc} $@ + exec ${pkgs.neomutt}/bin/neomutt -F ${muttrc} $@ '') pkgs.neomutt ]; From e4d0f7d81f5ff80eef4da50d15d5fdc0d824acf1 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 29 Mar 2018 18:55:15 +0200 Subject: [PATCH 077/183] ma torrent-secrets: enable for drop and fileleech --- makefu/1systems/drop/source.nix | 1 + makefu/1systems/fileleech/source.nix | 3 ++- makefu/6tests/data/secrets/torrent-secrets/auth.nix | 1 - 3 files changed, 3 insertions(+), 2 deletions(-) delete mode 100644 makefu/6tests/data/secrets/torrent-secrets/auth.nix diff --git a/makefu/1systems/drop/source.nix b/makefu/1systems/drop/source.nix index 74de846c0..45bd6f97e 100644 --- a/makefu/1systems/drop/source.nix +++ b/makefu/1systems/drop/source.nix @@ -1,3 +1,4 @@ import { name="drop"; + torrent = true; } diff --git a/makefu/1systems/fileleech/source.nix b/makefu/1systems/fileleech/source.nix index 699267e21..caca1fbcb 100644 --- a/makefu/1systems/fileleech/source.nix +++ b/makefu/1systems/fileleech/source.nix @@ -1,3 +1,4 @@ import { - name="fileleech"; + name = "fileleech"; + torrent = true; } diff --git a/makefu/6tests/data/secrets/torrent-secrets/auth.nix b/makefu/6tests/data/secrets/torrent-secrets/auth.nix deleted file mode 100644 index 0967ef424..000000000 --- a/makefu/6tests/data/secrets/torrent-secrets/auth.nix +++ /dev/null @@ -1 +0,0 @@ -{} From a64238e7660ab92c7dcdf33d13ee4222bfe5eadf Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 29 Mar 2018 19:08:44 +0200 Subject: [PATCH 078/183] buildbot: 0.8.15 -> 0.8.16 --- krebs/5pkgs/simple/buildbot-classic/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/simple/buildbot-classic/default.nix b/krebs/5pkgs/simple/buildbot-classic/default.nix index 77ba0342d..3cb691f53 100644 --- a/krebs/5pkgs/simple/buildbot-classic/default.nix +++ b/krebs/5pkgs/simple/buildbot-classic/default.nix @@ -2,7 +2,7 @@ python2Packages.buildPythonApplication rec { name = "buildbot-classic-${version}"; - version = "0.8.15"; + version = "0.8.16"; namePrefix = ""; patches = []; @@ -10,7 +10,7 @@ python2Packages.buildPythonApplication rec { owner = "krebscode"; repo = "buildbot-classic"; rev = version; - sha256 = "0hmmpqxs1i3nvwj9681yi0q3qz0xdcbbm0774lkn1ic5fg3c68fm"; + sha256 = "0g686n6m0cjfyympl0ksansllx503gby3hx9gmc8hiyx6x5fkjha"; }; postUnpack = "sourceRoot=\${sourceRoot}/master"; From a75858a8ced30f9ed46e282e75a3cdccd515abd7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Apr 2018 14:11:14 +0200 Subject: [PATCH 079/183] nixpkgs: 48856a9 -> b6ddb99 --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index 0bd797a16..e5fb6c5e1 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -24,7 +24,7 @@ in stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "48856a91c02b456c80c37c863d8610090b38707a"; # nixos-18.03 # 2018-03-24 + ref = "b6ddb9913f2b8206837e0f137db907bdefb9275e"; # nixos-18.03 # 2018-03-24 }; } override From 0f47b98e81755494df19325e91974f8d9d2c8617 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Apr 2018 16:17:45 +0200 Subject: [PATCH 080/183] l xjail: add working GPU acceleration --- lass/3modules/xjail.nix | 121 ++++++++++++++++++++++++++++++++-------- 1 file changed, 99 insertions(+), 22 deletions(-) diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix index af851760b..325ebcc99 100644 --- a/lass/3modules/xjail.nix +++ b/lass/3modules/xjail.nix @@ -1,33 +1,88 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: with import ; { options.lass.xjail = mkOption { type = types.attrsOf (types.submodule ({ config, ...}: { options = { + name = mkOption { + type = types.string; + default = config._module.args.name; + }; user = mkOption { type = types.string; - default = "nobody"; + default = config.name; }; groups = mkOption { type = types.listOf types.str; default = []; }; - name = mkOption { + from = mkOption { type = types.string; - default = config._module.args.name; + default = "lass"; }; display = mkOption { type = types.string; default = toString (genid_signed config._module.args.name); }; + dpi = mkOption { + type = types.int; + default = 90; + }; + extraXephyrArgs = mkOption { + type = types.str; + default = ""; + }; + extraVglrunArgs = mkOption { + type = types.str; + default = ""; + }; script = mkOption { type = types.path; default = pkgs.writeScript "echo_lol" "echo lol"; }; - from = mkOption { + wm = mkOption { + #TODO find type type = types.string; - default = "lass"; + default = "${pkgs.writeHaskell "xephyrify-xmonad" { + executables.xmonad = { + extra-depends = [ + "containers" + "unix" + "xmonad" + ]; + text = /* haskell */ '' + module Main where + import XMonad + import Data.Monoid + import System.Posix.Process (executeFile) + import qualified Data.Map as Map + + main :: IO () + main = do + xmonad def + { workspaces = [ "1" ] + , layoutHook = myLayoutHook + , keys = myKeys + , normalBorderColor = "#000000" + , focusedBorderColor = "#000000" + , handleEventHook = myEventHook + } + + myEventHook :: Event -> X All + + myEventHook (ConfigureEvent { ev_event_type = 22 }) = do + spawn "${pkgs.xorg.xrandr}/bin/xrandr >/dev/null 2>&1" + return (All True) + + myEventHook _ = do + return (All True) + + myLayoutHook = Full + myKeys _ = Map.fromList [] + ''; + }; + }}/bin/xmonad"; }; }; })); @@ -39,7 +94,42 @@ with import ; }; # implementation - config = { + config = let + scripts = mapAttrs' (name: cfg: + let + newOrExisting = pkgs.writeDash "${cfg.name}-existing" '' + DISPLAY=:${cfg.display} ${pkgs.xorg.xrandr}/bin/xrandr + if test $? -eq 0; then + echo using existing xephyr + ${sudo_} "$@" + else + echo starting new xephyr + ${xephyr_} "$@" + fi + ''; + xephyr_ = pkgs.writeDash "${cfg.name}-xephyr" '' + ${pkgs.xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable -nolisten local -dpi ${toString cfg.dpi} ${cfg.extraXephyrArgs} :${cfg.display} & + XEPHYR_PID=$! + DISPLAY=:${cfg.display} ${cfg.wm} & + WM_PID=$! + ${sudo_} "$@" + ${pkgs.coreutils}/bin/kill $WM_PID + ${pkgs.coreutils}/bin/kill $XEPHYR_PID + ''; + sudo_ = pkgs.writeDash "${cfg.name}-sudo" '' + /var/run/wrappers/bin/sudo -u ${cfg.name} -i ${vglrun_} "$@" + ''; + vglrun_ = pkgs.writeDash "${cfg.name}-vglrun" '' + DISPLAY=:${cfg.display} ${pkgs.virtualgl}/bin/vglrun ${cfg.extraVglrunArgs} ${cfg.script} "$@" + ''; + in nameValuePair name { + existing = newOrExisting; + xephyr = xephyr_; + sudo = sudo_; + vglrun = vglrun_; + } + ) config.lass.xjail; + in { users.users = mapAttrs' (_: cfg: nameValuePair cfg.name { @@ -66,21 +156,8 @@ with import ; ) config.lass.xjail)); lass.xjail-bins = mapAttrs' (name: cfg: - let - sudo-wrapper = pkgs.writeScript name '' - /var/run/wrappers/bin/sudo -u ${cfg.name} -i ${cfg.script} "$@" - ''; - in nameValuePair name (pkgs.writeScriptBin cfg.name '' - export NDISPLAY=${cfg.display} - DISPLAY=:$NDISPLAY ${pkgs.xorg.xrandr}/bin/xrandr - if test $? -eq 0; then - echo xephyr already running - export DISPLAY=:$NDISPLAY - ${sudo-wrapper} "$@" - else - echo xephyr not running - DROP_TO_USER=${cfg.name} ${pkgs.xephyrify}/bin/xephyrify ${sudo-wrapper} "$@" - fi + nameValuePair name (pkgs.writeScriptBin cfg.name '' + ${scripts.${name}.existing} "$@" '') ) config.lass.xjail; }; From 1a5b58c828409ce9bf1639f3f26ebeb142e0148a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Apr 2018 16:19:28 +0200 Subject: [PATCH 081/183] l browsers: use new xjail interface --- lass/2configs/browsers.nix | 50 ++++++++++---------------------------- 1 file changed, 13 insertions(+), 37 deletions(-) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 75a86db6a..91ee08bfd 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -21,14 +21,10 @@ let $BIN "$@" ''; - createChromiumUser = name: groups: precedence: + createUser = script: name: groups: precedence: dpi: { lass.xjail.${name} = { - user = name; - script = pkgs.writeDash name '' - ${pkgs.chromium}/bin/chromium "$@" - ''; - inherit groups; + inherit script groups dpi; }; environment.systemPackages = [ config.lass.xjail-bins.${name} ]; lass.browser.paths.${name} = { @@ -37,40 +33,20 @@ let }; }; + createChromiumUser = name: groups: precedence: + createUser (pkgs.writeDash name '' + ${pkgs.chromium}/bin/chromium "$@" + '') name groups precedence 80; + createFirefoxUser = name: groups: precedence: - { - lass.xjail.${name} = { - user = name; - script = pkgs.writeDash name '' - ${pkgs.firefox-devedition-bin}/bin/firefox-devedition "$@" - ''; - inherit groups; - }; - environment.systemPackages = [ config.lass.xjail-bins.${name} ]; - lass.browser.paths.${name} = { - path = config.lass.xjail-bins.${name}; - inherit precedence; - }; - }; + createUser (pkgs.writeDash name '' + ${pkgs.firefox-devedition-bin}/bin/firefox-devedition "$@" + '') name groups precedence 80; createQuteUser = name: groups: precedence: - { - lass.xjail.${name} = { - user = name; - script = pkgs.writeDash name '' - ${pkgs.qutebrowser}/bin/qutebrowser "$@" - ''; - inherit groups; - }; - environment.systemPackages = [ config.lass.xjail-bins.${name} ]; - lass.browser.paths.${name} = { - path = config.lass.xjail-bins.${name}; - inherit precedence; - }; - }; - - - #TODO: abstract this + createUser (pkgs.writeDash name '' + ${pkgs.qutebrowser}/bin/qutebrowser "$@" + '') name groups precedence 60; in { From 8d3db0fcb75f65d6074e8c60e05bd4cfda32e1e9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 2 Apr 2018 23:06:03 +0200 Subject: [PATCH 082/183] nixpkgs: b6ddb99 -> 09bca91 --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index e5fb6c5e1..1f83d29f7 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -24,7 +24,7 @@ in stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "b6ddb9913f2b8206837e0f137db907bdefb9275e"; # nixos-18.03 # 2018-03-24 + ref = "09bca91e3b5a18d7f37f7632175ac71f2bf369ff"; # nixos-18.03 # 2018-04-02 }; } override From 1604ecfc706d2921248d0c9ac7cef02274842272 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 3 Apr 2018 12:02:31 +0200 Subject: [PATCH 083/183] l virtualbox: enable usb passthrough --- lass/2configs/virtualbox.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/virtualbox.nix b/lass/2configs/virtualbox.nix index f7d196057..8171def2d 100644 --- a/lass/2configs/virtualbox.nix +++ b/lass/2configs/virtualbox.nix @@ -6,6 +6,8 @@ let in { #services.virtualboxHost.enable = true; virtualisation.virtualbox.host.enable = true; + nixpkgs.config.virtualbox.enableExtensionPack = true; + virtualisation.virtualbox.host.enableHardening = false; users.extraUsers = { virtual = { From 3108c4323806eee9798a6ba42977ea8f16343731 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 3 Apr 2018 21:57:51 +0200 Subject: [PATCH 084/183] ejabberd: init at 17.07 --- krebs/5pkgs/simple/ejabberd/default.nix | 118 ++++++++++++++++++++++++ 1 file changed, 118 insertions(+) create mode 100644 krebs/5pkgs/simple/ejabberd/default.nix diff --git a/krebs/5pkgs/simple/ejabberd/default.nix b/krebs/5pkgs/simple/ejabberd/default.nix new file mode 100644 index 000000000..2799241fa --- /dev/null +++ b/krebs/5pkgs/simple/ejabberd/default.nix @@ -0,0 +1,118 @@ +{ stdenv, writeScriptBin, lib, fetchurl, git, cacert +, erlang, openssl, expat, libyaml, bash, gnused, gnugrep, coreutils, utillinux, procps +, withMysql ? false +, withPgsql ? false +, withSqlite ? false, sqlite +, withPam ? false, pam +, withZlib ? true, zlib +, withRiak ? false +, withElixir ? false, elixir +, withIconv ? true +, withTools ? false +, withRedis ? false +}: + +let + fakegit = writeScriptBin "git" '' + #! ${stdenv.shell} -e + if [ "$1" = "describe" ]; then + [ -r .rev ] && cat .rev || true + fi + ''; + + ctlpath = lib.makeBinPath [ bash gnused gnugrep coreutils utillinux procps ]; + +in stdenv.mkDerivation rec { + version = "17.07"; + name = "ejabberd-${version}"; + + src = fetchurl { + url = "http://www.process-one.net/downloads/ejabberd/${version}/${name}.tgz"; + sha256 = "1p8ppp2czjgnq8xnhyksd82npvvx99fwr0g3rrq1wvnwh2vgb8km"; + }; + + nativeBuildInputs = [ fakegit ]; + + buildInputs = [ erlang openssl expat libyaml ] + ++ lib.optional withSqlite sqlite + ++ lib.optional withPam pam + ++ lib.optional withZlib zlib + ++ lib.optional withElixir elixir + ; + + # Apparently needed for Elixir + LANG = "en_US.UTF-8"; + + deps = stdenv.mkDerivation { + name = "ejabberd-deps-${version}"; + + inherit src; + + configureFlags = [ "--enable-all" "--with-sqlite3=${sqlite.dev}" ]; + + buildInputs = [ git erlang openssl expat libyaml sqlite pam zlib elixir ]; + + GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt"; + + makeFlags = [ "deps" ]; + + phases = [ "unpackPhase" "configurePhase" "buildPhase" "installPhase" ]; + + installPhase = '' + for i in deps/*; do + ( cd $i + git reset --hard + git clean -ffdx + git describe --always --tags > .rev + rm -rf .git + ) + done + rm deps/.got + + cp -r deps $out + ''; + + outputHashMode = "recursive"; + outputHashAlgo = "sha256"; + outputHash = "1q9yzccn4zf5i4hibq1r0i34q4986a93ph4792l1ph07aiisc8p7"; + }; + + configureFlags = + [ (lib.enableFeature withMysql "mysql") + (lib.enableFeature withPgsql "pgsql") + (lib.enableFeature withSqlite "sqlite") + (lib.enableFeature withPam "pam") + (lib.enableFeature withZlib "zlib") + (lib.enableFeature withRiak "riak") + (lib.enableFeature withElixir "elixir") + (lib.enableFeature withIconv "iconv") + (lib.enableFeature withTools "tools") + (lib.enableFeature withRedis "redis") + ] ++ lib.optional withSqlite "--with-sqlite3=${sqlite.dev}"; + + enableParallelBuilding = true; + + preBuild = '' + cp -r $deps deps + chmod -R +w deps + patchShebangs deps + ''; + + postInstall = '' + sed -i \ + -e '2iexport PATH=${ctlpath}:$PATH' \ + -e 's,\(^ *FLOCK=\).*,\1${utillinux}/bin/flock,' \ + -e 's,\(^ *JOT=\).*,\1,' \ + -e 's,\(^ *CONNLOCKDIR=\).*,\1/var/lock/ejabberdctl,' \ + $out/sbin/ejabberdctl + ''; + + meta = { + description = "Open-source XMPP application server written in Erlang"; + license = lib.licenses.gpl2; + homepage = http://www.ejabberd.im; + platforms = lib.platforms.linux; + maintainers = [ lib.maintainers.sander lib.maintainers.abbradar ]; + broken = withElixir; + }; +} From c6b4c7920fd9c0eb11f3bd3c5602980934fafd20 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:39:03 +0200 Subject: [PATCH 085/183] ma gum.r: handle new domain --- makefu/1systems/gum/config.nix | 4 ++++ .../2configs/nginx/misa-felix-hochzeit.ml.nix | 17 +++++++++++++++++ 2 files changed, 21 insertions(+) create mode 100644 makefu/2configs/nginx/misa-felix-hochzeit.ml.nix diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 40fa233d3..578e4add8 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -64,8 +64,10 @@ in { + # + @@ -222,6 +224,8 @@ in { 25 # http 80 443 + # httptunnel + 8080 8443 # tinc 655 # tinc-shack diff --git a/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix b/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix new file mode 100644 index 000000000..d0881a934 --- /dev/null +++ b/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix @@ -0,0 +1,17 @@ +{ config, lib, pkgs, ... }: +{ + services.nginx = { + enable = lib.mkDefault true; + virtualHosts."misa-felix-hochzeit.ml" = { + serverAliases = [ "www.misa-felix-hochzeit.ml" "misa-felix.ml" "www.misa-felix.ml" ]; + forceSSL = true; + enableACME = true; + locations = { + "/" = { + index = "index.html"; + root = "/var/www/misa-felix-hochzeit.ml"; + }; + }; + }; + }; +} From a2c1afe2a253589bc38380a75c7b156216b40667 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:39:44 +0200 Subject: [PATCH 086/183] ma x.r: allow automatic mounting by pcmanfm --- makefu/1systems/x/config.nix | 38 ++++++++++++++++++++++++++++++++++-- 1 file changed, 36 insertions(+), 2 deletions(-) diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index f72f2a15b..483fc81e5 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -141,14 +141,47 @@ with import ; # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio hardware.bluetooth.enable = true; } - { # auto-mounting + { # auto-mounting via polkit services.udisks2.enable = true; - services.devmon.enable = true; + ## automount all disks: + # services.devmon.enable = true; # services.gnome3.gvfs.enable = true; + users.groups.storage = { + gid = genid "storage"; + members = [ "makefu" ]; + }; users.users.makefu.packages = with pkgs;[ gvfs pcmanfm lxmenu-data ]; environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ]; + + ## allow users in group "storage" to mount disk + # https://github.com/coldfix/udiskie/wiki/Permissions + security.polkit.extraConfig = + '' + polkit.addRule(function(action, subject) { + var YES = polkit.Result.YES; + var permission = { + "org.freedesktop.udisks.filesystem-mount": YES, + "org.freedesktop.udisks.luks-unlock": YES, + "org.freedesktop.udisks.drive-eject": YES, + "org.freedesktop.udisks.drive-detach": YES, + "org.freedesktop.udisks2.filesystem-mount": YES, + "org.freedesktop.udisks2.encrypted-unlock": YES, + "org.freedesktop.udisks2.eject-media": YES, + "org.freedesktop.udisks2.power-off-drive": YES, + "org.freedesktop.udisks2.filesystem-mount-other-seat": YES, + "org.freedesktop.udisks2.filesystem-unmount-others": YES, + "org.freedesktop.udisks2.encrypted-unlock-other-seat": YES, + "org.freedesktop.udisks2.eject-media-other-seat": YES, + "org.freedesktop.udisks2.power-off-drive-other-seat": YES + }; + if (subject.isInGroup("storage")) { + return permission[action.id]; + } + }); + ''; + } ]; @@ -170,6 +203,7 @@ with import ; networking.extraHosts = '' 192.168.1.11 omo.local + 80.92.65.53 www.wifionice.de wifionice.de ''; # hard dependency because otherwise the device will not be unlocked boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; From 0d4bb21df59c08eccf5db522242d3cb80f2b9425 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:44:06 +0200 Subject: [PATCH 087/183] ma automatic-diskmount: put into separate config --- makefu/1systems/x/config.nix | 42 -------------------- makefu/2configs/gui/automatic-diskmount.nix | 44 +++++++++++++++++++++ makefu/2configs/main-laptop.nix | 1 + 3 files changed, 45 insertions(+), 42 deletions(-) create mode 100644 makefu/2configs/gui/automatic-diskmount.nix diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 483fc81e5..93bb27efe 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -141,48 +141,6 @@ with import ; # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio hardware.bluetooth.enable = true; } - { # auto-mounting via polkit - services.udisks2.enable = true; - ## automount all disks: - # services.devmon.enable = true; - # services.gnome3.gvfs.enable = true; - users.groups.storage = { - gid = genid "storage"; - members = [ "makefu" ]; - }; - users.users.makefu.packages = with pkgs;[ - gvfs pcmanfm lxmenu-data - ]; - environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ]; - - ## allow users in group "storage" to mount disk - # https://github.com/coldfix/udiskie/wiki/Permissions - security.polkit.extraConfig = - '' - polkit.addRule(function(action, subject) { - var YES = polkit.Result.YES; - var permission = { - "org.freedesktop.udisks.filesystem-mount": YES, - "org.freedesktop.udisks.luks-unlock": YES, - "org.freedesktop.udisks.drive-eject": YES, - "org.freedesktop.udisks.drive-detach": YES, - "org.freedesktop.udisks2.filesystem-mount": YES, - "org.freedesktop.udisks2.encrypted-unlock": YES, - "org.freedesktop.udisks2.eject-media": YES, - "org.freedesktop.udisks2.power-off-drive": YES, - "org.freedesktop.udisks2.filesystem-mount-other-seat": YES, - "org.freedesktop.udisks2.filesystem-unmount-others": YES, - "org.freedesktop.udisks2.encrypted-unlock-other-seat": YES, - "org.freedesktop.udisks2.eject-media-other-seat": YES, - "org.freedesktop.udisks2.power-off-drive-other-seat": YES - }; - if (subject.isInGroup("storage")) { - return permission[action.id]; - } - }); - ''; - - } ]; diff --git a/makefu/2configs/gui/automatic-diskmount.nix b/makefu/2configs/gui/automatic-diskmount.nix new file mode 100644 index 000000000..19933111a --- /dev/null +++ b/makefu/2configs/gui/automatic-diskmount.nix @@ -0,0 +1,44 @@ +{ pkgs, ... }: +with import ; #genid +{ # auto-mounting via polkit + services.udisks2.enable = true; +## automount all disks: +# services.devmon.enable = true; +# services.gnome3.gvfs.enable = true; + users.groups.storage = { + gid = genid "storage"; + members = [ "makefu" ]; + }; + users.users.makefu.packages = with pkgs;[ + gvfs pcmanfm lxmenu-data + ]; + environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ]; + +## allow users in group "storage" to mount disk +# https://github.com/coldfix/udiskie/wiki/Permissions + security.polkit.extraConfig = + '' + polkit.addRule(function(action, subject) { + var YES = polkit.Result.YES; + var permission = { + "org.freedesktop.udisks.filesystem-mount": YES, + "org.freedesktop.udisks.luks-unlock": YES, + "org.freedesktop.udisks.drive-eject": YES, + "org.freedesktop.udisks.drive-detach": YES, + "org.freedesktop.udisks2.filesystem-mount": YES, + "org.freedesktop.udisks2.encrypted-unlock": YES, + "org.freedesktop.udisks2.eject-media": YES, + "org.freedesktop.udisks2.power-off-drive": YES, + "org.freedesktop.udisks2.filesystem-mount-other-seat": YES, + "org.freedesktop.udisks2.filesystem-unmount-others": YES, + "org.freedesktop.udisks2.encrypted-unlock-other-seat": YES, + "org.freedesktop.udisks2.eject-media-other-seat": YES, + "org.freedesktop.udisks2.power-off-drive-other-seat": YES + }; + if (subject.isInGroup("storage")) { + return permission[action.id]; + } + }); + ''; + +} diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix index 827da0c8d..315fc4706 100644 --- a/makefu/2configs/main-laptop.nix +++ b/makefu/2configs/main-laptop.nix @@ -16,6 +16,7 @@ in { ./zsh-user.nix ./tools/core.nix ./tools/core-gui.nix + ./gui/automatic-diskmount.nix ]; users.users.${config.krebs.build.user.name}.extraGroups = [ "dialout" ]; From bb41144dc0e18ea704ebea00f5f2da0573a443cc Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:44:28 +0200 Subject: [PATCH 088/183] ma wbob.r: put self into pulse group --- makefu/1systems/wbob/config.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index cfbcf0e9c..42f3bddb1 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -33,6 +33,9 @@ in { + { + users.users.makefu.extraGroups = [ "pulse" ]; + } # Sensors @@ -121,6 +124,7 @@ in { networking.firewall.allowedTCPPorts = [ 655 8081 #smokeping + 8086 #influx 49152 ]; networking.firewall.trustedInterfaces = [ "enp0s25" ]; From cab4eb5e430f0fce8698a0eb4a7f9825f133b519 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:45:30 +0200 Subject: [PATCH 089/183] ma bluetooth-mpd: provide anonymous unix socket for all programs --- makefu/2configs/bluetooth-mpd.nix | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/makefu/2configs/bluetooth-mpd.nix b/makefu/2configs/bluetooth-mpd.nix index 226f5cf1f..b59d3ce10 100644 --- a/makefu/2configs/bluetooth-mpd.nix +++ b/makefu/2configs/bluetooth-mpd.nix @@ -34,7 +34,7 @@ in { hardware.pulseaudio = { enable = true; package = pkgs.pulseaudioFull; - # systemWide = true; + # systemWide = true; support32Bit = true; zeroconf.discovery.enable = true; zeroconf.publish.enable = true; @@ -42,12 +42,13 @@ in { enable = true; # PULSE_SERVER=192.168.1.11 pavucontrol anonymousClients.allowAll = true; + anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.0.0/16" ]; }; configFile = pkgs.writeText "default.pa" '' load-module module-udev-detect load-module module-bluetooth-policy load-module module-bluetooth-discover - load-module module-native-protocol-unix + load-module module-native-protocol-unix auth-anonymous=1 load-module module-always-sink load-module module-console-kit load-module module-systemd-login @@ -56,13 +57,15 @@ in { load-module module-filter-heuristics load-module module-filter-apply load-module module-switch-on-connect + #load-module module-bluez5-device + #load-module module-bluez5-discover ''; }; - # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio + # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio hardware.bluetooth.enable = true; - #hardware.bluetooth.extraConfig = '' - # [general] - # Enable=Source,Sink,Media,Socket - #''; + # environment.etc."bluetooth/audio.conf".text = '' + # [General] + # Enable = Source,Sink,Media,Socket + # ''; }; } From fc3a10ebec641d49a83389d28ab45da519cb4727 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:45:45 +0200 Subject: [PATCH 090/183] ma cgit-retiolum: init arafetch --- makefu/2configs/git/cgit-retiolum.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 30d90f9e3..c209b83f6 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -30,6 +30,7 @@ let euer_blog = { }; ampel = { }; europastats = { }; + arafetch = { }; init-stockholm = { cgit.desc = "Init stuff for stockholm"; }; From d1542ef7739a61e9ee11ff86300ed6a3486569ac Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:46:15 +0200 Subject: [PATCH 091/183] ma arafetch: add extra logic for remote stats generation --- makefu/2configs/stats/arafetch.nix | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/makefu/2configs/stats/arafetch.nix b/makefu/2configs/stats/arafetch.nix index e04b12f9c..422676b24 100644 --- a/makefu/2configs/stats/arafetch.nix +++ b/makefu/2configs/stats/arafetch.nix @@ -3,7 +3,7 @@ with import ; let pkg = with pkgs.python3Packages;buildPythonPackage rec { rev = "762d747"; - name = "europastats-${rev}"; + name = "arafetch-${rev}"; propagatedBuildInputs = [ requests docopt @@ -25,12 +25,25 @@ in { }; systemd.services.arafetch = { - startAt = "Mon 09:15:00"; + startAt = "Mon,Wed,Fri 09:15:00"; wantedBy = [ "multi-user.target" ]; environment = { OUTDIR = home; }; path = [ pkg pkgs.git pkgs.wget ]; - script = "${pkg}/bin/weekrun"; + serviceConfig = { + User = "arafetch"; + WorkingDirectory = home; + PrivateTmp = true; + ExecStart = pkgs.writeDash "start-weekrun" '' + set -x + weekrun || echo "weekrun failed!" + find $OUTDIR/db -name \*.json | while read path;do + file=''${path##*/} + cantine=''${file%%.json} + ara2influx $path --cantine $cantine --host wbob.r + done + ''; + }; }; } From 402a0c9847df5b1195cb8b49e2f0cf632668ca71 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:46:44 +0200 Subject: [PATCH 092/183] ma hydra/stockholm: remove enable for postgres --- makefu/2configs/hydra/stockholm.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/makefu/2configs/hydra/stockholm.nix b/makefu/2configs/hydra/stockholm.nix index 4bdb09213..35999ae57 100644 --- a/makefu/2configs/hydra/stockholm.nix +++ b/makefu/2configs/hydra/stockholm.nix @@ -5,7 +5,6 @@ { # TODO postgres backup - services.postgresql.enable = true; services.hydra = { enable = true; From af5698307560b8cd1ab2ff2713684debab74fd5d Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:47:14 +0200 Subject: [PATCH 093/183] ma remote-build: rip --- makefu/2configs/remote-build/master.nix | 14 -------------- 1 file changed, 14 deletions(-) delete mode 100644 makefu/2configs/remote-build/master.nix diff --git a/makefu/2configs/remote-build/master.nix b/makefu/2configs/remote-build/master.nix deleted file mode 100644 index 2a2c68119..000000000 --- a/makefu/2configs/remote-build/master.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ pkgs, ...}: -let - sshKey = (toString ) + "/id_nixBuild"; -in { - nix.distributedBuilds = true; - # TODO: iterate over krebs.hosts - nix.buildMachines = map ( hostName: - { inherit hostName sshKey; - sshUser = "nixBuild"; - system = "x86_64-linux"; - maxJobs = 8; - }) [ "hotdog.r" ]; - # puyak.r "wbob.r" "omo.r" "gum.r" "latte.r" -} From 8f1907ef4eaa6b8be9838b69cf0243c441d52c3e Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:48:01 +0200 Subject: [PATCH 094/183] ma urlwatch: do not track oslo.config anymore --- makefu/2configs/urlwatch/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix index d0fb4fe41..f93d47caa 100644 --- a/makefu/2configs/urlwatch/default.nix +++ b/makefu/2configs/urlwatch/default.nix @@ -25,7 +25,6 @@ in { # pypi https://pypi.python.org/simple/bepasty/ https://pypi.python.org/simple/devpi-client/ - https://pypi.python.org/simple/oslo.config/ https://pypi.python.org/simple/sqlalchemy_migrate/ https://pypi.python.org/simple/xstatic/ https://pypi.python.org/simple/pyserial/ From 5dd8342aafd204863e826327af9222f22b2dd040 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:48:18 +0200 Subject: [PATCH 095/183] ma pkgs.ampel: bump to 0.2.1 --- makefu/5pkgs/ampel/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/makefu/5pkgs/ampel/default.nix b/makefu/5pkgs/ampel/default.nix index 86518b9b8..9792c2c59 100644 --- a/makefu/5pkgs/ampel/default.nix +++ b/makefu/5pkgs/ampel/default.nix @@ -2,7 +2,7 @@ with pkgs.python3Packages;buildPythonPackage rec { name = "ampel-${version}"; - version = "0.2"; + version = "0.2.1"; propagatedBuildInputs = [ docopt @@ -16,8 +16,8 @@ with pkgs.python3Packages;buildPythonPackage rec { src = pkgs.fetchgit { url = "http://cgit.euer.krebsco.de/ampel"; - rev = "d8a0250"; - sha256 = "0n36lc17ca5db6pl6dswdqd5w9f881rfqck9yc4w33a5qpsxj85f"; + rev = "92321d7"; + sha256 = "0mvpbpf1rx8sc589qjb73gl8z6fir2zs3gl3br1pbhg5jgn0ij4n"; }; meta = { homepage = http://cgit.euer.krebsco.de/ampel; From d4fcbba9086cadad2de132e18e64cb66e87a7df6 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:48:59 +0200 Subject: [PATCH 096/183] ma pkgs.awesomecfg.full: use maximized instead of horizontal/vertical --- makefu/5pkgs/awesomecfg/full.cfg | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg index e748981c6..e49a88697 100644 --- a/makefu/5pkgs/awesomecfg/full.cfg +++ b/makefu/5pkgs/awesomecfg/full.cfg @@ -412,8 +412,7 @@ clientkeys = awful.util.table.join( end), awful.key({ modkey, }, "m", function (c) - c.maximized_horizontal = not c.maximized_horizontal - c.maximized_vertical = not c.maximized_vertical + c.maximized = not c.maximized end) ) From bd08fef3bd33658782cddc8bfa537de6c1f42c76 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:51:59 +0200 Subject: [PATCH 097/183] ma devpi-web: bump to latest version --- makefu/5pkgs/devpi/default.nix | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/makefu/5pkgs/devpi/default.nix b/makefu/5pkgs/devpi/default.nix index 3ddcd9641..6515ea3d1 100644 --- a/makefu/5pkgs/devpi/default.nix +++ b/makefu/5pkgs/devpi/default.nix @@ -16,16 +16,17 @@ let }; devpi-web = pkgs.python3Packages.buildPythonPackage rec { name = "devpi-web"; - version = "3.1.1"; + version = "3.2.2"; src = pkgs.fetchurl { url = "mirror://pypi/d/devpi-web/devpi-web-${version}.tar.gz"; - sha256 = "0bvqv52jmasfm4sdyccwsgvk9a663d3grj7zjw8r9x7xm7l3svqv"; + sha256 = "1mwg2fcw88rn47ypnhg5f4s1r066129z922113shyinwrwfddhay"; }; - propagatedBuildInputs = with pkgs.python3Packages; - [ pkgs.devpi-server pyramid_chameleon beautifulsoup4 defusedxml readme-renderer ]; + propagatedBuildInputs = with pkgs.python3Packages; builtins.trace pkgs.devpi-server.version + [ pkgs.devpi-server pyramid_chameleon pygments docutils devpi-common + whoosh beautifulsoup4 defusedxml readme-renderer ]; meta = { homepage = https://bitbucket.org/hpk42/devpi; @@ -37,6 +38,6 @@ let in { devpi-web = pkgs.python3.buildEnv.override { - extraLibs = [ devpi-web devpi-server ]; - }; + extraLibs = [ devpi-web pkgs.devpi-server ]; + }; } From 1b740bf9ef32972f7242226699a75b39feeb18b2 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:56:11 +0200 Subject: [PATCH 098/183] ma source: 18.03 --- makefu/source.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/makefu/source.nix b/makefu/source.nix index d25fe5528..bbc059947 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -21,9 +21,8 @@ let ]; }; # TODO: automate updating of this ref + cherry-picks - ref = "6583793"; # nixos-17.09 @ 2018-03-07 - # + do_sqlite3 ruby: 55a952be5b5 - # + signal: 0f19beef3, 50ad913, 9449782, b7046ab2 + ref = "a09afbfb8a4"; # nixos-18.03 @ 2018-04-04 + # + do_sqlite3 ruby: 55a952be5b5 in evalSource (toString _file) [ From 241973f2ec1f4fcf217c37fd102feba82bc0b66e Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 5 Apr 2018 09:32:22 +0200 Subject: [PATCH 099/183] ma source: follow musnix master --- makefu/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/source.nix b/makefu/source.nix index bbc059947..bcdb66a66 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -53,7 +53,7 @@ in (mkIf ( musnix ) { musnix.git = { url = https://github.com/musnix/musnix.git; - ref = "d8b989f"; + ref = "master"; # follow the musnix channel, lets see how this works out }; }) From c89016b00630495698cd23177c6fe26ed989cbe4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Apr 2018 16:36:12 +0200 Subject: [PATCH 100/183] go: fix build on 18.03 --- krebs/5pkgs/simple/go-shortener/default.nix | 35 +++++---- .../simple/go-shortener/node-packages.nix | 76 +++++++++++++++++++ krebs/5pkgs/simple/go-shortener/packages.nix | 44 ----------- krebs/5pkgs/simple/go-shortener/pkgs.json | 4 + krebs/5pkgs/simple/go-shortener/update.sh | 2 + 5 files changed, 99 insertions(+), 62 deletions(-) create mode 100644 krebs/5pkgs/simple/go-shortener/node-packages.nix delete mode 100644 krebs/5pkgs/simple/go-shortener/packages.nix create mode 100644 krebs/5pkgs/simple/go-shortener/pkgs.json create mode 100755 krebs/5pkgs/simple/go-shortener/update.sh diff --git a/krebs/5pkgs/simple/go-shortener/default.nix b/krebs/5pkgs/simple/go-shortener/default.nix index 996f7072a..4d1bef2be 100644 --- a/krebs/5pkgs/simple/go-shortener/default.nix +++ b/krebs/5pkgs/simple/go-shortener/default.nix @@ -1,25 +1,26 @@ -{ stdenv, makeWrapper, callPackage, lib, buildEnv, fetchgit, nodePackages, nodejs }: +{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodejs-8_x, pkgs }: with lib; let - np = (callPackage ) { - generated = ./packages.nix; - self = np; + nodeEnv = import { + inherit (pkgs) stdenv python2 utillinux runCommand writeTextFile; + nodejs = nodejs-8_x; + libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null; }; - node_env = buildEnv { - name = "node_env"; - paths = [ - np.redis - np."formidable" - ]; - pathsToLink = [ "/lib" ]; - ignoreCollisions = true; + node_env = pkgs.buildEnv { + name = "go-node_env"; + paths = attrValues (import ./node-packages.nix { + inherit (pkgs) fetchurl fetchgit; + inherit nodeEnv; + }); }; -in np.buildNodePackage { +in stdenv.mkDerivation { + packageName = "go"; name = "go-shortener"; + version = "0.0.0"; src = fetchgit { url = "http://cgit.lassul.us/go/"; @@ -32,10 +33,8 @@ in np.buildNodePackage { "installPhase" ]; - deps = (filter (v: nixType v == "derivation") (attrValues np)); - buildInputs = [ - nodejs + nodejs-8_x makeWrapper ]; @@ -44,14 +43,14 @@ in np.buildNodePackage { cp index.js $out/ cat > $out/go << EOF - ${nodejs}/bin/node $out/index.js + ${nodejs-8_x}/bin/node $out/index.js EOF chmod +x $out/go wrapProgram $out/go \ --prefix NODE_PATH : ${node_env}/lib/node_modules - ln -s $out/go /$out/bin/go + ln -s $out/go /$out/bin/go ''; } diff --git a/krebs/5pkgs/simple/go-shortener/node-packages.nix b/krebs/5pkgs/simple/go-shortener/node-packages.nix new file mode 100644 index 000000000..526cd5a11 --- /dev/null +++ b/krebs/5pkgs/simple/go-shortener/node-packages.nix @@ -0,0 +1,76 @@ +# This file has been generated by node2nix 1.5.3. Do not edit! + +{nodeEnv, fetchurl, fetchgit, globalBuildInputs ? []}: + +let + sources = { + "double-ended-queue-2.1.0-0" = { + name = "double-ended-queue"; + packageName = "double-ended-queue"; + version = "2.1.0-0"; + src = fetchurl { + url = "https://registry.npmjs.org/double-ended-queue/-/double-ended-queue-2.1.0-0.tgz"; + sha1 = "103d3527fd31528f40188130c841efdd78264e5c"; + }; + }; + "redis-commands-1.3.5" = { + name = "redis-commands"; + packageName = "redis-commands"; + version = "1.3.5"; + src = fetchurl { + url = "https://registry.npmjs.org/redis-commands/-/redis-commands-1.3.5.tgz"; + sha512 = "2q8pai3gf0dczb03jjig3mpaz4j2kvw8icpgf8hp4fryr3d6c0mjkvxxdmlyhainybx4zhgqsw9ghc9p986alzdzd2n2p4cxvr8b0by"; + }; + }; + "redis-parser-2.6.0" = { + name = "redis-parser"; + packageName = "redis-parser"; + version = "2.6.0"; + src = fetchurl { + url = "https://registry.npmjs.org/redis-parser/-/redis-parser-2.6.0.tgz"; + sha1 = "52ed09dacac108f1a631c07e9b69941e7a19504b"; + }; + }; + }; +in +{ + formidable = nodeEnv.buildNodePackage { + name = "formidable"; + packageName = "formidable"; + version = "1.2.1"; + src = fetchurl { + url = "https://registry.npmjs.org/formidable/-/formidable-1.2.1.tgz"; + sha512 = "1x0n2rfaiasdjbw1mm7s29z84f68c7iji7lb1gkxvpknvv6q7bwns7z55ijcf4vkh4kvis12rbgaaih49jf9lj53s30mllb1d35bkqn"; + }; + buildInputs = globalBuildInputs; + meta = { + description = "A node.js module for parsing form data, especially file uploads."; + homepage = https://github.com/felixge/node-formidable; + license = "MIT"; + }; + production = true; + bypassCache = true; + }; + redis = nodeEnv.buildNodePackage { + name = "redis"; + packageName = "redis"; + version = "2.8.0"; + src = fetchurl { + url = "https://registry.npmjs.org/redis/-/redis-2.8.0.tgz"; + sha512 = "3a3044ax6qdvss83xgjfx10h5q91ls0mwgs3wpsnxcdsiipq3cnmqzsh6glyq0r7vsmpw49jp84c2jnfrhi2bgycrkd9hhhf6ia8lrk"; + }; + dependencies = [ + sources."double-ended-queue-2.1.0-0" + sources."redis-commands-1.3.5" + sources."redis-parser-2.6.0" + ]; + buildInputs = globalBuildInputs; + meta = { + description = "Redis client library"; + homepage = https://github.com/NodeRedis/node_redis; + license = "MIT"; + }; + production = true; + bypassCache = true; + }; +} \ No newline at end of file diff --git a/krebs/5pkgs/simple/go-shortener/packages.nix b/krebs/5pkgs/simple/go-shortener/packages.nix deleted file mode 100644 index 9acfd7658..000000000 --- a/krebs/5pkgs/simple/go-shortener/packages.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ self, fetchurl, fetchgit ? null, lib }: - -{ - by-spec."formidable"."*" = - self.by-version."formidable"."1.0.17"; - by-version."formidable"."1.0.17" = self.buildNodePackage { - name = "formidable-1.0.17"; - version = "1.0.17"; - bin = false; - src = fetchurl { - url = "http://registry.npmjs.org/formidable/-/formidable-1.0.17.tgz"; - name = "formidable-1.0.17.tgz"; - sha1 = "ef5491490f9433b705faa77249c99029ae348559"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - "formidable" = self.by-version."formidable"."1.0.17"; - by-spec."redis"."*" = - self.by-version."redis"."2.1.0"; - by-version."redis"."2.1.0" = self.buildNodePackage { - name = "redis-2.1.0"; - version = "2.1.0"; - bin = false; - src = fetchurl { - url = "http://registry.npmjs.org/redis/-/redis-2.1.0.tgz"; - name = "redis-2.1.0.tgz"; - sha1 = "38acb208f90750250f9451219b73ff08ae907f94"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - "redis" = self.by-version."redis"."2.1.0"; -} diff --git a/krebs/5pkgs/simple/go-shortener/pkgs.json b/krebs/5pkgs/simple/go-shortener/pkgs.json new file mode 100644 index 000000000..f53ce3745 --- /dev/null +++ b/krebs/5pkgs/simple/go-shortener/pkgs.json @@ -0,0 +1,4 @@ +[ + "formidable", + "redis" +] diff --git a/krebs/5pkgs/simple/go-shortener/update.sh b/krebs/5pkgs/simple/go-shortener/update.sh new file mode 100755 index 000000000..0c1ecc58c --- /dev/null +++ b/krebs/5pkgs/simple/go-shortener/update.sh @@ -0,0 +1,2 @@ +node2nix -8 -i pkgs.json -c combine.nix +rm node-env.nix combine.nix From 0a4df44a8a3e925bcf59802fcdb59dc16157bae7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Apr 2018 17:25:50 +0200 Subject: [PATCH 101/183] newsbot-js: fix build on 18.03 --- krebs/5pkgs/simple/newsbot-js/default.nix | 39 +- .../5pkgs/simple/newsbot-js/node-packages.nix | 844 ++++++++ krebs/5pkgs/simple/newsbot-js/packages.nix | 1747 ----------------- krebs/5pkgs/simple/newsbot-js/pkgs.json | 7 + krebs/5pkgs/simple/newsbot-js/update.sh | 2 + 5 files changed, 871 insertions(+), 1768 deletions(-) create mode 100644 krebs/5pkgs/simple/newsbot-js/node-packages.nix delete mode 100644 krebs/5pkgs/simple/newsbot-js/packages.nix create mode 100644 krebs/5pkgs/simple/newsbot-js/pkgs.json create mode 100755 krebs/5pkgs/simple/newsbot-js/update.sh diff --git a/krebs/5pkgs/simple/newsbot-js/default.nix b/krebs/5pkgs/simple/newsbot-js/default.nix index fa39823d3..cc362b86a 100644 --- a/krebs/5pkgs/simple/newsbot-js/default.nix +++ b/krebs/5pkgs/simple/newsbot-js/default.nix @@ -1,27 +1,27 @@ -{ stdenv, makeWrapper, callPackage, lib, buildEnv, fetchgit, nodePackages, nodejs }: +{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodejs-8_x, pkgs, icu }: with lib; let - np = (callPackage ) { - generated = ./packages.nix; - self = np; + nodeEnv = import { + inherit (pkgs) stdenv python2 utillinux runCommand writeTextFile; + nodejs = nodejs-8_x; + libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null; }; - node_env = buildEnv { - name = "node_env"; - paths = [ - np.feedparser - np.form-data - np.irc - np.request - np.shell-quote - ]; - pathsToLink = [ "/lib" ]; - ignoreCollisions = true; + node_env = pkgs.buildEnv { + name = "go-node_env"; + paths = attrValues (import ./node-packages.nix { + inherit (pkgs) fetchurl fetchgit; + inherit nodeEnv; + globalBuildInputs = [ + icu.dev + ]; + }); }; -in np.buildNodePackage { + +in stdenv.mkDerivation { name = "newsbot-js"; src = fetchgit { @@ -32,14 +32,11 @@ in np.buildNodePackage { phases = [ "unpackPhase" - "patchPhase" "installPhase" ]; - deps = (filter (v: nixType v == "derivation") (attrValues np)); - buildInputs = [ - nodejs + nodejs-8_x makeWrapper ]; @@ -48,7 +45,7 @@ in np.buildNodePackage { cp newsbot.js $out/ cat > $out/newsbot << EOF - ${nodejs}/bin/node $out/newsbot.js + ${nodejs-8_x}/bin/node $out/newsbot.js EOF chmod +x $out/newsbot diff --git a/krebs/5pkgs/simple/newsbot-js/node-packages.nix b/krebs/5pkgs/simple/newsbot-js/node-packages.nix new file mode 100644 index 000000000..d6b2a06dd --- /dev/null +++ b/krebs/5pkgs/simple/newsbot-js/node-packages.nix @@ -0,0 +1,844 @@ +# This file has been generated by node2nix 1.5.3. Do not edit! + +{nodeEnv, fetchurl, fetchgit, globalBuildInputs ? []}: + +let + sources = { + "addressparser-1.0.1" = { + name = "addressparser"; + packageName = "addressparser"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/addressparser/-/addressparser-1.0.1.tgz"; + sha1 = "47afbe1a2a9262191db6838e4fd1d39b40821746"; + }; + }; + "ajv-5.5.2" = { + name = "ajv"; + packageName = "ajv"; + version = "5.5.2"; + src = fetchurl { + url = "https://registry.npmjs.org/ajv/-/ajv-5.5.2.tgz"; + sha1 = "73b5eeca3fab653e3d3f9422b341ad42205dc965"; + }; + }; + "array-filter-0.0.1" = { + name = "array-filter"; + packageName = "array-filter"; + version = "0.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/array-filter/-/array-filter-0.0.1.tgz"; + sha1 = "7da8cf2e26628ed732803581fd21f67cacd2eeec"; + }; + }; + "array-indexofobject-0.0.1" = { + name = "array-indexofobject"; + packageName = "array-indexofobject"; + version = "0.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/array-indexofobject/-/array-indexofobject-0.0.1.tgz"; + sha1 = "aaa128e62c9b3c358094568c219ff64fe489d42a"; + }; + }; + "array-map-0.0.0" = { + name = "array-map"; + packageName = "array-map"; + version = "0.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/array-map/-/array-map-0.0.0.tgz"; + sha1 = "88a2bab73d1cf7bcd5c1b118a003f66f665fa662"; + }; + }; + "array-reduce-0.0.0" = { + name = "array-reduce"; + packageName = "array-reduce"; + version = "0.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/array-reduce/-/array-reduce-0.0.0.tgz"; + sha1 = "173899d3ffd1c7d9383e4479525dbe278cab5f2b"; + }; + }; + "asn1-0.2.3" = { + name = "asn1"; + packageName = "asn1"; + version = "0.2.3"; + src = fetchurl { + url = "https://registry.npmjs.org/asn1/-/asn1-0.2.3.tgz"; + sha1 = "dac8787713c9966849fc8180777ebe9c1ddf3b86"; + }; + }; + "assert-plus-1.0.0" = { + name = "assert-plus"; + packageName = "assert-plus"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz"; + sha1 = "f12e0f3c5d77b0b1cdd9146942e4e96c1e4dd525"; + }; + }; + "asynckit-0.4.0" = { + name = "asynckit"; + packageName = "asynckit"; + version = "0.4.0"; + src = fetchurl { + url = "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz"; + sha1 = "c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79"; + }; + }; + "aws-sign2-0.7.0" = { + name = "aws-sign2"; + packageName = "aws-sign2"; + version = "0.7.0"; + src = fetchurl { + url = "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.7.0.tgz"; + sha1 = "b46e890934a9591f2d2f6f86d7e6a9f1b3fe76a8"; + }; + }; + "aws4-1.6.0" = { + name = "aws4"; + packageName = "aws4"; + version = "1.6.0"; + src = fetchurl { + url = "https://registry.npmjs.org/aws4/-/aws4-1.6.0.tgz"; + sha1 = "83ef5ca860b2b32e4a0deedee8c771b9db57471e"; + }; + }; + "bcrypt-pbkdf-1.0.1" = { + name = "bcrypt-pbkdf"; + packageName = "bcrypt-pbkdf"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.1.tgz"; + sha1 = "63bc5dcb61331b92bc05fd528953c33462a06f8d"; + }; + }; + "boom-4.3.1" = { + name = "boom"; + packageName = "boom"; + version = "4.3.1"; + src = fetchurl { + url = "https://registry.npmjs.org/boom/-/boom-4.3.1.tgz"; + sha1 = "4f8a3005cb4a7e3889f749030fd25b96e01d2e31"; + }; + }; + "boom-5.2.0" = { + name = "boom"; + packageName = "boom"; + version = "5.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/boom/-/boom-5.2.0.tgz"; + sha512 = "19h20yqpvca08dns1rs4f057f10w63v0snxfml4h5khsk266x3x1im0w72bza4k2xn0kfz6jlv001dhcvxsjr09bmbqnysils9m7437"; + }; + }; + "caseless-0.12.0" = { + name = "caseless"; + packageName = "caseless"; + version = "0.12.0"; + src = fetchurl { + url = "https://registry.npmjs.org/caseless/-/caseless-0.12.0.tgz"; + sha1 = "1b681c21ff84033c826543090689420d187151dc"; + }; + }; + "co-4.6.0" = { + name = "co"; + packageName = "co"; + version = "4.6.0"; + src = fetchurl { + url = "https://registry.npmjs.org/co/-/co-4.6.0.tgz"; + sha1 = "6ea6bdf3d853ae54ccb8e47bfa0bf3f9031fb184"; + }; + }; + "combined-stream-1.0.6" = { + name = "combined-stream"; + packageName = "combined-stream"; + version = "1.0.6"; + src = fetchurl { + url = "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.6.tgz"; + sha1 = "723e7df6e801ac5613113a7e445a9b69cb632818"; + }; + }; + "core-util-is-1.0.2" = { + name = "core-util-is"; + packageName = "core-util-is"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz"; + sha1 = "b5fd54220aa2bc5ab57aab7140c940754503c1a7"; + }; + }; + "cryptiles-3.1.2" = { + name = "cryptiles"; + packageName = "cryptiles"; + version = "3.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/cryptiles/-/cryptiles-3.1.2.tgz"; + sha1 = "a89fbb220f5ce25ec56e8c4aa8a4fd7b5b0d29fe"; + }; + }; + "dashdash-1.14.1" = { + name = "dashdash"; + packageName = "dashdash"; + version = "1.14.1"; + src = fetchurl { + url = "https://registry.npmjs.org/dashdash/-/dashdash-1.14.1.tgz"; + sha1 = "853cfa0f7cbe2fed5de20326b8dd581035f6e2f0"; + }; + }; + "delayed-stream-1.0.0" = { + name = "delayed-stream"; + packageName = "delayed-stream"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz"; + sha1 = "df3ae199acadfb7d440aaae0b29e2272b24ec619"; + }; + }; + "ecc-jsbn-0.1.1" = { + name = "ecc-jsbn"; + packageName = "ecc-jsbn"; + version = "0.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.1.tgz"; + sha1 = "0fc73a9ed5f0d53c38193398523ef7e543777505"; + }; + }; + "extend-3.0.1" = { + name = "extend"; + packageName = "extend"; + version = "3.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/extend/-/extend-3.0.1.tgz"; + sha1 = "a755ea7bc1adfcc5a31ce7e762dbaadc5e636444"; + }; + }; + "extsprintf-1.3.0" = { + name = "extsprintf"; + packageName = "extsprintf"; + version = "1.3.0"; + src = fetchurl { + url = "https://registry.npmjs.org/extsprintf/-/extsprintf-1.3.0.tgz"; + sha1 = "96918440e3041a7a414f8c52e3c574eb3c3e1e05"; + }; + }; + "fast-deep-equal-1.1.0" = { + name = "fast-deep-equal"; + packageName = "fast-deep-equal"; + version = "1.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-1.1.0.tgz"; + sha1 = "c053477817c86b51daa853c81e059b733d023614"; + }; + }; + "fast-json-stable-stringify-2.0.0" = { + name = "fast-json-stable-stringify"; + packageName = "fast-json-stable-stringify"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.0.0.tgz"; + sha1 = "d5142c0caee6b1189f87d3a76111064f86c8bbf2"; + }; + }; + "forever-agent-0.6.1" = { + name = "forever-agent"; + packageName = "forever-agent"; + version = "0.6.1"; + src = fetchurl { + url = "https://registry.npmjs.org/forever-agent/-/forever-agent-0.6.1.tgz"; + sha1 = "fbc71f0c41adeb37f96c577ad1ed42d8fdacca91"; + }; + }; + "form-data-2.3.2" = { + name = "form-data"; + packageName = "form-data"; + version = "2.3.2"; + src = fetchurl { + url = "https://registry.npmjs.org/form-data/-/form-data-2.3.2.tgz"; + sha1 = "4970498be604c20c005d4f5c23aecd21d6b49099"; + }; + }; + "getpass-0.1.7" = { + name = "getpass"; + packageName = "getpass"; + version = "0.1.7"; + src = fetchurl { + url = "https://registry.npmjs.org/getpass/-/getpass-0.1.7.tgz"; + sha1 = "5eff8e3e684d569ae4cb2b1282604e8ba62149fa"; + }; + }; + "har-schema-2.0.0" = { + name = "har-schema"; + packageName = "har-schema"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/har-schema/-/har-schema-2.0.0.tgz"; + sha1 = "a94c2224ebcac04782a0d9035521f24735b7ec92"; + }; + }; + "har-validator-5.0.3" = { + name = "har-validator"; + packageName = "har-validator"; + version = "5.0.3"; + src = fetchurl { + url = "https://registry.npmjs.org/har-validator/-/har-validator-5.0.3.tgz"; + sha1 = "ba402c266194f15956ef15e0fcf242993f6a7dfd"; + }; + }; + "hawk-6.0.2" = { + name = "hawk"; + packageName = "hawk"; + version = "6.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/hawk/-/hawk-6.0.2.tgz"; + sha512 = "1nl2hjr2mnhj5jlaz8mh54z7acwz5j5idkch04qgjk78756gw5d0fjk4a2immil5ij9ijdssb9ndpryvnh2xpcbgcjv8lxybn330als"; + }; + }; + "hoek-4.2.1" = { + name = "hoek"; + packageName = "hoek"; + version = "4.2.1"; + src = fetchurl { + url = "https://registry.npmjs.org/hoek/-/hoek-4.2.1.tgz"; + sha512 = "1y8kprb3qldxqj31zai5n8dvhydsl9nn5w4rskhnbzzhldn6pm6n5lcyam3sfkb61a62d5m58k8im7z6ngwbd9cw9zp4zm4y7ckrf20"; + }; + }; + "http-signature-1.2.0" = { + name = "http-signature"; + packageName = "http-signature"; + version = "1.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/http-signature/-/http-signature-1.2.0.tgz"; + sha1 = "9aecd925114772f3d95b65a60abb8f7c18fbace1"; + }; + }; + "iconv-2.2.3" = { + name = "iconv"; + packageName = "iconv"; + version = "2.2.3"; + src = fetchurl { + url = "https://registry.npmjs.org/iconv/-/iconv-2.2.3.tgz"; + sha1 = "e084d60eeb7d73da7f0a9c096e4c8abe090bfaed"; + }; + }; + "inherits-2.0.3" = { + name = "inherits"; + packageName = "inherits"; + version = "2.0.3"; + src = fetchurl { + url = "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz"; + sha1 = "633c2c83e3da42a502f52466022480f4208261de"; + }; + }; + "irc-colors-1.4.2" = { + name = "irc-colors"; + packageName = "irc-colors"; + version = "1.4.2"; + src = fetchurl { + url = "https://registry.npmjs.org/irc-colors/-/irc-colors-1.4.2.tgz"; + sha512 = "0f75yhavbhr8lbh3lh83rvyfrrrcxjawnd2rz7sacjd3zxj5524xr28j66f2l11vlngdkbplxz5xsq9dnwrcyqa0jh64k2pvzhn17a1"; + }; + }; + "is-typedarray-1.0.0" = { + name = "is-typedarray"; + packageName = "is-typedarray"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/is-typedarray/-/is-typedarray-1.0.0.tgz"; + sha1 = "e479c80858df0c1b11ddda6940f96011fcda4a9a"; + }; + }; + "isarray-1.0.0" = { + name = "isarray"; + packageName = "isarray"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz"; + sha1 = "bb935d48582cba168c06834957a54a3e07124f11"; + }; + }; + "isstream-0.1.2" = { + name = "isstream"; + packageName = "isstream"; + version = "0.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/isstream/-/isstream-0.1.2.tgz"; + sha1 = "47e63f7af55afa6f92e1500e690eb8b8529c099a"; + }; + }; + "jsbn-0.1.1" = { + name = "jsbn"; + packageName = "jsbn"; + version = "0.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/jsbn/-/jsbn-0.1.1.tgz"; + sha1 = "a5e654c2e5a2deb5f201d96cefbca80c0ef2f513"; + }; + }; + "json-schema-0.2.3" = { + name = "json-schema"; + packageName = "json-schema"; + version = "0.2.3"; + src = fetchurl { + url = "https://registry.npmjs.org/json-schema/-/json-schema-0.2.3.tgz"; + sha1 = "b480c892e59a2f05954ce727bd3f2a4e882f9e13"; + }; + }; + "json-schema-traverse-0.3.1" = { + name = "json-schema-traverse"; + packageName = "json-schema-traverse"; + version = "0.3.1"; + src = fetchurl { + url = "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.3.1.tgz"; + sha1 = "349a6d44c53a51de89b40805c5d5e59b417d3340"; + }; + }; + "json-stringify-safe-5.0.1" = { + name = "json-stringify-safe"; + packageName = "json-stringify-safe"; + version = "5.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz"; + sha1 = "1296a2d58fd45f19a0f6ce01d65701e2c735b6eb"; + }; + }; + "jsonify-0.0.0" = { + name = "jsonify"; + packageName = "jsonify"; + version = "0.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/jsonify/-/jsonify-0.0.0.tgz"; + sha1 = "2c74b6ee41d93ca51b7b5aaee8f503631d252a73"; + }; + }; + "jsprim-1.4.1" = { + name = "jsprim"; + packageName = "jsprim"; + version = "1.4.1"; + src = fetchurl { + url = "https://registry.npmjs.org/jsprim/-/jsprim-1.4.1.tgz"; + sha1 = "313e66bc1e5cc06e438bc1b7499c2e5c56acb6a2"; + }; + }; + "lodash.assign-4.2.0" = { + name = "lodash.assign"; + packageName = "lodash.assign"; + version = "4.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/lodash.assign/-/lodash.assign-4.2.0.tgz"; + sha1 = "0d99f3ccd7a6d261d19bdaeb9245005d285808e7"; + }; + }; + "lodash.get-4.4.2" = { + name = "lodash.get"; + packageName = "lodash.get"; + version = "4.4.2"; + src = fetchurl { + url = "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz"; + sha1 = "2d177f652fa31e939b4438d5341499dfa3825e99"; + }; + }; + "lodash.has-4.5.2" = { + name = "lodash.has"; + packageName = "lodash.has"; + version = "4.5.2"; + src = fetchurl { + url = "https://registry.npmjs.org/lodash.has/-/lodash.has-4.5.2.tgz"; + sha1 = "d19f4dc1095058cccbe2b0cdf4ee0fe4aa37c862"; + }; + }; + "lodash.uniq-4.5.0" = { + name = "lodash.uniq"; + packageName = "lodash.uniq"; + version = "4.5.0"; + src = fetchurl { + url = "https://registry.npmjs.org/lodash.uniq/-/lodash.uniq-4.5.0.tgz"; + sha1 = "d0225373aeb652adc1bc82e4945339a842754773"; + }; + }; + "mime-db-1.33.0" = { + name = "mime-db"; + packageName = "mime-db"; + version = "1.33.0"; + src = fetchurl { + url = "https://registry.npmjs.org/mime-db/-/mime-db-1.33.0.tgz"; + sha512 = "36xnw59ik9fqym00cmwb5nyzg0l03k70cp413f7639j93wgmzk1mh0xjc7i6zz3r6k9xnwh0g5cm5a1f3y8c6plgy4qld7fm887ywh4"; + }; + }; + "mime-types-2.1.18" = { + name = "mime-types"; + packageName = "mime-types"; + version = "2.1.18"; + src = fetchurl { + url = "https://registry.npmjs.org/mime-types/-/mime-types-2.1.18.tgz"; + sha512 = "22krj1kw7n9z10zdyx7smcaim4bzwqsqzhspwha06q58gcrxfp93hw2cd0vk5crhq5p2dwzqlpacg32lrmp5sjzb798zdzy35mdmkwm"; + }; + }; + "mri-1.1.0" = { + name = "mri"; + packageName = "mri"; + version = "1.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/mri/-/mri-1.1.0.tgz"; + sha1 = "5c0a3f29c8ccffbbb1ec941dcec09d71fa32f36a"; + }; + }; + "nan-2.10.0" = { + name = "nan"; + packageName = "nan"; + version = "2.10.0"; + src = fetchurl { + url = "https://registry.npmjs.org/nan/-/nan-2.10.0.tgz"; + sha512 = "349rr7x0djrlkav4gbhkg355852ingn965r0kkch8rr4cwp7qki9676zpq8cq988yszzd2hld6szsbbnd1v6rghzf11abn1nyzlj1vc"; + }; + }; + "node-icu-charset-detector-0.2.0" = { + name = "node-icu-charset-detector"; + packageName = "node-icu-charset-detector"; + version = "0.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/node-icu-charset-detector/-/node-icu-charset-detector-0.2.0.tgz"; + sha1 = "c2320da374ddcb671fc54cb4a0e041e156ffd639"; + }; + }; + "oauth-sign-0.8.2" = { + name = "oauth-sign"; + packageName = "oauth-sign"; + version = "0.8.2"; + src = fetchurl { + url = "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.8.2.tgz"; + sha1 = "46a6ab7f0aead8deae9ec0565780b7d4efeb9d43"; + }; + }; + "performance-now-2.1.0" = { + name = "performance-now"; + packageName = "performance-now"; + version = "2.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz"; + sha1 = "6309f4e0e5fa913ec1c69307ae364b4b377c9e7b"; + }; + }; + "process-nextick-args-2.0.0" = { + name = "process-nextick-args"; + packageName = "process-nextick-args"; + version = "2.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.0.tgz"; + sha512 = "0rw8xpqqkhs91722slvzf8icxfaimqp4w8zb3840jxr7r8n8035byl6dhdi5bm0yr6x7sdws0gf3m025fg6hqgaklwlbl4d7bah5l9j"; + }; + }; + "punycode-1.4.1" = { + name = "punycode"; + packageName = "punycode"; + version = "1.4.1"; + src = fetchurl { + url = "https://registry.npmjs.org/punycode/-/punycode-1.4.1.tgz"; + sha1 = "c0d5a63b2718800ad8e1eb0fa5269c84dd41845e"; + }; + }; + "qs-6.5.1" = { + name = "qs"; + packageName = "qs"; + version = "6.5.1"; + src = fetchurl { + url = "https://registry.npmjs.org/qs/-/qs-6.5.1.tgz"; + sha512 = "3waqapyj1k4g135sgj636rmswiaixq19is1rw0rpv4qp6k7dl0a9nwy06m7yl5lbdk9p6xpwwngnggbzlzaz6rh11c86j2nvnnf273r"; + }; + }; + "readable-stream-2.3.6" = { + name = "readable-stream"; + packageName = "readable-stream"; + version = "2.3.6"; + src = fetchurl { + url = "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz"; + sha512 = "0mj9b6190amln9rg89x5pq2n195s3v0gzicpdamv1kbabg69aw5m71l34jsjn7bqil7405l6l35x9ijnb3h4jz5vx2i00l8sl1ll2xm"; + }; + }; + "safe-buffer-5.1.1" = { + name = "safe-buffer"; + packageName = "safe-buffer"; + version = "5.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.1.tgz"; + sha512 = "1p28rllll1w65yzq5azi4izx962399xdsdlfbaynn7vmp981hiss05jhiy9hm7sbbfk3b4dhlcv0zy07fc59mnc07hdv6wcgqkcvawh"; + }; + }; + "sax-1.2.4" = { + name = "sax"; + packageName = "sax"; + version = "1.2.4"; + src = fetchurl { + url = "https://registry.npmjs.org/sax/-/sax-1.2.4.tgz"; + sha512 = "1dn291mjsda42w8kldlbmngk6dhjxfbvvd5lckyqmwbjaj6069iq3wx0nvcfglwnpddz2qa93lzf4hv77iz43bd2qixa079sjzl799n"; + }; + }; + "sntp-2.1.0" = { + name = "sntp"; + packageName = "sntp"; + version = "2.1.0"; + src = fetchurl { + url = "https://registry.npmjs.org/sntp/-/sntp-2.1.0.tgz"; + sha512 = "0k2smmr24w5hb1cpql6vcgh58vzp4pmh9anf0bgz3arlsgq1mapnlq9fjqr6xs10aq1cmxaw987fwknqi62frax0fvs9bj3q3kmpg8l"; + }; + }; + "sshpk-1.14.1" = { + name = "sshpk"; + packageName = "sshpk"; + version = "1.14.1"; + src = fetchurl { + url = "https://registry.npmjs.org/sshpk/-/sshpk-1.14.1.tgz"; + sha1 = "130f5975eddad963f1d56f92b9ac6c51fa9f83eb"; + }; + }; + "string_decoder-1.1.1" = { + name = "string_decoder"; + packageName = "string_decoder"; + version = "1.1.1"; + src = fetchurl { + url = "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz"; + sha512 = "315yd4vzwrwk3vwj1klf46y1cj2jbvf88066y2rnwhksb98phj46jkxixbwsp3h607w7czy7cby522s7sx8mvspdpdm3s72y2ga3x4z"; + }; + }; + "stringstream-0.0.5" = { + name = "stringstream"; + packageName = "stringstream"; + version = "0.0.5"; + src = fetchurl { + url = "https://registry.npmjs.org/stringstream/-/stringstream-0.0.5.tgz"; + sha1 = "4e484cd4de5a0bbbee18e46307710a8a81621878"; + }; + }; + "tough-cookie-2.3.4" = { + name = "tough-cookie"; + packageName = "tough-cookie"; + version = "2.3.4"; + src = fetchurl { + url = "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.3.4.tgz"; + sha512 = "0ncm6j3cjq1f26mzjf04k9bkw1b08w53s4qa3a11c1bdj4pgnqv1422c1xs5jyy6y1psppjx52fhagq5zkjkgrcpdkxcdiry96r77jd"; + }; + }; + "tunnel-agent-0.6.0" = { + name = "tunnel-agent"; + packageName = "tunnel-agent"; + version = "0.6.0"; + src = fetchurl { + url = "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz"; + sha1 = "27a5dea06b36b04a0a9966774b290868f0fc40fd"; + }; + }; + "tweetnacl-0.14.5" = { + name = "tweetnacl"; + packageName = "tweetnacl"; + version = "0.14.5"; + src = fetchurl { + url = "https://registry.npmjs.org/tweetnacl/-/tweetnacl-0.14.5.tgz"; + sha1 = "5ae68177f192d4456269d108afa93ff8743f4f64"; + }; + }; + "util-deprecate-1.0.2" = { + name = "util-deprecate"; + packageName = "util-deprecate"; + version = "1.0.2"; + src = fetchurl { + url = "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz"; + sha1 = "450d4dc9fa70de732762fbd2d4a28981419a0ccf"; + }; + }; + "uuid-3.2.1" = { + name = "uuid"; + packageName = "uuid"; + version = "3.2.1"; + src = fetchurl { + url = "https://registry.npmjs.org/uuid/-/uuid-3.2.1.tgz"; + sha512 = "0843vl1c974n8kw5kn0kvhvhwk8y8jydr0xkwwl2963xxmkw4ingk6xj9c8m48jw2i95giglxzq5aw5v5mij9kv7fzln8pxav1cr6cd"; + }; + }; + "verror-1.10.0" = { + name = "verror"; + packageName = "verror"; + version = "1.10.0"; + src = fetchurl { + url = "https://registry.npmjs.org/verror/-/verror-1.10.0.tgz"; + sha1 = "3a105ca17053af55d6e270c1f8288682e18da400"; + }; + }; + }; +in +{ + feedparser = nodeEnv.buildNodePackage { + name = "feedparser"; + packageName = "feedparser"; + version = "2.2.9"; + src = fetchurl { + url = "https://registry.npmjs.org/feedparser/-/feedparser-2.2.9.tgz"; + sha1 = "9138197dafdae05fcadde0036beeaf6066c2c5e9"; + }; + dependencies = [ + sources."addressparser-1.0.1" + sources."array-indexofobject-0.0.1" + sources."core-util-is-1.0.2" + sources."inherits-2.0.3" + sources."isarray-1.0.0" + sources."lodash.assign-4.2.0" + sources."lodash.get-4.4.2" + sources."lodash.has-4.5.2" + sources."lodash.uniq-4.5.0" + sources."mri-1.1.0" + sources."process-nextick-args-2.0.0" + sources."readable-stream-2.3.6" + sources."safe-buffer-5.1.1" + sources."sax-1.2.4" + sources."string_decoder-1.1.1" + sources."util-deprecate-1.0.2" + ]; + buildInputs = globalBuildInputs; + meta = { + description = "Robust RSS Atom and RDF feed parsing using sax js"; + homepage = http://github.com/danmactough/node-feedparser; + license = "MIT"; + }; + production = true; + bypassCache = true; + }; + form-data = nodeEnv.buildNodePackage { + name = "form-data"; + packageName = "form-data"; + version = "2.3.2"; + src = fetchurl { + url = "https://registry.npmjs.org/form-data/-/form-data-2.3.2.tgz"; + sha1 = "4970498be604c20c005d4f5c23aecd21d6b49099"; + }; + dependencies = [ + sources."asynckit-0.4.0" + sources."combined-stream-1.0.6" + sources."delayed-stream-1.0.0" + sources."mime-db-1.33.0" + sources."mime-types-2.1.18" + ]; + buildInputs = globalBuildInputs; + meta = { + description = "A library to create readable \"multipart/form-data\" streams. Can be used to submit forms and file uploads to other web applications."; + license = "MIT"; + }; + production = true; + bypassCache = true; + }; + irc = nodeEnv.buildNodePackage { + name = "irc"; + packageName = "irc"; + version = "0.5.2"; + src = fetchurl { + url = "https://registry.npmjs.org/irc/-/irc-0.5.2.tgz"; + sha1 = "3714f4768365a96d0b2f776bc91166beb2464bbc"; + }; + dependencies = [ + sources."iconv-2.2.3" + sources."irc-colors-1.4.2" + sources."nan-2.10.0" + sources."node-icu-charset-detector-0.2.0" + ]; + buildInputs = globalBuildInputs; + meta = { + description = "An IRC client library for node"; + homepage = "https://github.com/martynsmith/node-irc#readme"; + license = "GPL-3.0"; + }; + production = true; + bypassCache = true; + }; + request = nodeEnv.buildNodePackage { + name = "request"; + packageName = "request"; + version = "2.85.0"; + src = fetchurl { + url = "https://registry.npmjs.org/request/-/request-2.85.0.tgz"; + sha512 = "2d3hg10zs5ycnr8prmiwdhacf88fl0x0bi6szs0z2r07zcbk419laixwpjp8sqapbc2ifyyih7p3r60wgr58bmcncz3pqnx523c8zph"; + }; + dependencies = [ + sources."ajv-5.5.2" + sources."asn1-0.2.3" + sources."assert-plus-1.0.0" + sources."asynckit-0.4.0" + sources."aws-sign2-0.7.0" + sources."aws4-1.6.0" + sources."bcrypt-pbkdf-1.0.1" + sources."boom-4.3.1" + sources."caseless-0.12.0" + sources."co-4.6.0" + sources."combined-stream-1.0.6" + sources."core-util-is-1.0.2" + (sources."cryptiles-3.1.2" // { + dependencies = [ + sources."boom-5.2.0" + ]; + }) + sources."dashdash-1.14.1" + sources."delayed-stream-1.0.0" + sources."ecc-jsbn-0.1.1" + sources."extend-3.0.1" + sources."extsprintf-1.3.0" + sources."fast-deep-equal-1.1.0" + sources."fast-json-stable-stringify-2.0.0" + sources."forever-agent-0.6.1" + sources."form-data-2.3.2" + sources."getpass-0.1.7" + sources."har-schema-2.0.0" + sources."har-validator-5.0.3" + sources."hawk-6.0.2" + sources."hoek-4.2.1" + sources."http-signature-1.2.0" + sources."is-typedarray-1.0.0" + sources."isstream-0.1.2" + sources."jsbn-0.1.1" + sources."json-schema-0.2.3" + sources."json-schema-traverse-0.3.1" + sources."json-stringify-safe-5.0.1" + sources."jsprim-1.4.1" + sources."mime-db-1.33.0" + sources."mime-types-2.1.18" + sources."oauth-sign-0.8.2" + sources."performance-now-2.1.0" + sources."punycode-1.4.1" + sources."qs-6.5.1" + sources."safe-buffer-5.1.1" + sources."sntp-2.1.0" + sources."sshpk-1.14.1" + sources."stringstream-0.0.5" + sources."tough-cookie-2.3.4" + sources."tunnel-agent-0.6.0" + sources."tweetnacl-0.14.5" + sources."uuid-3.2.1" + sources."verror-1.10.0" + ]; + buildInputs = globalBuildInputs; + meta = { + description = "Simplified HTTP request client."; + homepage = "https://github.com/request/request#readme"; + license = "Apache-2.0"; + }; + production = true; + bypassCache = true; + }; + shell-quote = nodeEnv.buildNodePackage { + name = "shell-quote"; + packageName = "shell-quote"; + version = "1.6.1"; + src = fetchurl { + url = "https://registry.npmjs.org/shell-quote/-/shell-quote-1.6.1.tgz"; + sha1 = "f4781949cce402697127430ea3b3c5476f481767"; + }; + dependencies = [ + sources."array-filter-0.0.1" + sources."array-map-0.0.0" + sources."array-reduce-0.0.0" + sources."jsonify-0.0.0" + ]; + buildInputs = globalBuildInputs; + meta = { + description = "quote and parse shell commands"; + homepage = "https://github.com/substack/node-shell-quote#readme"; + license = "MIT"; + }; + production = true; + bypassCache = true; + }; +} \ No newline at end of file diff --git a/krebs/5pkgs/simple/newsbot-js/packages.nix b/krebs/5pkgs/simple/newsbot-js/packages.nix deleted file mode 100644 index 62921cb8f..000000000 --- a/krebs/5pkgs/simple/newsbot-js/packages.nix +++ /dev/null @@ -1,1747 +0,0 @@ -{ self, fetchurl, fetchgit ? null, lib }: - -{ - by-spec."addressparser"."^1.0.1" = - self.by-version."addressparser"."1.0.1"; - by-version."addressparser"."1.0.1" = self.buildNodePackage { - name = "addressparser-1.0.1"; - version = "1.0.1"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/addressparser/-/addressparser-1.0.1.tgz"; - name = "addressparser-1.0.1.tgz"; - sha1 = "47afbe1a2a9262191db6838e4fd1d39b40821746"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."ansi-regex"."^2.0.0" = - self.by-version."ansi-regex"."2.1.1"; - by-version."ansi-regex"."2.1.1" = self.buildNodePackage { - name = "ansi-regex-2.1.1"; - version = "2.1.1"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz"; - name = "ansi-regex-2.1.1.tgz"; - sha1 = "c3b33ab5ee360d86e0e628f0468ae7ef27d654df"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."ansi-styles"."^2.2.1" = - self.by-version."ansi-styles"."2.2.1"; - by-version."ansi-styles"."2.2.1" = self.buildNodePackage { - name = "ansi-styles-2.2.1"; - version = "2.2.1"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz"; - name = "ansi-styles-2.2.1.tgz"; - sha1 = "b432dd3358b634cf75e1e4664368240533c1ddbe"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."array-filter"."~0.0.0" = - self.by-version."array-filter"."0.0.1"; - by-version."array-filter"."0.0.1" = self.buildNodePackage { - name = "array-filter-0.0.1"; - version = "0.0.1"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/array-filter/-/array-filter-0.0.1.tgz"; - name = "array-filter-0.0.1.tgz"; - sha1 = "7da8cf2e26628ed732803581fd21f67cacd2eeec"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."array-indexofobject"."~0.0.1" = - self.by-version."array-indexofobject"."0.0.1"; - by-version."array-indexofobject"."0.0.1" = self.buildNodePackage { - name = "array-indexofobject-0.0.1"; - version = "0.0.1"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/array-indexofobject/-/array-indexofobject-0.0.1.tgz"; - name = "array-indexofobject-0.0.1.tgz"; - sha1 = "aaa128e62c9b3c358094568c219ff64fe489d42a"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."array-map"."~0.0.0" = - self.by-version."array-map"."0.0.0"; - by-version."array-map"."0.0.0" = self.buildNodePackage { - name = "array-map-0.0.0"; - version = "0.0.0"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/array-map/-/array-map-0.0.0.tgz"; - name = "array-map-0.0.0.tgz"; - sha1 = "88a2bab73d1cf7bcd5c1b118a003f66f665fa662"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."array-reduce"."~0.0.0" = - self.by-version."array-reduce"."0.0.0"; - by-version."array-reduce"."0.0.0" = self.buildNodePackage { - name = "array-reduce-0.0.0"; - version = "0.0.0"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/array-reduce/-/array-reduce-0.0.0.tgz"; - name = "array-reduce-0.0.0.tgz"; - sha1 = "173899d3ffd1c7d9383e4479525dbe278cab5f2b"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."asn1"."~0.2.3" = - self.by-version."asn1"."0.2.3"; - by-version."asn1"."0.2.3" = self.buildNodePackage { - name = "asn1-0.2.3"; - version = "0.2.3"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/asn1/-/asn1-0.2.3.tgz"; - name = "asn1-0.2.3.tgz"; - sha1 = "dac8787713c9966849fc8180777ebe9c1ddf3b86"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."assert-plus"."^0.2.0" = - self.by-version."assert-plus"."0.2.0"; - by-version."assert-plus"."0.2.0" = self.buildNodePackage { - name = "assert-plus-0.2.0"; - version = "0.2.0"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/assert-plus/-/assert-plus-0.2.0.tgz"; - name = "assert-plus-0.2.0.tgz"; - sha1 = "d74e1b87e7affc0db8aadb7021f3fe48101ab234"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."assert-plus"."^1.0.0" = - self.by-version."assert-plus"."1.0.0"; - by-version."assert-plus"."1.0.0" = self.buildNodePackage { - name = "assert-plus-1.0.0"; - version = "1.0.0"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz"; - name = "assert-plus-1.0.0.tgz"; - sha1 = "f12e0f3c5d77b0b1cdd9146942e4e96c1e4dd525"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."asynckit"."^0.4.0" = - self.by-version."asynckit"."0.4.0"; - by-version."asynckit"."0.4.0" = self.buildNodePackage { - name = "asynckit-0.4.0"; - version = "0.4.0"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz"; - name = "asynckit-0.4.0.tgz"; - sha1 = "c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."aws-sign2"."~0.6.0" = - self.by-version."aws-sign2"."0.6.0"; - by-version."aws-sign2"."0.6.0" = self.buildNodePackage { - name = "aws-sign2-0.6.0"; - version = "0.6.0"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.6.0.tgz"; - name = "aws-sign2-0.6.0.tgz"; - sha1 = "14342dd38dbcc94d0e5b87d763cd63612c0e794f"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."aws4"."^1.2.1" = - self.by-version."aws4"."1.5.0"; - by-version."aws4"."1.5.0" = self.buildNodePackage { - name = "aws4-1.5.0"; - version = "1.5.0"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/aws4/-/aws4-1.5.0.tgz"; - name = "aws4-1.5.0.tgz"; - sha1 = "0a29ffb79c31c9e712eeb087e8e7a64b4a56d755"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."bcrypt-pbkdf"."^1.0.0" = - self.by-version."bcrypt-pbkdf"."1.0.1"; - by-version."bcrypt-pbkdf"."1.0.1" = self.buildNodePackage { - name = "bcrypt-pbkdf-1.0.1"; - version = "1.0.1"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.1.tgz"; - name = "bcrypt-pbkdf-1.0.1.tgz"; - sha1 = "63bc5dcb61331b92bc05fd528953c33462a06f8d"; - }; - deps = { - "tweetnacl-0.14.5" = self.by-version."tweetnacl"."0.14.5"; - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."boom"."2.x.x" = - self.by-version."boom"."2.10.1"; - by-version."boom"."2.10.1" = self.buildNodePackage { - name = "boom-2.10.1"; - version = "2.10.1"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/boom/-/boom-2.10.1.tgz"; - name = "boom-2.10.1.tgz"; - sha1 = "39c8918ceff5799f83f9492a848f625add0c766f"; - }; - deps = { - "hoek-2.16.3" = self.by-version."hoek"."2.16.3"; - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."buffer-shims"."^1.0.0" = - self.by-version."buffer-shims"."1.0.0"; - by-version."buffer-shims"."1.0.0" = self.buildNodePackage { - name = "buffer-shims-1.0.0"; - version = "1.0.0"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/buffer-shims/-/buffer-shims-1.0.0.tgz"; - name = "buffer-shims-1.0.0.tgz"; - sha1 = "9978ce317388c649ad8793028c3477ef044a8b51"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."caseless"."~0.11.0" = - self.by-version."caseless"."0.11.0"; - by-version."caseless"."0.11.0" = self.buildNodePackage { - name = "caseless-0.11.0"; - version = "0.11.0"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/caseless/-/caseless-0.11.0.tgz"; - name = "caseless-0.11.0.tgz"; - sha1 = "715b96ea9841593cc33067923f5ec60ebda4f7d7"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."chalk"."^1.1.1" = - self.by-version."chalk"."1.1.3"; - by-version."chalk"."1.1.3" = self.buildNodePackage { - name = "chalk-1.1.3"; - version = "1.1.3"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz"; - name = "chalk-1.1.3.tgz"; - sha1 = "a8115c55e4a702fe4d150abd3872822a7e09fc98"; - }; - deps = { - "ansi-styles-2.2.1" = self.by-version."ansi-styles"."2.2.1"; - "escape-string-regexp-1.0.5" = self.by-version."escape-string-regexp"."1.0.5"; - "has-ansi-2.0.0" = self.by-version."has-ansi"."2.0.0"; - "strip-ansi-3.0.1" = self.by-version."strip-ansi"."3.0.1"; - "supports-color-2.0.0" = self.by-version."supports-color"."2.0.0"; - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."combined-stream"."^1.0.5" = - self.by-version."combined-stream"."1.0.5"; - by-version."combined-stream"."1.0.5" = self.buildNodePackage { - name = "combined-stream-1.0.5"; - version = "1.0.5"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.5.tgz"; - name = "combined-stream-1.0.5.tgz"; - sha1 = "938370a57b4a51dea2c77c15d5c5fdf895164009"; - }; - deps = { - "delayed-stream-1.0.0" = self.by-version."delayed-stream"."1.0.0"; - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."combined-stream"."~1.0.5" = - self.by-version."combined-stream"."1.0.5"; - by-spec."commander"."^2.9.0" = - self.by-version."commander"."2.9.0"; - by-version."commander"."2.9.0" = self.buildNodePackage { - name = "commander-2.9.0"; - version = "2.9.0"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/commander/-/commander-2.9.0.tgz"; - name = "commander-2.9.0.tgz"; - sha1 = "9c99094176e12240cb22d6c5146098400fe0f7d4"; - }; - deps = { - "graceful-readlink-1.0.1" = self.by-version."graceful-readlink"."1.0.1"; - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."core-util-is"."~1.0.0" = - self.by-version."core-util-is"."1.0.2"; - by-version."core-util-is"."1.0.2" = self.buildNodePackage { - name = "core-util-is-1.0.2"; - version = "1.0.2"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz"; - name = "core-util-is-1.0.2.tgz"; - sha1 = "b5fd54220aa2bc5ab57aab7140c940754503c1a7"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."cryptiles"."2.x.x" = - self.by-version."cryptiles"."2.0.5"; - by-version."cryptiles"."2.0.5" = self.buildNodePackage { - name = "cryptiles-2.0.5"; - version = "2.0.5"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/cryptiles/-/cryptiles-2.0.5.tgz"; - name = "cryptiles-2.0.5.tgz"; - sha1 = "3bdfecdc608147c1c67202fa291e7dca59eaa3b8"; - }; - deps = { - "boom-2.10.1" = self.by-version."boom"."2.10.1"; - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."dashdash"."^1.12.0" = - self.by-version."dashdash"."1.14.1"; - by-version."dashdash"."1.14.1" = self.buildNodePackage { - name = "dashdash-1.14.1"; - version = "1.14.1"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/dashdash/-/dashdash-1.14.1.tgz"; - name = "dashdash-1.14.1.tgz"; - sha1 = "853cfa0f7cbe2fed5de20326b8dd581035f6e2f0"; - }; - deps = { - "assert-plus-1.0.0" = self.by-version."assert-plus"."1.0.0"; - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."delayed-stream"."~1.0.0" = - self.by-version."delayed-stream"."1.0.0"; - by-version."delayed-stream"."1.0.0" = self.buildNodePackage { - name = "delayed-stream-1.0.0"; - version = "1.0.0"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz"; - name = "delayed-stream-1.0.0.tgz"; - sha1 = "df3ae199acadfb7d440aaae0b29e2272b24ec619"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."ecc-jsbn"."~0.1.1" = - self.by-version."ecc-jsbn"."0.1.1"; - by-version."ecc-jsbn"."0.1.1" = self.buildNodePackage { - name = "ecc-jsbn-0.1.1"; - version = "0.1.1"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.1.tgz"; - name = "ecc-jsbn-0.1.1.tgz"; - sha1 = "0fc73a9ed5f0d53c38193398523ef7e543777505"; - }; - deps = { - "jsbn-0.1.0" = self.by-version."jsbn"."0.1.0"; - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."escape-string-regexp"."^1.0.2" = - self.by-version."escape-string-regexp"."1.0.5"; - by-version."escape-string-regexp"."1.0.5" = self.buildNodePackage { - name = "escape-string-regexp-1.0.5"; - version = "1.0.5"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz"; - name = "escape-string-regexp-1.0.5.tgz"; - sha1 = "1b61c0562190a8dff6ae3bb2cf0200ca130b86d4"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."extend"."~3.0.0" = - self.by-version."extend"."3.0.0"; - by-version."extend"."3.0.0" = self.buildNodePackage { - name = "extend-3.0.0"; - version = "3.0.0"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/extend/-/extend-3.0.0.tgz"; - name = "extend-3.0.0.tgz"; - sha1 = "5a474353b9f3353ddd8176dfd37b91c83a46f1d4"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."extsprintf"."1.0.2" = - self.by-version."extsprintf"."1.0.2"; - by-version."extsprintf"."1.0.2" = self.buildNodePackage { - name = "extsprintf-1.0.2"; - version = "1.0.2"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/extsprintf/-/extsprintf-1.0.2.tgz"; - name = "extsprintf-1.0.2.tgz"; - sha1 = "e1080e0658e300b06294990cc70e1502235fd550"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."feedparser"."*" = - self.by-version."feedparser"."2.1.0"; - by-version."feedparser"."2.1.0" = self.buildNodePackage { - name = "feedparser-2.1.0"; - version = "2.1.0"; - bin = true; - src = fetchurl { - url = "https://registry.npmjs.org/feedparser/-/feedparser-2.1.0.tgz"; - name = "feedparser-2.1.0.tgz"; - sha1 = "4cd98bf04e18db5b8644f91e98da89dd179f1fe7"; - }; - deps = { - "addressparser-1.0.1" = self.by-version."addressparser"."1.0.1"; - "array-indexofobject-0.0.1" = self.by-version."array-indexofobject"."0.0.1"; - "lodash.assign-4.2.0" = self.by-version."lodash.assign"."4.2.0"; - "lodash.get-4.4.2" = self.by-version."lodash.get"."4.4.2"; - "lodash.has-4.5.2" = self.by-version."lodash.has"."4.5.2"; - "lodash.uniq-4.5.0" = self.by-version."lodash.uniq"."4.5.0"; - "readable-stream-2.2.2" = self.by-version."readable-stream"."2.2.2"; - "sax-1.2.1" = self.by-version."sax"."1.2.1"; - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - "feedparser" = self.by-version."feedparser"."2.1.0"; - by-spec."forever-agent"."~0.6.1" = - self.by-version."forever-agent"."0.6.1"; - by-version."forever-agent"."0.6.1" = self.buildNodePackage { - name = "forever-agent-0.6.1"; - version = "0.6.1"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/forever-agent/-/forever-agent-0.6.1.tgz"; - name = "forever-agent-0.6.1.tgz"; - sha1 = "fbc71f0c41adeb37f96c577ad1ed42d8fdacca91"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."form-data"."*" = - self.by-version."form-data"."2.1.2"; - by-version."form-data"."2.1.2" = self.buildNodePackage { - name = "form-data-2.1.2"; - version = "2.1.2"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/form-data/-/form-data-2.1.2.tgz"; - name = "form-data-2.1.2.tgz"; - sha1 = "89c3534008b97eada4cbb157d58f6f5df025eae4"; - }; - deps = { - "asynckit-0.4.0" = self.by-version."asynckit"."0.4.0"; - "combined-stream-1.0.5" = self.by-version."combined-stream"."1.0.5"; - "mime-types-2.1.14" = self.by-version."mime-types"."2.1.14"; - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - "form-data" = self.by-version."form-data"."2.1.2"; - by-spec."form-data"."~2.1.1" = - self.by-version."form-data"."2.1.2"; - by-spec."generate-function"."^2.0.0" = - self.by-version."generate-function"."2.0.0"; - by-version."generate-function"."2.0.0" = self.buildNodePackage { - name = "generate-function-2.0.0"; - version = "2.0.0"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/generate-function/-/generate-function-2.0.0.tgz"; - name = "generate-function-2.0.0.tgz"; - sha1 = "6858fe7c0969b7d4e9093337647ac79f60dfbe74"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."generate-object-property"."^1.1.0" = - self.by-version."generate-object-property"."1.2.0"; - by-version."generate-object-property"."1.2.0" = self.buildNodePackage { - name = "generate-object-property-1.2.0"; - version = "1.2.0"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/generate-object-property/-/generate-object-property-1.2.0.tgz"; - name = "generate-object-property-1.2.0.tgz"; - sha1 = "9c0e1c40308ce804f4783618b937fa88f99d50d0"; - }; - deps = { - "is-property-1.0.2" = self.by-version."is-property"."1.0.2"; - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."getpass"."^0.1.1" = - self.by-version."getpass"."0.1.6"; - by-version."getpass"."0.1.6" = self.buildNodePackage { - name = "getpass-0.1.6"; - version = "0.1.6"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/getpass/-/getpass-0.1.6.tgz"; - name = "getpass-0.1.6.tgz"; - sha1 = "283ffd9fc1256840875311c1b60e8c40187110e6"; - }; - deps = { - "assert-plus-1.0.0" = self.by-version."assert-plus"."1.0.0"; - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."graceful-readlink".">= 1.0.0" = - self.by-version."graceful-readlink"."1.0.1"; - by-version."graceful-readlink"."1.0.1" = self.buildNodePackage { - name = "graceful-readlink-1.0.1"; - version = "1.0.1"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/graceful-readlink/-/graceful-readlink-1.0.1.tgz"; - name = "graceful-readlink-1.0.1.tgz"; - sha1 = "4cafad76bc62f02fa039b2f94e9a3dd3a391a725"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."har-validator"."~2.0.6" = - self.by-version."har-validator"."2.0.6"; - by-version."har-validator"."2.0.6" = self.buildNodePackage { - name = "har-validator-2.0.6"; - version = "2.0.6"; - bin = true; - src = fetchurl { - url = "https://registry.npmjs.org/har-validator/-/har-validator-2.0.6.tgz"; - name = "har-validator-2.0.6.tgz"; - sha1 = "cdcbc08188265ad119b6a5a7c8ab70eecfb5d27d"; - }; - deps = { - "chalk-1.1.3" = self.by-version."chalk"."1.1.3"; - "commander-2.9.0" = self.by-version."commander"."2.9.0"; - "is-my-json-valid-2.15.0" = self.by-version."is-my-json-valid"."2.15.0"; - "pinkie-promise-2.0.1" = self.by-version."pinkie-promise"."2.0.1"; - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."has-ansi"."^2.0.0" = - self.by-version."has-ansi"."2.0.0"; - by-version."has-ansi"."2.0.0" = self.buildNodePackage { - name = "has-ansi-2.0.0"; - version = "2.0.0"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/has-ansi/-/has-ansi-2.0.0.tgz"; - name = "has-ansi-2.0.0.tgz"; - sha1 = "34f5049ce1ecdf2b0649af3ef24e45ed35416d91"; - }; - deps = { - "ansi-regex-2.1.1" = self.by-version."ansi-regex"."2.1.1"; - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."hawk"."~3.1.3" = - self.by-version."hawk"."3.1.3"; - by-version."hawk"."3.1.3" = self.buildNodePackage { - name = "hawk-3.1.3"; - version = "3.1.3"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/hawk/-/hawk-3.1.3.tgz"; - name = "hawk-3.1.3.tgz"; - sha1 = "078444bd7c1640b0fe540d2c9b73d59678e8e1c4"; - }; - deps = { - "hoek-2.16.3" = self.by-version."hoek"."2.16.3"; - "boom-2.10.1" = self.by-version."boom"."2.10.1"; - "cryptiles-2.0.5" = self.by-version."cryptiles"."2.0.5"; - "sntp-1.0.9" = self.by-version."sntp"."1.0.9"; - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."hoek"."2.x.x" = - self.by-version."hoek"."2.16.3"; - by-version."hoek"."2.16.3" = self.buildNodePackage { - name = "hoek-2.16.3"; - version = "2.16.3"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/hoek/-/hoek-2.16.3.tgz"; - name = "hoek-2.16.3.tgz"; - sha1 = "20bb7403d3cea398e91dc4710a8ff1b8274a25ed"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."http-signature"."~1.1.0" = - self.by-version."http-signature"."1.1.1"; - by-version."http-signature"."1.1.1" = self.buildNodePackage { - name = "http-signature-1.1.1"; - version = "1.1.1"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/http-signature/-/http-signature-1.1.1.tgz"; - name = "http-signature-1.1.1.tgz"; - sha1 = "df72e267066cd0ac67fb76adf8e134a8fbcf91bf"; - }; - deps = { - "assert-plus-0.2.0" = self.by-version."assert-plus"."0.2.0"; - "jsprim-1.3.1" = self.by-version."jsprim"."1.3.1"; - "sshpk-1.10.2" = self.by-version."sshpk"."1.10.2"; - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."iconv"."~2.2.1" = - self.by-version."iconv"."2.2.1"; - by-version."iconv"."2.2.1" = self.buildNodePackage { - name = "iconv-2.2.1"; - version = "2.2.1"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/iconv/-/iconv-2.2.1.tgz"; - name = "iconv-2.2.1.tgz"; - sha1 = "39b13fdd98987d26aef26c0a2f2a900911fa4584"; - }; - deps = { - "nan-2.5.1" = self.by-version."nan"."2.5.1"; - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."inherits"."~2.0.1" = - self.by-version."inherits"."2.0.3"; - by-version."inherits"."2.0.3" = self.buildNodePackage { - name = "inherits-2.0.3"; - version = "2.0.3"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz"; - name = "inherits-2.0.3.tgz"; - sha1 = "633c2c83e3da42a502f52466022480f4208261de"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."irc"."*" = - self.by-version."irc"."0.5.2"; - by-version."irc"."0.5.2" = self.buildNodePackage { - name = "irc-0.5.2"; - version = "0.5.2"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/irc/-/irc-0.5.2.tgz"; - name = "irc-0.5.2.tgz"; - sha1 = "3714f4768365a96d0b2f776bc91166beb2464bbc"; - }; - deps = { - "irc-colors-1.3.1" = self.by-version."irc-colors"."1.3.1"; - }; - optionalDependencies = { - "iconv-2.2.1" = self.by-version."iconv"."2.2.1"; - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - "irc" = self.by-version."irc"."0.5.2"; - by-spec."irc-colors"."^1.1.0" = - self.by-version."irc-colors"."1.3.1"; - by-version."irc-colors"."1.3.1" = self.buildNodePackage { - name = "irc-colors-1.3.1"; - version = "1.3.1"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/irc-colors/-/irc-colors-1.3.1.tgz"; - name = "irc-colors-1.3.1.tgz"; - sha1 = "a6fccee5d9ecdc010c2b1cde3fbdff1f7134aff6"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."is-my-json-valid"."^2.12.4" = - self.by-version."is-my-json-valid"."2.15.0"; - by-version."is-my-json-valid"."2.15.0" = self.buildNodePackage { - name = "is-my-json-valid-2.15.0"; - version = "2.15.0"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/is-my-json-valid/-/is-my-json-valid-2.15.0.tgz"; - name = "is-my-json-valid-2.15.0.tgz"; - sha1 = "936edda3ca3c211fd98f3b2d3e08da43f7b2915b"; - }; - deps = { - "generate-function-2.0.0" = self.by-version."generate-function"."2.0.0"; - "generate-object-property-1.2.0" = self.by-version."generate-object-property"."1.2.0"; - "jsonpointer-4.0.1" = self.by-version."jsonpointer"."4.0.1"; - "xtend-4.0.1" = self.by-version."xtend"."4.0.1"; - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."is-property"."^1.0.0" = - self.by-version."is-property"."1.0.2"; - by-version."is-property"."1.0.2" = self.buildNodePackage { - name = "is-property-1.0.2"; - version = "1.0.2"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/is-property/-/is-property-1.0.2.tgz"; - name = "is-property-1.0.2.tgz"; - sha1 = "57fe1c4e48474edd65b09911f26b1cd4095dda84"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."is-typedarray"."~1.0.0" = - self.by-version."is-typedarray"."1.0.0"; - by-version."is-typedarray"."1.0.0" = self.buildNodePackage { - name = "is-typedarray-1.0.0"; - version = "1.0.0"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/is-typedarray/-/is-typedarray-1.0.0.tgz"; - name = "is-typedarray-1.0.0.tgz"; - sha1 = "e479c80858df0c1b11ddda6940f96011fcda4a9a"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."isarray"."~1.0.0" = - self.by-version."isarray"."1.0.0"; - by-version."isarray"."1.0.0" = self.buildNodePackage { - name = "isarray-1.0.0"; - version = "1.0.0"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz"; - name = "isarray-1.0.0.tgz"; - sha1 = "bb935d48582cba168c06834957a54a3e07124f11"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."isstream"."~0.1.2" = - self.by-version."isstream"."0.1.2"; - by-version."isstream"."0.1.2" = self.buildNodePackage { - name = "isstream-0.1.2"; - version = "0.1.2"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/isstream/-/isstream-0.1.2.tgz"; - name = "isstream-0.1.2.tgz"; - sha1 = "47e63f7af55afa6f92e1500e690eb8b8529c099a"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."jodid25519"."^1.0.0" = - self.by-version."jodid25519"."1.0.2"; - by-version."jodid25519"."1.0.2" = self.buildNodePackage { - name = "jodid25519-1.0.2"; - version = "1.0.2"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/jodid25519/-/jodid25519-1.0.2.tgz"; - name = "jodid25519-1.0.2.tgz"; - sha1 = "06d4912255093419477d425633606e0e90782967"; - }; - deps = { - "jsbn-0.1.0" = self.by-version."jsbn"."0.1.0"; - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."jsbn"."~0.1.0" = - self.by-version."jsbn"."0.1.0"; - by-version."jsbn"."0.1.0" = self.buildNodePackage { - name = "jsbn-0.1.0"; - version = "0.1.0"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/jsbn/-/jsbn-0.1.0.tgz"; - name = "jsbn-0.1.0.tgz"; - sha1 = "650987da0dd74f4ebf5a11377a2aa2d273e97dfd"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."json-schema"."0.2.3" = - self.by-version."json-schema"."0.2.3"; - by-version."json-schema"."0.2.3" = self.buildNodePackage { - name = "json-schema-0.2.3"; - version = "0.2.3"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/json-schema/-/json-schema-0.2.3.tgz"; - name = "json-schema-0.2.3.tgz"; - sha1 = "b480c892e59a2f05954ce727bd3f2a4e882f9e13"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."json-stringify-safe"."~5.0.1" = - self.by-version."json-stringify-safe"."5.0.1"; - by-version."json-stringify-safe"."5.0.1" = self.buildNodePackage { - name = "json-stringify-safe-5.0.1"; - version = "5.0.1"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz"; - name = "json-stringify-safe-5.0.1.tgz"; - sha1 = "1296a2d58fd45f19a0f6ce01d65701e2c735b6eb"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."jsonify"."~0.0.0" = - self.by-version."jsonify"."0.0.0"; - by-version."jsonify"."0.0.0" = self.buildNodePackage { - name = "jsonify-0.0.0"; - version = "0.0.0"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/jsonify/-/jsonify-0.0.0.tgz"; - name = "jsonify-0.0.0.tgz"; - sha1 = "2c74b6ee41d93ca51b7b5aaee8f503631d252a73"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."jsonpointer"."^4.0.0" = - self.by-version."jsonpointer"."4.0.1"; - by-version."jsonpointer"."4.0.1" = self.buildNodePackage { - name = "jsonpointer-4.0.1"; - version = "4.0.1"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/jsonpointer/-/jsonpointer-4.0.1.tgz"; - name = "jsonpointer-4.0.1.tgz"; - sha1 = "4fd92cb34e0e9db3c89c8622ecf51f9b978c6cb9"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."jsprim"."^1.2.2" = - self.by-version."jsprim"."1.3.1"; - by-version."jsprim"."1.3.1" = self.buildNodePackage { - name = "jsprim-1.3.1"; - version = "1.3.1"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/jsprim/-/jsprim-1.3.1.tgz"; - name = "jsprim-1.3.1.tgz"; - sha1 = "2a7256f70412a29ee3670aaca625994c4dcff252"; - }; - deps = { - "extsprintf-1.0.2" = self.by-version."extsprintf"."1.0.2"; - "json-schema-0.2.3" = self.by-version."json-schema"."0.2.3"; - "verror-1.3.6" = self.by-version."verror"."1.3.6"; - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."lodash.assign"."^4.2.0" = - self.by-version."lodash.assign"."4.2.0"; - by-version."lodash.assign"."4.2.0" = self.buildNodePackage { - name = "lodash.assign-4.2.0"; - version = "4.2.0"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/lodash.assign/-/lodash.assign-4.2.0.tgz"; - name = "lodash.assign-4.2.0.tgz"; - sha1 = "0d99f3ccd7a6d261d19bdaeb9245005d285808e7"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."lodash.get"."^4.4.2" = - self.by-version."lodash.get"."4.4.2"; - by-version."lodash.get"."4.4.2" = self.buildNodePackage { - name = "lodash.get-4.4.2"; - version = "4.4.2"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz"; - name = "lodash.get-4.4.2.tgz"; - sha1 = "2d177f652fa31e939b4438d5341499dfa3825e99"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."lodash.has"."^4.5.2" = - self.by-version."lodash.has"."4.5.2"; - by-version."lodash.has"."4.5.2" = self.buildNodePackage { - name = "lodash.has-4.5.2"; - version = "4.5.2"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/lodash.has/-/lodash.has-4.5.2.tgz"; - name = "lodash.has-4.5.2.tgz"; - sha1 = "d19f4dc1095058cccbe2b0cdf4ee0fe4aa37c862"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."lodash.uniq"."^4.5.0" = - self.by-version."lodash.uniq"."4.5.0"; - by-version."lodash.uniq"."4.5.0" = self.buildNodePackage { - name = "lodash.uniq-4.5.0"; - version = "4.5.0"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/lodash.uniq/-/lodash.uniq-4.5.0.tgz"; - name = "lodash.uniq-4.5.0.tgz"; - sha1 = "d0225373aeb652adc1bc82e4945339a842754773"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."mime-db"."~1.26.0" = - self.by-version."mime-db"."1.26.0"; - by-version."mime-db"."1.26.0" = self.buildNodePackage { - name = "mime-db-1.26.0"; - version = "1.26.0"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/mime-db/-/mime-db-1.26.0.tgz"; - name = "mime-db-1.26.0.tgz"; - sha1 = "eaffcd0e4fc6935cf8134da246e2e6c35305adff"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."mime-types"."^2.1.12" = - self.by-version."mime-types"."2.1.14"; - by-version."mime-types"."2.1.14" = self.buildNodePackage { - name = "mime-types-2.1.14"; - version = "2.1.14"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/mime-types/-/mime-types-2.1.14.tgz"; - name = "mime-types-2.1.14.tgz"; - sha1 = "f7ef7d97583fcaf3b7d282b6f8b5679dab1e94ee"; - }; - deps = { - "mime-db-1.26.0" = self.by-version."mime-db"."1.26.0"; - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."mime-types"."~2.1.7" = - self.by-version."mime-types"."2.1.14"; - by-spec."nan"."^2.3.3" = - self.by-version."nan"."2.5.1"; - by-version."nan"."2.5.1" = self.buildNodePackage { - name = "nan-2.5.1"; - version = "2.5.1"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/nan/-/nan-2.5.1.tgz"; - name = "nan-2.5.1.tgz"; - sha1 = "d5b01691253326a97a2bbee9e61c55d8d60351e2"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."nan"."^2.3.5" = - self.by-version."nan"."2.5.1"; - by-spec."oauth-sign"."~0.8.1" = - self.by-version."oauth-sign"."0.8.2"; - by-version."oauth-sign"."0.8.2" = self.buildNodePackage { - name = "oauth-sign-0.8.2"; - version = "0.8.2"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.8.2.tgz"; - name = "oauth-sign-0.8.2.tgz"; - sha1 = "46a6ab7f0aead8deae9ec0565780b7d4efeb9d43"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."pinkie"."^2.0.0" = - self.by-version."pinkie"."2.0.4"; - by-version."pinkie"."2.0.4" = self.buildNodePackage { - name = "pinkie-2.0.4"; - version = "2.0.4"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/pinkie/-/pinkie-2.0.4.tgz"; - name = "pinkie-2.0.4.tgz"; - sha1 = "72556b80cfa0d48a974e80e77248e80ed4f7f870"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."pinkie-promise"."^2.0.0" = - self.by-version."pinkie-promise"."2.0.1"; - by-version."pinkie-promise"."2.0.1" = self.buildNodePackage { - name = "pinkie-promise-2.0.1"; - version = "2.0.1"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/pinkie-promise/-/pinkie-promise-2.0.1.tgz"; - name = "pinkie-promise-2.0.1.tgz"; - sha1 = "2135d6dfa7a358c069ac9b178776288228450ffa"; - }; - deps = { - "pinkie-2.0.4" = self.by-version."pinkie"."2.0.4"; - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."process-nextick-args"."~1.0.6" = - self.by-version."process-nextick-args"."1.0.7"; - by-version."process-nextick-args"."1.0.7" = self.buildNodePackage { - name = "process-nextick-args-1.0.7"; - version = "1.0.7"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-1.0.7.tgz"; - name = "process-nextick-args-1.0.7.tgz"; - sha1 = "150e20b756590ad3f91093f25a4f2ad8bff30ba3"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."punycode"."^1.4.1" = - self.by-version."punycode"."1.4.1"; - by-version."punycode"."1.4.1" = self.buildNodePackage { - name = "punycode-1.4.1"; - version = "1.4.1"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/punycode/-/punycode-1.4.1.tgz"; - name = "punycode-1.4.1.tgz"; - sha1 = "c0d5a63b2718800ad8e1eb0fa5269c84dd41845e"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."qs"."~6.3.0" = - self.by-version."qs"."6.3.0"; - by-version."qs"."6.3.0" = self.buildNodePackage { - name = "qs-6.3.0"; - version = "6.3.0"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/qs/-/qs-6.3.0.tgz"; - name = "qs-6.3.0.tgz"; - sha1 = "f403b264f23bc01228c74131b407f18d5ea5d442"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."readable-stream"."^2.2.2" = - self.by-version."readable-stream"."2.2.2"; - by-version."readable-stream"."2.2.2" = self.buildNodePackage { - name = "readable-stream-2.2.2"; - version = "2.2.2"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/readable-stream/-/readable-stream-2.2.2.tgz"; - name = "readable-stream-2.2.2.tgz"; - sha1 = "a9e6fec3c7dda85f8bb1b3ba7028604556fc825e"; - }; - deps = { - "buffer-shims-1.0.0" = self.by-version."buffer-shims"."1.0.0"; - "core-util-is-1.0.2" = self.by-version."core-util-is"."1.0.2"; - "isarray-1.0.0" = self.by-version."isarray"."1.0.0"; - "inherits-2.0.3" = self.by-version."inherits"."2.0.3"; - "process-nextick-args-1.0.7" = self.by-version."process-nextick-args"."1.0.7"; - "string_decoder-0.10.31" = self.by-version."string_decoder"."0.10.31"; - "util-deprecate-1.0.2" = self.by-version."util-deprecate"."1.0.2"; - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."request"."*" = - self.by-version."request"."2.79.0"; - by-version."request"."2.79.0" = self.buildNodePackage { - name = "request-2.79.0"; - version = "2.79.0"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/request/-/request-2.79.0.tgz"; - name = "request-2.79.0.tgz"; - sha1 = "4dfe5bf6be8b8cdc37fcf93e04b65577722710de"; - }; - deps = { - "aws-sign2-0.6.0" = self.by-version."aws-sign2"."0.6.0"; - "aws4-1.5.0" = self.by-version."aws4"."1.5.0"; - "caseless-0.11.0" = self.by-version."caseless"."0.11.0"; - "combined-stream-1.0.5" = self.by-version."combined-stream"."1.0.5"; - "extend-3.0.0" = self.by-version."extend"."3.0.0"; - "forever-agent-0.6.1" = self.by-version."forever-agent"."0.6.1"; - "form-data-2.1.2" = self.by-version."form-data"."2.1.2"; - "har-validator-2.0.6" = self.by-version."har-validator"."2.0.6"; - "hawk-3.1.3" = self.by-version."hawk"."3.1.3"; - "http-signature-1.1.1" = self.by-version."http-signature"."1.1.1"; - "is-typedarray-1.0.0" = self.by-version."is-typedarray"."1.0.0"; - "isstream-0.1.2" = self.by-version."isstream"."0.1.2"; - "json-stringify-safe-5.0.1" = self.by-version."json-stringify-safe"."5.0.1"; - "mime-types-2.1.14" = self.by-version."mime-types"."2.1.14"; - "oauth-sign-0.8.2" = self.by-version."oauth-sign"."0.8.2"; - "qs-6.3.0" = self.by-version."qs"."6.3.0"; - "stringstream-0.0.5" = self.by-version."stringstream"."0.0.5"; - "tough-cookie-2.3.2" = self.by-version."tough-cookie"."2.3.2"; - "tunnel-agent-0.4.3" = self.by-version."tunnel-agent"."0.4.3"; - "uuid-3.0.1" = self.by-version."uuid"."3.0.1"; - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - "request" = self.by-version."request"."2.79.0"; - by-spec."sax"."^1.2.1" = - self.by-version."sax"."1.2.1"; - by-version."sax"."1.2.1" = self.buildNodePackage { - name = "sax-1.2.1"; - version = "1.2.1"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/sax/-/sax-1.2.1.tgz"; - name = "sax-1.2.1.tgz"; - sha1 = "7b8e656190b228e81a66aea748480d828cd2d37a"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."shell-quote"."*" = - self.by-version."shell-quote"."1.6.1"; - by-version."shell-quote"."1.6.1" = self.buildNodePackage { - name = "shell-quote-1.6.1"; - version = "1.6.1"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/shell-quote/-/shell-quote-1.6.1.tgz"; - name = "shell-quote-1.6.1.tgz"; - sha1 = "f4781949cce402697127430ea3b3c5476f481767"; - }; - deps = { - "jsonify-0.0.0" = self.by-version."jsonify"."0.0.0"; - "array-filter-0.0.1" = self.by-version."array-filter"."0.0.1"; - "array-reduce-0.0.0" = self.by-version."array-reduce"."0.0.0"; - "array-map-0.0.0" = self.by-version."array-map"."0.0.0"; - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - "shell-quote" = self.by-version."shell-quote"."1.6.1"; - by-spec."sntp"."1.x.x" = - self.by-version."sntp"."1.0.9"; - by-version."sntp"."1.0.9" = self.buildNodePackage { - name = "sntp-1.0.9"; - version = "1.0.9"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/sntp/-/sntp-1.0.9.tgz"; - name = "sntp-1.0.9.tgz"; - sha1 = "6541184cc90aeea6c6e7b35e2659082443c66198"; - }; - deps = { - "hoek-2.16.3" = self.by-version."hoek"."2.16.3"; - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."sshpk"."^1.7.0" = - self.by-version."sshpk"."1.10.2"; - by-version."sshpk"."1.10.2" = self.buildNodePackage { - name = "sshpk-1.10.2"; - version = "1.10.2"; - bin = true; - src = fetchurl { - url = "https://registry.npmjs.org/sshpk/-/sshpk-1.10.2.tgz"; - name = "sshpk-1.10.2.tgz"; - sha1 = "d5a804ce22695515638e798dbe23273de070a5fa"; - }; - deps = { - "asn1-0.2.3" = self.by-version."asn1"."0.2.3"; - "assert-plus-1.0.0" = self.by-version."assert-plus"."1.0.0"; - "dashdash-1.14.1" = self.by-version."dashdash"."1.14.1"; - "getpass-0.1.6" = self.by-version."getpass"."0.1.6"; - }; - optionalDependencies = { - "jsbn-0.1.0" = self.by-version."jsbn"."0.1.0"; - "tweetnacl-0.14.5" = self.by-version."tweetnacl"."0.14.5"; - "jodid25519-1.0.2" = self.by-version."jodid25519"."1.0.2"; - "ecc-jsbn-0.1.1" = self.by-version."ecc-jsbn"."0.1.1"; - "bcrypt-pbkdf-1.0.1" = self.by-version."bcrypt-pbkdf"."1.0.1"; - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."string_decoder"."~0.10.x" = - self.by-version."string_decoder"."0.10.31"; - by-version."string_decoder"."0.10.31" = self.buildNodePackage { - name = "string_decoder-0.10.31"; - version = "0.10.31"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz"; - name = "string_decoder-0.10.31.tgz"; - sha1 = "62e203bc41766c6c28c9fc84301dab1c5310fa94"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."stringstream"."~0.0.4" = - self.by-version."stringstream"."0.0.5"; - by-version."stringstream"."0.0.5" = self.buildNodePackage { - name = "stringstream-0.0.5"; - version = "0.0.5"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/stringstream/-/stringstream-0.0.5.tgz"; - name = "stringstream-0.0.5.tgz"; - sha1 = "4e484cd4de5a0bbbee18e46307710a8a81621878"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."strip-ansi"."^3.0.0" = - self.by-version."strip-ansi"."3.0.1"; - by-version."strip-ansi"."3.0.1" = self.buildNodePackage { - name = "strip-ansi-3.0.1"; - version = "3.0.1"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz"; - name = "strip-ansi-3.0.1.tgz"; - sha1 = "6a385fb8853d952d5ff05d0e8aaf94278dc63dcf"; - }; - deps = { - "ansi-regex-2.1.1" = self.by-version."ansi-regex"."2.1.1"; - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."supports-color"."^2.0.0" = - self.by-version."supports-color"."2.0.0"; - by-version."supports-color"."2.0.0" = self.buildNodePackage { - name = "supports-color-2.0.0"; - version = "2.0.0"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz"; - name = "supports-color-2.0.0.tgz"; - sha1 = "535d045ce6b6363fa40117084629995e9df324c7"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."tough-cookie"."~2.3.0" = - self.by-version."tough-cookie"."2.3.2"; - by-version."tough-cookie"."2.3.2" = self.buildNodePackage { - name = "tough-cookie-2.3.2"; - version = "2.3.2"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.3.2.tgz"; - name = "tough-cookie-2.3.2.tgz"; - sha1 = "f081f76e4c85720e6c37a5faced737150d84072a"; - }; - deps = { - "punycode-1.4.1" = self.by-version."punycode"."1.4.1"; - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."tunnel-agent"."~0.4.1" = - self.by-version."tunnel-agent"."0.4.3"; - by-version."tunnel-agent"."0.4.3" = self.buildNodePackage { - name = "tunnel-agent-0.4.3"; - version = "0.4.3"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.4.3.tgz"; - name = "tunnel-agent-0.4.3.tgz"; - sha1 = "6373db76909fe570e08d73583365ed828a74eeeb"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."tweetnacl"."^0.14.3" = - self.by-version."tweetnacl"."0.14.5"; - by-version."tweetnacl"."0.14.5" = self.buildNodePackage { - name = "tweetnacl-0.14.5"; - version = "0.14.5"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/tweetnacl/-/tweetnacl-0.14.5.tgz"; - name = "tweetnacl-0.14.5.tgz"; - sha1 = "5ae68177f192d4456269d108afa93ff8743f4f64"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."tweetnacl"."~0.14.0" = - self.by-version."tweetnacl"."0.14.5"; - by-spec."util-deprecate"."~1.0.1" = - self.by-version."util-deprecate"."1.0.2"; - by-version."util-deprecate"."1.0.2" = self.buildNodePackage { - name = "util-deprecate-1.0.2"; - version = "1.0.2"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz"; - name = "util-deprecate-1.0.2.tgz"; - sha1 = "450d4dc9fa70de732762fbd2d4a28981419a0ccf"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."uuid"."^3.0.0" = - self.by-version."uuid"."3.0.1"; - by-version."uuid"."3.0.1" = self.buildNodePackage { - name = "uuid-3.0.1"; - version = "3.0.1"; - bin = true; - src = fetchurl { - url = "https://registry.npmjs.org/uuid/-/uuid-3.0.1.tgz"; - name = "uuid-3.0.1.tgz"; - sha1 = "6544bba2dfda8c1cf17e629a3a305e2bb1fee6c1"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."verror"."1.3.6" = - self.by-version."verror"."1.3.6"; - by-version."verror"."1.3.6" = self.buildNodePackage { - name = "verror-1.3.6"; - version = "1.3.6"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/verror/-/verror-1.3.6.tgz"; - name = "verror-1.3.6.tgz"; - sha1 = "cff5df12946d297d2baaefaa2689e25be01c005c"; - }; - deps = { - "extsprintf-1.0.2" = self.by-version."extsprintf"."1.0.2"; - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; - by-spec."xtend"."^4.0.0" = - self.by-version."xtend"."4.0.1"; - by-version."xtend"."4.0.1" = self.buildNodePackage { - name = "xtend-4.0.1"; - version = "4.0.1"; - bin = false; - src = fetchurl { - url = "https://registry.npmjs.org/xtend/-/xtend-4.0.1.tgz"; - name = "xtend-4.0.1.tgz"; - sha1 = "a5c6d532be656e23db820efb943a1f04998d63af"; - }; - deps = { - }; - optionalDependencies = { - }; - peerDependencies = []; - os = [ ]; - cpu = [ ]; - }; -} diff --git a/krebs/5pkgs/simple/newsbot-js/pkgs.json b/krebs/5pkgs/simple/newsbot-js/pkgs.json new file mode 100644 index 000000000..95b60854d --- /dev/null +++ b/krebs/5pkgs/simple/newsbot-js/pkgs.json @@ -0,0 +1,7 @@ +[ + "feedparser", + "form-data", + "irc", + "request", + "shell-quote" +] diff --git a/krebs/5pkgs/simple/newsbot-js/update.sh b/krebs/5pkgs/simple/newsbot-js/update.sh new file mode 100755 index 000000000..0c1ecc58c --- /dev/null +++ b/krebs/5pkgs/simple/newsbot-js/update.sh @@ -0,0 +1,2 @@ +node2nix -8 -i pkgs.json -c combine.nix +rm node-env.nix combine.nix From 8ff594c92fb404e13f240d19a76d34e0d1db6a29 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Apr 2018 17:34:17 +0200 Subject: [PATCH 102/183] hashPassword: passthrough arguments --- krebs/5pkgs/simple/hashPassword/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/simple/hashPassword/default.nix b/krebs/5pkgs/simple/hashPassword/default.nix index 3da65ad79..3c604be80 100644 --- a/krebs/5pkgs/simple/hashPassword/default.nix +++ b/krebs/5pkgs/simple/hashPassword/default.nix @@ -1,7 +1,7 @@ { lib, pkgs, ... }: pkgs.writeDashBin "hashPassword" '' - # usage: hashPassword + # usage: hashPassword [...] set -euf export PATH=${lib.makeBinPath (with pkgs; [ @@ -11,5 +11,5 @@ pkgs.writeDashBin "hashPassword" '' ])} salt=$(openssl rand -base64 16 | tr -d '+=' | head -c 16) - exec mkpasswd -m sha-512 -S "$salt" + exec mkpasswd -m sha-512 -S "$salt" "$@" '' From f07930259080716fd8e325aae457d4bfaaecb99b Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Apr 2018 17:35:25 +0200 Subject: [PATCH 103/183] l browsers: add cx- command for copy & paste --- lass/2configs/browsers.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 91ee08bfd..3030d8faf 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -26,7 +26,12 @@ let lass.xjail.${name} = { inherit script groups dpi; }; - environment.systemPackages = [ config.lass.xjail-bins.${name} ]; + environment.systemPackages = [ + config.lass.xjail-bins.${name} + (pkgs.writeDashBin "cx-${name}" '' + DISPLAY=:${toString (genid_signed name)} ${pkgs.xclip}/bin/xclip -o | DISPLAY=:0 ${pkgs.xclip}/bin/xclip + '') + ]; lass.browser.paths.${name} = { path = config.lass.xjail-bins.${name}; inherit precedence; From 19895a67ff9b9fd7d2511dede24ccf84061b9904 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Apr 2018 17:36:19 +0200 Subject: [PATCH 104/183] l network-manager: don't manager docker & virtualbox --- lass/2configs/network-manager.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lass/2configs/network-manager.nix b/lass/2configs/network-manager.nix index c4f757de1..5b890b591 100644 --- a/lass/2configs/network-manager.nix +++ b/lass/2configs/network-manager.nix @@ -14,7 +14,13 @@ RestartSec = "5"; }; }; - networking.networkmanager.enable = true; + networking.networkmanager = { + enable = true; + unmanaged = [ + "docker*" + "vboxnet*" + ]; + }; users.users.mainUser = { extraGroups = [ "networkmanager" ]; packages = with pkgs; [ From f316bb1f31d481dcad90a8b4f4cda0c27208cca4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Apr 2018 17:36:57 +0200 Subject: [PATCH 105/183] l reaktor-coders: use correct ping path --- lass/2configs/reaktor-coders.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix index 2541df3a6..5fa1611ae 100644 --- a/lass/2configs/reaktor-coders.nix +++ b/lass/2configs/reaktor-coders.nix @@ -84,7 +84,7 @@ with import ; (buildSimpleReaktorPlugin "ping" { pattern = "^!ping (?P.*)$$"; script = pkgs.writeDash "ping" '' - exec /var/setuid-wrappers/ping -q -c1 "$1" 2>&1 | tail -1 + exec /run/wrappers/bin/ping -q -c1 "$1" 2>&1 | tail -1 ''; }) ]; From 2e5d4ac778aa3a9f2eeea31369a9147a4bafd73e Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Apr 2018 17:38:31 +0200 Subject: [PATCH 106/183] l repo-sync: sync staging branches --- lass/2configs/repo-sync.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index 98dbdc227..ad44c67e1 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -61,6 +61,21 @@ let origin.url = "http://cgit.lassul.us/${name}"; mirror.url = "${mirror}${name}"; }; + makefu-staging = { + origin.url = "http://cgit.gum/${name}"; + origin.ref = "heads/staging"; + mirror.url = "${mirror}${name}"; + }; + tv-staging = { + origin.url = "http://cgit.ni.r/${name}"; + origin.ref = "heads/staging"; + mirror.url = "${mirror}${name}"; + }; + nin-staging = { + origin.url = "http://cgit.onondaga.r/${name}"; + origin.ref = "heads/staging"; + mirror.url = "${mirror}${name}"; + }; }; latest = { url = "${mirror}${name}"; From 833cec6deb24d1600131bbef97427d328bd9b106 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Apr 2018 17:39:20 +0200 Subject: [PATCH 107/183] l xmonad: add insert command --- lass/5pkgs/custom/xmonad-lass/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index e658897da..18cb25b5b 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -147,6 +147,10 @@ myKeyMap = export PATH=$PATH:${pkgs.dmenu}/bin:${pkgs.networkmanagerapplet}/bin exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@" ''}") + , ("M4-", spawn "${pkgs.writeDash "paste" '' + ${pkgs.coreutils}/bin/sleep 0.1 + ${pkgs.xclip}/bin/xclip -o | ${pkgs.xdotool}/bin/xdotool type -f - + ''}") , ("M4-", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 1") , ("M4-", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 10") From 8f6976f36525fb77e58438981822721e1bc17450 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Apr 2018 17:39:58 +0200 Subject: [PATCH 108/183] l: remove deprecated rtl8814au --- lass/5pkgs/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index 28482eb91..fd6a555d4 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -31,7 +31,6 @@ in { fi ${self.coreutils}/bin/rm $tmp ''; - rtl8814au = callPackage ./custom/rtl8814au { kernel = self.linux; }; } // mapAttrs (_: flip callPackage {}) From 665ea5674e0d99f51379d24829436773b9dc2769 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Apr 2018 17:44:34 +0200 Subject: [PATCH 109/183] l: add generate-secrets --- lass/1systems/mors/config.nix | 1 + lass/5pkgs/generate-secrets/default.nix | 46 +++++++++++++++++++++++++ 2 files changed, 47 insertions(+) create mode 100644 lass/5pkgs/generate-secrets/default.nix diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index f77bc64c2..8e805baf0 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -140,6 +140,7 @@ with import ; dpass dnsutils + generate-secrets ]; #TODO: fix this shit diff --git a/lass/5pkgs/generate-secrets/default.nix b/lass/5pkgs/generate-secrets/default.nix new file mode 100644 index 000000000..5a4afe7c5 --- /dev/null +++ b/lass/5pkgs/generate-secrets/default.nix @@ -0,0 +1,46 @@ +{ pkgs }: +pkgs.writeDashBin "generate-secrets" '' + HOSTNAME="$1" + TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) + PASSWORD=$(${pkgs.pwgen}/bin/pwgen 25 1) + HASHED_PASSWORD=$(echo $PASSWORD | ${pkgs.hashPassword}/bin/hashPassword -s) > /dev/null + + ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null + ${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null + ${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null + cat < $TMPDIR/hashedPasswords.nix + { + root = "$HASHED_PASSWORD"; + mainUser = "$HASHED_PASSWORD"; + } + EOF + + cd $TMPDIR + for x in *; do + ${pkgs.coreutils}/bin/cat $x | ${pkgs.pass}/bin/pass insert -m hosts/$HOSTNAME/$x > /dev/null + done + echo $PASSWORD | ${pkgs.pass}/bin/pass insert -m admin/hosts/$HOSTNAME/pass > /dev/null + + cat <; + ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)"; + }; + EOF + + rm -rf $TMPDIR +'' + From 1dd03483619d00d1afc6a278ded0cca6cff2d9ed Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Apr 2018 19:31:39 +0200 Subject: [PATCH 110/183] add minimal working kops for stockholm --- krebs/kops.nix | 64 +++++++++++++++++++++++++++++++++++ lass/1systems/mors/config.nix | 8 +---- lass/kops.nix | 35 +++++++++++++++++++ 3 files changed, 100 insertions(+), 7 deletions(-) create mode 100644 krebs/kops.nix create mode 100644 lass/kops.nix diff --git a/krebs/kops.nix b/krebs/kops.nix new file mode 100644 index 000000000..9774b5cab --- /dev/null +++ b/krebs/kops.nix @@ -0,0 +1,64 @@ +{ name }: rec { + + kops = (import {}).fetchgit { + url = https://cgit.krebsco.de/kops/; + rev = "e89cf20d4310070a877c2e24a287659546b561c9"; + sha256 = "0wg8d80sxa46z4i7ir79sci2hwmv3qskzqdg0si64p6vazy8vckb"; + }; + + lib = import "${kops}/lib"; + + # TODO document why pkgs should be used like this + pkgs = import "${kops}/pkgs" {}; + + krebs-source = { + nixpkgs.git = { + ref = "09bca91e3b5a18d7f37f7632175ac71f2bf369ff"; + url = https://github.com/NixOS/nixpkgs; + }; + stockholm.file = toString ~/stockholm; + stockholm-version.pipe = toString (pkgs.writeDash "${name}-version" '' + set -efu + cd $HOME/stockholm + V=$(${pkgs.coreutils}/bin/date +%y.%m) + if test -d .git; then + V=$V.git.$(${pkgs.git}/bin/git describe --always --dirty) + case $V in (*-dirty) + V=$V@''${HOSTNAME-$(${pkgs.nettools}/bin/hostname)} + esac + fi + printf %s "$V" + ''); + }; + + source ={ test }: lib.evalSource [ + krebs-source + { + nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix"; + secrets = + if test + then { + file = toString ; + } + else { + pass = { + dir = "${lib.getEnv "HOME"}/brain"; + name = "krebs-secrets/${name}"; + }; + } + ; + } + ]; + + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) + deploy = pkgs.kops.writeDeploy "${name}-deploy" { + source = source { test = false; }; + target = "root@${name}/var/src"; + }; + + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test) + test = pkgs.kops.writeTest "${name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "HOME"}/tmp/${name}-kops-test-src"; + }; +} diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 8e805baf0..cd259d0fe 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -168,14 +168,8 @@ with import ; environment.shellAliases = { deploy = pkgs.writeDash "deploy" '' set -eu - export PATH=${makeBinPath [ - pkgs.bash - pkgs.coreutils - pkgs.nixUnstable - ]} - cd ~/stockholm export SYSTEM="$1" - exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"' + $(nix-build $HOME/stockholm/lass/kops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) ''; }; diff --git a/lass/kops.nix b/lass/kops.nix new file mode 100644 index 000000000..9d0ab911a --- /dev/null +++ b/lass/kops.nix @@ -0,0 +1,35 @@ +{ name }: let + inherit (import ../krebs/kops.nix { inherit name; }) + krebs-source + lib + pkgs + ; + + source = { test }: lib.evalSource [ + krebs-source + { + nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; + secrets = if test then { + file = "/home/lass/stockholm/lass/2configs/tests/dummy-secrets"; + } else { + pass = { + dir = "${lib.getEnv "HOME"}/.password-store"; + name = "hosts/${name}"; + }; + }; + } + ]; + +in { + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) + deploy = pkgs.kops.writeDeploy "${name}-deploy" { + source = source { test = false; }; + target = "root@${name}/var/src"; + }; + + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test) + test = pkgs.kops.writeTest "${name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "HOME"}/tmp/${name}-kops-test-src"; + }; +} From 63be8108168d7868534fe154f68038de426132bc Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 6 Apr 2018 11:07:04 +0200 Subject: [PATCH 111/183] nixpkgs: 09bca91 -> 4b4bbce --- krebs/kops.nix | 2 +- krebs/source.nix | 5 +---- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/krebs/kops.nix b/krebs/kops.nix index 9774b5cab..caf437b67 100644 --- a/krebs/kops.nix +++ b/krebs/kops.nix @@ -13,7 +13,7 @@ krebs-source = { nixpkgs.git = { - ref = "09bca91e3b5a18d7f37f7632175ac71f2bf369ff"; + ref = "4b4bbce199d3b3a8001ee93495604289b01aaad3"; url = https://github.com/NixOS/nixpkgs; }; stockholm.file = toString ~/stockholm; diff --git a/krebs/source.nix b/krebs/source.nix index 1f83d29f7..3ee12b37f 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -22,10 +22,7 @@ in }; stockholm.file = toString ; stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; - nixpkgs.git = { - url = https://github.com/NixOS/nixpkgs; - ref = "09bca91e3b5a18d7f37f7632175ac71f2bf369ff"; # nixos-18.03 # 2018-04-02 - }; + nixpkgs = (import ./kops.nix { name = ""; }).krebs-source.nixpkgs; } override ] From e68aaca801130125a507fc3345472ab30f2d0f05 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 6 Apr 2018 12:08:29 +0200 Subject: [PATCH 112/183] kops.nix: use relative path to stockholm --- krebs/kops.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/kops.nix b/krebs/kops.nix index caf437b67..f544b93d2 100644 --- a/krebs/kops.nix +++ b/krebs/kops.nix @@ -16,7 +16,7 @@ ref = "4b4bbce199d3b3a8001ee93495604289b01aaad3"; url = https://github.com/NixOS/nixpkgs; }; - stockholm.file = toString ~/stockholm; + stockholm.file = toString ../.; stockholm-version.pipe = toString (pkgs.writeDash "${name}-version" '' set -efu cd $HOME/stockholm From 5b8c4d24e274bbf26e85420fc11b5bf7e24ac22d Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 6 Apr 2018 15:57:20 +0200 Subject: [PATCH 113/183] RIP zandronum --- krebs/5pkgs/simple/zandronum-bin/default.nix | 83 -------------------- lass/2configs/games.nix | 4 +- nin/2configs/games.nix | 4 +- 3 files changed, 4 insertions(+), 87 deletions(-) delete mode 100644 krebs/5pkgs/simple/zandronum-bin/default.nix diff --git a/krebs/5pkgs/simple/zandronum-bin/default.nix b/krebs/5pkgs/simple/zandronum-bin/default.nix deleted file mode 100644 index e97f46add..000000000 --- a/krebs/5pkgs/simple/zandronum-bin/default.nix +++ /dev/null @@ -1,83 +0,0 @@ -{ stdenv -, atk -, bzip2 -, cairo -, fetchurl -, fluidsynth -, fontconfig -, freetype -, gdk_pixbuf -, glib -, gtk2 -, libjpeg_turbo -, mesa_glu -, mesa_noglu -, openssl -, pango -, SDL -, zlib -, makeWrapper -}: - -stdenv.mkDerivation rec { - name = "zandronum-3.0"; - - src = fetchurl { - url = "http://zandronum.com/downloads/testing/3.0/ZandroDev3.0-170205-2117linux-x86_64.tar.bz2"; - sha256 = "17vrzk0m5b17sp3sqcg57r7812ma97lp3qxn9hmd39fwl1z40fz3"; - }; - - libPath = stdenv.lib.makeLibraryPath [ - atk - bzip2 - cairo - fluidsynth - fontconfig - freetype - gdk_pixbuf - glib - gtk2 - libjpeg_turbo - mesa_glu - mesa_noglu - openssl - pango - SDL - stdenv.cc.cc - zlib - ]; - - nativeBuildInputs = [ makeWrapper ]; - - phases = [ "unpackPhase" "installPhase" ]; - - sourceRoot = "."; - - installPhase = '' - mkdir -p $out/bin - mkdir -p $out/share/zandronum - cp *.so *.pk3 zandronum zandronum-server $out/share/zandronum - - patchelf \ - --set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) \ - --set-rpath $libPath:$out/share/zandronum \ - $out/share/zandronum/zandronum - patchelf \ - --set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) \ - --set-rpath $libPath \ - $out/share/zandronum/zandronum-server - - # If we don't set absolute argv0, zandronum.wad file is not found. - makeWrapper $out/share/zandronum/zandronum $out/bin/zandronum - makeWrapper $out/share/zandronum/zandronum-server $out/bin/zandronum-server - ''; - - meta = { - homepage = http://zandronum.com/; - description = "Multiplayer oriented port, based off Skulltag, for Doom and Doom II by id Software. Binary version for online play"; - maintainers = [ stdenv.lib.maintainers.lassulus ]; - # Binary version has different version string than source code version. - license = stdenv.lib.licenses.unfreeRedistributable; - platforms = [ "x86_64-linux" ]; - }; -} diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 50362cda4..3ee3a98a5 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -3,7 +3,7 @@ let mainUser = config.users.extraUsers.mainUser; vdoom = pkgs.writeDash "vdoom" '' - ${pkgs.zandronum-bin}/bin/zandronum \ + ${pkgs.zandronum}/bin/zandronum \ -fov 120 \ "$@" ''; @@ -50,7 +50,7 @@ let vdoomserver = pkgs.writeDashBin "vdoomserver" '' DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${pkgs.zandronum-bin}/bin/zandronum-server \ + ${pkgs.zandronum}/bin/zandronum-server \ +exec ${doomservercfg} \ "$@" ''; diff --git a/nin/2configs/games.nix b/nin/2configs/games.nix index a7edae078..15e17238d 100644 --- a/nin/2configs/games.nix +++ b/nin/2configs/games.nix @@ -3,7 +3,7 @@ let mainUser = config.users.extraUsers.mainUser; vdoom = pkgs.writeDash "vdoom" '' - ${pkgs.zandronum-bin}/bin/zandronum \ + ${pkgs.zandronum}/bin/zandronum \ -fov 120 \ "$@" ''; @@ -50,7 +50,7 @@ let vdoomserver = pkgs.writeDashBin "vdoomserver" '' DOOM_DIR=''${DOOM_DIR:-~/doom/} - ${pkgs.zandronum-bin}/bin/zandronum-server \ + ${pkgs.zandronum}/bin/zandronum-server \ +exec ${doomservercfg} \ "$@" ''; From 81b001e825e08007b8751d128b6388a50208ed7c Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 10 Apr 2018 13:25:51 +0200 Subject: [PATCH 114/183] tv pass: init at 1.7.1 Import from nixpkgs 09bca91e3b5a18d7f37f7632175ac71f2bf369ff. --- tv/5pkgs/simple/pass/default.nix | 111 ++++++++++++++++++ tv/5pkgs/simple/pass/no-darwin-getopt.patch | 9 ++ tv/5pkgs/simple/pass/rofi-pass.nix | 57 +++++++++ .../set-correct-program-name-for-sleep.patch | 69 +++++++++++ 4 files changed, 246 insertions(+) create mode 100644 tv/5pkgs/simple/pass/default.nix create mode 100644 tv/5pkgs/simple/pass/no-darwin-getopt.patch create mode 100644 tv/5pkgs/simple/pass/rofi-pass.nix create mode 100644 tv/5pkgs/simple/pass/set-correct-program-name-for-sleep.patch diff --git a/tv/5pkgs/simple/pass/default.nix b/tv/5pkgs/simple/pass/default.nix new file mode 100644 index 000000000..ad2afa8ed --- /dev/null +++ b/tv/5pkgs/simple/pass/default.nix @@ -0,0 +1,111 @@ +{ stdenv, lib, fetchurl, fetchFromGitHub +, coreutils, gnused, getopt, git, tree, gnupg, which, procps, qrencode +, makeWrapper + +, xclip ? null, xdotool ? null, dmenu ? null +, x11Support ? !stdenv.isDarwin +, tombPluginSupport ? false, tomb +}: + +with lib; + +assert x11Support -> xclip != null + && xdotool != null + && dmenu != null; + +let + plugins = map (p: (fetchFromGitHub { + owner = "roddhjav"; + repo = "pass-${p.name}"; + inherit (p) rev sha256; + })) + ([ + { name = "import"; + rev = "491935bd275f29ceac2b876b3a288011d1ce31e7"; + sha256 = "02mbh05ab8h7kc30hz718d1d1vkjz43b96c7p0xnd92610d2q66q"; } + { name = "update"; + rev = "cf576c9036fd18efb9ed29e0e9f811207b556fde"; + sha256 = "1hhbrg6a2walrvla6q4cd3pgrqbcrf9brzjkb748735shxfn52hd"; } + ] ++ stdenv.lib.optional tombPluginSupport { + name = "tomb"; + rev = "3368134898a42c1b758fabac625ec240e125c6be"; + sha256 = "0qqmxfg4w3r088qhlkhs44036mya82vjflsjjhw2hk8y0wd2i6ds"; } + ); + +in stdenv.mkDerivation rec { + version = "1.7.1"; + name = "password-store-${version}"; + + src = fetchurl { + url = "http://git.zx2c4.com/password-store/snapshot/${name}.tar.xz"; + sha256 = "0scqkpll2q8jhzcgcsh9kqz0gwdpvynivqjmmbzax2irjfaiklpn"; + }; + + patches = [ ./set-correct-program-name-for-sleep.patch + ] ++ stdenv.lib.optional stdenv.isDarwin ./no-darwin-getopt.patch; + + nativeBuildInputs = [ makeWrapper ]; + + installFlags = [ "PREFIX=$(out)" "WITH_ALLCOMP=yes" ]; + + postInstall = '' + # plugins + ${stdenv.lib.concatStringsSep "\n" (map (plugin: '' + pushd ${plugin} + PREFIX=$out make install + popd + '') plugins)} + + # Install Emacs Mode. NOTE: We can't install the necessary + # dependencies (s.el and f.el) here. The user has to do this + # himself. + mkdir -p "$out/share/emacs/site-lisp" + cp "contrib/emacs/password-store.el" "$out/share/emacs/site-lisp/" + '' + optionalString x11Support '' + cp "contrib/dmenu/passmenu" "$out/bin/" + ''; + + wrapperPath = with stdenv.lib; makeBinPath ([ + coreutils + getopt + git + gnupg + gnused + tree + which + qrencode + ] ++ optional tombPluginSupport tomb + ++ optional stdenv.isLinux procps + ++ ifEnable x11Support [ dmenu xclip xdotool ]); + + postFixup = '' + # Fix program name in --help + substituteInPlace $out/bin/pass \ + --replace 'PROGRAM="''${0##*/}"' "PROGRAM=pass" + + # Ensure all dependencies are in PATH + wrapProgram $out/bin/pass \ + --prefix PATH : "${wrapperPath}" + '' + stdenv.lib.optionalString x11Support '' + # We just wrap passmenu with the same PATH as pass. It doesn't + # need all the tools in there but it doesn't hurt either. + wrapProgram $out/bin/passmenu \ + --prefix PATH : "$out/bin:${wrapperPath}" + ''; + + meta = with stdenv.lib; { + description = "Stores, retrieves, generates, and synchronizes passwords securely"; + homepage = https://www.passwordstore.org/; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ lovek323 the-kenny fpletz ]; + platforms = platforms.unix; + + longDescription = '' + pass is a very simple password store that keeps passwords inside gpg2 + encrypted files inside a simple directory tree residing at + ~/.password-store. The pass utility provides a series of commands for + manipulating the password store, allowing the user to add, remove, edit, + synchronize, generate, and manipulate passwords. + ''; + }; +} diff --git a/tv/5pkgs/simple/pass/no-darwin-getopt.patch b/tv/5pkgs/simple/pass/no-darwin-getopt.patch new file mode 100644 index 000000000..e8f7e138f --- /dev/null +++ b/tv/5pkgs/simple/pass/no-darwin-getopt.patch @@ -0,0 +1,9 @@ +diff -Naur password-store-1.6.5-orig/src/platform/darwin.sh password-store-1.6.5/src/platform/darwin.sh +--- password-store-1.6.5-orig/src/platform/darwin.sh 2015-01-28 16:43:02.000000000 +0000 ++++ password-store-1.6.5/src/platform/darwin.sh 2015-02-15 16:09:02.000000000 +0000 +@@ -31,5 +31,4 @@ + mount -t hfs -o noatime -o nobrowse "$DARWIN_RAMDISK_DEV" "$SECURE_TMPDIR" || die "Error: could not mount filesystem on ramdisk." + } + +-GETOPT="$(brew --prefix gnu-getopt 2>/dev/null || { which port &>/dev/null && echo /opt/local; } || echo /usr/local)/bin/getopt" + SHRED="srm -f -z" diff --git a/tv/5pkgs/simple/pass/rofi-pass.nix b/tv/5pkgs/simple/pass/rofi-pass.nix new file mode 100644 index 000000000..61f51973e --- /dev/null +++ b/tv/5pkgs/simple/pass/rofi-pass.nix @@ -0,0 +1,57 @@ +{ stdenv, fetchFromGitHub, pass, rofi, coreutils, utillinux, xdotool, gnugrep +, libnotify, pwgen, findutils, gawk, gnused, xclip, makeWrapper +}: + +stdenv.mkDerivation rec { + name = "rofi-pass-${version}"; + version = "1.5.3"; + + src = fetchFromGitHub { + owner = "carnager"; + repo = "rofi-pass"; + rev = version; + sha256 = "1fn1j2rf3abc5qb44zfc8z8ffw6rva4xfp7597hwr1g3szacazpq"; + }; + + buildInputs = [ makeWrapper ]; + + dontBuild = true; + + installPhase = '' + mkdir -p $out/bin + cp -a rofi-pass $out/bin/rofi-pass + + mkdir -p $out/share/doc/rofi-pass/ + cp -a config.example $out/share/doc/rofi-pass/config.example + ''; + + wrapperPath = with stdenv.lib; makeBinPath [ + coreutils + findutils + gawk + gnugrep + gnused + libnotify + pass + pwgen + rofi + utillinux + xclip + xdotool + ]; + + fixupPhase = '' + patchShebangs $out/bin + + wrapProgram $out/bin/rofi-pass \ + --prefix PATH : "${wrapperPath}" + ''; + + meta = { + description = "A script to make rofi work with password-store"; + homepage = https://github.com/carnager/rofi-pass; + maintainers = with stdenv.lib.maintainers; [ the-kenny garbas ]; + license = stdenv.lib.licenses.gpl3; + platforms = with stdenv.lib.platforms; linux; + }; +} diff --git a/tv/5pkgs/simple/pass/set-correct-program-name-for-sleep.patch b/tv/5pkgs/simple/pass/set-correct-program-name-for-sleep.patch new file mode 100644 index 000000000..782e06e20 --- /dev/null +++ b/tv/5pkgs/simple/pass/set-correct-program-name-for-sleep.patch @@ -0,0 +1,69 @@ +From 25b44e00ed5df8ffe2782d38ad5cd9f514379599 Mon Sep 17 00:00:00 2001 +From: "Andrew R. M" +Date: Sat, 8 Apr 2017 13:50:01 -0400 +Subject: [PATCH] Patch the clip() function to work even when using + single-binary coreutils + +--- + src/password-store.sh | 4 ++-- + src/platform/cygwin.sh | 4 ++-- + src/platform/darwin.sh | 4 ++-- + 3 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/password-store.sh b/src/password-store.sh +index 6a4172d..4dbd6b8 100755 +--- a/src/password-store.sh ++++ b/src/password-store.sh +@@ -155,11 +155,11 @@ clip() { + # variable. Specifically, it cannot store nulls nor (non-trivally) store + # trailing new lines. + local sleep_argv0="password store sleep on display $DISPLAY" +- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5 ++ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5 + local before="$(xclip -o -selection "$X_SELECTION" 2>/dev/null | base64)" + echo -n "$1" | xclip -selection "$X_SELECTION" || die "Error: Could not copy data to the clipboard" + ( +- ( exec -a "$sleep_argv0" bash <<<"trap 'kill %1' TERM; sleep '$CLIP_TIME' & wait" ) ++ ( exec -a "$sleep_argv0" bash <(echo trap 'kill %1' TERM\; sleep "$CLIP_TIME & wait") ) + local now="$(xclip -o -selection "$X_SELECTION" | base64)" + [[ $now != $(echo -n "$1" | base64) ]] && before="$now" + +diff --git a/src/platform/cygwin.sh b/src/platform/cygwin.sh +index 6e5dd86..f3574c4 100644 +--- a/src/platform/cygwin.sh ++++ b/src/platform/cygwin.sh +@@ -3,11 +3,11 @@ + + clip() { + local sleep_argv0="password store sleep on display $DISPLAY" +- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5 ++ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5 + local before="$(base64 < /dev/clipboard)" + echo -n "$1" > /dev/clipboard + ( +- ( exec -a "$sleep_argv0" sleep "$CLIP_TIME" ) ++ ( exec -a "$sleep_argv0" bash <(echo sleep "$CLIP_TIME") ) + local now="$(base64 < /dev/clipboard)" + [[ $now != $(echo -n "$1" | base64) ]] && before="$now" + echo "$before" | base64 -d > /dev/clipboard +diff --git a/src/platform/darwin.sh b/src/platform/darwin.sh +index 86eb325..deb04c4 100644 +--- a/src/platform/darwin.sh ++++ b/src/platform/darwin.sh +@@ -3,11 +3,11 @@ + + clip() { + local sleep_argv0="password store sleep for user $(id -u)" +- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5 ++ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5 + local before="$(pbpaste | openssl base64)" + echo -n "$1" | pbcopy + ( +- ( exec -a "$sleep_argv0" sleep "$CLIP_TIME" ) ++ ( exec -a "$sleep_argv0" bash <(echo sleep "$CLIP_TIME") ) + local now="$(pbpaste | openssl base64)" + [[ $now != $(echo -n "$1" | openssl base64) ]] && before="$now" + echo "$before" | openssl base64 -d | pbcopy +-- +2.12.2 + From 5bf85816d3c8b0e37a6f6a6ff2eaafc059b5199c Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 10 Apr 2018 13:26:50 +0200 Subject: [PATCH 115/183] tv pass-otp: init at 1.1.0 Import from nixpkgs 09bca91e3b5a18d7f37f7632175ac71f2bf369ff. --- tv/5pkgs/simple/pass-otp/default.nix | 30 ++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 tv/5pkgs/simple/pass-otp/default.nix diff --git a/tv/5pkgs/simple/pass-otp/default.nix b/tv/5pkgs/simple/pass-otp/default.nix new file mode 100644 index 000000000..7f0f44bdf --- /dev/null +++ b/tv/5pkgs/simple/pass-otp/default.nix @@ -0,0 +1,30 @@ +{ stdenv, pass, fetchFromGitHub, oathToolkit }: +stdenv.mkDerivation rec { + name = "pass-otp-${version}"; + version = "1.1.0"; + + src = fetchFromGitHub { + owner = "tadfisher"; + repo = "pass-otp"; + rev = "v${version}"; + sha256 = "1cgj4zc8fq88n3h6c0vkv9i5al785mdprpgpbv5m22dz9p1wqvbb"; + }; + + buildInputs = [ pass oathToolkit ]; + + patchPhase = '' + sed -i -e 's|OATH=\$(which oathtool)|OATH=${oathToolkit}/bin/oathtool|' otp.bash + ''; + + installPhase = '' + make PREFIX=$out install + ''; + + meta = with stdenv.lib; { + description = "A pass extension for managing one-time-password (OTP) tokens"; + homepage = https://github.com/tadfisher/pass-otp; + license = licenses.gpl3; + maintainers = with maintainers; [ jwiegley tadfisher ]; + platforms = platforms.unix; + }; +} From a426bfd1bda89cc1af901f6196a323d7be4e4865 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 10 Apr 2018 13:27:34 +0200 Subject: [PATCH 116/183] tv: make pass and pass-otp work together pass's name argument has been modified to work with tv/5pkgs/simple/default.nix's callPackage. --- tv/5pkgs/simple/pass-otp/default.nix | 4 ++-- tv/5pkgs/simple/pass/default.nix | 12 +++++++++++- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/tv/5pkgs/simple/pass-otp/default.nix b/tv/5pkgs/simple/pass-otp/default.nix index 7f0f44bdf..33411180a 100644 --- a/tv/5pkgs/simple/pass-otp/default.nix +++ b/tv/5pkgs/simple/pass-otp/default.nix @@ -1,4 +1,4 @@ -{ stdenv, pass, fetchFromGitHub, oathToolkit }: +{ stdenv, fetchFromGitHub, oathToolkit }: stdenv.mkDerivation rec { name = "pass-otp-${version}"; version = "1.1.0"; @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { sha256 = "1cgj4zc8fq88n3h6c0vkv9i5al785mdprpgpbv5m22dz9p1wqvbb"; }; - buildInputs = [ pass oathToolkit ]; + buildInputs = [ oathToolkit ]; patchPhase = '' sed -i -e 's|OATH=\$(which oathtool)|OATH=${oathToolkit}/bin/oathtool|' otp.bash diff --git a/tv/5pkgs/simple/pass/default.nix b/tv/5pkgs/simple/pass/default.nix index ad2afa8ed..3b6928087 100644 --- a/tv/5pkgs/simple/pass/default.nix +++ b/tv/5pkgs/simple/pass/default.nix @@ -2,6 +2,8 @@ , coreutils, gnused, getopt, git, tree, gnupg, which, procps, qrencode , makeWrapper +, pass-otp + , xclip ? null, xdotool ? null, dmenu ? null , x11Support ? !stdenv.isDarwin , tombPluginSupport ? false, tomb @@ -34,7 +36,7 @@ let in stdenv.mkDerivation rec { version = "1.7.1"; - name = "password-store-${version}"; + name = "pass-${version}"; src = fetchurl { url = "http://git.zx2c4.com/password-store/snapshot/${name}.tar.xz"; @@ -56,6 +58,14 @@ in stdenv.mkDerivation rec { popd '') plugins)} + ln -s \ + ${pass-otp}/lib/password-store/extensions/otp.bash \ + $out/lib/password-store/extensions/ + + ln -s \ + ${pass-otp}/share/man/man1/pass-otp.1.gz \ + $out/share/man/man1/ + # Install Emacs Mode. NOTE: We can't install the necessary # dependencies (s.el and f.el) here. The user has to do this # himself. From 3f9cbbc8d1f5420ef276633f087e63f700c386e7 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 10 Apr 2018 18:15:02 +0200 Subject: [PATCH 117/183] j brauerei: +rust, +exercism, *minor cosmetics --- jeschli/1systems/brauerei/config.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index 1203720a5..b0bd74789 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -57,7 +57,6 @@ terminator tmux wget - # rxvt_unicode # editors emacs # internet @@ -65,6 +64,7 @@ chromium google-chrome # programming languages + exercism go gcc ghc @@ -73,6 +73,9 @@ # go tools golint gotools + # rust + cargo + rustc # dev tools gnumake jetbrains.pycharm-professional From 68ceb8df1318a87f0b121eda5a2a29eab360d578 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 10 Apr 2018 22:06:03 +0200 Subject: [PATCH 118/183] pass{,-otp}: init from tv --- {tv => krebs}/5pkgs/simple/pass-otp/default.nix | 0 {tv => krebs}/5pkgs/simple/pass/default.nix | 0 {tv => krebs}/5pkgs/simple/pass/no-darwin-getopt.patch | 0 {tv => krebs}/5pkgs/simple/pass/rofi-pass.nix | 0 .../5pkgs/simple/pass/set-correct-program-name-for-sleep.patch | 0 5 files changed, 0 insertions(+), 0 deletions(-) rename {tv => krebs}/5pkgs/simple/pass-otp/default.nix (100%) rename {tv => krebs}/5pkgs/simple/pass/default.nix (100%) rename {tv => krebs}/5pkgs/simple/pass/no-darwin-getopt.patch (100%) rename {tv => krebs}/5pkgs/simple/pass/rofi-pass.nix (100%) rename {tv => krebs}/5pkgs/simple/pass/set-correct-program-name-for-sleep.patch (100%) diff --git a/tv/5pkgs/simple/pass-otp/default.nix b/krebs/5pkgs/simple/pass-otp/default.nix similarity index 100% rename from tv/5pkgs/simple/pass-otp/default.nix rename to krebs/5pkgs/simple/pass-otp/default.nix diff --git a/tv/5pkgs/simple/pass/default.nix b/krebs/5pkgs/simple/pass/default.nix similarity index 100% rename from tv/5pkgs/simple/pass/default.nix rename to krebs/5pkgs/simple/pass/default.nix diff --git a/tv/5pkgs/simple/pass/no-darwin-getopt.patch b/krebs/5pkgs/simple/pass/no-darwin-getopt.patch similarity index 100% rename from tv/5pkgs/simple/pass/no-darwin-getopt.patch rename to krebs/5pkgs/simple/pass/no-darwin-getopt.patch diff --git a/tv/5pkgs/simple/pass/rofi-pass.nix b/krebs/5pkgs/simple/pass/rofi-pass.nix similarity index 100% rename from tv/5pkgs/simple/pass/rofi-pass.nix rename to krebs/5pkgs/simple/pass/rofi-pass.nix diff --git a/tv/5pkgs/simple/pass/set-correct-program-name-for-sleep.patch b/krebs/5pkgs/simple/pass/set-correct-program-name-for-sleep.patch similarity index 100% rename from tv/5pkgs/simple/pass/set-correct-program-name-for-sleep.patch rename to krebs/5pkgs/simple/pass/set-correct-program-name-for-sleep.patch From bbef96b98913884cb09597943d1b1a42e589cd5c Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 17 Apr 2018 18:42:47 +0200 Subject: [PATCH 119/183] j brauerei: +hardware.trackpoint configuration --- jeschli/1systems/brauerei/config.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index b0bd74789..eace35dad 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -142,4 +142,11 @@ # should. system.stateVersion = "17.09"; # Did you read the comment? + hardware.trackpoint = { + enable = true; + sensitivity = 220; + speed = 0; + emulateWheel = true; + }; + } From a3b0361fd29ab5e8b972ddb29af15a2e249ca3d4 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 17 Apr 2018 18:43:09 +0200 Subject: [PATCH 120/183] emacs file sorting --- jeschli/2configs/emacs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix index 2286baae3..4c52432d3 100644 --- a/jeschli/2configs/emacs.nix +++ b/jeschli/2configs/emacs.nix @@ -53,9 +53,9 @@ let ''; dotEmacs = pkgs.writeText "dot-emacs" '' ${packageRepos} - ${windowCosmetics} ${orgMode} ${recentFiles} + ${windowCosmetics} ''; emacsWithCustomPackages = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: [ epkgs.melpaStablePackages.magit From 554026a7796e59fcbc82fa44c11636e56a25a9f2 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 17 Apr 2018 20:17:29 +0200 Subject: [PATCH 121/183] font-size: init from tv --- {tv => krebs}/5pkgs/simple/font-size.nix | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {tv => krebs}/5pkgs/simple/font-size.nix (100%) diff --git a/tv/5pkgs/simple/font-size.nix b/krebs/5pkgs/simple/font-size.nix similarity index 100% rename from tv/5pkgs/simple/font-size.nix rename to krebs/5pkgs/simple/font-size.nix From 511b45543ad8a0a135425c71108c6907180444d5 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 17 Apr 2018 20:20:09 +0200 Subject: [PATCH 122/183] j brauerei: first step for tv xmonad --- jeschli/1systems/brauerei/config.nix | 17 +++++++++-------- jeschli/default.nix | 6 +++--- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index eace35dad..bd86f43dd 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -6,6 +6,7 @@ ./hardware-configuration.nix + ]; krebs.build.host = config.krebs.hosts.brauerei; @@ -108,8 +109,8 @@ # services.printing.enable = true; # Enable the X11 windowing system. - services.xserver.enable = true; - services.xserver.layout = "us"; + # services.xserver.enable = true; + # services.xserver.layout = "us"; # services.xserver.xkbOptions = "eurosign:e"; # Enable touchpad support. @@ -118,18 +119,18 @@ # Enable the KDE Desktop Environment. # services.xserver.displayManager.sddm.enable = true; # services.xserver.desktopManager.plasma5.enable = true; - services.xserver.displayManager.sddm.enable = true; - services.xserver.windowManager.xmonad.enable = true; - services.xserver.windowManager.xmonad.enableContribAndExtras = true; -# + # services.xserver.displayManager.sddm.enable = true; + # services.xserver.windowManager.xmonad.enable = true; + # services.xserver.windowManager.xmonad.enableContribAndExtras = true; + # # Define a user account. Don't forget to set a password with ‘passwd’. - users.extraUsers.jeschli = { + users.extraUsers.jeschli = { # TODO: define as krebs.users isNormalUser = true; uid = 1000; }; users.extraUsers.jamie = { isNormalUser = true; - uid = 1001; + uid = 1001; # TODO genid }; users.users.root.openssh.authorizedKeys.keys = [ diff --git a/jeschli/default.nix b/jeschli/default.nix index 7886fef49..b57932719 100644 --- a/jeschli/default.nix +++ b/jeschli/default.nix @@ -1,9 +1,9 @@ -_: +{ pkgs, ... }: { imports = [ ../krebs ./2configs -# ./3modules -# ./5pkgs ]; + + nixpkgs.config.packageOverrides = import ./5pkgs pkgs; } From f9fff51f9979982b12a3b8022651912ccaf25347 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 18 Apr 2018 08:20:21 +0200 Subject: [PATCH 123/183] pssh: RIP --- krebs/5pkgs/simple/pssh/default.nix | 36 ----------------------------- 1 file changed, 36 deletions(-) delete mode 100644 krebs/5pkgs/simple/pssh/default.nix diff --git a/krebs/5pkgs/simple/pssh/default.nix b/krebs/5pkgs/simple/pssh/default.nix deleted file mode 100644 index 2676af0cf..000000000 --- a/krebs/5pkgs/simple/pssh/default.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ writeDashBin }: - -writeDashBin "pssh" '' - set -efu - case ''${1-} in - - # TODO create plog with -o json | jq ... | map date - - # usage: pssh {-j,--journal} host... - # Follow journal at each host. - -j|--journal) - shift - "$0" journalctl -n0 -ocat --follow --all ::: "$@" \ - | while read line; do - printf '%s %s\n' "$(date --rfc-3339=s)" "$line" - done - ;; - - -*) - echo $0: unknown option: $1 >&2 - exit 1 - ;; - - # usage: pssh command [arg...] ::: host... - # Run command at each host. - *) - exec parallel \ - --line-buffer \ - -j0 \ - --no-notice \ - --tagstring {} \ - ssh -T {} "$@" - ;; - - esac -'' From 3871554d1935bcdc5d8ed6b82c847bee03a6d6bf Mon Sep 17 00:00:00 2001 From: jeschli Date: Wed, 18 Apr 2018 08:20:48 +0200 Subject: [PATCH 124/183] j: xserver, xdg from tv; updated brauerei --- jeschli/1systems/brauerei/config.nix | 1 + jeschli/2configs/xdg.nix | 14 +++ jeschli/2configs/xserver/Xmodmap.nix | 27 +++++ jeschli/2configs/xserver/Xresources.nix | 52 ++++++++ jeschli/2configs/xserver/default.nix | 141 ++++++++++++++++++++++ jeschli/2configs/xserver/xserver.conf.nix | 40 ++++++ 6 files changed, 275 insertions(+) create mode 100644 jeschli/2configs/xdg.nix create mode 100644 jeschli/2configs/xserver/Xmodmap.nix create mode 100644 jeschli/2configs/xserver/Xresources.nix create mode 100644 jeschli/2configs/xserver/default.nix create mode 100644 jeschli/2configs/xserver/xserver.conf.nix diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index bd86f43dd..49f439a06 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -6,6 +6,7 @@ ./hardware-configuration.nix + ]; diff --git a/jeschli/2configs/xdg.nix b/jeschli/2configs/xdg.nix new file mode 100644 index 000000000..18bac9b38 --- /dev/null +++ b/jeschli/2configs/xdg.nix @@ -0,0 +1,14 @@ +{ config, lib, pkgs, ... }: + +with import ; + +{ + environment.variables.XDG_RUNTIME_DIR = "/run/xdg/$LOGNAME"; + + systemd.tmpfiles.rules = let + forUsers = flip map users; + isUser = { name, group, ... }: + name == "root" || hasSuffix "users" group; + users = filter isUser (mapAttrsToList (_: id) config.users.users); + in forUsers (u: "d /run/xdg/${u.name} 0700 ${u.name} ${u.group} -"); +} diff --git a/jeschli/2configs/xserver/Xmodmap.nix b/jeschli/2configs/xserver/Xmodmap.nix new file mode 100644 index 000000000..d2b1b2604 --- /dev/null +++ b/jeschli/2configs/xserver/Xmodmap.nix @@ -0,0 +1,27 @@ +{ config, pkgs, ... }: + +with import ; + +pkgs.writeText "Xmodmap" '' + !keycode 66 = Caps_Lock + !remove Lock = Caps_Lock + clear Lock + + ! caps lock + keycode 66 = Mode_switch + + keycode 13 = 4 dollar EuroSign cent + keycode 30 = u U udiaeresis Udiaeresis + keycode 32 = o O odiaeresis Odiaeresis + keycode 38 = a A adiaeresis Adiaeresis + keycode 39 = s S ssharp + + keycode 33 = p P Greek_pi Greek_PI + keycode 46 = l L Greek_lambda Greek_LAMBDA + + keycode 54 = c C cacute Cacute + + ! BULLET OPERATOR + keycode 17 = 8 asterisk U2219 + keycode 27 = r R r U211D +'' diff --git a/jeschli/2configs/xserver/Xresources.nix b/jeschli/2configs/xserver/Xresources.nix new file mode 100644 index 000000000..e433a855e --- /dev/null +++ b/jeschli/2configs/xserver/Xresources.nix @@ -0,0 +1,52 @@ +{ config, lib, pkgs, ... }: + +with import ; + +pkgs.writeText "Xresources" /* xdefaults */ '' + URxvt*cutchars: "\\`\"'&()*,;<=>?@[]^{|}‘’" + URxvt*eightBitInput: false + URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1 + URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1 + URxvt*scrollBar: false + URxvt*background: #050505 + URxvt*foreground: #d0d7d0 + URxvt*cursorColor: #f042b0 + URxvt*cursorColor2: #f0b000 + URxvt*cursorBlink: off + URxvt*jumpScroll: true + URxvt*allowSendEvents: false + URxvt*charClass: 33:48,37:48,45-47:48,64:48,38:48,61:48,63:48 + URxvt*cutNewline: False + URxvt*cutToBeginningOfLine: False + + URxvt*color0: #232342 + URxvt*color3: #c07000 + URxvt*color4: #4040c0 + URxvt*color7: #c0c0c0 + URxvt*color8: #707070 + URxvt*color9: #ff6060 + URxvt*color10: #70ff70 + URxvt*color11: #ffff70 + URxvt*color12: #7070ff + URxvt*color13: #ff50ff + URxvt*color14: #70ffff + URxvt*color15: #ffffff + + URxvt*iso14755: False + + URxvt*urgentOnBell: True + URxvt*visualBell: True + + ! ref https://github.com/muennich/urxvt-perls + URxvt*perl-ext: default,url-select + URxvt*keysym.M-u: perl:url-select:select_next + URxvt*url-select.underline: true + URxvt*colorUL: #4682B4 + URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl + URxvt*saveLines: 10000 + + root-urxvt*background: #230000 + root-urxvt*foreground: #e0c0c0 + root-urxvt*BorderColor: #400000 + root-urxvt*color0: #800000 +'' diff --git a/jeschli/2configs/xserver/default.nix b/jeschli/2configs/xserver/default.nix new file mode 100644 index 000000000..df06000f3 --- /dev/null +++ b/jeschli/2configs/xserver/default.nix @@ -0,0 +1,141 @@ +{ config, pkgs, ... }@args: +with import ; +let + cfg = { + cacheDir = cfg.dataDir; + configDir = "/var/empty"; + dataDir = "/run/xdg/${cfg.user.name}/xmonad"; + user = config.krebs.users.jeschli; + }; +in { + + environment.systemPackages = [ + pkgs.font-size + pkgs.gitAndTools.qgit + pkgs.mpv + pkgs.sxiv + pkgs.xdotool + pkgs.xsel + pkgs.zathura + ]; + + fonts.fonts = [ + pkgs.xlibs.fontschumachermisc + ]; + + # TODO dedicated group, i.e. with a single user [per-user-setuid] + # TODO krebs.setuid.slock.path vs /run/wrappers/bin + krebs.setuid.slock = { + filename = "${pkgs.slock}/bin/slock"; + group = "wheel"; + envp = { + DISPLAY = ":${toString config.services.xserver.display}"; + USER = cfg.user.name; + }; + }; + + services.xserver = { + + # Don't install feh into systemPackages + # refs + desktopManager.session = mkForce []; + + enable = true; + display = 11; + tty = 11; + + synaptics = { + enable = true; + twoFingerScroll = true; + accelFactor = "0.035"; + }; + }; + + systemd.services.display-manager.enable = false; + + systemd.services.xmonad = { + wantedBy = [ "multi-user.target" ]; + requires = [ "xserver.service" ]; + environment = { + DISPLAY = ":${toString config.services.xserver.display}"; + + XMONAD_CACHE_DIR = cfg.cacheDir; + XMONAD_CONFIG_DIR = cfg.configDir; + XMONAD_DATA_DIR = cfg.dataDir; + + XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" '' + ${pkgs.xorg.xhost}/bin/xhost +LOCAL: & + ${pkgs.xorg.xmodmap}/bin/xmodmap ${import ./Xmodmap.nix args} & + ${pkgs.xorg.xrdb}/bin/xrdb ${import ./Xresources.nix args} & + ${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' & + wait + ''; + + # XXX JSON is close enough :) + XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [ + "dashboard" # we start here + "stockholm" + "pycharm" + "chromium" + "iRC" + "git" + "hipbird" + ]); + }; + serviceConfig = { + SyslogIdentifier = "xmonad"; + ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${toString [ + "\${XMONAD_CACHE_DIR}" + "\${XMONAD_CONFIG_DIR}" + "\${XMONAD_DATA_DIR}" + ]}"; + ExecStart = "${pkgs.xmonad-jeschli}/bin/xmonad"; + ExecStop = "${pkgs.xmonad-jeschli}/bin/xmonad --shutdown"; + User = cfg.user.name; + WorkingDirectory = cfg.user.home; + }; + }; + + systemd.services.xserver = { + after = [ + "systemd-udev-settle.service" + "local-fs.target" + "acpid.service" + ]; + reloadIfChanged = true; + environment = { + XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension. + XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime. + LD_LIBRARY_PATH = concatStringsSep ":" ( + [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ] + ++ concatLists (catAttrs "libPath" config.services.xserver.drivers)); + }; + serviceConfig = { + SyslogIdentifier = "xserver"; + ExecReload = "${pkgs.coreutils}/bin/echo NOP"; + ExecStart = toString [ + "${pkgs.xorg.xorgserver}/bin/X" + ":${toString config.services.xserver.display}" + "vt${toString config.services.xserver.tty}" + "-config ${import ./xserver.conf.nix args}" + "-logfile /dev/null -logverbose 0 -verbose 3" + "-nolisten tcp" + "-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb" + ]; + }; + }; + + systemd.services.urxvtd = { + wantedBy = [ "multi-user.target" ]; + reloadIfChanged = true; + serviceConfig = { + SyslogIdentifier = "urxvtd"; + ExecReload = "${pkgs.coreutils}/bin/echo NOP"; + ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd"; + Restart = "always"; + RestartSec = "2s"; + StartLimitBurst = 0; + User = cfg.user.name; + }; + }; +} diff --git a/jeschli/2configs/xserver/xserver.conf.nix b/jeschli/2configs/xserver/xserver.conf.nix new file mode 100644 index 000000000..6f34e0150 --- /dev/null +++ b/jeschli/2configs/xserver/xserver.conf.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: + +with import ; + +let + cfg = config.services.xserver; +in + +pkgs.stdenv.mkDerivation { + name = "xserver.conf"; + + xfs = optionalString (cfg.useXFS != false) + ''FontPath "${toString cfg.useXFS}"''; + + inherit (cfg) config; + + buildCommand = + '' + echo 'Section "Files"' >> $out + echo $xfs >> $out + + for i in ${toString config.fonts.fonts}; do + if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then + for j in $(find $i -name fonts.dir); do + echo " FontPath \"$(dirname $j)\"" >> $out + done + fi + done + + for i in $(find ${toString cfg.modules} -type d); do + if test $(echo $i/*.so* | wc -w) -ne 0; then + echo " ModulePath \"$i\"" >> $out + fi + done + + echo 'EndSection' >> $out + + echo "$config" >> $out + ''; +} From 105879da15cf7e3bf9cbc67029a3a2ecf50d616c Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 18 Apr 2018 08:21:17 +0200 Subject: [PATCH 125/183] urlwatch: use upstream --- krebs/5pkgs/simple/urlwatch/default.nix | 29 ------------------------- 1 file changed, 29 deletions(-) delete mode 100644 krebs/5pkgs/simple/urlwatch/default.nix diff --git a/krebs/5pkgs/simple/urlwatch/default.nix b/krebs/5pkgs/simple/urlwatch/default.nix deleted file mode 100644 index 64f3ad1ac..000000000 --- a/krebs/5pkgs/simple/urlwatch/default.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ stdenv, fetchFromGitHub, python3Packages }: - -python3Packages.buildPythonApplication rec { - name = "urlwatch-${version}"; - version = "2.8"; - - src = fetchFromGitHub { - owner = "thp"; - repo = "urlwatch"; - rev = version; - sha256 = "1nja7n6pc45azd3l1xyvav89855lvcgwabrvf34rps81dbl8cnl4"; - }; - - propagatedBuildInputs = with python3Packages; [ - appdirs - keyring - minidb - pycodestyle - pyyaml - requests - ]; - - meta = with stdenv.lib; { - description = "A tool for monitoring webpages for updates"; - homepage = https://thp.io/2008/urlwatch/; - license = licenses.bsd3; - maintainers = with maintainers; [ tv ]; - }; -} From 0fe9b28302c905523f2ecefadfd167e1547785f9 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 18 Apr 2018 08:23:38 +0200 Subject: [PATCH 126/183] ucspi-tcp: use upstream --- krebs/5pkgs/simple/ucspi-tcp/chmod.patch | 15 ----- krebs/5pkgs/simple/ucspi-tcp/default.nix | 86 ------------------------ 2 files changed, 101 deletions(-) delete mode 100644 krebs/5pkgs/simple/ucspi-tcp/chmod.patch delete mode 100644 krebs/5pkgs/simple/ucspi-tcp/default.nix diff --git a/krebs/5pkgs/simple/ucspi-tcp/chmod.patch b/krebs/5pkgs/simple/ucspi-tcp/chmod.patch deleted file mode 100644 index dd6933208..000000000 --- a/krebs/5pkgs/simple/ucspi-tcp/chmod.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/hier.c b/hier.c -index 5663ada..1d73b84 100644 ---- a/hier.c -+++ b/hier.c -@@ -2,8 +2,8 @@ - - void hier() - { -- h(auto_home,-1,-1,02755); -- d(auto_home,"bin",-1,-1,02755); -+ h(auto_home,-1,-1,0755); -+ d(auto_home,"bin",-1,-1,0755); - - c(auto_home,"bin","tcpserver",-1,-1,0755); - c(auto_home,"bin","tcprules",-1,-1,0755); diff --git a/krebs/5pkgs/simple/ucspi-tcp/default.nix b/krebs/5pkgs/simple/ucspi-tcp/default.nix deleted file mode 100644 index 3b043be06..000000000 --- a/krebs/5pkgs/simple/ucspi-tcp/default.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ stdenv, fetchurl }: - -stdenv.mkDerivation rec { - name = "ucspi-tcp-0.88"; - - src = fetchurl { - url = "http://cr.yp.to/ucspi-tcp/${name}.tar.gz"; - sha256 = "171yl9kfm8w7l17dfxild99mbf877a9k5zg8yysgb1j8nz51a1ja"; - }; - - # Plain upstream tarball doesn't build, get patches from Debian - patches = [ - (fetchurl { - url = "http://ftp.de.debian.org/debian/pool/main/u/ucspi-tcp/ucspi-tcp_0.88-3.diff.gz"; - sha256 = "0mzmhz8hjkrs0khmkzs5i0s1kgmgaqz07h493bd5jj5fm5njxln6"; - }) - ./chmod.patch - ]; - - # Apply Debian patches - postPatch = '' - for fname in debian/diff/*.diff; do - echo "Applying patch $fname" - patch < "$fname" - done - ''; - - # The build system is weird; 'make install' doesn't install anything, instead - # it builds an executable called ./install (from C code) which installs - # binaries to the directory given on line 1 in ./conf-home. - # - # Also, assume getgroups and setgroups work, instead of doing a build time - # test that breaks on NixOS (I think because nixbld users lack CAP_SETGID - # capability). - preBuild = '' - echo "$out" > conf-home - - echo "main() { return 0; }" > chkshsgr.c - ''; - - installPhase = '' - mkdir -p "$out/bin" - mkdir -p "$out/share/man/man1" - - # run the newly built installer - ./install - - # Install Debian man pages (upstream has none) - cp debian/ucspi-tcp-man/*.1 "$out/share/man/man1" - ''; - - meta = with stdenv.lib; { - description = "Command-line tools for building TCP client-server applications"; - longDescription = '' - tcpserver waits for incoming connections and, for each connection, runs a - program of your choice. Your program receives environment variables - showing the local and remote host names, IP addresses, and port numbers. - - tcpserver offers a concurrency limit to protect you from running out of - processes and memory. When you are handling 40 (by default) simultaneous - connections, tcpserver smoothly defers acceptance of new connections. - - tcpserver also provides TCP access control features, similar to - tcp-wrappers/tcpd's hosts.allow but much faster. Its access control rules - are compiled into a hashed format with cdb, so it can easily deal with - thousands of different hosts. - - This package includes a recordio tool that monitors all the input and - output of a server. - - tcpclient makes a TCP connection and runs a program of your choice. It - sets up the same environment variables as tcpserver. - - This package includes several sample clients built on top of tcpclient: - who@, date@, finger@, http@, tcpcat, and mconnect. - - tcpserver and tcpclient conform to UCSPI, the UNIX Client-Server Program - Interface, using the TCP protocol. UCSPI tools are available for several - different networks. - ''; - homepage = http://cr.yp.to/ucspi-tcp.html; - license = licenses.publicDomain; - platforms = platforms.linux; - maintainers = [ maintainers.bjornfor ]; - }; -} From b5d1c2f5e6ab4a44f81366e1b9de0b366d8aa871 Mon Sep 17 00:00:00 2001 From: jeschli Date: Wed, 18 Apr 2018 08:42:03 +0200 Subject: [PATCH 127/183] j 5pkgs: add missing tvs xmonad files --- jeschli/5pkgs/default.nix | 11 + jeschli/5pkgs/simple/default.nix | 24 ++ .../5pkgs/simple/xmonad-jeschli/default.nix | 294 ++++++++++++++++++ 3 files changed, 329 insertions(+) create mode 100644 jeschli/5pkgs/default.nix create mode 100644 jeschli/5pkgs/simple/default.nix create mode 100644 jeschli/5pkgs/simple/xmonad-jeschli/default.nix diff --git a/jeschli/5pkgs/default.nix b/jeschli/5pkgs/default.nix new file mode 100644 index 000000000..3fa5b5e85 --- /dev/null +++ b/jeschli/5pkgs/default.nix @@ -0,0 +1,11 @@ +with import ; + +self: super: + +# Import files and subdirectories like they are overlays. +foldl' mergeAttrs {} + (map + (name: import (./. + "/${name}") self super) + (filter + (name: name != "default.nix" && !hasPrefix "." name) + (attrNames (readDir ./.)))) diff --git a/jeschli/5pkgs/simple/default.nix b/jeschli/5pkgs/simple/default.nix new file mode 100644 index 000000000..1b9d8c235 --- /dev/null +++ b/jeschli/5pkgs/simple/default.nix @@ -0,0 +1,24 @@ +with import ; + +self: super: + +let + # This callPackage will try to detect obsolete overrides. + callPackage = path: args: let + override = self.callPackage path args; + upstream = optionalAttrs (override ? "name") + (super.${(parseDrvName override.name).name} or {}); + in if upstream ? "name" && + override ? "name" && + compareVersions upstream.name override.name != -1 + then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override + else override; +in + + listToAttrs + (map + (name: nameValuePair (removeSuffix ".nix" name) + (callPackage (./. + "/${name}") {})) + (filter + (name: name != "default.nix" && !hasPrefix "." name) + (attrNames (readDir ./.)))) diff --git a/jeschli/5pkgs/simple/xmonad-jeschli/default.nix b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix new file mode 100644 index 000000000..5bb391f98 --- /dev/null +++ b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix @@ -0,0 +1,294 @@ +{ pkgs, ... }: +pkgs.writeHaskell "xmonad-jeschli" { + executables.xmonad = { + extra-depends = [ + "containers" + "extra" + "unix" + "X11" + "xmonad" + "xmonad-contrib" + "xmonad-stockholm" + ]; + text = /* haskell */ '' +{-# LANGUAGE DeriveDataTypeable #-} -- for XS +{-# LANGUAGE FlexibleContexts #-} -- for xmonad' +{-# LANGUAGE LambdaCase #-} +{-# LANGUAGE ScopedTypeVariables #-} + + +module Main where + +import Control.Exception +import Control.Monad.Extra (whenJustM) +import Graphics.X11.ExtraTypes.XF86 +import Text.Read (readEither) +import XMonad +import System.IO (hPutStrLn, stderr) +import System.Environment (getArgs, withArgs, getEnv, getEnvironment, lookupEnv) +import System.Posix.Process (executeFile) +import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace + , removeEmptyWorkspace) +import XMonad.Actions.GridSelect +import XMonad.Actions.CycleWS (toggleWS) +--import XMonad.Actions.CopyWindow ( copy ) +import XMonad.Layout.NoBorders ( smartBorders ) +import qualified XMonad.StackSet as W +import Data.Map (Map) +import qualified Data.Map as Map +-- TODO import XMonad.Layout.WorkspaceDir +import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook) +-- import XMonad.Layout.Tabbed +--import XMonad.Layout.MouseResizableTile +import XMonad.Layout.Reflect (reflectVert) +import XMonad.Layout.FixedColumn (FixedColumn(..)) +import XMonad.Hooks.Place (placeHook, smart) +import XMonad.Hooks.FloatNext (floatNextHook) +import XMonad.Actions.PerWorkspaceKeys (chooseAction) +import XMonad.Layout.PerWorkspace (onWorkspace) +--import XMonad.Layout.BinarySpacePartition + +--import XMonad.Actions.Submap +import XMonad.Stockholm.Pager +import XMonad.Stockholm.Rhombus +import XMonad.Stockholm.Shutdown + + +amixerPath :: FilePath +amixerPath = "${pkgs.alsaUtils}/bin/amixer" + +urxvtcPath :: FilePath +urxvtcPath = "${pkgs.rxvt_unicode}/bin/urxvtc" + +myFont :: String +myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*" + +main :: IO () +main = getArgs >>= \case + ["--shutdown"] -> sendShutdownEvent + _ -> mainNoArgs + +mainNoArgs :: IO () +mainNoArgs = do + workspaces0 <- getWorkspaces0 + xmonad + -- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 } + -- urgencyConfig { remindWhen = Every 1 } + -- $ withUrgencyHook borderUrgencyHook "magenta" + -- $ withUrgencyHookC BorderUrgencyHook { urgencyBorderColor = "magenta" } urgencyConfig { suppressWhen = Never } + $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ") + $ def + { terminal = urxvtcPath + , modMask = mod4Mask + , keys = myKeys + , workspaces = workspaces0 + , layoutHook = smartBorders $ FixedColumn 1 20 80 10 ||| Full + -- , handleEventHook = myHandleEventHooks <+> handleTimerEvent + --, handleEventHook = handleTimerEvent + , manageHook = placeHook (smart (1,0)) <+> floatNextHook + , startupHook = + whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK")) + (\path -> forkFile path [] Nothing) + , normalBorderColor = "#1c1c1c" + , focusedBorderColor = "#f000b0" + , handleEventHook = handleShutdownEvent + } + + +getWorkspaces0 :: IO [String] +getWorkspaces0 = + try (getEnv "XMONAD_WORKSPACES0_FILE") >>= \case + Left e -> warn (displaySomeException e) + Right p -> try (readFile p) >>= \case + Left e -> warn (displaySomeException e) + Right x -> case readEither x of + Left e -> warn e + Right y -> return y + where + warn msg = hPutStrLn stderr ("getWorkspaces0: " ++ msg) >> return [] + +displaySomeException :: SomeException -> String +displaySomeException = displayException + + +forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X () +forkFile path args env = + xfork (executeFile path False args env) >> return () + +spawnRootTerm :: X () +spawnRootTerm = + forkFile + urxvtcPath + ["-name", "root-urxvt", "-e", "/run/wrappers/bin/su", "-"] + Nothing + +spawnTermAt :: String -> X () +spawnTermAt ws = do + env <- liftIO getEnvironment + let env' = ("XMONAD_SPAWN_WORKSPACE", ws) : env + forkFile urxvtcPath [] (Just env') + +myKeys :: XConfig Layout -> Map (KeyMask, KeySym) (X ()) +myKeys conf = Map.fromList $ + [ ((_4 , xK_Escape ), forkFile "/run/wrappers/bin/slock" [] Nothing) + , ((_4S , xK_c ), kill) + + , ((_4 , xK_p ), forkFile "${pkgs.pass}/bin/passmenu" ["--type"] Nothing) + + , ((_4 , xK_x ), chooseAction spawnTermAt) + , ((_4C , xK_x ), spawnRootTerm) + + --, ((_4 , xK_F1 ), withFocused jojo) + --, ((_4 , xK_F1 ), printAllGeometries) + + , ((0 , xK_Print ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.view) ) + , ((_S , xK_Print ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.shift) ) + , ((_C , xK_Print ), toggleWS) + , ((_4 , xK_Print ), rhombus horseConfig (liftIO . hPutStrLn stderr) ["Correct", "Horse", "Battery", "Staple", "Stuhl", "Tisch"] ) + + -- %! Rotate through the available layout algorithms + , ((_4 , xK_space ), sendMessage NextLayout) + , ((_4S , xK_space ), setLayout $ XMonad.layoutHook conf) -- reset layout + + ---- BinarySpacePartition + --, ((_4 , xK_l), sendMessage $ ExpandTowards R) + --, ((_4 , xK_h), sendMessage $ ExpandTowards L) + --, ((_4 , xK_j), sendMessage $ ExpandTowards D) + --, ((_4 , xK_k), sendMessage $ ExpandTowards U) + --, ((_4S , xK_l), sendMessage $ ShrinkFrom R) + --, ((_4S , xK_h), sendMessage $ ShrinkFrom L) + --, ((_4S , xK_j), sendMessage $ ShrinkFrom D) + --, ((_4S , xK_k), sendMessage $ ShrinkFrom U) + --, ((_4 , xK_n), sendMessage Rotate) + --, ((_4S , xK_n), sendMessage Swap) + + ---- mouseResizableTile + --, ((_4 , xK_u), sendMessage ShrinkSlave) + --, ((_4 , xK_i), sendMessage ExpandSlave) + + -- move focus up or down the window stack + --, ((_4 , xK_m ), windows W.focusMaster) + , ((_4 , xK_j ), windows W.focusDown) + , ((_4 , xK_k ), windows W.focusUp) + + -- modifying the window order + , ((_4S , xK_m ), windows W.swapMaster) + , ((_4S , xK_j ), windows W.swapDown) + , ((_4S , xK_k ), windows W.swapUp) + + -- resizing the master/slave ratio + , ((_4 , xK_h ), sendMessage Shrink) -- %! Shrink the master area + , ((_4 , xK_l ), sendMessage Expand) -- %! Expand the master area + + -- floating layer support + , ((_4 , xK_t ), withFocused $ windows . W.sink) -- make tiling + + -- increase or decrease number of windows in the master area + , ((_4 , xK_comma ), sendMessage $ IncMasterN 1) + , ((_4 , xK_period ), sendMessage $ IncMasterN (-1)) + + , ((_4 , xK_a ), addWorkspacePrompt def) + , ((_4 , xK_r ), renameWorkspace def) + , ((_4 , xK_Delete ), removeEmptyWorkspace) + + , ((_4 , xK_Return ), toggleWS) + --, (0 , xK_Print ) & \k -> (k, gridselectWorkspace wsGSConfig { gs_navigate = makeGSNav k } W.view) + --, (_4 , xK_v ) & \k -> (k, gridselectWorkspace wsGSConfig { gs_navigate = makeGSNav k } W.view) + --, (_4S , xK_v ) & \k -> (k, gridselectWorkspace wsGSConfig { gs_navigate = makeGSNav k } W.shift) + --, (_4 , xK_b ) & \k -> (k, goToSelected wGSConfig { gs_navigate = makeGSNav k }) + , ((noModMask, xF86XK_AudioLowerVolume), amixer ["sset", "Master", "5%-"]) + , ((noModMask, xF86XK_AudioRaiseVolume), amixer ["sset", "Master", "5%+"]) + , ((noModMask, xF86XK_AudioMute), amixer ["sset", "Master", "toggle"]) + ] + where + _4 = mod4Mask + _C = controlMask + _S = shiftMask + _M = mod1Mask + _4C = _4 .|. _C + _4S = _4 .|. _S + _4M = _4 .|. _M + _4CM = _4 .|. _C .|. _M + _4SM = _4 .|. _S .|. _M + + amixer args = forkFile amixerPath args Nothing + + +pagerConfig :: PagerConfig +pagerConfig = def + { pc_font = myFont + , pc_cellwidth = 64 + --, pc_cellheight = 36 -- TODO automatically keep screen aspect + --, pc_borderwidth = 1 + --, pc_matchcolor = "#f0b000" + , pc_matchmethod = MatchPrefix + --, pc_colors = pagerWorkspaceColors + , pc_windowColors = windowColors + } + where + windowColors _ _ _ True _ = ("#ef4242","#ff2323") + windowColors wsf m c u wf = do + let y = defaultWindowColors wsf m c u wf + if m == False && wf == True + then ("#402020", snd y) + else y + +horseConfig :: RhombusConfig +horseConfig = def + { rc_font = myFont + , rc_cellwidth = 64 + --, rc_cellheight = 36 -- TODO automatically keep screen aspect + --, rc_borderwidth = 1 + --, rc_matchcolor = "#f0b000" + , rc_matchmethod = MatchPrefix + --, rc_colors = pagerWorkspaceColors + --, rc_paint = myPaint + } + +wGSConfig :: GSConfig Window +wGSConfig = def + { gs_cellheight = 20 + , gs_cellwidth = 192 + , gs_cellpadding = 5 + , gs_font = myFont + , gs_navigate = navNSearch + } + +-- wsGSConfig = def +-- { gs_cellheight = 20 +-- , gs_cellwidth = 64 +-- , gs_cellpadding = 5 +-- , gs_font = myFont +-- , gs_navigate = navNSearch +-- } + +-- custom navNSearch +--makeGSNav :: (KeyMask, KeySym) -> TwoD a (Maybe a) +--makeGSNav esc = nav +-- where +-- nav = makeXEventhandler $ shadowWithKeymap keyMap navNSearchDefaultHandler +-- keyMap = Map.fromList +-- [ (esc , cancel) +-- , ((0,xK_Escape) , cancel) +-- , ((0,xK_Return) , select) +-- , ((0,xK_Left) , move (-1, 0) >> nav) +-- , ((0,xK_Right) , move ( 1, 0) >> nav) +-- , ((0,xK_Down) , move ( 0, 1) >> nav) +-- , ((0,xK_Up) , move ( 0,-1) >> nav) +-- , ((0,xK_BackSpace) , transformSearchString (\s -> if (s == "") then "" else init s) >> nav) +-- ] +-- -- The navigation handler ignores unknown key symbols, therefore we const +-- navNSearchDefaultHandler (_,s,_) = do +-- transformSearchString (++ s) +-- nav + + +(&) :: a -> (a -> c) -> c +(&) = flip ($) + +allWorkspaceNames :: W.StackSet i l a sid sd -> X [i] +allWorkspaceNames ws = + return $ map W.tag (W.hidden ws) ++ [W.tag $ W.workspace $ W.current ws] + ''; + }; +} From cc0dfeda397e812a9e6db2f65f6ed0a5a4d67571 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 Apr 2018 23:25:36 +0200 Subject: [PATCH 128/183] Reaktor/plugins: limit url-title length --- krebs/5pkgs/simple/Reaktor/plugins.nix | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/krebs/5pkgs/simple/Reaktor/plugins.nix b/krebs/5pkgs/simple/Reaktor/plugins.nix index bcfcbf76b..f3b771190 100644 --- a/krebs/5pkgs/simple/Reaktor/plugins.nix +++ b/krebs/5pkgs/simple/Reaktor/plugins.nix @@ -120,11 +120,24 @@ rec { url-title = (buildSimpleReaktorPlugin "url-title" { pattern = "^.*(?Phttp[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$$"; path = with pkgs; [ curl perl ]; - script = pkgs.writeDash "lambda-pl" '' - if [ "$#" -gt 0 ]; then - curl -SsL --max-time 5 "$1" | - perl -l -0777 -ne 'print $1 if /\s*(.*?)\s*<\/title/si' - fi + script = pkgs.writePython3 [ "beautifulsoup4" "lxml" ] "url-title" '' + import sys + import urllib.request + from bs4 import BeautifulSoup + + try: + soup = BeautifulSoup(urllib.request.urlopen(sys.argv[1]), "lxml") + title = soup.find('title').string + + if title: + if len(title) > 512: + print('message to long, skipped') + elif len(title.split('\n')) > 5: + print('to many lines, skipped') + else: + print(title) + except: # noqa: E722 + pass ''; }); From 4fac738ed2092c8922b5126903bac3f258bf22f4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 Apr 2018 23:35:35 +0200 Subject: [PATCH 129/183] l: add restic service --- lass/3modules/default.nix | 1 + lass/3modules/restic.nix | 119 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 120 insertions(+) create mode 100644 lass/3modules/restic.nix diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 0c10e1ec2..5e7e6dff3 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -8,6 +8,7 @@ _: ./mysql-backup.nix ./news.nix ./pyload.nix + ./restic.nix ./screenlock.nix ./umts.nix ./usershadow.nix diff --git a/lass/3modules/restic.nix b/lass/3modules/restic.nix new file mode 100644 index 000000000..c720793b1 --- /dev/null +++ b/lass/3modules/restic.nix @@ -0,0 +1,119 @@ +{ config, lib, pkgs, ... }: + +with import ; + +{ + options.lass.restic = mkOption { + type = types.attrsOf (types.submodule ({ config, ... }: { + options = { + name = mkOption { + type = types.str; + default = config._module.args.name; + }; + passwordFile = mkOption { + type = types.str; + default = toString ; + description = '' + read the repository password from a file. + ''; + example = "/etc/nixos/restic-password"; + + }; + repo = mkOption { + type = types.str; + default = "sftp:backup@prism.r:/backups/${config.name}"; + description = '' + repository to backup to. + ''; + example = "sftp:backup@192.168.1.100:/backups/${config.name}"; + }; + dirs = mkOption { + type = types.listOf types.str; + default = []; + description = '' + which directories to backup. + ''; + example = [ + "/var/lib/postgresql" + "/home/user/backup" + ]; + }; + timerConfig = mkOption { + type = types.attrsOf types.str; + default = { + OnCalendar = "daily"; + }; + description = '' + When to run the backup. See man systemd.timer for details. + ''; + example = { + OnCalendar = "00:05"; + RandomizedDelaySec = "5h"; + }; + }; + user = mkOption { + type = types.str; + default = "root"; + description = '' + As which user the backup should run. + ''; + example = "postgresql"; + }; + extraArguments = mkOption { + type = types.listOf types.str; + default = []; + description = '' + Extra arguments to append to the restic command. + ''; + example = [ + "sftp.command='ssh backup@192.168.1.100 -i /home/user/.ssh/id_rsa -s sftp" + ]; + }; + initialize = mkOption { + type = types.bool; + default = false; + description = '' + Create the repository if it doesn't exist. + ''; + }; + }; + })); + default = {}; + }; + + config = { + systemd.services = + mapAttrs' (_: plan: + let + extraArguments = concatMapStringsSep " " (arg: "-o ${arg}") plan.extraArguments; + connectTo = elemAt (splitString ":" plan.repo) 1; + resticCmd = "${pkgs.restic}/bin/restic ${extraArguments}"; + in nameValuePair "backup.${plan.name}" { + environment = { + RESTIC_PASSWORD_FILE = plan.passwordFile; + RESTIC_REPOSITORY = plan.repo; + }; + path = with pkgs; [ + openssh + ]; + restartIfChanged = false; + serviceConfig = { + ExecStartPre = mkIf plan.initialize (pkgs.writeScript "rustic-${plan.name}-init" '' + #! ${pkgs.bash}/bin/bash + ${resticCmd} snapshots || ${resticCmd} init + ''); + ExecStart = pkgs.writeDash "rustic-${plan.name}" ( + "#! ${pkgs.bash}/bin/bash\n" + + concatMapStringsSep "\n" (dir: "${resticCmd} backup ${dir}") plan.dirs + ); + User = plan.user; + }; + } + ) config.lass.restic; + systemd.timers = + mapAttrs' (_: plan: nameValuePair "backup.${plan.name}" { + wantedBy = [ "timers.target" ]; + timerConfig = plan.timerConfig; + }) config.lass.restic; + }; +} From ddb06a55426abe797b4ebad3165c4637c0b6975d Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 Apr 2018 23:27:53 +0200 Subject: [PATCH 130/183] l mors.r: add btc price getter --- lass/1systems/mors/config.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index cd259d0fe..dab1910b4 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -141,6 +141,15 @@ with import ; dnsutils generate-secrets + (pkgs.writeDashBin "btc-coinbase" '' + ${pkgs.curl}/bin/curl -Ss 'https://api.coinbase.com/v2/prices/spot?currency=EUR' | ${pkgs.jq}/bin/jq '.data.amount' + '') + (pkgs.writeDashBin "btc-wex" '' + ${pkgs.curl}/bin/curl -Ss 'https://wex.nz/api/3/ticker/btc_eur' | ${pkgs.jq}/bin/jq '.btc_eur.avg' + '') + (pkgs.writeDashBin "btc-kraken" '' + ${pkgs.curl}/bin/curl -Ss 'https://api.kraken.com/0/public/Ticker?pair=BTCEUR' | ${pkgs.jq}/bin/jq '.result.XXBTZEUR.a[0]' + '') ]; #TODO: fix this shit From b0678507404bba2c12df39c1d21431ddd9102fcb Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 Apr 2018 23:28:39 +0200 Subject: [PATCH 131/183] l mors.r: add restic backups --- lass/1systems/mors/config.nix | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index dab1910b4..c59494e4d 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -186,4 +186,34 @@ with import ; programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; virtualisation.docker.enable = true; + + lass.restic = genAttrs [ + "daedalus" + "icarus" + "littleT" + "prism" + "shodan" + "skynet" + ] (dest: { + dirs = [ + "/home/lass/src" + "/home/lass/work" + "/home/lass/.gnupg" + "/home/lass/Maildir" + "/home/lass/stockholm" + "/home/lass/.password-store" + "/home/bitcoin" + "/home/bch" + ]; + passwordFile = (toString ) + "/restic/${dest}"; + repo = "sftp:backup@${dest}.r:/backups/mors"; + #sshPrivateKey = config.krebs.build.host.ssh.privkey.path; + extraArguments = [ + "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" + ]; + timerConfig = { + OnCalendar = "00:05"; + RandomizedDelaySec = "5h"; + }; + }); } From e77030e772899bcc747568752cdb2a997a6972bf Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 Apr 2018 23:30:19 +0200 Subject: [PATCH 132/183] l prism.r: use iptables for hackerfleet --- lass/1systems/prism/config.nix | 30 +++++++----------------------- 1 file changed, 7 insertions(+), 23 deletions(-) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index c0e4620cc..e937db83a 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -110,29 +110,13 @@ in { }; # TODO write function for proxy_pass (ssl/nonssl) - services.nginx.virtualHosts."hackerfleet.de" = { - serverAliases = [ - "*.hackerfleet.de" - ]; - locations."/".extraConfig = '' - proxy_pass http://192.168.122.92:80; - ''; - }; - services.nginx.virtualHosts."hackerfleet.de-s" = { - serverName = "hackerfleet.de"; - listen = [ - { - addr = "0.0.0.0"; - port = 443; - } - ]; - serverAliases = [ - "*.hackerfleet.de" - ]; - locations."/".extraConfig = '' - proxy_pass http://192.168.122.92:443; - ''; - }; + + krebs.iptables.tables.filter.FORWARD.rules = [ + { v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; } + ]; + krebs.iptables.tables.nat.PREROUTING.rules = [ + { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; } + ]; } { users.users.tv = { From c85c0f1b39aed212bb128c674f194f124a9454ce Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 Apr 2018 23:31:08 +0200 Subject: [PATCH 133/183] l prism.r: fix deprecation warnings --- lass/1systems/prism/config.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index e937db83a..983604f8e 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -8,11 +8,15 @@ in { imports = [ { - networking.interfaces.et0.ip4 = [ + networking.interfaces.et0.ipv4.addresses = [ { address = ip; prefixLength = 27; } + { + address = "46.4.114.243"; + prefixLength = 27; + } ]; networking.defaultGateway = "46.4.114.225"; networking.nameservers = [ From 1d37fba51e4f4fbb7fe7acccc11e2b2ac5dcc5b7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 Apr 2018 23:33:09 +0200 Subject: [PATCH 134/183] l reaktor-coders: /j #panthermoderns --- lass/2configs/reaktor-coders.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix index 5fa1611ae..922cd79cb 100644 --- a/lass/2configs/reaktor-coders.nix +++ b/lass/2configs/reaktor-coders.nix @@ -4,7 +4,7 @@ with import ; { krebs.Reaktor.coders = { nickname = "Reaktor|lass"; - channels = [ "#coders" "#germany" ]; + channels = [ "#coders" "#germany" "#panthermoderns" ]; extraEnviron = { REAKTOR_HOST = "irc.hackint.org"; }; From 824c19e81a5696018973be2d692fcd9f07f8ef10 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 Apr 2018 23:33:26 +0200 Subject: [PATCH 135/183] l reaktor-coders: add google & blockchain command --- lass/2configs/reaktor-coders.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix index 922cd79cb..5a39f7115 100644 --- a/lass/2configs/reaktor-coders.nix +++ b/lass/2configs/reaktor-coders.nix @@ -87,6 +87,19 @@ with import ; exec /run/wrappers/bin/ping -q -c1 "$1" 2>&1 | tail -1 ''; }) + (buildSimpleReaktorPlugin "google" { + pattern = "^!g (?P.*)$$"; + script = pkgs.writeDash "google" '' + exec ${pkgs.ddgr}/bin/ddgr -C -n1 --json "$@" | \ + ${pkgs.jq}/bin/jq '@text "\(.[0].abstract) \(.[0].url)"' + ''; + }) + (buildSimpleReaktorPlugin "blockchain" { + pattern = ".*[Bb]lockchain.*$$"; + script = pkgs.writeDash "blockchain" '' + exec echo 'DID SOMEBODY SAY BLOCKCHAIN? https://paste.krebsco.de/r99pMoQq/+inline' + ''; + }) ]; }; } From 0521f960c8c93da7082722632309b533260781d5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 Apr 2018 23:34:14 +0200 Subject: [PATCH 136/183] l syncthing: remove deprecated inotify --- lass/2configs/syncthing.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix index cef43d1e6..17debf822 100644 --- a/lass/2configs/syncthing.nix +++ b/lass/2configs/syncthing.nix @@ -3,7 +3,6 @@ with import ; { services.syncthing = { enable = true; - useInotify = true; }; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 22000"; target = "ACCEPT";} From 0164e142e3ce793cb98b237ba2384b3d88a3550c Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 Apr 2018 23:35:13 +0200 Subject: [PATCH 137/183] l websites: enableSSL -> onlySSL --- lass/2configs/websites/util.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index 62055d0fd..441b7af90 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -16,7 +16,7 @@ rec { in { services.nginx.virtualHosts.${domain} = { enableACME = true; - enableSSL = true; + onlySSL = true; extraConfig = '' listen 80; listen [::]:80; @@ -34,7 +34,7 @@ rec { in { services.nginx.virtualHosts."${domain}" = { enableACME = true; - enableSSL = true; + onlySSL = true; serverAliases = domains; extraConfig = '' listen 80; @@ -148,7 +148,7 @@ rec { in { services.nginx.virtualHosts."${domain}" = { enableACME = true; - enableSSL = true; + onlySSL = true; serverAliases = domains; extraConfig = '' listen 80; From 2647f93715f73495d2b5cc1537a4ff47de085e1a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 Apr 2018 12:42:30 +0200 Subject: [PATCH 138/183] l: generate-secrets -> l-gen-secrets --- lass/5pkgs/{generate-secrets => l-gen-secrets}/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) rename lass/5pkgs/{generate-secrets => l-gen-secrets}/default.nix (88%) diff --git a/lass/5pkgs/generate-secrets/default.nix b/lass/5pkgs/l-gen-secrets/default.nix similarity index 88% rename from lass/5pkgs/generate-secrets/default.nix rename to lass/5pkgs/l-gen-secrets/default.nix index 5a4afe7c5..4b25fbd4c 100644 --- a/lass/5pkgs/generate-secrets/default.nix +++ b/lass/5pkgs/l-gen-secrets/default.nix @@ -1,5 +1,5 @@ { pkgs }: -pkgs.writeDashBin "generate-secrets" '' +pkgs.writeDashBin "l-gen-secrets" '' HOSTNAME="$1" TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) PASSWORD=$(${pkgs.pwgen}/bin/pwgen 25 1) @@ -17,9 +17,9 @@ pkgs.writeDashBin "generate-secrets" '' cd $TMPDIR for x in *; do - ${pkgs.coreutils}/bin/cat $x | ${pkgs.pass}/bin/pass insert -m hosts/$HOSTNAME/$x > /dev/null + ${pkgs.coreutils}/bin/cat $x | ${pkgs.pass}/bin/pass insert -m krebs-secrets/$HOSTNAME/$x > /dev/null done - echo $PASSWORD | ${pkgs.pass}/bin/pass insert -m admin/hosts/$HOSTNAME/pass > /dev/null + echo $PASSWORD | ${pkgs.pass}/bin/pass insert -m hosts/$HOSTNAME/pass > /dev/null cat < Date: Sat, 21 Apr 2018 12:53:32 +0200 Subject: [PATCH 139/183] onebutton.r: init --- krebs/1systems/onebutton/config.nix | 32 +++++++++++++++++++++++++++++ krebs/1systems/onebutton/source.nix | 11 ++++++++++ 2 files changed, 43 insertions(+) create mode 100644 krebs/1systems/onebutton/config.nix create mode 100644 krebs/1systems/onebutton/source.nix diff --git a/krebs/1systems/onebutton/config.nix b/krebs/1systems/onebutton/config.nix new file mode 100644 index 000000000..08a9d6423 --- /dev/null +++ b/krebs/1systems/onebutton/config.nix @@ -0,0 +1,32 @@ +{ config, pkgs, lib, ... }: +{ + imports = [ + + ]; + # NixOS wants to enable GRUB by default + boot.loader.grub.enable = false; + # Enables the generation of /boot/extlinux/extlinux.conf + boot.loader.generic-extlinux-compatible.enable = true; + + # !!! If your board is a Raspberry Pi 1, select this: + boot.kernelPackages = pkgs.linuxPackages_rpi; + + nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ]; + nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ]; + + # !!! Needed for the virtual console to work on the RPi 3, as the default of 16M doesn't seem to be enough. + # boot.kernelParams = ["cma=32M"]; + + fileSystems = { + "/boot" = { + device = "/dev/disk/by-label/NIXOS_BOOT"; + fsType = "vfat"; + }; + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + }; + }; + + swapDevices = [ { device = "/swapfile"; size = 1024; } ]; +} diff --git a/krebs/1systems/onebutton/source.nix b/krebs/1systems/onebutton/source.nix new file mode 100644 index 000000000..3ecaf9006 --- /dev/null +++ b/krebs/1systems/onebutton/source.nix @@ -0,0 +1,11 @@ +let + pkgs = import {}; +in import { + name = "onebutton"; + nixpkgs.file = pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs-channels"; + rev = "6c064e6b"; # only binary cache for unstable arm6 + sha256 = "0ssaaaaaaaaaaaawkgjk8c75mvhgn5z7g1dkb78r8vrih9428bb8"; + }; +} From 92f7e3e12bdaee3265f583f72e43972269268b1e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 Apr 2018 13:02:48 +0200 Subject: [PATCH 140/183] generate-secrets: init --- .../5pkgs/simple/generate-secrets/default.nix | 46 +++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 krebs/5pkgs/simple/generate-secrets/default.nix diff --git a/krebs/5pkgs/simple/generate-secrets/default.nix b/krebs/5pkgs/simple/generate-secrets/default.nix new file mode 100644 index 000000000..a800ff543 --- /dev/null +++ b/krebs/5pkgs/simple/generate-secrets/default.nix @@ -0,0 +1,46 @@ +{ pkgs }: +pkgs.writeDashBin "generate-secrets" '' + HOSTNAME="$1" + TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) + PASSWORD=$(${pkgs.pwgen}/bin/pwgen 25 1) + HASHED_PASSWORD=$(echo $PASSWORD | ${pkgs.hashPassword}/bin/hashPassword -s) > /dev/null + + ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null + ${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null + ${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null + cat < $TMPDIR/hashedPasswords.nix + { + root = "$HASHED_PASSWORD"; + } + EOF + + cd $TMPDIR + for x in *; do + ${pkgs.coreutils}/bin/cat $x | ${pkgs.brain}/bin/brain insert -m krebs-secrets/$HOSTNAME/$x > /dev/null + done + echo $PASSWORD | ${pkgs.brain}/bin/brain insert -m hosts/$HOSTNAME/root > /dev/null + + cat <; + ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)"; + }; + EOF + + rm -rf $TMPDIR +'' + From b08c606eabe87292e4dc792e7f6faa7d0b679d58 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 Apr 2018 13:04:19 +0200 Subject: [PATCH 141/183] onebutton.r: init --- krebs/3modules/krebs/default.nix | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 1e626f0a0..a916c1873 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -91,6 +91,37 @@ in { ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICxFkBln23wUxt4RhIHE3GvdKeBpJbjn++6maupHqUHp"; }; + onebutton = { + cores = 1; + owner = config.krebs.users.krebs; + nets = { + retiolum = { + ip4.addr = "10.243.0.101"; + ip6.addr = "42:0:0:0:0:0:0:101"; + aliases = [ + "onebutton.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA11w6votRExwE0ZEiQmPa + 9WGNsMfNAZEd14iHaHCZH7UPQEH+cH/T6isGPpaysindroMnqFe9mUf/cdYChb6N + aaFreApwGBQaJPUcdy4cfphrFpzmOClpOFuFbnV7ZvAk/wefBad3kUzsq/lK4HvB + 7nPKeOB9kljphLrkzuLL/h2yOenMpO2ZdvwxyWN8HKmUNgvpBQjIr+Hka6cgy7Gp + pBVFHfSnad/eHeEvq91O/bHxrAxzH5N5DVagPDpkbiWYGl+0XVGP/h0CApr15Ael + +j2pJYc0ZlaXIp4KmNRqbd/fLe52JLrWbnFX4rRuY/DhoMqK8kjECEZ7gLiNSpCC + KlnlJ2LXX9c+d79ubzl5yLAJ3d6T4IJqkbAWJDuCrj821M9ZDk/qZwerayhrrvkF + tMYkQoGSe8MvSOU0rTEoH5iSRwDC7M0XzUe4l8/yZLFyD4Prz/dq6coqANfk/tlE + DnH3vDu9lmFvYrLcd6yDWzFfI3mWDJoUa6AKKoScCOaCkRfIM4Aew0i73+h1nJLO + 59AAbZIkDYyWs53QniIG4EQteI9y/9j/628nPAVj68V5oIN76RDXfFHWDWq4DxmU + PpGVmoIKcKZmnl7RrDomRVpuGMdyQ+kCzIGH3XYe12v8Y5beHZBrd3OajgHZ/Tfp + jP873cT6h0hsGm9glgOYho8CAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcZg+iLaPZ0SpLM+nANxIjZC/RIsansjyutK0+gPhIe "; + }; puyak = { ci = true; owner = config.krebs.users.krebs; From 70052cb8c9fedcda1ba8d5270afdf92bc1dd13ff Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 Apr 2018 16:01:31 +0200 Subject: [PATCH 142/183] onebutton.r: make it work --- krebs/1systems/onebutton/config.nix | 1 + krebs/1systems/onebutton/source.nix | 13 +++++++++---- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/krebs/1systems/onebutton/config.nix b/krebs/1systems/onebutton/config.nix index 08a9d6423..19159c8fb 100644 --- a/krebs/1systems/onebutton/config.nix +++ b/krebs/1systems/onebutton/config.nix @@ -29,4 +29,5 @@ }; swapDevices = [ { device = "/swapfile"; size = 1024; } ]; + services.openssh.enable = true; } diff --git a/krebs/1systems/onebutton/source.nix b/krebs/1systems/onebutton/source.nix index 3ecaf9006..8f25881c9 100644 --- a/krebs/1systems/onebutton/source.nix +++ b/krebs/1systems/onebutton/source.nix @@ -1,11 +1,16 @@ +with import ; let pkgs = import {}; -in import { - name = "onebutton"; - nixpkgs.file = pkgs.fetchFromGitHub { + nixpkgs = pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs-channels"; rev = "6c064e6b"; # only binary cache for unstable arm6 - sha256 = "0ssaaaaaaaaaaaawkgjk8c75mvhgn5z7g1dkb78r8vrih9428bb8"; + sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd"; }; +in import { + name = "onebutton"; + override.nixpkgs = mkForce { + file = toString nixpkgs; + }; + } From 1501d9e3e6a96e80ed238431ec58b40eb7b1b552 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 21 Apr 2018 16:14:01 +0200 Subject: [PATCH 143/183] onebutton.r: minimal disk and default config --- krebs/1systems/onebutton/config.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/krebs/1systems/onebutton/config.nix b/krebs/1systems/onebutton/config.nix index 19159c8fb..c634d73ce 100644 --- a/krebs/1systems/onebutton/config.nix +++ b/krebs/1systems/onebutton/config.nix @@ -2,7 +2,18 @@ { imports = [ + + { # minimal disk usage + environment.noXlibs = true; + nix.gc.automatic = true; + nix.gc.dates = "03:10"; + programs.info.enable = false; + programs.man.enable = false; + services.journald.extraConfig = "SystemMaxUse=50M"; + services.nixosManual.enable = false; + } ]; + krebs.build.host = config.krebs.hosts.onebutton; # NixOS wants to enable GRUB by default boot.loader.grub.enable = false; # Enables the generation of /boot/extlinux/extlinux.conf From c99e8256b223761eb50cf5d6841ab64f989851c3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 Apr 2018 17:52:45 +0200 Subject: [PATCH 144/183] l monitoring: add example prometheus config --- lass/2configs/monitoring/node-exporter.nix | 13 ++ .../2configs/monitoring/prometheus-server.nix | 179 ++++++++++++++++++ 2 files changed, 192 insertions(+) create mode 100644 lass/2configs/monitoring/node-exporter.nix create mode 100644 lass/2configs/monitoring/prometheus-server.nix diff --git a/lass/2configs/monitoring/node-exporter.nix b/lass/2configs/monitoring/node-exporter.nix new file mode 100644 index 000000000..8c27e90d4 --- /dev/null +++ b/lass/2configs/monitoring/node-exporter.nix @@ -0,0 +1,13 @@ +{ config, lib, pkgs, ... }: +{ + networking.firewall.allowedTCPPorts = [ 9100 ]; + + services.prometheus.exporters = { + node = { + enable = true; + enabledCollectors = [ + "systemd" + ]; + }; + }; +} diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix new file mode 100644 index 000000000..d56d7e552 --- /dev/null +++ b/lass/2configs/monitoring/prometheus-server.nix @@ -0,0 +1,179 @@ +{ pkgs, lib, config, ... }: +{ + #networking = { + # firewall.allowedTCPPorts = [ + # 3000 # grafana + # 9090 # prometheus + # 9093 # alertmanager + # ]; + # useDHCP = true; + #}; + + services = { + prometheus = { + enable = true; + extraFlags = [ + "-storage.local.retention 8760h" + "-storage.local.series-file-shrink-ratio 0.3" + "-storage.local.memory-chunks 2097152" + "-storage.local.max-chunks-to-persist 1048576" + "-storage.local.index-cache-size.fingerprint-to-metric 2097152" + "-storage.local.index-cache-size.fingerprint-to-timerange 1048576" + "-storage.local.index-cache-size.label-name-to-label-values 2097152" + "-storage.local.index-cache-size.label-pair-to-fingerprints 41943040" + ]; + alertmanagerURL = [ "http://localhost:9093" ]; + rules = [ + '' + ALERT node_down + IF up == 0 + FOR 5m + LABELS { + severity="page" + } + ANNOTATIONS { + summary = "{{$labels.alias}}: Node is down.", + description = "{{$labels.alias}} has been down for more than 5 minutes." + } + ALERT node_systemd_service_failed + IF node_systemd_unit_state{state="failed"} == 1 + FOR 4m + LABELS { + severity="page" + } + ANNOTATIONS { + summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start.", + description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}." + } + ALERT node_filesystem_full_90percent + IF sort(node_filesystem_free{device!="ramfs"} < node_filesystem_size{device!="ramfs"} * 0.1) / 1024^3 + FOR 5m + LABELS { + severity="page" + } + ANNOTATIONS { + summary = "{{$labels.alias}}: Filesystem is running out of space soon.", + description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem." + } + ALERT node_filesystem_full_in_4h + IF predict_linear(node_filesystem_free{device!="ramfs"}[1h], 4*3600) <= 0 + FOR 5m + LABELS { + severity="page" + } + ANNOTATIONS { + summary = "{{$labels.alias}}: Filesystem is running out of space in 4 hours.", + description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours" + } + ALERT node_filedescriptors_full_in_3h + IF predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum + FOR 20m + LABELS { + severity="page" + } + ANNOTATIONS { + summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours.", + description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours" + } + ALERT node_load1_90percent + IF node_load1 / on(alias) count(node_cpu{mode="system"}) by (alias) >= 0.9 + FOR 1h + LABELS { + severity="page" + } + ANNOTATIONS { + summary = "{{$labels.alias}}: Running on high load.", + description = "{{$labels.alias}} is running with > 90% total load for at least 1h." + } + ALERT node_cpu_util_90percent + IF 100 - (avg by (alias) (irate(node_cpu{mode="idle"}[5m])) * 100) >= 90 + FOR 1h + LABELS { + severity="page" + } + ANNOTATIONS { + summary = "{{$labels.alias}}: High CPU utilization.", + description = "{{$labels.alias}} has total CPU utilization over 90% for at least 1h." + } + ALERT node_ram_using_90percent + IF node_memory_MemFree + node_memory_Buffers + node_memory_Cached < node_memory_MemTotal * 0.1 + FOR 30m + LABELS { + severity="page" + } + ANNOTATIONS { + summary="{{$labels.alias}}: Using lots of RAM.", + description="{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.", + } + ALERT node_swap_using_80percent + IF node_memory_SwapTotal - (node_memory_SwapFree + node_memory_SwapCached) > node_memory_SwapTotal * 0.8 + FOR 10m + LABELS { + severity="page" + } + ANNOTATIONS { + summary="{{$labels.alias}}: Running out of swap soon.", + description="{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now." + } + '' + ]; + scrapeConfigs = [ + { + job_name = "node"; + scrape_interval = "10s"; + static_configs = [ + { + targets = [ + "localhost:9100" + ]; + labels = { + alias = "prometheus.example.com"; + }; + } + ]; + } + ]; + alertmanager = { + enable = true; + listenAddress = "0.0.0.0"; + configuration = { + "global" = { + "smtp_smarthost" = "smtp.example.com:587"; + "smtp_from" = "alertmanager@example.com"; + }; + "route" = { + "group_by" = [ "alertname" "alias" ]; + "group_wait" = "30s"; + "group_interval" = "2m"; + "repeat_interval" = "4h"; + "receiver" = "team-admins"; + }; + "receivers" = [ + { + "name" = "team-admins"; + "email_configs" = [ + { + "to" = "devnull@example.com"; + "send_resolved" = true; + } + ]; + "webhook_configs" = [ + { + "url" = "https://example.com/prometheus-alerts"; + "send_resolved" = true; + } + ]; + } + ]; + }; + }; + }; + grafana = { + enable = true; + addr = "0.0.0.0"; + domain = "grafana.example.com"; + rootUrl = "https://grafana.example.com/"; + security = import ; # { AdminUser = ""; adminPassword = ""} + }; + }; +} From e18887126b848870f60644167db6262c0a558872 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 21 Apr 2018 20:47:23 +0200 Subject: [PATCH 145/183] ma: mon.euer points to gum.r --- krebs/3modules/makefu/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index e137da7ca..d7a750c6e 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -539,6 +539,7 @@ with import ; dl.euer IN A ${nets.internet.ip4.addr} boot.euer IN A ${nets.internet.ip4.addr} wiki.euer IN A ${nets.internet.ip4.addr} + mon.euer IN A ${nets.internet.ip4.addr} graph IN A ${nets.internet.ip4.addr} ghook IN A ${nets.internet.ip4.addr} dockerhub IN A ${nets.internet.ip4.addr} From 6562519e3f8ac4ddb892954eeb8cdedb55ff3d88 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 21 Apr 2018 20:51:16 +0200 Subject: [PATCH 146/183] worlddomination: bump to latest, use grequests --- krebs/2configs/shack/worlddomination.nix | 72 ++++++++++++++++-------- 1 file changed, 48 insertions(+), 24 deletions(-) diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix index 828b6cd70..838c1958e 100644 --- a/krebs/2configs/shack/worlddomination.nix +++ b/krebs/2configs/shack/worlddomination.nix @@ -2,8 +2,56 @@ with import ; let + pkg = pkgs.stdenv.mkDerivation { + name = "worlddomination-2018-04-21"; + src = pkgs.fetchgit { + url = "https://github.com/shackspace/worlddomination/"; + rev = "1b32403b9"; + sha256 = "10x7aiil13k3x9wqy95mi1ys999d6fxg5sys3jwv7a1p930gkl1i"; + }; + buildInputs = [ + (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ + docopt + LinkHeader + aiocoap + grequests + paramiko + python + ])) + ]; + installPhase = '' + install -m755 -D backend/push_led.py $out/bin/push-led + install -m755 -D backend/loop_single.py $out/bin/loop-single + # copy the provided file to the package + install -m755 -D backend/wd.lst $out/${wdpath} + ''; + }; pythonPackages = pkgs.python3Packages; # https://github.com/chrysn/aiocoap + grequests = pythonPackages.buildPythonPackage rec { + pname = "grequests"; + version = "0.3.1"; + name = "${pname}-${version}"; + + src = pkgs.fetchFromGitHub { + owner = "kennethreitz"; + repo = "grequests"; + rev = "d1e70eb"; + sha256 = "0drfx4fx65k0g5sj0pw8z3q1s0sp7idn2yz8xfb45nd6v82i37hc"; + }; + + doCheck = false; + + propagatedBuildInputs = with pythonPackages; [ requests gevent ]; + + meta = with lib;{ + description = "Asynchronous HTTP requests"; + homepage = https://github.com/kennethreitz/grequests; + license = with licenses; [ bsd2 ]; + maintainers = with maintainers; [ matejc ]; + }; + }; + aiocoap = pythonPackages.buildPythonPackage { name = "aiocoap-0.3"; src = pkgs.fetchurl { url = "https://pypi.python.org/packages/9c/f6/d839e4b14258d76e74a39810829c13f8dd31de2bfe0915579b2a609d1bbe/aiocoap-0.3.tar.gz"; sha256 = "402d4151db6d8d0b1d66af5b6e10e0de1521decbf12140637e5b8d2aa9c5aef6"; }; @@ -25,30 +73,6 @@ let description = "Parse and format link headers according to RFC 5988 \"Web Linking\""; }; }; - pkg = pkgs.stdenv.mkDerivation { - name = "worlddomination-2017-06-10"; - src = pkgs.fetchgit { - url = "https://github.com/shackspace/worlddomination/"; - rev = "72fc9b5"; - sha256 = "05h500rswzypcxy4i22qc1vkc8izbzfqa9m86xg289hjxh133xyf"; - }; - buildInputs = [ - (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ - docopt - LinkHeader - aiocoap - requests - paramiko - python - ])) - ]; - installPhase = '' - install -m755 -D backend/push_led.py $out/bin/push-led - install -m755 -D backend/loop_single.py $out/bin/loop-single - # copy the provided file to the package - install -m755 -D backend/wd.lst $out/${wdpath} - ''; - }; wdpath = "/usr/worlddomination/wd.lst"; esphost = "10.42.24.7"; # esp8266 timeout = 10; # minutes From 9a3d7eab701d354bfacc425ed5edc841514a8034 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 24 Apr 2018 19:59:40 +0200 Subject: [PATCH 147/183] kops: 1.0.0 -> 1.1.0 --- krebs/5pkgs/simple/kops.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/simple/kops.nix b/krebs/5pkgs/simple/kops.nix index a6c82f3ca..8db4b8ddd 100644 --- a/krebs/5pkgs/simple/kops.nix +++ b/krebs/5pkgs/simple/kops.nix @@ -2,6 +2,6 @@ fetchgit { url = https://cgit.krebsco.de/kops; - rev = "refs/tags/v1.0.0"; - sha256 = "0wg8d80sxa46z4i7ir79sci2hwmv3qskzqdg0si64p6vazy8vckb"; + rev = "refs/tags/v1.1.0"; + sha256 = "0k3zhv2830z4bljcdvf6ciwjihk2zzcn9y23p49c6sba5hbsd6jb"; } From 8502d51a48c6267545633afaf12074a323a98462 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 24 Apr 2018 23:17:47 +0200 Subject: [PATCH 148/183] ejabberd: 17.07 -> 18.01 --- krebs/5pkgs/simple/ejabberd/default.nix | 27 +++++++++------- krebs/5pkgs/simple/ejabberd/ejabberdctl.patch | 32 +++++++++++++++++++ 2 files changed, 48 insertions(+), 11 deletions(-) create mode 100644 krebs/5pkgs/simple/ejabberd/ejabberdctl.patch diff --git a/krebs/5pkgs/simple/ejabberd/default.nix b/krebs/5pkgs/simple/ejabberd/default.nix index 2799241fa..9e4ed3df5 100644 --- a/krebs/5pkgs/simple/ejabberd/default.nix +++ b/krebs/5pkgs/simple/ejabberd/default.nix @@ -1,5 +1,6 @@ { stdenv, writeScriptBin, lib, fetchurl, git, cacert -, erlang, openssl, expat, libyaml, bash, gnused, gnugrep, coreutils, utillinux, procps +, erlang, openssl, expat, libyaml, bash, gnused, gnugrep, coreutils, utillinux, procps, gd +, flock , withMysql ? false , withPgsql ? false , withSqlite ? false, sqlite @@ -23,17 +24,17 @@ let ctlpath = lib.makeBinPath [ bash gnused gnugrep coreutils utillinux procps ]; in stdenv.mkDerivation rec { - version = "17.07"; + version = "18.01"; name = "ejabberd-${version}"; src = fetchurl { url = "http://www.process-one.net/downloads/ejabberd/${version}/${name}.tgz"; - sha256 = "1p8ppp2czjgnq8xnhyksd82npvvx99fwr0g3rrq1wvnwh2vgb8km"; + sha256 = "01i2n8mlgw293jdf4172f9q8ca8m35vysjws791p7nynpfdb4cn6"; }; nativeBuildInputs = [ fakegit ]; - buildInputs = [ erlang openssl expat libyaml ] + buildInputs = [ erlang openssl expat libyaml gd ] ++ lib.optional withSqlite sqlite ++ lib.optional withPam pam ++ lib.optional withZlib zlib @@ -50,7 +51,7 @@ in stdenv.mkDerivation rec { configureFlags = [ "--enable-all" "--with-sqlite3=${sqlite.dev}" ]; - buildInputs = [ git erlang openssl expat libyaml sqlite pam zlib elixir ]; + nativeBuildInputs = [ git erlang openssl expat libyaml sqlite pam zlib elixir ]; GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt"; @@ -74,7 +75,7 @@ in stdenv.mkDerivation rec { outputHashMode = "recursive"; outputHashAlgo = "sha256"; - outputHash = "1q9yzccn4zf5i4hibq1r0i34q4986a93ph4792l1ph07aiisc8p7"; + outputHash = "1v3h0c7kfifb6wsfxyv5j1wc7rlxbb7r0pgd4s340wiyxnllzzhk"; }; configureFlags = @@ -92,6 +93,10 @@ in stdenv.mkDerivation rec { enableParallelBuilding = true; + patches = [ + ./ejabberdctl.patch + ]; + preBuild = '' cp -r $deps deps chmod -R +w deps @@ -101,18 +106,18 @@ in stdenv.mkDerivation rec { postInstall = '' sed -i \ -e '2iexport PATH=${ctlpath}:$PATH' \ - -e 's,\(^ *FLOCK=\).*,\1${utillinux}/bin/flock,' \ + -e 's,\(^ *FLOCK=\).*,\1${flock}/bin/flock,' \ -e 's,\(^ *JOT=\).*,\1,' \ -e 's,\(^ *CONNLOCKDIR=\).*,\1/var/lock/ejabberdctl,' \ $out/sbin/ejabberdctl ''; - meta = { + meta = with stdenv.lib; { description = "Open-source XMPP application server written in Erlang"; - license = lib.licenses.gpl2; + license = licenses.gpl2; homepage = http://www.ejabberd.im; - platforms = lib.platforms.linux; - maintainers = [ lib.maintainers.sander lib.maintainers.abbradar ]; + platforms = platforms.linux; + maintainers = with maintainers; [ sander abbradar ]; broken = withElixir; }; } diff --git a/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch b/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch new file mode 100644 index 000000000..f7c842b7b --- /dev/null +++ b/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch @@ -0,0 +1,32 @@ +--- a/ejabberdctl.template 1970-01-01 01:00:01.000000000 +0100 ++++ b/ejabberdctl.template 2018-04-24 23:06:54.127715441 +0200 +@@ -42,19 +42,18 @@ + esac + + # parse command line parameters +-for arg; do +- case $arg in +- -n|--node) ERLANG_NODE_ARG=$2; shift;; +- -s|--spool) SPOOL_DIR=$2; shift;; +- -l|--logs) LOGS_DIR=$2; shift;; +- -f|--config) EJABBERD_CONFIG_PATH=$2; shift;; +- -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift;; +- -d|--config-dir) ETC_DIR=$2; shift;; +- -t|--no-timeout) NO_TIMEOUT="--no-timeout";; +- --) :;; ++while test $# -gt 0; do ++ case $1 in ++ -n|--node) ERLANG_NODE_ARG=$2; shift 2;; ++ -s|--spool) SPOOL_DIR=$2; shift 2;; ++ -l|--logs) LOGS_DIR=$2; shift 2;; ++ -f|--config) EJABBERD_CONFIG_PATH=$2; shift 2;; ++ -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift 2;; ++ -d|--config-dir) ETC_DIR=$2; shift 2;; ++ -t|--no-timeout) NO_TIMEOUT="--no-timeout"; shift 1;; ++ # --) :;; what is this for? + *) break;; + esac +- shift + done + + # define ejabberd variables if not already defined from the command line From c96b18879e24b77133098d27c6866fb78eab8fde Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 26 Apr 2018 12:56:15 +0200 Subject: [PATCH 149/183] newsbot-js: restart daily --- krebs/3modules/newsbot-js.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/newsbot-js.nix b/krebs/3modules/newsbot-js.nix index d372081ee..00e346f8e 100644 --- a/krebs/3modules/newsbot-js.nix +++ b/krebs/3modules/newsbot-js.nix @@ -93,6 +93,7 @@ let User = "newsbot-js"; Restart = "always"; ExecStart = "${newsbot.package}/bin/newsbot"; + WatchdogSec = "86400"; }; } ) cfg; From 0b9727b3ad324b1d1f6a8db4181be546eb5ec397 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 26 Apr 2018 13:11:14 +0200 Subject: [PATCH 150/183] news: update shackspace url --- krebs/2configs/news-spam.nix | 2 +- krebs/2configs/news.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/2configs/news-spam.nix b/krebs/2configs/news-spam.nix index 63848c234..ac3822bc2 100644 --- a/krebs/2configs/news-spam.nix +++ b/krebs/2configs/news-spam.nix @@ -120,7 +120,7 @@ [SPAM]sciencemag|http://news.sciencemag.org/rss/current.xml|#snews [SPAM]scmp|http://www.scmp.com/rss/91/feed|#snews [SPAM]sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#snews - [SPAM]shackspace|http://blog.shackspace.de/?feed=rss2|#snews + [SPAM]shackspace|http://shackspace.de/atom.xml|#snews [SPAM]shz_news|http://www.shz.de/nachrichten/newsticker/rss|#snews [SPAM]sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#snews [SPAM]sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#snews diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index 2628c7986..49a5e3459 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -11,7 +11,7 @@ painload|https://github.com/krebscode/painload/commits/master.atom|#news reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news reddit_nix|http://www.reddit.com/r/nixos/.rss|#news - shackspace|http://blog.shackspace.de/?feed=rss2|#news + shackspace|http://shackspace.de/atom.xml|#news tinc|http://tinc-vpn.org/news/index.rss|#news vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news weechat|http://dev.weechat.org/feed/atom|#news From 817efa5f9d26effaa4c7a8efd6710fec4eb33300 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 15:14:35 +0200 Subject: [PATCH 151/183] l prism.r: kill kaepsele container --- lass/1systems/prism/config.nix | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 983604f8e..68f1826b4 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -189,26 +189,6 @@ in { localAddress = "10.233.2.2"; }; } - { - #kaepsele - systemd.services."container@kaepsele".reloadIfChanged = mkForce false; - containers.kaepsele = { - config = { ... }: { - imports = [ ]; - environment.systemPackages = [ pkgs.git ]; - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [ - lass.pubkey - tv.pubkey - ]; - }; - autoStart = true; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.3"; - localAddress = "10.233.2.4"; - }; - } { #onondaga systemd.services."container@onondaga".reloadIfChanged = mkForce false; From 9bd435d14c67023474989dd78ae5fcaca679e809 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 15:14:59 +0200 Subject: [PATCH 152/183] types host: add monitoring bool --- lib/types.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lib/types.nix b/lib/types.nix index 1cf2d96c9..d663d2512 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -50,6 +50,14 @@ rec { default = false; }; + monitoring = mkOption { + description = '' + Whether the host should be monitored by monitoring tools like Prometheus. + ''; + type = bool; + default = false; + }; + owner = mkOption { type = user; }; From 5749edd33a867eee28f9f74d86f57a5717f58a18 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 15:52:56 +0200 Subject: [PATCH 153/183] l: add monitoring bool to hosts --- krebs/3modules/lass/default.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 0c3e68c39..cf4229a82 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -9,6 +9,7 @@ with import ; hosts = mapAttrs (_: recursiveUpdate { owner = config.krebs.users.lass; ci = true; + monitoring = true; }) { dishfire = { cores = 4; @@ -149,6 +150,7 @@ with import ; }; domsen-nas = { ci = false; + monitoring = false; external = true; nets = rec { internet = { @@ -161,6 +163,7 @@ with import ; }; }; uriel = { + monitoring = false; cores = 1; nets = { gg23 = { @@ -399,10 +402,12 @@ with import ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX"; }; iso = { + monitoring = false; ci = false; cores = 1; }; sokrateslaptop = { + monitoring = false; ci = false; external = true; nets = { @@ -426,6 +431,7 @@ with import ; }; }; turingmachine = { + monitoring = false; ci = false; external = true; nets = { @@ -454,6 +460,7 @@ with import ; }; }; eddie = { + monitoring = false; ci = false; external = true; nets = rec { @@ -494,6 +501,7 @@ with import ; }; }; borg = { + monitoring = false; ci = false; external = true; nets = { @@ -521,6 +529,7 @@ with import ; }; }; inspector = { + monitoring = false; ci = false; external = true; nets = rec { @@ -552,6 +561,7 @@ with import ; }; }; dpdkm = { + monitoring = false; ci = false; external = true; nets = rec { From eca81992947815db2700a831aa1ec38a0e70216b Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 16:52:48 +0200 Subject: [PATCH 154/183] l: kill legacy backups --- lass/1systems/cabal/config.nix | 1 - lass/1systems/daedalus/config.nix | 1 - lass/1systems/icarus/config.nix | 1 - lass/1systems/littleT/config.nix | 1 - lass/1systems/shodan/config.nix | 1 - lass/1systems/skynet/config.nix | 1 - lass/2configs/backups.nix | 173 ------------------------------ lass/2configs/default.nix | 1 - 8 files changed, 180 deletions(-) delete mode 100644 lass/2configs/backups.nix diff --git a/lass/1systems/cabal/config.nix b/lass/1systems/cabal/config.nix index 7eba86c52..88f642d6b 100644 --- a/lass/1systems/cabal/config.nix +++ b/lass/1systems/cabal/config.nix @@ -13,7 +13,6 @@ - ]; diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 609fae3c8..0c7b7b6da 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -8,7 +8,6 @@ with import ; - { diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 46dc5e873..c55d694c2 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -14,7 +14,6 @@ - ]; diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix index 7211c78eb..69c87e5a8 100644 --- a/lass/1systems/littleT/config.nix +++ b/lass/1systems/littleT/config.nix @@ -8,7 +8,6 @@ with import ; - { users.users.blacky = { diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 7fb57544f..5877d1470 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -15,7 +15,6 @@ with import ; - ]; diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix index 0b9499982..b2210282f 100644 --- a/lass/1systems/skynet/config.nix +++ b/lass/1systems/skynet/config.nix @@ -9,7 +9,6 @@ with import ; # - { # discordius config services.xserver.enable = true; diff --git a/lass/2configs/backups.nix b/lass/2configs/backups.nix deleted file mode 100644 index c4fb85420..000000000 --- a/lass/2configs/backups.nix +++ /dev/null @@ -1,173 +0,0 @@ -{ config, lib, ... }: -with import ; -{ - - # TODO add timerConfig to krebs.backup and randomize startup - # TODO define plans more abstract - krebs.backup.plans = { - } // mapAttrs (_: recursiveUpdate { - snapshots = { - daily = { format = "%Y-%m-%d"; retain = 7; }; - weekly = { format = "%YW%W"; retain = 4; }; - monthly = { format = "%Y-%m"; retain = 12; }; - yearly = { format = "%Y"; }; - }; - }) { - dishfire-http-prism = { - method = "pull"; - src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; }; - dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-http"; }; - startAt = "03:00"; - }; - dishfire-http-icarus = { - method = "pull"; - src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; }; - dst = { host = config.krebs.hosts.icarus; path = "/bku/dishfire-http"; }; - startAt = "03:10"; - }; - dishfire-http-mors = { - method = "pull"; - src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; }; - dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-http"; }; - startAt = "03:05"; - }; - dishfire-http-shodan = { - method = "pull"; - src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; }; - dst = { host = config.krebs.hosts.shodan; path = "/bku/dishfire-http"; }; - startAt = "03:10"; - }; - dishfire-sql-prism = { - method = "pull"; - src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; }; - dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-sql"; }; - startAt = "03:15"; - }; - dishfire-sql-icarus = { - method = "pull"; - src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; }; - dst = { host = config.krebs.hosts.icarus; path = "/bku/dishfire-sql"; }; - startAt = "03:25"; - }; - dishfire-sql-mors = { - method = "pull"; - src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; }; - dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-sql"; }; - startAt = "03:20"; - }; - dishfire-sql-shodan = { - method = "pull"; - src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; }; - dst = { host = config.krebs.hosts.shodan; path = "/bku/dishfire-sql"; }; - startAt = "03:25"; - }; - prism-bitlbee-icarus = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; }; - dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-bitlbee"; }; - startAt = "03:25"; - }; - prism-bitlbee-mors = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; }; - dst = { host = config.krebs.hosts.mors; path = "/bku/prism-bitlbee"; }; - startAt = "03:25"; - }; - prism-bitlbee-shodan = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; }; - dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-bitlbee"; }; - startAt = "03:25"; - }; - prism-chat-icarus = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/home/chat"; }; - dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-chat"; }; - startAt = "03:35"; - }; - prism-chat-mors = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/home/chat"; }; - dst = { host = config.krebs.hosts.mors; path = "/bku/prism-chat"; }; - startAt = "03:30"; - }; - prism-chat-shodan = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/home/chat"; }; - dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-chat"; }; - startAt = "03:35"; - }; - prism-sql-icarus = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; }; - dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-sql_dumps"; }; - startAt = "03:45"; - }; - prism-sql-mors = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; }; - dst = { host = config.krebs.hosts.mors; path = "/bku/prism-sql_dumps"; }; - startAt = "03:40"; - }; - prism-sql-shodan = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; }; - dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-sql_dumps"; }; - startAt = "03:45"; - }; - prism-http-icarus = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/srv/http"; }; - dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-http"; }; - startAt = "03:55"; - }; - prism-http-mors = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/srv/http"; }; - dst = { host = config.krebs.hosts.mors; path = "/bku/prism-http"; }; - startAt = "03:50"; - }; - prism-http-shodan = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/srv/http"; }; - dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-http"; }; - startAt = "03:55"; - }; - icarus-home-mors = { - method = "pull"; - src = { host = config.krebs.hosts.icarus; path = "/home"; }; - dst = { host = config.krebs.hosts.mors; path = "/bku/icarus-home"; }; - startAt = "05:00"; - }; - icarus-home-shodan = { - method = "push"; - src = { host = config.krebs.hosts.icarus; path = "/home"; }; - dst = { host = config.krebs.hosts.shodan; path = "/bku/icarus-home"; }; - startAt = "05:00"; - }; - mors-home-icarus = { - method = "push"; - src = { host = config.krebs.hosts.mors; path = "/home"; }; - dst = { host = config.krebs.hosts.icarus; path = "/bku/mors-home"; }; - startAt = "05:00"; - }; - mors-home-shodan = { - method = "push"; - src = { host = config.krebs.hosts.mors; path = "/home"; }; - dst = { host = config.krebs.hosts.shodan; path = "/bku/mors-home"; }; - startAt = "05:00"; - }; - shodan-home-icarus = { - method = "pull"; - src = { host = config.krebs.hosts.shodan; path = "/home"; }; - dst = { host = config.krebs.hosts.icarus; path = "/bku/shodan-home"; }; - startAt = "04:00"; - }; - shodan-home-mors = { - method = "pull"; - src = { host = config.krebs.hosts.shodan; path = "/home"; }; - dst = { host = config.krebs.hosts.mors; path = "/bku/shodan-home"; }; - startAt = "04:00"; - }; - }; -} diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 5a5f1b347..d56f89c2f 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -9,7 +9,6 @@ with import ; ./monitoring/client.nix ./zsh.nix ./htop.nix - ./backups.nix ./security-workarounds.nix { users.extraUsers = From 72abe80227ec5de5c2f7a55f6e2fe3da46c14538 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 16:55:43 +0200 Subject: [PATCH 155/183] l: config for backup target --- lass/1systems/daedalus/config.nix | 1 + lass/1systems/helios/config.nix | 1 + lass/1systems/icarus/config.nix | 1 + lass/1systems/littleT/config.nix | 1 + lass/1systems/mors/config.nix | 1 + lass/1systems/shodan/config.nix | 1 + lass/2configs/backup.nix | 20 ++++++++++++++++++++ 7 files changed, 26 insertions(+) create mode 100644 lass/2configs/backup.nix diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 0c7b7b6da..c15fcdc21 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -10,6 +10,7 @@ with import ; + { # bubsy config users.users.bubsy = { diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index e64cfbe79..557fce1e8 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -17,6 +17,7 @@ with import ; + { # automatic hardware detection boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.kernelModules = [ "kvm-intel" ]; diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index c55d694c2..b6a0822b9 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -16,6 +16,7 @@ + ]; krebs.build.host = config.krebs.hosts.icarus; diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix index 69c87e5a8..ef19e8d16 100644 --- a/lass/1systems/littleT/config.nix +++ b/lass/1systems/littleT/config.nix @@ -8,6 +8,7 @@ with import ; + { users.users.blacky = { diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index c59494e4d..c21197f89 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -33,6 +33,7 @@ with import ; + { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 5877d1470..42a46c5f5 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -17,6 +17,7 @@ with import ; + ]; krebs.build.host = config.krebs.hosts.shodan; diff --git a/lass/2configs/backup.nix b/lass/2configs/backup.nix new file mode 100644 index 000000000..27adf6d2a --- /dev/null +++ b/lass/2configs/backup.nix @@ -0,0 +1,20 @@ +{ config, lib, ... }: +with import ; + +{ + fileSystems = { + "/backups" = { + device = "/dev/pool/backup"; + fsType = "ext4"; + }; + }; + users.users.backup = { + useDefaultShell = true; + home = "/backups"; + createHome = true; + openssh.authorizedKeys.keys = with config.krebs.hosts; [ + mors.ssh.pubkey + prism.ssh.pubkey + ]; + }; +} From f888226d37abeff6e5c4e61d393a886b16ff0178 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 18:04:46 +0200 Subject: [PATCH 156/183] l: RIP echelon.r --- krebs/3modules/lass/default.nix | 33 --------------------- lass/1systems/echelon/config.nix | 50 -------------------------------- lass/1systems/echelon/source.nix | 3 -- 3 files changed, 86 deletions(-) delete mode 100644 lass/1systems/echelon/config.nix delete mode 100644 lass/1systems/echelon/source.nix diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index cf4229a82..1ad0cd6d4 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -44,39 +44,6 @@ with import ; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy"; }; - echelon = { - cores = 2; - nets = rec { - internet = { - ip4.addr = "64.137.242.41"; - aliases = [ - "echelon.i" - ]; - ssh.port = 45621; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.206.103"; - ip6.addr = "42:941e:2816:35f4:5c5e:206b:3f0b:f763"; - aliases = [ - "echelon.r" - "cgit.echelon.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAuscWOYdHu0bpWacvwTNd6bcmrAQ0YFxJWHZF8kPZr+bMKIhnXLkJ - oJheENIM6CA9lQQQFUxh2P2pxZavW5rgVlJxIKeiB+MB4v6ZO60LmZgpCsWGD/dX - MipM2tLtQxYhvLJIJxEBWn3rxIgeEnCtZsH1KLWyLczb+QpvTjMJ4TNh1nEBPE/f - 4LUH1JHaGhcaHl2dLemR9wnnDIjmSj0ENJp2al+hWnIggcA/Zp0e4b86Oqbbs5wA - n++n5j971cTrBdA89nJDYOEtepisglScVRbgLqJG81lDA+n24RWFynn+U3oD/L8p - do+kxlwZUEDRbPU4AO5L+UeIbimsuIfXiQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK"; - }; prism = rec { cores = 4; extraZones = { diff --git a/lass/1systems/echelon/config.nix b/lass/1systems/echelon/config.nix deleted file mode 100644 index 6f96883bf..000000000 --- a/lass/1systems/echelon/config.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (import { inherit pkgs lib; }) getDefaultGateway; - ip = config.krebs.build.host.nets.internet.ip4.addr; -in { - imports = [ - - - - - - - { - networking.interfaces.enp2s1.ip4 = [ - { - address = ip; - prefixLength = 24; - } - ]; - networking.defaultGateway = getDefaultGateway ip; - networking.nameservers = [ - "8.8.8.8" - ]; - - } - { - sound.enable = false; - } - { - users.extraUsers = { - satan = { - name = "satan"; - uid = 1338; - home = "/home/satan"; - group = "users"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - ]; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+l3ajjOd80uJBM8oHO9HRbtA5hK6hvrpxxnk7qWW7OloT9IXcoM8bbON755vK0O6XyxZo1JZ1SZ7QIaOREGVIRDjcbJbqD3O+nImc6Rzxnrz7hvE+tuav9Yylwcw5HeQi82UIMGTEAwMHwLvsW6R/xyMCuOTbbzo9Ib8vlJ8IPDECY/05RhL7ZYFR0fdphI7jq7PobnO8WEpCZDhMvSYjO9jf3ac53wyghT3gH7AN0cxTR9qgQlPHhTbw+nZEI0sUKtrIhjfVE80wgK3NQXZZj7YAplRs/hYwSi7i8V0+8CBt2epc/5RKnJdDHFQnaTENq9kYQPOpUCP6YUwQIo8X nineinchnade@gmail.com" - ]; - }; - }; - } - ]; - - krebs.build.host = config.krebs.hosts.echelon; -} diff --git a/lass/1systems/echelon/source.nix b/lass/1systems/echelon/source.nix deleted file mode 100644 index 96888d5a8..000000000 --- a/lass/1systems/echelon/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import { - name = "echelon"; -} From afb63ca8c747e0604d16d806640e42284061372a Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 19:10:49 +0200 Subject: [PATCH 157/183] l mors.r: add redshift --- lass/1systems/mors/config.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index c21197f89..71d020775 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -187,6 +187,10 @@ with import ; programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; virtualisation.docker.enable = true; + services.redshift = { + enable = true; + provider = "geoclue2"; + }; lass.restic = genAttrs [ "daedalus" From 76cd1c70b6643be6262e046f1daba5aaeee71efb Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 19:16:12 +0200 Subject: [PATCH 158/183] l mors.r: add some pkgs --- lass/1systems/mors/config.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 71d020775..f8a16ad2e 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -141,6 +141,8 @@ with import ; dpass dnsutils + woeusb + l-gen-secrets generate-secrets (pkgs.writeDashBin "btc-coinbase" '' ${pkgs.curl}/bin/curl -Ss 'https://api.coinbase.com/v2/prices/spot?currency=EUR' | ${pkgs.jq}/bin/jq '.data.amount' From 2701bdd97f0f2ea8681b1d66670eb68ea0f11017 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 19:34:36 +0200 Subject: [PATCH 159/183] l: use prometheus as monitoring --- lass/1systems/prism/config.nix | 3 +-- lass/2configs/default.nix | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 68f1826b4..f8178a200 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -217,13 +217,12 @@ in { - - + { # quasi bepasty.nix imports = [ diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index d56f89c2f..12a814605 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -6,7 +6,7 @@ with import ; ./gc.nix ./mc.nix ./vim.nix - ./monitoring/client.nix + ./monitoring/node-exporter.nix ./zsh.nix ./htop.nix ./security-workarounds.nix From ba1a8d0b5a0296e6f8673bd87983bfd482085e2c Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 19:43:38 +0200 Subject: [PATCH 160/183] l: kill dns-stuff --- lass/2configs/baseX.nix | 1 - lass/2configs/dns-stuff.nix | 16 ---------------- 2 files changed, 17 deletions(-) delete mode 100644 lass/2configs/dns-stuff.nix diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index ed179ded6..e2e44b6fc 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -9,7 +9,6 @@ in { ./power-action.nix ./copyq.nix ./livestream.nix - ./dns-stuff.nix ./urxvt.nix ./network-manager.nix { diff --git a/lass/2configs/dns-stuff.nix b/lass/2configs/dns-stuff.nix deleted file mode 100644 index cbcce8df9..000000000 --- a/lass/2configs/dns-stuff.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, pkgs, ... }: -with import ; -{ - services.dnscrypt-proxy = { - enable = true; - localAddress = "127.1.0.1"; - customResolver = { - address = config.krebs.hosts.gum.nets.internet.ip4.addr; - port = 15251; - name = "2.dnscrypt-cert.euer.krebsco.de"; - key = "1AFC:E58D:F242:0FBB:9EE9:4E51:47F4:5373:D9AE:C2AB:DD96:8448:333D:5D79:272C:A44C"; - }; - }; - services.resolved.enable = true; - services.resolved.fallbackDns = [ "127.1.0.1" ]; -} From 8f81bc6deec5fbcc41d2bc463ceaaa3b203cc2bf Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 08:37:44 +0200 Subject: [PATCH 161/183] l xerxes.r: remove deprecated nixpkgs override --- lass/1systems/xerxes/source.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/lass/1systems/xerxes/source.nix b/lass/1systems/xerxes/source.nix index 11f5bf796..d256b885b 100644 --- a/lass/1systems/xerxes/source.nix +++ b/lass/1systems/xerxes/source.nix @@ -2,10 +2,4 @@ with import ; import { name = "xerxes"; secure = true; - override = { - nixpkgs.git = mkForce { - url = https://github.com/lassulus/nixpkgs; - ref = "3eccd0b"; - }; - }; } From 102324c0d88a535f7518c97cb908da8d377a0bd8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 08:44:04 +0200 Subject: [PATCH 162/183] l bitcoin: remove ethereum --- lass/2configs/bitcoin.nix | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/lass/2configs/bitcoin.nix b/lass/2configs/bitcoin.nix index a405addfc..9f6fd3bf0 100644 --- a/lass/2configs/bitcoin.nix +++ b/lass/2configs/bitcoin.nix @@ -10,9 +10,6 @@ in { krebs.per-user.bitcoin.packages = [ pkgs.electrum ]; - krebs.per-user.ethereum.packages = [ - pkgs.go-ethereum - ]; users.extraUsers = { bch = { name = "bch"; @@ -28,13 +25,6 @@ in { useDefaultShell = true; createHome = true; }; - ethereum = { - name = "ethereum"; - description = "user for ethereum stuff"; - home = "/home/ethereum"; - useDefaultShell = true; - createHome = true; - }; }; security.sudo.extraConfig = '' ${mainUser.name} ALL=(bitcoin) NOPASSWD: ALL From 004b6a895ad7ee9f7bb8864f99f98c356d93a6f2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 09:10:40 +0200 Subject: [PATCH 163/183] l: add dev to docker group --- lass/2configs/dcso-dev.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/dcso-dev.nix b/lass/2configs/dcso-dev.nix index ae1c7bc8d..b985b67b3 100644 --- a/lass/2configs/dcso-dev.nix +++ b/lass/2configs/dcso-dev.nix @@ -9,6 +9,7 @@ in { dev = { name = "dev"; uid = genid "dev"; + extraGroups = [ "docker" ]; description = "user for collaborative development"; home = "/home/dev"; useDefaultShell = true; From cfedae61e84501d21e76d382c5c060839742c714 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 09:23:00 +0200 Subject: [PATCH 164/183] hotdog.r: add NIX_REMOTE=daemon to env --- krebs/1systems/hotdog/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 98fb88702..662e094d1 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -21,4 +21,5 @@ boot.isContainer = true; networking.useDHCP = false; krebs.ci.stockholmSrc = "http://cgit.prism.r/stockholm"; + environment.variables.NIX_REMOTE = "daemon"; } From 82e465bcfc0e6e6a1481db91f7fd8f43d66d7697 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 09:35:07 +0200 Subject: [PATCH 165/183] nixpkgs: 4b4bbce -> b50443b --- krebs/kops.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/kops.nix b/krebs/kops.nix index f544b93d2..abd60ee5a 100644 --- a/krebs/kops.nix +++ b/krebs/kops.nix @@ -13,7 +13,7 @@ krebs-source = { nixpkgs.git = { - ref = "4b4bbce199d3b3a8001ee93495604289b01aaad3"; + ref = "b50443b5c4ac0f382c49352a892b9d5d970eb4e7"; url = https://github.com/NixOS/nixpkgs; }; stockholm.file = toString ../.; From dabd9f0f02b44b048b6355184fa64612201db72d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 09:41:43 +0200 Subject: [PATCH 166/183] l monitoring: open ports --- lass/2configs/monitoring/node-exporter.nix | 6 ++++-- lass/2configs/monitoring/prometheus-server.nix | 6 ++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/lass/2configs/monitoring/node-exporter.nix b/lass/2configs/monitoring/node-exporter.nix index 8c27e90d4..561e3a25c 100644 --- a/lass/2configs/monitoring/node-exporter.nix +++ b/lass/2configs/monitoring/node-exporter.nix @@ -1,7 +1,9 @@ { config, lib, pkgs, ... }: { - networking.firewall.allowedTCPPorts = [ 9100 ]; - + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip4.addr}"; target = "ACCEPT"; v6 = false; } + { predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip6.addr}"; target = "ACCEPT"; v4 = false; } + ]; services.prometheus.exporters = { node = { enable = true; diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix index d56d7e552..c5c97412d 100644 --- a/lass/2configs/monitoring/prometheus-server.nix +++ b/lass/2configs/monitoring/prometheus-server.nix @@ -9,6 +9,12 @@ # useDHCP = true; #}; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 3000"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 9090"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 9093"; target = "ACCEPT"; } + ]; + services = { prometheus = { enable = true; From a0862fa505ba8fb1d94c8bdac69a2077ba89bcdc Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 09:43:17 +0200 Subject: [PATCH 167/183] l monitoring: monitor more hosts --- lass/2configs/monitoring/prometheus-server.nix | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix index c5c97412d..92bb0519f 100644 --- a/lass/2configs/monitoring/prometheus-server.nix +++ b/lass/2configs/monitoring/prometheus-server.nix @@ -130,11 +130,10 @@ static_configs = [ { targets = [ - "localhost:9100" - ]; - labels = { - alias = "prometheus.example.com"; - }; + ] ++ map (host: "${host}:9100") (lib.attrNames (lib.filterAttrs (_: host: host.owner.name == "lass" && host.monitoring) config.krebs.hosts)); + #labels = { + # alias = "prometheus.example.com"; + #}; } ]; } From da44ae1115af80bb71f38de20b7421d08e435ea7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 09:43:51 +0200 Subject: [PATCH 168/183] l monitoring: print alarms to irc --- .../2configs/monitoring/prometheus-server.nix | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix index 92bb0519f..1f9419e1a 100644 --- a/lass/2configs/monitoring/prometheus-server.nix +++ b/lass/2configs/monitoring/prometheus-server.nix @@ -181,4 +181,37 @@ security = import ; # { AdminUser = ""; adminPassword = ""} }; }; + services.logstash = { + enable = true; + inputConfig = '' + http { + port => 14813 + host => "127.0.0.1" + } + ''; + filterConfig = '' + if ([alerts]) { + ruby { + code => ' + lines = [] + event["alerts"].each {|p| + lines << "#{p["labels"]["instance"]}#{p["annotations"]["summary"]} #{p["status"]}" + } + event["output"] = lines.join("\n") + ' + } + } + ''; + outputConfig = '' + file { path => "/tmp/logs.json" codec => "json_lines" } + irc { + channels => [ "#noise" ] + host => "irc.r" + nick => "alarm" + codec => "json_lines" + format => "%{output}" + } + ''; + #plugins = [ ]; + }; } From 1d1861fe7c3c2906a0deff9ae9598fa7ffe08c0d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 11:29:46 +0200 Subject: [PATCH 169/183] l notmuch: disable tests --- lass/2configs/mail.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 81db59617..2bb51b50a 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -206,8 +206,11 @@ in { msmtp mutt pkgs.much - pkgs.notmuch tag-new-mails tag-old-mails ]; + + nixpkgs.config.packageOverrides = opkgs: { + notmuch = (opkgs.notmuch.overrideAttrs (o: { doCheck = false; })); + }; } From 4190562d1233e40b3364c1bd812f2702a0748e49 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 16:12:10 +0200 Subject: [PATCH 170/183] l monitoring: delete legacy config --- lass/2configs/monitoring/client.nix | 26 ------- lass/2configs/monitoring/monit-alarms.nix | 44 ------------ lass/2configs/monitoring/server.nix | 87 ----------------------- 3 files changed, 157 deletions(-) delete mode 100644 lass/2configs/monitoring/client.nix delete mode 100644 lass/2configs/monitoring/monit-alarms.nix delete mode 100644 lass/2configs/monitoring/server.nix diff --git a/lass/2configs/monitoring/client.nix b/lass/2configs/monitoring/client.nix deleted file mode 100644 index b8c245215..000000000 --- a/lass/2configs/monitoring/client.nix +++ /dev/null @@ -1,26 +0,0 @@ -{pkgs, config, ...}: -with import ; -{ - services.telegraf = { - enable = true; - - extraConfig = { - agent.interval = "1s"; - outputs = { - influxdb = { - urls = ["http://prism:8086"]; - database = "telegraf_db"; - user_agent = "telegraf"; - }; - }; - inputs = { - cpu = { - percpu = false; - totalcpu = true; - }; - mem = {}; - net = {}; - }; - }; - }; -} diff --git a/lass/2configs/monitoring/monit-alarms.nix b/lass/2configs/monitoring/monit-alarms.nix deleted file mode 100644 index 2cfc292e5..000000000 --- a/lass/2configs/monitoring/monit-alarms.nix +++ /dev/null @@ -1,44 +0,0 @@ -{pkgs, config, ...}: -with import ; -let - echoToIrc = msg: - pkgs.writeDash "echo_irc" '' - set -euf - export LOGNAME=prism-alarm - ${pkgs.irc-announce}/bin/irc-announce \ - irc.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null - ''; - -in { - krebs.monit = { - enable = true; - http.enable = true; - alarms = { - nirwanabluete = { - test = "${pkgs.curl}/bin/curl -sf 'https://nirwanabluete.de/'"; - alarm = echoToIrc "test nirwanabluete failed"; - }; - ubik = { - test = "${pkgs.curl}/bin/curl -sf 'https://ubikmedia.de'"; - alarm = echoToIrc "test ubik failed"; - }; - cac-panel = { - test = "${pkgs.curl}/bin/curl -sf 'https://panel.cloudatcost.com/login.php'"; - alarm = echoToIrc "test cac-panel failed"; - }; - radio = { - test = pkgs.writeBash "check_stream" '' - ${pkgs.curl}/bin/curl -sif http://lassul.us:8000/radio.ogg \ - | ${pkgs.gawk}/bin/awk '/^\r$/{exit}{print $0}' \ - | ${pkgs.gnugrep}/bin/grep -q "200 OK" || exit "''${PIPESTATUS[0]}" - ''; - alarm = echoToIrc "test radio failed"; - }; - }; - }; - - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; } - ]; -} - diff --git a/lass/2configs/monitoring/server.nix b/lass/2configs/monitoring/server.nix deleted file mode 100644 index adaecde2c..000000000 --- a/lass/2configs/monitoring/server.nix +++ /dev/null @@ -1,87 +0,0 @@ -{pkgs, config, ...}: -with import ; -{ - services.influxdb.enable = true; - - services.influxdb.extraConfig = { - meta.hostname = config.krebs.build.host.name; - # meta.logging-enabled = true; - http.bind-address = ":8086"; - admin.bind-address = ":8083"; - http.log-enabled = false; - monitoring = { - enabled = false; - # write-interval = "24h"; - }; - collectd = [{ - enabled = true; - typesdb = "${pkgs.collectd}/share/collectd/types.db"; - database = "collectd_db"; - port = 25826; - }]; - }; - - krebs.kapacitor = - let - db = "telegraf_db"; - echoToIrc = pkgs.writeDash "echo_irc" '' - set -euf - data="$(${pkgs.jq}/bin/jq -r .message)" - export LOGNAME=prism-alarm - ${pkgs.irc-announce}/bin/irc-announce \ - irc.r 6667 prism-alarm \#noise "$data" >/dev/null - ''; - in { - enable = true; - alarms = { - cpu = { - database = db; - text = '' - var data = batch - |query(${"'''"} - SELECT mean("usage_user") AS mean - FROM "${db}"."default"."cpu" - ${"'''"}) - .period(10m) - .every(1m) - .groupBy('host') - data |alert() - .crit(lambda: "mean" > 90) - .exec('${echoToIrc}') - data |deadman(1.0,5m) - .stateChangesOnly() - .exec('${echoToIrc}') - ''; - }; - ram = { - database = db; - text = '' - var data = batch - |query(${"'''"} - SELECT mean("used_percent") AS mean - FROM "${db}"."default"."mem" - ${"'''"}) - .period(10m) - .every(1m) - .groupBy('host') - data |alert() - .crit(lambda: "mean" > 90) - .exec('${echoToIrc}') - ''; - }; - }; - }; - - services.grafana = { - enable = true; - addr = "0.0.0.0"; - auth.anonymous.enable = true; - security = import ; # { AdminUser = ""; adminPassword = ""} - }; - - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp -i retiolum --dport 8086"; target = "ACCEPT"; } - { predicate = "-p tcp -i retiolum --dport 3000"; target = "ACCEPT"; } - { predicate = "-p udp -i retiolum --dport 25826"; target = "ACCEPT"; } - ]; -} From 936daa16085d2615a4ab624d7249aeda95ec40bb Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 16:52:16 +0200 Subject: [PATCH 171/183] l: update lassul.us zone --- krebs/3modules/lass/default.nix | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 1ad0cd6d4..99010481b 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -54,14 +54,17 @@ with import ; "lassul.us" = '' $TTL 3600 @ IN SOA dns16.ovh.net. tech.ovh.net. (2017093001 86400 3600 3600000 300) - 60 IN NS ns16.ovh.net. - 60 IN NS dns16.ovh.net. - 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - 60 IN TXT v=spf1 mx a:lassul.us -all - cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - io 60 IN NS ions.lassul.us. - ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + 60 IN NS ns16.ovh.net. + 60 IN NS dns16.ovh.net. + 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + 60 IN TXT v=spf1 mx a:lassul.us -all + 60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" ) + default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" + cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + io 60 IN NS ions.lassul.us. + ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; }; nets = rec { From a8295ac81525996fb5f7393da353eb6fe9f06411 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 17:05:16 +0200 Subject: [PATCH 172/183] krebs news-spam: use go.lassul.us --- krebs/2configs/news-spam.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/2configs/news-spam.nix b/krebs/2configs/news-spam.nix index ac3822bc2..69c503bf9 100644 --- a/krebs/2configs/news-spam.nix +++ b/krebs/2configs/news-spam.nix @@ -2,6 +2,7 @@ { krebs.newsbot-js.news-spam = { + urlShortenerHost = "go.lassul.us"; feeds = pkgs.writeText "feeds" '' [SPAM]aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews [SPAM]allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews From 92c123397188ae6cf115197862e8d79015995356 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 17:26:43 +0200 Subject: [PATCH 173/183] l prism.r: run go-shortener --- lass/1systems/prism/config.nix | 1 + lass/2configs/go.nix | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 lass/2configs/go.nix diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index f8178a200..7b581d905 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -303,6 +303,7 @@ in { { predicate = "-p tcp --dport 53589"; target = "ACCEPT"; } ]; } + ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/2configs/go.nix b/lass/2configs/go.nix new file mode 100644 index 000000000..ecf89b298 --- /dev/null +++ b/lass/2configs/go.nix @@ -0,0 +1,19 @@ +{ config, lib, pkgs, ... }: +{ + krebs.go = { + enable = true; + }; + services.nginx = { + enable = true; + virtualHosts.go = { + locations."/".extraConfig = '' + proxy_set_header Host go.lassul.us; + proxy_pass http://localhost:1337; + ''; + serverAliases = [ + "go.lassul.us" + ]; + }; + }; +} + From b96f9d898a77bb5a735ad35d1bc1eeeea1833cae Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 23:14:34 +0200 Subject: [PATCH 174/183] l websites: move servephpBB to util --- lass/2configs/websites/lassulus.nix | 55 ----------------------------- lass/2configs/websites/util.nix | 53 +++++++++++++++++++++++++++ 2 files changed, 53 insertions(+), 55 deletions(-) diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 25ca1f455..b9811221c 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -6,61 +6,6 @@ let genid ; - servephpBB = domains: - let - domain = head domains; - - in { - services.nginx.virtualHosts."${domain}" = { - enableACME = true; - forceSSL = true; - serverAliases = domains; - extraConfig = '' - index index.php; - root /srv/http/${domain}/; - access_log /tmp/nginx_acc.log; - error_log /tmp/nginx_err.log; - error_page 404 /404.html; - error_page 500 502 503 504 /50x.html; - client_max_body_size 100m; - ''; - locations."/".extraConfig = '' - try_files $uri $uri/ /index.php?$args; - ''; - locations."~ \.php(?:$|/)".extraConfig = '' - fastcgi_split_path_info ^(.+\.php)(/.+)$; - include ${pkgs.nginx}/conf/fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param HTTPS on; - fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice - fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool; - fastcgi_intercept_errors on; - ''; - #Directives to send expires headers and turn off 404 error logging. - locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = '' - access_log off; - log_not_found off; - expires max; - ''; - }; - services.phpfpm.poolConfigs."${domain}" = '' - listen = /srv/http/${domain}/phpfpm.pool - user = nginx - group = nginx - pm = dynamic - pm.max_children = 25 - pm.start_servers = 5 - pm.min_spare_servers = 3 - pm.max_spare_servers = 20 - listen.owner = nginx - listen.group = nginx - php_admin_value[error_log] = 'stderr' - php_admin_flag[log_errors] = on - catch_workers_output = yes - ''; - }; - in { imports = [ ./default.nix diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index 441b7af90..61b5543ce 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -28,6 +28,59 @@ rec { }; }; + servephpBB = domains: + let + domain = head domains; + + in { + services.nginx.virtualHosts."${domain}" = { + serverAliases = domains; + extraConfig = '' + index index.php; + root /srv/http/${domain}/; + access_log /tmp/nginx_acc.log; + error_log /tmp/nginx_err.log; + error_page 404 /404.html; + error_page 500 502 503 504 /50x.html; + client_max_body_size 100m; + ''; + locations."/".extraConfig = '' + try_files $uri $uri/ /index.php?$args; + ''; + locations."~ \.php(?:$|/)".extraConfig = '' + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include ${pkgs.nginx}/conf/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param HTTPS on; + fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice + fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool; + fastcgi_intercept_errors on; + ''; + #Directives to send expires headers and turn off 404 error logging. + locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = '' + access_log off; + log_not_found off; + expires max; + ''; + }; + services.phpfpm.poolConfigs."${domain}" = '' + listen = /srv/http/${domain}/phpfpm.pool + user = nginx + group = nginx + pm = dynamic + pm.max_children = 25 + pm.start_servers = 5 + pm.min_spare_servers = 3 + pm.max_spare_servers = 20 + listen.owner = nginx + listen.group = nginx + php_admin_value[error_log] = 'stderr' + php_admin_flag[log_errors] = on + catch_workers_output = yes + ''; + }; + serveOwncloud = domains: let domain = head domains; From 1820b1753011eb42bb9be30011e6fbd11993b201 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 23:18:05 +0200 Subject: [PATCH 175/183] l: add red.r --- krebs/3modules/lass/default.nix | 31 +++++++++++++++++++++++++++++ lass/1systems/prism/config.nix | 28 ++++++++++++++++++++++++++ lass/1systems/red/config.nix | 30 ++++++++++++++++++++++++++++ lass/1systems/red/source.nix | 4 ++++ lass/2configs/websites/lassulus.nix | 1 - 5 files changed, 93 insertions(+), 1 deletion(-) create mode 100644 lass/1systems/red/config.nix create mode 100644 lass/1systems/red/source.nix diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 99010481b..48df04bcb 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -639,6 +639,37 @@ with import ; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym"; }; + red = { + monitoring = false; + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.0.13"; + ip6.addr = "42:0:0:0:0:0:0:12ed"; + aliases = [ + "red.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArAN/62V2MV18wsZ9VMTG + 4/cqsjvHlffAN8jYDq+GImgREvbiLlFhhHgxwKh0gcDTR8P1xX/00P3/fx/g5bRF + Te7LZT2AFmVFFFfx1n9NBweN/gG2/hzB9J8epbWLNT+RzpzHuAoREvDZ+jweSXaI + phdmQY2s36yrR3TAShqq0q4cwlXuHT00J+InDutM0mTftBQG/fvYkBhHOfq4WSY0 + FeMK7DTKNbsqQiKKQ/kvWi7KfTW0F0c7SDpi7BLwbQzP2WbogtGy9MIrw9ZhE6Ox + TVdAksPKw0TlYdb16X/MkbzBqTYbxFlmWzpMJABMxIVwAfQx3ZGYvJDdDXmQS2qa + mDN2xBb/5pj3fbfp4wbwWlRVSd/AJQtRvaNY24F+UsRJb0WinIguDI6oRZx7Xt8w + oYirKqqq1leb3EYUt8TMIXQsOw0/Iq+JJCwB+ZyLLGVNB19XOxdR3RN1JYeZANpE + cMSS3SdFGgZ//ZAdhIN5kw9yMeKo6Rnt+Vdz3vZWTuSVp/xYO3IMGXNGAdIWIwrJ + 7fwSl/rfXGG816h0sD46U0mxd+i68YOtHlzOKe+vMZ4/FJZYd/E5/IDQluV8HLwa + 5lODfZXUmfStdV+GDA9KVEGUP5xSkC3rMnir66NgHzKpIL002/g/HfGu7O3MrvpW + ng7AMvRv5vbsYcJBj2HUhKUCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp"; + }; }; users = { lass = { diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 7b581d905..d1faf77bd 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -304,6 +304,34 @@ in { ]; } + { + environment.systemPackages = [ pkgs.cryptsetup ]; + systemd.services."container@red".reloadIfChanged = mkForce false; + containers.red = { + config = { ... }: { + environment.systemPackages = [ pkgs.git ]; + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + ]; + }; + autoStart = false; + enableTun = true; + privateNetwork = true; + hostAddress = "10.233.2.3"; + localAddress = "10.233.2.4"; + }; + services.nginx.virtualHosts."rote-allez-fraktion.de" = { + enableACME = true; + addSSL = true; + locations."/" = { + extraConfig = '' + proxy_set_header Host rote-allez-fraktion.de; + proxy_pass http://10.233.2.4; + ''; + }; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/1systems/red/config.nix b/lass/1systems/red/config.nix new file mode 100644 index 000000000..8c60aed62 --- /dev/null +++ b/lass/1systems/red/config.nix @@ -0,0 +1,30 @@ +with import ; +{ config, lib, pkgs, ... }: +let + inherit (import {inherit lib pkgs;}) + servephpBB + ; +in +{ + imports = [ + + + + + + (servephpBB [ "rote-allez-fraktion.de" ]) + ]; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } + ]; + + krebs.build.host = config.krebs.hosts.red; + boot.isContainer = true; + networking.useDHCP = false; + + services.nginx.enable = true; + environment.systemPackages = [ + pkgs.mk_sql_pair + ]; +} diff --git a/lass/1systems/red/source.nix b/lass/1systems/red/source.nix new file mode 100644 index 000000000..f2bad743c --- /dev/null +++ b/lass/1systems/red/source.nix @@ -0,0 +1,4 @@ +import { + name = "red"; + secure = true; +} diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index b9811221c..53f1eea5c 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -10,7 +10,6 @@ in { imports = [ ./default.nix ../git.nix - (servephpBB [ "rote-allez-fraktion.de" ]) ]; security.acme = { From 74b52f1c3e1db674adab2a397def13dda495a66f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 23:20:53 +0200 Subject: [PATCH 176/183] l: add immoscout@lassul.us --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 4455d2761..e05ed2427 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -79,6 +79,7 @@ with import ; { from = "ovh@lassul.us"; to = lass.mail; } { from = "hetzner@lassul.us"; to = lass.mail; } { from = "allygator@lassul.us"; to = lass.mail; } + { from = "immoscout@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } From 7240963fb9a0a98696cae7d9a0d9ba248eb51676 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 23:27:25 +0200 Subject: [PATCH 177/183] l git: add collaborators to public repos --- lass/2configs/git.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 1fe87c666..2e3c6290f 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -70,8 +70,8 @@ let import { inherit config lib pkgs; } ); - make-public-repo = name: { cgit ? {}, ... }: { - inherit cgit name; + make-public-repo = name: { cgit ? {}, collaborators ? [], ... }: { + inherit cgit collaborators name; public = true; hooks = { post-receive = pkgs.git-hooks.irc-announce { From 867db7d464f101f0be77199b7178b5f110d79bf7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 23:27:51 +0200 Subject: [PATCH 178/183] l git: add nixos-aws --- lass/2configs/git.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 2e3c6290f..d18524cf5 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -57,6 +57,12 @@ let cgit.desc = "Fork of nix-user-chroot my lethalman"; cgit.section = "software"; }; + nixos-aws = { + collaborators = [ { + name = "fabio"; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFst8DvnfOu4pQJYxcwdf//jWTvP+jj0iSrOdt59c9Gbujm/8K1mBXhcSQhHj/GBRC1Qc1wipf9qZsWnEHMI+SRwq6tDr8gqlAcdWmHAs1bU96jJtc8EgmUKbXTFG/VmympMPi4cEbNUtH93v6NUjQKwq9szvDhhqSW4Y8zE32xLkySwobQapNaUrGAtQp3eTxu5Lkx+cEaaartaAspt8wSosXjUHUJktg0O5/XOP+CiWAx89AXxbQCy4XTQvUExoRGdw9sdu0lF0/A0dF4lFF/dDUS7+avY8MrKEcQ8Fwk8NcW1XrKMmCdNdpvou0whL9aHCdTJ+522dsSB1zZWh63Si4CrLKlc1TiGKCXdvzmCYrD+6WxbPJdRpMM4dFNtpAwhCm/dM+CBXfDkP0s5veFiYvp1ri+3hUqV/sep9r5/+d+5/R1gQs8WDNjWqcshveFbD5LxE6APEySB4QByGxIrw7gFbozE+PNxtlVP7bq4MyE6yIzL6ofQgO1e4THquPcqSCfCvyib5M2Q1phi5DETlMemWp84AsNkqbhRa4BGRycuOXXrBzE+RgQokcIY7t3xcu3q0xJo2+HxW/Lqi72zYU1NdT4nJMETEaG49FfIAnUuoVaQWWvOz8mQuVEmmdw2Yzo2ikILYSUdHTp1VPOeo6aNPvESkPw1eM0xDRlQ== ada"; + } ]; + }; } // mapAttrs make-public-repo-silent { }; From 02e24615adeac1ab6062ba83748eafe7418ac3ed Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 1 May 2018 15:36:07 +0200 Subject: [PATCH 179/183] l prism.r: enable ipv4 forwarding --- lass/1systems/prism/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index d1faf77bd..89ea749c5 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -104,6 +104,7 @@ in { ]; } { # TODO make new hfos.nix out of this vv + boot.kernel.sysctl."net.ipv4.ip_forward" = 1; users.users.riot = { uid = genid "riot"; isNormalUser = true; From 652b540d4b9978e0b01d6dad0feb725fd79a13d4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 1 May 2018 15:41:42 +0200 Subject: [PATCH 180/183] l red.r: env NIX_REMOTE=daemon --- lass/1systems/red/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/red/config.nix b/lass/1systems/red/config.nix index 8c60aed62..31e2de966 100644 --- a/lass/1systems/red/config.nix +++ b/lass/1systems/red/config.nix @@ -24,6 +24,7 @@ in networking.useDHCP = false; services.nginx.enable = true; + environment.variables.NIX_REMOTE = "daemon"; environment.systemPackages = [ pkgs.mk_sql_pair ]; From a7595f3ab19b8e94696fdca18c0b78cc605281b3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 1 May 2018 15:49:56 +0200 Subject: [PATCH 181/183] l gc: don't gc on containers --- lass/2configs/gc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix index ad015180a..c5073e384 100644 --- a/lass/2configs/gc.nix +++ b/lass/2configs/gc.nix @@ -3,6 +3,6 @@ with import ; { nix.gc = { - automatic = ! elem config.krebs.build.host.name [ "prism" "mors" "helios" ]; + automatic = ! (elem config.krebs.build.host.name [ "prism" "mors" "helios" ] || config.boot.isContainer); }; } From 0f98216757cfeb3cfe318181fee0fc5c7b7f1c04 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 1 May 2018 16:04:21 +0200 Subject: [PATCH 182/183] l zsh: use recent LS_COLORS --- lass/2configs/zsh.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index aa3e6731d..76cac9f56 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -54,8 +54,8 @@ eval $(dircolors -b ${pkgs.fetchFromGitHub { owner = "trapd00r"; repo = "LS_COLORS"; - rev = "master"; - sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp"; + rev = "a75fca8545f91abb8a5f802981033ef54bf1eac0"; + sha256="1lzj0qnj89mzh76ha137mnz2hf86k278rh0y9x124ghxj9yqsnb4"; }}/LS_COLORS) alias ls='ls --color' zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS} From 37fa7bff9339799984554b8ccbacf1f07281d6ce Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 1 May 2018 16:04:48 +0200 Subject: [PATCH 183/183] l git: add krops repo --- lass/2configs/git.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index d18524cf5..43085ba5e 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -63,6 +63,10 @@ let pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFst8DvnfOu4pQJYxcwdf//jWTvP+jj0iSrOdt59c9Gbujm/8K1mBXhcSQhHj/GBRC1Qc1wipf9qZsWnEHMI+SRwq6tDr8gqlAcdWmHAs1bU96jJtc8EgmUKbXTFG/VmympMPi4cEbNUtH93v6NUjQKwq9szvDhhqSW4Y8zE32xLkySwobQapNaUrGAtQp3eTxu5Lkx+cEaaartaAspt8wSosXjUHUJktg0O5/XOP+CiWAx89AXxbQCy4XTQvUExoRGdw9sdu0lF0/A0dF4lFF/dDUS7+avY8MrKEcQ8Fwk8NcW1XrKMmCdNdpvou0whL9aHCdTJ+522dsSB1zZWh63Si4CrLKlc1TiGKCXdvzmCYrD+6WxbPJdRpMM4dFNtpAwhCm/dM+CBXfDkP0s5veFiYvp1ri+3hUqV/sep9r5/+d+5/R1gQs8WDNjWqcshveFbD5LxE6APEySB4QByGxIrw7gFbozE+PNxtlVP7bq4MyE6yIzL6ofQgO1e4THquPcqSCfCvyib5M2Q1phi5DETlMemWp84AsNkqbhRa4BGRycuOXXrBzE+RgQokcIY7t3xcu3q0xJo2+HxW/Lqi72zYU1NdT4nJMETEaG49FfIAnUuoVaQWWvOz8mQuVEmmdw2Yzo2ikILYSUdHTp1VPOeo6aNPvESkPw1eM0xDRlQ== ada"; } ]; }; + krops = { + cgit.desc = "krebs deployment"; + cgit.section = "software"; + }; } // mapAttrs make-public-repo-silent { };