Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch '21.05'

Browse Source
This commit is contained in:
makefu 2021-06-06 19:15:44 +02:00
commit 74058abe0b
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
122 changed files with 607 additions and 594 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
krebs/2configs/hw/x220.nix
View File

@ -22,8 +22,6 @@ with import <stockholm/lib>;
pkgs.vaapiVdpau
];
security.rngd.enable = mkDefault true;
services.xserver = {
videoDriver = "intel";
};

2
krebs/2configs/ircd.nix
View File

@ -61,7 +61,7 @@
};
privset "op" {
privs = oper:admin;
privs = oper:admin, oper:general;
};
operator "aids" {

1
krebs/2configs/news.nix
View File

@ -68,6 +68,7 @@
wantedBy = [ "multi-user.target" ];
};
systemd.services.brockman.bindsTo = [ "solanum.service" ];
systemd.services.brockman.serviceConfig.LimitNOFILE = 16384;
systemd.services.brockman.environment.BROCKMAN_LOG_LEVEL = "DEBUG";
krebs.brockman = {

1
krebs/2configs/reaktor2.nix
View File

@ -119,6 +119,7 @@ in {
users.users.reaktor2 = {
uid = genid_uint31 "reaktor2";
home = stateDir;
isSystemUser = true;
};
krebs.reaktor2 = {

1
krebs/2configs/shack/muell_mail.nix
View File

@ -12,6 +12,7 @@ let
in {
users.users.muell_mail = {
inherit home;
isSystemUser = true;
createHome = true;
};
systemd.services.muell_mail = {

1
krebs/2configs/shack/muellshack.nix
View File

@ -13,6 +13,7 @@ let
in {
users.users.muellshack = {
inherit home;
isSystemUser = true;
createHome = true;
};
services.nginx.virtualHosts."muell.shack" = {

1
krebs/2configs/shack/node-light.nix
View File

@ -14,6 +14,7 @@ in {
networking.firewall.allowedUDPPorts = [ 2342 ];
users.users.node-light = {
inherit home;
isSystemUser = true;
createHome = true;
};
services.nginx.virtualHosts."lounge.light.shack" = {

5
krebs/2configs/shack/powerraw.nix
View File

@ -14,7 +14,10 @@ let
in {
# receive response from light.shack / standby.shack
networking.firewall.allowedUDPPorts = [ 11111 ];
users.users.powermeter.extraGroups = [ "dialout" ];
users.users.powermeter = {
extraGroups = [ "dialout" ];
isSystemUser = true;
};
# we make sure that usb-ttl has the correct permissions
# creates /dev/powerraw

1
krebs/2configs/shack/s3-power.nix
View File

@ -14,6 +14,7 @@ in {
users.users.s3_power = {
inherit home;
createHome = true;
isSystemUser = true;
};
systemd.services.s3-power = {
startAt = "daily";

1
krebs/2configs/shack/shackDNS.nix
View File

@ -30,6 +30,7 @@ in {
users.users.shackDNS = {
inherit home;
createHome = true;
isSystemUser = true;
};
services.nginx.virtualHosts."leases.shack" = {
locations."/" = {

2
krebs/2configs/shack/share.nix
View File

@ -1,7 +1,7 @@
{config, ... }:{
users.users.smbguest = {
name = "smbguest";
uid = config.ids.uids.smbguest;
uid = config.ids.uids.smbguest; #effectively systemUser
group = "share";
description = "smb guest user";
home = "/home/share";

4
krebs/2configs/shack/worlddomination.nix
View File

@ -58,7 +58,7 @@ let
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/9c/f6/d839e4b14258d76e74a39810829c13f8dd31de2bfe0915579b2a609d1bbe/aiocoap-0.3.tar.gz"; sha256 = "402d4151db6d8d0b1d66af5b6e10e0de1521decbf12140637e5b8d2aa9c5aef6"; };
propagatedBuildInputs = [ ];
doCheck = false; # 2 errors, dunnolol
meta = with pkgs.stdenv.lib; {
meta = with pkgs.lib; {
homepage = "";
license = licenses.mit;
description = "Python CoAP library";
@ -68,7 +68,7 @@ let
name = "LinkHeader-0.4.3";
src = pkgs.fetchurl { url = "https://files.pythonhosted.org/packages/27/d4/eb1da743b2dc825e936ef1d9e04356b5701e3a9ea022c7aaffdf4f6b0594/LinkHeader-0.4.3.tar.gz"; sha256 = "7fbbc35c0ba3fbbc530571db7e1c886e7db3d718b29b345848ac9686f21b50c3"; };
propagatedBuildInputs = [ ];
meta = with pkgs.stdenv.lib; {
meta = with pkgs.lib; {
homepage = "";
license = licenses.bsdOriginal;
description = "Parse and format link headers according to RFC 5988 \"Web Linking\"";

1
krebs/3modules/airdcpp.nix
View File

@ -268,6 +268,7 @@ let
uid = genid "airdcpp";
home = cfg.stateDir;
createHome = true;
isSystemUser = true;
inherit (cfg) extraGroups;
};
groups.airdcpp.gid = genid "airdcpp";

1
krebs/3modules/bepasty-server.nix
View File

@ -146,6 +146,7 @@ let
uid = genid_uint31 "bepasty";
group = "bepasty";
home = "/var/lib/bepasty-server";
isSystemUser = true;
};
users.extraGroups.bepasty = {
gid = genid_uint31 "bepasty";

2
krebs/3modules/brockman.nix
View File

@ -12,7 +12,7 @@ in {
users.extraUsers.brockman = {
home = "/var/lib/brockman";
createHome = true;
isNormalUser = false;
isSystemUser = true;
uid = genid_uint31 "brockman";
};

1
krebs/3modules/buildbot/master.nix
View File

@ -322,6 +322,7 @@ let
description = "Buildbot Master";
home = cfg.workDir;
createHome = false;
isSystemUser = true;
};
users.extraGroups.buildbotMaster = {

1
krebs/3modules/buildbot/slave.nix
View File

@ -131,6 +131,7 @@ let
description = "Buildbot Slave";
home = cfg.workDir;
createHome = false;
isSystemUser = true;
};
users.extraGroups.buildbotSlave = {

1
krebs/3modules/exim.nix
View File

@ -78,6 +78,7 @@ in {
inherit (cfg.user) home name uid;
createHome = true;
group = cfg.group.name;
isSystemUser = true;
};
};
};

52
krebs/3modules/external/default.nix vendored
View File

@ -563,6 +563,58 @@ in {
};
};
};
nxnx = {
owner = config.krebs.users.rtjure;
nets = {
retiolum = {
ip4.addr = "10.243.122.126";
aliases = [
"nxnx.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA2JWNe54YaFM+flK3LlPwgOSgVRmZi+e+Qhc6uJYIxkQcAvJKpKJQ
1M4h7OE7eiJLdDp/aGaHe4BuII15/0lFJwYf1Zt8E1zN54QtwuELkDgOhgkhgvVb
tO+maHh10xsQMFlhpUztEk8oQuBu5toC795nKY7lBR2o6V2dPbbVo1+qr7qArOWo
cBlshRhEDjuzJUMHLlUGu43/miWeDewAq4O7U/nNNEz/v8KbESqP9HtTjelAeWz6
zGha8hSn+Snkt76kP15drgn1L8MMFvnm5EeJ5VkehnpOi8Vi9Yqln+VGwlvbhEdK
ST0gxNBKoSvLITS1P/ypfiEXARUOffgq+kLA2Hyet0DfBjCMD+WkTBlj1QyXLs10
3/xBntlOQqBcLIdpi/yRs7miyQlyblqsyiQOCukIvibdHB1RLdVBhUE3A7hgw4R+
+3ug/mQR+fDOpNB/sOkorcTVgA04KENUHc+6OqA0dvoAYr8l7N4+az3AtyHDNr5x
4otjxOq4fmu80sbm5Ry9SoNYMc4fOuWIZDHZ/ntDKqzHw3BaNB9vNkpKj22nArI4
cwAMPPJMJJ+Ef7tIzZ+NKtPudqztoLa5AYNllV7K9gS6NG0Yzk6iIQ42bKgfsZFn
9AkCdv8EycNIAIbBomPv2XIKYlKs3RfWEjRcSl3TQl4b3bilCicgnLECAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
nxnv = {
owner = config.krebs.users.rtjure;
nets = {
retiolum = {
ip4.addr = "10.243.122.127";
aliases = [
"nxnv.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAxEs92W/wRl3wlB6fNS2KUS+ubFAPLkgQYhk4JXeEeTpUq1H27oxB
ZWgWOlLMqnvn3w+aHQviWWPl5F6jXCxDOWCwyLhZU4cs45+ub9KKezCeE8IN+gAt
NKDqmRFzao9EXoT7sR65BblqEUR/Aqpykv7n4JdL5pGDbw1GGJ6Xf5QZo2sYm4wp
wdqOROn/V2Sm8NgmD1K6Sa2i6BLHSvHqunI4qoTyMfGXl8sbw6I2iclpQy8td9bt
1WA7F9kVTZdhaWgfpiZ8sKQ9LoFKoy6jnoppQcl/E8V2XNnjPy8obaLX9rTJ/deT
eW9qmfZeYiFSaDLLWEIZjhaU2l9z72oWyUW8w8GZQD+ypGi+UDMkbAhRHiaVGOZy
S7AodiEL2Ebzj6XJaNYC3LYm5R8U6XlvcHwn4FDtgKkqwXz08cZsPwQLoBjXUEi/
9/A5WEwrmp62TJ/ZRcRwV8/dBklrc/4FT0q0CiMuCWcbjF891d68TvcXlVU3gCwN
ld80CS17o2dOsBBW4nft7+9tL545p7mMjw6Oa4kRUTo2n1mYkMdTGZR+tOCD6hvW
45IG7vGq5EnRwolekGoMRf8RthajU2RXcIoNWnVon0so0Rja+AU9G7dobd/2qila
jta1Mou2vzUSAbdwXtBwJHlV9882p1utMlU9XVEZwQXfWSt488tQqzsCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
ada = {
owner = config.krebs.users.filly;
nets = {

1
krebs/3modules/fetchWallpaper.nix
View File

@ -57,6 +57,7 @@ let
description = "fetchWallpaper user";
home = cfg.stateDir;
createHome = true;
isSystemUser = true;
};
systemd.timers.fetchWallpaper = {

2
krebs/3modules/git.nix
View File

@ -366,6 +366,7 @@ let
# To allow running cgit-clear-cache via hooks.
cfg.cgit.fcgiwrap.group.name
];
isSystemUser = true;
shell = "/bin/sh";
openssh.authorizedKeys.keys =
unique
@ -384,6 +385,7 @@ let
users.${cfg.cgit.fcgiwrap.user.name} = {
inherit (cfg.cgit.fcgiwrap.user) home name uid;
group = cfg.cgit.fcgiwrap.group.name;
isSystemUser = true;
};
};

1
krebs/3modules/github-hosts-sync.nix
View File

@ -65,6 +65,7 @@ let
users.users.${user.name} = {
inherit (user) uid;
home = cfg.dataDir;
isSystemUser = true;
};
};

1
krebs/3modules/htgen.nix
View File

@ -66,6 +66,7 @@ let
nameValuePair htgen.user.name {
inherit (htgen.user) home name uid;
createHome = true;
isSystemUser = true;
}
) cfg;

1
krebs/3modules/realwallpaper.nix
View File

@ -60,6 +60,7 @@ let
uid = genid "realwallpaper";
home = cfg.workingDir;
createHome = true;
isSystemUser = true;
};
};

1
krebs/3modules/tinc.nix
View File

@ -236,6 +236,7 @@ let
nameValuePair "${netname}" {
inherit (cfg.user) home name uid;
createHome = true;
isSystemUser = true;
}
) config.krebs.tinc;

1
krebs/3modules/tinc_graphs.nix
View File

@ -127,6 +127,7 @@ let
users.extraUsers.tinc_graphs = {
uid = genid_uint31 "tinc_graphs";
home = "/var/spool/tinc_graphs";
isSystemUser = true;
};
services.nginx = mkIf cfg.nginx.enable {
enable = mkDefault true;

1
krebs/3modules/urlwatch.nix
View File

@ -193,6 +193,7 @@ let
inherit (user) uid;
home = cfg.dataDir;
createHome = true;
isSystemUser = true;
};
};

46
krebs/5pkgs/override/default.nix
View File

@ -11,44 +11,14 @@ self: super: {
});
flameshot = super.flameshot.overrideAttrs (old: rec {
patches = old.patches or [] ++ [
(self.writeText "flameshot-imgur.patch" /* diff */ ''
--- a/src/tools/imgur/imguruploader.cpp
+++ b/src/tools/imgur/imguruploader.cpp
@@ -40,6 +40,7 @@
#include <QTimer>
#include <QJsonDocument>
#include <QJsonObject>
+#include <stdlib.h>
ImgurUploader::ImgurUploader(const QPixmap &capture, QWidget *parent) :
QWidget(parent), m_pixmap(capture)
@@ -74,7 +75,10 @@ void ImgurUploader::handleReply(QNetworkReply *reply) {
QJsonObject json = response.object();
QJsonObject data = json["data"].toObject();
m_imageURL.setUrl(data["link"].toString());
- m_deleteImageURL.setUrl(QString("https://imgur.com/delete/%1").arg(
+ char *deleteImageURLPattern = secure_getenv("IMGUR_DELETE_URL");
+ if (deleteImageURLPattern == NULL)
+ deleteImageURLPattern = "https://imgur.com/delete/%1";
+ m_deleteImageURL.setUrl(QString(deleteImageURLPattern).arg(
data["deletehash"].toString()));
onUploadOk();
} else {
@@ -105,7 +109,10 @@ void ImgurUploader::upload() {
QString description = FileNameHandler().parsedPattern();
urlQuery.addQueryItem("description", description);
- QUrl url("https://api.imgur.com/3/image");
+ char *createImageURLPattern = secure_getenv("IMGUR_CREATE_URL");
+ if (createImageURLPattern == NULL)
+ createImageURLPattern = "https://api.imgur.com/3/image";
+ QUrl url(createImageURLPattern);
url.setQuery(urlQuery);
QNetworkRequest request(url);
request.setHeader(QNetworkRequest::ContentTypeHeader,
'')
];
patches = old.patches or [] ++ {
"0.6.0" = [
./flameshot/flameshot_imgur_0.6.0.patch
];
"0.9.0" = [
./flameshot/flameshot_imgur_0.9.0.patch
];
}.${old.version};
});
# https://github.com/proot-me/PRoot/issues/106

34
krebs/5pkgs/override/flameshot/flameshot_imgur_0.6.0.patch Normal file
View File

@ -0,0 +1,34 @@
--- a/src/tools/imgur/imguruploader.cpp
+++ b/src/tools/imgur/imguruploader.cpp
@@ -40,6 +40,7 @@
#include <QTimer>
#include <QJsonDocument>
#include <QJsonObject>
+#include <stdlib.h>
ImgurUploader::ImgurUploader(const QPixmap &capture, QWidget *parent) :
QWidget(parent), m_pixmap(capture)
@@ -74,7 +75,10 @@ void ImgurUploader::handleReply(QNetworkReply *reply) {
QJsonObject json = response.object();
QJsonObject data = json["data"].toObject();
m_imageURL.setUrl(data["link"].toString());
- m_deleteImageURL.setUrl(QString("https://imgur.com/delete/%1").arg(
+ char *deleteImageURLPattern = secure_getenv("IMGUR_DELETE_URL");
+ if (deleteImageURLPattern == NULL)
+ deleteImageURLPattern = "https://imgur.com/delete/%1";
+ m_deleteImageURL.setUrl(QString(deleteImageURLPattern).arg(
data["deletehash"].toString()));
onUploadOk();
} else {
@@ -105,7 +109,10 @@ void ImgurUploader::upload() {
QString description = FileNameHandler().parsedPattern();
urlQuery.addQueryItem("description", description);
- QUrl url("https://api.imgur.com/3/image");
+ char *createImageURLPattern = secure_getenv("IMGUR_CREATE_URL");
+ if (createImageURLPattern == NULL)
+ createImageURLPattern = "https://api.imgur.com/3/image";
+ QUrl url(createImageURLPattern);
url.setQuery(urlQuery);
QNetworkRequest request(url);
request.setHeader(QNetworkRequest::ContentTypeHeader,

35
krebs/5pkgs/override/flameshot/flameshot_imgur_0.9.0.patch Normal file
View File

@ -0,0 +1,35 @@
--- a/src/tools/imgur/imguruploader.cpp
+++ b/src/tools/imgur/imguruploader.cpp
@@ -31,6 +31,7 @@
#include <QTimer>
#include <QUrlQuery>
#include <QVBoxLayout>
+#include <stdlib.h>
ImgurUploader::ImgurUploader(const QPixmap& capture, QWidget* parent)
: QWidget(parent)
@@ -79,8 +80,11 @@ void ImgurUploader::handleReply(QNetworkReply* reply)
m_imageURL.setUrl(data[QStringLiteral("link")].toString());
auto deleteToken = data[QStringLiteral("deletehash")].toString();
+ char *deleteImageURLPattern = secure_getenv("IMGUR_DELETE_URL");
+ if (deleteImageURLPattern == NULL)
+ deleteImageURLPattern = "https://imgur.com/delete/%1";
m_deleteImageURL.setUrl(
- QStringLiteral("https://imgur.com/delete/%1").arg(deleteToken));
+ QString::fromUtf8(deleteImageURLPattern).arg(deleteToken));
// save history
QString imageName = m_imageURL.toString();
@@ -133,7 +137,10 @@ void ImgurUploader::upload()
QString description = FileNameHandler().parsedPattern();
urlQuery.addQueryItem(QStringLiteral("description"), description);
- QUrl url(QStringLiteral("https://api.imgur.com/3/image"));
+ char *createImageURLPattern = secure_getenv("IMGUR_CREATE_URL");
+ if (createImageURLPattern == NULL)
+ createImageURLPattern = "https://api.imgur.com/3/image";
+ QUrl url(QString::fromUtf8(createImageURLPattern));
url.setQuery(urlQuery);
QNetworkRequest request(url);
request.setHeader(QNetworkRequest::ContentTypeHeader,

5
krebs/5pkgs/simple/airdcpp-webclient/default.nix
View File

@ -1,4 +1,5 @@
{ stdenv, fetchurl, makeWrapper, which
{ fetchurl, lib, makeWrapper, stdenv
, which
}:
stdenv.mkDerivation rec {
name = "airdcpp-webclient-${version}";
@ -17,7 +18,7 @@ stdenv.mkDerivation rec {
'';
nativeBuildInputs = [ makeWrapper ];
meta = with stdenv.lib; {
meta = with lib; {
# to start it: airdcpp -p=<pid-file> -c=<config-store-path (must be writeable)> --configure
description = "dcpp client (statically precompiled)";
homepage = http://fixme;

13
krebs/5pkgs/simple/buildbot-classic/default.nix
View File

@ -1,6 +1,6 @@
{ pkgs, fetchFromGitHub, python2Packages, git, ... }:
{ pkgs, fetchFromGitHub, python3Packages, git, ... }:
python2Packages.buildPythonApplication rec {
python3Packages.buildPythonApplication rec {
name = "buildbot-classic-${version}";
version = "0.8.18";
namePrefix = "";
@ -15,11 +15,10 @@ python2Packages.buildPythonApplication rec {
postUnpack = "sourceRoot=\${sourceRoot}/master";
propagatedBuildInputs = [
python2Packages.jinja2
python2Packages.twisted
python2Packages.dateutil
python2Packages.sqlalchemy_migrate
python2Packages.pysqlite
python3Packages.jinja2
python3Packages.twisted
python3Packages.dateutil
python3Packages.sqlalchemy_migrate
pkgs.coreutils
];
doCheck = false;

6
krebs/5pkgs/simple/cac-api/default.nix
View File

@ -1,4 +1,6 @@
{ stdenv, fetchgit, bc, cac-cert, coreutils, curl, dash, gnugrep, gnused, inotifyTools, jq, ncurses, openssh, sshpass, ... }:
{ fetchgit, lib, stdenv
, bc, cac-cert, coreutils, curl, dash, gnugrep, gnused, inotifyTools, jq, ncurses, openssh, sshpass
}:
stdenv.mkDerivation {
name = "cac-api-1.1.2";
@ -18,7 +20,7 @@ stdenv.mkDerivation {
mkdir -p $out/bin
{ cat <<\EOF
#! ${dash}/bin/dash
export PATH=${stdenv.lib.makeBinPath [
export PATH=${lib.makeBinPath [
bc
coreutils
curl

6
krebs/5pkgs/simple/dic/default.nix
View File

@ -1,4 +1,6 @@
{ coreutils, curl, fetchgit, gnugrep, gnused, stdenv, utillinux }:
{ fetchgit, lib, stdenv
, coreutils, curl, gnugrep, gnused, utillinux
}:
stdenv.mkDerivation {
name = "dic";
@ -16,7 +18,7 @@ stdenv.mkDerivation {
installPhase =
let
path = stdenv.lib.makeBinPath [
path = lib.makeBinPath [
coreutils
curl
gnused

6
krebs/5pkgs/simple/drivedroid-gen-repo/default.nix
View File

@ -1,10 +1,10 @@
{stdenv,fetchurl,pkgs,python3Packages, ... }:
{ fetchurl, lib, stdenv, python3Packages }:
python3Packages.buildPythonPackage rec {
name = "drivedroid-gen-repo-${version}";
version = "0.4.4";
propagatedBuildInputs = with pkgs;[
propagatedBuildInputs = [
python3Packages.docopt
];
@ -16,7 +16,7 @@ python3Packages.buildPythonPackage rec {
meta = {
homepage = http://krebsco.de/;
description = "Generate Drivedroid repos";
license = stdenv.lib.licenses.wtfpl;
license = lib.licenses.wtfpl;
};
}

23
krebs/5pkgs/simple/ergo.nix Normal file
View File

@ -0,0 +1,23 @@
{ buildGo116Module , fetchFromGitHub, lib }:
buildGo116Module rec {
pname = "ergo";
version = "2.7.0-rc1";
src = fetchFromGitHub {
owner = "ergochat";
repo = "ergo";
rev = "v${version}";
sha256 = "0vdrvr991an6f6zsadpsy0npmb4058b278xgc7rh8vhp12m501b4";
};
vendorSha256 = null;
meta = {
description = "A modern IRC server (daemon/ircd) written in Go";
homepage = "https://github.com/ergochat/ergo";
license = lib.licenses.mit;
maintainers = [ lib.maintainers.tv ];
platforms = lib.platforms.linux;
};
}

4
krebs/5pkgs/simple/ftb/default.nix
View File

@ -1,9 +1,9 @@
{ stdenv, fetchurl
{ fetchurl, lib, stdenv
, jre, libX11, libXext, libXcursor, libXrandr, libXxf86vm
, openjdk
, mesa_glu, openal
, useAlsa ? false, alsaOss ? null }:
with stdenv.lib;
with lib;
assert useAlsa -> alsaOss != null;

6
krebs/5pkgs/simple/get/default.nix
View File

@ -1,4 +1,6 @@
{ coreutils, gnugrep, gnused, fetchgit, jq, nix, stdenv, ... }:
{ fetchgit, lib, stdenv
, coreutils, gnugrep, gnused, jq, nix
}:
stdenv.mkDerivation {
name = "get-1.4.1";
@ -16,7 +18,7 @@ stdenv.mkDerivation {
installPhase =
let
path = stdenv.lib.makeBinPath [
path = lib.makeBinPath [
coreutils
gnugrep
gnused

4
krebs/5pkgs/simple/github-hosts-sync/default.nix
View File

@ -1,4 +1,4 @@
{ pkgs, stdenv, ... }:
{ lib, pkgs, stdenv }:
stdenv.mkDerivation rec {
name = "github-hosts-sync-${version}";
@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
installPhase = let
ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
path = stdenv.lib.makeBinPath [
path = lib.makeBinPath [
pkgs.git
pkgs.nettools
pkgs.openssh

4
krebs/5pkgs/simple/internetarchive/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, pkgs, ... }:
{ lib, pkgs, stdenv, pkgs }:
with pkgs.python3Packages;
buildPythonPackage rec {
pname = "internetarchive";
@ -32,7 +32,7 @@ buildPythonPackage rec {
sed -i "s/'schema.*'/'schema>=0.4.0'/" setup.py
'';
meta = with stdenv.lib; {
meta = with lib; {
description = "python library and cli for uploading files to internet archive";
license = licenses.agpl3;
};

14
krebs/5pkgs/simple/passwdqc-utils/default.nix
View File

@ -1,7 +1,7 @@
{ stdenv, pam,
fetchurl, lib,
wordset-file ? null, # set your own wordset-file
... }:
{ fetchurl, lib, stdenv
, pam
, wordset-file ? null, # set your own wordset-file
}:
stdenv.mkDerivation rec {
name = "passwdqc-utils-${version}";
@ -30,8 +30,8 @@ stdenv.mkDerivation rec {
meta = {
description = "passwdqc utils (pwqgen,pwqcheck) and library";
license = stdenv.lib.licenses.bsd3;
maintainers = [ stdenv.lib.maintainers.makefu ];
patforms = stdenv.lib.platforms.linux; # more installFlags must be set for Darwin,Solaris
license = lib.licenses.bsd3;
maintainers = [ lib.maintainers.makefu ];
patforms = lib.platforms.linux; # more installFlags must be set for Darwin,Solaris
};
}

5
krebs/5pkgs/simple/populate/default.nix
View File

@ -1,8 +1,9 @@
{ coreutils, fetchgit, findutils, git, gnused, jq, openssh, pass, rsync, stdenv
{ fetchgit, lib, stdenv
, coreutils, findutils, git, gnused, jq, openssh, pass, rsync
}:
let
PATH = stdenv.lib.makeBinPath [
PATH = lib.makeBinPath [
coreutils
findutils
git

4
krebs/5pkgs/simple/slog/default.nix
View File

@ -1,4 +1,4 @@
{ pkgs, stdenv, fetchFromGitHub }:
{ fetchFromGitHub, lib, pkgs, stdenv }:
## use with:
# . $(command -v slog.sh)
@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
install -m755 slog.sh $out/bin
'';
meta = with stdenv.lib; {
meta = with lib; {
description = "POSIX shell logging";
license = licenses.mit;
};

62
krebs/5pkgs/simple/solanum/default.nix
View File

@ -1,62 +0,0 @@
{ lib, stdenv
, fetchFromGitHub
, autoreconfHook
, pkg-config
, bison
, flex
, openssl
, sqlite
, lksctp-tools
}:
stdenv.mkDerivation rec {
pname = "solanum";
version = "unstable-2021-04-27";
src = fetchFromGitHub {
owner = "solanum-ircd";
repo = pname;
rev = "3ff5a12e75662e9a642f2a4364797bd361eb0925";
sha256 = "14ywmfdv8cncbyg08y2qdis00kwg8lvhkcgj185is67smh0qf88f";
};
patches = [
./dont-create-logdir.patch
];
configureFlags = [
"--enable-epoll"
"--enable-ipv6"
"--enable-openssl=${openssl.dev}"
"--with-program-prefix=solanum-"
"--localstatedir=/var/lib"
"--with-rundir=/run"
"--with-logdir=/var/log"
] ++ lib.optionals (stdenv.isLinux) [
"--enable-sctp=${lksctp-tools.out}/lib"
];
nativeBuildInputs = [
autoreconfHook
bison
flex
pkg-config
];
buildInputs = [
openssl
sqlite
];
doCheck = !stdenv.isDarwin;
enableParallelBuilding = true;
meta = with lib; {
description = "An IRCd for unified networks";
homepage = "https://github.com/solanum-ircd/solanum";
license = licenses.gpl2Only;
maintainers = with maintainers; [ hexa ];
platforms = platforms.unix;
};
}

14
krebs/5pkgs/simple/solanum/dont-create-logdir.patch
View File

@ -1,14 +0,0 @@
diff --git a/Makefile.am b/Makefile.am
index 19e7b396..21093521 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -35,9 +35,6 @@ include/serno.h:
echo '#define DATECODE 0UL' >>include/serno.h; \
fi
-install-data-hook:
- test -d ${DESTDIR}${logdir} || mkdir -p ${DESTDIR}${logdir}
-
install-exec-hook:
rm -f ${DESTDIR}${libdir}/*.la
rm -f ${DESTDIR}${moduledir}/*.la

6
krebs/5pkgs/simple/ssh-audit.nix
View File

@ -1,4 +1,4 @@
{ fetchFromGitHub, python3Packages, stdenv }:
{ fetchFromGitHub, lib, python3Packages, stdenv }:
python3Packages.buildPythonPackage rec {
inherit (meta) version;
@ -46,9 +46,9 @@ python3Packages.buildPythonPackage rec {
meta = {
description = "tool for ssh server auditing";
homepage = "https://github.com/arthepsy/ssh-audit";
license = stdenv.lib.licenses.mit;
license = lib.licenses.mit;
maintainers = [
stdenv.lib.maintainers.tv
lib.maintainers.tv
];
version = "1.7.0";
};

4
krebs/5pkgs/simple/tinc_graphs/default.nix
View File

@ -1,4 +1,4 @@
{stdenv,fetchurl,pkgs,python3Packages, ... }:
{ fetchurl, lib, pkgs, python3Packages, stdenv }:
python3Packages.buildPythonPackage rec {
name = "tinc_graphs-${version}";
@ -22,7 +22,7 @@ python3Packages.buildPythonPackage rec {
meta = {
homepage = http://krebsco.de/;
description = "Create Graphs from Tinc Stats";
license = stdenv.lib.licenses.wtfpl;
license = lib.licenses.wtfpl;
};
}

10
krebs/5pkgs/simple/translate-shell/default.nix
View File

@ -1,4 +1,4 @@
{stdenv, fetchurl,pkgs,... }:
{ fetchurl, lib, pkgs, stdenv }:
let
s =
rec {
@ -8,7 +8,7 @@ let
url=https://github.com/soimort/translate-shell/archive/v0.9.0.9.tar.gz;
sha256="1269j4yr9dr1d8c5kmysbzfplbgdg8apqnzs5w57d29sd7gz2i34";
};
searchpath = with pkgs; stdenv.lib.makeSearchPath "bin" [
searchpath = with pkgs; lib.makeSearchPath "bin" [
fribidi
gawk
bash
@ -35,9 +35,9 @@ stdenv.mkDerivation {
meta = {
inherit (s) version;
description = ''translate using google api'';
license = stdenv.lib.licenses.free;
maintainers = [stdenv.lib.maintainers.makefu];
platforms = stdenv.lib.platforms.linux ;
license = lib.licenses.free;
maintainers = [ lib.maintainers.makefu ];
platforms = lib.platforms.linux ;
};
}

6
krebs/5pkgs/simple/whatsupnix/default.nix
View File

@ -1,4 +1,6 @@
{ bash, coreutils, gawk, makeWrapper, nix, openssh, stdenv }:
{ lib, makeWrapper, stdenv
, bash, coreutils, gawk, nix, openssh
}:
stdenv.mkDerivation {
name = "whatsupnix";
@ -8,7 +10,7 @@ stdenv.mkDerivation {
mkdir -p $out/bin
cat - ${./whatsupnix.bash} > $out/bin/whatsupnix <<\EOF
#! ${bash}/bin/bash
export PATH=${stdenv.lib.makeBinPath [ coreutils gawk nix openssh ]}
export PATH=${lib.makeBinPath [ coreutils gawk nix openssh ]}
EOF
chmod +x $out/bin/whatsupnix
'';

10
krebs/5pkgs/test/infest-cac-centos7/default.nix
View File

@ -1,6 +1,6 @@
{ stdenv, coreutils, makeWrapper,
cac-api, cac-cert, cac-panel, gnumake, gnused, jq, openssh, sshpass, proot,
... }:
{ lib, makeWrapper, stdenv
, cac-api, cac-cert, cac-panel, coreutils, gnumake, gnused, jq, openssh, proot, sshpass
}:
stdenv.mkDerivation rec {
name = "${shortname}-${version}";
@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
buildInputs = [ makeWrapper ];
path = stdenv.lib.makeSearchPath "bin" [
path = lib.makeSearchPath "bin" [
coreutils
cac-api
cac-panel
@ -36,7 +36,7 @@ stdenv.mkDerivation rec {
--set REQUESTS_CA_BUNDLE ${cac-cert} \
--set SSL_CERT_FILE ${cac-cert}
'';
meta = with stdenv.lib; {
meta = with lib; {
homepage = http://krebsco.de;
description = "infest a CaC box with stockholm";
license = licenses.wtfpl;

8
krebs/nixpkgs.json
View File

@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
"rev": "33824cdf8e4fec30c5b9ddc91b18991c3c375227",
"date": "2021-05-18T19:08:44-04:00",
"path": "/nix/store/s3f1q2a5hn60jdnz8h66z7yahrmzifin-nixpkgs",
"sha256": "1sad0x998k3iid2vp57kv4skvf90yh4gbs61dv3p45c2qi3sql46",
"rev": "aa576357673d609e618d87db43210e49d4bb1789",
"date": "2021-06-04T17:36:38+02:00",
"path": "/nix/store/qqz5xq0dg8zm8blba5cg7704kbrhqhki-nixpkgs",
"sha256": "1868s3mp0lwg1jpxsgmgijzddr90bjkncf6k6zhdjqihf0i1n2np",
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false

2
krebs/update-nixpkgs.sh
View File

@ -3,7 +3,7 @@ dir=$(dirname $0)
oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
--url https://github.com/NixOS/nixpkgs \
--rev refs/heads/nixos-20.09' \
--rev refs/heads/nixos-21.05' \
> $dir/nixpkgs.json
newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev"

44
lass/1systems/coaxmetal/config.nix
View File

@ -16,38 +16,54 @@
<stockholm/lass/2configs/steam.nix>
<stockholm/lass/2configs/wine.nix>
<stockholm/lass/2configs/fetchWallpaper.nix>
<stockholm/lass/2configs/nfs-dl.nix>
# <stockholm/lass/2configs/nfs-dl.nix>
<stockholm/lass/2configs/pass.nix>
<stockholm/lass/2configs/mail.nix>
<stockholm/lass/2configs/bitcoin.nix>
<stockholm/lass/2configs/xonsh.nix>
<stockholm/lass/2configs/review.nix>
<stockholm/lass/2configs/dunst.nix>
# <stockholm/krebs/2configs/ircd.nix>
];
krebs.build.host = config.krebs.hosts.coaxmetal;
environment.shellAliases = {
deploy = pkgs.writeDash "deploy" ''
environment.systemPackages = with pkgs; [
brain
bank
l-gen-secrets
(pkgs.writeDashBin "deploy" ''
set -eu
export SYSTEM="$1"
$(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
'';
usb-tether-on = pkgs.writeDash "usb-tether-on" ''
'')
(pkgs.writeDashBin "usb-tether-on" ''
adb shell su -c service call connectivity 33 i32 1 s16 text
'';
usb-tether-off = pkgs.writeDash "usb-tether-off" ''
'')
(pkgs.writeDashBin "usb-tether-off" ''
adb shell su -c service call connectivity 33 i32 0 s16 text
'';
};
'')
];
programs.adb.enable = true;
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
# config.General.Disable = "Headset";
extraConfig = ''
[General]
Disable = Headset
'';
};
hardware.pulseaudio.package = pkgs.pulseaudioFull;
lass.browser.config = {
dc = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; };
ff = { browser = "firefox"; groups = [ "audio" "video" ]; hidden = true; };
fy = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; };
};
nix.trustedUsers = [ "root" "lass" ];
services.tor = {
enable = true;
client.enable = true;
};
}

1
lass/1systems/coaxmetal/physical.nix
View File

@ -7,6 +7,7 @@
networking.hostId = "e0c335ea";
boot.zfs.requestEncryptionCredentials = true;
boot.zfs.enableUnstable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub = {
enable = true;

1
lass/1systems/daedalus/config.nix
View File

@ -19,6 +19,7 @@ with import <stockholm/lib>;
"networkmanager"
];
useDefaultShell = true;
isNormalUser = true;
};
networking.networkmanager.enable = true;
networking.wireless.enable = mkForce false;

2
lass/1systems/green/config.nix
View File

@ -23,7 +23,7 @@ with import <stockholm/lib>;
users.users.mainUser.openssh.authorizedKeys.keys = [
config.krebs.users.lass-android.pubkey
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMe23IAHn4Ow4J4i8M9GJshqvY80U11NKPLum6b1XLn" # weechat ssh tunnel
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0rn3003CkJMk3jZrh/3MC6nVorHRymlFSI4x1brCKY" # weechat ssh tunnel
];
krebs.bindfs = {

11
lass/1systems/icarus/physical.nix
View File

@ -45,16 +45,5 @@
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
'';
services.thinkfan.enable = true;
services.thinkfan.levels = ''
(0, 0, 55)
(1, 48, 60)
(2, 50, 61)
(3, 52, 63)
(6, 60, 85)
(7, 80, 90)
(127, 89, 32767)
'';
services.logind.lidSwitch = "ignore";
}

1
lass/1systems/prism/config.nix
View File

@ -345,6 +345,7 @@ with import <stockholm/lib>;
home = "/var/download";
useDefaultShell = true;
uid = genid "download";
isSystemUser = true;
openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
lass-android.pubkey

1
lass/1systems/uriel/config.nix
View File

@ -23,6 +23,7 @@ with import <stockholm/lib>;
"networkmanager"
];
useDefaultShell = true;
isNormalUser = true;
};
networking.networkmanager.enable = true;
hardware.pulseaudio = {

5
lass/1systems/xerxes/config.nix
View File

@ -81,11 +81,6 @@
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
# config.General.Disable = "Headset";
extraConfig = ''
[General]
Disable = Headset
'';
};
hardware.pulseaudio.package = pkgs.pulseaudioFull;
# hardware.pulseaudio.configFile = pkgs.writeText "default.pa" ''

27
lass/2configs/bitcoin.nix
View File

@ -4,12 +4,6 @@ let
mainUser = config.users.extraUsers.mainUser;
in {
krebs.per-user.bch.packages = [
pkgs.electron-cash
];
krebs.per-user.bitcoin.packages = [
pkgs.electrum
];
users.extraUsers = {
bch = {
name = "bch";
@ -17,6 +11,8 @@ in {
home = "/home/bch";
useDefaultShell = true;
createHome = true;
packages = [ pkgs.electron-cash ];
isNormalUser = true;
};
bitcoin = {
name = "bitcoin";
@ -24,10 +20,25 @@ in {
home = "/home/bitcoin";
useDefaultShell = true;
createHome = true;
packages = [ pkgs.electrum ];
isNormalUser = true;
};
monero = {
name = "monero";
description = "user for monero stuff";
home = "/home/monero";
useDefaultShell = true;
createHome = true;
packages = [
pkgs.monero
pkgs.monero-gui
];
isNormalUser = true;
};
};
security.sudo.extraConfig = ''
${mainUser.name} ALL=(bitcoin) NOPASSWD: ALL
${mainUser.name} ALL=(bch) NOPASSWD: ALL
${mainUser.name} ALL=(bch) ALL
${mainUser.name} ALL=(bitcoin) ALL
${mainUser.name} ALL=(monero) ALL
'';
}

1
lass/2configs/ciko.nix
View File

@ -10,6 +10,7 @@ with import <stockholm/lib>;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTUWm/fISw/gbuHvf3kwxGEuk1aY5HrNNvr8QXCQv0khDdaYmZSELbtFQtE04WGTWmackNcLpld5mETVyCM0BjOgqMJYQNhtywxfYcodEY5xxHCuGgA3S1t94MZub+DRodXCfB0yUV85Wbb0sltkMTJufMwYmLEGxSLRukxAOcNsXdjlyro96csmYrIiV6R7+REnz8OcR7sKlI4tvKA1mbvWmjbDBd1MZ8Jc0Lwf+b0H/rH69wEQIcB5HRHHJIChoAk0t2azSjXagk1+4AebONZTCKvTHxs/D2wUBIzoxyjmh5S0aso/cKw8qpKcl/A2mZiIvW3KMlJAM5U+RQKMrr"
];
isNormalUser = true;
};
system.activationScripts.user-shadow = ''

5
lass/2configs/default.nix
View File

@ -32,6 +32,7 @@ with import <stockholm/lib>;
group = "users";
createHome = true;
useDefaultShell = true;
isNormalUser = true;
extraGroups = [
"audio"
"fuse"
@ -88,9 +89,7 @@ with import <stockholm/lib>;
services.timesyncd.enable = mkForce true;
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -"
];
boot.tmpOnTmpfs = true;
# multiple-definition-problem when defining environment.variables.EDITOR
environment.extraInit = ''

1
lass/2configs/elster.nix
View File

@ -12,6 +12,7 @@ in {
useDefaultShell = true;
extraGroups = [];
createHome = true;
isNormalUser = true;
};
};
krebs.per-user.elster.packages = [

1
lass/2configs/games.nix
View File

@ -78,6 +78,7 @@ in {
# vdoomserver
retroarchBare
];
isNormalUser = true;
};
};

2
lass/2configs/gg23.nix
View File

@ -8,6 +8,8 @@ with import <stockholm/lib>;
prefixLength = 24;
}];
networking.domain = "gg23";
services.dhcpd4 = {
enable = true;
interfaces = [ "int0" ];

1
lass/2configs/htop.nix
View File

@ -3,7 +3,6 @@
with import <stockholm/lib>;
{
security.hideProcessInformation = true;
nixpkgs.config.packageOverrides = super: {
htop = pkgs.symlinkJoin {
name = "htop";

2
lass/2configs/mpv.nix
View File

@ -80,7 +80,7 @@ let
name = "mpv";
paths = [
(pkgs.writeDashBin "mpv" ''
exec ${pkgs.mpv}/bin/mpv -vo=gpu --no-config --script=${autosub} "$@"
exec ${pkgs.mpv}/bin/mpv -vo=gpu --no-config "$@" # TODO renable autosub when subliminal is in 21.05 again
'')
pkgs.mpv
];

2
lass/2configs/pass.nix
View File

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{
users.users.lass.packages = with pkgs; [
users.users.mainUser.packages = with pkgs; [
(pass.withExtensions (ext: [ ext.pass-otp ]))
gnupg
];

9
lass/2configs/power-action.nix
View File

@ -32,9 +32,12 @@ in {
user = "lass";
};
users.users.power-action.extraGroups = [
"audio"
];
users.users.power-action = {
isNormalUser = true;
extraGroups = [
"audio"
];
};
security.sudo.extraConfig = ''
${config.krebs.power-action.user} ALL= (root) NOPASSWD: ${suspend}

14
lass/2configs/review.nix Normal file
View File

@ -0,0 +1,14 @@
{ config, pkgs, ... }:
let
mainUser = config.users.extraUsers.mainUser;
in {
users.users.review = {
isNormalUser = true;
packages = [ pkgs.nixpkgs-review ];
};
security.sudo.extraConfig = ''
${mainUser.name} ALL=(review) NOPASSWD: ALL
'';
}

45
lass/2configs/websites/domsen.nix
View File

@ -170,6 +170,7 @@ in {
home = "/home/UBIK-SFTP";
useDefaultShell = true;
createHome = true;
isNormalUser = true;
};
users.users.xanf = {
@ -178,6 +179,7 @@ in {
home = "/home/xanf";
useDefaultShell = true;
createHome = true;
isNormalUser = true;
};
users.users.domsen = {
@ -185,8 +187,9 @@ in {
description = "maintenance acc for domsen";
home = "/home/domsen";
useDefaultShell = true;
extraGroups = [ "nginx" "download" ];
extraGroups = [ "syncthing" "download" "xanf" ];
createHome = true;
isNormalUser = true;
};
users.users.bruno = {
@ -194,6 +197,7 @@ in {
home = "/home/bruno";
useDefaultShell = true;
createHome = true;
isNormalUser = true;
};
users.users.jla-trading = {
@ -201,6 +205,7 @@ in {
home = "/home/jla-trading";
useDefaultShell = true;
createHome = true;
isNormalUser = true;
};
users.users.jms = {
@ -208,6 +213,7 @@ in {
home = "/home/jms";
useDefaultShell = true;
createHome = true;
isNormalUser = true;
};
users.users.ms = {
@ -215,6 +221,7 @@ in {
home = "/home/ms";
useDefaultShell = true;
createHome = true;
isNormalUser = true;
};
users.users.testuser = {
@ -222,20 +229,23 @@ in {
home = "/home/testuser";
useDefaultShell = true;
createHome = true;
isNormalUser = true;
};
users.users.akayguen = {
uid = genid_uint31 "akayguen";
home = "/home/akayguen";
useDefaultShell = true;
createHome = true;
};
#users.users.akayguen = {
# uid = genid_uint31 "akayguen";
# home = "/home/akayguen";
# useDefaultShell = true;
# createHome = true;
# isNormalUser = true;
#};
users.users.bui = {
uid = genid_uint31 "bui";
home = "/home/bui";
useDefaultShell = true;
createHome = true;
isNormalUser = true;
};
users.users.klabusterbeere = {
@ -243,6 +253,7 @@ in {
home = "/home/klabusterbeere";
useDefaultShell = true;
createHome = true;
isNormalUser = true;
};
users.users.kasia = {
@ -250,6 +261,7 @@ in {
home = "/home/kasia";
useDefaultShell = true;
createHome = true;
isNormalUser = true;
};
users.users.XANF_TEAM = {
@ -258,6 +270,25 @@ in {
home = "/home/XANF_TEAM";
useDefaultShell = true;
createHome = true;
isNormalUser = true;
};
users.users.dif = {
uid = genid_uint31 "dif";
home = "/home/dif";
useDefaultShell = true;
extraGroups = [ "xanf" ];
createHome = true;
isNormalUser = true;
};
users.users.lavafilms = {
uid = genid_uint31 "lavafilms";
home = "/home/lavafilms";
useDefaultShell = true;
extraGroups = [ "xanf" ];
createHome = true;
isNormalUser = true;
};
users.groups.xanf = {};

1
lass/2configs/websites/lassulus.nix
View File

@ -97,6 +97,7 @@ in {
home = "/srv/http/lassul.us";
useDefaultShell = true;
createHome = true;
isSystemUser = true;
openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
lass-mors.pubkey

3
lass/2configs/wine.nix
View File

@ -14,8 +14,9 @@ in {
];
createHome = true;
packages = [
pkgs.wineMinimal
pkgs.wineWowPackages.stable
];
isNormalUser = true;
};
};
security.sudo.extraConfig = ''

7
lass/2configs/xonsh.nix Normal file
View File

@ -0,0 +1,7 @@
{ config, lib, pkgs, ... }:
{
environment.systemPackages = [
pkgs.xonsh
pkgs.xonsh2
];
}

13
lass/3modules/browsers.nix
View File

@ -5,7 +5,9 @@ let
cfg = config.lass.browser;
browserScripts = {
chromium = "${pkgs.chromium}/bin/chromium";
brave = "${pkgs.brave}/bin/brave";
chrome = "${pkgs.google-chrome}/bin/chrome";
chromium = "${pkgs.ungoogled-chromium}/bin/chromium";
firefox = "${pkgs.firefox.override {
extraNativeMessagingHosts = [ pkgs.tridactyl-native ];
}}/bin/firefox";
@ -14,8 +16,9 @@ let
browser-select = let
sortedPaths = sort (a: b: a.value.precedence > b.value.precedence)
(filter (x: ! x.value.hidden)
(mapAttrsToList (name: value: { inherit name value; })
cfg.config);
cfg.config));
in if (lib.length sortedPaths) > 1 then
pkgs.writeScriptBin "browser-select" ''
BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu)
@ -48,6 +51,10 @@ in {
type = types.str;
default = config._module.args.name;
};
hidden = mkOption {
type = types.bool;
default = false;
};
precedence = mkOption {
type = types.int;
default = 0;
@ -58,7 +65,7 @@ in {
};
browser = mkOption {
type = types.enum (attrNames browserScripts);
default = "chromium";
default = "brave";
};
groups = mkOption {
type = types.listOf types.str;

1
lass/3modules/xjail.nix
View File

@ -147,6 +147,7 @@ with import <stockholm/lib>;
useDefaultShell = true;
createHome = true;
extraGroups = cfg.groups;
isNormalUser = true;
}
) config.lass.xjail;

22
lass/5pkgs/tdlib-purple/default.nix
View File

@ -1,6 +1,24 @@
{ stdenv, fetchFromGitHub, cmake, tdlib, pidgin, libwebp, libtgvoip } :
{ stdenv, pkgs, fetchFromGitHub, cmake, pidgin, libwebp, libtgvoip } :
stdenv.mkDerivation rec {
let
tdlib = stdenv.mkDerivation rec {
version = "1.6.0";
pname = "tdlib";
src = fetchFromGitHub {
owner = "tdlib";
repo = "td";
rev = "v${version}";
sha256 = "0zlzpl6fgszg18kwycyyyrnkm255dvc6fkq0b0y32m5wvwwl36cv";
};
buildInputs = with pkgs; [ gperf openssl readline zlib ];
nativeBuildInputs = [ pkgs.cmake ];
};
in stdenv.mkDerivation rec {
pname = "tdlib-purple";
version = "0.7.8";

56
lass/5pkgs/xonsh2/default.nix Normal file
View File

@ -0,0 +1,56 @@
{ lib, stdenv
, fetchFromGitHub
, python39Packages
, glibcLocales
, coreutils
, git
, extraInputs ? []
}: let
python3Packages = python39Packages;
in python3Packages.buildPythonApplication rec {
pname = "xonsh2";
version = "master";
# fetch from github because the pypi package ships incomplete tests
src = fetchFromGitHub {
owner = "anki-code";
repo = "xonsh2";
rev = "bd96fcdce9319ab6b90c7d9ac47d2249b61144d0";
sha256 = "0b632rac8macfp2mmvhh1f34cf1m5qfpjajwnf676qk7jzn79vx6";
};
LC_ALL = "en_US.UTF-8";
postPatch = ''
sed -ie 's|/usr/bin/env|${coreutils}/bin/env|' scripts/xon.sh
find scripts -name 'xonsh*' -exec sed -i -e "s|env -S|env|" {} \;
find -name "*.xsh" | xargs sed -ie 's|/usr/bin/env|${coreutils}/bin/env|'
patchShebangs .
'';
doCheck = false;
checkPhase = ''
HOME=$TMPDIR pytest -k 'not test_repath_backslash and not test_os and not test_man_completion and not test_builtins and not test_main and not test_ptk_highlight and not test_pyghooks'
HOME=$TMPDIR pytest -k 'test_builtins or test_main' --reruns 5
HOME=$TMPDIR pytest -k 'test_ptk_highlight'
'';
checkInputs = [ python3Packages.pytest python3Packages.pytest-rerunfailures glibcLocales git ];
propagatedBuildInputs = with python3Packages; [ ply prompt_toolkit pygments ] ++ extraInputs;
meta = with lib; {
description = "A Python-ish, BASHwards-compatible shell";
homepage = "https://xon.sh/";
# changelog = "https://github.com/xonsh/xonsh/releases/tag/${version}";
license = licenses.bsd3;
platforms = platforms.all;
};
passthru = {
shellPath = "/bin/xonsh2";
};
}

3
makefu/1systems/omo/config.nix
View File

@ -43,7 +43,6 @@ in {
<stockholm/makefu/2configs/tools/dev.nix>
<stockholm/makefu/2configs/tools/desktop.nix>
<stockholm/makefu/2configs/tools/mobility.nix>
{ environment.systemPackages = [ pkgs.esniper ]; }
#<stockholm/makefu/2configs/graphite-standalone.nix>
#<stockholm/makefu/2configs/share-user-sftp.nix>
@ -141,6 +140,7 @@ in {
];
makefu.full-populate = true;
nixpkgs.config.allowUnfree = true;
users.users.share.isNormalUser = true;
users.groups.share = {
gid = (import <stockholm/lib>).genid "share";
members = [ "makefu" "misa" ];
@ -152,6 +152,7 @@ in {
users.users.misa = {
uid = 9002;
name = "misa";
isNormalUser = true;
};
zramSwap.enable = true;

2
makefu/1systems/x/x13/default.nix
View File

@ -8,7 +8,7 @@
<nixos-hardware/lenovo/thinkpad/l14/amd> # close enough
# <stockholm/makefu/2configs/hw/tpm.nix>
<stockholm/makefu/2configs/hw/ssd.nix>
<stockholm/makefu/2configs/hw/xmm7360.nix>
# <stockholm/makefu/2configs/hw/xmm7360.nix>
];
boot.zfs.requestEncryptionCredentials = true;
networking.hostId = "f8b8e0a2";

1
makefu/1systems/x/x13/zfs.nix
View File

@ -13,6 +13,7 @@
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.zfs.enableUnstable = true; # required for 21.05
fileSystems."/" =
{ device = "zroot/root/nixos";
fsType = "zfs";

1
makefu/2configs/bgt/download.binaergewitter.de.nix
View File

@ -22,6 +22,7 @@ in {
uid = genid "auphonic";
group = "nginx";
useDefaultShell = true;
isSystemUser = true;
openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ];
};

4
makefu/2configs/bgt/hidden_service.nix
View File

@ -41,8 +41,8 @@ in
services.tor = {
enable = true;
hiddenServices."${name}".map = [
{ port = "80"; }
# { port = "443"; toHost = "blog.binaergewitter.de"; }
{ port = 80; }
# { port = 443; toHost = "blog.binaergewitter.de"; }
];
};
}

2
makefu/2configs/bureautomation/default.nix
View File

@ -6,7 +6,7 @@ in {
imports = [
./ota.nix
./comic-updater.nix
./puppy-proxy.nix
# ./puppy-proxy.nix
./zigbee2mqtt

3
makefu/2configs/dcpp/hub.nix
View File

@ -33,10 +33,11 @@ let
uhubDir = "/var/lib/uhub";
in {
users.extraUsers."${ddclientUser}" = {
users.users."${ddclientUser}" = {
uid = genid "ddclient";
description = "ddclient daemon user";
home = stateDir;
isSystemUser = true;
createHome = true;
};

1
makefu/2configs/default.nix
View File

@ -23,6 +23,7 @@ with import <stockholm/lib>;
group = "users";
home = "/home/makefu";
createHome = true;
isNormalUser = true;
useDefaultShell = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];

2
makefu/2configs/deployment/owncloud.nix
View File

@ -75,7 +75,7 @@ in {
};
};
services.redis.enable = true;
systemd.services.redis.serviceConfig.LimitNOFILE=65536;
systemd.services.redis.serviceConfig.LimitNOFILE=mkForce "65536";
services.postgresql = {
enable = true;
# Ensure the database, user, and permissions always exist

5
makefu/2configs/deployment/rss.euer.krebsco.de.nix
View File

@ -7,6 +7,11 @@ in {
virtualHost = fqdn;
selfUrlPath = "https://${fqdn}";
};
nixpkgs.config.permittedInsecurePackages = [
"python2.7-Pillow-6.2.2"
];
systemd.services.tt-rss.serviceConfig.ExecStart = lib.mkForce "${pkgs.php}/bin/php /var/lib/tt-rss/update_daemon2.php";
services.postgresql.package = pkgs.postgresql_9_6;
state = [ config.services.postgresqlBackup.location ];

2
makefu/2configs/filepimp-share.nix
View File

@ -6,7 +6,7 @@ let
in {
users.users.smbguest = {
name = "smbguest";
uid = config.ids.uids.smbguest;
uid = config.ids.uids.smbguest; # effectively systemUser
description = "smb guest user";
home = "/var/empty";
};

5
makefu/2configs/home/metube.nix
View File

@ -26,7 +26,10 @@ in
];
user = "metube";
};
users.users.metube.uid = uid;
users.users.metube = {
uid = uid;
isSystemUser = true;
};
systemd.services.docker-metube.serviceConfig = {
StandardOutput = lib.mkForce "journal";

2
makefu/2configs/home/zigbee2mqtt/default.nix
View File

@ -20,7 +20,7 @@ in
services.zigbee2mqtt = {
enable = true;
inherit dataDir;
config = {
settings = {
permit_join = true;
serial.port = "/dev/cc2531";
homeassistant = true;

2
makefu/2configs/lanparty/samba.nix
View File

@ -3,7 +3,7 @@
networking.firewall.allowedTCPPorts = [ 139 445 ];
users.users.smbguest = {
name = "smbguest";
uid = config.ids.uids.smbguest;
uid = config.ids.uids.smbguest; #effectively systemUser
description = "smb guest user";
home = "/data/lanparty";
createHome = true;

1
makefu/2configs/nsupdate-data.nix
View File

@ -34,6 +34,7 @@ in {
description = "ddclient daemon user";
home = stateDir;
createHome = true;
isSystemUser = true;
};
systemd.services = {

15
makefu/2configs/remote-build/slave.nix
View File

@ -1,11 +1,12 @@
{config,...}:{
nix.trustedUsers = [ "nixBuild" ];
users.users.nixBuild = {
name = "nixBuild";
useDefaultShell = true;
openssh.authorizedKeys.keys = [
config.krebs.users.buildbotSlave.pubkey
config.krebs.users.makefu-remote-builder.pubkey
];
};
name = "nixBuild";
isNormalUser = true;
useDefaultShell = true;
openssh.authorizedKeys.keys = [
config.krebs.users.buildbotSlave.pubkey
config.krebs.users.makefu-remote-builder.pubkey
];
};
}

1
makefu/2configs/share-user-sftp.nix
View File

@ -5,6 +5,7 @@
share = {
uid = 9002;
home = "/var/empty";
isNormalUser = true;
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
};
};

5
makefu/2configs/share/gum.nix
View File

@ -11,7 +11,10 @@ in {
# home = "/var/empty";
# };
environment.systemPackages = [ pkgs.samba ];
users.users.download.uid = genid "download";
users.users.download = {
uid = genid "download";
isNormalUser = true;
};
services.samba = {
enable = true;
shares = {

2
makefu/2configs/share/temp-share-samba.nix
View File

@ -9,7 +9,7 @@
networking.firewall.allowedTCPPorts = [ 139 445 ];
users.users.smbguest = {
name = "smbguest";
uid = config.ids.uids.smbguest;
uid = config.ids.uids.smbguest; # effectively systemUser
description = "smb guest user";
home = "/home/share";
createHome = true;

2
makefu/2configs/share/wbob.nix
View File

@ -3,7 +3,7 @@
networking.firewall.allowedTCPPorts = [ 139 445 ];
users.users.smbguest = {
name = "smbguest";
uid = config.ids.uids.smbguest;
uid = config.ids.uids.smbguest; # effectively systemUser
description = "smb guest user";
home = "/home/share";
createHome = true;

1
makefu/2configs/stats/arafetch.nix
View File

@ -23,6 +23,7 @@ in {
uid = genid "arafetch";
inherit home;
createHome = true;
isSystemUser = true;
};
systemd.services.ara2mqtt = {

Some files were not shown because too many files have changed in this diff Show More