Merge branch '21.05'

This commit is contained in:
makefu 2021-06-06 19:15:44 +02:00
commit 74058abe0b
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
122 changed files with 607 additions and 594 deletions

View File

@ -22,8 +22,6 @@ with import <stockholm/lib>;
pkgs.vaapiVdpau pkgs.vaapiVdpau
]; ];
security.rngd.enable = mkDefault true;
services.xserver = { services.xserver = {
videoDriver = "intel"; videoDriver = "intel";
}; };

View File

@ -61,7 +61,7 @@
}; };
privset "op" { privset "op" {
privs = oper:admin; privs = oper:admin, oper:general;
}; };
operator "aids" { operator "aids" {

View File

@ -68,6 +68,7 @@
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
}; };
systemd.services.brockman.bindsTo = [ "solanum.service" ];
systemd.services.brockman.serviceConfig.LimitNOFILE = 16384; systemd.services.brockman.serviceConfig.LimitNOFILE = 16384;
systemd.services.brockman.environment.BROCKMAN_LOG_LEVEL = "DEBUG"; systemd.services.brockman.environment.BROCKMAN_LOG_LEVEL = "DEBUG";
krebs.brockman = { krebs.brockman = {

View File

@ -119,6 +119,7 @@ in {
users.users.reaktor2 = { users.users.reaktor2 = {
uid = genid_uint31 "reaktor2"; uid = genid_uint31 "reaktor2";
home = stateDir; home = stateDir;
isSystemUser = true;
}; };
krebs.reaktor2 = { krebs.reaktor2 = {

View File

@ -12,6 +12,7 @@ let
in { in {
users.users.muell_mail = { users.users.muell_mail = {
inherit home; inherit home;
isSystemUser = true;
createHome = true; createHome = true;
}; };
systemd.services.muell_mail = { systemd.services.muell_mail = {

View File

@ -13,6 +13,7 @@ let
in { in {
users.users.muellshack = { users.users.muellshack = {
inherit home; inherit home;
isSystemUser = true;
createHome = true; createHome = true;
}; };
services.nginx.virtualHosts."muell.shack" = { services.nginx.virtualHosts."muell.shack" = {

View File

@ -14,6 +14,7 @@ in {
networking.firewall.allowedUDPPorts = [ 2342 ]; networking.firewall.allowedUDPPorts = [ 2342 ];
users.users.node-light = { users.users.node-light = {
inherit home; inherit home;
isSystemUser = true;
createHome = true; createHome = true;
}; };
services.nginx.virtualHosts."lounge.light.shack" = { services.nginx.virtualHosts."lounge.light.shack" = {

View File

@ -14,7 +14,10 @@ let
in { in {
# receive response from light.shack / standby.shack # receive response from light.shack / standby.shack
networking.firewall.allowedUDPPorts = [ 11111 ]; networking.firewall.allowedUDPPorts = [ 11111 ];
users.users.powermeter.extraGroups = [ "dialout" ]; users.users.powermeter = {
extraGroups = [ "dialout" ];
isSystemUser = true;
};
# we make sure that usb-ttl has the correct permissions # we make sure that usb-ttl has the correct permissions
# creates /dev/powerraw # creates /dev/powerraw

View File

@ -14,6 +14,7 @@ in {
users.users.s3_power = { users.users.s3_power = {
inherit home; inherit home;
createHome = true; createHome = true;
isSystemUser = true;
}; };
systemd.services.s3-power = { systemd.services.s3-power = {
startAt = "daily"; startAt = "daily";

View File

@ -30,6 +30,7 @@ in {
users.users.shackDNS = { users.users.shackDNS = {
inherit home; inherit home;
createHome = true; createHome = true;
isSystemUser = true;
}; };
services.nginx.virtualHosts."leases.shack" = { services.nginx.virtualHosts."leases.shack" = {
locations."/" = { locations."/" = {

View File

@ -1,7 +1,7 @@
{config, ... }:{ {config, ... }:{
users.users.smbguest = { users.users.smbguest = {
name = "smbguest"; name = "smbguest";
uid = config.ids.uids.smbguest; uid = config.ids.uids.smbguest; #effectively systemUser
group = "share"; group = "share";
description = "smb guest user"; description = "smb guest user";
home = "/home/share"; home = "/home/share";

View File

@ -58,7 +58,7 @@ let
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/9c/f6/d839e4b14258d76e74a39810829c13f8dd31de2bfe0915579b2a609d1bbe/aiocoap-0.3.tar.gz"; sha256 = "402d4151db6d8d0b1d66af5b6e10e0de1521decbf12140637e5b8d2aa9c5aef6"; }; src = pkgs.fetchurl { url = "https://pypi.python.org/packages/9c/f6/d839e4b14258d76e74a39810829c13f8dd31de2bfe0915579b2a609d1bbe/aiocoap-0.3.tar.gz"; sha256 = "402d4151db6d8d0b1d66af5b6e10e0de1521decbf12140637e5b8d2aa9c5aef6"; };
propagatedBuildInputs = [ ]; propagatedBuildInputs = [ ];
doCheck = false; # 2 errors, dunnolol doCheck = false; # 2 errors, dunnolol
meta = with pkgs.stdenv.lib; { meta = with pkgs.lib; {
homepage = ""; homepage = "";
license = licenses.mit; license = licenses.mit;
description = "Python CoAP library"; description = "Python CoAP library";
@ -68,7 +68,7 @@ let
name = "LinkHeader-0.4.3"; name = "LinkHeader-0.4.3";
src = pkgs.fetchurl { url = "https://files.pythonhosted.org/packages/27/d4/eb1da743b2dc825e936ef1d9e04356b5701e3a9ea022c7aaffdf4f6b0594/LinkHeader-0.4.3.tar.gz"; sha256 = "7fbbc35c0ba3fbbc530571db7e1c886e7db3d718b29b345848ac9686f21b50c3"; }; src = pkgs.fetchurl { url = "https://files.pythonhosted.org/packages/27/d4/eb1da743b2dc825e936ef1d9e04356b5701e3a9ea022c7aaffdf4f6b0594/LinkHeader-0.4.3.tar.gz"; sha256 = "7fbbc35c0ba3fbbc530571db7e1c886e7db3d718b29b345848ac9686f21b50c3"; };
propagatedBuildInputs = [ ]; propagatedBuildInputs = [ ];
meta = with pkgs.stdenv.lib; { meta = with pkgs.lib; {
homepage = ""; homepage = "";
license = licenses.bsdOriginal; license = licenses.bsdOriginal;
description = "Parse and format link headers according to RFC 5988 \"Web Linking\""; description = "Parse and format link headers according to RFC 5988 \"Web Linking\"";

View File

@ -268,6 +268,7 @@ let
uid = genid "airdcpp"; uid = genid "airdcpp";
home = cfg.stateDir; home = cfg.stateDir;
createHome = true; createHome = true;
isSystemUser = true;
inherit (cfg) extraGroups; inherit (cfg) extraGroups;
}; };
groups.airdcpp.gid = genid "airdcpp"; groups.airdcpp.gid = genid "airdcpp";

View File

@ -146,6 +146,7 @@ let
uid = genid_uint31 "bepasty"; uid = genid_uint31 "bepasty";
group = "bepasty"; group = "bepasty";
home = "/var/lib/bepasty-server"; home = "/var/lib/bepasty-server";
isSystemUser = true;
}; };
users.extraGroups.bepasty = { users.extraGroups.bepasty = {
gid = genid_uint31 "bepasty"; gid = genid_uint31 "bepasty";

View File

@ -12,7 +12,7 @@ in {
users.extraUsers.brockman = { users.extraUsers.brockman = {
home = "/var/lib/brockman"; home = "/var/lib/brockman";
createHome = true; createHome = true;
isNormalUser = false; isSystemUser = true;
uid = genid_uint31 "brockman"; uid = genid_uint31 "brockman";
}; };

View File

@ -322,6 +322,7 @@ let
description = "Buildbot Master"; description = "Buildbot Master";
home = cfg.workDir; home = cfg.workDir;
createHome = false; createHome = false;
isSystemUser = true;
}; };
users.extraGroups.buildbotMaster = { users.extraGroups.buildbotMaster = {

View File

@ -131,6 +131,7 @@ let
description = "Buildbot Slave"; description = "Buildbot Slave";
home = cfg.workDir; home = cfg.workDir;
createHome = false; createHome = false;
isSystemUser = true;
}; };
users.extraGroups.buildbotSlave = { users.extraGroups.buildbotSlave = {

View File

@ -78,6 +78,7 @@ in {
inherit (cfg.user) home name uid; inherit (cfg.user) home name uid;
createHome = true; createHome = true;
group = cfg.group.name; group = cfg.group.name;
isSystemUser = true;
}; };
}; };
}; };

View File

@ -563,6 +563,58 @@ in {
}; };
}; };
}; };
nxnx = {
owner = config.krebs.users.rtjure;
nets = {
retiolum = {
ip4.addr = "10.243.122.126";
aliases = [
"nxnx.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA2JWNe54YaFM+flK3LlPwgOSgVRmZi+e+Qhc6uJYIxkQcAvJKpKJQ
1M4h7OE7eiJLdDp/aGaHe4BuII15/0lFJwYf1Zt8E1zN54QtwuELkDgOhgkhgvVb
tO+maHh10xsQMFlhpUztEk8oQuBu5toC795nKY7lBR2o6V2dPbbVo1+qr7qArOWo
cBlshRhEDjuzJUMHLlUGu43/miWeDewAq4O7U/nNNEz/v8KbESqP9HtTjelAeWz6
zGha8hSn+Snkt76kP15drgn1L8MMFvnm5EeJ5VkehnpOi8Vi9Yqln+VGwlvbhEdK
ST0gxNBKoSvLITS1P/ypfiEXARUOffgq+kLA2Hyet0DfBjCMD+WkTBlj1QyXLs10
3/xBntlOQqBcLIdpi/yRs7miyQlyblqsyiQOCukIvibdHB1RLdVBhUE3A7hgw4R+
+3ug/mQR+fDOpNB/sOkorcTVgA04KENUHc+6OqA0dvoAYr8l7N4+az3AtyHDNr5x
4otjxOq4fmu80sbm5Ry9SoNYMc4fOuWIZDHZ/ntDKqzHw3BaNB9vNkpKj22nArI4
cwAMPPJMJJ+Ef7tIzZ+NKtPudqztoLa5AYNllV7K9gS6NG0Yzk6iIQ42bKgfsZFn
9AkCdv8EycNIAIbBomPv2XIKYlKs3RfWEjRcSl3TQl4b3bilCicgnLECAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
nxnv = {
owner = config.krebs.users.rtjure;
nets = {
retiolum = {
ip4.addr = "10.243.122.127";
aliases = [
"nxnv.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAxEs92W/wRl3wlB6fNS2KUS+ubFAPLkgQYhk4JXeEeTpUq1H27oxB
ZWgWOlLMqnvn3w+aHQviWWPl5F6jXCxDOWCwyLhZU4cs45+ub9KKezCeE8IN+gAt
NKDqmRFzao9EXoT7sR65BblqEUR/Aqpykv7n4JdL5pGDbw1GGJ6Xf5QZo2sYm4wp
wdqOROn/V2Sm8NgmD1K6Sa2i6BLHSvHqunI4qoTyMfGXl8sbw6I2iclpQy8td9bt
1WA7F9kVTZdhaWgfpiZ8sKQ9LoFKoy6jnoppQcl/E8V2XNnjPy8obaLX9rTJ/deT
eW9qmfZeYiFSaDLLWEIZjhaU2l9z72oWyUW8w8GZQD+ypGi+UDMkbAhRHiaVGOZy
S7AodiEL2Ebzj6XJaNYC3LYm5R8U6XlvcHwn4FDtgKkqwXz08cZsPwQLoBjXUEi/
9/A5WEwrmp62TJ/ZRcRwV8/dBklrc/4FT0q0CiMuCWcbjF891d68TvcXlVU3gCwN
ld80CS17o2dOsBBW4nft7+9tL545p7mMjw6Oa4kRUTo2n1mYkMdTGZR+tOCD6hvW
45IG7vGq5EnRwolekGoMRf8RthajU2RXcIoNWnVon0so0Rja+AU9G7dobd/2qila
jta1Mou2vzUSAbdwXtBwJHlV9882p1utMlU9XVEZwQXfWSt488tQqzsCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
ada = { ada = {
owner = config.krebs.users.filly; owner = config.krebs.users.filly;
nets = { nets = {

View File

@ -57,6 +57,7 @@ let
description = "fetchWallpaper user"; description = "fetchWallpaper user";
home = cfg.stateDir; home = cfg.stateDir;
createHome = true; createHome = true;
isSystemUser = true;
}; };
systemd.timers.fetchWallpaper = { systemd.timers.fetchWallpaper = {

View File

@ -366,6 +366,7 @@ let
# To allow running cgit-clear-cache via hooks. # To allow running cgit-clear-cache via hooks.
cfg.cgit.fcgiwrap.group.name cfg.cgit.fcgiwrap.group.name
]; ];
isSystemUser = true;
shell = "/bin/sh"; shell = "/bin/sh";
openssh.authorizedKeys.keys = openssh.authorizedKeys.keys =
unique unique
@ -384,6 +385,7 @@ let
users.${cfg.cgit.fcgiwrap.user.name} = { users.${cfg.cgit.fcgiwrap.user.name} = {
inherit (cfg.cgit.fcgiwrap.user) home name uid; inherit (cfg.cgit.fcgiwrap.user) home name uid;
group = cfg.cgit.fcgiwrap.group.name; group = cfg.cgit.fcgiwrap.group.name;
isSystemUser = true;
}; };
}; };

View File

@ -65,6 +65,7 @@ let
users.users.${user.name} = { users.users.${user.name} = {
inherit (user) uid; inherit (user) uid;
home = cfg.dataDir; home = cfg.dataDir;
isSystemUser = true;
}; };
}; };

View File

@ -66,6 +66,7 @@ let
nameValuePair htgen.user.name { nameValuePair htgen.user.name {
inherit (htgen.user) home name uid; inherit (htgen.user) home name uid;
createHome = true; createHome = true;
isSystemUser = true;
} }
) cfg; ) cfg;

View File

@ -60,6 +60,7 @@ let
uid = genid "realwallpaper"; uid = genid "realwallpaper";
home = cfg.workingDir; home = cfg.workingDir;
createHome = true; createHome = true;
isSystemUser = true;
}; };
}; };

View File

@ -236,6 +236,7 @@ let
nameValuePair "${netname}" { nameValuePair "${netname}" {
inherit (cfg.user) home name uid; inherit (cfg.user) home name uid;
createHome = true; createHome = true;
isSystemUser = true;
} }
) config.krebs.tinc; ) config.krebs.tinc;

View File

@ -127,6 +127,7 @@ let
users.extraUsers.tinc_graphs = { users.extraUsers.tinc_graphs = {
uid = genid_uint31 "tinc_graphs"; uid = genid_uint31 "tinc_graphs";
home = "/var/spool/tinc_graphs"; home = "/var/spool/tinc_graphs";
isSystemUser = true;
}; };
services.nginx = mkIf cfg.nginx.enable { services.nginx = mkIf cfg.nginx.enable {
enable = mkDefault true; enable = mkDefault true;

View File

@ -193,6 +193,7 @@ let
inherit (user) uid; inherit (user) uid;
home = cfg.dataDir; home = cfg.dataDir;
createHome = true; createHome = true;
isSystemUser = true;
}; };
}; };

View File

@ -11,44 +11,14 @@ self: super: {
}); });
flameshot = super.flameshot.overrideAttrs (old: rec { flameshot = super.flameshot.overrideAttrs (old: rec {
patches = old.patches or [] ++ [ patches = old.patches or [] ++ {
(self.writeText "flameshot-imgur.patch" /* diff */ '' "0.6.0" = [
--- a/src/tools/imgur/imguruploader.cpp ./flameshot/flameshot_imgur_0.6.0.patch
+++ b/src/tools/imgur/imguruploader.cpp ];
@@ -40,6 +40,7 @@ "0.9.0" = [
#include <QTimer> ./flameshot/flameshot_imgur_0.9.0.patch
#include <QJsonDocument> ];
#include <QJsonObject> }.${old.version};
+#include <stdlib.h>
ImgurUploader::ImgurUploader(const QPixmap &capture, QWidget *parent) :
QWidget(parent), m_pixmap(capture)
@@ -74,7 +75,10 @@ void ImgurUploader::handleReply(QNetworkReply *reply) {
QJsonObject json = response.object();
QJsonObject data = json["data"].toObject();
m_imageURL.setUrl(data["link"].toString());
- m_deleteImageURL.setUrl(QString("https://imgur.com/delete/%1").arg(
+ char *deleteImageURLPattern = secure_getenv("IMGUR_DELETE_URL");
+ if (deleteImageURLPattern == NULL)
+ deleteImageURLPattern = "https://imgur.com/delete/%1";
+ m_deleteImageURL.setUrl(QString(deleteImageURLPattern).arg(
data["deletehash"].toString()));
onUploadOk();
} else {
@@ -105,7 +109,10 @@ void ImgurUploader::upload() {
QString description = FileNameHandler().parsedPattern();
urlQuery.addQueryItem("description", description);
- QUrl url("https://api.imgur.com/3/image");
+ char *createImageURLPattern = secure_getenv("IMGUR_CREATE_URL");
+ if (createImageURLPattern == NULL)
+ createImageURLPattern = "https://api.imgur.com/3/image";
+ QUrl url(createImageURLPattern);
url.setQuery(urlQuery);
QNetworkRequest request(url);
request.setHeader(QNetworkRequest::ContentTypeHeader,
'')
];
}); });
# https://github.com/proot-me/PRoot/issues/106 # https://github.com/proot-me/PRoot/issues/106

View File

@ -0,0 +1,34 @@
--- a/src/tools/imgur/imguruploader.cpp
+++ b/src/tools/imgur/imguruploader.cpp
@@ -40,6 +40,7 @@
#include <QTimer>
#include <QJsonDocument>
#include <QJsonObject>
+#include <stdlib.h>
ImgurUploader::ImgurUploader(const QPixmap &capture, QWidget *parent) :
QWidget(parent), m_pixmap(capture)
@@ -74,7 +75,10 @@ void ImgurUploader::handleReply(QNetworkReply *reply) {
QJsonObject json = response.object();
QJsonObject data = json["data"].toObject();
m_imageURL.setUrl(data["link"].toString());
- m_deleteImageURL.setUrl(QString("https://imgur.com/delete/%1").arg(
+ char *deleteImageURLPattern = secure_getenv("IMGUR_DELETE_URL");
+ if (deleteImageURLPattern == NULL)
+ deleteImageURLPattern = "https://imgur.com/delete/%1";
+ m_deleteImageURL.setUrl(QString(deleteImageURLPattern).arg(
data["deletehash"].toString()));
onUploadOk();
} else {
@@ -105,7 +109,10 @@ void ImgurUploader::upload() {
QString description = FileNameHandler().parsedPattern();
urlQuery.addQueryItem("description", description);
- QUrl url("https://api.imgur.com/3/image");
+ char *createImageURLPattern = secure_getenv("IMGUR_CREATE_URL");
+ if (createImageURLPattern == NULL)
+ createImageURLPattern = "https://api.imgur.com/3/image";
+ QUrl url(createImageURLPattern);
url.setQuery(urlQuery);
QNetworkRequest request(url);
request.setHeader(QNetworkRequest::ContentTypeHeader,

View File

@ -0,0 +1,35 @@
--- a/src/tools/imgur/imguruploader.cpp
+++ b/src/tools/imgur/imguruploader.cpp
@@ -31,6 +31,7 @@
#include <QTimer>
#include <QUrlQuery>
#include <QVBoxLayout>
+#include <stdlib.h>
ImgurUploader::ImgurUploader(const QPixmap& capture, QWidget* parent)
: QWidget(parent)
@@ -79,8 +80,11 @@ void ImgurUploader::handleReply(QNetworkReply* reply)
m_imageURL.setUrl(data[QStringLiteral("link")].toString());
auto deleteToken = data[QStringLiteral("deletehash")].toString();
+ char *deleteImageURLPattern = secure_getenv("IMGUR_DELETE_URL");
+ if (deleteImageURLPattern == NULL)
+ deleteImageURLPattern = "https://imgur.com/delete/%1";
m_deleteImageURL.setUrl(
- QStringLiteral("https://imgur.com/delete/%1").arg(deleteToken));
+ QString::fromUtf8(deleteImageURLPattern).arg(deleteToken));
// save history
QString imageName = m_imageURL.toString();
@@ -133,7 +137,10 @@ void ImgurUploader::upload()
QString description = FileNameHandler().parsedPattern();
urlQuery.addQueryItem(QStringLiteral("description"), description);
- QUrl url(QStringLiteral("https://api.imgur.com/3/image"));
+ char *createImageURLPattern = secure_getenv("IMGUR_CREATE_URL");
+ if (createImageURLPattern == NULL)
+ createImageURLPattern = "https://api.imgur.com/3/image";
+ QUrl url(QString::fromUtf8(createImageURLPattern));
url.setQuery(urlQuery);
QNetworkRequest request(url);
request.setHeader(QNetworkRequest::ContentTypeHeader,

View File

@ -1,4 +1,5 @@
{ stdenv, fetchurl, makeWrapper, which { fetchurl, lib, makeWrapper, stdenv
, which
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "airdcpp-webclient-${version}"; name = "airdcpp-webclient-${version}";
@ -17,7 +18,7 @@ stdenv.mkDerivation rec {
''; '';
nativeBuildInputs = [ makeWrapper ]; nativeBuildInputs = [ makeWrapper ];
meta = with stdenv.lib; { meta = with lib; {
# to start it: airdcpp -p=<pid-file> -c=<config-store-path (must be writeable)> --configure # to start it: airdcpp -p=<pid-file> -c=<config-store-path (must be writeable)> --configure
description = "dcpp client (statically precompiled)"; description = "dcpp client (statically precompiled)";
homepage = http://fixme; homepage = http://fixme;

View File

@ -1,6 +1,6 @@
{ pkgs, fetchFromGitHub, python2Packages, git, ... }: { pkgs, fetchFromGitHub, python3Packages, git, ... }:
python2Packages.buildPythonApplication rec { python3Packages.buildPythonApplication rec {
name = "buildbot-classic-${version}"; name = "buildbot-classic-${version}";
version = "0.8.18"; version = "0.8.18";
namePrefix = ""; namePrefix = "";
@ -15,11 +15,10 @@ python2Packages.buildPythonApplication rec {
postUnpack = "sourceRoot=\${sourceRoot}/master"; postUnpack = "sourceRoot=\${sourceRoot}/master";
propagatedBuildInputs = [ propagatedBuildInputs = [
python2Packages.jinja2 python3Packages.jinja2
python2Packages.twisted python3Packages.twisted
python2Packages.dateutil python3Packages.dateutil
python2Packages.sqlalchemy_migrate python3Packages.sqlalchemy_migrate
python2Packages.pysqlite
pkgs.coreutils pkgs.coreutils
]; ];
doCheck = false; doCheck = false;

View File

@ -1,4 +1,6 @@
{ stdenv, fetchgit, bc, cac-cert, coreutils, curl, dash, gnugrep, gnused, inotifyTools, jq, ncurses, openssh, sshpass, ... }: { fetchgit, lib, stdenv
, bc, cac-cert, coreutils, curl, dash, gnugrep, gnused, inotifyTools, jq, ncurses, openssh, sshpass
}:
stdenv.mkDerivation { stdenv.mkDerivation {
name = "cac-api-1.1.2"; name = "cac-api-1.1.2";
@ -18,7 +20,7 @@ stdenv.mkDerivation {
mkdir -p $out/bin mkdir -p $out/bin
{ cat <<\EOF { cat <<\EOF
#! ${dash}/bin/dash #! ${dash}/bin/dash
export PATH=${stdenv.lib.makeBinPath [ export PATH=${lib.makeBinPath [
bc bc
coreutils coreutils
curl curl

View File

@ -1,4 +1,6 @@
{ coreutils, curl, fetchgit, gnugrep, gnused, stdenv, utillinux }: { fetchgit, lib, stdenv
, coreutils, curl, gnugrep, gnused, utillinux
}:
stdenv.mkDerivation { stdenv.mkDerivation {
name = "dic"; name = "dic";
@ -16,7 +18,7 @@ stdenv.mkDerivation {
installPhase = installPhase =
let let
path = stdenv.lib.makeBinPath [ path = lib.makeBinPath [
coreutils coreutils
curl curl
gnused gnused

View File

@ -1,10 +1,10 @@
{stdenv,fetchurl,pkgs,python3Packages, ... }: { fetchurl, lib, stdenv, python3Packages }:
python3Packages.buildPythonPackage rec { python3Packages.buildPythonPackage rec {
name = "drivedroid-gen-repo-${version}"; name = "drivedroid-gen-repo-${version}";
version = "0.4.4"; version = "0.4.4";
propagatedBuildInputs = with pkgs;[ propagatedBuildInputs = [
python3Packages.docopt python3Packages.docopt
]; ];
@ -16,7 +16,7 @@ python3Packages.buildPythonPackage rec {
meta = { meta = {
homepage = http://krebsco.de/; homepage = http://krebsco.de/;
description = "Generate Drivedroid repos"; description = "Generate Drivedroid repos";
license = stdenv.lib.licenses.wtfpl; license = lib.licenses.wtfpl;
}; };
} }

View File

@ -0,0 +1,23 @@
{ buildGo116Module , fetchFromGitHub, lib }:
buildGo116Module rec {
pname = "ergo";
version = "2.7.0-rc1";
src = fetchFromGitHub {
owner = "ergochat";
repo = "ergo";
rev = "v${version}";
sha256 = "0vdrvr991an6f6zsadpsy0npmb4058b278xgc7rh8vhp12m501b4";
};
vendorSha256 = null;
meta = {
description = "A modern IRC server (daemon/ircd) written in Go";
homepage = "https://github.com/ergochat/ergo";
license = lib.licenses.mit;
maintainers = [ lib.maintainers.tv ];
platforms = lib.platforms.linux;
};
}

View File

@ -1,9 +1,9 @@
{ stdenv, fetchurl { fetchurl, lib, stdenv
, jre, libX11, libXext, libXcursor, libXrandr, libXxf86vm , jre, libX11, libXext, libXcursor, libXrandr, libXxf86vm
, openjdk , openjdk
, mesa_glu, openal , mesa_glu, openal
, useAlsa ? false, alsaOss ? null }: , useAlsa ? false, alsaOss ? null }:
with stdenv.lib; with lib;
assert useAlsa -> alsaOss != null; assert useAlsa -> alsaOss != null;

View File

@ -1,4 +1,6 @@
{ coreutils, gnugrep, gnused, fetchgit, jq, nix, stdenv, ... }: { fetchgit, lib, stdenv
, coreutils, gnugrep, gnused, jq, nix
}:
stdenv.mkDerivation { stdenv.mkDerivation {
name = "get-1.4.1"; name = "get-1.4.1";
@ -16,7 +18,7 @@ stdenv.mkDerivation {
installPhase = installPhase =
let let
path = stdenv.lib.makeBinPath [ path = lib.makeBinPath [
coreutils coreutils
gnugrep gnugrep
gnused gnused

View File

@ -1,4 +1,4 @@
{ pkgs, stdenv, ... }: { lib, pkgs, stdenv }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "github-hosts-sync-${version}"; name = "github-hosts-sync-${version}";
@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
installPhase = let installPhase = let
ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
path = stdenv.lib.makeBinPath [ path = lib.makeBinPath [
pkgs.git pkgs.git
pkgs.nettools pkgs.nettools
pkgs.openssh pkgs.openssh

View File

@ -1,4 +1,4 @@
{ stdenv, pkgs, ... }: { lib, pkgs, stdenv, pkgs }:
with pkgs.python3Packages; with pkgs.python3Packages;
buildPythonPackage rec { buildPythonPackage rec {
pname = "internetarchive"; pname = "internetarchive";
@ -32,7 +32,7 @@ buildPythonPackage rec {
sed -i "s/'schema.*'/'schema>=0.4.0'/" setup.py sed -i "s/'schema.*'/'schema>=0.4.0'/" setup.py
''; '';
meta = with stdenv.lib; { meta = with lib; {
description = "python library and cli for uploading files to internet archive"; description = "python library and cli for uploading files to internet archive";
license = licenses.agpl3; license = licenses.agpl3;
}; };

View File

@ -1,7 +1,7 @@
{ stdenv, pam, { fetchurl, lib, stdenv
fetchurl, lib, , pam
wordset-file ? null, # set your own wordset-file , wordset-file ? null, # set your own wordset-file
... }: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "passwdqc-utils-${version}"; name = "passwdqc-utils-${version}";
@ -30,8 +30,8 @@ stdenv.mkDerivation rec {
meta = { meta = {
description = "passwdqc utils (pwqgen,pwqcheck) and library"; description = "passwdqc utils (pwqgen,pwqcheck) and library";
license = stdenv.lib.licenses.bsd3; license = lib.licenses.bsd3;
maintainers = [ stdenv.lib.maintainers.makefu ]; maintainers = [ lib.maintainers.makefu ];
patforms = stdenv.lib.platforms.linux; # more installFlags must be set for Darwin,Solaris patforms = lib.platforms.linux; # more installFlags must be set for Darwin,Solaris
}; };
} }

View File

@ -1,8 +1,9 @@
{ coreutils, fetchgit, findutils, git, gnused, jq, openssh, pass, rsync, stdenv { fetchgit, lib, stdenv
, coreutils, findutils, git, gnused, jq, openssh, pass, rsync
}: }:
let let
PATH = stdenv.lib.makeBinPath [ PATH = lib.makeBinPath [
coreutils coreutils
findutils findutils
git git

View File

@ -1,4 +1,4 @@
{ pkgs, stdenv, fetchFromGitHub }: { fetchFromGitHub, lib, pkgs, stdenv }:
## use with: ## use with:
# . $(command -v slog.sh) # . $(command -v slog.sh)
@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
install -m755 slog.sh $out/bin install -m755 slog.sh $out/bin
''; '';
meta = with stdenv.lib; { meta = with lib; {
description = "POSIX shell logging"; description = "POSIX shell logging";
license = licenses.mit; license = licenses.mit;
}; };

View File

@ -1,62 +0,0 @@
{ lib, stdenv
, fetchFromGitHub
, autoreconfHook
, pkg-config
, bison
, flex
, openssl
, sqlite
, lksctp-tools
}:
stdenv.mkDerivation rec {
pname = "solanum";
version = "unstable-2021-04-27";
src = fetchFromGitHub {
owner = "solanum-ircd";
repo = pname;
rev = "3ff5a12e75662e9a642f2a4364797bd361eb0925";
sha256 = "14ywmfdv8cncbyg08y2qdis00kwg8lvhkcgj185is67smh0qf88f";
};
patches = [
./dont-create-logdir.patch
];
configureFlags = [
"--enable-epoll"
"--enable-ipv6"
"--enable-openssl=${openssl.dev}"
"--with-program-prefix=solanum-"
"--localstatedir=/var/lib"
"--with-rundir=/run"
"--with-logdir=/var/log"
] ++ lib.optionals (stdenv.isLinux) [
"--enable-sctp=${lksctp-tools.out}/lib"
];
nativeBuildInputs = [
autoreconfHook
bison
flex
pkg-config
];
buildInputs = [
openssl
sqlite
];
doCheck = !stdenv.isDarwin;
enableParallelBuilding = true;
meta = with lib; {
description = "An IRCd for unified networks";
homepage = "https://github.com/solanum-ircd/solanum";
license = licenses.gpl2Only;
maintainers = with maintainers; [ hexa ];
platforms = platforms.unix;
};
}

View File

@ -1,14 +0,0 @@
diff --git a/Makefile.am b/Makefile.am
index 19e7b396..21093521 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -35,9 +35,6 @@ include/serno.h:
echo '#define DATECODE 0UL' >>include/serno.h; \
fi
-install-data-hook:
- test -d ${DESTDIR}${logdir} || mkdir -p ${DESTDIR}${logdir}
-
install-exec-hook:
rm -f ${DESTDIR}${libdir}/*.la
rm -f ${DESTDIR}${moduledir}/*.la

View File

@ -1,4 +1,4 @@
{ fetchFromGitHub, python3Packages, stdenv }: { fetchFromGitHub, lib, python3Packages, stdenv }:
python3Packages.buildPythonPackage rec { python3Packages.buildPythonPackage rec {
inherit (meta) version; inherit (meta) version;
@ -46,9 +46,9 @@ python3Packages.buildPythonPackage rec {
meta = { meta = {
description = "tool for ssh server auditing"; description = "tool for ssh server auditing";
homepage = "https://github.com/arthepsy/ssh-audit"; homepage = "https://github.com/arthepsy/ssh-audit";
license = stdenv.lib.licenses.mit; license = lib.licenses.mit;
maintainers = [ maintainers = [
stdenv.lib.maintainers.tv lib.maintainers.tv
]; ];
version = "1.7.0"; version = "1.7.0";
}; };

View File

@ -1,4 +1,4 @@
{stdenv,fetchurl,pkgs,python3Packages, ... }: { fetchurl, lib, pkgs, python3Packages, stdenv }:
python3Packages.buildPythonPackage rec { python3Packages.buildPythonPackage rec {
name = "tinc_graphs-${version}"; name = "tinc_graphs-${version}";
@ -22,7 +22,7 @@ python3Packages.buildPythonPackage rec {
meta = { meta = {
homepage = http://krebsco.de/; homepage = http://krebsco.de/;
description = "Create Graphs from Tinc Stats"; description = "Create Graphs from Tinc Stats";
license = stdenv.lib.licenses.wtfpl; license = lib.licenses.wtfpl;
}; };
} }

View File

@ -1,4 +1,4 @@
{stdenv, fetchurl,pkgs,... }: { fetchurl, lib, pkgs, stdenv }:
let let
s = s =
rec { rec {
@ -8,7 +8,7 @@ let
url=https://github.com/soimort/translate-shell/archive/v0.9.0.9.tar.gz; url=https://github.com/soimort/translate-shell/archive/v0.9.0.9.tar.gz;
sha256="1269j4yr9dr1d8c5kmysbzfplbgdg8apqnzs5w57d29sd7gz2i34"; sha256="1269j4yr9dr1d8c5kmysbzfplbgdg8apqnzs5w57d29sd7gz2i34";
}; };
searchpath = with pkgs; stdenv.lib.makeSearchPath "bin" [ searchpath = with pkgs; lib.makeSearchPath "bin" [
fribidi fribidi
gawk gawk
bash bash
@ -35,9 +35,9 @@ stdenv.mkDerivation {
meta = { meta = {
inherit (s) version; inherit (s) version;
description = ''translate using google api''; description = ''translate using google api'';
license = stdenv.lib.licenses.free; license = lib.licenses.free;
maintainers = [stdenv.lib.maintainers.makefu]; maintainers = [ lib.maintainers.makefu ];
platforms = stdenv.lib.platforms.linux ; platforms = lib.platforms.linux ;
}; };
} }

View File

@ -1,4 +1,6 @@
{ bash, coreutils, gawk, makeWrapper, nix, openssh, stdenv }: { lib, makeWrapper, stdenv
, bash, coreutils, gawk, nix, openssh
}:
stdenv.mkDerivation { stdenv.mkDerivation {
name = "whatsupnix"; name = "whatsupnix";
@ -8,7 +10,7 @@ stdenv.mkDerivation {
mkdir -p $out/bin mkdir -p $out/bin
cat - ${./whatsupnix.bash} > $out/bin/whatsupnix <<\EOF cat - ${./whatsupnix.bash} > $out/bin/whatsupnix <<\EOF
#! ${bash}/bin/bash #! ${bash}/bin/bash
export PATH=${stdenv.lib.makeBinPath [ coreutils gawk nix openssh ]} export PATH=${lib.makeBinPath [ coreutils gawk nix openssh ]}
EOF EOF
chmod +x $out/bin/whatsupnix chmod +x $out/bin/whatsupnix
''; '';

View File

@ -1,6 +1,6 @@
{ stdenv, coreutils, makeWrapper, { lib, makeWrapper, stdenv
cac-api, cac-cert, cac-panel, gnumake, gnused, jq, openssh, sshpass, proot, , cac-api, cac-cert, cac-panel, coreutils, gnumake, gnused, jq, openssh, proot, sshpass
... }: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "${shortname}-${version}"; name = "${shortname}-${version}";
@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
buildInputs = [ makeWrapper ]; buildInputs = [ makeWrapper ];
path = stdenv.lib.makeSearchPath "bin" [ path = lib.makeSearchPath "bin" [
coreutils coreutils
cac-api cac-api
cac-panel cac-panel
@ -36,7 +36,7 @@ stdenv.mkDerivation rec {
--set REQUESTS_CA_BUNDLE ${cac-cert} \ --set REQUESTS_CA_BUNDLE ${cac-cert} \
--set SSL_CERT_FILE ${cac-cert} --set SSL_CERT_FILE ${cac-cert}
''; '';
meta = with stdenv.lib; { meta = with lib; {
homepage = http://krebsco.de; homepage = http://krebsco.de;
description = "infest a CaC box with stockholm"; description = "infest a CaC box with stockholm";
license = licenses.wtfpl; license = licenses.wtfpl;

View File

@ -1,9 +1,9 @@
{ {
"url": "https://github.com/NixOS/nixpkgs", "url": "https://github.com/NixOS/nixpkgs",
"rev": "33824cdf8e4fec30c5b9ddc91b18991c3c375227", "rev": "aa576357673d609e618d87db43210e49d4bb1789",
"date": "2021-05-18T19:08:44-04:00", "date": "2021-06-04T17:36:38+02:00",
"path": "/nix/store/s3f1q2a5hn60jdnz8h66z7yahrmzifin-nixpkgs", "path": "/nix/store/qqz5xq0dg8zm8blba5cg7704kbrhqhki-nixpkgs",
"sha256": "1sad0x998k3iid2vp57kv4skvf90yh4gbs61dv3p45c2qi3sql46", "sha256": "1868s3mp0lwg1jpxsgmgijzddr90bjkncf6k6zhdjqihf0i1n2np",
"fetchSubmodules": false, "fetchSubmodules": false,
"deepClone": false, "deepClone": false,
"leaveDotGit": false "leaveDotGit": false

View File

@ -3,7 +3,7 @@ dir=$(dirname $0)
oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
--url https://github.com/NixOS/nixpkgs \ --url https://github.com/NixOS/nixpkgs \
--rev refs/heads/nixos-20.09' \ --rev refs/heads/nixos-21.05' \
> $dir/nixpkgs.json > $dir/nixpkgs.json
newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev" git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev"

View File

@ -16,38 +16,54 @@
<stockholm/lass/2configs/steam.nix> <stockholm/lass/2configs/steam.nix>
<stockholm/lass/2configs/wine.nix> <stockholm/lass/2configs/wine.nix>
<stockholm/lass/2configs/fetchWallpaper.nix> <stockholm/lass/2configs/fetchWallpaper.nix>
<stockholm/lass/2configs/nfs-dl.nix> # <stockholm/lass/2configs/nfs-dl.nix>
<stockholm/lass/2configs/pass.nix> <stockholm/lass/2configs/pass.nix>
<stockholm/lass/2configs/mail.nix> <stockholm/lass/2configs/mail.nix>
<stockholm/lass/2configs/bitcoin.nix> <stockholm/lass/2configs/bitcoin.nix>
<stockholm/lass/2configs/xonsh.nix>
<stockholm/lass/2configs/review.nix>
<stockholm/lass/2configs/dunst.nix>
# <stockholm/krebs/2configs/ircd.nix>
]; ];
krebs.build.host = config.krebs.hosts.coaxmetal; krebs.build.host = config.krebs.hosts.coaxmetal;
environment.shellAliases = { environment.systemPackages = with pkgs; [
deploy = pkgs.writeDash "deploy" '' brain
bank
l-gen-secrets
(pkgs.writeDashBin "deploy" ''
set -eu set -eu
export SYSTEM="$1" export SYSTEM="$1"
$(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
''; '')
usb-tether-on = pkgs.writeDash "usb-tether-on" '' (pkgs.writeDashBin "usb-tether-on" ''
adb shell su -c service call connectivity 33 i32 1 s16 text adb shell su -c service call connectivity 33 i32 1 s16 text
''; '')
usb-tether-off = pkgs.writeDash "usb-tether-off" '' (pkgs.writeDashBin "usb-tether-off" ''
adb shell su -c service call connectivity 33 i32 0 s16 text adb shell su -c service call connectivity 33 i32 0 s16 text
''; '')
}; ];
programs.adb.enable = true; programs.adb.enable = true;
hardware.bluetooth = { hardware.bluetooth = {
enable = true; enable = true;
powerOnBoot = true; powerOnBoot = true;
# config.General.Disable = "Headset";
extraConfig = ''
[General]
Disable = Headset
'';
}; };
hardware.pulseaudio.package = pkgs.pulseaudioFull; hardware.pulseaudio.package = pkgs.pulseaudioFull;
lass.browser.config = {
dc = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; };
ff = { browser = "firefox"; groups = [ "audio" "video" ]; hidden = true; };
fy = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; };
};
nix.trustedUsers = [ "root" "lass" ];
services.tor = {
enable = true;
client.enable = true;
};
} }

View File

@ -7,6 +7,7 @@
networking.hostId = "e0c335ea"; networking.hostId = "e0c335ea";
boot.zfs.requestEncryptionCredentials = true; boot.zfs.requestEncryptionCredentials = true;
boot.zfs.enableUnstable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub = { boot.loader.grub = {
enable = true; enable = true;

View File

@ -19,6 +19,7 @@ with import <stockholm/lib>;
"networkmanager" "networkmanager"
]; ];
useDefaultShell = true; useDefaultShell = true;
isNormalUser = true;
}; };
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
networking.wireless.enable = mkForce false; networking.wireless.enable = mkForce false;

View File

@ -23,7 +23,7 @@ with import <stockholm/lib>;
users.users.mainUser.openssh.authorizedKeys.keys = [ users.users.mainUser.openssh.authorizedKeys.keys = [
config.krebs.users.lass-android.pubkey config.krebs.users.lass-android.pubkey
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMe23IAHn4Ow4J4i8M9GJshqvY80U11NKPLum6b1XLn" # weechat ssh tunnel "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0rn3003CkJMk3jZrh/3MC6nVorHRymlFSI4x1brCKY" # weechat ssh tunnel
]; ];
krebs.bindfs = { krebs.bindfs = {

View File

@ -45,16 +45,5 @@
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
''; '';
services.thinkfan.enable = true;
services.thinkfan.levels = ''
(0, 0, 55)
(1, 48, 60)
(2, 50, 61)
(3, 52, 63)
(6, 60, 85)
(7, 80, 90)
(127, 89, 32767)
'';
services.logind.lidSwitch = "ignore"; services.logind.lidSwitch = "ignore";
} }

View File

@ -345,6 +345,7 @@ with import <stockholm/lib>;
home = "/var/download"; home = "/var/download";
useDefaultShell = true; useDefaultShell = true;
uid = genid "download"; uid = genid "download";
isSystemUser = true;
openssh.authorizedKeys.keys = with config.krebs.users; [ openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey lass.pubkey
lass-android.pubkey lass-android.pubkey

View File

@ -23,6 +23,7 @@ with import <stockholm/lib>;
"networkmanager" "networkmanager"
]; ];
useDefaultShell = true; useDefaultShell = true;
isNormalUser = true;
}; };
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
hardware.pulseaudio = { hardware.pulseaudio = {

View File

@ -81,11 +81,6 @@
hardware.bluetooth = { hardware.bluetooth = {
enable = true; enable = true;
powerOnBoot = true; powerOnBoot = true;
# config.General.Disable = "Headset";
extraConfig = ''
[General]
Disable = Headset
'';
}; };
hardware.pulseaudio.package = pkgs.pulseaudioFull; hardware.pulseaudio.package = pkgs.pulseaudioFull;
# hardware.pulseaudio.configFile = pkgs.writeText "default.pa" '' # hardware.pulseaudio.configFile = pkgs.writeText "default.pa" ''

View File

@ -4,12 +4,6 @@ let
mainUser = config.users.extraUsers.mainUser; mainUser = config.users.extraUsers.mainUser;
in { in {
krebs.per-user.bch.packages = [
pkgs.electron-cash
];
krebs.per-user.bitcoin.packages = [
pkgs.electrum
];
users.extraUsers = { users.extraUsers = {
bch = { bch = {
name = "bch"; name = "bch";
@ -17,6 +11,8 @@ in {
home = "/home/bch"; home = "/home/bch";
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
packages = [ pkgs.electron-cash ];
isNormalUser = true;
}; };
bitcoin = { bitcoin = {
name = "bitcoin"; name = "bitcoin";
@ -24,10 +20,25 @@ in {
home = "/home/bitcoin"; home = "/home/bitcoin";
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
packages = [ pkgs.electrum ];
isNormalUser = true;
};
monero = {
name = "monero";
description = "user for monero stuff";
home = "/home/monero";
useDefaultShell = true;
createHome = true;
packages = [
pkgs.monero
pkgs.monero-gui
];
isNormalUser = true;
}; };
}; };
security.sudo.extraConfig = '' security.sudo.extraConfig = ''
${mainUser.name} ALL=(bitcoin) NOPASSWD: ALL ${mainUser.name} ALL=(bch) ALL
${mainUser.name} ALL=(bch) NOPASSWD: ALL ${mainUser.name} ALL=(bitcoin) ALL
${mainUser.name} ALL=(monero) ALL
''; '';
} }

View File

@ -10,6 +10,7 @@ with import <stockholm/lib>;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTUWm/fISw/gbuHvf3kwxGEuk1aY5HrNNvr8QXCQv0khDdaYmZSELbtFQtE04WGTWmackNcLpld5mETVyCM0BjOgqMJYQNhtywxfYcodEY5xxHCuGgA3S1t94MZub+DRodXCfB0yUV85Wbb0sltkMTJufMwYmLEGxSLRukxAOcNsXdjlyro96csmYrIiV6R7+REnz8OcR7sKlI4tvKA1mbvWmjbDBd1MZ8Jc0Lwf+b0H/rH69wEQIcB5HRHHJIChoAk0t2azSjXagk1+4AebONZTCKvTHxs/D2wUBIzoxyjmh5S0aso/cKw8qpKcl/A2mZiIvW3KMlJAM5U+RQKMrr" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTUWm/fISw/gbuHvf3kwxGEuk1aY5HrNNvr8QXCQv0khDdaYmZSELbtFQtE04WGTWmackNcLpld5mETVyCM0BjOgqMJYQNhtywxfYcodEY5xxHCuGgA3S1t94MZub+DRodXCfB0yUV85Wbb0sltkMTJufMwYmLEGxSLRukxAOcNsXdjlyro96csmYrIiV6R7+REnz8OcR7sKlI4tvKA1mbvWmjbDBd1MZ8Jc0Lwf+b0H/rH69wEQIcB5HRHHJIChoAk0t2azSjXagk1+4AebONZTCKvTHxs/D2wUBIzoxyjmh5S0aso/cKw8qpKcl/A2mZiIvW3KMlJAM5U+RQKMrr"
]; ];
isNormalUser = true;
}; };
system.activationScripts.user-shadow = '' system.activationScripts.user-shadow = ''

View File

@ -32,6 +32,7 @@ with import <stockholm/lib>;
group = "users"; group = "users";
createHome = true; createHome = true;
useDefaultShell = true; useDefaultShell = true;
isNormalUser = true;
extraGroups = [ extraGroups = [
"audio" "audio"
"fuse" "fuse"
@ -88,9 +89,7 @@ with import <stockholm/lib>;
services.timesyncd.enable = mkForce true; services.timesyncd.enable = mkForce true;
systemd.tmpfiles.rules = [ boot.tmpOnTmpfs = true;
"d /tmp 1777 root root - -"
];
# multiple-definition-problem when defining environment.variables.EDITOR # multiple-definition-problem when defining environment.variables.EDITOR
environment.extraInit = '' environment.extraInit = ''

View File

@ -12,6 +12,7 @@ in {
useDefaultShell = true; useDefaultShell = true;
extraGroups = []; extraGroups = [];
createHome = true; createHome = true;
isNormalUser = true;
}; };
}; };
krebs.per-user.elster.packages = [ krebs.per-user.elster.packages = [

View File

@ -78,6 +78,7 @@ in {
# vdoomserver # vdoomserver
retroarchBare retroarchBare
]; ];
isNormalUser = true;
}; };
}; };

View File

@ -8,6 +8,8 @@ with import <stockholm/lib>;
prefixLength = 24; prefixLength = 24;
}]; }];
networking.domain = "gg23";
services.dhcpd4 = { services.dhcpd4 = {
enable = true; enable = true;
interfaces = [ "int0" ]; interfaces = [ "int0" ];

View File

@ -3,7 +3,6 @@
with import <stockholm/lib>; with import <stockholm/lib>;
{ {
security.hideProcessInformation = true;
nixpkgs.config.packageOverrides = super: { nixpkgs.config.packageOverrides = super: {
htop = pkgs.symlinkJoin { htop = pkgs.symlinkJoin {
name = "htop"; name = "htop";

View File

@ -80,7 +80,7 @@ let
name = "mpv"; name = "mpv";
paths = [ paths = [
(pkgs.writeDashBin "mpv" '' (pkgs.writeDashBin "mpv" ''
exec ${pkgs.mpv}/bin/mpv -vo=gpu --no-config --script=${autosub} "$@" exec ${pkgs.mpv}/bin/mpv -vo=gpu --no-config "$@" # TODO renable autosub when subliminal is in 21.05 again
'') '')
pkgs.mpv pkgs.mpv
]; ];

View File

@ -1,7 +1,7 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
users.users.lass.packages = with pkgs; [ users.users.mainUser.packages = with pkgs; [
(pass.withExtensions (ext: [ ext.pass-otp ])) (pass.withExtensions (ext: [ ext.pass-otp ]))
gnupg gnupg
]; ];

View File

@ -32,9 +32,12 @@ in {
user = "lass"; user = "lass";
}; };
users.users.power-action.extraGroups = [ users.users.power-action = {
"audio" isNormalUser = true;
]; extraGroups = [
"audio"
];
};
security.sudo.extraConfig = '' security.sudo.extraConfig = ''
${config.krebs.power-action.user} ALL= (root) NOPASSWD: ${suspend} ${config.krebs.power-action.user} ALL= (root) NOPASSWD: ${suspend}

14
lass/2configs/review.nix Normal file
View File

@ -0,0 +1,14 @@
{ config, pkgs, ... }:
let
mainUser = config.users.extraUsers.mainUser;
in {
users.users.review = {
isNormalUser = true;
packages = [ pkgs.nixpkgs-review ];
};
security.sudo.extraConfig = ''
${mainUser.name} ALL=(review) NOPASSWD: ALL
'';
}

View File

@ -170,6 +170,7 @@ in {
home = "/home/UBIK-SFTP"; home = "/home/UBIK-SFTP";
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
isNormalUser = true;
}; };
users.users.xanf = { users.users.xanf = {
@ -178,6 +179,7 @@ in {
home = "/home/xanf"; home = "/home/xanf";
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
isNormalUser = true;
}; };
users.users.domsen = { users.users.domsen = {
@ -185,8 +187,9 @@ in {
description = "maintenance acc for domsen"; description = "maintenance acc for domsen";
home = "/home/domsen"; home = "/home/domsen";
useDefaultShell = true; useDefaultShell = true;
extraGroups = [ "nginx" "download" ]; extraGroups = [ "syncthing" "download" "xanf" ];
createHome = true; createHome = true;
isNormalUser = true;
}; };
users.users.bruno = { users.users.bruno = {
@ -194,6 +197,7 @@ in {
home = "/home/bruno"; home = "/home/bruno";
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
isNormalUser = true;
}; };
users.users.jla-trading = { users.users.jla-trading = {
@ -201,6 +205,7 @@ in {
home = "/home/jla-trading"; home = "/home/jla-trading";
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
isNormalUser = true;
}; };
users.users.jms = { users.users.jms = {
@ -208,6 +213,7 @@ in {
home = "/home/jms"; home = "/home/jms";
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
isNormalUser = true;
}; };
users.users.ms = { users.users.ms = {
@ -215,6 +221,7 @@ in {
home = "/home/ms"; home = "/home/ms";
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
isNormalUser = true;
}; };
users.users.testuser = { users.users.testuser = {
@ -222,20 +229,23 @@ in {
home = "/home/testuser"; home = "/home/testuser";
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
isNormalUser = true;
}; };
users.users.akayguen = { #users.users.akayguen = {
uid = genid_uint31 "akayguen"; # uid = genid_uint31 "akayguen";
home = "/home/akayguen"; # home = "/home/akayguen";
useDefaultShell = true; # useDefaultShell = true;
createHome = true; # createHome = true;
}; # isNormalUser = true;
#};
users.users.bui = { users.users.bui = {
uid = genid_uint31 "bui"; uid = genid_uint31 "bui";
home = "/home/bui"; home = "/home/bui";
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
isNormalUser = true;
}; };
users.users.klabusterbeere = { users.users.klabusterbeere = {
@ -243,6 +253,7 @@ in {
home = "/home/klabusterbeere"; home = "/home/klabusterbeere";
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
isNormalUser = true;
}; };
users.users.kasia = { users.users.kasia = {
@ -250,6 +261,7 @@ in {
home = "/home/kasia"; home = "/home/kasia";
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
isNormalUser = true;
}; };
users.users.XANF_TEAM = { users.users.XANF_TEAM = {
@ -258,6 +270,25 @@ in {
home = "/home/XANF_TEAM"; home = "/home/XANF_TEAM";
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
isNormalUser = true;
};
users.users.dif = {
uid = genid_uint31 "dif";
home = "/home/dif";
useDefaultShell = true;
extraGroups = [ "xanf" ];
createHome = true;
isNormalUser = true;
};
users.users.lavafilms = {
uid = genid_uint31 "lavafilms";
home = "/home/lavafilms";
useDefaultShell = true;
extraGroups = [ "xanf" ];
createHome = true;
isNormalUser = true;
}; };
users.groups.xanf = {}; users.groups.xanf = {};

View File

@ -97,6 +97,7 @@ in {
home = "/srv/http/lassul.us"; home = "/srv/http/lassul.us";
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
isSystemUser = true;
openssh.authorizedKeys.keys = with config.krebs.users; [ openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey lass.pubkey
lass-mors.pubkey lass-mors.pubkey

View File

@ -14,8 +14,9 @@ in {
]; ];
createHome = true; createHome = true;
packages = [ packages = [
pkgs.wineMinimal pkgs.wineWowPackages.stable
]; ];
isNormalUser = true;
}; };
}; };
security.sudo.extraConfig = '' security.sudo.extraConfig = ''

7
lass/2configs/xonsh.nix Normal file
View File

@ -0,0 +1,7 @@
{ config, lib, pkgs, ... }:
{
environment.systemPackages = [
pkgs.xonsh
pkgs.xonsh2
];
}

View File

@ -5,7 +5,9 @@ let
cfg = config.lass.browser; cfg = config.lass.browser;
browserScripts = { browserScripts = {
chromium = "${pkgs.chromium}/bin/chromium"; brave = "${pkgs.brave}/bin/brave";
chrome = "${pkgs.google-chrome}/bin/chrome";
chromium = "${pkgs.ungoogled-chromium}/bin/chromium";
firefox = "${pkgs.firefox.override { firefox = "${pkgs.firefox.override {
extraNativeMessagingHosts = [ pkgs.tridactyl-native ]; extraNativeMessagingHosts = [ pkgs.tridactyl-native ];
}}/bin/firefox"; }}/bin/firefox";
@ -14,8 +16,9 @@ let
browser-select = let browser-select = let
sortedPaths = sort (a: b: a.value.precedence > b.value.precedence) sortedPaths = sort (a: b: a.value.precedence > b.value.precedence)
(filter (x: ! x.value.hidden)
(mapAttrsToList (name: value: { inherit name value; }) (mapAttrsToList (name: value: { inherit name value; })
cfg.config); cfg.config));
in if (lib.length sortedPaths) > 1 then in if (lib.length sortedPaths) > 1 then
pkgs.writeScriptBin "browser-select" '' pkgs.writeScriptBin "browser-select" ''
BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu) BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu)
@ -48,6 +51,10 @@ in {
type = types.str; type = types.str;
default = config._module.args.name; default = config._module.args.name;
}; };
hidden = mkOption {
type = types.bool;
default = false;
};
precedence = mkOption { precedence = mkOption {
type = types.int; type = types.int;
default = 0; default = 0;
@ -58,7 +65,7 @@ in {
}; };
browser = mkOption { browser = mkOption {
type = types.enum (attrNames browserScripts); type = types.enum (attrNames browserScripts);
default = "chromium"; default = "brave";
}; };
groups = mkOption { groups = mkOption {
type = types.listOf types.str; type = types.listOf types.str;

View File

@ -147,6 +147,7 @@ with import <stockholm/lib>;
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;
extraGroups = cfg.groups; extraGroups = cfg.groups;
isNormalUser = true;
} }
) config.lass.xjail; ) config.lass.xjail;

View File

@ -1,6 +1,24 @@
{ stdenv, fetchFromGitHub, cmake, tdlib, pidgin, libwebp, libtgvoip } : { stdenv, pkgs, fetchFromGitHub, cmake, pidgin, libwebp, libtgvoip } :
stdenv.mkDerivation rec { let
tdlib = stdenv.mkDerivation rec {
version = "1.6.0";
pname = "tdlib";
src = fetchFromGitHub {
owner = "tdlib";
repo = "td";
rev = "v${version}";
sha256 = "0zlzpl6fgszg18kwycyyyrnkm255dvc6fkq0b0y32m5wvwwl36cv";
};
buildInputs = with pkgs; [ gperf openssl readline zlib ];
nativeBuildInputs = [ pkgs.cmake ];
};
in stdenv.mkDerivation rec {
pname = "tdlib-purple"; pname = "tdlib-purple";
version = "0.7.8"; version = "0.7.8";

View File

@ -0,0 +1,56 @@
{ lib, stdenv
, fetchFromGitHub
, python39Packages
, glibcLocales
, coreutils
, git
, extraInputs ? []
}: let
python3Packages = python39Packages;
in python3Packages.buildPythonApplication rec {
pname = "xonsh2";
version = "master";
# fetch from github because the pypi package ships incomplete tests
src = fetchFromGitHub {
owner = "anki-code";
repo = "xonsh2";
rev = "bd96fcdce9319ab6b90c7d9ac47d2249b61144d0";
sha256 = "0b632rac8macfp2mmvhh1f34cf1m5qfpjajwnf676qk7jzn79vx6";
};
LC_ALL = "en_US.UTF-8";
postPatch = ''
sed -ie 's|/usr/bin/env|${coreutils}/bin/env|' scripts/xon.sh
find scripts -name 'xonsh*' -exec sed -i -e "s|env -S|env|" {} \;
find -name "*.xsh" | xargs sed -ie 's|/usr/bin/env|${coreutils}/bin/env|'
patchShebangs .
'';
doCheck = false;
checkPhase = ''
HOME=$TMPDIR pytest -k 'not test_repath_backslash and not test_os and not test_man_completion and not test_builtins and not test_main and not test_ptk_highlight and not test_pyghooks'
HOME=$TMPDIR pytest -k 'test_builtins or test_main' --reruns 5
HOME=$TMPDIR pytest -k 'test_ptk_highlight'
'';
checkInputs = [ python3Packages.pytest python3Packages.pytest-rerunfailures glibcLocales git ];
propagatedBuildInputs = with python3Packages; [ ply prompt_toolkit pygments ] ++ extraInputs;
meta = with lib; {
description = "A Python-ish, BASHwards-compatible shell";
homepage = "https://xon.sh/";
# changelog = "https://github.com/xonsh/xonsh/releases/tag/${version}";
license = licenses.bsd3;
platforms = platforms.all;
};
passthru = {
shellPath = "/bin/xonsh2";
};
}

View File

@ -43,7 +43,6 @@ in {
<stockholm/makefu/2configs/tools/dev.nix> <stockholm/makefu/2configs/tools/dev.nix>
<stockholm/makefu/2configs/tools/desktop.nix> <stockholm/makefu/2configs/tools/desktop.nix>
<stockholm/makefu/2configs/tools/mobility.nix> <stockholm/makefu/2configs/tools/mobility.nix>
{ environment.systemPackages = [ pkgs.esniper ]; }
#<stockholm/makefu/2configs/graphite-standalone.nix> #<stockholm/makefu/2configs/graphite-standalone.nix>
#<stockholm/makefu/2configs/share-user-sftp.nix> #<stockholm/makefu/2configs/share-user-sftp.nix>
@ -141,6 +140,7 @@ in {
]; ];
makefu.full-populate = true; makefu.full-populate = true;
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
users.users.share.isNormalUser = true;
users.groups.share = { users.groups.share = {
gid = (import <stockholm/lib>).genid "share"; gid = (import <stockholm/lib>).genid "share";
members = [ "makefu" "misa" ]; members = [ "makefu" "misa" ];
@ -152,6 +152,7 @@ in {
users.users.misa = { users.users.misa = {
uid = 9002; uid = 9002;
name = "misa"; name = "misa";
isNormalUser = true;
}; };
zramSwap.enable = true; zramSwap.enable = true;

View File

@ -8,7 +8,7 @@
<nixos-hardware/lenovo/thinkpad/l14/amd> # close enough <nixos-hardware/lenovo/thinkpad/l14/amd> # close enough
# <stockholm/makefu/2configs/hw/tpm.nix> # <stockholm/makefu/2configs/hw/tpm.nix>
<stockholm/makefu/2configs/hw/ssd.nix> <stockholm/makefu/2configs/hw/ssd.nix>
<stockholm/makefu/2configs/hw/xmm7360.nix> # <stockholm/makefu/2configs/hw/xmm7360.nix>
]; ];
boot.zfs.requestEncryptionCredentials = true; boot.zfs.requestEncryptionCredentials = true;
networking.hostId = "f8b8e0a2"; networking.hostId = "f8b8e0a2";

View File

@ -13,6 +13,7 @@
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
boot.zfs.enableUnstable = true; # required for 21.05
fileSystems."/" = fileSystems."/" =
{ device = "zroot/root/nixos"; { device = "zroot/root/nixos";
fsType = "zfs"; fsType = "zfs";

View File

@ -22,6 +22,7 @@ in {
uid = genid "auphonic"; uid = genid "auphonic";
group = "nginx"; group = "nginx";
useDefaultShell = true; useDefaultShell = true;
isSystemUser = true;
openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ]; openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ];
}; };

View File

@ -41,8 +41,8 @@ in
services.tor = { services.tor = {
enable = true; enable = true;
hiddenServices."${name}".map = [ hiddenServices."${name}".map = [
{ port = "80"; } { port = 80; }
# { port = "443"; toHost = "blog.binaergewitter.de"; } # { port = 443; toHost = "blog.binaergewitter.de"; }
]; ];
}; };
} }

View File

@ -6,7 +6,7 @@ in {
imports = [ imports = [
./ota.nix ./ota.nix
./comic-updater.nix ./comic-updater.nix
./puppy-proxy.nix # ./puppy-proxy.nix
./zigbee2mqtt ./zigbee2mqtt

View File

@ -33,10 +33,11 @@ let
uhubDir = "/var/lib/uhub"; uhubDir = "/var/lib/uhub";
in { in {
users.extraUsers."${ddclientUser}" = { users.users."${ddclientUser}" = {
uid = genid "ddclient"; uid = genid "ddclient";
description = "ddclient daemon user"; description = "ddclient daemon user";
home = stateDir; home = stateDir;
isSystemUser = true;
createHome = true; createHome = true;
}; };

View File

@ -23,6 +23,7 @@ with import <stockholm/lib>;
group = "users"; group = "users";
home = "/home/makefu"; home = "/home/makefu";
createHome = true; createHome = true;
isNormalUser = true;
useDefaultShell = true; useDefaultShell = true;
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];

View File

@ -75,7 +75,7 @@ in {
}; };
}; };
services.redis.enable = true; services.redis.enable = true;
systemd.services.redis.serviceConfig.LimitNOFILE=65536; systemd.services.redis.serviceConfig.LimitNOFILE=mkForce "65536";
services.postgresql = { services.postgresql = {
enable = true; enable = true;
# Ensure the database, user, and permissions always exist # Ensure the database, user, and permissions always exist

View File

@ -7,6 +7,11 @@ in {
virtualHost = fqdn; virtualHost = fqdn;
selfUrlPath = "https://${fqdn}"; selfUrlPath = "https://${fqdn}";
}; };
nixpkgs.config.permittedInsecurePackages = [
"python2.7-Pillow-6.2.2"
];
systemd.services.tt-rss.serviceConfig.ExecStart = lib.mkForce "${pkgs.php}/bin/php /var/lib/tt-rss/update_daemon2.php"; systemd.services.tt-rss.serviceConfig.ExecStart = lib.mkForce "${pkgs.php}/bin/php /var/lib/tt-rss/update_daemon2.php";
services.postgresql.package = pkgs.postgresql_9_6; services.postgresql.package = pkgs.postgresql_9_6;
state = [ config.services.postgresqlBackup.location ]; state = [ config.services.postgresqlBackup.location ];

View File

@ -6,7 +6,7 @@ let
in { in {
users.users.smbguest = { users.users.smbguest = {
name = "smbguest"; name = "smbguest";
uid = config.ids.uids.smbguest; uid = config.ids.uids.smbguest; # effectively systemUser
description = "smb guest user"; description = "smb guest user";
home = "/var/empty"; home = "/var/empty";
}; };

View File

@ -26,7 +26,10 @@ in
]; ];
user = "metube"; user = "metube";
}; };
users.users.metube.uid = uid; users.users.metube = {
uid = uid;
isSystemUser = true;
};
systemd.services.docker-metube.serviceConfig = { systemd.services.docker-metube.serviceConfig = {
StandardOutput = lib.mkForce "journal"; StandardOutput = lib.mkForce "journal";

View File

@ -20,7 +20,7 @@ in
services.zigbee2mqtt = { services.zigbee2mqtt = {
enable = true; enable = true;
inherit dataDir; inherit dataDir;
config = { settings = {
permit_join = true; permit_join = true;
serial.port = "/dev/cc2531"; serial.port = "/dev/cc2531";
homeassistant = true; homeassistant = true;

View File

@ -3,7 +3,7 @@
networking.firewall.allowedTCPPorts = [ 139 445 ]; networking.firewall.allowedTCPPorts = [ 139 445 ];
users.users.smbguest = { users.users.smbguest = {
name = "smbguest"; name = "smbguest";
uid = config.ids.uids.smbguest; uid = config.ids.uids.smbguest; #effectively systemUser
description = "smb guest user"; description = "smb guest user";
home = "/data/lanparty"; home = "/data/lanparty";
createHome = true; createHome = true;

View File

@ -34,6 +34,7 @@ in {
description = "ddclient daemon user"; description = "ddclient daemon user";
home = stateDir; home = stateDir;
createHome = true; createHome = true;
isSystemUser = true;
}; };
systemd.services = { systemd.services = {

View File

@ -1,11 +1,12 @@
{config,...}:{ {config,...}:{
nix.trustedUsers = [ "nixBuild" ]; nix.trustedUsers = [ "nixBuild" ];
users.users.nixBuild = { users.users.nixBuild = {
name = "nixBuild"; name = "nixBuild";
useDefaultShell = true; isNormalUser = true;
openssh.authorizedKeys.keys = [ useDefaultShell = true;
config.krebs.users.buildbotSlave.pubkey openssh.authorizedKeys.keys = [
config.krebs.users.makefu-remote-builder.pubkey config.krebs.users.buildbotSlave.pubkey
]; config.krebs.users.makefu-remote-builder.pubkey
}; ];
};
} }

View File

@ -5,6 +5,7 @@
share = { share = {
uid = 9002; uid = 9002;
home = "/var/empty"; home = "/var/empty";
isNormalUser = true;
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
}; };
}; };

View File

@ -11,7 +11,10 @@ in {
# home = "/var/empty"; # home = "/var/empty";
# }; # };
environment.systemPackages = [ pkgs.samba ]; environment.systemPackages = [ pkgs.samba ];
users.users.download.uid = genid "download"; users.users.download = {
uid = genid "download";
isNormalUser = true;
};
services.samba = { services.samba = {
enable = true; enable = true;
shares = { shares = {

View File

@ -9,7 +9,7 @@
networking.firewall.allowedTCPPorts = [ 139 445 ]; networking.firewall.allowedTCPPorts = [ 139 445 ];
users.users.smbguest = { users.users.smbguest = {
name = "smbguest"; name = "smbguest";
uid = config.ids.uids.smbguest; uid = config.ids.uids.smbguest; # effectively systemUser
description = "smb guest user"; description = "smb guest user";
home = "/home/share"; home = "/home/share";
createHome = true; createHome = true;

View File

@ -3,7 +3,7 @@
networking.firewall.allowedTCPPorts = [ 139 445 ]; networking.firewall.allowedTCPPorts = [ 139 445 ];
users.users.smbguest = { users.users.smbguest = {
name = "smbguest"; name = "smbguest";
uid = config.ids.uids.smbguest; uid = config.ids.uids.smbguest; # effectively systemUser
description = "smb guest user"; description = "smb guest user";
home = "/home/share"; home = "/home/share";
createHome = true; createHome = true;

View File

@ -23,6 +23,7 @@ in {
uid = genid "arafetch"; uid = genid "arafetch";
inherit home; inherit home;
createHome = true; createHome = true;
isSystemUser = true;
}; };
systemd.services.ara2mqtt = { systemd.services.ara2mqtt = {

Some files were not shown because too many files have changed in this diff Show More