Merge remote-tracking branch 'lass/master'
This commit is contained in:
commit
772f84305d
@ -34,10 +34,10 @@ let
|
||||
./Reaktor.nix
|
||||
./realwallpaper.nix
|
||||
./retiolum-bootstrap.nix
|
||||
./retiolum.nix
|
||||
./rtorrent.nix
|
||||
./secret.nix
|
||||
./setuid.nix
|
||||
./tinc.nix
|
||||
./tinc_graphs.nix
|
||||
./urlwatch.nix
|
||||
./repo-sync.nix
|
||||
|
@ -3,7 +3,10 @@
|
||||
with import <stockholm/lib>;
|
||||
|
||||
{
|
||||
hosts = mapAttrs (_: setAttr "owner" config.krebs.users.lass) {
|
||||
hosts = mapAttrs (_: recursiveUpdate {
|
||||
owner = config.krebs.users.lass;
|
||||
managed = true;
|
||||
}) {
|
||||
dishfire = {
|
||||
cores = 4;
|
||||
nets = rec {
|
||||
@ -124,6 +127,7 @@ with import <stockholm/lib>;
|
||||
ssh.port = 2223;
|
||||
};
|
||||
};
|
||||
managed = false;
|
||||
};
|
||||
cloudkrebs = {
|
||||
cores = 1;
|
||||
@ -300,6 +304,7 @@ with import <stockholm/lib>;
|
||||
};
|
||||
iso = {
|
||||
cores = 1;
|
||||
managed = false;
|
||||
};
|
||||
sokrateslaptop = {
|
||||
nets = {
|
||||
@ -321,6 +326,7 @@ with import <stockholm/lib>;
|
||||
'';
|
||||
};
|
||||
};
|
||||
managed = false;
|
||||
};
|
||||
};
|
||||
users = {
|
||||
|
@ -17,6 +17,27 @@ let
|
||||
in {
|
||||
|
||||
enable = mkEnableOption "krebs.tinc.${netname}" // { default = true; };
|
||||
enableLegacy = mkEnableOption "/etc/tinc/${netname}";
|
||||
|
||||
confDir = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.linkFarm "${netname}-etc-tinc"
|
||||
(mapAttrsToList (name: path: { inherit name path; }) {
|
||||
"hosts" = tinc.config.hostsPackage;
|
||||
"tinc.conf" = pkgs.writeText "${netname}-tinc.conf" ''
|
||||
Name = ${tinc.config.host.name}
|
||||
Interface = ${netname}
|
||||
${concatMapStrings (c: "ConnectTo = ${c}\n") tinc.config.connectTo}
|
||||
PrivateKeyFile = ${tinc.config.privkey.path}
|
||||
Port = ${toString tinc.config.host.nets.${netname}.tinc.port}
|
||||
${tinc.config.extraConfig}
|
||||
'';
|
||||
"tinc-up" = pkgs.writeDash "${netname}-tinc-up" ''
|
||||
${tinc.config.iproutePackage}/sbin/ip link set ${netname} up
|
||||
${tinc.config.tincUp}
|
||||
'';
|
||||
});
|
||||
};
|
||||
|
||||
host = mkOption {
|
||||
type = types.host;
|
||||
@ -175,29 +196,16 @@ let
|
||||
}
|
||||
) config.krebs.tinc;
|
||||
|
||||
environment.etc = mapAttrs' (netname: cfg:
|
||||
nameValuePair "tinc/${netname}" (mkIf cfg.enableLegacy {
|
||||
source = cfg.confDir;
|
||||
})
|
||||
) config.krebs.tinc;
|
||||
|
||||
systemd.services = mapAttrs (netname: cfg:
|
||||
let
|
||||
tinc = cfg.tincPackage;
|
||||
iproute = cfg.iproutePackage;
|
||||
|
||||
confDir = let
|
||||
namePathPair = name: path: { inherit name path; };
|
||||
in pkgs.linkFarm "${netname}-etc-tinc" (mapAttrsToList namePathPair {
|
||||
"hosts" = cfg.hostsPackage;
|
||||
"tinc.conf" = pkgs.writeText "${cfg.netname}-tinc.conf" ''
|
||||
Name = ${cfg.host.name}
|
||||
Interface = ${netname}
|
||||
${concatStrings (map (c: "ConnectTo = ${c}\n") cfg.connectTo)}
|
||||
PrivateKeyFile = ${cfg.privkey.path}
|
||||
Port = ${toString cfg.host.nets.${cfg.netname}.tinc.port}
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
"tinc-up" = pkgs.writeDash "${netname}-tinc-up" ''
|
||||
${iproute}/sbin/ip link set ${netname} up
|
||||
${cfg.tincUp}
|
||||
'';
|
||||
}
|
||||
);
|
||||
in {
|
||||
description = "Tinc daemon for ${netname}";
|
||||
after = [ "network.target" ];
|
||||
@ -206,7 +214,7 @@ let
|
||||
path = [ tinc iproute ];
|
||||
serviceConfig = rec {
|
||||
Restart = "always";
|
||||
ExecStart = "${tinc}/sbin/tincd -c ${confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid";
|
||||
ExecStart = "${tinc}/sbin/tincd -c ${cfg.confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid";
|
||||
SyslogIdentifier = netname;
|
||||
};
|
||||
}
|
@ -1,64 +1,33 @@
|
||||
{ config, lib, pkgs, ... }@args:
|
||||
with import <stockholm/lib>;
|
||||
|
||||
self: super:
|
||||
|
||||
# Import files and subdirectories like they are overlays.
|
||||
foldl' mergeAttrs {}
|
||||
(map
|
||||
(name: import (./. + "/${name}") self super)
|
||||
(filter
|
||||
(name: name != "default.nix" && !hasPrefix "." name)
|
||||
(attrNames (readDir ./.))))
|
||||
|
||||
//
|
||||
|
||||
{
|
||||
imports = [
|
||||
./writers.nix
|
||||
];
|
||||
nixpkgs.config.packageOverrides = oldpkgs: let
|
||||
ReaktorPlugins = self.callPackage ./simple/Reaktor/plugins.nix {};
|
||||
|
||||
# This callPackage will try to detect obsolete overrides.
|
||||
callPackage = path: args: let
|
||||
override = pkgs.callPackage path args;
|
||||
upstream = optionalAttrs (override ? "name")
|
||||
(oldpkgs.${(parseDrvName override.name).name} or {});
|
||||
in if upstream ? "name" &&
|
||||
override ? "name" &&
|
||||
compareVersions upstream.name override.name != -1
|
||||
then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override
|
||||
else override;
|
||||
|
||||
in {}
|
||||
// mapAttrs (_: flip callPackage {})
|
||||
(filterAttrs (_: dir: pathExists (dir + "/default.nix"))
|
||||
(subdirsOf ./.))
|
||||
// {
|
||||
empty = pkgs.runCommand "empty-1.0.0" {} "mkdir $out";
|
||||
|
||||
haskellPackages = oldpkgs.haskellPackages.override {
|
||||
overrides = self: super:
|
||||
mapAttrs (name: path: self.callPackage path {})
|
||||
(mapAttrs'
|
||||
(name: type:
|
||||
if hasSuffix ".nix" name
|
||||
then {
|
||||
name = removeSuffix ".nix" name;
|
||||
value = ./haskell-overrides + "/${name}";
|
||||
}
|
||||
else null)
|
||||
(builtins.readDir ./haskell-overrides));
|
||||
};
|
||||
|
||||
ReaktorPlugins = callPackage ./Reaktor/plugins.nix {};
|
||||
|
||||
buildbot = callPackage ./buildbot {};
|
||||
buildbot-full = callPackage ./buildbot {
|
||||
plugins = with pkgs.buildbot-plugins; [ www console-view waterfall-view ];
|
||||
};
|
||||
buildbot-worker = callPackage ./buildbot/worker.nix {};
|
||||
|
||||
# https://github.com/proot-me/PRoot/issues/106
|
||||
proot = pkgs.writeDashBin "proot" ''
|
||||
export PROOT_NO_SECCOMP=1
|
||||
exec ${oldpkgs.proot}/bin/proot "$@"
|
||||
'';
|
||||
|
||||
# XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d
|
||||
symlinkJoin = { name, paths, ... }@args: let
|
||||
x = oldpkgs.symlinkJoin args;
|
||||
in if typeOf x != "lambda" then x else oldpkgs.symlinkJoin name paths;
|
||||
|
||||
test = {
|
||||
infest-cac-centos7 = callPackage ./test/infest-cac-centos7 {};
|
||||
};
|
||||
buildbot-full = self.callPackage ./simple/buildbot {
|
||||
plugins = with self.buildbot-plugins; [ www console-view waterfall-view ];
|
||||
};
|
||||
buildbot-worker = self.callPackage ./simple/buildbot/worker.nix {};
|
||||
|
||||
# https://github.com/proot-me/PRoot/issues/106
|
||||
proot = self.writeDashBin "proot" ''
|
||||
export PROOT_NO_SECCOMP=1
|
||||
exec ${super.proot}/bin/proot "$@"
|
||||
'';
|
||||
|
||||
# XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d
|
||||
symlinkJoin = { name, paths, ... }@args: let
|
||||
x = super.symlinkJoin args;
|
||||
in if typeOf x != "lambda" then x else super.symlinkJoin name paths;
|
||||
}
|
||||
|
@ -1,18 +0,0 @@
|
||||
{ mkDerivation, async, base, bytestring, fetchgit, network
|
||||
, optparse-applicative, stdenv, text
|
||||
}:
|
||||
mkDerivation {
|
||||
pname = "kirk";
|
||||
version = "1.0.0";
|
||||
src = fetchgit {
|
||||
url = "http://cgit.krebsco.de/kirk";
|
||||
sha256 = "0w4drg2lyyw45abfn3g55zd6m7pl7yqxql5rpyy6qqdbvnyak94w";
|
||||
rev = "c78f3c62c0ba76465e39d1570073f867aa2d4240";
|
||||
};
|
||||
isLibrary = false;
|
||||
isExecutable = true;
|
||||
executableHaskellDepends = [
|
||||
async base bytestring network optparse-applicative text
|
||||
];
|
||||
license = stdenv.lib.licenses.mit;
|
||||
}
|
15
krebs/5pkgs/haskell/default.nix
Normal file
15
krebs/5pkgs/haskell/default.nix
Normal file
@ -0,0 +1,15 @@
|
||||
with import <stockholm/lib>;
|
||||
|
||||
self: super:
|
||||
{
|
||||
haskellPackages = super.haskellPackages.override {
|
||||
overrides = self: super:
|
||||
listToAttrs
|
||||
(map
|
||||
(name: nameValuePair (removeSuffix ".nix" name)
|
||||
(self.callPackage (./. + "/${name}") {}))
|
||||
(filter
|
||||
(name: name != "default.nix" && !hasPrefix "." name)
|
||||
(attrNames (readDir ./.))));
|
||||
};
|
||||
}
|
21
krebs/5pkgs/haskell/kirk.nix
Normal file
21
krebs/5pkgs/haskell/kirk.nix
Normal file
@ -0,0 +1,21 @@
|
||||
{ mkDerivation, async, base, bytestring, fetchgit, network
|
||||
, optparse-applicative, stdenv, text
|
||||
}:
|
||||
mkDerivation {
|
||||
pname = "kirk";
|
||||
version = "1.0.1";
|
||||
src = fetchgit {
|
||||
url = "http://cgit.krebsco.de/kirk";
|
||||
sha256 = "1acsmmc485c54axpy9bd0320j18hs261vl1vdxns4n04sxzqd7k0";
|
||||
rev = "cdf3cb373af8f9b03a9487a63eb32e0226913589";
|
||||
};
|
||||
isLibrary = true;
|
||||
isExecutable = true;
|
||||
libraryHaskellDepends = [
|
||||
base bytestring network optparse-applicative text
|
||||
];
|
||||
executableHaskellDepends = [
|
||||
async base network optparse-applicative text
|
||||
];
|
||||
license = stdenv.lib.licenses.mit;
|
||||
}
|
24
krebs/5pkgs/simple/default.nix
Normal file
24
krebs/5pkgs/simple/default.nix
Normal file
@ -0,0 +1,24 @@
|
||||
with import <stockholm/lib>;
|
||||
|
||||
self: super:
|
||||
|
||||
let
|
||||
# This callPackage will try to detect obsolete overrides.
|
||||
callPackage = path: args: let
|
||||
override = self.callPackage path args;
|
||||
upstream = optionalAttrs (override ? "name")
|
||||
(super.${(parseDrvName override.name).name} or {});
|
||||
in if upstream ? "name" &&
|
||||
override ? "name" &&
|
||||
compareVersions upstream.name override.name != -1
|
||||
then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override
|
||||
else override;
|
||||
in
|
||||
|
||||
listToAttrs
|
||||
(map
|
||||
(name: nameValuePair (removeSuffix ".nix" name)
|
||||
(callPackage (./. + "/${name}") {}))
|
||||
(filter
|
||||
(name: name != "default.nix" && !hasPrefix "." name)
|
||||
(attrNames (readDir ./.))))
|
2
krebs/5pkgs/simple/empty.nix
Normal file
2
krebs/5pkgs/simple/empty.nix
Normal file
@ -0,0 +1,2 @@
|
||||
{ pkgs }:
|
||||
pkgs.runCommand "empty-1.0.0" {} "mkdir $out"
|
15
krebs/5pkgs/simple/whatsupnix/default.nix
Normal file
15
krebs/5pkgs/simple/whatsupnix/default.nix
Normal file
@ -0,0 +1,15 @@
|
||||
{ bash, coreutils, gawk, nix, makeWrapper, stdenv }:
|
||||
|
||||
stdenv.mkDerivation {
|
||||
name = "whatsupnix";
|
||||
phases = [ "installPhase" ];
|
||||
nativeBuildInputs = [ makeWrapper ];
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin
|
||||
cat - ${./whatsupnix.bash} > $out/bin/whatsupnix <<\EOF
|
||||
#! ${bash}/bin/bash
|
||||
export PATH=${stdenv.lib.makeBinPath [ coreutils gawk nix ]}
|
||||
EOF
|
||||
chmod +x $out/bin/whatsupnix
|
||||
'';
|
||||
}
|
44
krebs/5pkgs/simple/whatsupnix/whatsupnix.bash
Normal file
44
krebs/5pkgs/simple/whatsupnix/whatsupnix.bash
Normal file
@ -0,0 +1,44 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# Prints build logs for failed derivations in quiet build mode (-Q).
|
||||
# See https://github.com/NixOS/nix/issues/443
|
||||
#
|
||||
# Usage:
|
||||
#
|
||||
# set -o pipefail
|
||||
# nix-build ... -Q ... | whatsupnix
|
||||
#
|
||||
|
||||
|
||||
GAWK=${GAWK:-gawk}
|
||||
NIX_STORE=${NIX_STORE:-nix-store}
|
||||
|
||||
broken=$(mktemp)
|
||||
trap 'rm -f -- "$broken"' EXIT
|
||||
|
||||
exec >&2
|
||||
|
||||
$GAWK -v broken="$broken" -f <(cat - <<- 'AWK'
|
||||
match($0, /builder for .*(\/nix\/store\/.+\.drv).* failed/, m) {
|
||||
print m[1] >> broken
|
||||
}
|
||||
{ print $0 }
|
||||
AWK
|
||||
)
|
||||
|
||||
export NIX_PAGER='' # for nix-store
|
||||
while read -r drv; do
|
||||
title="** FAILED $drv LOG **"
|
||||
frame=${title//?/*}
|
||||
|
||||
echo "$frame"
|
||||
echo "$title"
|
||||
echo "$frame"
|
||||
echo
|
||||
|
||||
$NIX_STORE -l "$drv"
|
||||
|
||||
echo
|
||||
done < "$broken"
|
||||
|
||||
exit 0
|
9
krebs/5pkgs/test/default.nix
Normal file
9
krebs/5pkgs/test/default.nix
Normal file
@ -0,0 +1,9 @@
|
||||
with import <stockholm/lib>;
|
||||
|
||||
self: super:
|
||||
|
||||
{
|
||||
test = {
|
||||
infest-cac-centos7 = self.callPackage ./infest-cac-centos7 {};
|
||||
};
|
||||
}
|
@ -1,7 +1,6 @@
|
||||
{ pkgs, ... }:
|
||||
pkgs: oldpkgs:
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
nixpkgs.config.packageOverrides = _: {
|
||||
{
|
||||
|
||||
# Combine a list of derivations using symlinks. Paths in later derivations
|
||||
# take precedence over earlier ones.
|
||||
@ -323,5 +322,4 @@ with import <stockholm/lib>;
|
||||
};
|
||||
|
||||
writeSed = pkgs.makeScriptWriter "${pkgs.gnused}/bin/sed -f";
|
||||
};
|
||||
}
|
||||
}
|
||||
|
@ -3,6 +3,6 @@ with import <stockholm/lib>;
|
||||
{
|
||||
imports = [
|
||||
./3modules
|
||||
./5pkgs
|
||||
];
|
||||
nixpkgs.config.packageOverrides = import ./5pkgs pkgs;
|
||||
}
|
||||
|
@ -16,7 +16,7 @@ with import <stockholm/lib>;
|
||||
# /dev/pts is empty except for 1 file
|
||||
# my life sucks
|
||||
nixpkgs.config.packageOverrides = super: {
|
||||
irc-announce = super.callPackage <stockholm/krebs/5pkgs/irc-announce> {
|
||||
irc-announce = super.callPackage <stockholm/krebs/5pkgs/simple/irc-announce> {
|
||||
pkgs = pkgs // { coreutils = pkgs.concat "coreutils-hack" [
|
||||
pkgs.coreutils
|
||||
(pkgs.writeDashBin "tee" ''
|
||||
|
@ -32,14 +32,11 @@ with import <stockholm/lib>;
|
||||
{ predicate = "-p tcp --dport 11100"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
#{
|
||||
# services.elasticsearch = {
|
||||
# enable = true;
|
||||
# plugins = [
|
||||
# # pkgs.elasticsearchPlugins.elasticsearch_kopf
|
||||
# ];
|
||||
# };
|
||||
#}
|
||||
{
|
||||
services.elasticsearch = {
|
||||
enable = true;
|
||||
};
|
||||
}
|
||||
{
|
||||
#zalando project
|
||||
services.postgresql = {
|
||||
|
@ -1,5 +1,4 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
|
||||
let
|
||||
@ -46,6 +45,7 @@ in {
|
||||
../2configs/monitoring/monit-alarms.nix
|
||||
../2configs/paste.nix
|
||||
../2configs/syncthing.nix
|
||||
../2configs/coders-irc.nix
|
||||
{
|
||||
imports = [
|
||||
../2configs/bepasty.nix
|
||||
@ -253,103 +253,6 @@ in {
|
||||
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.24 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
{
|
||||
krebs.Reaktor.coders = {
|
||||
nickname = "Reaktor|lass";
|
||||
channels = [ "#coders" "#germany" ];
|
||||
extraEnviron = {
|
||||
REAKTOR_HOST = "irc.hackint.org";
|
||||
};
|
||||
plugins = with pkgs.ReaktorPlugins; let
|
||||
|
||||
lambdabot = (import (pkgs.fetchFromGitHub {
|
||||
owner = "NixOS"; repo = "nixpkgs";
|
||||
rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
|
||||
sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
|
||||
}) {}).lambdabot;
|
||||
|
||||
lambdabotflags = ''
|
||||
-XStandaloneDeriving -XGADTs -XFlexibleContexts \
|
||||
-XFlexibleInstances -XMultiParamTypeClasses \
|
||||
-XOverloadedStrings -XFunctionalDependencies \'';
|
||||
in [
|
||||
url-title
|
||||
(buildSimpleReaktorPlugin "lambdabot-pl" {
|
||||
pattern = "^@pl (?P<args>.*)$$";
|
||||
script = pkgs.writeDash "lambda-pl" ''
|
||||
exec ${lambdabot}/bin/lambdabot \
|
||||
${indent lambdabotflags}
|
||||
-e "@pl $1"
|
||||
'';
|
||||
})
|
||||
(buildSimpleReaktorPlugin "lambdabot-type" {
|
||||
pattern = "^@type (?P<args>.*)$$";
|
||||
script = pkgs.writeDash "lambda-type" ''
|
||||
exec ${lambdabot}/bin/lambdabot \
|
||||
${indent lambdabotflags}
|
||||
-e "@type $1"
|
||||
'';
|
||||
})
|
||||
(buildSimpleReaktorPlugin "lambdabot-let" {
|
||||
pattern = "^@let (?P<args>.*)$$";
|
||||
script = pkgs.writeDash "lambda-let" ''
|
||||
exec ${lambdabot}/bin/lambdabot \
|
||||
${indent lambdabotflags}
|
||||
-e "@let $1"
|
||||
'';
|
||||
})
|
||||
(buildSimpleReaktorPlugin "lambdabot-run" {
|
||||
pattern = "^@run (?P<args>.*)$$";
|
||||
script = pkgs.writeDash "lambda-run" ''
|
||||
exec ${lambdabot}/bin/lambdabot \
|
||||
${indent lambdabotflags}
|
||||
-e "@run $1"
|
||||
'';
|
||||
})
|
||||
(buildSimpleReaktorPlugin "lambdabot-kind" {
|
||||
pattern = "^@kind (?P<args>.*)$$";
|
||||
script = pkgs.writeDash "lambda-kind" ''
|
||||
exec ${lambdabot}/bin/lambdabot \
|
||||
${indent lambdabotflags}
|
||||
-e "@kind $1"
|
||||
'';
|
||||
})
|
||||
(buildSimpleReaktorPlugin "lambdabot-kind" {
|
||||
pattern = "^@kind (?P<args>.*)$$";
|
||||
script = pkgs.writeDash "lambda-kind" ''
|
||||
exec ${lambdabot}/bin/lambdabot \
|
||||
${indent lambdabotflags}
|
||||
-e "@kind $1"
|
||||
'';
|
||||
})
|
||||
(buildSimpleReaktorPlugin "random-unicorn-porn" {
|
||||
pattern = "^!rup$$";
|
||||
script = pkgs.writePython2 "rup" ''
|
||||
#!${pkgs.python2}/bin/python
|
||||
t1 = """
|
||||
_.
|
||||
;=',_ ()
|
||||
8===D~~ S" .--`||
|
||||
sS \__ ||
|
||||
__.' ( \-->||
|
||||
_=/ _./-\/ ||
|
||||
8===D~~ ((\( /-' -'l ||
|
||||
) |/ \\ (_))
|
||||
\\ \\
|
||||
'~ '~
|
||||
"""
|
||||
print(t1)
|
||||
'';
|
||||
})
|
||||
(buildSimpleReaktorPlugin "ping" {
|
||||
pattern = "^!ping (?P<args>.*)$$";
|
||||
script = pkgs.writeDash "ping" ''
|
||||
exec /var/setuid-wrappers/ping -q -c1 "$1" 2>&1 | tail -1
|
||||
'';
|
||||
})
|
||||
];
|
||||
};
|
||||
}
|
||||
{
|
||||
krebs.Reaktor.prism = {
|
||||
nickname = "Reaktor|lass";
|
||||
|
@ -10,6 +10,7 @@ in {
|
||||
./copyq.nix
|
||||
./xresources.nix
|
||||
./livestream.nix
|
||||
./dns-stuff.nix
|
||||
{
|
||||
hardware.pulseaudio = {
|
||||
enable = true;
|
||||
@ -33,6 +34,7 @@ in {
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
programs.ssh.startAgent = false;
|
||||
services.openssh.forwardX11 = true;
|
||||
|
||||
services.printing = {
|
||||
enable = true;
|
||||
|
@ -35,7 +35,7 @@ in {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
};
|
||||
defaultPermissions = "read";
|
||||
defaultPermissions = "read,create";
|
||||
secretKey = secKey;
|
||||
});
|
||||
};
|
||||
|
92
lass/2configs/coders-irc.nix
Normal file
92
lass/2configs/coders-irc.nix
Normal file
@ -0,0 +1,92 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
|
||||
{
|
||||
krebs.Reaktor.coders = {
|
||||
nickname = "Reaktor|lass";
|
||||
channels = [ "#coders" "#germany" ];
|
||||
extraEnviron = {
|
||||
REAKTOR_HOST = "irc.hackint.org";
|
||||
};
|
||||
plugins = with pkgs.ReaktorPlugins; let
|
||||
|
||||
lambdabot = (import (pkgs.fetchFromGitHub {
|
||||
owner = "NixOS"; repo = "nixpkgs";
|
||||
rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
|
||||
sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
|
||||
}) {}).lambdabot;
|
||||
|
||||
lambdabotflags = ''
|
||||
-XStandaloneDeriving -XGADTs -XFlexibleContexts \
|
||||
-XFlexibleInstances -XMultiParamTypeClasses \
|
||||
-XOverloadedStrings -XFunctionalDependencies \'';
|
||||
in [
|
||||
url-title
|
||||
(buildSimpleReaktorPlugin "lambdabot-pl" {
|
||||
pattern = "^@pl (?P<args>.*)$$";
|
||||
script = pkgs.writeDash "lambda-pl" ''
|
||||
exec ${lambdabot}/bin/lambdabot \
|
||||
${indent lambdabotflags}
|
||||
-e "@pl $1"
|
||||
'';
|
||||
})
|
||||
(buildSimpleReaktorPlugin "lambdabot-type" {
|
||||
pattern = "^@type (?P<args>.*)$$";
|
||||
script = pkgs.writeDash "lambda-type" ''
|
||||
exec ${lambdabot}/bin/lambdabot \
|
||||
${indent lambdabotflags}
|
||||
-e "@type $1"
|
||||
'';
|
||||
})
|
||||
(buildSimpleReaktorPlugin "lambdabot-let" {
|
||||
pattern = "^@let (?P<args>.*)$$";
|
||||
script = pkgs.writeDash "lambda-let" ''
|
||||
exec ${lambdabot}/bin/lambdabot \
|
||||
${indent lambdabotflags}
|
||||
-e "@let $1"
|
||||
'';
|
||||
})
|
||||
(buildSimpleReaktorPlugin "lambdabot-run" {
|
||||
pattern = "^@run (?P<args>.*)$$";
|
||||
script = pkgs.writeDash "lambda-run" ''
|
||||
exec ${lambdabot}/bin/lambdabot \
|
||||
${indent lambdabotflags}
|
||||
-e "@run $1"
|
||||
'';
|
||||
})
|
||||
(buildSimpleReaktorPlugin "lambdabot-kind" {
|
||||
pattern = "^@kind (?P<args>.*)$$";
|
||||
script = pkgs.writeDash "lambda-kind" ''
|
||||
exec ${lambdabot}/bin/lambdabot \
|
||||
${indent lambdabotflags}
|
||||
-e "@kind $1"
|
||||
'';
|
||||
})
|
||||
(buildSimpleReaktorPlugin "random-unicorn-porn" {
|
||||
pattern = "^!rup$$";
|
||||
script = pkgs.writePython2 "rup" ''
|
||||
#!${pkgs.python2}/bin/python
|
||||
t1 = """
|
||||
_.
|
||||
;=',_ ()
|
||||
8===D~~ S" .--`||
|
||||
sS \__ ||
|
||||
__.' ( \-->||
|
||||
_=/ _./-\/ ||
|
||||
8===D~~ ((\( /-' -'l ||
|
||||
) |/ \\ (_))
|
||||
\\ \\
|
||||
'~ '~
|
||||
"""
|
||||
print(t1)
|
||||
'';
|
||||
})
|
||||
(buildSimpleReaktorPlugin "ping" {
|
||||
pattern = "^!ping (?P<args>.*)$$";
|
||||
script = pkgs.writeDash "ping" ''
|
||||
exec /var/setuid-wrappers/ping -q -c1 "$1" 2>&1 | tail -1
|
||||
'';
|
||||
})
|
||||
];
|
||||
};
|
||||
}
|
@ -63,15 +63,6 @@ with import <stockholm/lib>;
|
||||
pkgs.pythonPackages.python
|
||||
];
|
||||
}
|
||||
{
|
||||
services.dnscrypt-proxy = {
|
||||
enable = true;
|
||||
resolverName = "cs-de";
|
||||
};
|
||||
networking.extraResolvconfConf = ''
|
||||
name_servers='127.0.0.1'
|
||||
'';
|
||||
}
|
||||
];
|
||||
|
||||
networking.hostName = config.krebs.build.host.name;
|
||||
|
31
lass/2configs/dns-stuff.nix
Normal file
31
lass/2configs/dns-stuff.nix
Normal file
@ -0,0 +1,31 @@
|
||||
{ config, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
services.dnscrypt-proxy = {
|
||||
enable = true;
|
||||
localAddress = "127.1.0.1";
|
||||
resolverName = "cs-de";
|
||||
};
|
||||
services.dnsmasq = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
server=127.1.0.1
|
||||
server=/dn42/172.23.75.6
|
||||
#no-resolv
|
||||
cache-size=1000
|
||||
min-cache-ttl=3600
|
||||
bind-dynamic
|
||||
all-servers
|
||||
dnssec
|
||||
trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
|
||||
address=/blog/127.0.0.1
|
||||
address=/blog/::1
|
||||
rebind-domain-ok=/onion/
|
||||
server=/.onion/127.0.0.1#9053
|
||||
port=53
|
||||
'';
|
||||
};
|
||||
networking.extraResolvconfConf = ''
|
||||
name_servers='127.0.0.1'
|
||||
'';
|
||||
}
|
@ -3,6 +3,6 @@
|
||||
{
|
||||
krebs.build.source.nixpkgs.git = {
|
||||
url = https://cgit.lassul.us/nixpkgs;
|
||||
ref = "2bb9c1c";
|
||||
ref = "f8dfdd7";
|
||||
};
|
||||
}
|
||||
|
@ -1,11 +1,10 @@
|
||||
{ ... }:
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
|
||||
krebs.iptables = {
|
||||
tables = {
|
||||
filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport smtp"; target = "ACCEPT"; }
|
||||
{ predicate = "-p tcp --dport tinc"; target = "ACCEPT"; }
|
||||
{ predicate = "-p udp --dport tinc"; target = "ACCEPT"; }
|
||||
];
|
||||
@ -13,6 +12,7 @@
|
||||
};
|
||||
|
||||
krebs.tinc.retiolum = {
|
||||
enableLegacy = true;
|
||||
enable = true;
|
||||
connectTo = [
|
||||
"prism"
|
||||
@ -25,4 +25,8 @@
|
||||
nixpkgs.config.packageOverrides = pkgs: {
|
||||
tinc = pkgs.tinc_pre;
|
||||
};
|
||||
|
||||
environment.systemPackages = [
|
||||
pkgs.tinc
|
||||
];
|
||||
}
|
||||
|
@ -25,9 +25,10 @@ in {
|
||||
imports = [
|
||||
./sqlBackup.nix
|
||||
(servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
|
||||
(servePage [ "karlaskop.de" "www.karlaskop.de" ])
|
||||
(servePage [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ])
|
||||
(servePage [ "karlaskop.de" ])
|
||||
(servePage [ "makeup.apanowicz.de" ])
|
||||
(servePage [ "pixelpocket.de" ])
|
||||
(servePage [ "habsys.de" "habsys.eu" ])
|
||||
(serveOwncloud [ "o.ubikmedia.de" ])
|
||||
(serveWordpress [
|
||||
"ubikmedia.de"
|
||||
|
@ -40,8 +40,6 @@ in {
|
||||
|
||||
(serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ])
|
||||
|
||||
(servePage [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ])
|
||||
|
||||
(serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ])
|
||||
];
|
||||
|
||||
|
@ -6,6 +6,7 @@ _:
|
||||
./hosts.nix
|
||||
./mysql-backup.nix
|
||||
./news.nix
|
||||
./pyload.nix
|
||||
./umts.nix
|
||||
./usershadow.nix
|
||||
./xresources.nix
|
||||
|
@ -6,7 +6,7 @@ with import <stockholm/lib>;
|
||||
options.lass.hosts = mkOption {
|
||||
type = types.attrsOf types.host;
|
||||
default =
|
||||
filterAttrs (_: host: host.owner.name == "lass")
|
||||
filterAttrs (_: host: host.owner.name == "lass" && host.managed)
|
||||
config.krebs.hosts;
|
||||
};
|
||||
}
|
||||
|
55
lass/3modules/pyload.nix
Normal file
55
lass/3modules/pyload.nix
Normal file
@ -0,0 +1,55 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
|
||||
let
|
||||
cfg = config.lass.pyload;
|
||||
|
||||
out = {
|
||||
options.lass.pyload = api;
|
||||
config = lib.mkIf cfg.enable imp;
|
||||
};
|
||||
|
||||
api = {
|
||||
enable = mkEnableOption "pyload";
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "download";
|
||||
};
|
||||
};
|
||||
|
||||
imp = {
|
||||
|
||||
krebs.per-user.${cfg.user}.packages = [
|
||||
pkgs.pyload
|
||||
pkgs.spidermonkey
|
||||
pkgs.tesseract
|
||||
];
|
||||
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport 9099"; target = "ACCEPT"; }
|
||||
];
|
||||
systemd.services.pyload = {
|
||||
description = "pyload";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
path = with pkgs; [
|
||||
pyload
|
||||
spidermonkey
|
||||
tesseract
|
||||
dnsmasq
|
||||
];
|
||||
|
||||
restartIfChanged = true;
|
||||
|
||||
serviceConfig = {
|
||||
Restart = "always";
|
||||
ExecStart = "${pkgs.pyload}/bin/pyLoadCore";
|
||||
User = cfg.user;
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
in out
|
@ -31,6 +31,13 @@ rec {
|
||||
default = null;
|
||||
};
|
||||
|
||||
managed = mkOption {
|
||||
description = ''
|
||||
If true, then the host's configuration is defined in stockholm.
|
||||
'';
|
||||
type = bool;
|
||||
};
|
||||
|
||||
owner = mkOption {
|
||||
type = user;
|
||||
};
|
||||
|
@ -31,7 +31,7 @@ with import <stockholm/lib>;
|
||||
systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
|
||||
# hack `tee` behavior
|
||||
nixpkgs.config.packageOverrides = super: {
|
||||
irc-announce = super.callPackage <stockholm/krebs/5pkgs/irc-announce> {
|
||||
irc-announce = super.callPackage <stockholm/krebs/5pkgs/simple/irc-announce> {
|
||||
pkgs = pkgs // { coreutils = pkgs.concat "coreutils-hack" [
|
||||
pkgs.coreutils
|
||||
(pkgs.writeDashBin "tee" ''
|
||||
|
@ -25,7 +25,7 @@ with import <stockholm/lib>;
|
||||
alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
|
||||
inherit (callPackage ./devpi {}) devpi-web devpi-server devpi-client;
|
||||
nodemcu-uploader = callPackage ./nodemcu-uploader {};
|
||||
pwqgen-ger = callPackage ../../krebs/5pkgs/passwdqc-utils {
|
||||
pwqgen-ger = callPackage <stockholm/krebs/5pkgs/simple/passwdqc-utils> {
|
||||
wordset-file = pkgs.fetchurl {
|
||||
url = https://gist.githubusercontent.com/makefu/b56f5554c9ef03fe6e09878962e6fd8d/raw/1f147efec51325bc9f80c823bad8381d5b7252f6/wordset_4k.c ;
|
||||
sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb";
|
||||
|
@ -59,7 +59,7 @@ with import <stockholm/lib>;
|
||||
|
||||
krebs = {
|
||||
enable = true;
|
||||
search-domain = "retiolum";
|
||||
search-domain = "r";
|
||||
build = {
|
||||
user = config.krebs.users.nin;
|
||||
source = let inherit (config.krebs.build) host; in {
|
||||
|
@ -3,6 +3,6 @@
|
||||
{
|
||||
krebs.build.source.nixpkgs.git = {
|
||||
url = https://github.com/nixos/nixpkgs;
|
||||
ref = "5b0c9d4";
|
||||
ref = "0afb6d7";
|
||||
};
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user