Merge remote-tracking branch 'lass/master'

krebs/3modules/default.nix

@@ -34,10 +34,10 @@ let
       ./Reaktor.nix
       ./realwallpaper.nix
       ./retiolum-bootstrap.nix
-      ./retiolum.nix
       ./rtorrent.nix
       ./secret.nix
       ./setuid.nix
+      ./tinc.nix
       ./tinc_graphs.nix
       ./urlwatch.nix
       ./repo-sync.nix

krebs/3modules/lass/default.nix

@@ -3,7 +3,10 @@
 with import <stockholm/lib>;
 
 {
-  hosts = mapAttrs (_: setAttr "owner" config.krebs.users.lass) {
+  hosts = mapAttrs (_: recursiveUpdate {
+    owner = config.krebs.users.lass;
+    managed = true;
+  }) {
     dishfire = {
       cores = 4;
       nets = rec {
@@ -124,6 +127,7 @@ with import <stockholm/lib>;
           ssh.port = 2223;
         };
       };
+      managed = false;
     };
     cloudkrebs = {
       cores = 1;
@@ -300,6 +304,7 @@ with import <stockholm/lib>;
     };
     iso = {
       cores = 1;
+      managed = false;
     };
     sokrateslaptop = {
       nets = {
@@ -321,6 +326,7 @@ with import <stockholm/lib>;
           '';
         };
       };
+      managed = false;
     };
   };
   users = {

krebs/3modules/tinc.nix

@@ -17,6 +17,27 @@ let
       in {
 
         enable = mkEnableOption "krebs.tinc.${netname}" // { default = true; };
+        enableLegacy = mkEnableOption "/etc/tinc/${netname}";
+
+        confDir = mkOption {
+          type = types.package;
+          default = pkgs.linkFarm "${netname}-etc-tinc"
+            (mapAttrsToList (name: path: { inherit name path; }) {
+              "hosts" = tinc.config.hostsPackage;
+              "tinc.conf" = pkgs.writeText "${netname}-tinc.conf" ''
+                Name = ${tinc.config.host.name}
+                Interface = ${netname}
+                ${concatMapStrings (c: "ConnectTo = ${c}\n") tinc.config.connectTo}
+                PrivateKeyFile = ${tinc.config.privkey.path}
+                Port = ${toString tinc.config.host.nets.${netname}.tinc.port}
+                ${tinc.config.extraConfig}
+              '';
+              "tinc-up" = pkgs.writeDash "${netname}-tinc-up" ''
+                ${tinc.config.iproutePackage}/sbin/ip link set ${netname} up
+                ${tinc.config.tincUp}
+              '';
+            });
+        };
 
         host = mkOption {
           type = types.host;
@@ -175,29 +196,16 @@ let
       }
     ) config.krebs.tinc;
 
+    environment.etc = mapAttrs' (netname: cfg:
+      nameValuePair "tinc/${netname}" (mkIf cfg.enableLegacy {
+        source = cfg.confDir;
+      })
+    ) config.krebs.tinc;
+
     systemd.services = mapAttrs (netname: cfg:
       let
         tinc = cfg.tincPackage;
         iproute = cfg.iproutePackage;
-
-        confDir = let
-          namePathPair = name: path: { inherit name path; };
-        in pkgs.linkFarm "${netname}-etc-tinc" (mapAttrsToList namePathPair {
-            "hosts" = cfg.hostsPackage;
-            "tinc.conf" = pkgs.writeText "${cfg.netname}-tinc.conf" ''
-              Name = ${cfg.host.name}
-              Interface = ${netname}
-              ${concatStrings (map (c: "ConnectTo = ${c}\n") cfg.connectTo)}
-              PrivateKeyFile = ${cfg.privkey.path}
-              Port = ${toString cfg.host.nets.${cfg.netname}.tinc.port}
-              ${cfg.extraConfig}
-            '';
-            "tinc-up" = pkgs.writeDash "${netname}-tinc-up" ''
-              ${iproute}/sbin/ip link set ${netname} up
-              ${cfg.tincUp}
-            '';
-          }
-        );
       in {
         description = "Tinc daemon for ${netname}";
         after = [ "network.target" ];
@@ -206,7 +214,7 @@ let
         path = [ tinc iproute ];
         serviceConfig = rec {
           Restart = "always";
-          ExecStart = "${tinc}/sbin/tincd -c ${confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid";
+          ExecStart = "${tinc}/sbin/tincd -c ${cfg.confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid";
           SyslogIdentifier = netname;
         };
       }

krebs/5pkgs/default.nix

@@ -1,64 +1,33 @@
-{ config, lib, pkgs, ... }@args:
 with import <stockholm/lib>;
+
+self: super:
+
+# Import files and subdirectories like they are overlays.
+foldl' mergeAttrs {}
+  (map
+    (name: import (./. + "/${name}") self super)
+    (filter
+      (name: name != "default.nix" && !hasPrefix "." name)
+      (attrNames (readDir ./.))))
+
+//
+
 {
-  imports = [
-    ./writers.nix
-  ];
-  nixpkgs.config.packageOverrides = oldpkgs: let
+  ReaktorPlugins = self.callPackage ./simple/Reaktor/plugins.nix {};
 
-    # This callPackage will try to detect obsolete overrides.
-    callPackage = path: args: let
-      override = pkgs.callPackage path args;
-      upstream = optionalAttrs (override ? "name")
-        (oldpkgs.${(parseDrvName override.name).name} or {});
-    in if upstream ? "name" &&
-          override ? "name" &&
-          compareVersions upstream.name override.name != -1
-      then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override
-      else override;
-
-  in {}
-  // mapAttrs (_: flip callPackage {})
-              (filterAttrs (_: dir: pathExists (dir + "/default.nix"))
-                           (subdirsOf ./.))
-  // {
-    empty = pkgs.runCommand "empty-1.0.0" {} "mkdir $out";
-
-    haskellPackages = oldpkgs.haskellPackages.override {
-      overrides = self: super:
-        mapAttrs (name: path: self.callPackage path {})
-          (mapAttrs'
-            (name: type:
-              if hasSuffix ".nix" name
-                then {
-                  name = removeSuffix ".nix" name;
-                  value = ./haskell-overrides + "/${name}";
-                }
-                else null)
-            (builtins.readDir ./haskell-overrides));
-    };
-
-    ReaktorPlugins = callPackage ./Reaktor/plugins.nix {};
-
-    buildbot = callPackage ./buildbot {};
-    buildbot-full = callPackage ./buildbot {
-      plugins = with pkgs.buildbot-plugins; [ www console-view waterfall-view ];
-    };
-    buildbot-worker = callPackage ./buildbot/worker.nix {};
-
-    # https://github.com/proot-me/PRoot/issues/106
-    proot = pkgs.writeDashBin "proot" ''
-      export PROOT_NO_SECCOMP=1
-      exec ${oldpkgs.proot}/bin/proot "$@"
-    '';
-
-    # XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d
-    symlinkJoin = { name, paths, ... }@args: let
-      x = oldpkgs.symlinkJoin args;
-    in if typeOf x != "lambda" then x else oldpkgs.symlinkJoin name paths;
-
-    test = {
-      infest-cac-centos7 = callPackage ./test/infest-cac-centos7 {};
-    };
+  buildbot-full = self.callPackage ./simple/buildbot {
+    plugins = with self.buildbot-plugins; [ www console-view waterfall-view ];
   };
+  buildbot-worker = self.callPackage ./simple/buildbot/worker.nix {};
+
+  # https://github.com/proot-me/PRoot/issues/106
+  proot = self.writeDashBin "proot" ''
+    export PROOT_NO_SECCOMP=1
+    exec ${super.proot}/bin/proot "$@"
+  '';
+
+  # XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d
+  symlinkJoin = { name, paths, ... }@args: let
+    x = super.symlinkJoin args;
+  in if typeOf x != "lambda" then x else super.symlinkJoin name paths;
 }

krebs/5pkgs/haskell-overrides/kirk.nix

@@ -1,18 +0,0 @@
-{ mkDerivation, async, base, bytestring, fetchgit, network
-, optparse-applicative, stdenv, text
-}:
-mkDerivation {
-  pname = "kirk";
-  version = "1.0.0";
-  src = fetchgit {
-    url = "http://cgit.krebsco.de/kirk";
-    sha256 = "0w4drg2lyyw45abfn3g55zd6m7pl7yqxql5rpyy6qqdbvnyak94w";
-    rev = "c78f3c62c0ba76465e39d1570073f867aa2d4240";
-  };
-  isLibrary = false;
-  isExecutable = true;
-  executableHaskellDepends = [
-    async base bytestring network optparse-applicative text
-  ];
-  license = stdenv.lib.licenses.mit;
-}

krebs/5pkgs/haskell/default.nix

@@ -0,0 +1,15 @@
+with import <stockholm/lib>;
+
+self: super:
+{
+  haskellPackages = super.haskellPackages.override {
+    overrides = self: super:
+      listToAttrs
+        (map
+          (name: nameValuePair (removeSuffix ".nix" name)
+                               (self.callPackage (./. + "/${name}") {}))
+          (filter
+            (name: name != "default.nix" && !hasPrefix "." name)
+            (attrNames (readDir ./.))));
+  };
+}

krebs/5pkgs/haskell/kirk.nix

@@ -0,0 +1,21 @@
+{ mkDerivation, async, base, bytestring, fetchgit, network
+, optparse-applicative, stdenv, text
+}:
+mkDerivation {
+  pname = "kirk";
+  version = "1.0.1";
+  src = fetchgit {
+    url = "http://cgit.krebsco.de/kirk";
+    sha256 = "1acsmmc485c54axpy9bd0320j18hs261vl1vdxns4n04sxzqd7k0";
+    rev = "cdf3cb373af8f9b03a9487a63eb32e0226913589";
+  };
+  isLibrary = true;
+  isExecutable = true;
+  libraryHaskellDepends = [
+    base bytestring network optparse-applicative text
+  ];
+  executableHaskellDepends = [
+    async base network optparse-applicative text
+  ];
+  license = stdenv.lib.licenses.mit;
+}

krebs/5pkgs/simple/default.nix

@@ -0,0 +1,24 @@
+with import <stockholm/lib>;
+
+self: super:
+
+let
+  # This callPackage will try to detect obsolete overrides.
+  callPackage = path: args: let
+    override = self.callPackage path args;
+    upstream = optionalAttrs (override ? "name")
+      (super.${(parseDrvName override.name).name} or {});
+  in if upstream ? "name" &&
+        override ? "name" &&
+        compareVersions upstream.name override.name != -1
+    then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override
+    else override;
+in
+
+  listToAttrs
+    (map
+      (name: nameValuePair (removeSuffix ".nix" name)
+                           (callPackage (./. + "/${name}") {}))
+      (filter
+        (name: name != "default.nix" && !hasPrefix "." name)
+        (attrNames (readDir ./.))))

krebs/5pkgs/simple/empty.nix

@@ -0,0 +1,2 @@
+{ pkgs }:
+pkgs.runCommand "empty-1.0.0" {} "mkdir $out"

krebs/5pkgs/simple/whatsupnix/default.nix

@@ -0,0 +1,15 @@
+{ bash, coreutils, gawk, nix, makeWrapper, stdenv }:
+
+stdenv.mkDerivation {
+  name = "whatsupnix";
+  phases = [ "installPhase" ];
+  nativeBuildInputs = [ makeWrapper ];
+  installPhase = ''
+    mkdir -p $out/bin
+    cat - ${./whatsupnix.bash} > $out/bin/whatsupnix <<\EOF
+    #! ${bash}/bin/bash
+    export PATH=${stdenv.lib.makeBinPath [ coreutils gawk nix ]}
+    EOF
+    chmod +x $out/bin/whatsupnix
+  '';
+}

krebs/5pkgs/simple/whatsupnix/whatsupnix.bash

@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+# Prints build logs for failed derivations in quiet build mode (-Q).
+# See https://github.com/NixOS/nix/issues/443
+#
+# Usage:
+#
+#    set -o pipefail
+#    nix-build ... -Q ... | whatsupnix
+#
+
+
+GAWK=${GAWK:-gawk}
+NIX_STORE=${NIX_STORE:-nix-store}
+
+broken=$(mktemp)
+trap 'rm -f -- "$broken"' EXIT
+
+exec >&2
+
+$GAWK -v broken="$broken" -f <(cat - <<- 'AWK'
+  match($0, /builder for .*(\/nix\/store\/.+\.drv).* failed/, m) {
+    print m[1] >> broken
+  }
+  { print $0 }
+AWK
+)
+
+export NIX_PAGER='' # for nix-store
+while read -r drv; do
+  title="** FAILED $drv LOG  **"
+  frame=${title//?/*}
+
+  echo "$frame"
+  echo "$title"
+  echo "$frame"
+  echo
+
+  $NIX_STORE -l "$drv"
+
+  echo
+done < "$broken"
+
+exit 0

krebs/5pkgs/test/default.nix

@@ -0,0 +1,9 @@
+with import <stockholm/lib>;
+
+self: super:
+
+{
+  test = {
+    infest-cac-centos7 = self.callPackage ./infest-cac-centos7 {};
+  };
+}

krebs/5pkgs/writers.nix

@@ -1,7 +1,6 @@
-{ pkgs, ... }:
+pkgs: oldpkgs:
 with import <stockholm/lib>;
-{
-  nixpkgs.config.packageOverrides = _: {
+  {
 
     # Combine a list of derivations using symlinks.  Paths in later derivations
     # take precedence over earlier ones.
@@ -323,5 +322,4 @@ with import <stockholm/lib>;
       };
 
     writeSed = pkgs.makeScriptWriter "${pkgs.gnused}/bin/sed -f";
-  };
-}
+  }

krebs/default.nix

@@ -3,6 +3,6 @@ with import <stockholm/lib>;
 {
   imports = [
     ./3modules
-    ./5pkgs
   ];
+  nixpkgs.config.packageOverrides = import ./5pkgs pkgs;
 }

lass/1systems/iso.nix

@@ -16,7 +16,7 @@ with import <stockholm/lib>;
       # /dev/pts is empty except for 1 file
       # my life sucks
       nixpkgs.config.packageOverrides = super: {
-        irc-announce = super.callPackage <stockholm/krebs/5pkgs/irc-announce> {
+        irc-announce = super.callPackage <stockholm/krebs/5pkgs/simple/irc-announce> {
           pkgs = pkgs // { coreutils = pkgs.concat "coreutils-hack" [
             pkgs.coreutils
             (pkgs.writeDashBin "tee" ''

lass/1systems/mors.nix

@@ -32,14 +32,11 @@ with import <stockholm/lib>;
         { predicate = "-p tcp --dport 11100"; target = "ACCEPT"; }
       ];
     }
-    #{
-    #  services.elasticsearch = {
-    #    enable = true;
-    #    plugins = [
-    #    #  pkgs.elasticsearchPlugins.elasticsearch_kopf
-    #    ];
-    #  };
-    #}
+    {
+      services.elasticsearch = {
+        enable = true;
+      };
+    }
     {
       #zalando project
       services.postgresql = {

lass/1systems/prism.nix

@@ -1,5 +1,4 @@
 { config, lib, pkgs, ... }:
-
 with import <stockholm/lib>;
 
 let
@@ -46,6 +45,7 @@ in {
     ../2configs/monitoring/monit-alarms.nix
     ../2configs/paste.nix
     ../2configs/syncthing.nix
+    ../2configs/coders-irc.nix
     {
       imports = [
         ../2configs/bepasty.nix
@@ -253,103 +253,6 @@ in {
         { v6 = false; precedence = 1000; predicate = "-d 192.168.122.24 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
       ];
     }
-    {
-      krebs.Reaktor.coders = {
-        nickname = "Reaktor|lass";
-        channels = [ "#coders" "#germany" ];
-        extraEnviron = {
-          REAKTOR_HOST = "irc.hackint.org";
-        };
-        plugins = with pkgs.ReaktorPlugins; let
-
-          lambdabot = (import (pkgs.fetchFromGitHub {
-            owner = "NixOS"; repo = "nixpkgs";
-            rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
-            sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
-          }) {}).lambdabot;
-
-          lambdabotflags = ''
-            -XStandaloneDeriving -XGADTs -XFlexibleContexts \
-            -XFlexibleInstances -XMultiParamTypeClasses \
-            -XOverloadedStrings -XFunctionalDependencies \'';
-        in [
-          url-title
-          (buildSimpleReaktorPlugin "lambdabot-pl" {
-            pattern = "^@pl (?P<args>.*)$$";
-            script = pkgs.writeDash "lambda-pl" ''
-              exec ${lambdabot}/bin/lambdabot \
-                ${indent lambdabotflags}
-                -e "@pl $1"
-            '';
-          })
-          (buildSimpleReaktorPlugin "lambdabot-type" {
-            pattern = "^@type (?P<args>.*)$$";
-            script = pkgs.writeDash "lambda-type" ''
-              exec ${lambdabot}/bin/lambdabot \
-                ${indent lambdabotflags}
-                -e "@type $1"
-            '';
-          })
-          (buildSimpleReaktorPlugin "lambdabot-let" {
-            pattern = "^@let (?P<args>.*)$$";
-            script = pkgs.writeDash "lambda-let" ''
-              exec ${lambdabot}/bin/lambdabot \
-                ${indent lambdabotflags}
-                -e "@let $1"
-            '';
-          })
-          (buildSimpleReaktorPlugin "lambdabot-run" {
-            pattern = "^@run (?P<args>.*)$$";
-            script = pkgs.writeDash "lambda-run" ''
-              exec ${lambdabot}/bin/lambdabot \
-                ${indent lambdabotflags}
-                -e "@run $1"
-            '';
-          })
-          (buildSimpleReaktorPlugin "lambdabot-kind" {
-            pattern = "^@kind (?P<args>.*)$$";
-            script = pkgs.writeDash "lambda-kind" ''
-              exec ${lambdabot}/bin/lambdabot \
-                ${indent lambdabotflags}
-                -e "@kind $1"
-            '';
-          })
-          (buildSimpleReaktorPlugin "lambdabot-kind" {
-            pattern = "^@kind (?P<args>.*)$$";
-            script = pkgs.writeDash "lambda-kind" ''
-              exec ${lambdabot}/bin/lambdabot \
-                ${indent lambdabotflags}
-                -e "@kind $1"
-            '';
-          })
-          (buildSimpleReaktorPlugin "random-unicorn-porn" {
-            pattern = "^!rup$$";
-            script = pkgs.writePython2 "rup" ''
-              #!${pkgs.python2}/bin/python
-              t1 = """
-                                  _.
-                               ;=',_ ()
-                     8===D~~  S" .--`||
-                             sS  \__ ||
-                          __.' ( \-->||
-                       _=/    _./-\/ ||
-              8===D~~ ((\( /-'   -'l ||
-                       ) |/ \\      (_))
-                          \\  \\
-                           '~ '~
-              """
-              print(t1)
-            '';
-          })
-          (buildSimpleReaktorPlugin "ping" {
-            pattern = "^!ping (?P<args>.*)$$";
-            script = pkgs.writeDash "ping" ''
-              exec /var/setuid-wrappers/ping -q -c1 "$1" 2>&1 | tail -1
-            '';
-          })
-        ];
-      };
-    }
     {
       krebs.Reaktor.prism = {
         nickname = "Reaktor|lass";

lass/2configs/baseX.nix

@@ -10,6 +10,7 @@ in {
     ./copyq.nix
     ./xresources.nix
     ./livestream.nix
+    ./dns-stuff.nix
     {
       hardware.pulseaudio = {
         enable = true;
@@ -33,6 +34,7 @@ in {
   time.timeZone = "Europe/Berlin";
 
   programs.ssh.startAgent = false;
+  services.openssh.forwardX11 = true;
 
   services.printing = {
     enable = true;

lass/2configs/bepasty.nix

@@ -35,7 +35,7 @@ in {
         forceSSL = true;
         enableACME = true;
       };
-      defaultPermissions = "read";
+      defaultPermissions = "read,create";
       secretKey = secKey;
     });
   };

lass/2configs/coders-irc.nix

@@ -0,0 +1,92 @@
+{ config, lib, pkgs, ... }:
+with import <stockholm/lib>;
+
+{
+  krebs.Reaktor.coders = {
+    nickname = "Reaktor|lass";
+    channels = [ "#coders" "#germany" ];
+    extraEnviron = {
+      REAKTOR_HOST = "irc.hackint.org";
+    };
+    plugins = with pkgs.ReaktorPlugins; let
+
+      lambdabot = (import (pkgs.fetchFromGitHub {
+        owner = "NixOS"; repo = "nixpkgs";
+        rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
+        sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
+      }) {}).lambdabot;
+
+      lambdabotflags = ''
+        -XStandaloneDeriving -XGADTs -XFlexibleContexts \
+        -XFlexibleInstances -XMultiParamTypeClasses \
+        -XOverloadedStrings -XFunctionalDependencies \'';
+    in [
+      url-title
+      (buildSimpleReaktorPlugin "lambdabot-pl" {
+        pattern = "^@pl (?P<args>.*)$$";
+        script = pkgs.writeDash "lambda-pl" ''
+          exec ${lambdabot}/bin/lambdabot \
+            ${indent lambdabotflags}
+            -e "@pl $1"
+        '';
+      })
+      (buildSimpleReaktorPlugin "lambdabot-type" {
+        pattern = "^@type (?P<args>.*)$$";
+        script = pkgs.writeDash "lambda-type" ''
+          exec ${lambdabot}/bin/lambdabot \
+            ${indent lambdabotflags}
+            -e "@type $1"
+        '';
+      })
+      (buildSimpleReaktorPlugin "lambdabot-let" {
+        pattern = "^@let (?P<args>.*)$$";
+        script = pkgs.writeDash "lambda-let" ''
+          exec ${lambdabot}/bin/lambdabot \
+            ${indent lambdabotflags}
+            -e "@let $1"
+        '';
+      })
+      (buildSimpleReaktorPlugin "lambdabot-run" {
+        pattern = "^@run (?P<args>.*)$$";
+        script = pkgs.writeDash "lambda-run" ''
+          exec ${lambdabot}/bin/lambdabot \
+            ${indent lambdabotflags}
+            -e "@run $1"
+        '';
+      })
+      (buildSimpleReaktorPlugin "lambdabot-kind" {
+        pattern = "^@kind (?P<args>.*)$$";
+        script = pkgs.writeDash "lambda-kind" ''
+          exec ${lambdabot}/bin/lambdabot \
+            ${indent lambdabotflags}
+            -e "@kind $1"
+        '';
+      })
+      (buildSimpleReaktorPlugin "random-unicorn-porn" {
+        pattern = "^!rup$$";
+        script = pkgs.writePython2 "rup" ''
+          #!${pkgs.python2}/bin/python
+          t1 = """
+                              _.
+                           ;=',_ ()
+                 8===D~~  S" .--`||
+                         sS  \__ ||
+                      __.' ( \-->||
+                   _=/    _./-\/ ||
+          8===D~~ ((\( /-'   -'l ||
+                   ) |/ \\      (_))
+                      \\  \\
+                       '~ '~
+          """
+          print(t1)
+        '';
+      })
+      (buildSimpleReaktorPlugin "ping" {
+        pattern = "^!ping (?P<args>.*)$$";
+        script = pkgs.writeDash "ping" ''
+          exec /var/setuid-wrappers/ping -q -c1 "$1" 2>&1 | tail -1
+        '';
+      })
+    ];
+  };
+}

lass/2configs/default.nix

@@ -63,15 +63,6 @@ with import <stockholm/lib>;
         pkgs.pythonPackages.python
       ];
     }
-    {
-      services.dnscrypt-proxy = {
-        enable = true;
-        resolverName = "cs-de";
-      };
-      networking.extraResolvconfConf = ''
-        name_servers='127.0.0.1'
-      '';
-    }
   ];
 
   networking.hostName = config.krebs.build.host.name;

lass/2configs/dns-stuff.nix

@@ -0,0 +1,31 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+{
+  services.dnscrypt-proxy = {
+    enable = true;
+    localAddress = "127.1.0.1";
+    resolverName = "cs-de";
+  };
+  services.dnsmasq = {
+    enable = true;
+    extraConfig = ''
+      server=127.1.0.1
+      server=/dn42/172.23.75.6
+      #no-resolv
+      cache-size=1000
+      min-cache-ttl=3600
+      bind-dynamic
+      all-servers
+      dnssec
+      trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
+      address=/blog/127.0.0.1
+      address=/blog/::1
+      rebind-domain-ok=/onion/
+      server=/.onion/127.0.0.1#9053
+      port=53
+    '';
+  };
+  networking.extraResolvconfConf = ''
+    name_servers='127.0.0.1'
+  '';
+}

lass/2configs/nixpkgs.nix

@@ -3,6 +3,6 @@
 {
   krebs.build.source.nixpkgs.git = {
     url = https://cgit.lassul.us/nixpkgs;
-    ref = "2bb9c1c";
+    ref = "f8dfdd7";
   };
 }

lass/2configs/retiolum.nix

@@ -1,11 +1,10 @@
-{ ... }:
+{ pkgs, ... }:
 
 {
 
   krebs.iptables = {
     tables = {
       filter.INPUT.rules = [
-        { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; }
         { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; }
         { predicate = "-p udp --dport tinc"; target = "ACCEPT"; }
       ];
@@ -13,6 +12,7 @@
   };
 
   krebs.tinc.retiolum = {
+    enableLegacy = true;
     enable = true;
     connectTo = [
       "prism"
@@ -25,4 +25,8 @@
   nixpkgs.config.packageOverrides = pkgs: {
     tinc = pkgs.tinc_pre;
   };
+
+  environment.systemPackages = [
+    pkgs.tinc
+  ];
 }

lass/2configs/websites/domsen.nix

@@ -25,9 +25,10 @@ in {
   imports = [
     ./sqlBackup.nix
     (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
-    (servePage [ "karlaskop.de" "www.karlaskop.de" ])
-    (servePage [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ])
+    (servePage [ "karlaskop.de" ])
+    (servePage [ "makeup.apanowicz.de" ])
     (servePage [ "pixelpocket.de" ])
+    (servePage [ "habsys.de" "habsys.eu" ])
     (serveOwncloud [ "o.ubikmedia.de" ])
     (serveWordpress [
       "ubikmedia.de"

lass/2configs/websites/fritz.nix

@@ -40,8 +40,6 @@ in {
 
     (serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ])
 
-    (servePage [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ])
-
     (serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ])
   ];
 

lass/3modules/default.nix

@@ -6,6 +6,7 @@ _:
     ./hosts.nix
     ./mysql-backup.nix
     ./news.nix
+    ./pyload.nix
     ./umts.nix
     ./usershadow.nix
     ./xresources.nix

lass/3modules/hosts.nix

@@ -6,7 +6,7 @@ with import <stockholm/lib>;
   options.lass.hosts = mkOption {
     type = types.attrsOf types.host;
     default =
-      filterAttrs (_: host: host.owner.name == "lass")
+      filterAttrs (_: host: host.owner.name == "lass" && host.managed)
       config.krebs.hosts;
   };
 }

lass/3modules/pyload.nix

@@ -0,0 +1,55 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+
+let
+  cfg = config.lass.pyload;
+
+  out = {
+    options.lass.pyload = api;
+    config = lib.mkIf cfg.enable imp;
+  };
+
+  api = {
+    enable = mkEnableOption "pyload";
+    user = mkOption {
+      type = types.str;
+      default = "download";
+    };
+  };
+
+  imp = {
+
+    krebs.per-user.${cfg.user}.packages = [
+      pkgs.pyload
+      pkgs.spidermonkey
+      pkgs.tesseract
+    ];
+
+    krebs.iptables.tables.filter.INPUT.rules = [
+       { predicate = "-p tcp --dport 9099"; target = "ACCEPT"; }
+    ];
+    systemd.services.pyload = {
+      description = "pyload";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+
+      path = with pkgs; [
+        pyload
+        spidermonkey
+        tesseract
+        dnsmasq
+      ];
+
+      restartIfChanged = true;
+
+      serviceConfig = {
+        Restart = "always";
+        ExecStart = "${pkgs.pyload}/bin/pyLoadCore";
+        User = cfg.user;
+      };
+    };
+
+  };
+
+in out

lib/types.nix

@@ -31,6 +31,13 @@ rec {
         default = null;
       };
 
+      managed = mkOption {
+        description = ''
+          If true, then the host's configuration is defined in stockholm.
+        '';
+        type = bool;
+      };
+
       owner = mkOption {
         type = user;
       };

makefu/1systems/iso.nix

@@ -31,7 +31,7 @@ with import <stockholm/lib>;
   systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
   # hack `tee` behavior
   nixpkgs.config.packageOverrides = super: {
-    irc-announce = super.callPackage <stockholm/krebs/5pkgs/irc-announce> {
+    irc-announce = super.callPackage <stockholm/krebs/5pkgs/simple/irc-announce> {
       pkgs = pkgs // { coreutils = pkgs.concat "coreutils-hack" [
         pkgs.coreutils
         (pkgs.writeDashBin "tee" ''

makefu/5pkgs/default.nix

@@ -25,7 +25,7 @@ with import <stockholm/lib>;
     alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
     inherit (callPackage ./devpi {}) devpi-web devpi-server devpi-client;
     nodemcu-uploader = callPackage ./nodemcu-uploader {};
-    pwqgen-ger = callPackage ../../krebs/5pkgs/passwdqc-utils {
+    pwqgen-ger = callPackage <stockholm/krebs/5pkgs/simple/passwdqc-utils> {
       wordset-file = pkgs.fetchurl {
         url = https://gist.githubusercontent.com/makefu/b56f5554c9ef03fe6e09878962e6fd8d/raw/1f147efec51325bc9f80c823bad8381d5b7252f6/wordset_4k.c ;
         sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb";

nin/2configs/default.nix

@@ -59,7 +59,7 @@ with import <stockholm/lib>;
 
   krebs = {
     enable = true;
-    search-domain = "retiolum";
+    search-domain = "r";
     build = {
       user = config.krebs.users.nin;
       source = let inherit (config.krebs.build) host; in {

nin/2configs/nixpkgs.nix

@@ -3,6 +3,6 @@
 {
   krebs.build.source.nixpkgs.git = {
     url = https://github.com/nixos/nixpkgs;
-    ref = "5b0c9d4";
+    ref = "0afb6d7";
   };
 }