Merge remote-tracking branch 'lass/master'

This commit is contained in:
makefu 2017-06-01 10:08:56 +02:00
commit 772f84305d
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
98 changed files with 409 additions and 234 deletions

View File

@ -34,10 +34,10 @@ let
./Reaktor.nix ./Reaktor.nix
./realwallpaper.nix ./realwallpaper.nix
./retiolum-bootstrap.nix ./retiolum-bootstrap.nix
./retiolum.nix
./rtorrent.nix ./rtorrent.nix
./secret.nix ./secret.nix
./setuid.nix ./setuid.nix
./tinc.nix
./tinc_graphs.nix ./tinc_graphs.nix
./urlwatch.nix ./urlwatch.nix
./repo-sync.nix ./repo-sync.nix

View File

@ -3,7 +3,10 @@
with import <stockholm/lib>; with import <stockholm/lib>;
{ {
hosts = mapAttrs (_: setAttr "owner" config.krebs.users.lass) { hosts = mapAttrs (_: recursiveUpdate {
owner = config.krebs.users.lass;
managed = true;
}) {
dishfire = { dishfire = {
cores = 4; cores = 4;
nets = rec { nets = rec {
@ -124,6 +127,7 @@ with import <stockholm/lib>;
ssh.port = 2223; ssh.port = 2223;
}; };
}; };
managed = false;
}; };
cloudkrebs = { cloudkrebs = {
cores = 1; cores = 1;
@ -300,6 +304,7 @@ with import <stockholm/lib>;
}; };
iso = { iso = {
cores = 1; cores = 1;
managed = false;
}; };
sokrateslaptop = { sokrateslaptop = {
nets = { nets = {
@ -321,6 +326,7 @@ with import <stockholm/lib>;
''; '';
}; };
}; };
managed = false;
}; };
}; };
users = { users = {

View File

@ -17,6 +17,27 @@ let
in { in {
enable = mkEnableOption "krebs.tinc.${netname}" // { default = true; }; enable = mkEnableOption "krebs.tinc.${netname}" // { default = true; };
enableLegacy = mkEnableOption "/etc/tinc/${netname}";
confDir = mkOption {
type = types.package;
default = pkgs.linkFarm "${netname}-etc-tinc"
(mapAttrsToList (name: path: { inherit name path; }) {
"hosts" = tinc.config.hostsPackage;
"tinc.conf" = pkgs.writeText "${netname}-tinc.conf" ''
Name = ${tinc.config.host.name}
Interface = ${netname}
${concatMapStrings (c: "ConnectTo = ${c}\n") tinc.config.connectTo}
PrivateKeyFile = ${tinc.config.privkey.path}
Port = ${toString tinc.config.host.nets.${netname}.tinc.port}
${tinc.config.extraConfig}
'';
"tinc-up" = pkgs.writeDash "${netname}-tinc-up" ''
${tinc.config.iproutePackage}/sbin/ip link set ${netname} up
${tinc.config.tincUp}
'';
});
};
host = mkOption { host = mkOption {
type = types.host; type = types.host;
@ -175,29 +196,16 @@ let
} }
) config.krebs.tinc; ) config.krebs.tinc;
environment.etc = mapAttrs' (netname: cfg:
nameValuePair "tinc/${netname}" (mkIf cfg.enableLegacy {
source = cfg.confDir;
})
) config.krebs.tinc;
systemd.services = mapAttrs (netname: cfg: systemd.services = mapAttrs (netname: cfg:
let let
tinc = cfg.tincPackage; tinc = cfg.tincPackage;
iproute = cfg.iproutePackage; iproute = cfg.iproutePackage;
confDir = let
namePathPair = name: path: { inherit name path; };
in pkgs.linkFarm "${netname}-etc-tinc" (mapAttrsToList namePathPair {
"hosts" = cfg.hostsPackage;
"tinc.conf" = pkgs.writeText "${cfg.netname}-tinc.conf" ''
Name = ${cfg.host.name}
Interface = ${netname}
${concatStrings (map (c: "ConnectTo = ${c}\n") cfg.connectTo)}
PrivateKeyFile = ${cfg.privkey.path}
Port = ${toString cfg.host.nets.${cfg.netname}.tinc.port}
${cfg.extraConfig}
'';
"tinc-up" = pkgs.writeDash "${netname}-tinc-up" ''
${iproute}/sbin/ip link set ${netname} up
${cfg.tincUp}
'';
}
);
in { in {
description = "Tinc daemon for ${netname}"; description = "Tinc daemon for ${netname}";
after = [ "network.target" ]; after = [ "network.target" ];
@ -206,7 +214,7 @@ let
path = [ tinc iproute ]; path = [ tinc iproute ];
serviceConfig = rec { serviceConfig = rec {
Restart = "always"; Restart = "always";
ExecStart = "${tinc}/sbin/tincd -c ${confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid"; ExecStart = "${tinc}/sbin/tincd -c ${cfg.confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid";
SyslogIdentifier = netname; SyslogIdentifier = netname;
}; };
} }

View File

@ -1,64 +1,33 @@
{ config, lib, pkgs, ... }@args:
with import <stockholm/lib>; with import <stockholm/lib>;
self: super:
# Import files and subdirectories like they are overlays.
foldl' mergeAttrs {}
(map
(name: import (./. + "/${name}") self super)
(filter
(name: name != "default.nix" && !hasPrefix "." name)
(attrNames (readDir ./.))))
//
{ {
imports = [ ReaktorPlugins = self.callPackage ./simple/Reaktor/plugins.nix {};
./writers.nix
];
nixpkgs.config.packageOverrides = oldpkgs: let
# This callPackage will try to detect obsolete overrides. buildbot-full = self.callPackage ./simple/buildbot {
callPackage = path: args: let plugins = with self.buildbot-plugins; [ www console-view waterfall-view ];
override = pkgs.callPackage path args;
upstream = optionalAttrs (override ? "name")
(oldpkgs.${(parseDrvName override.name).name} or {});
in if upstream ? "name" &&
override ? "name" &&
compareVersions upstream.name override.name != -1
then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override
else override;
in {}
// mapAttrs (_: flip callPackage {})
(filterAttrs (_: dir: pathExists (dir + "/default.nix"))
(subdirsOf ./.))
// {
empty = pkgs.runCommand "empty-1.0.0" {} "mkdir $out";
haskellPackages = oldpkgs.haskellPackages.override {
overrides = self: super:
mapAttrs (name: path: self.callPackage path {})
(mapAttrs'
(name: type:
if hasSuffix ".nix" name
then {
name = removeSuffix ".nix" name;
value = ./haskell-overrides + "/${name}";
}
else null)
(builtins.readDir ./haskell-overrides));
};
ReaktorPlugins = callPackage ./Reaktor/plugins.nix {};
buildbot = callPackage ./buildbot {};
buildbot-full = callPackage ./buildbot {
plugins = with pkgs.buildbot-plugins; [ www console-view waterfall-view ];
};
buildbot-worker = callPackage ./buildbot/worker.nix {};
# https://github.com/proot-me/PRoot/issues/106
proot = pkgs.writeDashBin "proot" ''
export PROOT_NO_SECCOMP=1
exec ${oldpkgs.proot}/bin/proot "$@"
'';
# XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d
symlinkJoin = { name, paths, ... }@args: let
x = oldpkgs.symlinkJoin args;
in if typeOf x != "lambda" then x else oldpkgs.symlinkJoin name paths;
test = {
infest-cac-centos7 = callPackage ./test/infest-cac-centos7 {};
};
}; };
buildbot-worker = self.callPackage ./simple/buildbot/worker.nix {};
# https://github.com/proot-me/PRoot/issues/106
proot = self.writeDashBin "proot" ''
export PROOT_NO_SECCOMP=1
exec ${super.proot}/bin/proot "$@"
'';
# XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d
symlinkJoin = { name, paths, ... }@args: let
x = super.symlinkJoin args;
in if typeOf x != "lambda" then x else super.symlinkJoin name paths;
} }

View File

@ -1,18 +0,0 @@
{ mkDerivation, async, base, bytestring, fetchgit, network
, optparse-applicative, stdenv, text
}:
mkDerivation {
pname = "kirk";
version = "1.0.0";
src = fetchgit {
url = "http://cgit.krebsco.de/kirk";
sha256 = "0w4drg2lyyw45abfn3g55zd6m7pl7yqxql5rpyy6qqdbvnyak94w";
rev = "c78f3c62c0ba76465e39d1570073f867aa2d4240";
};
isLibrary = false;
isExecutable = true;
executableHaskellDepends = [
async base bytestring network optparse-applicative text
];
license = stdenv.lib.licenses.mit;
}

View File

@ -0,0 +1,15 @@
with import <stockholm/lib>;
self: super:
{
haskellPackages = super.haskellPackages.override {
overrides = self: super:
listToAttrs
(map
(name: nameValuePair (removeSuffix ".nix" name)
(self.callPackage (./. + "/${name}") {}))
(filter
(name: name != "default.nix" && !hasPrefix "." name)
(attrNames (readDir ./.))));
};
}

View File

@ -0,0 +1,21 @@
{ mkDerivation, async, base, bytestring, fetchgit, network
, optparse-applicative, stdenv, text
}:
mkDerivation {
pname = "kirk";
version = "1.0.1";
src = fetchgit {
url = "http://cgit.krebsco.de/kirk";
sha256 = "1acsmmc485c54axpy9bd0320j18hs261vl1vdxns4n04sxzqd7k0";
rev = "cdf3cb373af8f9b03a9487a63eb32e0226913589";
};
isLibrary = true;
isExecutable = true;
libraryHaskellDepends = [
base bytestring network optparse-applicative text
];
executableHaskellDepends = [
async base network optparse-applicative text
];
license = stdenv.lib.licenses.mit;
}

View File

@ -0,0 +1,24 @@
with import <stockholm/lib>;
self: super:
let
# This callPackage will try to detect obsolete overrides.
callPackage = path: args: let
override = self.callPackage path args;
upstream = optionalAttrs (override ? "name")
(super.${(parseDrvName override.name).name} or {});
in if upstream ? "name" &&
override ? "name" &&
compareVersions upstream.name override.name != -1
then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override
else override;
in
listToAttrs
(map
(name: nameValuePair (removeSuffix ".nix" name)
(callPackage (./. + "/${name}") {}))
(filter
(name: name != "default.nix" && !hasPrefix "." name)
(attrNames (readDir ./.))))

View File

@ -0,0 +1,2 @@
{ pkgs }:
pkgs.runCommand "empty-1.0.0" {} "mkdir $out"

View File

@ -0,0 +1,15 @@
{ bash, coreutils, gawk, nix, makeWrapper, stdenv }:
stdenv.mkDerivation {
name = "whatsupnix";
phases = [ "installPhase" ];
nativeBuildInputs = [ makeWrapper ];
installPhase = ''
mkdir -p $out/bin
cat - ${./whatsupnix.bash} > $out/bin/whatsupnix <<\EOF
#! ${bash}/bin/bash
export PATH=${stdenv.lib.makeBinPath [ coreutils gawk nix ]}
EOF
chmod +x $out/bin/whatsupnix
'';
}

View File

@ -0,0 +1,44 @@
#!/usr/bin/env bash
# Prints build logs for failed derivations in quiet build mode (-Q).
# See https://github.com/NixOS/nix/issues/443
#
# Usage:
#
# set -o pipefail
# nix-build ... -Q ... | whatsupnix
#
GAWK=${GAWK:-gawk}
NIX_STORE=${NIX_STORE:-nix-store}
broken=$(mktemp)
trap 'rm -f -- "$broken"' EXIT
exec >&2
$GAWK -v broken="$broken" -f <(cat - <<- 'AWK'
match($0, /builder for .*(\/nix\/store\/.+\.drv).* failed/, m) {
print m[1] >> broken
}
{ print $0 }
AWK
)
export NIX_PAGER='' # for nix-store
while read -r drv; do
title="** FAILED $drv LOG **"
frame=${title//?/*}
echo "$frame"
echo "$title"
echo "$frame"
echo
$NIX_STORE -l "$drv"
echo
done < "$broken"
exit 0

View File

@ -0,0 +1,9 @@
with import <stockholm/lib>;
self: super:
{
test = {
infest-cac-centos7 = self.callPackage ./infest-cac-centos7 {};
};
}

View File

@ -1,7 +1,6 @@
{ pkgs, ... }: pkgs: oldpkgs:
with import <stockholm/lib>; with import <stockholm/lib>;
{ {
nixpkgs.config.packageOverrides = _: {
# Combine a list of derivations using symlinks. Paths in later derivations # Combine a list of derivations using symlinks. Paths in later derivations
# take precedence over earlier ones. # take precedence over earlier ones.
@ -323,5 +322,4 @@ with import <stockholm/lib>;
}; };
writeSed = pkgs.makeScriptWriter "${pkgs.gnused}/bin/sed -f"; writeSed = pkgs.makeScriptWriter "${pkgs.gnused}/bin/sed -f";
}; }
}

View File

@ -3,6 +3,6 @@ with import <stockholm/lib>;
{ {
imports = [ imports = [
./3modules ./3modules
./5pkgs
]; ];
nixpkgs.config.packageOverrides = import ./5pkgs pkgs;
} }

View File

@ -16,7 +16,7 @@ with import <stockholm/lib>;
# /dev/pts is empty except for 1 file # /dev/pts is empty except for 1 file
# my life sucks # my life sucks
nixpkgs.config.packageOverrides = super: { nixpkgs.config.packageOverrides = super: {
irc-announce = super.callPackage <stockholm/krebs/5pkgs/irc-announce> { irc-announce = super.callPackage <stockholm/krebs/5pkgs/simple/irc-announce> {
pkgs = pkgs // { coreutils = pkgs.concat "coreutils-hack" [ pkgs = pkgs // { coreutils = pkgs.concat "coreutils-hack" [
pkgs.coreutils pkgs.coreutils
(pkgs.writeDashBin "tee" '' (pkgs.writeDashBin "tee" ''

View File

@ -32,14 +32,11 @@ with import <stockholm/lib>;
{ predicate = "-p tcp --dport 11100"; target = "ACCEPT"; } { predicate = "-p tcp --dport 11100"; target = "ACCEPT"; }
]; ];
} }
#{ {
# services.elasticsearch = { services.elasticsearch = {
# enable = true; enable = true;
# plugins = [ };
# # pkgs.elasticsearchPlugins.elasticsearch_kopf }
# ];
# };
#}
{ {
#zalando project #zalando project
services.postgresql = { services.postgresql = {

View File

@ -1,5 +1,4 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with import <stockholm/lib>; with import <stockholm/lib>;
let let
@ -46,6 +45,7 @@ in {
../2configs/monitoring/monit-alarms.nix ../2configs/monitoring/monit-alarms.nix
../2configs/paste.nix ../2configs/paste.nix
../2configs/syncthing.nix ../2configs/syncthing.nix
../2configs/coders-irc.nix
{ {
imports = [ imports = [
../2configs/bepasty.nix ../2configs/bepasty.nix
@ -253,103 +253,6 @@ in {
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.24 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } { v6 = false; precedence = 1000; predicate = "-d 192.168.122.24 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
]; ];
} }
{
krebs.Reaktor.coders = {
nickname = "Reaktor|lass";
channels = [ "#coders" "#germany" ];
extraEnviron = {
REAKTOR_HOST = "irc.hackint.org";
};
plugins = with pkgs.ReaktorPlugins; let
lambdabot = (import (pkgs.fetchFromGitHub {
owner = "NixOS"; repo = "nixpkgs";
rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
}) {}).lambdabot;
lambdabotflags = ''
-XStandaloneDeriving -XGADTs -XFlexibleContexts \
-XFlexibleInstances -XMultiParamTypeClasses \
-XOverloadedStrings -XFunctionalDependencies \'';
in [
url-title
(buildSimpleReaktorPlugin "lambdabot-pl" {
pattern = "^@pl (?P<args>.*)$$";
script = pkgs.writeDash "lambda-pl" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@pl $1"
'';
})
(buildSimpleReaktorPlugin "lambdabot-type" {
pattern = "^@type (?P<args>.*)$$";
script = pkgs.writeDash "lambda-type" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@type $1"
'';
})
(buildSimpleReaktorPlugin "lambdabot-let" {
pattern = "^@let (?P<args>.*)$$";
script = pkgs.writeDash "lambda-let" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@let $1"
'';
})
(buildSimpleReaktorPlugin "lambdabot-run" {
pattern = "^@run (?P<args>.*)$$";
script = pkgs.writeDash "lambda-run" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@run $1"
'';
})
(buildSimpleReaktorPlugin "lambdabot-kind" {
pattern = "^@kind (?P<args>.*)$$";
script = pkgs.writeDash "lambda-kind" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@kind $1"
'';
})
(buildSimpleReaktorPlugin "lambdabot-kind" {
pattern = "^@kind (?P<args>.*)$$";
script = pkgs.writeDash "lambda-kind" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@kind $1"
'';
})
(buildSimpleReaktorPlugin "random-unicorn-porn" {
pattern = "^!rup$$";
script = pkgs.writePython2 "rup" ''
#!${pkgs.python2}/bin/python
t1 = """
_.
;=',_ ()
8===D~~ S" .--`||
sS \__ ||
__.' ( \-->||
_=/ _./-\/ ||
8===D~~ ((\( /-' -'l ||
) |/ \\ (_))
\\ \\
'~ '~
"""
print(t1)
'';
})
(buildSimpleReaktorPlugin "ping" {
pattern = "^!ping (?P<args>.*)$$";
script = pkgs.writeDash "ping" ''
exec /var/setuid-wrappers/ping -q -c1 "$1" 2>&1 | tail -1
'';
})
];
};
}
{ {
krebs.Reaktor.prism = { krebs.Reaktor.prism = {
nickname = "Reaktor|lass"; nickname = "Reaktor|lass";

View File

@ -10,6 +10,7 @@ in {
./copyq.nix ./copyq.nix
./xresources.nix ./xresources.nix
./livestream.nix ./livestream.nix
./dns-stuff.nix
{ {
hardware.pulseaudio = { hardware.pulseaudio = {
enable = true; enable = true;
@ -33,6 +34,7 @@ in {
time.timeZone = "Europe/Berlin"; time.timeZone = "Europe/Berlin";
programs.ssh.startAgent = false; programs.ssh.startAgent = false;
services.openssh.forwardX11 = true;
services.printing = { services.printing = {
enable = true; enable = true;

View File

@ -35,7 +35,7 @@ in {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
}; };
defaultPermissions = "read"; defaultPermissions = "read,create";
secretKey = secKey; secretKey = secKey;
}); });
}; };

View File

@ -0,0 +1,92 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
krebs.Reaktor.coders = {
nickname = "Reaktor|lass";
channels = [ "#coders" "#germany" ];
extraEnviron = {
REAKTOR_HOST = "irc.hackint.org";
};
plugins = with pkgs.ReaktorPlugins; let
lambdabot = (import (pkgs.fetchFromGitHub {
owner = "NixOS"; repo = "nixpkgs";
rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
}) {}).lambdabot;
lambdabotflags = ''
-XStandaloneDeriving -XGADTs -XFlexibleContexts \
-XFlexibleInstances -XMultiParamTypeClasses \
-XOverloadedStrings -XFunctionalDependencies \'';
in [
url-title
(buildSimpleReaktorPlugin "lambdabot-pl" {
pattern = "^@pl (?P<args>.*)$$";
script = pkgs.writeDash "lambda-pl" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@pl $1"
'';
})
(buildSimpleReaktorPlugin "lambdabot-type" {
pattern = "^@type (?P<args>.*)$$";
script = pkgs.writeDash "lambda-type" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@type $1"
'';
})
(buildSimpleReaktorPlugin "lambdabot-let" {
pattern = "^@let (?P<args>.*)$$";
script = pkgs.writeDash "lambda-let" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@let $1"
'';
})
(buildSimpleReaktorPlugin "lambdabot-run" {
pattern = "^@run (?P<args>.*)$$";
script = pkgs.writeDash "lambda-run" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@run $1"
'';
})
(buildSimpleReaktorPlugin "lambdabot-kind" {
pattern = "^@kind (?P<args>.*)$$";
script = pkgs.writeDash "lambda-kind" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@kind $1"
'';
})
(buildSimpleReaktorPlugin "random-unicorn-porn" {
pattern = "^!rup$$";
script = pkgs.writePython2 "rup" ''
#!${pkgs.python2}/bin/python
t1 = """
_.
;=',_ ()
8===D~~ S" .--`||
sS \__ ||
__.' ( \-->||
_=/ _./-\/ ||
8===D~~ ((\( /-' -'l ||
) |/ \\ (_))
\\ \\
'~ '~
"""
print(t1)
'';
})
(buildSimpleReaktorPlugin "ping" {
pattern = "^!ping (?P<args>.*)$$";
script = pkgs.writeDash "ping" ''
exec /var/setuid-wrappers/ping -q -c1 "$1" 2>&1 | tail -1
'';
})
];
};
}

View File

@ -63,15 +63,6 @@ with import <stockholm/lib>;
pkgs.pythonPackages.python pkgs.pythonPackages.python
]; ];
} }
{
services.dnscrypt-proxy = {
enable = true;
resolverName = "cs-de";
};
networking.extraResolvconfConf = ''
name_servers='127.0.0.1'
'';
}
]; ];
networking.hostName = config.krebs.build.host.name; networking.hostName = config.krebs.build.host.name;

View File

@ -0,0 +1,31 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
{
services.dnscrypt-proxy = {
enable = true;
localAddress = "127.1.0.1";
resolverName = "cs-de";
};
services.dnsmasq = {
enable = true;
extraConfig = ''
server=127.1.0.1
server=/dn42/172.23.75.6
#no-resolv
cache-size=1000
min-cache-ttl=3600
bind-dynamic
all-servers
dnssec
trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
address=/blog/127.0.0.1
address=/blog/::1
rebind-domain-ok=/onion/
server=/.onion/127.0.0.1#9053
port=53
'';
};
networking.extraResolvconfConf = ''
name_servers='127.0.0.1'
'';
}

View File

@ -3,6 +3,6 @@
{ {
krebs.build.source.nixpkgs.git = { krebs.build.source.nixpkgs.git = {
url = https://cgit.lassul.us/nixpkgs; url = https://cgit.lassul.us/nixpkgs;
ref = "2bb9c1c"; ref = "f8dfdd7";
}; };
} }

View File

@ -1,11 +1,10 @@
{ ... }: { pkgs, ... }:
{ {
krebs.iptables = { krebs.iptables = {
tables = { tables = {
filter.INPUT.rules = [ filter.INPUT.rules = [
{ predicate = "-p tcp --dport smtp"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport tinc"; target = "ACCEPT"; } { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; }
{ predicate = "-p udp --dport tinc"; target = "ACCEPT"; } { predicate = "-p udp --dport tinc"; target = "ACCEPT"; }
]; ];
@ -13,6 +12,7 @@
}; };
krebs.tinc.retiolum = { krebs.tinc.retiolum = {
enableLegacy = true;
enable = true; enable = true;
connectTo = [ connectTo = [
"prism" "prism"
@ -25,4 +25,8 @@
nixpkgs.config.packageOverrides = pkgs: { nixpkgs.config.packageOverrides = pkgs: {
tinc = pkgs.tinc_pre; tinc = pkgs.tinc_pre;
}; };
environment.systemPackages = [
pkgs.tinc
];
} }

View File

@ -25,9 +25,10 @@ in {
imports = [ imports = [
./sqlBackup.nix ./sqlBackup.nix
(servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
(servePage [ "karlaskop.de" "www.karlaskop.de" ]) (servePage [ "karlaskop.de" ])
(servePage [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ]) (servePage [ "makeup.apanowicz.de" ])
(servePage [ "pixelpocket.de" ]) (servePage [ "pixelpocket.de" ])
(servePage [ "habsys.de" "habsys.eu" ])
(serveOwncloud [ "o.ubikmedia.de" ]) (serveOwncloud [ "o.ubikmedia.de" ])
(serveWordpress [ (serveWordpress [
"ubikmedia.de" "ubikmedia.de"

View File

@ -40,8 +40,6 @@ in {
(serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ]) (serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ])
(servePage [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ])
(serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ]) (serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ])
]; ];

View File

@ -6,6 +6,7 @@ _:
./hosts.nix ./hosts.nix
./mysql-backup.nix ./mysql-backup.nix
./news.nix ./news.nix
./pyload.nix
./umts.nix ./umts.nix
./usershadow.nix ./usershadow.nix
./xresources.nix ./xresources.nix

View File

@ -6,7 +6,7 @@ with import <stockholm/lib>;
options.lass.hosts = mkOption { options.lass.hosts = mkOption {
type = types.attrsOf types.host; type = types.attrsOf types.host;
default = default =
filterAttrs (_: host: host.owner.name == "lass") filterAttrs (_: host: host.owner.name == "lass" && host.managed)
config.krebs.hosts; config.krebs.hosts;
}; };
} }

55
lass/3modules/pyload.nix Normal file
View File

@ -0,0 +1,55 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
cfg = config.lass.pyload;
out = {
options.lass.pyload = api;
config = lib.mkIf cfg.enable imp;
};
api = {
enable = mkEnableOption "pyload";
user = mkOption {
type = types.str;
default = "download";
};
};
imp = {
krebs.per-user.${cfg.user}.packages = [
pkgs.pyload
pkgs.spidermonkey
pkgs.tesseract
];
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 9099"; target = "ACCEPT"; }
];
systemd.services.pyload = {
description = "pyload";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = with pkgs; [
pyload
spidermonkey
tesseract
dnsmasq
];
restartIfChanged = true;
serviceConfig = {
Restart = "always";
ExecStart = "${pkgs.pyload}/bin/pyLoadCore";
User = cfg.user;
};
};
};
in out

View File

@ -31,6 +31,13 @@ rec {
default = null; default = null;
}; };
managed = mkOption {
description = ''
If true, then the host's configuration is defined in stockholm.
'';
type = bool;
};
owner = mkOption { owner = mkOption {
type = user; type = user;
}; };

View File

@ -31,7 +31,7 @@ with import <stockholm/lib>;
systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ]; systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
# hack `tee` behavior # hack `tee` behavior
nixpkgs.config.packageOverrides = super: { nixpkgs.config.packageOverrides = super: {
irc-announce = super.callPackage <stockholm/krebs/5pkgs/irc-announce> { irc-announce = super.callPackage <stockholm/krebs/5pkgs/simple/irc-announce> {
pkgs = pkgs // { coreutils = pkgs.concat "coreutils-hack" [ pkgs = pkgs // { coreutils = pkgs.concat "coreutils-hack" [
pkgs.coreutils pkgs.coreutils
(pkgs.writeDashBin "tee" '' (pkgs.writeDashBin "tee" ''

View File

@ -25,7 +25,7 @@ with import <stockholm/lib>;
alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";}; alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
inherit (callPackage ./devpi {}) devpi-web devpi-server devpi-client; inherit (callPackage ./devpi {}) devpi-web devpi-server devpi-client;
nodemcu-uploader = callPackage ./nodemcu-uploader {}; nodemcu-uploader = callPackage ./nodemcu-uploader {};
pwqgen-ger = callPackage ../../krebs/5pkgs/passwdqc-utils { pwqgen-ger = callPackage <stockholm/krebs/5pkgs/simple/passwdqc-utils> {
wordset-file = pkgs.fetchurl { wordset-file = pkgs.fetchurl {
url = https://gist.githubusercontent.com/makefu/b56f5554c9ef03fe6e09878962e6fd8d/raw/1f147efec51325bc9f80c823bad8381d5b7252f6/wordset_4k.c ; url = https://gist.githubusercontent.com/makefu/b56f5554c9ef03fe6e09878962e6fd8d/raw/1f147efec51325bc9f80c823bad8381d5b7252f6/wordset_4k.c ;
sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb"; sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb";

View File

@ -59,7 +59,7 @@ with import <stockholm/lib>;
krebs = { krebs = {
enable = true; enable = true;
search-domain = "retiolum"; search-domain = "r";
build = { build = {
user = config.krebs.users.nin; user = config.krebs.users.nin;
source = let inherit (config.krebs.build) host; in { source = let inherit (config.krebs.build) host; in {

View File

@ -3,6 +3,6 @@
{ {
krebs.build.source.nixpkgs.git = { krebs.build.source.nixpkgs.git = {
url = https://github.com/nixos/nixpkgs; url = https://github.com/nixos/nixpkgs;
ref = "5b0c9d4"; ref = "0afb6d7";
}; };
} }