Merge remote-tracking branch 'gum/master'
This commit is contained in:
commit
7b43fe5543
53
doc/Commit_Messages_Guideline.md
Normal file
53
doc/Commit_Messages_Guideline.md
Normal file
@ -0,0 +1,53 @@
|
||||
# Commit Messages Guideline
|
||||
|
||||
Commits SHOULD have the following format:
|
||||
|
||||
```
|
||||
<namespace?> <component>: <change>
|
||||
|
||||
<rationale>
|
||||
|
||||
(<reference-name>: <reference-id>)?
|
||||
```
|
||||
|
||||
## `<namespace>`
|
||||
Defines where the change took place. This can be omitted if the
|
||||
namespace is `krebs`. Namespaces may be shortened to one to four characters (
|
||||
lassulus -> lass, makefu -> make, tv -> tv, shared -> sha)
|
||||
|
||||
## `<component>`
|
||||
Name of the component which was touched. `component` is
|
||||
rather fuzzy and may mean different things, just choose what would fit best.
|
||||
|
||||
Here are a numbers of samples for defining the component:
|
||||
|
||||
* Change `gum` in `krebs/3modules/makefu/default.nix`: `gum.r: change ip`
|
||||
* Change `prepare.sh` in `krebs/4libs/infest`: `infest: prepare stockholm ISO`
|
||||
* Remove `concat` in `krebs/5pkgs`: `concat: RIP`, this commit may like some `<rationale>`
|
||||
* Update `types` in `krebs/3modules`: `lib/types: add managed bool to host type`
|
||||
* Change host `gum` in `makefu/1systems/gum`: `ma gum.r: add taskserver`
|
||||
* Change `tinc` module in `krebs/3modules`: `tinc module: add option enableLegacy`
|
||||
|
||||
## `<rationale>`
|
||||
Describe some trivia why the commit was done:
|
||||
```
|
||||
whatsupnix: init
|
||||
|
||||
Import from https://github.com/NixOS/nix/issues/443#issuecomment-296752535
|
||||
```
|
||||
|
||||
## `<reference>`
|
||||
Defines external resouces related to the commit:
|
||||
```
|
||||
Closes: #123533
|
||||
CVE: CVE-2016-00001
|
||||
URL: https://example.com/CVE-2016-00001
|
||||
```
|
||||
|
||||
## Remarks
|
||||
As a general rule of thumb you can check out: https://www.slideshare.net/TarinGamberini/commit-messages-goodpractices
|
||||
Of course the pattern not always fits perfectly (for example for refactoring),
|
||||
just apply some common sense and define a useful commit message,
|
||||
like `refactor krebs.setuid`.
|
||||
|
||||
|
17
doc/makefu/logbook/install_fileleech.md
Normal file
17
doc/makefu/logbook/install_fileleech.md
Normal file
@ -0,0 +1,17 @@
|
||||
# install fileleech
|
||||
|
||||
```
|
||||
builder$ python3 host.py --create-ssh-keys --create-passwords fileleech
|
||||
iso$ fdisk /dev/sda # 3 partitions, grub,boot,crypt
|
||||
iso$ cryptsetup luksFormat /dev/sda3 --cipher aes-xts-plain64 -s 512 -h sha512
|
||||
iso$ cryptsetup luksAddKey /dev/sda3 hddkey
|
||||
iso$ cryptsetup luksOpen --keyfile-size=4096 -d /dev/disk/by-id/usb-Intuix_DiskOnKey_09A07360336198F8-0:0 /dev/disk/by-id/ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN-part3 luksroot
|
||||
iso$ mkfs.ext4 -Lnixboot /dev/sda2
|
||||
iso$ mkfs.ext4 -Lroot /dev/mapper/luksroot
|
||||
iso$ echo 1 > /proc/sys/net/ipv6/conf/enp8s0f0/disable_ipv6
|
||||
iso$ mount /dev/mapper/luksroot /mnt
|
||||
iso$ mkdir /mnt/boot
|
||||
iso$ mount /dev/sda2 /mnt/boot
|
||||
iso$ mkdir -p /mnt/var/src
|
||||
iso$ touch /mnt/var/src/.populate
|
||||
```
|
16
doc/makefu/logbook/transfer_gum.md
Normal file
16
doc/makefu/logbook/transfer_gum.md
Normal file
@ -0,0 +1,16 @@
|
||||
# transfer gum to new hosts
|
||||
|
||||
```
|
||||
builder$ vim krebs/3modules/makefu/default.nix
|
||||
## update ip
|
||||
builder$ vim makefu/1systems/gum.nix
|
||||
## update hardware config
|
||||
|
||||
old-gum$ rsync --progress -lprtvzF . <newip>:/mnt/
|
||||
|
||||
new-gum$ touch /mnt/var/src/.populate
|
||||
new-gum$ gdisk /dev/sda r;g;w # gpt to mbr
|
||||
|
||||
builder$ make -C ~/stockholm system=gum target=vcygfnhdxyxr47zu.onion install
|
||||
|
||||
```
|
@ -36,14 +36,7 @@ prepare() {(
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
nixos)
|
||||
case $(cat /proc/cmdline) in
|
||||
*' root=LABEL=NIXOS_ISO '*)
|
||||
prepare_nixos_iso "$@"
|
||||
exit
|
||||
esac
|
||||
;;
|
||||
stockholm)
|
||||
nixos|stockholm)
|
||||
case $(cat /proc/cmdline) in
|
||||
*' root=LABEL=NIXOS_ISO '*)
|
||||
prepare_nixos_iso "$@"
|
||||
@ -102,7 +95,8 @@ prepare_nixos_iso() {
|
||||
mkdir -p bin
|
||||
rm -f bin/nixos-install
|
||||
cp "$(type -p nixos-install)" bin/nixos-install
|
||||
sed -i "s@^NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install
|
||||
sed -i 's@^\(\(export \|\)NIX_PATH\)=\"[^\"]*\"@\1=$target_path@' bin/nixos-install
|
||||
|
||||
}
|
||||
|
||||
get_nixos_install() {
|
||||
@ -217,7 +211,7 @@ prepare_common() {(
|
||||
mkdir -p bin
|
||||
rm -f bin/nixos-install
|
||||
cp "$(type -p nixos-install)" bin/nixos-install
|
||||
sed -i "s@^NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install
|
||||
sed -i 's@^\(\(export \|\)NIX_PATH\)=\"[^\"]*\"@\1=$target_path@' bin/nixos-install
|
||||
|
||||
if ! grep -q '^PATH.*#krebs' .bashrc; then
|
||||
echo '. /root/.nix-profile/etc/profile.d/nix.sh' >> .bashrc
|
||||
|
@ -13,59 +13,48 @@ with import <stockholm/lib>;
|
||||
../2configs/tools/all.nix
|
||||
../2configs/laptop-backup.nix
|
||||
../2configs/dnscrypt.nix
|
||||
../2configs/avahi.nix
|
||||
|
||||
# testing
|
||||
# ../2configs/openvpn/vpngate.nix
|
||||
#../2configs/temp/share-samba.nix
|
||||
# ../2configs/mediawiki.nix
|
||||
# ../2configs/wordpress.nix
|
||||
# ../2configs/nginx/public_html.nix
|
||||
# ../2configs/nginx/icecult.nix
|
||||
|
||||
# ../2configs/elchos/irc-token.nix
|
||||
# ../2configs/elchos/log.nix
|
||||
|
||||
#../2configs/elchos/search.nix
|
||||
#../2configs/elchos/stats.nix
|
||||
#../2configs/elchos/test/ftpservers.nix
|
||||
|
||||
# ../2configs/tinc/siem.nix
|
||||
#../2configs/torrent.nix
|
||||
# temporary modules
|
||||
|
||||
# ../2configs/torrent.nix
|
||||
#../2configs/temp/elkstack.nix
|
||||
# ../2configs/temp/sabnzbd.nix
|
||||
# Debugging
|
||||
# ../2configs/disable_v6.nix
|
||||
|
||||
# Testing
|
||||
# ../2configs/deployment/dirctator.nix
|
||||
# ../2configs/vncserver.nix
|
||||
# ../2configs/deployment/led-fader
|
||||
# ../2configs/deployment/hound
|
||||
|
||||
# development
|
||||
../2configs/sources
|
||||
|
||||
# Krebs
|
||||
# ../2configs/disable_v6.nix
|
||||
../2configs/tinc/retiolum.nix
|
||||
|
||||
# applications
|
||||
../2configs/exim-retiolum.nix
|
||||
../2configs/mail-client.nix
|
||||
../2configs/printer.nix
|
||||
../2configs/virtualization.nix
|
||||
../2configs/virtualization-virtualbox.nix
|
||||
../2configs/wwan.nix
|
||||
../2configs/rad1o.nix
|
||||
|
||||
# services
|
||||
# Virtualization
|
||||
../2configs/virtualization.nix
|
||||
../2configs/docker.nix
|
||||
../2configs/virtualization-virtualbox.nix
|
||||
|
||||
# Services
|
||||
../2configs/git/brain-retiolum.nix
|
||||
../2configs/tor.nix
|
||||
../2configs/steam.nix
|
||||
# ../2configs/buildbot-standalone.nix
|
||||
|
||||
# hardware specifics are in here
|
||||
# Hardware
|
||||
../2configs/hw/tp-x230.nix
|
||||
../2configs/hw/rtl8812au.nix
|
||||
../2configs/hw/stk1160.nix
|
||||
../2configs/hw/exfat-nofuse.nix
|
||||
../2configs/hw/wwan.nix
|
||||
# ../2configs/hw/stk1160.nix
|
||||
# ../2configs/rad1o.nix
|
||||
|
||||
# mount points
|
||||
# Filesystem
|
||||
../2configs/fs/sda-crypto-root-home.nix
|
||||
|
||||
];
|
||||
@ -76,10 +65,8 @@ with import <stockholm/lib>;
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
|
||||
environment.systemPackages = [ pkgs.passwdqc-utils ];
|
||||
|
||||
virtualisation.docker.enable = true;
|
||||
|
||||
# configure pulseAudio to provide a HDMI sink as well
|
||||
networking.firewall.enable = true;
|
||||
|
@ -25,6 +25,10 @@ in {
|
||||
stdout { codec => rubydebug }
|
||||
exec { command => "${runit} '%{message}" }
|
||||
'';
|
||||
plugins = [ ];
|
||||
extraSettings = ''
|
||||
path.plugins: [ "${pkgs.logstash-output-exec}" ]
|
||||
'';
|
||||
## NameError: `@path.plugins' is not allowable as an instance variable name
|
||||
# plugins = [ pkgs.logstash-output-exec ];
|
||||
};
|
||||
}
|
||||
|
4
makefu/2configs/docker.nix
Normal file
4
makefu/2configs/docker.nix
Normal file
@ -0,0 +1,4 @@
|
||||
{...}:
|
||||
{
|
||||
virtualisation.docker.enable = true;
|
||||
}
|
4
makefu/2configs/hw/exfat-nofuse.nix
Normal file
4
makefu/2configs/hw/exfat-nofuse.nix
Normal file
@ -0,0 +1,4 @@
|
||||
{ config, ... }:
|
||||
{
|
||||
boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
|
||||
}
|
@ -1,9 +1,8 @@
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
# TODO: un-pin linuxPackages somehow
|
||||
boot.kernelPackages = builtins.trace "Warning: overriding kernel Packages with 4.9" pkgs.linuxPackages_4_9;
|
||||
nixpkgs.config.packageOverrides = pkgs: {
|
||||
linux_4_9 = pkgs.linux_4_9.override {
|
||||
linux_latest = pkgs.linux_latest.override {
|
||||
extraConfig = ''
|
||||
MEDIA_ANALOG_TV_SUPPORT y
|
||||
VIDEO_STK1160_COMMON m
|
||||
|
14
makefu/2configs/task-client.nix
Normal file
14
makefu/2configs/task-client.nix
Normal file
@ -0,0 +1,14 @@
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
krebs.per-user.makefu.packages = [
|
||||
pkgs.taskwarrior
|
||||
];
|
||||
|
||||
environment.shellAliases = {
|
||||
tshack = "task project:shack";
|
||||
twork = "task project:soc";
|
||||
tpki = "task project:pki";
|
||||
tkrebs = "task project:krebs";
|
||||
t = "task project: ";
|
||||
};
|
||||
}
|
@ -12,5 +12,7 @@
|
||||
cac-api
|
||||
cac-panel
|
||||
ovh-zone
|
||||
whatsupnix
|
||||
brain
|
||||
];
|
||||
}
|
||||
|
@ -2,13 +2,16 @@
|
||||
|
||||
{
|
||||
krebs.per-user.makefu.packages = with pkgs;[
|
||||
# media
|
||||
gimp
|
||||
inkscape
|
||||
libreoffice
|
||||
saleae-logic
|
||||
skype
|
||||
synergy
|
||||
tdesktop
|
||||
virtmanager
|
||||
# Dev
|
||||
saleae-logic
|
||||
arduino-user-env
|
||||
];
|
||||
}
|
||||
|
35
makefu/5pkgs/arduino-user-env/default.nix
Normal file
35
makefu/5pkgs/arduino-user-env/default.nix
Normal file
@ -0,0 +1,35 @@
|
||||
{ lib, pkgs, ... }: let
|
||||
|
||||
#TODO: make sure env exists prior to running
|
||||
env_nix = pkgs.writeText "env.nix" ''
|
||||
{ pkgs ? import <nixpkgs> {} }:
|
||||
|
||||
(pkgs.buildFHSUserEnv {
|
||||
name = "arduino-user-env";
|
||||
targetPkgs = pkgs: with pkgs; [
|
||||
coreutils
|
||||
];
|
||||
multiPkgs = pkgs: with pkgs; [
|
||||
arduino
|
||||
alsaLib
|
||||
zlib
|
||||
xorg.libXxf86vm
|
||||
curl
|
||||
openal
|
||||
openssl_1_0_2
|
||||
xorg.libXext
|
||||
xorg.libX11
|
||||
xorg.libXrandr
|
||||
xorg.libXcursor
|
||||
xorg.libXinerama
|
||||
xorg.libXi
|
||||
mesa_glu
|
||||
];
|
||||
runScript = "zsh";
|
||||
}).env
|
||||
'';
|
||||
|
||||
|
||||
in pkgs.writeDashBin "arduino-user-env" ''
|
||||
nix-shell ${env_nix}
|
||||
''
|
Loading…
Reference in New Issue
Block a user