From b1983327610628028021374e519baa27dc63d9bf Mon Sep 17 00:00:00 2001 From: Markus Hihn Date: Wed, 20 Dec 2017 18:15:49 +0100 Subject: [PATCH 01/69] jeschli bln: +sqlite, datagrip --- jeschli/1systems/bln/config.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 901970e81..0748667ba 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -72,6 +72,8 @@ rxvt_unicode # editors emacs + # databases + sqlite # internet thunderbird hipchat @@ -91,6 +93,7 @@ jetbrains.pycharm-professional jetbrains.webstorm jetbrains.goland + jetbrains.datagrip texlive.combined.scheme-full pandoc redis From c87334ccc6406ab07904ce3715378dd9bf392286 Mon Sep 17 00:00:00 2001 From: Markus Hihn Date: Sat, 23 Dec 2017 09:19:45 +0100 Subject: [PATCH 02/69] jeschli bln: gh/gd aliases --- jeschli/1systems/bln/config.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 0748667ba..578638a7e 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -54,7 +54,11 @@ # List packages installed in system profile. To search by name, run: # $ nix-env -qaP | grep wget nixpkgs.config.allowUnfree = true; - environment.shellAliases = { n = "nix-shell"; }; + environment.shellAliases = { + n = "nix-shell"; + gd = "cd /home/markus/go/src/gitlab.dcso.lolcat"; + gh = "cd /home/markus/go/src/github.com"; + }; environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; }; environment.systemPackages = with pkgs; [ # system helper From 08fa15d17350f78ee6a85e5d7194ce663e0103a9 Mon Sep 17 00:00:00 2001 From: Markus Hihn Date: Wed, 27 Dec 2017 17:34:26 +0100 Subject: [PATCH 03/69] jeschli bln: wireless for 34c3 --- jeschli/1systems/bln/config.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 578638a7e..9ea680129 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -37,8 +37,8 @@ ]; networking.hostName = "BLN02NB0154"; # Define your hostname. - networking.networkmanager.enable = true; - #networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + # networking.networkmanager.enable = true; + networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # Select internationalisation properties. # i18n = { From 84fdbeba2ceee152a128f5e9013043c172c07ecf Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 2 Jan 2018 20:22:44 +0100 Subject: [PATCH 04/69] tv source: turn dummy_secrets into an argument --- tv/source.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tv/source.nix b/tv/source.nix index 31308fc99..b5e3f7cd7 100644 --- a/tv/source.nix +++ b/tv/source.nix @@ -1,8 +1,10 @@ with import ; -host@{ name, secure ? false, override ? {} }: let - builder = if getEnv "dummy_secrets" == "true" - then "buildbot" - else "tv"; +{ name +, dummy_secrets ? getEnv "dummy_secrets" == "true" +, override ? {} +, secure ? false +}@host: let + builder = if dummy_secrets then "buildbot" else "tv"; _file = + "/tv/1systems/${name}/source.nix"; in evalSource (toString _file) [ From 68733092391f43d0fd9e04f095cdad826e2d54e8 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 2 Jan 2018 21:18:51 +0100 Subject: [PATCH 05/69] stockholm: {shell => cmds}.get-version --- krebs/5pkgs/simple/stockholm/default.nix | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/krebs/5pkgs/simple/stockholm/default.nix b/krebs/5pkgs/simple/stockholm/default.nix index 5705f086d..53c1ca5ba 100644 --- a/krebs/5pkgs/simple/stockholm/default.nix +++ b/krebs/5pkgs/simple/stockholm/default.nix @@ -92,6 +92,17 @@ -I "$target_path" ''); + cmds.get-version = pkgs.writeDash "get-version" '' + set -efu + hostname=''${HOSTNAME-$(${pkgs.nettools}/bin/hostname)} + version=git.$(${pkgs.git}/bin/git describe --always --dirty) + case $version in (*-dirty) + version=$version@$hostname + esac + date=$(${pkgs.coreutils}/bin/date +%y.%m) + echo "$date.$version" + ''; + cmds.install = pkgs.withGetopt { force-populate = { default = /* sh */ "false"; switch = true; }; quiet = { default = /* sh */ "false"; switch = true; }; @@ -205,7 +216,7 @@ init.env = pkgs.writeText "init.env" /* sh */ '' export HOSTNAME="$(${pkgs.nettools}/bin/hostname)" - export STOCKHOLM_VERSION="''${STOCKHOLM_VERSION-$(${shell.get-version})}" + export STOCKHOLM_VERSION="''${STOCKHOLM_VERSION-$(${cmds.get-version})}" export quiet export system @@ -274,16 +285,6 @@ fi ''; - shell.get-version = pkgs.writeDash "stockholm.get-version" '' - set -efu - version=git.$(${pkgs.git}/bin/git describe --always --dirty) - case $version in (*-dirty) - version=$version@$HOSTNAME - esac - date=$(${pkgs.coreutils}/bin/date +%y.%m) - echo "$date.$version" - ''; - in pkgs.writeOut "stockholm" (lib.mapAttrs' (name: link: From c33c1ce3fbf90476dbaad44fe99e12eda1fd3f72 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 3 Jan 2018 04:24:01 +0100 Subject: [PATCH 06/69] ma hdl-dump: init --- makefu/5pkgs/hdl-dump/default.nix | 33 +++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 makefu/5pkgs/hdl-dump/default.nix diff --git a/makefu/5pkgs/hdl-dump/default.nix b/makefu/5pkgs/hdl-dump/default.nix new file mode 100644 index 000000000..bd454223a --- /dev/null +++ b/makefu/5pkgs/hdl-dump/default.nix @@ -0,0 +1,33 @@ +{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub, upx, wine }: +stdenv.mkDerivation rec { + pname = "hdl-dump"; + version = "75df8d7"; + name = "${pname}-${version}"; + + src = fetchFromGitHub { + owner = "AKuHAK"; + repo = "hdl-dump"; + rev = version; + sha256 = "10jjr6p5yn0c182x17m7q68jmf8gizcny7wjxw7z5yh0fv5s48z4"; + }; + + buildInputs = [ upx wine ]; + + makeFlags = [ "RELEASE=yes" ]; + + # uses wine, currently broken + #postBuild = '' + # make -C gui + #''; + + installPhase = '' + mkdir -p $out/bin + cp hdl_dump $out/bin + ''; + + meta = { + homepage = https://github.com/AKuHAK/hdl-dump ; + description = "copy isos to psx hdd"; + license = lib.licenses.gpl2; + }; +} From e6d56100ae923e9c00ec190e7cfb90594dc768a9 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 3 Jan 2018 04:50:08 +0100 Subject: [PATCH 07/69] ma pkgs.opl-utils: init at 2017-10-17 --- makefu/5pkgs/opl-utils/default.nix | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 makefu/5pkgs/opl-utils/default.nix diff --git a/makefu/5pkgs/opl-utils/default.nix b/makefu/5pkgs/opl-utils/default.nix new file mode 100644 index 000000000..f4430f333 --- /dev/null +++ b/makefu/5pkgs/opl-utils/default.nix @@ -0,0 +1,27 @@ +{ stdenv, lib, pkgs, fetchFromGitHub }: +stdenv.mkDerivation rec { + pname = "opl-utils"; + version = "881c0d2"; + name = "${pname}-${version}"; + + src = fetchFromGitHub { + owner = "ifcaro"; + repo = "open-ps2-loader"; + rev = version; + sha256 = "1c2hgbyp5hymyq60mrk7g0m3gi00wqx165pdwwwb740q0qig07d1"; + }; + + + preBuild = "cd pc/"; + + installPhase = '' + mkdir -p $out/bin + cp */bin/* $out/bin + ''; + + meta = { + homepage = https://github.com/ifcaro/Open-PS2-Loader; + description = "open-ps2-loader utils (opl2iso,iso2opl,genvmc)"; + license = lib.licenses.afl3; + }; +} From f56733184ef40fb6841b903f6e8761b03640cceb Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 3 Jan 2018 14:41:33 +0100 Subject: [PATCH 08/69] ma tools: add console tools --- makefu/2configs/tools/all.nix | 1 + makefu/2configs/tools/consoles.nix | 7 +++++++ 2 files changed, 8 insertions(+) create mode 100644 makefu/2configs/tools/consoles.nix diff --git a/makefu/2configs/tools/all.nix b/makefu/2configs/tools/all.nix index 1ac22e34c..2bb438f16 100644 --- a/makefu/2configs/tools/all.nix +++ b/makefu/2configs/tools/all.nix @@ -1,6 +1,7 @@ { imports = [ ./android-pentest.nix + ./consoles.nix ./core.nix ./core-gui.nix ./dev.nix diff --git a/makefu/2configs/tools/consoles.nix b/makefu/2configs/tools/consoles.nix new file mode 100644 index 000000000..76eb0044c --- /dev/null +++ b/makefu/2configs/tools/consoles.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: +{ + users.users.makefu.packages = with pkgs; [ + opl-utils + hdl-dump + ]; +} From a23eb141826e14987d8d72549857af86e6db7287 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 4 Jan 2018 00:01:41 +0100 Subject: [PATCH 09/69] l nixpkgs: 3aec59c -> 0b30c1d --- lass/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/source.nix b/lass/source.nix index 473dd2cf2..a6314694c 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "3aec59c"; + ref = "0b30c1d"; }; secrets = getAttr builder { buildbot.file = toString ; From a9f803207243425d5c06ce82820c27a4de8af5ad Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 4 Jan 2018 00:02:21 +0100 Subject: [PATCH 10/69] nixpkgs: cb751f9 -> 0b30c1d --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index 8fbdce284..b952aa2a2 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -17,6 +17,6 @@ in stockholm.file = toString ; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "cb751f9b1c3fe6885f3257e69ce328f77523ad77"; # nixos-17.09 @ 2017-12-13 + ref = "0b30c1dd4c638e318957fc6a9198cf2429e38cb5"; # nixos-17.09 @ 2018-01-04 }; } From 6ad170e7621668fdcf03aab37d1f9843e446d2da Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 4 Jan 2018 00:20:47 +0100 Subject: [PATCH 11/69] ma source: fix FUCKWIT --- makefu/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/source.nix b/makefu/source.nix index fde1d9680..ccdc7b9f0 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -13,7 +13,7 @@ let then "buildbot" else "makefu"; _file = + "/makefu/1systems/${name}/source.nix"; - ref = "3874de4"; # unstable @ 2017-12-08 + ref = "475bec2"; # unstable @ 2017-08-04 # + do_sqlite3 ruby: 55a952be5b5 in From 8028debcf5fa1f79b2cdd288fef8477e87fd9787 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 4 Jan 2018 00:53:04 +0100 Subject: [PATCH 12/69] ma tools: add nix-repl --- makefu/2configs/tools/dev.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index 04a65df26..b652241bd 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -21,6 +21,9 @@ gen-oath-safe cdrtools stockholm + # nix related + nix-repl + nix-index # git-related tig ]; From 6dc4485a559020829a0b4d20ebba31bf366d066c Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 4 Jan 2018 00:53:39 +0100 Subject: [PATCH 13/69] ma tools: add bin2iso to consoles --- makefu/2configs/tools/consoles.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/tools/consoles.nix b/makefu/2configs/tools/consoles.nix index 76eb0044c..543215adf 100644 --- a/makefu/2configs/tools/consoles.nix +++ b/makefu/2configs/tools/consoles.nix @@ -3,5 +3,6 @@ users.users.makefu.packages = with pkgs; [ opl-utils hdl-dump + bin2iso ]; } From f6f01faa3ace57ed29af2b953bab34924b70abfc Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 4 Jan 2018 01:25:07 +0100 Subject: [PATCH 14/69] ma 2/default: use linuxPkackages_latest by default --- makefu/2configs/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 25f9f63bf..0a89d2023 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -11,6 +11,9 @@ with import ; ./vim.nix ./binary-cache/nixos.nix ]; + + boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; + programs.command-not-found.enable = false; nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name); krebs = { From 67dd126fc4244c40cd819be8cc23a15f6b1b1d6c Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 4 Jan 2018 01:25:59 +0100 Subject: [PATCH 15/69] fix meltdown --- lass/2configs/security-workarounds.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/security-workarounds.nix b/lass/2configs/security-workarounds.nix index 537c8a59b..c3d07d5fe 100644 --- a/lass/2configs/security-workarounds.nix +++ b/lass/2configs/security-workarounds.nix @@ -5,4 +5,6 @@ with import ; boot.extraModprobeConfig = '' install dccp /run/current-system/sw/bin/false ''; + + boot.kernelPackages = pkgs.linuxPackages_latest; } From ba42be899d0af94f5a3a1c9a71451c76d4666eb4 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 4 Jan 2018 02:14:36 +0100 Subject: [PATCH 16/69] ma pkgs.cue2pops: init --- makefu/2configs/tools/consoles.nix | 1 + makefu/5pkgs/cue2pops/default.nix | 24 ++++++++++++++++++++++++ 2 files changed, 25 insertions(+) create mode 100644 makefu/5pkgs/cue2pops/default.nix diff --git a/makefu/2configs/tools/consoles.nix b/makefu/2configs/tools/consoles.nix index 543215adf..7090804d4 100644 --- a/makefu/2configs/tools/consoles.nix +++ b/makefu/2configs/tools/consoles.nix @@ -4,5 +4,6 @@ opl-utils hdl-dump bin2iso + cue2pops ]; } diff --git a/makefu/5pkgs/cue2pops/default.nix b/makefu/5pkgs/cue2pops/default.nix new file mode 100644 index 000000000..218ae8307 --- /dev/null +++ b/makefu/5pkgs/cue2pops/default.nix @@ -0,0 +1,24 @@ +{ stdenv, lib, pkgs, fetchFromGitHub }: + +stdenv.mkDerivation rec { + pname = "cue2pops"; + version = "2"; + name = "${pname}-${version}"; + + src = fetchFromGitHub { + owner = "makefu"; + repo = "cue2pops-linux"; + rev = "541863a"; + sha256 = "05w84726g3k33rz0wwb9v77g7xh4cnhy9sxlpilf775nli9bynrk"; + }; + + installPhase = '' + install -Dm755 $pname $out/bin/$pname + ''; + + meta = { + homepage = http://users.eastlink.ca/~doiron/bin2iso/ ; + description = "converts bin+cue to iso"; + license = lib.licenses.gpl3; + }; +} From 593ca08de18e8e5a20ef23ec0ef950a5572156a9 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 4 Jan 2018 02:19:22 +0100 Subject: [PATCH 17/69] wolf: don't use gone save-diskspace --- krebs/1systems/wolf/config.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 0b21c0b6c..9d6955e7e 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -10,7 +10,6 @@ in - From 5dc8b8b3f3203d32653eb27c7c0dff6f29afca73 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 4 Jan 2018 02:28:44 +0100 Subject: [PATCH 18/69] tv wu: move video driver stuff to w110er --- tv/1systems/wu/config.nix | 6 ------ tv/2configs/hw/w110er.nix | 17 +++++++++++++++++ 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/tv/1systems/wu/config.nix b/tv/1systems/wu/config.nix index 5c593894a..b3e084fe2 100644 --- a/tv/1systems/wu/config.nix +++ b/tv/1systems/wu/config.nix @@ -44,12 +44,6 @@ with import ; }; }; - krebs.nixpkgs.allowUnfreePredicate = pkg: hasPrefix "nvidia-x11-" pkg.name; - hardware.bumblebee.enable = true; - hardware.bumblebee.group = "video"; - hardware.enableRedistributableFirmware= true; - hardware.opengl.driSupport32Bit = true; - services.printing.enable = true; services.udev.extraRules = '' diff --git a/tv/2configs/hw/w110er.nix b/tv/2configs/hw/w110er.nix index 787bfc6e9..55e9482d4 100644 --- a/tv/2configs/hw/w110er.nix +++ b/tv/2configs/hw/w110er.nix @@ -1,8 +1,20 @@ +with import ; { pkgs, ... }: { imports = [ ../smartd.nix + { + # nvidia doesn't build despite + # https://github.com/NixOS/nixpkgs/issues/33284 + #hardware.bumblebee.enable = true; + #hardware.bumblebee.group = "video"; + #hardware.enableRedistributableFirmware= true; + #krebs.nixpkgs.allowUnfreePredicate = pkg: + # hasPrefix "nvidia-x11-" pkg.name || + # hasPrefix "nvidia-persistenced-" pkg.name || + # hasPrefix "nvidia-settings-" pkg.name; + } ]; boot.extraModprobeConfig = '' @@ -15,6 +27,7 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + hardware.opengl.driSupport32Bit = true; hardware.opengl.extraPackages = [ pkgs.vaapiIntel ]; networking.wireless.enable = true; @@ -41,4 +54,8 @@ echo auto > $i/power/control # defaults to 'on' done) ''; + + services.xserver = { + videoDriver = "intel"; + }; } From 98aedda77da37071ff6b9a2e989fac1e6b1e2270 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 4 Jan 2018 02:31:27 +0100 Subject: [PATCH 19/69] tv vim: sh.extraStart add writeAsh --- tv/2configs/vim.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index 8a27b606a..59619f9b5 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -233,7 +233,7 @@ let { lua = {}; sed.extraStart = ''writeSed[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; sh.extraStart = concatStringsSep ''\|'' [ - ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)'' + ''write\(A\|Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)'' ''[a-z]*Phase[ \t\r\n]*='' ]; yaml = {}; From 8bf0916f1e1ffbf233564726bb07ead1f33b19c0 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 4 Jan 2018 02:35:11 +0100 Subject: [PATCH 20/69] tv: use pkgs.linuxPackages_latest --- tv/2configs/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 280552fe4..2ccab3d09 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -1,6 +1,8 @@ with import ; { config, pkgs, ... }: { + boot.kernelPackages = pkgs.linuxPackages_latest; + boot.tmpOnTmpfs = true; krebs.enable = true; From 1f85655f52ebeaf32d615aae72231c8449604b89 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 4 Jan 2018 02:40:36 +0100 Subject: [PATCH 21/69] tv: RIP schnabel* --- krebs/3modules/tv/default.nix | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 98145274c..ce01be5f3 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -201,24 +201,6 @@ with import ; }; }; }; - schnabeldrucker = { - external = true; - nets = { - gg23 = { - ip4.addr = "10.23.1.21"; - aliases = ["schnabeldrucker.gg23"]; - }; - }; - }; - schnabelscanner = { - external = true; - nets = { - gg23 = { - ip4.addr = "10.23.1.22"; - aliases = ["schnabelscanner.gg23"]; - }; - }; - }; wu = { ci = true; cores = 4; From e02e7053aaabc883ae4a6aa23886b6ee92cebb79 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 4 Jan 2018 18:36:47 +0100 Subject: [PATCH 22/69] ma source: cherry-pick latest kernel bump --- makefu/source.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/makefu/source.nix b/makefu/source.nix index ccdc7b9f0..822b1e7c0 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -13,8 +13,9 @@ let then "buildbot" else "makefu"; _file = + "/makefu/1systems/${name}/source.nix"; - ref = "475bec2"; # unstable @ 2017-08-04 + ref = "d37e53e"; # unstable @ 2017-12-08 # + do_sqlite3 ruby: 55a952be5b5 + # + kernel bump: 1e129a3f993 in evalSource (toString _file) [ From 9f77a71c7b72e3aa32042d5876cc08b00c5ed9bf Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 4 Jan 2018 18:48:46 +0100 Subject: [PATCH 23/69] ma pkgs.mobility: temp remove exfat-nofuse --- makefu/2configs/tools/mobility.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix index 1993a5212..f2676f11c 100644 --- a/makefu/2configs/tools/mobility.nix +++ b/makefu/2configs/tools/mobility.nix @@ -5,5 +5,5 @@ mosh ]; - boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; + # boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; } From 63800b93ffb9e1e612f2d51ff88597b351caeefb Mon Sep 17 00:00:00 2001 From: jeschli Date: Thu, 4 Jan 2018 18:51:22 +0100 Subject: [PATCH 24/69] jeschli nixpkgs: f9390d6 -> d83c808 --- jeschli/1systems/brauerei/config.nix | 2 +- jeschli/source.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index 171a002da..2dec45795 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -96,7 +96,7 @@ # Enable the X11 windowing system. services.xserver.enable = true; - # services.xserver.layout = "us"; + services.xserver.layout = "us"; # services.xserver.xkbOptions = "eurosign:e"; # Enable touchpad support. diff --git a/jeschli/source.nix b/jeschli/source.nix index d1b64b0ed..ae9e1e72e 100644 --- a/jeschli/source.nix +++ b/jeschli/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "f9390d6"; + ref = "d83c808"; }; secrets.file = getAttr builder { buildbot = toString ; From 77d53e841b7eaed58925571c2bdeb51cdc5e82a3 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 4 Jan 2018 23:18:32 +0100 Subject: [PATCH 25/69] ma source: retry to bump nixpkgs --- makefu/source.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/makefu/source.nix b/makefu/source.nix index 822b1e7c0..6b305b641 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -13,9 +13,8 @@ let then "buildbot" else "makefu"; _file = + "/makefu/1systems/${name}/source.nix"; - ref = "d37e53e"; # unstable @ 2017-12-08 + ref = "26ed774"; # nixpkgs-unstable @ 2018-01-04 # + do_sqlite3 ruby: 55a952be5b5 - # + kernel bump: 1e129a3f993 in evalSource (toString _file) [ From 9b46b200cb4b4b1ba36d7cdc21765806f3bd5734 Mon Sep 17 00:00:00 2001 From: Markus Hihn Date: Fri, 5 Jan 2018 10:46:36 +0100 Subject: [PATCH 26/69] jeschli bln: activated nm again --- jeschli/1systems/bln/config.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 9ea680129..5ffa99c86 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -37,8 +37,8 @@ ]; networking.hostName = "BLN02NB0154"; # Define your hostname. - # networking.networkmanager.enable = true; - networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + networking.networkmanager.enable = true; + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # Select internationalisation properties. # i18n = { From 3ad5283dfbf1733e06b16d4439c4f14268680240 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 5 Jan 2018 11:12:47 +0100 Subject: [PATCH 27/69] ma pkgs.bin2iso: init --- makefu/5pkgs/bin2iso/default.nix | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 makefu/5pkgs/bin2iso/default.nix diff --git a/makefu/5pkgs/bin2iso/default.nix b/makefu/5pkgs/bin2iso/default.nix new file mode 100644 index 000000000..31d05fab3 --- /dev/null +++ b/makefu/5pkgs/bin2iso/default.nix @@ -0,0 +1,28 @@ +{ stdenv, lib, pkgs, fetchurl }: +stdenv.mkDerivation rec { + pname = "bin2iso"; + version = "1.9b"; + _dlver = builtins.replaceStrings ["."] [""] version; + name = "${pname}-${version}"; + + src = fetchurl { + url = "http://users.eastlink.ca/~doiron/${pname}/linux/${pname}${_dlver}_linux.c"; + sha256 = "0gg4hbzlm83nnbccy79dnxbwpn7lxl3fb87ka36mlclikvknm2hy"; + }; + + unpackPhase = "true"; + + buildPhase ='' + gcc -Wall -o $pname $src + ''; + + installPhase = '' + install -Dm755 $pname $out/bin/$pname + ''; + + meta = { + homepage = http://users.eastlink.ca/~doiron/bin2iso/ ; + description = "converts bin+cue to iso"; + license = lib.licenses.gpl3; + }; +} From 801f2f0926d665fb2a3c2fd9184706a2235fe960 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 5 Jan 2018 11:52:07 +0100 Subject: [PATCH 28/69] ma source: back to stable --- makefu/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/source.nix b/makefu/source.nix index 6b305b641..647803fd7 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -13,7 +13,7 @@ let then "buildbot" else "makefu"; _file = + "/makefu/1systems/${name}/source.nix"; - ref = "26ed774"; # nixpkgs-unstable @ 2018-01-04 + ref = "3e8d708"; # nixos-17.09 @ 2018-01-05 # + do_sqlite3 ruby: 55a952be5b5 in From 07e5ece6f65952f1b88d5c2cea9da4a9137b7567 Mon Sep 17 00:00:00 2001 From: Markus Hihn Date: Fri, 5 Jan 2018 12:37:34 +0100 Subject: [PATCH 29/69] jeschli bln: +tig --- jeschli/1systems/bln/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 5ffa99c86..873c0fa3d 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -66,6 +66,7 @@ copyq dmenu git + tig i3lock keepass networkmanagerapplet From a6722fd306a19678f757680da989808af5fc9973 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 5 Jan 2018 15:45:27 +0100 Subject: [PATCH 30/69] hotdog.r: remove repo-sync --- krebs/1systems/hotdog/config.nix | 5 ----- krebs/2configs/buildbot-all.nix | 4 ---- 2 files changed, 9 deletions(-) diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 73b5377bd..98fb88702 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -20,10 +20,5 @@ boot.isContainer = true; networking.useDHCP = false; - krebs.repo-sync.repos.stockholm.timerConfig = { - OnBootSec = "5min"; - OnUnitInactiveSec = "2min"; - RandomizedDelaySec = "2min"; - }; krebs.ci.stockholmSrc = "http://cgit.prism.r/stockholm"; } diff --git a/krebs/2configs/buildbot-all.nix b/krebs/2configs/buildbot-all.nix index ca994e996..5ea78f227 100644 --- a/krebs/2configs/buildbot-all.nix +++ b/krebs/2configs/buildbot-all.nix @@ -1,10 +1,6 @@ with import ; { lib, config, pkgs, ... }: { - imports = [ - - ]; - networking.firewall.allowedTCPPorts = [ 80 8010 9989 ]; krebs.ci.enable = true; krebs.ci.treeStableTimer = 1; From 194e22c517ab22664aea2148421182c6c4ac43d6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 5 Jan 2018 15:45:51 +0100 Subject: [PATCH 31/69] l prism.r: repo-sync stockholm every 2 minutes --- lass/1systems/prism/config.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 593a1fc9c..0b2c10f92 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -302,6 +302,13 @@ in { } ]; } + { + krebs.repo-sync.repos.stockholm.timerConfig = { + OnBootSec = "5min"; + OnUnitInactiveSec = "2min"; + RandomizedDelaySec = "2min"; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; From bd3b2a2bbd3c9b2e6dee2646a580f83b8438d03d Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 5 Jan 2018 15:46:13 +0100 Subject: [PATCH 32/69] buildbot slave: don't fail on remove --- krebs/3modules/buildbot/slave.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix index 0af553c5d..fba585448 100644 --- a/krebs/3modules/buildbot/slave.nix +++ b/krebs/3modules/buildbot/slave.nix @@ -161,7 +161,7 @@ let ExecStartPre = pkgs.writeDash "buildbot-master-init" '' set -efux #remove garbage from old versions - rm -r ${workdir} + rm -rf ${workdir} mkdir -p ${workdir}/info cp ${buildbot-slave-init} ${workdir}/buildbot.tac echo ${contact} > ${workdir}/info/admin From 2e9d5375f6134cba6dfbc3fd048fabfa2363ff83 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 5 Jan 2018 15:55:32 +0100 Subject: [PATCH 33/69] l mors.r: remove exfat-nofuse --- lass/1systems/mors/config.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 8c7c39a6f..c231a0b10 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -70,10 +70,6 @@ with import ; pkgs.ovh-zone ]; } - { - #ps vita stuff - boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; - } { services.tor = { enable = true; From 65a1bf47566a8d17e2d3928f3eec03e941311c61 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 5 Jan 2018 15:58:23 +0100 Subject: [PATCH 34/69] l daedalus.r: enable flash --- lass/1systems/daedalus/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 6674b3db5..8ec744584 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -41,6 +41,7 @@ with import ; skype wine ]; + nixpkgs.config.firefox.enableAdobeFlash = true; services.xserver.enable = true; services.xserver.displayManager.lightdm.enable = true; services.xserver.desktopManager.plasma5.enable = true; From 5c8676bc9cbf918fa8c1f9995d5b7cc790d5414e Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 5 Jan 2018 15:59:11 +0100 Subject: [PATCH 35/69] l daedalus.r: add ens* to dhcpcd interfaces --- lass/1systems/dishfire/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix index 416edeb82..7993c763e 100644 --- a/lass/1systems/dishfire/config.nix +++ b/lass/1systems/dishfire/config.nix @@ -43,6 +43,7 @@ networking.dhcpcd.allowInterfaces = [ "enp*" "eth*" + "ens*" ]; } { From e083b18e34519f30bba79dfd894c3b828fd13da7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 5 Jan 2018 16:00:06 +0100 Subject: [PATCH 36/69] l IM: add bitlbee config --- lass/2configs/IM.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix index b94cb0634..80cebf099 100644 --- a/lass/2configs/IM.nix +++ b/lass/2configs/IM.nix @@ -20,6 +20,17 @@ let ''; in { + services.bitlbee = { + enable = true; + portNumber = 6666; + plugins = [ + pkgs.bitlbee-facebook + pkgs.bitlbee-steam + pkgs.bitlbee-discord + ]; + libpurple_plugins = [ pkgs.telegram-purple ]; + }; + users.extraUsers.chat = { home = "/home/chat"; uid = genid "chat"; From 1deb002e1908cfa6d2f40b602953bd3e30c7f73e Mon Sep 17 00:00:00 2001 From: jeschli Date: Fri, 5 Jan 2018 20:37:54 +0100 Subject: [PATCH 37/69] jeschli urxvt: got better eyes now - adjust font size --- jeschli/2configs/urxvt.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jeschli/2configs/urxvt.nix b/jeschli/2configs/urxvt.nix index a2e02de35..69811eb0a 100644 --- a/jeschli/2configs/urxvt.nix +++ b/jeschli/2configs/urxvt.nix @@ -28,7 +28,7 @@ with import ; URxvt*scrollBar: false URxvt*urgentOnBell: true - URxvt*font: xft:DejaVu Sans Mono:pixelsize=20 + URxvt*font: xft:DejaVu Sans Mono:pixelsize=12 URXvt*faceSize: 12 ''; } From 21bd13b2de964b178e5d42b69efc337e09698dd2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 5 Jan 2018 20:59:29 +0100 Subject: [PATCH 38/69] l: container hackery --- lass/1systems/prism/config.nix | 9 +++++++++ lass/2configs/rebuild-on-boot.nix | 18 ++++++++++++++++++ 2 files changed, 27 insertions(+) create mode 100644 lass/2configs/rebuild-on-boot.nix diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 0b2c10f92..03e9f6eeb 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -184,14 +184,17 @@ in { } { #hotdog + systemd.services."container@hotdog".reloadIfChanged = mkForce false; containers.hotdog = { config = { ... }: { + imports = [ ]; environment.systemPackages = [ pkgs.git ]; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey ]; }; + autoStart = true; enableTun = true; privateNetwork = true; hostAddress = "10.233.2.1"; @@ -200,8 +203,10 @@ in { } { #kaepsele + systemd.services."container@kaepsele".reloadIfChanged = mkForce false; containers.kaepsele = { config = { ... }: { + imports = [ ]; environment.systemPackages = [ pkgs.git ]; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [ @@ -209,6 +214,7 @@ in { tv.pubkey ]; }; + autoStart = true; enableTun = true; privateNetwork = true; hostAddress = "10.233.2.3"; @@ -217,8 +223,10 @@ in { } { #onondaga + systemd.services."container@onondaga".reloadIfChanged = mkForce false; containers.onondaga = { config = { ... }: { + imports = [ ]; environment.systemPackages = [ pkgs.git ]; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ @@ -226,6 +234,7 @@ in { config.krebs.users.nin.pubkey ]; }; + autoStart = true; enableTun = true; privateNetwork = true; hostAddress = "10.233.2.5"; diff --git a/lass/2configs/rebuild-on-boot.nix b/lass/2configs/rebuild-on-boot.nix new file mode 100644 index 000000000..60198be7b --- /dev/null +++ b/lass/2configs/rebuild-on-boot.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: +with import ; +{ + systemd.services.rebuild-on-boot = { + wantedBy = [ "multi-user.target" ]; + environment = { + NIX_REMOTE = "daemon"; + HOME = "/var/empty"; + }; + serviceConfig = { + ExecStart = pkgs.writeScript "rebuild" '' + #!${pkgs.bash}/bin/bash + (/run/current-system/sw/bin/nixos-rebuild -I /var/src switch) & + ''; + ExecStop = "${pkgs.coreutils}/bin/sleep 10"; + }; + }; +} From 90b5b135d30d969c69e73261ed0ca663bc166495 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 5 Jan 2018 21:38:48 +0100 Subject: [PATCH 39/69] ma source: cherry-pick signal-desktop from unstable --- makefu/source.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/makefu/source.nix b/makefu/source.nix index 647803fd7..c22c82f32 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -13,8 +13,9 @@ let then "buildbot" else "makefu"; _file = + "/makefu/1systems/${name}/source.nix"; - ref = "3e8d708"; # nixos-17.09 @ 2018-01-05 + ref = "0f19bee"; # nixos-17.09 @ 2018-01-05 # + do_sqlite3 ruby: 55a952be5b5 + # + signal: 0f19beef3 in evalSource (toString _file) [ From 7f8ec648b8a26221c4ff030ec6242b9f08ba5f6c Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 5 Jan 2018 23:12:22 +0100 Subject: [PATCH 40/69] ma pkgs.gen-oath-safe: remove warning, add yubikey-manager --- makefu/5pkgs/gen-oath-safe/default.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/makefu/5pkgs/gen-oath-safe/default.nix b/makefu/5pkgs/gen-oath-safe/default.nix index 344dc1a02..bad4b08a8 100644 --- a/makefu/5pkgs/gen-oath-safe/default.nix +++ b/makefu/5pkgs/gen-oath-safe/default.nix @@ -1,7 +1,6 @@ { coreutils, makeWrapper, openssl, libcaca, qrencode, fetchFromGitHub, yubikey-manager, python, stdenv, ... }: -builtins.trace "Warning: HTOP mode of gen-oath-safe is currently broken" - stdenv.mkDerivation { +stdenv.mkDerivation { name = "gen-oath-safe-2017-06-30"; src = fetchFromGitHub { owner = "mcepl"; @@ -24,7 +23,7 @@ builtins.trace "Warning: HTOP mode of gen-oath-safe is currently broken" coreutils openssl qrencode - #yubikey-manager + yubikey-manager libcaca python ]; From 99b379715123cdec8f527de4c71700c02974383f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 6 Jan 2018 01:50:16 +0100 Subject: [PATCH 41/69] l IM: add rxvt_unicode.terminfo --- lass/2configs/IM.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix index 80cebf099..51512955e 100644 --- a/lass/2configs/IM.nix +++ b/lass/2configs/IM.nix @@ -57,6 +57,10 @@ in { restartIfChanged = false; + path = [ + pkgs.rxvt_unicode.terminfo + ]; + serviceConfig = { User = "chat"; RemainAfterExit = true; From acecab429219d9086e23fa8912ecb05c017211d1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 6 Jan 2018 01:50:51 +0100 Subject: [PATCH 42/69] l dns: use resolved --- lass/2configs/dns-stuff.nix | 22 ++-------------------- 1 file changed, 2 insertions(+), 20 deletions(-) diff --git a/lass/2configs/dns-stuff.nix b/lass/2configs/dns-stuff.nix index 411b07503..cbcce8df9 100644 --- a/lass/2configs/dns-stuff.nix +++ b/lass/2configs/dns-stuff.nix @@ -11,24 +11,6 @@ with import ; key = "1AFC:E58D:F242:0FBB:9EE9:4E51:47F4:5373:D9AE:C2AB:DD96:8448:333D:5D79:272C:A44C"; }; }; - services.dnsmasq = { - enable = true; - resolveLocalQueries = false; - extraConfig = '' - server=127.1.0.1 - #no-resolv - cache-size=1000 - min-cache-ttl=3600 - bind-dynamic - all-servers - dnssec - trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 - rebind-domain-ok=/onion/ - server=/.onion/127.0.0.1#9053 - port=53 - ''; - }; - networking.extraResolvconfConf = '' - name_servers='127.0.0.1' - ''; + services.resolved.enable = true; + services.resolved.fallbackDns = [ "127.1.0.1" ]; } From 9da4f1242ad782a54b524f6c470cfe82be4a63b4 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 6 Jan 2018 20:49:58 +0100 Subject: [PATCH 43/69] pkgs.internetarchive: fix build --- .../5pkgs/simple/internetarchive/default.nix | 45 ++++++++++--------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/krebs/5pkgs/simple/internetarchive/default.nix b/krebs/5pkgs/simple/internetarchive/default.nix index f5e1bbff3..2f55e6f42 100644 --- a/krebs/5pkgs/simple/internetarchive/default.nix +++ b/krebs/5pkgs/simple/internetarchive/default.nix @@ -1,38 +1,39 @@ -{ pkgs, fetchFromGitHub, ... }: +{ stdenv, pkgs, fetchPypi, ... }: with pkgs.python3Packages; buildPythonPackage rec { pname = "internetarchive"; version = "1.7.3"; name = "${pname}-${version}"; - propagatedBuildInputs = [ - requests - jsonpatch - docopt - clint - six - schema - backports_csv - ]; - -# check only works when cloned from git repo - doCheck = false; - checkInputs = [ - pytest - responses - ]; - - prePatch = '' - sed -i "s/'schema.*'/'schema>=0.4.0'/" setup.py - ''; src = fetchPypi { inherit pname version; sha256 = "0x3saklabdx7qrr11h5bjfd75hfbih7pw5gvl2784zvvvrqrz45g"; }; + propagatedBuildInputs = [ + requests + jsonpatch + docopt + clint + six + schema + backports_csv + ]; + + # check only works when cloned from git repo + doCheck = false; + + checkInputs = [ + pytest + responses + ]; + + prePatch = '' + sed -i "s/'schema.*'/'schema>=0.4.0'/" setup.py + ''; + meta = with stdenv.lib; { description = "python library and cli for uploading files to internet archive"; license = licenses.agpl3; }; - } From 7b39418eb059a80b365beba867613ea0e378c189 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 6 Jan 2018 20:50:37 +0100 Subject: [PATCH 44/69] ma filepimp.r: add nofail to disks --- makefu/1systems/filepimp/config.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/makefu/1systems/filepimp/config.nix b/makefu/1systems/filepimp/config.nix index e9058ec85..30ba61a9b 100644 --- a/makefu/1systems/filepimp/config.nix +++ b/makefu/1systems/filepimp/config.nix @@ -71,7 +71,10 @@ in { '') allDisks); fileSystems = let xfsmount = name: dev: - { "/media/${name}" = { device = dev; fsType = "xfs"; }; }; + { "/media/${name}" = { + device = dev; fsType = "xfs"; + options = [ "nofail" ]; + }; }; in # (xfsmount "j0" (part1 jDisk0)) // (xfsmount "j1" (part1 jDisk1)) // From 72d8ea37cc19a0d09dedef55d540c6b06ebcdbd1 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 6 Jan 2018 20:51:32 +0100 Subject: [PATCH 45/69] ma gum.r: add vbob to wireguard --- makefu/1systems/gum/config.nix | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 1fe0b62f9..6e5f3c2d4 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -108,16 +108,35 @@ in { # }; #} { # wireguard server - networking.firewall.allowedUDPPorts = [ 51820 ]; + + # TODO: networking.nat + + # boot.kernel.sysctl."net.ipv4.ip_forward" = 1; + # conf.all.proxy_arp =1 + networking.firewall = { + allowedUDPPorts = [ 51820 ]; + extraCommands = '' + iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE + ''; + }; + networking.wireguard.interfaces.wg0 = { ips = [ "10.244.0.1/24" ]; + listenPort = 51820; privateKeyFile = (toString ) + "/wireguard.key"; allowedIPsAsRoutes = true; - peers = [{ - # allowedIPs = [ "0.0.0.0/0" "::/0" ]; + peers = [ + { + # x allowedIPs = [ "10.244.0.2/32" ]; publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; - }]; + } + { + # vbob + allowedIPs = [ "10.244.0.3/32" ]; + publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; + } + ]; }; } From 9cf88110a69b7f3902d29e9f252a0b40d2bc5f9f Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 6 Jan 2018 20:51:58 +0100 Subject: [PATCH 46/69] ma omo.r: add nofail to disk --- makefu/1systems/omo/config.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index aaecebadc..ce3ffbcf3 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -143,7 +143,10 @@ in { ]; fileSystems = let cryptMount = name: - { "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };}; + { "/media/${name}" = { + device = "/dev/mapper/${name}"; fsType = "xfs"; + options = [ "nofail" ]; + };}; in cryptMount "crypt0" // cryptMount "crypt1" // cryptMount "crypt2" From de01eae264ee72f1bddb42ae0a33defc66486f4f Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 6 Jan 2018 20:53:33 +0100 Subject: [PATCH 47/69] ma vbob.r: add default routing through wireguard --- makefu/1systems/vbob/config.nix | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix index f318c0e61..7552c6982 100644 --- a/makefu/1systems/vbob/config.nix +++ b/makefu/1systems/vbob/config.nix @@ -7,7 +7,8 @@ { imports = [ ]; - boot.loader.grub.device = "/dev/vda"; + boot.loader.grub.device = "/dev/sda"; + virtualisation.virtualbox.guest.enable = true; } # { # imports = [ @@ -49,6 +50,33 @@ # environment + (let + gum-ip = config.krebs.hosts.gum.nets.internet.ip4.addr; + Gateway = "10.0.2.2"; + in { + networking.localCommands = '' + ip route add ${gum-ip} via ${Gateway} + ''; + systemd.network.networks.enp0s3.routes = [{ + inherit Gateway; # TODO + Destination = gum-ip; + }]; + networking.wireguard.interfaces.wg0 = { + ips = [ "10.244.0.3/24" ]; + privateKeyFile = (toString ) + "/wireguard.key"; + allowedIPsAsRoutes = true; + # explicit route via eth0 to gum + peers = [ + { + # gum + endpoint = "${gum-ip}:51820"; + # allowedIPs = [ "10.244.0.0/24" ]; + allowedIPs = [ "0.0.0.0/0" ]; + publicKey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo="; + } + ]; + }; + }) ]; networking.extraHosts = import (toString ); @@ -90,5 +118,5 @@ 8010 ]; - + systemd.services."serial-getty@ttyS0".enable = true; } From 149aad4cb79de44e095b82ffdf7fa65cc95c2f93 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 6 Jan 2018 21:07:46 +0100 Subject: [PATCH 48/69] ma vbob.r: remove explicit route via systemd does not work --- makefu/1systems/vbob/config.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix index 7552c6982..d4b80c90e 100644 --- a/makefu/1systems/vbob/config.nix +++ b/makefu/1systems/vbob/config.nix @@ -57,10 +57,7 @@ networking.localCommands = '' ip route add ${gum-ip} via ${Gateway} ''; - systemd.network.networks.enp0s3.routes = [{ - inherit Gateway; # TODO - Destination = gum-ip; - }]; + networking.wireguard.interfaces.wg0 = { ips = [ "10.244.0.3/24" ]; privateKeyFile = (toString ) + "/wireguard.key"; From 17883f68dd0ddcb9813add65559bcc95009148fc Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 6 Jan 2018 23:44:03 +0100 Subject: [PATCH 49/69] ma vbob.r: set route after network online --- makefu/1systems/vbob/config.nix | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix index d4b80c90e..ffd9deaee 100644 --- a/makefu/1systems/vbob/config.nix +++ b/makefu/1systems/vbob/config.nix @@ -52,24 +52,21 @@ (let gum-ip = config.krebs.hosts.gum.nets.internet.ip4.addr; - Gateway = "10.0.2.2"; + gateway = "10.0.2.2"; in { - networking.localCommands = '' - ip route add ${gum-ip} via ${Gateway} - ''; - + # make sure the route to gum gets added after the network is online + systemd.services.wireguard-wg0.after = [ "network-online.target" ]; networking.wireguard.interfaces.wg0 = { ips = [ "10.244.0.3/24" ]; privateKeyFile = (toString ) + "/wireguard.key"; - allowedIPsAsRoutes = true; # explicit route via eth0 to gum + preSetup = ["${pkgs.iproute}/bin/ip route add ${gum-ip} via ${gateway}"]; peers = [ - { - # gum + { # gum endpoint = "${gum-ip}:51820"; - # allowedIPs = [ "10.244.0.0/24" ]; - allowedIPs = [ "0.0.0.0/0" ]; + allowedIPs = [ "0.0.0.0/0" "10.244.0.0/24" ]; publicKey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo="; + persistentKeepalive = 25; } ]; }; From 05c6e0b86c3cc59662d8daf26e81127a18a96a50 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 8 Jan 2018 09:14:48 +0100 Subject: [PATCH 50/69] pkgs.internetarchive: remove fetchPypi, coming from python3Packages --- krebs/5pkgs/simple/internetarchive/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/5pkgs/simple/internetarchive/default.nix b/krebs/5pkgs/simple/internetarchive/default.nix index 2f55e6f42..3c83093be 100644 --- a/krebs/5pkgs/simple/internetarchive/default.nix +++ b/krebs/5pkgs/simple/internetarchive/default.nix @@ -1,4 +1,4 @@ -{ stdenv, pkgs, fetchPypi, ... }: +{ stdenv, pkgs, ... }: with pkgs.python3Packages; buildPythonPackage rec { pname = "internetarchive"; From 99065dfd7ad990ea7ad4c44b7b209de7e3859926 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 9 Jan 2018 01:16:45 +0100 Subject: [PATCH 51/69] l nixpkgs: 0b30c1d -> 0653b73 --- lass/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/source.nix b/lass/source.nix index a6314694c..f622285b1 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "0b30c1d"; + ref = "0653b73"; }; secrets = getAttr builder { buildbot.file = toString ; From bcfbd293602d3ca28f43c930077f659125690b2d Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 9 Jan 2018 05:28:54 +0100 Subject: [PATCH 52/69] tv: add SPF record --- krebs/3modules/tv/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index ce01be5f3..cc09313f7 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -122,6 +122,7 @@ with import ; cgit 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} cgit.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} krebsco.de. 60 IN MX 5 ni + krebsco.de. 60 IN TXT v=spf1 mx -all ''; }; nets = { From 2b418e2c18ba3013808b39c50e152a0163c3a60c Mon Sep 17 00:00:00 2001 From: Markus Hihn Date: Tue, 9 Jan 2018 11:16:43 +0100 Subject: [PATCH 53/69] jeschli: meltdown fix --- jeschli/2configs/default.nix | 1 + jeschli/source.nix | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/jeschli/2configs/default.nix b/jeschli/2configs/default.nix index 7fb240951..77281b301 100644 --- a/jeschli/2configs/default.nix +++ b/jeschli/2configs/default.nix @@ -4,6 +4,7 @@ with import ; imports = [ ./vim.nix ./retiolum.nix + { environment.variables = { NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; diff --git a/jeschli/source.nix b/jeschli/source.nix index ae9e1e72e..382dd61bc 100644 --- a/jeschli/source.nix +++ b/jeschli/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "d83c808"; + ref = "0653b73"; }; secrets.file = getAttr builder { buildbot = toString ; From fb0bbec70ae1a0dd4fdc3c9bc9ed47f2a8573fd9 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 9 Jan 2018 14:43:51 +0100 Subject: [PATCH 54/69] mv nixpkgs: d0f0657 -> 0653b73 --- mv/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mv/source.nix b/mv/source.nix index 2fa53a13e..5f6b2fe36 100644 --- a/mv/source.nix +++ b/mv/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/mv/1systems/${name}/config.nix"; nixpkgs.git = { # nixos-17.09 - ref = mkDefault "d0f0657ca06cc8cb239cb94f430b53bcdf755887"; + ref = mkDefault "0653b73bf61f3a23d28c38ab7e9c69a318d433de"; url = https://github.com/NixOS/nixpkgs; }; secrets.file = getAttr builder { From 5ef3a2c6caa2f018c2adf795de992e0487dd2413 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 9 Jan 2018 18:03:28 +0100 Subject: [PATCH 55/69] l nixpkgs: 0653b73 -> d202e30 --- lass/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/source.nix b/lass/source.nix index f622285b1..46c6d31dc 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "0653b73"; + ref = "d202e30"; }; secrets = getAttr builder { buildbot.file = toString ; From 33882a3c88392c2d4afe771f13551cafabce0179 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 9 Jan 2018 19:08:20 +0100 Subject: [PATCH 56/69] nin: .retiolum -> .r --- krebs/3modules/nin/default.nix | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix index 1a0999b8d..1531a2c89 100644 --- a/krebs/3modules/nin/default.nix +++ b/krebs/3modules/nin/default.nix @@ -14,7 +14,6 @@ with import ; ip4.addr = "10.243.132.96"; ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342"; aliases = [ - "hiawatha.retiolum" "hiawatha.r" ]; tinc.pubkey = '' @@ -39,7 +38,6 @@ with import ; ip4.addr = "10.243.134.66"; ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379"; aliases = [ - "axon.retiolum" "axon.r" ]; tinc.pubkey = '' @@ -80,10 +78,8 @@ with import ; ip4.addr = "10.243.132.55"; ip6.addr = "42:0000:0000:0000:0000:0000:0000:1357"; aliases = [ - "onondaga.retiolum" "onondaga.r" "cgit.onondaga.r" - "cgit.onondaga.retiolum" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -104,11 +100,11 @@ with import ; }; users = { nin = { - mail = "nin@axon.retiolum"; + mail = "nin@axon.r"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon"; }; nin_h = { - mail = "nin@hiawatha.retiolum"; + mail = "nin@hiawatha.r"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha"; }; }; From 39f611a0d85319c998c7245fdc379e0c0ea28f41 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 9 Jan 2018 19:09:15 +0100 Subject: [PATCH 57/69] ircd: .retiolum -> .r --- krebs/2configs/ircd.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index b534f9ad4..962dbf49c 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -12,10 +12,10 @@ ''; config = '' serverinfo { - name = "${config.krebs.build.host.name}.irc.retiolum"; + name = "${config.krebs.build.host.name}.irc.r"; sid = "1as"; description = "miep!"; - network_name = "irc.retiolum"; + network_name = "irc.r"; hub = yes; vhost = "0.0.0.0"; From be33985efdcbcbed4aa18483ede16fe08dca7249 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 9 Jan 2018 19:10:07 +0100 Subject: [PATCH 58/69] makefu euer.wiki: .retiolum -> .r --- makefu/2configs/nginx/euer.wiki.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix index ef2c17c63..08bc5659f 100644 --- a/makefu/2configs/nginx/euer.wiki.nix +++ b/makefu/2configs/nginx/euer.wiki.nix @@ -76,7 +76,7 @@ in { virtualHosts = { "${ext-dom}" = { #serverAliases = [ - # "wiki.makefu.retiolum" + # "wiki.makefu.r" # "wiki.makefu" #]; forceSSL = true; From b8838259b0fe77d2762feac55d4532163f9075dd Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 9 Jan 2018 19:10:46 +0100 Subject: [PATCH 59/69] lass bepasty: .retiolum -> .r --- lass/2configs/bepasty.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lass/2configs/bepasty.nix b/lass/2configs/bepasty.nix index 43647892f..9bd416c05 100644 --- a/lass/2configs/bepasty.nix +++ b/lass/2configs/bepasty.nix @@ -23,7 +23,10 @@ in { servers = { "paste.r" = { nginx = { - serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ]; + serverAliases = [ + "paste.${config.krebs.build.host.name}" + "paste.r" + ]; }; defaultPermissions = "admin,list,create,read,delete"; secretKey = secKey; From 4162239a167bbafabc8c9bf93f5a7da38ee55d05 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 9 Jan 2018 19:11:45 +0100 Subject: [PATCH 60/69] makefu bepasty-dual: .retiolum -> .r --- makefu/2configs/bepasty-dual.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix index 701bf5b1d..890652285 100644 --- a/makefu/2configs/bepasty-dual.nix +++ b/makefu/2configs/bepasty-dual.nix @@ -28,7 +28,10 @@ in { servers = { "paste.r" = { nginx = { - serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ]; + serverAliases = [ + "paste.${config.krebs.build.host.name}" + "paste.r" + ]; }; defaultPermissions = "admin,list,create,read,delete"; secretKeyFile = secKey; From 813535d526dd745ce00ba8dd4ebec85fc72080cc Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 9 Jan 2018 19:13:02 +0100 Subject: [PATCH 61/69] makefu collected-base: .retiolum -> .r --- makefu/2configs/collectd/collectd-base.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/collectd/collectd-base.nix b/makefu/2configs/collectd/collectd-base.nix index 91e5216ad..9168d1fa9 100644 --- a/makefu/2configs/collectd/collectd-base.nix +++ b/makefu/2configs/collectd/collectd-base.nix @@ -10,7 +10,7 @@ let ModulePath "${collectd-connect-time}/lib/${python.libPrefix}/site-packages/" Import "collectd_connect_time" - target "wry.retiolum" "localhost" "google.com" + target "wry.r" "localhost" "google.com" interval 30 @@ -19,7 +19,7 @@ let LoadPlugin write_graphite - Host "heidi.retiolum" + Host "heidi.r" Port "2003" Prefix "retiolum." EscapeCharacter "_" From 26c4dfbdfc7c484e49717426ea1516d559a8ac61 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 9 Jan 2018 21:40:39 +0100 Subject: [PATCH 62/69] infest prepare: add hetzner_rescue support --- krebs/4lib/infest/prepare.sh | 82 +++++++++++++++++++++++++++--------- 1 file changed, 61 insertions(+), 21 deletions(-) diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index ccfc4f49b..4179d8294 100644 --- a/krebs/4lib/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh @@ -21,6 +21,10 @@ prepare() {( esac ;; debian) + if grep -Fq Hetzner /etc/motd; then + prepare_hetzner_rescue "$@" + exit + fi case $VERSION_ID in 7) prepare_debian "$@" @@ -72,7 +76,7 @@ prepare_debian() { type bzip2 2>/dev/null || apt-get install bzip2 type git 2>/dev/null || apt-get install git type rsync 2>/dev/null || apt-get install rsync - type curl 2>/dev/null || apt-get install curl + type curl 2>/dev/null || apt-get install curl prepare_common } @@ -94,6 +98,31 @@ prepare_nixos_iso() { sed -i "s@NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install } +prepare_hetzner_rescue() { + mountpoint /mnt + + type bzip2 2>/dev/null || apt-get install bzip2 + type git 2>/dev/null || apt-get install git + type rsync 2>/dev/null || apt-get install rsync + type curl 2>/dev/null || apt-get install curl + + mkdir -p /mnt/"$target_path" + mkdir -p "$target_path" + + if ! mountpoint "$target_path"; then + mount --rbind /mnt/"$target_path" "$target_path" + fi + + mkdir -p bin + rm -f bin/nixos-install + cp "$(type -p nixos-install)" bin/nixos-install + sed -i "s@NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install + + _prepare_nix_users + _prepare_nix + _prepare_nixos_install +} + get_nixos_install() { echo "installing nixos-install" 2>&1 c=$(mktemp) @@ -107,24 +136,10 @@ EOF nix-env -i -A config.system.build.nixos-install -f "" rm -v $c } + prepare_common() {( - if ! getent group nixbld >/dev/null; then - groupadd -g 30000 -r nixbld - fi - for i in `seq 1 10`; do - if ! getent passwd nixbld$i 2>/dev/null; then - useradd \ - -d /var/empty \ - -g 30000 \ - -G 30000 \ - -l \ - -M \ - -s /sbin/nologin \ - -u $(expr 30000 + $i) \ - nixbld$i - fi - done + _prepare_nix_users # # mount install directory @@ -173,10 +188,12 @@ prepare_common() {( mount --bind /nix /mnt/nix fi - # - # install nix - # + _prepare_nix + _prepare_nixos_install +)} + +_prepare_nix() {( # install nix on host (cf. https://nixos.org/nix/install) if ! test -e /root/.nix-profile/etc/profile.d/nix.sh; then ( @@ -201,8 +218,31 @@ prepare_common() {( if ! mountpoint "$target_path"; then mount --rbind /mnt/"$target_path" "$target_path" fi +)} +_prepare_nix_users() {( + if ! getent group nixbld >/dev/null; then + groupadd -g 30000 -r nixbld + fi + for i in `seq 1 10`; do + if ! getent passwd nixbld$i 2>/dev/null; then + useradd \ + -d /var/empty \ + -g 30000 \ + -G 30000 \ + -l \ + -M \ + -s /sbin/nologin \ + -u $(expr 30000 + $i) \ + nixbld$i + fi + done +)} + + +_prepare_nixos_install() { get_nixos_install + mkdir -p bin rm -f bin/nixos-install cp "$(type -p nixos-install)" bin/nixos-install @@ -212,6 +252,6 @@ prepare_common() {( echo '. /root/.nix-profile/etc/profile.d/nix.sh' >> .bashrc echo 'PATH=$HOME/bin:$PATH #krebs' >> .bashrc fi -)} +} prepare "$@" From f4a23ea078c385fd3f9bfe23f935cd6886d4571d Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 9 Jan 2018 22:04:02 +0100 Subject: [PATCH 63/69] infest prepare: add _which --- krebs/4lib/infest/prepare.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index 4179d8294..ee5f334c7 100644 --- a/krebs/4lib/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh @@ -94,11 +94,14 @@ prepare_nixos_iso() { mkdir -p bin rm -f bin/nixos-install - cp "$(type -p nixos-install)" bin/nixos-install + cp "$(_which nixos-install)" bin/nixos-install sed -i "s@NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install } prepare_hetzner_rescue() { + _which() ( + which "$1" + ) mountpoint /mnt type bzip2 2>/dev/null || apt-get install bzip2 @@ -138,6 +141,9 @@ EOF } prepare_common() {( + _which() ( + type -p "$1" + ) _prepare_nix_users @@ -245,7 +251,7 @@ _prepare_nixos_install() { mkdir -p bin rm -f bin/nixos-install - cp "$(type -p nixos-install)" bin/nixos-install + cp "$(_which nixos-install)" bin/nixos-install sed -i "s@NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install if ! grep -q '^PATH.*#krebs' .bashrc; then From 4c0e2b269f6f2df9725cca59e151f6c39b593fdb Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 9 Jan 2018 22:06:16 +0100 Subject: [PATCH 64/69] infest prepare: remove duplicated code --- krebs/4lib/infest/prepare.sh | 5 ----- 1 file changed, 5 deletions(-) diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index ee5f334c7..ff1ab1fb7 100644 --- a/krebs/4lib/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh @@ -116,11 +116,6 @@ prepare_hetzner_rescue() { mount --rbind /mnt/"$target_path" "$target_path" fi - mkdir -p bin - rm -f bin/nixos-install - cp "$(type -p nixos-install)" bin/nixos-install - sed -i "s@NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install - _prepare_nix_users _prepare_nix _prepare_nixos_install From 794e4fe21b9d0841f80ecab184716fbf88328aed Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 9 Jan 2018 22:07:04 +0100 Subject: [PATCH 65/69] infest prepare: no subshell for _prepare* --- krebs/4lib/infest/prepare.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index ff1ab1fb7..78c1c6ec1 100644 --- a/krebs/4lib/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh @@ -194,7 +194,7 @@ prepare_common() {( _prepare_nixos_install )} -_prepare_nix() {( +_prepare_nix() { # install nix on host (cf. https://nixos.org/nix/install) if ! test -e /root/.nix-profile/etc/profile.d/nix.sh; then ( @@ -219,9 +219,9 @@ _prepare_nix() {( if ! mountpoint "$target_path"; then mount --rbind /mnt/"$target_path" "$target_path" fi -)} +} -_prepare_nix_users() {( +_prepare_nix_users() { if ! getent group nixbld >/dev/null; then groupadd -g 30000 -r nixbld fi @@ -238,7 +238,7 @@ _prepare_nix_users() {( nixbld$i fi done -)} +} _prepare_nixos_install() { From cc51c5f7db21749b87b0db096087b7e7447a8f0a Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 10 Jan 2018 00:04:07 +0100 Subject: [PATCH 66/69] ma photostore.krebsco.de: init on gum.r also init the application server and config --- krebs/3modules/makefu/default.nix | 1 + makefu/1systems/gum/config.nix | 2 +- .../deployment/photostore.krebsco.de.nix | 40 +++++++++++++++++++ makefu/5pkgs/cameraupload-server/default.nix | 23 +++++++++++ 4 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 makefu/2configs/deployment/photostore.krebsco.de.nix create mode 100644 makefu/5pkgs/cameraupload-server/default.nix diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 9f1842b88..56e5c6b82 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -541,6 +541,7 @@ with import ; graph IN A ${nets.internet.ip4.addr} ghook IN A ${nets.internet.ip4.addr} dockerhub IN A ${nets.internet.ip4.addr} + photostore IN A ${nets.internet.ip4.addr} io IN NS gum.krebsco.de. ''; }; diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 6e5f3c2d4..f473d9e4c 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -67,7 +67,7 @@ in { - + diff --git a/makefu/2configs/deployment/photostore.krebsco.de.nix b/makefu/2configs/deployment/photostore.krebsco.de.nix new file mode 100644 index 000000000..9e16a384a --- /dev/null +++ b/makefu/2configs/deployment/photostore.krebsco.de.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: +# more than just nginx config but not enough to become a module +with import ; +let + wsgi-sock = "${workdir}/uwsgi-photostore.sock"; + workdir = config.services.uwsgi.runDir; +in { + + services.uwsgi = { + enable = true; + user = "nginx"; + runDir = "/var/lib/photostore"; + plugins = [ "python3" ]; + instance = { + type = "emperor"; + vassals = { + cameraupload-server = { + type = "normal"; + pythonPackages = self: with self; [ pkgs.cameraupload-server ]; + socket = wsgi-sock; + }; + }; + }; + }; + + services.nginx = { + enable = mkDefault true; + virtualHosts."photostore.krebsco.de" = { + locations = { + "/".extraConfig = '' + uwsgi_pass unix://${wsgi-sock}; + uwsgi_param UWSGI_CHDIR ${workdir}; + uwsgi_param UWSGI_MODULE cuserver.main; + uwsgi_param UWSGI_CALLABLE app; + include ${pkgs.nginx}/conf/uwsgi_params; + ''; + }; + }; + }; +} diff --git a/makefu/5pkgs/cameraupload-server/default.nix b/makefu/5pkgs/cameraupload-server/default.nix new file mode 100644 index 000000000..e2e410958 --- /dev/null +++ b/makefu/5pkgs/cameraupload-server/default.nix @@ -0,0 +1,23 @@ +{ lib, pkgs, fetchFromGitHub, ... }: + +with pkgs.python3Packages;buildPythonPackage rec { + name = "cameraupload-server-${version}"; + version = "0.2.4"; + + propagatedBuildInputs = [ + flask + ]; + + src = fetchFromGitHub { + owner = "makefu"; + repo = "cameraupload-server"; + rev = "c98c8ec"; + sha256 = "0ssgvjm0z399l62wkgjk8c75mvhgn5z7g1dkb78r8vrih9428bb8"; + }; + + meta = { + homepage = https://github.com/makefu/cameraupload-server; + description = "server side for cameraupload_full"; + license = lib.licenses.asl20; + }; +} From 7c3e4260f279c057ebc45ba6b456f89ca3c97b0e Mon Sep 17 00:00:00 2001 From: jeschli Date: Wed, 10 Jan 2018 15:07:04 +0100 Subject: [PATCH 67/69] jeschli: set default hostname --- jeschli/1systems/bln/config.nix | 2 +- jeschli/1systems/reagenzglas/config.nix | 1 - jeschli/2configs/default.nix | 1 + 3 files changed, 2 insertions(+), 2 deletions(-) diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 873c0fa3d..9e5f8c52e 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -36,7 +36,7 @@ } ]; - networking.hostName = "BLN02NB0154"; # Define your hostname. + networking.hostName = lib.mkForce "BLN02NB0154"; # Define your hostname. networking.networkmanager.enable = true; # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. diff --git a/jeschli/1systems/reagenzglas/config.nix b/jeschli/1systems/reagenzglas/config.nix index d65e897ae..eb2ba179e 100644 --- a/jeschli/1systems/reagenzglas/config.nix +++ b/jeschli/1systems/reagenzglas/config.nix @@ -29,7 +29,6 @@ allowDiscards = true; } ]; - networking.hostName = "reaganzglas"; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. networking.networkmanager.enable = true; # Select internationalisation properties. diff --git a/jeschli/2configs/default.nix b/jeschli/2configs/default.nix index 77281b301..6d788d283 100644 --- a/jeschli/2configs/default.nix +++ b/jeschli/2configs/default.nix @@ -64,4 +64,5 @@ with import ; ]; krebs.enable = true; + networking.hostName = config.krebs.build.host.name; } From 547812c8efd0bffa73529ab1b864cc871a8ca6d7 Mon Sep 17 00:00:00 2001 From: jeschli Date: Wed, 10 Jan 2018 15:09:21 +0100 Subject: [PATCH 68/69] jeschli: +enklave.r --- jeschli/1systems/enklave/config.nix | 45 ++++++++++++++++++ jeschli/1systems/enklave/source.nix | 3 ++ .../2configs/os-templates/CentOS-7-64bit.nix | 16 +++++++ krebs/3modules/jeschli/default.nix | 46 +++++++++++++++++++ 4 files changed, 110 insertions(+) create mode 100644 jeschli/1systems/enklave/config.nix create mode 100644 jeschli/1systems/enklave/source.nix create mode 100644 jeschli/2configs/os-templates/CentOS-7-64bit.nix diff --git a/jeschli/1systems/enklave/config.nix b/jeschli/1systems/enklave/config.nix new file mode 100644 index 000000000..010089017 --- /dev/null +++ b/jeschli/1systems/enklave/config.nix @@ -0,0 +1,45 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + + + + { + networking.dhcpcd.allowInterfaces = [ + "enp*" + "eth*" + "ens*" + ]; + } + { + services.openssh.enable = true; + } + { + sound.enable = false; + } + { + users.extraUsers = { + root.initialPassword = "pfeife123"; + root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos" + ]; + jeschli = { + name = "jeschli"; + uid = 1000; + home = "/home/jeschli"; + group = "users"; + createHome = true; + useDefaultShell = true; + extraGroups = [ + ]; + openssh.authorizedKeys.keys = [ +"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos" + ]; + }; + }; + } + ]; + + krebs.build.host = config.krebs.hosts.enklave; +} diff --git a/jeschli/1systems/enklave/source.nix b/jeschli/1systems/enklave/source.nix new file mode 100644 index 000000000..4f9f37be7 --- /dev/null +++ b/jeschli/1systems/enklave/source.nix @@ -0,0 +1,3 @@ +import { + name = "enklave"; +} diff --git a/jeschli/2configs/os-templates/CentOS-7-64bit.nix b/jeschli/2configs/os-templates/CentOS-7-64bit.nix new file mode 100644 index 000000000..fb34e94e2 --- /dev/null +++ b/jeschli/2configs/os-templates/CentOS-7-64bit.nix @@ -0,0 +1,16 @@ +_: + +{ + imports = [ ]; + + boot.loader.grub = { + device = "/dev/sda"; + splashImage = null; + }; + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; + + fileSystems."/" = { + device = "/dev/sda1"; + fsType = "ext4"; + }; +} diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix index 0d161e1c8..c7e882742 100644 --- a/krebs/3modules/jeschli/default.nix +++ b/krebs/3modules/jeschli/default.nix @@ -118,6 +118,52 @@ with import ; }; }; }; + enklave = { + nets = rec { + internet = { + ip4.addr = "88.198.164.182"; + aliases = [ + "enklave.i" + ]; + }; + retiolum = { + via = internet; + ip4.addr = "10.243.27.30"; + ip6.addr = "42::30"; + aliases = [ + "enklave.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIID8gKCA+kAt8zRg/g0jRmqXn6rVul/tdjWtLPcu0aTjNJ5OYZh50i7WqWllGVz + +FfJicuq/Xd1l5qrgUN7MD+Wrfeov+G9lzSgacfPhXMujutXxX3JwW/9f7UN+yoN + Sw29Zj+NWb45HyI5WVwMQ332KbKjNcWdTRe+O39oE6bZWg54oEeZOad2UJ7/83sB + yNEV/B7bJ0+X9HR8XCKrHI/RkjixNauMDlquGzoVyqLKIWwUnBl9CwtNBCYHbvYD + G1rWeCewd9Z6KsqcKSePfa4mn5eOluWcXmbrD/sx8oII40oNUs3kI7a2HExB2Yle + P9Q5MQrXRZfI3bdrh1aHieBodZLtosHPNuJIpo8ZaCX88WLhGR3nhJa1vvM1vNwd + TSSAdobdZUcuIQJKnVxwP4rXQAKPkN2+ddy+tXCGvfFAsdGKDbgPy4FgT+Ed28vg + 3W0fef/3sDNGPY1VAa58/pLz9Un3kNJKUjt00tWamo8daU/3mxZs83nIqDHLq86l + 1+wCl37l+KHe7pUVZ3smoezPRCMoUThmc7VzupbQG+piiSSyiYQi0CuBusa44t76 + 1lMr3pOdRBBAoetZ745ZZVx8s+eYk+C1BmQbLJAfzQ9sbH3LAwXpuAH70mtrFqWl + C3LF89/5mZRbFxALZv9cVx3LqIZDjwpKlwPWorZwo14L+eAagdPCcnVNo6ZcVow2 + mAdNnf7C33fvRsU+rUEIZVPsBHZfAv+f0jqQ65TMvl32VZ0FlxxahSZSj64n8iwr + Z+DOxKA9OcAaTrHQReYLpWUfNceVDLfOmQLeih8hNgClgqPgYJP/OtN+ox3NP6ZX + +Gkx9HO7a+agtyJxjh3NYbT/NkRW8HcjW8KgRN7jlE9sQi5/FoxKQOUdHmLTvjdk + YJXqdPWMYHj2xt4A8x2nzl/si6lwDsod+zdY5RGSdYhoybEOs4wZZIuArmm8GP+C + IbtgutknAuqvm2FOxyWCbLFTimgqC5BgrNUsXFJJLsHQ3bWFJtVpJlSa5Y0iypCP + Yr/cefbDrGfs3eCy7FlYDIkCcH06FPm1LTs6USisrtKFObRQN+zPSPln9FysNmpH + h0YUhrWdTO+wN78K5gc4ALPNUlyqmH61h8jS2qSdrRZLcZWIi4K4banG6EJcWRvV + kaVxghY1i/Z9x43bZRpBPvpM462IDx08vYX9AcFmF7JfjAXPwJO/EqZVsY1YPDzO + vdXWrtTORO8R8Pjq3X952yNqgHBcJQh7Q9TBcj+XBtkidOSnTt3Sp/RumsucUW19 + 0wMempDPiCOAadLmR4cW5XL1ednXurkd+5gHCmB1Sl7FueP5dgLB/mhXjmITE3zH + aQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + + }; users = { jeschli = { From 94c785281a89711742bb32cde94b9ccbb7603c21 Mon Sep 17 00:00:00 2001 From: jeschli Date: Wed, 10 Jan 2018 15:10:13 +0100 Subject: [PATCH 69/69] jeschli retiolum: connect to enklave --- jeschli/2configs/retiolum.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/jeschli/2configs/retiolum.nix b/jeschli/2configs/retiolum.nix index 403300b30..b611cbe7d 100644 --- a/jeschli/2configs/retiolum.nix +++ b/jeschli/2configs/retiolum.nix @@ -9,6 +9,7 @@ "gum" "ni" "dishfire" + "enklave" ]; }; @@ -16,6 +17,9 @@ tinc = pkgs.tinc_pre; }; + networking.firewall.allowedTCPPorts = [ 655 ]; + networking.firewall.allowedUDPPorts = [ 655 ]; + environment.systemPackages = [ pkgs.tinc ];