From b1983327610628028021374e519baa27dc63d9bf Mon Sep 17 00:00:00 2001 From: Markus Hihn Date: Wed, 20 Dec 2017 18:15:49 +0100 Subject: [PATCH 01/48] jeschli bln: +sqlite, datagrip --- jeschli/1systems/bln/config.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 901970e81..0748667ba 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -72,6 +72,8 @@ rxvt_unicode # editors emacs + # databases + sqlite # internet thunderbird hipchat @@ -91,6 +93,7 @@ jetbrains.pycharm-professional jetbrains.webstorm jetbrains.goland + jetbrains.datagrip texlive.combined.scheme-full pandoc redis From c87334ccc6406ab07904ce3715378dd9bf392286 Mon Sep 17 00:00:00 2001 From: Markus Hihn Date: Sat, 23 Dec 2017 09:19:45 +0100 Subject: [PATCH 02/48] jeschli bln: gh/gd aliases --- jeschli/1systems/bln/config.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 0748667ba..578638a7e 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -54,7 +54,11 @@ # List packages installed in system profile. To search by name, run: # $ nix-env -qaP | grep wget nixpkgs.config.allowUnfree = true; - environment.shellAliases = { n = "nix-shell"; }; + environment.shellAliases = { + n = "nix-shell"; + gd = "cd /home/markus/go/src/gitlab.dcso.lolcat"; + gh = "cd /home/markus/go/src/github.com"; + }; environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; }; environment.systemPackages = with pkgs; [ # system helper From 08fa15d17350f78ee6a85e5d7194ce663e0103a9 Mon Sep 17 00:00:00 2001 From: Markus Hihn Date: Wed, 27 Dec 2017 17:34:26 +0100 Subject: [PATCH 03/48] jeschli bln: wireless for 34c3 --- jeschli/1systems/bln/config.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 578638a7e..9ea680129 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -37,8 +37,8 @@ ]; networking.hostName = "BLN02NB0154"; # Define your hostname. - networking.networkmanager.enable = true; - #networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + # networking.networkmanager.enable = true; + networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # Select internationalisation properties. # i18n = { From cd81909e0e1436969e4bea5f1b3471d3d991040c Mon Sep 17 00:00:00 2001 From: nin Date: Tue, 2 Jan 2018 22:38:26 +0100 Subject: [PATCH 04/48] nin axon: init --- krebs/3modules/nin/default.nix | 41 +++++++++++ nin/1systems/axon/config.nix | 121 +++++++++++++++++++++++++++++++++ nin/1systems/axon/source.nix | 4 ++ 3 files changed, 166 insertions(+) create mode 100644 nin/1systems/axon/config.nix create mode 100644 nin/1systems/axon/source.nix diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix index aab568352..c9b2aa7fd 100644 --- a/krebs/3modules/nin/default.nix +++ b/krebs/3modules/nin/default.nix @@ -31,6 +31,47 @@ with import ; }; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx"; + }; + axon= { + cores = 2; + nets = { + retiolum = { + ip4.addr = "10.243.134.66"; + ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379"; + aliases = [ + "axon.retiolum" + "axon.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEA89h5SLDQL/ENM//3SMzNkVnW4dBdg1GOXs/SdRCTcgygJC0TzsAo + glfQhfS+OhFSC/mXAjP8DnN7Ys6zXzMfJgH7TgVRJ8tCo5ETehICA19hMjMFINLj + KZhhthPuX7u2Jr4uDMQ0eLJnKVHF4PmHnkA+JGcOqO7VSkgcqPvqPMnJFcMkGWvH + L3KAz1KGPHZWrAB2NBDrD/bOZj4L39nS4nJIYVOraP7ze1GTTC7s/0CnZj3qwS5j + VdUYgAR+bdxlWm1B1PPOjkslP6UOklQQK4SjK3ceLYb2yM7BVICeznjWCbkbMACY + PUSvdxyiD7nZcLvuM3cJ1M45zUK+tAHHDB5FFUUAZ+YY/Xml4+JOINekpQdGQqkN + X4VsdRGKpjqi+OXNP4ktDcVkl8uALmNR6TFfAEwQJdjgcMxgJGW9PkqvPl3Mqgoh + m89lHPpO0Cpf40o6lZRG42gH1OR7Iy1M234uA08a3eFf+IQutHaOBt/Oi0YeiaQp + OtJHmWtpsQRz24/m+uroSUtKZ63sESli28G1jP73Qv7CiB8KvSX0Z4zKJOV/CyaT + LLguAyeWdNLtVg4bGRd7VExoWA+Rd9YKHCiE5duhETZk0Hb9WZmgPdM7A0RBb+1H + /F9BPKSZFl2e42VEsy8yNmBqO8lL7DVbAjLhtikTpPLcyjNeqN99a8jFX4c5nhIK + MVsSLKsmNGQq+dylXMbErsGu3P/OuCZ4mRkC32Kp4qwJ+JMrJc8+ZbhKl6Fhwu0w + 7DwwoUaRoMqtr2AwR+X67eJsYiOVo5EkqBo6DrWIM6mO2GrWHg5LTBIShn08q/Nm + ofPK2TmLdfqBycUR0kRCCPVi82f9aElmg3pzzPJnLAn9JLL43q6l+sefvtr9sTs3 + 1co6m8k5mO8zTb8BCmX2nFMkCopuHeF1nQ33y6woq0D8WsXHfHtbPwN9eYRVrbBF + 29YBp5E+Q1pQB+0rJ4A5N1I3VUKhDGKc72pbQc8cYoAbDXA+RKYbsFOra5z585dt + 4HQXpwj3a/JGJYRT6FVbJp4p8PjwAtN9VkpXNl4//3lXQdDD6aQ6ssXaKxVAp2Xj + FjPjx6J6ok4mRvofKNAREt4eZUdDub34bff6G0zI7Vls9t4ul0uHsJ6+ic3CG+Yl + buLfOkDp4hVCAlMPQ2NJfWKSggoVao7OTBPTMB3NiM56YOPptfZgu2ttDRTyuQ7p + hrOwutxoy/abH3hA8bWj1+C23vDtQ2gj0r16SWxpPdb3sselquzKp9NIvtyRVfnG + yYZTWRHg9mahMC2P0/wWAQVjKb0LnTib4lSe21uqFkWzp+3/Uu+hiwP5xGez/NIi + ahyL7t0D9r9y+i1RPjYWypgyR568fiGheQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDfxnR6MwDJPYxPOCQgfRbzDyzTgJeRpDy0VIrr88Cdt"; }; onondaga = { cores = 1; diff --git a/nin/1systems/axon/config.nix b/nin/1systems/axon/config.nix new file mode 100644 index 000000000..88060fc39 --- /dev/null +++ b/nin/1systems/axon/config.nix @@ -0,0 +1,121 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, lib, pkgs, ... }: + +with lib; + +{ + imports = [ + + + #../2configs/copyq.nix + + + + + ]; + + krebs.build.host = config.krebs.hosts.axon; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/pool/root"; + fsType = "ext4"; + }; + + fileSystems."/tmp" = + { device = "tmpfs"; + fsType = "tmpfs"; + }; + + fileSystems."/boot" = + { device = "/dev/sda1"; + fsType = "ext2"; + }; + + boot.initrd.luks.devices.crypted.device = "/dev/sda2"; + boot.initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + # Define on which hard drive you want to install Grub. + boot.loader.grub.device = "/dev/sda"; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + fileSystems."/home/nin/.local/share/Steam" = { + device = "/dev/fam/steam"; + }; + + # nin config + time.timeZone = "Europe/Berlin"; + services.xserver.enable = true; + + networking.networkmanager.enable = true; + #networking.wireless.enable = true; + + hardware.pulseaudio = { + enable = true; + systemWide = true; + }; + + hardware.bluetooth.enable = true; + + hardware.opengl.driSupport32Bit = true; + + #nixpkgs.config.steam.java = true; + + environment.systemPackages = with pkgs; [ + firefox + git + lmms + networkmanagerapplet + python + steam + thunderbird + vim + virtmanager + ]; + + nixpkgs.config = { + + allowUnfree = true; + + }; + + #services.logind.extraConfig = "HandleLidSwitch=ignore"; + + services.xserver.synaptics = { + enable = true; + }; + + + services.xserver.desktopManager.xfce = let + xbindConfig = pkgs.writeText "xbindkeysrc" '' + "${pkgs.pass}/bin/passmenu --type" + Control + p + ''; + in { + enable = true; + extraSessionCommands = '' + ${pkgs.xbindkeys}/bin/xbindkeys -f ${xbindConfig} + ''; + }; + + # The NixOS release to be compatible with for stateful data such as databases. + system.stateVersion = "17.03"; + +} diff --git a/nin/1systems/axon/source.nix b/nin/1systems/axon/source.nix new file mode 100644 index 000000000..6a40296da --- /dev/null +++ b/nin/1systems/axon/source.nix @@ -0,0 +1,4 @@ +import { + name = "axon"; + secure = true; +} From c33c1ce3fbf90476dbaad44fe99e12eda1fd3f72 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 3 Jan 2018 04:24:01 +0100 Subject: [PATCH 05/48] ma hdl-dump: init --- makefu/5pkgs/hdl-dump/default.nix | 33 +++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 makefu/5pkgs/hdl-dump/default.nix diff --git a/makefu/5pkgs/hdl-dump/default.nix b/makefu/5pkgs/hdl-dump/default.nix new file mode 100644 index 000000000..bd454223a --- /dev/null +++ b/makefu/5pkgs/hdl-dump/default.nix @@ -0,0 +1,33 @@ +{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub, upx, wine }: +stdenv.mkDerivation rec { + pname = "hdl-dump"; + version = "75df8d7"; + name = "${pname}-${version}"; + + src = fetchFromGitHub { + owner = "AKuHAK"; + repo = "hdl-dump"; + rev = version; + sha256 = "10jjr6p5yn0c182x17m7q68jmf8gizcny7wjxw7z5yh0fv5s48z4"; + }; + + buildInputs = [ upx wine ]; + + makeFlags = [ "RELEASE=yes" ]; + + # uses wine, currently broken + #postBuild = '' + # make -C gui + #''; + + installPhase = '' + mkdir -p $out/bin + cp hdl_dump $out/bin + ''; + + meta = { + homepage = https://github.com/AKuHAK/hdl-dump ; + description = "copy isos to psx hdd"; + license = lib.licenses.gpl2; + }; +} From e6d56100ae923e9c00ec190e7cfb90594dc768a9 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 3 Jan 2018 04:50:08 +0100 Subject: [PATCH 06/48] ma pkgs.opl-utils: init at 2017-10-17 --- makefu/5pkgs/opl-utils/default.nix | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 makefu/5pkgs/opl-utils/default.nix diff --git a/makefu/5pkgs/opl-utils/default.nix b/makefu/5pkgs/opl-utils/default.nix new file mode 100644 index 000000000..f4430f333 --- /dev/null +++ b/makefu/5pkgs/opl-utils/default.nix @@ -0,0 +1,27 @@ +{ stdenv, lib, pkgs, fetchFromGitHub }: +stdenv.mkDerivation rec { + pname = "opl-utils"; + version = "881c0d2"; + name = "${pname}-${version}"; + + src = fetchFromGitHub { + owner = "ifcaro"; + repo = "open-ps2-loader"; + rev = version; + sha256 = "1c2hgbyp5hymyq60mrk7g0m3gi00wqx165pdwwwb740q0qig07d1"; + }; + + + preBuild = "cd pc/"; + + installPhase = '' + mkdir -p $out/bin + cp */bin/* $out/bin + ''; + + meta = { + homepage = https://github.com/ifcaro/Open-PS2-Loader; + description = "open-ps2-loader utils (opl2iso,iso2opl,genvmc)"; + license = lib.licenses.afl3; + }; +} From f56733184ef40fb6841b903f6e8761b03640cceb Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 3 Jan 2018 14:41:33 +0100 Subject: [PATCH 07/48] ma tools: add console tools --- makefu/2configs/tools/all.nix | 1 + makefu/2configs/tools/consoles.nix | 7 +++++++ 2 files changed, 8 insertions(+) create mode 100644 makefu/2configs/tools/consoles.nix diff --git a/makefu/2configs/tools/all.nix b/makefu/2configs/tools/all.nix index 1ac22e34c..2bb438f16 100644 --- a/makefu/2configs/tools/all.nix +++ b/makefu/2configs/tools/all.nix @@ -1,6 +1,7 @@ { imports = [ ./android-pentest.nix + ./consoles.nix ./core.nix ./core-gui.nix ./dev.nix diff --git a/makefu/2configs/tools/consoles.nix b/makefu/2configs/tools/consoles.nix new file mode 100644 index 000000000..76eb0044c --- /dev/null +++ b/makefu/2configs/tools/consoles.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: +{ + users.users.makefu.packages = with pkgs; [ + opl-utils + hdl-dump + ]; +} From dd6193f692206ddace0f20560338684dc24af4a3 Mon Sep 17 00:00:00 2001 From: nin Date: Wed, 3 Jan 2018 15:23:27 +0100 Subject: [PATCH 08/48] nin 1 axon config: remove steam partition --- nin/1systems/axon/config.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/nin/1systems/axon/config.nix b/nin/1systems/axon/config.nix index 88060fc39..c5f38c1f3 100644 --- a/nin/1systems/axon/config.nix +++ b/nin/1systems/axon/config.nix @@ -56,10 +56,6 @@ with lib; # Enable CUPS to print documents. # services.printing.enable = true; - fileSystems."/home/nin/.local/share/Steam" = { - device = "/dev/fam/steam"; - }; - # nin config time.timeZone = "Europe/Berlin"; services.xserver.enable = true; From 3e976918e64249a11cb433b587db094bb6105af3 Mon Sep 17 00:00:00 2001 From: nin Date: Wed, 3 Jan 2018 18:11:48 +0100 Subject: [PATCH 09/48] nin axon: set up ssh keys --- krebs/3modules/nin/default.nix | 6 +++++- nin/2configs/default.nix | 2 ++ nin/2configs/git.nix | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix index c9b2aa7fd..1a0999b8d 100644 --- a/krebs/3modules/nin/default.nix +++ b/krebs/3modules/nin/default.nix @@ -71,7 +71,7 @@ with import ; }; }; ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDfxnR6MwDJPYxPOCQgfRbzDyzTgJeRpDy0VIrr88Cdt"; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4ubHA2pQzV4tQq9D1zRTD1xOSR6xZM3z6te+5A1ekc"; }; onondaga = { cores = 1; @@ -104,6 +104,10 @@ with import ; }; users = { nin = { + mail = "nin@axon.retiolum"; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon"; + }; + nin_h = { mail = "nin@hiawatha.retiolum"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha"; }; diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix index d7b89c80c..62f499a2d 100644 --- a/nin/2configs/default.nix +++ b/nin/2configs/default.nix @@ -16,6 +16,7 @@ with import ; root = { openssh.authorizedKeys.keys = [ config.krebs.users.nin.pubkey + config.krebs.users.nin_h.pubkey ]; }; nin = { @@ -31,6 +32,7 @@ with import ; ]; openssh.authorizedKeys.keys = [ config.krebs.users.nin.pubkey + config.krebs.users.nin_h.pubkey ]; }; }; diff --git a/nin/2configs/git.nix b/nin/2configs/git.nix index 2a8604689..9ebbaabd2 100644 --- a/nin/2configs/git.nix +++ b/nin/2configs/git.nix @@ -53,7 +53,7 @@ let with git // config.krebs.users; repo: singleton { - user = [ nin ]; + user = [ nin nin_h ]; repo = [ repo ]; perm = push "refs/*" [ non-fast-forward create delete merge ]; } ++ From 788cc63754e7dc4f559087ae37b74017e6b77d39 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 3 Jan 2018 18:23:22 +0100 Subject: [PATCH 10/48] l: add ableton stuff --- lass/1systems/mors/config.nix | 1 + lass/2configs/ableton.nix | 20 ++++++++++++++++++++ 2 files changed, 21 insertions(+) create mode 100644 lass/2configs/ableton.nix diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index ad133802f..8c7c39a6f 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -30,6 +30,7 @@ with import ; + { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ diff --git a/lass/2configs/ableton.nix b/lass/2configs/ableton.nix new file mode 100644 index 000000000..9d6f481b0 --- /dev/null +++ b/lass/2configs/ableton.nix @@ -0,0 +1,20 @@ +{ config, pkgs, ... }: let + mainUser = config.users.extraUsers.mainUser; +in { + users.users= { + ableton = { + isNormalUser = true; + extraGroups = [ + "audio" + "video" + ]; + packages = [ + pkgs.wine + pkgs.winetricks + ]; + }; + }; + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(ableton) NOPASSWD: ALL + ''; +} From a23eb141826e14987d8d72549857af86e6db7287 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 4 Jan 2018 00:01:41 +0100 Subject: [PATCH 11/48] l nixpkgs: 3aec59c -> 0b30c1d --- lass/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/source.nix b/lass/source.nix index 473dd2cf2..a6314694c 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "3aec59c"; + ref = "0b30c1d"; }; secrets = getAttr builder { buildbot.file = toString ; From a9f803207243425d5c06ce82820c27a4de8af5ad Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 4 Jan 2018 00:02:21 +0100 Subject: [PATCH 12/48] nixpkgs: cb751f9 -> 0b30c1d --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index 8fbdce284..b952aa2a2 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -17,6 +17,6 @@ in stockholm.file = toString ; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "cb751f9b1c3fe6885f3257e69ce328f77523ad77"; # nixos-17.09 @ 2017-12-13 + ref = "0b30c1dd4c638e318957fc6a9198cf2429e38cb5"; # nixos-17.09 @ 2018-01-04 }; } From 6ad170e7621668fdcf03aab37d1f9843e446d2da Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 4 Jan 2018 00:20:47 +0100 Subject: [PATCH 13/48] ma source: fix FUCKWIT --- makefu/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/source.nix b/makefu/source.nix index fde1d9680..ccdc7b9f0 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -13,7 +13,7 @@ let then "buildbot" else "makefu"; _file = + "/makefu/1systems/${name}/source.nix"; - ref = "3874de4"; # unstable @ 2017-12-08 + ref = "475bec2"; # unstable @ 2017-08-04 # + do_sqlite3 ruby: 55a952be5b5 in From 8028debcf5fa1f79b2cdd288fef8477e87fd9787 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 4 Jan 2018 00:53:04 +0100 Subject: [PATCH 14/48] ma tools: add nix-repl --- makefu/2configs/tools/dev.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index 04a65df26..b652241bd 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -21,6 +21,9 @@ gen-oath-safe cdrtools stockholm + # nix related + nix-repl + nix-index # git-related tig ]; From 6dc4485a559020829a0b4d20ebba31bf366d066c Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 4 Jan 2018 00:53:39 +0100 Subject: [PATCH 15/48] ma tools: add bin2iso to consoles --- makefu/2configs/tools/consoles.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/tools/consoles.nix b/makefu/2configs/tools/consoles.nix index 76eb0044c..543215adf 100644 --- a/makefu/2configs/tools/consoles.nix +++ b/makefu/2configs/tools/consoles.nix @@ -3,5 +3,6 @@ users.users.makefu.packages = with pkgs; [ opl-utils hdl-dump + bin2iso ]; } From f6f01faa3ace57ed29af2b953bab34924b70abfc Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 4 Jan 2018 01:25:07 +0100 Subject: [PATCH 16/48] ma 2/default: use linuxPkackages_latest by default --- makefu/2configs/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 25f9f63bf..0a89d2023 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -11,6 +11,9 @@ with import ; ./vim.nix ./binary-cache/nixos.nix ]; + + boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; + programs.command-not-found.enable = false; nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name); krebs = { From 67dd126fc4244c40cd819be8cc23a15f6b1b1d6c Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 4 Jan 2018 01:25:59 +0100 Subject: [PATCH 17/48] fix meltdown --- lass/2configs/security-workarounds.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/security-workarounds.nix b/lass/2configs/security-workarounds.nix index 537c8a59b..c3d07d5fe 100644 --- a/lass/2configs/security-workarounds.nix +++ b/lass/2configs/security-workarounds.nix @@ -5,4 +5,6 @@ with import ; boot.extraModprobeConfig = '' install dccp /run/current-system/sw/bin/false ''; + + boot.kernelPackages = pkgs.linuxPackages_latest; } From ba42be899d0af94f5a3a1c9a71451c76d4666eb4 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 4 Jan 2018 02:14:36 +0100 Subject: [PATCH 18/48] ma pkgs.cue2pops: init --- makefu/2configs/tools/consoles.nix | 1 + makefu/5pkgs/cue2pops/default.nix | 24 ++++++++++++++++++++++++ 2 files changed, 25 insertions(+) create mode 100644 makefu/5pkgs/cue2pops/default.nix diff --git a/makefu/2configs/tools/consoles.nix b/makefu/2configs/tools/consoles.nix index 543215adf..7090804d4 100644 --- a/makefu/2configs/tools/consoles.nix +++ b/makefu/2configs/tools/consoles.nix @@ -4,5 +4,6 @@ opl-utils hdl-dump bin2iso + cue2pops ]; } diff --git a/makefu/5pkgs/cue2pops/default.nix b/makefu/5pkgs/cue2pops/default.nix new file mode 100644 index 000000000..218ae8307 --- /dev/null +++ b/makefu/5pkgs/cue2pops/default.nix @@ -0,0 +1,24 @@ +{ stdenv, lib, pkgs, fetchFromGitHub }: + +stdenv.mkDerivation rec { + pname = "cue2pops"; + version = "2"; + name = "${pname}-${version}"; + + src = fetchFromGitHub { + owner = "makefu"; + repo = "cue2pops-linux"; + rev = "541863a"; + sha256 = "05w84726g3k33rz0wwb9v77g7xh4cnhy9sxlpilf775nli9bynrk"; + }; + + installPhase = '' + install -Dm755 $pname $out/bin/$pname + ''; + + meta = { + homepage = http://users.eastlink.ca/~doiron/bin2iso/ ; + description = "converts bin+cue to iso"; + license = lib.licenses.gpl3; + }; +} From e02e7053aaabc883ae4a6aa23886b6ee92cebb79 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 4 Jan 2018 18:36:47 +0100 Subject: [PATCH 19/48] ma source: cherry-pick latest kernel bump --- makefu/source.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/makefu/source.nix b/makefu/source.nix index ccdc7b9f0..822b1e7c0 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -13,8 +13,9 @@ let then "buildbot" else "makefu"; _file = + "/makefu/1systems/${name}/source.nix"; - ref = "475bec2"; # unstable @ 2017-08-04 + ref = "d37e53e"; # unstable @ 2017-12-08 # + do_sqlite3 ruby: 55a952be5b5 + # + kernel bump: 1e129a3f993 in evalSource (toString _file) [ From 9f77a71c7b72e3aa32042d5876cc08b00c5ed9bf Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 4 Jan 2018 18:48:46 +0100 Subject: [PATCH 20/48] ma pkgs.mobility: temp remove exfat-nofuse --- makefu/2configs/tools/mobility.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix index 1993a5212..f2676f11c 100644 --- a/makefu/2configs/tools/mobility.nix +++ b/makefu/2configs/tools/mobility.nix @@ -5,5 +5,5 @@ mosh ]; - boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; + # boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; } From 63800b93ffb9e1e612f2d51ff88597b351caeefb Mon Sep 17 00:00:00 2001 From: jeschli Date: Thu, 4 Jan 2018 18:51:22 +0100 Subject: [PATCH 21/48] jeschli nixpkgs: f9390d6 -> d83c808 --- jeschli/1systems/brauerei/config.nix | 2 +- jeschli/source.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index 171a002da..2dec45795 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -96,7 +96,7 @@ # Enable the X11 windowing system. services.xserver.enable = true; - # services.xserver.layout = "us"; + services.xserver.layout = "us"; # services.xserver.xkbOptions = "eurosign:e"; # Enable touchpad support. diff --git a/jeschli/source.nix b/jeschli/source.nix index d1b64b0ed..ae9e1e72e 100644 --- a/jeschli/source.nix +++ b/jeschli/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "f9390d6"; + ref = "d83c808"; }; secrets.file = getAttr builder { buildbot = toString ; From 77d53e841b7eaed58925571c2bdeb51cdc5e82a3 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 4 Jan 2018 23:18:32 +0100 Subject: [PATCH 22/48] ma source: retry to bump nixpkgs --- makefu/source.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/makefu/source.nix b/makefu/source.nix index 822b1e7c0..6b305b641 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -13,9 +13,8 @@ let then "buildbot" else "makefu"; _file = + "/makefu/1systems/${name}/source.nix"; - ref = "d37e53e"; # unstable @ 2017-12-08 + ref = "26ed774"; # nixpkgs-unstable @ 2018-01-04 # + do_sqlite3 ruby: 55a952be5b5 - # + kernel bump: 1e129a3f993 in evalSource (toString _file) [ From 9b46b200cb4b4b1ba36d7cdc21765806f3bd5734 Mon Sep 17 00:00:00 2001 From: Markus Hihn Date: Fri, 5 Jan 2018 10:46:36 +0100 Subject: [PATCH 23/48] jeschli bln: activated nm again --- jeschli/1systems/bln/config.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 9ea680129..5ffa99c86 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -37,8 +37,8 @@ ]; networking.hostName = "BLN02NB0154"; # Define your hostname. - # networking.networkmanager.enable = true; - networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + networking.networkmanager.enable = true; + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # Select internationalisation properties. # i18n = { From 3ad5283dfbf1733e06b16d4439c4f14268680240 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 5 Jan 2018 11:12:47 +0100 Subject: [PATCH 24/48] ma pkgs.bin2iso: init --- makefu/5pkgs/bin2iso/default.nix | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 makefu/5pkgs/bin2iso/default.nix diff --git a/makefu/5pkgs/bin2iso/default.nix b/makefu/5pkgs/bin2iso/default.nix new file mode 100644 index 000000000..31d05fab3 --- /dev/null +++ b/makefu/5pkgs/bin2iso/default.nix @@ -0,0 +1,28 @@ +{ stdenv, lib, pkgs, fetchurl }: +stdenv.mkDerivation rec { + pname = "bin2iso"; + version = "1.9b"; + _dlver = builtins.replaceStrings ["."] [""] version; + name = "${pname}-${version}"; + + src = fetchurl { + url = "http://users.eastlink.ca/~doiron/${pname}/linux/${pname}${_dlver}_linux.c"; + sha256 = "0gg4hbzlm83nnbccy79dnxbwpn7lxl3fb87ka36mlclikvknm2hy"; + }; + + unpackPhase = "true"; + + buildPhase ='' + gcc -Wall -o $pname $src + ''; + + installPhase = '' + install -Dm755 $pname $out/bin/$pname + ''; + + meta = { + homepage = http://users.eastlink.ca/~doiron/bin2iso/ ; + description = "converts bin+cue to iso"; + license = lib.licenses.gpl3; + }; +} From 801f2f0926d665fb2a3c2fd9184706a2235fe960 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 5 Jan 2018 11:52:07 +0100 Subject: [PATCH 25/48] ma source: back to stable --- makefu/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/source.nix b/makefu/source.nix index 6b305b641..647803fd7 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -13,7 +13,7 @@ let then "buildbot" else "makefu"; _file = + "/makefu/1systems/${name}/source.nix"; - ref = "26ed774"; # nixpkgs-unstable @ 2018-01-04 + ref = "3e8d708"; # nixos-17.09 @ 2018-01-05 # + do_sqlite3 ruby: 55a952be5b5 in From 07e5ece6f65952f1b88d5c2cea9da4a9137b7567 Mon Sep 17 00:00:00 2001 From: Markus Hihn Date: Fri, 5 Jan 2018 12:37:34 +0100 Subject: [PATCH 26/48] jeschli bln: +tig --- jeschli/1systems/bln/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 5ffa99c86..873c0fa3d 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -66,6 +66,7 @@ copyq dmenu git + tig i3lock keepass networkmanagerapplet From a6722fd306a19678f757680da989808af5fc9973 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 5 Jan 2018 15:45:27 +0100 Subject: [PATCH 27/48] hotdog.r: remove repo-sync --- krebs/1systems/hotdog/config.nix | 5 ----- krebs/2configs/buildbot-all.nix | 4 ---- 2 files changed, 9 deletions(-) diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 73b5377bd..98fb88702 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -20,10 +20,5 @@ boot.isContainer = true; networking.useDHCP = false; - krebs.repo-sync.repos.stockholm.timerConfig = { - OnBootSec = "5min"; - OnUnitInactiveSec = "2min"; - RandomizedDelaySec = "2min"; - }; krebs.ci.stockholmSrc = "http://cgit.prism.r/stockholm"; } diff --git a/krebs/2configs/buildbot-all.nix b/krebs/2configs/buildbot-all.nix index ca994e996..5ea78f227 100644 --- a/krebs/2configs/buildbot-all.nix +++ b/krebs/2configs/buildbot-all.nix @@ -1,10 +1,6 @@ with import ; { lib, config, pkgs, ... }: { - imports = [ - - ]; - networking.firewall.allowedTCPPorts = [ 80 8010 9989 ]; krebs.ci.enable = true; krebs.ci.treeStableTimer = 1; From 194e22c517ab22664aea2148421182c6c4ac43d6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 5 Jan 2018 15:45:51 +0100 Subject: [PATCH 28/48] l prism.r: repo-sync stockholm every 2 minutes --- lass/1systems/prism/config.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 593a1fc9c..0b2c10f92 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -302,6 +302,13 @@ in { } ]; } + { + krebs.repo-sync.repos.stockholm.timerConfig = { + OnBootSec = "5min"; + OnUnitInactiveSec = "2min"; + RandomizedDelaySec = "2min"; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; From bd3b2a2bbd3c9b2e6dee2646a580f83b8438d03d Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 5 Jan 2018 15:46:13 +0100 Subject: [PATCH 29/48] buildbot slave: don't fail on remove --- krebs/3modules/buildbot/slave.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix index 0af553c5d..fba585448 100644 --- a/krebs/3modules/buildbot/slave.nix +++ b/krebs/3modules/buildbot/slave.nix @@ -161,7 +161,7 @@ let ExecStartPre = pkgs.writeDash "buildbot-master-init" '' set -efux #remove garbage from old versions - rm -r ${workdir} + rm -rf ${workdir} mkdir -p ${workdir}/info cp ${buildbot-slave-init} ${workdir}/buildbot.tac echo ${contact} > ${workdir}/info/admin From 2e9d5375f6134cba6dfbc3fd048fabfa2363ff83 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 5 Jan 2018 15:55:32 +0100 Subject: [PATCH 30/48] l mors.r: remove exfat-nofuse --- lass/1systems/mors/config.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 8c7c39a6f..c231a0b10 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -70,10 +70,6 @@ with import ; pkgs.ovh-zone ]; } - { - #ps vita stuff - boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; - } { services.tor = { enable = true; From 65a1bf47566a8d17e2d3928f3eec03e941311c61 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 5 Jan 2018 15:58:23 +0100 Subject: [PATCH 31/48] l daedalus.r: enable flash --- lass/1systems/daedalus/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 6674b3db5..8ec744584 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -41,6 +41,7 @@ with import ; skype wine ]; + nixpkgs.config.firefox.enableAdobeFlash = true; services.xserver.enable = true; services.xserver.displayManager.lightdm.enable = true; services.xserver.desktopManager.plasma5.enable = true; From 5c8676bc9cbf918fa8c1f9995d5b7cc790d5414e Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 5 Jan 2018 15:59:11 +0100 Subject: [PATCH 32/48] l daedalus.r: add ens* to dhcpcd interfaces --- lass/1systems/dishfire/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix index 416edeb82..7993c763e 100644 --- a/lass/1systems/dishfire/config.nix +++ b/lass/1systems/dishfire/config.nix @@ -43,6 +43,7 @@ networking.dhcpcd.allowInterfaces = [ "enp*" "eth*" + "ens*" ]; } { From e083b18e34519f30bba79dfd894c3b828fd13da7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 5 Jan 2018 16:00:06 +0100 Subject: [PATCH 33/48] l IM: add bitlbee config --- lass/2configs/IM.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix index b94cb0634..80cebf099 100644 --- a/lass/2configs/IM.nix +++ b/lass/2configs/IM.nix @@ -20,6 +20,17 @@ let ''; in { + services.bitlbee = { + enable = true; + portNumber = 6666; + plugins = [ + pkgs.bitlbee-facebook + pkgs.bitlbee-steam + pkgs.bitlbee-discord + ]; + libpurple_plugins = [ pkgs.telegram-purple ]; + }; + users.extraUsers.chat = { home = "/home/chat"; uid = genid "chat"; From 1deb002e1908cfa6d2f40b602953bd3e30c7f73e Mon Sep 17 00:00:00 2001 From: jeschli Date: Fri, 5 Jan 2018 20:37:54 +0100 Subject: [PATCH 34/48] jeschli urxvt: got better eyes now - adjust font size --- jeschli/2configs/urxvt.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jeschli/2configs/urxvt.nix b/jeschli/2configs/urxvt.nix index a2e02de35..69811eb0a 100644 --- a/jeschli/2configs/urxvt.nix +++ b/jeschli/2configs/urxvt.nix @@ -28,7 +28,7 @@ with import ; URxvt*scrollBar: false URxvt*urgentOnBell: true - URxvt*font: xft:DejaVu Sans Mono:pixelsize=20 + URxvt*font: xft:DejaVu Sans Mono:pixelsize=12 URXvt*faceSize: 12 ''; } From 21bd13b2de964b178e5d42b69efc337e09698dd2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 5 Jan 2018 20:59:29 +0100 Subject: [PATCH 35/48] l: container hackery --- lass/1systems/prism/config.nix | 9 +++++++++ lass/2configs/rebuild-on-boot.nix | 18 ++++++++++++++++++ 2 files changed, 27 insertions(+) create mode 100644 lass/2configs/rebuild-on-boot.nix diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 0b2c10f92..03e9f6eeb 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -184,14 +184,17 @@ in { } { #hotdog + systemd.services."container@hotdog".reloadIfChanged = mkForce false; containers.hotdog = { config = { ... }: { + imports = [ ]; environment.systemPackages = [ pkgs.git ]; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey ]; }; + autoStart = true; enableTun = true; privateNetwork = true; hostAddress = "10.233.2.1"; @@ -200,8 +203,10 @@ in { } { #kaepsele + systemd.services."container@kaepsele".reloadIfChanged = mkForce false; containers.kaepsele = { config = { ... }: { + imports = [ ]; environment.systemPackages = [ pkgs.git ]; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [ @@ -209,6 +214,7 @@ in { tv.pubkey ]; }; + autoStart = true; enableTun = true; privateNetwork = true; hostAddress = "10.233.2.3"; @@ -217,8 +223,10 @@ in { } { #onondaga + systemd.services."container@onondaga".reloadIfChanged = mkForce false; containers.onondaga = { config = { ... }: { + imports = [ ]; environment.systemPackages = [ pkgs.git ]; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ @@ -226,6 +234,7 @@ in { config.krebs.users.nin.pubkey ]; }; + autoStart = true; enableTun = true; privateNetwork = true; hostAddress = "10.233.2.5"; diff --git a/lass/2configs/rebuild-on-boot.nix b/lass/2configs/rebuild-on-boot.nix new file mode 100644 index 000000000..60198be7b --- /dev/null +++ b/lass/2configs/rebuild-on-boot.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: +with import ; +{ + systemd.services.rebuild-on-boot = { + wantedBy = [ "multi-user.target" ]; + environment = { + NIX_REMOTE = "daemon"; + HOME = "/var/empty"; + }; + serviceConfig = { + ExecStart = pkgs.writeScript "rebuild" '' + #!${pkgs.bash}/bin/bash + (/run/current-system/sw/bin/nixos-rebuild -I /var/src switch) & + ''; + ExecStop = "${pkgs.coreutils}/bin/sleep 10"; + }; + }; +} From 90b5b135d30d969c69e73261ed0ca663bc166495 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 5 Jan 2018 21:38:48 +0100 Subject: [PATCH 36/48] ma source: cherry-pick signal-desktop from unstable --- makefu/source.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/makefu/source.nix b/makefu/source.nix index 647803fd7..c22c82f32 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -13,8 +13,9 @@ let then "buildbot" else "makefu"; _file = + "/makefu/1systems/${name}/source.nix"; - ref = "3e8d708"; # nixos-17.09 @ 2018-01-05 + ref = "0f19bee"; # nixos-17.09 @ 2018-01-05 # + do_sqlite3 ruby: 55a952be5b5 + # + signal: 0f19beef3 in evalSource (toString _file) [ From 7f8ec648b8a26221c4ff030ec6242b9f08ba5f6c Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 5 Jan 2018 23:12:22 +0100 Subject: [PATCH 37/48] ma pkgs.gen-oath-safe: remove warning, add yubikey-manager --- makefu/5pkgs/gen-oath-safe/default.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/makefu/5pkgs/gen-oath-safe/default.nix b/makefu/5pkgs/gen-oath-safe/default.nix index 344dc1a02..bad4b08a8 100644 --- a/makefu/5pkgs/gen-oath-safe/default.nix +++ b/makefu/5pkgs/gen-oath-safe/default.nix @@ -1,7 +1,6 @@ { coreutils, makeWrapper, openssl, libcaca, qrencode, fetchFromGitHub, yubikey-manager, python, stdenv, ... }: -builtins.trace "Warning: HTOP mode of gen-oath-safe is currently broken" - stdenv.mkDerivation { +stdenv.mkDerivation { name = "gen-oath-safe-2017-06-30"; src = fetchFromGitHub { owner = "mcepl"; @@ -24,7 +23,7 @@ builtins.trace "Warning: HTOP mode of gen-oath-safe is currently broken" coreutils openssl qrencode - #yubikey-manager + yubikey-manager libcaca python ]; From 99b379715123cdec8f527de4c71700c02974383f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 6 Jan 2018 01:50:16 +0100 Subject: [PATCH 38/48] l IM: add rxvt_unicode.terminfo --- lass/2configs/IM.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix index 80cebf099..51512955e 100644 --- a/lass/2configs/IM.nix +++ b/lass/2configs/IM.nix @@ -57,6 +57,10 @@ in { restartIfChanged = false; + path = [ + pkgs.rxvt_unicode.terminfo + ]; + serviceConfig = { User = "chat"; RemainAfterExit = true; From acecab429219d9086e23fa8912ecb05c017211d1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 6 Jan 2018 01:50:51 +0100 Subject: [PATCH 39/48] l dns: use resolved --- lass/2configs/dns-stuff.nix | 22 ++-------------------- 1 file changed, 2 insertions(+), 20 deletions(-) diff --git a/lass/2configs/dns-stuff.nix b/lass/2configs/dns-stuff.nix index 411b07503..cbcce8df9 100644 --- a/lass/2configs/dns-stuff.nix +++ b/lass/2configs/dns-stuff.nix @@ -11,24 +11,6 @@ with import ; key = "1AFC:E58D:F242:0FBB:9EE9:4E51:47F4:5373:D9AE:C2AB:DD96:8448:333D:5D79:272C:A44C"; }; }; - services.dnsmasq = { - enable = true; - resolveLocalQueries = false; - extraConfig = '' - server=127.1.0.1 - #no-resolv - cache-size=1000 - min-cache-ttl=3600 - bind-dynamic - all-servers - dnssec - trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 - rebind-domain-ok=/onion/ - server=/.onion/127.0.0.1#9053 - port=53 - ''; - }; - networking.extraResolvconfConf = '' - name_servers='127.0.0.1' - ''; + services.resolved.enable = true; + services.resolved.fallbackDns = [ "127.1.0.1" ]; } From 9da4f1242ad782a54b524f6c470cfe82be4a63b4 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 6 Jan 2018 20:49:58 +0100 Subject: [PATCH 40/48] pkgs.internetarchive: fix build --- .../5pkgs/simple/internetarchive/default.nix | 45 ++++++++++--------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/krebs/5pkgs/simple/internetarchive/default.nix b/krebs/5pkgs/simple/internetarchive/default.nix index f5e1bbff3..2f55e6f42 100644 --- a/krebs/5pkgs/simple/internetarchive/default.nix +++ b/krebs/5pkgs/simple/internetarchive/default.nix @@ -1,38 +1,39 @@ -{ pkgs, fetchFromGitHub, ... }: +{ stdenv, pkgs, fetchPypi, ... }: with pkgs.python3Packages; buildPythonPackage rec { pname = "internetarchive"; version = "1.7.3"; name = "${pname}-${version}"; - propagatedBuildInputs = [ - requests - jsonpatch - docopt - clint - six - schema - backports_csv - ]; - -# check only works when cloned from git repo - doCheck = false; - checkInputs = [ - pytest - responses - ]; - - prePatch = '' - sed -i "s/'schema.*'/'schema>=0.4.0'/" setup.py - ''; src = fetchPypi { inherit pname version; sha256 = "0x3saklabdx7qrr11h5bjfd75hfbih7pw5gvl2784zvvvrqrz45g"; }; + propagatedBuildInputs = [ + requests + jsonpatch + docopt + clint + six + schema + backports_csv + ]; + + # check only works when cloned from git repo + doCheck = false; + + checkInputs = [ + pytest + responses + ]; + + prePatch = '' + sed -i "s/'schema.*'/'schema>=0.4.0'/" setup.py + ''; + meta = with stdenv.lib; { description = "python library and cli for uploading files to internet archive"; license = licenses.agpl3; }; - } From 7b39418eb059a80b365beba867613ea0e378c189 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 6 Jan 2018 20:50:37 +0100 Subject: [PATCH 41/48] ma filepimp.r: add nofail to disks --- makefu/1systems/filepimp/config.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/makefu/1systems/filepimp/config.nix b/makefu/1systems/filepimp/config.nix index e9058ec85..30ba61a9b 100644 --- a/makefu/1systems/filepimp/config.nix +++ b/makefu/1systems/filepimp/config.nix @@ -71,7 +71,10 @@ in { '') allDisks); fileSystems = let xfsmount = name: dev: - { "/media/${name}" = { device = dev; fsType = "xfs"; }; }; + { "/media/${name}" = { + device = dev; fsType = "xfs"; + options = [ "nofail" ]; + }; }; in # (xfsmount "j0" (part1 jDisk0)) // (xfsmount "j1" (part1 jDisk1)) // From 72d8ea37cc19a0d09dedef55d540c6b06ebcdbd1 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 6 Jan 2018 20:51:32 +0100 Subject: [PATCH 42/48] ma gum.r: add vbob to wireguard --- makefu/1systems/gum/config.nix | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 1fe0b62f9..6e5f3c2d4 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -108,16 +108,35 @@ in { # }; #} { # wireguard server - networking.firewall.allowedUDPPorts = [ 51820 ]; + + # TODO: networking.nat + + # boot.kernel.sysctl."net.ipv4.ip_forward" = 1; + # conf.all.proxy_arp =1 + networking.firewall = { + allowedUDPPorts = [ 51820 ]; + extraCommands = '' + iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE + ''; + }; + networking.wireguard.interfaces.wg0 = { ips = [ "10.244.0.1/24" ]; + listenPort = 51820; privateKeyFile = (toString ) + "/wireguard.key"; allowedIPsAsRoutes = true; - peers = [{ - # allowedIPs = [ "0.0.0.0/0" "::/0" ]; + peers = [ + { + # x allowedIPs = [ "10.244.0.2/32" ]; publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; - }]; + } + { + # vbob + allowedIPs = [ "10.244.0.3/32" ]; + publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; + } + ]; }; } From 9cf88110a69b7f3902d29e9f252a0b40d2bc5f9f Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 6 Jan 2018 20:51:58 +0100 Subject: [PATCH 43/48] ma omo.r: add nofail to disk --- makefu/1systems/omo/config.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index aaecebadc..ce3ffbcf3 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -143,7 +143,10 @@ in { ]; fileSystems = let cryptMount = name: - { "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };}; + { "/media/${name}" = { + device = "/dev/mapper/${name}"; fsType = "xfs"; + options = [ "nofail" ]; + };}; in cryptMount "crypt0" // cryptMount "crypt1" // cryptMount "crypt2" From de01eae264ee72f1bddb42ae0a33defc66486f4f Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 6 Jan 2018 20:53:33 +0100 Subject: [PATCH 44/48] ma vbob.r: add default routing through wireguard --- makefu/1systems/vbob/config.nix | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix index f318c0e61..7552c6982 100644 --- a/makefu/1systems/vbob/config.nix +++ b/makefu/1systems/vbob/config.nix @@ -7,7 +7,8 @@ { imports = [ ]; - boot.loader.grub.device = "/dev/vda"; + boot.loader.grub.device = "/dev/sda"; + virtualisation.virtualbox.guest.enable = true; } # { # imports = [ @@ -49,6 +50,33 @@ # environment + (let + gum-ip = config.krebs.hosts.gum.nets.internet.ip4.addr; + Gateway = "10.0.2.2"; + in { + networking.localCommands = '' + ip route add ${gum-ip} via ${Gateway} + ''; + systemd.network.networks.enp0s3.routes = [{ + inherit Gateway; # TODO + Destination = gum-ip; + }]; + networking.wireguard.interfaces.wg0 = { + ips = [ "10.244.0.3/24" ]; + privateKeyFile = (toString ) + "/wireguard.key"; + allowedIPsAsRoutes = true; + # explicit route via eth0 to gum + peers = [ + { + # gum + endpoint = "${gum-ip}:51820"; + # allowedIPs = [ "10.244.0.0/24" ]; + allowedIPs = [ "0.0.0.0/0" ]; + publicKey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo="; + } + ]; + }; + }) ]; networking.extraHosts = import (toString ); @@ -90,5 +118,5 @@ 8010 ]; - + systemd.services."serial-getty@ttyS0".enable = true; } From 149aad4cb79de44e095b82ffdf7fa65cc95c2f93 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 6 Jan 2018 21:07:46 +0100 Subject: [PATCH 45/48] ma vbob.r: remove explicit route via systemd does not work --- makefu/1systems/vbob/config.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix index 7552c6982..d4b80c90e 100644 --- a/makefu/1systems/vbob/config.nix +++ b/makefu/1systems/vbob/config.nix @@ -57,10 +57,7 @@ networking.localCommands = '' ip route add ${gum-ip} via ${Gateway} ''; - systemd.network.networks.enp0s3.routes = [{ - inherit Gateway; # TODO - Destination = gum-ip; - }]; + networking.wireguard.interfaces.wg0 = { ips = [ "10.244.0.3/24" ]; privateKeyFile = (toString ) + "/wireguard.key"; From 17883f68dd0ddcb9813add65559bcc95009148fc Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 6 Jan 2018 23:44:03 +0100 Subject: [PATCH 46/48] ma vbob.r: set route after network online --- makefu/1systems/vbob/config.nix | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix index d4b80c90e..ffd9deaee 100644 --- a/makefu/1systems/vbob/config.nix +++ b/makefu/1systems/vbob/config.nix @@ -52,24 +52,21 @@ (let gum-ip = config.krebs.hosts.gum.nets.internet.ip4.addr; - Gateway = "10.0.2.2"; + gateway = "10.0.2.2"; in { - networking.localCommands = '' - ip route add ${gum-ip} via ${Gateway} - ''; - + # make sure the route to gum gets added after the network is online + systemd.services.wireguard-wg0.after = [ "network-online.target" ]; networking.wireguard.interfaces.wg0 = { ips = [ "10.244.0.3/24" ]; privateKeyFile = (toString ) + "/wireguard.key"; - allowedIPsAsRoutes = true; # explicit route via eth0 to gum + preSetup = ["${pkgs.iproute}/bin/ip route add ${gum-ip} via ${gateway}"]; peers = [ - { - # gum + { # gum endpoint = "${gum-ip}:51820"; - # allowedIPs = [ "10.244.0.0/24" ]; - allowedIPs = [ "0.0.0.0/0" ]; + allowedIPs = [ "0.0.0.0/0" "10.244.0.0/24" ]; publicKey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo="; + persistentKeepalive = 25; } ]; }; From 99065dfd7ad990ea7ad4c44b7b209de7e3859926 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 9 Jan 2018 01:16:45 +0100 Subject: [PATCH 47/48] l nixpkgs: 0b30c1d -> 0653b73 --- lass/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/source.nix b/lass/source.nix index a6314694c..f622285b1 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "0b30c1d"; + ref = "0653b73"; }; secrets = getAttr builder { buildbot.file = toString ; From 5ef3a2c6caa2f018c2adf795de992e0487dd2413 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 9 Jan 2018 18:03:28 +0100 Subject: [PATCH 48/48] l nixpkgs: 0653b73 -> d202e30 --- lass/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/source.nix b/lass/source.nix index f622285b1..46c6d31dc 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "0653b73"; + ref = "d202e30"; }; secrets = getAttr builder { buildbot.file = toString ;