From dc3f3588b5465cef10b1798e7d294f4bc2f88e4b Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 19 Sep 2016 11:47:02 +0200 Subject: [PATCH 01/30] explicitly run rfkill package --- makefu/2configs/hw/tp-x2x0.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index 9047cfb66..368465a8b 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -38,4 +38,8 @@ with config.krebs.lib; CPU_MIN_PERF_ON_BAT=0 CPU_MAX_PERF_ON_BAT=30 ''; + + powerManagement.resumeCommands = '' + {pkgs.rfkill}/bin/rfkill unblock all + ''; } From 1748e6ceef2c4c0b9cd25c11ac910af3164381b8 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 28 Sep 2016 12:44:17 +0200 Subject: [PATCH 02/30] m 5 mergerfs: 2.14.0 -> 2.16.1 --- makefu/5pkgs/mergerfs/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/makefu/5pkgs/mergerfs/default.nix b/makefu/5pkgs/mergerfs/default.nix index 64e8fc671..cfb7b0ae7 100644 --- a/makefu/5pkgs/mergerfs/default.nix +++ b/makefu/5pkgs/mergerfs/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { name = "mergerfs-${version}"; - version = "2.14.0"; + version = "2.16.1"; # not using fetchFromGitHub because of changelog being built with git log src = fetchgit { url = "https://github.com/trapexit/mergerfs"; rev = "refs/tags/${version}"; - sha256 = "0j5r96xddlj5gp3n1xhfwjmr6yf861xg3hgby4p078c8zfriq5rm"; + sha256 = "12fqgk54fnnibqiq82p4g2k6qnw3iy6dd64csmlf73yi67za5iwf"; deepClone = true; }; From 08c98a00ed75a49a34b1f0079954cd65ce2e1e1c Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 13 Oct 2016 21:20:33 +0200 Subject: [PATCH 03/30] Revert "k 3 buildbot: remove override (upstream fix)" This reverts commit 252bac92e877e0f14dbdd83a9c54ba02fe937069. because buildbot is broken again --- krebs/3modules/buildbot/master.nix | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index 5dde50ea4..bd17c3765 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -3,8 +3,15 @@ with config.krebs.lib; let - buildbot = pkgs.buildbot; - buildbot-master-config = pkgs.writePython2 "buildbot-master.cfg" '' + # https://github.com/NixOS/nixpkgs/issues/14026 + nixpkgs-fix = import (pkgs.fetchgit { + url = https://github.com/nixos/nixpkgs; + rev = "e026b5c243ea39810826e68362718f5d703fb5d0"; + sha256 = "87e0724910a6df0371f883f99a8cf42e366fb4119f676f6f74ffb404beca2632"; + }) {}; + + buildbot = nixpkgs-fix.buildbot; + buildbot-master-config = pkgs.writeText "buildbot-master.cfg" '' # -*- python -*- from buildbot.plugins import * import re From b7cba0244358beb61aaab135cbe62c331ab6c900 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 13 Oct 2016 21:49:04 +0200 Subject: [PATCH 04/30] lib: don't define defaults that require config --- krebs/4lib/default.nix | 1 - krebs/4lib/types.nix | 13 +------------ 2 files changed, 1 insertion(+), 13 deletions(-) diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix index 3f224edd1..c40b9a868 100644 --- a/krebs/4lib/default.nix +++ b/krebs/4lib/default.nix @@ -19,7 +19,6 @@ let out = lib // rec { ])); types = import ./types.nix { - inherit config; lib = lib // { inherit genid optionalTrace; }; }; diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index 02ca2b8db..8d6ace2e5 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -1,14 +1,9 @@ -{ config, lib, ... }: +{ lib, ... }: with builtins; with lib; with types; -let - # Inherited attributes are used in submodules that have their own `config`. - inherit (config.krebs) build users; -in - types // rec { host = submodule ({ config, ... }: { @@ -27,7 +22,6 @@ types // rec { owner = mkOption { type = user; - default = users.krebs; }; extraZones = mkOption { @@ -49,10 +43,6 @@ types // rec { ssh.pubkey = mkOption { type = nullOr ssh-pubkey; default = null; - apply = x: - optionalTrace (x == null && config.owner.name == build.user.name) - "The option `krebs.hosts.${config.name}.ssh.pubkey' is unused." - x; }; ssh.privkey = mkOption { type = nullOr ssh-privkey; @@ -187,7 +177,6 @@ types // rec { }; owner = mkOption { type = user; - default = users.root; }; group-name = mkOption { type = str; From f81a021f0ccf900d8fdcc2c414ebac528f043760 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 13 Oct 2016 21:53:20 +0200 Subject: [PATCH 05/30] tv q: print TODOs first --- tv/5pkgs/q/default.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tv/5pkgs/q/default.nix b/tv/5pkgs/q/default.nix index b19402fa4..f923950f0 100644 --- a/tv/5pkgs/q/default.nix +++ b/tv/5pkgs/q/default.nix @@ -178,6 +178,11 @@ in pkgs.writeBashBin "q" '' set -eu export PATH=/var/empty + (${q-todo}) || : + if [ "$PWD" != "$HOME" ]; then + (HOME=$PWD; ${q-todo}) || : + fi + echo ${q-cal} echo ${q-isodate} @@ -189,8 +194,4 @@ pkgs.writeBashBin "q" '' (${q-online}) & (${q-thermal_zone}) & wait - ${q-todo} - if [ "$PWD" != "$HOME" ]; then - (HOME=$PWD; ${q-todo}) - fi '' From 9fb29a7030a168046983457f6f7cf9d943661c06 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 13 Oct 2016 21:57:08 +0200 Subject: [PATCH 06/30] xu: mount /bku --- tv/1systems/xu.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 119399ac2..85ac23e9d 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -138,6 +138,11 @@ with config.krebs.lib; fsType = "btrfs"; options = ["defaults" "noatime" "ssd" "compress=lzo"]; }; + "/bku" = { + device = "/dev/mapper/xuvga-bku"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; "/home" = { device = "/dev/mapper/xuvga-home"; fsType = "btrfs"; From f82013c2c60d63f1867add9089076df78bd25af0 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 19 Oct 2016 12:17:04 +0200 Subject: [PATCH 07/30] m 2 elchos: init --- makefu/2configs/elchos/stats.nix | 96 ++++++++++++++++++++++++++++++++ makefu/2configs/urlwatch.nix | 2 + 2 files changed, 98 insertions(+) create mode 100644 makefu/2configs/elchos/stats.nix diff --git a/makefu/2configs/elchos/stats.nix b/makefu/2configs/elchos/stats.nix new file mode 100644 index 000000000..0282b04cf --- /dev/null +++ b/makefu/2configs/elchos/stats.nix @@ -0,0 +1,96 @@ +{ config, lib, pkgs, ... }: + +# graphite-web on port 8080 +# carbon cache on port 2003 (tcp/udp) +with config.krebs.lib; +let + sec = toString ; + acmepath = "/var/lib/acme/"; + acmechall = acmepath + "/challenges/"; + ext-dom = "stats.nsupdate.info"; + #ssl_cert = "${sec}/wildcard.krebsco.de.crt"; + #ssl_key = "${sec}/wildcard.krebsco.de.key"; + ssl_cert = "${acmepath}/${ext-dom}/fullchain.pem"; + ssl_key = "${acmepath}/${ext-dom}/key.pem"; +in { + networking.firewall = { + allowedTCPPorts = [ 2003 80 443 ]; + allowedUDPPorts = [ 2003 ]; + }; + + services.grafana = { + enable = true; + addr = "127.0.0.1"; + extraOptions = { "AUTH_ANONYMOUS_ENABLED" = "true"; }; + users.allowSignUp = false; + users.allowOrgCreate = false; + users.autoAssignOrg = false; + security = import ; # { AdminUser = ""; adminPassword = ""} + }; + krebs.nginx = { + enable = true; + servers.elch-stats = { + server-names = [ ext-dom ]; + listen = [ "80" "443 ssl" ]; + ssl = { + enable = true; + # these certs will be needed if acme has not yet created certificates: + certificate = ssl_cert; + certificate_key = ssl_key; + force_encryption = true; + }; + + locations = [ + (nameValuePair "/" '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://localhost:3000/; + '') + (nameValuePair "/.well-known/acme-challenge" '' + root ${acmechall}/${ext-dom}/; + '') + ]; + }; + }; + + security.acme.certs."${ext-dom}" = { + email = "acme@syntax-fehler.de"; + webroot = "${acmechall}/${ext-dom}/"; + group = "nginx"; + allowKeysForGroup = true; + postRun = "systemctl reload nginx.service"; + extraDomains."${ext-dom}" = null ; + }; + + services.graphite = { + web = { + enable = true; + host = "127.0.0.1"; + port = 8080; + }; + carbon = { + enableCache = true; + # save disk usage by restricting to 1 bulk update per second + config = '' + [cache] + MAX_CACHE_SIZE = inf + MAX_UPDATES_PER_SECOND = 1 + MAX_CREATES_PER_MINUTE = 500 + ''; + storageSchemas = '' + [carbon] + pattern = ^carbon\. + retentions = 60:90d + + [elchos] + patterhn = ^elchos\. + retention = 10s:30d,60s:1y + + [default] + pattern = .* + retentions = 30s:30d,300s:1y + ''; + }; + }; +} diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix index e0fbefa36..189167f71 100644 --- a/makefu/2configs/urlwatch.nix +++ b/makefu/2configs/urlwatch.nix @@ -14,6 +14,8 @@ https://pypi.python.org/simple/xstatic/ http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/ http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/ + https://github.com/amadvance/snapraid/releases.atom + https://erdgeist.org/gitweb/opentracker/log/ ]; }; } From cd506f30fac481e95637fa8dfa62cb4cdc27e3e4 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 19 Oct 2016 12:17:32 +0200 Subject: [PATCH 08/30] m 2 backup: working config --- makefu/2configs/backup.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/backup.nix b/makefu/2configs/backup.nix index 6f79ed4f4..57fd7a64d 100644 --- a/makefu/2configs/backup.nix +++ b/makefu/2configs/backup.nix @@ -1,6 +1,10 @@ { config, lib, ... }: with config.krebs.lib; let + # preparation: + # mkdir -p defaultBackupDir/host.name/src + # as root on omo: + # ssh-copy-id root@src startAt = "0,6,12,18:00"; defaultBackupServer = config.krebs.hosts.omo; defaultBackupDir = "/home/backup"; @@ -12,7 +16,7 @@ let }; dst = { host = defaultBackupServer; - path = defaultBackupDir + src; + path = "${defaultBackupDir}/${host.name}${src}"; }; startAt = "0,6,12,18:00"; snapshots = { @@ -25,6 +29,6 @@ let }; in { krebs.backup.plans = { - wry-to-omo_var-www = defaultPull wry "/var/www"; + wry-to-omo_var-www = defaultPull config.krebs.hosts.wry "/"; }; } From ccd89b19f3fbbb6acb94be8f9f54d4e673ee33dc Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 19 Oct 2016 12:31:13 +0200 Subject: [PATCH 09/30] m *: minor changes --- makefu/1systems/filepimp.nix | 5 +++++ makefu/1systems/gum.nix | 1 + makefu/1systems/omo.nix | 1 + makefu/1systems/wbob.nix | 4 ++++ makefu/1systems/wry.nix | 4 +++- makefu/1systems/x.nix | 3 +-- makefu/2configs/base-gui.nix | 1 - makefu/2configs/filepimp-share.nix | 33 ++++++++++++++++++++++++++++++ makefu/2configs/hw/tp-x220.nix | 2 +- makefu/2configs/iodined.nix | 3 ++- makefu/2configs/nginx/icecult.nix | 28 +++++++++++++++++++++++++ makefu/2configs/rad1o.nix | 2 +- makefu/2configs/solr.nix | 24 ++++++++++++++++++++++ makefu/2configs/urlwatch.nix | 2 +- 14 files changed, 105 insertions(+), 8 deletions(-) create mode 100644 makefu/2configs/filepimp-share.nix create mode 100644 makefu/2configs/nginx/icecult.nix create mode 100644 makefu/2configs/solr.nix diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix index 4037f693d..0fabf6d93 100644 --- a/makefu/1systems/filepimp.nix +++ b/makefu/1systems/filepimp.nix @@ -24,7 +24,9 @@ in { ../2configs/fs/single-partition-ext4.nix ../2configs/smart-monitor.nix ../2configs/tinc/retiolum.nix + ../2configs/filepimp-share.nix ]; + krebs.build.host = config.krebs.hosts.filepimp; # AMD N54L boot = { @@ -76,6 +78,9 @@ in { (xfsmount "j2" (part1 jDisk2)) // (xfsmount "par0" (part1 jDisk3)) ; + + networking.firewall.trustedInterfaces = [ primary-interface ]; + services.wakeonlan.interfaces = [ { interface = primary-interface; diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 401ec6093..20731c847 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -22,6 +22,7 @@ in { ../2configs/tinc/retiolum.nix ../2configs/urlwatch.nix ../2configs/torrent.nix + ../2configs/graphite-standalone.nix ../2configs/sabnzbd.nix ../2configs/opentracker.nix diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 71fb85ff6..2e09e345e 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -44,6 +44,7 @@ in { ../2configs/fs/sda-crypto-root.nix ../2configs/zsh-user.nix ../2configs/urlwatch.nix + ../2configs/backup.nix ../2configs/exim-retiolum.nix ../2configs/smart-monitor.nix ../2configs/mail-client.nix diff --git a/makefu/1systems/wbob.nix b/makefu/1systems/wbob.nix index ff176edd9..184f74147 100644 --- a/makefu/1systems/wbob.nix +++ b/makefu/1systems/wbob.nix @@ -55,6 +55,10 @@ in { # rt2870 with nonfree creates wlp2s0 from wlp0s20u2 # not explicitly setting the interface results in wpa_supplicant to crash networking.wireless.interfaces = [ "wlp2s0" ]; + networking.interfaces.virbr1.ip4 = [{ + address = "10.8.8.11"; + prefixLength = 24; + }]; # nuc hardware diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index 81cd362e6..238b740a6 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -16,13 +16,15 @@ in { ../2configs/bepasty-dual.nix ../2configs/iodined.nix - + ../2configs/backup.nix # other nginx ../2configs/nginx/euer.wiki.nix ../2configs/nginx/euer.blog.nix ../2configs/nginx/euer.test.nix + #../2configs/elchos/stats.nix + # collectd # ../2configs/collectd/collectd-base.nix diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix index 0243856ab..00eca87c4 100644 --- a/makefu/1systems/x.nix +++ b/makefu/1systems/x.nix @@ -63,11 +63,10 @@ # configure pulseAudio to provide a HDMI sink as well networking.firewall.enable = true; - networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 ]; + networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ]; networking.firewall.allowedUDPPorts = [ 665 26061 ]; krebs.build.host = config.krebs.hosts.x; - krebs.hosts.omo.nets.retiolum.via.ip4.addr = "192.168.1.11"; krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ]; diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix index b039c12ca..cbc3efbac 100644 --- a/makefu/2configs/base-gui.nix +++ b/makefu/2configs/base-gui.nix @@ -82,7 +82,6 @@ in URxvt.perl-ext: default,url-select URxvt.keysym.M-u: perl:url-select:select_next - #URxvt.url-select.launcher: firefox -new-tab URxvt.url-select.launcher: chromium URxvt.url-select.underline: true URxvt.searchable-scrollback: CM-s diff --git a/makefu/2configs/filepimp-share.nix b/makefu/2configs/filepimp-share.nix new file mode 100644 index 000000000..23fa8da08 --- /dev/null +++ b/makefu/2configs/filepimp-share.nix @@ -0,0 +1,33 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; +let + hostname = config.krebs.build.host.name; +in { + users.users.smbguest = { + name = "smbguest"; + uid = config.ids.uids.smbguest; + description = "smb guest user"; + home = "/var/empty"; + }; + services.samba = { + enable = true; + shares = { + media = { + path = "/media/"; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; + extraConfig = '' + guest account = smbguest + map to guest = bad user + # disable printing + load printers = no + printing = bsd + printcap name = /dev/null + disable spoolss = yes + ''; + }; +} diff --git a/makefu/2configs/hw/tp-x220.nix b/makefu/2configs/hw/tp-x220.nix index 58390e48d..2ec531e56 100644 --- a/makefu/2configs/hw/tp-x220.nix +++ b/makefu/2configs/hw/tp-x220.nix @@ -5,7 +5,7 @@ with config.krebs.lib; imports = [ ./tp-x2x0.nix ]; boot = { - kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ]; + kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" "tp_smapi" ]; extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; }; hardware.opengl.extraPackages = [ pkgs.vaapiIntel pkgs.vaapiVdpau ]; diff --git a/makefu/2configs/iodined.nix b/makefu/2configs/iodined.nix index ca489d073..b1446eab4 100644 --- a/makefu/2configs/iodined.nix +++ b/makefu/2configs/iodined.nix @@ -5,8 +5,9 @@ let domain = "io.krebsco.de"; pw = import ; in { + networking.firewall.allowedUDPPorts = [ 53 ]; - services.iodined = { + services.iodine = { server = { enable = true; domain = domain; diff --git a/makefu/2configs/nginx/icecult.nix b/makefu/2configs/nginx/icecult.nix new file mode 100644 index 000000000..a11f92af7 --- /dev/null +++ b/makefu/2configs/nginx/icecult.nix @@ -0,0 +1,28 @@ +{ config, pkgs, lib, ... }: + +with config.krebs.lib; + +let + icecult = pkgs.fetchFromGitHub { + owner = "kraiz"; + repo = "icecult"; + rev = "1942d43381a97f30111a48725f7532c343a6f4d7"; + sha256 = "0l8q7kw3w1kpvmy8hza9vr5liiycivbljkmwpacaifbay5y98z58"; + }; +in{ + krebs.nginx = { + enable = true; + servers.default = { + extraConfig = '' + root ${icecult}/app; + ''; + locations = [ + (nameValuePair "/rpc" '' + rewrite /rpc/(.*) /$1 break; + proxy_http_version 1.1; + proxy_pass http://10.42.22.163:3121; + '') + ]; + }; + }; +} diff --git a/makefu/2configs/rad1o.nix b/makefu/2configs/rad1o.nix index 03bb9bc7e..6eca69e0c 100644 --- a/makefu/2configs/rad1o.nix +++ b/makefu/2configs/rad1o.nix @@ -3,7 +3,7 @@ { environment.systemPackages = with pkgs; [ - gnuradio-full + gnuradio-with-packages gnuradio-osmosdr gqrx ]; diff --git a/makefu/2configs/solr.nix b/makefu/2configs/solr.nix new file mode 100644 index 000000000..cad9eabc1 --- /dev/null +++ b/makefu/2configs/solr.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, ... }: + +# graphite-web on port 8080 +# carbon cache on port 2003 (tcp/udp) +with config.krebs.lib; +let + solrHome = "/var/db/solr"; +in { + imports = [ ]; + users.users.solr = { + home = solrHome; + uid = genid "solr"; + createHome = true; + group = "solr"; + }; + users.groups.solr.gid = genid "solr"; + + services.solr = { + enable = true; + inherit solrHome; + user = "solr"; + group = "solr"; + }; +} diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix index 189167f71..0d8f888fa 100644 --- a/makefu/2configs/urlwatch.nix +++ b/makefu/2configs/urlwatch.nix @@ -15,7 +15,7 @@ http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/ http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/ https://github.com/amadvance/snapraid/releases.atom - https://erdgeist.org/gitweb/opentracker/log/ + https://erdgeist.org/gitweb/opentracker/commit/ ]; }; } From 591b8793e31d9f698e4a55a563ab0ca227e4813d Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 19 Oct 2016 12:33:15 +0200 Subject: [PATCH 10/30] k 3 rtorrent: with 16.09 tmux provides explicit .bin output --- krebs/3modules/rtorrent.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix index d53482339..bc65739ea 100644 --- a/krebs/3modules/rtorrent.nix +++ b/krebs/3modules/rtorrent.nix @@ -223,7 +223,7 @@ let touch ${systemd-logfile} cp -f ${configFile} ${cfg.workDir}/.rtorrent.rc ''; - ExecStart = "${pkgs.tmux}/bin/tmux new-session -s rt -n rtorrent -d 'PATH=/bin:/usr/bin:${makeBinPath rutorrent-deps} ${cfg.package}/bin/rtorrent'"; + ExecStart = "${pkgs.tmux.bin}/bin/tmux new-session -s rt -n rtorrent -d 'PATH=/bin:/usr/bin:${makeBinPath rutorrent-deps} ${cfg.package}/bin/rtorrent'"; ## you can simply sudo -u rtorrent tmux a if privateTmp is set to false ## otherwise the tmux session is stored in some private folder in /tmp From 7ebecdc99cd9a1ad9ec7c047348e6ea6faf566c5 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 19 Oct 2016 12:33:56 +0200 Subject: [PATCH 11/30] k 3 m: init sdev, use ssh secrets --- krebs/3modules/makefu/default.nix | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index f5190b6ba..e79e54aa6 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -374,8 +374,8 @@ with config.krebs.lib; ''; }; }; - #ssh.privkey.path = ; - #ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIujMZ3ZFxKpWeB/cjfKfYRr77+VRZk0Eik+92t03NoA root@servarch"; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBGboU/P00yYiwYje53G0oqDFWmcSJ+hIpMsl4f/HH"; }; wbob = rec { cores = 1; @@ -512,6 +512,32 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB }; }; }; + sdev = rec { + cores = 1; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILtm6ETzNgLcXNkrKs2VUEiGsTKBmOFpW2fazbzdUfOg sdev"; + nets = { + retiolum = { + ip4.addr = "10.243.83.237"; + ip6.addr = "42:af50:99cf:c185:f1a8:14d5:acb:8101"; + aliases = [ + "sdev.retiolum" + "sdev.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA8BwHwQ4pLZpskVnQONJsmzRPll4ZKMjAC56sY5p+GfT9ZBMkVDn+ + LeH9wuTRiX/ehgtBiyu8w37cz62hz/71H+3mnWJlTm9bbBTc5N0y8l9b+YYeExW4 + XPm4bUbJWKNRG9tHQAns/OREYDsHLsY6UoyNFmB0wTDpgs7egDCoe7E2eT+pG428 + ysCDYlaZaigOyW+bj/HFLj8FSfpF5C/ug7NE/D7QocadsRUiLtVYrJsfmT+KHWf+ + f5rLWLvuFiz1SWf7wZ9sICF3RCaC9Qhz7zplgHbvwbOHtF+Z/6DxduRMkggZUsUD + nm+40Ex1XJTe+s4V4GKLgh/fDKBTS6JwewIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + # non-stockholm From 564d5bc37d8533f0d1d3c31a87cd4a32c9451d20 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 19 Oct 2016 14:55:27 +0200 Subject: [PATCH 12/30] k 3 rtorrent: revert .bin --- krebs/3modules/rtorrent.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix index bc65739ea..d53482339 100644 --- a/krebs/3modules/rtorrent.nix +++ b/krebs/3modules/rtorrent.nix @@ -223,7 +223,7 @@ let touch ${systemd-logfile} cp -f ${configFile} ${cfg.workDir}/.rtorrent.rc ''; - ExecStart = "${pkgs.tmux.bin}/bin/tmux new-session -s rt -n rtorrent -d 'PATH=/bin:/usr/bin:${makeBinPath rutorrent-deps} ${cfg.package}/bin/rtorrent'"; + ExecStart = "${pkgs.tmux}/bin/tmux new-session -s rt -n rtorrent -d 'PATH=/bin:/usr/bin:${makeBinPath rutorrent-deps} ${cfg.package}/bin/rtorrent'"; ## you can simply sudo -u rtorrent tmux a if privateTmp is set to false ## otherwise the tmux session is stored in some private folder in /tmp From e3cce01913c6a22946cc01438079bc3410ded9b2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 19 Oct 2016 14:58:46 +0200 Subject: [PATCH 13/30] l: add lassulus-blog config, repair ssl for cgit --- lass/1systems/prism.nix | 49 +--------------- lass/2configs/websites/lassulus.nix | 91 +++++++++++++++++++++++++++++ 2 files changed, 92 insertions(+), 48 deletions(-) create mode 100644 lass/2configs/websites/lassulus.nix diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 51d106b5e..9fa210d08 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -24,26 +24,6 @@ in { ../2configs/repo-sync.nix ../2configs/binary-cache/server.nix ../2configs/iodined.nix - { - imports = [ - ../2configs/git.nix - ]; - krebs.nginx.servers.cgit = { - server-names = [ - "cgit.lassul.us" - ]; - locations = [ - (nameValuePair "/.well-known/acme-challenge" '' - root /var/lib/acme/challenges/cgit.lassul.us/; - '') - ]; - ssl = { - enable = true; - certificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem"; - certificate_key = "/var/lib/acme/cgit.lassul.us/key.pem"; - }; - }; - } { users.extraGroups = { # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories @@ -174,6 +154,7 @@ in { imports = [ ../2configs/websites/wohnprojekt-rhh.de.nix ../2configs/websites/domsen.nix + ../2configs/websites/lassulus.nix ]; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport http"; target = "ACCEPT"; } @@ -186,34 +167,6 @@ in { }; } { - security.acme = { - certs."lassul.us" = { - email = "lass@lassul.us"; - webroot = "/var/lib/acme/challenges/lassul.us"; - plugins = [ - "account_key.json" - "key.pem" - "fullchain.pem" - "full.pem" - ]; - allowKeysForGroup = true; - group = "lasscert"; - }; - }; - users.groups.lasscert.members = [ - "dovecot2" - "ejabberd" - "exim" - "nginx" - ]; - krebs.nginx.servers."lassul.us" = { - server-names = [ "lassul.us" ]; - locations = [ - (lib.nameValuePair "/.well-known/acme-challenge" '' - root /var/lib/acme/challenges/lassul.us/; - '') - ]; - }; lass.ejabberd = { enable = true; hosts = [ "lassul.us" ]; diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix new file mode 100644 index 000000000..04c19fad0 --- /dev/null +++ b/lass/2configs/websites/lassulus.nix @@ -0,0 +1,91 @@ +{ config, pkgs, lib, ... }: + +with lib; +let + inherit (import { config = {}; inherit lib; }) + genid + ; + +in { + imports = [ + ../git.nix + ]; + + security.acme = { + certs."lassul.us" = { + email = "lass@lassul.us"; + webroot = "/var/lib/acme/challenges/lassul.us"; + plugins = [ + "account_key.json" + "key.pem" + "fullchain.pem" + "full.pem" + ]; + allowKeysForGroup = true; + group = "lasscert"; + }; + certs."cgit.lassul.us" = { + email = "lassulus@gmail.com"; + webroot = "/var/lib/acme/challenges/cgit.lassul.us"; + plugins = [ + "account_key.json" + "key.pem" + "fullchain.pem" + ]; + group = "nginx"; + allowKeysForGroup = true; + }; + }; + + users.groups.lasscert.members = [ + "dovecot2" + "ejabberd" + "exim" + "nginx" + ]; + + krebs.nginx.servers."lassul.us" = { + server-names = [ "lassul.us" ]; + locations = [ + (nameValuePair "/" '' + root /srv/http/lassul.us; + '') + (nameValuePair "/.well-known/acme-challenge" '' + root /var/lib/acme/challenges/lassul.us/; + '') + ]; + ssl = { + enable = true; + certificate = "/var/lib/acme/lassul.us/fullchain.pem"; + certificate_key = "/var/lib/acme/lassul.us/key.pem"; + }; + }; + + krebs.nginx.servers.cgit = { + server-names = [ + "cgit.lassul.us" + ]; + locations = [ + (nameValuePair "/.well-known/acme-challenge" '' + root /var/lib/acme/challenges/cgit.lassul.us/; + '') + ]; + ssl = { + enable = true; + certificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem"; + certificate_key = "/var/lib/acme/cgit.lassul.us/key.pem"; + }; + }; + + users.users.blog = { + uid = genid "blog"; + description = "lassul.us blog deployment"; + home = "/srv/http/lassul.us"; + useDefaultShell = true; + createHome = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + ]; + }; +} + From c47b5e3d8b2a9a7215a74b5b9f63b52ceb170c2f Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 19 Oct 2016 14:59:12 +0200 Subject: [PATCH 14/30] l 2 baseX: add youtube-tools to pkgs --- lass/2configs/baseX.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 2649ecab9..4b05e3296 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -49,6 +49,8 @@ in { mpv-poll yt-next + + youtube-tools #window manager stuff #haskellPackages.xmobar #haskellPackages.yeganesh From 0bc0ccf58c4c1523a101c188eeab9f63a89cef4c Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 19 Oct 2016 14:59:35 +0200 Subject: [PATCH 15/30] l 2 repo-sync: sync lassulus-blog from github --- lass/2configs/repo-sync.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index 027f31fe0..eae583a84 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -92,6 +92,7 @@ in { (sync-remote "skytraq-datalogger" "https://github.com/makefu/skytraq-datalogger") (sync-remote "xintmap" "https://github.com/4z3/xintmap") (sync-remote "realwallpaper" "https://github.com/lassulus/realwallpaper") + (sync-remote "lassulus-blog" "https://github.com/lassulus/lassulus-blog") (sync-remote-silent "nixpkgs" "https://github.com/nixos/nixpkgs") (sync-retiolum "go") (sync-retiolum "much") From a4f71a9ed0d7db878d40c49589ae6803a1e74017 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 19 Oct 2016 15:01:36 +0200 Subject: [PATCH 16/30] l 2 websites domsen: dma@apanowicz.de -> gmx --- lass/2configs/websites/domsen.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index e05f40d97..3a3e60d39 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -191,7 +191,7 @@ in { server_set_id = $auth1 ''; internet-aliases = [ - { from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; } + { from = "dominik@apanowicz.de"; to = "dominik_a@gmx.de"; } { from = "mail@jla-trading.com"; to = "jla-trading"; } { from = "testuser@lassul.us"; to = "testuser"; } ]; From d0d3cd8e54a78ea1bf16b2b9de5366d15aad7581 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 19 Oct 2016 15:02:06 +0200 Subject: [PATCH 17/30] l 1 prism: remove obsolete key --- lass/1systems/prism.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 9fa210d08..8b4f1d7a2 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -144,7 +144,6 @@ in { users.users.chat.openssh.authorizedKeys.keys = [ "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAHF9tijlMoEevRZCG1AggukxWggfxPHUwg6Ye113ODG6PZ2m98oSmnsjixDy4GfIJjy+8HBbkwS6iH+fsNk86QtAgFNMjBl+9YvEzNRBzcyCqdOkZFvvZvV2oYA7I15il4ln62PDPKjEIS3YPhZPSwc6GhrlsFTnIG56NF/93IhF7R/FA== JuiceSSH" config.krebs.users.lass-uriel.pubkey - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQ8DJhHAqmdrB2+qkV/OuKjR4QDXUww2TWItyDrs+/6F58WacMozgaZr2goA5JQJ5d19nC3LzYb4yLGguADsp987I6cAu5iXPT5PHKc0eRWDN+AGlpTgUtN1BvVrnJZaUJrR9WlHhFYlkOkzAsB15fKYciVWsyxBCVZ+3oiTEjs2L/sfbrgailWqHIUWDftUnJx8EFmSUVZ2GZWklMcgBo0FJD1i0x5u2dQGguNY+28DzQmKgUMS+xD/uUZvrFIWr9I6CBqhsuHJo8n85BT3B3QdG8ARLt5FKPr5L3My6UjlxOkKrDNLjJFjERFCsuIxnrO3tQhvKXQYlOyskHokocYSdcIq8svghJLA3kmRYIjHjZ4y1BNENsk79WyYNMAi5y+A0Evmu+g3ks/DiW3vI/Sw/D3Uc7ilbImpaoL5qUC4+WZM3J2b3Z1AU5D1QiojpKkB9Qt1bokCm8hrRCG9ZDKqAD6IqmI1ARRjfgA4zKwKUhmMqG4p55YGGVf9OeK0rXgX0Z2InyFXeBaU2aBcDfdKD/65w5MnC9CsJnjELdd4r9u2ugTPExzOo3WUlNuOTB1WoZ8CiY2OVGle/E/MzKUDfGuIFhUsFeX0YcLHPbo+mesISNUPaeadSuMuHE8W4FOeEq51toBo/gkxgjtqqWMOd9SxnDQTMBKq3L/w7nEQ== lass@mors" ]; } { From 77c741b8d7631f534ecb63df6da84abb740aa892 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 19 Oct 2016 15:05:19 +0200 Subject: [PATCH 18/30] l 2 exim-smarthost: add feed@lassul.us --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 00a3612fd..d96db359b 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -29,6 +29,7 @@ with config.krebs.lib; { from = "finanzamt@lassul.us"; to = lass.mail; } { from = "netzclub@lassul.us"; to = lass.mail; } { from = "nebenan@lassul.us"; to = lass.mail; } + { from = "feed@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } From fe8069802d9fbd61a93ea3959622c7d4c7edbaec Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 19 Oct 2016 15:05:33 +0200 Subject: [PATCH 19/30] l 2 exim-smarthost: add art@lassul.us --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index d96db359b..3ed8be77f 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -30,6 +30,7 @@ with config.krebs.lib; { from = "netzclub@lassul.us"; to = lass.mail; } { from = "nebenan@lassul.us"; to = lass.mail; } { from = "feed@lassul.us"; to = lass.mail; } + { from = "art@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } From 56350bc8ddae4bf4e475ff4817faa158c283be30 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 19 Oct 2016 15:06:02 +0200 Subject: [PATCH 20/30] l 2 nixpkgs: 354fd37 -> b8ede35 --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 6e9138b61..73c96e876 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "354fd3728952c229fee4f2924737c601d7ab4725"; + ref = "b8ede35d2efa96490857c22c751e75d600bea44f"; }; } From 185c5644dcdd33d24ce7fe41fdf704e8e66a8784 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 19 Oct 2016 15:40:46 +0200 Subject: [PATCH 21/30] m 5 default: remove cups fallback --- makefu/5pkgs/default.nix | 7 ------- 1 file changed, 7 deletions(-) diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 6d020406d..0d375a510 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -2,16 +2,9 @@ let inherit (pkgs) callPackage; - nixpkgs-1509 = import (pkgs.fetchFromGitHub { - owner = "NixOS"; repo = "nixpkgs-channels"; - rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda"; - sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73"; - }) {}; - in { nixpkgs.config.packageOverrides = rec { - cups = nixpkgs-1509.cups; alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";}; alsa-hdspmixer = callPackage ./alsa-tools { alsaToolTarget="hdspmixer";}; alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";}; From 8fe9262b5f56052c8376f601ae1fd0bef9c079e3 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 19 Oct 2016 18:33:42 +0200 Subject: [PATCH 22/30] s 2: fix obsolete option --- shared/2configs/default.nix | 4 ++-- shared/2configs/graphite.nix | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/shared/2configs/default.nix b/shared/2configs/default.nix index 31f786d1d..f5377db94 100644 --- a/shared/2configs/default.nix +++ b/shared/2configs/default.nix @@ -11,7 +11,7 @@ with config.krebs.lib; nixos-config.symlink = "stockholm/${user.name}/1systems/${host.name}.nix"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "9cb194cfa449c43f63185a25c8d10307aea3b358"; # nixos-16.03 @ 2016-08-05 + ref = "b8ede35d2efa96490857c22c751e75d600bea44f"; # nixos-16.09 @ 2016-10-19 }; secrets.file = if getEnv "dummy_secrets" == "true" @@ -28,7 +28,7 @@ with config.krebs.lib; "http://cache.nixos.org" "http://hydra.nixos.org" ]; - nix.useChroot = true; + nix.useSandbox = true; nixpkgs.config.packageOverrides = pkgs: { nano = pkgs.vim; diff --git a/shared/2configs/graphite.nix b/shared/2configs/graphite.nix index 37c6b09fd..bfa2b2966 100644 --- a/shared/2configs/graphite.nix +++ b/shared/2configs/graphite.nix @@ -12,7 +12,7 @@ with config.krebs.lib; services.graphite = { web = { enable = true; - host = "0.0.0.0"; + listenAddress = "0.0.0.0"; }; carbon = { enableCache = true; From 6cdb8d86893679a6eb32669f796f2cab9acb8bba Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 19 Oct 2016 20:46:54 +0200 Subject: [PATCH 23/30] m 5 devpi: bump --- makefu/5pkgs/devpi/default.nix | 72 ++++++++++++++++------- makefu/5pkgs/devpi/py3-fix-encoding.patch | 11 ++++ 2 files changed, 62 insertions(+), 21 deletions(-) create mode 100644 makefu/5pkgs/devpi/py3-fix-encoding.patch diff --git a/makefu/5pkgs/devpi/default.nix b/makefu/5pkgs/devpi/default.nix index 3ccc35c79..020b2fdc2 100644 --- a/makefu/5pkgs/devpi/default.nix +++ b/makefu/5pkgs/devpi/default.nix @@ -1,33 +1,43 @@ { pkgs ? import {} }: with pkgs.stdenv.lib; let - execnet14 = pkgs.python3Packages.buildPythonPackage rec { - name = "execnet-1.4.1"; + + readme-renderer = pkgs.python3Packages.buildPythonPackage rec { + name = "readme_renderer"; + version = "0.7.0"; src = pkgs.fetchurl { - url = "https://pypi.python.org/packages/source/e/execnet/${name}.tar.gz"; - sha256 = "1rpk1vyclhg911p3hql0m0nrpq7q7mysxnaaw6vs29cpa6kx8vgn"; + url = "mirror://pypi/r/readme_renderer/readme_renderer-${version}.tar.gz"; + sha256 = "1kh9ggff8m9sdgr631vf2n4k97h4z1871vay6qgk3ydy3rd856ak"; }; - doCheck = false; # http://prism:8010/builders/build-all/builds/177/steps/build-vbob/logs/stdio - propagatedBuildInputs = with pkgs.python3Packages; - [ setuptools_scm apipkg ]; - meta = { - description = "rapid multi-Python deployment"; - license = licenses.gpl2; - }; - }; + buildInputs = with pkgs.python3Packages; [ pytest ]; + propagatedBuildInputs = with pkgs.python3Packages; [ docutils bleach pygments ]; + }; + devpi-client = pkgs.python3Packages.buildPythonPackage rec { + name = "devpi-client"; + version = "2.7.0"; + + src = pkgs.fetchurl { + url = "mirror://pypi/d/devpi-client/devpi-client-${version}.tar.gz"; + sha256 = "0z7vaf0a66n82mz0vx122pbynjvkhp2mjf9lskgyv09y3bxzzpj3"; + }; + patches = [ ./py3-fix-encoding.patch ]; + buildInputs = with pkgs.python3Packages; [ tox check-manifest pkginfo ]; + propagatedBuildInputs = with pkgs.python3Packages; [ devpi-common py ]; + }; devpi-web = pkgs.python3Packages.buildPythonPackage rec { name = "devpi-web"; - version = "3.0.0"; + version = "3.1.1"; + src = pkgs.fetchurl { - url = "https://pypi.python.org/packages/source/d/devpi-web/devpi-web-${version}.tar.gz"; - sha256 = "156abxyhj17a8cg38hpyr31qkjb61mb2kggsxij4p4xvy9jwkbwi"; + url = "mirror://pypi/d/devpi-web/devpi-web-${version}.tar.gz"; + sha256 = "0bvqv52jmasfm4sdyccwsgvk9a663d3grj7zjw8r9x7xm7l3svqv"; }; propagatedBuildInputs = with pkgs.python3Packages; - [ devpi-server pyramid_chameleon beautifulsoup4 Whoosh defusedxml ]; + [ devpi-server pyramid_chameleon beautifulsoup4 defusedxml readme-renderer ]; meta = { homepage = https://bitbucket.org/hpk42/devpi; @@ -36,9 +46,29 @@ let maintainers = with maintainers; [ makefu ]; }; }; + + devpi-common-3 = pkgs.python3Packages.buildPythonPackage rec { + name = "devpi-common"; + version = "3.0.1"; + + src = pkgs.fetchurl { + url = "mirror://pypi/d/devpi-common/devpi-common-${version}.tar.gz"; + sha256 = "0l3a7iyk596x6pvzg7604lzzi012qszr804fqn6f517zcy1xz23j"; + }; + + propagatedBuildInputs = with pkgs.python3Packages; [ requests2 py ]; + + meta = { + homepage = https://bitbucket.org/hpk42/devpi; + description = "Utilities jointly used by devpi-server and devpi-client"; + license = licenses.mit; + maintainers = with maintainers; [ lewo makefu ]; + }; + }; + devpi-server = pkgs.python3Packages.buildPythonPackage rec { name = "devpi-server"; - version = "3.0.2"; + version = "4.1.1"; # original postFixup adds "import sys; sys.argv[0] = 'devpi-server'" to # `.devpi-server-wrapped` which @@ -46,12 +76,12 @@ let postFixup = ""; src = pkgs.fetchurl { - url = "https://pypi.python.org/packages/source/d/devpi-server/devpi-server-${version}.tar.gz"; - sha256 = "14r1024i3x2pb72khyzvi56sh9smpdswmrbc88xvjxnalmzfn99d"; + url = "mirror://pypi/d/devpi-server/devpi-server-${version}.tar.gz"; + sha256 = "1icbn1nw6w0sc5150fr69rlhs0j5ldnnxfzl2qabq2wi0dbar8hf"; }; propagatedBuildInputs = with pkgs.python3Packages; - [ devpi-common execnet14 itsdangerous pluggy waitress pyramid ]; + [ devpi-common-3 execnet itsdangerous pluggy waitress pyramid ]; buildInputs = with pkgs.python3Packages; [ pytest beautifulsoup4 webtest ]; meta = { @@ -63,7 +93,7 @@ let }; in { - inherit devpi-server; + inherit devpi-server devpi-client; devpi-web = pkgs.python3.buildEnv.override { extraLibs = [ devpi-web devpi-server ]; }; diff --git a/makefu/5pkgs/devpi/py3-fix-encoding.patch b/makefu/5pkgs/devpi/py3-fix-encoding.patch new file mode 100644 index 000000000..e5f940699 --- /dev/null +++ b/makefu/5pkgs/devpi/py3-fix-encoding.patch @@ -0,0 +1,11 @@ ++++ a/setup.py +--- b/setup.py +@@ -26,7 +26,7 @@ + + + def get_changelog(): +- text = open(os.path.join(here, 'CHANGELOG')).read() ++ text = open(os.path.join(here, 'CHANGELOG'),encoding='utf-8').read() + header_matches = list(re.finditer('^-+$', text, re.MULTILINE)) + # until fifth header + text = text[:header_matches[5].start()] From b6fc3af1430e318f781a417e0d7366e1013c0c44 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 19 Oct 2016 21:53:18 +0200 Subject: [PATCH 24/30] m 2 default: bump ref to stable --- makefu/2configs/default.nix | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index a7c2a983e..56a87d7af 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -21,10 +21,13 @@ with config.krebs.lib; search-domain = "retiolum"; build = { user = config.krebs.users.makefu; - source = let inherit (config.krebs.build) host user; in { + source = let + inherit (config.krebs.build) host user; + ref = "b8ede35"; # stable @ 2016-10-19 + in { nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then - { # stable @ 2016-07-20 - git = { url = https://github.com/nixos/nixpkgs; ref = "125ffff"; }; + { + git = { url = https://github.com/nixos/nixpkgs; inherit ref; }; } else # TODO use http, once it is implemented @@ -32,7 +35,7 @@ with config.krebs.lib; ## prepare so we do not have to wait for rsync: ## cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/125ffff -L | tar zx && mv NixOS-nixpkgs-125ffff nixpkgs - { file = "/home/makefu/store/125ffff";}; + { file = "/home/makefu/store/${ref}";}; secrets.file = if getEnv "dummy_secrets" == "true" then toString From a2605f25ee48daaf883c6823564686fa49bff0f3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 19 Oct 2016 23:47:00 +0200 Subject: [PATCH 25/30] l 1 uriel: set defaultLocale to de_DE --- lass/1systems/uriel.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix index aa5286ae0..acc7348e8 100644 --- a/lass/1systems/uriel.nix +++ b/lass/1systems/uriel.nix @@ -9,6 +9,7 @@ with config.krebs.lib; ../2configs/exim-retiolum.nix { # locke config + i18n.defaultLocale ="de_DE.UTF-8"; time.timeZone = "Europe/Berlin"; services.xserver.enable = true; users.users.locke = { From bbaee1993c9786bf01f15c34d0d8993842712477 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 19 Oct 2016 23:47:27 +0200 Subject: [PATCH 26/30] l 1 uriel: add pavucontrol to pkgs --- lass/1systems/uriel.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix index acc7348e8..1068da114 100644 --- a/lass/1systems/uriel.nix +++ b/lass/1systems/uriel.nix @@ -29,6 +29,7 @@ with config.krebs.lib; systemWide = true; }; environment.systemPackages = with pkgs; [ + pavucontrol firefox hexchat networkmanagerapplet From c7be88d76a359379d8d75126a746fd3772aa5036 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 19 Oct 2016 23:47:48 +0200 Subject: [PATCH 27/30] l 1 uriel: gummiboot -> systemd-boot --- lass/1systems/uriel.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix index 1068da114..e1417c83d 100644 --- a/lass/1systems/uriel.nix +++ b/lass/1systems/uriel.nix @@ -53,8 +53,8 @@ with config.krebs.lib; #loader.grub.version = 2; #loader.grub.device = "/dev/sda"; - loader.gummiboot.enable = true; - loader.gummiboot.timeout = 5; + loader.systemd-boot.enable = true; + loader.timeout = 5; initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; From 789dbe2b2657760a5cebcf320f6807847d4fba64 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 20 Oct 2016 08:49:22 +0200 Subject: [PATCH 28/30] m 5 go: buildNodePackage via callPackage --- krebs/5pkgs/go/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/5pkgs/go/default.nix b/krebs/5pkgs/go/default.nix index fb8b65ea1..2871e5a99 100644 --- a/krebs/5pkgs/go/default.nix +++ b/krebs/5pkgs/go/default.nix @@ -1,9 +1,9 @@ -{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodePackages, nodejs }: +{ stdenv, makeWrapper, callPackage, lib, buildEnv, fetchgit, nodePackages, nodejs }: with lib; let - np = nodePackages.override { + np = (callPackage ) { generated = ./packages.nix; self = np; }; @@ -18,7 +18,7 @@ let ignoreCollisions = true; }; -in nodePackages.buildNodePackage { +in np.buildNodePackage { name = "go"; src = fetchgit { From bb2d4b10d3a1a835711e6b4fa459f9b0aaba4a88 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 20 Oct 2016 09:13:15 +0200 Subject: [PATCH 29/30] m 5 newsbot-js: buildNodePackage via callPackage --- krebs/5pkgs/newsbot-js/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/5pkgs/newsbot-js/default.nix b/krebs/5pkgs/newsbot-js/default.nix index 9e4a51306..b52454ca4 100644 --- a/krebs/5pkgs/newsbot-js/default.nix +++ b/krebs/5pkgs/newsbot-js/default.nix @@ -1,9 +1,9 @@ -{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodePackages, nodejs }: +{ stdenv, makeWrapper, callPackage, lib, buildEnv, fetchgit, nodePackages, nodejs }: with lib; let - np = nodePackages.override { + np = (callPackage ) { generated = ./packages.nix; self = np; }; @@ -21,7 +21,7 @@ let ignoreCollisions = true; }; -in nodePackages.buildNodePackage { +in np.buildNodePackage { name = "newsbot-js"; src = fetchgit { From 0f2a9778315c3126794c0f1ad63710d38e7a67f7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 20 Oct 2016 09:48:42 +0200 Subject: [PATCH 30/30] remove haskellPackges.megaparsec --- krebs/5pkgs/haskell-overrides/megaparsec.nix | 20 -------------------- lass/2configs/buildbot-standalone.nix | 1 - 2 files changed, 21 deletions(-) delete mode 100644 krebs/5pkgs/haskell-overrides/megaparsec.nix diff --git a/krebs/5pkgs/haskell-overrides/megaparsec.nix b/krebs/5pkgs/haskell-overrides/megaparsec.nix deleted file mode 100644 index 5ade6006e..000000000 --- a/krebs/5pkgs/haskell-overrides/megaparsec.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ mkDerivation, base, bytestring, fetchzip, HUnit, mtl, QuickCheck -, stdenv, test-framework, test-framework-hunit -, test-framework-quickcheck2, text, transformers -}: -mkDerivation { - pname = "megaparsec"; - version = "4.1.0"; - src = fetchzip { - url = "https://hackage.haskell.org/package/megaparsec-4.1.0/megaparsec-4.1.0.tar.gz"; - sha256 = "1a1ka53a3r91lwnlvzaa8nyk1dxvfd1ij1i5x5vp83q2r9z9dcmi"; - }; - libraryHaskellDepends = [ base bytestring mtl text transformers ]; - testHaskellDepends = [ - base HUnit mtl QuickCheck test-framework test-framework-hunit - test-framework-quickcheck2 transformers - ]; - homepage = "https://github.com/mrkkrp/megaparsec"; - description = "Monadic parser combinators"; - license = stdenv.lib.licenses.bsd3; -} diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 2fc3d3732..628fdf61f 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -172,7 +172,6 @@ in { "hashPassword", "haskellPackages.blessings", "haskellPackages.email-header", - "haskellPackages.megaparsec", "haskellPackages.scanner", "haskellPackages.xmonad-stockholm", "krebspaste",