diff --git a/.gitmodules b/.gitmodules index c96fec739..f35a9250d 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,6 @@ [submodule "submodules/nix-writers"] path = submodules/nix-writers url = http://cgit.krebsco.de/nix-writers +[submodule "submodules/krops"] + path = submodules/krops + url = https://cgit.krebsco.de/krops diff --git a/ci.nix b/ci.nix index 6d2378759..6f4b89b08 100644 --- a/ci.nix +++ b/ci.nix @@ -16,6 +16,6 @@ let ci-systems = filterAttrs (_: v: v.ci) system.config.krebs.hosts; build = host: owner: - ((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-build";}); + ((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-build/${host}";}); in mapAttrs (n: h: build n h.owner.name) ci-systems diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index 4c07da6e8..0edf23676 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -130,10 +130,12 @@ # Don't install feh into systemPackages # refs desktopManager.session = lib.mkForce []; + displayManager.lightdm.enable = lib.mkForce false; + displayManager.job.execCmd = lib.mkForce "derp"; enable = true; - display = 11; - tty = 11; + display = lib.mkForce 11; + tty = lib.mkForce 11; dpi = 144; diff --git a/jeschli/krops.nix b/jeschli/krops.nix index 34f3aaa53..d45d57c63 100644 --- a/jeschli/krops.nix +++ b/jeschli/krops.nix @@ -29,6 +29,7 @@ in { # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) test = { target }: pkgs.krops.writeTest "${name}-test" { + force = true; inherit target; source = source { test = true; }; }; diff --git a/krebs/2configs/buildbot-stockholm.nix b/krebs/2configs/buildbot-stockholm.nix index d10fb7203..5784f2cdc 100644 --- a/krebs/2configs/buildbot-stockholm.nix +++ b/krebs/2configs/buildbot-stockholm.nix @@ -22,6 +22,12 @@ "http://cgit.ni.r/disko" "http://cgit.prism.r/disko" ]; + krops.urls = [ + "http://cgit.hotdog.r/krops" + "http://cgit.ni.r/krops" + "http://cgit.prism.r/krops" + "https://git.ingolf-wagner.de/krebs/krops.git" + ]; nix_writers.urls = [ "http://cgit.hotdog.r/nix-writers" "http://cgit.ni.r/nix-writers" diff --git a/makefu/3modules/airdcpp.nix b/krebs/3modules/airdcpp.nix similarity index 68% rename from makefu/3modules/airdcpp.nix rename to krebs/3modules/airdcpp.nix index 5250ee67a..1633840f7 100644 --- a/makefu/3modules/airdcpp.nix +++ b/krebs/3modules/airdcpp.nix @@ -1,10 +1,10 @@ { config, lib, pkgs, ... }: with import ; #genid let - cfg = config.makefu.airdcpp; + cfg = config.krebs.airdcpp; out = { - options.makefu.airdcpp = api; + options.krebs.airdcpp = api; config = lib.mkIf cfg.enable imp; }; @@ -18,7 +18,7 @@ let user = mkOption { description = '' - user which will run udpt. if kept default a new user will be created + user which will run airdcpp. if kept default a new user will be created ''; type = str; default = "airdcpp"; @@ -37,7 +37,54 @@ let type = str; default = "/var/lib/airdcpp"; }; + hubs = mkOption { + type = attrsOf (submodule ( { config, ... }: { + options = { + Nick = mkOption { + description = '' + Nick Name for hub + ''; + type = str; + default = cfg.Nick; + }; + Password = mkOption { + description = '' + Password to be used + + WARNING: will be stored in plain text in /nix/store + ''; + type = str; + default = ""; + apply = lib.removeSuffix "\n"; + }; + Server = mkOption { + description = '' + URL to the hub (must be provided) + ''; + type = str; + }; + AutoConnect = mkOption { + description = '' + automatically connect to the hub + ''; + type = bool; + default = false; + }; + }; + })); + description = "hubs which should be configured via Favorites.xml, + Options are only used if no initial Favorites.xml file is provided and none exists"; + default = {}; + }; + initialFavoritesConfigFile = mkOption { + description = '' + path inital Favorites.xml configuration if none exists + ''; + type = nullOr path; + default = null; + }; dcpp = { + # entries in DCPlusPlus.xml Nick = mkOption { description = '' Nick Name for connection @@ -70,6 +117,11 @@ let type = str; default = "100"; }; + DownloadDirectory = mkOption { + description = "Directory, where new files will be saved into"; + type = str; + default = "${cfg.stateDir}/Download"; + }; shares = mkOption { default = {}; type = attrsOf (submodule ( { config, ... }: { @@ -117,6 +169,7 @@ let password = mkOption { description = "password of user"; type = str; + apply = lib.removeSuffix "\n"; }; permissions = mkOption { description = "user permissions"; @@ -133,11 +186,6 @@ let genUsers = users: concatMapStringsSep "\n" (user: '''' ) (mapAttrsToList (name: val: val // { inherit name; }) users); - genShares = shares: concatMapStringsSep "\n" (share: - ''${share.path}'' ) - (mapAttrsToList (name: val: val // { inherit name; }) shares); webConfigFile = if (cfg.web.initialConfigFile == null) then builtins.trace "warning: airdcpp passwords are stored in plain text" pkgs.writeText "initial-config" '' @@ -149,16 +197,34 @@ let '' else cfg.web.initialConfigFile; + genHubs = hubs: concatMapStringsSep "\n" (hub: + '''' ) + (mapAttrsToList (name: val: val // { inherit name; }) hubs); + favoritesConfigFile = if (cfg.initialFavoritesConfigFile == null) then + builtins.trace "warning: airdcpp hub passwords are stored in plain text" pkgs.writeText "initial-config" '' + + + + ${genHubs cfg.hubs} + + + '' else cfg.initialFavoritesConfigFile; + genShares = shares: concatMapStringsSep "\n" (share: + ''${share.path}'' ) + (mapAttrsToList (name: val: val // { inherit name; }) shares); dcppConfigFile = if (cfg.dcpp.initialConfigFile == null) then pkgs.writeText "initial-config" '' ${cfg.dcpp.Nick} - ${cfg.package.version} ${toString cfg.dcpp.InPort} ${toString cfg.dcpp.UDPPort} ${toString cfg.dcpp.TLSPort} - 0 + ${cfg.dcpp.DownloadDirectory} 0 1 0 @@ -187,6 +253,8 @@ let test -e $d || install -m700 -o${cfg.user} ${webConfigFile} $d d=${cfg.stateDir}/DCPlusPlus.xml test -e $d || install -m700 -o${cfg.user} ${dcppConfigFile} $d + d=${cfg.stateDir}/Favorites.xml + test -e $d || install -m700 -o${cfg.user} ${favoritesConfigFile} $d ''; PermissionsStartOnly = true; ExecStart = "${cfg.package}/bin/airdcppd -c=${cfg.stateDir} -p=${cfg.stateDir}/airdcpp.pid"; diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 41b701cd0..6307649e3 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -6,6 +6,7 @@ let out = { imports = [ + ./airdcpp.nix ./announce-activation.nix ./apt-cacher-ng.nix ./backup.nix diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 8a923efd2..f6b4e3c69 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -121,6 +121,10 @@ let cgit-settings = types.submodule { # A setting's value of `null` means cgit's default should be used. options = { + about-filter = mkOption { + type = types.nullOr types.package; + default = null; + }; cache-root = mkOption { type = types.absolute-pathname; default = "/tmp/cgit"; @@ -166,6 +170,10 @@ let types.nullOr (types.enum ["week" "month" "quarter" "year"]); default = "year"; }; + readme = mkOption { + type = types.listOf types.str; + default = []; + }; robots = mkOption { type = types.nullOr (types.listOf types.str); default = ["nofollow" "noindex"]; @@ -394,8 +402,14 @@ let kv-to-cgitrc = k: v: getAttr (typeOf v) { bool = kv-to-cgitrc k (if v then 1 else 0); null = []; # This will be removed by `flatten`. - list = "${k}=${concatStringsSep ", " v}"; + list = { + readme = map (x: "readme=${x}") v; + }.${k} or "${k}=${concatStringsSep ", " v}"; int = "${k}=${toString v}"; + set = + if subtypes.cgit-settings.check v + then "${k}=${v}" + else error "kv-to-cgitrc: unhandled type: set"; string = "${k}=${v}"; }; in diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 7d9ef5075..6b4dc3f17 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -494,6 +494,44 @@ with import ; }; }; }; + eve = { + monitoring = false; + ci = false; + external = true; + nets = rec { + internet = { + # eve.thalheim.io + ip4.addr = "188.68.39.17"; + ip6.addr = "2a03:4000:13:31e::1"; + aliases = [ "eve.i" ]; + }; + retiolum = rec { + via = internet; + addrs = [ + ip4.addr + ip6.addr + ]; + ip4.addr = "10.243.29.174"; + ip6.addr = "42:4992:6a6d:a00::1"; + aliases = [ "eve.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH + XRcH/aYg+IL03cyx4wU7oJKxiOTNGbysglnbTVthfYhqeQY+NRTzR1Thb2Fo+P82 + 08Eovwlgb0uwCjaiH8ZoH3BKjXyMn/Ezrni7hc5zyyRb88XJLosTykO2USlrsoIk + 6OCA3A34HyJH0/G6GbNYCPrB/a/r1ji7OWDlg3Ft9c3ViVOkcNV1d9FV0RULX9EI + +xRDbAs1fkK5wMkC2BpkJRHTpImPbYlwQvDrL2sp+JNAEVni84xGxWn9Wjd9WVv3 + dn+iPUD7HF9bFVDsj0rbVL78c63MEgr0pVyONDBK+XxogMTOqjgicmkLRxlhaSPW + pnfZHJzJ727crBbwosORY+lTq6MNIMjEjNcJnzAEVS5uTJikLYL9Y5EfIztGp7LP + c298AtKjEYOftiyMcohTGnHhio6zteuW/i2sv4rCBxHyH5sWulaHB7X1ej0eepJi + YX6/Ff+y9vDLCuDxb6mvPGT1xpnNmt1jxAUJhiRNuAvbtvjtPwYfWjQXOf7xa2xI + 61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13 + Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; xerxes = { cores = 2; nets = rec { diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 454f9bc65..e2152ea1a 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -4,7 +4,9 @@ with import ; ## generate keys with: # tinc generate-keys # ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host -{ +let + pub-for = name: builtins.readFile (./ssh + "/${name}.pub"); +in { hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) { cake = rec { cores = 4; @@ -590,6 +592,8 @@ with import ; "cache.gum.r" "logs.makefu.r" "stats.makefu.r" + "backup.makefu.r" + "dcpp.nextgum.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -654,6 +658,7 @@ with import ; "wiki.gum.r" "blog.makefu.r" "blog.gum.r" + "dcpp.gum.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -1099,48 +1104,48 @@ with import ; users = rec { makefu = { mail = "makefu@x.r"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@x"; + pubkey = pub-for "makefu.x"; pgp.pubkeys.default = builtins.readFile ./pgp/default.asc; pgp.pubkeys.brain = builtins.readFile ./pgp/brain.asc; }; makefu-omo = { inherit (makefu) mail pgp; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch"; + pubkey = pub-for "makefu.omo"; }; makefu-tsp = { inherit (makefu) mail pgp; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp"; + pubkey = pub-for "makefu.tsp"; }; makefu-vbob = { inherit (makefu) mail pgp; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@vbob"; + pubkey = pub-for "makefu.vbob"; }; makefu-tempx = { inherit (makefu) mail pgp; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOXG6iwvm6zUVk+OE9ZviO+WNosAHSZw4ku0RxWbXSlSG0RfzvV4IfByF3Dw+4a8yZQmjwNkQalUURh2fEqhBLBI9XNEIL7qIu17zheguyXzpE3Smy4pbI+fjdsnfFrw+WE2n/IO8N6ojdH6sMmnWwfkFZYqqofWyLB3WUN9wy2b2z0w/jc56+HxxyTl3rD7CttTs9ak67HqIn3/pNeHoOM+JQ/te8t4ageIlPi8yJJpqZgww1RUWCgPPwZ9DP6gQjo85he76x0h9jvhnFd7m9N1aGdRDcK55QyoY/9x07R24GRutohAB/KDWSkDWQv5BW7M1LCawpJcF3DDslD1i7 makefu@gum"; + pubkey = pub-for "makefu.tempx"; }; makefu-android = { inherit (makefu) mail pgp; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoAtBa10AbiFXfYL4Za7e0CLeXJeH6FhMqVZFqElLkJBKmQ7c7WEMlnuRhEZWSFDXBpaS7p73s5MMOZA13uYv6fI2ipOOwE9Ej1EoMsrQGegBp2VDMo0wnr/sgTL1do+uGI85E/i0uFw0DYhXqlZQk1eK8SdgXYltiVL27IA3NG2kYuoTIvJgRnaPJjTbhLBWti3m586LuO+pBKtcTt1D9EV6wp+6Jum4owPtCgVPQaZfFGYWkEiINV83WX9HoIk4S3bTPLh8Kfp0je0xsioS4T9/cxSPgUie8MjSg0irvLJXRH0JOVuG5NvZTYhAAekwNkHll9CtypPrutjbrXPXf makefu@x"; + pubkey = pub-for "makefu.android"; }; makefu-remote-builder = { inherit (makefu) mail pgp; - pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild"; + pubkey = pub-for "makefu.remote-builder"; }; makefu-bob = { inherit (makefu) mail pgp; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD"; + pubkey = pub-for "makefu.bob"; }; ciko = { mail = "wieczorek.stefan@googlemail.com"; }; ulrich = { - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1sobyfvUu/G2Ms+T0cI4CSgtjCoO2qEYVK1jkqC2A9mLJfNoPsToLowfGszpOAM9S4Rtn+OJ+vPMvs2E4pkZmXcmJZFAKKPNadmzwqCQyskBdoyszkj7DXngX56ZQ+ZEf+vPp2tu/IN0CFNVUllUcWP2TD2ECH5qkBODBHLyGf4PvV35yGpuYNFhFSWkTxwXZ7d5eat2kmwTfryX91Z+M901t6MK0ADyUwBkbotwSn/B6xUEZzExlGhRziRlIM0MrmSMvUA1mcmMJWVfHbb5Sw8yVstUuaU98C3EzDPNlVTbu5al2sDk4+jjireMMMVHC0j8aj7DlhvcF2t7ZpAKy+HN/PFuV7+RgN3DmIMLwbSRfykH3ATVdBzoL0/XmGBRXht6M22igAMFt9o/oHtwWt2JYcNX5poS8kLcjPzGHcx7KOslZ7VZev4BTpFAZIeMYhlzsNCI88bxUqdFxIcofNIQMy4Ep4qJXlgMduQbYtPDRpclDe82yiblhz48+HF/j8+0ZBx4w3jb4XBtgeTfwM2nARsD7MRzokfMfbGf6cZ8AU0/h69ECdsy2KYCKzgFxV/SHN2fDk6SZWLHmxDZ8N02VqgXMTvkYHvDBiaNxM0/iNMKqYCfuxjQPSusBENSgwhUnBGgoGYZuz0r2oMdtzqrkC/VbDxi5gSKl+ZoaMQ== shackspace.de@myvdr.de"; + pubkey = pub-for "ulrich"; mail = "shackspace.de@myvdr.de"; }; exco = { mail = "dickbutt@excogitation.de"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== dickbutt@excogitation.de"; + pubkey = pub-for "exco"; }; }; } diff --git a/krebs/3modules/makefu/ssh/exco.pub b/krebs/3modules/makefu/ssh/exco.pub new file mode 100644 index 000000000..cab884c0c --- /dev/null +++ b/krebs/3modules/makefu/ssh/exco.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== dickbutt@excogitation.de diff --git a/krebs/3modules/makefu/ssh/makefu.android.pub b/krebs/3modules/makefu/ssh/makefu.android.pub new file mode 100644 index 000000000..2bef2442a --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.android.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoAtBa10AbiFXfYL4Za7e0CLeXJeH6FhMqVZFqElLkJBKmQ7c7WEMlnuRhEZWSFDXBpaS7p73s5MMOZA13uYv6fI2ipOOwE9Ej1EoMsrQGegBp2VDMo0wnr/sgTL1do+uGI85E/i0uFw0DYhXqlZQk1eK8SdgXYltiVL27IA3NG2kYuoTIvJgRnaPJjTbhLBWti3m586LuO+pBKtcTt1D9EV6wp+6Jum4owPtCgVPQaZfFGYWkEiINV83WX9HoIk4S3bTPLh8Kfp0je0xsioS4T9/cxSPgUie8MjSg0irvLJXRH0JOVuG5NvZTYhAAekwNkHll9CtypPrutjbrXPXf makefu@x diff --git a/krebs/3modules/makefu/ssh/makefu.bob.pub b/krebs/3modules/makefu/ssh/makefu.bob.pub new file mode 100644 index 000000000..bc8718978 --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.bob.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD diff --git a/krebs/3modules/makefu/ssh/makefu.omo.pub b/krebs/3modules/makefu/ssh/makefu.omo.pub new file mode 100644 index 000000000..5567040fb --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.omo.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch diff --git a/krebs/3modules/makefu/ssh/makefu.remote-builder.pub b/krebs/3modules/makefu/ssh/makefu.remote-builder.pub new file mode 100644 index 000000000..ad49f380a --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.remote-builder.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild diff --git a/krebs/3modules/makefu/ssh/makefu.tempx.pub b/krebs/3modules/makefu/ssh/makefu.tempx.pub new file mode 100644 index 000000000..48d90040f --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.tempx.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOXG6iwvm6zUVk+OE9ZviO+WNosAHSZw4ku0RxWbXSlSG0RfzvV4IfByF3Dw+4a8yZQmjwNkQalUURh2fEqhBLBI9XNEIL7qIu17zheguyXzpE3Smy4pbI+fjdsnfFrw+WE2n/IO8N6ojdH6sMmnWwfkFZYqqofWyLB3WUN9wy2b2z0w/jc56+HxxyTl3rD7CttTs9ak67HqIn3/pNeHoOM+JQ/te8t4ageIlPi8yJJpqZgww1RUWCgPPwZ9DP6gQjo85he76x0h9jvhnFd7m9N1aGdRDcK55QyoY/9x07R24GRutohAB/KDWSkDWQv5BW7M1LCawpJcF3DDslD1i7 makefu@gum diff --git a/krebs/3modules/makefu/ssh/makefu.tsp.pub b/krebs/3modules/makefu/ssh/makefu.tsp.pub new file mode 100644 index 000000000..9a9c9b6f8 --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.tsp.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp diff --git a/krebs/3modules/makefu/ssh/makefu.vbob.pub b/krebs/3modules/makefu/ssh/makefu.vbob.pub new file mode 100644 index 000000000..c49714e24 --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.vbob.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@vbob diff --git a/krebs/3modules/makefu/ssh/makefu.x.pub b/krebs/3modules/makefu/ssh/makefu.x.pub new file mode 100644 index 000000000..74b130f56 --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.x.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@x diff --git a/krebs/3modules/makefu/ssh/ulrich.pub b/krebs/3modules/makefu/ssh/ulrich.pub new file mode 100644 index 000000000..88313ee7c --- /dev/null +++ b/krebs/3modules/makefu/ssh/ulrich.pub @@ -0,0 +1 @@ +AAAAB3NzaC1yc2EAAAADAQABAAACAQC1sobyfvUu/G2Ms+T0cI4CSgtjCoO2qEYVK1jkqC2A9mLJfNoPsToLowfGszpOAM9S4Rtn+OJ+vPMvs2E4pkZmXcmJZFAKKPNadmzwqCQyskBdoyszkj7DXngX56ZQ+ZEf+vPp2tu/IN0CFNVUllUcWP2TD2ECH5qkBODBHLyGf4PvV35yGpuYNFhFSWkTxwXZ7d5eat2kmwTfryX91Z+M901t6MK0ADyUwBkbotwSn/B6xUEZzExlGhRziRlIM0MrmSMvUA1mcmMJWVfHbb5Sw8yVstUuaU98C3EzDPNlVTbu5al2sDk4+jjireMMMVHC0j8aj7DlhvcF2t7ZpAKy+HN/PFuV7+RgN3DmIMLwbSRfykH3ATVdBzoL0/XmGBRXht6M22igAMFt9o/oHtwWt2JYcNX5poS8kLcjPzGHcx7KOslZ7VZev4BTpFAZIeMYhlzsNCI88bxUqdFxIcofNIQMy4Ep4qJXlgMduQbYtPDRpclDe82yiblhz48+HF/j8+0ZBx4w3jb4XBtgeTfwM2nARsD7MRzokfMfbGf6cZ8AU0/h69ECdsy2KYCKzgFxV/SHN2fDk6SZWLHmxDZ8N02VqgXMTvkYHvDBiaNxM0/iNMKqYCfuxjQPSusBENSgwhUnBGgoGYZuz0r2oMdtzqrkC/VbDxi5gSKl+ZoaMQ== shackspace.de@myvdr.de diff --git a/krebs/5pkgs/haskell/blessings.nix b/krebs/5pkgs/haskell/blessings.nix index f852b4a44..59c5b7984 100644 --- a/krebs/5pkgs/haskell/blessings.nix +++ b/krebs/5pkgs/haskell/blessings.nix @@ -1,11 +1,24 @@ -{ mkDerivation, base, fetchgit, stdenv }: -mkDerivation rec { +with import ; +{ mkDerivation, base, fetchgit, stdenv }: let + + cfg = { + "18.03" = { + version = "1.1.0"; + sha256 = "1k908zap3694fcxdk4bb29s54b0lhdh557y10ybjskfwnym7szn1"; + }; + "18.09" = { + version = "1.2.0"; + sha256 = "03hz43ixww0h4fwxqrlrlvmj3pxswhb50ijaapwjz8457il2r300"; + }; + }.${versions.majorMinor nixpkgsVersion}; + +in mkDerivation { pname = "blessings"; - version = "1.1.0"; + version = cfg.version; src = fetchgit { url = http://cgit.ni.krebsco.de/blessings; - rev = "refs/tags/v${version}"; - sha256 = "1k908zap3694fcxdk4bb29s54b0lhdh557y10ybjskfwnym7szn1"; + rev = "refs/tags/v${cfg.version}"; + sha256 = cfg.sha256; }; libraryHaskellDepends = [ base ]; doHaddock = false; diff --git a/krebs/5pkgs/haskell/email-header.nix b/krebs/5pkgs/haskell/email-header.nix index b54240809..4049168c1 100644 --- a/krebs/5pkgs/haskell/email-header.nix +++ b/krebs/5pkgs/haskell/email-header.nix @@ -1,14 +1,29 @@ +with import ; { mkDerivation, attoparsec, base, base64-bytestring, bytestring , case-insensitive, containers, exceptions, fetchgit, QuickCheck , stdenv, tasty, tasty-quickcheck, text, text-icu, time -}: -mkDerivation { +}: let + + cfg = { + "18.03" = { + version = "0.3.0"; + rev = "7b179bd31192ead8afe7a0b6e34bcad4039deaa8"; + sha256 = "12j2n3sbvzjnw99gga7kkdygm8n3qx2lh8q26ad6a53xm5whnz59"; + }; + "18.09" = { + version = "0.4.1-tv1"; + rev = "refs/tags/v${cfg.version}"; + sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x"; + }; + }.${versions.majorMinor nixpkgsVersion}; + +in mkDerivation { pname = "email-header"; - version = "0.3.0"; + version = cfg.version; src = fetchgit { url = "https://github.com/4z3/email-header"; - rev = "7b179bd31192ead8afe7a0b6e34bcad4039deaa8"; - sha256 = "12j2n3sbvzjnw99gga7kkdygm8n3qx2lh8q26ad6a53xm5whnz59"; + rev = cfg.rev; + sha256 = cfg.sha256; }; buildDepends = [ attoparsec base base64-bytestring bytestring case-insensitive diff --git a/krebs/5pkgs/haskell/hyphenation.nix b/krebs/5pkgs/haskell/hyphenation.nix deleted file mode 100644 index 6e5fe9455..000000000 --- a/krebs/5pkgs/haskell/hyphenation.nix +++ /dev/null @@ -1,17 +0,0 @@ -# Same as upstream but with doCheck = false because doctest has wrong version. -{ mkDerivation, base, bytestring, containers, directory -, filepath, unordered-containers, zlib, stdenv -}: -mkDerivation { - pname = "hyphenation"; - version = "0.6"; - sha256 = "2f673666c18f63581422f7c6389b78b0ff754406671296a3d680d417942512f7"; - libraryHaskellDepends = [ - base bytestring containers unordered-containers zlib - ]; - homepage = "http://github.com/ekmett/hyphenation"; - description = "Configurable Knuth-Liang hyphenation"; - license = stdenv.lib.licenses.bsd3; - hydraPlatforms = stdenv.lib.platforms.none; - doCheck = false; -} diff --git a/krebs/5pkgs/simple/Reaktor/default.nix b/krebs/5pkgs/simple/Reaktor/default.nix index a9566087f..3ef9ffb7d 100644 --- a/krebs/5pkgs/simple/Reaktor/default.nix +++ b/krebs/5pkgs/simple/Reaktor/default.nix @@ -2,7 +2,7 @@ python3Packages.buildPythonPackage rec { name = "Reaktor-${version}"; - version = "0.6.0"; + version = "0.6.2"; doCheck = false; @@ -14,7 +14,7 @@ python3Packages.buildPythonPackage rec { owner = "krebs"; repo = "Reaktor"; rev = version; - sha256 = "0nsnv1rixmlg5wkb74b4f5bycb42b9rp4b14hijh558hbsa1b9am"; + sha256 = "0h8pj0x9b5fnxddwrc0f63rxd3275v5phmjc0fv4kiwlzvbcxj6m"; }; meta = { homepage = http://krebsco.de/; diff --git a/makefu/5pkgs/airdcpp-webclient/default.nix b/krebs/5pkgs/simple/airdcpp-webclient/default.nix similarity index 82% rename from makefu/5pkgs/airdcpp-webclient/default.nix rename to krebs/5pkgs/simple/airdcpp-webclient/default.nix index 361a7da65..2bc6cdca9 100644 --- a/makefu/5pkgs/airdcpp-webclient/default.nix +++ b/krebs/5pkgs/simple/airdcpp-webclient/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl +{ stdenv, fetchurl, makeWrapper, which }: stdenv.mkDerivation rec { name = "airdcpp-webclient-${version}"; @@ -13,8 +13,9 @@ stdenv.mkDerivation rec { installPhase = '' mkdir -p $out/{share,bin} cp -r * $out/share - ln -s $out/share/airdcppd $out/bin/ + makeWrapper $out/share/airdcppd $out/bin/airdcppd --prefix PATH ${which}/bin ''; + nativeBuildInputs = [ makeWrapper ]; meta = with stdenv.lib; { # to start it: airdcpp -p= -c= --configure diff --git a/krebs/5pkgs/simple/buildbot-classic/default.nix b/krebs/5pkgs/simple/buildbot-classic/default.nix index 665b36ab4..c127d2987 100644 --- a/krebs/5pkgs/simple/buildbot-classic/default.nix +++ b/krebs/5pkgs/simple/buildbot-classic/default.nix @@ -17,7 +17,7 @@ python2Packages.buildPythonApplication rec { propagatedBuildInputs = [ python2Packages.jinja2 python2Packages.twisted - python2Packages.dateutil_1_5 + python2Packages.dateutil python2Packages.sqlalchemy_migrate python2Packages.pysqlite pkgs.coreutils diff --git a/krebs/5pkgs/simple/repo-sync/default.nix b/krebs/5pkgs/simple/repo-sync/default.nix index 8393cd79f..66f220ba6 100644 --- a/krebs/5pkgs/simple/repo-sync/default.nix +++ b/krebs/5pkgs/simple/repo-sync/default.nix @@ -3,7 +3,6 @@ with python3Packages; buildPythonPackage rec { name = "repo-sync-${version}"; version = "0.2.7"; - disabled = isPy26 || isPy27; propagatedBuildInputs = [ docopt GitPython diff --git a/krebs/krops.nix b/krebs/krops.nix index 864cc8066..763e76b83 100644 --- a/krebs/krops.nix +++ b/krebs/krops.nix @@ -1,9 +1,6 @@ { name }: rec { - krops = builtins.fetchGit { - url = https://cgit.krebsco.de/krops/; - rev = "c46166d407c7d246112f13346621a3fbdb25889e"; - }; + krops = ../submodules/krops; lib = import "${krops}/lib"; @@ -57,6 +54,7 @@ # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) test = { target }: pkgs.krops.writeTest "${name}-test" { + force = true; inherit target; source = source { test = true; }; }; diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index a3612fa7a..60307e694 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "d16a7abceb72aac85e0deb8c45fbcb7127baf628", - "date": "2018-09-20T18:31:51-05:00", - "sha256": "0byf6rlwwy70v2sdfmv7mnwd0kvxmlq0pi8ijghg0mcfhcqibgh7", - "fetchSubmodules": true + "rev": "81f5c2698a87c65b4970c69d472960c574ea0db4", + "date": "2018-10-17T20:48:45-04:00", + "sha256": "0p4x9532d3qlbykyyq8zk62k8py9mxd1s7zgbv54zmv597rs5y35", + "fetchSubmodules": false } diff --git a/krebs/update-channel.sh b/krebs/update-channel.sh index 47d3f29c4..7f24cd31a 100755 --- a/krebs/update-channel.sh +++ b/krebs/update-channel.sh @@ -3,7 +3,7 @@ dir=$(dirname $0) oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ --url https://github.com/NixOS/nixpkgs-channels \ - --rev refs/heads/nixos-18.03' \ + --rev refs/heads/nixos-18.09' \ > $dir/nixpkgs.json newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev" diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 69954a3e9..6d65b58c2 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -77,6 +77,7 @@ with import ; environment.systemPackages = [ pkgs.ovh-zone pkgs.bank + pkgs.adb-sync ]; } { @@ -143,7 +144,6 @@ with import ; OnCalendar = "00:37"; }; - nix.package = pkgs.nixUnstable; programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; virtualisation.docker.enable = true; diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index f83721070..bf7de6fc5 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -291,16 +291,6 @@ with import ; ]; } { - services.nginx = { - enable = true; - virtualHosts."radio.lassul.us" = { - forceSSL = true; - enableACME = true; - locations."/".extraConfig = '' - proxy_pass http://localhost:8000; - ''; - }; - }; } { lass.nichtparasoup.enable = true; diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index 83f127c22..56348d0ab 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -3,27 +3,39 @@ imports = [ ./config.nix { - networking.interfaces.et0.ipv4.addresses = [ - { - address = config.krebs.build.host.nets.internet.ip4.addr; + boot.kernelParams = [ "net.ifnames=0" ]; + networking = { + defaultGateway = "46.4.114.225"; + # Use google's public DNS server + nameservers = [ "8.8.8.8" ]; + interfaces.eth0 = { + ipAddress = "46.4.114.247"; prefixLength = 27; - } - { - address = "46.4.114.243"; - prefixLength = 27; - } - ]; - networking.defaultGateway = "46.4.114.225"; - networking.nameservers = [ - "8.8.8.8" - ]; - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0" - ''; + }; + }; + # TODO use this network config + #networking.interfaces.et0.ipv4.addresses = [ + # { + # address = config.krebs.build.host.nets.internet.ip4.addr; + # prefixLength = 27; + # } + # { + # address = "46.4.114.243"; + # prefixLength = 27; + # } + #]; + #networking.defaultGateway = "46.4.114.225"; + #networking.nameservers = [ + # "8.8.8.8" + #]; + #services.udev.extraRules = '' + # SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0" + #''; } { imports = [ ]; + networking.hostId = "fb4173ea"; boot.loader.grub = { devices = [ "/dev/sda" @@ -40,45 +52,25 @@ boot.kernelModules = [ "kvm-intel" ]; - fileSystems."/" = { - device = "/dev/pool/nix_root"; - fsType = "ext4"; - }; - - fileSystems."/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - - fileSystems."/var/download" = { - device = "/dev/pool/download"; - fsType = "ext4"; - }; - - fileSystems."/srv/http" = { - device = "/dev/pool/http"; - fsType = "ext4"; - }; - - fileSystems."/home" = { - device = "/dev/pool/home"; - fsType = "ext4"; - }; - - fileSystems."/bku" = { - device = "/dev/pool/bku"; - fsType = "ext4"; - }; - - swapDevices = [ - { label = "swap1"; } - { label = "swap2"; } - ]; - sound.enable = false; nixpkgs.config.allowUnfree = true; time.timeZone = "Europe/Berlin"; + + fileSystems."/" = { + device = "rpool/root/nixos"; + fsType = "zfs"; + }; + + fileSystems."/home" = { + device = "rpool/home"; + fsType = "zfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/b67c3370-1597-4ce8-8a46-e257ca32150d"; + fsType = "ext4"; + }; + } ]; diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 95aac2d18..e8a2539f3 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -71,7 +71,6 @@ in { lm_sensors ncdu nix-index - nix-repl nmap pavucontrol powertop diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 846000a3a..6ef3c8595 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -89,6 +89,7 @@ with import ; { from = "cis@lassul.us"; to = lass.mail; } { from = "afra@lassul.us"; to = lass.mail; } { from = "ksp@lassul.us"; to = lass.mail; } + { from = "ccc@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 81f53bf69..17c3cf3be 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -57,7 +57,6 @@ let in { environment.systemPackages = with pkgs; [ - (dwarf-fortress.override { theme = dwarf-fortress-packages.phoebus-theme; }) doom1 doom2 vdoom1 diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 97def9df3..c5b5c01fb 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -50,18 +50,38 @@ let cgit.desc = "take a description of your disk layout and produce a format script"; cgit.section = "software"; }; + go = { + cgit.desc = "url shortener"; + cgit.section = "software"; + }; krebspage = { cgit.desc = "homepage of krebs"; cgit.section = "configuration"; }; + krops = { + cgit.desc = "krebs deployment"; + cgit.section = "software"; + }; news = { cgit.desc = "take a rss feed and a timeout and print it to stdout"; cgit.section = "software"; }; + newsbot-js = { + cgit.desc = "print rss feeds to irc channels"; + cgit.section = "software"; + }; + nix-user-chroot = { + cgit.desc = "Fork of nix-user-chroot by lethalman"; + cgit.section = "software"; + }; nix-writers = { cgit.desc = "high level writers for nix"; cgit.section = "software"; }; + nixos-generators = { + cgit.desc = "custom image builders"; + cgit.section = "software"; + }; nixpkgs = { cgit.desc = "nixpkgs fork"; cgit.section = "configuration"; @@ -81,14 +101,6 @@ let cgit.desc = "Good Music collection + tools"; cgit.section = "art"; }; - nix-user-chroot = { - cgit.desc = "Fork of nix-user-chroot by lethalman"; - cgit.section = "software"; - }; - krops = { - cgit.desc = "krebs deployment"; - cgit.section = "software"; - }; xmonad-stockholm = { cgit.desc = "krebs xmonad modules"; cgit.section = "configuration"; diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 9246abfed..e50689254 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -210,6 +210,7 @@ in { environment.systemPackages = [ msmtp mutt + pkgs.notmuch pkgs.much tag-new-mails tag-old-mails diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index fb7ae01b6..bf6855804 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -36,8 +36,9 @@ in { home = "/home/${name}"; useDefaultShell = true; createHome = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey + openssh.authorizedKeys.keys = with config.krebs.users; [ + lass.pubkey + lass-mors.pubkey ]; }; }; diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix index 44d8984d7..7cdcdf20c 100644 --- a/lass/2configs/reaktor-coders.nix +++ b/lass/2configs/reaktor-coders.nix @@ -63,24 +63,6 @@ with import ; -e "@kind $1" ''; }) - (buildSimpleReaktorPlugin "random-unicorn-porn" { - pattern = "^!rup$$"; - script = pkgs.writePython2 "rup" {} '' - t1 = """ - _. - ;=',_ () - 8===D~~ S" .--`|| - sS \__ || - __.' ( \-->|| - _=/ _./-\/ || - 8===D~~ ((\( /-' -'l || - ) |/ \\ (_)) - \\ \\ - '~ '~ - """ - print(t1) - ''; - }) (buildSimpleReaktorPlugin "ping" { pattern = "^!ping (?P.*)$$"; script = pkgs.writeDash "ping" '' diff --git a/lass/2configs/urxvt.nix b/lass/2configs/urxvt.nix index fa63ddf25..82f3fb2e6 100644 --- a/lass/2configs/urxvt.nix +++ b/lass/2configs/urxvt.nix @@ -5,7 +5,7 @@ with import ; services.urxvtd.enable = true; krebs.xresources.resources.urxvt = '' - URxvt*SaveLines: 1000000 + URxvt.saveLines: 100000 URxvt*scrollBar: false URxvt*urgentOnBell: true URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index 823d9a8ca..4f7bd4437 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -2,20 +2,13 @@ with import ; let - unstable_nixpkgs = import (pkgs.fetchFromGitHub { - owner = "NixOS"; - repo = "nixpkgs"; - rev = "a8c71037e041725d40fbf2f3047347b6833b1703"; - sha256 = "1z4cchcw7qgjhy0x6mnz7iqvpswc2nfjpdynxc54zpm66khfrjqw"; - }) {}; out = { environment.systemPackages = [ (hiPrio vim) - pkgs.python35Packages.flake8 (pkgs.writeDashBin "govet" '' go vet "$@" '') - (hiPrio (unstable_nixpkgs.python3.withPackages (ps: [ + (hiPrio (pkgs.python3.withPackages (ps: [ ps.python-language-server ps.pyls-isort ]))) @@ -70,6 +63,8 @@ let au Syntax * syn match Garbage containedin=ALL /\s\+$/ \ | syn match TabStop containedin=ALL /\t\+/ \ | syn keyword Todo containedin=ALL TODO + \ | syn match NBSP '\%xa0' + \ | syn match NarrowNBSP '\%u202F' au BufRead,BufNewFile *.hs so ${hs.vim} @@ -135,7 +130,7 @@ let pkgs.vimPlugins.undotree pkgs.vimPlugins.vim-go pkgs.vimPlugins.fzf-vim - unstable_nixpkgs.vimPlugins.LanguageClient-neovim + pkgs.vimPlugins.LanguageClient-neovim (pkgs.vimUtils.buildVimPlugin { name = "file-line-1.0"; src = pkgs.fetchFromGitHub { @@ -172,6 +167,8 @@ let hi Garbage ctermbg=088 hi TabStop ctermbg=016 + hi NBSP ctermbg=094 + hi NarrowNBSP ctermbg=097 hi Todo ctermfg=174 ctermbg=NONE hi NixCode ctermfg=148 diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index e1c1313ea..828cab95f 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -66,6 +66,12 @@ in { ]) ]; + services.mysql.ensureDatabases = [ "ubikmedia_de" "o_ubikmedia_de" ]; + services.mysql.ensureUsers = [ + { ensurePermissions = { "ubikmedia_de.*" = "ALL"; }; name = "nginx"; } + { ensurePermissions = { "o_ubikmedia_de.*" = "ALL"; }; name = "nginx"; } + ]; + services.nginx.virtualHosts."ubikmedia.de".locations."/piwika".extraConfig = '' try_files $uri $uri/ /index.php?$args; ''; diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 4c29831a2..b72b20928 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -145,8 +145,9 @@ in { home = "/srv/http/lassul.us"; useDefaultShell = true; createHome = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey + openssh.authorizedKeys.keys = with config.krebs.users; [ + lass.pubkey + lass-mors.pubkey ]; }; } diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix index 5b450ed42..974e11c6e 100644 --- a/lass/3modules/xjail.nix +++ b/lass/3modules/xjail.nix @@ -120,10 +120,13 @@ with import ; ${pkgs.coreutils}/bin/kill $WM_PID ${pkgs.coreutils}/bin/kill $XEPHYR_PID ''; + # TODO fix xephyr which doesn't honor resizes anymore sudo_ = pkgs.writeDash "${cfg.name}-sudo" (if cfg.vglrun then '' /var/run/wrappers/bin/sudo -u ${cfg.name} -i ${vglrun_} "$@" '' else '' - /var/run/wrappers/bin/sudo -u ${cfg.name} -i env DISPLAY=:${cfg.display} ${cfg.script} "$@" + #/var/run/wrappers/bin/sudo -u ${cfg.name} -i env DISPLAY=:${cfg.display} ${cfg.script} "$@" + /var/run/wrappers/bin/sudo -u ${cfg.name} -i ${cfg.script} "$@" + ''); vglrun_ = pkgs.writeDash "${cfg.name}-vglrun" '' DISPLAY=:${cfg.display} ${pkgs.virtualgl}/bin/vglrun ${cfg.extraVglrunArgs} ${cfg.script} "$@" @@ -163,7 +166,7 @@ with import ; lass.xjail-bins = mapAttrs' (name: cfg: nameValuePair name (pkgs.writeScriptBin cfg.name '' - ${scripts.${name}.existing} "$@" + ${scripts.${name}.sudo} "$@" '') ) config.lass.xjail; }; diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index 3bff9d450..087d54eca 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -31,6 +31,7 @@ import XMonad.Actions.CycleWS (toggleWS) import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace) import XMonad.Actions.DynamicWorkspaces (withWorkspace) import XMonad.Actions.GridSelect (GSConfig(..), gridselectWorkspace, navNSearch) +import XMonad.Actions.Minimize (minimizeWindow, maximizeWindow, withLastMinimized) import XMonad.Hooks.EwmhDesktops (ewmh) import XMonad.Hooks.FloatNext (floatNext) import XMonad.Hooks.FloatNext (floatNextHook) @@ -39,7 +40,7 @@ import XMonad.Hooks.Place (placeHook, smart) import XMonad.Hooks.UrgencyHook (focusUrgent) import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..)) import XMonad.Layout.FixedColumn (FixedColumn(..)) -import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin)) +import XMonad.Layout.Minimize (minimize) import XMonad.Layout.NoBorders (smartBorders) import XMonad.Layout.SimplestFloat (simplestFloat) import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig) @@ -135,7 +136,7 @@ myKeyMap = , ("M4-C-v", withWorkspace autoXPConfig (windows . copy)) , ("M4-m", withFocused minimizeWindow) - , ("M4-S-m", sendMessage RestoreNextMinimizedWin) + , ("M4-S-m", withLastMinimized maximizeWindow) , ("M4-q", windowPromptGoto infixAutoXPConfig) , ("M4-C-q", windowPromptBringCopy infixAutoXPConfig) diff --git a/lass/krops.nix b/lass/krops.nix index 4e045c6db..a898164c3 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -22,13 +22,14 @@ in { # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) - deploy = pkgs.krops.writeDeploy "${name}-deploy" { + deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeDeploy "${name}-deploy" { source = source { test = false; }; - target = "root@${name}/var/src"; + inherit target; }; # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) test = { target }: pkgs.krops.writeTest "${name}-test" { + force = true; inherit target; source = source { test = true; }; }; diff --git a/makefu/0tests/data/secrets/airdcpp-makefu.pw b/makefu/0tests/data/secrets/airdcpp-makefu.pw new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/0tests/data/secrets/krebshub.pw b/makefu/0tests/data/secrets/krebshub.pw new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/1systems/nextgum/config.nix b/makefu/1systems/nextgum/config.nix index db22cf9b8..64516fa98 100644 --- a/makefu/1systems/nextgum/config.nix +++ b/makefu/1systems/nextgum/config.nix @@ -25,11 +25,12 @@ in { - + # # services + # sharing @@ -73,6 +74,7 @@ in { # # + # @@ -94,6 +96,7 @@ in { + # ## Temporary: diff --git a/makefu/1systems/nextgum/hardware-config.nix b/makefu/1systems/nextgum/hardware-config.nix index 944210701..bfe29b46c 100644 --- a/makefu/1systems/nextgum/hardware-config.nix +++ b/makefu/1systems/nextgum/hardware-config.nix @@ -41,11 +41,12 @@ in { boot.loader.grub.enable = true; boot.loader.grub.version = 2; boot.loader.grub.devices = [ main-disk ]; + boot.initrd.kernelModules = [ "dm-raid" ]; boot.initrd.availableKernelModules = [ "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci" "xhci_pci" "ehci_pci" "ahci" "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" "dm-raid" "dm_thin_pool" ]; + boot.kernelModules = [ "kvm-intel" ]; hardware.enableRedistributableFirmware = true; fileSystems."/" = { device = "/dev/mapper/nixos-root"; @@ -59,6 +60,10 @@ in { device = "/dev/mapper/nixos-download"; fsType = "ext4"; }; + fileSystems."/var/lib/borgbackup" = { + device = "/dev/mapper/nixos-backup"; + fsType = "ext4"; + }; fileSystems."/boot" = { device = "/dev/sda2"; fsType = "vfat"; @@ -79,8 +84,12 @@ in { #vgcreate nixos /dev/sda3 /dev/sdb1 #lvcreate -L 120G -m 1 -n root nixos #lvcreate -L 50G -m 1 -n lib nixos - #lvcreate -L 50G -n download nixos + #lvcreate -L 100G -n download nixos + #lvcreate -L 100G -n backup nixos #mkfs.ext4 /dev/mapper/nixos-root + #mkfs.ext4 /dev/mapper/nixos-lib + #mkfs.ext4 /dev/mapper/nixos-download + #mkfs.ext4 /dev/mapper/nixos-borgbackup #mount /dev/mapper/nixos-root /mnt #mkdir /mnt/boot #mount /dev/sda2 /mnt/boot diff --git a/makefu/2configs/dcpp/airdcpp.nix b/makefu/2configs/dcpp/airdcpp.nix new file mode 100644 index 000000000..fe05effd9 --- /dev/null +++ b/makefu/2configs/dcpp/airdcpp.nix @@ -0,0 +1,48 @@ +{ config, ... }: +{ + krebs.airdcpp = { + enable = true; + extraGroups = [ "download" ]; + web.port = 5600; + web.users.makefu.password = builtins.readFile ; # watch out for newline! + hubs."krebshub" = + { Nick = "makefu-${config.krebs.build.host.name}"; + Password = builtins.readFile ; + Server = "adcs://hub.nsupdate.info:411"; + AutoConnect = true; + }; + dcpp = { + shares = { + # Incoming must be writeable! + incoming = { path = config.makefu.dl-dir + "/finished/dcpp"; incoming = true; }; + audiobooks.path = config.makefu.dl-dir + "/finished/audiobooks"; + }; + Nick = "makefu"; + DownloadSpeed = "1000"; + UploadSpeed = "1000"; + }; + }; + networking.firewall.allowedTCPPorts = + [ config.krebs.airdcpp.dcpp.InPort + config.krebs.airdcpp.dcpp.TLSPort + ]; + networking.firewall.allowedUDPPorts = [ config.krebs.airdcpp.dcpp.UDPPort ]; + + services.nginx.virtualHosts."dcpp.${config.krebs.build.host.name}.r".locations."/" = + { proxyPass = "http://localhost:${toString config.krebs.airdcpp.web.port}/"; + + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + gzip_types text/plain application/javascript; + + # Proxy websockets + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + ''; + }; + +} diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 6192a92a5..61cba86d9 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -10,14 +10,27 @@ with import ; } ./editor/vim.nix ./binary-cache/nixos.nix + ./minimal.nix ]; + # users are super important + users.users = { + root = { + openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; + }; + makefu = { + uid = 9001; + group = "users"; + home = "/home/makefu"; + createHome = true; + useDefaultShell = true; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; + }; + }; + boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; - programs.command-not-found.enable = false; - - nix.package = pkgs.nixUnstable; - nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name); krebs = { enable = true; @@ -27,90 +40,23 @@ with import ; build.user = config.krebs.users.makefu; }; - users.extraUsers = { - root = { - openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; - }; - makefu = { - uid = 9001; - group = "users"; - home = "/home/makefu"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - "wheel" - ]; - openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; - }; - }; - networking.hostName = config.krebs.build.host.name; - nix.maxJobs = 2; - nix.buildCores = config.krebs.build.host.cores; - time.timeZone = "Europe/Berlin"; - - programs.ssh = { - startAgent = false; - }; - services.openssh.enable = true; - nix.useSandbox = true; - - users.mutableUsers = false; boot.tmpOnTmpfs = true; - - networking.firewall.rejectPackets = true; - networking.firewall.allowPing = true; - systemd.tmpfiles.rules = [ "d /tmp 1777 root root - -" ]; - nix.nixPath = [ "/var/src" ]; - environment.variables = let - ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - in { - NIX_PATH = mkForce "/var/src"; - EDITOR = mkForce "vim"; - CURL_CA_BUNDLE = ca-bundle; - GIT_SSL_CAINFO = ca-bundle; - SSL_CERT_FILE = ca-bundle; - }; environment.systemPackages = with pkgs; [ jq git - get gnumake rxvt_unicode.terminfo htop ]; - programs.bash = { - enableCompletion = true; - interactiveShellInit = '' - HISTCONTROL='erasedups:ignorespace' - HISTSIZE=900001 - HISTFILESIZE=$HISTSIZE - - PYTHONSTARTUP="~/.pythonrc"; - - shopt -s checkhash - shopt -s histappend histreedit histverify - shopt -s no_empty_cmd_completion - ''; - - promptInit = '' - case $UID in - 0) PS1='\[\e[1;31m\]\w\[\e[0m\] ' ;; - 9001) PS1='\[\e[1;32m\]\w\[\e[0m\] ' ;; - *) PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] ' ;; - esac - if test -n "$SSH_CLIENT"; then - PS1='\[\033[35m\]\h'" $PS1" - fi - ''; - }; + programs.bash.enableCompletion = true; environment.shellAliases = { # TODO: see .aliases @@ -126,12 +72,6 @@ with import ; tinc = pkgs.tinc_pre; }; - networking.timeServers = [ - "pool.ntp.org" - "time.windows.com" - "time.apple.com" - "time.nist.gov" - ]; nix.extraOptions = '' auto-optimise-store = true @@ -145,26 +85,5 @@ with import ; SystemMaxUse=1G RuntimeMaxUse=128M ''; - # Enable IPv6 Privacy Extensions - boot.kernel.sysctl = { - "net.ipv6.conf.all.use_tempaddr" = 2; - "net.ipv6.conf.default.use_tempaddr" = 2; - }; - i18n = { - consoleKeyMap = "us"; - defaultLocale = "en_US.UTF-8"; - }; - # suppress chrome autit event messages - security.audit = { - rules = [ - "-a task,never" - ]; - }; - system.activationScripts.state = optionalString (config.state != []) '' - cat << EOF - This machine is burdened with state: - ${concatMapStringsSep "\n" (d: "* ${d}") config.state} - EOF - ''; } diff --git a/makefu/2configs/minimal.nix b/makefu/2configs/minimal.nix new file mode 100644 index 000000000..d764e5624 --- /dev/null +++ b/makefu/2configs/minimal.nix @@ -0,0 +1,88 @@ +{ lib, pkgs, config, ... }: +# minimal subset of sane configuration for stockholm +{ + # nobody needs this + programs.command-not-found.enable = false; + + # the only true timezone (even after the the removal of DST) + time.timeZone = "Europe/Berlin"; + + networking.hostName = config.krebs.build.host.name; + nix.buildCores = config.krebs.build.host.cores; + + # we use gpg if necessary (or nothing at all) + programs.ssh.startAgent = false; + + # all boxes look the same + nix.useSandbox = true; + # we configure users via nix + users.mutableUsers = false; + + # sane firewalling + networking.firewall.rejectPackets = true; + networking.firewall.allowPing = true; + + # openssh all the way down + services.openssh.enable = true; + + # we use stockholm via populate + nix.nixPath = [ "/var/src" ]; + + environment.variables = let + ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + in { + NIX_PATH = lib.mkForce "/var/src"; + EDITOR = lib.mkForce "vim"; + CURL_CA_BUNDLE = ca-bundle; + GIT_SSL_CAINFO = ca-bundle; + SSL_CERT_FILE = ca-bundle; + }; + + programs.bash = { + interactiveShellInit = '' + HISTCONTROL='erasedups:ignorespace' + HISTSIZE=900001 + HISTFILESIZE=$HISTSIZE + + shopt -s checkhash + shopt -s histappend histreedit histverify + shopt -s no_empty_cmd_completion + ''; + + promptInit = '' + case $UID in + 0) PS1='\[\e[1;31m\]\w\[\e[0m\] ' ;; + 9001) PS1='\[\e[1;32m\]\w\[\e[0m\] ' ;; + *) PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] ' ;; + esac + if test -n "$SSH_CLIENT"; then + PS1='\[\033[35m\]\h'" $PS1" + fi + ''; + }; + + # trust the cool guys + networking.timeServers = [ + "pool.ntp.org" + "time.nist.gov" + ]; + + # the only locale you will ever need + i18n = { + consoleKeyMap = "us"; + defaultLocale = "en_US.UTF-8"; + }; + + # suppress chrome autit event messages + security.audit = { + rules = [ + "-a task,never" + ]; + }; + + # Enable IPv6 Privacy Extensions + boot.kernel.sysctl = { + "net.ipv6.conf.all.use_tempaddr" = 2; + "net.ipv6.conf.default.use_tempaddr" = 2; + }; +} diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index f06ce3d53..7146174fb 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -2,17 +2,17 @@ _: { imports = [ - ./state.nix - ./populate.nix ./awesome-extra.nix ./deluge.nix ./forward-journal.nix ./opentracker.nix ./ps3netsrv.nix ./logging-config.nix + ./populate.nix ./sane-extra.nix ./server-config.nix ./snapraid.nix + ./state.nix ./torrent.nix ./udpt.nix ]; diff --git a/makefu/3modules/state.nix b/makefu/3modules/state.nix index 461b90152..a87f438fe 100644 --- a/makefu/3modules/state.nix +++ b/makefu/3modules/state.nix @@ -6,4 +6,11 @@ description = "state which is currently scattered on the machine"; default = []; }; + + config.system.activationScripts.state = lib.optionalString (config.state != []) '' + cat << EOF + This machine is burdened with state: + ${lib.concatMapStringsSep "\n" (d: "* ${d}") config.state} + EOF + ''; } diff --git a/makefu/5pkgs/4nxci/default.nix b/makefu/5pkgs/4nxci/default.nix new file mode 100644 index 000000000..3aba3be45 --- /dev/null +++ b/makefu/5pkgs/4nxci/default.nix @@ -0,0 +1,52 @@ +{ stdenv, lib, fetchFromGitHub, mbedtls, python2 }: +let + + mymbedtls = lib.overrideDerivation mbedtls (old: rec { + name = "mbedtls-${version}"; + version = "2.13.0"; + src = fetchFromGitHub { + owner = "ARMmbed"; + repo = "mbedtls"; + rev = name; + sha256 = "1257kp7yxkwwbx5v14kmrmgk1f9zagiddg5alm4wbj0pmgbrm14j"; + }; + buildInputs = old.buildInputs ++ [ python2 ]; + postConfigure = '' + perl scripts/config.pl set MBEDTLS_CMAC_C + ''; + doCheck = false; + + }); +in stdenv.mkDerivation rec { + name = "4nxci-${version}"; + version = "1.30"; + + src = fetchFromGitHub { + owner = "The-4n"; + repo = "4NXCI"; + rev = "v${version}"; + sha256 = "0nrd19z88iahxcdx468lzgxlvkl65smwx8f9s19431cszyhvpxyh"; + }; + + buildPhase = '' + cp config.mk.template config.mk + sed -i 's#\(INCLUDE =\).*#\1${mymbedtls}/include#' Makefile + sed -i 's#\(LIBDIR =\).*#\1${mymbedtls}/lib#' Makefile + make 4nxci + ''; + + installPhase = '' + install -m755 -D 4nxci $out/bin/4nxci + ''; + + #preInstall = '' + # mkdir -p $out/bin + #''; + + buildInputs = [ mymbedtls ]; + + meta = { + description = "convert xci to nsp"; + license = lib.licenses.isc; + }; +} diff --git a/makefu/krops.nix b/makefu/krops.nix index ddb4afece..27b7b04ef 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -1,8 +1,5 @@ { config ? config, name, target ? name }: let - krops = builtins.fetchGit { - url = https://cgit.krebsco.de/krops/; - rev = "4e466eaf05861b47365c5ef46a31a188b70f3615"; - }; + krops = ../submodules/krops; nixpkgs-src = lib.importJSON ./nixpkgs.json; lib = import "${krops}/lib"; @@ -86,6 +83,7 @@ in { # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) test = { target ? target }: pkgs.krops.writeTest "${name}-test" { + force = true; inherit target; source = source { test = true; }; }; diff --git a/nin/2configs/games.nix b/nin/2configs/games.nix index 15e17238d..4c4f0c3a0 100644 --- a/nin/2configs/games.nix +++ b/nin/2configs/games.nix @@ -57,7 +57,6 @@ let in { environment.systemPackages = with pkgs; [ - dwarf_fortress doom1 doom2 vdoom1 diff --git a/nin/krops.nix b/nin/krops.nix index d0074840a..fef8cc38b 100644 --- a/nin/krops.nix +++ b/nin/krops.nix @@ -29,6 +29,7 @@ in { # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) test = { target }: pkgs.krops.writeTest "${name}-test" { + force = true; inherit target; source = source { test = true; }; }; diff --git a/submodules/krops b/submodules/krops new file mode 160000 index 000000000..e2b296542 --- /dev/null +++ b/submodules/krops @@ -0,0 +1 @@ +Subproject commit e2b29654251367545700154ffbac806705dd04c0 diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix index f51366546..c26d4ab30 100644 --- a/tv/1systems/mu/config.nix +++ b/tv/1systems/mu/config.nix @@ -3,6 +3,7 @@ with import ; imports = [ + ]; @@ -90,20 +91,6 @@ with import ; pkgs.xlibs.fontschumachermisc ]; - # Enable CUPS to print documents. - services.printing = { - enable = true; - #drivers = [ - # #pkgs.foomatic_filters - # #pkgs.gutenprint - # #pkgs.cups_pdf_filter - # #pkgs.ghostscript - #]; - #cupsdConf = '' - # LogLevel debug2 - #''; - }; - services.xserver.enable = true; services.xserver.layout = "de"; services.xserver.xkbOptions = "eurosign:e"; diff --git a/tv/1systems/querel/config.nix b/tv/1systems/querel/config.nix index 5f981c64c..01d67b5f5 100644 --- a/tv/1systems/querel/config.nix +++ b/tv/1systems/querel/config.nix @@ -2,10 +2,9 @@ with import ; { config, pkgs, ... }: { imports = [ - - - + + ]; krebs.build.host = config.krebs.hosts.querel; @@ -37,6 +36,7 @@ with import ; sxiv texlive.combined.scheme-full vim + xsane zathura ]; @@ -67,10 +67,6 @@ with import ; programs.ssh.startAgent = false; - services.printing = { - enable = true; - }; - services.xserver.enable = true; services.xserver.layout = "de"; services.xserver.xkbOptions = "eurosign:e"; diff --git a/tv/1systems/xu/config.nix b/tv/1systems/xu/config.nix index 14926fe3b..5421cab92 100644 --- a/tv/1systems/xu/config.nix +++ b/tv/1systems/xu/config.nix @@ -18,6 +18,7 @@ with import ; + { environment.systemPackages = with pkgs; [ @@ -40,7 +41,6 @@ with import ; mkpasswd netcat netcup - nix-repl nmap p7zip pass @@ -147,8 +147,6 @@ with import ; gptfdisk ]; - services.printing.enable = true; - #services.bitlbee.enable = true; #services.tor.client.enable = true; #services.tor.enable = true; diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix index 14d381568..f8de72d00 100644 --- a/tv/2configs/backup.nix +++ b/tv/2configs/backup.nix @@ -26,7 +26,7 @@ with import ; method = "pull"; src = { host = config.krebs.hosts.querel; path = "/home"; }; dst = { host = config.krebs.hosts.nomic; path = "/fs/ponyhof/bku/querel-home"; }; - startAt = "00:00"; + startAt = "22:00"; }; wu-home-xu = { method = "push"; diff --git a/tv/2configs/bash/default.nix b/tv/2configs/bash/default.nix index 546b2e7b7..b75ad8bfc 100644 --- a/tv/2configs/bash/default.nix +++ b/tv/2configs/bash/default.nix @@ -33,11 +33,13 @@ with import ; PS1="ssh-agent[$SSH_AGENT_PID] $PS1" fi - case ''${XMONAD_SPAWN_WORKSPACE-} in - stockholm) - cd ~/stockholm - ;; - esac + if test ''${SHLVL-1} = 1; then + case ''${XMONAD_SPAWN_WORKSPACE-} in + stockholm) + cd ~/stockholm + ;; + esac + fi ''; }; } diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 2ccab3d09..d9ddc90d0 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -143,6 +143,7 @@ with import ; environment.systemPackages = [ pkgs.get pkgs.git + pkgs.git-crypt pkgs.git-preview pkgs.hashPassword pkgs.htop diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index 74fb5215a..62c90d4e9 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -9,8 +9,19 @@ let { enable = true; cgit = { settings = { - root-title = "repositories at ${config.krebs.build.host.name}"; + about-filter = pkgs.exec "krebs.cgit.about-filter" rec { + filename = "${pkgs.pythonPackages.markdown2}/bin/markdown2"; + argv = [ + filename + "--extras=fenced-code-blocks" + ]; + envp = {}; + }; + readme = [ + ":README.md" + ]; root-desc = "mostly krebs"; + root-title = "repositories at ${config.krebs.build.host.name}"; }; }; repos = repos; @@ -30,46 +41,33 @@ let { public-repos = mapAttrs make-public-repo ({ } // mapAttrs (_: recursiveUpdate { cgit.section = "1. miscellaneous"; }) { - cac-api = { - cgit.desc = "CloudAtCost API command line interface"; - }; dic = { cgit.desc = "dict.leo.org command line interface"; }; disko = { cgit.desc = "declarative partitioning and formatting tool"; }; - get = {}; - hstool = { - cgit.desc = "Haskell Development Environment ^_^"; + fswm = { + cgit.desc = "simple full screen window manager"; }; htgen = { cgit.desc = "toy HTTP server"; }; - kirk = { - cgit.desc = "IRC tools"; - }; krops = { cgit.desc = "deployment tools"; }; - load-env = {}; - loldns = { - cgit.desc = "toy DNS server"; - }; - make-snapshot = {}; much = {}; netcup = { cgit.desc = "netcup command line interface"; }; - nix-writers = {}; + nix-writers = { + cgit.desc = "collection of package builders"; + }; populate = { cgit.desc = "source code installer"; }; q = {}; regfish = {}; - soundcloud = { - cgit.desc = "SoundCloud command line interface"; - }; stockholm = { cgit.desc = "NixOS configuration"; }; @@ -86,15 +84,32 @@ let { xintmap = {}; xmonad-stockholm = {}; } // mapAttrs (_: recursiveUpdate { cgit.section = "4. museum"; }) { + cac-api = { + cgit.desc = "CloudAtCost API command line interface"; + }; cgserver = {}; crude-mail-setup = {}; dot-xmonad = {}; hirc = {}; + hstool = { + cgit.desc = "Haskell Development Environment ^_^"; + }; + kirk = { + cgit.desc = "IRC tools"; + }; make-snapshot = {}; nixos-infest = {}; painload = {}; push = {}; with-tmpdir = {}; + get = {}; + load-env = {}; + loldns = { + cgit.desc = "toy DNS server"; + }; + soundcloud = { + cgit.desc = "SoundCloud command line interface"; + }; }); restricted-repos = mapAttrs make-restricted-repo ( @@ -138,7 +153,7 @@ let { public = false; hooks = hooks // { post-receive = /* sh */ '' - (${hooks.post-receive or ""}) + (${hooks.post-receive or ":"}) ${cgit-clear-cache}/bin/cgit-clear-cache ''; }; diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix index aa71be777..77947dafa 100644 --- a/tv/2configs/urlwatch.nix +++ b/tv/2configs/urlwatch.nix @@ -1,6 +1,10 @@ -{ config, pkgs, ... }: with import ; -{ +{ config, pkgs, ... }: let + json = url: { + inherit url; + filter = "system:${pkgs.jq}/bin/jq ."; + }; +in { krebs.urlwatch = { enable = true; mailto = config.krebs.users.tv.mail; @@ -13,18 +17,9 @@ with import ; http://www.exim.org/ - # ref src/nixpkgs/pkgs/tools/admin/sec/default.nix - { - url = https://api.github.com/repos/simple-evcorr/sec/tags; - filter = "system:${pkgs.jq}/bin/jq ."; - } - # ref src/nixpkgs/pkgs/tools/networking/urlwatch/default.nix https://thp.io/2008/urlwatch/ - # 2014-12-20 ref src/nixpkgs/pkgs/tools/networking/tlsdate/default.nix - https://api.github.com/repos/ioerror/tlsdate/tags - # 2015-02-18 # ref ~/src/nixpkgs/pkgs/tools/text/qprint/default.nix http://www.fourmilab.ch/webtools/qprint/ @@ -50,7 +45,13 @@ with import ; #http://hackage.haskell.org/package/web-page # ref , services.openssh.knownHosts.github* - https://api.github.com/meta + (json https://api.github.com/meta) + + # 2014-12-20 ref src/nixpkgs/pkgs/tools/networking/tlsdate/default.nix + (json https://api.github.com/repos/ioerror/tlsdate/tags) + + # ref src/nixpkgs/pkgs/tools/admin/sec/default.nix + (json https://api.github.com/repos/simple-evcorr/sec/tags) # # is derived from `configFile` in: diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index 400d179d0..2ac7f7518 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -15,6 +15,7 @@ let { extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ pkgs.vimPlugins.undotree + pkgs.vimPlugins.vim-elixir (pkgs.vimUtils.buildVimPlugin { name = "vim-syntax-jq"; src = pkgs.fetchgit { diff --git a/tv/2configs/xp-332.nix b/tv/2configs/xp-332.nix new file mode 100644 index 000000000..627401dc6 --- /dev/null +++ b/tv/2configs/xp-332.nix @@ -0,0 +1,45 @@ +with import ; +{ config, pkgs, ... }: { + + environment.etc."utsushi.conf".text = '' + [devices] + dev1.udi = esci:networkscan://EPSON79678C.fritz.box:1865 + dev1.model = XP-332 + dev1.vendor = EPSON + ''; + + hardware.sane = { + enable = true; + extraBackends = [ + pkgs.utsushi + ]; + }; + + krebs.nixpkgs.allowUnfreePredicate = pkg: + elem (parseDrvName pkg.name).name [ "imagescan-plugin-networkscan" ]; + + nixpkgs.overlays = singleton (self: super: { + utsushi = super.utsushi.override { + guiSupport = false; + jpegSupport = false; + networkSupport = true; + ocrSupport = false; + saneSupport = true; + tiffSupport = true; + + logCategory = "ALL"; + logLevel = "BRIEF"; + }; + }); + + services = { + printing = { + drivers = [ + pkgs.epson-escpr + ]; + enable = true; + }; + saned.enable = true; + }; + +} diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 6ef8a8768..dbfa804d2 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -41,9 +41,12 @@ in { # refs desktopManager.session = mkForce []; + displayManager.lightdm.enable = mkForce false; + displayManager.job.execCmd = mkForce "derp"; + enable = true; - display = 11; - tty = 11; + display = mkForce 11; + tty = mkForce 11; synaptics = { enable = true; @@ -55,7 +58,7 @@ in { systemd.services.display-manager.enable = false; systemd.services.xmonad = { - wantedBy = [ "multi-user.target" ]; + wantedBy = [ "graphical.target" ]; requires = [ "xserver.service" ]; environment = { DISPLAY = ":${toString config.services.xserver.display}"; @@ -101,21 +104,20 @@ in { systemd.services.xserver = { after = [ - "systemd-udev-settle.service" - "local-fs.target" "acpid.service" + "local-fs.target" + "systemd-udev-settle.service" ]; - reloadIfChanged = true; + wants = [ + "systemd-udev-settle.service" + ]; + restartIfChanged = false; environment = { - XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension. - XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime. - LD_LIBRARY_PATH = concatStringsSep ":" ( - [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ] + LD_LIBRARY_PATH = concatStringsSep ":" ([ "/run/opengl-driver/lib" ] ++ concatLists (catAttrs "libPath" config.services.xserver.drivers)); }; serviceConfig = { SyslogIdentifier = "xserver"; - ExecReload = "${pkgs.coreutils}/bin/echo NOP"; ExecStart = toString [ "${pkgs.xorg.xorgserver}/bin/X" ":${toString config.services.xserver.display}" @@ -123,17 +125,16 @@ in { "-config ${import ./xserver.conf.nix args}" "-logfile /dev/null -logverbose 0 -verbose 3" "-nolisten tcp" - "-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb" + "-xkbdir ${config.services.xserver.xkbDir}" ]; }; }; systemd.services.urxvtd = { - wantedBy = [ "multi-user.target" ]; - reloadIfChanged = true; + wantedBy = [ "graphical.target" ]; + restartIfChanged = false; serviceConfig = { SyslogIdentifier = "urxvtd"; - ExecReload = "${pkgs.coreutils}/bin/echo NOP"; ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd"; Restart = "always"; RestartSec = "2s"; diff --git a/tv/3modules/charybdis/default.nix b/tv/3modules/charybdis/default.nix index e252f2e1d..62a7037e3 100644 --- a/tv/3modules/charybdis/default.nix +++ b/tv/3modules/charybdis/default.nix @@ -64,7 +64,7 @@ in { ExecStartPre = "${pkgs.coreutils}/bin/ln -s /etc/charybdis-ircd.motd /tmp/ircd.motd"; ExecStart = toString [ - "${pkgs.charybdis}/bin/charybdis-ircd" + "${pkgs.charybdis}/bin/charybdis" "-configfile ${import ./config.nix args}" "-foreground" "-logfile /dev/stderr" diff --git a/krebs/5pkgs/simple/pass-otp/default.nix b/tv/5pkgs/compat/18.03/pass-otp/default.nix similarity index 100% rename from krebs/5pkgs/simple/pass-otp/default.nix rename to tv/5pkgs/compat/18.03/pass-otp/default.nix diff --git a/krebs/5pkgs/simple/pass/default.nix b/tv/5pkgs/compat/18.03/pass/default.nix similarity index 100% rename from krebs/5pkgs/simple/pass/default.nix rename to tv/5pkgs/compat/18.03/pass/default.nix diff --git a/krebs/5pkgs/simple/pass/no-darwin-getopt.patch b/tv/5pkgs/compat/18.03/pass/no-darwin-getopt.patch similarity index 100% rename from krebs/5pkgs/simple/pass/no-darwin-getopt.patch rename to tv/5pkgs/compat/18.03/pass/no-darwin-getopt.patch diff --git a/krebs/5pkgs/simple/pass/rofi-pass.nix b/tv/5pkgs/compat/18.03/pass/rofi-pass.nix similarity index 100% rename from krebs/5pkgs/simple/pass/rofi-pass.nix rename to tv/5pkgs/compat/18.03/pass/rofi-pass.nix diff --git a/krebs/5pkgs/simple/pass/set-correct-program-name-for-sleep.patch b/tv/5pkgs/compat/18.03/pass/set-correct-program-name-for-sleep.patch similarity index 100% rename from krebs/5pkgs/simple/pass/set-correct-program-name-for-sleep.patch rename to tv/5pkgs/compat/18.03/pass/set-correct-program-name-for-sleep.patch diff --git a/tv/5pkgs/compat/default.nix b/tv/5pkgs/compat/default.nix new file mode 100644 index 000000000..0d1e61b3b --- /dev/null +++ b/tv/5pkgs/compat/default.nix @@ -0,0 +1 @@ +self: super: {} diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index 82474ade5..c5c800b55 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -33,4 +33,16 @@ foldl' mergeAttrs {} ''; gnupg = self.gnupg22; + + pass = { + "18.03" = + self.callPackage ./compat/18.03/pass { + pass-otp = self.callPackage ./compat/18.03/pass-otp {}; + }; + "18.09" = + super.pass.withExtensions (ext: [ + ext.pass-otp + ]); + }.${versions.majorMinor nixpkgsVersion}; + } diff --git a/tv/5pkgs/simple/utsushi.nix b/tv/5pkgs/simple/utsushi.nix new file mode 100644 index 000000000..e61dd188f --- /dev/null +++ b/tv/5pkgs/simple/utsushi.nix @@ -0,0 +1,207 @@ +{ boost, fetchurl, file, imagemagick, libudev, libusb, pkgconfig, stdenv +, coreutils, dash, patchelf, writeScriptBin # for add-rpath + +, guiSupport ? false, gtkmm2 ? null +, jpegSupport ? true +, networkSupport ? false, dpkg ? null +, ocrSupport ? false, tesseract ? null +, saneSupport ? true, saneBackends ? null +, tiffSupport ? true, libtiff ? null + +# Logging defaults copied from Utsushi source (lib/log.cpp) +, logCategory ? "NOTHING" +, logLevel ? "FATAL" +}: + +# Logging possibilities copied from Utsushi source (utsushi/log.hpp) +assert builtins.elem logCategory [ + "NOTHING" + "SANE_BACKEND" + "ALL" +]; +assert builtins.elem logLevel [ + "FATAL" # famous last words + "ALERT" # outside intervention required + "ERROR" # something went wrong + "BRIEF" # short informational notes + "TRACE" # more chattery feedback + "DEBUG" # the gory details + "QUARK" # stack tracing feedback +]; + +let + + # usage: add-rpath LIBPATH [SOFILE...] + # Adds LIBPATH to each SOFILE's RPATH + add-rpath = writeScriptBin "add-rpath" '' + #! ${dash}/bin/dash + set -efu + path=$1; shift + for file; do + file=$(${coreutils}/bin/readlink -f "$file") + old_rpath=$(${patchelf}/bin/patchelf --print-rpath "$file") + new_rpath=''${old_rpath+$old_rpath:}$path + ${patchelf}/bin/patchelf --set-rpath "$new_rpath" "$file" + done + ''; + + imagescan-plugin-networkscan = stdenv.mkDerivation rec { + name = "imagescan-plugin-networkscan-${meta.version}"; + + src = + if stdenv.system == "i686-linux" then + fetchurl { + url = "https://download2.ebz.epson.net/imagescanv3/debian/latest1/deb/x64/imagescan-bundle-debian-9-1.3.21.x86.deb.tar.gz"; + sha256 = "16xv1pdfm2ryis815fawb7zqg6c4swww726g272ssx044r5dp80r"; + } + else if stdenv.system == "x86_64-linux" then + fetchurl { + url = "https://download2.ebz.epson.net/imagescanv3/debian/latest1/deb/x64/imagescan-bundle-debian-9-1.3.21.x64.deb.tar.gz"; + sha256 = "0zik35h2jwrvkwcmq55wc72imidwdnmn1bayhypzhjcz61rasjg2"; + } + else throw "${name} is not supported on ${stdenv.system} (only i686-linux and x86_64 linux are supported)"; + + dontBuild = true; + + installPhase = '' + # Wildcard * stand for either i386 or amd64 + ${dpkg}/bin/dpkg -x \ + plugins/imagescan-plugin-networkscan_${meta.version}-1epson4debian9_*.deb \ + tmp + + mv tmp/usr $out + ''; + + preFixup = '' + patchelf --set-interpreter \ + ${stdenv.glibc}/lib/ld-linux${stdenv.lib.optionalString stdenv.is64bit "-x86-64"}.so.2 \ + $out/lib/utsushi/networkscan + + # libstdc++.so.6 + patchelf --set-rpath ${stdenv.cc.cc.lib}/lib \ + $out/lib/utsushi/networkscan + ''; + + meta = { + description = "Epson Image Scan v3 networkscan plugin"; + longDescription = '' + This package provides the unfree networkscan plugin from the Epson + Image Scan v3 scanner driver bundle, which can be used by Utsushi. + ''; + homepage = "http://support.epson.net/linux/en/imagescanv3.php?version=${meta.version}"; + license = stdenv.lib.licenses.eapl; + maintainers = [ stdenv.lib.maintainers.tv ]; + platforms = stdenv.lib.platforms.linux; + version = "1.1.0"; + }; + }; + +in + +stdenv.mkDerivation rec { + name = "utsushi-${meta.version}"; + + src = fetchurl { + url = "http://support.epson.net/linux/src/scanner/imagescanv3/debian/imagescan_${meta.version}.orig.tar.gz"; + sha256 = "12mzq3wc8gzdma84pjs5gb0gp8mga13wax5g7vjfrzq8pjyqrnmw"; + }; + + preConfigure = '' + substituteInPlace configure \ + --replace /usr/bin/file ${file}/bin/file + + substituteInPlace lib/log.cpp \ + --replace FATAL ${logLevel} \ + --replace NOTHING ${logCategory} + ''; + + postInstall = '' + # Allow configuration to be done via /etc/utsushi.conf + ln -s /etc/utsushi.conf $out/etc/utsushi/utsushi.conf + + ${stdenv.lib.optionalString saneSupport '' + # Make this package compatible with hardware.sane.extraBackends + mkdir $out/etc/sane.d + echo utsushi > $out/etc/sane.d/dll.conf + mkdir $out/lib/sane + ln -s $out/lib/utsushi/sane/libsane-utsushi.* $out/lib/sane + ''} + + ${stdenv.lib.optionalString networkSupport '' + ln -s ${imagescan-plugin-networkscan}/lib/utsushi/networkscan \ + $out/libexec/utsushi/ + ''} + ''; + + # Fixup libraries which otherwise would end up broken like this: + # + # $ ldd .../blah.so | grep libboost_system + # libboost_system.so.X.Y.Z => not found + # libboost_system.so.X.Y.Z => /nix/store/.../libboost_system.so.X.Y.Z (...) + # + preFixup = '' + add-rpath ${boost}/lib $out/lib/utsushi/libdrv-esci.so + ${stdenv.lib.optionalString saneSupport '' + add-rpath ${boost}/lib $out/lib/utsushi/sane/libsane-utsushi.so + ''} + ''; + + nativeBuildInputs = [ + add-rpath + pkgconfig + ]; + + buildInputs = [ + boost + imagemagick + libudev + libusb + ] + ++ stdenv.lib.optional guiSupport gtkmm2 + ++ stdenv.lib.optional ocrSupport tesseract + ++ stdenv.lib.optional saneSupport saneBackends + ++ stdenv.lib.optional tiffSupport libtiff + ; + + NIX_CFLAGS_COMPILE = [ + "-Wno-error=deprecated-declarations" + "-Wno-error=unused-variable" + ]; + + configureFlags = [ + "--with-boost=${boost}" + "--with-magick" + "--with-magick-pp" + ] + ++ stdenv.lib.optionals guiSupport [ + "--with-gtkmm" + ] + ++ stdenv.lib.optionals jpegSupport [ + "--with-jpeg" + ] + ++ stdenv.lib.optionals saneSupport [ + "--with-sane" + ] + ++ stdenv.lib.optionals tiffSupport [ + "--with-tiff" + ] + ; + + meta = { + description = "Utsushi - Next Generation Image Acquisition"; + longDescription = '' + This software provides applications to easily turn hard-copy + documents and imagery into formats that are more amenable to + computer processing. + + Included are a native driver for a number of EPSON scanners + and a compatibility driver to interface with software built + around the SANE standard. + ''; + homepage = http://download.ebz.epson.net/dsc/search/01/search/?OSC=LX; + license = stdenv.lib.licenses.gpl3; + maintainers = [ stdenv.lib.maintainers.tv ]; + platforms = stdenv.lib.platforms.linux; + version = "3.48.0"; + }; +} diff --git a/tv/krops.nix b/tv/krops.nix index 231486ab7..e922630f7 100644 --- a/tv/krops.nix +++ b/tv/krops.nix @@ -16,6 +16,7 @@ # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) test = { target }: pkgs.krops.writeTest "tv-krops-${name}-ci" { + force = true; inherit source target; };