From ea8b17f40b8f9e4532102c5e8183c8c2a38dda08 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 7 Feb 2017 13:57:03 +0100 Subject: [PATCH 1/4] m 2 logging: whitelist kibana port --- makefu/2configs/logging/central-logging-server.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/logging/central-logging-server.nix b/makefu/2configs/logging/central-logging-server.nix index e2cfe6948..90f8e6680 100644 --- a/makefu/2configs/logging/central-logging-server.nix +++ b/makefu/2configs/logging/central-logging-server.nix @@ -18,6 +18,6 @@ in { networking.firewall.extraCommands = '' iptables -A INPUT -i retiolum -p tcp --dport ${toString es-port} -j ACCEPT - iptables -A INPUT -i retiolum -p tcp --dport ${toString es-port} -j ACCEPT + iptables -A INPUT -i retiolum -p tcp --dport ${toString kibana-port} -j ACCEPT ''; } From 0ef6adccc7a9bcbff99fbe093593aa95a8eae7fa Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 Feb 2017 17:46:11 +0100 Subject: [PATCH 2/4] m 5 awesomecfg: everything literally exploded with awesome4.0 https://github.com/awesomeWM/awesome/issues/967 --- makefu/5pkgs/awesomecfg/full.cfg | 234 ++++++++++++++++++------------- 1 file changed, 138 insertions(+), 96 deletions(-) diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg index f42aea003..d780e2a03 100644 --- a/makefu/5pkgs/awesomecfg/full.cfg +++ b/makefu/5pkgs/awesomecfg/full.cfg @@ -68,7 +68,7 @@ vicious.register(mailwidget, vicious_mails,only_new ,60,"~/Mail/localhost") --mdirwidget = wibox.widget.textbox() --vicious.register(mdirwidget, vicious.widgets.mdir, ) -cpuwidget = awful.widget.graph() +cpuwidget = wibox.widget.graph() -- Graph properties cpuwidget:set_width(50) cpuwidget:set_background_color("#494B4F") @@ -82,23 +82,10 @@ vicious.register(batwidget, vicious.widgets.bat, "$2%", 61, "BAT0") -- {{{ Variable definitions -- Themes define colours, icons, and wallpapers --- beautiful.init("/usr/share/awesome/themes/default/theme.lua") - --- @awesome@/share/awesome/lib/beautiful.lua --- beautiful.init("@awesome@/share/awesome/themes/default/theme.lua") -- Find the default theme -function find_default_theme() - -- find the default lua theme in the package path - for path in package.path:gmatch('([^;]+);') do - if path:match('awesome.*share') then - theme_path = path:match('^([^?]*)') .. '../themes/default/theme.lua' - if awful.util.file_readable(theme_path) then return theme_path end - end - end -end -beautiful.init(find_default_theme()) +beautiful.init(awful.util.get_themes_dir() .. "default/theme.lua") client.connect_signal("focus", function(c) c.border_color = beautiful.border_focus end) client.connect_signal("unfocus", function(c) c.border_color = beautiful.border_normal end) @@ -116,7 +103,7 @@ browser = "firefox" modkey = "@modkey@" -- Table of layouts to cover with awful.layout.inc, order matters. -local layouts = +awful.layout.layouts = { awful.layout.suit.tile, -- awful.layout.suit.tile.left, @@ -128,8 +115,9 @@ local layouts = -- awful.layout.suit.spiral, -- awful.layout.suit.spiral.dwindle, awful.layout.suit.max, - awful.layout.suit.max.fullscreen --- awful.layout.suit.magnifier + awful.layout.suit.max.fullscreen, +-- awful.layout.suit.magnifier, + awful.layout.suit.corner.nw } -- }}} @@ -146,7 +134,6 @@ end tags = {} for s = 1, screen.count() do -- Each screen has its own tag table. - tags[s] = awful.tag({ "tmp", "news", "www", "im", "work1","work2","net","misc","remote" }, s, layouts[1]) end -- }}} @@ -174,11 +161,10 @@ menubar.utils.terminal = terminal -- Set the terminal for applications that requ -- {{{ Wibox -- Create a textclock widget -mytextclock = awful.widget.textclock() +mytextclock = wibox.widget.textclock() -- Create a wibox for each screen and add it mywibox = {} -mypromptbox = {} mylayoutbox = {} mytaglist = {} mytaglist.buttons = awful.util.table.join( @@ -224,49 +210,67 @@ mytasklist.buttons = awful.util.table.join( if client.focus then client.focus:raise() end end)) -for s = 1, screen.count() do +local function set_wallpaper(s) + -- Wallpaper + if beautiful.wallpaper then + local wallpaper = beautiful.wallpaper + -- If wallpaper is a function, call it with the screen + if type(wallpaper) == "function" then + wallpaper = wallpaper(s) + end + gears.wallpaper.maximized(wallpaper, s, true) + end +end + +awful.screen.connect_for_each_screen(function(s) + -- Wallpaper + set_wallpaper(s) + + -- Each screen has its own tag table. + awful.tag({ "tmp", "news", "www", "im", "work1","work2","net","misc","remote" }, s, awful.layout.layouts[1]) + -- Create a promptbox for each screen - mypromptbox[s] = awful.widget.prompt() + s.mypromptbox = awful.widget.prompt() -- Create an imagebox widget which will contains an icon indicating which layout we're using. -- We need one layoutbox per screen. - mylayoutbox[s] = awful.widget.layoutbox(s) - mylayoutbox[s]:buttons(awful.util.table.join( - awful.button({ }, 1, function () awful.layout.inc(layouts, 1) end), - awful.button({ }, 3, function () awful.layout.inc(layouts, -1) end), - awful.button({ }, 4, function () awful.layout.inc(layouts, 1) end), - awful.button({ }, 5, function () awful.layout.inc(layouts, -1) end))) + s.mylayoutbox = awful.widget.layoutbox(s) + s.mylayoutbox:buttons(awful.util.table.join( + awful.button({ }, 1, function () awful.layout.inc( 1) end), + awful.button({ }, 3, function () awful.layout.inc(-1) end), + awful.button({ }, 4, function () awful.layout.inc( 1) end), + awful.button({ }, 5, function () awful.layout.inc(-1) end))) -- Create a taglist widget - mytaglist[s] = awful.widget.taglist(s, awful.widget.taglist.filter.all, mytaglist.buttons) + s.mytaglist = awful.widget.taglist(s, awful.widget.taglist.filter.all, taglist_buttons) -- Create a tasklist widget - mytasklist[s] = awful.widget.tasklist(s, awful.widget.tasklist.filter.currenttags, mytasklist.buttons) + s.mytasklist = awful.widget.tasklist(s, awful.widget.tasklist.filter.currenttags, tasklist_buttons) -- Create the wibox - mywibox[s] = awful.wibox({ position = "top", screen = s }) + s.mywibox = awful.wibar({ position = "top", screen = s }) - -- Widgets that are aligned to the left - local left_layout = wibox.layout.fixed.horizontal() - left_layout:add(mylauncher) - left_layout:add(mytaglist[s]) - left_layout:add(mypromptbox[s]) + -- Add widgets to the wibox + s.mywibox:setup { + layout = wibox.layout.align.horizontal, + { -- Left widgets + layout = wibox.layout.fixed.horizontal, + mylauncher, + s.mytaglist, + s.mypromptbox, + }, + s.mytasklist, -- Middle widget + { -- Right widgets + layout = wibox.layout.fixed.horizontal, + mykeyboardlayout, + mailwidget, + wibox.widget.systray(), + cpuwidget, + batwidget, + mytextclock, + s.mylayoutbox, + }, + } +end) - -- Widgets that are aligned to the right - local right_layout = wibox.layout.fixed.horizontal() - right_layout:add(mailwidget) - if s == 1 then right_layout:add(wibox.widget.systray()) end - right_layout:add(cpuwidget) - right_layout:add(batwidget) - right_layout:add(mytextclock) - right_layout:add(mylayoutbox[s]) - - -- Now bring it all together (with the tasklist in the middle) - local layout = wibox.layout.align.horizontal() - layout:set_left(left_layout) - layout:set_middle(mytasklist[s]) - layout:set_right(right_layout) - - mywibox[s]:set_widget(layout) -end -- }}} -- {{{ Mouse bindings @@ -310,20 +314,41 @@ globalkeys = awful.util.table.join( end), -- Standard program - awful.key({ modkey, }, "Return", function () awful.util.spawn(terminal) end), - awful.key({ modkey, "Control" }, "r", awesome.restart), - awful.key({ modkey, "Shift" }, "q", awesome.quit), + awful.key({ modkey, }, "Return", function () awful.spawn(terminal) end, + {description = "open a terminal", group = "launcher"}), + awful.key({ modkey, "Control" }, "r", awesome.restart, + {description = "reload awesome", group = "awesome"}), + awful.key({ modkey, "Shift" }, "q", awesome.quit, + {description = "quit awesome", group = "awesome"}), + + awful.key({ modkey, }, "l", function () awful.tag.incmwfact( 0.05) end, + {description = "increase master width factor", group = "layout"}), + awful.key({ modkey, }, "h", function () awful.tag.incmwfact(-0.05) end, + {description = "decrease master width factor", group = "layout"}), + awful.key({ modkey, "Shift" }, "h", function () awful.tag.incnmaster( 1, nil, true) end, + {description = "increase the number of master clients", group = "layout"}), + awful.key({ modkey, "Shift" }, "l", function () awful.tag.incnmaster(-1, nil, true) end, + {description = "decrease the number of master clients", group = "layout"}), + awful.key({ modkey, "Control" }, "h", function () awful.tag.incncol( 1, nil, true) end, + {description = "increase the number of columns", group = "layout"}), + awful.key({ modkey, "Control" }, "l", function () awful.tag.incncol(-1, nil, true) end, + {description = "decrease the number of columns", group = "layout"}), + awful.key({ modkey, }, "space", function () awful.layout.inc( 1) end, + {description = "select next", group = "layout"}), + awful.key({ modkey, "Shift" }, "space", function () awful.layout.inc(-1) end, + {description = "select previous", group = "layout"}), + awful.key({ modkey, "Control" }, "n", + function () + local c = awful.client.restore() + -- Focus restored client + if c then + client.focus = c + c:raise() + end + end, + {description = "restore minimized", group = "client"}), - awful.key({ modkey, }, "l", function () awful.tag.incmwfact( 0.05) end), - awful.key({ modkey, }, "h", function () awful.tag.incmwfact(-0.05) end), - awful.key({ modkey, "Shift" }, "h", function () awful.tag.incnmaster( 1) end), - awful.key({ modkey, "Shift" }, "l", function () awful.tag.incnmaster(-1) end), - awful.key({ modkey, "Control" }, "h", function () awful.tag.incncol( 1) end), - awful.key({ modkey, "Control" }, "l", function () awful.tag.incncol(-1) end), - awful.key({ modkey, }, "space", function () awful.layout.inc(layouts, 1) end), - awful.key({ modkey, "Shift" }, "space", function () awful.layout.inc(layouts, -1) end), - awful.key({ modkey, "Control" }, "n", awful.client.restore), awful.key({ }, "XF86AudioRaiseVolume", function () awful.util.spawn("amixer set Master 5%+", false) end), awful.key({ }, "XF86AudioLowerVolume", function () @@ -332,18 +357,23 @@ globalkeys = awful.util.table.join( awful.util.spawn("amixer -q -D default sset Master toggle", false) end), -- Prompt - awful.key({ modkey }, "r", function () mypromptbox[mouse.screen]:run() end), + awful.key({ modkey }, "r", function () awful.screen.focused().mypromptbox:run() end, + {description = "run prompt", group = "launcher"}), -- awful.key({ modkey }, "r", function () awful.util.spawn( "dmenu_run" ) end ), awful.key({ modkey,"Control" }, "BackSpace", function () awful.util.spawn("xlock -mode blank") end), awful.key({ }, "XF86ScreenSaver", function () awful.util.spawn("xlock -mode blank") end), - awful.key({ modkey }, "x", - function () - awful.prompt.run({ prompt = "Run Lua code: " }, - mypromptbox[mouse.screen].widget, - awful.util.eval, nil, - awful.util.getdir("cache") .. "/history_eval") - end), + awful.key({ modkey }, "x", + function () + awful.prompt.run { + prompt = "Run Lua code: ", + textbox = awful.screen.focused().mypromptbox.widget, + exe_callback = awful.util.eval, + history_path = awful.util.get_cache_dir() .. "/history_eval" + } + end, + {description = "lua execute prompt", group = "awesome"}), + -- Menubar awful.key({ modkey }, "p", function() menubar.show() end) ) @@ -370,43 +400,55 @@ clientkeys = awful.util.table.join( -- Compute the maximum number of digit we need, limited to 9 keynumber = 0 -for s = 1, screen.count() do - keynumber = math.min(9, math.max(#tags[s], keynumber)) -end --- Bind all key numbers to tags. --- Be careful: we use keycodes to make it works on any keyboard layout. --- This should map on the top row of your keyboard, usually 1 to 9. -for i = 1, keynumber do +for i = 1, 9 do globalkeys = awful.util.table.join(globalkeys, + -- View tag only. awful.key({ modkey }, "#" .. i + 9, function () - local screen = mouse.screen - if tags[screen][i] then - awful.tag.viewonly(tags[screen][i]) + local screen = awful.screen.focused() + local tag = screen.tags[i] + if tag then + tag:view_only() end - end), + end, + {description = "view tag #"..i, group = "tag"}), + -- Toggle tag display. awful.key({ modkey, "Control" }, "#" .. i + 9, function () - local screen = mouse.screen - if tags[screen][i] then - awful.tag.viewtoggle(tags[screen][i]) + local screen = awful.screen.focused() + local tag = screen.tags[i] + if tag then + awful.tag.viewtoggle(tag) end - end), + end, + {description = "toggle tag #" .. i, group = "tag"}), + -- Move client to tag. awful.key({ modkey, "Shift" }, "#" .. i + 9, function () - if client.focus and tags[client.focus.screen][i] then - awful.client.movetotag(tags[client.focus.screen][i]) - end - end), + if client.focus then + local tag = client.focus.screen.tags[i] + if tag then + client.focus:move_to_tag(tag) + end + end + end, + {description = "move focused client to tag #"..i, group = "tag"}), + -- Toggle tag on focused client. awful.key({ modkey, "Control", "Shift" }, "#" .. i + 9, function () - if client.focus and tags[client.focus.screen][i] then - awful.client.toggletag(tags[client.focus.screen][i]) + if client.focus then + local tag = client.focus.screen.tags[i] + if tag then + client.focus:toggle_tag(tag) + end end - end)) + end, + {description = "toggle focused client on tag #" .. i, group = "tag"}) + ) end + clientbuttons = awful.util.table.join( awful.button({ }, 1, function (c) client.focus = c; c:raise() end), awful.button({ modkey }, 1, awful.mouse.client.move), From ed406bd979609fd05f5846049f571f43e6512050 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 9 Feb 2017 09:50:28 +0100 Subject: [PATCH 3/4] proot: fix seccomp filters --- krebs/5pkgs/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index c1ec0f333..e01b6e804 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -44,6 +44,14 @@ with import ; }; buildbot-worker = callPackage ./buildbot/worker.nix {}; + # https://github.com/proot-me/PRoot/issues/106 + proot = overrideDerivation pkgs.proot (oldAttrs: { + patches = singleton (pkgs.fetchurl { + url = https://github.com/openmole/PRoot/commit/10119a1f1fd7dea012464ae176c2b5fc3eb18928.diff; + sha256 = "0cmd95mz8p5ifjvfvi4g9zzyxqddbscxin2j3a9zbmbjl2wi458g"; + }); + }); + # XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d symlinkJoin = { name, paths, ... }@args: let x = pkgs.symlinkJoin args; From c34f8a33dc0d10e471fa6f4fb7d6e7dd54164ff2 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 9 Feb 2017 15:11:02 +0100 Subject: [PATCH 4/4] packageOverrides: allow using pkgs in addition to oldpkgs --- krebs/5pkgs/default.nix | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index c79a639a4..ec9b6bdba 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -1,13 +1,13 @@ { config, lib, pkgs, ... }@args: with import ; { - nixpkgs.config.packageOverrides = pkgs: let + nixpkgs.config.packageOverrides = oldpkgs: let # This callPackage will try to detect obsolete overrides. callPackage = path: args: let override = pkgs.callPackage path args; upstream = optionalAttrs (override ? "name") - (pkgs.${(parseDrvName override.name).name} or {}); + (oldpkgs.${(parseDrvName override.name).name} or {}); in if upstream ? "name" && override ? "name" && compareVersions upstream.name override.name != -1 @@ -22,7 +22,7 @@ with import ; // { empty = pkgs.runCommand "empty-1.0.0" {} "mkdir $out"; - haskellPackages = pkgs.haskellPackages.override { + haskellPackages = oldpkgs.haskellPackages.override { overrides = self: super: mapAttrs (name: path: self.callPackage path {}) (mapAttrs' @@ -45,16 +45,15 @@ with import ; buildbot-worker = callPackage ./buildbot/worker.nix {}; # https://github.com/proot-me/PRoot/issues/106 - proot = pkgs.writeScriptBin "proot" '' - #!${pkgs.dash}/bin/dash + proot = pkgs.writeDashBin "proot" '' export PROOT_NO_SECCOMP=1 - exec ${pkgs.proot}/bin/proot "$@" + exec ${oldpkgs.proot}/bin/proot "$@" ''; # XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d symlinkJoin = { name, paths, ... }@args: let - x = pkgs.symlinkJoin args; - in if typeOf x != "lambda" then x else pkgs.symlinkJoin name paths; + x = oldpkgs.symlinkJoin args; + in if typeOf x != "lambda" then x else oldpkgs.symlinkJoin name paths; test = { infest-cac-centos7 = callPackage ./test/infest-cac-centos7 {};