From c7ec729c6b8b068a6a817f803f0befe14dbd5569 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Nov 2016 13:20:27 +0100 Subject: [PATCH 1/9] l 1 helios: enable pulseaudio --- lass/1systems/helios.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 82db8ef7b..4472816e3 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -28,6 +28,9 @@ with import ; services.xserver.enable = true; services.xserver.desktopManager.xfce.enable = true; networking.wireless.enable = true; + hardware.pulseaudio = { + enable = true; + }; users.users.ferret = { uid = genid "ferret"; home = "/home/ferret"; From 5b1e5bbe0e6cbeb052e9087e87d476166cebdec5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Nov 2016 15:06:46 +0100 Subject: [PATCH 2/9] l 1 mors: remove obsolete chromium-patched --- lass/1systems/mors.nix | 1 - lass/2configs/chromium-patched.nix | 48 ------------------------------ 2 files changed, 49 deletions(-) delete mode 100644 lass/2configs/chromium-patched.nix diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 742d42bf8..99705cbf1 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -17,7 +17,6 @@ with import ; ../2configs/elster.nix ../2configs/steam.nix ../2configs/wine.nix - ../2configs/chromium-patched.nix ../2configs/git.nix ../2configs/skype.nix ../2configs/teamviewer.nix diff --git a/lass/2configs/chromium-patched.nix b/lass/2configs/chromium-patched.nix deleted file mode 100644 index d9d7760dd..000000000 --- a/lass/2configs/chromium-patched.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ config, pkgs, ... }: - -#settings to test: -# - #"ForceEphemeralProfiles": true, -let - masterPolicy = pkgs.writeText "master.json" '' - { - "PasswordManagerEnabled": false, - "DefaultGeolocationSetting": 2, - "RestoreOnStartup": 1, - "AutoFillEnabled": false, - "BackgroundModeEnabled": false, - "DefaultBrowserSettingEnabled": false, - "SafeBrowsingEnabled": false, - "ExtensionInstallForcelist": [ - "cjpalhdlnbpafiamejdnhcphjbkeiagm;https://clients2.google.com/service/update2/crx", - "ihlenndgcmojhcghmfjfneahoeklbjjh;https://clients2.google.com/service/update2/crx" - ] - } - ''; - - master_preferences = pkgs.writeText "master_preferences" '' - { - "browser": { - "custom_chrome_frame": true - }, - - "extensions": { - "theme": { - "id": "", - "use_system": true - } - } - } - ''; -in { - environment.etc."chromium/policies/managed/master.json".source = pkgs.lib.mkForce masterPolicy; - - #environment.systemPackages = [ - # #pkgs.chromium - # (pkgs.lib.overrideDerivation pkgs.chromium (attrs: { - # buildCommand = attrs.buildCommand + '' - # touch $out/TEST123 - # ''; - # })) - #]; -} From bc3828ed33903f412aa56b61de4aee876837b115 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Nov 2016 15:18:52 +0100 Subject: [PATCH 3/9] l 2 baseX: add dic to pkgs --- lass/2configs/baseX.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 4b05e3296..fbab23500 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -31,6 +31,7 @@ in { environment.systemPackages = with pkgs; [ acpi + dic dmenu gitAndTools.qgit lm_sensors From 5063613c4980145de2dd1ff4687e730b02115807 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Nov 2016 15:19:08 +0100 Subject: [PATCH 4/9] l 2 buildbot: fix buildbot finally (please) --- lass/2configs/buildbot-standalone.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 7422abdc8..e7fbccb77 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -36,7 +36,7 @@ in { }; builder_pre = '' # prepare grab_repo step for stockholm - grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental', alwaysUseLatest=True) + grab_repo = steps.Git(repourl=stockholm_repo, mode='full') # TODO: get nixpkgs/stockholm paths from krebs env_lass = { From 8387e569be5cb4ce48423f0c9c989f524ac83aa2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Nov 2016 15:21:36 +0100 Subject: [PATCH 5/9] l 2 downloading: uriel -> helios --- lass/2configs/downloading.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index 79a609e2b..ca0aded78 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -14,8 +14,8 @@ with import ; ]; openssh.authorizedKeys.keys = with config.krebs.users; [ lass.pubkey - lass-uriel.pubkey lass-shodan.pubkey + lass-helios.pubkey makefu.pubkey ]; }; From a5c6edac90da0cbfe3d60ee8c920256f9e0f6738 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Nov 2016 15:24:28 +0100 Subject: [PATCH 6/9] l 2 websites util: more power to owncloud --- lass/2configs/websites/util.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index 3356fe9a8..0b2a6faac 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -88,6 +88,7 @@ rec { # set max upload size client_max_body_size 10G; fastcgi_buffers 64 4K; + fastcgi_read_timeout 120; # Disable gzip to avoid the removal of the ETag header gzip off; @@ -164,10 +165,11 @@ rec { user = nginx group = nginx pm = dynamic - pm.max_children = 5 + pm.max_children = 32 + pm.max_requests = 500 pm.start_servers = 2 - pm.min_spare_servers = 1 - pm.max_spare_servers = 3 + pm.min_spare_servers = 2 + pm.max_spare_servers = 5 listen.owner = nginx listen.group = nginx php_admin_value[error_log] = 'stderr' From ca1d6b3588395f3e940fcaefc0914777db33ca38 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 28 Nov 2016 13:06:00 +0100 Subject: [PATCH 7/9] l 3 iptables: set defaults correctly --- krebs/3modules/iptables.nix | 30 +++++------------------------- 1 file changed, 5 insertions(+), 25 deletions(-) diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix index a4a4de6f9..09b493c20 100644 --- a/krebs/3modules/iptables.nix +++ b/krebs/3modules/iptables.nix @@ -29,9 +29,10 @@ let tables = mkOption { type = with types; attrsOf (attrsOf (submodule ({ options = { + #TODO: find out good defaults. policy = mkOption { type = str; - default = "-"; + default = "ACCEPT"; }; rules = mkOption { type = nullOr (listOf (submodule ({ @@ -133,30 +134,9 @@ let #===== rules = iptables-version: - let - #TODO: find out good defaults. - tables-defaults = { - nat.PREROUTING.policy = "ACCEPT"; - nat.INPUT.policy = "ACCEPT"; - nat.OUTPUT.policy = "ACCEPT"; - nat.POSTROUTING.policy = "ACCEPT"; - filter.INPUT.policy = "ACCEPT"; - filter.FORWARD.policy = "ACCEPT"; - filter.OUTPUT.policy = "ACCEPT"; - - #if someone specifies any other rules on this chain, the default rules get lost. - #is this wanted beahiviour or a bug? - #TODO: implement abstraction of rules - filter.INPUT.rules = [ - { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; } - ]; - }; - tables = tables-defaults // cfg.tables; - - in - pkgs.writeText "krebs-iptables-rules${iptables-version}" '' - ${buildTables iptables-version tables} - ''; + pkgs.writeText "krebs-iptables-rules${iptables-version}" '' + ${buildTables iptables-version cfg.tables} + ''; startScript = pkgs.writeDash "krebs-iptables_start" '' set -euf From b1260b5eaa60dd648e596773089561276da222db Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 28 Nov 2016 13:06:22 +0100 Subject: [PATCH 8/9] l 2 nixpkgs: ee52e98 -> ece0cea --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index caca98746..be54d120a 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "ee52e9809185bdf44452f2913e3f6ef839c15c4e"; + ref = "ece0cea127f0a8799a6bd3b12c368193491f9058"; }; } From d8da51621e44f6577e6d725b6263837cfa70f2bd Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 28 Nov 2016 19:06:00 +0100 Subject: [PATCH 9/9] l 2 vim: add trailing space to buffer bindings --- lass/2configs/vim.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index aac2b96d4..bfaae24c8 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -175,8 +175,8 @@ let "Syntastic config let g:syntastic_python_checkers=['flake8'] - nmap q :buffer - nmap :buffer + nmap q :buffer + nmap :buffer cnoremap