Merge remote-tracking branch 'lass/master'

This commit is contained in:
makefu 2016-11-27 15:24:22 +01:00
commit b94fc3265b
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
25 changed files with 193 additions and 107 deletions

View File

@ -1,5 +1,7 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with import <stockholm/lib>;
let let
inherit (pkgs) writeText; inherit (pkgs) writeText;
@ -7,27 +9,6 @@ let
elem elem
; ;
inherit (lib)
concatMapStringsSep
concatStringsSep
attrNames
unique
fold
any
attrValues
catAttrs
filter
flatten
length
hasAttr
hasPrefix
mkEnableOption
mkOption
mkIf
types
sort
;
cfg = config.krebs.iptables; cfg = config.krebs.iptables;
out = { out = {
@ -65,6 +46,14 @@ let
type = int; type = int;
default = 0; default = 0;
}; };
v4 = mkOption {
type = bool;
default = true;
};
v6 = mkOption {
type = bool;
default = true;
};
}; };
}))); })));
default = null; default = null;
@ -93,7 +82,7 @@ let
Type = "simple"; Type = "simple";
RemainAfterExit = true; RemainAfterExit = true;
Restart = "always"; Restart = "always";
ExecStart = "@${startScript} krebs-iptables_start"; ExecStart = startScript;
}; };
}; };
}; };
@ -109,7 +98,8 @@ let
buildChain = tn: cn: buildChain = tn: cn:
let let
sortedRules = sort (a: b: a.precedence > b.precedence) ts."${tn}"."${cn}".rules; filteredRules = filter (r: r."${v}") ts."${tn}"."${cn}".rules;
sortedRules = sort (a: b: a.precedence > b.precedence) filteredRules;
in in
#TODO: double check should be unneccessary, refactor! #TODO: double check should be unneccessary, refactor!
@ -123,13 +113,6 @@ let
buildRule = tn: cn: rule: buildRule = tn: cn: rule:
#target validation test:
assert (elem rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}"))) || hasPrefix "REDIRECT" rule.target || hasPrefix "DNAT" rule.target;
#predicate validation test:
#maybe use iptables-test
#TODO: howto exit with evaluation error by shellscript?
#apperantly not possible from nix because evalatution wouldn't be deterministic.
"${rule.predicate} -j ${rule.target}"; "${rule.predicate} -j ${rule.target}";
buildTable = tn: buildTable = tn:
@ -149,7 +132,7 @@ let
#===== #=====
rules4 = iptables-version: rules = iptables-version:
let let
#TODO: find out good defaults. #TODO: find out good defaults.
tables-defaults = { tables-defaults = {
@ -171,14 +154,14 @@ let
tables = tables-defaults // cfg.tables; tables = tables-defaults // cfg.tables;
in in
writeText "krebs-iptables-rules${toString iptables-version}" '' pkgs.writeText "krebs-iptables-rules${iptables-version}" ''
${buildTables iptables-version tables} ${buildTables iptables-version tables}
''; '';
startScript = pkgs.writeDash "krebs-iptables_start" '' startScript = pkgs.writeDash "krebs-iptables_start" ''
set -euf set -euf
iptables-restore < ${rules4 4} iptables-restore < ${rules "v4"}
ip6tables-restore < ${rules4 6} ip6tables-restore < ${rules "v6"}
''; '';
in in

View File

@ -53,9 +53,22 @@ let
default = ""; default = "";
}; };
ssl = mkOption { ssl = mkOption {
type = with types; submodule ({ type = with types; submodule ({ config, ... }: {
options = { options = {
enable = mkEnableOption "ssl"; enable = mkEnableOption "ssl";
acmeEnable = mkOption {
type = bool;
apply = x:
if x && config.enable
#conflicts because of certificate/certificate_key location
then throw "can't use ssl.enable and ssl.acmeEnable together"
else x;
default = false;
description = ''
enables automatical generation of lets-encrypt certificates and setting them as certificate
conflicts with ssl.enable
'';
};
certificate = mkOption { certificate = mkOption {
type = str; type = str;
}; };
@ -95,6 +108,7 @@ let
}; };
imp = { imp = {
security.acme.certs = mapAttrs (_: to-acme) (filterAttrs (_: server: server.ssl.acmeEnable) cfg.servers);
services.nginx = { services.nginx = {
enable = true; enable = true;
httpConfig = '' httpConfig = ''
@ -117,13 +131,24 @@ let
indent = replaceChars ["\n"] ["\n "]; indent = replaceChars ["\n"] ["\n "];
to-acme = { server-names, ssl, ... }:
optionalAttrs ssl.acmeEnable {
email = "lassulus@gmail.com";
webroot = "${config.security.acme.directory}/${head server-names}";
};
to-location = { name, value }: '' to-location = { name, value }: ''
location ${name} { location ${name} {
${indent value} ${indent value}
} }
''; '';
to-server = { server-names, listen, locations, extraConfig, ssl, ... }: '' to-server = { server-names, listen, locations, extraConfig, ssl, ... }: let
domain = head server-names;
acmeLocation = optionalAttrs ssl.acmeEnable (nameValuePair "/.well-known/acme-challenge" ''
root ${config.security.acme.certs.${domain}.webroot};
'');
in ''
server { server {
server_name ${toString (unique server-names)}; server_name ${toString (unique server-names)};
${concatMapStringsSep "\n" (x: indent "listen ${x};") listen} ${concatMapStringsSep "\n" (x: indent "listen ${x};") listen}
@ -142,7 +167,23 @@ let
ssl_ciphers ${ssl.ciphers}; ssl_ciphers ${ssl.ciphers};
ssl_protocols ${toString ssl.protocols}; ssl_protocols ${toString ssl.protocols};
'')} '')}
${optionalString ssl.acmeEnable (indent ''
${optionalString ssl.force_encryption ''
if ($scheme = http){
return 301 https://$server_name$request_uri;
}
''}
listen 443 ssl;
ssl_certificate ${config.security.acme.directory}/${domain}/fullchain.pem;
ssl_certificate_key ${config.security.acme.directory}/${domain}/key.pem;
${optionalString ssl.prefer_server_ciphers ''
ssl_prefer_server_ciphers On;
''}
ssl_ciphers ${ssl.ciphers};
ssl_protocols ${toString ssl.protocols};
'')}
${indent extraConfig} ${indent extraConfig}
${optionalString ssl.acmeEnable (indent (to-location acmeLocation))}
${indent (concatMapStrings to-location locations)} ${indent (concatMapStrings to-location locations)}
} }
''; '';

View File

@ -78,7 +78,9 @@ with import <stockholm/lib>;
extraZones = { extraZones = {
# TODO generate krebsco.de zone from nets and don't use extraZones at all # TODO generate krebsco.de zone from nets and don't use extraZones at all
"krebsco.de" = '' "krebsco.de" = ''
krebsco.de. 60 IN MX 5 mx23
cd 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr} cd 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
mx23 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
''; '';
}; };
nets = { nets = {
@ -213,7 +215,6 @@ with import <stockholm/lib>;
ni = { ni = {
extraZones = { extraZones = {
"krebsco.de" = '' "krebsco.de" = ''
krebsco.de. 60 IN MX 5 ni
ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
cgit 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} cgit 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
cgit.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} cgit.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
@ -351,11 +352,17 @@ with import <stockholm/lib>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa";
}; };
xu = { xu = {
binary-cache = {
pubkey = "xu-1:pYRENvaxZqGeImwLA9qHmRwHV4jfKaYx4u1VcZ31x0s=";
};
cores = 4; cores = 4;
nets = { nets = {
gg23 = { gg23 = {
ip4.addr = "10.23.1.38"; ip4.addr = "10.23.1.38";
aliases = ["xu.gg23"]; aliases = [
"cache.xu.gg23"
"xu.gg23"
];
ssh.port = 11423; ssh.port = 11423;
}; };
retiolum = { retiolum = {

View File

@ -37,7 +37,17 @@ rec {
}; };
}; };
writeBash = makeScriptWriter "${pkgs.bash}/bin/bash"; writeBash = name: text:
assert (with types; either absolute-pathname filename).check name;
pkgs.writeOut (baseNameOf name) {
${optionalString (types.absolute-pathname.check name) name} = {
check = pkgs.writeDash "shellcheck.sh" ''
${pkgs.haskellPackages.ShellCheck}/bin/shellcheck "$1" || :
'';
executable = true;
text = "#! ${pkgs.bash}/bin/bash\n${text}";
};
};
writeBashBin = name: writeBashBin = name:
assert types.filename.check name; assert types.filename.check name;
@ -91,6 +101,7 @@ rec {
writers.text = writers.text =
{ path { path
, check ? null
, executable ? false , executable ? false
, mode ? if executable then "0755" else "0644" , mode ? if executable then "0755" else "0644"
, text , text
@ -102,6 +113,9 @@ rec {
var = "file_${hashString "sha1" path}"; var = "file_${hashString "sha1" path}";
val = text; val = text;
install = /* sh */ '' install = /* sh */ ''
${optionalString (check != null) /* sh */ ''
${check} ''$${var}Path
''}
${pkgs.coreutils}/bin/install -m ${mode} -D ''$${var}Path $out${path} ${pkgs.coreutils}/bin/install -m ${mode} -D ''$${var}Path $out${path}
''; '';
}; };

View File

@ -5,8 +5,8 @@ stdenv.mkDerivation {
src = fetchgit { src = fetchgit {
url = http://cgit.ni.krebsco.de/dic; url = http://cgit.ni.krebsco.de/dic;
rev = "refs/tags/v1.0.0"; rev = "refs/tags/v1.0.1";
sha256 = "0f3f5dqpw5y79p2k68qw6jdlkrnapqs3nvnc41zwacyhgppiww0k"; sha256 = "1686mba1z4m7vq70w26qpl00z1cz286c9bya9ql36g6w2pbcs8d3";
}; };
phases = [ phases = [

View File

@ -19,6 +19,7 @@ stdenv.mkDerivation {
git git
gnugrep gnugrep
gnused gnused
nettools
openssh openssh
socat socat
]); ]);

View File

@ -1,11 +1,11 @@
{ mkDerivation, base, fetchgit, stdenv }: { mkDerivation, base, fetchgit, stdenv }:
mkDerivation { mkDerivation rec {
pname = "blessings"; pname = "blessings";
version = "1.0.0"; version = "1.1.0";
src = fetchgit { src = fetchgit {
url = http://cgit.ni.krebsco.de/blessings; url = http://cgit.ni.krebsco.de/blessings;
rev = "25a510dcb38ea9158e9969d56eb66cb1b860ab5f"; rev = "refs/tags/v${version}";
sha256 = "0xg329h1y68ndg4w3m1jp38pkg3gqg7r19q70gqqj4mswb6qcrqc"; sha256 = "1k908zap3694fcxdk4bb29s54b0lhdh557y10ybjskfwnym7szn1";
}; };
libraryHaskellDepends = [ base ]; libraryHaskellDepends = [ base ];
doHaddock = false; doHaddock = false;

View File

@ -2,6 +2,6 @@
fetchgit { fetchgit {
url = https://github.com/krebscode/painload; url = https://github.com/krebscode/painload;
rev = "8df031f810a2776d8c43b03a9793cb49398bd33b"; rev = "c113487f73713a03b1a139b22bb34b86234d0495";
sha256 = "03md5k6fmz0j1ny22iw96dzq7cvijbz24ii85i0h2dhcychdp650"; sha256 = "1irxklnmvm8wsa70ypjahkr8rfqq7357vcy8r0x1sfncs1hy6gr6";
} }

View File

@ -28,6 +28,9 @@ with import <stockholm/lib>;
services.xserver.enable = true; services.xserver.enable = true;
services.xserver.desktopManager.xfce.enable = true; services.xserver.desktopManager.xfce.enable = true;
networking.wireless.enable = true; networking.wireless.enable = true;
hardware.pulseaudio = {
enable = true;
};
users.users.ferret = { users.users.ferret = {
uid = genid "ferret"; uid = genid "ferret";
home = "/home/ferret"; home = "/home/ferret";

View File

@ -194,7 +194,9 @@ with import <stockholm/lib>;
{ predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
{ predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
{ predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
{ predicate = "-i retiolum"; target = "REJECT"; precedence = -10000; } { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
{ predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; }
{ predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; }
]; ];
}; };
}; };

View File

@ -12,7 +12,7 @@ let
msmtp = pkgs.writeBashBin "msmtp" '' msmtp = pkgs.writeBashBin "msmtp" ''
${pkgs.coreutils}/bin/tee >(${pkgs.notmuch}/bin/notmuch insert +sent) | \ ${pkgs.coreutils}/bin/tee >(${pkgs.notmuch}/bin/notmuch insert +sent) | \
${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@ ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} "$@"
''; '';
muttrc = pkgs.writeText "muttrc" '' muttrc = pkgs.writeText "muttrc" ''

View File

@ -3,6 +3,6 @@
{ {
krebs.build.source.nixpkgs.git = { krebs.build.source.nixpkgs.git = {
url = https://github.com/nixos/nixpkgs; url = https://github.com/nixos/nixpkgs;
ref = "0195ab84607ac3a3aa07a79d2d6c2781b1bb6731"; ref = "ee52e9809185bdf44452f2913e3f6ef839c15c4e";
}; };
} }

View File

@ -41,7 +41,7 @@ let
mirror.url = "${mirror}${name}"; mirror.url = "${mirror}${name}";
}; };
tv = { tv = {
origin.url = "http://cgit.ni.i/${name}"; origin.url = "http://cgit.ni.r/${name}";
mirror.url = "${mirror}${name}"; mirror.url = "${mirror}${name}";
}; };
lassulus = { lassulus = {

View File

@ -8,28 +8,29 @@ rec {
let let
domain = head domains; domain = head domains;
in { in {
security.acme = { #security.acme = {
certs."${domain}" = { # certs."${domain}" = {
email = "lassulus@gmail.com"; # email = "lassulus@gmail.com";
webroot = "/var/lib/acme/challenges/${domain}"; # webroot = "/var/lib/acme/challenges/${domain}";
plugins = [ # plugins = [
"account_key.json" # "account_key.json"
"key.pem" # "key.pem"
"fullchain.pem" # "fullchain.pem"
]; # ];
group = "nginx"; # group = "nginx";
allowKeysForGroup = true; # allowKeysForGroup = true;
extraDomains = genAttrs domains (_: null); # extraDomains = genAttrs domains (_: null);
}; # };
}; #};
krebs.nginx.servers."${domain}" = { krebs.nginx.servers."${domain}" = {
ssl.acmeEnable = true;
server-names = domains; server-names = domains;
locations = [ #locations = [
(nameValuePair "/.well-known/acme-challenge" '' # (nameValuePair "/.well-known/acme-challenge" ''
root /var/lib/acme/challenges/${domain}/; # root /var/lib/acme/challenges/${domain}/;
'') # '')
]; #];
}; };
}; };
@ -37,7 +38,7 @@ rec {
{ {
imports = [ imports = [
( manageCerts domains ) ( manageCerts domains )
( activateACME (head domains) ) #( activateACME (head domains) )
]; ];
}; };

View File

@ -70,9 +70,7 @@
extra-depends = deps; extra-depends = deps;
text = '' text = ''
import Data.Monoid import Data.Monoid
import System.IO import System.Environment (getArgs)
import Data.Char (chr)
import System.Environment (getEnv, getArgs)
import Crypto.PasswordStore (verifyPasswordWith, pbkdf2) import Crypto.PasswordStore (verifyPasswordWith, pbkdf2)
import qualified Data.ByteString.Char8 as BS8 import qualified Data.ByteString.Char8 as BS8
import System.Exit (exitFailure, exitSuccess) import System.Exit (exitFailure, exitSuccess)
@ -96,16 +94,29 @@
import System.Environment (getEnv) import System.Environment (getEnv)
import Crypto.PasswordStore (makePasswordWith, pbkdf2) import Crypto.PasswordStore (makePasswordWith, pbkdf2)
import qualified Data.ByteString.Char8 as BS8 import qualified Data.ByteString.Char8 as BS8
import System.IO (stdin, hSetEcho, putStrLn) import System.IO (stdin, stdout, hSetEcho, hFlush, putStr, putStrLn)
import Control.Exception (bracket_)
main :: IO () main :: IO ()
main = do main = do
home <- getEnv "HOME" home <- getEnv "HOME"
putStrLn "password:" mb_password <- bracket_ (hSetEcho stdin False) (hSetEcho stdin True) $ do
hSetEcho stdin False putStr "Enter new UNIX password: "
hFlush stdout
password <- BS8.hGetLine stdin password <- BS8.hGetLine stdin
putStrLn ""
putStr "Retype new UNIX password: "
hFlush stdout
password2 <- BS8.hGetLine stdin
return $ if password == password2
then Just password
else Nothing
case mb_password of
Just password -> do
hash <- makePasswordWith pbkdf2 password 10 hash <- makePasswordWith pbkdf2 password 10
BS8.writeFile (home ++ "/.shadow") hash BS8.writeFile (home ++ "/.shadow") hash
putStrLn "passwd: all authentication tokens updated successfully."
Nothing -> putStrLn "Sorry, passwords do not match"
''; '';
}; };
}; };

View File

@ -15,7 +15,6 @@ with import <stockholm/lib>;
../2configs/nginx/public_html.nix ../2configs/nginx/public_html.nix
../2configs/pulse.nix ../2configs/pulse.nix
../2configs/retiolum.nix ../2configs/retiolum.nix
../2configs/wu-binary-cache/client.nix
../2configs/xserver ../2configs/xserver
]; ];

View File

@ -16,7 +16,6 @@ with import <stockholm/lib>;
../2configs/nginx/public_html.nix ../2configs/nginx/public_html.nix
../2configs/pulse.nix ../2configs/pulse.nix
../2configs/retiolum.nix ../2configs/retiolum.nix
../2configs/wu-binary-cache
../2configs/xserver ../2configs/xserver
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

View File

@ -15,7 +15,7 @@ with import <stockholm/lib>;
../2configs/nginx/public_html.nix ../2configs/nginx/public_html.nix
../2configs/pulse.nix ../2configs/pulse.nix
../2configs/retiolum.nix ../2configs/retiolum.nix
../2configs/wu-binary-cache/client.nix ../2configs/binary-cache
../2configs/xserver ../2configs/xserver
../2configs/xu-qemu0.nix ../2configs/xu-qemu0.nix
{ {

View File

@ -21,7 +21,6 @@ with import <stockholm/lib>;
../2configs/nginx/public_html.nix ../2configs/nginx/public_html.nix
../2configs/pulse.nix ../2configs/pulse.nix
../2configs/retiolum.nix ../2configs/retiolum.nix
../2configs/wu-binary-cache/client.nix
../2configs/xserver ../2configs/xserver
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

View File

@ -58,6 +58,18 @@ with import <stockholm/lib>;
dst = { host = config.krebs.hosts.xu; path = "/bku/cd-home"; }; dst = { host = config.krebs.hosts.xu; path = "/bku/cd-home"; };
startAt = "07:00"; startAt = "07:00";
}; };
xu-pull-ni-ejabberd = {
method = "pull";
src = { host = config.krebs.hosts.ni; path = "/var/ejabberd"; };
dst = { host = config.krebs.hosts.xu; path = "/bku/ni-ejabberd"; };
startAt = "07:00";
};
xu-pull-ni-home = {
method = "pull";
src = { host = config.krebs.hosts.ni; path = "/home"; };
dst = { host = config.krebs.hosts.xu; path = "/bku/ni-home"; };
startAt = "07:00";
};
zu-home-xu = { zu-home-xu = {
method = "push"; method = "push";
src = { host = config.krebs.hosts.zu; path = "/home"; }; src = { host = config.krebs.hosts.zu; path = "/home"; };
@ -76,6 +88,18 @@ with import <stockholm/lib>;
dst = { host = config.krebs.hosts.zu; path = "/bku/cd-home"; }; dst = { host = config.krebs.hosts.zu; path = "/bku/cd-home"; };
startAt = "06:30"; startAt = "06:30";
}; };
zu-pull-ni-ejabberd = {
method = "pull";
src = { host = config.krebs.hosts.ni; path = "/var/ejabberd"; };
dst = { host = config.krebs.hosts.zu; path = "/bku/ni-ejabberd"; };
startAt = "06:00";
};
zu-pull-ni-home = {
method = "pull";
src = { host = config.krebs.hosts.ni; path = "/home"; };
dst = { host = config.krebs.hosts.zu; path = "/bku/ni-home"; };
startAt = "06:30";
};
} // mapAttrs (_: recursiveUpdate { } // mapAttrs (_: recursiveUpdate {
snapshots = { snapshots = {
minutely = { format = "%Y-%m-%dT%H:%M"; retain = 3; }; minutely = { format = "%Y-%m-%dT%H:%M"; retain = 3; };

View File

@ -1,22 +1,30 @@
{ config, lib, pkgs, ... }: with import <stockholm/lib>; { config, lib, pkgs, ... }: with import <stockholm/lib>;
{ {
services.nix-serve = assert config.krebs.build.host.name == "wu"; { environment.etc."binary-cache.pubkey".text =
config.krebs.build.host.binary-cache.pubkey;
services.nix-serve = {
enable = true; enable = true;
secretKeyFile = config.krebs.secret.files.nix-serve-key.path; secretKeyFile = config.krebs.secret.files.binary-cache-seckey.path;
}; };
systemd.services.nix-serve = { systemd.services.nix-serve = {
requires = ["secret.service"]; requires = ["secret.service"];
after = ["secret.service"]; after = ["secret.service"];
}; };
krebs.secret.files.nix-serve-key = {
krebs.secret.files.binary-cache-seckey = {
path = "/run/secret/nix-serve.key"; path = "/run/secret/nix-serve.key";
owner.name = "nix-serve"; owner.name = "nix-serve";
source-path = toString <secrets> + "/nix-serve.key"; source-path = toString <secrets> + "/nix-serve.key";
}; };
krebs.nginx = { krebs.nginx = {
enable = true; enable = true;
servers.nix-serve = { servers.nix-serve = {
server-names = [ "cache.wu.gg23" ]; server-names = [
"cache.${config.krebs.build.host.name}.gg23"
];
locations = singleton (nameValuePair "/" '' locations = singleton (nameValuePair "/" ''
proxy_pass http://localhost:${toString config.services.nix-serve.port}; proxy_pass http://localhost:${toString config.services.nix-serve.port};
''); '');

View File

@ -14,7 +14,7 @@ with import <stockholm/lib>;
stockholm.file = "/home/tv/stockholm"; stockholm.file = "/home/tv/stockholm";
nixpkgs.git = { nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs; url = https://github.com/NixOS/nixpkgs;
ref = "a6728e15cbca1d11553f01d7c3c477ae2debfd8e"; ref = "728a9578e31a0f78f6ad07a3a2ec706ec5290f10";
}; };
} // optionalAttrs host.secure { } // optionalAttrs host.secure {
secrets-master.file = "/home/tv/secrets/master"; secrets-master.file = "/home/tv/secrets/master";

View File

@ -29,8 +29,10 @@ let
cac-api = { cac-api = {
cgit.desc = "CloudAtCost API command line interface"; cgit.desc = "CloudAtCost API command line interface";
}; };
dic = {
cgit.desc = "dict.leo.org command line interface";
};
get = {}; get = {};
hack = {};
load-env = {}; load-env = {};
loldns = { loldns = {
cgit.desc = "toy DNS server"; cgit.desc = "toy DNS server";
@ -40,12 +42,9 @@ let
netcup = { netcup = {
cgit.desc = "netcup command line interface"; cgit.desc = "netcup command line interface";
}; };
newsbot-js = {};
nixpkgs = {};
populate = { populate = {
cgit.desc = "source code installer"; cgit.desc = "source code installer";
}; };
push = {};
regfish = {}; regfish = {};
soundcloud = { soundcloud = {
cgit.desc = "SoundCloud command line interface"; cgit.desc = "SoundCloud command line interface";
@ -53,8 +52,10 @@ let
stockholm = { stockholm = {
cgit.desc = "NixOS configuration"; cgit.desc = "NixOS configuration";
}; };
with-tmpdir = {}; } // mapAttrs (_: recursiveUpdate { cgit.section = "2. Host configurations"; }) {
} // mapAttrs (_: recursiveUpdate { cgit.section = "2. Haskell libraries"; }) { ni = {
};
} // mapAttrs (_: recursiveUpdate { cgit.section = "3. Haskell libraries"; }) {
blessings = {}; blessings = {};
mime = {}; mime = {};
quipper = {}; quipper = {};
@ -63,12 +64,15 @@ let
web-routes-wai-custom = {}; web-routes-wai-custom = {};
xintmap = {}; xintmap = {};
xmonad-stockholm = {}; xmonad-stockholm = {};
} // mapAttrs (_: recursiveUpdate { cgit.section = "3. museum"; }) { } // mapAttrs (_: recursiveUpdate { cgit.section = "4. museum"; }) {
cgserver = {}; cgserver = {};
crude-mail-setup = {}; crude-mail-setup = {};
dot-xmonad = {}; dot-xmonad = {};
make-snapshot = {};
nixos-infest = {}; nixos-infest = {};
painload = {}; painload = {};
push = {};
with-tmpdir = {};
}); });
restricted-repos = mapAttrs make-restricted-repo ( restricted-repos = mapAttrs make-restricted-repo (

View File

@ -1,7 +0,0 @@
_:
{
nix = {
binaryCaches = ["http://cache.wu.gg23"];
binaryCachePublicKeys = ["cache.wu-1:cdhA201O2R2Ect463vhJFmhpMaNyT/tOvzYvtceT9q8="];
};
}

View File

@ -35,9 +35,6 @@ with import <stockholm/lib>;
ff = pkgs.writeDashBin "ff" '' ff = pkgs.writeDashBin "ff" ''
exec ${pkgs.firefoxWrapper}/bin/firefox "$@" exec ${pkgs.firefoxWrapper}/bin/firefox "$@"
''; '';
gnupg = gnupg = pkgs.gnupg21;
if elem config.krebs.build.host.name ["xu" "wu"]
then super.gnupg21
else super.gnupg;
}; };
} }