Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'lass/21.11' into 21.11

Browse Source
This commit is contained in:
makefu 2021-12-04 18:33:43 +01:00
commit c22610c8e6
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
14 changed files with 52 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
krebs/3modules/brockman.nix
View File

@ -11,10 +11,12 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
users.extraUsers.brockman = { users.extraUsers.brockman = {
home = "/var/lib/brockman"; home = "/var/lib/brockman";
group = "brockman";
createHome = true; createHome = true;
isSystemUser = true; isSystemUser = true;
uid = genid_uint31 "brockman"; uid = genid_uint31 "brockman";
}; };
users.groups.brockman = {};
systemd.services.brockman = { systemd.services.brockman = {
description = "RSS to IRC broadcaster"; description = "RSS to IRC broadcaster";

1
krebs/3modules/buildbot/master.nix
View File

@ -319,6 +319,7 @@ let
users.extraUsers.buildbotMaster = { users.extraUsers.buildbotMaster = {
uid = genid "buildbotMaster"; uid = genid "buildbotMaster";
group = "buildbotMaster";
description = "Buildbot Master"; description = "Buildbot Master";
home = cfg.workDir; home = cfg.workDir;
createHome = false; createHome = false;

1
krebs/3modules/buildbot/slave.nix
View File

@ -128,6 +128,7 @@ let
users.extraUsers.buildbotSlave = { users.extraUsers.buildbotSlave = {
uid = genid "buildbotSlave"; uid = genid "buildbotSlave";
group = "buildbotSlave";
description = "Buildbot Slave"; description = "Buildbot Slave";
home = cfg.workDir; home = cfg.workDir;
createHome = false; createHome = false;

3
krebs/3modules/github-hosts-sync.nix
View File

@ -66,11 +66,14 @@ let
users.users.${user.name} = { users.users.${user.name} = {
inherit (user) uid; inherit (user) uid;
group = user.name;
home = cfg.dataDir; home = cfg.dataDir;
isSystemUser = true; isSystemUser = true;
}; };
}; };
users.groups.${user.name} = {};
user = rec { user = rec {
mail = "${name}@${config.krebs.build.host.name}"; mail = "${name}@${config.krebs.build.host.name}";
name = "github-hosts-sync"; name = "github-hosts-sync";

3
krebs/3modules/htgen.nix
View File

@ -69,10 +69,13 @@ let
users.users = mapAttrs' (name: htgen: users.users = mapAttrs' (name: htgen:
nameValuePair htgen.user.name { nameValuePair htgen.user.name {
inherit (htgen.user) home name uid; inherit (htgen.user) home name uid;
group = htgen.user.name;
createHome = true; createHome = true;
isSystemUser = true; isSystemUser = true;
} }
) cfg; ) cfg;
users.groups = mapAttrs (_: _: {}) cfg;
}; };
in out in out

3
krebs/3modules/realwallpaper.nix
View File

@ -59,10 +59,13 @@ let
users.extraUsers.realwallpaper = { users.extraUsers.realwallpaper = {
uid = genid "realwallpaper"; uid = genid "realwallpaper";
group = "realwallpaper";
home = cfg.workingDir; home = cfg.workingDir;
createHome = true; createHome = true;
isSystemUser = true; isSystemUser = true;
}; };
users.groups.realwallpaper = {};
}; };
in in

3
krebs/3modules/tinc_graphs.nix
View File

@ -128,9 +128,12 @@ let
users.extraUsers.tinc_graphs = { users.extraUsers.tinc_graphs = {
uid = genid_uint31 "tinc_graphs"; uid = genid_uint31 "tinc_graphs";
group = "tinc_graphs";
home = "/var/spool/tinc_graphs"; home = "/var/spool/tinc_graphs";
isSystemUser = true; isSystemUser = true;
}; };
users.groups.tinc_graphs = {};
services.nginx = mkIf cfg.nginx.enable { services.nginx = mkIf cfg.nginx.enable {
enable = mkDefault true; enable = mkDefault true;
virtualHosts = { virtualHosts = {

8
krebs/nixpkgs-unstable.json
View File

@ -1,9 +1,9 @@
{ {
"url": "https://github.com/NixOS/nixpkgs", "url": "https://github.com/NixOS/nixpkgs",
"rev": "715f63411952c86c8f57ab9e3e3cb866a015b5f2", "rev": "6daa4a5c045d40e6eae60a3b6e427e8700f1c07f",
"date": "2021-11-17T14:17:56+01:00", "date": "2021-12-01T17:29:12+01:00",
"path": "/nix/store/85yrz3ygrzkgw87fp3j42i1i9f4vf0n0-nixpkgs", "path": "/nix/store/g62v0nj6b8v9qb5q0wxjss9q8y9qcg3r-nixpkgs",
"sha256": "152kxfk11mgwg8gx0s1rgykyydfb7s746yfylvbwk5mk5cv4z9nv", "sha256": "1wg55jlxyvbjvm8x2rcirmvqws4y8xq504dn3yjp05m1bajhpj5r",
"fetchLFS": false, "fetchLFS": false,
"fetchSubmodules": false, "fetchSubmodules": false,
"deepClone": false, "deepClone": false,

8
krebs/nixpkgs.json
View File

@ -1,9 +1,9 @@
{ {
"url": "https://github.com/NixOS/nixpkgs", "url": "https://github.com/NixOS/nixpkgs",
"rev": "24528474d2b3370f2f23879a557ae2cc92a5d50b", "rev": "a640d8394f34714578f3e6335fc767d0755d78f9",
"date": "2021-11-19T11:04:27+01:00", "date": "2021-12-01T16:06:54+01:00",
"path": "/nix/store/f435816nqq7y14ar1haadw228nbxnh33-nixpkgs", "path": "/nix/store/88zw2qrbzaq3bnnsmz9qc4lvkwg0168g-nixpkgs",
"sha256": "0pdmqzk1l7cwwfp005kzv0dwnmg8xnskzc745052gdxp8pzh1w45", "sha256": "1dyyzgcmlhpsdb4ngiy8m0x10qmh0r56ky75r8ppvvh730m3lhfj",
"fetchLFS": false, "fetchLFS": false,
"fetchSubmodules": false, "fetchSubmodules": false,
"deepClone": false, "deepClone": false,

2
krebs/update-nixpkgs.sh
View File

@ -3,7 +3,7 @@ dir=$(dirname $0)
oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
--url https://github.com/NixOS/nixpkgs \ --url https://github.com/NixOS/nixpkgs \
--rev refs/heads/nixos-21.05' \ --rev refs/heads/nixos-21.11' \
> $dir/nixpkgs.json > $dir/nixpkgs.json
newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev" git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev"

10
lass/1systems/coaxmetal/physical.nix
View File

@ -56,14 +56,4 @@
xinput set-prop 'ETPS/2 Elantech TrackPoint' 'Evdev Wheel Emulation Button' 2 xinput set-prop 'ETPS/2 Elantech TrackPoint' 'Evdev Wheel Emulation Button' 2
xinput set-prop 'ETPS/2 Elantech TrackPoint' 'Evdev Wheel Emulation Axes' 6 7 4 5 xinput set-prop 'ETPS/2 Elantech TrackPoint' 'Evdev Wheel Emulation Axes' 6 7 4 5
''; '';
# https://forums.lenovo.com/t5/Fedora/T14s-AMD-Trackpoint-almost-unusable/m-p/5064952?page=4
# https://bugzilla.kernel.org/show_bug.cgi?id=209167#c1
boot.kernelPatches = [{
name = "fix-trackpoint-jumping";
patch = pkgs.fetchurl {
url = "https://patchwork.kernel.org/project/linux-input/patch/20210729010940.5752-1-phoenix@emc.com.tw/raw/";
sha256 = "0apbf7c8w830dbdsrmxpip90d5zbg74a939x89jfgpvm5gbdqdjg";
};
}];
} }

17
lass/2configs/bitlbee.nix
View File

@ -11,9 +11,22 @@ with (import <stockholm/lib>);
pkgs.bitlbee-discord pkgs.bitlbee-discord
]; ];
libpurple_plugins = [ libpurple_plugins = [
# pkgs.telegram-purple pkgs.telegram-purple
pkgs.tdlib-purple # pkgs.tdlib-purple
# pkgs.purple-gowhatsapp # pkgs.purple-gowhatsapp
]; ];
}; };
users.users.bitlbee = {
uid = genid_uint31 "bitlbee";
isSystemUser = true;
group = "bitlbee";
};
users.groups.bitlbee = {};
systemd.services.bitlbee.serviceConfig = {
DynamicUser = lib.mkForce false;
User = "bitlbee";
StateDirectory = lib.mkForce null;
};
} }

11
lass/2configs/hass/default.nix
View File

@ -119,13 +119,10 @@ in {
services.mosquitto = { services.mosquitto = {
enable = true; enable = true;
host = "0.0.0.0"; listeners = [{
allowAnonymous = false; acl = [ "topic pattern readwrite #" ];
checkPasswords = true; users.gg23 = { acl = [ "topic readwrite #" ]; password = "gg23-mqtt"; };
users.gg23 = { }];
password = "gg23-mqtt";
acl = [ "topic readwrite #" ];
};
}; };
environment.systemPackages = [ pkgs.mosquitto ]; environment.systemPackages = [ pkgs.mosquitto ];

17
lass/3modules/usershadow.nix
View File

@ -28,23 +28,22 @@
session required pam_permit.so session required pam_permit.so
''; '';
security.pam.services.dovecot2 = { security.pam.services.dovecot2.text = ''
text = '' auth required pam_exec.so expose_authtok /run/wrappers/bin/shadow_verify_pam ${cfg.pattern}
auth required pam_exec.so expose_authtok /run/wrappers/bin/shadow_verify_pam ${cfg.pattern} auth required pam_permit.so
auth required pam_permit.so account required pam_permit.so
account required pam_permit.so session required pam_permit.so
session required pam_permit.so '';
session required pam_env.so envfile=${config.system.build.pamEnvironment}
'';
};
security.wrappers.shadow_verify_pam = { security.wrappers.shadow_verify_pam = {
source = "${usershadow}/bin/verify_pam"; source = "${usershadow}/bin/verify_pam";
owner = "root"; owner = "root";
group = "root";
}; };
security.wrappers.shadow_verify_arg = { security.wrappers.shadow_verify_arg = {
source = "${usershadow}/bin/verify_arg"; source = "${usershadow}/bin/verify_arg";
owner = "root"; owner = "root";
group = "root";
}; };
}; };