From c9032105eb4abe2eecbeeb31df7b62ed082bb6fc Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 8 Nov 2015 14:04:25 +0100 Subject: [PATCH 001/142] Reaktor: bump version --- krebs/5pkgs/Reaktor/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/Reaktor/default.nix b/krebs/5pkgs/Reaktor/default.nix index c38aa6423..c4a362757 100644 --- a/krebs/5pkgs/Reaktor/default.nix +++ b/krebs/5pkgs/Reaktor/default.nix @@ -2,14 +2,14 @@ python3Packages.buildPythonPackage rec { name = "Reaktor-${version}"; - version = "0.5.0"; + version = "0.5.1"; propagatedBuildInputs = with pkgs;[ python3Packages.docopt python3Packages.requests2 ]; src = fetchurl { url = "https://pypi.python.org/packages/source/R/Reaktor/Reaktor-${version}.tar.gz"; - sha256 = "1npag52xmnyqv56z0anyf6xf00q0smfzsippal0xdbxrfj7s8qim"; + sha256 = "0dn9r0cyxi1sji2pnybsrc4hhaaq7hmf235nlgkrxqlsdb7y6n6n"; }; meta = { homepage = http://krebsco.de/; From 2a8485d852539c80467cb2cca33fa2bec9bf30b3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 9 Nov 2015 02:26:12 +0100 Subject: [PATCH 002/142] l 2 baseX: add zathura to pkgs --- lass/2configs/baseX.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 3be3676aa..e373c3d9a 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -34,6 +34,7 @@ in { sxiv much push + zathura #window manager stuff haskellPackages.xmobar From cea5826d1f2cd81b2effbe7324b05cefac160fc6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 9 Nov 2015 02:27:22 +0100 Subject: [PATCH 003/142] l 1 prism: activate bitlbee --- lass/1systems/prism.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 87334c3c2..8707c04c1 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -10,6 +10,7 @@ in { ../2configs/downloading.nix ../2configs/git.nix ../2configs/ts3.nix + ../2configs/bitlbee.nix { users.extraGroups = { # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories From 870b379dd9ed6151673d6acaaf3ed2c28454a0c7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 9 Nov 2015 02:33:30 +0100 Subject: [PATCH 004/142] l 1 prism: add stuff for juhulian --- lass/1systems/prism.nix | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 8707c04c1..ff5fad75f 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -88,6 +88,25 @@ in { { nixpkgs.config.allowUnfree = true; } + { + #stuff for juhulian + users.extraUsers.juhulian = { + name = "juhulian"; + uid = 1339; + home = "/home/juhulian"; + group = "users"; + createHome = true; + useDefaultShell = true; + extraGroups = [ + ]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian" + ]; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} + ]; + } ]; krebs.build.host = config.krebs.hosts.prism; From c1565290601cd15168f08db8fd4362ae4c696070 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 9 Nov 2015 02:34:37 +0100 Subject: [PATCH 005/142] l 2 mc: fix image + pdf integration --- lass/2configs/mc.nix | 28 ++++++++-------------------- 1 file changed, 8 insertions(+), 20 deletions(-) diff --git a/lass/2configs/mc.nix b/lass/2configs/mc.nix index 87880ed00..b7d5a4ceb 100644 --- a/lass/2configs/mc.nix +++ b/lass/2configs/mc.nix @@ -159,37 +159,25 @@ let ### Images ### - type/^GIF + shell/i/.gif Include=image - type/^JPEG + regex/i/\.jpe?g$ Include=image - type/^PC\ bitmap + shell/i/.bmp Include=image - type/^PNG + shell/i/.png Include=image - type/^JNG + shell/i/.jng Include=image - type/^MNG + shell/i/.mng Include=image - type/^TIFF - Include=image - - type/^PBM - Include=image - - type/^PGM - Include=image - - type/^PPM - Include=image - - type/^Netpbm + shell/i/.tiff Include=image shell/.ico @@ -283,7 +271,7 @@ let ### Documents ### # PDF - type/^PDF + shell/i/.pdf Open=zathura %f View=zathura %f From 9ff1f770f6f3703fad34ef4ce2d24116d84a5665 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 9 Nov 2015 02:36:07 +0100 Subject: [PATCH 006/142] l 3: add wordpress_nginx.nix --- lass/3modules/default.nix | 1 + lass/3modules/wordpress_nginx.nix | 195 ++++++++++++++++++++++++++++++ 2 files changed, 196 insertions(+) create mode 100644 lass/3modules/wordpress_nginx.nix diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index b081dc3cc..d0b96d2fd 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -9,5 +9,6 @@ _: ./per-user.nix ./urxvtd.nix ./xresources.nix + ./wordpress_nginx.nix ]; } diff --git a/lass/3modules/wordpress_nginx.nix b/lass/3modules/wordpress_nginx.nix new file mode 100644 index 000000000..65170698f --- /dev/null +++ b/lass/3modules/wordpress_nginx.nix @@ -0,0 +1,195 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.lass.wordpress; + + out = { + options.lass.wordpress = api; + config = imp; + }; + + api = mkOption { + type = with types; attrsOf (submodule ({ config, ... }: { + options = { + domain = mkOption { + type = str; + default = config._module.args.name; + }; + dbUser = mkOption { + type = str; + default = replaceStrings ["."] ["_"] config.domain; + }; + dbName = mkOption { + type = str; + default = replaceStrings ["."] ["_"] config.domain; + }; + folder = mkOption { + type = str; + default = "/srv/http/${config.domain}"; + }; + auto = mkOption { + type = bool; + default = false; + }; + charset = mkOption { + type = str; + default = "utf8mb4"; + }; + collate = mkOption { + type = str; + default = ""; + }; + debug = mkOption { + type = bool; + default = false; + }; + }; + })); + default = {}; + }; + + dataFolder = "/srv/http"; + user = config.services.nginx.user; + group = config.services.nginx.group; + + imp = { + krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, ... }: { + server-names = [ + "${domain}" + "www.${domain}" + ]; + locations = [ + (nameValuePair "/" '' + try_files $uri $uri/ /index.php?$args; + '') + (nameValuePair "~ \.php$" '' + fastcgi_pass unix:${dataFolder}/${domain}/phpfpm.pool; + include ${pkgs.nginx}/conf/fastcgi.conf; + '') + (nameValuePair "~ /\\." '' + deny all; + '') + ]; + extraConfig = '' + root ${dataFolder}/${domain}/; + index index.php; + access_log /tmp/nginx_acc.log; + error_log /tmp/nginx_err.log; + error_page 404 /404.html; + error_page 500 502 503 504 /50x.html; + ''; + }); + services.phpfpm.poolConfigs = flip mapAttrs cfg (name: { domain, ... }: '' + listen = ${dataFolder}/${domain}/phpfpm.pool + user = ${user} + group = ${group} + pm = dynamic + pm.max_children = 5 + pm.start_servers = 2 + pm.min_spare_servers = 1 + pm.max_spare_servers = 3 + listen.owner = ${user} + listen.group = ${group} + # errors to journal + php_admin_value[error_log] = 'stderr' + php_admin_flag[log_errors] = on + catch_workers_output = yes + ''); + systemd.services = flip mapAttrs' cfg (name: { domain, folder, charset, collate, dbName, dbUser, debug, ... }: { + name = "wordpressInit-${name}"; + value = { + path = [ + pkgs.mysql + pkgs.su + pkgs.gawk + pkgs.jq + ]; + requiredBy = [ "nginx.service" ]; + serviceConfig = let + php.define = name: value: + "define(${php.newdoc name}, ${php.newdoc value});"; + php.toString = x: + "'${x}'"; + php.newdoc = s: + let b = "EOF${builtins.hashString "sha256" s}"; in + ''<<<'${b}' + ${s} + ${b} + ''; + in { + Type = "oneshot"; + ExecStart = pkgs.writeScript "wordpressInit" '' + #!/bin/sh + set -euf + wp_secrets=${shell.escape "${toString }/${domain}/wp-secrets"} + db_password=$(cat ${shell.escape "${toString }/${domain}/sql-db-pw"}) + get_secret() { + echo "define('$1', $(jq -r ."$1" "$wp_secrets" | to_php_string));" + } + to_php_string() { + echo "base64_decode('$(base64)')" + } + { + cat ${toString } + password=$(cat ${shell.escape (toString ())}) + # TODO passwordhash=$(su nobody2 -c mysql <<< "SELECT PASSWORD($(toSqlString <<< "$password"));") + # TODO as package pkgs.sqlHashPassword + # TODO not using mysql + # SET SESSION sql_mode = 'NO_BACKSLASH_ESCAPES'; + passwordhash=$(su nobody2 -c 'mysql -u nobody --silent' <<< "SELECT PASSWORD('$db_password');") + user=${shell.escape dbUser}@localhost + database=${shell.escape dbName} + cat << EOF + CREATE DATABASE IF NOT EXISTS $database; + GRANT USAGE ON *.* TO $user IDENTIFIED BY PASSWORD '$passwordhash'; + GRANT ALL PRIVILEGES ON $database.* TO $user; + FLUSH PRIVILEGES; + EOF + } | mysql -u root -p + # TODO nix2php for wp-config.php + cat > ${folder}/wp-config.php << EOF + Date: Tue, 10 Nov 2015 12:58:09 +0100 Subject: [PATCH 007/142] krebs: expose krebs.populate --- krebs/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/default.nix b/krebs/default.nix index bfd6175d9..ad0205426 100644 --- a/krebs/default.nix +++ b/krebs/default.nix @@ -11,6 +11,7 @@ let out = { inherit infest; inherit init; inherit nixos-install; + inherit populate; }; deploy = From 557eefd36b446d73437c933c8ff895b910674aba Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 10 Nov 2015 12:58:32 +0100 Subject: [PATCH 008/142] gum: prepare, add target --- makefu/1systems/gum.nix | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 85cf4c533..a028145ce 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -9,24 +9,23 @@ in { # TODO: copy this config or move to krebs ../2configs/tinc-basic-retiolum.nix ../2configs/headless.nix + ../2configs/fs/single-partition-ext4.nix # ../2configs/iodined.nix - # Reaktor - ../2configs/Reaktor/simpleExtend.nix ]; - + boot.loader.grub.device = "/dev/sda"; + boot.loader.grub.splashImage = null; + boot.initrd.availableKernelModules = [ "pata_via" "uhci_hcd" ]; + boot.kernelModules = [ "kvm-intel" ]; + krebs.build.target = "root@gum.krebsco.de"; krebs.build.host = config.krebs.hosts.gum; - krebs.Reaktor.enable = true; - - # prepare graphs - krebs.nginx.enable = true; - + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0" + ''; networking = { firewall.allowPing = true; - firewall.allowedTCPPorts = [ 80 443 655 ]; - firewall.allowedUDPPorts = [ 655 ]; - interfaces.enp2s1.ip4 = [{ + interfaces.et0.ip4 = [{ address = external-ip; prefixLength = 24; }]; @@ -34,5 +33,4 @@ in { nameservers = [ "8.8.8.8" ]; }; - # based on ../../tv/2configs/CAC-Developer-2.nix } From 94a394539dc7876a027c5d06aa623e507d82781b Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 10 Nov 2015 18:52:50 +0100 Subject: [PATCH 009/142] infest: add curl to debian deps --- krebs/4lib/infest/prepare.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index 182a068ef..0bfc49380 100644 --- a/krebs/4lib/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh @@ -66,6 +66,7 @@ prepare_debian() { type bzip2 2>/dev/null || apt-get install bzip2 type git 2>/dev/null || apt-get install git type rsync 2>/dev/null || apt-get install rsync + type curl 2>/dev/null || apt-get install curl prepare_common } From b394c79051fbcf6cf072f2b9af75819d37cd2426 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 10 Nov 2015 18:53:31 +0100 Subject: [PATCH 010/142] m 1 gum:update firewall --- makefu/1systems/gum.nix | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index a028145ce..3a010220e 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -13,18 +13,36 @@ in { # ../2configs/iodined.nix ]; - boot.loader.grub.device = "/dev/sda"; - boot.loader.grub.splashImage = null; - boot.initrd.availableKernelModules = [ "pata_via" "uhci_hcd" ]; - boot.kernelModules = [ "kvm-intel" ]; + krebs.build.target = "root@gum.krebsco.de"; krebs.build.host = config.krebs.hosts.gum; + # Hardware + boot.loader.grub.device = "/dev/sda"; + boot.initrd.availableKernelModules = [ "pata_via" "uhci_hcd" ]; + boot.kernelModules = [ "kvm-intel" ]; + + # Network + services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0" ''; networking = { - firewall.allowPing = true; + firewall = { + allowPing = true; + allowedTCPPorts = [ + # smtp + 25 + # http + 80 443 + # tinc + 655 + ]; + allowedUDPPorts = [ + # tinc + 655 53 + ]; + }; interfaces.et0.ip4 = [{ address = external-ip; prefixLength = 24; From cdc77bf0bc39f9c815ad5bedd47ac3a372c00315 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 10 Nov 2015 19:36:46 +0100 Subject: [PATCH 011/142] m 1 gum: add chat tools --- makefu/1systems/gum.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 3a010220e..8dd347b4f 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -17,6 +17,12 @@ in { krebs.build.target = "root@gum.krebsco.de"; krebs.build.host = config.krebs.hosts.gum; + # Chat + environment.systemPackages = with pkgs;[ + weechat + ]; + services.bitlbee.enable = true; + # Hardware boot.loader.grub.device = "/dev/sda"; boot.initrd.availableKernelModules = [ "pata_via" "uhci_hcd" ]; From 9126fdc929f7e4e532292e0b2888c5d1a67e3908 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 13 Nov 2015 00:42:17 +0100 Subject: [PATCH 012/142] l 2 git: get irc-announce from pkgs --- lass/2configs/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 7e8fc03c7..f35c8fccc 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -50,7 +50,7 @@ let inherit name desc; public = true; hooks = { - post-receive = git.irc-announce { + post-receive = pkgs.git-hooks.irc-announce { # TODO make nick = config.krebs.build.host.name the default nick = config.krebs.build.host.name; channel = "#retiolum"; From f2ec685c7cab342eefc227e6d9363d73f57d83b5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 13 Nov 2015 00:43:28 +0100 Subject: [PATCH 013/142] l 2 git: adapt to new lib architecture --- lass/2configs/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index f35c8fccc..743263022 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import ../../tv/4lib { inherit lib pkgs; }; +with lib; let From b1613c0a20e661205ebb203ae238600b280ab396 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 13 Nov 2015 00:47:19 +0100 Subject: [PATCH 014/142] l 2 git: get secrets the new way --- lass/2configs/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 743263022..539a9bbd2 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -43,7 +43,7 @@ let collaborators = with config.krebs.users; [ tv makefu ]; }; } // - import /root/src/secrets/repos.nix { inherit config lib pkgs; } + import { inherit config lib pkgs; } ); make-public-repo = name: { desc ? null, ... }: { From cda6bf1abe03b679d19591e45e1f981a643a9959 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 13 Nov 2015 00:48:09 +0100 Subject: [PATCH 015/142] l 2 configs: use krebs.per-user --- lass/2configs/skype.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/lass/2configs/skype.nix b/lass/2configs/skype.nix index 7e4618a7b..6a226441b 100644 --- a/lass/2configs/skype.nix +++ b/lass/2configs/skype.nix @@ -4,10 +4,6 @@ let mainUser = config.users.extraUsers.mainUser; in { - imports = [ - ../3modules/per-user.nix - ]; - users.extraUsers = { skype = { name = "skype"; @@ -20,7 +16,7 @@ in { }; }; - lass.per-user.skype.packages = [ + krebs.per-user.skype.packages = [ pkgs.skype ]; From 0580070f86ea64fd5e21ae1a212f25a3caf8b3e7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 13 Nov 2015 00:50:02 +0100 Subject: [PATCH 016/142] l 3 go: activate redis via mkDefault --- lass/3modules/go.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lass/3modules/go.nix b/lass/3modules/go.nix index aa900f118..b83d2e5a1 100644 --- a/lass/3modules/go.nix +++ b/lass/3modules/go.nix @@ -26,6 +26,11 @@ let }; imp = { + services.redis = { + enable = mkDefault true; + bind = mkDefault "127.0.0.1"; + }; + users.extraUsers.go = { name = "go"; uid = 42774411; #genid go From b6491e3b43e6d9bc4d76ce2845645b001b9d23c1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 13 Nov 2015 00:59:07 +0100 Subject: [PATCH 017/142] l 4: remove simpleScript --- lass/4lib/default.nix | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/lass/4lib/default.nix b/lass/4lib/default.nix index 6a8a28972..a751a2995 100644 --- a/lass/4lib/default.nix +++ b/lass/4lib/default.nix @@ -1,19 +1,9 @@ -{ lib, pkgs, ... }: +{ lib, ... }: with lib; { - simpleScript = name: content: - pkgs.stdenv.mkDerivation { - inherit name; - phases = [ "installPhase" ]; - installPhase = '' - mkdir -p $out/bin - ln -s ${pkgs.writeScript name content} $out/bin/${name} - ''; - }; - getDefaultGateway = ip: concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]); From 3c77b638c73ce6b57619371cc9636b8e701056d9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 13 Nov 2015 00:59:34 +0100 Subject: [PATCH 018/142] l 2 browsers: add simpleScript --- lass/2configs/browsers.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 5a1857973..849778a7a 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -1,7 +1,15 @@ { config, lib, pkgs, ... }: let - inherit (import ../4lib { inherit pkgs lib; }) simpleScript; + simpleScript = name: content: + pkgs.stdenv.mkDerivation { + inherit name; + phases = [ "installPhase" ]; + installPhase = '' + mkdir -p $out/bin + ln -s ${pkgs.writeScript name content} $out/bin/${name} + ''; + }; mainUser = config.users.extraUsers.mainUser; createChromiumUser = name: extraGroups: packages: From 2fa3c56b10508400c2290937564bdd1c30b0c1d0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 13 Nov 2015 01:01:45 +0100 Subject: [PATCH 019/142] l 2 base: nixpkgs rev 6d31e9b -> 7ae05ed --- lass/2configs/base.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 11bc4f089..944db83e0 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -48,7 +48,7 @@ with lib; source = { git.nixpkgs = { url = https://github.com/Lassulus/nixpkgs; - rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80"; + rev = "7ae05edcdd14f6ace83ead9bf0d114e97c89a83a"; }; dir.secrets = { host = config.krebs.hosts.mors; From 40cb49f5246ad59abbda628244bb6edbe30058c0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 13 Nov 2015 01:02:28 +0100 Subject: [PATCH 020/142] l 1 echelon: disable redis --- lass/1systems/echelon.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix index dc0ca0274..39af4a96f 100644 --- a/lass/1systems/echelon.nix +++ b/lass/1systems/echelon.nix @@ -13,7 +13,7 @@ in { ../2configs/realwallpaper-server.nix ../2configs/privoxy-retiolum.nix ../2configs/git.nix - ../2configs/redis.nix + #../2configs/redis.nix ../2configs/go.nix ../2configs/ircd.nix ../2configs/newsbot-js.nix From ccb6884708f8106a4f02dcd9dc98e9fd02668add Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 13 Nov 2015 01:06:16 +0100 Subject: [PATCH 021/142] l 1 prism: add stuff for oneline httpserver --- lass/1systems/prism.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index ff5fad75f..85021887f 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -107,6 +107,14 @@ in { { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} ]; } + { + environment.systemPackages = [ + pkgs.perlPackages.Plack + ]; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 8080"; target = "ACCEPT";} + ]; + } ]; krebs.build.host = config.krebs.hosts.prism; From 58890bc80b28ed02e98b21a054849220a69919cb Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 13 Nov 2015 01:07:54 +0100 Subject: [PATCH 022/142] l: use new xserver architecture --- lass/2configs/baseX.nix | 53 ++--- lass/2configs/xserver/Xresources.nix | 27 +++ lass/2configs/xserver/default.nix | 161 +++++++++++++++ lass/2configs/xserver/xserver.conf.nix | 40 ++++ lass/5pkgs/default.nix | 3 + lass/5pkgs/xmonad-lass/.gitignore | 1 + lass/5pkgs/xmonad-lass/Main.hs | 190 ++++++++++++++++++ lass/5pkgs/xmonad-lass/Makefile | 6 + .../xmonad-lass/Util/PerWorkspaceConfig.hs | 52 +++++ lass/5pkgs/xmonad-lass/xmonad.cabal | 17 ++ 10 files changed, 524 insertions(+), 26 deletions(-) create mode 100644 lass/2configs/xserver/Xresources.nix create mode 100644 lass/2configs/xserver/default.nix create mode 100644 lass/2configs/xserver/xserver.conf.nix create mode 100644 lass/5pkgs/xmonad-lass/.gitignore create mode 100644 lass/5pkgs/xmonad-lass/Main.hs create mode 100644 lass/5pkgs/xmonad-lass/Makefile create mode 100644 lass/5pkgs/xmonad-lass/Util/PerWorkspaceConfig.hs create mode 100644 lass/5pkgs/xmonad-lass/xmonad.cabal diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index e373c3d9a..4e46c18d2 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -5,7 +5,8 @@ let in { imports = [ ./base.nix - ./urxvt.nix + #./urxvt.nix + ./xserver ]; users.extraUsers.mainUser.extraGroups = [ "audio" ]; @@ -37,36 +38,36 @@ in { zathura #window manager stuff - haskellPackages.xmobar - haskellPackages.yeganesh - dmenu2 - xlibs.fontschumachermisc + #haskellPackages.xmobar + #haskellPackages.yeganesh + #dmenu2 + #xlibs.fontschumachermisc ]; - fonts.fonts = [ - pkgs.xlibs.fontschumachermisc - ]; + #fonts.fonts = [ + # pkgs.xlibs.fontschumachermisc + #]; - services.xserver = { - enable = true; + #services.xserver = { + # enable = true; - windowManager.xmonad.extraPackages = hspkgs: with hspkgs; [ - X11-xshape - ]; - windowManager.xmonad.enable = true; - windowManager.xmonad.enableContribAndExtras = true; - windowManager.default = "xmonad"; - desktopManager.default = "none"; - desktopManager.xterm.enable = false; - displayManager.slim.enable = true; - displayManager.auto.enable = true; - displayManager.auto.user = mainUser.name; + # windowManager.xmonad.extraPackages = hspkgs: with hspkgs; [ + # X11-xshape + # ]; + # windowManager.xmonad.enable = true; + # windowManager.xmonad.enableContribAndExtras = true; + # windowManager.default = "xmonad"; + # desktopManager.default = "none"; + # desktopManager.xterm.enable = false; + # displayManager.slim.enable = true; + # displayManager.auto.enable = true; + # displayManager.auto.user = mainUser.name; - layout = "us"; - xkbModel = "evdev"; - xkbVariant = "altgr-intl"; - xkbOptions = "caps:backspace"; - }; + # layout = "us"; + # xkbModel = "evdev"; + # xkbVariant = "altgr-intl"; + # xkbOptions = "caps:backspace"; + #}; services.logind.extraConfig = '' HandleLidSwitch=ignore diff --git a/lass/2configs/xserver/Xresources.nix b/lass/2configs/xserver/Xresources.nix new file mode 100644 index 000000000..d52418897 --- /dev/null +++ b/lass/2configs/xserver/Xresources.nix @@ -0,0 +1,27 @@ +{ config, lib, pkgs, ... }: + +with lib; + +pkgs.writeText "Xresources" '' + URxvt*scrollBar: false + URxvt*urgentOnBell: true + URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-* + URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-* + + ! ref https://github.com/muennich/urxvt-perls + URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl + URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select + URxvt.url-select.launcher: browser-select + URxvt.url-select.underline: true + URxvt.keysym.M-u: perl:url-select:select_next + URxvt.keysym.M-Escape: perl:keyboard-select:activate + URxvt.keysym.M-s: perl:keyboard-select:search + + URxvt.intensityStyles: false + + URxvt*background: #000000 + URxvt*foreground: #ffffff + + !change unreadable blue + URxvt*color4: #268bd2 +'' diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix new file mode 100644 index 000000000..ceccf5fee --- /dev/null +++ b/lass/2configs/xserver/default.nix @@ -0,0 +1,161 @@ +{ config, lib, pkgs, ... }@args: + +with lib; + +let + # TODO krebs.build.user + user = config.users.users.mainUser; + + out = { + + services.xserver = { + display = 11; + tty = 11; + + synaptics = { + enable = true; + twoFingerScroll = true; + accelFactor = "0.035"; + }; + + #keyboard stuff + layout = "us"; + xkbVariant = "altgr-intl"; + xkbOptions = "caps:backspace"; + }; + + fonts.fonts = [ + pkgs.xlibs.fontschumachermisc + ]; + + systemd.services.urxvtd = { + wantedBy = [ "multi-user.target" ]; + reloadIfChanged = true; + serviceConfig = { + ExecReload = need-reload "urxvtd.service"; + ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd"; + Restart = "always"; + RestartSec = "2s"; + StartLimitBurst = 0; + User = user.name; + }; + }; + + environment.systemPackages = [ + pkgs.gitAndTools.qgit + pkgs.mpv + pkgs.pavucontrol + pkgs.slock + pkgs.sxiv + pkgs.xsel + pkgs.zathura + ]; + + security.setuidPrograms = [ + "slock" + ]; + + systemd.services.display-manager = mkForce {}; + + services.xserver.enable = true; + + systemd.services.xmonad = { + wantedBy = [ "multi-user.target" ]; + requires = [ "xserver.service" ]; + environment = xmonad-environment; + serviceConfig = { + ExecStart = "${xmonad-start}/bin/xmonad"; + ExecStop = "${xmonad-stop}/bin/xmonad-stop"; + User = user.name; + WorkingDirectory = user.home; + }; + }; + + systemd.services.xserver = { + after = [ + "systemd-udev-settle.service" + "local-fs.target" + "acpid.service" + ]; + reloadIfChanged = true; + environment = xserver-environment; + serviceConfig = { + ExecReload = need-reload "xserver.service"; + ExecStart = "${xserver}/bin/xserver"; + }; + }; + }; + + xmonad-environment = { + DISPLAY = ":${toString config.services.xserver.display}"; + XMONAD_STATE = "/tmp/xmonad.state"; + + # XXX JSON is close enough :) + XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [ + "cr" + "gm" + "ff" + "IM" + "mail" + "stockholm" + ]); + }; + + xmonad-start = pkgs.writeScriptBin "xmonad" '' + #! ${pkgs.bash}/bin/bash + set -efu + export PATH; PATH=${makeSearchPath "bin" ([ + pkgs.rxvt_unicode + pkgs.i3lock + pkgs.haskellPackages.yeganesh + pkgs.haskellPackages.xmobar + pkgs.dmenu + ] ++ config.environment.systemPackages)}:/var/setuid-wrappers + settle() {( + # Use PATH for a clean journal + command=''${1##*/} + PATH=''${1%/*}; export PATH + shift + until "$command" "$@"; do + ${pkgs.coreutils}/bin/sleep 1 + done + )&} + settle ${pkgs.xorg.xhost}/bin/xhost +LOCAL: + settle ${pkgs.xorg.xrdb}/bin/xrdb -merge ${import ./Xresources.nix args} + settle ${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' + exec ${pkgs.xmonad-lass}/bin/xmonad + ''; + + xmonad-stop = pkgs.writeScriptBin "xmonad-stop" '' + #! /bin/sh + exec ${pkgs.xmonad-lass}/bin/xmonad --shutdown + ''; + + xserver-environment = { + XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension. + XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime. + LD_LIBRARY_PATH = concatStringsSep ":" ( + [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ] + ++ concatLists (catAttrs "libPath" config.services.xserver.drivers)); + }; + + xserver = pkgs.writeScriptBin "xserver" '' + #! /bin/sh + set -efu + exec ${pkgs.xorg.xorgserver}/bin/X \ + :${toString config.services.xserver.display} \ + vt${toString config.services.xserver.tty} \ + -config ${import ./xserver.conf.nix args} \ + -logfile /var/log/X.${toString config.services.xserver.display}.log \ + -nolisten tcp \ + -xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb \ + ''; + + need-reload = s: let + pkg = pkgs.writeScriptBin "need-reload" '' + #! /bin/sh + echo "$*" + ''; + in "${pkg}/bin/need-reload ${s}"; + +in out diff --git a/lass/2configs/xserver/xserver.conf.nix b/lass/2configs/xserver/xserver.conf.nix new file mode 100644 index 000000000..e8a997a99 --- /dev/null +++ b/lass/2configs/xserver/xserver.conf.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.xserver; +in + +pkgs.stdenv.mkDerivation { + name = "xserver.conf"; + + xfs = optionalString (cfg.useXFS != false) + ''FontPath "${toString cfg.useXFS}"''; + + inherit (cfg) config; + + buildCommand = + '' + echo 'Section "Files"' >> $out + echo $xfs >> $out + + for i in ${toString config.fonts.fonts}; do + if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then + for j in $(find $i -name fonts.dir); do + echo " FontPath \"$(dirname $j)\"" >> $out + done + fi + done + + for i in $(find ${toString cfg.modules} -type d); do + if test $(echo $i/*.so* | wc -w) -ne 0; then + echo " ModulePath \"$i\"" >> $out + fi + done + + echo 'EndSection' >> $out + + echo "$config" >> $out + ''; +} diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index 869f808ce..844d68a45 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -15,4 +15,7 @@ rec { }; go = callPackage ./go/default.nix {}; newsbot-js = callPackage ./newsbot-js/default.nix {}; + xmonad-lass = + let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in + pkgs.haskellPackages.callPackage src {}; } diff --git a/lass/5pkgs/xmonad-lass/.gitignore b/lass/5pkgs/xmonad-lass/.gitignore new file mode 100644 index 000000000..616204547 --- /dev/null +++ b/lass/5pkgs/xmonad-lass/.gitignore @@ -0,0 +1 @@ +/shell.nix diff --git a/lass/5pkgs/xmonad-lass/Main.hs b/lass/5pkgs/xmonad-lass/Main.hs new file mode 100644 index 000000000..10a3c5638 --- /dev/null +++ b/lass/5pkgs/xmonad-lass/Main.hs @@ -0,0 +1,190 @@ +{-# LANGUAGE DeriveDataTypeable #-} -- for XS +{-# LANGUAGE FlexibleContexts #-} -- for xmonad' +{-# LANGUAGE LambdaCase #-} +{-# LANGUAGE ScopedTypeVariables #-} + + +module Main where + +import Control.Exception +import Text.Read (readEither) +import XMonad +import System.IO (hPutStrLn, stderr) +import System.Environment (getArgs, withArgs, getEnv, getEnvironment) +import System.Posix.Process (executeFile) +import XMonad.Prompt (defaultXPConfig) +import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace + , removeEmptyWorkspace) +import XMonad.Actions.GridSelect +import XMonad.Actions.CycleWS (toggleWS) +--import XMonad.Actions.CopyWindow ( copy ) +import XMonad.Layout.NoBorders ( smartBorders ) +import qualified XMonad.StackSet as W +import Data.Map (Map) +import qualified Data.Map as Map +-- TODO import XMonad.Layout.WorkspaceDir +import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook) +-- import XMonad.Layout.Tabbed +--import XMonad.Layout.MouseResizableTile +import XMonad.Layout.Reflect (reflectVert) +import XMonad.Layout.FixedColumn (FixedColumn(..)) +import XMonad.Hooks.Place (placeHook, smart) +import XMonad.Hooks.FloatNext (floatNextHook) +import XMonad.Actions.PerWorkspaceKeys (chooseAction) +import XMonad.Layout.PerWorkspace (onWorkspace) +--import XMonad.Layout.BinarySpacePartition +import XMonad.Util.EZConfig (additionalKeysP) + +import XMonad.Prompt (autoComplete, defaultXPConfig, XPConfig, mkXPrompt) +import XMonad.Hooks.UrgencyHook (focusUrgent, withUrgencyHook, urgencyBorderColor, BorderUrgencyHook(BorderUrgencyHook)) +import XMonad.Actions.DynamicWorkspaces (addWorkspacePrompt, removeEmptyWorkspace, renameWorkspace, withWorkspace) +import XMonad.Hooks.FloatNext (floatNext, floatNextHook) +import XMonad.Prompt.Workspace +import XMonad.Actions.CopyWindow (copy, kill1) +import qualified Data.Map as M +import XMonad.Hooks.ManageDocks (avoidStruts, manageDocks, ToggleStruts(ToggleStruts)) + +--import XMonad.Actions.Submap +import XMonad.Stockholm.Pager +import XMonad.Stockholm.Rhombus +import XMonad.Stockholm.Shutdown + +myTerm :: String +myTerm = "urxvtc" + +myRootTerm :: String +myRootTerm = "urxvtc -name root-urxvt -e su -" + +myFont :: String +myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*" + +main :: IO () +main = getArgs >>= \case + ["--shutdown"] -> sendShutdownEvent + _ -> mainNoArgs + +mainNoArgs :: IO () +mainNoArgs = do + xmonad' + -- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 } + -- urgencyConfig { remindWhen = Every 1 } + -- $ withUrgencyHook borderUrgencyHook "magenta" + -- $ withUrgencyHookC BorderUrgencyHook { urgencyBorderColor = "magenta" } urgencyConfig { suppressWhen = Never } + $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ") + $ defaultConfig + { terminal = myTerm + , modMask = mod4Mask + , layoutHook = smartBorders $ myLayoutHook + -- , handleEventHook = myHandleEventHooks <+> handleTimerEvent + --, handleEventHook = handleTimerEvent + , manageHook = placeHook (smart (1,0)) <+> floatNextHook + , startupHook = spawn "echo emit XMonadStartup" + , normalBorderColor = "#1c1c1c" + , focusedBorderColor = "#f000b0" + , handleEventHook = handleShutdownEvent + } `additionalKeysP` myKeyMap + +myLayoutHook = defLayout + where + defLayout = (avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 + + +xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO () +xmonad' conf = do + path <- getEnv "XMONAD_STATE" + try (readFile path) >>= \case + Right content -> do + hPutStrLn stderr ("resuming from " ++ path) + withArgs ("--resume" : lines content) (xmonad conf) + Left e -> do + hPutStrLn stderr (displaySomeException e) + xmonad conf + + +displaySomeException :: SomeException -> String +displaySomeException = displayException + + +myKeyMap = + [ ("M4-", spawn "i3lock -i ~/lock.png -u" ) + , ("M4-p", spawn "passmenu --type") + , ("M4-r", spawn "exe=$(yeganesh -x) && eval \"exec $exe\"") + -- , ("M4-r", io (readProcess "yeganesh" ["-x"] "" >>= putStrLn ) ) + , ("", spawn "pactl -- set-sink-volume 0 +4%") + , ("", spawn "pactl -- set-sink-volume 0 -4%") + , ("", gridselectWorkspace myWSConfig W.view) + + , ("M4-a", focusUrgent) + , ("M4-S-r", renameWorkspace defaultXPConfig) + , ("M4-S-a", addWorkspacePrompt defaultXPConfig) + , ("M4-S-", removeEmptyWorkspace) + , ("M4-S-c", kill1) + , ("M4-", toggleWS) + , ("M4-S-", spawn myTerm) + , ("M4-x", floatNext True >> spawn myTerm) + , ("M4-f", floatNext True) + , ("M4-b", sendMessage ToggleStruts) + + , ("M4-v", withWorkspace myXPConfig (windows . W.view)) + , ("M4-S-v", withWorkspace myXPConfig (windows . W.shift)) + , ("M4-C-v", withWorkspace myXPConfig (windows . copy)) + + -- , (_4 , xK_q ) & \k -> (k, goToSelected myCNConfig { gs_navigate = makeGSNav k } ) + -- , (_4S, xK_q ) & \k -> (k, bringSelected myCNConfig { gs_navigate = makeGSNav k } ) + -- , (_4C, xK_q ) & \k -> (k, withSelectedWindow ( \a -> get >>= \s -> put s { windowset = copyWindow a (W.tag $ W.workspace $ W.current $ windowset s) (windowset s) } ) myCNConfig { gs_navigate = makeGSNav k } ) + + --, ("M4-", perWorkspaceAction workspaceConfigs) + , ("M4-S-q", return ()) + ] + +myGSConfig = defaultGSConfig + { gs_cellheight = 50 + , gs_cellpadding = 2 + , gs_navigate = navNSearch + , gs_font = myFont + } + +myXPConfig :: XPConfig +myXPConfig = defaultXPConfig + { autoComplete = Just 5000 + } + +myWSConfig = myGSConfig + { gs_cellwidth = 50 + } + +pagerConfig :: PagerConfig +pagerConfig = defaultPagerConfig + { pc_font = myFont + , pc_cellwidth = 64 + --, pc_cellheight = 36 -- TODO automatically keep screen aspect + --, pc_borderwidth = 1 + --, pc_matchcolor = "#f0b000" + , pc_matchmethod = MatchPrefix + --, pc_colors = pagerWorkspaceColors + , pc_windowColors = windowColors + } + where + windowColors _ _ _ True _ = ("#ef4242","#ff2323") + windowColors wsf m c u wf = do + let def = defaultWindowColors wsf m c u wf + if m == False && wf == True + then ("#402020", snd def) + else def + +wGSConfig :: GSConfig Window +wGSConfig = defaultGSConfig + { gs_cellheight = 20 + , gs_cellwidth = 192 + , gs_cellpadding = 5 + , gs_font = myFont + , gs_navigate = navNSearch + } + + +(&) :: a -> (a -> c) -> c +(&) = flip ($) + +allWorkspaceNames :: W.StackSet i l a sid sd -> X [i] +allWorkspaceNames ws = + return $ map W.tag (W.hidden ws) ++ [W.tag $ W.workspace $ W.current ws] diff --git a/lass/5pkgs/xmonad-lass/Makefile b/lass/5pkgs/xmonad-lass/Makefile new file mode 100644 index 000000000..cbb0776e6 --- /dev/null +++ b/lass/5pkgs/xmonad-lass/Makefile @@ -0,0 +1,6 @@ +.PHONY: ghci +ghci: shell.nix + nix-shell --command 'exec ghci -Wall' + +shell.nix: xmonad.cabal + cabal2nix --shell . > $@ diff --git a/lass/5pkgs/xmonad-lass/Util/PerWorkspaceConfig.hs b/lass/5pkgs/xmonad-lass/Util/PerWorkspaceConfig.hs new file mode 100644 index 000000000..bba7c8c60 --- /dev/null +++ b/lass/5pkgs/xmonad-lass/Util/PerWorkspaceConfig.hs @@ -0,0 +1,52 @@ +module Util.PerWorkspaceConfig + ( WorkspaceConfig (..) + , WorkspaceConfigs + , switchToWorkspace + , defaultWorkspaceConfig + , perWorkspaceAction + , perWorkspaceTermAction +-- , myLayoutHack + ) +where + +import XMonad +import XMonad.Core (LayoutClass) +import Control.Monad (when) + +import qualified Data.Map as M +import qualified XMonad.StackSet as W + +data WorkspaceConfig l = + WorkspaceConfig + { switchAction :: X () + , startAction :: X () + , keyAction :: X () + , termAction :: X () + } + +type WorkspaceConfigs l = M.Map WorkspaceId (WorkspaceConfig l) + +defaultWorkspaceConfig = WorkspaceConfig + { switchAction = return () + , startAction = return () + , keyAction = return () + , termAction = spawn "urxvtc" + } + +whenLookup wsId cfg a = + when (M.member wsId cfg) (a $ cfg M.! wsId) + +switchToWorkspace :: WorkspaceConfigs l -> WorkspaceId -> X () +switchToWorkspace cfg wsId = do + windows $ W.greedyView wsId + wins <- gets (W.integrate' . W.stack . W.workspace . W.current . windowset) + when (null wins) $ whenLookup wsId cfg startAction + whenLookup wsId cfg switchAction + +perWorkspaceAction :: WorkspaceConfigs l -> X () +perWorkspaceAction cfg = withWindowSet $ \s -> whenLookup (W.currentTag s) cfg keyAction + +perWorkspaceTermAction :: WorkspaceConfigs l -> X () +perWorkspaceTermAction cfg = withWindowSet $ \s -> case M.lookup (W.currentTag s) cfg of + Just x -> termAction x + _ -> termAction defaultWorkspaceConfig diff --git a/lass/5pkgs/xmonad-lass/xmonad.cabal b/lass/5pkgs/xmonad-lass/xmonad.cabal new file mode 100644 index 000000000..37809b599 --- /dev/null +++ b/lass/5pkgs/xmonad-lass/xmonad.cabal @@ -0,0 +1,17 @@ +Author: lass +Build-Type: Simple +Cabal-Version: >= 1.2 +License: MIT +Name: xmonad-lass +Version: 0 + +Executable xmonad + Build-Depends: + base, + containers, + unix, + xmonad, + xmonad-contrib, + xmonad-stockholm + GHC-Options: -Wall -O3 -threaded -rtsopts + Main-Is: Main.hs From c373eac636525a65d28c1f39cbf599edbcf60ebc Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 13 Nov 2015 01:10:55 +0100 Subject: [PATCH 023/142] l 1 mors: use new wordpress test --- lass/1systems/mors.nix | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 7db3f8333..803c149b8 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -18,10 +18,31 @@ ../2configs/chromium-patched.nix ../2configs/git.nix ../2configs/retiolum.nix - ../2configs/wordpress.nix + #../2configs/wordpress.nix ../2configs/bitlbee.nix ../2configs/firefoxPatched.nix ../2configs/skype.nix + { + #wordpress-test + #imports = singleton (sitesGenerators.createWordpress "testserver.de"); + imports = [ + ../3modules/wordpress_nginx.nix + ]; + lass.wordpress."testserver.de" = { + }; + + services.mysql = { + enable = true; + package = pkgs.mariadb; + rootPassword = "/mysql_rootPassword"; + }; + networking.extraHosts = '' + 10.243.0.2 testserver.de + ''; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; } + ]; + } ]; krebs.build.host = config.krebs.hosts.mors; From 8cc4395e15498aa607e96fef09d9f7b9827567fc Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 13 Nov 2015 01:12:07 +0100 Subject: [PATCH 024/142] l 1 mors: open risk of rain port for lan --- lass/1systems/mors.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 803c149b8..7b91fa6be 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -22,6 +22,12 @@ ../2configs/bitlbee.nix ../2configs/firefoxPatched.nix ../2configs/skype.nix + { + #risk of rain port + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 11100"; target = "ACCEPT"; } + ]; + } { #wordpress-test #imports = singleton (sitesGenerators.createWordpress "testserver.de"); From 58eab5df691efd6933063ba1ec9278cd940a1ba1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 13 Nov 2015 01:16:15 +0100 Subject: [PATCH 025/142] l 3 go -> k 3 go --- krebs/3modules/default.nix | 1 + {lass => krebs}/3modules/go.nix | 4 ++-- lass/3modules/default.nix | 1 - 3 files changed, 3 insertions(+), 3 deletions(-) rename {lass => krebs}/3modules/go.nix (95%) diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index b4e7f9254..6d62b2e38 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -13,6 +13,7 @@ let ./exim-smarthost.nix ./github-hosts-sync.nix ./git.nix + ./go.nix ./iptables.nix ./nginx.nix ./per-user.nix diff --git a/lass/3modules/go.nix b/krebs/3modules/go.nix similarity index 95% rename from lass/3modules/go.nix rename to krebs/3modules/go.nix index b83d2e5a1..793d1f60d 100644 --- a/lass/3modules/go.nix +++ b/krebs/3modules/go.nix @@ -4,10 +4,10 @@ with builtins; with lib; let - cfg = config.lass.go; + cfg = config.krebs.go; out = { - options.lass.go = api; + options.krebs.go = api; config = mkIf cfg.enable imp; }; diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index d0b96d2fd..7c85af3a4 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -4,7 +4,6 @@ _: ./xresources.nix ./bitlbee.nix ./folderPerms.nix - ./go.nix ./newsbot-js.nix ./per-user.nix ./urxvtd.nix From 103f99d7a45d10b1beb67eead5c7713dd65807d6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 13 Nov 2015 01:18:40 +0100 Subject: [PATCH 026/142] l 2 go: adapt to lass.go -> krebs.go --- lass/2configs/go.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/lass/2configs/go.nix b/lass/2configs/go.nix index 81a02ec7c..f4c2ac289 100644 --- a/lass/2configs/go.nix +++ b/lass/2configs/go.nix @@ -2,13 +2,10 @@ with lib; { - imports = [ - ../3modules/go.nix - ]; environment.systemPackages = [ pkgs.go ]; - lass.go = { + krebs.go = { enable = true; }; krebs.nginx = { From 222d959ee45de47bbbf70c64df8840a5f9e40aa5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 13 Nov 2015 11:08:56 +0100 Subject: [PATCH 027/142] l 2 git: make prism verbose host --- lass/2configs/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 539a9bbd2..16ecaefec 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -55,7 +55,7 @@ let nick = config.krebs.build.host.name; channel = "#retiolum"; server = "cd.retiolum"; - verbose = config.krebs.build.host.name == "echelon"; + verbose = config.krebs.build.host.name == "prism"; }; }; }; From bd71d3367b73eafb1bb6c59e858c195f6cf9952a Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 13 Nov 2015 11:10:34 +0100 Subject: [PATCH 028/142] l 2 base: add monitoring tools --- lass/2configs/base.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 944db83e0..a76ed4d6b 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -92,6 +92,10 @@ with lib; most rxvt_unicode.terminfo + #monitoring tools + htop + iotop + #network iptables From 525dff002e7fe360b0c9803f1004ad2c8749c319 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 13 Nov 2015 12:24:29 +0100 Subject: [PATCH 029/142] m 1 gum: disable ipv6, open up fw --- makefu/1systems/gum.nix | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 8dd347b4f..63db7a71c 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -16,7 +16,6 @@ in { krebs.build.target = "root@gum.krebsco.de"; krebs.build.host = config.krebs.hosts.gum; - # Chat environment.systemPackages = with pkgs;[ weechat @@ -33,21 +32,24 @@ in { services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0" ''; + boot.kernelParams = [ "ipv6.disable=1" ]; networking = { - firewall = { - allowPing = true; - allowedTCPPorts = [ - # smtp - 25 - # http - 80 443 - # tinc - 655 - ]; - allowedUDPPorts = [ - # tinc - 655 53 - ]; + enableIPv6 = false; + firewall = { + allowPing = true; + logRefusedConnections = false; + allowedTCPPorts = [ + # smtp + 25 + # http + 80 443 + # tinc + 655 + ]; + allowedUDPPorts = [ + # tinc + 655 53 + ]; }; interfaces.et0.ip4 = [{ address = external-ip; From 383d8750236d58e9b7932a0c88a1245f95824045 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 13 Nov 2015 12:24:43 +0100 Subject: [PATCH 030/142] tinc_graphs: always restart --- krebs/3modules/tinc_graphs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index e415d20ab..20aa385a9 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -89,9 +89,9 @@ let }; restartIfChanged = true; - serviceConfig = { Type = "simple"; + restart = "always"; ExecStartPre = pkgs.writeScript "tinc_graphs-init" '' #!/bin/sh From e0ae8c1a3fe333de8a14b04b4a7e2dd01163b727 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 13 Nov 2015 12:25:18 +0100 Subject: [PATCH 031/142] m 1 {gum,wry}: disable dropped packet logging --- makefu/1systems/wry.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index ba94972fb..cd39b4b9f 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -59,9 +59,12 @@ in { }; networking = { - firewall.allowPing = true; - firewall.allowedTCPPorts = [ 53 80 443 ]; - firewall.allowedUDPPorts = [ 655 ]; + firewall = { + allowPing = true; + logRefusedConnections = false; + allowedTCPPorts = [ 53 80 443 ]; + allowedUDPPorts = [ 655 ]; + }; interfaces.enp2s1.ip4 = [{ address = external-ip; prefixLength = 24; From f8fabf4ea6f15b0c7613846e38051f83ef887933 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 13 Nov 2015 13:03:48 +0100 Subject: [PATCH 032/142] shared: move stuff from 1/wolf.nix to 2/base.nix --- shared/1systems/wolf.nix | 71 +------------------------------------- shared/2configs/base.nix | 74 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 75 insertions(+), 70 deletions(-) create mode 100644 shared/2configs/base.nix diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix index 60d1e8ce8..4fe3388c8 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf.nix @@ -1,9 +1,8 @@ { config, lib, pkgs, ... }: -with lib; - { imports = [ + ../2configs/base.nix ../2configs/collectd-base.nix ]; @@ -13,34 +12,6 @@ with lib; krebs.build.user = config.krebs.users.shared; krebs.build.target = "wolf"; - krebs.enable = true; - krebs.retiolum = { - enable = true; - connectTo = [ - # TODO remove connectTo cd, this was only used for bootstrapping - "cd" - "gum" - "pigstarter" - ]; - }; - - krebs.build.source = { - git.nixpkgs = { - url = https://github.com/NixOS/nixpkgs; - rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80"; - }; - dir.secrets = { - host = config.krebs.current.host; - path = "${getEnv "HOME"}/secrets/krebs/wolf"; - }; - dir.stockholm = { - host = config.krebs.current.host; - path = "${getEnv "HOME"}/stockholm"; - }; - }; - - networking.hostName = config.krebs.build.host.name; - boot.kernel.sysctl = { # Enable IPv6 Privacy Extensions "net.ipv6.conf.all.use_tempaddr" = 2; @@ -63,45 +34,5 @@ with lib; { device = "/dev/disk/by-label/swap"; } ]; - nix.maxJobs = 1; - nix.trustedBinaryCaches = [ - "https://cache.nixos.org" - "http://cache.nixos.org" - "http://hydra.nixos.org" - ]; - nix.useChroot = true; - - nixpkgs.config.packageOverrides = pkgs: { - nano = pkgs.vim; - }; - - environment.systemPackages = with pkgs; [ - git - rxvt_unicode.terminfo - ]; - time.timeZone = "Europe/Berlin"; - - programs.ssh.startAgent = false; - - services.openssh = { - enable = true; - hostKeys = [ - { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; - services.cron.enable = false; - services.nscd.enable = false; - services.ntp.enable = false; - - users.mutableUsers = false; - users.extraUsers.root.openssh.authorizedKeys.keys = [ - # TODO - config.krebs.users.lass.pubkey - config.krebs.users.makefu.pubkey - config.krebs.users.tv.pubkey - ]; - - # The NixOS release to be compatible with for stateful data such as databases. - system.stateVersion = "15.09"; } diff --git a/shared/2configs/base.nix b/shared/2configs/base.nix new file mode 100644 index 000000000..c9f4ffa8d --- /dev/null +++ b/shared/2configs/base.nix @@ -0,0 +1,74 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + krebs.enable = true; + krebs.retiolum = { + enable = true; + connectTo = [ + # TODO remove connectTo cd, this was only used for bootstrapping + "cd" + "gum" + "pigstarter" + ]; + }; + + krebs.build.source = { + git.nixpkgs = { + url = https://github.com/NixOS/nixpkgs; + rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80"; + }; + dir.secrets = { + host = config.krebs.current.host; + path = "${getEnv "HOME"}/secrets/krebs/wolf"; + }; + dir.stockholm = { + host = config.krebs.current.host; + path = "${getEnv "HOME"}/stockholm"; + }; + }; + + networking.hostName = config.krebs.build.host.name; + + nix.maxJobs = 1; + nix.trustedBinaryCaches = [ + "https://cache.nixos.org" + "http://cache.nixos.org" + "http://hydra.nixos.org" + ]; + nix.useChroot = true; + + nixpkgs.config.packageOverrides = pkgs: { + nano = pkgs.vim; + }; + + environment.systemPackages = with pkgs; [ + git + rxvt_unicode.terminfo + ]; + + programs.ssh.startAgent = false; + + services.openssh = { + enable = true; + hostKeys = [ + { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } + ]; + }; + services.cron.enable = false; + services.nscd.enable = false; + services.ntp.enable = false; + + users.mutableUsers = false; + users.extraUsers.root.openssh.authorizedKeys.keys = [ + # TODO + config.krebs.users.lass.pubkey + config.krebs.users.makefu.pubkey + config.krebs.users.tv.pubkey + ]; + + + # The NixOS release to be compatible with for stateful data such as databases. + system.stateVersion = "15.09"; + +} From a204949071a964584bf27889277c8890ed724979 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 13 Nov 2015 13:05:19 +0100 Subject: [PATCH 033/142] move testhosts to shared from lass --- krebs/3modules/lass/default.nix | 32 ++-------------------- krebs/3modules/shared/default.nix | 32 ++++++++++++++++++++-- {lass => shared}/1systems/test-arch.nix | 8 ++---- {lass => shared}/1systems/test-centos6.nix | 4 +-- {lass => shared}/1systems/test-centos7.nix | 4 +-- 5 files changed, 38 insertions(+), 42 deletions(-) rename {lass => shared}/1systems/test-arch.nix (79%) rename {lass => shared}/1systems/test-centos6.nix (79%) rename {lass => shared}/1systems/test-centos7.nix (79%) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 2ad4353bd..c99263fe8 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -2,35 +2,7 @@ with lib; -let - testHosts = lib.genAttrs [ - "test-arch" - "test-centos6" - "test-centos7" - ] (name: { - inherit name; - cores = 1; - nets = { - retiolum = { - addrs4 = ["10.243.111.111"]; - addrs6 = ["42:0:0:0:0:0:0:7357"]; - aliases = [ - "test.retiolum" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAy41YKF/wpHLnN370MSdnAo63QUW30aw+6O79cnaJyxoL6ZQkk4Nd - mrX2tBIfb2hhhgm4Jecy33WVymoEL7EiRZ6gshJaYwte51Jnrac6IFQyiRGMqHY5 - TG/6IzzTOkeQrT1fw3Yfh0NRfqLBZLr0nAFoqgzIVRxvy+QO1gCU2UDKkQ/y5df1 - K+YsMipxU08dsOkPkmLdC/+vDaZiEdYljIS3Omd+ED5JmLM3MSs/ZPQ8xjkjEAy8 - QqD9/67bDoeXyg1ZxED2n0+aRKtU/CK/66Li//yev6yv38OQSEM4t/V0dr9sjLcY - VIdkxKf96F9r3vcDf/9xw2HrqVoy+D5XYQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }); -in { +{ hosts = addNames { echelon = { cores = 2; @@ -241,7 +213,7 @@ in { }; }; - } // testHosts; + }; users = addNames { lass = { pubkey = readFile ../../Zpubkeys/lass.ssh.pub; diff --git a/krebs/3modules/shared/default.nix b/krebs/3modules/shared/default.nix index 24dd7b782..13aae886b 100644 --- a/krebs/3modules/shared/default.nix +++ b/krebs/3modules/shared/default.nix @@ -2,7 +2,35 @@ with lib; -{ +let + testHosts = lib.genAttrs [ + "test-arch" + "test-centos6" + "test-centos7" + ] (name: { + inherit name; + cores = 1; + nets = { + retiolum = { + addrs4 = ["10.243.111.111"]; + addrs6 = ["42:0:0:0:0:0:0:7357"]; + aliases = [ + "test.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAy41YKF/wpHLnN370MSdnAo63QUW30aw+6O79cnaJyxoL6ZQkk4Nd + mrX2tBIfb2hhhgm4Jecy33WVymoEL7EiRZ6gshJaYwte51Jnrac6IFQyiRGMqHY5 + TG/6IzzTOkeQrT1fw3Yfh0NRfqLBZLr0nAFoqgzIVRxvy+QO1gCU2UDKkQ/y5df1 + K+YsMipxU08dsOkPkmLdC/+vDaZiEdYljIS3Omd+ED5JmLM3MSs/ZPQ8xjkjEAy8 + QqD9/67bDoeXyg1ZxED2n0+aRKtU/CK/66Li//yev6yv38OQSEM4t/V0dr9sjLcY + VIdkxKf96F9r3vcDf/9xw2HrqVoy+D5XYQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }); +in { hosts = addNames { wolf = { #dc = "shack"; @@ -32,7 +60,7 @@ with lib; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYMXMWZIK0jjnZDM9INiYAKcwjXs2241vew54K8veCR"; }; - }; + } // testHosts; users = addNames { shared = { mail = "spam@krebsco.de"; diff --git a/lass/1systems/test-arch.nix b/shared/1systems/test-arch.nix similarity index 79% rename from lass/1systems/test-arch.nix rename to shared/1systems/test-arch.nix index 0ab9da2f3..ece209490 100644 --- a/lass/1systems/test-arch.nix +++ b/shared/1systems/test-arch.nix @@ -1,10 +1,6 @@ -{ config, lib, pkgs, ... }: +{ config, pkgs, ... }: -let - inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway; - inherit (lib) head; - -in { +{ imports = [ ../2configs/base.nix { diff --git a/lass/1systems/test-centos6.nix b/shared/1systems/test-centos6.nix similarity index 79% rename from lass/1systems/test-centos6.nix rename to shared/1systems/test-centos6.nix index 7270c2262..a8b5f9b9c 100644 --- a/lass/1systems/test-centos6.nix +++ b/shared/1systems/test-centos6.nix @@ -1,10 +1,10 @@ { config, lib, pkgs, ... }: let - inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway; inherit (lib) head; ip = "168.235.148.52"; + gw = "168.235.148.1"; in { imports = [ ../2configs/base.nix @@ -16,7 +16,7 @@ in { prefixLength = 24; } ]; - networking.defaultGateway = getDefaultGateway ip; + networking.defaultGateway = gw; networking.nameservers = [ "8.8.8.8" ]; diff --git a/lass/1systems/test-centos7.nix b/shared/1systems/test-centos7.nix similarity index 79% rename from lass/1systems/test-centos7.nix rename to shared/1systems/test-centos7.nix index 91bd3e0fe..51e99600c 100644 --- a/lass/1systems/test-centos7.nix +++ b/shared/1systems/test-centos7.nix @@ -1,10 +1,10 @@ { config, lib, pkgs, ... }: let - inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway; inherit (lib) head; ip = "168.235.145.85"; + gw = "168.235.145.1"; in { imports = [ ../2configs/base.nix @@ -16,7 +16,7 @@ in { prefixLength = 24; } ]; - networking.defaultGateway = getDefaultGateway ip; + networking.defaultGateway = gw; networking.nameservers = [ "8.8.8.8" ]; From 07dca519636f07ee4887e14e0e9a9739ec9f8034 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 13 Nov 2015 14:53:26 +0100 Subject: [PATCH 034/142] l 5 go -> k 5 go --- {lass => krebs}/5pkgs/go/default.nix | 0 {lass => krebs}/5pkgs/go/packages.nix | 0 lass/5pkgs/default.nix | 7 +++---- 3 files changed, 3 insertions(+), 4 deletions(-) rename {lass => krebs}/5pkgs/go/default.nix (100%) rename {lass => krebs}/5pkgs/go/packages.nix (100%) diff --git a/lass/5pkgs/go/default.nix b/krebs/5pkgs/go/default.nix similarity index 100% rename from lass/5pkgs/go/default.nix rename to krebs/5pkgs/go/default.nix diff --git a/lass/5pkgs/go/packages.nix b/krebs/5pkgs/go/packages.nix similarity index 100% rename from lass/5pkgs/go/packages.nix rename to krebs/5pkgs/go/packages.nix diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index 844d68a45..b3857ce97 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -5,15 +5,14 @@ let in rec { - bitlbee-dev = callPackage ./bitlbee-dev.nix {}; - bitlbee-steam = callPackage ./bitlbee-steam.nix { inherit bitlbee-dev; }; - bitlbee = callPackage ./bitlbee.nix { inherit bitlbee-steam; }; + #bitlbee-dev = callPackage ./bitlbee-dev.nix {}; + #bitlbee-steam = callPackage ./bitlbee-steam.nix { inherit bitlbee-dev; }; + #bitlbee = callPackage ./bitlbee.nix { inherit bitlbee-steam; }; firefoxPlugins = { noscript = callPackage ./firefoxPlugins/noscript.nix {}; ublock = callPackage ./firefoxPlugins/ublock.nix {}; vimperator = callPackage ./firefoxPlugins/vimperator.nix {}; }; - go = callPackage ./go/default.nix {}; newsbot-js = callPackage ./newsbot-js/default.nix {}; xmonad-lass = let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in From 88e0f5b0370efe9b93493c21d487917a29e44a1c Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 13 Nov 2015 14:54:52 +0100 Subject: [PATCH 035/142] l 2 base: nixpkgs 7ae05ed -> 8d1ce12 --- lass/2configs/base.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index a76ed4d6b..61023057b 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -48,7 +48,7 @@ with lib; source = { git.nixpkgs = { url = https://github.com/Lassulus/nixpkgs; - rev = "7ae05edcdd14f6ace83ead9bf0d114e97c89a83a"; + rev = "8d1ce129361312334bf914ce0d27e463cb0bb21b"; }; dir.secrets = { host = config.krebs.hosts.mors; From 2e2e5196d149379643244f92239f88f5d2eb2237 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 13 Nov 2015 14:56:37 +0100 Subject: [PATCH 036/142] l: use bitlbee plugin architecture from nixpkgs --- lass/2configs/bitlbee.nix | 16 +++----- lass/5pkgs/bitlbee-dev.nix | 20 ---------- lass/5pkgs/bitlbee-steam.nix | 31 ---------------- lass/5pkgs/bitlbee.nix | 71 ------------------------------------ lass/5pkgs/default.nix | 3 -- 5 files changed, 6 insertions(+), 135 deletions(-) delete mode 100644 lass/5pkgs/bitlbee-dev.nix delete mode 100644 lass/5pkgs/bitlbee-steam.nix delete mode 100644 lass/5pkgs/bitlbee.nix diff --git a/lass/2configs/bitlbee.nix b/lass/2configs/bitlbee.nix index fa14c7fea..b23628dc5 100644 --- a/lass/2configs/bitlbee.nix +++ b/lass/2configs/bitlbee.nix @@ -1,16 +1,12 @@ { config, pkgs, ... }: -let - lpkgs = import ../5pkgs { inherit pkgs; }; -in { - - imports = [ - ../3modules/bitlbee.nix - ]; - - lass.bitlbee = { +{ + services.bitlbee = { enable = true; - bitlbeePkg = lpkgs.bitlbee; portNumber = 6666; + plugins = [ + pkgs.bitlbee-facebook + pkgs.bitlbee-steam + ]; }; } diff --git a/lass/5pkgs/bitlbee-dev.nix b/lass/5pkgs/bitlbee-dev.nix deleted file mode 100644 index dd129591e..000000000 --- a/lass/5pkgs/bitlbee-dev.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ fetchurl, stdenv, gnutls, glib, pkgconfig, check, libotr, python }: - -stdenv.mkDerivation rec { - name = "bitlbee-3.4.1"; - - src = fetchurl { - url = "mirror://bitlbee/src/${name}.tar.gz"; - sha256 = "1qf0ypa9ba5jvsnpg9slmaran16hcc5fnfzbb1sdch1hjhchn2jh"; - }; - - buildInputs = [ gnutls glib pkgconfig libotr python ]; - - buildPhase = ""; - - installPhase = '' - make install-dev - ''; - -} - diff --git a/lass/5pkgs/bitlbee-steam.nix b/lass/5pkgs/bitlbee-steam.nix deleted file mode 100644 index d869eaac5..000000000 --- a/lass/5pkgs/bitlbee-steam.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ stdenv, fetchgit, autoconf, automake, bitlbee-dev, glib, libgcrypt, libtool, pkgconfig }: - -stdenv.mkDerivation rec { - name = "bitlbee-steam-1.3.1"; - - src = fetchgit { - url = "https://github.com/jgeboski/bitlbee-steam"; - rev = "439d777c7e8d06712ffc15c3e51d61799f4c0d0c"; - sha256 = "493924da1083a3b23073c595a9e1989a7ae09a196524ad66ca99c4d8ccc20d2a"; - }; - - buildInputs = [ - autoconf - automake - bitlbee-dev - glib - libgcrypt - libtool - pkgconfig - ]; - - configurePhase = '' - ./autogen.sh - ''; - - installPhase = '' - mkdir -p $out - cp steam/.libs/steam.la $out/ - cp steam/.libs/steam.so $out/ - ''; -} diff --git a/lass/5pkgs/bitlbee.nix b/lass/5pkgs/bitlbee.nix deleted file mode 100644 index 2a5a8d86d..000000000 --- a/lass/5pkgs/bitlbee.nix +++ /dev/null @@ -1,71 +0,0 @@ -{ fetchurl, stdenv, gnutls, glib, pkgconfig, check, libotr, python - , bitlbee-facebook ? null - , bitlbee-steam ? null -}: - -with stdenv.lib; -stdenv.mkDerivation rec { - name = "bitlbee-3.4.1"; - - src = fetchurl { - url = "mirror://bitlbee/src/${name}.tar.gz"; - sha256 = "1qf0ypa9ba5jvsnpg9slmaran16hcc5fnfzbb1sdch1hjhchn2jh"; - }; - - - buildInputs = [ gnutls glib pkgconfig libotr python ] - ++ optional doCheck check; - - configureFlags = [ - "--gcov=1" - "--otr=1" - "--ssl=gnutls" - ]; - - postBuild = '' - ${if (bitlbee-steam != null) then - '' - mkdir -p $out/lib/bitlbee/ - find ${bitlbee-steam} - cp ${bitlbee-steam}/* $out/lib/bitlbee/ - '' - else - "" - } - ''; - #${concatMapStringsSep "\n" ([] ++ - # (if (bitlbee-facebook != null) then - # "cp ${bitlbee-faceook}/* $out/" - # else - # "" - # ) ++ - # (if (bitlbee-steam != null) then - # "cp ${bitlbee-steam}/* $out/" - # else - # "" - # ) - #)} - - doCheck = true; - - meta = { - description = "IRC instant messaging gateway"; - - longDescription = '' - BitlBee brings IM (instant messaging) to IRC clients. It's a - great solution for people who have an IRC client running all the - time and don't want to run an additional MSN/AIM/whatever - client. - - BitlBee currently supports the following IM networks/protocols: - XMPP/Jabber (including Google Talk), MSN Messenger, Yahoo! - Messenger, AIM and ICQ. - ''; - - homepage = http://www.bitlbee.org/; - license = licenses.gpl2Plus; - - maintainers = with maintainers; [ wkennington pSub ]; - platforms = platforms.gnu; # arbitrary choice - }; -} diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index b3857ce97..2b9582912 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -5,9 +5,6 @@ let in rec { - #bitlbee-dev = callPackage ./bitlbee-dev.nix {}; - #bitlbee-steam = callPackage ./bitlbee-steam.nix { inherit bitlbee-dev; }; - #bitlbee = callPackage ./bitlbee.nix { inherit bitlbee-steam; }; firefoxPlugins = { noscript = callPackage ./firefoxPlugins/noscript.nix {}; ublock = callPackage ./firefoxPlugins/ublock.nix {}; From f2e4288052b8b21e45a577fde8b8761e6295be5a Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 13 Nov 2015 14:57:19 +0100 Subject: [PATCH 037/142] l 2 weechat: bring everything up2date --- lass/2configs/weechat.nix | 31 +++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix index cfcc1a2f6..18007ed61 100644 --- a/lass/2configs/weechat.nix +++ b/lass/2configs/weechat.nix @@ -1,22 +1,37 @@ { config, lib, pkgs, ... }: -with lib; { - imports = [ - ../3modules/per-user.nix - ]; - - lass.per-user.chat.packages = [ + krebs.per-user.chat.packages = [ pkgs.weechat pkgs.tmux ]; users.extraUsers.chat = { home = "/home/chat"; + uid = 986764891; # genid chat useDefaultShell = true; createHome = true; - openssh.authorizedKeys.keys = map readFile [ - ../../krebs/Zpubkeys/lass.ssh.pub + openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey ]; }; + + #systemd.services.chat = { + # description = "chat environment setup"; + # after = [ "network.target" ]; + # wantedBy = [ "multi-user.target" ]; + + # path = with pkgs; [ + # weechat + # tmux + # ]; + + # restartIfChanged = true; + + # serviceConfig = { + # User = "chat"; + # Restart = "always"; + # ExecStart = "${pkgs.tmux}/bin/tmux new -s IM weechat"; + # }; + #}; } From a1142b25c62e4009e56b881234829fb734196d93 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 13 Nov 2015 14:57:51 +0100 Subject: [PATCH 038/142] l 1 prism: import weechat.nix --- lass/1systems/prism.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 85021887f..599f4704e 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -11,6 +11,7 @@ in { ../2configs/git.nix ../2configs/ts3.nix ../2configs/bitlbee.nix + ../2configs/weechat.nix { users.extraGroups = { # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories From e7d22252dcad25fd5594e9a431f5a39aa620906d Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 13 Nov 2015 14:59:48 +0100 Subject: [PATCH 039/142] shared: add os templates to 2 --- .../os-templates/CAC-CentOS-6.5-64bit.nix | 47 +++++++++++++++++++ .../os-templates/CAC-CentOS-7-64bit.nix | 47 +++++++++++++++++++ 2 files changed, 94 insertions(+) create mode 100644 shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix create mode 100644 shared/2configs/os-templates/CAC-CentOS-7-64bit.nix diff --git a/shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix b/shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix new file mode 100644 index 000000000..b5ec722a0 --- /dev/null +++ b/shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix @@ -0,0 +1,47 @@ +_: + +{ + boot.loader.grub = { + device = "/dev/sda"; + splashImage = null; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "vmw_pvscsi" + ]; + + fileSystems."/" = { + device = "/dev/VolGroup/lv_root"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/sda1"; + fsType = "ext4"; + }; + + swapDevices = [ + { device = "/dev/VolGroup/lv_swap"; } + ]; + + users.extraGroups = { + # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories + # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service) + # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago + # Docs: man:tmpfiles.d(5) + # man:systemd-tmpfiles(8) + # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE) + # Main PID: 19272 (code=exited, status=1/FAILURE) + # + # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'. + # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring. + # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring. + # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE + # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories. + # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state. + # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed. + # warning: error(s) occured while switching to the new configuration + lock.gid = 10001; + }; +} diff --git a/shared/2configs/os-templates/CAC-CentOS-7-64bit.nix b/shared/2configs/os-templates/CAC-CentOS-7-64bit.nix new file mode 100644 index 000000000..168d1d97b --- /dev/null +++ b/shared/2configs/os-templates/CAC-CentOS-7-64bit.nix @@ -0,0 +1,47 @@ +_: + +{ + boot.loader.grub = { + device = "/dev/sda"; + splashImage = null; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "vmw_pvscsi" + ]; + + fileSystems."/" = { + device = "/dev/centos/root"; + fsType = "xfs"; + }; + + fileSystems."/boot" = { + device = "/dev/sda1"; + fsType = "xfs"; + }; + + swapDevices = [ + { device = "/dev/centos/swap"; } + ]; + + users.extraGroups = { + # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories + # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service) + # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago + # Docs: man:tmpfiles.d(5) + # man:systemd-tmpfiles(8) + # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE) + # Main PID: 19272 (code=exited, status=1/FAILURE) + # + # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'. + # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring. + # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring. + # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE + # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories. + # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state. + # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed. + # warning: error(s) occured while switching to the new configuration + lock.gid = 10001; + }; +} From 78660ea002d5912eb8d06da1895cc6e34bd5e6eb Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 14 Nov 2015 01:48:49 +0100 Subject: [PATCH 040/142] m 1 filepimp: remove legacy imports --- makefu/1systems/filepimp.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix index fb1a57552..66ea2ce90 100644 --- a/makefu/1systems/filepimp.nix +++ b/makefu/1systems/filepimp.nix @@ -7,8 +7,6 @@ { imports = [ # Include the results of the hardware scan. - ../2configs/default.nix - ../2configs/fs/vm-single-partition.nix ../2configs/fs/single-partition-ext4.nix ../2configs/tinc-basic-retiolum.nix ]; From 2b9d7bdda10689e8bd8f7ed39830fd274c02457b Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 14 Nov 2015 01:49:31 +0100 Subject: [PATCH 041/142] m 1 gum: add swap to server config --- makefu/1systems/gum.nix | 1 + makefu/2configs/fs/simple-swap.nix | 11 +++++++++++ 2 files changed, 12 insertions(+) create mode 100644 makefu/2configs/fs/simple-swap.nix diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 8dd347b4f..44ab8c6f8 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -9,6 +9,7 @@ in { # TODO: copy this config or move to krebs ../2configs/tinc-basic-retiolum.nix ../2configs/headless.nix + ../2configs/fs/simple-swap.nix ../2configs/fs/single-partition-ext4.nix # ../2configs/iodined.nix diff --git a/makefu/2configs/fs/simple-swap.nix b/makefu/2configs/fs/simple-swap.nix new file mode 100644 index 000000000..8c161b287 --- /dev/null +++ b/makefu/2configs/fs/simple-swap.nix @@ -0,0 +1,11 @@ +_: +{ + # do not swap that often + boot.kernel.sysctl = { + "vm.swappiness" = 25; + }; + + swapDevices = [ + { device = "/dev/disk/by-label/swap"; } + ]; +} From 79b890670100d08c3640fffade2caf3eced192d8 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 14 Nov 2015 01:50:24 +0100 Subject: [PATCH 042/142] m 2 vbox: up version number --- makefu/2configs/main-laptop.nix | 2 +- makefu/2configs/virtualization-virtualbox.nix | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix index 294ee7510..dfc8c1c07 100644 --- a/makefu/2configs/main-laptop.nix +++ b/makefu/2configs/main-laptop.nix @@ -12,7 +12,7 @@ with lib; firefox chromium keepassx - + ntfs3g virtmanager at_spi2_core # dep for virtmanager? ]; diff --git a/makefu/2configs/virtualization-virtualbox.nix b/makefu/2configs/virtualization-virtualbox.nix index 610b63732..aaabcd50e 100644 --- a/makefu/2configs/virtualization-virtualbox.nix +++ b/makefu/2configs/virtualization-virtualbox.nix @@ -2,11 +2,11 @@ let mainUser = config.krebs.build.user; - version = "5.0.4"; - rev = "102546"; + version = "5.0.6"; + rev = "103037"; vboxguestpkg = pkgs.fetchurl { url = "http://download.virtualbox.org/virtualbox/${version}/Oracle_VM_VirtualBox_Extension_Pack-${version}-${rev}.vbox-extpack"; - sha256 = "1ykwpjvfgj11iwhx70bh2hbxhyy3hg6rnqzl4qac7xzg8xw8wqg4"; + sha256 = "1dc70x2m7x266zzw5vw36mxqj7xykkbk357fc77f9zrv4lylzvaf"; }; in { #inherit vboxguestpkg; From 452f8d8e23b14d10158e748c222228a6704f9a11 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 14 Nov 2015 14:11:38 +0100 Subject: [PATCH 043/142] l 3: remove bitlbee --- lass/3modules/bitlbee.nix | 153 -------------------------------------- lass/3modules/default.nix | 1 - 2 files changed, 154 deletions(-) delete mode 100644 lass/3modules/bitlbee.nix diff --git a/lass/3modules/bitlbee.nix b/lass/3modules/bitlbee.nix deleted file mode 100644 index 8ce560146..000000000 --- a/lass/3modules/bitlbee.nix +++ /dev/null @@ -1,153 +0,0 @@ -{ config, lib, pkgs, ... }: - - -let - - inherit (lib) - mkIf - mkOption - types - singleton - ; - - authModeCheck = v: - v == "Open" || - v == "Closed" || - v == "Registered" - ; - - bitlbeeConfig = pkgs.writeText "bitlbee.conf" '' - [settings] - RunMode = Daemon - User = bitlbee - ConfigDir = ${cfg.configDir} - DaemonInterface = ${cfg.interface} - DaemonPort = ${toString cfg.portNumber} - AuthMode = ${cfg.authMode} - ${lib.optionalString (cfg.hostName != "") "HostName = ${cfg.hostName}"} - ${lib.optionalString (cfg.protocols != "") "Protocols = ${cfg.protocols}"} - ${cfg.extraSettings} - - [defaults] - ${cfg.extraDefaults} - ''; - - cfg = config.lass.bitlbee; - - out = { - options.lass.bitlbee = api; - config = mkIf cfg.enable imp; - }; - - api = { - enable = mkOption { - default = false; - description = '' - Whether to run the BitlBee IRC to other chat network gateway. - Running it allows you to access the MSN, Jabber, Yahoo! and ICQ chat - networks via an IRC client. - ''; - }; - - interface = mkOption { - default = "127.0.0.1"; - description = '' - The interface the BitlBee deamon will be listening to. If `127.0.0.1', - only clients on the local host can connect to it; if `0.0.0.0', clients - can access it from any network interface. - ''; - }; - - portNumber = mkOption { - default = 6667; - description = '' - Number of the port BitlBee will be listening to. - ''; - }; - - authMode = mkOption { - default = "Open"; - type = types.addCheck types.str authModeCheck; - description = '' - The following authentication modes are available: - Open -- Accept connections from anyone, use NickServ for user authentication. - Closed -- Require authorization (using the PASS command during login) before allowing the user to connect at all. - Registered -- Only allow registered users to use this server; this disables the register- and the account command until the user identifies himself. - ''; - }; - - hostName = mkOption { - default = ""; - type = types.str; - description = '' - Normally, BitlBee gets a hostname using getsockname(). If you have a nicer - alias for your BitlBee daemon, you can set it here and BitlBee will identify - itself with that name instead. - ''; - }; - - configDir = mkOption { - default = "/var/lib/bitlbee"; - type = types.path; - description = '' - Specify an alternative directory to store all the per-user configuration - files. - ''; - }; - - protocols = mkOption { - default = ""; - type = types.str; - description = '' - This option allows to remove the support of protocol, even if compiled - in. If nothing is given, there are no restrictions. - ''; - }; - - extraSettings = mkOption { - default = ""; - description = '' - Will be inserted in the Settings section of the config file. - ''; - }; - - extraDefaults = mkOption { - default = ""; - description = '' - Will be inserted in the Default section of the config file. - ''; - }; - - bitlbeePkg = mkOption { - default = pkgs.bitlbee; - description = '' - the bitlbee pkg to use. - ''; - }; - }; - - imp = { - users.extraUsers = singleton { - name = "bitlbee"; - uid = config.ids.uids.bitlbee; - description = "BitlBee user"; - home = "/var/lib/bitlbee"; - createHome = true; - }; - - users.extraGroups = singleton { - name = "bitlbee"; - gid = config.ids.gids.bitlbee; - }; - - systemd.services.bitlbee = { - description = "BitlBee IRC to other chat networks gateway"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig.User = "bitlbee"; - serviceConfig.ExecStart = "${cfg.bitlbeePkg}/sbin/bitlbee -F -n -c ${bitlbeeConfig}"; - }; - }; - -in -out diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 7c85af3a4..0dcad971c 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -2,7 +2,6 @@ _: { imports = [ ./xresources.nix - ./bitlbee.nix ./folderPerms.nix ./newsbot-js.nix ./per-user.nix From d0a573c4c514ca0bd64c3ed8b0dd265129010969 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 14 Nov 2015 17:54:08 +0100 Subject: [PATCH 044/142] k 3 l: bump echelon internet addr --- krebs/3modules/lass/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index c99263fe8..26b0947bb 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -9,7 +9,7 @@ with lib; dc = "lass"; #dc = "cac"; nets = rec { internet = { - addrs4 = ["167.88.34.158"]; + addrs4 = ["162.252.241.33"]; aliases = [ "echelon.internet" ]; From ff3dc90d1c1ced94bf4105febee7cb9afd687064 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 14 Nov 2015 17:54:45 +0100 Subject: [PATCH 045/142] l 3 dnsmasq: remove dead code --- lass/3modules/dnsmasq.nix | 7 ------- 1 file changed, 7 deletions(-) diff --git a/lass/3modules/dnsmasq.nix b/lass/3modules/dnsmasq.nix index 99c165479..83a9cb180 100644 --- a/lass/3modules/dnsmasq.nix +++ b/lass/3modules/dnsmasq.nix @@ -25,13 +25,6 @@ let configFile = pkgs.writeText "dnsmasq.conf" cfg.config; imp = { - #users.extraUsers.go = { - # name = "go"; - # uid = 42774411; #genid go - # description = "go url shortener user"; - # home = "/var/lib/go"; - # createHome = true; - #}; systemd.services.dnsmasq = { description = "dnsmasq"; From 48c9789141957c0c65dcb4df5a0e22d6002cafd3 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 17 Nov 2015 12:16:51 +0100 Subject: [PATCH 046/142] apt-cacher-ng: init package and module once apt-cacher-ng arrives in nixos stable it will be removed from stockholm --- krebs/3modules/apt-cacher-ng.nix | 155 ++++++++++++++++++++++++++ krebs/5pkgs/apt-cacher-ng/default.nix | 21 ++++ 2 files changed, 176 insertions(+) create mode 100644 krebs/3modules/apt-cacher-ng.nix create mode 100644 krebs/5pkgs/apt-cacher-ng/default.nix diff --git a/krebs/3modules/apt-cacher-ng.nix b/krebs/3modules/apt-cacher-ng.nix new file mode 100644 index 000000000..c2c2f2661 --- /dev/null +++ b/krebs/3modules/apt-cacher-ng.nix @@ -0,0 +1,155 @@ +{ config, pkgs, lib, ... }: + +with lib; +let + acng-config = pkgs.writeTextFile { + name = "acng-configuration"; + destination = "/acng.conf"; + text = '' + ForeGround: 1 + CacheDir: ${cfg.cacheDir} + LogDir: ${cfg.logDir} + PidFile: /var/run/apt-cacher-ng.pid + ExTreshold: ${toString cfg.cacheExpiration} + + Port: ${toString cfg.port} + BindAddress: ${cfg.bindAddress} + + # defaults: + Remap-debrep: file:deb_mirror*.gz /debian ; file:backends_debian + Remap-uburep: file:ubuntu_mirrors /ubuntu ; file:backends_ubuntu + Remap-debvol: file:debvol_mirror*.gz /debian-volatile ; file:backends_debvol + Remap-cygwin: file:cygwin_mirrors /cygwin + Remap-sfnet: file:sfnet_mirrors + Remap-alxrep: file:archlx_mirrors /archlinux + Remap-fedora: file:fedora_mirrors + Remap-epel: file:epel_mirrors + Remap-slrep: file:sl_mirrors # Scientific Linux + Remap-gentoo: file:gentoo_mirrors.gz /gentoo ; file:backends_gentoo + + ReportPage: acng-report.html + SupportDir: ${pkgs.apt-cacher-ng}/lib/apt-cacher-ng + LocalDirs: acng-doc ${pkgs.apt-cacher-ng}/share/doc/apt-cacher-ng + + # Nix cache + ${optionalString cfg.enableNixCache '' + Remap-nix: http://cache.nixos.org /nixos ; https://cache.nixos.org + PfilePatternEx: (^|.*?/).*\.narinfo(|\.gz|\.xz|\.bz2)$ + VfilePatternEx: (^|.*?/)nix-cache-info$ + ''} + + ${cfg.extraConfig} + ''; }; + + acng-home = "/var/cache/acng"; + cfg = config.krebs.apt-cacher-ng; + + api = { + enable = mkEnableOption "apt-cacher-ng"; + + cacheDir = mkOption { + default = acng-home + "/cache"; + type = types.str; + description = '' + Path to apt-cacher-ng cache directory. + Will be created and chowned to acng-user + ''; + }; + + logDir = mkOption { + default = acng-home + "/log"; + type = types.str; + description = '' + Path to apt-cacher-ng log directory. + Will be created and chowned to acng-user + ''; + }; + + port = mkOption { + default = 3142; + type = types.int; + description = '' + port of apt-cacher-ng + ''; + }; + + bindAddress = mkOption { + default = ""; + type = types.str; + example = "localhost 192.168.7.254 publicNameOnMainInterface"; + description = '' + listen address of apt-cacher-ng. Defaults to every interface. + ''; + }; + + cacheExpiration = mkOption { + default = 4; + type = types.int; + description = '' + number of days before packages expire in the cache without being + requested. + ''; + }; + + enableNixCache = mkOption { + default = true; + type = types.bool; + description = '' + enable cache.nixos.org caching via PfilePatternEx and VfilePatternEx. + + to use the apt-cacher-ng in your nixos configuration: + nix.binary-cache = [ http://acng-host:port/nixos ]; + + These options cannot be used in extraConfig, use SVfilePattern and + SPfilePattern or disable this option. + ''; + }; + + extraConfig = mkOption { + default = ""; + type = types.lines; + description = '' + extra config appended to the generated acng.conf + ''; + }; + }; + + imp = { + + users.extraUsers.acng = { + # uid = config.ids.uids.acng; + uid = 897955083; #genid Reaktor + description = "apt-cacher-ng"; + home = acng-home; + createHome = false; + }; + + users.extraGroups.acng = { + gid = 897955083; #genid Reaktor + # gid = config.ids.gids.Reaktor; + }; + + systemd.services.apt-cacher-ng = { + description = "apt-cacher-ng"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + PermissionsStartOnly = true; + ExecStartPre = pkgs.writeScript "acng-init" '' + #!/bin/sh + mkdir -p ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir} + chown acng:acng ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir} + ''; + ExecStart = "${pkgs.apt-cacher-ng}/bin/apt-cacher-ng -c ${acng-config}"; + PrivateTmp = "true"; + User = "acng"; + Restart = "always"; + RestartSec = "10"; + }; + }; + }; +in +{ + options.krebs.apt-cacher-ng = api; + config = mkIf cfg.enable imp; +} diff --git a/krebs/5pkgs/apt-cacher-ng/default.nix b/krebs/5pkgs/apt-cacher-ng/default.nix new file mode 100644 index 000000000..f253cdba0 --- /dev/null +++ b/krebs/5pkgs/apt-cacher-ng/default.nix @@ -0,0 +1,21 @@ +{ stdenv, fetchurl, cmake, doxygen, zlib, openssl, bzip2, pkgconfig, libpthreadstubs }: + +stdenv.mkDerivation rec { + name = "apt-cacher-ng-${version}"; + version = "0.8.6"; + + src = fetchurl { + url = "http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/apt-cacher-ng_${version}.orig.tar.xz"; + sha256 = "0044dfks8djl11fs28jj8894i4rq424xix3d3fkvzz2i6lnp8nr5"; + }; + + NIX_LDFLAGS = "-lpthread"; + buildInputs = [ doxygen cmake zlib openssl bzip2 pkgconfig libpthreadstubs ]; + + meta = { + description = "A caching proxy specialized for linux distribution files"; + homepage = http://www.unix-ag.uni-kl.de/~bloch/acng/; + license = stdenv.lib.licenses.gpl2; + maintainers = [ stdenv.lib.maintainers.makefu ]; + }; +} From 4c26fb9383a822309c05523774c9f7bebfbb5201 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 17 Nov 2015 13:29:56 +0100 Subject: [PATCH 047/142] k 3 apt-cacher-ng: fix whitespace --- krebs/3modules/apt-cacher-ng.nix | 59 ++++++++++++++++---------------- 1 file changed, 30 insertions(+), 29 deletions(-) diff --git a/krebs/3modules/apt-cacher-ng.nix b/krebs/3modules/apt-cacher-ng.nix index c2c2f2661..9224c72a0 100644 --- a/krebs/3modules/apt-cacher-ng.nix +++ b/krebs/3modules/apt-cacher-ng.nix @@ -6,40 +6,41 @@ let name = "acng-configuration"; destination = "/acng.conf"; text = '' - ForeGround: 1 - CacheDir: ${cfg.cacheDir} - LogDir: ${cfg.logDir} - PidFile: /var/run/apt-cacher-ng.pid - ExTreshold: ${toString cfg.cacheExpiration} + ForeGround: 1 + CacheDir: ${cfg.cacheDir} + LogDir: ${cfg.logDir} + PidFile: /var/run/apt-cacher-ng.pid + ExTreshold: ${toString cfg.cacheExpiration} - Port: ${toString cfg.port} - BindAddress: ${cfg.bindAddress} + Port: ${toString cfg.port} + BindAddress: ${cfg.bindAddress} - # defaults: - Remap-debrep: file:deb_mirror*.gz /debian ; file:backends_debian - Remap-uburep: file:ubuntu_mirrors /ubuntu ; file:backends_ubuntu - Remap-debvol: file:debvol_mirror*.gz /debian-volatile ; file:backends_debvol - Remap-cygwin: file:cygwin_mirrors /cygwin - Remap-sfnet: file:sfnet_mirrors - Remap-alxrep: file:archlx_mirrors /archlinux - Remap-fedora: file:fedora_mirrors - Remap-epel: file:epel_mirrors - Remap-slrep: file:sl_mirrors # Scientific Linux - Remap-gentoo: file:gentoo_mirrors.gz /gentoo ; file:backends_gentoo + # defaults: + Remap-debrep: file:deb_mirror*.gz /debian ; file:backends_debian + Remap-uburep: file:ubuntu_mirrors /ubuntu ; file:backends_ubuntu + Remap-debvol: file:debvol_mirror*.gz /debian-volatile ; file:backends_debvol + Remap-cygwin: file:cygwin_mirrors /cygwin + Remap-sfnet: file:sfnet_mirrors + Remap-alxrep: file:archlx_mirrors /archlinux + Remap-fedora: file:fedora_mirrors + Remap-epel: file:epel_mirrors + Remap-slrep: file:sl_mirrors # Scientific Linux + Remap-gentoo: file:gentoo_mirrors.gz /gentoo ; file:backends_gentoo - ReportPage: acng-report.html - SupportDir: ${pkgs.apt-cacher-ng}/lib/apt-cacher-ng - LocalDirs: acng-doc ${pkgs.apt-cacher-ng}/share/doc/apt-cacher-ng + ReportPage: acng-report.html + SupportDir: ${pkgs.apt-cacher-ng}/lib/apt-cacher-ng + LocalDirs: acng-doc ${pkgs.apt-cacher-ng}/share/doc/apt-cacher-ng - # Nix cache - ${optionalString cfg.enableNixCache '' - Remap-nix: http://cache.nixos.org /nixos ; https://cache.nixos.org - PfilePatternEx: (^|.*?/).*\.narinfo(|\.gz|\.xz|\.bz2)$ - VfilePatternEx: (^|.*?/)nix-cache-info$ - ''} + # Nix cache + ${optionalString cfg.enableNixCache '' + Remap-nix: http://cache.nixos.org /nixos ; https://cache.nixos.org + PfilePatternEx: (^|.*?/).*\.narinfo(|\.gz|\.xz|\.bz2)$ + VfilePatternEx: (^|.*?/)nix-cache-info$ + ''} - ${cfg.extraConfig} - ''; }; + ${cfg.extraConfig} + ''; + }; acng-home = "/var/cache/acng"; cfg = config.krebs.apt-cacher-ng; From 5a450ad787a4738d2338c1e6e2709a680ceeb413 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 17 Nov 2015 13:49:29 +0100 Subject: [PATCH 048/142] apt-cacher-ng is imported by krebs modules --- krebs/3modules/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 6d62b2e38..a627d5657 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -6,6 +6,7 @@ let out = { imports = [ + ./apt-cacher-ng.nix ./bepasty-server.nix ./build.nix ./current.nix From b69dcc6086c16ae996575bb00a1f55a14c26b63e Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 17 Nov 2015 13:54:55 +0100 Subject: [PATCH 049/142] m 1 gum: add ssh repo --- makefu/1systems/gum.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index d8b7ed5f9..63ad18339 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -12,6 +12,7 @@ in { ../2configs/fs/simple-swap.nix ../2configs/fs/single-partition-ext4.nix # ../2configs/iodined.nix + ../2configs/git/cgit-retiolum.nix ]; From 4fec1920fb8fb9392c7a5c363a8392230eb64de8 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 17 Nov 2015 13:55:30 +0100 Subject: [PATCH 050/142] m 2 git: fix library and irc hooks --- makefu/2configs/git/brain-retiolum.nix | 4 +-- makefu/2configs/git/cgit-retiolum.nix | 50 +++++++++++++++++--------- 2 files changed, 35 insertions(+), 19 deletions(-) diff --git a/makefu/2configs/git/brain-retiolum.nix b/makefu/2configs/git/brain-retiolum.nix index 793373859..066d50a28 100644 --- a/makefu/2configs/git/brain-retiolum.nix +++ b/makefu/2configs/git/brain-retiolum.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: # TODO: remove tv lib :) -with import ../../../tv/4lib { inherit lib pkgs; }; +with lib; let repos = priv-repos // krebs-repos ; @@ -26,7 +26,7 @@ let inherit name desc; public = false; hooks = { - post-receive = git.irc-announce { + post-receive = pkgs.git-hooks.irc-announce { nick = config.networking.hostName; channel = "#retiolum"; # TODO remove the hardcoded hostname diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 189dd66c8..748cd6427 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -1,10 +1,12 @@ { config, lib, pkgs, ... }: # TODO: remove tv lib :) -with import ../../../tv/4lib { inherit lib pkgs; }; +with lib; let - repos = priv-repos // krebs-repos ; - rules = concatMap krebs-rules (attrValues krebs-repos) ++ concatMap priv-rules (attrValues priv-repos); + repos = priv-repos // krebs-repos // connector-repos ; + rules = concatMap krebs-rules (attrValues krebs-repos) + ++ concatMap priv-rules (attrValues priv-repos) + ++ concatMap connector-rules (attrValues connector-repos); krebs-repos = mapAttrs make-krebs-repo { stockholm = { @@ -19,6 +21,10 @@ let autosync = { }; }; + connector-repos = mapAttrs make-priv-repo { + autosync = { }; + }; + # TODO move users to separate module make-priv-repo = name: { desc ? null, ... }: { @@ -40,12 +46,19 @@ let }; }; - set-owners = with git;repo: user: - singleton { - inherit user; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - }; + + + # TODO: get the list of all krebsministers + krebsminister = with config.krebs.users; [ lass tv uriel ]; + all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ]; + exco = with config.krebs.users; [ exco ]; + + priv-rules = repo: set-owners repo all-makefu; + + connector-rules = repo: set-owners repo (all-makefu ++ exco); + + krebs-rules = repo: + set-owners repo all-makefu ++ set-ro-access repo krebsminister; set-ro-access = with git; repo: user: optional repo.public { @@ -54,14 +67,12 @@ let perm = fetch; }; - # TODO: get the list of all krebsministers - krebsminister = with config.krebs.users; [ lass tv uriel ]; - all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ]; - - priv-rules = repo: set-owners repo all-makefu; - - krebs-rules = repo: - set-owners repo all-makefu ++ set-ro-access repo krebsminister; + set-owners = with git;repo: user: + singleton { + inherit user; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + }; in { imports = [{ @@ -73,6 +84,11 @@ in { name = "makefu-tsp" ; pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub; }; + + krebs.users.exco = { + name = "exco" ; + pubkey= with builtins; readFile ../../../krebs/Zpubkeys/exco.ssh.pub; + }; }]; krebs.git = { enable = true; From a4ab19181b312a64a14f7da694e994959ce2b147 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 17 Nov 2015 13:57:43 +0100 Subject: [PATCH 051/142] shared 2 base: add makefu_omo to allowed pubkeys --- shared/2configs/base.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/shared/2configs/base.nix b/shared/2configs/base.nix index c9f4ffa8d..df41eae1a 100644 --- a/shared/2configs/base.nix +++ b/shared/2configs/base.nix @@ -64,6 +64,8 @@ with lib; # TODO config.krebs.users.lass.pubkey config.krebs.users.makefu.pubkey + # TODO HARDER: + (readFile ../../krebs/Zpubkeys/makefu_omo.ssh.pub) config.krebs.users.tv.pubkey ]; From 5aed0a395b2f78216bc02a7178527034bb079d28 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 17 Nov 2015 22:15:07 +0100 Subject: [PATCH 052/142] shared wolf: static ip, fix todo --- krebs/3modules/default.nix | 1 + krebs/3modules/shared/default.nix | 15 ++++++++++----- shared/1systems/wolf.nix | 21 ++++++++++++++++++++- shared/2configs/shack-drivedroid.nix | 18 ++++++++++++++++++ shared/2configs/shack-nix-cacher.nix | 25 +++++++++++++++++++++++++ 5 files changed, 74 insertions(+), 6 deletions(-) create mode 100644 shared/2configs/shack-drivedroid.nix create mode 100644 shared/2configs/shack-nix-cacher.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index a627d5657..ce52c148c 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -86,6 +86,7 @@ let krebs.dns.providers = { de.krebsco = "zones"; gg23 = "hosts"; + shack = "hosts"; internet = "hosts"; retiolum = "hosts"; }; diff --git a/krebs/3modules/shared/default.nix b/krebs/3modules/shared/default.nix index 13aae886b..d5bce469b 100644 --- a/krebs/3modules/shared/default.nix +++ b/krebs/3modules/shared/default.nix @@ -33,12 +33,17 @@ let in { hosts = addNames { wolf = { - #dc = "shack"; + dc = "shack"; nets = { - #shack = { - # addrs4 = [ TODO ]; - # aliases = ["wolf.shack"]; - #}; + shack = { + addrs4 = [ "10.42.2.136" ]; + aliases = [ + "wolf.shack" + "graphite.shack" + "acng.shack" + "drivedroid.shack" + ]; + }; retiolum = { addrs4 = ["10.243.77.1"]; addrs6 = ["42:0:0:0:0:0:77:1"]; diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix index 4fe3388c8..30e6e1d07 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf.nix @@ -1,12 +1,31 @@ { config, lib, pkgs, ... }: +let + shack-ip = lib.head config.krebs.build.host.nets.shack.addrs4; + internal-ip = lib.head config.krebs.build.host.nets.retiolum.addrs4; +in { imports = [ ../2configs/base.nix ../2configs/collectd-base.nix + ../2configs/shack-nix-cacher.nix + ../2configs/shack-drivedroid.nix ]; + networking = { + interfaces.eth0.ip4 = [{ + address = shack-ip; + prefixLength = 20; + }]; + + defaultGateway = "10.42.0.1"; + nameservers = [ "8.8.8.8" ]; + }; + + ##################### + # uninteresting stuff + ##################### krebs.build.host = config.krebs.hosts.wolf; # TODO rename shared user to "krebs" krebs.build.user = config.krebs.users.shared; @@ -31,7 +50,7 @@ fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; }; swapDevices = [ - { device = "/dev/disk/by-label/swap"; } + { device = "/dev/disk/by-label/swap"; } ]; time.timeZone = "Europe/Berlin"; diff --git a/shared/2configs/shack-drivedroid.nix b/shared/2configs/shack-drivedroid.nix new file mode 100644 index 000000000..294f3a369 --- /dev/null +++ b/shared/2configs/shack-drivedroid.nix @@ -0,0 +1,18 @@ +{ pkgs, lib, ... }: + +{ + krebs.nginx = { + enable = lib.mkDefault true; + servers = { + drivedroid-repo = { + server-names = [ "drivedroid.shack" ]; + # TODO: prepare this somehow + locations = lib.singleton (lib.nameValuePair "/" '' + root /var/srv/drivedroid + index main.json + ''); + }; + }; + }; + +} diff --git a/shared/2configs/shack-nix-cacher.nix b/shared/2configs/shack-nix-cacher.nix new file mode 100644 index 000000000..7519bb3ac --- /dev/null +++ b/shared/2configs/shack-nix-cacher.nix @@ -0,0 +1,25 @@ +{ pkgs, lib, ... }: + +{ + krebs.nginx = { + enable = lib.mkDefault true; + servers = { + apt-cacher-ng = { + server-names = [ "acng.shack" ]; + locations = lib.singleton (lib.nameValuePair "/" '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://localhost:3142/; + ''); + }; + }; + }; + + krebs.apt-cacher-ng = { + enable = true; + port = 3142; + bindAddress = "localhost"; + cacheExpiration = 30; + }; +} From 7346527c4f0444d33f8c6eda353cad94cecd930f Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 17 Nov 2015 22:15:31 +0100 Subject: [PATCH 053/142] pubkeys: add exco --- krebs/Zpubkeys/exco.ssh.pub | 1 + 1 file changed, 1 insertion(+) create mode 100644 krebs/Zpubkeys/exco.ssh.pub diff --git a/krebs/Zpubkeys/exco.ssh.pub b/krebs/Zpubkeys/exco.ssh.pub new file mode 100644 index 000000000..e2afcf3fb --- /dev/null +++ b/krebs/Zpubkeys/exco.ssh.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== christian.stoeveken@gmail.com From b2ac9b092a36c3196469099c73c64c8ca6626be0 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 17 Nov 2015 22:16:55 +0100 Subject: [PATCH 054/142] makefu: fix cgit for wry, add gc to wry --- makefu/1systems/wry.nix | 8 ++++++-- makefu/2configs/git/cgit-retiolum.nix | 23 ++++++++++++----------- 2 files changed, 18 insertions(+), 13 deletions(-) diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index cd39b4b9f..cd2b3f657 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -24,11 +24,11 @@ in { # other nginx ../2configs/nginx/euer.wiki.nix ../2configs/nginx/euer.blog.nix + ../2configs/nginx/euer.test.nix # collectd ../2configs/collectd/collectd-base.nix ]; - krebs.build.host = config.krebs.hosts.wry; krebs.Reaktor.enable = true; @@ -73,5 +73,9 @@ in { nameservers = [ "8.8.8.8" ]; }; - environment.systemPackages = [ pkgs.translate-shell ]; + # small machine - do not forget to gc every day + nix.gc.automatic = true; + nix.gc.dates = "03:10"; + + environment.systemPackages = [ ]; } diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 748cd6427..e12827697 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -22,7 +22,7 @@ let }; connector-repos = mapAttrs make-priv-repo { - autosync = { }; + connector = { }; }; @@ -36,7 +36,7 @@ let inherit name desc; public = true; hooks = { - post-receive = git.irc-announce { + post-receive = pkgs.git-hooks.irc-announce { nick = config.networking.hostName; verbose = config.krebs.build.host.name == "pnp"; channel = "#retiolum"; @@ -51,11 +51,11 @@ let # TODO: get the list of all krebsministers krebsminister = with config.krebs.users; [ lass tv uriel ]; all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ]; - exco = with config.krebs.users; [ exco ]; + all-exco = with config.krebs.users; [ exco ]; priv-rules = repo: set-owners repo all-makefu; - connector-rules = repo: set-owners repo (all-makefu ++ exco); + connector-rules = repo: set-owners repo all-makefu ++ set-owners repo all-exco; krebs-rules = repo: set-owners repo all-makefu ++ set-ro-access repo krebsminister; @@ -76,18 +76,19 @@ let in { imports = [{ - krebs.users.makefu-omo = { + krebs.users = { + makefu-omo = { name = "makefu-omo" ; pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_omo.ssh.pub; - }; - krebs.users.makefu-tsp = { + }; + makefu-tsp = { name = "makefu-tsp" ; pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub; - }; - - krebs.users.exco = { - name = "exco" ; + }; + exco = { + name = "exco"; pubkey= with builtins; readFile ../../../krebs/Zpubkeys/exco.ssh.pub; + }; }; }]; krebs.git = { From 9e2ac199d52d84fd615894068d15edb2a511301f Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 17 Nov 2015 22:18:32 +0100 Subject: [PATCH 055/142] k 5 drivedroid-gen-repo: init at 0.4.2 --- krebs/5pkgs/drivedroid-gen-repo/default.nix | 22 +++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 krebs/5pkgs/drivedroid-gen-repo/default.nix diff --git a/krebs/5pkgs/drivedroid-gen-repo/default.nix b/krebs/5pkgs/drivedroid-gen-repo/default.nix new file mode 100644 index 000000000..087f97c9a --- /dev/null +++ b/krebs/5pkgs/drivedroid-gen-repo/default.nix @@ -0,0 +1,22 @@ +{stdenv,fetchurl,pkgs,python3Packages, ... }: + +python3Packages.buildPythonPackage rec { + name = "drivedroid-gen-repo-${version}"; + version = "0.4.2"; + + propagatedBuildInputs = with pkgs;[ + python3Packages.docopt + ]; + + src = fetchurl { + url = "https://pypi.python.org/packages/source/d/drivedroid-gen-repo/drivedroid-gen-repo-${version}.tar.gz"; + sha256 = "1w4dqc9ndyiv5kjh2y8n4p4c280vhqyj8s7y6al2klchcp2ab7q7"; + }; + + meta = { + homepage = http://krebsco.de/; + description = "Generate Drivedroid repos"; + license = stdenv.lib.licenses.wtfpl; + }; +} + From b8dea556e9ccaa999ccb8c18cab730ce535cd873 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 17 Nov 2015 22:26:11 +0100 Subject: [PATCH 056/142] k 3 shared: shack ip was already in use --- krebs/3modules/shared/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/shared/default.nix b/krebs/3modules/shared/default.nix index d5bce469b..b332676c6 100644 --- a/krebs/3modules/shared/default.nix +++ b/krebs/3modules/shared/default.nix @@ -36,7 +36,7 @@ in { dc = "shack"; nets = { shack = { - addrs4 = [ "10.42.2.136" ]; + addrs4 = [ "10.42.2.150" ]; aliases = [ "wolf.shack" "graphite.shack" From a3e074094b8c260825b0ae4caeb2170e562019a5 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 17 Nov 2015 23:03:21 +0100 Subject: [PATCH 057/142] k 3 apt-cacher-ng: add CAfile --- krebs/3modules/apt-cacher-ng.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/apt-cacher-ng.nix b/krebs/3modules/apt-cacher-ng.nix index 9224c72a0..6f0ff8159 100644 --- a/krebs/3modules/apt-cacher-ng.nix +++ b/krebs/3modules/apt-cacher-ng.nix @@ -11,6 +11,7 @@ let LogDir: ${cfg.logDir} PidFile: /var/run/apt-cacher-ng.pid ExTreshold: ${toString cfg.cacheExpiration} + CAfile: ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt Port: ${toString cfg.port} BindAddress: ${cfg.bindAddress} From 0f54a195b7d1a3b02bd70c31c2d05c2a1dc186bd Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 17 Nov 2015 23:11:29 +0100 Subject: [PATCH 058/142] acng: also add nar files to cache --- krebs/3modules/apt-cacher-ng.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/apt-cacher-ng.nix b/krebs/3modules/apt-cacher-ng.nix index 6f0ff8159..75296bafb 100644 --- a/krebs/3modules/apt-cacher-ng.nix +++ b/krebs/3modules/apt-cacher-ng.nix @@ -35,7 +35,7 @@ let # Nix cache ${optionalString cfg.enableNixCache '' Remap-nix: http://cache.nixos.org /nixos ; https://cache.nixos.org - PfilePatternEx: (^|.*?/).*\.narinfo(|\.gz|\.xz|\.bz2)$ + PfilePatternEx: (^|.*?/).*\.nar(info)?(|\.gz|\.xz|\.bz2)$ VfilePatternEx: (^|.*?/)nix-cache-info$ ''} From 7e4eefa91bb3d06baf8c2bd53c26d5b5337b66d8 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 17 Nov 2015 23:11:55 +0100 Subject: [PATCH 059/142] s 2 drivedroid: fix syntax error --- shared/2configs/shack-drivedroid.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/shared/2configs/shack-drivedroid.nix b/shared/2configs/shack-drivedroid.nix index 294f3a369..44b62a807 100644 --- a/shared/2configs/shack-drivedroid.nix +++ b/shared/2configs/shack-drivedroid.nix @@ -8,8 +8,8 @@ server-names = [ "drivedroid.shack" ]; # TODO: prepare this somehow locations = lib.singleton (lib.nameValuePair "/" '' - root /var/srv/drivedroid - index main.json + root /var/srv/drivedroid; + index main.json; ''); }; }; From e4c46c2ec22613830c5839001550f5fa155e260d Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 17 Nov 2015 23:13:09 +0100 Subject: [PATCH 060/142] shared 1 wolf: add self to binaryCache --- shared/1systems/wolf.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix index 30e6e1d07..8c5295bb3 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf.nix @@ -12,8 +12,12 @@ in ../2configs/shack-nix-cacher.nix ../2configs/shack-drivedroid.nix ]; + # use your own binary cache, fallback use cache.nixos.org (which is used by + # apt-cacher-ng in first place) + nix.binaryCaches = [ "http://localhost:3142/nixos" "https://cache.nixos.org" ]; networking = { + firewall.enable = false; interfaces.eth0.ip4 = [{ address = shack-ip; prefixLength = 20; From a8d007868342517c235963a8ab13cff7c0e5d59e Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 18 Nov 2015 14:05:54 +0100 Subject: [PATCH 061/142] unstable -> s 2 shack-drivedroid --- shared/2configs/shack-drivedroid.nix | 30 +++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/shared/2configs/shack-drivedroid.nix b/shared/2configs/shack-drivedroid.nix index 44b62a807..66940bc08 100644 --- a/shared/2configs/shack-drivedroid.nix +++ b/shared/2configs/shack-drivedroid.nix @@ -1,6 +1,30 @@ -{ pkgs, lib, ... }: - +{ pkgs, lib, config, ... }: +let + repodir = "/var/srv/drivedroid"; + srepodir = lib.shell.escape repodir; +in { + systemd.paths.drivedroid = { + wantedBy = [ "multi-user.target" ]; + Description = "triggers for changes in drivedroid dir"; + pathConfig = { + PathModified = repodir; + }; + }; + + systemd.services.drivedroid = { + ServiceConfig = { + ExecStartPre = pkgs.writeScript "prepare-drivedroid-repo-gen" '' + #!/bin/sh + mkdir -p ${srepodir}/repos + ''; + ExecStart = pkgs.writeScript "start-drivedroid-repo-gen" '' + #!/bin/sh + {pkgs.drivedroid-gen-repo}/bin/drivedroid-gen-repo --chdir "${srepodir}" repos/ > "${srepodir}/main.json" + ''; + }; + }; + krebs.nginx = { enable = lib.mkDefault true; servers = { @@ -8,7 +32,7 @@ server-names = [ "drivedroid.shack" ]; # TODO: prepare this somehow locations = lib.singleton (lib.nameValuePair "/" '' - root /var/srv/drivedroid; + root ${repodir}; index main.json; ''); }; From e28930340b9d84710cc579897aabffe6a1931ca8 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 22 Nov 2015 13:19:36 +0100 Subject: [PATCH 062/142] k 5 cacpy: init at 0.6.0 --- krebs/5pkgs/cacpy/default.nix | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 krebs/5pkgs/cacpy/default.nix diff --git a/krebs/5pkgs/cacpy/default.nix b/krebs/5pkgs/cacpy/default.nix new file mode 100644 index 000000000..a367aefb1 --- /dev/null +++ b/krebs/5pkgs/cacpy/default.nix @@ -0,0 +1,20 @@ +{pkgs, python3Packages, ...}: + +python3Packages.buildPythonPackage rec { + name = "cacpy-${version}"; + version = "0.6.5"; + + src = pkgs.fetchFromGitHub { + owner = "makefu"; + repo = "python-cloudatcost"; + rev = "2bb4f940d4762938c06da380cd14767eafb171c9"; + sha256 = "1zl73q5iap76wfwjzvc25yqdrlmy9vqd7g4k31g5ig2ljy6sgwgc"; + }; + + propagatedBuildInputs = with python3Packages; [ + docopt + requests2 + beautifulsoup4 + ]; +} + From f12ded12c688e6641f81caae42010affb85a67f6 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 23 Nov 2015 07:53:42 +0100 Subject: [PATCH 063/142] k 5: cacpy -> cacpanel --- krebs/5pkgs/cacpanel/default.nix | 18 ++++++++++++++++++ krebs/5pkgs/cacpy/default.nix | 20 -------------------- 2 files changed, 18 insertions(+), 20 deletions(-) create mode 100644 krebs/5pkgs/cacpanel/default.nix delete mode 100644 krebs/5pkgs/cacpy/default.nix diff --git a/krebs/5pkgs/cacpanel/default.nix b/krebs/5pkgs/cacpanel/default.nix new file mode 100644 index 000000000..55d1e2ca8 --- /dev/null +++ b/krebs/5pkgs/cacpanel/default.nix @@ -0,0 +1,18 @@ +{pkgs, python3Packages, ...}: + +python3Packages.buildPythonPackage rec { + name = "cacpanel-${version}"; + version = "0.2.0"; + + src = pkgs.fetchurl { + url = "https://pypi.python.org/packages/source/c/cacpanel/cacpanel-${version}.tar.gz"; + sha256 = "1rcylbiy6488lpw4s4bildb48fljdq9kn12ksjrl81shmhhq9fcj"; + }; + + propagatedBuildInputs = with python3Packages; [ + docopt + requests2 + beautifulsoup4 + ]; +} + diff --git a/krebs/5pkgs/cacpy/default.nix b/krebs/5pkgs/cacpy/default.nix deleted file mode 100644 index a367aefb1..000000000 --- a/krebs/5pkgs/cacpy/default.nix +++ /dev/null @@ -1,20 +0,0 @@ -{pkgs, python3Packages, ...}: - -python3Packages.buildPythonPackage rec { - name = "cacpy-${version}"; - version = "0.6.5"; - - src = pkgs.fetchFromGitHub { - owner = "makefu"; - repo = "python-cloudatcost"; - rev = "2bb4f940d4762938c06da380cd14767eafb171c9"; - sha256 = "1zl73q5iap76wfwjzvc25yqdrlmy9vqd7g4k31g5ig2ljy6sgwgc"; - }; - - propagatedBuildInputs = with python3Packages; [ - docopt - requests2 - beautifulsoup4 - ]; -} - From 42347456453b864d83d26ec952cfb770095d0a81 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 25 Nov 2015 22:00:54 +0100 Subject: [PATCH 064/142] k 5 drivedroid-gen-repo: bump version --- krebs/5pkgs/drivedroid-gen-repo/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/drivedroid-gen-repo/default.nix b/krebs/5pkgs/drivedroid-gen-repo/default.nix index 087f97c9a..de8046c4a 100644 --- a/krebs/5pkgs/drivedroid-gen-repo/default.nix +++ b/krebs/5pkgs/drivedroid-gen-repo/default.nix @@ -2,7 +2,7 @@ python3Packages.buildPythonPackage rec { name = "drivedroid-gen-repo-${version}"; - version = "0.4.2"; + version = "0.4.4"; propagatedBuildInputs = with pkgs;[ python3Packages.docopt @@ -10,7 +10,7 @@ python3Packages.buildPythonPackage rec { src = fetchurl { url = "https://pypi.python.org/packages/source/d/drivedroid-gen-repo/drivedroid-gen-repo-${version}.tar.gz"; - sha256 = "1w4dqc9ndyiv5kjh2y8n4p4c280vhqyj8s7y6al2klchcp2ab7q7"; + sha256 = "09p58hzp61r5fp025lak9z52y0aakmaqpi59p9w5xq42dvy2hnvl"; }; meta = { From c7568df0e28ac34e4858b39defb5ca447c0595d3 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 27 Nov 2015 23:10:05 +0100 Subject: [PATCH 065/142] k 5 cacpanel: bump version --- krebs/5pkgs/cacpanel/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/cacpanel/default.nix b/krebs/5pkgs/cacpanel/default.nix index 55d1e2ca8..3e3e2e1fc 100644 --- a/krebs/5pkgs/cacpanel/default.nix +++ b/krebs/5pkgs/cacpanel/default.nix @@ -2,11 +2,11 @@ python3Packages.buildPythonPackage rec { name = "cacpanel-${version}"; - version = "0.2.0"; + version = "0.2.1"; src = pkgs.fetchurl { url = "https://pypi.python.org/packages/source/c/cacpanel/cacpanel-${version}.tar.gz"; - sha256 = "1rcylbiy6488lpw4s4bildb48fljdq9kn12ksjrl81shmhhq9fcj"; + sha256 = "1zaazg5r10kgva32zh4fhpw6l6h51ijkwpa322na0kh4x6f6aqj3"; }; propagatedBuildInputs = with python3Packages; [ From c7bb244bdf40cbcac76c23cda58e745021fa7247 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 27 Nov 2015 23:10:44 +0100 Subject: [PATCH 066/142] m 1 gum: provides mattermost via docker container --- krebs/3modules/makefu/default.nix | 2 ++ makefu/1systems/gum.nix | 9 +++-- makefu/2configs/mattermost-docker.nix | 47 +++++++++++++++++++++++++++ 3 files changed, 56 insertions(+), 2 deletions(-) create mode 100644 makefu/2configs/mattermost-docker.nix diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 652527da2..037abbdfd 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -245,6 +245,8 @@ with lib; extraZones = { "krebsco.de" = '' share.euer IN A ${head nets.internet.addrs4} + mattermost.euer IN A ${head nets.internet.addrs4} + git.euer IN A ${head nets.internet.addrs4} gum IN A ${head nets.internet.addrs4} ''; }; diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 63ad18339..46bf3a970 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -13,14 +13,20 @@ in { ../2configs/fs/single-partition-ext4.nix # ../2configs/iodined.nix ../2configs/git/cgit-retiolum.nix - + ../2configs/mattermost-docker.nix ]; + + + ###### stable krebs.build.target = "root@gum.krebsco.de"; krebs.build.host = config.krebs.hosts.gum; + + # Chat environment.systemPackages = with pkgs;[ weechat + get ]; services.bitlbee.enable = true; @@ -30,7 +36,6 @@ in { boot.kernelModules = [ "kvm-intel" ]; # Network - services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0" ''; diff --git a/makefu/2configs/mattermost-docker.nix b/makefu/2configs/mattermost-docker.nix new file mode 100644 index 000000000..20a93dff1 --- /dev/null +++ b/makefu/2configs/mattermost-docker.nix @@ -0,0 +1,47 @@ +{config, lib, ...}: + +with lib; +let + sec = toString ; + ssl_cert = "${sec}/wildcard.krebsco.de.crt"; + ssl_key = "${sec}/wildcard.krebsco.de.key"; +in { + # mattermost docker config and deployment guide: git.euer.krebsco.de + virtualisation.docker.enable = true; + users.extraUsers.${config.krebs.build.user.name}.extraGroups = [ "docker" ]; + krebs.nginx = { + enable = true; + servers.mattermost = { + listen = [ "80" "443 ssl" ]; + server-names = [ "mattermost.euer.krebsco.de" ]; + extraConfig = '' + gzip on; + gzip_buffers 4 32k; + gzip_types text/plain application/x-javascript text/css; + ssl_certificate ${ssl_cert}; + ssl_certificate_key ${ssl_key}; + default_type text/plain; + + if ($scheme = http){ + return 301 https://$server_name$request_uri; + } + + client_max_body_size 4G; + keepalive_timeout 10; + + ''; + locations = [ + (nameValuePair "/" '' + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_redirect off; + proxy_pass http://localhost:8065/; + '') + ]; + }; + }; +} From 61d9ec179b3d1a55602a1ae188e70c84e5721107 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 Dec 2015 20:36:09 +0100 Subject: [PATCH 067/142] m 2 git: add mattermost --- makefu/2configs/git/cgit-retiolum.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index e12827697..304d39fcd 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -15,6 +15,7 @@ let tinc_graphs = { desc = "Tinc Advanced Graph Generation"; }; + cac = { }; }; priv-repos = mapAttrs make-priv-repo { @@ -23,6 +24,9 @@ let connector-repos = mapAttrs make-priv-repo { connector = { }; + mattermost = { + desc = "Mattermost Docker files"; + }; }; From ada1aa277ce40df309e7440905e94a0b11d6e163 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 Dec 2015 20:36:42 +0100 Subject: [PATCH 068/142] m 2 default: do not restart ssh agent --- makefu/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 3d9174788..760c70789 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -65,6 +65,7 @@ with lib; time.timeZone = "Europe/Berlin"; #nix.maxJobs = 1; + programs.ssh.startAgent = false; services.openssh.enable = true; nix.useChroot = true; From b5ffb88ba3a77d4f399d7a2815e2c61d53545f5d Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 Dec 2015 20:37:04 +0100 Subject: [PATCH 069/142] m 2 base-gui: add TODO --- makefu/2configs/base-gui.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix index 7b7f85f13..16a5386ca 100644 --- a/makefu/2configs/base-gui.nix +++ b/makefu/2configs/base-gui.nix @@ -10,6 +10,17 @@ # # if this is not enough, check out main-laptop.nix +## TODO: .Xdefaults: +# URxvt*termName: rxvt +# URxvt.scrollBar : false +# URxvt*scrollBar_right: false +# URxvt*borderLess: false +# URxvt.foreground: white +# URxvt.background: black +# URxvt.urgentOnBell: true +# URxvt.visualBell: false +# URxvt.font : xft:Terminus + with lib; let mainUser = config.krebs.build.user.name; From 0b76b1081eb89aabd07225380659d79c881ab9f9 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 Dec 2015 20:39:01 +0100 Subject: [PATCH 070/142] m 1 gum: add bepasty --- makefu/1systems/gum.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 63ad18339..9de07266e 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -21,6 +21,7 @@ in { # Chat environment.systemPackages = with pkgs;[ weechat + bepasty-client-cli ]; services.bitlbee.enable = true; From 597f9e8597c95ac9e4cba1689322c433bb0c9a75 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 Dec 2015 20:39:29 +0100 Subject: [PATCH 071/142] k 3 tinc_graphs: add timeout --- krebs/3modules/tinc_graphs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index 20aa385a9..ba81dd416 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -91,6 +91,7 @@ let restartIfChanged = true; serviceConfig = { Type = "simple"; + TimeoutSec = 300; # we will wait 5 minutes, kill otherwise restart = "always"; ExecStartPre = pkgs.writeScript "tinc_graphs-init" '' @@ -103,7 +104,6 @@ let cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/external/." "${external_dir}" fi ''; - ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs"; ExecStartPost = pkgs.writeScript "tinc_graphs-post" '' From f9aceee5cce66503c069be2e01510f2a6215fb62 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 4 Dec 2015 10:22:18 +0100 Subject: [PATCH 072/142] s 2 drivedroid: update service --- shared/2configs/shack-drivedroid.nix | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/shared/2configs/shack-drivedroid.nix b/shared/2configs/shack-drivedroid.nix index 66940bc08..08a6b0697 100644 --- a/shared/2configs/shack-drivedroid.nix +++ b/shared/2configs/shack-drivedroid.nix @@ -4,23 +4,25 @@ let srepodir = lib.shell.escape repodir; in { - systemd.paths.drivedroid = { - wantedBy = [ "multi-user.target" ]; - Description = "triggers for changes in drivedroid dir"; - pathConfig = { - PathModified = repodir; - }; - }; + environment.systemPackages = [ pkgs.drivedroid-gen-repo ]; systemd.services.drivedroid = { - ServiceConfig = { - ExecStartPre = pkgs.writeScript "prepare-drivedroid-repo-gen" '' + description = "generates drivedroid repo file"; + restartIfChanged = true; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Type = "simple"; + Restart = "always"; + ExecStartPre = pkgs.writeScript "prepare-drivedroid-gen-repo" '' #!/bin/sh mkdir -p ${srepodir}/repos ''; - ExecStart = pkgs.writeScript "start-drivedroid-repo-gen" '' + ExecStart = pkgs.writeScript "start-drivedroid-gen-repo" '' #!/bin/sh - {pkgs.drivedroid-gen-repo}/bin/drivedroid-gen-repo --chdir "${srepodir}" repos/ > "${srepodir}/main.json" + while sleep 60; do + ${pkgs.inotify-tools}/bin/inotifywait -r ${srepodir} && ${pkgs.drivedroid-gen-repo}/bin/drivedroid-gen-repo --chdir "${srepodir}" repos/ > "${srepodir}/main.json" + done ''; }; }; From a2461b2a8216ee49ca260d54fb91596ecf5cd45d Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 4 Dec 2015 22:42:44 +0100 Subject: [PATCH 073/142] m 1 pornocauster: add printing,virtualbox --- makefu/1systems/pornocauster.nix | 4 +++- makefu/2configs/printer.nix | 10 ++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 makefu/2configs/printer.nix diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index 8624cb2d1..1a51618c1 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -16,11 +16,13 @@ ../2configs/zsh-user.nix # applications + ../2configs/exim-retiolum.nix ../2configs/mail-client.nix + ../2configs/printer.nix #../2configs/virtualization.nix ../2configs/virtualization.nix - #../2configs/virtualization-virtualbox.nix + ../2configs/virtualization-virtualbox.nix ../2configs/wwan.nix # services diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix new file mode 100644 index 000000000..35ad54bd9 --- /dev/null +++ b/makefu/2configs/printer.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: + +{ + services.printing = { + enable = true; + drivers = [ + pkgs.samsungUnifiedLinuxDriver + ]; + }; +} From 273d9c6c9c9d2419dc3f3d773b4ce8d2fa4601b4 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 4 Dec 2015 22:43:35 +0100 Subject: [PATCH 074/142] m 1 pornocauster: use tinc_pre --- makefu/1systems/pornocauster.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index 1a51618c1..977289470 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -36,6 +36,7 @@ # ../2configs/mediawiki.nix #../2configs/wordpress.nix ]; + nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; #krebs.Reaktor.enable = true; #krebs.Reaktor.nickname = "makefu|r"; @@ -45,6 +46,7 @@ get virtmanager gnome3.dconf + krebspaste ]; services.logind.extraConfig = "HandleLidSwitch=ignore"; From d83489feb1005dae7161909fcd0bf81a37e1ca41 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 8 Dec 2015 18:05:46 +0100 Subject: [PATCH 075/142] m 2 Reaktor: init of sed-plugin --- makefu/2configs/Reaktor/sed-plugin.py | 43 +++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 makefu/2configs/Reaktor/sed-plugin.py diff --git a/makefu/2configs/Reaktor/sed-plugin.py b/makefu/2configs/Reaktor/sed-plugin.py new file mode 100644 index 000000000..6d6e1f8b8 --- /dev/null +++ b/makefu/2configs/Reaktor/sed-plugin.py @@ -0,0 +1,43 @@ +#!/usr/bin/env python3 + +# Usage: +# _from=krebs statedir=. python sed-plugin.py 'dick butt' +# _from=krebs statedir=. python sed-plugin.py 's/t/l/g' +## dick bull +import shelve +from os import environ +from os.path import join +from sys import argv +d = shelve.open(join(environ['statedir'],'sed-plugin.shelve'),writeback=True) +import re + +def is_regex(line): + # TODO: match s/di\/ck/butt/ but not s/di/ck/butt/ + myre = re.compile(r'^s/((?:\\/|[^/])+)/((?:\\/|[^/])*)/([ig]*)$') + return myre.match(line) + +line = argv[1] +m = is_regex(line) + +if m: + f,t,flagstr = m.groups() + f = f.replace('\/','/') + t = t.replace('\/','/') + flags = 0 + count = 1 + if flagstr: + if 'i' in flagstr: + flags = re.IGNORECASE + if 'g' in flagstr: + count = 0 + last = d.get(environ['_from'],None) + if last: + print(f,t,last) + print(re.sub(f,t,last,count=count,flags=flags)) + else: + print("no last message") +else: + print("setting line") + d[environ['_from']] = line + +d.close() From 869a278aa8bdaf981222a4e72a4cfc3fbb740f95 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 8 Dec 2015 18:26:08 +0100 Subject: [PATCH 076/142] m 2 Reaktor: use sed-plugin --- makefu/2configs/Reaktor/sed-plugin.py | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/makefu/2configs/Reaktor/sed-plugin.py b/makefu/2configs/Reaktor/sed-plugin.py index 6d6e1f8b8..677a1a44f 100644 --- a/makefu/2configs/Reaktor/sed-plugin.py +++ b/makefu/2configs/Reaktor/sed-plugin.py @@ -21,8 +21,8 @@ m = is_regex(line) if m: f,t,flagstr = m.groups() - f = f.replace('\/','/') - t = t.replace('\/','/') + fn = f.replace('\/','/') + tn = t.replace('\/','/') flags = 0 count = 1 if flagstr: @@ -30,10 +30,20 @@ if m: flags = re.IGNORECASE if 'g' in flagstr: count = 0 + else: + flagstr = '' last = d.get(environ['_from'],None) if last: - print(f,t,last) - print(re.sub(f,t,last,count=count,flags=flags)) + print(fn,tn,last) + #print(re.sub(fn,tn,last,count=count,flags=flags)) + from subprocess import Popen,PIPE + p = Popen(['sed','s/{}/{}/{}'.format(f,t,flagstr)],stdin=PIPE,stdout=PIPE ) + so,_ = p.communicate(last+"\n") + if p.returncode: + print("something went wrong when trying to process your regex") + print(so) + + else: print("no last message") else: From ee4546c9a4de6886f370f7ef59f327ef5f2251b1 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 8 Dec 2015 19:38:19 +0100 Subject: [PATCH 077/142] m 2 Reaktor: finish sed-plugin --- makefu/2configs/Reaktor/sed-plugin.nix | 18 ++++++++++++++++++ makefu/2configs/Reaktor/sed-plugin.py | 24 ++++++++++++------------ 2 files changed, 30 insertions(+), 12 deletions(-) create mode 100644 makefu/2configs/Reaktor/sed-plugin.nix diff --git a/makefu/2configs/Reaktor/sed-plugin.nix b/makefu/2configs/Reaktor/sed-plugin.nix new file mode 100644 index 000000000..1ec977116 --- /dev/null +++ b/makefu/2configs/Reaktor/sed-plugin.nix @@ -0,0 +1,18 @@ +{ config, lib, pkgs, ... }: + +with pkgs; +let + script = ./sed-plugin.py; +in { + #TODO: this will eat up the last regex, fix Reaktor + krebs.Reaktor.extraConfig = '' + public_commands.append({ + 'capname' : "shack-correct", + # only support s///gi + 'pattern' : '^(?P.*)$$', + 'argv' : ["${pkgs.python3}/bin/python3","${script}"], + 'env' : { 'state_dir' : workdir, + 'PATH':'${lib.makeSearchPath "bin" [pkgs.gnused]}' }}) + ''; +} + diff --git a/makefu/2configs/Reaktor/sed-plugin.py b/makefu/2configs/Reaktor/sed-plugin.py index 677a1a44f..8103c9585 100644 --- a/makefu/2configs/Reaktor/sed-plugin.py +++ b/makefu/2configs/Reaktor/sed-plugin.py @@ -1,18 +1,18 @@ #!/usr/bin/env python3 # Usage: -# _from=krebs statedir=. python sed-plugin.py 'dick butt' -# _from=krebs statedir=. python sed-plugin.py 's/t/l/g' +# _from=krebs state_dir=. python sed-plugin.py 'dick butt' +# _from=krebs state_dir=. python sed-plugin.py 's/t/l/g' ## dick bull import shelve from os import environ from os.path import join from sys import argv -d = shelve.open(join(environ['statedir'],'sed-plugin.shelve'),writeback=True) +d = shelve.open(join(environ['state_dir'],'sed-plugin.shelve'),writeback=True) +usr = environ['_from'] import re def is_regex(line): - # TODO: match s/di\/ck/butt/ but not s/di/ck/butt/ myre = re.compile(r'^s/((?:\\/|[^/])+)/((?:\\/|[^/])*)/([ig]*)$') return myre.match(line) @@ -32,22 +32,22 @@ if m: count = 0 else: flagstr = '' - last = d.get(environ['_from'],None) + last = d.get(usr,None) if last: - print(fn,tn,last) #print(re.sub(fn,tn,last,count=count,flags=flags)) from subprocess import Popen,PIPE p = Popen(['sed','s/{}/{}/{}'.format(f,t,flagstr)],stdin=PIPE,stdout=PIPE ) - so,_ = p.communicate(last+"\n") + so,se = p.communicate(bytes("{}\n".format(last),"UTF-8")) if p.returncode: - print("something went wrong when trying to process your regex") - print(so) - + print("something went wrong when trying to process your regex: {}".format(se.decode())) + ret = so.decode() + print("\x1b[1m{}\x1b[0m meinte: {}".format(usr,ret.strip())) + if ret: + d[usr] = ret else: print("no last message") else: - print("setting line") - d[environ['_from']] = line + d[usr] = line d.close() From 5fde514b88336b3ed00d41ef2e72ad4e2da23deb Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 17:50:33 +0100 Subject: [PATCH 078/142] l 3: add fetchWallpaper.nix --- lass/3modules/default.nix | 1 + lass/3modules/fetchWallpaper.nix | 89 ++++++++++++++++++++++++++++++++ 2 files changed, 90 insertions(+) create mode 100644 lass/3modules/fetchWallpaper.nix diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 0dcad971c..5fa5160ee 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -8,5 +8,6 @@ _: ./urxvtd.nix ./xresources.nix ./wordpress_nginx.nix + ./fetchWallpaper.nix ]; } diff --git a/lass/3modules/fetchWallpaper.nix b/lass/3modules/fetchWallpaper.nix new file mode 100644 index 000000000..9baebedbd --- /dev/null +++ b/lass/3modules/fetchWallpaper.nix @@ -0,0 +1,89 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.lass.fetchWallpaper; + + out = { + options.lass.fetchWallpaper = api; + config = mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "fetch wallpaper"; + predicate = mkOption { + type = with types; nullOr path; + default = null; + }; + url = mkOption { + type = types.str; + }; + timerConfig = mkOption { + type = types.unspecified; + default = { + OnCalendar = "*:00,10,20,30,40,50"; + }; + }; + stateDir = mkOption { + type = types.str; + default = "/tmp/wallpaper"; + }; + display = mkOption { + type = types.str; + default = ":11"; + }; + }; + + fetchWallpaperScript = pkgs.writeScript "fetchWallpaper" '' + #! ${pkgs.bash}/bin/bash + ${if (cfg.predicate == null) then "" else '' + ${cfg.predicate} + if [ $? -ne 0 ]; then + echo "predicate failed" + exit 23 + fi + ''} + mkdir -p ${shell.escape cfg.stateDir} + curl -s -o ${shell.escape cfg.stateDir}/wallpaper -z ${shell.escape cfg.stateDir}/wallpaper ${shell.escape cfg.url} + feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper + ''; + + imp = { + users.extraUsers.fetchWallpaper = { + name = "fetchWallpaper"; + uid = 3332383611; #genid fetchWallpaper + description = "fetchWallpaper user"; + home = "/var/empty"; + }; + + systemd.timers.fetchWallpaper = { + description = "fetch wallpaper timer"; + wantedBy = [ "timers.target" ]; + + timerConfig = cfg.timerConfig; + }; + systemd.services.fetchWallpaper = { + description = "fetch wallpaper"; + after = [ "network.target" ]; + + path = with pkgs; [ + curl + feh + ]; + + environment = { + URL = cfg.url; + DISPLAY = cfg.display; + }; + + restartIfChanged = true; + + serviceConfig = { + Type = "simple"; + ExecStart = fetchWallpaperScript; + User = "fetchWallpaper"; + }; + }; + }; +in out From 576483bc63e1c6e5531f90ebd2133a29a7923943 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 17:56:49 +0100 Subject: [PATCH 079/142] l 2 base: remove video permission for gm --- lass/2configs/base.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 61023057b..fa5ee4f19 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -17,6 +17,7 @@ with lib; root = { openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey + config.krebs.users.uriel.pubkey ]; }; mainUser = { @@ -30,6 +31,7 @@ with lib; ]; openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey + config.krebs.users.uriel.pubkey ]; }; }; From 866c9f69d9e6233fd2f39a8dbee4e7facf365d55 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 17:58:21 +0100 Subject: [PATCH 080/142] l 1 prism: add juiceSSH key for chat --- lass/1systems/prism.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 599f4704e..d65f4a185 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -116,6 +116,11 @@ in { { predicate = "-p tcp --dport 8080"; target = "ACCEPT";} ]; } + { + users.users.chat.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJJKlOeAHyi7lToCqRF/hdA2TrtVbrTUd2ayuWsXe9JWiyeyKH/LNY3SrgxCWPZSItE9VK68ghMuVYK/A8IAcgzNhzFYLDxmtsidjiOJBj2ZGsjqevoQ5HuKB/pob8CLW3dr1Rx38Any/XXxpfeO6vemCJMGLTe5gSlrCI+Tk1qNt0Rz+rke73Hwt9wW39g8X3prF2q9ryL9OFCcsoYUE7PIOV9xM1GaDFfTR4bKux7HyFKmG+rBvmJHB5OPW8UAtVZGY/FIChwlmF6QNO5Zym497bG1RCOGplaLpRXVJrmoUkZUO7EazePPxIjz2duWYqFtwl5R9YGy1+a+F58G19DS7wJHM29td117/ZANjRTxE5q/aJm2okJYOVSqhYzdhji+BWVZ5ai7cktpAdtPo++yiZN90LvogXNB64kFxVGuX52xZcA3KLKmvrd47o9k0pzO+oCoArxPFIx0YkHfy/yw7OG8Z+KLK8l9WXWBZO5TpjcydnEcRZ8OEqVhtmDh+9h1zhPphuFBtT1JPbt8m132RUy23qsNRtZ/lnnfQbrxgHPRzVuvA8o4ahOEUdvV9SYnzKb6qMFXGp25EhlcWnR4/toyG6I3paBtByeHkaxjgCuvm9Hob6f/xFr3kEJ4WXTVguyrcFgNg2EcEfdkrTMhNn9OIHEFFQ8whIBv5jlw== JuiceSSH" + ]; + } ]; krebs.build.host = config.krebs.hosts.prism; From 1e81cb2151336859eed949bb6d8a17a93960bf10 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 17:58:58 +0100 Subject: [PATCH 081/142] l 1 prism: set timezone to Europe/Berlin --- lass/1systems/prism.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index d65f4a185..fe9967837 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -121,6 +121,9 @@ in { "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJJKlOeAHyi7lToCqRF/hdA2TrtVbrTUd2ayuWsXe9JWiyeyKH/LNY3SrgxCWPZSItE9VK68ghMuVYK/A8IAcgzNhzFYLDxmtsidjiOJBj2ZGsjqevoQ5HuKB/pob8CLW3dr1Rx38Any/XXxpfeO6vemCJMGLTe5gSlrCI+Tk1qNt0Rz+rke73Hwt9wW39g8X3prF2q9ryL9OFCcsoYUE7PIOV9xM1GaDFfTR4bKux7HyFKmG+rBvmJHB5OPW8UAtVZGY/FIChwlmF6QNO5Zym497bG1RCOGplaLpRXVJrmoUkZUO7EazePPxIjz2duWYqFtwl5R9YGy1+a+F58G19DS7wJHM29td117/ZANjRTxE5q/aJm2okJYOVSqhYzdhji+BWVZ5ai7cktpAdtPo++yiZN90LvogXNB64kFxVGuX52xZcA3KLKmvrd47o9k0pzO+oCoArxPFIx0YkHfy/yw7OG8Z+KLK8l9WXWBZO5TpjcydnEcRZ8OEqVhtmDh+9h1zhPphuFBtT1JPbt8m132RUy23qsNRtZ/lnnfQbrxgHPRzVuvA8o4ahOEUdvV9SYnzKb6qMFXGp25EhlcWnR4/toyG6I3paBtByeHkaxjgCuvm9Hob6f/xFr3kEJ4WXTVguyrcFgNg2EcEfdkrTMhNn9OIHEFFQ8whIBv5jlw== JuiceSSH" ]; } + { + time.timeZone = "Europe/Berlin"; + } ]; krebs.build.host = config.krebs.hosts.prism; From e59542f12d269f4f10b1f32f2f58e3c26c27585a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 18:04:51 +0100 Subject: [PATCH 082/142] l 2: add teamviewer.nix --- lass/2configs/teamviewer.nix | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 lass/2configs/teamviewer.nix diff --git a/lass/2configs/teamviewer.nix b/lass/2configs/teamviewer.nix new file mode 100644 index 000000000..48053d7db --- /dev/null +++ b/lass/2configs/teamviewer.nix @@ -0,0 +1,6 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + services.teamviewer.enable = true; +} From c8b82b0336f0913c70b5d1e51b0c1194ba9570d4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 18:05:19 +0100 Subject: [PATCH 083/142] l 2: add libvirt.nix --- lass/2configs/libvirt.nix | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 lass/2configs/libvirt.nix diff --git a/lass/2configs/libvirt.nix b/lass/2configs/libvirt.nix new file mode 100644 index 000000000..368722e77 --- /dev/null +++ b/lass/2configs/libvirt.nix @@ -0,0 +1,22 @@ +{ config, pkgs, ... }: + +let + mainUser = config.users.extraUsers.mainUser; + +in { + virtualisation.libvirtd.enable = true; + + users.extraUsers = { + libvirt = { + uid = 358821352; # genid libvirt + description = "user for running libvirt stuff"; + home = "/home/libvirt"; + useDefaultShell = true; + extraGroups = [ "libvirtd" "audio" ]; + createHome = true; + }; + }; + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(libvirt) NOPASSWD: ALL + ''; +} From 717c6f4adec48ac65050c693fd0722cd93355e81 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 18:20:50 +0100 Subject: [PATCH 084/142] l 3: add nginx site modules --- lass/3modules/owncloud_nginx.nix | 215 ++++++++++++++++++++++++++++++ lass/3modules/static_nginx.nix | 49 +++++++ lass/3modules/wordpress_nginx.nix | 66 +++++++-- 3 files changed, 319 insertions(+), 11 deletions(-) create mode 100644 lass/3modules/owncloud_nginx.nix create mode 100644 lass/3modules/static_nginx.nix diff --git a/lass/3modules/owncloud_nginx.nix b/lass/3modules/owncloud_nginx.nix new file mode 100644 index 000000000..a0db87b0b --- /dev/null +++ b/lass/3modules/owncloud_nginx.nix @@ -0,0 +1,215 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.lass.owncloud; + + out = { + options.lass.owncloud = api; + config = imp; + }; + + api = mkOption { + type = with types; attrsOf (submodule ({ config, ... }: { + options = { + domain = mkOption { + type = str; + default = config._module.args.name; + }; + dataDir = mkOption { + type = str; + default = "${config.folder}/data"; + }; + dbUser = mkOption { + type = str; + default = replaceStrings ["."] ["_"] config.domain; + }; + dbName = mkOption { + type = str; + default = replaceStrings ["."] ["_"] config.domain; + }; + dbType = mkOption { + # TODO: check for valid dbType + type = str; + default = "mysql"; + }; + folder = mkOption { + type = str; + default = "/srv/http/${config.domain}"; + }; + auto = mkOption { + type = bool; + default = false; + }; + instanceid = mkOption { + type = str; + }; + ssl = mkOption { + type = bool; + default = false; + }; + }; + })); + default = {}; + }; + + user = config.services.nginx.user; + group = config.services.nginx.group; + + imp = { + krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ... }: { + server-names = [ + "${domain}" + "www.${domain}" + ]; + locations = [ + (nameValuePair "/" '' + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + + try_files $uri $uri/ /index.php; + '') + (nameValuePair "~ \.php$" '' + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include ${pkgs.nginx}/conf/fastcgi.conf; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_pass unix:${folder}/phpfpm.pool; + '') + (nameValuePair "~ /\\." '' + deny all; + '') + ]; + extraConfig = '' + root ${folder}/; + #index index.php; + access_log /tmp/nginx_acc.log; + error_log /tmp/nginx_err.log; + + # set max upload size + client_max_body_size 10G; + fastcgi_buffers 64 4K; + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 /core/templates/403.php; + error_page 404 /core/templates/404.php; + ''; + }); + services.phpfpm.poolConfigs = flip mapAttrs cfg (name: { domain, folder, ... }: '' + listen = ${folder}/phpfpm.pool + user = ${user} + group = ${group} + pm = dynamic + pm.max_children = 5 + pm.start_servers = 2 + pm.min_spare_servers = 1 + pm.max_spare_servers = 3 + listen.owner = ${user} + listen.group = ${group} + # errors to journal + php_admin_value[error_log] = 'stderr' + php_admin_flag[log_errors] = on + catch_workers_output = yes + ''); + #systemd.services = flip mapAttrs' cfg (name: { domain, folder, dbName, dbUser, dbType, dataDir, instanceid, ... }: { + # name = "owncloudInit-${name}"; + # value = { + # path = [ + # pkgs.mysql + # pkgs.su + # pkgs.gawk + # pkgs.jq + # ]; + # requiredBy = [ "nginx.service" ]; + # serviceConfig = let + # php.define = name: value: + # "define(${php.newdoc name}, ${php.newdoc value});"; + # php.toString = x: + # "'${x}'"; + # php.newdoc = s: + # let b = "EOF${builtins.hashString "sha256" s}"; in + # ''<<<'${b}' + # ${s} + # ${b} + # ''; + # in { + # Type = "oneshot"; + # ExecStart = pkgs.writeScript "wordpressInit" '' + # #!/bin/sh + # set -euf + # oc_secrets=${shell.escape "${toString }/${domain}/oc-secrets"} + # db_password=$(cat ${shell.escape "${toString }/${domain}/sql-db-pw"}) + # get_secret() { + # echo "'$1' => $(jq -r ."$1" "$oc_secrets" | to_php_string)," + # } + # to_php_string() { + # echo "base64_decode('$(base64)')" + # } + # { + # cat ${toString } + # password=$(cat ${shell.escape (toString ())}) + # # TODO passwordhash=$(su nobody_oc -c mysql <<< "SELECT PASSWORD($(toSqlString <<< "$password"));") + # # TODO as package pkgs.sqlHashPassword + # # TODO not using mysql + # # SET SESSION sql_mode = 'NO_BACKSLASH_ESCAPES'; + # passwordhash=$(su nobody_oc -c 'mysql -u nobody --silent' <<< "SELECT PASSWORD('$db_password');") + # user=${shell.escape dbUser}@localhost + # database=${shell.escape dbName} + # cat << EOF + # CREATE DATABASE IF NOT EXISTS $database; + # GRANT USAGE ON *.* TO $user IDENTIFIED BY PASSWORD '$passwordhash'; + # GRANT ALL PRIVILEGES ON $database.* TO $user; + # FLUSH PRIVILEGES; + # EOF + # } | mysql -u root -p + # # TODO nix2php for wp-config.php + # mkdir -p ${folder}/config + # cat > ${folder}/config/config.php << EOF + # 'localhost', + # 'dbtableprefix' => 'oc_', + # 'dbpassword' => '$db_password', + # 'installed' => 'true', + # 'trusted_domains' => + # array ( + # 0 => '${domain}', + # ), + # 'overwrite.cli.url' => 'http://${domain}', + + # ${concatStringsSep "\n" (mapAttrsToList (name: value: + # "'${name}' => $(printf '%s' ${shell.escape value} | to_php_string)," + # ) { + # instanceid = instanceid; + # datadirectory = dataDir; + # dbtype = dbType; + # dbname = dbName; + # dbuser = dbUser; + # })} + + # ${concatMapStringsSep "\n" (key: "$(get_secret ${shell.escape key})") [ + # "secret" + # "passwordsalt" + # ]} + # ); + # EOF + # ''; + # }; + # }; + #}); + users.users.nobody_oc = { + uid = 1651469147; # genid nobody_oc + useDefaultShell = true; + }; + }; + +in out diff --git a/lass/3modules/static_nginx.nix b/lass/3modules/static_nginx.nix new file mode 100644 index 000000000..cc2641af2 --- /dev/null +++ b/lass/3modules/static_nginx.nix @@ -0,0 +1,49 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.lass.staticPage; + + out = { + options.lass.staticPage = api; + config = imp; + }; + + api = mkOption { + type = with types; attrsOf (submodule ({ config, ... }: { + options = { + domain = mkOption { + type = str; + default = config._module.args.name; + }; + folder = mkOption { + type = str; + default = "/srv/http/${config.domain}"; + }; + }; + })); + default = {}; + }; + + user = config.services.nginx.user; + group = config.services.nginx.group; + + imp = { + krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ... }: { + server-names = [ + "${domain}" + "www.${domain}" + ]; + locations = [ + (nameValuePair "/" '' + root ${folder}; + '') + (nameValuePair "~ /\\." '' + deny all; + '') + ]; + }); + }; + +in out diff --git a/lass/3modules/wordpress_nginx.nix b/lass/3modules/wordpress_nginx.nix index 65170698f..2f31f6e02 100644 --- a/lass/3modules/wordpress_nginx.nix +++ b/lass/3modules/wordpress_nginx.nix @@ -45,35 +45,70 @@ let type = bool; default = false; }; + multiSite = mkOption { + type = attrsOf str; + default = {}; + example = { + "0" = "bla.testsite.de"; + "1" = "test.testsite.de"; + }; + }; }; })); default = {}; }; - dataFolder = "/srv/http"; user = config.services.nginx.user; group = config.services.nginx.group; imp = { - krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, ... }: { + #services.nginx.appendConfig = mkIf (cfg.multiSite != {}) '' + # map $http_host $blogid { + # ${concatStringsSep "\n" (mapAttrsToList (n: v: indent "v n;") multiSite)} + # } + #''; + + krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, multiSite, ... }: { server-names = [ "${domain}" "www.${domain}" ]; - locations = [ + #(mkIf (multiSite != {}) + #) + locations = (if (multiSite != {}) then + [ + (nameValuePair "~ ^/files/(.*)$" '' + try_files /wp-content/blogs.dir/$blogid/$uri /wp-includes/ms-files.php?file=$1 ; + '') + (nameValuePair "^~ /blogs.dir" '' + internal; + alias ${folder}/wp-content/blogs.dir ; + access_log off; log_not_found off; expires max; + '') + ] + else + [] + ) ++ + [ (nameValuePair "/" '' try_files $uri $uri/ /index.php?$args; '') (nameValuePair "~ \.php$" '' - fastcgi_pass unix:${dataFolder}/${domain}/phpfpm.pool; + fastcgi_pass unix:${folder}/phpfpm.pool; include ${pkgs.nginx}/conf/fastcgi.conf; '') (nameValuePair "~ /\\." '' deny all; '') + #Directives to send expires headers and turn off 404 error logging. + (nameValuePair "~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$" '' + access_log off; + log_not_found off; + expires max; + '') ]; extraConfig = '' - root ${dataFolder}/${domain}/; + root ${folder}/; index index.php; access_log /tmp/nginx_acc.log; error_log /tmp/nginx_err.log; @@ -81,8 +116,8 @@ let error_page 500 502 503 504 /50x.html; ''; }); - services.phpfpm.poolConfigs = flip mapAttrs cfg (name: { domain, ... }: '' - listen = ${dataFolder}/${domain}/phpfpm.pool + services.phpfpm.poolConfigs = flip mapAttrs cfg (name: { domain, folder, ... }: '' + listen = ${folder}/phpfpm.pool user = ${user} group = ${group} pm = dynamic @@ -97,7 +132,7 @@ let php_admin_flag[log_errors] = on catch_workers_output = yes ''); - systemd.services = flip mapAttrs' cfg (name: { domain, folder, charset, collate, dbName, dbUser, debug, ... }: { + systemd.services = flip mapAttrs' cfg (name: { domain, folder, charset, collate, dbName, dbUser, debug, multiSite, ... }: { name = "wordpressInit-${name}"; value = { path = [ @@ -175,6 +210,13 @@ let ]} \$table_prefix = 'wp_'; + + ${if (multiSite != {}) then + "define('WP_ALLOW_MULTISITE', true);" + else + "" + } + define('WP_DEBUG', ${toJSON debug}); if ( !defined('ABSPATH') ) define('ABSPATH', dirname(__FILE__) . '/'); @@ -186,10 +228,12 @@ let }; }; }); - users.users.nobody2 = { - uid = 125816384; # genid nobody2 - useDefaultShell = true; + users.users.nobody2 = mkDefault { + uid = mkDefault 125816384; # genid nobody2 + useDefaultShell = mkDefault true; }; }; + indent = replaceChars ["\n"] ["\n "]; + in out From ec8cd8502dd3439cf7c9f1069d875d0291a51130 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 18:21:50 +0100 Subject: [PATCH 085/142] l 2: add websites --- lass/2configs/websites/domsen.nix | 35 +++++++++++++++++++ lass/2configs/websites/wohnprojekt-rhh.de.nix | 12 +++++++ 2 files changed, 47 insertions(+) create mode 100644 lass/2configs/websites/domsen.nix create mode 100644 lass/2configs/websites/wohnprojekt-rhh.de.nix diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix new file mode 100644 index 000000000..109c216c0 --- /dev/null +++ b/lass/2configs/websites/domsen.nix @@ -0,0 +1,35 @@ +{ config, pkgs, ... }: + +{ + imports = [ + ../../3modules/static_nginx.nix + ../../3modules/owncloud_nginx.nix + ../../3modules/wordpress_nginx.nix + ]; + + lass.staticPage = { + "karlaskop.de" = {}; + "makeup.apanowicz.de" = {}; + "pixelpocket.de" = {}; + "reich-gebaeudereinigung.de" = {}; + }; + + lass.owncloud = { + "o.ubikmedia.de" = { + instanceid = "oc8n8ddbftgh"; + }; + }; + + services.mysql = { + enable = true; + package = pkgs.mariadb; + rootPassword = toString (); + }; + + #lass.wordpress = { + # "ubikmedia.de" = { + # }; + #}; + +} + diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix new file mode 100644 index 000000000..cd31450c5 --- /dev/null +++ b/lass/2configs/websites/wohnprojekt-rhh.de.nix @@ -0,0 +1,12 @@ +{ config, ... }: + +{ + imports = [ + ../../3modules/static_nginx.nix + ]; + + lass.staticPage = { + "wohnprojekt-rhh.de" = {}; + }; +} + From 75ab577d4922f3b57a890af668b9c0fb405a50b0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 18:22:09 +0100 Subject: [PATCH 086/142] l 1 mors: import stuff --- lass/1systems/mors.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 7b91fa6be..4ba9df6f9 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -22,6 +22,9 @@ ../2configs/bitlbee.nix ../2configs/firefoxPatched.nix ../2configs/skype.nix + ../2configs/teamviewer.nix + ../2configs/libvirt.nix + ../2configs/fetchWallpaper.nix { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ From 24105297bd9ff8af57befeb56f4ef42d439a531d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 18:22:47 +0100 Subject: [PATCH 087/142] l 1 prism: activate websites --- lass/1systems/prism.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index fe9967837..95c55533c 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -124,6 +124,15 @@ in { { time.timeZone = "Europe/Berlin"; } + { + imports = [ + ../2configs/websites/wohnprojekt-rhh.de.nix + ../2configs/websites/domsen.nix + ]; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } + ]; + } ]; krebs.build.host = config.krebs.hosts.prism; From 43613fa6fca279301fcf0d014c0c9f71f394d9a1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 18:23:32 +0100 Subject: [PATCH 088/142] l 2 base: nixpkgs 8d1ce12 -> 363c843 --- lass/2configs/base.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index fa5ee4f19..40f4e12c7 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -50,7 +50,7 @@ with lib; source = { git.nixpkgs = { url = https://github.com/Lassulus/nixpkgs; - rev = "8d1ce129361312334bf914ce0d27e463cb0bb21b"; + rev = "363c8430f1efad8b03d5feae6b3a4f2fe7b29251"; }; dir.secrets = { host = config.krebs.hosts.mors; From d567f9374529bf3fb2517ff270f8f0c973605722 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 18:24:32 +0100 Subject: [PATCH 089/142] l 2 browsers: use writeScriptBin --- lass/2configs/browsers.nix | 20 +++++--------------- 1 file changed, 5 insertions(+), 15 deletions(-) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 849778a7a..580db8b2c 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -1,16 +1,6 @@ { config, lib, pkgs, ... }: let - simpleScript = name: content: - pkgs.stdenv.mkDerivation { - inherit name; - phases = [ "installPhase" ]; - installPhase = '' - mkdir -p $out/bin - ln -s ${pkgs.writeScript name content} $out/bin/${name} - ''; - }; - mainUser = config.users.extraUsers.mainUser; createChromiumUser = name: extraGroups: packages: { @@ -26,8 +16,8 @@ let ${mainUser.name} ALL=(${name}) NOPASSWD: ALL ''; environment.systemPackages = [ - (simpleScript name '' - sudo -u ${name} -i chromium $@ + (pkgs.writeScriptBin name '' + /var/setuid-wrappers/sudo -u ${name} -i chromium $@ '') ]; }; @@ -46,8 +36,8 @@ let ${mainUser.name} ALL=(${name}) NOPASSWD: ALL ''; environment.systemPackages = [ - (simpleScript name '' - sudo -u ${name} -i firefox $@ + (pkgs.writeScriptBin name '' + /var/setuid-wrappers/sudo -u ${name} -i firefox $@ '') ]; }; @@ -57,7 +47,7 @@ let in { environment.systemPackages = [ - (simpleScript "browser-select" '' + (pkgs.writeScriptBin "browser-select" '' BROWSER=$(echo -e "ff\ncr\nfb\ngm\nflash" | dmenu) $BROWSER $@ '') From f913904eba26b0819c7ed02c69ee09fb310f8478 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 18:25:08 +0100 Subject: [PATCH 090/142] l 2 browsers: activate flash browser --- lass/2configs/browsers.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 580db8b2c..d36801863 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -60,7 +60,7 @@ in { ( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] ) ( createChromiumUser "fb" [ ] [ pkgs.chromium ] ) ( createChromiumUser "gm" [ ] [ pkgs.chromium ] ) - # ( createChromiumUser "flash" [ ] [ pkgs.flash ] ) + ( createChromiumUser "flash" [ ] [ pkgs.flash ] ) ]; nixpkgs.config.packageOverrides = pkgs : { From e5d46002e5aded1780c3a00a28866a5569978335 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 18:25:37 +0100 Subject: [PATCH 091/142] l 2 elster: use chromium package --- lass/2configs/elster.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/2configs/elster.nix b/lass/2configs/elster.nix index 1edd01896..e3a88c789 100644 --- a/lass/2configs/elster.nix +++ b/lass/2configs/elster.nix @@ -14,6 +14,9 @@ in { createHome = true; }; }; + krebs.per-user.elster.packages = [ + pkgs.chromium + ]; security.sudo.extraConfig = '' ${mainUser.name} ALL=(elster) NOPASSWD: ALL ''; From bd25fd61c8eaa780e827419760accd47140f9236 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 18:27:17 +0100 Subject: [PATCH 092/142] l 2: add fetchWallpaper.nix --- lass/2configs/fetchWallpaper.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 lass/2configs/fetchWallpaper.nix diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix new file mode 100644 index 000000000..effbd6c85 --- /dev/null +++ b/lass/2configs/fetchWallpaper.nix @@ -0,0 +1,11 @@ +{ config, pkgs, ... }: + +let + +in { + lass.fetchWallpaper = { + enable = true; + url = "echelon/wallpaper.png"; + }; +} + From 8bb93b93fdacdcca75176392ad9f66dd3b2dc6dc Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 18:27:45 +0100 Subject: [PATCH 093/142] l 2 xserver: remove xmobar --- lass/2configs/xserver/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix index ceccf5fee..da337f6a7 100644 --- a/lass/2configs/xserver/default.nix +++ b/lass/2configs/xserver/default.nix @@ -108,7 +108,6 @@ let pkgs.rxvt_unicode pkgs.i3lock pkgs.haskellPackages.yeganesh - pkgs.haskellPackages.xmobar pkgs.dmenu ] ++ config.environment.systemPackages)}:/var/setuid-wrappers settle() {( From 1b9a044b44d12096dbad27db3a44d5c911ec9eb4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 19:37:13 +0100 Subject: [PATCH 094/142] l 3 fetchWallpaper -> k 3 fetchWallpaper --- krebs/3modules/default.nix | 1 + {lass => krebs}/3modules/fetchWallpaper.nix | 4 ++-- lass/2configs/fetchWallpaper.nix | 2 +- lass/3modules/default.nix | 1 - 4 files changed, 4 insertions(+), 4 deletions(-) rename {lass => krebs}/3modules/fetchWallpaper.nix (96%) diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 6d2b090a2..740ba67b8 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -12,6 +12,7 @@ let ./current.nix ./exim-retiolum.nix ./exim-smarthost.nix + ./fetchWallpaper.nix ./github-hosts-sync.nix ./git.nix ./go.nix diff --git a/lass/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix similarity index 96% rename from lass/3modules/fetchWallpaper.nix rename to krebs/3modules/fetchWallpaper.nix index 9baebedbd..a3eddcc27 100644 --- a/lass/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -3,10 +3,10 @@ with lib; let - cfg = config.lass.fetchWallpaper; + cfg = config.krebs.fetchWallpaper; out = { - options.lass.fetchWallpaper = api; + options.krebs.fetchWallpaper = api; config = mkIf cfg.enable imp; }; diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix index effbd6c85..9c27706cb 100644 --- a/lass/2configs/fetchWallpaper.nix +++ b/lass/2configs/fetchWallpaper.nix @@ -3,7 +3,7 @@ let in { - lass.fetchWallpaper = { + krebs.fetchWallpaper = { enable = true; url = "echelon/wallpaper.png"; }; diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 5fa5160ee..0dcad971c 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -8,6 +8,5 @@ _: ./urxvtd.nix ./xresources.nix ./wordpress_nginx.nix - ./fetchWallpaper.nix ]; } From 25c1a1c5eeffd59af84eb3eda167ac81622e5198 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 19:37:52 +0100 Subject: [PATCH 095/142] k 3 fetchWallpaper: default stateDir in /var --- krebs/3modules/fetchWallpaper.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index a3eddcc27..b5eb00e9c 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -27,7 +27,7 @@ let }; stateDir = mkOption { type = types.str; - default = "/tmp/wallpaper"; + default = "/var/lib/wallpaper"; }; display = mkOption { type = types.str; @@ -50,11 +50,12 @@ let ''; imp = { - users.extraUsers.fetchWallpaper = { + users.users.fetchWallpaper = { name = "fetchWallpaper"; uid = 3332383611; #genid fetchWallpaper description = "fetchWallpaper user"; - home = "/var/empty"; + home = cfg.stateDir; + createHome = true; }; systemd.timers.fetchWallpaper = { From c0786aee72507e08ab61b5e9391afb4e7fba76fa Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 Dec 2015 19:40:44 +0100 Subject: [PATCH 096/142] l 5 xmonad-lass: deactivate yeganesh, workspace0 --- lass/5pkgs/xmonad-lass/Main.hs | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/lass/5pkgs/xmonad-lass/Main.hs b/lass/5pkgs/xmonad-lass/Main.hs index 10a3c5638..ce5afe33a 100644 --- a/lass/5pkgs/xmonad-lass/Main.hs +++ b/lass/5pkgs/xmonad-lass/Main.hs @@ -49,6 +49,7 @@ import XMonad.Stockholm.Pager import XMonad.Stockholm.Rhombus import XMonad.Stockholm.Shutdown + myTerm :: String myTerm = "urxvtc" @@ -65,6 +66,7 @@ main = getArgs >>= \case mainNoArgs :: IO () mainNoArgs = do + workspaces0 <- getWorkspaces0 xmonad' -- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 } -- urgencyConfig { remindWhen = Every 1 } @@ -74,6 +76,7 @@ mainNoArgs = do $ defaultConfig { terminal = myTerm , modMask = mod4Mask + , workspaces = workspaces0 , layoutHook = smartBorders $ myLayoutHook -- , handleEventHook = myHandleEventHooks <+> handleTimerEvent --, handleEventHook = handleTimerEvent @@ -100,16 +103,26 @@ xmonad' conf = do hPutStrLn stderr (displaySomeException e) xmonad conf +getWorkspaces0 :: IO [String] +getWorkspaces0 = + try (getEnv "XMONAD_WORKSPACES0_FILE") >>= \case + Left e -> warn (displaySomeException e) + Right p -> try (readFile p) >>= \case + Left e -> warn (displaySomeException e) + Right x -> case readEither x of + Left e -> warn e + Right y -> return y + where + warn msg = hPutStrLn stderr ("getWorkspaces0: " ++ msg) >> return [] displaySomeException :: SomeException -> String displaySomeException = displayException myKeyMap = - [ ("M4-", spawn "i3lock -i ~/lock.png -u" ) + [ ("M4-", spawn "/var/setuid-wrappers/slock") , ("M4-p", spawn "passmenu --type") - , ("M4-r", spawn "exe=$(yeganesh -x) && eval \"exec $exe\"") - -- , ("M4-r", io (readProcess "yeganesh" ["-x"] "" >>= putStrLn ) ) + --, ("M4-r", spawn "exe=$(yeganesh -x) && eval \"exec $exe\"") , ("", spawn "pactl -- set-sink-volume 0 +4%") , ("", spawn "pactl -- set-sink-volume 0 -4%") , ("", gridselectWorkspace myWSConfig W.view) From 1c17881aede650e114b43dfb4efb10249c2bcaea Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 13 Dec 2015 13:50:39 +0100 Subject: [PATCH 097/142] k 3 fetchWallpaper: change predicate handling a failed predicate does not result in a failed system service it will just not download the remote --- krebs/3modules/fetchWallpaper.nix | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index b5eb00e9c..83ecf4177 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -37,11 +37,10 @@ let fetchWallpaperScript = pkgs.writeScript "fetchWallpaper" '' #! ${pkgs.bash}/bin/bash - ${if (cfg.predicate == null) then "" else '' - ${cfg.predicate} - if [ $? -ne 0 ]; then - echo "predicate failed" - exit 23 + ${optionalString (cfg.predicate != null) '' + if ! ${cfg.predicate}; then + echo "predicate failed - will not fetch from remote" + exit 0 fi ''} mkdir -p ${shell.escape cfg.stateDir} From 6a07012a2f2ab8673c464256bd46efedf95366c3 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 13 Dec 2015 13:52:15 +0100 Subject: [PATCH 098/142] m 2 fetchWallpaper: default enabled for mainlaptop --- makefu/2configs/fetchWallpaper.nix | 24 ++++++++++++++++++++++++ makefu/2configs/main-laptop.nix | 5 ++++- 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 makefu/2configs/fetchWallpaper.nix diff --git a/makefu/2configs/fetchWallpaper.nix b/makefu/2configs/fetchWallpaper.nix new file mode 100644 index 000000000..b071a128d --- /dev/null +++ b/makefu/2configs/fetchWallpaper.nix @@ -0,0 +1,24 @@ +{ config, pkgs, ... }: + +let + # check if laptop runs on umts + weaksauce-internet = with pkgs;writeScript "weaksauce-internet" '' + #! /bin/sh + if ${iproute}/bin/ip addr show dev ppp0 2>/dev/null \ + | ${gnugrep}/bin/grep -q inet;then + exit 1 + fi + ''; + +in { + krebs.fetchWallpaper = { + enable = true; + display = ":0"; + predicate = weaksauce-internet; + timerConfig = { + OnCalendar = "*:0/30"; + }; + url = "http://echelon/wallpaper.png"; + }; +} + diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix index dfc8c1c07..00a3e73ca 100644 --- a/makefu/2configs/main-laptop.nix +++ b/makefu/2configs/main-laptop.nix @@ -6,7 +6,10 @@ with lib; { - imports = [ ./base-gui.nix ]; + imports = [ + ./base-gui.nix + ./fetchWallpaper.nix + ]; environment.systemPackages = with pkgs;[ vlc firefox From 4578f701ba01bfdf0745a8c73461070f0f7d2f0e Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 13 Dec 2015 14:26:33 +0100 Subject: [PATCH 099/142] m 5 awesomecfg: beautiful was loaded too late resulted in missing icons, colors for border. i just discovered this today, 2 months after i wrote the config hahah :D --- makefu/5pkgs/awesomecfg/full.cfg | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg index b3f94e655..15711a5d5 100644 --- a/makefu/5pkgs/awesomecfg/full.cfg +++ b/makefu/5pkgs/awesomecfg/full.cfg @@ -12,6 +12,8 @@ local beautiful = require("beautiful") local naughty = require("naughty") local menubar = require("menubar") + + -- {{{ Error handling -- Check if awesome encountered an error during startup and fell back to -- another config (This code will only ever execute for the fallback config) @@ -90,6 +92,20 @@ vicious.register(batwidget, vicious.widgets.bat, "$2%", 61, "BAT0") -- -- beautiful.init("/nix/store/qbx8r72yzaxpz41zq00902zwajl31b5h-awesome-3.5.6/share/awesome/themes/default/theme.lua") +function find_default_theme() + -- find the default lua theme in the package path + for path in package.path:gmatch('([^;]+);') do + if path:match('awesome.*share') then + theme_path = path:match('^([^?]*)') .. '../themes/default/theme.lua' + if awful.util.file_readable(theme_path) then return theme_path end + end + end +end + +beautiful.init(find_default_theme()) +client.connect_signal("focus", function(c) c.border_color = beautiful.border_focus end) +client.connect_signal("unfocus", function(c) c.border_color = beautiful.border_normal end) + -- This is used later as the default terminal and editor to run. terminal = "urxvt" editor = os.getenv("EDITOR") or "vim" @@ -494,21 +510,9 @@ local os = { date = os.date, time = os.time } + -- }}} -function find_default_theme() - -- find the default lua theme in the package path - for path in package.path:gmatch('([^;]+);') do - if path:match('awesome.*share') then - theme_path = path:match('^([^?]*)') .. '../themes/default/theme.lua' - if awful.util.file_readable(theme_path) then return theme_path end - end - end -end - -beautiful.init(find_default_theme()) -client.connect_signal("focus", function(c) c.border_color = beautiful.border_focus end) -client.connect_signal("unfocus", function(c) c.border_color = beautiful.border_normal end) -- }}} From 809ffa435c4ba759a6cfd7fdffc976499d470d82 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 13 Dec 2015 14:35:30 +0100 Subject: [PATCH 100/142] m 2 default: use timesyncd instead of ntpd --- makefu/2configs/default.nix | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 760c70789..519635281 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -80,7 +80,14 @@ with lib; "d /tmp 1777 root root - -" ]; - environment.variables.EDITOR = mkForce "vim"; + environment.variables = { + NIX_PATH = with config.krebs.build.source; with dir; with git; + mkForce (concatStringsSep ":" [ + "nixpkgs=${nixpkgs.target-path}" + "${nixpkgs.target-path}" + ]); + EDITOR = mkForce "vim"; + }; environment.systemPackages = with pkgs; [ jq @@ -124,6 +131,14 @@ with lib; services.cron.enable = false; services.nscd.enable = false; + services.ntp.enable = false; + services.timesyncd.enable = true; + services.ntp.servers = [ + "pool.ntp.org" + "time.windows.com" + "time.apple.com" + "time.nist.gov" + ]; security.setuidPrograms = [ "sendmail" ]; services.journald.extraConfig = '' From c3bd222b9f8c4b7d08a447760ae5ae28b90f217e Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 14:17:21 +0100 Subject: [PATCH 101/142] m 2 tinc: add ire as potential supernode --- makefu/2configs/tinc-basic-retiolum.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/tinc-basic-retiolum.nix b/makefu/2configs/tinc-basic-retiolum.nix index fd6d1683d..2abf4f188 100644 --- a/makefu/2configs/tinc-basic-retiolum.nix +++ b/makefu/2configs/tinc-basic-retiolum.nix @@ -9,6 +9,7 @@ with lib; "gum" "pigstarter" "fastpoke" + "ire" ]; }; } From 27ca97b78f66d6fca96e303cc650cc68065e9a1c Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 14:18:08 +0100 Subject: [PATCH 102/142] k 3 retiolum: add extraConfig --- krebs/3modules/retiolum.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix index 633642537..28ac67306 100644 --- a/krebs/3modules/retiolum.nix +++ b/krebs/3modules/retiolum.nix @@ -50,6 +50,14 @@ let ''; }; + extraConfig = mkOption { + type = types.str; + default = ""; + description = '' + Extra Configuration to be appended to tinc.conf + ''; + }; + tincPackage = mkOption { type = types.package; default = pkgs.tinc; @@ -203,6 +211,7 @@ let Interface = ${cfg.network} ${concatStrings (map (c : "ConnectTo = " + c + "\n") cfg.connectTo)} PrivateKeyFile = /tmp/retiolum-rsa_key.priv + ${cfg.extraConfig} EOF # source: krebscode/painload/retiolum/scripts/tinc_setup/tinc-up From 72238439c5c8010323030112b9b041f5d6fd27e3 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 14:18:34 +0100 Subject: [PATCH 103/142] m 1 gum: add extra ports to gum retiolum --- makefu/1systems/gum.nix | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 75607aa46..417a020fa 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -14,14 +14,20 @@ in { # ../2configs/iodined.nix ../2configs/git/cgit-retiolum.nix ../2configs/mattermost-docker.nix + ../2configs/nginx/euer.test.nix ]; + nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; ###### stable krebs.build.target = "root@gum.krebsco.de"; krebs.build.host = config.krebs.hosts.gum; - + krebs.retiolum.extraConfig = '' + ListenAddress = ${external-ip} 53 + ListenAddress = ${external-ip} 655 + ListenAddress = ${external-ip} 21031 + ''; # Chat environment.systemPackages = with pkgs;[ @@ -53,10 +59,18 @@ in { 80 443 # tinc 655 + # tinc-shack + 21032 + # tinc-retiolum + 21031 ]; allowedUDPPorts = [ # tinc 655 53 + # tinc-retiolum + 21031 + # tinc-shack + 21032 ]; }; interfaces.et0.ip4 = [{ From 83208910bbedc70018c5a7f0e4b18baed418f9cf Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 14:32:20 +0100 Subject: [PATCH 104/142] m 2 git: add vbob pubkey --- krebs/Zpubkeys/makefu_vbob.ssh.pub | 1 + makefu/2configs/git/cgit-retiolum.nix | 7 ++++++- 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 krebs/Zpubkeys/makefu_vbob.ssh.pub diff --git a/krebs/Zpubkeys/makefu_vbob.ssh.pub b/krebs/Zpubkeys/makefu_vbob.ssh.pub new file mode 100644 index 000000000..e5063aeb5 --- /dev/null +++ b/krebs/Zpubkeys/makefu_vbob.ssh.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@nixos diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 304d39fcd..5143ca5aa 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -24,6 +24,7 @@ let connector-repos = mapAttrs make-priv-repo { connector = { }; + minikrebs = { }; mattermost = { desc = "Mattermost Docker files"; }; @@ -54,7 +55,7 @@ let # TODO: get the list of all krebsministers krebsminister = with config.krebs.users; [ lass tv uriel ]; - all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ]; + all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp makefu-vbob ]; all-exco = with config.krebs.users; [ exco ]; priv-rules = repo: set-owners repo all-makefu; @@ -85,6 +86,10 @@ in { name = "makefu-omo" ; pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_omo.ssh.pub; }; + makefu-vbob = { + name = "makefu-vbob" ; + pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_vbob.ssh.pub; + }; makefu-tsp = { name = "makefu-tsp" ; pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub; From c865a5593e240c0a602e1f70b314d139087c4e45 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 14:32:41 +0100 Subject: [PATCH 105/142] k Zhosts: add gum extra port --- krebs/Zhosts/gum | 2 ++ 1 file changed, 2 insertions(+) diff --git a/krebs/Zhosts/gum b/krebs/Zhosts/gum index d43bb0d08..7a1a305d6 100644 --- a/krebs/Zhosts/gum +++ b/krebs/Zhosts/gum @@ -1,5 +1,7 @@ Address= 195.154.108.70 Address= 195.154.108.70 53 +Address= 195.154.108.70 21031 + Subnet = 10.243.0.211 Subnet = 42:f9f0:0000:0000:0000:0000:0000:70d2 From 83924b9b6c84d7238fd0abb173a2c1dcbfe11ece Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 14:33:06 +0100 Subject: [PATCH 106/142] m 1 vbob:init --- krebs/3modules/makefu/default.nix | 25 ++++++++++++++++++ makefu/1systems/vbob.nix | 44 +++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+) create mode 100644 makefu/1systems/vbob.nix diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 037abbdfd..82a5635d2 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -84,6 +84,31 @@ with lib; }; }; }; + + vbob = { + cores = 2; + dc = "makefu"; #vm local + nets = { + retiolum = { + addrs4 = ["10.243.1.91"]; + addrs6 = ["42:0b2c:d90e:e717:03dd:9ac1:0000:a400"]; + aliases = [ + "vbob.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr + 4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI + AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP + hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o + Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s + AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB + -----END RSA PUBLIC KEY----- + + ''; + }; + }; + }; flap = rec { cores = 1; dc = "cac"; #vps diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix new file mode 100644 index 000000000..4d8e8ced1 --- /dev/null +++ b/makefu/1systems/vbob.nix @@ -0,0 +1,44 @@ +# +# +# +{ config, pkgs, ... }: + +{ + krebs.build.host = config.krebs.hosts.vbob; + krebs.build.target = "root@10.10.10.220"; + imports = + [ # Include the results of the hardware scan. + + ../2configs/main-laptop.nix #< base-gui + + # environment + ../2configs/zsh-user.nix + ../2configs/virtualization.nix + ]; + nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; + environment.systemPackages = with pkgs;[ + get + ]; + + networking.firewall.allowedTCPPorts = [ + 25 + 80 + ]; + + krebs.retiolum = { + enable = true; + extraConfig = "Proxy = http global.proxy.alcatel-lucent.com 8000"; + hosts = ../../krebs/Zhosts; + connectTo = [ + "gum" + ]; + + }; + networking.proxy.default = "http://global.proxy.alcatel-lucent.com:8000"; + fileSystems."/media/share" = { + fsType = "vboxsf"; + device = "share"; + options = "rw,uid=9001,gid=9001"; + }; + +} From 9900811f941abf5e31f3c7b616e3fa27f88ffb35 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 14:36:36 +0100 Subject: [PATCH 107/142] m 2 git: use gum as primary git host --- makefu/2configs/git/cgit-retiolum.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 5143ca5aa..68fd976d6 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -43,7 +43,7 @@ let hooks = { post-receive = pkgs.git-hooks.irc-announce { nick = config.networking.hostName; - verbose = config.krebs.build.host.name == "pnp"; + verbose = config.krebs.build.host.name == "gum"; channel = "#retiolum"; # TODO remove the hardcoded hostname server = "cd.retiolum"; From 6f150af8acf2195188518bf53d0330da7a4bb8f8 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 14:47:52 +0100 Subject: [PATCH 108/142] k Zhosts vbob: init --- krebs/Zhosts/vbob | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 krebs/Zhosts/vbob diff --git a/krebs/Zhosts/vbob b/krebs/Zhosts/vbob new file mode 100644 index 000000000..b233a46b0 --- /dev/null +++ b/krebs/Zhosts/vbob @@ -0,0 +1,9 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr +4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI +AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP +hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o +Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s +AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB +-----END RSA PUBLIC KEY----- +Subnet = 10.243.1.91/32 From 781573b9dd393aa4d2d7e34a1fa8d831441b545b Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 17:04:16 +0100 Subject: [PATCH 109/142] k Zpubkeys: makefu* -> 3modules --- krebs/3modules/makefu/default.nix | 16 ++++++++++++++-- krebs/Zpubkeys/exco.ssh.pub | 1 - krebs/Zpubkeys/makefu_arch.ssh.pub | 1 - krebs/Zpubkeys/makefu_omo.ssh.pub | 1 - krebs/Zpubkeys/makefu_tsp.ssh.pub | 1 - 5 files changed, 14 insertions(+), 6 deletions(-) delete mode 100644 krebs/Zpubkeys/exco.ssh.pub delete mode 100644 krebs/Zpubkeys/makefu_arch.ssh.pub delete mode 100644 krebs/Zpubkeys/makefu_omo.ssh.pub delete mode 100644 krebs/Zpubkeys/makefu_tsp.ssh.pub diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 037abbdfd..5a128a28f 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -277,10 +277,22 @@ with lib; }; }; }; - users = addNames { + users = addNames rec { makefu = { mail = "makefu@pornocauster.retiolum"; - pubkey = readFile ../../Zpubkeys/makefu_arch.ssh.pub; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster"; + }; + makefu_omo = { + inherit (makefu) mail; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch"; + }; + makefu_tsp = { + inherit (makefu) mail; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp"; + }; + exco = { + mail = "dickbutt@excogitation.de"; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== dickbutt@excogitation.de"; }; }; } diff --git a/krebs/Zpubkeys/exco.ssh.pub b/krebs/Zpubkeys/exco.ssh.pub deleted file mode 100644 index e2afcf3fb..000000000 --- a/krebs/Zpubkeys/exco.ssh.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== christian.stoeveken@gmail.com diff --git a/krebs/Zpubkeys/makefu_arch.ssh.pub b/krebs/Zpubkeys/makefu_arch.ssh.pub deleted file mode 100644 index 6092ec469..000000000 --- a/krebs/Zpubkeys/makefu_arch.ssh.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster diff --git a/krebs/Zpubkeys/makefu_omo.ssh.pub b/krebs/Zpubkeys/makefu_omo.ssh.pub deleted file mode 100644 index 5567040fb..000000000 --- a/krebs/Zpubkeys/makefu_omo.ssh.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch diff --git a/krebs/Zpubkeys/makefu_tsp.ssh.pub b/krebs/Zpubkeys/makefu_tsp.ssh.pub deleted file mode 100644 index 9a9c9b6f8..000000000 --- a/krebs/Zpubkeys/makefu_tsp.ssh.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp From 9bc0c474ace8e1bcccb5301a1726ed75a6241bff Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 17:12:51 +0100 Subject: [PATCH 110/142] m 2 Reaktor: add full profile --- krebs/3modules/makefu/default.nix | 8 ++++++-- krebs/Zpubkeys/makefu_vbob.ssh.pub | 1 - makefu/2configs/Reaktor/full.nix | 18 ++++++++++++++++++ makefu/2configs/git/cgit-retiolum.nix | 20 -------------------- 4 files changed, 24 insertions(+), 23 deletions(-) delete mode 100644 krebs/Zpubkeys/makefu_vbob.ssh.pub create mode 100644 makefu/2configs/Reaktor/full.nix diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index d9cb83aaf..14cafd3ed 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -307,14 +307,18 @@ with lib; mail = "makefu@pornocauster.retiolum"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster"; }; - makefu_omo = { + makefu-omo = { inherit (makefu) mail; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch"; }; - makefu_tsp = { + makefu-tsp = { inherit (makefu) mail; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp"; }; + makefu-vbob = { + inherit (makefu) mail; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@vbob"; + }; exco = { mail = "dickbutt@excogitation.de"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== dickbutt@excogitation.de"; diff --git a/krebs/Zpubkeys/makefu_vbob.ssh.pub b/krebs/Zpubkeys/makefu_vbob.ssh.pub deleted file mode 100644 index e5063aeb5..000000000 --- a/krebs/Zpubkeys/makefu_vbob.ssh.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@nixos diff --git a/makefu/2configs/Reaktor/full.nix b/makefu/2configs/Reaktor/full.nix new file mode 100644 index 000000000..50620890f --- /dev/null +++ b/makefu/2configs/Reaktor/full.nix @@ -0,0 +1,18 @@ +_: +{ + # implementation of the complete Reaktor bot + imports = [ + #./stockholmLentil.nix + ./simpleExtend.nix + ./random-emoji.nix + ./titlebot.nix + ./shack-correct.nix + ./sed-plugin.nix + ]; + krebs.Reaktor.nickname = "Reaktor|bot"; + krebs.Reaktor.enable = true; + + krebs.Reaktor.extraEnviron = { + REAKTOR_CHANNELS = "#krebs,#binaergewitter,#shackspace"; + }; +} diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 68fd976d6..35bb169cf 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -80,26 +80,6 @@ let }; in { - imports = [{ - krebs.users = { - makefu-omo = { - name = "makefu-omo" ; - pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_omo.ssh.pub; - }; - makefu-vbob = { - name = "makefu-vbob" ; - pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_vbob.ssh.pub; - }; - makefu-tsp = { - name = "makefu-tsp" ; - pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub; - }; - exco = { - name = "exco"; - pubkey= with builtins; readFile ../../../krebs/Zpubkeys/exco.ssh.pub; - }; - }; - }]; krebs.git = { enable = true; root-title = "public repositories"; From b3cb94ef818f4aa966d53fc0be927435156eab5a Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 17:43:08 +0100 Subject: [PATCH 111/142] k 5 forticlientsslvpn: init --- krebs/5pkgs/fortclientsslvpn/default.nix | 87 ++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 krebs/5pkgs/fortclientsslvpn/default.nix diff --git a/krebs/5pkgs/fortclientsslvpn/default.nix b/krebs/5pkgs/fortclientsslvpn/default.nix new file mode 100644 index 000000000..720d4004f --- /dev/null +++ b/krebs/5pkgs/fortclientsslvpn/default.nix @@ -0,0 +1,87 @@ +{ stdenv, lib, fetchurl, gtk, glib, libSM, gdk_pixbuf, libX11, libXinerama, iproute, + makeWrapper, libredirect, ppp, coreutils, gawk, pango }: +stdenv.mkDerivation rec { + name = "forticlientsslvpn"; + # forticlient will be copied into /tmp before execution. this is necessary as + # the software demands $base to be writeable + + src = fetchurl { + # archive.org mirror: + # https://archive.org/download/ForticlientsslvpnLinux4.4.23171.tar/forticlientsslvpn_linux_4.4.2317.tar.gz + url = http://www.zen.co.uk/userfiles/knowledgebase/FortigateSSLVPNClient/forticlientsslvpn_linux_4.4.2317.tar.gz; + sha256 = "19clnf9rgrnwazlpah8zz5kvz6kc8lxawrgmksx25k5ywflmbcrr"; + }; + phases = [ "unpackPhase" "buildPhase" "installPhase" "fixupPhase" ]; + + buildInputs = [ makeWrapper ]; + + binPath = lib.makeSearchPath "bin" [ + coreutils + gawk + ]; + + + libPath = lib.makeLibraryPath [ + stdenv.cc.cc + ]; + + guiLibPath = lib.makeLibraryPath [ + gtk + glib + libSM + gdk_pixbuf + libX11 + libXinerama + pango + ]; + + buildPhase = '' + # TODO: 32bit, use the 32bit folder + patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \ + --set-rpath "$libPath" \ + 64bit/forticlientsslvpn_cli + + patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \ + --set-rpath "$libPath:$guiLibPath" \ + 64bit/forticlientsslvpn + + patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \ + --set-rpath "$libPath" \ + 64bit/helper/subproc + + sed -i 's#\(export PATH=\).*#\1"${binPath}"#' 64bit/helper/waitppp.sh + ''; + + installPhase = '' + mkdir -p "$out/opt/fortinet" + + cp -r 64bit/. "$out/opt/fortinet" + wrapProgram $out/opt/fortinet/forticlientsslvpn \ + --set LD_PRELOAD "${libredirect}/lib/libredirect.so" \ + --set NIX_REDIRECTS /usr/sbin/ip=${iproute}/bin/ip:/usr/sbin/ppp=${ppp}/bin/ppp + + mkdir -p "$out/bin/" + + cat > $out/bin/forticlientsslvpn < Date: Mon, 14 Dec 2015 17:56:50 +0100 Subject: [PATCH 112/142] m 1 vbob: allow to deploy self --- makefu/1systems/vbob.nix | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix index 4d8e8ced1..b121a730a 100644 --- a/makefu/1systems/vbob.nix +++ b/makefu/1systems/vbob.nix @@ -1,7 +1,7 @@ # # # -{ config, pkgs, ... }: +{ lib, config, pkgs, ... }: { krebs.build.host = config.krebs.hosts.vbob; @@ -12,13 +12,21 @@ ../2configs/main-laptop.nix #< base-gui # environment + ../2configs/zsh-user.nix ../2configs/virtualization.nix ]; + + # allow vbob to deploy self + users.extraUsers = { + root = { + openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; + }; + }; nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; environment.systemPackages = with pkgs;[ get - ]; + ]; networking.firewall.allowedTCPPorts = [ 25 From 55ad05879b8ba97e369bfd72810028dd4622e356 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 19:36:06 +0100 Subject: [PATCH 113/142] s 1 wolf: initial preparation of ci packaging --- makefu/2configs/nginx/euer.test.nix | 26 ++++++++++++++++++++++++++ shared/1systems/wolf.nix | 3 ++- shared/2configs/cac-ci.nix | 11 +++++++++++ 3 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 makefu/2configs/nginx/euer.test.nix create mode 100644 shared/2configs/cac-ci.nix diff --git a/makefu/2configs/nginx/euer.test.nix b/makefu/2configs/nginx/euer.test.nix new file mode 100644 index 000000000..ffdc0bc60 --- /dev/null +++ b/makefu/2configs/nginx/euer.test.nix @@ -0,0 +1,26 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + hostname = config.krebs.build.host.name; + user = config.services.nginx.user; + group = config.services.nginx.group; + external-ip = head config.krebs.build.host.nets.internet.addrs4; + internal-ip = head config.krebs.build.host.nets.retiolum.addrs4; +in { + krebs.nginx = { + enable = mkDefault true; + servers = { + euer-share = { + listen = [ ]; + server-names = [ "share.euer.krebsco.de" ]; + locations = singleton (nameValuePair "/" '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://localhost:8000/; + ''); + }; + }; + }; +} diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix index 8c5295bb3..a3e527a3b 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf.nix @@ -11,6 +11,7 @@ in ../2configs/collectd-base.nix ../2configs/shack-nix-cacher.nix ../2configs/shack-drivedroid.nix + ../2configs/cac-ci.nix ]; # use your own binary cache, fallback use cache.nixos.org (which is used by # apt-cacher-ng in first place) @@ -24,7 +25,7 @@ in }]; defaultGateway = "10.42.0.1"; - nameservers = [ "8.8.8.8" ]; + nameservers = [ "10.42.0.100" "10.42.0.200" ]; }; ##################### diff --git a/shared/2configs/cac-ci.nix b/shared/2configs/cac-ci.nix new file mode 100644 index 000000000..06cce2746 --- /dev/null +++ b/shared/2configs/cac-ci.nix @@ -0,0 +1,11 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + environment.systemPackages = with pkgs;[ + get + cac + cacpanel + jq + ]; +} From b5eafa4c03e9f7059e30ec137c5b0bbe6e47e3a7 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 15 Dec 2015 12:44:41 +0100 Subject: [PATCH 114/142] k 3 makefu: gum provides cgit.gum --- krebs/3modules/makefu/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 14cafd3ed..3d1ac6cfb 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -273,6 +273,7 @@ with lib; mattermost.euer IN A ${head nets.internet.addrs4} git.euer IN A ${head nets.internet.addrs4} gum IN A ${head nets.internet.addrs4} + cgit.euer IN A ${head nets.internet.addrs4} ''; }; nets = { @@ -287,6 +288,7 @@ with lib; addrs6 = ["42:f9f0:0000:0000:0000:0000:0000:70d2"]; aliases = [ "gum.retiolum" + "cgit.gum.retiolum" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- From d4792eb7231acf5bf66409adb4e777433998678b Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 15 Dec 2015 15:33:34 +0100 Subject: [PATCH 115/142] prepare zshrc, makes ~/.zshrc obsolete --- makefu/2configs/zsh-user.nix | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix index 3089b706a..266ce256a 100644 --- a/makefu/2configs/zsh-user.nix +++ b/makefu/2configs/zsh-user.nix @@ -5,6 +5,36 @@ let mainUser = config.krebs.build.user.name; in { - programs.zsh.enable = true; users.extraUsers.${mainUser}.shell = "/run/current-system/sw/bin/zsh"; + programs.zsh= { + enable = true; + interactiveShellInit = '' + HISTSIZE=900001 + HISTFILESIZE=$HISTSIZE + SAVEHIST=$HISTSIZE + + setopt HIST_IGNORE_ALL_DUPS + setopt HIST_IGNORE_SPACE + setopt HIST_FIND_NO_DUPS + bindkey -e + # shift-tab + bindkey '^[[Z' reverse-menu-complete + + autoload -U compinit && compinit + zstyle ':completion:*' menu select + ''; + + promptInit = '' + RPROMPT="" + autoload colors && colors + case $UID in + 0) PROMPT="%{$fg[red]%}%~%{$reset_color%} " ;; + 9001) PROMPT="%{$fg[green]%}%~%{$reset_color%} " ;; + *) PROMPT="%{$fg[yellow]%}%n %{$fg[green]%}%~%{$reset_color%} " ;; + esac + if test -n "$SSH_CLIENT"; then + PROMPT="%{$fg[magenta]%}%m $PROMPT" + fi + ''; + }; } From 3371d54618aa017be77e2494c1cf82331152f3b7 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 15 Dec 2015 18:43:40 +0100 Subject: [PATCH 116/142] m 3 buildbot: master init --- makefu/3modules/buildbot/master.nix | 179 ++++++++++++++++++++++++++++ 1 file changed, 179 insertions(+) create mode 100644 makefu/3modules/buildbot/master.nix diff --git a/makefu/3modules/buildbot/master.nix b/makefu/3modules/buildbot/master.nix new file mode 100644 index 000000000..310b8460d --- /dev/null +++ b/makefu/3modules/buildbot/master.nix @@ -0,0 +1,179 @@ +{ config, pkgs, lib, ... }: + +with lib; +let + buildbot = pkgs.buildbot; + buildbot-master-config = pkgs.writeText "buildbot-master.cfg" '' + # -*- python -*- + from buildbot.plugins import * + + c = BuildmasterConfig = {} + + c['slaves'] = [] + # TODO: template potential buildslaves + # TODO: set password? + for i in [ 'testslave' ]: + c['slaves'].append(buildslave.BuildSlave(i, "krebspass")) + + c['protocols'] = {'pb': {'port': 9989}} + + ####### Build Inputs + stockholm_repo = 'http://cgit.gum/stockholm' + c['change_source'] = [] + c['change_source'].append(changes.GitPoller( + stockholm_repo, + workdir='stockholm-poller', branch='master', + project='stockholm', + pollinterval=300)) + + ####### Build Scheduler + # TODO: configure scheduler + important_files = util.ChangeFilter( + project_re="^((krebs|share)/.*|Makefile|default.nix)", + branch='master') + c['schedulers'] = [] + c['schedulers'].append(schedulers.SingleBranchScheduler( + name="all-important-files", + change_filter=important_files, + # 3 minutes stable tree + treeStableTimer=3*60, + builderNames=["runtests"])) + c['schedulers'].append(schedulers.ForceScheduler( + name="force", + builderNames=["runtests"])) + ###### The actual build + factory = util.BuildFactory() + factory.addStep(steps.Git(repourl=stockholm_repo, mode='incremental')) + + deps = [ "gnumake", "jq" ] + factory.addStep(steps.ShellCommand(command=["nix-shell", "-p" ] + deps )) + factory.addStep(steps.ShellCommand(env={"LOGNAME": "shared"}, + command=["make", "get=krebs.deploy", + "system=test-centos7"])) + + # TODO: different Builders? + c['builders'] = [] + c['builders'].append( + util.BuilderConfig(name="runtests", + # TODO: only some slaves being used in builder? + slavenames=c['slaves'], + factory=factory)) + + ####### Status of Builds + c['status'] = [] + + from buildbot.status import html + from buildbot.status.web import authz, auth + # TODO: configure if http is wanted + authz_cfg=authz.Authz( + # TODO: configure user/pw + auth=auth.BasicAuth([("krebs","bob")]), + gracefulShutdown = False, + forceBuild = 'auth', + forceAllBuilds = 'auth', + pingBuilder = False, + stopBuild = False, + stopAllBuilds = False, + cancelPendingBuild = False, + ) + # TODO: configure nginx + c['status'].append(html.WebStatus(http_port=8010, authz=authz_cfg)) + + from buildbot.status import words + # TODO: configure IRC Bot + irc = words.IRC("irc.freenode.net", "krebsbuild", + channels=["krebs"], + notify_events={ + 'sucess': 1, + 'failure': 1, + 'exception': 1, + 'successToFailure': 1, + 'failureToSuccess': 1, + },allowForce=True) + c['status'].append(irc) + + ####### PROJECT IDENTITY + c['title'] = "Stockholm" + c['titleURL'] = "http://krebsco.de" + + c['buildbotURL'] = "http://buildbot.krebsco.de/" + + ####### DB URL + c['db'] = { + 'db_url' : "sqlite:///state.sqlite", + } + ${cfg.extraConfig} + ''; + + cfg = config.makefu.buildbot.master; + + api = { + enable = mkEnableOption "Buildbot Master"; + + workDir = mkOption { + default = "/var/lib/buildbot/master"; + type = types.str; + description = '' + Path to build bot master directory. + Will be created on startup. + ''; + }; + + extraConfig = mkOption { + default = ""; + type = types.lines; + description = '' + extra config appended to the generated master.cfg + ''; + }; + }; + + imp = { + + users.extraUsers.buildbotMaster = { + uid = 672626386; #genid buildbotMaster + description = "Buildbot Master"; + home = cfg.workDir; + createHome = false; + }; + + users.extraGroups.buildbotMaster = { + gid = 672626386; + }; + + systemd.services.buildbotMaster = { + description = "Buildbot Master"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + PermissionsStartOnly = true; + # TODO: maybe also prepare buildbot.tac? + ExecStartPre = pkgs.writeScript "buildbot-master-init" '' + #!/bin/sh + set -efux + workdir=${lib.shell.escape cfg.workDir} + if [ ! -e $workdir ];then + mkdir -p $workdir + ${buildbot}/bin/buildbot create-master -r -l 10 -f $workdir + chown buildbotMaster:buildbotMaster $workdir + fi + # always override the master.cfg + cp ${toString buildbot-master-config} "$workdir/master.cfg" + # sanity + ${buildbot}/bin/buildbot checkconfig $workdir + # upgrade + ${buildbot}/bin/buildbot upgrade-master $workdir + ''; + ExecStart = "${buildbot}/bin/buildbot ${lib.shell.escape cfg.workDir}"; + PrivateTmp = "true"; + User = "buildbotMaster"; + Restart = "always"; + RestartSec = "10"; + }; + }; + }; +in +{ + options.makefu.buildbot.master = api; + config = mkIf cfg.enable imp; +} From cf5a1ba6bcf657396bc6b8c2fbc32143d27849d0 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 15 Dec 2015 21:18:29 +0100 Subject: [PATCH 117/142] m 1 pornocauster: use latest buildbot for stable build --- makefu/1systems/pornocauster.nix | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index 977289470..6f176b7fa 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -36,11 +36,17 @@ # ../2configs/mediawiki.nix #../2configs/wordpress.nix ]; - nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; + nixpkgs.config.packageOverrides = pkgs: { + tinc = pkgs.tinc_pre; + buildbot = let + pkgs1509 = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {}; + in pkgs1509.buildbot; + }; + makefu.buildbot.master.enable = true; + #krebs.Reaktor.enable = true; #krebs.Reaktor.nickname = "makefu|r"; - - krebs.build.host = config.krebs.hosts.pornocauster; + # nix.binaryCaches = [ "http://acng.shack/nixos" "https://cache.nixos.org" ]; environment.systemPackages = with pkgs;[ get @@ -58,4 +64,5 @@ 25 ]; + krebs.build.host = config.krebs.hosts.pornocauster; } From a907f926c120f10945c47cdaba7405fe08cfd9ee Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 15 Dec 2015 22:25:46 +0100 Subject: [PATCH 118/142] m 3 buildbot: first working commit for buildbot master --- makefu/3modules/buildbot/master.nix | 37 ++++++++++++++++++----------- 1 file changed, 23 insertions(+), 14 deletions(-) diff --git a/makefu/3modules/buildbot/master.nix b/makefu/3modules/buildbot/master.nix index 310b8460d..d8e917a21 100644 --- a/makefu/3modules/buildbot/master.nix +++ b/makefu/3modules/buildbot/master.nix @@ -12,7 +12,8 @@ let c['slaves'] = [] # TODO: template potential buildslaves # TODO: set password? - for i in [ 'testslave' ]: + slavenames= [ 'testslave' ] + for i in slavenames: c['slaves'].append(buildslave.BuildSlave(i, "krebspass")) c['protocols'] = {'pb': {'port': 9989}} @@ -56,7 +57,7 @@ let c['builders'].append( util.BuilderConfig(name="runtests", # TODO: only some slaves being used in builder? - slavenames=c['slaves'], + slavenames=slavenames, factory=factory)) ####### Status of Builds @@ -84,7 +85,7 @@ let irc = words.IRC("irc.freenode.net", "krebsbuild", channels=["krebs"], notify_events={ - 'sucess': 1, + 'success': 1, 'failure': 1, 'exception': 1, 'successToFailure': 1, @@ -145,26 +146,34 @@ let description = "Buildbot Master"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - serviceConfig = { + serviceConfig = let + workdir="${lib.shell.escape cfg.workDir}"; + in { + pidfile="${workdir}/twistd.pid"; PermissionsStartOnly = true; + Type = "forking"; + PIDFile = "${workdir}/twistd.pid"; # TODO: maybe also prepare buildbot.tac? ExecStartPre = pkgs.writeScript "buildbot-master-init" '' #!/bin/sh set -efux - workdir=${lib.shell.escape cfg.workDir} - if [ ! -e $workdir ];then - mkdir -p $workdir - ${buildbot}/bin/buildbot create-master -r -l 10 -f $workdir - chown buildbotMaster:buildbotMaster $workdir + if [ ! -e ${workdir} ];then + mkdir -p ${workdir} + ${buildbot}/bin/buildbot create-master -r -l 10 -f ${workdir} fi # always override the master.cfg - cp ${toString buildbot-master-config} "$workdir/master.cfg" + cp ${buildbot-master-config} ${workdir}/master.cfg # sanity - ${buildbot}/bin/buildbot checkconfig $workdir - # upgrade - ${buildbot}/bin/buildbot upgrade-master $workdir + ${buildbot}/bin/buildbot checkconfig ${workdir} + + # TODO: maybe upgrade? + # ${buildbot}/bin/buildbot upgrade-master ${workdir} + + chown buildbotMaster:buildbotMaster -R ${workdir} ''; - ExecStart = "${buildbot}/bin/buildbot ${lib.shell.escape cfg.workDir}"; + ExecStart = "${buildbot}/bin/buildbot start ${workdir}"; + ExecStop = "${buildbot}/bin/buildbot stop ${workdir}"; + ExecReload = "${buildbot}/bin/buildbot reconfig ${workdir}"; PrivateTmp = "true"; User = "buildbotMaster"; Restart = "always"; From c95085d875ac72152dcfbaceb35364203f97db7d Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 10:42:20 +0100 Subject: [PATCH 119/142] m 3 buildbot: add to imports --- makefu/3modules/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index a8a1f69d0..4b2b36e64 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -2,6 +2,7 @@ _: { imports = [ + ./buildbot/master.nix ]; } From 09f4611f38ecaf471a54c09fc3fa9350ffe3f0b9 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 10:42:40 +0100 Subject: [PATCH 120/142] m 2 default: add aliases, pythonstartup env --- makefu/2configs/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 519635281..c0d7685e3 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -104,6 +104,8 @@ with lib; HISTSIZE=900001 HISTFILESIZE=$HISTSIZE + PYTHONSTARTUP="~/.pythonrc"; + shopt -s checkhash shopt -s histappend histreedit histverify shopt -s no_empty_cmd_completion @@ -123,6 +125,9 @@ with lib; environment.shellAliases = { lsl = "ls -lAtr"; + psg = "ps -ef | grep"; + nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml"; + grep = "grep --color=auto"; }; nixpkgs.config.packageOverrides = pkgs: { From c20d38e11ecf38dda8931769a04cdcdf96f88c3f Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 11:40:18 +0100 Subject: [PATCH 121/142] m 2 base-gui: write xdefaults, obsoletes ~/.Xdefaults --- makefu/2configs/base-gui.nix | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix index 16a5386ca..1d6750284 100644 --- a/makefu/2configs/base-gui.nix +++ b/makefu/2configs/base-gui.nix @@ -73,4 +73,33 @@ in enable = true; # systemWide = true; }; + services.xserver.displayManager.sessionCommands = let + xdefaultsfile = pkgs.writeText "Xdefaults" '' + cat |derp < Date: Wed, 16 Dec 2015 11:40:48 +0100 Subject: [PATCH 122/142] m 2 zsh-user: load gpg-agent, obsoletes oh-my-zsh ssh plugin --- makefu/2configs/zsh-user.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix index 266ce256a..1b1762418 100644 --- a/makefu/2configs/zsh-user.nix +++ b/makefu/2configs/zsh-user.nix @@ -22,6 +22,16 @@ in autoload -U compinit && compinit zstyle ':completion:*' menu select + + # load gpg-agent + envfile="$HOME/.gnupg/gpg-agent.env" + if [ -e "$envfile" ] && kill -0 $(grep GPG_AGENT_INFO "$envfile" | cut -d: -f 2) 2>/dev/null; then + eval "$(cat "$envfile")" + else + eval "$(${pkgs.gnupg}/bin/gpg-agent --daemon --enable-ssh-support --write-env-file "$envfile")" + fi + export GPG_AGENT_INFO + export SSH_AUTH_SOCK ''; promptInit = '' From 27746f9a3dffe6adde137d300e498249843174d9 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 11:43:56 +0100 Subject: [PATCH 123/142] m 2 wwan: add alias for umts when wwan is loaded --- makefu/2configs/wwan.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/makefu/2configs/wwan.nix b/makefu/2configs/wwan.nix index dd1c63090..29a610ac6 100644 --- a/makefu/2configs/wwan.nix +++ b/makefu/2configs/wwan.nix @@ -9,6 +9,10 @@ in { wvdial ]; + environment.shellAliases = { + umts = "sudo wvdial netzclub"; + }; + # configure for NETZCLUB environment.wvdial.dialerDefaults = '' Phone = *99***1# From 5af1d1c7b14c08ba1c0198cc9771c452218670b0 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 11:54:58 +0100 Subject: [PATCH 124/142] m 2 Reaktor: sed-plugin fix name --- makefu/2configs/Reaktor/sed-plugin.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/Reaktor/sed-plugin.nix b/makefu/2configs/Reaktor/sed-plugin.nix index 1ec977116..a451e0d3e 100644 --- a/makefu/2configs/Reaktor/sed-plugin.nix +++ b/makefu/2configs/Reaktor/sed-plugin.nix @@ -7,7 +7,7 @@ in { #TODO: this will eat up the last regex, fix Reaktor krebs.Reaktor.extraConfig = '' public_commands.append({ - 'capname' : "shack-correct", + 'capname' : "sed-plugin", # only support s///gi 'pattern' : '^(?P.*)$$', 'argv' : ["${pkgs.python3}/bin/python3","${script}"], From 104381af7cf34602064e57b0f2cfae18f2ecc063 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 11:59:01 +0100 Subject: [PATCH 125/142] k 5 snapraid: init --- krebs/5pkgs/snapraid/default.nix | 33 ++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 krebs/5pkgs/snapraid/default.nix diff --git a/krebs/5pkgs/snapraid/default.nix b/krebs/5pkgs/snapraid/default.nix new file mode 100644 index 000000000..41db0f284 --- /dev/null +++ b/krebs/5pkgs/snapraid/default.nix @@ -0,0 +1,33 @@ +{stdenv, fetchurl}: +let + s = # Generated upstream information + rec { + baseName="jq"; + version="1.5"; + name="${baseName}-${version}"; + url=https://github.com/stedolan/jq/releases/download/jq-1.5/jq-1.5.tar.gz; + sha256="0g29kyz4ykasdcrb0zmbrp2jqs9kv1wz9swx849i2d1ncknbzln4"; + }; + buildInputs = [ + ]; +in +stdenv.mkDerivation { + inherit (s) name version; + inherit buildInputs; + src = fetchurl { + inherit (s) url sha256; + }; + + # jq is linked to libjq: + configureFlags = [ + "LDFLAGS=-Wl,-rpath,\\\${libdir}" + ]; + meta = { + inherit (s) version; + description = ''A lightweight and flexible command-line JSON processor''; + license = stdenv.lib.licenses.mit ; + maintainers = [stdenv.lib.maintainers.raskin]; + platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin; + }; +} + From edf646ee9211920a7eb85c13e567ecc748d014f4 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 11:59:26 +0100 Subject: [PATCH 126/142] s 2 graphite: init config --- shared/2configs/graphite.nix | 37 ++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 shared/2configs/graphite.nix diff --git a/shared/2configs/graphite.nix b/shared/2configs/graphite.nix new file mode 100644 index 000000000..707ec6e9a --- /dev/null +++ b/shared/2configs/graphite.nix @@ -0,0 +1,37 @@ +{ config, lib, pkgs, ... }: + +# graphite-web on port 8080 +# carbon cache on port 2003 (tcp/udp) + +# TODO: krebs.graphite.minimal.enable +# TODO: configure firewall +with lib; +{ + imports = [ ]; + + services.graphite = { + web = { + enable = true; + host = "0.0.0.0"; + }; + carbon = { + enableCache = true; + # save disk usage by restricting to 1 bulk update per second + config = '' + [cache] + MAX_CACHE_SIZE = inf + MAX_UPDATES_PER_SECOND = 1 + MAX_CREATES_PER_MINUTE = 50 + ''; + storageSchemas = '' + [carbon] + pattern = ^carbon\. + retentions = 60:90d + + [default] + pattern = .* + retentions = 60s:30d,300s:1y + ''; + }; + }; +} From f7da5211f3fe930f9a01317cf7fa9d52915c06e8 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 12:06:44 +0100 Subject: [PATCH 127/142] m 1 omo: init --- krebs/3modules/makefu/default.nix | 25 +++++++++++++++++++++ makefu/1systems/omo.nix | 37 +++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) create mode 100644 makefu/1systems/omo.nix diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 3d1ac6cfb..1970a0777 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -263,6 +263,31 @@ with lib; }; }; }; + + omo = rec { + cores = 2; + dc = "makefu"; #AMD E350 + + nets = { + retiolum = { + addrs4 = ["10.243.0.89"]; + addrs6 = ["42:f9f0::10"]; + aliases = [ + "omo.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAuHQEeowvxRkoHJUw6cUp431pnoIy4MVv7kTLgWEK46nzgZtld9LM + ZdNMJB9CuOVVMHEaiY6Q5YchUmapGxwEObc0y+8zQxTPw3I4q0GkSJqKLPrsTpkn + sgEkHPfs2GVdtIBXDn9I8i5JsY2+U8QF8fbIQSOO08/Vpa3nknDAMege9yEa3NFm + s/+x+2pS+xV6uzf/H21XNv0oufInXwZH1NCNXAy5I2V6pz7BmAHilVOGCT7g2zn6 + GasmofiYEnro4V5s8gDlQkb7bCZEIA9EgX/HP6fZJQezSUHcDCQFI0vg26xywbr6 + 5+9tTn8fN2mWS5+Pdmx3haX1qFcBP5HglwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; gum = rec { cores = 1; dc = "online.net"; #root-server diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix new file mode 100644 index 000000000..6ae79398a --- /dev/null +++ b/makefu/1systems/omo.nix @@ -0,0 +1,37 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ../2configs/fs/single-partition-ext4.nix + ../2configs/tinc-basic-retiolum.nix + ../2configs/exim-retiolum.nix + ]; + krebs.build.host = config.krebs.hosts.omo; + + # AMD E350 + boot = { + loader.grub.device = "/dev/sda"; + + initrd.availableKernelModules = [ + "usb_storage" + "ahci" + "xhci_hcd" + "ata_piix" + "uhci_hcd" + "ehci_pci" + ]; + + kernelModules = [ ]; + extraModulePackages = [ ]; + }; + + hardware.enableAllFirmware = true; + hardware.cpu.amd.updateMicrocode = true; + + networking.firewall.allowPing = true; +} From 3d26e0b58f4c692f2f412ecc838f0b766b97947e Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 12:23:55 +0100 Subject: [PATCH 128/142] m 1 vbob: use custom nixpkgs, /nix mount --- makefu/1systems/vbob.nix | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix index b121a730a..6bcdb3ecd 100644 --- a/makefu/1systems/vbob.nix +++ b/makefu/1systems/vbob.nix @@ -13,10 +13,17 @@ # environment - ../2configs/zsh-user.nix - ../2configs/virtualization.nix ]; - + krebs.build.source.git.nixpkgs = { + #url = https://github.com/nixos/nixpkgs; + # HTTP Everywhere + rev = "a3974e"; + }; + fileSystems."/nix" = { + device ="/dev/disk/by-label/nixstore"; + fsType = "ext4"; + }; + #makefu.buildbot.master.enable = true; # allow vbob to deploy self users.extraUsers = { root = { @@ -40,8 +47,8 @@ connectTo = [ "gum" ]; - }; + networking.proxy.default = "http://global.proxy.alcatel-lucent.com:8000"; fileSystems."/media/share" = { fsType = "vboxsf"; @@ -50,3 +57,4 @@ }; } + From a4abf300d8adea5a454f8664f2de6dd8e9095216 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 12:29:24 +0100 Subject: [PATCH 129/142] m 2 main-laptop: use zsh for main-laptop --- makefu/1systems/pornocauster.nix | 4 +--- makefu/2configs/main-laptop.nix | 1 + 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index 6f176b7fa..28b77d330 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -6,14 +6,12 @@ { imports = [ # Include the results of the hardware scan. - ../2configs/main-laptop.nix #< base-gui + ../2configs/main-laptop.nix #< base-gui + zsh # Krebs ../2configs/tinc-basic-retiolum.nix #../2configs/disable_v6.nix - # environment - ../2configs/zsh-user.nix # applications diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix index 00a3e73ca..b725f661d 100644 --- a/makefu/2configs/main-laptop.nix +++ b/makefu/2configs/main-laptop.nix @@ -9,6 +9,7 @@ with lib; imports = [ ./base-gui.nix ./fetchWallpaper.nix + ./zsh-user.nix ]; environment.systemPackages = with pkgs;[ vlc From 20a52c8dee414e89dba49f4a4a12e20d6555c55e Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 14:29:46 +0100 Subject: [PATCH 130/142] m 3 buildbot/master: make irc configurable --- makefu/3modules/buildbot/master.nix | 66 +++++++++++++++++++++++------ 1 file changed, 52 insertions(+), 14 deletions(-) diff --git a/makefu/3modules/buildbot/master.nix b/makefu/3modules/buildbot/master.nix index d8e917a21..5d340f899 100644 --- a/makefu/3modules/buildbot/master.nix +++ b/makefu/3modules/buildbot/master.nix @@ -81,17 +81,19 @@ let c['status'].append(html.WebStatus(http_port=8010, authz=authz_cfg)) from buildbot.status import words - # TODO: configure IRC Bot - irc = words.IRC("irc.freenode.net", "krebsbuild", - channels=["krebs"], - notify_events={ - 'success': 1, - 'failure': 1, - 'exception': 1, - 'successToFailure': 1, - 'failureToSuccess': 1, - },allowForce=True) - c['status'].append(irc) + ${optionalString (cfg.irc.enable) '' + irc = words.IRC("${cfg.irc.server}", "krebsbuild", + # TODO: multiple channels + channels=["${cfg.irc.channel}"], + notify_events={ + 'success': 1, + 'failure': 1, + 'exception': 1, + 'successToFailure': 1, + 'failureToSuccess': 1, + }${optionalString cfg.irc.allowForce ",allowForce=True"}) + c['status'].append(irc) + ''} ####### PROJECT IDENTITY c['title'] = "Stockholm" @@ -119,7 +121,42 @@ let Will be created on startup. ''; }; - + irc = mkOption { + default = {}; + type = types.submodule ({ config, ... }: { + options = { + enable = mkEnableOption "Buildbot Master IRC Status"; + channel = mkOption { + default = "nix-buildbot-meetup"; + type = types.str; + description = '' + irc channel the bot should connect to + ''; + }; + allowForce = mkOption { + default = false; + type = types.bool; + description = '' + Determines if builds can be forced via IRC + ''; + }; + nick = mkOption { + default = "nix-buildbot"; + type = types.str; + description = '' + nickname for IRC + ''; + }; + server = mkOption { + default = "irc.freenode.net"; + type = types.str; + description = '' + Buildbot Status IRC Server to connect to + ''; + }; + }; + }); + }; extraConfig = mkOption { default = ""; type = types.lines; @@ -149,7 +186,6 @@ let serviceConfig = let workdir="${lib.shell.escape cfg.workDir}"; in { - pidfile="${workdir}/twistd.pid"; PermissionsStartOnly = true; Type = "forking"; PIDFile = "${workdir}/twistd.pid"; @@ -166,9 +202,11 @@ let # sanity ${buildbot}/bin/buildbot checkconfig ${workdir} - # TODO: maybe upgrade? + # TODO: maybe upgrade? not sure about this + # normally we should write buildbot.tac by our own # ${buildbot}/bin/buildbot upgrade-master ${workdir} + chmod 700 -R ${workdir} chown buildbotMaster:buildbotMaster -R ${workdir} ''; ExecStart = "${buildbot}/bin/buildbot start ${workdir}"; From 2156aa4d37071408b8e5385a4f639ed029f70620 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 14:30:01 +0100 Subject: [PATCH 131/142] m 3 buildbot/slave: init --- makefu/3modules/buildbot/slave.nix | 159 +++++++++++++++++++++++++++++ 1 file changed, 159 insertions(+) create mode 100644 makefu/3modules/buildbot/slave.nix diff --git a/makefu/3modules/buildbot/slave.nix b/makefu/3modules/buildbot/slave.nix new file mode 100644 index 000000000..188a9283c --- /dev/null +++ b/makefu/3modules/buildbot/slave.nix @@ -0,0 +1,159 @@ +{ config, pkgs, lib, ... }: + +with lib; +let + buildbot-slave-init = pkgs.writeText "buildbot-slave.tac" '' + import os + + from buildslave.bot import BuildSlave + from twisted.application import service + + basedir = '${cfg.workDir}' + rotateLength = 10000000 + maxRotatedFiles = 10 + + application = service.Application('buildslave') + + from twisted.python.logfile import LogFile + from twisted.python.log import ILogObserver, FileLogObserver + logfile = LogFile.fromFullPath(os.path.join(basedir, "twistd.log"), rotateLength=rotateLength, + maxRotatedFiles=maxRotatedFiles) + application.setComponent(ILogObserver, FileLogObserver(logfile).emit) + + buildmaster_host = '${cfg.masterhost}' + # TODO: masterport? + port = 9989 + slavename = '${cfg.username}' + passwd = '${cfg.password}' + keepalive = 600 + usepty = 0 + umask = None + maxdelay = 300 + allow_shutdown = None + + ${cfg.extraConfig} + + s = BuildSlave(buildmaster_host, port, slavename, passwd, basedir, + keepalive, usepty, umask=umask, maxdelay=maxdelay, + allow_shutdown=allow_shutdown) + s.setServiceParent(application) + ''; + + cfg = config.makefu.buildbot.slave; + + api = { + enable = mkEnableOption "Buildbot Slave"; + + workDir = mkOption { + default = "/var/lib/buildbot/slave"; + type = types.str; + description = '' + Path to build bot slave directory. + Will be created on startup. + ''; + }; + + masterhost = mkOption { + default = "localhost"; + type = types.str; + description = '' + Hostname/IP of the buildbot master + ''; + }; + + username = mkOption { + type = types.str; + description = '' + slavename used to authenticate with master + ''; + }; + + password = mkOption { + type = types.str; + description = '' + slave password used to authenticate with master + ''; + }; + + contact = mkOption { + default = "nix slave "; + type = types.str; + description = '' + contact to be announced by buildslave + ''; + }; + + description = mkOption { + default = "Nix Generated BuildSlave"; + type = types.str; + description = '' + description for hostto be announced by buildslave + ''; + }; + + extraConfig = mkOption { + default = ""; + type = types.lines; + example = '' + port = 443 + keepalive = 600 + ''; + description = '' + extra config evaluated before calling BuildSlave init in .tac file + ''; + }; + }; + + imp = { + + users.extraUsers.buildbotSlave = { + uid = 1408105834; #genid buildbotMaster + description = "Buildbot Slave"; + home = cfg.workDir; + createHome = false; + }; + + users.extraGroups.buildbotSlave = { + gid = 1408105834; + }; + + systemd.services."buildbotSlave-${cfg.username}-${cfg.masterhost}" = { + description = "Buildbot Slave for ${cfg.username}@${cfg.masterhost}"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = let + workdir = "${lib.shell.escape cfg.workDir}"; + contact = "${lib.shell.escape cfg.contact}"; + description = "${lib.shell.escape cfg.description}"; + buildbot = pkgs.buildbot-slave; + # TODO:make this + in { + PermissionsStartOnly = true; + Type = "forking"; + PIDFile = "${workdir}/twistd.pid"; + # TODO: maybe also prepare buildbot.tac? + ExecStartPre = pkgs.writeScript "buildbot-master-init" '' + #!/bin/sh + set -efux + mkdir -p ${workdir}/info + cp ${buildbot-slave-init} ${workdir}/buildbot.tac + echo ${contact} > ${workdir}/info/admin + echo ${description} > ${workdir}/info/host + + chown buildbotSlave:buildbotSlave -R ${workdir} + chmod 700 -R ${workdir} + ''; + ExecStart = "${buildbot}/bin/buildslave start ${workdir}"; + ExecStop = "${buildbot}/bin/buildslave stop ${workdir}"; + PrivateTmp = "true"; + User = "buildbotSlave"; + Restart = "always"; + RestartSec = "10"; + }; + }; + }; +in +{ + options.makefu.buildbot.slave = api; + config = mkIf cfg.enable imp; +} From 8f18b00ab141df92b7df4725a18bb3283b184d76 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 14:30:21 +0100 Subject: [PATCH 132/142] m 1 vbob: configure buildbot master and slave --- makefu/1systems/vbob.nix | 31 ++++++++++++++++++++++++++++--- 1 file changed, 28 insertions(+), 3 deletions(-) diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix index 6bcdb3ecd..5b03d40a8 100644 --- a/makefu/1systems/vbob.nix +++ b/makefu/1systems/vbob.nix @@ -2,8 +2,9 @@ # # { lib, config, pkgs, ... }: - -{ +let + pkgs-unst = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {}; +in { krebs.build.host = config.krebs.hosts.vbob; krebs.build.target = "root@10.10.10.220"; imports = @@ -14,6 +15,28 @@ # environment ]; + nixpkgs.config.packageOverrides = pkgs: { + tinc = pkgs.tinc_pre; + buildbot = pkgs-unst.buildbot; + buildbot-slave = pkgs-unst.buildbot-slave; + }; + + makefu.buildbot.master = { + enable = true; + irc = { + enable = true; + server = "cd.retiolum"; + channel = "retiolum"; + allowForce = true; + }; + }; + makefu.buildbot.slave = { + enable = true; + masterhost = "localhost"; + username = "testslave"; + password = "krebspass"; + }; + krebs.build.source.git.nixpkgs = { #url = https://github.com/nixos/nixpkgs; # HTTP Everywhere @@ -30,9 +53,11 @@ openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; }; }; - nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; environment.systemPackages = with pkgs;[ + buildbot + buildbot-slave get + genid ]; networking.firewall.allowedTCPPorts = [ From c2fd296ad671a73e85f830c84d860e988587d9ac Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 17:01:22 +0100 Subject: [PATCH 133/142] s 1 wolf: provide graphite --- shared/1systems/wolf.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix index a3e527a3b..2c51ac8fe 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf.nix @@ -12,6 +12,7 @@ in ../2configs/shack-nix-cacher.nix ../2configs/shack-drivedroid.nix ../2configs/cac-ci.nix + ../2configs/graphite.nix ]; # use your own binary cache, fallback use cache.nixos.org (which is used by # apt-cacher-ng in first place) From bdc9f6f18813e5840c6a20a0f507d72da49cd759 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 17:10:44 +0100 Subject: [PATCH 134/142] m 3 buildbot.slave: add extra packages and environ to configuration --- makefu/3modules/buildbot/slave.nix | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/makefu/3modules/buildbot/slave.nix b/makefu/3modules/buildbot/slave.nix index 188a9283c..69d0361bf 100644 --- a/makefu/3modules/buildbot/slave.nix +++ b/makefu/3modules/buildbot/slave.nix @@ -38,7 +38,7 @@ let allow_shutdown=allow_shutdown) s.setServiceParent(application) ''; - + default-packages = [ pkgs.git pkgs.bash ]; cfg = config.makefu.buildbot.slave; api = { @@ -91,6 +91,26 @@ let ''; }; + packages = mkOption { + default = [ pkgs.git ]; + type = with types; listOf package; + description = '' + packages which should be in path for buildslave + ''; + }; + + extraEnviron = mkOption { + default = {}; + example = { + NIX_PATH = "nixpkgs=/path/to/my/nixpkgs"; + }; + type = types.attrsOf types.str; + description = '' + extra environment variables to be provided to the buildslave service + if you need nixpkgs, e.g. for running nix-shell you can set NIX_PATH here. + ''; + }; + extraConfig = mkOption { default = ""; type = types.lines; @@ -121,6 +141,12 @@ let description = "Buildbot Slave for ${cfg.username}@${cfg.masterhost}"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; + path = default-packages ++ cfg.packages; + + environment = { + NIX_REMOTE="daemon"; + } // cfg.extraEnviron; + serviceConfig = let workdir = "${lib.shell.escape cfg.workDir}"; contact = "${lib.shell.escape cfg.contact}"; From 87694e24df0ebbaaa08d4f632fea72f48bc430f5 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 17:11:42 +0100 Subject: [PATCH 135/142] m 3 buildbot.master: add deps, refactor --- makefu/3modules/buildbot/master.nix | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/makefu/3modules/buildbot/master.nix b/makefu/3modules/buildbot/master.nix index 5d340f899..0073e5aed 100644 --- a/makefu/3modules/buildbot/master.nix +++ b/makefu/3modules/buildbot/master.nix @@ -43,14 +43,26 @@ let name="force", builderNames=["runtests"])) ###### The actual build - factory = util.BuildFactory() - factory.addStep(steps.Git(repourl=stockholm_repo, mode='incremental')) + f = util.BuildFactory() + f.addStep(steps.Git(repourl=stockholm_repo, mode='incremental')) + # the dependencies which are used by the test script deps = [ "gnumake", "jq" ] - factory.addStep(steps.ShellCommand(command=["nix-shell", "-p" ] + deps )) - factory.addStep(steps.ShellCommand(env={"LOGNAME": "shared"}, - command=["make", "get=krebs.deploy", - "system=test-centos7"])) + nixshell = ["nix-shell", "-p" ] + deps + [ "--run" ] + def addShell(**kwargs): + f.addStep(steps.ShellCommand(**kwargs)) + + # TODO: combined strings somewhat defeat the reason why an array was used in first place + addShell(name=env={"LOGNAME": "shared", + "get" : "krebs.deploy", + "filter" : "json" + }, + command=nixshell + ["make -s eval system=test-centos7"]) + addShell(env={"LOGNAME": "shared", + "get" : "krebs.deploy", + "filter" : "json" + }, + command=nixshell + ["make -s eval system=wolf"]) # TODO: different Builders? c['builders'] = [] @@ -58,7 +70,7 @@ let util.BuilderConfig(name="runtests", # TODO: only some slaves being used in builder? slavenames=slavenames, - factory=factory)) + factory=f)) ####### Status of Builds c['status'] = [] @@ -183,8 +195,10 @@ let description = "Buildbot Master"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; + path = [ pkgs.git ]; serviceConfig = let workdir="${lib.shell.escape cfg.workDir}"; + # TODO: check if git is the only dep in { PermissionsStartOnly = true; Type = "forking"; From ad625d6d6830c7d7f7a61cc5ee1e2ad398ab70a6 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 17:48:49 +0100 Subject: [PATCH 136/142] m 3 buildbot.master: add fast and full tests --- makefu/3modules/buildbot/master.nix | 67 +++++++++++++++++++---------- 1 file changed, 45 insertions(+), 22 deletions(-) diff --git a/makefu/3modules/buildbot/master.nix b/makefu/3modules/buildbot/master.nix index 0073e5aed..1a9ef4db6 100644 --- a/makefu/3modules/buildbot/master.nix +++ b/makefu/3modules/buildbot/master.nix @@ -25,50 +25,71 @@ let stockholm_repo, workdir='stockholm-poller', branch='master', project='stockholm', - pollinterval=300)) + pollinterval=120)) ####### Build Scheduler # TODO: configure scheduler - important_files = util.ChangeFilter( - project_re="^((krebs|share)/.*|Makefile|default.nix)", - branch='master') c['schedulers'] = [] - c['schedulers'].append(schedulers.SingleBranchScheduler( - name="all-important-files", - change_filter=important_files, - # 3 minutes stable tree - treeStableTimer=3*60, - builderNames=["runtests"])) - c['schedulers'].append(schedulers.ForceScheduler( + + # test the master real quick + fast = schedulers.SingleBranchScheduler( + change_filter=util.ChangeFilter(branch="master"), + name="fast-master-test", + builderNames=["fast-tests"]) + + force = schedulers.ForceScheduler( name="force", - builderNames=["runtests"])) + builderNames=["full-tests"]) + + # files everyone depends on or are part of the share branch + def shared_files(change): + import re + r =re.compile("^((krebs|share)/.*|Makefile|default.nix)") + for file in change.files: + if r.match(file): + return True + return False + + full = schedulers.SingleBranchScheduler( + change_filter=util.ChangeFilter(branch="master"), + fileIsImportant=shared_files, + name="full-master-test", + builderNames=["full-tests"]) + c['schedulers'] = [ fast, force, full ] ###### The actual build + # couple of fast steps: f = util.BuildFactory() - f.addStep(steps.Git(repourl=stockholm_repo, mode='incremental')) + ## fetch repo + grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental') + f.addStep(grab_repo) # the dependencies which are used by the test script deps = [ "gnumake", "jq" ] nixshell = ["nix-shell", "-p" ] + deps + [ "--run" ] - def addShell(**kwargs): + def addShell(f,**kwargs): f.addStep(steps.ShellCommand(**kwargs)) - # TODO: combined strings somewhat defeat the reason why an array was used in first place - addShell(name=env={"LOGNAME": "shared", + addShell(f,name="centos7-eval",env={"LOGNAME": "shared", "get" : "krebs.deploy", "filter" : "json" }, command=nixshell + ["make -s eval system=test-centos7"]) - addShell(env={"LOGNAME": "shared", + + addShell(f,name="wolf-eval",env={"LOGNAME": "shared", "get" : "krebs.deploy", "filter" : "json" }, command=nixshell + ["make -s eval system=wolf"]) - # TODO: different Builders? c['builders'] = [] c['builders'].append( - util.BuilderConfig(name="runtests", - # TODO: only some slaves being used in builder? + util.BuilderConfig(name="fast-tests", + slavenames=slavenames, + factory=f)) + + # TODO slow build + c['builders'].append( + util.BuilderConfig(name="full-tests", slavenames=slavenames, factory=f)) @@ -111,7 +132,9 @@ let c['title'] = "Stockholm" c['titleURL'] = "http://krebsco.de" - c['buildbotURL'] = "http://buildbot.krebsco.de/" + #c['buildbotURL'] = "http://buildbot.krebsco.de/" + # TODO: configure url + c['buildbotURL'] = "http://vbob:8010/" ####### DB URL c['db'] = { @@ -124,7 +147,6 @@ let api = { enable = mkEnableOption "Buildbot Master"; - workDir = mkOption { default = "/var/lib/buildbot/master"; type = types.str; @@ -169,6 +191,7 @@ let }; }); }; + extraConfig = mkOption { default = ""; type = types.lines; From 20d9a610189da29cd1f4abf60089d0579a1e291a Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 17:53:35 +0100 Subject: [PATCH 137/142] m 1 vbob: add firewall exception, extraEnviron --- makefu/1systems/vbob.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix index 5b03d40a8..a24cefd0d 100644 --- a/makefu/1systems/vbob.nix +++ b/makefu/1systems/vbob.nix @@ -35,6 +35,8 @@ in { masterhost = "localhost"; username = "testslave"; password = "krebspass"; + packages = with pkgs;[ git nix ]; + extraEnviron = { NIX_PATH="nixpkgs=${toString }"; }; }; krebs.build.source.git.nixpkgs = { @@ -63,6 +65,7 @@ in { networking.firewall.allowedTCPPorts = [ 25 80 + 8010 ]; krebs.retiolum = { From 956d2091ec2ba931080ee8a09f12f5c645fbf672 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 17:58:29 +0100 Subject: [PATCH 138/142] m 3 buildbot.master: only alert on state change --- makefu/3modules/buildbot/master.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/makefu/3modules/buildbot/master.nix b/makefu/3modules/buildbot/master.nix index 1a9ef4db6..58e2f8175 100644 --- a/makefu/3modules/buildbot/master.nix +++ b/makefu/3modules/buildbot/master.nix @@ -6,6 +6,7 @@ let buildbot-master-config = pkgs.writeText "buildbot-master.cfg" '' # -*- python -*- from buildbot.plugins import * + import re c = BuildmasterConfig = {} @@ -43,7 +44,6 @@ let # files everyone depends on or are part of the share branch def shared_files(change): - import re r =re.compile("^((krebs|share)/.*|Makefile|default.nix)") for file in change.files: if r.match(file): @@ -119,8 +119,8 @@ let # TODO: multiple channels channels=["${cfg.irc.channel}"], notify_events={ - 'success': 1, - 'failure': 1, + #'success': 1, + #'failure': 1, 'exception': 1, 'successToFailure': 1, 'failureToSuccess': 1, From c666325c15726107598dbac3c64de175e6ff13ca Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 18:01:14 +0100 Subject: [PATCH 139/142] m 3 buildbot.slave: add to imports --- makefu/3modules/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index 4b2b36e64..ffbf54cc0 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -3,6 +3,7 @@ _: { imports = [ ./buildbot/master.nix + ./buildbot/slave.nix ]; } From 3f4bd94233164a9b12d61c1a460b6eff83c39209 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 17 Dec 2015 17:38:33 +0100 Subject: [PATCH 140/142] m 2 git/brain-retiolum: remove obsolete users --- makefu/2configs/git/brain-retiolum.nix | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/makefu/2configs/git/brain-retiolum.nix b/makefu/2configs/git/brain-retiolum.nix index 066d50a28..25ef584bf 100644 --- a/makefu/2configs/git/brain-retiolum.nix +++ b/makefu/2configs/git/brain-retiolum.nix @@ -59,16 +59,7 @@ let set-owners repo all-makefu ++ set-ro-access repo krebsminister; in { - imports = [{ - krebs.users.makefu-omo = { - name = "makefu-omo" ; - pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_omo.ssh.pub; - }; - krebs.users.makefu-tsp = { - name = "makefu-tsp" ; - pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub; - }; - }]; + imports = [ ]; krebs.git = { enable = true; cgit = false; From cfe266c222123c41fb7645a3739ac2ef448f527c Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 19 Dec 2015 16:02:27 +0100 Subject: [PATCH 141/142] k 5 cac: bump version --- krebs/5pkgs/cac/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/5pkgs/cac/default.nix b/krebs/5pkgs/cac/default.nix index e29f091e4..40dd56412 100644 --- a/krebs/5pkgs/cac/default.nix +++ b/krebs/5pkgs/cac/default.nix @@ -4,9 +4,9 @@ stdenv.mkDerivation { name = "cac-1.0.0"; src = fetchgit { - url = http://cgit.cd.retiolum/cac; - rev = "14de1d3c78385e3f8b6d694f5d799eb1b613159e"; - sha256 = "9b2a3d47345d6f8f27d9764c4f2f2acff17d3dde145dd0e674e4183e9312fec3"; + url = http://cgit.gum/cac; + rev = "fe3b2ecb0aaf7d863842b896e18cd2b829f2297b"; + sha256 = "05bnd7wyjhqy8srmpnc8d234rv3jxdjgb4z0hlfb9kg7mb12w1ya"; }; phases = [ From 5821d8438578db623a3e248c52fefa424fad0b51 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 19 Dec 2015 16:02:52 +0100 Subject: [PATCH 142/142] s 1 test-centos7: prepare to use generated networking --- shared/1systems/test-centos7.nix | 20 ++------------------ 1 file changed, 2 insertions(+), 18 deletions(-) diff --git a/shared/1systems/test-centos7.nix b/shared/1systems/test-centos7.nix index 51e99600c..077a5d61b 100644 --- a/shared/1systems/test-centos7.nix +++ b/shared/1systems/test-centos7.nix @@ -3,29 +3,13 @@ let inherit (lib) head; - ip = "168.235.145.85"; - gw = "168.235.145.1"; in { imports = [ ../2configs/base.nix ../2configs/os-templates/CAC-CentOS-7-64bit.nix - { - networking.interfaces.enp2s1.ip4 = [ - { - address = ip; - prefixLength = 24; - } - ]; - networking.defaultGateway = gw; - networking.nameservers = [ - "8.8.8.8" - ]; - - } - { - sound.enable = false; - } + ../2configs/os-templates/temp-networking.nix ]; + sound.enable = false; krebs.build.host = config.krebs.hosts.test-centos7; }