From 3ef9a0744e716ab2c5484c253c1cb40dd703e1b0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 6 Jun 2016 22:09:57 +0200 Subject: [PATCH 001/132] l 1: move hardware: mors <-> shodan --- lass/1systems/mors.nix | 4 ++-- lass/1systems/shodan.nix | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index a7a1fd253..b044939d7 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -131,8 +131,8 @@ }; services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" + SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:85:c9", NAME="et0" ''; #TODO activationScripts seem broken, fix them! diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 6829428ff..b05b9d265 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -69,8 +69,8 @@ with builtins; }; }; - #services.udev.extraRules = '' - # SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0" - # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0" - #''; + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" + ''; } From b447c3953334947421eb4693f66050c37acf2c34 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 6 Jun 2016 22:11:11 +0200 Subject: [PATCH 002/132] l 1 mors: disable broken startupScript --- lass/1systems/mors.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index b044939d7..598e502ad 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -146,7 +146,7 @@ #Autosuspend for USB device Broadcom Bluetooth Device [Broadcom Corp] #echo 'auto' > '/sys/bus/usb/devices/1-1.4/power/control' #Autosuspend for USB device Biometric Coprocessor - echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control' + #echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control' #Runtime PMs echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control' From 85ab676579beac3083b6c278858c0efea4efb358 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 6 Jun 2016 22:11:52 +0200 Subject: [PATCH 003/132] l 1 shodan: activate git --- lass/1systems/shodan.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index b05b9d265..9a29682a2 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -5,6 +5,7 @@ with builtins; imports = [ ../. ../2configs/baseX.nix + ../2configs/git.nix ../2configs/exim-retiolum.nix ../2configs/browsers.nix ../2configs/programs.nix From fd95a5a2049580ef66886ca15563bcf798d254b2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 6 Jun 2016 22:12:55 +0200 Subject: [PATCH 004/132] l 1 shodan: mount /dev/pool/home-lass --- lass/1systems/shodan.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 9a29682a2..073d86790 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -68,6 +68,11 @@ with builtins; "/boot" = { device = "/dev/sda1"; }; + + "/home/lass" = { + device = "/dev/pool/home-lass"; + fsType = "ext4"; + }; }; services.udev.extraRules = '' From 3dbb0294269666954a5e7ffa24342c4ad20bbb03 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 6 Jun 2016 22:15:20 +0200 Subject: [PATCH 005/132] l 2: bump nixpkgs f632f8e -> 5ae35cd --- lass/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 1c06acf38..5cb2614a8 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -57,7 +57,7 @@ with config.krebs.lib; stockholm = "/home/lass/stockholm"; nixpkgs = { url = https://github.com/lassulus/nixpkgs; - rev = "f632f8edaf80ffa8bf0b8c9b9064cae3ccbe3894"; + rev = "5ae35cd00571033901c424001c3878f5974f4992"; dev = "/home/lass/src/nixpkgs"; }; } // optionalAttrs config.krebs.build.host.secure { From 821fec2bcdf811dcca30e0fae40fa7812800ff6c Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 6 Jun 2016 22:17:41 +0200 Subject: [PATCH 006/132] l 2 xserver Xresources: steal tv's colors --- lass/2configs/xserver/Xresources.nix | 47 +++++++++++++++++++++++++--- 1 file changed, 43 insertions(+), 4 deletions(-) diff --git a/lass/2configs/xserver/Xresources.nix b/lass/2configs/xserver/Xresources.nix index e3b0f45dc..5d3661706 100644 --- a/lass/2configs/xserver/Xresources.nix +++ b/lass/2configs/xserver/Xresources.nix @@ -19,9 +19,48 @@ pkgs.writeText "Xresources" '' URxvt.intensityStyles: false - URxvt*background: #000000 - URxvt*foreground: #ffffff + URxvt*background: #050505 + ! URxvt*background: #041204 + + !URxvt.depth: 32 + !URxvt*background: rgba:0500/0500/0500/cccc + + ! URxvt*background: #080810 + URxvt*foreground: #d0d7d0 + ! URxvt*background: black + ! URxvt*foreground: white + ! URxvt*background: rgb:00/00/40 + ! URxvt*foreground: rgb:a0/a0/d0 + ! XTerm*cursorColor: rgb:00/00/60 + URxvt*cursorColor: #f042b0 + URxvt*cursorColor2: #f0b000 + URxvt*cursorBlink: off + ! URxvt*cursorUnderline: true + ! URxvt*highlightColor: #232323 + ! URxvt*highlightTextColor: #b0ffb0 + + URxvt*.pointerBlank: true + URxvt*.pointerBlankDelay: 987654321 + URxvt*.pointerColor: #f042b0 + URxvt*.pointerColor2: #050505 + + ! URxvt*color0: #000000 + ! URxvt*color1: #c00000 + ! URxvt*color2: #80c070 + URxvt*color3: #c07000 + ! URxvt*color4: #0000c0 + URxvt*color4: #4040c0 + ! URxvt*color5: #c000c0 + ! URxvt*color6: #008080 + URxvt*color7: #c0c0c0 + + URxvt*color8: #707070 + URxvt*color9: #ff6060 + URxvt*color10: #70ff70 + URxvt*color11: #ffff70 + URxvt*color12: #7070ff + URxvt*color13: #ff50ff + URxvt*color14: #70ffff + URxvt*color15: #ffffff - !change unreadable blue - URxvt*color4: #268bd2 '' From 208e8f6c0b1c2c84f0f1dcbdf3fc489b926df190 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 7 Jun 2016 10:43:51 +0200 Subject: [PATCH 007/132] l 2 websites domsen: www. for most domains --- lass/2configs/websites/domsen.nix | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 45d09c3b9..8322403ad 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -23,20 +23,20 @@ let in { imports = [ ./sqlBackup.nix - (ssl [ "reich-gebaeudereinigung.de" ]) - (servePage [ "reich-gebaeudereinigung.de" ]) + (ssl [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) + (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) - (ssl [ "karlaskop.de" ]) - (servePage [ "karlaskop.de" ]) + (ssl [ "karlaskop.de" "www.karlaskop.de" ]) + (servePage [ "karlaskop.de" "www.karlaskop.de" ]) - (ssl [ "makeup.apanowicz.de" ]) - (servePage [ "makeup.apanowicz.de" ]) + (ssl [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ]) + (servePage [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ]) - (ssl [ "pixelpocket.de" ]) - (servePage [ "pixelpocket.de" ]) + (ssl [ "pixelpocket.de" "www.pixelpocket.de" ]) + (servePage [ "pixelpocket.de" "www.pixelpocket.de" ]) - (ssl [ "o.ubikmedia.de" ]) - (serveOwncloud [ "o.ubikmedia.de" ]) + (ssl [ "o.ubikmedia.de" "www.o.ubikmedia.de" ]) + (serveOwncloud [ "o.ubikmedia.de" "www.o.ubikmedia.de" ]) (ssl [ "ubikmedia.de" "aldona.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ]) (serveWordpress [ "ubikmedia.de" "*.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ]) From 9d8980a51eeba08acaa57c2164bfce66b15fe1b6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 7 Jun 2016 20:03:47 +0200 Subject: [PATCH 008/132] l 2 websites domsen: enable more www. domains --- lass/2configs/websites/domsen.nix | 32 +++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 8322403ad..d62b58c17 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -38,8 +38,36 @@ in { (ssl [ "o.ubikmedia.de" "www.o.ubikmedia.de" ]) (serveOwncloud [ "o.ubikmedia.de" "www.o.ubikmedia.de" ]) - (ssl [ "ubikmedia.de" "aldona.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ]) - (serveWordpress [ "ubikmedia.de" "*.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ]) + (ssl [ + "ubikmedia.de" + "aldona.ubikmedia.de" + "apanowicz.de" + "nirwanabluete.de" + "aldonasiech.com" + "360gradvideo.tv" + "ubikmedia.eu" + "www.ubikmedia.de" + "www.aldona.ubikmedia.de" + "www.apanowicz.de" + "www.nirwanabluete.de" + "www.aldonasiech.com" + "www.360gradvideo.tv" + "www.ubikmedia.eu" + ]) + (serveWordpress [ + "ubikmedia.de" + "apanowicz.de" + "nirwanabluete.de" + "aldonasiech.com" + "360gradvideo.tv" + "ubikmedia.eu" + "www.apanowicz.de" + "www.nirwanabluete.de" + "www.aldonasiech.com" + "www.360gradvideo.tv" + "www.ubikmedia.eu" + "*.ubikmedia.de" + ]) ]; lass.mysqlBackup.config.all.databases = [ From 8c1257facc7b599dd62a730cf35370d68ff8799b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 7 Jun 2016 20:04:36 +0200 Subject: [PATCH 009/132] l 2: bump nixpkgs 5ae35cd -> 2e971b0 --- lass/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 5cb2614a8..aa37b8e6b 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -57,7 +57,7 @@ with config.krebs.lib; stockholm = "/home/lass/stockholm"; nixpkgs = { url = https://github.com/lassulus/nixpkgs; - rev = "5ae35cd00571033901c424001c3878f5974f4992"; + rev = "2e971b07db3fb77e0590fff09d0b9cb086159caa"; dev = "/home/lass/src/nixpkgs"; }; } // optionalAttrs config.krebs.build.host.secure { From 72335ce00ec759e5b9d7a1468fe517e66948d8ed Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 8 Jun 2016 18:22:15 +0200 Subject: [PATCH 010/132] l 1 prism: serve nix-cache --- lass/1systems/prism.nix | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 6ed80ac39..9a9bd4730 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -210,6 +210,30 @@ in { '') ]; } + { + services.nix-serve = { + enable = true; + secretKeyFile = config.krebs.secret.files.nix-serve-key.path; + }; + systemd.services.nix-serve = { + requires = ["secret.service"]; + after = ["secret.service"]; + }; + krebs.secret.files.nix-serve-key = { + path = "/run/secret/nix-serve.key"; + owner.name = "nix-serve"; + source-path = toString + "/nix-serve.key"; + }; + krebs.nginx = { + enable = true; + servers.nix-serve = { + server-names = [ "cache.prism.r" ]; + locations = lib.singleton (lib.nameValuePair "/" '' + proxy_pass http://localhost:${toString config.services.nix-serve.port}; + ''); + }; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; From 01a66f42e1efe82478cb680bdaa3de4f9388143e Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 8 Jun 2016 18:22:35 +0200 Subject: [PATCH 011/132] l 2 exim-smarthost: add netzclub@lassul.us --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 8199f2bd7..e9527fec5 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -28,6 +28,7 @@ with config.krebs.lib; { from = "wordpress@ubikmedia.de"; to = lass.mail; } { from = "finanzamt@lassul.us"; to = lass.mail; } { from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; } + { from = "netzclub@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } From 82f811474c036daff9b29a4ee1e89784dc781cc9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 8 Jun 2016 18:23:02 +0200 Subject: [PATCH 012/132] l 2: activate prism as binary-cache --- lass/2configs/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index aa37b8e6b..ce42a1ffa 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -40,6 +40,12 @@ with config.krebs.lib; }; }; } + { + nix = { + binaryCaches = ["http://cache.prism.r"]; + binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="]; + }; + } ]; networking.hostName = config.krebs.build.host.name; From 7fe3cdd804de26f243f2c7698e46f5adaa2355db Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 9 Jun 2016 22:55:28 +0200 Subject: [PATCH 013/132] k 3 m: fix filepimp pubkey --- krebs/3modules/makefu/default.nix | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 7d4bef9ad..cf875f520 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -232,15 +232,16 @@ with config.krebs.lib; ip6.addr = "42:4b0b:d990:55ba:8da8:630f:dc0e:aae0"; aliases = [ "filepimp.retiolum" + "filepimp.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY - BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3 - i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7 - 09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS - u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa - OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB + MIIBCgKCAQEA43w+A1TMOfugZ/CVwilJn4c36wWSjihaeVe7suZD0DSscKBcbkGg + 3dTCSTnu6Qb9sYd2mKebKXLreO6nhEEoFGsRU0yw/1h8gl7mWYEdTifPfvM5EWwS + wkN9dJ5njwIUSRyWH7QTsLkiRJVFN2UxEwrhAbo1FJ7yuhRgAKqKJSN4yPVViZwR + oHyyobvm/i2J+XSiDI9MRo74vNjnDLvO7R6ErIrhOPP1bD9fx3u+UYUfgS0iCO3X + UN0duBz/faRcl6IRytZOuHaIp30eJ4850ZK8RPz/Dqqj+USMFq60i0oMsuAi/ljB + 8b+eQBt6OXu4MSntxoR8Ja7ht+EOTDnBOwIDAQAB -----END RSA PUBLIC KEY----- ''; }; From 19d5be268368f073401d07f6657cf61827c9d59c Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 10 Jun 2016 10:27:07 +0200 Subject: [PATCH 014/132] m 3 umts: use 1509 for wvdial package --- makefu/3modules/umts.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/makefu/3modules/umts.nix b/makefu/3modules/umts.nix index e527a5cb7..300467e1f 100644 --- a/makefu/3modules/umts.nix +++ b/makefu/3modules/umts.nix @@ -3,6 +3,14 @@ with config.krebs.lib; let + nixpkgs-1509 = import (pkgs.fetchFromGitHub { + owner = "NixOS"; repo = "nixpkgs-channels"; + rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda"; + sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73"; + }) {}; + + wvdial = nixpkgs-1509.wvdial; # https://github.com/NixOS/nixpkgs/issues/16113 + # TODO: currently it is only netzclub umts-bin = pkgs.writeScriptBin "umts" '' #!/bin/sh @@ -62,7 +70,7 @@ let Type = "simple"; Restart = "always"; RestartSec = "10s"; - ExecStart = "${pkgs.wvdial}/bin/wvdial -n"; + ExecStart = "${wvdial}/bin/wvdial -n"; }; }; }; From 14fd045f5bab7252d3fa9d4c909b471312b5399d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jun 2016 00:26:21 +0200 Subject: [PATCH 015/132] l 2 buildbot-standalone: add build-all target --- lass/2configs/buildbot-standalone.nix | 34 ++++++++++++++++++++++++--- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 604d0728d..d1be464f3 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -29,16 +29,26 @@ name="fast-all-branches", builderNames=["fast-tests"])) ''; + build-all-scheduler = '' + # build all lass hosts + sched.append(schedulers.SingleBranchScheduler( + ## only master + change_filter=util.ChangeFilter(branch_re="master"), + # treeStableTimer=10, + name="prism-master", + builderNames=["build-all"])) + ''; }; builder_pre = '' # prepare grab_repo step for stockholm grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental') - env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon"} + # TODO: get nixpkgs/stockholm paths from krebs + env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon", "dummy_secrets": "true", "NIX_PATH": "nixpkgs=/var/src/nixpkgs:stockholm=/var/src/stockholm"} # prepare nix-shell # the dependencies which are used by the test script - deps = [ "gnumake", "jq","nix","rsync" ] + deps = [ "gnumake", "jq", "nix", "rsync" ] # TODO: --pure , prepare ENV in nix-shell command: # SSL_CERT_FILE,LOGNAME,NIX_REMOTE nixshell = ["nix-shell", @@ -51,6 +61,24 @@ factory.addStep(steps.ShellCommand(**kwargs)) ''; builder = { + build-all = '' + f = util.BuildFactory() + f.addStep(grab_repo) + #TODO: get hosts via krebs + for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]: + addShell(f,name="build-{}".format(i),env=env, + command=nixshell + \ + ["nix-build \ + --show-trace --no-out-link \ + -I nixos-config=./lass/1systems/{}.nix \ + -I secrets=/var/src/stockholm/lass/2configs/tests/dummy-secrets \ + -A config.system.build.toplevel".format(i)]) + + bu.append(util.BuilderConfig(name="build-all", + slavenames=slavenames, + factory=f)) + + ''; fast-tests = '' f = util.BuildFactory() f.addStep(grab_repo) @@ -93,7 +121,7 @@ password = "lasspass"; packages = with pkgs;[ git nix gnumake jq rsync ]; extraEnviron = { - NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix"; + NIX_PATH="nixpkgs=/var/src/nixpkgs"; }; }; krebs.iptables = { From 05e339626edb6b6a62cda74ee27389fc51b8be41 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jun 2016 00:27:12 +0200 Subject: [PATCH 016/132] l 2: enable dummy_secrets via env --- lass/2configs/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index ce42a1ffa..6dcec5c18 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -58,7 +58,10 @@ with config.krebs.lib; user = config.krebs.users.lass; source = mapAttrs (_: mkDefault) ({ nixos-config = "symlink:stockholm/lass/1systems/${config.krebs.build.host.name}.nix"; - secrets = "/home/lass/secrets/${config.krebs.build.host.name}"; + secrets = + if getEnv "dummy_secrets" == "true" + then toString + else "/home/lass/secrets/${config.krebs.build.host.name}"; #secrets-common = "/home/lass/secrets/common"; stockholm = "/home/lass/stockholm"; nixpkgs = { From 0d20b15ae318ac5e9c5d91c857c8abdaf2957556 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jun 2016 00:27:44 +0200 Subject: [PATCH 017/132] k 3 l: add cache.prism.r as alias --- krebs/3modules/lass/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 65da85ac4..48ba00494 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -91,6 +91,7 @@ with config.krebs.lib; "prism.retiolum" "prism.r" "cgit.prism.retiolum" + "cache.prism.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- From 91fe76414ad9fa217bc48c9e4ecd642dcbb38211 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jun 2016 00:28:09 +0200 Subject: [PATCH 018/132] l 2: add/move some basic pkgs --- lass/2configs/baseX.nix | 2 ++ lass/2configs/default.nix | 3 +++ lass/2configs/radio.nix | 1 - lass/2configs/weechat.nix | 1 - 4 files changed, 5 insertions(+), 2 deletions(-) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 16f7502ac..7e969b3ed 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -32,6 +32,7 @@ in { environment.systemPackages = with pkgs; [ + acpi dmenu gitAndTools.qgit lm_sensors @@ -44,6 +45,7 @@ in { sxiv xclip xorg.xbacklight + xorg.xhost xsel zathura diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 6dcec5c18..f4a0de35f 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -123,8 +123,11 @@ with config.krebs.lib; #neat utils krebspaste + pciutils psmisc + tmux untilport + usbutils #unpack stuff p7zip diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 17be327b9..cb21cd446 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -52,7 +52,6 @@ in { print_current ncmpcpp mpc_cli - tmux ]; security.sudo.extraConfig = '' diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix index 5e14871ac..0bfd9fe6b 100644 --- a/lass/2configs/weechat.nix +++ b/lass/2configs/weechat.nix @@ -5,7 +5,6 @@ let in { krebs.per-user.chat.packages = with pkgs; [ mosh - tmux weechat ]; From cf0914ddcbc5f06fd82fb67acb885167c1145d21 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jun 2016 00:28:55 +0200 Subject: [PATCH 019/132] l 2 radio: don't use systemds path --- lass/2configs/radio.nix | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index cb21cd446..19fe1408d 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -11,7 +11,7 @@ let source-password = import ; add_random = pkgs.writeDashBin "add_random" '' - mpc add "$(mpc ls | shuf -n1)" + ${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.mpc_cli}/bin/mpc ls | shuf -n1)" ''; skip_track = pkgs.writeDashBin "skip_track" '' @@ -122,8 +122,8 @@ in { LIMIT=$1 #in secconds timeLeft () { - playlistDuration=$(mpc --format '%time%' playlist | awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}') - currentTime=$(mpc status | awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }') + playlistDuration=$(${pkgs.mpc_cli}/bin/mpc --format '%time%' playlist | ${pkgs.gawk}/bin/awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}') + currentTime=$(${pkgs.mpc_cli}/bin/mpc status | ${pkgs.gawk}/bin/awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }') expr ''${playlistDuration:-0} - ''${currentTime:-0} } @@ -135,11 +135,6 @@ in { description = "radio playlist autoadder"; after = [ "network.target" ]; - path = with pkgs; [ - gawk - mpc_cli - ]; - restartIfChanged = true; serviceConfig = { From c19c13957a08effbd6f88ac7e7d691ea4a8aaaf5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jun 2016 00:31:44 +0200 Subject: [PATCH 020/132] l 2 radio: don't restart autoAdder --- lass/2configs/radio.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 19fe1408d..a5c14afcf 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -138,7 +138,6 @@ in { restartIfChanged = true; serviceConfig = { - Restart = "always"; ExecStart = "${autoAdd} 100"; }; }; From 01dc6b6caba709e1bbbd3bac55bfb671a5666810 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jun 2016 02:51:10 +0200 Subject: [PATCH 021/132] l 2 tests: add dummy-secrets --- lass/2configs/tests/dummy-secrets/cbase.txt | 0 lass/2configs/tests/dummy-secrets/hashedPasswords.nix | 1 + lass/2configs/tests/dummy-secrets/icecast-admin-pw | 1 + lass/2configs/tests/dummy-secrets/icecast-source-pw | 1 + lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv | 3 +++ lass/2configs/tests/dummy-secrets/mysql_rootPassword | 1 + lass/2configs/tests/dummy-secrets/nix-serve.key | 1 + lass/2configs/tests/dummy-secrets/repos.nix | 1 + lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv | 4 ++++ lass/2configs/tests/dummy-secrets/ssh.id_ed25519 | 3 +++ lass/2configs/tests/dummy-secrets/ssh.id_rsa | 3 +++ lass/2configs/tests/dummy-secrets/transmission-pw | 1 + 12 files changed, 20 insertions(+) create mode 100644 lass/2configs/tests/dummy-secrets/cbase.txt create mode 100644 lass/2configs/tests/dummy-secrets/hashedPasswords.nix create mode 100644 lass/2configs/tests/dummy-secrets/icecast-admin-pw create mode 100644 lass/2configs/tests/dummy-secrets/icecast-source-pw create mode 100644 lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv create mode 100644 lass/2configs/tests/dummy-secrets/mysql_rootPassword create mode 100644 lass/2configs/tests/dummy-secrets/nix-serve.key create mode 100644 lass/2configs/tests/dummy-secrets/repos.nix create mode 100644 lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv create mode 100644 lass/2configs/tests/dummy-secrets/ssh.id_ed25519 create mode 100644 lass/2configs/tests/dummy-secrets/ssh.id_rsa create mode 100644 lass/2configs/tests/dummy-secrets/transmission-pw diff --git a/lass/2configs/tests/dummy-secrets/cbase.txt b/lass/2configs/tests/dummy-secrets/cbase.txt new file mode 100644 index 000000000..e69de29bb diff --git a/lass/2configs/tests/dummy-secrets/hashedPasswords.nix b/lass/2configs/tests/dummy-secrets/hashedPasswords.nix new file mode 100644 index 000000000..0967ef424 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/hashedPasswords.nix @@ -0,0 +1 @@ +{} diff --git a/lass/2configs/tests/dummy-secrets/icecast-admin-pw b/lass/2configs/tests/dummy-secrets/icecast-admin-pw new file mode 100644 index 000000000..16b542cee --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/icecast-admin-pw @@ -0,0 +1 @@ +"blabla" diff --git a/lass/2configs/tests/dummy-secrets/icecast-source-pw b/lass/2configs/tests/dummy-secrets/icecast-source-pw new file mode 100644 index 000000000..16b542cee --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/icecast-source-pw @@ -0,0 +1 @@ +"blabla" diff --git a/lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv b/lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv new file mode 100644 index 000000000..215a7fa0c --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv @@ -0,0 +1,3 @@ +-----BEGIN RSA PRIVATE KEY----- +this is a private key +-----END RSA PRIVATE KEY----- diff --git a/lass/2configs/tests/dummy-secrets/mysql_rootPassword b/lass/2configs/tests/dummy-secrets/mysql_rootPassword new file mode 100644 index 000000000..922a74472 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/mysql_rootPassword @@ -0,0 +1 @@ +blabla123 diff --git a/lass/2configs/tests/dummy-secrets/nix-serve.key b/lass/2configs/tests/dummy-secrets/nix-serve.key new file mode 100644 index 000000000..91448ad2f --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/nix-serve.key @@ -0,0 +1 @@ +key-name:blabla123 diff --git a/lass/2configs/tests/dummy-secrets/repos.nix b/lass/2configs/tests/dummy-secrets/repos.nix new file mode 100644 index 000000000..eed712458 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/repos.nix @@ -0,0 +1 @@ +_: {} diff --git a/lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv b/lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv new file mode 100644 index 000000000..99a4033f6 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv @@ -0,0 +1,4 @@ + +-----BEGIN RSA PRIVATE KEY----- +this is a private key +-----END RSA PRIVATE KEY----- diff --git a/lass/2configs/tests/dummy-secrets/ssh.id_ed25519 b/lass/2configs/tests/dummy-secrets/ssh.id_ed25519 new file mode 100644 index 000000000..5c12da0b3 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/ssh.id_ed25519 @@ -0,0 +1,3 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +private key bla +-----END OPENSSH PRIVATE KEY----- diff --git a/lass/2configs/tests/dummy-secrets/ssh.id_rsa b/lass/2configs/tests/dummy-secrets/ssh.id_rsa new file mode 100644 index 000000000..885cf61f0 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/ssh.id_rsa @@ -0,0 +1,3 @@ +-----BEGIN RSA PRIVATE KEY----- +private key bla +-----END RSA PRIVATE KEY----- diff --git a/lass/2configs/tests/dummy-secrets/transmission-pw b/lass/2configs/tests/dummy-secrets/transmission-pw new file mode 100644 index 000000000..b71df1a2d --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/transmission-pw @@ -0,0 +1 @@ +"krebskrebs123" From a78f3e3ebe7a991caf6c3718929c360891871c37 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jun 2016 10:55:40 +0200 Subject: [PATCH 022/132] l 2 buildbot-standalone: use git dummy-secrets --- lass/2configs/buildbot-standalone.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index d1be464f3..151ce562b 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -44,7 +44,7 @@ grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental') # TODO: get nixpkgs/stockholm paths from krebs - env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon", "dummy_secrets": "true", "NIX_PATH": "nixpkgs=/var/src/nixpkgs:stockholm=/var/src/stockholm"} + env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon", "dummy_secrets": "true"} # prepare nix-shell # the dependencies which are used by the test script @@ -71,7 +71,8 @@ ["nix-build \ --show-trace --no-out-link \ -I nixos-config=./lass/1systems/{}.nix \ - -I secrets=/var/src/stockholm/lass/2configs/tests/dummy-secrets \ + -I secrets=./lass/2configs/tests/dummy-secrets \ + -I stockholm=. \ -A config.system.build.toplevel".format(i)]) bu.append(util.BuilderConfig(name="build-all", From 2a51473d3553459ee8794d78a1eed17e9a86f7eb Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jun 2016 13:57:44 +0200 Subject: [PATCH 023/132] l 2 fetchWallpaper: get wallpapar from prism --- lass/2configs/fetchWallpaper.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix index f3b65e816..d28ae9353 100644 --- a/lass/2configs/fetchWallpaper.nix +++ b/lass/2configs/fetchWallpaper.nix @@ -5,7 +5,7 @@ let in { krebs.fetchWallpaper = { enable = true; - url = "cloudkrebs/wallpaper.png"; + url = "prism/wallpaper.png"; }; } From 75d3e5210d7f50fa6e0bdcae9a5a495f937049f1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jun 2016 14:53:18 +0200 Subject: [PATCH 024/132] l 2: move nixpkgs to seperate file --- lass/2configs/default.nix | 6 +----- lass/2configs/nixpkgs.nix | 8 ++++++++ 2 files changed, 9 insertions(+), 5 deletions(-) create mode 100644 lass/2configs/nixpkgs.nix diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index f4a0de35f..da3123512 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -7,6 +7,7 @@ with config.krebs.lib; ../2configs/zsh.nix ../2configs/mc.nix ../2configs/retiolum.nix + ../2configs/nixpkgs.nix ./backups.nix { users.extraUsers = @@ -64,11 +65,6 @@ with config.krebs.lib; else "/home/lass/secrets/${config.krebs.build.host.name}"; #secrets-common = "/home/lass/secrets/common"; stockholm = "/home/lass/stockholm"; - nixpkgs = { - url = https://github.com/lassulus/nixpkgs; - rev = "2e971b07db3fb77e0590fff09d0b9cb086159caa"; - dev = "/home/lass/src/nixpkgs"; - }; } // optionalAttrs config.krebs.build.host.secure { #secrets-master = "/home/lass/secrets/master"; }); diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix new file mode 100644 index 000000000..c893011a3 --- /dev/null +++ b/lass/2configs/nixpkgs.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + krebs.build.source.nixpkgs = { + url = https://github.com/lassulus/nixpkgs; + rev = "f215f9e91e07473e61c9302aaa312c7350e98f0e"; + }; +} From f99ff4bb19ad28cd927a40715cc362c439cb6c16 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jun 2016 14:56:11 +0200 Subject: [PATCH 025/132] l 2 websites domsen: add facts.cloud --- lass/2configs/websites/domsen.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index d62b58c17..6ad55031e 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -46,6 +46,7 @@ in { "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" + "facts.cloud" "www.ubikmedia.de" "www.aldona.ubikmedia.de" "www.apanowicz.de" @@ -53,6 +54,7 @@ in { "www.aldonasiech.com" "www.360gradvideo.tv" "www.ubikmedia.eu" + "www.facts.cloud" ]) (serveWordpress [ "ubikmedia.de" @@ -61,12 +63,14 @@ in { "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" + "facts.cloud" + "*.ubikmedia.de" "www.apanowicz.de" "www.nirwanabluete.de" "www.aldonasiech.com" "www.360gradvideo.tv" "www.ubikmedia.eu" - "*.ubikmedia.de" + "www.facts.cloud" ]) ]; From 5d528f4b677167ca212040c8869c956ee8641a7e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jun 2016 15:47:35 +0200 Subject: [PATCH 026/132] l 2 websites domsen: add missing " --- lass/2configs/websites/domsen.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 6ad55031e..775634541 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -95,7 +95,7 @@ in { services.phpfpm.phpIni = pkgs.runCommand "php.ini" { options = '' extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - sendmail_path = ${sendmail} -t -i" + sendmail_path = "${sendmail} -t -i" ''; } '' cat ${pkgs.php}/etc/php-recommended.ini > $out From 524849d54ec5a209eed0cafe143fad2d53d436c4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jun 2016 15:47:56 +0200 Subject: [PATCH 027/132] l 2 radio: start radio.service every minute --- lass/2configs/radio.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index a5c14afcf..12a4ddf26 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -113,7 +113,7 @@ in { wantedBy = [ "timers.target" ]; timerConfig = { - OnCalendar = "*:*"; + OnCalendar = "*:0/1"; }; }; From 5dfc8d41d91fd6a48fb55e34e2b12d2012d37a38 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jun 2016 21:01:04 +0200 Subject: [PATCH 028/132] l 2 downloading: authorize shodan --- lass/2configs/downloading.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index 3639a743a..cf9b631c8 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -21,6 +21,7 @@ in { openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey config.krebs.users.lass-uriel.pubkey + config.krebs.users.lass-shodan.pubkey ]; }; From 3eee2d3c860629404bf25dc55098f31b9d8bf318 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 12 Jun 2016 19:43:50 +0200 Subject: [PATCH 029/132] ma 1 omo: finish hw merge for omo --- makefu/1systems/omo.nix | 47 ++++++++++++++------------ makefu/2configs/fs/sda-crypto-root.nix | 6 ++-- 2 files changed, 29 insertions(+), 24 deletions(-) diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index fbd06a9c7..e71055f54 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -5,9 +5,10 @@ { config, pkgs, lib, ... }: let byid = dev: "/dev/disk/by-id/" + dev; - keyFile = "/dev/disk/by-id/usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0"; - rootDisk = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN"; - homePartition = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN-part3"; + keyFile = byid "usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0"; + rootDisk = byid "ata-SanDisk_SD8SNAT128G1122_162099420904"; + rootPartition = byid "ata-SanDisk_SD8SNAT128G1122_162099420904-part2"; + primaryInterface = "enp1s0"; # cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512 # cryptsetup luksAddKey $dev tmpkey # cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096 @@ -15,14 +16,14 @@ let # omo Chassis: # __FRONT_ - # |* d2 | + # |* d0 | # | | # |* d3 | # | | - # |* d0 | + # |* d3 | # | | - # |* d1 | # |* | + # |* d2 | # | * r0 | # |_______| cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6"; @@ -38,27 +39,31 @@ in { [ ../. # TODO: unlock home partition via ssh - ../2configs/fs/single-partition-ext4.nix + ../2configs/fs/sda-crypto-root.nix ../2configs/zsh-user.nix ../2configs/exim-retiolum.nix ../2configs/smart-monitor.nix ../2configs/mail-client.nix - ../2configs/share-user-sftp.nix - ../2configs/graphite-standalone.nix + #../2configs/graphite-standalone.nix + #../2configs/share-user-sftp.nix ../2configs/omo-share.nix + + ## as long as pyload is not in nixpkgs: + # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload ]; krebs.retiolum.enable = true; - networking.firewall.trustedInterfaces = [ "enp3s0" ]; + networking.firewall.trustedInterfaces = [ primaryInterface ]; # udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net # tcp:80 - nginx for sharing files # tcp:655 udp:655 - tinc # tcp:8111 - graphite + # tcp:8112 - pyload # tcp:9090 - sabnzbd # tcp:9200 - elasticsearch # tcp:5601 - kibana networking.firewall.allowedUDPPorts = [ 655 ]; - networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 9200 9090 ]; + networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 8112 9200 9090 ]; # services.openssh.allowSFTP = false; @@ -66,6 +71,9 @@ in { services.sabnzbd.enable = true; systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + virtualisation.docker.enable = true; + + # HDD Array stuff services.smartd.devices = builtins.map (x: { device = x; }) allDisks; @@ -76,15 +84,11 @@ in { disks = map toMapper [ 0 1 ]; parity = toMapper 2; }; + fileSystems = let cryptMount = name: { "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };}; - in { - "/home" = { - device = "/dev/mapper/home"; - fsType = "ext4"; - }; - } // cryptMount "crypt0" + in cryptMount "crypt0" // cryptMount "crypt1" // cryptMount "crypt2"; @@ -101,15 +105,16 @@ in { usbkey = name: device: { inherit name device keyFile; keyFileSize = 4096; + allowDiscards = true; }; in [ - (usbkey "home" homePartition) + (usbkey "luksroot" rootPartition) (usbkey "crypt0" cryptDisk0) (usbkey "crypt1" cryptDisk1) (usbkey "crypt2" cryptDisk2) ]; }; - loader.grub.device = rootDisk; + loader.grub.device = lib.mkForce rootDisk; initrd.availableKernelModules = [ "ahci" @@ -121,12 +126,12 @@ in { "usbhid" ]; - kernelModules = [ "kvm-amd" ]; + kernelModules = [ "kvm-intel" ]; extraModulePackages = [ ]; }; hardware.enableAllFirmware = true; - hardware.cpu.amd.updateMicrocode = true; + hardware.cpu.intel.updateMicrocode = true; zramSwap.enable = true; diff --git a/makefu/2configs/fs/sda-crypto-root.nix b/makefu/2configs/fs/sda-crypto-root.nix index b82c0e44e..5c7cdf716 100644 --- a/makefu/2configs/fs/sda-crypto-root.nix +++ b/makefu/2configs/fs/sda-crypto-root.nix @@ -1,16 +1,16 @@ { config, lib, pkgs, ... }: # sda: bootloader grub2 -# sda1: boot ext4 (label nixboot) +# sda1: boot ext4 (label nixboot) - must be unlocked on boot if required: + # boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; # sda2: cryptoluks -> ext4 with config.krebs.lib; { boot = { loader.grub.enable = true; loader.grub.version = 2; - loader.grub.device = "/dev/sda"; + loader.grub.device = lib.mkDefault "/dev/sda"; - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; }; From 365b6f3859c5f1a67cfe476a3478f62aeceff5aa Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 12 Jun 2016 19:44:23 +0200 Subject: [PATCH 030/132] ma 2 fingerprint-reader: init --- makefu/2configs/hw/fingerprint-reader.nix | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 makefu/2configs/hw/fingerprint-reader.nix diff --git a/makefu/2configs/hw/fingerprint-reader.nix b/makefu/2configs/hw/fingerprint-reader.nix new file mode 100644 index 000000000..1f2f00b03 --- /dev/null +++ b/makefu/2configs/hw/fingerprint-reader.nix @@ -0,0 +1,6 @@ +_: { + # add fingerprint with fprintd-enroll + services.fprintd.enable = true; + security.pam.services.login.fprintAuth = true; + security.pam.services.xscreensaver.fprintAuth = true; +} From 501897654670ef89a99a45749af63b9e98064dd5 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 12 Jun 2016 19:44:54 +0200 Subject: [PATCH 031/132] ma 1 pornocauster: add boot unlock --- makefu/1systems/pornocauster.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index fa39b121c..2fb93798a 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -31,6 +31,7 @@ # hardware specifics are in here ../2configs/hw/tp-x220.nix + ../2configs/hw/rtl8812au.nix # mount points ../2configs/fs/sda-crypto-root-home.nix # ../2configs/mediawiki.nix @@ -59,7 +60,6 @@ networking.firewall.allowedUDPPorts = [ 665 ]; krebs.build.host = config.krebs.hosts.pornocauster; - krebs.hosts.omo.nets.retiolum.via.ip4.addr = "192.168.1.11"; krebs.retiolum = { enable = true; @@ -68,4 +68,6 @@ networking.extraHosts = '' 192.168.1.11 omo.local ''; + # hard dependency because otherwise the device will not be unlocked + boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; } From 0bfa1dbaf0eae32fe972a42d8f9c9d16caae8b11 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 12 Jun 2016 19:45:21 +0200 Subject: [PATCH 032/132] ma 2 tp-x220: minor tweaks --- makefu/2configs/hw/tp-x220.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/hw/tp-x220.nix b/makefu/2configs/hw/tp-x220.nix index be3d1eb70..1c9a34965 100644 --- a/makefu/2configs/hw/tp-x220.nix +++ b/makefu/2configs/hw/tp-x220.nix @@ -5,7 +5,7 @@ with config.krebs.lib; imports = [ ./tp-x2x0.nix ]; boot = { - kernelModules = [ "kvm-intel" "acpi_call" ]; + kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ]; extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; }; @@ -28,7 +28,7 @@ with config.krebs.lib; # enable HDMI output switching with pulseaudio hardware.pulseaudio.configFile = pkgs.writeText "pulse-default-pa" '' - ${builtins.readFile "${config.hardware.pulseaudio.package}/etc/pulse/default.pa"} + ${builtins.readFile "${config.hardware.pulseaudio.package.out}/etc/pulse/default.pa"} load-module module-alsa-sink device=hw:0,3 sink_properties=device.description="HDMIOutput" sink_name="HDMI" ''; From 50f4b1d79dce0560137f5118eb18b7af4b0e37d8 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 12 Jun 2016 19:46:16 +0200 Subject: [PATCH 033/132] ma 2 tp-x2x0: add remark why to not start charge at 80 --- makefu/2configs/hw/tp-x2x0.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index 7f9dc67a5..c10ec1314 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -22,7 +22,8 @@ with config.krebs.lib; services.tlp.enable = true; services.tlp.extraConfig = '' - START_CHARGE_THRESH_BAT0=80 + # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery + #START_CHARGE_THRESH_BAT0=80 STOP_CHARGE_THRESH_BAT0=95 CPU_SCALING_GOVERNOR_ON_AC=performance From 7dd825bed421a773db185983fdc50d2b5f704c59 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 12 Jun 2016 19:47:21 +0200 Subject: [PATCH 034/132] m 2 defaut: fix .nix-defexpr in activation script" --- makefu/2configs/default.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 62daed8be..e7366e182 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -154,6 +154,15 @@ with config.krebs.lib; "net.ipv6.conf.default.use_tempaddr" = 2; }; + system.activationScripts.nix-defexpr = '' + (set -euf + for i in /home/makefu /root/;do + f="$i/.nix-defexpr" + rm -fr "$f" + ln -s /var/src/nixpkgs "$f" + done) + ''; + i18n = { consoleKeyMap = "us"; defaultLocale = "en_US.UTF-8"; From b9c0c46b4d0f9907f1b3fc96494be96abc60c8db Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 12 Jun 2016 19:48:15 +0200 Subject: [PATCH 035/132] m shoney: init --- krebs/3modules/makefu/default.nix | 29 +++++++++++++++++++++++++++++ makefu/1systems/shoney.nix | 30 ++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+) create mode 100644 makefu/1systems/shoney.nix diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index cf875f520..1b4096d09 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -340,6 +340,35 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum"; }; + shoney = rec { + cores = 1; + nets = { + internet = { + ip4.addr = "64.137.235.70"; + aliases = [ + "shoney.i" + ]; + }; + retiolum = { + ip4.addr = "10.243.205.131"; + ip6.addr = "42:490d:cd82:d2bb:56d5:abd1:b88b:e8b4"; + aliases = [ + "shoney.retiolum" + "shoney.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAsYXzbotmODJqos+Ilve8WyO2qBti6eMDSOP59Aqb18h8A5b4tCTL + ygDo2xLLzRaINQAxfdaKcdMOWSEkiy1j/pBYs1tfqv4mT6BO+1t8LXz82D+YcT+4 + okGXklZ/H5L+T9cynbpKIwzTrw0DuOUhzs/WRFJU60B4cJ0Tl3IQs5ePX1SevVht + M5n1ob47SCHxEuC+ZLNdLc6KRumcp3Ozk6Yxj3lZ0tqyngxY1C+1kTJwRyw9A7vO + +DAH8t1YusYi7ICHcYt5J1p0ZGizcs8oEnZLBy4D+bJX86g7zbix1lZ37LxDCpQ5 + uCoAYFes7QqLVDYhucZ5ElRWdATM2mBtZwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; # non-stockholm diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix new file mode 100644 index 000000000..ebe5222c3 --- /dev/null +++ b/makefu/1systems/shoney.nix @@ -0,0 +1,30 @@ +{ config, pkgs, ... }: +let + ip = "64.137.235.70"; + gw = "64.137.235.1"; +in { + imports = [ + ../. + ../../tv/2configs/hw/CAC.nix + ../../tv/2configs/fs/CAC-CentOS-7-64bit.nix + + ]; + + # minimal resources + services.nixosManual.enable = false; + programs.man.enable = false; + nix.gc.automatic = true; + nix.gc.dates = "03:10"; + + krebs = { + enable = true; + retiolum.enable = true; + build.host = config.krebs.hosts.shoney; + }; + networking.interfaces.enp2s1.ip4 = [ { + address = ip; + prefixLength = 24; + } ]; + networking.defaultGateway = gw; + networking.nameservers = [ "8.8.8.8" ]; +} From f832a63ce045823c1aeafec48fbe32b78ed7cd6d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 12 Jun 2016 21:58:58 +0200 Subject: [PATCH 036/132] l 2 newsbot-js: fix some feeds --- lass/2configs/newsbot-js.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix index 636b44395..f2b70d831 100644 --- a/lass/2configs/newsbot-js.nix +++ b/lass/2configs/newsbot-js.nix @@ -41,7 +41,6 @@ let cryptogon|http://www.cryptogon.com/?feed=rss2|#news csm|http://rss.csmonitor.com/feeds/csm|#news csm_world|http://rss.csmonitor.com/feeds/world|#news - cyberguerrilla|https://www.cyberguerrilla.org/a/2012/?feed=rss2|#news danisch|http://www.danisch.de/blog/feed/|#news dod|http://www.defense.gov/news/afps2.xml|#news dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#news @@ -102,7 +101,7 @@ let npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#news npr_pol|http://www.npr.org/rss/rss.php?id=1012|#news npr_world|http://www.npr.org/rss/rss.php?id=1004|#news - nsa|http://www.nsa.gov/rss.shtml|#news #bullerei + nsa|https://www.nsa.gov/rss.xml|#news #bullerei nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#news painload|https://github.com/krebscode/painload/commits/master.atom|#news phys|http://phys.org/rss-feed/|#news From 69c36df9acb0ca85c7412bf2ebb815fe827c0ba9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 13 Jun 2016 13:48:43 +0200 Subject: [PATCH 037/132] l 1 mors: add umts config --- lass/1systems/mors.nix | 1 + lass/2configs/umts.nix | 61 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) create mode 100644 lass/2configs/umts.nix diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 598e502ad..beb5659d0 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -29,6 +29,7 @@ ../2configs/cbase.nix ../2configs/mail.nix ../2configs/krebs-pass.nix + ../2configs/umts.nix #../2configs/buildbot-standalone.nix { #risk of rain port diff --git a/lass/2configs/umts.nix b/lass/2configs/umts.nix new file mode 100644 index 000000000..ddba1b526 --- /dev/null +++ b/lass/2configs/umts.nix @@ -0,0 +1,61 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; + +let + nixpkgs-1509 = import (pkgs.fetchFromGitHub { + owner = "NixOS"; repo = "nixpkgs-channels"; + rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda"; + sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73"; + }) {}; + + wvdial = nixpkgs-1509.wvdial; # https://github.com/NixOS/nixpkgs/issues/16113 + + modem-device = "/dev/serial/by-id/usb-Lenovo_F5521gw_38214921FBBBC7B0-if09"; + + # TODO: currently it is only netzclub + umts-bin = pkgs.writeScriptBin "umts" '' + #!/bin/sh + set -euf + systemctl stop wpa_supplicant + systemctl start umts + trap "systemctl stop umts;trap - INT TERM EXIT;exit" INT TERM EXIT + echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf + journalctl -xfu umts + systemctl start wpa_supplicant + ''; + + wvdial-defaults = '' + Modem = ${modem-device} + Init1 = AT+CFUN=1 + Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 + Stupid mode = 1 + phone= *99# + Username = netzclub + Password = netzclub + ''; + + + out = { + environment.shellAliases = { + umts = "sudo ${umts-bin}/bin/umts"; + }; + + security.sudo.extraConfig = '' + lass ALL= (root) NOPASSWD: ${umts-bin}/bin/umts + ''; + + environment.wvdial.dialerDefaults = wvdial-defaults; + + systemd.services.umts = { + description = "UMTS wvdial Service"; + serviceConfig = { + Type = "simple"; + Restart = "always"; + RestartSec = "10s"; + ExecStart = "${wvdial}/bin/wvdial -n"; + }; + }; + }; +in out + From de43b0e6f50e4d044cc0609a3d7d7c7d869552fe Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 13 Jun 2016 13:49:24 +0200 Subject: [PATCH 038/132] l 2 websites fritz: activate sendmail --- lass/2configs/websites/fritz.nix | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index 63efbecb6..c2b8ff116 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -12,6 +12,16 @@ let serveWordpress ; + msmtprc = pkgs.writeText "msmtprc" '' + account localhost + host localhost + account default: localhost + ''; + + sendmail = pkgs.writeDash "msmtp" '' + exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@" + ''; + in { imports = [ ./sqlBackup.nix @@ -51,4 +61,14 @@ in { users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.fritz.pubkey ]; + + services.phpfpm.phpIni = pkgs.runCommand "php.ini" { + options = '' + extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so + sendmail_path = "${sendmail} -t -i" + ''; + } '' + cat ${pkgs.php}/etc/php-recommended.ini > $out + echo "$options" >> $out + ''; } From 2f77b404abc6ad36e75d437ce46ca2f6931fe389 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 13 Jun 2016 14:07:59 +0200 Subject: [PATCH 039/132] l 2 umts: start wpa_supplicant again in trap --- lass/2configs/umts.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lass/2configs/umts.nix b/lass/2configs/umts.nix index ddba1b526..ac5991afa 100644 --- a/lass/2configs/umts.nix +++ b/lass/2configs/umts.nix @@ -19,10 +19,9 @@ let set -euf systemctl stop wpa_supplicant systemctl start umts - trap "systemctl stop umts;trap - INT TERM EXIT;exit" INT TERM EXIT + trap "systemctl stop umts && systemctl start wpa_supplicant;trap - INT TERM EXIT;exit" INT TERM EXIT echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf journalctl -xfu umts - systemctl start wpa_supplicant ''; wvdial-defaults = '' From f256bbcb11565138e92266e97856438061b623a0 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 13 Jun 2016 16:22:51 +0200 Subject: [PATCH 040/132] cp tv/2/*CAC -> makefu/2/ --- makefu/1systems/shoney.nix | 22 ++++++++++++++-------- makefu/1systems/wry.nix | 4 ++-- makefu/2configs/fs/CAC-CentOS-7-64bit.nix | 20 ++++++++++++++++++++ makefu/2configs/hw/CAC.nix | 13 +++++++++++++ 4 files changed, 49 insertions(+), 10 deletions(-) create mode 100644 makefu/2configs/fs/CAC-CentOS-7-64bit.nix create mode 100644 makefu/2configs/hw/CAC.nix diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix index ebe5222c3..16e891995 100644 --- a/makefu/1systems/shoney.nix +++ b/makefu/1systems/shoney.nix @@ -1,15 +1,19 @@ { config, pkgs, ... }: let - ip = "64.137.235.70"; - gw = "64.137.235.1"; + ip = "64.137.234.215"; + alt-ip = "64.137.234.210"; + extra-ip = "64.137.234.114"; #currently unused + gw = "64.137.234.1"; in { imports = [ ../. - ../../tv/2configs/hw/CAC.nix - ../../tv/2configs/fs/CAC-CentOS-7-64bit.nix + ../2configs/hw/CAC.nix + ../2configs/fs/CAC-CentOS-7-64bit.nix ]; + + # minimal resources services.nixosManual.enable = false; programs.man.enable = false; @@ -21,10 +25,12 @@ in { retiolum.enable = true; build.host = config.krebs.hosts.shoney; }; - networking.interfaces.enp2s1.ip4 = [ { - address = ip; - prefixLength = 24; - } ]; + networking.interfaces.enp2s1.ip4 = [ + { address = ip; prefixLength = 24; } + { address = alt-ip; prefixLength = 24; } + ]; networking.defaultGateway = gw; networking.nameservers = [ "8.8.8.8" ]; + networking.firewall.allowedUDPPorts = [ 655 1655 ]; + networking.firewall.allowedTCPPorts = [ 655 1655 ]; } diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index d9f8ded83..ed48c6abe 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -9,8 +9,8 @@ in { imports = [ ../. # TODO: copy this config or move to krebs - ../../tv/2configs/hw/CAC.nix - ../../tv/2configs/fs/CAC-CentOS-7-64bit.nix + ../2configs/hw/CAC.nix + ../2configs/fs/CAC-CentOS-7-64bit.nix ../2configs/headless.nix ../2configs/bepasty-dual.nix diff --git a/makefu/2configs/fs/CAC-CentOS-7-64bit.nix b/makefu/2configs/fs/CAC-CentOS-7-64bit.nix new file mode 100644 index 000000000..c9eb97f44 --- /dev/null +++ b/makefu/2configs/fs/CAC-CentOS-7-64bit.nix @@ -0,0 +1,20 @@ +_: + +{ + boot.loader.grub = { + device = "/dev/sda"; + }; + fileSystems = { + "/" = { + device = "/dev/centos/root"; + fsType = "xfs"; + }; + "/boot" = { + device = "/dev/sda1"; + fsType = "xfs"; + }; + }; + swapDevices = [ + { device = "/dev/centos/swap"; } + ]; +} diff --git a/makefu/2configs/hw/CAC.nix b/makefu/2configs/hw/CAC.nix new file mode 100644 index 000000000..9ed18344a --- /dev/null +++ b/makefu/2configs/hw/CAC.nix @@ -0,0 +1,13 @@ +_: +{ + boot.initrd.availableKernelModules = [ + "ata_piix" + "vmw_pvscsi" + ]; + boot.loader.grub.splashImage = null; + nix = { + daemonIONiceLevel = 1; + daemonNiceLevel = 1; + }; + sound.enable = false; +} From 92fac1a26e0ab67c295d7cb8984d88e9e022ed1e Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 13 Jun 2016 18:19:35 +0200 Subject: [PATCH 041/132] l 1 dishfire: activate simple exim-smarthost --- lass/1systems/dishfire.nix | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix index b5e551952..ec9f53694 100644 --- a/lass/1systems/dishfire.nix +++ b/lass/1systems/dishfire.nix @@ -5,7 +5,7 @@ ../. ../2configs/default.nix - ../2configs/exim-retiolum.nix + #../2configs/exim-retiolum.nix ../2configs/git.nix { boot.loader.grub = { @@ -63,6 +63,35 @@ { predicate = "-p tcp --dport https"; target = "ACCEPT"; } ]; } + { + #TODO: abstract & move to own file + krebs.exim-smarthost = { + enable = true; + relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ + config.krebs.hosts.mors + config.krebs.hosts.uriel + config.krebs.hosts.helios + ]; + system-aliases = [ + { from = "mailer-daemon"; to = "postmaster"; } + { from = "postmaster"; to = "root"; } + { from = "nobody"; to = "root"; } + { from = "hostmaster"; to = "root"; } + { from = "usenet"; to = "root"; } + { from = "news"; to = "root"; } + { from = "webmaster"; to = "root"; } + { from = "www"; to = "root"; } + { from = "ftp"; to = "root"; } + { from = "abuse"; to = "root"; } + { from = "noc"; to = "root"; } + { from = "security"; to = "root"; } + { from = "root"; to = "lass"; } + ]; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } + ]; + } ]; krebs.build.host = config.krebs.hosts.dishfire; From d7e928e4b8470d991d6083c87b49d7290c9a0a96 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 13 Jun 2016 21:00:15 +0200 Subject: [PATCH 042/132] s 1 wolf: fix interface name --- shared/1systems/wolf.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix index 53334d6f1..dc61414fe 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf.nix @@ -37,7 +37,7 @@ in networking = { firewall.enable = false; - interfaces.eth0.ip4 = [{ + interfaces.enp0s3.ip4 = [{ address = shack-ip; prefixLength = 20; }]; From 204c89131c06cfe4d0d9a7f95a3946ec5845818f Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 13 Jun 2016 21:00:38 +0200 Subject: [PATCH 043/132] s 1 buildbot: re-add treeStableTimer --- shared/2configs/shared-buildbot.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/shared/2configs/shared-buildbot.nix b/shared/2configs/shared-buildbot.nix index 5f3b35304..6c40d9966 100644 --- a/shared/2configs/shared-buildbot.nix +++ b/shared/2configs/shared-buildbot.nix @@ -26,7 +26,7 @@ stockholm_repo, workdir='stockholm-poller', branches=True, project='stockholm', - pollinterval=120)) + pollinterval=60)) ''; scheduler = { force-scheduler = '' @@ -43,7 +43,7 @@ sched.append(schedulers.SingleBranchScheduler( ## all branches change_filter=util.ChangeFilter(branch_re=".*"), - # treeStableTimer=10, + treeStableTimer=10, name="fast-all-branches", builderNames=["fast-tests"])) ''; From eaaa96a65e76b313594d0b1155a4ca78ec91aae9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 13 Jun 2016 22:58:00 +0200 Subject: [PATCH 044/132] l 2 fetchWallpaper: check for umts --- lass/2configs/fetchWallpaper.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix index d28ae9353..a724e2e45 100644 --- a/lass/2configs/fetchWallpaper.nix +++ b/lass/2configs/fetchWallpaper.nix @@ -5,6 +5,7 @@ let in { krebs.fetchWallpaper = { enable = true; + unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; url = "prism/wallpaper.png"; }; } From abd7b0bd28ccf7635d5f14c7e38bb130dddf8d99 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 13 Jun 2016 22:58:41 +0200 Subject: [PATCH 045/132] l 2 umts: upgrade wvdial-defaults --- lass/2configs/umts.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lass/2configs/umts.nix b/lass/2configs/umts.nix index ac5991afa..c1fce9ea2 100644 --- a/lass/2configs/umts.nix +++ b/lass/2configs/umts.nix @@ -28,10 +28,12 @@ let Modem = ${modem-device} Init1 = AT+CFUN=1 Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 - Stupid mode = 1 + Baud = 460800 phone= *99# Username = netzclub Password = netzclub + Stupid Mode = 1 + Idle Seconds = 0 ''; From bb19655339b9a77493f89b9496ade6bce9354327 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 13 Jun 2016 23:01:56 +0200 Subject: [PATCH 046/132] l: add and use rs pkg --- lass/2configs/default.nix | 1 + lass/5pkgs/default.nix | 1 + lass/5pkgs/rs/default.nix | 6 ++++++ 3 files changed, 8 insertions(+) create mode 100644 lass/5pkgs/rs/default.nix diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index da3123512..deb3c46c2 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -121,6 +121,7 @@ with config.krebs.lib; krebspaste pciutils psmisc + rs tmux untilport usbutils diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index 467867f63..402fd1ffc 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -10,6 +10,7 @@ }; mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {}; mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {}; + rs = pkgs.callPackage ./rs/default.nix {}; untilport = pkgs.callPackage ./untilport/default.nix {}; urban = pkgs.callPackage ./urban/default.nix {}; xmonad-lass = diff --git a/lass/5pkgs/rs/default.nix b/lass/5pkgs/rs/default.nix new file mode 100644 index 000000000..6b27908fb --- /dev/null +++ b/lass/5pkgs/rs/default.nix @@ -0,0 +1,6 @@ +{ pkgs, ... }: + +#TODO: get tab-completion working again +pkgs.writeBashBin "rs" '' + rsync -vaP --append-verify "$@" +'' From b5b07d5a0862f9ef1d5a7f848733624b3eb7a0b7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 13 Jun 2016 23:02:27 +0200 Subject: [PATCH 047/132] l 2 websites domsen: generalize msmtp target --- lass/2configs/websites/domsen.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 775634541..c69d20633 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -11,9 +11,9 @@ let serveWordpress; msmtprc = pkgs.writeText "msmtprc" '' - account prism + account localhost host localhost - account default: prism + account default: localhost ''; sendmail = pkgs.writeDash "msmtp" '' From c9a8bdf50f3cb2cd3b70b4669d454910bcd69654 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 14 Jun 2016 01:33:20 +0200 Subject: [PATCH 048/132] ma 1 dartH: fix nat from tinc --- makefu/1systems/darth.nix | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/makefu/1systems/darth.nix b/makefu/1systems/darth.nix index 2f2358ddc..08ac7e66e 100644 --- a/makefu/1systems/darth.nix +++ b/makefu/1systems/darth.nix @@ -17,19 +17,37 @@ in { ../2configs/exim-retiolum.nix ../2configs/virtualization.nix ]; - - networking.firewall.allowedUDPPorts = [ 80 655 67 ]; - networking.firewall.allowedTCPPorts = [ 80 655 ]; - networking.firewall.checkReversePath = false; + services.tinc.networks.siem = { + name = "sdarth"; + extraConfig = "ConnectTo = sjump"; + }; #networking.firewall.enable = false; - # virtualisation.nova.enableSingleNode = true; krebs.retiolum.enable = true; boot.kernelModules = [ "coretemp" "f71882fg" ]; hardware.enableAllFirmware = true; nixpkgs.config.allowUnfree = true; - networking.wireless.enable = true; + networking = { + wireless.enable = true; + firewall = { + allowPing = true; + logRefusedConnections = false; + allowedUDPPorts = [ 80 655 67 ]; + allowedTCPPorts = [ 80 655 ]; + }; + nat = { + enable = true; + internalIPs = [ "10.8.10.0/24" ]; + #internalInterfaces = [ "tinc.siem" ]; + externalIP = "10.8.8.2"; + externalInterface = "virbr3"; + }; + interfaces.virbr3.ip4 = [{ + address = "10.8.8.2"; + prefixLength = 24; + }]; + }; # TODO smartd omo darth gum all-in-one services.smartd.devices = builtins.map (x: { device = x; }) allDisks; From 6ac8034a47f840206d999be8ec39fedbc6b7b350 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 14 Jun 2016 01:33:41 +0200 Subject: [PATCH 049/132] ma 1 shoney: init siem tinc --- makefu/1systems/shoney.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix index 16e891995..48679fe58 100644 --- a/makefu/1systems/shoney.nix +++ b/makefu/1systems/shoney.nix @@ -13,6 +13,7 @@ in { ]; + services.tinc.networks.siem.name = "sjump"; # minimal resources services.nixosManual.enable = false; @@ -29,6 +30,7 @@ in { { address = ip; prefixLength = 24; } { address = alt-ip; prefixLength = 24; } ]; + networking.defaultGateway = gw; networking.nameservers = [ "8.8.8.8" ]; networking.firewall.allowedUDPPorts = [ 655 1655 ]; From 8656e83d4c5c736541b3f29470f591aa8e84d1e7 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 14 Jun 2016 01:34:08 +0200 Subject: [PATCH 050/132] k 3 ma: update shoney ip after failed deploy :3 --- krebs/3modules/makefu/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 1b4096d09..14cee8e12 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -344,7 +344,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB cores = 1; nets = { internet = { - ip4.addr = "64.137.235.70"; + ip4.addr = "64.137.234.215"; aliases = [ "shoney.i" ]; From 618684954207feed26b1b85f0721d41d5ca4c5c3 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 14 Jun 2016 01:35:49 +0200 Subject: [PATCH 051/132] s 1 wolf: use tcponly in shack network because udp suffers from 20 percnet packet loss --- shared/1systems/wolf.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix index dc61414fe..180510066 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf.nix @@ -22,7 +22,7 @@ in # local discovery in shackspace nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; - + krebs.retiolum.extraConfig = "TCPOnly = yes"; services.grafana = { enable = true; addr = "0.0.0.0"; From 0f3df5c0f417be6011c833203f9f4fbd346aa64b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 14 Jun 2016 13:26:17 +0200 Subject: [PATCH 052/132] l 2 buildbot-standalone: add treeStableTimer --- lass/2configs/buildbot-standalone.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 151ce562b..b70cf9da8 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -25,7 +25,7 @@ sched.append(schedulers.SingleBranchScheduler( ## all branches change_filter=util.ChangeFilter(branch_re=".*"), - # treeStableTimer=10, + treeStableTimer=10, name="fast-all-branches", builderNames=["fast-tests"])) ''; @@ -34,7 +34,7 @@ sched.append(schedulers.SingleBranchScheduler( ## only master change_filter=util.ChangeFilter(branch_re="master"), - # treeStableTimer=10, + treeStableTimer=10, name="prism-master", builderNames=["build-all"])) ''; From 1e957a12555d8086d9a42472d5d1abfe5a73ba30 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Jun 2016 22:07:29 +0200 Subject: [PATCH 053/132] k 3 l: RIP fastpoke --- krebs/3modules/lass/default.nix | 31 ------------------------------- 1 file changed, 31 deletions(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 48ba00494..d561f4c22 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -108,37 +108,6 @@ with config.krebs.lib; ssh.privkey.path = ; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q=="; }; - fastpoke = { - nets = rec { - internet = { - ip4.addr = "193.22.164.36"; - aliases = [ - "fastpoke.internet" - ]; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.253.152"; - ip6.addr = "42:422a:194f:ff3b:e196:2f82:5cf5:bc00"; - aliases = [ - "fastpoke.retiolum" - "fastpoke.r" - "cgit.fastpoke.retiolum" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAs4p5xsQYx06v+OkUbc09K6voFAbkvO66QdFoM71E10XyCeLP6iuq - DaIOFN4GrPR36pgyjqtJ+62G9uR+WsB/y14eio1p1ivDWgcpt5soOZAH5zVRRD9O - FBDlgVNwIJ6stMHy6OenEKWsfEiZRN3XstnqAqyykzjddglth1tJntn6kbZehzNQ - ezfIyN4XgaX2fhSu+UnAyLcV8wWnF9cMABjz7eKcSmRJgtG4ZiuDkbgiiEew7+pB - EPqOVQ80lJvzQKgO4PmVoAjD9A+AHnmLJNPDQQi8nIVilGCT60IX+XT1rt85Zpdy - rEaeriw/qsVJnberAhDAdQYYuM1ai2H5swIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRyEogeejET/UlqYYzrla3W2xG771oLK8uTFsVlVQFes4/c++Pp3KryJ/+avb/FQGlUb5YTO2SViZyAPTyw3Anv/8wxryB6ExDcfiiPL9D4Kgk559Gc1C+8vJu3Se3zB9huefllhdwsVkeFrInyWRarH3LNSbBq1TH2Rw/T4wyDVILu/QFxyqECdNzi6sufQ/92rEi3oDqlMbS8f45nbVm9CJpdn7ATwLW1PoBrrYkGll3P7ggOmR45rgldTVCLq3rIrIooiOaOhY1Leq+/sBeDa7fVeRFxFaLGYb9KFjQ4x2kL+3dDv0r726wKhrMQX75g/+Hqkv2di4/AGETI71b"; - }; cloudkrebs = { cores = 1; nets = rec { From 27522d311c70e616f34d61b631ca2d61e61fda36 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Jun 2016 22:09:05 +0200 Subject: [PATCH 054/132] k 3 l: add domsen-nas --- krebs/3modules/lass/default.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index d561f4c22..760c2d69d 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -108,6 +108,18 @@ with config.krebs.lib; ssh.privkey.path = ; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q=="; }; + domsen-nas = { + nets = rec { + internet = { + aliases = [ + "domsen-nas.internet" + ]; + ip4.addr = "87.138.180.167"; + ssh.port = 2223; + }; + }; + ssh.pubkey = "ssh-dss AAAAB3NzaC1kc3MAAAEBAPH5Hcrc2QzIi7KQLf17N+aUuFfwb7uKxuojzmO3kyb3nMdn3s+rfTCJLWTJeHCeKb6yMpDF1XGXZwVN+omWV8CsA9tivOHYzZws3b0QB/JENjYmhHbNkKijm6EWXSyvsJ2RuFj0PC8+cv77ZFx7VTnrwZk6Excv7v51j+qo5BejLL1ZybISld/n3kQWE+GJqBYJ9zp/25XEl7macH02o58lRhfqygunDlKm4yiq34pfkA7FS4eHNzcXGvmtQlAHeDts1APbKq8OAoYoyCo0gjK9nbAwbfm0yqM51+eIo3H6xLWjSBdMI9guqndNJWps9PpKHa3bvM1xFB3vfoQZ6m8AAAAVAKf8ZCwMgP4ZpqwwNw4vIn1AuLnfAAABAQCVfUrpUWFvf/TXPucJde4CuAmtoMOrjpepAiXK7N9dwGyq/PbVxr4tnJ/RTyNGOFmBroc6/n0MnxR0qmkQPJNtM/Yz+kk+BCgwsyu2uenVOIX/eJFuQPQYiUdktTcgAyChMp99WF4yfKKgv1CDdMkpFi8xgBEN03s1sOKCRNwJ5rlpTNqh9LatuRyzWOIjNd7atkEYIQK92idJgqSmleo+UhJFfoOGjYlRbsnRVbvfqh7GVd7SSydhKhdb2eZjj2J8eMBwHNl1FLtqt02cnFW3FQDdXPbYYakN25z3F3sex/CPuBGJ0HRGq+y/Ynj/m99TPq9vLkzSUQPR4MmQ5feoAAABAG5L9ffMc/8T9dTeF7FEPlS54ka73M+pNY/5ehMykrrS9CVjFmvpeclnxkBpvjt3G5IlvkSsjUEE6kMk7mW9EV+USL0TTU/LavxXD8fLCSiIwResfLDRxjixjxVI1ouZeKNQ6B3tPOWOEIKR5nPlc7iy435nS77/NM3yBFH0KGdepr+3ZmdgWAjDLKjQhNyCz4Joc1IH1Vf5Ccvb6rsaJ91ajiq29iI2ZpLXXIQsS1ZYzO1Gr9xBTNgmzEmeLqFMcxDSJ+rLMF4VDjRdL2zz5BSmv/Ffj2nICMgv/gj3zzuk7zcMpnbvGyA3W8VWb6IjJDvww4rJ21Q2gHBC5XCohJs="; + }; cloudkrebs = { cores = 1; nets = rec { From 9cc197f10e9b2e0824875ef8a7cdebe0bab8102c Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Jun 2016 22:11:19 +0200 Subject: [PATCH 055/132] l 2 exim-smarthost: add nebenan@lassul.us --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index e9527fec5..1ba99c8cb 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -29,6 +29,7 @@ with config.krebs.lib; { from = "finanzamt@lassul.us"; to = lass.mail; } { from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; } { from = "netzclub@lassul.us"; to = lass.mail; } + { from = "nebenan@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } From d5ccef77d4d61f9451945ee1501513670eea8b66 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Jun 2016 22:16:02 +0200 Subject: [PATCH 056/132] l 2 radio: check remainingTime <150s --- lass/2configs/radio.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 12a4ddf26..d7cd20a36 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -138,7 +138,7 @@ in { restartIfChanged = true; serviceConfig = { - ExecStart = "${autoAdd} 100"; + ExecStart = "${autoAdd} 150"; }; }; From 3a92ac0e9b577be9f0d3d36fdfce977171b37560 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Jun 2016 22:42:14 +0200 Subject: [PATCH 057/132] l 3: add power-action --- lass/3modules/default.nix | 1 + lass/3modules/power-action.nix | 67 ++++++++++++++++++++++++++++++++++ 2 files changed, 68 insertions(+) create mode 100644 lass/3modules/power-action.nix diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 380d83a91..b3037205e 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -4,6 +4,7 @@ _: ./ejabberd ./folderPerms.nix ./mysql-backup.nix + ./power-action.nix ./urxvtd.nix ./wordpress_nginx.nix ./xresources.nix diff --git a/lass/3modules/power-action.nix b/lass/3modules/power-action.nix new file mode 100644 index 000000000..fd6dcf57e --- /dev/null +++ b/lass/3modules/power-action.nix @@ -0,0 +1,67 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.lass.power-action; + + out = { + options.lass.power-action = api; + config = mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "power-action"; + user = mkOption { + type = types.user; + default = { + name = "power-action"; + }; + }; + startAt = mkOption { + type = types.str; + default = "*:0/1"; + }; + plans = mkOption { + type = with types; attrsOf (submodule { + options = { + upperLimit = mkOption { + type = int; + }; + lowerLimit = mkOption { + type = int; + }; + action = mkOption { + type = path; + }; + }; + }); + }; + }; + + imp = { + systemd.services.power-action = { + serviceConfig = rec { + ExecStart = startScript; + User = cfg.user; + }; + startAt = cfg.startAt; + }; + users.users.${cfg.user.name} = { + inherit (cfg.user) name uid; + }; + }; + + startScript = pkgs.writeDash "power-action" '' + power="$(${powerlvl})" + ${concatStringsSep "\n" (mapAttrsToList writeRule cfg.plans)} + ''; + + writeRule = _: plan: + "if [ $power -ge ${toString plan.lowerLimit} ] && [ $power -le ${toString plan.upperLimit} ]; then ${plan.action}; fi"; + + powerlvl = pkgs.writeDash "powerlvl" '' + cat /sys/class/power_supply/BAT0/capacity + ''; + +in out From 1d47f59e8f446f0c9e774114138e9881e6f85742 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 18 Jun 2016 13:28:15 +0200 Subject: [PATCH 058/132] l 2: use pulse.nix --- lass/2configs/baseX.nix | 6 +-- lass/2configs/pulse.nix | 88 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 89 insertions(+), 5 deletions(-) create mode 100644 lass/2configs/pulse.nix diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 7e969b3ed..7431617c2 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -8,6 +8,7 @@ in { #./urxvt.nix ./xserver ./mpv.nix + ./pulse.nix ]; users.extraUsers.mainUser.extraGroups = [ "audio" ]; @@ -16,11 +17,6 @@ in { virtualisation.libvirtd.enable = true; - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - programs.ssh.startAgent = false; security.setuidPrograms = [ "slock" ]; diff --git a/lass/2configs/pulse.nix b/lass/2configs/pulse.nix new file mode 100644 index 000000000..e86ea3b94 --- /dev/null +++ b/lass/2configs/pulse.nix @@ -0,0 +1,88 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; +let + pkg = pkgs.pulseaudioLight; + runDir = "/run/pulse"; + + alsaConf = pkgs.writeText "asound.conf" '' + ctl_type.pulse { + libs.native = ${pkgs.alsaPlugins}/lib/alsa-lib/libasound_module_ctl_pulse.so; + } + pcm_type.pulse { + libs.native = ${pkgs.alsaPlugins}/lib/alsa-lib/libasound_module_pcm_pulse.so; + } + ctl.!default { + type pulse + } + pcm.!default { + type pulse + } + ''; + + clientConf = pkgs.writeText "client.conf" '' + autospawn=no + default-server = unix:${runDir}/socket + ''; + + configFile = pkgs.writeText "default.pa" '' + .include ${pkg}/etc/pulse/default.pa + load-module ${toString [ + "module-native-protocol-unix" + "auth-anonymous=1" + "socket=${runDir}/socket" + ]} + ''; +in + +{ + environment = { + etc = { + "asound.conf".source = alsaConf; + # XXX mkForce is not strong enough (and neither is mkOverride) to create + # /etc/pulse/client.conf, see pulseaudio-hack below for a solution. + #"pulse/client.conf" = mkForce { source = clientConf; }; + #"pulse/client.conf".source = mkForce clientConf; + "pulse/default.pa".source = configFile; + }; + systemPackages = [ + pkg + ] ++ optionals config.services.xserver.enable [ + pkgs.pavucontrol + ]; + }; + + # Allow PulseAudio to get realtime priority using rtkit. + security.rtkit.enable = true; + + system.activationScripts.pulseaudio-hack = '' + ln -fns ${clientConf} /etc/pulse/client.conf + ''; + + systemd.services.pulse = { + wantedBy = [ "sound.target" ]; + before = [ "sound.target" ]; + environment = { + PULSE_RUNTIME_PATH = "${runDir}/home"; + }; + serviceConfig = { + ExecStart = "${pkg}/bin/pulseaudio"; + ExecStartPre = pkgs.writeDash "pulse-start" '' + install -o pulse -g audio -m 0750 -d ${runDir} + install -o pulse -g audio -m 0700 -d ${runDir}/home + ''; + PermissionsStartOnly = "true"; + User = "pulse"; + }; + }; + + users = { + groups.pulse.gid = config.users.users.pulse.uid; + users.pulse = { + uid = genid "pulse"; + group = "pulse"; + extraGroups = [ "audio" ]; + home = "${runDir}/home"; + }; + }; +} From 30a80d67df7a41baab1fc3557d220c0cbbd5cf0c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 18 Jun 2016 13:26:22 +0200 Subject: [PATCH 059/132] l 2 buildbot-standalone: use make test --- lass/2configs/buildbot-standalone.nix | 60 +++++++++++++++++++++------ 1 file changed, 48 insertions(+), 12 deletions(-) diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index b70cf9da8..e36008335 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -1,6 +1,14 @@ { lib, config, pkgs, ... }: -{ - krebs.buildbot.master = let + +with config.krebs.lib; + +let + sshWrapper = pkgs.writeDash "ssh-wrapper" '' + ${pkgs.openssh}/bin/ssh -i ${shell.escape config.lass.build-ssh-privkey.path} "$@" + ''; + +in { + config.krebs.buildbot.master = let stockholm-mirror-url = http://cgit.prism/stockholm ; in { slaves = { @@ -44,11 +52,15 @@ grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental') # TODO: get nixpkgs/stockholm paths from krebs - env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon", "dummy_secrets": "true"} + env = { + "LOGNAME": "lass", + "NIX_REMOTE": "daemon", + "dummy_secrets": "true", + } # prepare nix-shell # the dependencies which are used by the test script - deps = [ "gnumake", "jq", "nix", "rsync" ] + deps = [ "gnumake", "jq", "nix", "rsync", "proot" ] # TODO: --pure , prepare ENV in nix-shell command: # SSL_CERT_FILE,LOGNAME,NIX_REMOTE nixshell = ["nix-shell", @@ -68,12 +80,11 @@ for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]: addShell(f,name="build-{}".format(i),env=env, command=nixshell + \ - ["nix-build \ - --show-trace --no-out-link \ - -I nixos-config=./lass/1systems/{}.nix \ - -I secrets=./lass/2configs/tests/dummy-secrets \ - -I stockholm=. \ - -A config.system.build.toplevel".format(i)]) + ["make \ + test \ + ssh=${sshWrapper} \ + target=build@localhost:${config.users.users.build.home}/testbuild \ + system={}".format(i)]) bu.append(util.BuilderConfig(name="build-all", slavenames=slavenames, @@ -115,7 +126,7 @@ }; }; - krebs.buildbot.slave = { + config.krebs.buildbot.slave = { enable = true; masterhost = "localhost"; username = "testslave"; @@ -125,7 +136,7 @@ NIX_PATH="nixpkgs=/var/src/nixpkgs"; }; }; - krebs.iptables = { + config.krebs.iptables = { tables = { filter.INPUT.rules = [ { predicate = "-p tcp --dport 8010"; target = "ACCEPT"; } @@ -133,4 +144,29 @@ ]; }; }; + + #ssh workaround for make test + options.lass.build-ssh-privkey = mkOption { + type = types.secret-file; + default = { + path = "${config.users.users.buildbotSlave.home}/ssh.privkey"; + owner = { inherit (config.users.users.buildbotSlave ) name uid;}; + source-path = toString + "/build.ssh.key"; + }; + }; + config.krebs.secret.files = { + build-ssh-privkey = config.lass.build-ssh-privkey; + }; + config.users.users = { + build = { + name = "build"; + uid = genid "build"; + home = "/home/build"; + useDefaultShell = true; + createHome = true; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiV0Xn60aVLHC/jGJknlrcxSvKd/MVeh2tjBpxSBT3II9XQGZhID2Gdh84eAtoWyxGVFQx96zCHSuc7tfE2YP2LhXnwaxHTeDc8nlMsdww53lRkxihZIEV7QHc/3LRcFMkFyxdszeUfhWz8PbJGL2GYT+s6CqoPwwa68zF33U1wrMOAPsf/NdpSN4alsqmjFc2STBjnOd9dXNQn1VEJQqGLG3kR3WkCuwMcTLS5eu0KLwG4i89Twjy+TGp2QsF5K6pNE+ZepwaycRgfYzGcPTn5d6YQXBgcKgHMoSJsK8wqpr0+eFPCDiEA3HDnf76E4mX4t6/9QkMXCLmvs0IO/WP lass@mors" + ]; + }; + }; } From 75ba114468a8f025d5916f5b7fce34635d9bbc1a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 18 Jun 2016 13:50:52 +0200 Subject: [PATCH 060/132] l 2: override stockholm if dummy_secrets --- lass/2configs/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index deb3c46c2..9e0e37e48 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -59,12 +59,13 @@ with config.krebs.lib; user = config.krebs.users.lass; source = mapAttrs (_: mkDefault) ({ nixos-config = "symlink:stockholm/lass/1systems/${config.krebs.build.host.name}.nix"; - secrets = - if getEnv "dummy_secrets" == "true" + secrets = if getEnv "dummy_secrets" == "true" then toString else "/home/lass/secrets/${config.krebs.build.host.name}"; #secrets-common = "/home/lass/secrets/common"; - stockholm = "/home/lass/stockholm"; + stockholm = if getEnv "dummy_secrets" == "true" + then "/var/lib/buildbot/slave/build-all/build" + else "/home/lass/stockholm"; } // optionalAttrs config.krebs.build.host.secure { #secrets-master = "/home/lass/secrets/master"; }); From ab3a095a29bd69affcc7e2868a805a5680e3a876 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 18 Jun 2016 16:09:36 +0200 Subject: [PATCH 061/132] l 2: bump nixpkgs f215f9e -> 7d93230 --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index c893011a3..c6d8a5f8c 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs = { url = https://github.com/lassulus/nixpkgs; - rev = "f215f9e91e07473e61c9302aaa312c7350e98f0e"; + rev = "7d932301fe1d98a1ef1872a7124e8809279def74"; }; } From ae3a2a954d767127ae1c144685293c03a01cf1c8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 18 Jun 2016 19:20:26 +0200 Subject: [PATCH 062/132] l 2 buildbot: build-all with method=build --- lass/2configs/buildbot-standalone.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index e36008335..7d3c236a6 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -84,6 +84,7 @@ in { test \ ssh=${sshWrapper} \ target=build@localhost:${config.users.users.build.home}/testbuild \ + method=build \ system={}".format(i)]) bu.append(util.BuilderConfig(name="build-all", From 61c57a2d533334a77d2a0c2cea3fee6380605a0f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 18 Jun 2016 19:21:32 +0200 Subject: [PATCH 063/132] l 2 websites fritz: password protect some dirs --- lass/2configs/websites/fritz.nix | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index c2b8ff116..03574d578 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -1,10 +1,10 @@ { config, pkgs, lib, ... }: +with lib; let inherit (import { config = {}; inherit lib; }) genid head - nameValuePair ; inherit (import {inherit lib pkgs;}) ssl @@ -58,6 +58,18 @@ in { "ttf_kleinaspach_de" ]; + #password protect some dirs + krebs.nginx.servers."biostase.de".locations = [ + (nameValuePair "/old_biostase.de" '' + auth_basic "Administrator Login"; + auth_basic_user_file /srv/http/biostase.de/old_biostase.de/.htaccess; + '') + (nameValuePair "/mysqldumper" '' + auth_basic "Administrator Login"; + auth_basic_user_file /srv/http/biostase.de/mysqldumper/.htaccess; + '') + ]; + users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.fritz.pubkey ]; From a6d1879739593d0bc53cf218f031b68410767d90 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 18 Jun 2016 19:51:07 +0200 Subject: [PATCH 064/132] =?UTF-8?q?l=203=20power-action:=20fix=20some=20st?= =?UTF-8?q?uff=20(=C2=AF\=5F(=E3=83=84)=5F/=C2=AF)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lass/3modules/power-action.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lass/3modules/power-action.nix b/lass/3modules/power-action.nix index fd6dcf57e..631e651ff 100644 --- a/lass/3modules/power-action.nix +++ b/lass/3modules/power-action.nix @@ -1,13 +1,13 @@ { config, lib, pkgs, ... }: -with lib; +with config.krebs.lib; let cfg = config.lass.power-action; out = { options.lass.power-action = api; - config = mkIf cfg.enable imp; + config = lib.mkIf cfg.enable imp; }; api = { @@ -43,7 +43,7 @@ let systemd.services.power-action = { serviceConfig = rec { ExecStart = startScript; - User = cfg.user; + User = cfg.user.name; }; startAt = cfg.startAt; }; From 6e2cbdfb734d24a5c4dfb37b9ccc0b093c07c1f6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 18 Jun 2016 20:08:46 +0200 Subject: [PATCH 065/132] l 2 radio: remove unneeded sudo snippet --- lass/2configs/radio.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index d7cd20a36..3a38af286 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -54,10 +54,6 @@ in { mpc_cli ]; - security.sudo.extraConfig = '' - ${mainUser.name} ALL=(${name}) NOPASSWD: ALL - ''; - services.mpd = { enable = true; group = "radio"; From 1b238cf556064996b9db9b4a86c232228a0e9114 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 18 Jun 2016 21:51:45 +0200 Subject: [PATCH 066/132] l 3 power-action: add charging check --- lass/3modules/power-action.nix | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/lass/3modules/power-action.nix b/lass/3modules/power-action.nix index 631e651ff..06a316270 100644 --- a/lass/3modules/power-action.nix +++ b/lass/3modules/power-action.nix @@ -25,6 +25,16 @@ let plans = mkOption { type = with types; attrsOf (submodule { options = { + charging = mkOption { + type = nullOr bool; + default = null; + description = '' + check for charging status. + null = don't care + true = only if system is charging + false = only if system is discharging + ''; + }; upperLimit = mkOption { type = int; }; @@ -53,15 +63,31 @@ let }; startScript = pkgs.writeDash "power-action" '' + set -euf + power="$(${powerlvl})" + state="$(${state})" ${concatStringsSep "\n" (mapAttrsToList writeRule cfg.plans)} ''; + charging_check = plan: + if (plan.charging == null) then "" else + if plan.charging + then ''&& [ "$state" = "true" ]'' + else ''&& ! [ "$state" = "true" ]'' + ; writeRule = _: plan: - "if [ $power -ge ${toString plan.lowerLimit} ] && [ $power -le ${toString plan.upperLimit} ]; then ${plan.action}; fi"; + "if [ $power -ge ${toString plan.lowerLimit} ] && [ $power -le ${toString plan.upperLimit} ] ${charging_check plan}; then ${plan.action}; fi"; powerlvl = pkgs.writeDash "powerlvl" '' cat /sys/class/power_supply/BAT0/capacity ''; + state = pkgs.writeDash "state" '' + if [ "$(cat /sys/class/power_supply/BAT0/status)" = "Charging" ] + then echo "true" + else echo "false" + fi + ''; + in out From b408721046b0c84047d25f54764775d32264906d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 18 Jun 2016 21:53:44 +0200 Subject: [PATCH 067/132] l 2: add power-action.nix --- lass/2configs/power-action.nix | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 lass/2configs/power-action.nix diff --git a/lass/2configs/power-action.nix b/lass/2configs/power-action.nix new file mode 100644 index 000000000..ca4b2afe8 --- /dev/null +++ b/lass/2configs/power-action.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: + +let + suspend = pkgs.writeDash "suspend" '' + ${pkgs.systemd}/bin/systemctl suspend + ''; + +in { + lass.power-action = { + enable = true; + plans.suspend = { + upperLimit = 10; + lowerLimit = 0; + charging = false; + action = pkgs.writeDash "suspend-wrapper" '' + /var/setuid-wrappers/sudo ${suspend} + ''; + }; + }; + security.sudo.extraConfig = '' + ${config.lass.power-action.user.name} ALL= (root) NOPASSWD: ${suspend} + ''; +} From d2120732b7643f1dd8770b4e7f75ee6b9c991cca Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 18 Jun 2016 22:01:10 +0200 Subject: [PATCH 068/132] l 2 baseX: import power-action.nix --- lass/2configs/baseX.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 7431617c2..744e8ed98 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -9,6 +9,7 @@ in { ./xserver ./mpv.nix ./pulse.nix + ./power-action.nix ]; users.extraUsers.mainUser.extraGroups = [ "audio" ]; From fa139f638e07be78393637b049a195b9abf01c30 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 19 Jun 2016 00:26:00 +0200 Subject: [PATCH 069/132] l 2 pulse: add /etc/pulse/daemon.conf --- lass/2configs/pulse.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lass/2configs/pulse.nix b/lass/2configs/pulse.nix index e86ea3b94..3be482191 100644 --- a/lass/2configs/pulse.nix +++ b/lass/2configs/pulse.nix @@ -25,6 +25,13 @@ let default-server = unix:${runDir}/socket ''; + daemonConf = pkgs.writeText "daemon.conf" '' + exit-idle-time=0 + flat-volumes = no + default-fragments = 4 + default-fragment-size-msec = 25 + ''; + configFile = pkgs.writeText "default.pa" '' .include ${pkg}/etc/pulse/default.pa load-module ${toString [ @@ -44,6 +51,7 @@ in #"pulse/client.conf" = mkForce { source = clientConf; }; #"pulse/client.conf".source = mkForce clientConf; "pulse/default.pa".source = configFile; + "pulse/daemon.pa".source = daemonConf; }; systemPackages = [ pkg From e37ac8ecd8dc7282953e83994dc6c4e3c78b7a85 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 19 Jun 2016 00:27:45 +0200 Subject: [PATCH 070/132] l 2 power-action: add low battery warning --- lass/2configs/power-action.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/lass/2configs/power-action.nix b/lass/2configs/power-action.nix index ca4b2afe8..0ff8547c7 100644 --- a/lass/2configs/power-action.nix +++ b/lass/2configs/power-action.nix @@ -5,9 +5,22 @@ let ${pkgs.systemd}/bin/systemctl suspend ''; + speak = text: + pkgs.writeDash "speak" '' + ${pkgs.espeak}/bin/espeak -v +whisper -s 110 "${text}" + ''; + in { lass.power-action = { enable = true; + plans.low-battery = { + upperLimit = 30; + lowerLimit = 25; + charging = false; + action = pkgs.writeDash "warn-low-battery" '' + ${speak "power level low"} + ''; + }; plans.suspend = { upperLimit = 10; lowerLimit = 0; @@ -17,6 +30,11 @@ in { ''; }; }; + + users.users.power-action.extraGroups = [ + "audio" + ]; + security.sudo.extraConfig = '' ${config.lass.power-action.user.name} ALL= (root) NOPASSWD: ${suspend} ''; From 914dabb84885df8162a49baba682c46ddba4c3d8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 19 Jun 2016 17:25:55 +0200 Subject: [PATCH 071/132] l 2 baseX: use hardware.pulseaudio again steam sound was broken --- lass/2configs/baseX.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 744e8ed98..6d26ff89a 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -8,9 +8,13 @@ in { #./urxvt.nix ./xserver ./mpv.nix - ./pulse.nix + #./pulse.nix ./power-action.nix ]; + hardware.pulseaudio = { + enable = true; + systemWide = true; + }; users.extraUsers.mainUser.extraGroups = [ "audio" ]; From 1b8c7bc87ac57a31d2d23aada81fe1d35546ff83 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 21 Jun 2016 15:43:45 +0200 Subject: [PATCH 072/132] l 5: use writeHaskell --- lass/5pkgs/default.nix | 4 +--- .../{xmonad-lass/Main.hs => xmonad-lass.nix} | 17 +++++++++++++++++ lass/5pkgs/xmonad-lass/.gitignore | 1 - lass/5pkgs/xmonad-lass/Makefile | 6 ------ lass/5pkgs/xmonad-lass/xmonad.cabal | 17 ----------------- 5 files changed, 18 insertions(+), 27 deletions(-) rename lass/5pkgs/{xmonad-lass/Main.hs => xmonad-lass.nix} (95%) delete mode 100644 lass/5pkgs/xmonad-lass/.gitignore delete mode 100644 lass/5pkgs/xmonad-lass/Makefile delete mode 100644 lass/5pkgs/xmonad-lass/xmonad.cabal diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index 402fd1ffc..73e41790d 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -13,9 +13,7 @@ rs = pkgs.callPackage ./rs/default.nix {}; untilport = pkgs.callPackage ./untilport/default.nix {}; urban = pkgs.callPackage ./urban/default.nix {}; - xmonad-lass = - let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in - pkgs.haskellPackages.callPackage src {}; + xmonad-lass = import ./xmonad-lass.nix { inherit pkgs; }; yt-next = pkgs.callPackage ./yt-next/default.nix {}; }; } diff --git a/lass/5pkgs/xmonad-lass/Main.hs b/lass/5pkgs/xmonad-lass.nix similarity index 95% rename from lass/5pkgs/xmonad-lass/Main.hs rename to lass/5pkgs/xmonad-lass.nix index d7c66bf4d..841821a7a 100644 --- a/lass/5pkgs/xmonad-lass/Main.hs +++ b/lass/5pkgs/xmonad-lass.nix @@ -1,3 +1,15 @@ +{ pkgs, ... }: +pkgs.writeHaskell "xmonad-lass" { + executables.xmonad = { + extra-depends = [ + "containers" + "unix" + "X11" + "xmonad" + "xmonad-contrib" + "xmonad-stockholm" + ]; + text = '' {-# LANGUAGE DeriveDataTypeable #-} -- for XS {-# LANGUAGE FlexibleContexts #-} -- for xmonad' {-# LANGUAGE LambdaCase #-} @@ -147,3 +159,8 @@ gridConfig = def , gs_navigate = navNSearch , gs_font = myFont } + + ''; + }; +} + diff --git a/lass/5pkgs/xmonad-lass/.gitignore b/lass/5pkgs/xmonad-lass/.gitignore deleted file mode 100644 index 616204547..000000000 --- a/lass/5pkgs/xmonad-lass/.gitignore +++ /dev/null @@ -1 +0,0 @@ -/shell.nix diff --git a/lass/5pkgs/xmonad-lass/Makefile b/lass/5pkgs/xmonad-lass/Makefile deleted file mode 100644 index cbb0776e6..000000000 --- a/lass/5pkgs/xmonad-lass/Makefile +++ /dev/null @@ -1,6 +0,0 @@ -.PHONY: ghci -ghci: shell.nix - nix-shell --command 'exec ghci -Wall' - -shell.nix: xmonad.cabal - cabal2nix --shell . > $@ diff --git a/lass/5pkgs/xmonad-lass/xmonad.cabal b/lass/5pkgs/xmonad-lass/xmonad.cabal deleted file mode 100644 index 37809b599..000000000 --- a/lass/5pkgs/xmonad-lass/xmonad.cabal +++ /dev/null @@ -1,17 +0,0 @@ -Author: lass -Build-Type: Simple -Cabal-Version: >= 1.2 -License: MIT -Name: xmonad-lass -Version: 0 - -Executable xmonad - Build-Depends: - base, - containers, - unix, - xmonad, - xmonad-contrib, - xmonad-stockholm - GHC-Options: -Wall -O3 -threaded -rtsopts - Main-Is: Main.hs From cd3da527790b062efcbacce97f45064d8c80dd52 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 21 Jun 2016 20:40:20 +0200 Subject: [PATCH 073/132] l 2 vim: use tv's config with neovim --- lass/2configs/vim.nix | 491 +++++++++++++++++++++++++++++------------- 1 file changed, 339 insertions(+), 152 deletions(-) diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index 8295d9d49..105450fd8 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -1,158 +1,345 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: +with config.krebs.lib; let - customPlugins = { - mustang2 = pkgs.vimUtils.buildVimPlugin { - name = "Mustang2"; - src = pkgs.fetchFromGitHub { - owner = "croaker"; - repo = "mustang-vim"; - rev = "6533d7d21bf27cae94d9c2caa575f627f003dfd5"; - sha256 = "0zlmcrr04j3dkiivrhqi90f618lmnnnpvbz1b9msfs78cmgw9w67"; - }; - }; - unimpaired = pkgs.vimUtils.buildVimPlugin { - name = "unimpaired-vim"; - src = pkgs.fetchFromGitHub { - owner = "tpope"; - repo = "vim-unimpaired"; - rev = "11dc568dbfd7a56866a4354c737515769f08e9fe"; - sha256 = "1an941j5ckas8l3vkfhchdzjwcray16229rhv3a1d4pbxifwshi8"; - }; - }; - brogrammer = pkgs.vimUtils.buildVimPlugin { - name = "brogrammer"; - src = pkgs.fetchFromGitHub { - owner = "marciomazza"; - repo = "vim-brogrammer-theme"; - rev = "3e412d8e8909d8d89eb5a4cbe955b5bc0833a3c3"; - sha256 = "0am1qk8ls74z5ipgf9viacayq08y9i9vd7sxxiivwgsjh2ancbv6"; - }; - }; - file-line = pkgs.vimUtils.buildVimPlugin { - name = "file-line"; - src = pkgs.fetchFromGitHub { - owner = "bogado"; - repo = "file-line"; - rev = "f9ffa1879ad84ce4a386110446f395bc1795b72a"; - sha256 = "173n47w9zd01rcyrrmm194v79xq7d1ggzr19n1lsxrqfgr2c1rvk"; - }; - }; + out = { + environment.systemPackages = [ + vim + ]; + + environment.etc.vimrc.source = vimrc; + + environment.variables.EDITOR = mkForce "vim"; + environment.variables.VIMINIT = ":so /etc/vimrc"; }; -in { - - environment.systemPackages = [ - (pkgs.vim_configurable.customize { - name = "vim"; - - vimrcConfig.customRC = '' - set nocompatible - set t_Co=16 - syntax on - " TODO autoload colorscheme file - set background=dark - colorscheme brogrammer - filetype off - filetype plugin indent on - - imap - - set mouse=a - set ruler - set showmatch - set backspace=2 - set visualbell - set encoding=utf8 - set showcmd - set wildmenu - - set title - set titleold= - set titlestring=%t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername} - - set autoindent - - set ttyfast - - set pastetoggle= - - - " Force Saving Files that Require Root Permission - command! W silent w !sudo tee "%" >/dev/null - - nnoremap :q - vnoremap < >gv - - nmap q :buffer - - - "Tabwidth - set ts=2 sts=2 sw=2 et - - " create Backup/tmp/undo dirs - function! InitBackupDir() - let l:parent = $HOME . '/.vim/' - let l:backup = l:parent . 'backups/' - let l:tmpdir = l:parent . 'tmp/' - let l:undodi = l:parent . 'undo/' - - if !isdirectory(l:parent) - call mkdir(l:parent) - endif - if !isdirectory(l:backup) - call mkdir(l:backup) - endif - if !isdirectory(l:tmpdir) - call mkdir(l:tmpdir) - endif - if !isdirectory(l:undodi) - call mkdir(l:undodi) - endif - endfunction - call InitBackupDir() - - " Backups & Files - set backup - set backupdir=~/.vim/backups - set directory=~/.vim/tmp// - set viminfo='20,<1000,s100,h,n~/.vim/tmp/info - set undodir=$HOME/.vim/undo - set undofile - - " highlight whitespaces - highlight ExtraWhitespace ctermbg=red guibg=red - match ExtraWhitespace /\s\+$/ - autocmd BufWinEnter * match ExtraWhitespace /\s\+$/ - autocmd InsertEnter * match ExtraWhitespace /\s\+\%#\@ za - nnoremap za - onoremap za - vnoremap zf - ''; - - vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; - vimrcConfig.vam.pluginDictionaries = [ - { names = [ - "brogrammer" - "file-line" - "Gundo" - ]; } - { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } - ]; - + extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ + pkgs.vimPlugins.undotree + pkgs.vimPlugins.Gundo + (pkgs.vimUtils.buildVimPlugin { + name = "file-line-1.0"; + src = pkgs.fetchgit { + url = git://github.com/bogado/file-line; + rev = "refs/tags/1.0"; + sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; + }; }) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "hack"; + in { + name = "vim-color-${name}-1.0.2"; + destination = "/colors/${name}.vim"; + text = /* vim */ '' + set background=dark + hi clear + if exists("syntax_on") + syntax clear + endif + + let colors_name = ${toJSON name} + + hi Normal ctermbg=235 + hi Comment ctermfg=242 + hi Constant ctermfg=255 + hi Identifier ctermfg=253 + hi Function ctermfg=253 + hi Statement ctermfg=253 + hi PreProc ctermfg=251 + hi Type ctermfg=251 + hi Delimiter ctermfg=251 + hi Special ctermfg=255 + + hi Garbage ctermbg=088 + hi TabStop ctermbg=016 + hi Todo ctermfg=174 ctermbg=NONE + + hi NixCode ctermfg=040 + hi NixData ctermfg=046 + hi NixQuote ctermfg=071 + + hi diffNewFile ctermfg=207 + hi diffFile ctermfg=207 + hi diffLine ctermfg=207 + hi diffSubname ctermfg=207 + hi diffAdded ctermfg=010 + hi diffRemoved ctermfg=009 + ''; + }))) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "vim"; + in { + name = "vim-syntax-${name}-1.0.0"; + destination = "/syntax/${name}.vim"; + text = /* vim */ '' + ${concatMapStringsSep "\n" (s: /* vim */ '' + syn keyword vimColor${s} ${s} + \ containedin=ALLBUT,vimComment,vimLineComment + hi vimColor${s} ctermfg=${s} + '') (map (i: lpad 3 "0" (toString i)) (range 0 255))} + ''; + }))) + ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "showsyntax"; + in { + name = "vim-plugin-${name}-1.0.0"; + destination = "/plugin/${name}.vim"; + text = /* vim */ '' + if exists('g:loaded_showsyntax') + finish + endif + let g:loaded_showsyntax = 0 + + fu! ShowSyntax() + let id = synID(line("."), col("."), 1) + let name = synIDattr(id, "name") + let transName = synIDattr(synIDtrans(id),"name") + if name != transName + let name .= " (" . transName . ")" + endif + echo "Syntax: " . name + endfu + + command! -n=0 -bar ShowSyntax :call ShowSyntax() + ''; + }))) ]; -} + + dirs = { + backupdir = "$HOME/.cache/vim/backup"; + swapdir = "$HOME/.cache/vim/swap"; + undodir = "$HOME/.cache/vim/undo"; + }; + files = { + viminfo = "$HOME/.cache/vim/info"; + }; + + mkdirs = let + dirOf = s: let out = concatStringsSep "/" (init (splitString "/" s)); + in assert out != ""; out; + alldirs = attrValues dirs ++ map dirOf (attrValues files); + in unique (sort lessThan alldirs); + + vim = pkgs.writeDashBin "vim" '' + set -efu + (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) + exec ${pkgs.neovim}/bin/nvim "$@" + ''; + + vimrc = pkgs.writeText "vimrc" '' + set nocompatible + + set autoindent + set backspace=indent,eol,start + set backup + set backupdir=${dirs.backupdir}/ + set directory=${dirs.swapdir}// + set hlsearch + set incsearch + set mouse=a + set noruler + set pastetoggle= + set runtimepath=${extra-runtimepath},$VIMRUNTIME + set shortmess+=I + set showcmd + set showmatch + set ttimeoutlen=0 + set undodir=${dirs.undodir} + set undofile + set undolevels=1000000 + set undoreload=1000000 + set viminfo='20,<1000,s100,h,n${files.viminfo} + set visualbell + set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o + set wildmenu + set wildmode=longest,full + + set et ts=2 sts=2 sw=2 + + filetype plugin indent on + + set t_Co=256 + colorscheme hack + syntax on + + au Syntax * syn match Garbage containedin=ALL /\s\+$/ + \ | syn match TabStop containedin=ALL /\t\+/ + \ | syn keyword Todo containedin=ALL TODO + + au BufRead,BufNewFile *.hs so ${hs.vim} + + au BufRead,BufNewFile *.nix so ${nix.vim} + + au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile + + nmap q :buffer + nmap :buffer + + cnoremap + + noremap :q + + nnoremap [5^ :tabp + nnoremap [6^ :tabn + nnoremap [5@ :tabm -1 + nnoremap [6@ :tabm +1 + + nnoremap :tabp + nnoremap :tabn + inoremap :tabp + inoremap :tabn + + " + noremap Oa | noremap! Oa + noremap Ob | noremap! Ob + noremap Oc | noremap! Oc + noremap Od | noremap! Od + " <[C]S-{Up,Down,Right,Left> + noremap [a | noremap! [a + noremap [b | noremap! [b + noremap [c | noremap! [c + noremap [d | noremap! [d + vnoremap u + ''; + + hs.vim = pkgs.writeText "hs.vim" '' + syn region String start=+\[[[:alnum:]]*|+ end=+|]+ + + hi link ConId Identifier + hi link VarId Identifier + hi link hsDelimiter Delimiter + ''; + + nix.vim = pkgs.writeText "nix.vim" '' + setf nix + + " Ref + syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/ + syn match NixINT /\<[0-9]\+\>/ + syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ + syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/ + syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/ + syn region NixSTRING + \ matchgroup=NixSTRING + \ start='"' + \ skip='\\"' + \ end='"' + syn region NixIND_STRING + \ matchgroup=NixIND_STRING + \ start="'''" + \ skip="'''\('\|[$]\|\\[nrt]\)" + \ end="'''" + + syn match NixOther /[():/;=.,?\[\]]/ + + syn match NixCommentMatch /\(^\|\s\)#.*/ + syn region NixCommentRegion start="/\*" end="\*/" + + hi link NixCode Statement + hi link NixData Constant + hi link NixComment Comment + + hi link NixCommentMatch NixComment + hi link NixCommentRegion NixComment + hi link NixID NixCode + hi link NixINT NixData + hi link NixPATH NixData + hi link NixHPATH NixData + hi link NixSPATH NixData + hi link NixURI NixData + hi link NixSTRING NixData + hi link NixIND_STRING NixData + + hi link NixEnter NixCode + hi link NixOther NixCode + hi link NixQuote NixData + + syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings + syn cluster nix_ind_strings contains=NixIND_STRING + syn cluster nix_strings contains=NixSTRING + + ${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let + startAlts = filter isString [ + ''/\* ${lang} \*/'' + extraStart + ]; + sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*''; + in /* vim */ '' + syn include @nix_${lang}_syntax syntax/${lang}.vim + unlet b:current_syntax + + syn match nix_${lang}_sigil + \ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X + \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING + \ transparent + + syn region nix_${lang}_region_STRING + \ matchgroup=NixSTRING + \ start='"' + \ skip='\\"' + \ end='"' + \ contained + \ contains=@nix_${lang}_syntax + \ transparent + + syn region nix_${lang}_region_IND_STRING + \ matchgroup=NixIND_STRING + \ start="'''" + \ skip="'''\('\|[$]\|\\[nrt]\)" + \ end="'''" + \ contained + \ contains=@nix_${lang}_syntax + \ transparent + + syn cluster nix_ind_strings + \ add=nix_${lang}_region_IND_STRING + + syn cluster nix_strings + \ add=nix_${lang}_region_STRING + + syn cluster nix_has_dollar_curly + \ add=@nix_${lang}_syntax + '') { + c = {}; + cabal = {}; + haskell = {}; + sh.extraStart = ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; + vim.extraStart = + ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"''; + })} + + " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY. + syn clear shVarAssign + + syn region nixINSIDE_DOLLAR_CURLY + \ matchgroup=NixEnter + \ start="[$]{" + \ end="}" + \ contains=TOP + \ containedin=@nix_has_dollar_curly + \ transparent + + syn region nix_inside_curly + \ matchgroup=NixEnter + \ start="{" + \ end="}" + \ contains=TOP + \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly + \ transparent + + syn match NixQuote /'''\([''$']\|\\.\)/he=s+2 + \ containedin=@nix_ind_strings + \ contained + + syn match NixQuote /\\./he=s+1 + \ containedin=@nix_strings + \ contained + + syn sync fromstart + + let b:current_syntax = "nix" + + set isk=@,48-57,_,192-255,-,' + ''; +in +out From 2915a48246b93896b7d8df5007a677df3add7a77 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 22 Jun 2016 19:12:34 +0200 Subject: [PATCH 074/132] l 2 mail: save send emails in notmuch --- lass/2configs/mail.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 72d6f987f..7c050005b 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -10,8 +10,9 @@ let account default: prism ''; - msmtp = pkgs.writeDashBin "msmtp" '' - exec ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@ + msmtp = pkgs.writeBashBin "msmtp" '' + ${pkgs.coreutils}/bin/tee >(${pkgs.notmuch}/bin/notmuch insert +sent) | \ + ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@ ''; muttrc = pkgs.writeText "muttrc" '' @@ -42,7 +43,7 @@ let set nm_record = yes set nm_record_tags = "-inbox me archive" set virtual_spoolfile=yes # enable virtual folders - set sendmail="msmtp" # enables parsing of outgoing mail + set sendmail="${msmtp}/bin/msmtp" # enables parsing of outgoing mail set use_from=yes set envelope_from=yes From 401d80610243f1eac1fcb123f51ce3ea6e2280da Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 22 Jun 2016 19:21:11 +0200 Subject: [PATCH 075/132] l 2: rename cbase to c-base --- lass/1systems/mors.nix | 3 +-- lass/2configs/{cbase.nix => c-base.nix} | 0 2 files changed, 1 insertion(+), 2 deletions(-) rename lass/2configs/{cbase.nix => c-base.nix} (100%) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index beb5659d0..062e4c29d 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -26,11 +26,10 @@ ../2configs/teamviewer.nix ../2configs/libvirt.nix ../2configs/fetchWallpaper.nix - ../2configs/cbase.nix + ../2configs/c-base.nix ../2configs/mail.nix ../2configs/krebs-pass.nix ../2configs/umts.nix - #../2configs/buildbot-standalone.nix { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ diff --git a/lass/2configs/cbase.nix b/lass/2configs/c-base.nix similarity index 100% rename from lass/2configs/cbase.nix rename to lass/2configs/c-base.nix From 926d3d453fb17d7636451849ce06642eefd3733e Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 22 Jun 2016 19:22:34 +0200 Subject: [PATCH 076/132] l 2 vim: update vim config --- lass/2configs/vim.nix | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index 105450fd8..9eed08635 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -14,8 +14,9 @@ let }; extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ - pkgs.vimPlugins.undotree pkgs.vimPlugins.Gundo + pkgs.vimPlugins.Syntastic + pkgs.vimPlugins.undotree (pkgs.vimUtils.buildVimPlugin { name = "file-line-1.0"; src = pkgs.fetchgit { @@ -40,22 +41,22 @@ let hi Normal ctermbg=235 hi Comment ctermfg=242 - hi Constant ctermfg=255 - hi Identifier ctermfg=253 - hi Function ctermfg=253 - hi Statement ctermfg=253 - hi PreProc ctermfg=251 - hi Type ctermfg=251 + hi Constant ctermfg=062 + hi Identifier ctermfg=068 + hi Function ctermfg=041 + hi Statement ctermfg=167 + hi PreProc ctermfg=167 + hi Type ctermfg=041 hi Delimiter ctermfg=251 - hi Special ctermfg=255 + hi Special ctermfg=062 hi Garbage ctermbg=088 hi TabStop ctermbg=016 hi Todo ctermfg=174 ctermbg=NONE - hi NixCode ctermfg=040 - hi NixData ctermfg=046 - hi NixQuote ctermfg=071 + hi NixCode ctermfg=148 + hi NixData ctermfg=149 + hi NixQuote ctermfg=150 hi diffNewFile ctermfg=207 hi diffFile ctermfg=207 @@ -171,12 +172,17 @@ let au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile + "Syntastic config + let g:syntastic_python_checkers=['flake8'] + nmap q :buffer nmap :buffer cnoremap noremap :q + vnoremap < >gv nnoremap [5^ :tabp nnoremap [6^ :tabn From 4717377e067c1945a15258708a1b64833b6d6b28 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 22 Jun 2016 19:26:07 +0200 Subject: [PATCH 077/132] l 2 radio: update stream metadata --- lass/2configs/radio.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 3a38af286..59678dbff 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -62,7 +62,7 @@ in { audio_output { type "shout" encoding "ogg" - name "my cool stream" + name "the_playlist" host "localhost" port "8000" mount "/radio.ogg" @@ -79,7 +79,7 @@ in { # Optional Parameters user "source" # description "here is my long description" - # genre "jazz" + genre "good music" } # end of audio_output ''; From a8dcedbb99151ce396d58573f339fa34d7537fa1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 22 Jun 2016 19:27:39 +0200 Subject: [PATCH 078/132] l 2 websites fritz: fix password protection --- lass/2configs/websites/fritz.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index 03574d578..39f0cce06 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -62,11 +62,11 @@ in { krebs.nginx.servers."biostase.de".locations = [ (nameValuePair "/old_biostase.de" '' auth_basic "Administrator Login"; - auth_basic_user_file /srv/http/biostase.de/old_biostase.de/.htaccess; + auth_basic_user_file /srv/http/biostase.de/old_biostase.de/.htpasswd; '') (nameValuePair "/mysqldumper" '' auth_basic "Administrator Login"; - auth_basic_user_file /srv/http/biostase.de/mysqldumper/.htaccess; + auth_basic_user_file /srv/http/biostase.de/mysqldumper/.htpasswd; '') ]; From a7310f526d611cb13f2f98ac46da1ab98d37ee24 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 23 Jun 2016 16:45:06 +0200 Subject: [PATCH 079/132] krebs 3 tinc_graphs: allow network different from retiolum --- krebs/3modules/tinc_graphs.nix | 59 +++++++++++++++++++++------------- 1 file changed, 37 insertions(+), 22 deletions(-) diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index dec89d249..0f1bae090 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -20,6 +20,18 @@ let default = "${pkgs.geolite-legacy}/share/GeoIP/GeoIPCity.dat"; }; + hostsPath = mkOption { + type = types.str; + description = "Path to Hosts directory"; + default = "${config.krebs.retiolum.hostsPackage}"; + }; + + network = mkOption { + type = types.str; + description = "Tinc Network to use"; + default = "retiolum"; + }; + nginx = { enable = mkEnableOption "enable tinc_graphs to be served with nginx"; @@ -73,10 +85,10 @@ let }; imp = { - environment.systemPackages = [ pkgs.tinc_graphs]; + environment.systemPackages = [ pkgs.tinc_graphs ]; systemd.timers.tinc_graphs = { description = "Build Tinc Graphs via via timer"; - wantedBy = [ "timers.target"]; + wantedBy = [ "timers.target" ]; timerConfig = cfg.timerConfig; }; systemd.services.tinc_graphs = { @@ -85,7 +97,8 @@ let EXTERNAL_FOLDER = external_dir; INTERNAL_FOLDER = internal_dir; GEODB = cfg.geodbPath; - TINC_HOSTPATH = config.krebs.retiolum.hostsPackage; + TINC_HOSTPATH = cfg.hostsPath; + TINC_NETWORK = cfg.network; }; restartIfChanged = true; @@ -103,7 +116,7 @@ let cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/external/." "${external_dir}" fi ''; - ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs"; + ExecStart = ''${pkgs.tinc_graphs}/bin/all-the-graphs "${cfg.network}"''; ExecStartPost = pkgs.writeDash "tinc_graphs-post" '' # TODO: this may break if workingDir is set to something stupid @@ -121,24 +134,26 @@ let uid = genid "tinc_graphs"; home = "/var/spool/tinc_graphs"; }; - - krebs.nginx.servers = mkIf cfg.nginx.enable { - tinc_graphs_complete = mkMerge [ cfg.nginx.complete { - locations = [ - (nameValuePair "/" '' - autoindex on; - root ${internal_dir}; - '') - ]; - }] ; - tinc_graphs_anonymous = mkMerge [ cfg.nginx.anonymous { - locations = [ - (nameValuePair "/" '' - autoindex on; - root ${external_dir}; - '') - ]; - }]; + krebs.nginx = mkIf cfg.nginx.enable { + enable = mkDefault true; + servers = { + tinc_graphs_complete = mkMerge [ cfg.nginx.complete { + locations = [ + (nameValuePair "/" '' + autoindex on; + root ${internal_dir}; + '') + ]; + }] ; + tinc_graphs_anonymous = mkMerge [ cfg.nginx.anonymous { + locations = [ + (nameValuePair "/" '' + autoindex on; + root ${external_dir}; + '') + ]; + }]; + }; }; }; From 5894ecc94233b72003ac859fab8b12c8ade7766a Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 23 Jun 2016 16:45:44 +0200 Subject: [PATCH 080/132] add siem internal network --- krebs/3modules/makefu/default.nix | 51 ++++++++++++++++++++++++++++--- makefu/2configs/default.nix | 2 ++ 2 files changed, 49 insertions(+), 4 deletions(-) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 14cee8e12..0b58c75cb 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -48,6 +48,12 @@ with config.krebs.lib; -----END RSA PUBLIC KEY----- ''; }; + siem = { + ip4.addr = "10.8.10.2"; + aliases = [ + "darth.siem" + ]; + }; }; }; tsp = { @@ -98,6 +104,12 @@ with config.krebs.lib; -----END RSA PUBLIC KEY----- ''; }; + siem = { + ip4.addr = "10.8.10.4"; + aliases = [ + "arch.siem" + ]; + }; }; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@pornocauster"; @@ -184,6 +196,8 @@ with config.krebs.lib; internet = { ip4.addr = "104.233.87.86"; aliases = [ + "wry.i" + "paste.i" "wry.internet" "paste.internet" ]; @@ -194,10 +208,10 @@ with config.krebs.lib; ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad"; aliases = [ "graphs.wry.retiolum" - "graphs.retiolum" + "graphs.r" "graphs.retiolum" "paste.wry.retiolum" - "paste.retiolum" - "wry.retiolum" + "paste.r" "paste.retiolum" + "wry.r" "wry.retiolum" "wiki.makefu.retiolum" "wiki.wry.retiolum" "blog.makefu.retiolum" @@ -343,6 +357,13 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB shoney = rec { cores = 1; nets = { + siem = { + ip4.addr = "10.8.10.1"; + aliases = [ + "sjump.siem" + "graphs.siem" + ]; + }; internet = { ip4.addr = "64.137.234.215"; aliases = [ @@ -456,6 +477,28 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB }; + lariat = rec { + cores = 2; + nets = { + retiolum = { + ip4.addr = "10.243.64.7"; + aliases = [ + "lariat.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAqiDzxADQYY8cWBH+R5aKSoxaFHLvPvVMgB7R1Y6QVTqD5YUCuINX + eBLFV9idHnHzdZU+xo/c8EFQf0hvyP0z3bcXaiw+RlpEYdK6tuaypJ3870toqWmA + 269H8ufA3DA0hxlY7dwnhg8Rb7KGIlNN8fy4RMGe73PupF5aAmiDiEhPalv4E0qJ + unmk5y1OHQFPxYm++yLo5SVFlcO89jDtGpvg5papp8JvtxTkrshby1lXf/sph3Cv + d1z6h7S+HgT+BMwTZY5dIrwYAcob/t1sRmWsY62P1n02RbiJFm27wg0t/ZcfsI2o + yBjRTiK5ACJaIdpM99/902gJsuJASPGB2QIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + soundflower = rec { cores = 1; nets = { @@ -598,6 +641,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB }; }; + } // { # hosts only maintained in stockholm, not owned by me muhbaasu = rec { cores = 1; nets = { @@ -626,7 +670,6 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB }; }; }; - } // { # hosts only maintained in stockholm, not owned by me tpsw = { cores = 2; owner = config.krebs.users.ciko; # main laptop diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index e7366e182..a753e6777 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -16,6 +16,8 @@ with config.krebs.lib; nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name); krebs = { enable = true; + + dns.providers.siem = "hosts"; search-domain = "retiolum"; build = { user = config.krebs.users.makefu; From 55905dabdf6b6e0bbed99b6ab1349d4e24d7578a Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 23 Jun 2016 16:56:13 +0200 Subject: [PATCH 081/132] ma 1 darth: remove nat --- makefu/1systems/darth.nix | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/makefu/1systems/darth.nix b/makefu/1systems/darth.nix index 08ac7e66e..5f1d6e121 100644 --- a/makefu/1systems/darth.nix +++ b/makefu/1systems/darth.nix @@ -33,16 +33,10 @@ in { firewall = { allowPing = true; logRefusedConnections = false; - allowedUDPPorts = [ 80 655 67 ]; - allowedTCPPorts = [ 80 655 ]; - }; - nat = { - enable = true; - internalIPs = [ "10.8.10.0/24" ]; - #internalInterfaces = [ "tinc.siem" ]; - externalIP = "10.8.8.2"; - externalInterface = "virbr3"; + allowedUDPPorts = [ 80 655 1655 67 ]; + allowedTCPPorts = [ 80 655 1655 ]; }; + # fallback connection to the internal virtual network interfaces.virbr3.ip4 = [{ address = "10.8.8.2"; prefixLength = 24; From 9287a667b666a65bbabdce9394eac22843cc1d27 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 23 Jun 2016 16:56:45 +0200 Subject: [PATCH 082/132] ma 1 pornocauster: add siem network --- makefu/1systems/pornocauster.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index 2fb93798a..7b6c18342 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -44,6 +44,14 @@ # ../2configs/temp/sabnzbd.nix ]; + services.tinc.networks.siem = { + name = "makefu"; + extraConfig = '' + ConnectTo = sdarth + ConnectTo = sjump + ''; + }; + krebs.nginx = { default404 = false; servers.default.listen = [ "80 default_server" ]; From b399ff906dc96c654d989b007c24fe7301ebd848 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 23 Jun 2016 16:57:19 +0200 Subject: [PATCH 083/132] ma 1 shoney: enable tinc_graphs for siem tinc --- makefu/1systems/shoney.nix | 46 +++++++++++++++++++++++++------------- 1 file changed, 31 insertions(+), 15 deletions(-) diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix index 48679fe58..1fe8871d2 100644 --- a/makefu/1systems/shoney.nix +++ b/makefu/1systems/shoney.nix @@ -1,5 +1,7 @@ { config, pkgs, ... }: let + tinc-siem-ip = "10.8.10.1"; + ip = "64.137.234.215"; alt-ip = "64.137.234.210"; extra-ip = "64.137.234.114"; #currently unused @@ -7,32 +9,46 @@ let in { imports = [ ../. + ../2configs/save-diskspace.nix ../2configs/hw/CAC.nix ../2configs/fs/CAC-CentOS-7-64bit.nix - ]; - services.tinc.networks.siem.name = "sjump"; - # minimal resources - services.nixosManual.enable = false; - programs.man.enable = false; - nix.gc.automatic = true; - nix.gc.dates = "03:10"; + services.tinc.networks.siem.name = "sjump"; krebs = { enable = true; retiolum.enable = true; build.host = config.krebs.hosts.shoney; + nginx.enable = true; + tinc_graphs = { + enable = true; + network = "siem"; + hostsPath = "/etc/tinc/siem/hosts"; + nginx = { + enable = true; + # TODO: remove hard-coded hostname + complete = { + listen = [ "${tinc-siem-ip}:80" ]; + server-names = [ "graphs.siem" ]; + }; + }; + }; }; - networking.interfaces.enp2s1.ip4 = [ - { address = ip; prefixLength = 24; } - { address = alt-ip; prefixLength = 24; } - ]; + networking = { + interfaces.enp2s1.ip4 = [ + { address = ip; prefixLength = 24; } + { address = alt-ip; prefixLength = 24; } + ]; - networking.defaultGateway = gw; - networking.nameservers = [ "8.8.8.8" ]; - networking.firewall.allowedUDPPorts = [ 655 1655 ]; - networking.firewall.allowedTCPPorts = [ 655 1655 ]; + defaultGateway = gw; + nameservers = [ "8.8.8.8" ]; + firewall = { + trustedInterfaces = [ "tinc.siem" ]; + allowedUDPPorts = [ 655 1655 ]; + allowedTCPPorts = [ 655 1655 ]; + }; + }; } From d5e0dcccd074d7e63cfa7fff35782cb92c101270 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 23 Jun 2016 16:57:36 +0200 Subject: [PATCH 084/132] ma 2 save-diskspace: init --- makefu/1systems/wry.nix | 9 ++------- makefu/2configs/save-diskspace.nix | 9 +++++++++ 2 files changed, 11 insertions(+), 7 deletions(-) create mode 100644 makefu/2configs/save-diskspace.nix diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index ed48c6abe..5788cb654 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -11,7 +11,7 @@ in { # TODO: copy this config or move to krebs ../2configs/hw/CAC.nix ../2configs/fs/CAC-CentOS-7-64bit.nix - ../2configs/headless.nix + ../2configs/save-diskspace.nix ../2configs/bepasty-dual.nix @@ -27,8 +27,7 @@ in { ../2configs/collectd/collectd-base.nix ]; krebs.retiolum.enable = true; - services.nixosManual.enable = false; - programs.man.enable = false; + krebs.build.host = config.krebs.hosts.wry; krebs.Reaktor = { @@ -83,9 +82,5 @@ in { nameservers = [ "8.8.8.8" ]; }; - # small machine - do not forget to gc every day - nix.gc.automatic = true; - nix.gc.dates = "03:10"; - environment.systemPackages = [ ]; } diff --git a/makefu/2configs/save-diskspace.nix b/makefu/2configs/save-diskspace.nix new file mode 100644 index 000000000..cc2b29cac --- /dev/null +++ b/makefu/2configs/save-diskspace.nix @@ -0,0 +1,9 @@ +_: +# TODO: do not check out nixpkgs master but fetch revision from github +{ + services.nixosManual.enable = false; + programs.man.enable = false; + services.journald.extraConfig = "SystemMaxUse=50M"; + nix.gc.automatic = true; + nix.gc.dates = "03:10"; +} From 3d1f3e697db96491adbe49fc516489fab81f6617 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Jun 2016 17:48:42 +0200 Subject: [PATCH 085/132] l 2 buildbot-standalone: build-all -> build-lass --- lass/2configs/buildbot-standalone.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 7d3c236a6..8fe2b4074 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -37,14 +37,14 @@ in { name="fast-all-branches", builderNames=["fast-tests"])) ''; - build-all-scheduler = '' + build-lass-scheduler = '' # build all lass hosts sched.append(schedulers.SingleBranchScheduler( ## only master change_filter=util.ChangeFilter(branch_re="master"), treeStableTimer=10, name="prism-master", - builderNames=["build-all"])) + builderNames=["build-lass"])) ''; }; builder_pre = '' @@ -52,7 +52,7 @@ in { grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental') # TODO: get nixpkgs/stockholm paths from krebs - env = { + env_lass = { "LOGNAME": "lass", "NIX_REMOTE": "daemon", "dummy_secrets": "true", @@ -73,12 +73,12 @@ in { factory.addStep(steps.ShellCommand(**kwargs)) ''; builder = { - build-all = '' + build-lass = '' f = util.BuildFactory() f.addStep(grab_repo) #TODO: get hosts via krebs for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]: - addShell(f,name="build-{}".format(i),env=env, + addShell(f,name="build-{}".format(i),env=env_lass, command=nixshell + \ ["make \ test \ @@ -87,7 +87,7 @@ in { method=build \ system={}".format(i)]) - bu.append(util.BuilderConfig(name="build-all", + bu.append(util.BuilderConfig(name="build-lass", slavenames=slavenames, factory=f)) @@ -96,12 +96,12 @@ in { f = util.BuildFactory() f.addStep(grab_repo) for i in [ "prism", "mors", "echelon" ]: - addShell(f,name="populate-{}".format(i),env=env, + addShell(f,name="populate-{}".format(i),env=env_lass, command=nixshell + \ ["{}( make system={} eval.config.krebs.build.populate \ | jq -er .)".format("!" if "failing" in i else "",i)]) - addShell(f,name="build-test-minimal",env=env, + addShell(f,name="build-test-minimal",env=env_lass, command=nixshell + \ ["nix-instantiate \ --show-trace --eval --strict --json \ From 0b633d01e50e4d1d022cce56ad771153f6888534 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 23 Jun 2016 17:50:48 +0200 Subject: [PATCH 086/132] add dummy secrets --- makefu/6tests/data/secrets/bepasty-secret.nix | 1 + makefu/6tests/data/secrets/hashedPasswords.nix | 1 + makefu/6tests/data/secrets/iodinepw.nix | 1 + makefu/6tests/data/secrets/retiolum-ci.rsa_key.priv | 0 makefu/6tests/data/secrets/retiolum.rsa_key.priv | 0 makefu/6tests/data/secrets/retiolum.rsa_key.pub | 0 makefu/6tests/data/secrets/sambacred | 0 makefu/6tests/data/secrets/ssh.makefu.id_rsa | 0 makefu/6tests/data/secrets/ssh.makefu.id_rsa.pub | 0 makefu/6tests/data/secrets/ssh_host_ed25519_key | 0 makefu/6tests/data/secrets/tinc.krebsco.de.crt | 0 makefu/6tests/data/secrets/tinc.krebsco.de.key | 0 makefu/6tests/data/secrets/tw-pass.ini | 0 makefu/6tests/data/secrets/wildcard.krebsco.de.crt | 0 makefu/6tests/data/secrets/wildcard.krebsco.de.key | 0 15 files changed, 3 insertions(+) create mode 100644 makefu/6tests/data/secrets/bepasty-secret.nix create mode 100644 makefu/6tests/data/secrets/hashedPasswords.nix create mode 100644 makefu/6tests/data/secrets/iodinepw.nix create mode 100644 makefu/6tests/data/secrets/retiolum-ci.rsa_key.priv create mode 100644 makefu/6tests/data/secrets/retiolum.rsa_key.priv create mode 100644 makefu/6tests/data/secrets/retiolum.rsa_key.pub create mode 100644 makefu/6tests/data/secrets/sambacred create mode 100644 makefu/6tests/data/secrets/ssh.makefu.id_rsa create mode 100644 makefu/6tests/data/secrets/ssh.makefu.id_rsa.pub create mode 100644 makefu/6tests/data/secrets/ssh_host_ed25519_key create mode 100644 makefu/6tests/data/secrets/tinc.krebsco.de.crt create mode 100644 makefu/6tests/data/secrets/tinc.krebsco.de.key create mode 100644 makefu/6tests/data/secrets/tw-pass.ini create mode 100644 makefu/6tests/data/secrets/wildcard.krebsco.de.crt create mode 100644 makefu/6tests/data/secrets/wildcard.krebsco.de.key diff --git a/makefu/6tests/data/secrets/bepasty-secret.nix b/makefu/6tests/data/secrets/bepasty-secret.nix new file mode 100644 index 000000000..f5e704702 --- /dev/null +++ b/makefu/6tests/data/secrets/bepasty-secret.nix @@ -0,0 +1 @@ +"derp" diff --git a/makefu/6tests/data/secrets/hashedPasswords.nix b/makefu/6tests/data/secrets/hashedPasswords.nix new file mode 100644 index 000000000..0967ef424 --- /dev/null +++ b/makefu/6tests/data/secrets/hashedPasswords.nix @@ -0,0 +1 @@ +{} diff --git a/makefu/6tests/data/secrets/iodinepw.nix b/makefu/6tests/data/secrets/iodinepw.nix new file mode 100644 index 000000000..f5e704702 --- /dev/null +++ b/makefu/6tests/data/secrets/iodinepw.nix @@ -0,0 +1 @@ +"derp" diff --git a/makefu/6tests/data/secrets/retiolum-ci.rsa_key.priv b/makefu/6tests/data/secrets/retiolum-ci.rsa_key.priv new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/6tests/data/secrets/retiolum.rsa_key.priv b/makefu/6tests/data/secrets/retiolum.rsa_key.priv new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/6tests/data/secrets/retiolum.rsa_key.pub b/makefu/6tests/data/secrets/retiolum.rsa_key.pub new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/6tests/data/secrets/sambacred b/makefu/6tests/data/secrets/sambacred new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/6tests/data/secrets/ssh.makefu.id_rsa b/makefu/6tests/data/secrets/ssh.makefu.id_rsa new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/6tests/data/secrets/ssh.makefu.id_rsa.pub b/makefu/6tests/data/secrets/ssh.makefu.id_rsa.pub new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/6tests/data/secrets/ssh_host_ed25519_key b/makefu/6tests/data/secrets/ssh_host_ed25519_key new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/6tests/data/secrets/tinc.krebsco.de.crt b/makefu/6tests/data/secrets/tinc.krebsco.de.crt new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/6tests/data/secrets/tinc.krebsco.de.key b/makefu/6tests/data/secrets/tinc.krebsco.de.key new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/6tests/data/secrets/tw-pass.ini b/makefu/6tests/data/secrets/tw-pass.ini new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/6tests/data/secrets/wildcard.krebsco.de.crt b/makefu/6tests/data/secrets/wildcard.krebsco.de.crt new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/6tests/data/secrets/wildcard.krebsco.de.key b/makefu/6tests/data/secrets/wildcard.krebsco.de.key new file mode 100644 index 000000000..e69de29bb From b709634ce9e61323b19aaf1b31c433f79f556fad Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 23 Jun 2016 17:54:12 +0200 Subject: [PATCH 087/132] ma 2 add support for dummy secrets --- makefu/2configs/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index a753e6777..422927b28 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -26,7 +26,9 @@ with config.krebs.lib; url = https://github.com/nixos/nixpkgs; rev = "63b9785"; # stable @ 2016-06-01 }; - secrets = "/home/makefu/secrets/${config.krebs.build.host.name}/"; + secrets = if getEnv "dummy_secrets" == "true" + then toString + else "/home/makefu/secrets/${config.krebs.build.host.name}"; stockholm = "/home/makefu/stockholm"; # Defaults for all stockholm users? From 3716ece83b97500e39d08b45acf34dbb78af4b29 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 23 Jun 2016 23:13:50 +0200 Subject: [PATCH 088/132] m 5 bintray-upload:init --- makefu/5pkgs/bintray-upload/default.nix | 19 +++++++++++++++++++ makefu/5pkgs/default.nix | 3 ++- 2 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 makefu/5pkgs/bintray-upload/default.nix diff --git a/makefu/5pkgs/bintray-upload/default.nix b/makefu/5pkgs/bintray-upload/default.nix new file mode 100644 index 000000000..1e9582cca --- /dev/null +++ b/makefu/5pkgs/bintray-upload/default.nix @@ -0,0 +1,19 @@ +{ pkgs, ... }: + +pkgs.python3Packages.buildPythonPackage rec { + name = "bintray-upload-${version}"; + version = "0.1.2"; + src = pkgs.fetchFromGitHub { + owner = "makefu"; + repo = "bintray-upload"; + rev = "4e76724"; + sha256 = "1401saisk98n5wgw73nwh8hb484vayw5c6dlypxc1fp4ybym4zi9"; + }; + + propagatedBuildInputs = with pkgs.python3Packages; [ requests2 ]; + + meta = { + description = "Simple BinTray utility for uploading packages"; + license = pkgs.stdenv.lib.licenses.asl20; + }; +} diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 6d227fa6d..bb6290af2 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -13,7 +13,8 @@ in nodemcu-uploader = callPackage ./nodemcu-uploader {}; tw-upload-plugin = callPackage ./tw-upload-plugin {}; inherit (callPackage ./devpi {}) devpi-web devpi-server; - skytraq-logger = callPackage ./skytraq-logger/ {}; + skytraq-logger = callPackage ./skytraq-logger {}; taskserver = callPackage ./taskserver {}; + bintray-upload = callPackage ./bintray-upload {}; }; } From edcc01d8e3e8c86f6329dbd7fc4c125a6da0f397 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 24 Jun 2016 15:24:42 +0200 Subject: [PATCH 089/132] k 3 repo-sync: refactor, allow multiple repos --- krebs/3modules/repo-sync.nix | 126 +++++++++++++++++++---------------- 1 file changed, 68 insertions(+), 58 deletions(-) diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix index c5c806cdf..2388c3617 100644 --- a/krebs/3modules/repo-sync.nix +++ b/krebs/3modules/repo-sync.nix @@ -11,38 +11,39 @@ let api = { enable = mkEnableOption "repo-sync"; - config = mkOption { - type = with types;attrsOf (attrsOf (attrsOf str)); + repos = mkOption { + type = with types;attrsOf (attrsOf (attrsOf (attrsOf str))); example = literalExample '' # see `repo-sync --help` # `ref` provides sane defaults and can be omitted # attrset will be converted to json and be used as config - { + { repo = { makefu = { - origin = { - url = http://github.com/makefu/repo ; - ref = "heads/dev" ; - }; - mirror = { - url = "git@internal:mirror" ; - ref = "heads/github-mirror-dev" ; - }; + origin = { + url = http://github.com/makefu/repo ; + ref = "heads/dev" ; + }; + mirror = { + url = "git@internal:mirror" ; + ref = "heads/github-mirror-dev" ; + }; }; lass = { - origin = { - url = http://github.com/lass/repo ; - }; - mirror = { - url = "git@internal:mirror" ; - }; + origin = { + url = http://github.com/lass/repo ; + }; + mirror = { + url = "git@internal:mirror" ; + }; }; "@latest" = { - mirror = { - url = "git@internal:mirror"; - ref = "heads/master"; - }; + mirror = { + url = "git@internal:mirror"; + ref = "heads/master"; + }; }; + }; }; ''; }; @@ -56,53 +57,62 @@ let type = types.str; default = "/var/lib/repo-sync"; }; - privateKeyFile = mkOption { - type = types.str; - description = '' - used by repo-sync to identify with ssh service - ''; - default = toString ; + + user = mkOption { + type = types.user; + default = { + name = "repo-sync"; + home = cfg.stateDir; + }; }; + + privateKeyFile = mkOption { + type = types.secret-file; + default = { + path = "${cfg.stateDir}/ssh.priv"; + owner = cfg.user; + source-path = toString + "/repo-sync.ssh.key"; + }; + }; + }; - repo-sync-config = pkgs.writeText "repo-sync-config.json" - (builtins.toJSON cfg.config); imp = { - users.users.repo-sync = { - name = "repo-sync"; - uid = genid "repo-sync"; - description = "repo-sync user"; - home = cfg.stateDir; + users.users.${cfg.user.name} = { + inherit (cfg.user) home name uid; createHome = true; + description = "repo-sync user"; }; - systemd.timers.repo-sync = { - description = "repo-sync timer"; - wantedBy = [ "timers.target" ]; + systemd.timers = mapAttrs' (name: repo: + nameValuePair "repo-sync-${name}" { + description = "repo-sync timer"; + wantedBy = [ "timers.target" ]; - timerConfig = cfg.timerConfig; - }; - systemd.services.repo-sync = { - description = "repo-sync"; - after = [ "network.target" ]; + timerConfig = cfg.timerConfig; + } + ) cfg.repos; - path = with pkgs; [ ]; + systemd.services = mapAttrs' (name: repo: + let + repo-sync-config = pkgs.writeText "repo-sync-config-${name}.json" + (builtins.toJSON repo); + in nameValuePair "repo-sync-${name}" { + description = "repo-sync"; + after = [ "network.target" "secret.service" ]; - environment = { - GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv"; - }; + environment = { + GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv"; + }; - serviceConfig = { - Type = "simple"; - PermissionsStartOnly = true; - ExecStartPre = pkgs.writeDash "prepare-repo-sync-user" '' - cp -v ${shell.escape cfg.privateKeyFile} ${cfg.stateDir}/ssh.priv - chown repo-sync ${cfg.stateDir}/ssh.priv - ''; - ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}"; - WorkingDirectory = cfg.stateDir; - User = "repo-sync"; - }; - }; + serviceConfig = { + Type = "simple"; + PermissionsStartOnly = true; + ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}"; + WorkingDirectory = cfg.stateDir; + User = "repo-sync"; + }; + } + ) cfg.repos; }; in out From 2de4843bae0d2c107d0f971ec40fac522003503c Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 24 Jun 2016 15:27:23 +0200 Subject: [PATCH 090/132] k 3 l: add prism-repo-sync pubkey --- krebs/3modules/lass/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 760c2d69d..5f7afa013 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -296,5 +296,9 @@ with config.krebs.lib; fritz = { pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540"; }; + prism-repo-sync = { + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINR9oL/OPHjjKjQ+IyRqWpgrXdZrKKAwFKIte8gYml6C"; + mail = "lass@prism.r"; + }; }; } From 4cc64a460e2246a29cd9290a1816f4c612b88965 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 24 Jun 2016 15:31:57 +0200 Subject: [PATCH 091/132] l 2 git: revoke helios access rights --- lass/2configs/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index c0affe981..a25e3e212 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -84,7 +84,7 @@ let with git // config.krebs.users; repo: singleton { - user = [ lass lass-helios lass-uriel ]; + user = [ lass lass-uriel ]; repo = [ repo ]; perm = push "refs/*" [ non-fast-forward create delete merge ]; } ++ From 7adf05999a11c4be6031f908fd9f1fec24bedf90 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 24 Jun 2016 15:32:33 +0200 Subject: [PATCH 092/132] l 2: add repo-sync --- lass/2configs/repo-sync.nix | 68 +++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 lass/2configs/repo-sync.nix diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix new file mode 100644 index 000000000..bb5123a02 --- /dev/null +++ b/lass/2configs/repo-sync.nix @@ -0,0 +1,68 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; + +let + mirror = "git@${config.networking.hostName}:"; + + sync = name: let + repo = { + public = true; + name = mkDefault "${name}"; + cgit.desc = mkDefault "mirror for all ${name} branches"; + hooks = mkDefault { + post-receive = pkgs.git-hooks.irc-announce { + nick = config.networking.hostName; + verbose = false; + channel = "#retiolum"; + server = "cd.retiolum"; + }; + }; + }; + in { + krebs.repo-sync.repos.${name} = { + makefu = { + origin.url = "http://cgit.gum/${name}"; + mirror.url = "${mirror}${name}"; + }; + tv = { + origin.url = "http://cgit.cd/${name}"; + mirror.url = "${mirror}${name}"; + }; + lassulus = { + origin.url = "http://cgit.prism/${name}"; + mirror.url = "${mirror}${name}"; + }; + "@latest" = { + mirror.url = "${mirror}${name}"; + mirror.ref = "heads/newest"; + }; + }; + krebs.git = { + rules = with git; singleton { + user = [ config.krebs.users."${config.networking.hostName}-repo-sync" ]; + repo = [ repo ]; + perm = push ''refs/*'' [ non-fast-forward create delete merge ]; + }; + repos."${name}" = repo; + }; + }; + +in { + krebs.repo-sync = { + enable = true; + privateKeyFile = toString ; + }; + imports = [ + (sync "stockholm") + (sync "realwallpaper") + (sync "xmonad-stockholm") + (sync "newsbot-js") + (sync "go") + (sync "wai-middleware-time") + (sync "web-routes-wai-custom") + (sync "much") + (sync "painload") + ]; +} + From dd1c0e7a587a2580ddb0ca4fd318324bcb21e214 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 24 Jun 2016 15:35:47 +0200 Subject: [PATCH 093/132] l 1 prism: activate repo-sync --- lass/1systems/prism.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 9a9bd4730..d4207d2e1 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -19,6 +19,7 @@ in { ../2configs/privoxy-retiolum.nix ../2configs/radio.nix ../2configs/buildbot-standalone.nix + ../2configs/repo-sync.nix { imports = [ ../2configs/git.nix From fe1e9a6c91c347bd92ebc1ef8acf7b4849fdf767 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 24 Jun 2016 15:41:18 +0200 Subject: [PATCH 094/132] l 2 git: remove repos now handled by repo-sync --- lass/2configs/git.nix | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index a25e3e212..8577d143c 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -29,18 +29,10 @@ let rules = concatMap make-rules (attrValues repos); public-repos = mapAttrs make-public-repo { - painload = {}; stockholm = { cgit.desc = "take all the computers hostage, they'll love you!"; }; - wai-middleware-time = {}; - web-routes-wai-custom = {}; - go = {}; - newsbot-js = {}; kimsufi-check = {}; - realwallpaper = {}; - xmonad-stockholm = {}; - the_playlist = {}; } // mapAttrs make-public-repo-silent { the_playlist = {}; }; @@ -50,8 +42,6 @@ let brain = { collaborators = with config.krebs.users; [ tv makefu ]; }; - extraction_webinterface = {}; - politics-fetching = {}; } // import { inherit config lib pkgs; } ); From ba0a7978ba56cd0965c7331e6c0aa759ff26a984 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 24 Jun 2016 16:04:04 +0200 Subject: [PATCH 095/132] k 3 repo-sync: set REPONAME This is needed to allow multiple repo fetching at the same time --- krebs/3modules/repo-sync.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix index 2388c3617..3f251525a 100644 --- a/krebs/3modules/repo-sync.nix +++ b/krebs/3modules/repo-sync.nix @@ -103,6 +103,7 @@ let environment = { GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv"; + REPONAME = "${name}.git"; }; serviceConfig = { From fa3acf32fc2e4c72a13b59f167d75a6c5728a7bd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 25 Jun 2016 09:55:36 +0200 Subject: [PATCH 096/132] l 2 buildbot: build-lass from /newest --- lass/2configs/buildbot-standalone.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 8fe2b4074..66e7e47b0 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -40,8 +40,7 @@ in { build-lass-scheduler = '' # build all lass hosts sched.append(schedulers.SingleBranchScheduler( - ## only master - change_filter=util.ChangeFilter(branch_re="master"), + change_filter=util.ChangeFilter(branch_re="newest"), treeStableTimer=10, name="prism-master", builderNames=["build-lass"])) From 1c854703b23bfc7e5bad43762063493c6061ab4f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 25 Jun 2016 09:56:20 +0200 Subject: [PATCH 097/132] l 2: set stockholm to $PWD --- lass/2configs/default.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 9e0e37e48..1c79de435 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -63,9 +63,7 @@ with config.krebs.lib; then toString else "/home/lass/secrets/${config.krebs.build.host.name}"; #secrets-common = "/home/lass/secrets/common"; - stockholm = if getEnv "dummy_secrets" == "true" - then "/var/lib/buildbot/slave/build-all/build" - else "/home/lass/stockholm"; + stockholm = getEnv "PWD"; } // optionalAttrs config.krebs.build.host.secure { #secrets-master = "/home/lass/secrets/master"; }); From 28b539875032effd3770bb97355ee9d2177dd1aa Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 25 Jun 2016 09:58:00 +0200 Subject: [PATCH 098/132] l 2 buildbot: add makefu tests --- lass/2configs/buildbot-standalone.nix | 32 +++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 66e7e47b0..fefe01e0a 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -37,6 +37,14 @@ in { name="fast-all-branches", builderNames=["fast-tests"])) ''; + build-makefu-scheduler = '' + # build makefu hosts + sched.append(schedulers.SingleBranchScheduler( + change_filter=util.ChangeFilter(branch_re="newest"), + treeStableTimer=10, + name="prism-newest", + builderNames=["build-makefu"])) + ''; build-lass-scheduler = '' # build all lass hosts sched.append(schedulers.SingleBranchScheduler( @@ -56,6 +64,11 @@ in { "NIX_REMOTE": "daemon", "dummy_secrets": "true", } + env_makefu = { + "LOGNAME": "makefu", + "NIX_REMOTE": "daemon", + "dummy_secrets": "true", + } # prepare nix-shell # the dependencies which are used by the test script @@ -90,6 +103,25 @@ in { slavenames=slavenames, factory=f)) + ''; + build-makefu = '' + f = util.BuildFactory() + f.addStep(grab_repo) + #TODO: get hosts via krebs + for i in [ "pornocauster", "wry" ]: + addShell(f,name="build-{}".format(i),env=env_makefu, + command=nixshell + \ + ["make \ + test \ + ssh=${sshWrapper} \ + target=build@localhost:${config.users.users.build.home}/testbuild \ + method=build \ + system={}".format(i)]) + + bu.append(util.BuilderConfig(name="build-makefu", + slavenames=slavenames, + factory=f)) + ''; fast-tests = '' f = util.BuildFactory() From 43a8f0977526d48057d0da64e26ff9ae5a0a11a4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 25 Jun 2016 10:39:35 +0200 Subject: [PATCH 099/132] l 2 buildbot: build on all branches --- lass/2configs/buildbot-standalone.nix | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index fefe01e0a..46d50faac 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -37,21 +37,13 @@ in { name="fast-all-branches", builderNames=["fast-tests"])) ''; - build-makefu-scheduler = '' - # build makefu hosts + build-scheduler = '' + # build all hosts sched.append(schedulers.SingleBranchScheduler( - change_filter=util.ChangeFilter(branch_re="newest"), + change_filter=util.ChangeFilter(branch_re=".*"), treeStableTimer=10, - name="prism-newest", - builderNames=["build-makefu"])) - ''; - build-lass-scheduler = '' - # build all lass hosts - sched.append(schedulers.SingleBranchScheduler( - change_filter=util.ChangeFilter(branch_re="newest"), - treeStableTimer=10, - name="prism-master", - builderNames=["build-lass"])) + name="prism-all-branches", + builderNames=["build-lass", "build-makefu"])) ''; }; builder_pre = '' From 7089eea04132c062fb9e3b4fe53f09542238e6e9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 25 Jun 2016 11:01:56 +0200 Subject: [PATCH 100/132] l 2 buildbot: merge build-lass and build-makefu --- lass/2configs/buildbot-standalone.nix | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 46d50faac..04bdcf9d8 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -43,7 +43,7 @@ in { change_filter=util.ChangeFilter(branch_re=".*"), treeStableTimer=10, name="prism-all-branches", - builderNames=["build-lass", "build-makefu"])) + builderNames=["build-all"])) ''; }; builder_pre = '' @@ -77,10 +77,9 @@ in { factory.addStep(steps.ShellCommand(**kwargs)) ''; builder = { - build-lass = '' + build-all = '' f = util.BuildFactory() f.addStep(grab_repo) - #TODO: get hosts via krebs for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]: addShell(f,name="build-{}".format(i),env=env_lass, command=nixshell + \ @@ -91,15 +90,6 @@ in { method=build \ system={}".format(i)]) - bu.append(util.BuilderConfig(name="build-lass", - slavenames=slavenames, - factory=f)) - - ''; - build-makefu = '' - f = util.BuildFactory() - f.addStep(grab_repo) - #TODO: get hosts via krebs for i in [ "pornocauster", "wry" ]: addShell(f,name="build-{}".format(i),env=env_makefu, command=nixshell + \ @@ -110,11 +100,12 @@ in { method=build \ system={}".format(i)]) - bu.append(util.BuilderConfig(name="build-makefu", + bu.append(util.BuilderConfig(name="build-all", slavenames=slavenames, factory=f)) ''; + fast-tests = '' f = util.BuildFactory() f.addStep(grab_repo) From 6ebd5f13e6ea9076eb917d06e19a2b216f75ca01 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 25 Jun 2016 13:10:13 +0200 Subject: [PATCH 101/132] l 2 repo-sync: fetch some remote repos --- lass/2configs/repo-sync.nix | 97 ++++++++++++++++++++++++------------- 1 file changed, 62 insertions(+), 35 deletions(-) diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index bb5123a02..9b1e80537 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -5,7 +5,7 @@ with config.krebs.lib; let mirror = "git@${config.networking.hostName}:"; - sync = name: let + defineRepo = name: let repo = { public = true; name = mkDefault "${name}"; @@ -20,49 +20,76 @@ let }; }; in { - krebs.repo-sync.repos.${name} = { - makefu = { - origin.url = "http://cgit.gum/${name}"; - mirror.url = "${mirror}${name}"; - }; - tv = { - origin.url = "http://cgit.cd/${name}"; - mirror.url = "${mirror}${name}"; - }; - lassulus = { - origin.url = "http://cgit.prism/${name}"; - mirror.url = "${mirror}${name}"; - }; - "@latest" = { - mirror.url = "${mirror}${name}"; - mirror.ref = "heads/newest"; - }; - }; - krebs.git = { - rules = with git; singleton { - user = [ config.krebs.users."${config.networking.hostName}-repo-sync" ]; - repo = [ repo ]; - perm = push ''refs/*'' [ non-fast-forward create delete merge ]; - }; - repos."${name}" = repo; + rules = with git; singleton { + user = [ config.krebs.users."${config.networking.hostName}-repo-sync" ]; + repo = [ repo ]; + perm = push ''refs/*'' [ non-fast-forward create delete merge ]; }; + repos."${name}" = repo; }; + sync-retiolum = name: + { + krebs.repo-sync.repos.${name} = { + makefu = { + origin.url = "http://cgit.gum/${name}"; + mirror.url = "${mirror}${name}"; + }; + tv = { + origin.url = "http://cgit.cd/${name}"; + mirror.url = "${mirror}${name}"; + }; + lassulus = { + origin.url = "http://cgit.prism/${name}"; + mirror.url = "${mirror}${name}"; + }; + "@latest" = { + mirror.url = "${mirror}${name}"; + mirror.ref = "heads/newest"; + }; + }; + krebs.git = defineRepo name; + }; + + sync-remote = name: url: + { + krebs.repo-sync.repos.${name} = { + remote = { + origin.url = url; + mirror.url = "${mirror}${name}"; + }; + "@latest" = { + mirror.url = "${mirror}${name}"; + mirror.ref = "heads/newest"; + }; + }; + krebs.git = defineRepo name; + }; + + in { krebs.repo-sync = { enable = true; privateKeyFile = toString ; }; imports = [ - (sync "stockholm") - (sync "realwallpaper") - (sync "xmonad-stockholm") - (sync "newsbot-js") - (sync "go") - (sync "wai-middleware-time") - (sync "web-routes-wai-custom") - (sync "much") - (sync "painload") + (sync-remote "array" "https://github.com/makefu/array") + (sync-remote "email-header" "https://github.com/4z3/email-header") + (sync-remote "mycube-flask" "https://github.com/makefu/mycube-flask") + (sync-remote "nixpkgs" "https://github.com/nixos/nixpkgs") + (sync-remote "reaktor-titlebot" "https://github.com/makefu/reaktor-titlebot") + (sync-remote "repo-sync" "https://github.com/makefu/repo-sync") + (sync-remote "skytraq-datalogger" "https://github.com/makefu/skytraq-datalogger") + (sync-remote "xintmap" "https://github.com/4z3/xintmap") + (sync-retiolum "go") + (sync-retiolum "much") + (sync-retiolum "newsbot-js") + (sync-retiolum "painload") + (sync-retiolum "realwallpaper") + (sync-retiolum "stockholm") + (sync-retiolum "wai-middleware-time") + (sync-retiolum "web-routes-wai-custom") + (sync-retiolum "xmonad-stockholm") ]; } From d4546fffdd02402607b4e87d0c4bae87db2beb5c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 25 Jun 2016 13:18:37 +0200 Subject: [PATCH 102/132] l 5: add q --- lass/5pkgs/default.nix | 1 + lass/5pkgs/q/default.nix | 185 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 186 insertions(+) create mode 100644 lass/5pkgs/q/default.nix diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index 73e41790d..0ea7912de 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -10,6 +10,7 @@ }; mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {}; mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {}; + q = pkgs.callPackage ./q {}; rs = pkgs.callPackage ./rs/default.nix {}; untilport = pkgs.callPackage ./untilport/default.nix {}; urban = pkgs.callPackage ./urban/default.nix {}; diff --git a/lass/5pkgs/q/default.nix b/lass/5pkgs/q/default.nix new file mode 100644 index 000000000..571932b1d --- /dev/null +++ b/lass/5pkgs/q/default.nix @@ -0,0 +1,185 @@ +{ pkgs, ... }: +let + q-cal = let + # XXX 23 is the longest line of cal's output + pad = ''{ + ${pkgs.gnused}/bin/sed ' + # rtrim + s/ *$// + + # delete last empty line + ''${/^$/d} + ' \ + | ${pkgs.gawk}/bin/awk '{printf "%-23s\n", $0}' \ + | ${pkgs.gnused}/bin/sed ' + # colorize header + 1,2s/.*/&/ + + # colorize week number + s/^[ 1-9][0-9]/&/ + ' + }''; + in '' + ${pkgs.coreutils}/bin/paste \ + <(${pkgs.utillinux}/bin/cal -mw \ + $(${pkgs.coreutils}/bin/date +'%m %Y' -d 'last month') \ + | ${pad} + ) \ + <(${pkgs.utillinux}/bin/cal -mw \ + | ${pkgs.gnused}/bin/sed ' + # colorize day of month + s/\(^\| \)'"$(${pkgs.coreutils}/bin/date +%e)"'\>/&/ + ' \ + | ${pad} + ) \ + <(${pkgs.utillinux}/bin/cal -mw \ + $(${pkgs.coreutils}/bin/date +'%m %Y' -d 'next month') \ + | ${pad} + ) \ + | ${pkgs.gnused}/bin/sed 's/\t/ /g' + ''; + + q-isodate = '' + ${pkgs.coreutils}/bin/date \ + '+%Y-%m-%dT%H:%M:%S%:z' + ''; + + q-gitdir = '' + if test -d .git; then + #git status --porcelain + branch=$( + ${pkgs.git}/bin/git branch \ + | ${pkgs.gnused}/bin/sed -rn 's/^\* (.*)/\1/p' + ) + echo "± $LOGNAME@''${HOSTNAME-$(${pkgs.nettools}/bin/hostname)}:$PWD .git $branch" + fi + ''; + + q-power_supply = '' + for uevent in /sys/class/power_supply/*/uevent; do + if test -f $uevent; then + eval "$(${pkgs.gnused}/bin/sed -n ' + s/^\([A-Z_]\+=\)\(.*\)/\1'\'''\2'\'''/p + ' $uevent)" + + if test "x''${POWER_SUPPLY_CHARGE_NOW-}" = x; then + continue + fi + + charge_percentage=$(echo " + scale=2 + $POWER_SUPPLY_CHARGE_NOW / $POWER_SUPPLY_CHARGE_FULL + " | ${pkgs.bc}/bin/bc) + + lfc=$POWER_SUPPLY_CHARGE_FULL + rc=$POWER_SUPPLY_CHARGE_NOW + #rc=2800 + N=78; N=76 + N=10 + n=$(echo $N-1 | ${pkgs.bc}/bin/bc) + centi=$(echo "$rc*100/$lfc" | ${pkgs.bc}/bin/bc) + deci=$(echo "$rc*$N/$lfc" | ${pkgs.bc}/bin/bc) + energy_evel=$( + echo -n '☳ ' # TRIGRAM FOR THUNDER + if test $centi -ge 42; then echo -n '' + elif test $centi -ge 23; then echo -n '' + elif test $centi -ge 11; then echo -n '' + else echo -n ''; fi + for i in $(${pkgs.coreutils}/bin/seq 1 $deci); do + echo -n ■ + done + echo -n '' + for i in $(${pkgs.coreutils}/bin/seq $deci $n); do + echo -n ■ + done + echo '' $rc #/ $lfc + ) + echo "$energy_evel $charge_percentage" + fi + done + ''; + + q-virtualization = '' + echo "VT: $(${pkgs.systemd}/bin/systemd-detect-virt)" + ''; + + q-wireless = '' + for dev in $( + ${pkgs.iw}/bin/iw dev \ + | ${pkgs.gnused}/bin/sed -n 's/^\s*Interface\s\+\([0-9a-z]\+\)$/\1/p' + ); do + inet=$(${pkgs.iproute}/bin/ip addr show $dev \ + | ${pkgs.gnused}/bin/sed -n ' + s/.*inet \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*/\1/p + ') \ + || unset inet + ssid=$(${pkgs.iw}/bin/iw dev $dev link \ + | ${pkgs.gnused}/bin/sed -n ' + s/.*\tSSID: \(.*\)/\1/p + ') \ + || unset ssid + echo "$dev''${inet+ $inet}''${ssid+ $ssid}" + done + ''; + + q-online = '' + if ${pkgs.curl}/bin/curl -s google.com >/dev/null; then + echo 'online' + else + echo offline + fi + ''; + + q-thermal_zone = '' + for i in /sys/class/thermal/thermal_zone*; do + type=$(${pkgs.coreutils}/bin/cat $i/type) + temp=$(${pkgs.coreutils}/bin/cat $i/temp) + printf '%s %s°C\n' $type $(echo $temp / 1000 | ${pkgs.bc}/bin/bc) + done + ''; + + q-todo = '' + TODO_file=$HOME/TODO + if test -e "$TODO_file"; then + ${pkgs.coreutils}/bin/cat "$TODO_file" \ + | ${pkgs.gawk}/bin/gawk -v now=$(${pkgs.coreutils}/bin/date +%s) ' + BEGIN { print "remind=0" } + /^[0-9]/{ + x = $1 + gsub(".", "\\\\&", x) + rest = substr($0, index($0, " ")) + rest = $0 + sub(" *", "", rest) + gsub(".", "\\\\&", rest) + print "test $(${pkgs.coreutils}/bin/date +%s -d"x") -lt "now" && \ + echo \"\x1b[38;5;208m\""rest esc "\"\x1b[m\" && \ + (( remind++ ))" + } + END { print "test $remind = 0 && echo \"nothing to remind\"" } + ' \ + | { + # bash needed for (( ... )) + ${pkgs.bash}/bin/bash + } + else + echo "$TODO_file: no such file or directory" + fi + ''; + +in +# bash needed for <(...) +pkgs.writeBashBin "q" '' + set -eu + export PATH=/var/empty + ${q-cal} + echo + ${q-isodate} + (${q-gitdir}) & + (${q-power_supply}) & + (${q-virtualization}) & + (${q-wireless}) & + (${q-online}) & + (${q-thermal_zone}) & + wait + ${q-todo} +'' From 6d1a29522a136adcfb3a5cfdd39cd0cdda0a794f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 25 Jun 2016 13:18:46 +0200 Subject: [PATCH 103/132] l 2: add q to pkgs --- lass/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 1c79de435..95c6cf3e2 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -120,6 +120,7 @@ with config.krebs.lib; krebspaste pciutils psmisc + q rs tmux untilport From 2b74d0defdc3c97ffa5e1f18a5e86637f208d7cb Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 25 Jun 2016 18:38:30 +0200 Subject: [PATCH 104/132] l: cleanup --- lass/1systems/cloudkrebs.nix | 1 - lass/1systems/echelon.nix | 2 +- lass/1systems/mors.nix | 38 +---------------- lass/1systems/prism.nix | 2 +- lass/1systems/shodan.nix | 26 +----------- lass/2configs/binary-caches.nix | 13 ------ lass/2configs/hw/tp-x220.nix | 50 ++++++++++++++++++++++ lass/2configs/realwallpaper-server.nix | 32 -------------- lass/2configs/realwallpaper.nix | 29 ++++++++++++- lass/2configs/wordpress.nix | 59 -------------------------- 10 files changed, 81 insertions(+), 171 deletions(-) delete mode 100644 lass/2configs/binary-caches.nix create mode 100644 lass/2configs/hw/tp-x220.nix delete mode 100644 lass/2configs/realwallpaper-server.nix delete mode 100644 lass/2configs/wordpress.nix diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix index a3cc9d7b3..5aa35f5a7 100644 --- a/lass/1systems/cloudkrebs.nix +++ b/lass/1systems/cloudkrebs.nix @@ -13,7 +13,6 @@ in { ../2configs/retiolum.nix ../2configs/git.nix ../2configs/realwallpaper.nix - ../2configs/realwallpaper-server.nix ../2configs/privoxy-retiolum.nix { networking.interfaces.enp2s1.ip4 = [ diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix index 97734a7bd..8d944ed40 100644 --- a/lass/1systems/echelon.nix +++ b/lass/1systems/echelon.nix @@ -11,7 +11,7 @@ in { ../2configs/default.nix ../2configs/exim-retiolum.nix ../2configs/retiolum.nix - ../2configs/realwallpaper-server.nix + ../2configs/realwallpaper.nix ../2configs/privoxy-retiolum.nix ../2configs/git.nix #../2configs/redis.nix diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 062e4c29d..cccfa791c 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -3,6 +3,7 @@ { imports = [ ../. + ../2configs/hw/tp-x220.nix ../2configs/baseX.nix ../2configs/exim-retiolum.nix ../2configs/programs.nix @@ -14,14 +15,9 @@ ../2configs/elster.nix ../2configs/steam.nix ../2configs/wine.nix - #../2configs/texlive.nix - ../2configs/binary-caches.nix - #../2configs/ircd.nix ../2configs/chromium-patched.nix ../2configs/git.nix - #../2configs/wordpress.nix ../2configs/bitlbee.nix - #../2configs/firefoxPatched.nix ../2configs/skype.nix ../2configs/teamviewer.nix ../2configs/libvirt.nix @@ -57,17 +53,10 @@ # package = pkgs.postgresql; # }; #} - { - } ]; krebs.build.host = config.krebs.hosts.mors; - networking.wireless.enable = true; - - hardware.enableAllFirmware = true; - nixpkgs.config.allowUnfree = true; - boot = { loader.grub.enable = true; loader.grub.version = 2; @@ -77,7 +66,6 @@ initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; #kernelModules = [ "kvm-intel" "msr" ]; - kernelModules = [ "msr" ]; }; fileSystems = { "/" = { @@ -168,22 +156,6 @@ echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control' ''; - hardware.trackpoint = { - enable = true; - sensitivity = 220; - speed = 0; - emulateWheel = true; - }; - - services.xserver = { - videoDriver = "intel"; - vaapiDrivers = [ pkgs.vaapiIntel ]; - deviceSection = '' - Option "AccelMethod" "sna" - BusID "PCI:0:2:0" - ''; - }; - environment.systemPackages = with pkgs; [ acronym cac-api @@ -217,12 +189,4 @@ services.mongodb = { enable = true; }; - - krebs.iptables = { - tables = { - filter.INPUT.rules = [ - { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; precedence = 9001; } - ]; - }; - }; } diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index d4207d2e1..34c1ef69b 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -203,7 +203,7 @@ in { } { imports = [ - ../2configs/realwallpaper-server.nix + ../2configs/realwallpaper.nix ]; krebs.nginx.servers."lassul.us".locations = [ (lib.nameValuePair "/wallpaper.png" '' diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 073d86790..96d64bda3 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -4,6 +4,7 @@ with builtins; { imports = [ ../. + ../2configs/hw/tp-x220.nix ../2configs/baseX.nix ../2configs/git.nix ../2configs/exim-retiolum.nix @@ -20,34 +21,10 @@ with builtins; # }; # }; #} - { - #x220 config from mors - #TODO: make x220 config file (or look in other user dir) - hardware.trackpoint = { - enable = true; - sensitivity = 220; - speed = 0; - emulateWheel = true; - }; - - services.xserver = { - videoDriver = "intel"; - vaapiDrivers = [ pkgs.vaapiIntel ]; - deviceSection = '' - Option "AccelMethod" "sna" - BusID "PCI:0:2:0" - ''; - }; - } ]; krebs.build.host = config.krebs.hosts.shodan; - networking.wireless.enable = true; - - hardware.enableAllFirmware = true; - nixpkgs.config.allowUnfree = true; - boot = { loader.grub.enable = true; loader.grub.version = 2; @@ -57,7 +34,6 @@ with builtins; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; #kernelModules = [ "kvm-intel" "msr" ]; - kernelModules = [ "msr" ]; }; fileSystems = { "/" = { diff --git a/lass/2configs/binary-caches.nix b/lass/2configs/binary-caches.nix deleted file mode 100644 index c2727520d..000000000 --- a/lass/2configs/binary-caches.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, ... }: - -{ - nix.sshServe.enable = true; - nix.sshServe.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBF9SBNKE3Pw/ALwTfzpzs+j6Rpaf0kUy6FiPMmgNNNt root@mors" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCZSq5oLrokkh3F+MOdK5/nzVIEDvqyvfzLMNWmzsYD root@uriel" - ]; - nix.binaryCaches = [ - #"scp://nix-ssh@mors" - #"scp://nix-ssh@uriel" - ]; -} diff --git a/lass/2configs/hw/tp-x220.nix b/lass/2configs/hw/tp-x220.nix new file mode 100644 index 000000000..e8d1e7b6d --- /dev/null +++ b/lass/2configs/hw/tp-x220.nix @@ -0,0 +1,50 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; +{ + networking.wireless.enable = lib.mkDefault true; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + + hardware.cpu.intel.updateMicrocode = true; + + zramSwap.enable = true; + zramSwap.numDevices = 2; + + hardware.trackpoint = { + enable = true; + sensitivity = 220; + speed = 0; + emulateWheel = true; + }; + + services.tlp.enable = true; + services.tlp.extraConfig = '' + # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery + #START_CHARGE_THRESH_BAT0=80 + STOP_CHARGE_THRESH_BAT0=95 + + CPU_SCALING_GOVERNOR_ON_AC=performance + CPU_SCALING_GOVERNOR_ON_BAT=ondemand + CPU_MIN_PERF_ON_AC=0 + CPU_MAX_PERF_ON_AC=100 + CPU_MIN_PERF_ON_BAT=0 + CPU_MAX_PERF_ON_BAT=30 + ''; + + boot = { + kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ]; + extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; + }; + + services.xserver = { + videoDriver = "intel"; + vaapiDrivers = [ pkgs.vaapiIntel pkgs.vaapiVdpau ]; + deviceSection = '' + Option "AccelMethod" "sna" + ''; + }; + + security.rngd.enable = true; +} diff --git a/lass/2configs/realwallpaper-server.nix b/lass/2configs/realwallpaper-server.nix deleted file mode 100644 index 7340fc7ca..000000000 --- a/lass/2configs/realwallpaper-server.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ config, lib, ... }: - -let - hostname = config.krebs.build.host.name; - inherit (lib) - nameValuePair - ; - -in { - imports = [ - ./realwallpaper.nix - ]; - - krebs.nginx.servers.wallpaper = { - server-names = [ - hostname - ]; - locations = [ - (nameValuePair "/wallpaper.png" '' - root /tmp/; - '') - ]; - }; - - krebs.iptables = { - tables = { - filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } - ]; - }; - }; -} diff --git a/lass/2configs/realwallpaper.nix b/lass/2configs/realwallpaper.nix index c69cb1660..2ab52ed92 100644 --- a/lass/2configs/realwallpaper.nix +++ b/lass/2configs/realwallpaper.nix @@ -1,5 +1,30 @@ -{ config, ... }: +{ config, lib, ... }: -{ +let + hostname = config.krebs.build.host.name; + inherit (lib) + nameValuePair + ; + +in { krebs.realwallpaper.enable = true; + + krebs.nginx.servers.wallpaper = { + server-names = [ + hostname + ]; + locations = [ + (nameValuePair "/wallpaper.png" '' + root /tmp/; + '') + ]; + }; + + krebs.iptables = { + tables = { + filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } + ]; + }; + }; } diff --git a/lass/2configs/wordpress.nix b/lass/2configs/wordpress.nix deleted file mode 100644 index bd59080d9..000000000 --- a/lass/2configs/wordpress.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ config, pkgs, ... }: - -{ - containers.wordpress = { - privateNetwork = true; - hostAddress = "192.168.101.1"; - localAddress = "192.168.101.2"; - - config = { - imports = [ - ../../krebs/3modules/iptables.nix - ]; - - krebs.iptables = { - enable = true; - tables = { - filter.INPUT.policy = "DROP"; - filter.FORWARD.policy = "DROP"; - filter.INPUT.rules = [ - { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } - { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } - { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } - { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } - { predicate = "-p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; } - ]; - }; - }; - - environment.systemPackages = with pkgs; [ - iptables - ]; - - services.postgresql = { - enable = true; - package = pkgs.postgresql; - }; - - services.httpd = { - enable = true; - adminAddr = "root@apanowicz.de"; - extraModules = [ - { name = "php5"; path = "${pkgs.php}/modules/libphp5.so"; } - ]; - virtualHosts = [ - { - hostName = "wordpress"; - serverAliases = [ "wordpress" "www.wordpress" ]; - - extraSubservices = [ - { - serviceName = "wordpress"; - } - ]; - } - ]; - }; - }; - }; -} From 9fd537b4d6fe0356324676f38a195bc59c01b0bd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 25 Jun 2016 18:39:54 +0200 Subject: [PATCH 105/132] l 2 repo-sync: don't merge remote repos --- lass/2configs/repo-sync.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index 9b1e80537..9a42647ea 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -58,10 +58,6 @@ let origin.url = url; mirror.url = "${mirror}${name}"; }; - "@latest" = { - mirror.url = "${mirror}${name}"; - mirror.ref = "heads/newest"; - }; }; krebs.git = defineRepo name; }; From f6d5a9716f8a9dbefbeae19e43b5324f90cb543b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 25 Jun 2016 18:56:39 +0200 Subject: [PATCH 106/132] l: move binary-cache config to 2 --- lass/1systems/prism.nix | 25 +--------------------- lass/2configs/binary-cache/client.nix | 9 ++++++++ lass/2configs/binary-cache/server.nix | 30 +++++++++++++++++++++++++++ lass/2configs/default.nix | 7 +------ 4 files changed, 41 insertions(+), 30 deletions(-) create mode 100644 lass/2configs/binary-cache/client.nix create mode 100644 lass/2configs/binary-cache/server.nix diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 34c1ef69b..8dfc11f60 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -20,6 +20,7 @@ in { ../2configs/radio.nix ../2configs/buildbot-standalone.nix ../2configs/repo-sync.nix + ../2configs/binary-cache/server.nix { imports = [ ../2configs/git.nix @@ -211,30 +212,6 @@ in { '') ]; } - { - services.nix-serve = { - enable = true; - secretKeyFile = config.krebs.secret.files.nix-serve-key.path; - }; - systemd.services.nix-serve = { - requires = ["secret.service"]; - after = ["secret.service"]; - }; - krebs.secret.files.nix-serve-key = { - path = "/run/secret/nix-serve.key"; - owner.name = "nix-serve"; - source-path = toString + "/nix-serve.key"; - }; - krebs.nginx = { - enable = true; - servers.nix-serve = { - server-names = [ "cache.prism.r" ]; - locations = lib.singleton (lib.nameValuePair "/" '' - proxy_pass http://localhost:${toString config.services.nix-serve.port}; - ''); - }; - }; - } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/2configs/binary-cache/client.nix b/lass/2configs/binary-cache/client.nix new file mode 100644 index 000000000..108ff7a1e --- /dev/null +++ b/lass/2configs/binary-cache/client.nix @@ -0,0 +1,9 @@ +{ config, ... }: + +{ + nix = { + binaryCaches = ["http://cache.prism.r"]; + binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="]; + }; +} + diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix new file mode 100644 index 000000000..22ec04307 --- /dev/null +++ b/lass/2configs/binary-cache/server.nix @@ -0,0 +1,30 @@ +{ config, lib, pkgs, ...}: + +{ + # generate private key with: + # nix-store --generate-binary-cache-key my-secret-key my-public-key + services.nix-serve = { + enable = true; + secretKeyFile = config.krebs.secret.files.nix-serve-key.path; + }; + + systemd.services.nix-serve = { + requires = ["secret.service"]; + after = ["secret.service"]; + }; + krebs.secret.files.nix-serve-key = { + path = "/run/secret/nix-serve.key"; + owner.name = "nix-serve"; + source-path = toString + "/nix-serve.key"; + }; + krebs.nginx = { + enable = true; + servers.nix-serve = { + server-names = [ "cache.prism.r" ]; + locations = lib.singleton (lib.nameValuePair "/" '' + proxy_pass http://localhost:${toString config.services.nix-serve.port}; + ''); + }; + }; +} + diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 95c6cf3e2..b6eb33546 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -8,6 +8,7 @@ with config.krebs.lib; ../2configs/mc.nix ../2configs/retiolum.nix ../2configs/nixpkgs.nix + ../2configs/binary-cache/client.nix ./backups.nix { users.extraUsers = @@ -41,12 +42,6 @@ with config.krebs.lib; }; }; } - { - nix = { - binaryCaches = ["http://cache.prism.r"]; - binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="]; - }; - } ]; networking.hostName = config.krebs.build.host.name; From 6b8c65b070caaa15e04cff05782e9715f8874ddf Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 25 Jun 2016 19:41:49 +0200 Subject: [PATCH 107/132] l 2: add automatic garbage collection --- lass/2configs/default.nix | 1 + lass/2configs/gc.nix | 8 ++++++++ 2 files changed, 9 insertions(+) create mode 100644 lass/2configs/gc.nix diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index b6eb33546..e3065ba84 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -9,6 +9,7 @@ with config.krebs.lib; ../2configs/retiolum.nix ../2configs/nixpkgs.nix ../2configs/binary-cache/client.nix + ../2configs/gc.nix ./backups.nix { users.extraUsers = diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix new file mode 100644 index 000000000..8762ad95e --- /dev/null +++ b/lass/2configs/gc.nix @@ -0,0 +1,8 @@ +{ config, ... }: + +with config.krebs.lib; +{ + nix.gc = { + automatic = ! elem config.krebs.build.host.name [ "prism" "mors" ]; + }; +} From 5608bc02d7728416c7ea083b10cdac91e34f44c5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 26 Jun 2016 15:05:41 +0200 Subject: [PATCH 108/132] l 2 repo-sync: silence nixpkgs --- lass/2configs/repo-sync.nix | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index 9a42647ea..aaeae7b73 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -5,19 +5,19 @@ with config.krebs.lib; let mirror = "git@${config.networking.hostName}:"; - defineRepo = name: let + defineRepo = name: announce: let repo = { public = true; name = mkDefault "${name}"; cgit.desc = mkDefault "mirror for all ${name} branches"; - hooks = mkDefault { + hooks = mkIf announce (mkDefault { post-receive = pkgs.git-hooks.irc-announce { nick = config.networking.hostName; verbose = false; channel = "#retiolum"; server = "cd.retiolum"; }; - }; + }); }; in { rules = with git; singleton { @@ -48,7 +48,7 @@ let mirror.ref = "heads/newest"; }; }; - krebs.git = defineRepo name; + krebs.git = defineRepo name true; }; sync-remote = name: url: @@ -59,9 +59,19 @@ let mirror.url = "${mirror}${name}"; }; }; - krebs.git = defineRepo name; + krebs.git = defineRepo name true; }; + sync-remote-silent = name: url: + { + krebs.repo-sync.repos.${name} = { + remote = { + origin.url = url; + mirror.url = "${mirror}${name}"; + }; + }; + krebs.git = defineRepo name false; + }; in { krebs.repo-sync = { @@ -72,11 +82,11 @@ in { (sync-remote "array" "https://github.com/makefu/array") (sync-remote "email-header" "https://github.com/4z3/email-header") (sync-remote "mycube-flask" "https://github.com/makefu/mycube-flask") - (sync-remote "nixpkgs" "https://github.com/nixos/nixpkgs") (sync-remote "reaktor-titlebot" "https://github.com/makefu/reaktor-titlebot") (sync-remote "repo-sync" "https://github.com/makefu/repo-sync") (sync-remote "skytraq-datalogger" "https://github.com/makefu/skytraq-datalogger") (sync-remote "xintmap" "https://github.com/4z3/xintmap") + (sync-remote-silent "nixpkgs" "https://github.com/nixos/nixpkgs") (sync-retiolum "go") (sync-retiolum "much") (sync-retiolum "newsbot-js") From 03eaa0320057e4723ccde5525819917312c42105 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 26 Jun 2016 17:10:25 +0200 Subject: [PATCH 109/132] l 2 zsh: fix history size via hack --- lass/2configs/zsh.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index 7299e9ac0..b221d7677 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -7,9 +7,6 @@ zsh-newuser-install() { :; } ''; interactiveShellInit = '' - HISTFILE=~/.histfile - HISTSIZE=1000000 - SAVEHIST=100000 #unsetopt nomatch setopt autocd extendedglob bindkey -e @@ -92,6 +89,11 @@ esac ''; promptInit = '' + # TODO: figure out why we need to set this here + HISTSIZE=900001 + HISTFILESIZE=$HISTSIZE + SAVEHIST=$HISTSIZE + autoload -U promptinit promptinit From fe07d46310e3320161f9c82e021f200ed02fbadf Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 26 Jun 2016 17:51:52 +0200 Subject: [PATCH 110/132] k 3 l: add user mors-repo-sync --- krebs/3modules/lass/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 5f7afa013..d2542041f 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -300,5 +300,9 @@ with config.krebs.lib; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINR9oL/OPHjjKjQ+IyRqWpgrXdZrKKAwFKIte8gYml6C"; mail = "lass@prism.r"; }; + mors-repo-sync = { + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h"; + mail = "lass@mors.r"; + }; }; } From 16b639e50ad2c2cbf33a545f244fb65d28e2f292 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 26 Jun 2016 17:53:11 +0200 Subject: [PATCH 111/132] k 3 repo-sync: add unitConfig option --- krebs/3modules/repo-sync.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix index 3f251525a..0725d18fb 100644 --- a/krebs/3modules/repo-sync.nix +++ b/krebs/3modules/repo-sync.nix @@ -75,6 +75,16 @@ let }; }; + unitConfig = mkOption { + type = types.attrsOf types.str; + description = "Extra unit configuration for fetchWallpaper to define conditions and assertions for the unit"; + example = literalExample '' + # do not start when running on umts + { ConditionPathExists = "!/var/run/ppp0.pid"; } + ''; + default = {}; + }; + }; imp = { @@ -113,6 +123,7 @@ let WorkingDirectory = cfg.stateDir; User = "repo-sync"; }; + unitConfig = cfg.unitConfig; } ) cfg.repos; }; From 8fa2b200aa8ba86fb316a6c538c45877ef510331 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 26 Jun 2016 17:54:30 +0200 Subject: [PATCH 112/132] l 2 repo-sync: don't sync on umts --- lass/2configs/repo-sync.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index aaeae7b73..1d947f8ae 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -77,6 +77,7 @@ in { krebs.repo-sync = { enable = true; privateKeyFile = toString ; + unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; }; imports = [ (sync-remote "array" "https://github.com/makefu/array") From f7820d6f3a4812eddda0c8a6536d525a4206024c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 26 Jun 2016 17:54:53 +0200 Subject: [PATCH 113/132] l 2 repo-sync: irc-announce only for prism --- lass/2configs/repo-sync.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index 1d947f8ae..821e3bafd 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -48,7 +48,7 @@ let mirror.ref = "heads/newest"; }; }; - krebs.git = defineRepo name true; + krebs.git = defineRepo name (config.networking.hostName == "prism"); }; sync-remote = name: url: @@ -59,7 +59,7 @@ let mirror.url = "${mirror}${name}"; }; }; - krebs.git = defineRepo name true; + krebs.git = defineRepo name (config.networking.hostName == "prism"); }; sync-remote-silent = name: url: From 70d375985262e148238fce406027a161fbd1d765 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 26 Jun 2016 17:55:21 +0200 Subject: [PATCH 114/132] l 1 mors: activate repo-sync --- lass/1systems/mors.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index cccfa791c..d7b19f2b5 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -26,6 +26,7 @@ ../2configs/mail.nix ../2configs/krebs-pass.nix ../2configs/umts.nix + ../2configs/repo-sync.nix { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ From 13f7ef405bfd84c6f262be6845a0980433b5b773 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 26 Jun 2016 18:20:36 +0200 Subject: [PATCH 115/132] k 3 repo-sync: use the privateKeyFile --- krebs/3modules/repo-sync.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix index 0725d18fb..0317d1eca 100644 --- a/krebs/3modules/repo-sync.nix +++ b/krebs/3modules/repo-sync.nix @@ -88,6 +88,7 @@ let }; imp = { + krebs.secret.files.repo-sync-key = cfg.privateKeyFile; users.users.${cfg.user.name} = { inherit (cfg.user) home name uid; createHome = true; From de56a05985a1eda27030b9970473ed8481cfbdbb Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 26 Jun 2016 18:24:08 +0200 Subject: [PATCH 116/132] l 2 repo-sync: remove broken privateKey definition --- lass/2configs/repo-sync.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index 821e3bafd..daf55bb95 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -76,7 +76,6 @@ let in { krebs.repo-sync = { enable = true; - privateKeyFile = toString ; unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; }; imports = [ From 1fcc20aa493161f52e02952800fc29f1c3ee9033 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 26 Jun 2016 19:20:11 +0200 Subject: [PATCH 117/132] k 5 git-hooks: add option for branches --- krebs/5pkgs/git-hooks/default.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/krebs/5pkgs/git-hooks/default.nix b/krebs/5pkgs/git-hooks/default.nix index c8e8c8f53..6f2cb8b6a 100644 --- a/krebs/5pkgs/git-hooks/default.nix +++ b/krebs/5pkgs/git-hooks/default.nix @@ -8,13 +8,14 @@ let }; # TODO irc-announce should return a derivation - irc-announce = { nick, channel, server, port ? 6667, verbose ? false }: '' + irc-announce = { nick, channel, server, port ? 6667, verbose ? false, branches ? [] }: '' #! /bin/sh set -euf export PATH=${makeBinPath (with pkgs; [ coreutils git + gnugrep gnused ])} @@ -54,6 +55,12 @@ let h=$(echo $ref | sed 's:^refs/heads/::') + ${optionalString (branches != []) '' + if ! (echo "$h" | grep -qE "${concatStringsSep "|" branches}"); then + echo "we are not serving this branch: $h" + exit 0 + fi + ''} # empty_tree=$(git hash-object -t tree /dev/null) empty_tree=4b825dc6 From b1b929c67dc48ecf036259bca0de8c2661ccce8c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 26 Jun 2016 19:22:19 +0200 Subject: [PATCH 118/132] l 2: only announce branches master & newest --- lass/2configs/git.nix | 1 + lass/2configs/repo-sync.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 8577d143c..381a37e1b 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -56,6 +56,7 @@ let channel = "#retiolum"; server = "cd.retiolum"; verbose = config.krebs.build.host.name == "prism"; + branches = [ "master" ]; }; }; }; diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index daf55bb95..d5fa6766f 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -16,6 +16,7 @@ let verbose = false; channel = "#retiolum"; server = "cd.retiolum"; + branches = [ "newest" ]; }; }); }; From 90690ab652f5d07d9ea42f88849f931d90d542a3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 26 Jun 2016 20:21:34 +0200 Subject: [PATCH 119/132] l 2 repo-sync: fix description --- lass/2configs/repo-sync.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index d5fa6766f..afe2abb62 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -9,7 +9,7 @@ let repo = { public = true; name = mkDefault "${name}"; - cgit.desc = mkDefault "mirror for all ${name} branches"; + cgit.desc = mkDefault "mirror for ${name}"; hooks = mkIf announce (mkDefault { post-receive = pkgs.git-hooks.irc-announce { nick = config.networking.hostName; From 3c8db71f1641da29e2f5bb91a353fcc982abae3c Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 27 Jun 2016 18:53:25 +0200 Subject: [PATCH 120/132] bump nixpkgs: 7d93230 -> c78f9ad --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index c6d8a5f8c..0021a8615 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs = { url = https://github.com/lassulus/nixpkgs; - rev = "7d932301fe1d98a1ef1872a7124e8809279def74"; + rev = "c78f9ad2f91019648bdcf5a911f86ea3a397d290"; }; } From edcdd5f06788b3e748bf7f908b9510cdfd3c13fe Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 27 Jun 2016 19:58:41 +0200 Subject: [PATCH 121/132] k 5: override buildbots sqlalchemy --- krebs/5pkgs/default.nix | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index f2bbaf7f4..f0bda0ee1 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -38,13 +38,13 @@ with config.krebs.lib; ReaktorPlugins = callPackage ./Reaktor/plugins.nix {}; - #buildbot = callPackage { - # inherit (pkgs.pythonPackages) twisted jinja2; - # dateutil = pkgs.pythonPackages.dateutil_1_5; - # sqlalchemy_migrate_0_7 = pkgs.pythonPackages.sqlalchemy_migrate_func (pkgs.pythonPackages.sqlalchemy7.override { - # doCheck = false; - # }); - #}; + buildbot = callPackage { + inherit (pkgs.pythonPackages) twisted jinja2; + dateutil = pkgs.pythonPackages.dateutil_1_5; + sqlalchemy_migrate_0_7 = pkgs.pythonPackages.sqlalchemy_migrate_func (pkgs.pythonPackages.sqlalchemy7.override { + doCheck = false; + }); + }; # XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d symlinkJoin = { name, paths, ... }@args: let From 1012224e6707324ba075092017a0c2a9421ddfa7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 28 Jun 2016 17:24:36 +0200 Subject: [PATCH 122/132] little bit of code cleanup --- krebs/3modules/iptables.nix | 2 +- lass/1systems/prism.nix | 6 ------ 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix index dccc11b3f..b610ff3d1 100644 --- a/krebs/3modules/iptables.nix +++ b/krebs/3modules/iptables.nix @@ -1,4 +1,4 @@ -arg@{ config, lib, pkgs, ... }: +{ config, lib, pkgs, ... }: let inherit (pkgs) writeText; diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 8dfc11f60..5477a8b86 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -68,8 +68,6 @@ in { } { - #boot.loader.gummiboot.enable = true; - #boot.loader.efi.canTouchEfiVariables = true; boot.loader.grub = { devices = [ "/dev/sda" @@ -112,10 +110,6 @@ in { { sound.enable = false; } - #{ - # #workaround for server dying after 6-7h - # boot.kernelPackages = pkgs.linuxPackages_4_2; - #} { nixpkgs.config.allowUnfree = true; } From 8fd02a0cccc3cda258956fe400997a2e3ede496d Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 28 Jun 2016 17:25:12 +0200 Subject: [PATCH 123/132] l 1 mors: sync repos once daily --- lass/1systems/mors.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index d7b19f2b5..f26f0ed5f 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -187,6 +187,10 @@ }; }; + krebs.repo-sync.timerConfig = { + OnCalendar = "00:37"; + }; + services.mongodb = { enable = true; }; From 179502bb0a5d47f6dca68a8ee87a57e833332ece Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 28 Jun 2016 17:30:54 +0200 Subject: [PATCH 124/132] l 2 repo-sync: add access for lass accs --- lass/2configs/repo-sync.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index afe2abb62..45a4e2afd 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -22,7 +22,11 @@ let }; in { rules = with git; singleton { - user = [ config.krebs.users."${config.networking.hostName}-repo-sync" ]; + user = with config.krebs.users; [ + config.krebs.users."${config.networking.hostName}-repo-sync" + lass + lass-shodan + ]; repo = [ repo ]; perm = push ''refs/*'' [ non-fast-forward create delete merge ]; }; From a15bd43f00c2513db918c9dd876325cedaa5a79f Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 28 Jun 2016 17:31:38 +0200 Subject: [PATCH 125/132] l 2 websites domsen: add backups --- lass/2configs/websites/domsen.nix | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index c69d20633..ef44117fd 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -79,6 +79,27 @@ in { "o_ubikmedia_de" ]; + krebs.backup.plans = { + prism-sql-domsen = { + method = "push"; + src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; }; + dst = { host = config.krebs.hosts.domsen-nas; path = "/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES/prism-sql"; }; + startAt = "00:01"; + }; + prism-http-domsen = { + method = "push"; + src = { host = config.krebs.hosts.prism; path = "/srv/http"; }; + dst = { host = config.krebs.hosts.domsen-nas; path = "/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES/prism-http"; }; + startAt = "00:10"; + }; + prism-o-ubikmedia-domsen = { + method = "push"; + src = { host = config.krebs.hosts.prism; path = "/srv/o.ubikmedia.de-data"; }; + dst = { host = config.krebs.hosts.domsen-nas; path = "/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES/prism-owncloud"; }; + startAt = "00:30"; + }; + }; + users.users.domsen = { uid = genid "domsen"; description = "maintenance acc for domsen"; From 885ded6ca93837c17631e983eaffcf8f4a9aee8b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 28 Jun 2016 17:39:03 +0200 Subject: [PATCH 126/132] l 3 power-action: reverse status check --- lass/3modules/power-action.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lass/3modules/power-action.nix b/lass/3modules/power-action.nix index 06a316270..3116514a8 100644 --- a/lass/3modules/power-action.nix +++ b/lass/3modules/power-action.nix @@ -84,9 +84,9 @@ let ''; state = pkgs.writeDash "state" '' - if [ "$(cat /sys/class/power_supply/BAT0/status)" = "Charging" ] - then echo "true" - else echo "false" + if [ "$(cat /sys/class/power_supply/BAT0/status)" = "Discharging" ] + then echo "false" + else echo "true" fi ''; From a8a3ac5640d1243b970dc9c6c788cf3e91a42f31 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 28 Jun 2016 17:54:33 +0200 Subject: [PATCH 127/132] k 5 Reaktor: fix build on newer nixpkgs --- krebs/5pkgs/Reaktor/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/krebs/5pkgs/Reaktor/default.nix b/krebs/5pkgs/Reaktor/default.nix index c4a362757..fc3710820 100644 --- a/krebs/5pkgs/Reaktor/default.nix +++ b/krebs/5pkgs/Reaktor/default.nix @@ -3,6 +3,9 @@ python3Packages.buildPythonPackage rec { name = "Reaktor-${version}"; version = "0.5.1"; + + doCheck = false; + propagatedBuildInputs = with pkgs;[ python3Packages.docopt python3Packages.requests2 From 674b4c38ee845e392b2fe1e6fb715702dfec35a0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 28 Jun 2016 17:54:56 +0200 Subject: [PATCH 128/132] l 2: useChroot -> useSandbox --- lass/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index e3065ba84..377554514 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -66,7 +66,7 @@ with config.krebs.lib; }; }; - nix.useChroot = true; + nix.useSandbox = true; users.mutableUsers = false; From 1d071c59ecddb87cd7ba31c1c91edc34506479ad Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 28 Jun 2016 18:10:20 +0200 Subject: [PATCH 129/132] l 5: override ejabberd --- lass/5pkgs/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index 0ea7912de..c48188f9d 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -3,6 +3,9 @@ { nixpkgs.config.packageOverrides = rec { acronym = pkgs.callPackage ./acronym/default.nix {}; + ejabberd = pkgs.callPackage ./ejabberd { + erlang = pkgs.erlangR16; + }; firefoxPlugins = { noscript = pkgs.callPackage ./firefoxPlugins/noscript.nix {}; ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {}; From abdf11a17331401e3fca5e73dd38b241614c5aea Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 28 Jun 2016 18:11:11 +0200 Subject: [PATCH 130/132] l 2 websites: phpIni -> phpOptions --- lass/2configs/websites/domsen.nix | 24 ++++++++++++------------ lass/2configs/websites/fritz.nix | 21 +++++++++++++-------- 2 files changed, 25 insertions(+), 20 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index ef44117fd..f88dc927e 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -109,18 +109,18 @@ in { createHome = true; }; - #services.phpfpm.phpOptions = '' - # extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - # sendmail_path = ${sendmail} -t - #''; - services.phpfpm.phpIni = pkgs.runCommand "php.ini" { - options = '' - extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - sendmail_path = "${sendmail} -t -i" - ''; - } '' - cat ${pkgs.php}/etc/php-recommended.ini > $out - echo "$options" >> $out + services.phpfpm.phpOptions = '' + extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so + sendmail_path = ${sendmail} -t ''; + #services.phpfpm.phpIni = pkgs.runCommand "php.ini" { + # options = '' + # extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so + # sendmail_path = "${sendmail} -t -i" + # ''; + #} '' + # cat ${pkgs.php}/etc/php-recommended.ini > $out + # echo "$options" >> $out + #''; } diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index 39f0cce06..0107da739 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -74,13 +74,18 @@ in { config.krebs.users.fritz.pubkey ]; - services.phpfpm.phpIni = pkgs.runCommand "php.ini" { - options = '' - extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - sendmail_path = "${sendmail} -t -i" - ''; - } '' - cat ${pkgs.php}/etc/php-recommended.ini > $out - echo "$options" >> $out + services.phpfpm.phpOptions = '' + extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so + sendmail_path = ${sendmail} -t ''; + + #services.phpfpm.phpIni = pkgs.runCommand "php.ini" { + # options = '' + # extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so + # sendmail_path = "${sendmail} -t -i" + # ''; + #} '' + # cat ${pkgs.php}/etc/php-recommended.ini > $out + # echo "$options" >> $out + #''; } From 0cdc5ffca18cdb6bc1bbc88d2b40fd479078bce2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 28 Jun 2016 17:56:14 +0200 Subject: [PATCH 131/132] l 2 hw tp-x220: s.x.vaapiDrivers -> h.o.extraPac.. --- lass/2configs/hw/tp-x220.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lass/2configs/hw/tp-x220.nix b/lass/2configs/hw/tp-x220.nix index e8d1e7b6d..be1faccea 100644 --- a/lass/2configs/hw/tp-x220.nix +++ b/lass/2configs/hw/tp-x220.nix @@ -38,9 +38,13 @@ with config.krebs.lib; extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; }; + hardware.opengl.extraPackages = [ + pkgs.vaapiIntel + pkgs.vaapiVdpau + ]; + services.xserver = { videoDriver = "intel"; - vaapiDrivers = [ pkgs.vaapiIntel pkgs.vaapiVdpau ]; deviceSection = '' Option "AccelMethod" "sna" ''; From f12578c66f8b7b829c0dec5255f358778c0d3366 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 28 Jun 2016 18:10:49 +0200 Subject: [PATCH 132/132] l 5 q: use curl.bin --- lass/5pkgs/q/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/5pkgs/q/default.nix b/lass/5pkgs/q/default.nix index 571932b1d..644be0d17 100644 --- a/lass/5pkgs/q/default.nix +++ b/lass/5pkgs/q/default.nix @@ -123,7 +123,7 @@ let ''; q-online = '' - if ${pkgs.curl}/bin/curl -s google.com >/dev/null; then + if ${pkgs.curl.bin}/bin/curl -s google.com >/dev/null; then echo 'online' else echo offline