Merge remote-tracking branch 'cd/master'
This commit is contained in:
commit
dcf8e3fb32
9
Makefile
9
Makefile
@ -1,5 +1,12 @@
|
|||||||
stockholm ?= .
|
stockholm ?= .
|
||||||
|
|
||||||
|
export STOCKHOLM_VERSION ?= $(shell \
|
||||||
|
version=git.$$(git describe --always --dirty); \
|
||||||
|
case $$version in (*-dirty) version=$$version@$$(hostname); esac; \
|
||||||
|
date=$$(date +%y.%m); \
|
||||||
|
printf '%s' "$$date.$$version"; \
|
||||||
|
)
|
||||||
|
|
||||||
ifndef nixos-config
|
ifndef nixos-config
|
||||||
$(if $(system),,$(error unbound variable: system))
|
$(if $(system),,$(error unbound variable: system))
|
||||||
nixos-config = ./$(LOGNAME)/1systems/$(system).nix
|
nixos-config = ./$(LOGNAME)/1systems/$(system).nix
|
||||||
@ -60,6 +67,7 @@ deploy: ssh ?= ssh
|
|||||||
deploy:
|
deploy:
|
||||||
$(call execute,populate)
|
$(call execute,populate)
|
||||||
$(ssh) $(target_user)@$(target_host) -p $(target_port) \
|
$(ssh) $(target_user)@$(target_host) -p $(target_port) \
|
||||||
|
env STOCKHOLM_VERSION="$$STOCKHOLM_VERSION" \
|
||||||
nixos-rebuild switch --show-trace -I $(target_path)
|
nixos-rebuild switch --show-trace -I $(target_path)
|
||||||
|
|
||||||
# usage: make LOGNAME=shared system=wolf eval.config.krebs.build.host.name
|
# usage: make LOGNAME=shared system=wolf eval.config.krebs.build.host.name
|
||||||
@ -75,6 +83,7 @@ install:
|
|||||||
target_path=/mnt$(target_path) $(call execute,populate)
|
target_path=/mnt$(target_path) $(call execute,populate)
|
||||||
$(ssh) $(target_user)@$(target_host) -p $(target_port) \
|
$(ssh) $(target_user)@$(target_host) -p $(target_port) \
|
||||||
env NIXOS_CONFIG=$(target_path)/nixos-config \
|
env NIXOS_CONFIG=$(target_path)/nixos-config \
|
||||||
|
STOCKHOLM_VERSION="$$STOCKHOLM_VERSION" \
|
||||||
nixos-install
|
nixos-install
|
||||||
|
|
||||||
# usage: make test system=foo [target=bar] [method={eval,build}]
|
# usage: make test system=foo [target=bar] [method={eval,build}]
|
||||||
|
@ -23,6 +23,7 @@ let
|
|||||||
./lib.nix
|
./lib.nix
|
||||||
./nginx.nix
|
./nginx.nix
|
||||||
./nixpkgs.nix
|
./nixpkgs.nix
|
||||||
|
./os-release.nix
|
||||||
./per-user.nix
|
./per-user.nix
|
||||||
./Reaktor.nix
|
./Reaktor.nix
|
||||||
./realwallpaper.nix
|
./realwallpaper.nix
|
||||||
|
@ -39,6 +39,8 @@ let
|
|||||||
# TODO modular configuration
|
# TODO modular configuration
|
||||||
assert config.krebs.retiolum.enable;
|
assert config.krebs.retiolum.enable;
|
||||||
''
|
''
|
||||||
|
keep_environment =
|
||||||
|
|
||||||
primary_hostname = ${cfg.primary_hostname}
|
primary_hostname = ${cfg.primary_hostname}
|
||||||
domainlist local_domains = ${concatStringsSep ":" cfg.local_domains}
|
domainlist local_domains = ${concatStringsSep ":" cfg.local_domains}
|
||||||
domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains}
|
domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains}
|
||||||
|
@ -12,6 +12,29 @@ let
|
|||||||
api = {
|
api = {
|
||||||
enable = mkEnableOption "krebs.exim-smarthost";
|
enable = mkEnableOption "krebs.exim-smarthost";
|
||||||
|
|
||||||
|
dkim = mkOption {
|
||||||
|
type = types.listOf (types.submodule ({ config, ... }: {
|
||||||
|
options = {
|
||||||
|
domain = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
private_key = mkOption {
|
||||||
|
type = types.secret-file;
|
||||||
|
default = {
|
||||||
|
path = "/run/krebs.secret/${config.domain}.dkim_private_key";
|
||||||
|
owner.name = "exim";
|
||||||
|
source-path = toString <secrets> + "/${config.domain}.dkim.priv";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
selector = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "default";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}));
|
||||||
|
default = [];
|
||||||
|
};
|
||||||
|
|
||||||
internet-aliases = mkOption {
|
internet-aliases = mkOption {
|
||||||
type = types.listOf (types.submodule ({
|
type = types.listOf (types.submodule ({
|
||||||
options = {
|
options = {
|
||||||
@ -72,9 +95,21 @@ let
|
|||||||
};
|
};
|
||||||
|
|
||||||
imp = {
|
imp = {
|
||||||
|
krebs.secret.files = listToAttrs (flip map cfg.dkim (dkim: {
|
||||||
|
name = "exim.dkim_private_key/${dkim.domain}";
|
||||||
|
value = dkim.private_key;
|
||||||
|
}));
|
||||||
|
systemd.services = mkIf (cfg.dkim != []) {
|
||||||
|
exim = {
|
||||||
|
after = [ "secret.service" ];
|
||||||
|
requires = [ "secret.service" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
services.exim = {
|
services.exim = {
|
||||||
enable = true;
|
enable = true;
|
||||||
config = ''
|
config = ''
|
||||||
|
keep_environment =
|
||||||
|
|
||||||
primary_hostname = ${cfg.primary_hostname}
|
primary_hostname = ${cfg.primary_hostname}
|
||||||
|
|
||||||
# HOST_REDIR contains the real destinations for "local_domains".
|
# HOST_REDIR contains the real destinations for "local_domains".
|
||||||
@ -191,6 +226,12 @@ let
|
|||||||
|
|
||||||
remote_smtp:
|
remote_smtp:
|
||||||
driver = smtp
|
driver = smtp
|
||||||
|
${optionalString (cfg.dkim != []) ''
|
||||||
|
dkim_canon = relaxed
|
||||||
|
dkim_domain = $sender_address_domain
|
||||||
|
dkim_private_key = ''${lookup{$sender_address_domain}lsearch{${lsearch.dkim_private_key}}}
|
||||||
|
dkim_selector = ''${lookup{$sender_address_domain}lsearch{${lsearch.dkim_selector}}}
|
||||||
|
''}
|
||||||
helo_data = ''${if eq{$acl_m_special_dom}{} \
|
helo_data = ''${if eq{$acl_m_special_dom}{} \
|
||||||
{$primary_hostname} \
|
{$primary_hostname} \
|
||||||
{$acl_m_special_dom} }
|
{$acl_m_special_dom} }
|
||||||
@ -219,12 +260,20 @@ let
|
|||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
lsearch = mapAttrs (name: set: toFile name (to-lsearch set)) {
|
lsearch = mapAttrs (name: set: toFile name (to-lsearch set)) ({
|
||||||
inherit (cfg) internet-aliases;
|
inherit (cfg) internet-aliases;
|
||||||
inherit (cfg) system-aliases;
|
inherit (cfg) system-aliases;
|
||||||
};
|
} // optionalAttrs (cfg.dkim != []) {
|
||||||
|
dkim_private_key = flip map cfg.dkim (dkim: {
|
||||||
|
from = dkim.domain;
|
||||||
|
to = dkim.private_key.path;
|
||||||
|
});
|
||||||
|
dkim_selector = flip map cfg.dkim (dkim: {
|
||||||
|
from = dkim.domain;
|
||||||
|
to = dkim.selector;
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
to-lsearch = concatMapStringsSep "\n" ({ from, to, ... }: "${from}: ${to}");
|
to-lsearch = concatMapStrings ({ from, to, ... }: "${from}: ${to}\n");
|
||||||
|
|
||||||
in
|
in out
|
||||||
out
|
|
||||||
|
@ -400,7 +400,7 @@ let
|
|||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
set -euf
|
set -euf
|
||||||
|
|
||||||
PATH=${makeSearchPath "bin" (with pkgs; [
|
PATH=${makeBinPath (with pkgs; [
|
||||||
coreutils
|
coreutils
|
||||||
git
|
git
|
||||||
gnugrep
|
gnugrep
|
||||||
@ -451,7 +451,7 @@ let
|
|||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
set -euf
|
set -euf
|
||||||
|
|
||||||
PATH=${makeSearchPath "bin" (with pkgs; [
|
PATH=${makeBinPath (with pkgs; [
|
||||||
coreutils
|
coreutils
|
||||||
findutils
|
findutils
|
||||||
gawk
|
gawk
|
||||||
@ -511,7 +511,7 @@ let
|
|||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
set -euf
|
set -euf
|
||||||
|
|
||||||
PATH=${makeSearchPath "bin" (with pkgs; [
|
PATH=${makeBinPath (with pkgs; [
|
||||||
coreutils # env
|
coreutils # env
|
||||||
git
|
git
|
||||||
systemd
|
systemd
|
||||||
|
@ -49,7 +49,6 @@ let
|
|||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
httpConfig = ''
|
httpConfig = ''
|
||||||
include ${pkgs.nginx}/conf/mime.types;
|
|
||||||
default_type application/octet-stream;
|
default_type application/octet-stream;
|
||||||
sendfile on;
|
sendfile on;
|
||||||
keepalive_timeout 65;
|
keepalive_timeout 65;
|
||||||
|
28
krebs/3modules/os-release.nix
Normal file
28
krebs/3modules/os-release.nix
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
{ config, ... }:
|
||||||
|
with config.krebs.lib;
|
||||||
|
let
|
||||||
|
nixos-version-id = "${config.system.nixosVersion}";
|
||||||
|
nixos-version = "${nixos-version-id} (${config.system.nixosCodeName})";
|
||||||
|
nixos-pretty-name = "NixOS ${nixos-version}";
|
||||||
|
|
||||||
|
stockholm-version-id = maybeEnv "STOCKHOLM_VERSION" "unknown";
|
||||||
|
stockholm-version = "${stockholm-version-id}";
|
||||||
|
stockholm-pretty-name = "stockholm ${stockholm-version}";
|
||||||
|
|
||||||
|
version = "${stockholm-version}/${nixos-version}";
|
||||||
|
version-id = "${stockholm-version-id}/${nixos-version-id}";
|
||||||
|
pretty-name = "${stockholm-pretty-name} / ${nixos-pretty-name}";
|
||||||
|
|
||||||
|
home-url = http://cgit.cd.krebsco.de/stockholm;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
# http://0pointer.de/public/systemd-man/os-release.html
|
||||||
|
environment.etc."os-release".text = mkForce ''
|
||||||
|
NAME="stockholm/NixOS"
|
||||||
|
ID=stockholm
|
||||||
|
VERSION="${version}"
|
||||||
|
VERSION_ID="${version-id}"
|
||||||
|
PRETTY_NAME="${pretty-name}"
|
||||||
|
HOME_URL="${home-url}"
|
||||||
|
'';
|
||||||
|
}
|
@ -29,7 +29,7 @@ rec {
|
|||||||
execveBin = name: cfg: execve name (cfg // { destination = "/bin/${name}"; });
|
execveBin = name: cfg: execve name (cfg // { destination = "/bin/${name}"; });
|
||||||
|
|
||||||
writeC = name: { destination ? "" }: src: pkgs.runCommand name {} ''
|
writeC = name: { destination ? "" }: src: pkgs.runCommand name {} ''
|
||||||
PATH=${makeSearchPath "bin" (with pkgs; [
|
PATH=${makeBinPath (with pkgs; [
|
||||||
binutils
|
binutils
|
||||||
coreutils
|
coreutils
|
||||||
gcc
|
gcc
|
||||||
|
@ -18,7 +18,7 @@ stdenv.mkDerivation {
|
|||||||
mkdir -p $out/bin
|
mkdir -p $out/bin
|
||||||
{ cat <<\EOF
|
{ cat <<\EOF
|
||||||
#! ${dash}/bin/dash
|
#! ${dash}/bin/dash
|
||||||
export PATH=${stdenv.lib.makeSearchPath "bin" [
|
export PATH=${stdenv.lib.makeBinPath [
|
||||||
bc
|
bc
|
||||||
coreutils
|
coreutils
|
||||||
curl
|
curl
|
||||||
|
64
krebs/5pkgs/cgit/default.nix
Normal file
64
krebs/5pkgs/cgit/default.nix
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
{ stdenv, fetchurl, openssl, zlib, asciidoc, libxml2, libxslt
|
||||||
|
, docbook_xml_xslt, pkgconfig, luajit
|
||||||
|
, gzip, bzip2, xz
|
||||||
|
}:
|
||||||
|
|
||||||
|
stdenv.mkDerivation rec {
|
||||||
|
name = "cgit-${version}";
|
||||||
|
version = "0.12";
|
||||||
|
|
||||||
|
src = fetchurl {
|
||||||
|
url = "http://git.zx2c4.com/cgit/snapshot/${name}.tar.xz";
|
||||||
|
sha256 = "1dx54hgfyabmg9nm5qp6d01f54nlbqbbdwhwl0llb9imjf237qif";
|
||||||
|
};
|
||||||
|
|
||||||
|
# cgit is tightly coupled with git and needs a git source tree to build.
|
||||||
|
# IMPORTANT: Remember to check which git version cgit needs on every version
|
||||||
|
# bump (look in the Makefile).
|
||||||
|
# NOTE: as of 0.10.1, the git version is compatible from 1.9.0 to
|
||||||
|
# 1.9.2 (see the repository history)
|
||||||
|
gitSrc = fetchurl {
|
||||||
|
url = "mirror://kernel/software/scm/git/git-2.7.2.tar.xz";
|
||||||
|
sha256 = "086ga30ksijfxad085ply83ddf955d2b8qxph5sw6c9hab77j15j";
|
||||||
|
};
|
||||||
|
|
||||||
|
buildInputs = [
|
||||||
|
openssl zlib asciidoc libxml2 libxslt docbook_xml_xslt pkgconfig luajit
|
||||||
|
];
|
||||||
|
|
||||||
|
postPatch = ''
|
||||||
|
sed -e 's|"gzip"|"${gzip}/bin/gzip"|' \
|
||||||
|
-e 's|"bzip2"|"${bzip2}/bin/bzip2"|' \
|
||||||
|
-e 's|"xz"|"${xz}/bin/xz"|' \
|
||||||
|
-i ui-snapshot.c
|
||||||
|
'';
|
||||||
|
|
||||||
|
# Give cgit a git source tree and pass configuration parameters (as make
|
||||||
|
# variables).
|
||||||
|
preBuild = ''
|
||||||
|
mkdir -p git
|
||||||
|
tar --strip-components=1 -xf "$gitSrc" -C git
|
||||||
|
|
||||||
|
makeFlagsArray+=(prefix="$out" CGIT_SCRIPT_PATH="$out/cgit/")
|
||||||
|
'';
|
||||||
|
|
||||||
|
# Install manpage.
|
||||||
|
postInstall = ''
|
||||||
|
# xmllint fails:
|
||||||
|
#make install-man
|
||||||
|
|
||||||
|
# bypassing xmllint works:
|
||||||
|
a2x --no-xmllint -f manpage cgitrc.5.txt
|
||||||
|
mkdir -p "$out/share/man/man5"
|
||||||
|
cp cgitrc.5 "$out/share/man/man5"
|
||||||
|
'';
|
||||||
|
|
||||||
|
meta = {
|
||||||
|
homepage = http://git.zx2c4.com/cgit/about/;
|
||||||
|
repositories.git = git://git.zx2c4.com/cgit;
|
||||||
|
description = "Web frontend for git repositories";
|
||||||
|
license = stdenv.lib.licenses.gpl2;
|
||||||
|
platforms = stdenv.lib.platforms.linux;
|
||||||
|
maintainers = with stdenv.lib.maintainers; [ bjornfor ];
|
||||||
|
};
|
||||||
|
}
|
@ -1,7 +1,20 @@
|
|||||||
{ config, lib, pkgs, ... }@args:
|
{ config, lib, pkgs, ... }@args:
|
||||||
with config.krebs.lib;
|
with config.krebs.lib;
|
||||||
{
|
{
|
||||||
nixpkgs.config.packageOverrides = pkgs: {
|
nixpkgs.config.packageOverrides = pkgs: let
|
||||||
|
|
||||||
|
# This callPackage will try to detect obsolete overrides.
|
||||||
|
callPackage = path: args: let
|
||||||
|
override = pkgs.callPackage path args;
|
||||||
|
upstream = optionalAttrs (override ? "name")
|
||||||
|
(pkgs.${(parseDrvName override.name).name} or {});
|
||||||
|
in if upstream ? "name" &&
|
||||||
|
override ? "name" &&
|
||||||
|
compareVersions upstream.name override.name != -1
|
||||||
|
then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override
|
||||||
|
else override;
|
||||||
|
|
||||||
|
in {
|
||||||
haskellPackages = pkgs.haskellPackages.override {
|
haskellPackages = pkgs.haskellPackages.override {
|
||||||
overrides = self: super:
|
overrides = self: super:
|
||||||
mapAttrs (name: path: self.callPackage path {})
|
mapAttrs (name: path: self.callPackage path {})
|
||||||
@ -16,18 +29,18 @@ with config.krebs.lib;
|
|||||||
(builtins.readDir ./haskell-overrides));
|
(builtins.readDir ./haskell-overrides));
|
||||||
};
|
};
|
||||||
|
|
||||||
push = pkgs.callPackage ./push {
|
push = callPackage ./push {
|
||||||
inherit (subdirs) get;
|
inherit (subdirs) get;
|
||||||
};
|
};
|
||||||
|
|
||||||
ReaktorPlugins = pkgs.callPackage ./Reaktor/plugins.nix {};
|
ReaktorPlugins = callPackage ./Reaktor/plugins.nix {};
|
||||||
|
|
||||||
test = {
|
test = {
|
||||||
infest-cac-centos7 = pkgs.callPackage ./test/infest-cac-centos7 {};
|
infest-cac-centos7 = callPackage ./test/infest-cac-centos7 {};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
// import ./builders.nix args
|
// import ./builders.nix args
|
||||||
// mapAttrs (_: flip pkgs.callPackage {})
|
// mapAttrs (_: flip callPackage {})
|
||||||
(filterAttrs (_: dir.has-default-nix)
|
(filterAttrs (_: dir.has-default-nix)
|
||||||
(subdirsOf ./.));
|
(subdirsOf ./.));
|
||||||
}
|
}
|
||||||
|
@ -16,7 +16,7 @@ stdenv.mkDerivation {
|
|||||||
|
|
||||||
installPhase =
|
installPhase =
|
||||||
let
|
let
|
||||||
path = stdenv.lib.makeSearchPath "bin" [
|
path = stdenv.lib.makeBinPath [
|
||||||
coreutils
|
coreutils
|
||||||
curl
|
curl
|
||||||
gnused
|
gnused
|
||||||
|
63
krebs/5pkgs/exim/default.nix
Normal file
63
krebs/5pkgs/exim/default.nix
Normal file
@ -0,0 +1,63 @@
|
|||||||
|
{ coreutils, fetchurl, db, openssl, pcre, perl, pkgconfig, stdenv }:
|
||||||
|
|
||||||
|
stdenv.mkDerivation rec {
|
||||||
|
name = "exim-4.86.2";
|
||||||
|
|
||||||
|
src = fetchurl {
|
||||||
|
url = "http://mirror.switch.ch/ftp/mirror/exim/exim/exim4/${name}.tar.bz2";
|
||||||
|
sha256 = "1cvfcc1hi60lydv8h3a2rxlfc0v2nflwpvzjj7h7cdsqs2pxwmkp";
|
||||||
|
};
|
||||||
|
|
||||||
|
buildInputs = [ coreutils db openssl pcre perl pkgconfig ];
|
||||||
|
|
||||||
|
preBuild = ''
|
||||||
|
sed '
|
||||||
|
s:^\(BIN_DIRECTORY\)=.*:\1='"$out"'/bin:
|
||||||
|
s:^\(CONFIGURE_FILE\)=.*:\1=/etc/exim.conf:
|
||||||
|
s:^\(EXIM_USER\)=.*:\1=ref\:nobody:
|
||||||
|
s:^\(SPOOL_DIRECTORY\)=.*:\1=/exim-homeless-shelter:
|
||||||
|
s:^# \(SUPPORT_MAILDIR\)=.*:\1=yes:
|
||||||
|
s:^EXIM_MONITOR=.*$:# &:
|
||||||
|
s:^\(FIXED_NEVER_USERS\)=root$:\1=0:
|
||||||
|
s:^# \(WITH_CONTENT_SCAN\)=.*:\1=yes:
|
||||||
|
s:^# \(AUTH_PLAINTEXT\)=.*:\1=yes:
|
||||||
|
s:^# \(SUPPORT_TLS\)=.*:\1=yes:
|
||||||
|
s:^# \(USE_OPENSSL_PC=openssl\)$:\1:
|
||||||
|
s:^# \(LOG_FILE_PATH=syslog\)$:\1:
|
||||||
|
s:^# \(HAVE_IPV6=yes\)$:\1:
|
||||||
|
s:^# \(CHOWN_COMMAND\)=.*:\1=${coreutils}/bin/chown:
|
||||||
|
s:^# \(CHGRP_COMMAND\)=.*:\1=${coreutils}/bin/chgrp:
|
||||||
|
s:^# \(CHMOD_COMMAND\)=.*:\1=${coreutils}/bin/chmod:
|
||||||
|
s:^# \(MV_COMMAND\)=.*:\1=${coreutils}/bin/mv:
|
||||||
|
s:^# \(RM_COMMAND\)=.*:\1=${coreutils}/bin/rm:
|
||||||
|
s:^# \(TOUCH_COMMAND\)=.*:\1=${coreutils}/bin/touch:
|
||||||
|
s:^# \(PERL_COMMAND\)=.*:\1=${perl}/bin/perl:
|
||||||
|
#/^\s*#.*/d
|
||||||
|
#/^\s*$/d
|
||||||
|
' < src/EDITME > Local/Makefile
|
||||||
|
'';
|
||||||
|
|
||||||
|
installPhase = ''
|
||||||
|
mkdir -p $out/bin $out/share/man/man8
|
||||||
|
cp doc/exim.8 $out/share/man/man8
|
||||||
|
|
||||||
|
( cd build-Linux-*
|
||||||
|
cp exicyclog exim_checkaccess exim_dumpdb exim_lock exim_tidydb \
|
||||||
|
exipick exiqsumm exigrep exim_dbmbuild exim exim_fixdb eximstats \
|
||||||
|
exinext exiqgrep exiwhat \
|
||||||
|
$out/bin )
|
||||||
|
|
||||||
|
( cd $out/bin
|
||||||
|
for i in mailq newaliases rmail rsmtp runq sendmail; do
|
||||||
|
ln -s exim $i
|
||||||
|
done )
|
||||||
|
'';
|
||||||
|
|
||||||
|
meta = {
|
||||||
|
homepage = http://exim.org/;
|
||||||
|
description = "A mail transfer agent (MTA)";
|
||||||
|
license = stdenv.lib.licenses.gpl3;
|
||||||
|
platforms = stdenv.lib.platforms.linux;
|
||||||
|
maintainers = [ stdenv.lib.maintainers.tv ];
|
||||||
|
};
|
||||||
|
}
|
@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
|
|||||||
|
|
||||||
buildInputs = [ makeWrapper ];
|
buildInputs = [ makeWrapper ];
|
||||||
|
|
||||||
binPath = lib.makeSearchPath "bin" [
|
binPath = lib.makeBinPath [
|
||||||
coreutils
|
coreutils
|
||||||
gawk
|
gawk
|
||||||
];
|
];
|
||||||
|
@ -16,7 +16,7 @@ stdenv.mkDerivation {
|
|||||||
|
|
||||||
installPhase =
|
installPhase =
|
||||||
let
|
let
|
||||||
path = stdenv.lib.makeSearchPath "bin" [
|
path = stdenv.lib.makeBinPath [
|
||||||
coreutils
|
coreutils
|
||||||
gnugrep
|
gnugrep
|
||||||
gnused
|
gnused
|
||||||
|
@ -12,7 +12,7 @@ let
|
|||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
set -euf
|
set -euf
|
||||||
|
|
||||||
export PATH=${makeSearchPath "bin" (with pkgs; [
|
export PATH=${makeBinPath (with pkgs; [
|
||||||
coreutils
|
coreutils
|
||||||
git
|
git
|
||||||
gnused
|
gnused
|
||||||
|
@ -17,7 +17,7 @@ stdenv.mkDerivation {
|
|||||||
installPhase =
|
installPhase =
|
||||||
let
|
let
|
||||||
ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||||
path = stdenv.lib.makeSearchPath "bin" (with pkgs; [
|
path = stdenv.lib.makeBinPath (with pkgs; [
|
||||||
coreutils
|
coreutils
|
||||||
findutils
|
findutils
|
||||||
git
|
git
|
||||||
|
@ -5,7 +5,7 @@ pkgs.writeScriptBin "hashPassword" ''
|
|||||||
# usage: hashPassword
|
# usage: hashPassword
|
||||||
set -euf
|
set -euf
|
||||||
|
|
||||||
export PATH=${lib.makeSearchPath "bin" (with pkgs; [
|
export PATH=${lib.makeBinPath (with pkgs; [
|
||||||
coreutils
|
coreutils
|
||||||
mkpasswd
|
mkpasswd
|
||||||
openssl
|
openssl
|
||||||
|
@ -1,16 +0,0 @@
|
|||||||
{ fetchgit, stdenv }:
|
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
|
||||||
name = "nq-${rev}";
|
|
||||||
rev = "0eae839cb1";
|
|
||||||
|
|
||||||
src = fetchgit {
|
|
||||||
url = https://github.com/chneukirchen/nq;
|
|
||||||
inherit rev;
|
|
||||||
sha256 = "1150274750cde934932d65bd6053d7a0ba2404a59eadfb87fc6bd8a4fb70febb";
|
|
||||||
};
|
|
||||||
|
|
||||||
configurePhase = ''
|
|
||||||
sed -i "s:^PREFIX=.*:PREFIX=$out:" Makefile
|
|
||||||
'';
|
|
||||||
}
|
|
@ -25,7 +25,7 @@ stdenv.mkDerivation {
|
|||||||
|
|
||||||
installPhase =
|
installPhase =
|
||||||
let
|
let
|
||||||
path = lib.makeSearchPath "bin" [
|
path = lib.makeBinPath [
|
||||||
coreutils
|
coreutils
|
||||||
git
|
git
|
||||||
gnumake
|
gnumake
|
||||||
|
@ -56,7 +56,6 @@ with config.krebs.lib;
|
|||||||
netcat
|
netcat
|
||||||
nix-repl
|
nix-repl
|
||||||
nmap
|
nmap
|
||||||
nq
|
|
||||||
p7zip
|
p7zip
|
||||||
pass
|
pass
|
||||||
posix_man_pages
|
posix_man_pages
|
||||||
|
@ -12,7 +12,7 @@ with config.krebs.lib;
|
|||||||
../2configs/git.nix
|
../2configs/git.nix
|
||||||
../2configs/im.nix
|
../2configs/im.nix
|
||||||
../2configs/mail-client.nix
|
../2configs/mail-client.nix
|
||||||
../2configs/nginx-public_html.nix
|
../2configs/nginx/public_html.nix
|
||||||
../2configs/pulse.nix
|
../2configs/pulse.nix
|
||||||
../2configs/retiolum.nix
|
../2configs/retiolum.nix
|
||||||
../2configs/wu-binary-cache/client.nix
|
../2configs/wu-binary-cache/client.nix
|
||||||
|
@ -13,7 +13,7 @@ with config.krebs.lib;
|
|||||||
../2configs/im.nix
|
../2configs/im.nix
|
||||||
../2configs/mail-client.nix
|
../2configs/mail-client.nix
|
||||||
../2configs/man.nix
|
../2configs/man.nix
|
||||||
../2configs/nginx-public_html.nix
|
../2configs/nginx/public_html.nix
|
||||||
../2configs/pulse.nix
|
../2configs/pulse.nix
|
||||||
../2configs/retiolum.nix
|
../2configs/retiolum.nix
|
||||||
../2configs/wu-binary-cache
|
../2configs/wu-binary-cache
|
||||||
@ -46,7 +46,6 @@ with config.krebs.lib;
|
|||||||
netcat
|
netcat
|
||||||
nix-repl
|
nix-repl
|
||||||
nmap
|
nmap
|
||||||
nq
|
|
||||||
p7zip
|
p7zip
|
||||||
push
|
push
|
||||||
qrencode
|
qrencode
|
||||||
|
@ -12,7 +12,7 @@ with config.krebs.lib;
|
|||||||
../2configs/git.nix
|
../2configs/git.nix
|
||||||
../2configs/mail-client.nix
|
../2configs/mail-client.nix
|
||||||
../2configs/man.nix
|
../2configs/man.nix
|
||||||
../2configs/nginx-public_html.nix
|
../2configs/nginx/public_html.nix
|
||||||
../2configs/pulse.nix
|
../2configs/pulse.nix
|
||||||
../2configs/retiolum.nix
|
../2configs/retiolum.nix
|
||||||
../2configs/wu-binary-cache/client.nix
|
../2configs/wu-binary-cache/client.nix
|
||||||
@ -58,7 +58,6 @@ with config.krebs.lib;
|
|||||||
netcat
|
netcat
|
||||||
nix-repl
|
nix-repl
|
||||||
nmap
|
nmap
|
||||||
nq
|
|
||||||
p7zip
|
p7zip
|
||||||
pass
|
pass
|
||||||
qrencode
|
qrencode
|
||||||
|
@ -26,6 +26,7 @@ with config.krebs.lib;
|
|||||||
imports = [
|
imports = [
|
||||||
<secrets>
|
<secrets>
|
||||||
./backup.nix
|
./backup.nix
|
||||||
|
./nginx
|
||||||
./vim.nix
|
./vim.nix
|
||||||
{
|
{
|
||||||
# stockholm dependencies
|
# stockholm dependencies
|
||||||
|
@ -5,6 +5,9 @@ with config.krebs.lib;
|
|||||||
{
|
{
|
||||||
krebs.exim-smarthost = {
|
krebs.exim-smarthost = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
dkim = [
|
||||||
|
{ domain = "viljetic.de"; }
|
||||||
|
];
|
||||||
sender_domains = [
|
sender_domains = [
|
||||||
"krebsco.de"
|
"krebsco.de"
|
||||||
"shackspace.de"
|
"shackspace.de"
|
||||||
|
17
tv/2configs/nginx/default.nix
Normal file
17
tv/2configs/nginx/default.nix
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
{ config, lib, ... }:
|
||||||
|
|
||||||
|
with config.krebs.lib;
|
||||||
|
|
||||||
|
{
|
||||||
|
krebs.nginx = {
|
||||||
|
servers.default.locations = [
|
||||||
|
(nameValuePair "= /etc/os-release" ''
|
||||||
|
default_type text/plain;
|
||||||
|
alias /etc/os-release;
|
||||||
|
'')
|
||||||
|
];
|
||||||
|
};
|
||||||
|
tv.iptables = optionalAttrs config.krebs.nginx.enable {
|
||||||
|
input-retiolum-accept-new-tcp = singleton "http";
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user