Mic92
/
stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'prism/master'

This commit is contained in:
tv 2017-09-07 22:51:48 +02:00
parent 66738262ee 46a3f4c243
commit e4969bf3e7
44 changed files with 427 additions and 204 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.gitlab-ci.yml Normal file
View File

@ -0,0 +1,5 @@
nix-shell test:
script:
- env
- nix-shell --pure --command 'true' -p stdenv && echo success
- nix-shell --pure --command 'false' -p stdenv || echo success

1
krebs/1systems/hotdog/config.nix
View File

@ -10,6 +10,7 @@
<stockholm/krebs/2configs>
<stockholm/krebs/2configs/buildbot-all.nix>
<stockholm/krebs/2configs/gitlab-runner-shackspace.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix>
];

34
krebs/2configs/gitlab-runner-shackspace.nix Normal file
View File

@ -0,0 +1,34 @@
{ config, ... }:
let
url = "https://git.shackspace.de/";
# generate token from CI-token via:
## gitlab-runner register
## cat /etc/gitlab-runner/config.toml
token = import <secrets/shackspace-gitlab-ci-token.nix> ;
in {
systemd.services.gitlab-runner.path = [
"/run/wrappers" # /run/wrappers/bin/su
"/" # /bin/sh
];
systemd.services.gitlab-runner.serviceConfig.PrivateTmp = true;
virtualisation.docker.enable = true;
services.gitlab-runner = {
enable = true;
# configFile, configOptions and gracefulTimeout not yet in stable
# gracefulTimeout = "120min";
configText = ''
concurrent = 1
check_interval = 0
[[runners]]
name = "krebs-shell"
url = "${url}"
token = "${token}"
executor = "shell"
shell = "sh"
environment = ["PATH=/bin:/run/wrappers/bin:/etc/per-user/gitlab-runner/bin:/etc/per-user-pkgs/gitlab-runner/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"]
[runners.cache]
'';
};
}

7
krebs/3modules/newsbot-js.nix
View File

@ -13,6 +13,11 @@ let
api = {
enable = mkEnableOption "Enable krebs newsbot";
package = mkOption {
type = types.package;
default = pkgs.newsbot-js;
description = "newsbot package to use";
};
ircServer = mkOption {
type = types.str;
default = "echelon.retiolum";
@ -79,7 +84,7 @@ let
serviceConfig = {
User = "newsbot-js";
Restart = "always";
ExecStart = "${pkgs.newsbot-js}/bin/newsbot";
ExecStart = "${cfg.package}/bin/newsbot";
};
};
};

5
krebs/3modules/nin/default.nix
View File

@ -3,7 +3,10 @@
with import <stockholm/lib>;
{
hosts = mapAttrs (_: setAttr "owner" config.krebs.users.nin) {
hosts = mapAttrs (_: recursiveUpdate {
owner = config.krebs.users.nin;
ci = true;
}) {
hiawatha = {
cores = 2;
nets = {

23
krebs/3modules/rtorrent.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ config, lib, pkgs, options, ... }:
with import <stockholm/lib>;
let
@ -73,6 +73,15 @@ let
# authentication also applies to rtorrent.rutorrent
enable = mkEnableOption "rtorrent nginx web RPC";
addr = mkOption {
type = types.addr4;
default = "0.0.0.0";
description = ''
the address to listen on
default is 0.0.0.0
'';
};
port = mkOption {
type = types.nullOr types.int;
description =''
@ -290,7 +299,7 @@ let
services.nginx.enable = mkDefault true;
services.nginx.virtualHosts.rtorrent = {
default = mkDefault true;
inherit (webcfg) basicAuth port;
inherit (webcfg) basicAuth;
root = optionalString rucfg.enable webdir;
locations = {
@ -310,7 +319,15 @@ let
include ${pkgs.nginx}/conf/fastcgi.conf;
''; }
);
};
# workaround because upstream nginx api changed
# TODO remove when nobody uses 17.03 anymore
} // (if hasAttr "port" (head options.services.nginx.virtualHosts.type.getSubModules).submodule.options then {
port = webcfg.port;
} else {
listen = [
{ inherit (webcfg) addr port; }
];
});
};
rutorrent-imp = {

1
krebs/5pkgs/simple/newsbot-js/default.nix
View File

@ -32,6 +32,7 @@ in np.buildNodePackage {
phases = [
"unpackPhase"
"patchPhase"
"installPhase"
];

1
krebs/6tests/data/secrets/shackspace-gitlab-ci-token.nix Normal file
View File

@ -0,0 +1 @@
"lol"

2
lass/source.nix
View File

@ -15,7 +15,7 @@ in
# 87a4615 & 334ac4f
# + acme permissions for groups
# fd7a8f1
ref = "fe46ffc";
ref = "d151161";
};
secrets.file = getAttr builder {
buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>;

3
makefu/1systems/gum/config.nix
View File

@ -43,6 +43,7 @@ in {
<stockholm/makefu/2configs/torrent.nix>
<stockholm/makefu/2configs/iodined.nix>
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
<stockholm/makefu/2configs/dnscrypt/server.nix>
## Web
<stockholm/makefu/2configs/nginx/share-download.nix>
@ -55,9 +56,7 @@ in {
<stockholm/makefu/2configs/deployment/mycube.connector.one.nix>
<stockholm/makefu/2configs/deployment/graphs.nix>
<stockholm/makefu/2configs/deployment/owncloud.nix>
<stockholm/makefu/2configs/deployment/wiki-irc-bot>
<stockholm/makefu/2configs/deployment/boot-euer.nix>
<stockholm/makefu/2configs/deployment/hound>
{
services.taskserver.enable = true;
services.taskserver.fqdn = config.krebs.build.host.name;

10
makefu/1systems/omo/config.nix
View File

@ -194,16 +194,6 @@ in {
zramSwap.enable = true;
krebs.Reaktor.reaktor = {
nickname = "Reaktor|krebs";
workdir = "/var/lib/Reaktor/krebs";
channels = [ "#krebs" ];
plugins = with pkgs.ReaktorPlugins;[
stockholm-issue
nixos-version
sed-plugin
random-emoji ];
};
krebs.Reaktor.reaktor-shack = {
nickname = "Reaktor|shack";
workdir = "/var/lib/Reaktor/shack";

4
makefu/1systems/x/config.nix
View File

@ -12,7 +12,7 @@ with import <stockholm/lib>;
<stockholm/makefu/2configs/extra-fonts.nix>
<stockholm/makefu/2configs/tools/all.nix>
<stockholm/makefu/2configs/laptop-backup.nix>
<stockholm/makefu/2configs/dnscrypt.nix>
<stockholm/makefu/2configs/dnscrypt/client.nix>
<stockholm/makefu/2configs/avahi.nix>
# Debugging
@ -20,6 +20,7 @@ with import <stockholm/lib>;
# Testing
# <stockholm/makefu/2configs/deployment/gitlab.nix>
# <stockholm/makefu/2configs/deployment/wiki-irc-bot>
# <stockholm/makefu/2configs/torrent.nix>
# <stockholm/makefu/2configs/lanparty/lancache.nix>
@ -54,6 +55,7 @@ with import <stockholm/lib>;
# Services
<stockholm/makefu/2configs/git/brain-retiolum.nix>
<stockholm/makefu/2configs/tor.nix>
<stockholm/makefu/2configs/vpn/vpngate.nix>
<stockholm/makefu/2configs/steam.nix>
# <stockholm/makefu/2configs/buildbot-standalone.nix>

1
makefu/2configs/bepasty-dual.nix
View File

@ -36,7 +36,6 @@ in {
"${ext-dom}" = {
nginx = {
enableSSL = true;
forceSSL = true;
enableACME = true;
};

13
makefu/2configs/default.nix
View File

@ -39,10 +39,10 @@ with import <stockholm/lib>;
};
networking.hostName = config.krebs.build.host.name;
nix.maxJobs = config.krebs.build.host.cores;
nix.maxJobs = 2;
nix.buildCores = config.krebs.build.host.cores;
time.timeZone = "Europe/Berlin";
#nix.maxJobs = 1;
programs.ssh = {
startAgent = false;
@ -145,15 +145,6 @@ with import <stockholm/lib>;
"net.ipv6.conf.default.use_tempaddr" = 2;
};
system.activationScripts.nix-defexpr = ''
(set -euf
for i in /home/makefu /root/;do
f="$i/.nix-defexpr"
rm -fr "$f"
ln -s /var/src/nixpkgs "$f"
done)
'';
i18n = {
consoleKeyMap = "us";
defaultLocale = "en_US.UTF-8";

1
makefu/2configs/deployment/boot-euer.nix
View File

@ -16,7 +16,6 @@ in {
services.nginx = {
enable = mkDefault true;
virtualHosts."boot.euer.krebsco.de" = {
enableSSL = true;
forceSSL = true;
enableACME = true;
locations."/" = {

1
makefu/2configs/deployment/graphs.nix
View File

@ -28,7 +28,6 @@ in {
];
};
anonymous = {
enableSSL = true;
forceSSL = true;
enableACME = true;
};

1
makefu/2configs/deployment/owncloud.nix
View File

@ -21,7 +21,6 @@ let
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
enableSSL = true;
serverAliases = domains;
extraConfig = ''

74
makefu/2configs/deployment/wiki-irc-bot/default.nix
View File

@ -1,67 +1,19 @@
{ pkgs, lib, ... }:
{ config, pkgs, ... }:
with lib;
let
port = 18872;
pkg = pkgs.lib.overrideDerivation pkgs.newsbot-js (original: {
patches = [ ./wiki-output.patch ];
});
newsfile = pkgs.writeText "feeds" ''
nixoswiki-bot|https://nixos.wiki/api.php?days=7&limit=50&hidecategorization=1&action=feedrecentchanges&feedformat=rss|#krebs
'';
in {
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
logstash = pkgs.stdenv.lib.overrideDerivation pkgs.logstash (old: {
patches = [ ./irc-out-notice.patch ]; });
};
services.logstash = {
krebs.newsbot-js = {
enable = true;
inputConfig = ''
http {
port => ${toString port}
host => "127.0.0.1"
}
'';
filterConfig = ''
if ([pages]) {
ruby {
code => '
require "net/http"
require "net/https"
http = Net::HTTP.new("git.io", 443)
http.use_ssl = true
lines = []
event["pages"].each {|p|
url = "#{p["html_url"]}/_compare/#{p["sha"]}"
short_url = begin
request = Net::HTTP::Post.new "/"
request.set_form_data ({"url" => url })
response = http.request(request)
response["location"]
end
lines << "\"#{p["title"]}\" #{p["action"]} by #{event["sender"]["login"]} #{short_url}"
}
event["output"] = lines.join("\n")
'
}
}
'';
outputConfig = ''
file { path => "/tmp/logs.json" codec => "json_lines" }
if [output] {
irc {
channels => [ "#krebs", "#nixos" ]
host => "irc.freenode.net"
nick => "nixos-users-wiki"
format => "%{output}"
notice => true
}
}
'';
plugins = [ ];
};
services.nginx = {
enable = lib.mkDefault true;
virtualHosts."ghook.krebsco.de" = {
locations."/".proxyPass = "http://localhost:${toString port}/";
enableSSL = true;
enableACME = true;
forceSSL = true;
};
package = pkg;
ircServer = "chat.freenode.net";
feeds = newsfile;
urlShortenerHost = "go";
urlShortenerPort = "80";
};
}

26
makefu/2configs/deployment/wiki-irc-bot/irc-out-notice.patch
View File

@ -1,26 +0,0 @@
index b63339d..8c8c747 100644
--- a/vendor/bundle/jruby/1.9/gems/logstash-output-irc-2.0.4/lib/logstash/outputs/irc.rb
+++ b/vendor/bundle/jruby/1.9/gems/logstash-output-irc-2.0.4/lib/logstash/outputs/irc.rb
@@ -48,6 +48,9 @@ class LogStash::Outputs::Irc < LogStash::Outputs::Base
# Static string after event
config :post_string, :validate => :string, :required => false
+ # Set this to true to send messages as notice
+ config :notice, :validate => :boolean, :default => false
+
public
def inject_bot(bot)
@@ -90,9 +93,9 @@ class LogStash::Outputs::Irc < LogStash::Outputs::Base
@bot.channels.each do |channel|
@logger.debug("Sending to...", :channel => channel, :text => text)
- channel.msg(pre_string) if !@pre_string.nil?
- channel.msg(text)
- channel.msg(post_string) if !@post_string.nil?
+ channel.send(pre_string, :notice => @notice) if !@pre_string.nil?
+ channel.send(text, :notice => @notice)
+ channel.send(post_string, :notice => @notice) if !@post_string.nil?
end # channels.each
end # def receive
end # class LogStash::Outputs::Irc

45
makefu/2configs/deployment/wiki-irc-bot/wiki-output.patch Normal file
View File

@ -0,0 +1,45 @@
diff --git a/newsbot.js b/newsbot.js
index 42d0666..a284011 100644
--- a/newsbot.js
+++ b/newsbot.js
@@ -92,8 +92,9 @@ function create_feedbot (nick, uri, channels) {
}
function broadcast_new_item (item) {
+ console.log('Broadcasting item ',item.link)
return getShortLink(item.link, function (error, shortlink) {
- return broadcast(item.title + ' ' + shortlink)
+ return broadcast('"'+ item.title + '" edited by ' + item.author + ' ' + shortlink)
})
}
@@ -152,15 +153,18 @@ function create_feedbot (nick, uri, channels) {
if (client.lastItems) {
items.forEach(function (item) {
- if (!client.lastItems.hasOwnProperty(item.title)) {
+
+ if (!client.lastItems.hasOwnProperty(item.guid)) {
broadcast_new_item(item)
+ }else {
+ console.log("Item already seen:",item.guid)
}
})
}
client.lastItems = {}
items.forEach(function (item) {
- client.lastItems[item.title] = true
+ client.lastItems[item.guid] = true
})
return continue_loop()
@@ -199,6 +203,8 @@ function run_command (methodname, params, callback) {
}
function getShortLink (link, callback) {
+ callback(null,link)
+ return
var form = new FormData()
try {
form.append('uri', link)

7
makefu/2configs/dnscrypt.nix
View File

@ -1,7 +0,0 @@
{
services.dnscrypt-proxy.enable = true;
services.dnscrypt-proxy.resolverName = "cs-de";
networking.extraResolvconfConf = ''
name_servers='127.0.0.1'
'';
}

19
makefu/2configs/dnscrypt/client.nix Normal file
View File

@ -0,0 +1,19 @@
{ config, ... }:
let
customResolver = {
# TODO: put this somewhere else
address = config.krebs.hosts.gum.nets.internet.ip4.addr;
port = 15251;
name = "2.dnscrypt-cert.euer.krebsco.de";
# dnscrypt-wrapper --show-provider-publickey --provider-publickey-file public.key
key = "1AFC:E58D:F242:0FBB:9EE9:4E51:47F4:5373:D9AE:C2AB:DD96:8448:333D:5D79:272C:A44C";
};
in {
services.dnscrypt-proxy = {
enable = true;
inherit customResolver;
};
networking.extraResolvconfConf = ''
name_servers='127.0.0.1'
'';
}

26
makefu/2configs/dnscrypt/server.nix Normal file
View File

@ -0,0 +1,26 @@
{ config, ... }:
let
# TODO: dataDir is currently not provided by upstream
# data = config.services.dnscrypt-wrapper.dataDir;
data = "/var/lib/dnscrypt-wrapper";
sec = toString <secrets>;
port = 15251;
user = "dnscrypt-wrapper";
in {
services.dnscrypt-wrapper = {
enable = true;
address = "0.0.0.0";
upstream.address = "8.8.8.8";
providerName = "2.dnscrypt-cert.euer.krebsco.de";
inherit port;
};
networking.firewall.allowedUDPPorts = [ port ];
systemd.services.prepare-dnscrypt-wrapper-keys = {
wantedBy = [ "dnscrypt-wrapper.service" ];
before = [ "dnscrypt-wrapper.service" ];
script = ''
install -m700 -o ${user} -v ${sec}/dnscrypt-public.key ${data}/public.key
install -m700 -o ${user} -v ${sec}/dnscrypt-secret.key ${data}/secret.key
'';
};
}

1
makefu/2configs/git/cgit-retiolum.nix
View File

@ -22,6 +22,7 @@ let
cgit.desc = "Build new Stockholm hosts";
};
cac-api = { };
euer_blog = { };
ampel = { };
init-stockholm = {
cgit.desc = "Init stuff for stockholm";

3
makefu/2configs/hw/tp-x2x0.nix
View File

@ -2,6 +2,9 @@
with import <stockholm/lib>;
{
imports = [
./tpm.nix
];
networking.wireless.enable = lib.mkDefault true;
hardware.enableAllFirmware = true;

6
makefu/2configs/hw/tpm.nix Normal file
View File

@ -0,0 +1,6 @@
{ pkgs, ... }:
{
services.tcsd.enable = true;
# see https://wiki.archlinux.org/index.php/Trusted_Platform_Module
environment.systemPackages = with pkgs; [ opencryptoki tpm-tools ];
}

1
makefu/2configs/nginx/euer.blog.nix
View File

@ -33,7 +33,6 @@ in {
virtualHosts = {
"euer.krebsco.de" = {
#serverAliases = [ "blog.euer.krebsco.de" "blog.${hostname}" ];
enableSSL = true;
enableACME = true;
forceSSL = true;
root = base-dir;

1
makefu/2configs/nginx/euer.wiki.nix
View File

@ -79,7 +79,6 @@ in {
# "wiki.makefu.retiolum"
# "wiki.makefu"
#];
enableSSL = true;
forceSSL = true;
enableACME = true;
# recommendedGzipSettings = true;

1
makefu/2configs/nginx/share-download.nix
View File

@ -10,7 +10,6 @@ with import <stockholm/lib>;
root = config.makefu.dl-dir;
extraConfig = "autoindex on;";
forceSSL = true;
enableSSL = true;
enableACME = true;
basicAuth = import <secrets/dl.euer.krebsco.de-auth.nix>;
};

2
makefu/2configs/tools/all.nix
View File

@ -8,5 +8,7 @@
./games.nix
./media.nix
./sec.nix
./sec-gui.nix
./studio.nix
];
}

1
makefu/2configs/tools/core-gui.nix
View File

@ -20,6 +20,5 @@
xdotool
xorg.xbacklight
scrot
wireshark
];
}

8
makefu/2configs/tools/sec-gui.nix Normal file
View File

@ -0,0 +1,8 @@
{ pkgs, ... }:
{
krebs.per-user.makefu.packages = with pkgs; [
tpmmanager
wireshark
];
}

1
makefu/2configs/tools/sec.nix
View File

@ -13,5 +13,6 @@
thc-hydra
borgbackup
ledger
u3_tool
];
}

10
makefu/2configs/tools/studio.nix Normal file
View File

@ -0,0 +1,10 @@
{ pkgs, ... }:
{
users.users.makefu.packages = with pkgs; [
obs-studio
studio-link
audacity
owncloudclient
];
}

2
makefu/2configs/vim.nix
View File

@ -22,7 +22,7 @@ in {
set nocompatible
syntax on
set list
set listchars=tab:
set listchars=tab:\
"set list listchars=tab:>-,trail:.,extends:>
filetype off

108
makefu/2configs/vpn/vpngate.nix
View File

@ -1,5 +1,113 @@
{ pkgs, ... }:
{
services.openvpn.servers.vpngate-france = {
config = ''
dev tun
proto udp
remote coreeu1.opengw.net 1194
cipher AES-128-CBC
auth SHA1
resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3
<ca>
-----BEGIN CERTIFICATE-----
MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB
hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV
BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5
MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT
EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR
6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8X
pz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC
9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu/Nio5JIk2kNrYrhV
/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEf
Zd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z
+pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7w
qP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZah
SL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVIC
u9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma/RMhnEw6abf
Fobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq/yapiq
crxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E
FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB
/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvl
wFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM
4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV
2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSgtZx8jb8uk2Intzna
FxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwWsRqZ
CuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiK
boHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmcke
jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL
S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb
QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl
0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB
NVOFBkpdn627G190
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIICxjCCAa4CAQAwDQYJKoZIhvcNAQEFBQAwKTEaMBgGA1UEAxMRVlBOR2F0ZUNs
aWVudENlcnQxCzAJBgNVBAYTAkpQMB4XDTEzMDIxMTAzNDk0OVoXDTM3MDExOTAz
MTQwN1owKTEaMBgGA1UEAxMRVlBOR2F0ZUNsaWVudENlcnQxCzAJBgNVBAYTAkpQ
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5h2lgQQYUjwoKYJbzVZA
5VcIGd5otPc/qZRMt0KItCFA0s9RwReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD
4W8GmJe8zapJnLsD39OSMRCzZJnczW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQ
CjntLIWk5OLLVkFt9/tScc1GDtci55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67
XCKJnGB5nlQ+HsMYPV/O49Ld91ZN/2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6h
p/0yXnTB//mWutBGpdUlIbwiITbAmrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGD
ywIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQChO5hgcw/4oWfoEFLu9kBa1B//kxH8
hQkChVNn8BRC7Y0URQitPl3DKEed9URBDdg2KOAz77bb6ENPiliD+a38UJHIRMqe
UBHhllOHIzvDhHFbaovALBQceeBzdkQxsKQESKmQmR832950UCovoyRB61UyAV7h
+mZhYPGRKXKSJI6s0Egg/Cri+Cwk4bjJfrb5hVse11yh4D9MHhwSfCOH+0z4hPUT
Fku7dGavURO5SVxMn/sL6En5D+oSeXkadHpDs+Airym2YHh15h0+jPSOoR6yiVp/
6zZeZkrN43kuS73KpKDFjfFPh8t4r1gOIjttkNcQqBccusnplQ7HJpsk
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA5h2lgQQYUjwoKYJbzVZA5VcIGd5otPc/qZRMt0KItCFA0s9R
wReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD4W8GmJe8zapJnLsD39OSMRCzZJnc
zW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQCjntLIWk5OLLVkFt9/tScc1GDtci
55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67XCKJnGB5nlQ+HsMYPV/O49Ld91ZN
/2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6hp/0yXnTB//mWutBGpdUlIbwiITbA
mrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGDywIDAQABAoIBAERV7X5AvxA8uRiK
k8SIpsD0dX1pJOMIwakUVyvc4EfN0DhKRNb4rYoSiEGTLyzLpyBc/A28Dlkm5eOY
fjzXfYkGtYi/Ftxkg3O9vcrMQ4+6i+uGHaIL2rL+s4MrfO8v1xv6+Wky33EEGCou
QiwVGRFQXnRoQ62NBCFbUNLhmXwdj1akZzLU4p5R4zA3QhdxwEIatVLt0+7owLQ3
lP8sfXhppPOXjTqMD4QkYwzPAa8/zF7acn4kryrUP7Q6PAfd0zEVqNy9ZCZ9ffho
zXedFj486IFoc5gnTp2N6jsnVj4LCGIhlVHlYGozKKFqJcQVGsHCqq1oz2zjW6LS
oRYIHgECgYEA8zZrkCwNYSXJuODJ3m/hOLVxcxgJuwXoiErWd0E42vPanjjVMhnt
KY5l8qGMJ6FhK9LYx2qCrf/E0XtUAZ2wVq3ORTyGnsMWre9tLYs55X+ZN10Tc75z
4hacbU0hqKN1HiDmsMRY3/2NaZHoy7MKnwJJBaG48l9CCTlVwMHocIECgYEA8jby
dGjxTH+6XHWNizb5SRbZxAnyEeJeRwTMh0gGzwGPpH/sZYGzyu0SySXWCnZh3Rgq
5uLlNxtrXrljZlyi2nQdQgsq2YrWUs0+zgU+22uQsZpSAftmhVrtvet6MjVjbByY
DADciEVUdJYIXk+qnFUJyeroLIkTj7WYKZ6RjksCgYBoCFIwRDeg42oK89RFmnOr
LymNAq4+2oMhsWlVb4ejWIWeAk9nc+GXUfrXszRhS01mUnU5r5ygUvRcarV/T3U7
TnMZ+I7Y4DgWRIDd51znhxIBtYV5j/C/t85HjqOkH+8b6RTkbchaX3mau7fpUfds
Fq0nhIq42fhEO8srfYYwgQKBgQCyhi1N/8taRwpk+3/IDEzQwjbfdzUkWWSDk9Xs
H/pkuRHWfTMP3flWqEYgW/LW40peW2HDq5imdV8+AgZxe/XMbaji9Lgwf1RY005n
KxaZQz7yqHupWlLGF68DPHxkZVVSagDnV/sztWX6SFsCqFVnxIXifXGC4cW5Nm9g
va8q4QKBgQCEhLVeUfdwKvkZ94g/GFz731Z2hrdVhgMZaU/u6t0V95+YezPNCQZB
wmE9Mmlbq1emDeROivjCfoGhR3kZXW1pTKlLh6ZMUQUOpptdXva8XxfoqQwa3enA
M7muBbF0XN7VO80iJPv+PmIZdEIAkpwKfi201YB+BafCIuGxIF50Vg==
-----END RSA PRIVATE KEY-----
</key>
'';
autoStart = false;
updateResolvConf = false;
};
services.openvpn.servers.vpngate-japan = {
config = ''
dev tun

2
makefu/2configs/zsh-user.nix
View File

@ -88,7 +88,7 @@ in
'';
};
krebs.per-user.${mainUser}.packages = [
users.users.${mainUser}.packages = [
pkgs.nix-zsh-completions
pkgs.fzf
];

1
makefu/3modules/default.nix
View File

@ -15,6 +15,7 @@ _:
./torrent.nix
./udpt.nix
./umts.nix
./wvdial.nix
];
}

70
makefu/3modules/wvdial.nix Normal file
View File

@ -0,0 +1,70 @@
{ config, lib, pkgs, ... }:
# from 17.03/nixos/modules/programs/wvdial.nix
with lib;
let
configFile = ''
[Dialer Defaults]
PPPD PATH = ${pkgs.ppp}/sbin/pppd
${config.environment.wvdial.dialerDefaults}
'';
cfg = config.environment.wvdial;
in
{
###### interface
options = {
environment.wvdial = {
dialerDefaults = mkOption {
default = "";
type = types.str;
example = ''Init1 = AT+CGDCONT=1,"IP","internet.t-mobile"'';
description = ''
Contents of the "Dialer Defaults" section of
<filename>/etc/wvdial.conf</filename>.
'';
};
pppDefaults = mkOption {
default = ''
noipdefault
usepeerdns
defaultroute
persist
noauth
'';
type = types.str;
description = "Default ppp settings for wvdial.";
};
};
};
###### implementation
config = mkIf (cfg.dialerDefaults != "") {
environment = {
etc =
[
{ source = pkgs.writeText "wvdial.conf" configFile;
target = "wvdial.conf";
}
{ source = pkgs.writeText "wvdial" cfg.pppDefaults;
target = "ppp/peers/wvdial";
}
];
};
};
}

3
makefu/5pkgs/drozer/default.nix
View File

@ -5,9 +5,10 @@ pythonPackages.buildPythonApplication rec {
version = "2.4.3";
buildInputs = [ jdk7 ];
propagatedBuildInputs = with pythonPackages; [
protobuf
protobuf3_2
pyopenssl
pyyaml
] ++ [
jre7
twisted
];

7
makefu/5pkgs/gen-oath-safe/default.nix
View File

@ -1,7 +1,8 @@
{ coreutils, makeWrapper, openssl, libcaca, qrencode, fetchFromGitHub, yubikey-manager, python, stdenv, ... }:
stdenv.mkDerivation {
name = "geno-oath-safe-2017-06-30";
builtins.trace "Warning: HTOP mode of gen-oath-safe is currently broken"
stdenv.mkDerivation {
name = "gen-oath-safe-2017-06-30";
src = fetchFromGitHub {
owner = "mcepl";
repo = "gen-oath-safe";
@ -23,7 +24,7 @@ stdenv.mkDerivation {
coreutils
openssl
qrencode
yubikey-manager
#yubikey-manager
libcaca
python
];

22
makefu/5pkgs/u3_tool/default.nix Normal file
View File

@ -0,0 +1,22 @@
{ stdenv, fetchurl }:
stdenv.mkDerivation rec {
proj = "u3-tool";
name = "${proj}-${version}";
version = "0.3";
enableParallelBuilding = true;
src = fetchurl {
url = "mirror://sourceforge/${proj}/${name}.tar.gz";
sha256 = "1p9c9kibd1pdbdfa0nd0i3n7bvzi3xg0chm38jg3xfl8gsn0390f";
};
meta = {
description = "Tool for controlling the special features of a 'U3 smart drive' USB Flash disk.";
homepage = https://sourceforge.net/projects/u3-tool/ ;
license = stdenv.lib.licenses.gpl2;
platforms = stdenv.lib.platforms.linux;
maintainers = with stdenv.lib.maintainers; [ makefu ];
};
}

6
makefu/source.nix
View File

@ -11,10 +11,10 @@ let
then "buildbot"
else "makefu";
_file = <stockholm> + "/makefu/1systems/${name}/source.nix";
ref = "9d4bd6b"; # unstable @ 2017-07-31
ref = "c91346e"; # unstable @ 2017-09-04
# + graceful requests2 (a772c3aa)
# + libpurple bitlbee ( ce6fe1a, 65e38b7 )
# + buildbot-runner ( f3cecc5 )
# + mitmproxy fix (eee2d174)
# + tpm-tools fix (5cb9987)
in
evalSource (toString _file) [

65
nin/1systems/onondaga/config.nix
View File

@ -7,7 +7,6 @@
{
imports = [
<stockholm/nin>
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
<stockholm/nin/2configs/retiolum.nix>
<stockholm/nin/2configs/weechat.nix>
<stockholm/nin/2configs/git.nix>
@ -15,70 +14,10 @@
krebs.build.host = config.krebs.hosts.onondaga;
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
boot.loader.grub.device = "/dev/sda";
boot.isContainer = true;
networking.useDHCP = false;
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Select internationalisation properties.
# i18n = {
# consoleFont = "Lat2-Terminus16";
# consoleKeyMap = "us";
# defaultLocale = "en_US.UTF-8";
# };
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
# environment.systemPackages = with pkgs; [
# wget
# ];
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable the X11 windowing system.
# services.xserver.enable = true;
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
# Enable the KDE Desktop Environment.
# services.xserver.displayManager.kdm.enable = true;
# services.xserver.desktopManager.kde4.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.extraUsers.guest = {
# isNormalUser = true;
# uid = 1000;
# };
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "16.09";
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "sd_mod" "sr_mod" ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/7238cc6e-4bea-4e52-9408-32d8aa05abff";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/5e923175-854b-4bcf-97c8-f3a91806fa22";
fsType = "ext2";
};
nix.maxJobs = lib.mkDefault 1;
}