diff --git a/jeschli/1systems/reagenzglas/config.nix b/jeschli/1systems/reagenzglas/config.nix index b56b76acb..b6ae3c201 100644 --- a/jeschli/1systems/reagenzglas/config.nix +++ b/jeschli/1systems/reagenzglas/config.nix @@ -5,6 +5,7 @@ [ + ./desktop.nix ./i3-configuration.nix @@ -35,7 +36,6 @@ # $ nix search wget environment.systemPackages = with pkgs; [ wget vim git - firefox rofi ag ]; @@ -49,7 +49,9 @@ isNormalUser = true; }; - services.xserver.synaptics.enable = true; +# services.xserver.synaptics.enable = true; + services.xserver.libinput.enable = true; + services.xserver.libinput.disableWhileTyping = true; #Enable ssh daemon services.openssh.enable = true; diff --git a/jeschli/2configs/emacs-org-agenda.nix b/jeschli/2configs/emacs-org-agenda.nix index ded90ea1a..79540977c 100644 --- a/jeschli/2configs/emacs-org-agenda.nix +++ b/jeschli/2configs/emacs-org-agenda.nix @@ -162,14 +162,14 @@ let (setq org-refile-allow-creating-parent-nodes (quote confirm)) ; Use IDO for both buffer and file completion and ido-everywhere to t -(setq org-completion-use-ido t) -(setq ido-everywhere t) -(setq ido-max-directory-size 100000) -(ido-mode (quote both)) -; Use the current window when visiting files and buffers with ido -(setq ido-default-file-method 'selected-window) -(setq ido-default-buffer-method 'selected-window) -; Use the current window for indirect buffer display +; (setq org-completion-use-ido t) +; (setq ido-everywhere t) +; (setq ido-max-directory-size 100000) +; (ido-mode (quote both)) +; ; Use the current window when visiting files and buffers with ido +; (setq ido-default-file-method 'selected-window) +; (setq ido-default-buffer-method 'selected-window) +; ; Use the current window for indirect buffer display (setq org-indirect-buffer-display 'current-window) ;;;; Refile settings diff --git a/jeschli/2configs/emacs.nix b/jeschli/2configs/emacs.nix index d243017f1..46354bd62 100644 --- a/jeschli/2configs/emacs.nix +++ b/jeschli/2configs/emacs.nix @@ -53,6 +53,13 @@ let (ido-mode t) ''; + helm = '' + (helm-mode 1) + (global-set-key (kbd "M-x") #'helm-M-x) + (global-set-key (kbd "C-x r b") #'helm-filtered-bookmarks) + (global-set-key (kbd "C-x C-f") #'helm-find-files) + ''; + magit = '' (global-set-key (kbd "C-x g") 'magit-status) ; "Most Magit commands are commonly invoked from the status buffer" @@ -161,10 +168,9 @@ let ${evilMode} ${goMode} - ${ido} + ${helm} ${magit} ${orgMode} - ${recentFiles} ${rustDevelopment} ${theme} ${windowCosmetics} @@ -175,9 +181,17 @@ let #emacsWithCustomPackages emacsPkgs= epkgs: [ -#testing + #testing + epkgs.melpaPackages.web-mode + epkgs.melpaPackages.js2-mode + epkgs.melpaPackages.xref-js2 + + epkgs.melpaPackages.academic-phrases + epkgs.melpaPackages.gitlab epkgs.melpaPackages.forge + epkgs.melpaPackages.helm + epkgs.melpaPackages.weechat # emacs convenience epkgs.melpaPackages.ag diff --git a/jeschli/2configs/firefox.nix b/jeschli/2configs/firefox.nix new file mode 100644 index 000000000..d171fa82d --- /dev/null +++ b/jeschli/2configs/firefox.nix @@ -0,0 +1,53 @@ +{ config, pkgs, ... }: + +let + + # Firefox addons + https-everywhere = pkgs.callPackage ./own-pkgs/https-everywhere {}; + ublock-origin = pkgs.callPackage ./own-pkgs/ublock-origin {}; + webgl-fingerprint-defender = pkgs.callPackage ./own-pkgs/webgl-fingerprint-defender {}; + canvas-fingerprint-defender = pkgs.callPackage ./own-pkgs/canvas-fingerprint-defender {}; + audio-fingerprint-defender = pkgs.callPackage ./own-pkgs/audio-fingerprint-defender {}; + font-fingerprint-defender = pkgs.callPackage ./own-pkgs/font-fingerprint-defender {}; + user-agent-switcher = pkgs.callPackage ./own-pkgs/user-agent-switcher {}; + dark-reader = pkgs.callPackage ./own-pkgs/dark-reader {}; + + wrapper = pkgs.callPackage ./overlays/firefox-with-config.nix { }; + myFirefox = wrapper pkgs.firefox-unwrapped { + + extraExtensions = [ + dark-reader + https-everywhere + ublock-origin + audio-fingerprint-defender + canvas-fingerprint-defender + webgl-fingerprint-defender + font-fingerprint-defender + user-agent-switcher + ]; + + extraPolicies = { + CaptivePortal = false; + }; + + disablePocket = true; + disableFirefoxSync = true; + allowNonSigned = true; + clearDataOnShutdown = true; + disableDrmPlugin = true; + +}; + +in { + + +environment.variables = { + BROWSER = ["firefox"]; +}; + + +environment.systemPackages = with pkgs; [ + myFirefox +]; + +} diff --git a/jeschli/2configs/overlays/firefox-with-config.nix b/jeschli/2configs/overlays/firefox-with-config.nix new file mode 100644 index 000000000..9be6250d7 --- /dev/null +++ b/jeschli/2configs/overlays/firefox-with-config.nix @@ -0,0 +1,488 @@ +{ stdenv, lib, pkgs, makeDesktopItem, makeWrapper, lndir, replace, config + +## various stuff that can be plugged in +, flashplayer, hal-flash +, MPlayerPlugin, ffmpeg, xorg, libpulseaudio, libcanberra-gtk2 +, jrePlugin, icedtea_web +, bluejeans, djview4, adobe-reader +, google_talk_plugin, fribid, gnome3/*.gnome-shell*/ +, esteidfirefoxplugin ? "" +, browserpass, chrome-gnome-shell, uget-integrator, plasma-browser-integration, bukubrow +, udev +, kerberos + +}: + +## configurability of the wrapper itself + +browser: + +let + wrapper = + { browserName ? browser.browserName or (builtins.parseDrvName browser.name).name + , name ? (browserName + "-" + (builtins.parseDrvName browser.name).version) + , desktopName ? # browserName with first letter capitalized + (lib.toUpper (lib.substring 0 1 browserName) + lib.substring 1 (-1) browserName) + , nameSuffix ? "" + , icon ? browserName + , extraPlugins ? [] + , extraPrefs ? "" + , extraExtensions ? [ ] + , allowNonSigned ? false + , disablePocket ? false + , disableTelemetry ? true + , disableDrmPlugin ? false + , showPunycodeUrls ? true + , disableFirefoxStudies ? true + , disableFirefoxSync ? false + , useSystemCertificates ? true + , dontCheckDefaultBrowser ? false + # For more information about anti tracking + # vist https://wiki.kairaven.de/open/app/firefox + , activateAntiTracking ? true + , disableFeedbackCommands ? true + , disableDNSOverHTTPS ? true + , disableGoogleSafebrowsing ? false + , clearDataOnShutdown ? false + , homepage ? "about:blank" + # For more information about policies visit + # https://github.com/mozilla/policy-templates#enterprisepoliciesenabled + , extraPolicies ? {} + , extraNativeMessagingHosts ? [] + , gdkWayland ? false + }: + + assert gdkWayland -> (browser ? gtk3); # Can only use the wayland backend if gtk3 is being used + + let + + # If extraExtensions has been set disable manual extensions + disableManualExtensions = if lib.count (x: true) extraExtensions > 0 then true else false; + + cfg = config.${browserName} or {}; + enableAdobeFlash = cfg.enableAdobeFlash or false; + ffmpegSupport = browser.ffmpegSupport or false; + gssSupport = browser.gssSupport or false; + jre = cfg.jre or false; + icedtea = cfg.icedtea or false; + supportsJDK = + stdenv.hostPlatform.system == "i686-linux" || + stdenv.hostPlatform.system == "x86_64-linux" || + stdenv.hostPlatform.system == "armv7l-linux" || + stdenv.hostPlatform.system == "aarch64-linux"; + + plugins = + assert !(jre && icedtea); + if builtins.hasAttr "enableVLC" cfg + then throw "The option \"${browserName}.enableVLC\" has been removed since Firefox no longer supports npapi plugins" + else + ([ ] + ++ lib.optional enableAdobeFlash flashplayer + ++ lib.optional (cfg.enableDjvu or false) (djview4) + ++ lib.optional (cfg.enableMPlayer or false) (MPlayerPlugin browser) + ++ lib.optional (supportsJDK && jre && jrePlugin ? mozillaPlugin) jrePlugin + ++ lib.optional icedtea icedtea_web + ++ lib.optional (cfg.enableGoogleTalkPlugin or false) google_talk_plugin + ++ lib.optional (cfg.enableFriBIDPlugin or false) fribid + ++ lib.optional (cfg.enableGnomeExtensions or false) gnome3.gnome-shell + ++ lib.optional (cfg.enableBluejeans or false) bluejeans + ++ lib.optional (cfg.enableAdobeReader or false) adobe-reader + ++ lib.optional (cfg.enableEsteid or false) esteidfirefoxplugin + ++ extraPlugins + ); + nativeMessagingHosts = + ([ ] + ++ lib.optional (cfg.enableBrowserpass or false) (lib.getBin browserpass) + ++ lib.optional (cfg.enableBukubrow or false) bukubrow + ++ lib.optional (cfg.enableGnomeExtensions or false) chrome-gnome-shell + ++ lib.optional (cfg.enableUgetIntegrator or false) uget-integrator + ++ lib.optional (cfg.enablePlasmaBrowserIntegration or false) plasma-browser-integration + ++ extraNativeMessagingHosts + ); + libs = lib.optional stdenv.isLinux udev + ++ lib.optional ffmpegSupport ffmpeg + ++ lib.optional gssSupport kerberos + ++ lib.optionals (cfg.enableQuakeLive or false) + (with xorg; [ stdenv.cc libX11 libXxf86dga libXxf86vm libXext libXt alsaLib zlib ]) + ++ lib.optional (enableAdobeFlash && (cfg.enableAdobeFlashDRM or false)) hal-flash + ++ lib.optional (config.pulseaudio or true) libpulseaudio; + gtk_modules = [ libcanberra-gtk2 ]; + + enterprisePolicies = + { + policies = { + DisableAppUpdate = true; + } // lib.optionalAttrs disableManualExtensions ( + { + ExtensionSettings = { + "*" = { + blocked_install_message = "You can't have manual extension mixed with nix extensions"; + installation_mode = "blocked"; + }; + + } // lib.foldr (e: ret: + ret // { + "${e.extid}" = { + installation_mode = "allowed"; + }; + } + ) {} extraExtensions; + } + ) // lib.optionalAttrs disablePocket ( + { + DisablePocket = true; + } + ) // lib.optionalAttrs disableTelemetry ( + { + DisableTelemetry = true; + } + ) // lib.optionalAttrs disableFirefoxStudies ( + { + DisableFirefoxStudies = true; + } + ) // lib.optionalAttrs disableFirefoxSync ( + { + DisableFirefoxAccounts = true; + } + ) // lib.optionalAttrs useSystemCertificates ( + { + # Disable useless firefox certificate store + Certificates = { + ImportEnterpriseRoots = true; + }; + } + ) // lib.optionalAttrs ( + if lib.count (x: true) extraExtensions > 0 then true else false) ( + { + # Don't try to update nix installed addons + DisableSystemAddonUpdate = true; + + # But update manually installed addons + ExtensionUpdate = false; + } + ) // lib.optionalAttrs dontCheckDefaultBrowser ( + { + DontCheckDefaultBrowser = true; + } + )// lib.optionalAttrs disableDNSOverHTTPS ( + { + DNSOverHTTPS = { + Enabled = false; + }; + } + ) // lib.optionalAttrs clearDataOnShutdown ( + { + SanitizeOnShutdown = true; + } + ) // lib.optionalAttrs disableFeedbackCommands ( + { + DisableFeedbackCommands = true; + } + ) // lib.optionalAttrs ( if homepage == "" then false else true) ( + { + Homepage = { + URL = homepage; + Locked = true; + }; + } + ) // extraPolicies ;} ; + + + extensions = builtins.map (a: + if ! (builtins.hasAttr "signed" a) || ! (builtins.isBool a.signed) then + throw "Addon ${a.pname} needs boolean attribute 'signed' " + else if ! (builtins.hasAttr "extid" a) || ! (builtins.isString a.extid) then + throw "Addon ${a.pname} needs a string attribute 'extid'" + else if a.signed == false && !allowNonSigned then + throw "Disable signature checking in firefox if you want ${a.pname} addon" + else a + ) extraExtensions; + + policiesJson = builtins.toFile "policies.json" + (builtins.toJSON enterprisePolicies); + + mozillaCfg = builtins.toFile "mozilla.cfg" '' + // First line must be a comment + + // Remove default top sites + lockPref("browser.newtabpage.pinned", ""); + lockPref("browser.newtabpage.activity-stream.default.sites", ""); + + // Deactivate first run homepage + lockPref("browser.startup.firstrunSkipsHomepage", false); + + // If true, don't show the privacy policy tab on first run + lockPref("datareporting.policy.dataSubmissionPolicyBypassNotification", true); + + ${ + if allowNonSigned == true then + ''lockPref("xpinstall.signatures.required", false)'' + else + "" + } + + ${ + if showPunycodeUrls == true then + '' + lockPref("network.IDN_show_punycode", true); + '' + else + "" + } + + ${ + if disableManualExtensions == true then + '' + lockPref("extensions.getAddons.showPane", false); + lockPref("extensions.htmlaboutaddons.recommendations.enabled", false); + lockPref("app.update.auto", false); + '' + else + "" + } + + ${ + if disableDrmPlugin == true then + '' + lockPref("media.gmp-gmpopenh264.enabled", false); + lockPref("media.gmp-widevinecdm.enabled", false); + '' + else + "" + } + + ${ + if activateAntiTracking == true then + '' + // Tracking + lockPref("browser.send_pings", false); + lockPref("browser.send_pings.require_same_host", true); + lockPref("network.dns.disablePrefetch", true); + lockPref("browser.contentblocking.trackingprotection.control-center.ui.enabled", false); + lockPref("browser.search.geoip.url", ""); + lockPref("privacy.firstparty.isolate", true); + lockPref("privacy.userContext.enabled", true); + lockPref("privacy.userContext.ui.enabled", true); + lockPref("privacy.firstparty.isolate.restrict_opener_access", false); + lockPref("network.http.referer.XOriginPolicy", 1); + lockPref("network.http.referer.hideOnionSource", true); + lockPref(" privacy.spoof_english", true); + + // This option is currently not usable because of bug: + // https://bugzilla.mozilla.org/show_bug.cgi?id=1557620 + // lockPref("privacy.resistFingerprinting", true); + '' + else "" + } + ${ + if disableTelemetry == true then + '' + // Telemetry + lockPref("browser.newtabpage.activity-stream.feeds.telemetry", false); + lockPref("browser.ping-centre.telemetry", false); + lockPref("devtools.onboarding.telemetry.logged", false); + lockPref("toolkit.telemetry.archive.enabled", false); + lockPref("toolkit.telemetry.bhrPing.enabled", false); + lockPref("toolkit.telemetry.enabled", false); + lockPref("toolkit.telemetry.firstShutdownPing.enabled", false); + lockPref("toolkit.telemetry.hybridContent.enabled", false); + lockPref("toolkit.telemetry.newProfilePing.enabled", false); + lockPref("toolkit.telemetry.shutdownPingSender.enabled", false); + lockPref("toolkit.telemetry.reportingpolicy.firstRun", false); + lockPref("dom.push.enabled", false); + lockPref("browser.newtabpage.activity-stream.feeds.snippets", false); + lockPref("security.ssl.errorReporting.enabled", false); + '' + else "" + } + + ${ + if disableGoogleSafebrowsing == true then + '' + // Google data sharing + lockPref("browser.safebrowsing.blockedURIs.enabled", false); + lockPref("browser.safebrowsing.downloads.enabled", false); + lockPref("browser.safebrowsing.malware.enabled", false); + lockPref("browser.safebrowsing.passwords.enabled", false); + lockPref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); + lockPref("browser.safebrowsing.malware.enabled", false); + lockPref("browser.safebrowsing.phishing.enabled", false); + lockPref("browser.safebrowsing.provider.mozilla.gethashURL", ""); + lockPref("browser.safebrowsing.provider.mozilla.updateURL", ""); + '' + else "" + } + + // User customization + ${extraPrefs} + ''; + in stdenv.mkDerivation { + inherit name; + + desktopItem = makeDesktopItem { + name = browserName; + exec = "${browserName}${nameSuffix} %U"; + inherit icon; + comment = ""; + desktopName = "${desktopName}${nameSuffix}${lib.optionalString gdkWayland " (Wayland)"}"; + genericName = "Web Browser"; + categories = "Application;Network;WebBrowser;"; + mimeType = stdenv.lib.concatStringsSep ";" [ + "text/html" + "text/xml" + "application/xhtml+xml" + "application/vnd.mozilla.xul+xml" + "x-scheme-handler/http" + "x-scheme-handler/https" + "x-scheme-handler/ftp" + ]; + }; + + nativeBuildInputs = [ makeWrapper lndir ]; + buildInputs = lib.optional (browser ? gtk3) browser.gtk3; + + buildCommand = lib.optionalString stdenv.isDarwin '' + mkdir -p $out/Applications + cp -R --no-preserve=mode,ownership ${browser}/Applications/${browserName}.app $out/Applications + rm -f $out${browser.execdir or "/bin"}/${browserName} + '' + '' + + # Link the runtime. The executable itself has to be copied, + # because it will resolve paths relative to its true location. + # Any symbolic links have to be replicated as well. + cd "${browser}" + find . -type d -exec mkdir -p "$out"/{} \; + + find . -type f \( -not -name "${browserName}" \) -exec ln -sT "${browser}"/{} "$out"/{} \; + + find . -type f -name "${browserName}" -print0 | while read -d $'\0' f; do + cp -P --no-preserve=mode,ownership "${browser}/$f" "$out/$f" + chmod a+rwx "$out/$f" + done + + # fix links and absolute references + cd "${browser}" + + find . -type l -print0 | while read -d $'\0' l; do + target="$(readlink "$l" | ${replace}/bin/replace-literal -es -- "${browser}" "$out")" + ln -sfT "$target" "$out/$l" + done + + # This will not patch binaries, only "text" files. + # Its there for the wrapper mostly. + cd "$out" + ${replace}/bin/replace-literal -esfR -- "${browser}" "$out" + + # create the wrapper + + executablePrefix="$out${browser.execdir or "/bin"}" + executablePath="$executablePrefix/${browserName}" + + if [ ! -x "$executablePath" ] + then + echo "cannot find executable file \`${browser}${browser.execdir or "/bin"}/${browserName}'" + exit 1 + fi + + if [ ! -L "$executablePath" ] + then + # Careful here, the file at executablePath may already be + # a wrapper. That is why we postfix it with -old instead + # of -wrapped. + oldExe="$executablePrefix"/".${browserName}"-old + mv "$executablePath" "$oldExe" + else + oldExe="$(readlink -v --canonicalize-existing "$executablePath")" + fi + + + makeWrapper "$oldExe" "$out${browser.execdir or "/bin"}/${browserName}${nameSuffix}" \ + --suffix-each MOZ_PLUGIN_PATH ':' "$plugins" \ + --suffix LD_LIBRARY_PATH ':' "$libs" \ + --suffix-each GTK_PATH ':' "$gtk_modules" \ + --suffix-each LD_PRELOAD ':' "$(cat $(filterExisting $(addSuffix /extra-ld-preload $plugins)))" \ + --prefix-contents PATH ':' "$(filterExisting $(addSuffix /extra-bin-path $plugins))" \ + --suffix PATH ':' "$out${browser.execdir or "/bin"}" \ + --set MOZ_APP_LAUNCHER "${browserName}${nameSuffix}" \ + --set MOZ_SYSTEM_DIR "$out/lib/mozilla" \ + ${lib.optionalString gdkWayland '' + --set GDK_BACKEND "wayland" \ + ''}${lib.optionalString (browser ? gtk3) + ''--prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \ + --suffix XDG_DATA_DIRS : '${gnome3.adwaita-icon-theme}/share' + '' + } + + if [ -e "${browser}/share/icons" ]; then + mkdir -p "$out/share" + ln -s "${browser}/share/icons" "$out/share/icons" + else + for res in 16 32 48 64 128; do + mkdir -p "$out/share/icons/hicolor/''${res}x''${res}/apps" + icon=( "${browser}/lib/"*"/browser/chrome/icons/default/default''${res}.png" ) + if [ -e "$icon" ]; then ln -s "$icon" \ + "$out/share/icons/hicolor/''${res}x''${res}/apps/${browserName}.png" + fi + done + fi + + install -D -t $out/share/applications $desktopItem/share/applications/* + + mkdir -p $out/lib/mozilla + for ext in ${toString nativeMessagingHosts}; do + lndir -silent $ext/lib/mozilla $out/lib/mozilla + done + + # For manpages, in case the program supplies them + mkdir -p $out/nix-support + echo ${browser} > $out/nix-support/propagated-user-env-packages + + # user customization + mkdir -p $out/lib/firefox + + # creating policies.json + mkdir -p "$out/lib/firefox/distribution" + + cat > "$out/lib/firefox/distribution/policies.json" < ${policiesJson} + + # preparing for autoconfig + mkdir -p "$out/lib/firefox/defaults/pref" + + cat > "$out/lib/firefox/defaults/pref/autoconfig.js" < "$out/lib/firefox/mozilla.cfg" < ${mozillaCfg} + + mkdir -p $out/lib/firefox/distribution/extensions + + for i in ${toString extensions}; do + ln -s -t $out/lib/firefox/distribution/extensions $i/* + done + ''; + + preferLocalBuild = true; + + # Let each plugin tell us (through its `mozillaPlugin') attribute + # where to find the plugin in its tree. + plugins = map (x: x + x.mozillaPlugin) plugins; + libs = lib.makeLibraryPath libs + ":" + lib.makeSearchPathOutput "lib" "lib64" libs; + gtk_modules = map (x: x + x.gtkModule) gtk_modules; + + passthru = { unwrapped = browser; }; + + disallowedRequisites = [ stdenv.cc ]; + + meta = browser.meta // { + description = + browser.meta.description + + " (with plugins: " + + lib.concatStrings (lib.intersperse ", " (map (x: x.name) plugins)) + + ")"; + hydraPlatforms = []; + priority = (browser.meta.priority or 0) - 1; # prefer wrapper over the package + }; + }; +in + lib.makeOverridable wrapper diff --git a/jeschli/2configs/own-pkgs/audio-fingerprint-defender/default.nix b/jeschli/2configs/own-pkgs/audio-fingerprint-defender/default.nix new file mode 100644 index 000000000..05815e132 --- /dev/null +++ b/jeschli/2configs/own-pkgs/audio-fingerprint-defender/default.nix @@ -0,0 +1,40 @@ +{ stdenv, fetchurl, unzip, jq, zip }: + +stdenv.mkDerivation rec { + pname = "audio-fingerprint-defender-${version}"; + version = "0.1.3"; + + extid = "@audio-fingerprint-defender"; + signed = false; + + src = fetchurl { + url = "https://addons.mozilla.org/firefox/downloads/file/3363623/audiocontext_fingerprint_defender-${version}-an+fx.xpi"; + sha256 = "0yfk5vqwjg4g25c98psj56sw3kv8imxav3nss4hbibflgla1h5pb"; + }; + + phases = [ "buildPhase" ]; + + buildInputs = [ zip unzip jq ]; + + buildPhase = '' + mkdir -p $out/${extid} + unzip ${src} -d $out/${extid} + NEW_MANIFEST=$(jq '. + {"applications": { "gecko": { "id": "${extid}" }}}' $out/${extid}/manifest.json) + echo "$NEW_MANIFEST" > $out/${extid}/manifest.json + cd $out/${extid} + zip -r -FS $out/${extid}.xpi * + rm -r $out/${extid} + ''; + + meta = with stdenv.lib; { + description = "Audio context fingerprint defender firefox browser addon"; + homepage = https://mybrowseraddon.com/audiocontext-defender.html; + license = { + fullName = "Mozilla Public License Version 2.0"; + shortName = "moz2"; + spdxId = "mozilla-2.0"; + url = "https://www.mozilla.org/en-US/MPL/2.0/"; }; + maintainers = []; + platforms = stdenv.lib.platforms.all; + }; +} diff --git a/jeschli/2configs/own-pkgs/canvas-fingerprint-defender/default.nix b/jeschli/2configs/own-pkgs/canvas-fingerprint-defender/default.nix new file mode 100644 index 000000000..21b4b3f97 --- /dev/null +++ b/jeschli/2configs/own-pkgs/canvas-fingerprint-defender/default.nix @@ -0,0 +1,40 @@ +{ stdenv, fetchurl, unzip, jq, zip }: + +stdenv.mkDerivation rec { + pname = "canvas-fingerprint-defender-${version}"; + version = "0.1.5"; + + extid = "@canvas-fingerprint-defender"; + signed = false; + + src = fetchurl { + url = "https://addons.mozilla.org/firefox/downloads/file/3362272/canvas_fingerprint_defender-${version}-an+fx.xpi?src=recommended"; + sha256 = "1hg00zsrw7ij7bc222j83g2wm3ml1aj34zg5im1802cjq4qqvbld"; + }; + + phases = [ "buildPhase" ]; + + buildInputs = [ zip unzip jq ]; + + buildPhase = '' + mkdir -p $out/${extid} + unzip ${src} -d $out/${extid} + NEW_MANIFEST=$(jq '. + {"applications": { "gecko": { "id": "${extid}" }}}' $out/${extid}/manifest.json) + echo "$NEW_MANIFEST" > $out/${extid}/manifest.json + cd $out/${extid} + zip -r -FS $out/${extid}.xpi * + rm -r $out/${extid} + ''; + + meta = with stdenv.lib; { + description = "Canvas fingerprint defender firefox browser addon"; + homepage = https://mybrowseraddon.com/webgl-defender.html; + license = { + fullName = "Mozilla Public License Version 2.0"; + shortName = "moz2"; + spdxId = "mozilla-2.0"; + url = "https://www.mozilla.org/en-US/MPL/2.0/"; }; + maintainers = []; + platforms = stdenv.lib.platforms.all; + }; +} diff --git a/jeschli/2configs/own-pkgs/dark-reader/default.nix b/jeschli/2configs/own-pkgs/dark-reader/default.nix new file mode 100644 index 000000000..44f4f9054 --- /dev/null +++ b/jeschli/2configs/own-pkgs/dark-reader/default.nix @@ -0,0 +1,28 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + pname = "dark-reader-${version}"; + version = "4.8.1"; + + extid = "addon@darkreader.org"; + signed = true; + + src = fetchurl { + url = "https://addons.mozilla.org/firefox/downloads/file/3404143/dark_reader-${version}-an+fx.xpi"; + sha256 = "0ic0i56jhmxymvy68bs5hqcjvdvw3vks5r58i2ygmpsm190rlldb"; + }; + + phases = [ "installPhase" ]; + + installPhase = '' + install -D ${src} "$out/${extid}.xpi" + ''; + + meta = with stdenv.lib; { + description = "Dark mode for every website. Take care of your eyes, use dark theme for night and daily browsing."; + homepage = https://github.com/darkreader/darkreader; + license = licenses.mit; + maintainers = []; + platforms = stdenv.lib.platforms.all; + }; +} diff --git a/jeschli/2configs/own-pkgs/font-fingerprint-defender/default.nix b/jeschli/2configs/own-pkgs/font-fingerprint-defender/default.nix new file mode 100644 index 000000000..26751beef --- /dev/null +++ b/jeschli/2configs/own-pkgs/font-fingerprint-defender/default.nix @@ -0,0 +1,40 @@ +{ stdenv, fetchurl, unzip, jq, zip }: + +stdenv.mkDerivation rec { + pname = "font-fingerprint-defender-${version}"; + version = "0.1.0"; + + extid = "@font-fingerprint-defender"; + signed = false; + + src = fetchurl { + url = "https://addons.mozilla.org/firefox/downloads/file/3387637/font_fingerprint_defender-${version}-an+fx.xpi"; + sha256 = "1aidkvisnx6qd7hn2x756rvzmbnaz6laqbwq0j5yd86g1kc56dr0"; + }; + + phases = [ "buildPhase" ]; + + buildInputs = [ zip unzip jq ]; + + buildPhase = '' + mkdir -p $out/${extid} + unzip ${src} -d $out/${extid} + NEW_MANIFEST=$(jq '. + {"applications": { "gecko": { "id": "${extid}" }}}' $out/${extid}/manifest.json) + echo "$NEW_MANIFEST" > $out/${extid}/manifest.json + cd $out/${extid} + zip -r -FS $out/${extid}.xpi * + rm -r $out/${extid} + ''; + + meta = with stdenv.lib; { + description = "Font fingerprint defender firefox browser addon"; + homepage = https://mybrowseraddon.com/font-defender.html; + license = { + fullName = "Mozilla Public License Version 2.0"; + shortName = "moz2"; + spdxId = "mozilla-2.0"; + url = "https://www.mozilla.org/en-US/MPL/2.0/"; }; + maintainers = []; + platforms = stdenv.lib.platforms.all; + }; +} diff --git a/jeschli/2configs/own-pkgs/hopper/default.nix b/jeschli/2configs/own-pkgs/hopper/default.nix new file mode 100644 index 000000000..569fc6aaf --- /dev/null +++ b/jeschli/2configs/own-pkgs/hopper/default.nix @@ -0,0 +1,45 @@ +{ stdenv, fetchurl, pkgs, makeWrapper, lib }: + +stdenv.mkDerivation rec { + name = "${pname}-${version}"; + pname = "hopper"; + version = "4.5.16"; + rev = "v${lib.versions.major version}"; + + src = fetchurl { + url = "https://d2ap6ypl1xbe4k.cloudfront.net/Hopper-${rev}-${version}-Linux.pkg.tar.xz"; + sha256 = "0gjnn7f6ibfx46k4bbj8ra7k04s0mrpq7316brgzks6x5yd1m584"; + }; + + sourceRoot = "."; + + ldLibraryPath = with pkgs; stdenv.lib.makeLibraryPath [ +libbsd.out libffi.out gmpxx.out python27Full.out python27Packages.libxml2.out qt5.qtbase zlib xlibs.libX11.out xorg_sys_opengl.out xlibs.libXrender.out gcc-unwrapped.lib + ]; + + nativeBuildInputs = [ makeWrapper ]; + + installPhase = '' + mkdir -p $out/bin + mkdir -p $out/lib + mkdir -p $out/share + cp $sourceRoot/opt/hopper-${rev}/bin/Hopper $out/bin/hopper + cp -r $sourceRoot/opt/hopper-${rev}/lib $out + cp -r $sourceRoot/usr/share $out/share + patchelf \ + --set-interpreter ${stdenv.glibc}/lib/ld-linux-x86-64.so.2 \ + $out/bin/hopper + # Details: https://nixos.wiki/wiki/Qt + wrapProgram $out/bin/hopper \ + --suffix LD_LIBRARY_PATH : ${ldLibraryPath} \ + --suffix QT_PLUGIN_PATH : ${pkgs.qt5.qtbase}/lib/qt-${pkgs.qt5.qtbase.qtCompatVersion}/plugins + ''; + + meta = { + homepage = "https://www.hopperapp.com/index.html"; + description = "A macOS and Linux Disassembler"; + license = stdenv.lib.licenses.unfree; + maintainers = [ stdenv.lib.maintainers.luis ]; + platforms = stdenv.lib.platforms.linux; + }; +} diff --git a/jeschli/2configs/own-pkgs/https-everywhere/default.nix b/jeschli/2configs/own-pkgs/https-everywhere/default.nix new file mode 100644 index 000000000..66fede43c --- /dev/null +++ b/jeschli/2configs/own-pkgs/https-everywhere/default.nix @@ -0,0 +1,29 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + pname = "https-everywhere-${version}"; + version = "2019.6.27"; + + extid = "https-everywhere@eff.org"; + signed = true; + + src = fetchurl { + url = "https://addons.mozilla.org/firefox/downloads/file/3060290/https_everywhere-${version}-an+fx.xpi"; + sha256 = "0743lhn9phn7n6c0886h9ddn1n8vhzbl0vrw177zs43995aj3frp"; + }; + + phases = [ "installPhase" ]; + + installPhase = '' + install -D ${src} "$out/${extid}.xpi" + + ''; + + meta = { + description = "Https everywhere browser addon"; + homepage = https://www.eff.org/https-everywhere; + license = stdenv.lib.licenses.gpl2Plus; + maintainers = []; + platforms = stdenv.lib.platforms.all; + }; +} diff --git a/jeschli/2configs/own-pkgs/pyocclient/default.nix b/jeschli/2configs/own-pkgs/pyocclient/default.nix new file mode 100644 index 000000000..cd91f6171 --- /dev/null +++ b/jeschli/2configs/own-pkgs/pyocclient/default.nix @@ -0,0 +1,26 @@ +{ lib, python37Packages }: + +python37Packages.buildPythonPackage rec { + pname = "pyocclient"; + version = "0.4"; + + src = python37Packages.fetchPypi { + inherit pname version; + sha256 = "19k3slrk2idixsdw61in9a3jxglvkigkn5kvwl37lj8hrwr4yq6q"; + }; + + doCheck = false; + + propagatedBuildInputs = with python37Packages; [ + requests + six + ]; + + meta = with lib; { + homepage = https://github.com/owncloud/pyocclient/; + description = "Nextcloud / Owncloud library for python"; + license = licenses.mit; + maintainers = with maintainers; [ ]; + }; + +} diff --git a/jeschli/2configs/own-pkgs/rmount/default.nix b/jeschli/2configs/own-pkgs/rmount/default.nix new file mode 100644 index 000000000..22631f420 --- /dev/null +++ b/jeschli/2configs/own-pkgs/rmount/default.nix @@ -0,0 +1,34 @@ +{ stdenv, fetchgit, makeWrapper, lib, pkgs ? import {} }: +with pkgs; + +stdenv.mkDerivation rec { + name = "rmount-${version}"; + version = "1.0.1"; + rev = "v${version}"; + + src = fetchgit { + rev = "9df124780d2e66f01c70afaecf92090669c5ffb6"; + url = "https://github.com/Luis-Hebendanz/rmount"; + sha256 = "0ydb6sspfnfa3y6gg1r8sk4r58il6636lpqwb2rw7dzmb4b8hpd2"; + }; + + buildInputs = [ stdenv makeWrapper ]; + + installPhase = '' + mkdir -p $out/bin + mkdir -p $out/share/man/man1 + cp ${src}/rmount.man $out/share/man/man1/rmount.1 + cp ${src}/rmount.bash $out/bin/rmount-noenv + cp ${src}/config.json $out/share/config.json + chmod +x $out/bin/rmount-noenv + + makeWrapper $out/bin/rmount-noenv $out/bin/rmount \ + --prefix PATH : ${lib.makeBinPath [ nmap jq cifs-utils sshfs ]} + ''; + + meta = { + homepage = "https://github.com/Luis-Hebendanz/rmount"; + description = "Remote mount utility which parses a json file"; + license = stdenv.lib.licenses.mit; + }; +} diff --git a/jeschli/2configs/own-pkgs/ublock-origin/default.nix b/jeschli/2configs/own-pkgs/ublock-origin/default.nix new file mode 100644 index 000000000..45465d482 --- /dev/null +++ b/jeschli/2configs/own-pkgs/ublock-origin/default.nix @@ -0,0 +1,28 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + pname = "ublock-origin-${version}"; + version = "1.21.2"; + + extid = "uBlock0@raymondhill.net"; + signed = true; + + src = fetchurl { + url = "https://addons.mozilla.org/firefox/downloads/file/3361355/ublock_origin-${version}-an+fx.xpi"; + sha256 = "0ypdq3z61mrymknl37qlq6379bx9f2fsgbgr0czbhqs9f2vwszkc"; + }; + + phases = [ "installPhase" ]; + + installPhase = '' + install -D ${src} "$out/${extid}.xpi" + ''; + + meta = with stdenv.lib; { + description = "ublock origin firefox browser addon"; + homepage = https://github.com/gorhill/uBlock; + license = licenses.gnu3; + maintainers = []; + platforms = stdenv.lib.platforms.all; + }; +} diff --git a/jeschli/2configs/own-pkgs/user-agent-switcher/default.nix b/jeschli/2configs/own-pkgs/user-agent-switcher/default.nix new file mode 100644 index 000000000..c96f11129 --- /dev/null +++ b/jeschli/2configs/own-pkgs/user-agent-switcher/default.nix @@ -0,0 +1,40 @@ +{ stdenv, fetchurl, unzip, jq, zip }: + +stdenv.mkDerivation rec { + pname = "user-agent-switcher-${version}"; + version = "0.3.2"; + + extid = "@user-agent-switcher"; + signed = false; + + src = fetchurl { + url = "https://addons.mozilla.org/firefox/downloads/file/3370255/user_agent_switcher_and_manager-${version}-an+fx.xpi"; + sha256 = "0lrw1xf6fsxr47bifkayfxpysv8s2p9ghmbmw2s7ymhrgy42i6v5"; + }; + + phases = [ "buildPhase" ]; + + buildInputs = [ zip unzip jq ]; + + buildPhase = '' + mkdir -p $out/${extid} + unzip ${src} -d $out/${extid} + NEW_MANIFEST=$(jq '. + {"applications": { "gecko": { "id": "${extid}" }}}' $out/${extid}/manifest.json) + echo "$NEW_MANIFEST" > $out/${extid}/manifest.json + cd $out/${extid} + zip -r -FS $out/${extid}.xpi * + rm -r $out/${extid} + ''; + + meta = with stdenv.lib; { + description = "User agent switcher"; + homepage = https://add0n.com/useragent-switcher.html; + license = { + fullName = "Mozilla Public License Version 2.0"; + shortName = "moz2"; + spdxId = "mozilla-2.0"; + url = "https://www.mozilla.org/en-US/MPL/2.0/"; }; + maintainers = []; + platforms = stdenv.lib.platforms.all; + }; +} diff --git a/jeschli/2configs/own-pkgs/webgl-fingerprint-defender/default.nix b/jeschli/2configs/own-pkgs/webgl-fingerprint-defender/default.nix new file mode 100644 index 000000000..4e608d182 --- /dev/null +++ b/jeschli/2configs/own-pkgs/webgl-fingerprint-defender/default.nix @@ -0,0 +1,40 @@ +{ stdenv, fetchurl, unzip, jq, zip }: + +stdenv.mkDerivation rec { + pname = "webgl-fingerprint-defender-${version}"; + version = "0.1.2"; + + extid = "@webgl-fingerprint-defender"; + signed = false; + + src = fetchurl { + url = "https://addons.mozilla.org/firefox/downloads/file/3362869/webgl_fingerprint_defender-${version}-an+fx.xpi"; + sha256 = "06hfr5hxr4qw0jx6i9fi9gdk5211z08brnvqj2jlmpyc3dwl4pif"; + }; + + phases = [ "buildPhase" ]; + + buildInputs = [ zip unzip jq ]; + + buildPhase = '' + mkdir -p $out/${extid} + unzip ${src} -d $out/${extid} + NEW_MANIFEST=$(jq '. + {"applications": { "gecko": { "id": "${extid}" }}}' $out/${extid}/manifest.json) + echo "$NEW_MANIFEST" > $out/${extid}/manifest.json + cd $out/${extid} + zip -r -FS $out/${extid}.xpi * + rm -r $out/${extid} + ''; + + meta = with stdenv.lib; { + description = "Canvas defender firefox browser addon"; + homepage = https://mybrowseraddon.com/webgl-defender.html; + license = { + fullName = "Mozilla Public License Version 2.0"; + shortName = "moz2"; + spdxId = "mozilla-2.0"; + url = "https://www.mozilla.org/en-US/MPL/2.0/"; }; + maintainers = []; + platforms = stdenv.lib.platforms.all; + }; +} diff --git a/jeschli/2configs/own-pkgs/wl-clipboard/default.nix b/jeschli/2configs/own-pkgs/wl-clipboard/default.nix new file mode 100644 index 000000000..349d910da --- /dev/null +++ b/jeschli/2configs/own-pkgs/wl-clipboard/default.nix @@ -0,0 +1,25 @@ +{ stdenv, fetchFromGitHub, meson, ninja, pkgconfig +, wayland, wayland-protocols }: + +stdenv.mkDerivation rec { + pname = "wl-clipboard"; + version = "2.0.0"; + + src = fetchFromGitHub { + owner = "bugaevc"; + repo = "wl-clipboard"; + rev = "v${version}"; + sha256 = "0c4w87ipsw09aii34szj9p0xfy0m00wyjpll0gb0aqmwa60p0c5d"; + }; + + nativeBuildInputs = [ meson ninja pkgconfig wayland-protocols ]; + buildInputs = [ wayland ]; + + meta = with stdenv.lib; { + description = "Command-line copy/paste utilities for Wayland"; + homepage = https://github.com/bugaevc/wl-clipboard; + license = licenses.gpl3; + maintainers = with maintainers; [ dywedir ]; + platforms = platforms.linux; + }; +} diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index e47c43fe1..e87b7bb99 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -117,10 +117,6 @@ in fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; }; - swapDevices = [ - { device = "/dev/disk/by-label/swap"; } - ]; - users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users."0x4A6F".pubkey config.krebs.users.ulrich.pubkey diff --git a/krebs/2configs/shack/muell_mail.nix b/krebs/2configs/shack/muell_mail.nix index 5ae80d780..409278954 100644 --- a/krebs/2configs/shack/muell_mail.nix +++ b/krebs/2configs/shack/muell_mail.nix @@ -4,8 +4,8 @@ let pkg = pkgs.callPackage ( pkgs.fetchgit { url = "https://git.shackspace.de/rz/muell_mail"; - rev = "861ec25ab22797d8961efb32e72d79e113aa9f0f"; - sha256 = "sha256:18cw95zbr7isv4cw80cbpd84n5z208fwh5390i6j10jkn398mjq2"; + rev = "57b67c95052d90044137b2c89007a371dc389afd"; + sha256 = "1grkzs6fxjnc2bv4kskj63d5sb4qxz6yyr85nj0da9hn7qkk4jkj"; }) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; }; home = "/var/lib/muell_mail"; cfg = toString ; diff --git a/krebs/2configs/shack/muellshack.nix b/krebs/2configs/shack/muellshack.nix index 9168c9ba7..c1c957da3 100644 --- a/krebs/2configs/shack/muellshack.nix +++ b/krebs/2configs/shack/muellshack.nix @@ -4,9 +4,9 @@ let pkg = pkgs.callPackage ( pkgs.fetchgit { url = "https://git.shackspace.de/rz/muellshack"; - rev = "d8a5e2d4c0a22804838675ac42b468299dcd9a76"; - sha256 = "0ff6q64dgdxmpszp94z100fdic175b1vvxn4crg8p0jcabzxsv0m"; - }) {}; + rev = "4601f59787de090c83be6dbae6ca72d7fc84ab9f"; + sha256 = "1cshbd6ipvynbm3gmnsm58ccc1m5xc87cpd3b6jx0s6pr2j19g9j"; + }) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; }; home = "/var/lib/muellshack"; port = "8081"; in { diff --git a/krebs/2configs/shack/node-light.nix b/krebs/2configs/shack/node-light.nix index 8cf0007b8..38cb3b55d 100644 --- a/krebs/2configs/shack/node-light.nix +++ b/krebs/2configs/shack/node-light.nix @@ -4,9 +4,9 @@ let pkg = pkgs.callPackage ( pkgs.fetchgit { url = "https://git.shackspace.de/rz/node-light.git"; - rev = "a32c782650c4cc0adf51250fe249167d7246c59b"; - sha256 = "0clvcp1m2ay0a9ibh7s21q7d9a6nam3497bysvc6mdygblks22qy"; - }) {}; + rev = "32d8064db5172b8068f633211c8bd5688b2c8773"; + sha256 = "14jzhs7pp3hq42wq3cwqarivn1z7vcgksfzfqfc4yyh21096yi1j"; + }) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; }; home = "/var/lib/node-light"; port = "8082"; in { diff --git a/krebs/2configs/shack/s3-power.nix b/krebs/2configs/shack/s3-power.nix index 40c42260f..f3ea67f79 100644 --- a/krebs/2configs/shack/s3-power.nix +++ b/krebs/2configs/shack/s3-power.nix @@ -4,9 +4,10 @@ let pkg = pkgs.callPackage ( pkgs.fetchgit { url = "https://git.shackspace.de/rz/s3-power"; - rev = "b2b87b56bb40d714dbbecd1285566870b256aec4"; - sha256 = "sha256:02wikwf3rgkkggwbwqisdvhlwd38w5pw011xhwvhnj114s3rynan"; - }) {}; + rev = "0687ab64"; + sha256 = "1m8h4bwykv24bbgr5v51mam4wsbp5424xcrawhs4izv563jjf130"; + }) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; }; + home = "/var/lib/s3-power"; cfg = toString ; in { diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix index 44176a341..b38b9cab4 100644 --- a/krebs/2configs/shack/worlddomination.nix +++ b/krebs/2configs/shack/worlddomination.nix @@ -65,7 +65,7 @@ let }; LinkHeader = pythonPackages.buildPythonPackage { name = "LinkHeader-0.4.3"; - src = pkgs.fetchurl { url = "https://pypi.python.org/packages/27/d4/eb1da743b2dc825e936ef1d9e04356b5701e3a9ea022c7aaffdf4f6b0594/LinkHeader-0.4.3.tar.gz"; sha256 = "7fbbc35c0ba3fbbc530571db7e1c886e7db3d718b29b345848ac9686f21b50c3"; }; + src = pkgs.fetchurl { url = "https://files.pythonhosted.org/packages/27/d4/eb1da743b2dc825e936ef1d9e04356b5701e3a9ea022c7aaffdf4f6b0594/LinkHeader-0.4.3.tar.gz"; sha256 = "7fbbc35c0ba3fbbc530571db7e1c886e7db3d718b29b345848ac9686f21b50c3"; }; propagatedBuildInputs = [ ]; meta = with pkgs.stdenv.lib; { homepage = ""; diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 1546cac62..247dae69c 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -354,6 +354,62 @@ in { }; }; }; + amy = { + owner = config.krebs.users.Mic92; + nets = rec { + retiolum = { + addrs = [ + config.krebs.hosts.donna.nets.retiolum.ip4.addr + config.krebs.hosts.donna.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.181"; + aliases = [ "amy.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAr3jQRA1+hLKYVgHJA2ax5W8J3GVMTnaGpYw9Q2xXXrX/jxLZ6Ia8 + hBjIcCBDVL5Q3FnyrKB9NJeeIvCOKg8WG+8O0+wKcePKd0Vhbsx4Whog/6PWs6qh + q2sURs2tp1hjHks4kZo2WtiYD7Ue9HHdV6FlUO6yuBV0bW2RzHdLPCDSGxnQVkBM + tSwAvMCZwvVBiv4m6RyMXqmpdbAPBzgJcmJS0FY+zGxpiwsR/AdoVvnzYyFMCVpG + iFl5+k9OGhUJq72MwAXzjW5ZdCPrG+2Dd+QBhhtIMJGA2sJiJteT8vdvpTNCiHJ/ + HnW7movliN2mW86qwo7QqB5v0c9f9TjfpOld7sS/4vE3zlGi/Stf6SQWaoXez/u3 + /P9GzupcYgj76m8Z3j7BMHXCBw8iwP2pZpL9hnLdIyCcyLrzXDIzq4hlt60DPhSU + klTDBUA/cUdSJGcSn2N+WHLOTfI6qeBNKqcTk70OQsa69jAJeAtA+I9OprNYOXqb + MmQakNNlrTaNtGQxfQqEL+wqHlo8CVDGm3O9pQSNF309P4TLNU1EYm+ItScNiVCE + DKhcgvE6xHCwZnVyJN8MMy1CVyDmnHVYoaTEZ2cCvNi/hXIXgO9KWjSpAv5tP764 + UkOE4dlDpEW6G1pNf84BERfRYGDj29A/Jk9LJC/6D09QJXNu18HR0sUCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + clara = { + owner = config.krebs.users.Mic92; + nets = rec { + retiolum = { + addrs = [ + config.krebs.hosts.donna.nets.retiolum.ip4.addr + config.krebs.hosts.donna.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.182"; + aliases = [ "clara.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA07G1n2sA804nnjWQzq0Fi9i6kxJUo+jVJjtkm5unw3hjflAAd/3d + WN+01GdJCk/gr7DfU/Xr5KnR39Z3ADoT1tbUb+i5AJZ5/8VHUwWM8D8mQAam6LBf + UEeLxhVH8rG6lHaKwVi9oe4gPhgptUOzX/YIlJOMYDlYRxc7Wbj7YQOAKlPuTAjY + Z5bLswfkqTMO0cioJNwwMCNWSMJf3jbKi3eTQ36sf7TDMEneNGSBUpeSjGddoNT/ + rrVIDDT8tGmtACKr+3Y0H+EA2K5IxdQKKfnPRR31RBWiTkEXBbaJzYO/ZV5/xlbN + wmblskwq9d9IwDY7qeMctci+ZUZ3epG8MUwYa4faOrgmmkQpa5B+6UOMzw/WDJEc + jTfvSzfPo4anoj8C+MOQYzRvYmp60YEZKomv2BQdBvpGIpUul8WAR2aV0K+wz66e + mUamljAXmLiPxgGKduX5VFVuXzYxeMiBBujQCLTjc+xTB2EdwihxNX1rkxz10BDc + WrgPV+/VVyThKhOvVCifWARHtT2VGcZazfQOW/y3ZmEPOYuc5ZvrSEiMeG3f64+v + UU8cQZ3yBLIhTtC+38pRlsdBQHt526q0j0rrnd30JXVAUdWBunP2UJ5QGtA8/mWn + cWSlvRf5sfbyrISz6+mLPM2qGHnCkKwORNxmv/1DY07O3Rn6hX0OY4ECAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; inspector = { owner = config.krebs.users.Mic92; nets = rec { diff --git a/krebs/3modules/external/palo.nix b/krebs/3modules/external/palo.nix index e81dd9b58..aea1792f4 100644 --- a/krebs/3modules/external/palo.nix +++ b/krebs/3modules/external/palo.nix @@ -78,7 +78,7 @@ in { }; users = { palo = { - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBYNJVuyyZmc2pCkLWjhl0/hMMb7elmI81/9LAGtk8Tz4TmVderTMohwQkaTYznwPOPuKfU1sSMLCB8rYXdAO5nqWC4bGjXJ/+D8/UKfGjSqRQ7UkfpOF3NAm+pqUSFjaVXi1BWd+jxmsD0uRks0PyNSywZfgjn5LYpD3SpxyFy/17P/PJ9vX6PELjeYvNGH3l5cXDwYky3ZZJol7quBJ5yrA6I536A4wNDzg2ow+MRVu51/nIJdnbbsC/dDHgmdRWnStOzvsA+xSEMeKvLW3CaSPINr/bMGxOPrefr79bg59gkw9Wxp51fkx0o18N1liTRfWXau+GFNGMxFluELhfGXYOH9HLedLt8H38zs5vgJ9IY+tlOzMKud5njiNkuG503AiqY2H7coN7VeVA5+6L7tmwFbCMhPal4MS0VKHNBmCTDY5QMURYUajKiUh8n5IcbuTsPM+lEszm16g5iB+XQ1vpjza5ds6DRL1H6pUF/UpUzYUlqh2RnE+CyLsFO2MB/o72NoSWRfmn7/nsg6eEg/9kSn+dwj2ythjuEkMG28Yhm/XjaGnuAE/ZpIeRDozIQNGcHpzPHMd95olfNJW7+fLi+CvSFZa9l+tdS8PoRnCdHOsO4zvESJZ2rDn0Zt0Az6XNRJfYTABDlYPGCnWN4vmlnEJqQARSSiKBDhSgPw== palo@workout"; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw=="; }; }; } diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix index c6a4b40eb..75d7eda6e 100644 --- a/krebs/3modules/jeschli/default.nix +++ b/krebs/3modules/jeschli/default.nix @@ -137,19 +137,20 @@ in { "reagenzglas.r" ]; tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAon6oMki2GuJah9c1jNj0CupIPNo765AxtpSkut1PvoydAVYWZMO0 - /UQgrvoDQPq3VQU98LHhtQVjmfmcxmxIK3mWoM356P9TGsheOspTcVP4HCMoWZoF - QpgpQs1RNuG/nAAcoVHnTqFeFt6oWsykESIWj5jFV5XA+KanyLFThi8aWPumJgOV - W0AR4+0eECMjBXCV0yRaug4cnFKwLtTQ993AP6Di+5iyh8H39wuASUA/USfMItyX - KEPCT1LPVu2JKsLE/aQEqX1ra3qVJ+SzSPKvOJGKNjcN0e84TuqGrh6cmEDcT/hd - MNZisdPvWA8UwXZfsT/TOGyd8MBqgGxWS6JSFHXy9enyjvS+rws8U0IySlnAIEoi - mXi0leXXDHSQBUnLgDwx4yAJ2R63bUr0pvVd9NBvS9CYHH3TETuwxtMsd3Djm1tu - 9/GxN78N+dTHCwOFw/RFOGKCDuM2v1P0f56SdcADqiziuVn+Sj/WPL7rM7qLkySv - jAqY7q5PUjcz/tltJUJwIHaV3sSB6+zOKhSPhGE5ASr4dYEnxiTSD2YE7fj3+WKK - ShG3cpjOwgW0/Ut88zIs7zQxfHj5ZML+Gh2E2LN5nb7StMBWafgvq58eTKbMCKbx - ev7cFjOOV86sCjqtt5LVSi7TPAtolnmLyxzM+s/eZoLYITh+Zo8UERMCAwEAAQ== - -----END RSA PUBLIC KEY----- + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwYLQr5m/x7Q6w8sL8QwI + GSEScP4V1Eun77mpV5ygk8FBV7S7Cj64QaEntM4NPNMS8DOs3qDkXQbC5yQQhVdG + rL191UK7B1VxprsyVDY5wj2bR96vOX9KadYSpk2lEaB2yyA8Xt2t4VrhcDOIk3k+ + COMIbeqFd4rs5B2kV8p1KIFScng0x7uDhEvpn8zTakbtXWzcqirzBzqLTt9GqHE9 + wXAca7iYCabhp6tzrOF7ifkRXgFy9+RPjUb8cqOyYL0k4zRSqNRDUQaySgUHRUwo + EzE/piLnBQHX/7tc9PdNPHizL62HeLOCnsKB+MoaJqsey6KPhxVDwYw3dJ/C3pCS + wFMUlt6D/5LxPL2yXJRRGb+I/hLnKGzbfB7Hz4Mh2PW2NMtdK0NMouDdH1VRnx68 + QdL0MetHECz+TjpZIrn0Y2OCizDDGiKDndafQi4VPnWGulYUHtpIIMHkAS6xCHHn + 5Rfe1LRxNXVSfqcQEYbjf+PNmwUw8etzBwYzB6zFFnQhw+6kWBPqnB38NkQ0Fzhc + h7isl2iq9aotObk9p53gj1i8eaSCeq6C5sFM9Bs3d00HfCLNTCNMqYZynmapo+3Q + 0P6oX3YWzM2oUiknWKKOVyDUwCJolwlAeNOvlwCDzsiAAAB7INYBnJCIIPPcoE/q + iddgcSx6Poq15h8H5tr439kCAwEAAQ== + -----END PUBLIC KEY----- ''; }; }; diff --git a/krebs/3modules/reaktor2.nix b/krebs/3modules/reaktor2.nix index 9ab207d88..837a9bea7 100644 --- a/krebs/3modules/reaktor2.nix +++ b/krebs/3modules/reaktor2.nix @@ -53,6 +53,9 @@ with import ; systemd.services = flip mapAttrs' config.krebs.reaktor2 (_: cfg: nameValuePair cfg.systemd-service-name { after = [ "network.target" ]; + environment = { + LC_ALL = "en_US.UTF-8"; + }; wantedBy = [ "multi-user.target" ]; serviceConfig = { User = cfg.username; diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix index d59569317..1f88a49e1 100644 --- a/krebs/3modules/rtorrent.nix +++ b/krebs/3modules/rtorrent.nix @@ -8,7 +8,7 @@ let nginx-user = config.services.nginx.user; nginx-group = config.services.nginx.group; - fpm-socket = "/var/run/php5-fpm-rutorrent.sock"; + fpm-socket = config.services.phpfpm.pools.rutorrent.socket; webdir = rucfg.webdir; systemd-logfile = cfg.workDir + "/rtorrent-systemd.log"; @@ -332,12 +332,11 @@ let rutorrent-imp = { services.phpfpm = { - # phpfpm does not have an enable option pools.rutorrent = { user = nginx-user; group = nginx-group; - listen = fpm-socket; settings = { + "listen.owner" = nginx-user; "pm" = "dynamic"; "pm.max_children" = 5; "pm.start_servers" = 2; diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 5f8f0c771..a772c83a2 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "d484f2b7fc0834a068e8ace851faa449a03963f5", - "date": "2019-09-20T22:58:43+02:00", - "sha256": "0jk93ikryi2hqc30l2n5i4vlgmklrlzb8cf7b3sg1q3k70q344jn", + "rev": "471869c9185fb610e67940a701eb13b1cfb335a4", + "date": "2019-10-31T16:03:13+01:00", + "sha256": "1klbclz8n4b9k1kfwv806bqdavld1mg32l1vxsmnrqzr6zck1c54", "fetchSubmodules": false } diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 01230b439..fabd3691a 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "7952807791daf3c60c99f10f371f732d897e3de8", - "date": "2019-10-13T01:14:01+02:00", - "sha256": "1h9wg0arazbyj8xfgvfhzn2gw6ya8sgcxscy1n5j182b5xri1xdk", + "rev": "c75de8bc12cc7e713206199e5ca30b224e295041", + "date": "2019-10-27T17:40:06+01:00", + "sha256": "1awipcjfvs354spzj2la1nzmi9rh2ci2mdapzf4kkabf58ilra6x", "fetchSubmodules": false } diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 1477d6d8b..03ff42132 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -129,7 +129,6 @@ with import ; cac-api sshpass get - teamspeak_client hashPassword urban mk_sql_pair diff --git a/lass/1systems/uriel/physical.nix b/lass/1systems/uriel/physical.nix index 9ac3468a8..2d21f00d5 100644 --- a/lass/1systems/uriel/physical.nix +++ b/lass/1systems/uriel/physical.nix @@ -3,7 +3,7 @@ ./config.nix ]; - hardware.enableAllFirmware = true; + hardware.enableRedistributableFirmware = true; boot = { #kernelParams = [ # "acpi.brightness_switch_enabled=0" diff --git a/makefu/2configs/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix index d745d894a..e07e0ddf0 100644 --- a/makefu/2configs/bureautomation/default.nix +++ b/makefu/2configs/bureautomation/default.nix @@ -33,8 +33,7 @@ in { extraPackages = ps: with ps; [ pkgs.pico2wave python-forecastio jsonrpc-async jsonrpc-websocket mpd2 - (callPackage ./deps/gtts-token.nix { }) - (callPackage ./deps/pyhaversion.nix { }) + (callPackage ./deps/openwrt-luci-rpc.nix { }) ]; }; autoExtraComponents = true; @@ -47,8 +46,16 @@ in { elevation = 303; auth_providers = [ { type = "homeassistant";} - { type = "legacy_api_password";} + { type = "legacy_api_password"; + api_password = "sistemas"; + } { type = "trusted_networks"; + trusted_networks = [ + "127.0.0.1/32" + "192.168.8.0/24" + "::1/128" + "fd00::/8" + ]; # allow_bypass_login = true; } ]; @@ -119,7 +126,7 @@ in { aramark.binary_sensor; sensor = - [{ platform = "version"; }] ++ + # [{ platform = "version"; }] ++ # pyhaversion (import ./sensor/pollen.nix) ++ (import ./sensor/espeasy.nix) ++ (import ./sensor/airquality.nix) ++ @@ -140,20 +147,15 @@ in { http = { # TODO: https://github.com/home-assistant/home-assistant/issues/16149 base_url = "http://192.168.8.11:8123"; - api_password = "sistemas"; - trusted_networks = [ - "127.0.0.1/32" - "192.168.8.0/24" - "::1/128" - "fd00::/8" - ]; }; conversation = {}; history = {}; logbook = {}; tts = [ - { platform = "google"; + { platform = "google_translate"; language = "de"; + time_memory = 57600; + service_name = "google_say"; } { platform = "voicerss"; api_key = builtins.readFile ; diff --git a/makefu/2configs/bureautomation/deps/gtts-token.nix b/makefu/2configs/bureautomation/deps/gtts-token.nix deleted file mode 100644 index 69640f03d..000000000 --- a/makefu/2configs/bureautomation/deps/gtts-token.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ lib -, buildPythonPackage -, fetchPypi -, requests -}: - -buildPythonPackage rec { - pname = "gtts-token"; - version = "1.1.3"; - - src = fetchPypi { - pname = "gTTS-token"; - inherit version; - sha256 = "9d6819a85b813f235397ef931ad4b680f03d843c9b2a9e74dd95175a4bc012c5"; - }; - - propagatedBuildInputs = [ - requests - ]; - - meta = with lib; { - description = "Calculates a token to run the Google Translate text to speech"; - homepage = https://github.com/boudewijn26/gTTS-token; - license = licenses.mit; - # maintainers = [ maintainers. ]; - }; -} diff --git a/makefu/2configs/bureautomation/deps/openwrt-luci-rpc.nix b/makefu/2configs/bureautomation/deps/openwrt-luci-rpc.nix new file mode 100644 index 000000000..4eceeb146 --- /dev/null +++ b/makefu/2configs/bureautomation/deps/openwrt-luci-rpc.nix @@ -0,0 +1,34 @@ +{ lib +, buildPythonPackage +, fetchPypi +, click +, requests +, packaging +}: + +buildPythonPackage rec { + pname = "openwrt-luci-rpc"; + version = "1.1.2"; + + src = fetchPypi { + inherit pname version; + sha256 = "174a1f6c0bb2a2ed76e5299d14e2be05c612e8bcd4c15b9a9aedee1ef8e18b90"; + }; + + patchPhase = '' + sed -i -e "s/requests==2.21.0/requests/" -e "s/packaging==19.1/packaging/" setup.py + ''; + + propagatedBuildInputs = [ + click + requests + packaging + ]; + + meta = with lib; { + description = "Module for interacting with OpenWrt Luci RPC interface"; + homepage = https://github.com/fbradyirl/openwrt-luci-rpc; + license = licenses.asl20; + maintainers = [ maintainers.makefu ]; + }; +} diff --git a/makefu/2configs/bureautomation/deps/pyhaversion.nix b/makefu/2configs/bureautomation/deps/pyhaversion.nix deleted file mode 100644 index a75c6a976..000000000 --- a/makefu/2configs/bureautomation/deps/pyhaversion.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ lib -, buildPythonPackage -, fetchpatch -, fetchPypi -, aiohttp -, async-timeout -}: - -buildPythonPackage rec { - pname = "pyhaversion"; - version = "2.2.1"; - - src = fetchPypi { - inherit pname version; - sha256 = "72b65aa25d7b2dbb839a4d0218df2005c2335e93526035904d365bb668030b9f"; - }; - patches = [ - (fetchpatch { url = "https://github.com/makefu/pyhaversion/commit/f3bdc38970272cd345c2cfbde3037ea492ca27c4.patch"; - sha256 = - "1rhq4z7mdgnwhwpf5fmarnbc1ba3qysk1wqjdr0hvbzi8vmvbfcc";}) - ]; - doCheck = false; - propagatedBuildInputs = [ - aiohttp - async-timeout - ]; - - meta = with lib; { - description = ""; - homepage = https://github.com/ludeeus/pyhaversion; - # maintainers = [ maintainers. ]; - }; -} diff --git a/makefu/2configs/bureautomation/device_tracker/openwrt.nix b/makefu/2configs/bureautomation/device_tracker/openwrt.nix index d32eab60f..5de216474 100644 --- a/makefu/2configs/bureautomation/device_tracker/openwrt.nix +++ b/makefu/2configs/bureautomation/device_tracker/openwrt.nix @@ -3,7 +3,6 @@ [ { platform = "luci"; - name = "router"; host = "192.168.8.1"; username = "root"; password = import ; diff --git a/makefu/2configs/bureautomation/light/statuslight.nix b/makefu/2configs/bureautomation/light/statuslight.nix index 31f52f492..c9d301758 100644 --- a/makefu/2configs/bureautomation/light/statuslight.nix +++ b/makefu/2configs/bureautomation/light/statuslight.nix @@ -24,13 +24,13 @@ let brightness_command_topic = "/bam/${topic}/cmnd/Dimmer"; brightness_scale = 100; # color - rgb_state_topic = "/bam/${topic}/stat/Color"; + rgb_state_topic = "/bam/${topic}/stat/RESULT"; rgb_command_topic = "/bam/${topic}/cmnd/Color2"; - rgb_command_mode = "hex"; - rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}"; + rgb_value_template = "{{(value_json.Channel[0]*2.55)|int}},{{(value_json.Channel[1]*2.55)|int}},{{(value_json.Channel[2]*2.55)|int}}"; + # effects effect_state_topic = "/bam/${topic}/tele/STATE"; - effects_value_template = "{{value_json.Scheme|default(0)}}"; + effect_value_template = "{{value_json.Scheme|default(0)}}"; effect_command_topic = "/bam/${topic}/cmnd/Scheme"; effect_list = [ 0 # single color for LED light diff --git a/makefu/2configs/bureautomation/person/team.nix b/makefu/2configs/bureautomation/person/team.nix index e18c42194..fc2d9ba17 100644 --- a/makefu/2configs/bureautomation/person/team.nix +++ b/makefu/2configs/bureautomation/person/team.nix @@ -3,7 +3,7 @@ id = 1; device_trackers = [ "device_tracker.thorsten_phone" - "device_tracker.thorsten_arbeitphone" + #"device_tracker.thorsten_arbeitphone" ]; } { name = "Felix"; @@ -26,4 +26,40 @@ "device_tracker.daniel_phone" ]; } + { name = "Thierry"; + id = 5; + device_trackers = [ + "device_tracker.thierry_phone" + ]; + } + { name = "Frank"; + id = 6; + device_trackers = [ + "device_tracker.frank_phone" + ]; + } + { name = "Carsten"; + id = 7; + device_trackers = [ + "device_tracker.carsten_phone" + ]; + } + { name = "Emeka"; + id = 8; + device_trackers = [ + "device_tracker.emeka_phone" + ]; + } + #{ name = "Sabine"; + # id = 9; + # device_trackers = [ + # "device_tracker.sabine_phone" + # ]; + #} + { name = "Tobias"; + id = 10; + device_trackers = [ + "device_tracker.tobias_phone" + ]; + } ] diff --git a/makefu/2configs/bureautomation/sensor/outside.nix b/makefu/2configs/bureautomation/sensor/outside.nix index 7dbc192a4..596473f17 100644 --- a/makefu/2configs/bureautomation/sensor/outside.nix +++ b/makefu/2configs/bureautomation/sensor/outside.nix @@ -15,7 +15,7 @@ "uv_index" ]; units = "si" ; - update_interval = { days = 0; hours = 0; minutes = 30; seconds = 0; }; + scan_interval = "00:30:00"; } { platform = "luftdaten"; name = "Ditzingen"; diff --git a/makefu/2configs/bureautomation/sensor/pollen.nix b/makefu/2configs/bureautomation/sensor/pollen.nix index 506dbf123..8ddb49e58 100644 --- a/makefu/2configs/bureautomation/sensor/pollen.nix +++ b/makefu/2configs/bureautomation/sensor/pollen.nix @@ -1,6 +1,6 @@ [ { platform = "dwd_pollen"; - partsregion_ids = [ + partregion_ids = [ 112 ]; } diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index 59dfa3203..ed3155efc 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -127,6 +127,7 @@ let group = "nginx"; listen = socket; settings = { + "listen.owner" = "nginx"; "pm" = "dynamic"; "pm.max_children" = 32; "pm.max_requests" = 500; diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix index a6766eeec..2f44d8cc1 100644 --- a/makefu/2configs/nginx/euer.wiki.nix +++ b/makefu/2configs/nginx/euer.wiki.nix @@ -27,6 +27,7 @@ in { inherit user group; listen = fpm-socket; settings = { + "listen.owner" = user; "pm" = "dynamic"; "pm.max_children" = 5; "pm.start_servers" = 2; diff --git a/makefu/5pkgs/_4nxci/default.nix b/makefu/5pkgs/_4nxci/default.nix index dafa37ff6..47c02aca4 100644 --- a/makefu/5pkgs/_4nxci/default.nix +++ b/makefu/5pkgs/_4nxci/default.nix @@ -1,11 +1,11 @@ { stdenv, lib, fetchFromGitHub, mbedtls, python2, perl }: let - version = "1.35"; + version = "4.03"; src = fetchFromGitHub { owner = "The-4n"; repo = "4NXCI"; rev = "v${version}"; - sha256 = "0yq0irxzi4wi71ajw8ld01zfpkrgknpq7g3m76pbnwmdzkm7dra6"; + sha256 = "0n49sqv6s8cj2dw1dbcyskfc2zr92p27f1bdd6jqfbawv0fqr1wf"; }; mymbedtls = stdenv.mkDerivation {