Merge remote-tracking branch 'lass/master'
This commit is contained in:
commit
ed065e8add
@ -29,6 +29,7 @@ in
|
|||||||
{
|
{
|
||||||
services.gollum = {
|
services.gollum = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
address = "::1";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
Gollum::Hook.register(:post_commit, :hook_id) do |committer, sha1|
|
Gollum::Hook.register(:post_commit, :hook_id) do |committer, sha1|
|
||||||
system('${pushCgit}')
|
system('${pushCgit}')
|
||||||
@ -45,14 +46,15 @@ in
|
|||||||
virtualHosts."wiki.r" = {
|
virtualHosts."wiki.r" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
addSSL = true;
|
addSSL = true;
|
||||||
locations."/".extraConfig = ''
|
locations."/" = {
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxyPass = "http://[::1]:${toString config.services.gollum.port}";
|
||||||
proxy_set_header Connection "upgrade";
|
proxyWebsockets = true;
|
||||||
|
extraConfig = ''
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_pass http://127.0.0.1:${toString config.services.gollum.port};
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
|
||||||
krebs.git = {
|
krebs.git = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -108,8 +108,21 @@ let
|
|||||||
# create a ShellCommand for each stage and add them to the build
|
# create a ShellCommand for each stage and add them to the build
|
||||||
stages = self.extract_stages(self.observer.getStdout())
|
stages = self.extract_stages(self.observer.getStdout())
|
||||||
self.build.addStepsAfterCurrentStep([
|
self.build.addStepsAfterCurrentStep([
|
||||||
steps.ShellCommand(name=stage, command=[stages[stage]])
|
steps.ShellCommand(
|
||||||
for stage in stages
|
name=stage,
|
||||||
|
env=dict(
|
||||||
|
build_name = stage,
|
||||||
|
build_script = stages[stage],
|
||||||
|
),
|
||||||
|
command="${pkgs.writeDash "build.sh" ''
|
||||||
|
set -xefu
|
||||||
|
profile=${shell.escape profileRoot}/$build_name
|
||||||
|
result=$("$build_script")
|
||||||
|
if [ -n "$result" ]; then
|
||||||
|
${pkgs.nix}/bin/nix-env -p "$profile" --set "$result"
|
||||||
|
fi
|
||||||
|
''}",
|
||||||
|
) for stage in stages
|
||||||
])
|
])
|
||||||
|
|
||||||
return result
|
return result
|
||||||
|
@ -23,6 +23,7 @@ pkgs.writers.writeDashBin "generate-intermediate-ca" ''
|
|||||||
|
|
||||||
${pkgs.step-cli}/bin/step certificate create "Krebs ACME CA" intermediate_ca.crt intermediate_ca.key \
|
${pkgs.step-cli}/bin/step certificate create "Krebs ACME CA" intermediate_ca.crt intermediate_ca.key \
|
||||||
--template "$TMPDIR/intermediate.tpl" \
|
--template "$TMPDIR/intermediate.tpl" \
|
||||||
|
--not-after 8760h \
|
||||||
--ca "$TMPDIR/krebs/ca.crt" \
|
--ca "$TMPDIR/krebs/ca.crt" \
|
||||||
--ca-key "$TMPDIR/krebs/ca.key" \
|
--ca-key "$TMPDIR/krebs/ca.key" \
|
||||||
--no-password --insecure
|
--no-password --insecure
|
||||||
|
@ -1,15 +1,15 @@
|
|||||||
-----BEGIN CERTIFICATE-----
|
-----BEGIN CERTIFICATE-----
|
||||||
MIICWzCCAcSgAwIBAgIQVavHn7XtM7NJ8bnph6hGoTANBgkqhkiG9w0BAQsFADCB
|
MIICWTCCAcKgAwIBAgIQbAfVX2J0VIzhEYSPVAB4SzANBgkqhkiG9w0BAQsFADCB
|
||||||
gTELMAkGA1UEBhMCWloxEjAQBgNVBAgMCXN0YXRlbGVzczEQMA4GA1UECgwHS3Jl
|
gTELMAkGA1UEBhMCWloxEjAQBgNVBAgMCXN0YXRlbGVzczEQMA4GA1UECgwHS3Jl
|
||||||
YnNjbzELMAkGA1UECwwCS00xFjAUBgNVBAMMDUtyZWJzIFJvb3QgQ0ExJzAlBgkq
|
YnNjbzELMAkGA1UECwwCS00xFjAUBgNVBAMMDUtyZWJzIFJvb3QgQ0ExJzAlBgkq
|
||||||
hkiG9w0BCQEWGHJvb3QtY2FAc3ludGF4LWZlaGxlci5kZTAeFw0yMTEyMDgxNTU5
|
hkiG9w0BCQEWGHJvb3QtY2FAc3ludGF4LWZlaGxlci5kZTAeFw0yMTEyMTAwODQ5
|
||||||
MDRaFw0yMTEyMDkxNTU5MDRaMBoxGDAWBgNVBAMTD0tyZWJzIEFDTUUgQ0EgMTBZ
|
MDZaFw0yMjEyMTAwODQ5MDZaMBgxFjAUBgNVBAMTDUtyZWJzIEFDTUUgQ0EwWTAT
|
||||||
MBMGByqGSM49AgEGCCqGSM49AwEHA0IABDOK4g3pJPhOErk49zQgpNKE1cAyoeLp
|
BgcqhkjOPQIBBggqhkjOPQMBBwNCAATL8dNO7ajNe60Km7wHrG06tCUj5kQKWsrQ
|
||||||
PqWXkHZVLIVg8CBzPyCYiHS8RtaJ1kwWxwo5OTypCDOLxf1isR5HgZOjgYAwfjAO
|
Ay7KX8zO+RwQpYhd/i4bqpeGkGWh8uHLZ+164FlZaLgHO10DRja5o4GAMH4wDgYD
|
||||||
BgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUv758
|
VR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFMt9yJED
|
||||||
A4RPewsRtgjdB6AE1tn632swHwYDVR0jBBgwFoAUinqtNfqwMKe8gF8M5cGQaNxB
|
mPRhXsrNZ0x+GtzjdnTLMB8GA1UdIwQYMBaAFIp6rTX6sDCnvIBfDOXBkGjcQZUv
|
||||||
lS8wGAYDVR0eAQH/BA4wDKAKMAOCAXIwA4IBdzANBgkqhkiG9w0BAQsFAAOBgQAT
|
MBgGA1UdHgEB/wQOMAygCjADggFyMAOCAXcwDQYJKoZIhvcNAQELBQADgYEANo/2
|
||||||
ewOSGWGTCWcJFGSxgnt8/WspMERq1hL1PikwwVMp7wzJmbHcbA0Es4fcrE5Xf8vQ
|
teIuEsniwxVdqu+ukjqOXHIkBK7F91+G7BuDjBlx2U96v1MwsmT4D9upajERnOOD
|
||||||
dGenlvyQjkQNahbsyGBoja7bpWpnw9qofLQkns1AZWp7q7GBqyKm30keM/E/stjH
|
tLx990Sj4t3avRTpytt+qLeIMIxt62YksUXVjDWndqaDcEUat5ZVEQsZ0ZmjOHrA
|
||||||
YkgY4QaxlIL+6N0f4nKL3RSf6GQ1hWJOHf+RrboaMw==
|
BaB65eU0xhJWKAZdk55GqHEFz3Ym4rx7WUaomzk=
|
||||||
-----END CERTIFICATE-----
|
-----END CERTIFICATE-----
|
||||||
|
@ -83,8 +83,11 @@ with import <stockholm/lib>;
|
|||||||
|
|
||||||
programs.ssh.startAgent = false;
|
programs.ssh.startAgent = false;
|
||||||
|
|
||||||
security.wrappers = {
|
krebs.setuid = {
|
||||||
slock.source = "${pkgs.slock}/bin/slock";
|
slock = {
|
||||||
|
filename = "${pkgs.slock}/bin/slock";
|
||||||
|
mode = "4111";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
security.pam.loginLimits = [
|
security.pam.loginLimits = [
|
||||||
|
@ -5,6 +5,18 @@ with import <stockholm/lib>;
|
|||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
../smartd.nix
|
../smartd.nix
|
||||||
|
|
||||||
|
{
|
||||||
|
nix.buildCores = 2;
|
||||||
|
nix.maxJobs = 2;
|
||||||
|
}
|
||||||
|
(if lib.versionAtLeast (lib.versions.majorMinor lib.version) "21.11" then {
|
||||||
|
nix.daemonCPUSchedPolicy = "batch";
|
||||||
|
nix.daemonIOSchedPriority = 1;
|
||||||
|
} else {
|
||||||
|
nix.daemonIONiceLevel = 1;
|
||||||
|
nix.daemonNiceLevel = 1;
|
||||||
|
})
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.loader.grub = {
|
boot.loader.grub = {
|
||||||
@ -21,21 +33,10 @@ with import <stockholm/lib>;
|
|||||||
"wl"
|
"wl"
|
||||||
];
|
];
|
||||||
|
|
||||||
# broadcom_sta is marked as broken for 5.9+
|
|
||||||
# pkgs.linuxPackages_latest ist 5.9
|
|
||||||
boot.kernelPackages = pkgs.linuxPackages_5_8;
|
|
||||||
|
|
||||||
boot.extraModulePackages = [
|
boot.extraModulePackages = [
|
||||||
config.boot.kernelPackages.broadcom_sta
|
config.boot.kernelPackages.broadcom_sta
|
||||||
];
|
];
|
||||||
|
|
||||||
nix = {
|
|
||||||
buildCores = 2;
|
|
||||||
maxJobs = 2;
|
|
||||||
daemonIONiceLevel = 1;
|
|
||||||
daemonNiceLevel = 1;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.logind.extraConfig = ''
|
services.logind.extraConfig = ''
|
||||||
HandleHibernateKey=ignore
|
HandleHibernateKey=ignore
|
||||||
HandleLidSwitch=ignore
|
HandleLidSwitch=ignore
|
||||||
|
@ -1,8 +0,0 @@
|
|||||||
_:
|
|
||||||
{
|
|
||||||
imports = [ ./CAC.nix ];
|
|
||||||
nix = {
|
|
||||||
buildCores = 1;
|
|
||||||
maxJobs = 1;
|
|
||||||
};
|
|
||||||
}
|
|
@ -1,8 +0,0 @@
|
|||||||
_:
|
|
||||||
{
|
|
||||||
imports = [ ./CAC.nix ];
|
|
||||||
nix = {
|
|
||||||
buildCores = 2;
|
|
||||||
maxJobs = 2;
|
|
||||||
};
|
|
||||||
}
|
|
@ -1,13 +0,0 @@
|
|||||||
_:
|
|
||||||
{
|
|
||||||
boot.initrd.availableKernelModules = [
|
|
||||||
"ata_piix"
|
|
||||||
"vmw_pvscsi"
|
|
||||||
];
|
|
||||||
boot.loader.grub.splashImage = null;
|
|
||||||
nix = {
|
|
||||||
daemonIONiceLevel = 1;
|
|
||||||
daemonNiceLevel = 1;
|
|
||||||
};
|
|
||||||
sound.enable = false;
|
|
||||||
}
|
|
@ -1,7 +1,6 @@
|
|||||||
with import <stockholm/lib>;
|
{ pkgs, ... }: let
|
||||||
{ pkgs, ... }:
|
lib = import <stockholm/lib>;
|
||||||
|
in {
|
||||||
{
|
|
||||||
imports = [
|
imports = [
|
||||||
../smartd.nix
|
../smartd.nix
|
||||||
{
|
{
|
||||||
@ -16,6 +15,18 @@ with import <stockholm/lib>;
|
|||||||
# "nvidia-settings"
|
# "nvidia-settings"
|
||||||
#];
|
#];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
{
|
||||||
|
nix.buildCores = 4;
|
||||||
|
nix.maxJobs = 4;
|
||||||
|
}
|
||||||
|
(if lib.versionAtLeast (lib.versions.majorMinor lib.version) "21.11" then {
|
||||||
|
nix.daemonCPUSchedPolicy = "batch";
|
||||||
|
nix.daemonIOSchedPriority = 1;
|
||||||
|
} else {
|
||||||
|
nix.daemonIONiceLevel = 1;
|
||||||
|
nix.daemonNiceLevel = 1;
|
||||||
|
})
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.extraModprobeConfig = ''
|
boot.extraModprobeConfig = ''
|
||||||
@ -35,13 +46,6 @@ with import <stockholm/lib>;
|
|||||||
|
|
||||||
networking.wireless.enable = true;
|
networking.wireless.enable = true;
|
||||||
|
|
||||||
nix = {
|
|
||||||
buildCores = 4;
|
|
||||||
maxJobs = 4;
|
|
||||||
daemonIONiceLevel = 1;
|
|
||||||
daemonNiceLevel = 1;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.logind.extraConfig = ''
|
services.logind.extraConfig = ''
|
||||||
HandleHibernateKey=ignore
|
HandleHibernateKey=ignore
|
||||||
HandleLidSwitch=ignore
|
HandleLidSwitch=ignore
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
{ mkDerivation, aeson, base, bytestring, containers, directory
|
{ mkDerivation, aeson, base, bytestring, containers, directory
|
||||||
, extra, stdenv, template-haskell, th-env, unix, X11, xmonad
|
, extra, lib, template-haskell, th-env, unix, X11, xmonad
|
||||||
, xmonad-contrib, xmonad-stockholm
|
, xmonad-contrib, xmonad-stockholm
|
||||||
}:
|
}:
|
||||||
mkDerivation {
|
mkDerivation {
|
||||||
@ -12,5 +12,5 @@ mkDerivation {
|
|||||||
aeson base bytestring containers directory extra template-haskell
|
aeson base bytestring containers directory extra template-haskell
|
||||||
th-env unix X11 xmonad xmonad-contrib xmonad-stockholm
|
th-env unix X11 xmonad xmonad-contrib xmonad-stockholm
|
||||||
];
|
];
|
||||||
license = stdenv.lib.licenses.mit;
|
license = lib.licenses.mit;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user