Merge remote-tracking branch 'lass/master'

This commit is contained in:
makefu 2017-08-05 12:01:07 +02:00
commit f1124bd208
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
29 changed files with 165 additions and 448 deletions

View File

@ -70,6 +70,12 @@ let
type = types.hostname;
default = "r";
};
sitemap = mkOption {
default = {};
type = types.attrsOf types.sitemap.entry;
};
zone-head-config = mkOption {
type = with types; attrsOf str;
description = ''

View File

@ -96,8 +96,8 @@ with import <stockholm/lib>;
ip6.addr = "42:0000:0000:0000:0000:0000:0000:15ab";
aliases = [
"prism.r"
"build.prism.r"
"cache.prism.r"
"cgit.prism.r"
"paste.r"
"p.r"
];

View File

@ -323,6 +323,7 @@ with import <stockholm/lib>;
aliases = [
"xu.r"
"cgit.xu.r"
"krebs.xu.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@ -374,6 +375,14 @@ with import <stockholm/lib>;
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNjHxyUC7afNGSwfwBfQizmDnHTNLWDRHE8SY9W4oiw2lPhCFGTN8Jz84CKtnABbZhbNY1E8T58emF2h45WzDg/OGi8DPAk4VsXSkIhyvAto+nkTy2L4atjqfvXDvqxTDC9sui+t8p5OqOK+sghe4kiy+Vx1jhnjSnkQsx9Kocu24BYTkNqYxG7uwOz6t262XYNwMn13Y2K/yygDR3Uw3wTnEjpaYnObRxxJS3iTECDzgixiQ6ewXwYNggpzO/+EfW1BTz5vmuEVf4GbQ9iEc7IsVXHhR+N0boCscvSgae9KW9MBun0A2veRFXNkkfBEMfzelz+S63oeVfelkBq6N5aLsHYYGC4VQjimScelHYVwxR7O4fV+NttJaFF7H06FJeFzPt3NYZeoPKealD5y2Muh1UnewpmkMgza9hQ9EmI4/G1fMowqeMq0U6Hu0QMDUAagyalizN97AfsllY2cs0qLNg7+zHMPwc5RgLzs73oPUsF3umz0O42I5p5733vveUlWi5IZeI8CA1ZKdpwyMXXNhIOHs8u+yGsOLfSy3RgjVKp2GjN4lfnFd0LI+p7iEsEWDRkIAvGCOFepsebyVpBjGP+Kqs10bPGpk5dMcyn9iBJejoz9ka+H9+JAG04LnXwt6Rf1CRV3VRCRX1ayZEjRv9czV7U9ZpuFQcIlVRJQ== root@zu";
};
};
sitemap = {
"http://cgit.krebsco.de" = {
desc = "Git repositories";
};
"http://krebs.xu.r" = {
desc = "krebs-pages mirror";
};
};
users = {
dv = {
mail = "dv@alnus.r";

View File

@ -1,21 +0,0 @@
{ stdenv, fetchgit, cmake, ncurses, openssl, readline, ... }:
stdenv.mkDerivation rec {
name = "tarantool-1.7.1-164-g0fd0239";
src = fetchgit {
url = https://github.com/tarantool/tarantool;
rev = builtins.elemAt (builtins.match ".*-g([0-9a-f]+)" name) 0;
sha256 = "1jnaiizbl9j4a8vsihqx75iqa9bkh1kpwsyrgmim8ikiyzfw54dz";
fetchSubmodules = true;
};
buildInputs = [
cmake
ncurses
openssl
readline
];
preConfigure = ''
echo ${(builtins.parseDrvName name).version} > VERSION
sed -i 's/NAMES termcap/NAMES ncurses/' cmake/FindTermcap.cmake
'';
}

View File

@ -29,10 +29,11 @@ with import <stockholm/lib>;
execveBin = name: cfg:
pkgs.execve name (cfg // { destination = "/bin/${name}"; });
makeScriptWriter = interpreter: name: text:
makeScriptWriter = { interpreter, check ? null }: name: text:
assert (with types; either absolute-pathname filename).check name;
pkgs.writeOut (baseNameOf name) {
${optionalString (types.absolute-pathname.check name) name} = {
inherit check;
executable = true;
text = "#! ${interpreter}\n${text}";
};
@ -69,7 +70,9 @@ with import <stockholm/lib>;
strip --strip-unneeded "$exe"
'';
writeDash = pkgs.makeScriptWriter "${pkgs.dash}/bin/dash";
writeDash = pkgs.makeScriptWriter {
interpreter = "${pkgs.dash}/bin/dash";
};
writeDashBin = name:
assert types.filename.check name;
@ -305,5 +308,7 @@ with import <stockholm/lib>;
};
};
writeSed = pkgs.makeScriptWriter "${pkgs.gnused}/bin/sed -f";
writeSed = pkgs.makeScriptWriter {
interpreter = "${pkgs.gnused}/bin/sed -f";
};
}

View File

@ -15,6 +15,10 @@ let
${pkgs.msmtp}/bin/msmtp -C ${msmtprc} "$@"
'';
mailcap = pkgs.writeText "mailcap" ''
text/html; ${pkgs.elinks}/bin/elinks -dump ; copiousoutput;
'';
muttrc = pkgs.writeText "muttrc" ''
# gpg
source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc
@ -37,6 +41,9 @@ let
<display-message><enter-command> set crypt_verify_sig=\$my_crypt_verify_sig<enter>" \
'Verify PGP signature'
# read html mails
auto_view text/html
set mailcap_path = ${mailcap}
# notmuch
set nm_default_uri="notmuch://$HOME/Maildir" # path to the maildir
@ -59,7 +66,7 @@ let
recipent="$(echo $1 | sed 's/[^,]*<\([^>]*\)[^,]*/ \1/g')"
# output to mutt
# V
echo "%4C %Z %?GI?%GI& ? %[%d/%b] %-20.20a %?M?(%3M)& ? %s %> $recipent %?g?%g?%"
echo "%4C %Z %?GI?%GI& ? %[%y-%m-%d] %-20.20a %?M?(%3M)& ? %s %> $recipent %?g?%g?%"
# args to mutt-index dash script
# V
''} %r |"
@ -119,6 +126,8 @@ let
bind pager t noop
macro index t "<modify-labels>+TODO\n" # tag as Archived
# top index bar in email view
set pager_index_lines=7
# sidebar
set sidebar_width = 20

View File

@ -0,0 +1,26 @@
{ config, lib, ... }:
with import <stockholm/lib>;
{
services.nginx = {
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
virtualHosts._http = {
default = true;
extraConfig = ''
return 404;
'';
};
virtualHosts.default = {
locations."= /etc/os-release".extraConfig = ''
default_type text/plain;
alias /etc/os-release;
'';
};
};
}

View File

@ -23,6 +23,7 @@ let
in {
imports = [
./default.nix
./sqlBackup.nix
(servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
(servePage [

View File

@ -26,6 +26,7 @@ in {
services.nginx.enable = true;
imports = [
./default.nix
./sqlBackup.nix
(serveWordpress [ "radical-dreamers.de" "www.radical-dreamers.de" ])

View File

@ -8,6 +8,7 @@ let
in {
imports = [
./default.nix
../git.nix
];

View File

@ -1,78 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
cfg = config.lass.staticPage;
out = {
options.lass.staticPage = api;
config = imp;
};
api = mkOption {
type = with types; attrsOf (submodule ({ config, ... }: {
options = {
domain = mkOption {
type = str;
default = config._module.args.name;
};
folder = mkOption {
type = str;
default = "/srv/http/${config.domain}";
};
#sslEnable = mkEnableOption "ssl";
#certificate = mkOption {
# type = str;
#};
#certificate_key = mkOption {
# type = str;
#};
#ciphers = mkOption {
# type = str;
# default = "AES128+EECDH:AES128+EDH";
#};
ssl = mkOption {
type = with types; submodule ({
options = {
enable = mkEnableOption "ssl";
certificate = mkOption {
type = str;
};
certificate_key = mkOption {
type = str;
};
};
});
default = {};
};
};
}));
default = {};
};
user = config.services.nginx.user;
group = config.services.nginx.group;
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
imp = {
krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ssl, ... }: {
server-names = [
"${domain}"
"www.${domain}"
];
locations = [
(nameValuePair "/" ''
root ${folder};
'')
(nameValuePair "~ /\\." ''
deny all;
'')
];
inherit ssl;
});
};
in out

View File

@ -20,10 +20,6 @@ let
then lib.lpad n c (c + s)
else s;
subdirsOf = path:
lib.mapAttrs (name: _: path + "/${name}")
(filterAttrs (_: eq "directory") (readDir path));
genAttrs' = names: f: listToAttrs (map f names);
getAttrs = names: set:

View File

@ -5,7 +5,7 @@ let
all any concatMapStringsSep concatStringsSep const filter flip
genid hasSuffix head isInt isString length mergeOneOption mkOption
mkOptionType optional optionalAttrs optionals range splitString
stringLength substring test typeOf;
stringLength substring test testString typeOf;
inherit (lib.types)
attrsOf bool either enum int listOf nullOr path str string submodule;
in
@ -357,6 +357,20 @@ rec {
pgp-pubkey = str;
sitemap.entry = submodule ({ config, ... }: {
options = {
desc = mkOption {
default = null;
type = nullOr str;
};
href = mkOption {
${if testString "https?://.*" config._module.args.name
then "default" else null} = config._module.args.name;
type = nullOr str; # TODO nullOr uri?
};
};
});
ssh-pubkey = str;
ssh-privkey = submodule {
options = {

View File

@ -15,6 +15,10 @@ self: super: let
override
else override;
subdirsOf = path:
mapAttrs (name: _: path + "/${name}")
(filterAttrs (_: eq "directory") (readDir path));
in {
alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";};
alsa-hdspmixer = callPackage ./alsa-tools { alsaToolTarget="hdspmixer";};
@ -27,7 +31,6 @@ in {
sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb";
};
};
}
// mapAttrs (_: flip callPackage {})

View File

@ -143,10 +143,6 @@ with import <stockholm/lib>;
};
};
security.wrappers = {
sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron
};
security.sudo.extraConfig = ''
Defaults env_keep+="SSH_CLIENT"
Defaults mailto="${config.krebs.users.mv.mail}"

View File

@ -1,8 +1,6 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
{ config, pkgs, ... }: {
{
imports = [
<stockholm/tv>
<stockholm/tv/2configs/hw/x220.nix>
@ -81,8 +79,6 @@ with import <stockholm/lib>;
};
};
swapDevices =[ ];
users.users.dv = {
inherit (config.krebs.users.dv) home uid;
isNormalUser = true;

View File

@ -1,8 +1,6 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
{ config, pkgs, ... }: {
{
imports = [
<stockholm/krebs>
<stockholm/tv/2configs>
@ -14,15 +12,7 @@ with import <stockholm/lib>;
krebs.build.host = config.krebs.hosts.mu;
krebs.build.user = mkForce config.krebs.users.vv;
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="00:90:f5:da:aa:c3", NAME="en0"
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:1b:ae:6c", NAME="wl0"
# for jack
KERNEL=="rtc0", GROUP="audio"
KERNEL=="hpet", GROUP="audio"
'';
tv.x0vncserver.enable = true;
# hardware configuration
boot.initrd.luks.devices = [
@ -33,10 +23,6 @@ with import <stockholm/lib>;
boot.kernelModules = [ "fbcon" "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.extraModprobeConfig = ''
options kvm_intel nested=1
'';
fileSystems = {
"/" = {
device = "/dev/vgmu1/nixroot";
@ -50,15 +36,8 @@ with import <stockholm/lib>;
"/boot" = {
device = "/dev/sda1";
};
"/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = [ "nosuid" "nodev" "noatime" ];
};
};
swapDevices =[ ];
nixpkgs.config.allowUnfree = true;
hardware.opengl.driSupport32Bit = true;
@ -66,8 +45,8 @@ with import <stockholm/lib>;
hardware.enableRedistributableFirmware = true;
boot.loader.gummiboot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.systemd-boot.enable = true;
networking.networkmanager.enable = true;
@ -97,7 +76,6 @@ with import <stockholm/lib>;
programs.ssh.startAgent = false;
security.wrappers = {
sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron
slock.source = "${pkgs.slock}/bin/slock";
};
@ -152,9 +130,4 @@ with import <stockholm/lib>;
"networkmanager"
];
};
# see tmpfiles.d(5)
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -" # does this work with mounted /tmp?
];
}

View File

@ -1,8 +1,6 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{ config, pkgs, ... }: {
{
krebs.build.host = config.krebs.hosts.nomic;
imports = [
@ -50,11 +48,6 @@ with import <stockholm/lib>;
fsType = "btrfs";
};
swapDevices = [ ];
# TODO base
boot.tmpOnTmpfs = true;
environment.systemPackages = with pkgs; [
(writeDashBin "play" ''
set -euf

View File

@ -1,3 +0,0 @@
import <stockholm/tv/source.nix> {
name = "test";
}

View File

@ -1,8 +1,6 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{ config, pkgs, ... }: {
{
krebs.build.host = config.krebs.hosts.wu;
imports = [
@ -17,91 +15,6 @@ with import <stockholm/lib>;
<stockholm/tv/2configs/pulse.nix>
<stockholm/tv/2configs/retiolum.nix>
<stockholm/tv/2configs/xserver>
{
environment.systemPackages = with pkgs; [
# root
cryptsetup
# tv
bc
bind # dig
cac-api
dic
file
get
gnupg1compat
haskellPackages.hledger
jq
mkpasswd
netcat
nix-repl
nmap
p7zip
push
qrencode
tmux
#ack
#apache-httpd
#ascii
#emacs
#es
#esniper
#gcc
#gptfdisk
#graphviz
#haskellPackages.cabal2nix
#haskellPackages.ghc
#haskellPackages.shake
#hdparm
#i7z
#iftop
#imagemagick
#inotifyTools
#iodine
#iotop
#lshw
#lsof
#minicom
#mtools
#ncmpc
#neovim
#nethogs
#nix-prefetch-scripts #cvs bug
#openssl
#openswan
#parted
#perl
#powertop
#ppp
#proot
#pythonPackages.arandr
#pythonPackages.youtube-dl
#racket
#rxvt_unicode-with-plugins
#scrot
#sec
#silver-searcher
#sloccount
#smartmontools
#socat
#sshpass
#strongswan
#sysdig
#sysstat
#tcpdump
#tlsdate
#unetbootin
#utillinuxCurses
#wvdial
#xdotool
#xkill
#xl2tpd
#xsel
unison
];
}
];
boot.initrd.luks = {
@ -130,11 +43,6 @@ with import <stockholm/lib>;
"/boot" = {
device = "/dev/sda1";
};
"/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["nosuid" "nodev" "noatime"];
};
};
krebs.nixpkgs.allowUnfreePredicate = pkg: hasPrefix "nvidia-x11-" pkg.name;
@ -143,24 +51,8 @@ with import <stockholm/lib>;
hardware.enableRedistributableFirmware= true;
hardware.opengl.driSupport32Bit = true;
environment.systemPackages = with pkgs; [
ethtool
tinc_pre
iptables
#jack2
];
security.wrappers = {
sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron
};
services.printing.enable = true;
# see tmpfiles.d(5)
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -" # does this work with mounted /tmp?
];
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="00:90:f5:da:aa:c3", NAME="en0"
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:1b:ae:6c", NAME="wl0"
@ -169,6 +61,4 @@ with import <stockholm/lib>;
KERNEL=="rtc0", GROUP="audio"
KERNEL=="hpet", GROUP="audio"
'';
virtualisation.virtualbox.host.enable = true;
}

View File

@ -1,8 +1,6 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{ config, pkgs, ... }: {
{
krebs.build.host = config.krebs.hosts.xu;
imports = [
@ -13,6 +11,7 @@ with import <stockholm/lib>;
<stockholm/tv/2configs/gitrepos.nix>
<stockholm/tv/2configs/mail-client.nix>
<stockholm/tv/2configs/man.nix>
<stockholm/tv/2configs/nginx/krebs-pages.nix>
<stockholm/tv/2configs/nginx/public_html.nix>
<stockholm/tv/2configs/pulse.nix>
<stockholm/tv/2configs/retiolum.nix>
@ -136,11 +135,6 @@ with import <stockholm/lib>;
"/boot" = {
device = "/dev/sda1";
};
"/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["nosuid" "nodev" "noatime"];
};
};
environment.systemPackages = with pkgs; [
@ -152,23 +146,14 @@ with import <stockholm/lib>;
gptfdisk
];
security.wrappers = {
sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron
};
services.printing.enable = true;
# see tmpfiles.d(5)
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -" # does this work with mounted /tmp?
];
#services.bitlbee.enable = true;
#services.tor.client.enable = true;
#services.tor.enable = true;
#services.virtualboxHost.enable = true;
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "15.09";
virtualisation.virtualbox.host.enable = true;
}

View File

@ -1,17 +1,9 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{ config, pkgs, ... }: {
{
krebs.build.host = config.krebs.hosts.zu;
imports = [
{
options.tv.test.sercret-file = mkOption {
type = types.secret-file;
default = {};
};
}
<stockholm/tv>
<stockholm/tv/2configs/hw/x220.nix>
<stockholm/tv/2configs/exim-retiolum.nix>
@ -22,93 +14,6 @@ with import <stockholm/lib>;
<stockholm/tv/2configs/pulse.nix>
<stockholm/tv/2configs/retiolum.nix>
<stockholm/tv/2configs/xserver>
{
environment.systemPackages = with pkgs; [
# root
cryptsetup
# tv
bc
bind # dig
cac-api
dic
file
gnupg1compat
haskellPackages.hledger
jq
mkpasswd
netcat
nix-repl
nmap
p7zip
pass
q
qrencode
# XXX fails at systemd.services.dbus.unitConfig
#texlive
tmux
#ack
#apache-httpd
#ascii
#emacs
#es
#esniper
#gcc
#gptfdisk
#graphviz
#haskellPackages.cabal2nix
#haskellPackages.ghc
#haskellPackages.shake
#hdparm
#i7z
#iftop
#imagemagick
#inotifyTools
#iodine
#iotop
#lshw
#lsof
#minicom
#mtools
#ncmpc
#nethogs
#nix-prefetch-scripts #cvs bug
#openssl
#openswan
#parted
#perl
#powertop
#ppp
#proot
#pythonPackages.arandr
#pythonPackages.youtube-dl
#racket
#rxvt_unicode-with-plugins
#scrot
#sec
#silver-searcher
#sloccount
#smartmontools
#socat
#sshpass
#strongswan
#sysdig
#sysstat
#tcpdump
#tlsdate
#unetbootin
#utillinuxCurses
#wvdial
#xdotool
#xkill
#xl2tpd
#xsel
unison
];
}
];
boot.initrd.luks = {
@ -124,6 +29,11 @@ with import <stockholm/lib>;
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
"/bku" = {
device = "/dev/mapper/zuvga-bku";
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
"/home" = {
device = "/dev/mapper/zuvga-home";
fsType = "btrfs";
@ -132,38 +42,13 @@ with import <stockholm/lib>;
"/boot" = {
device = "/dev/sda1";
};
"/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["nosuid" "nodev" "noatime"];
};
};
environment.systemPackages = with pkgs; [
ethtool
tinc_pre
iptables
#jack2
gptfdisk
];
security.wrappers = {
sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron
};
services.printing.enable = true;
# see tmpfiles.d(5)
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -" # does this work with mounted /tmp?
];
#services.bitlbee.enable = true;
#services.tor.client.enable = true;
#services.tor.enable = true;
#services.virtualboxHost.enable = true;
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "15.09";

View File

@ -1,9 +1,8 @@
with import <stockholm/lib>;
{ config, lib, pkgs, ... }: let
builder = if getEnv "dummy_secrets" == "true"
then "buildbot"
else "tv";
in {
{ config, pkgs, ... }: {
boot.tmpOnTmpfs = true;
krebs.enable = true;
krebs.build.user = config.krebs.users.tv;
@ -21,16 +20,6 @@ in {
./sshd.nix
./vim.nix
./xdg.nix
{
# stockholm dependencies
environment.systemPackages = with pkgs; [
git
gnumake
hashPassword
populate
whatsupnix
];
}
{
users = {
defaultUserShell = "/run/current-system/sw/bin/bash";
@ -47,7 +36,7 @@ in {
{
security.hideProcessInformation = true;
security.sudo.extraConfig = ''
Defaults env_keep+="SSH_CLIENT"
Defaults env_keep+="SSH_CLIENT XMONAD_SPAWN_WORKSPACE"
Defaults mailto="${config.krebs.users.tv.mail}"
Defaults !lecture
'';
@ -142,6 +131,8 @@ in {
{
environment.systemPackages = [
pkgs.get
pkgs.git
pkgs.hashPassword
pkgs.htop
pkgs.kpaste
pkgs.krebspaste

View File

@ -9,6 +9,7 @@ with import <stockholm/lib>;
serverAliases = [
"localhost"
"${config.krebs.build.host.name}"
"${config.krebs.build.host.name}.gg23"
"${config.krebs.build.host.name}.r"
];
locations."~ ^/~(.+?)(/.*)?\$".extraConfig = ''

View File

@ -10,6 +10,9 @@ with import <stockholm/lib>;
"ni"
"prism"
];
extraConfig = ''
LocalDiscovery = yes
'';
tincPackage = pkgs.tinc_pre;
};
tv.iptables.input-internet-accept-tcp = singleton "tinc";

View File

@ -70,6 +70,8 @@ let {
hi diffSubname ctermfg=207
hi diffAdded ctermfg=010
hi diffRemoved ctermfg=009
hi Search cterm=NONE ctermbg=216
'';
})))
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
@ -227,7 +229,7 @@ let {
lua = {};
sed.extraStart = ''writeSed[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
sh.extraStart = concatStringsSep ''\|'' [
''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"''
''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)''
''[a-z]*Phase[ \t\r\n]*=''
];
yaml = {};

View File

@ -6,5 +6,6 @@ _:
./ejabberd
./hosts.nix
./iptables.nix
./x0vncserver.nix
];
}

View File

@ -0,0 +1,52 @@
with import <stockholm/lib>;
{ config, pkgs, ... }: let
cfg = config.tv.x0vncserver;
in {
options.tv.x0vncserver = {
display = mkOption {
default = ":${toString config.services.xserver.display}";
type = types.str;
};
enable = mkEnableOption "tv.x0vncserver";
pwfile = mkOption {
default = {
owner = cfg.user;
path = "${cfg.user.home}/.vncpasswd";
source-path = toString <secrets> + "/vncpasswd";
};
description = ''
Use vncpasswd to edit pwfile.
See: nix-shell -p tigervnc --run 'man vncpasswd'
'';
type = types.secret-file;
};
rfbport = mkOption {
default = 5900;
type = types.int;
};
user = mkOption {
default = config.krebs.build.user;
type = types.user;
};
};
config = mkIf cfg.enable {
krebs.secret.files = {
x0vncserver-pwfile = cfg.pwfile;
};
systemd.services.x0vncserver = {
after = [ "graphical.target" "secret.service" ];
requires = [ "graphical.target" "secret.service" ];
serviceConfig = {
ExecStart = "${pkgs.tigervnc}/bin/x0vncserver ${toString [
"-display ${cfg.display}"
"-passwordfile ${cfg.pwfile.path}"
"-rfbport ${toString cfg.rfbport}"
]}";
User = cfg.user.name;
};
};
tv.iptables.input-retiolum-accept-tcp = singleton (toString cfg.rfbport);
};
}

View File

@ -1,20 +0,0 @@
{ coreutils, gawk, fetchurl, stdenv, ... }:
with stdenv.lib;
stdenv.mkDerivation rec {
name = "djbdns-1.05";
src = fetchurl {
url = "http://cr.yp.to/djbdns/djbdns-1.05.tar.gz";
sha256 = "0j3baf92vkczr5fxww7rp1b7gmczxmmgrqc8w2dy7kgk09m85k9w";
};
configurePhase = ''
echo $out > conf-home
echo gcc -O2 -include errno.h > conf-cc
'';
patchPhase = ''
sed -i 's:c("/","etc","dnsroots.global",-1,-1,0644);:// &:' hier.c
sed -i '1s@^@PATH=${makeBinPath [ coreutils gawk ]}\n@' dnstracesort.sh
'';
installTargets = "setup check";
}