From b95e15654d66607a416b2ba0e87a5d9dd0fe09ed Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 31 Jul 2017 23:55:08 +0200 Subject: [PATCH 01/39] krebs: keep correct host (build -> cgit) --- krebs/3modules/lass/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 27009981b..4e50ef577 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -96,8 +96,8 @@ with import ; ip6.addr = "42:0000:0000:0000:0000:0000:0000:15ab"; aliases = [ "prism.r" - "build.prism.r" "cache.prism.r" + "cgit.prism.r" "paste.r" "p.r" ]; From 67def2c04a8ce910033c5d4d22dda25b6fa85b7b Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 1 Aug 2017 10:47:44 +0200 Subject: [PATCH 02/39] tv: add krebs-pages mirror at krebs.xu.r --- krebs/3modules/tv/default.nix | 1 + tv/1systems/xu/config.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 60827d589..26e8e2f34 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -323,6 +323,7 @@ with import ; aliases = [ "xu.r" "cgit.xu.r" + "krebs.xu.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/tv/1systems/xu/config.nix b/tv/1systems/xu/config.nix index 2bffdddb3..e7516a455 100644 --- a/tv/1systems/xu/config.nix +++ b/tv/1systems/xu/config.nix @@ -13,6 +13,7 @@ with import ; + From bcc1a72d6a604533e025ad579e0dfca0a83c2716 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 1 Aug 2017 10:57:36 +0200 Subject: [PATCH 03/39] makeScriptWriter: forward check parameter to writeOut --- krebs/5pkgs/writers.nix | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/krebs/5pkgs/writers.nix b/krebs/5pkgs/writers.nix index f1626078e..850ee6f1a 100644 --- a/krebs/5pkgs/writers.nix +++ b/krebs/5pkgs/writers.nix @@ -29,10 +29,11 @@ with import ; execveBin = name: cfg: pkgs.execve name (cfg // { destination = "/bin/${name}"; }); - makeScriptWriter = interpreter: name: text: + makeScriptWriter = { interpreter, check ? null }: name: text: assert (with types; either absolute-pathname filename).check name; pkgs.writeOut (baseNameOf name) { ${optionalString (types.absolute-pathname.check name) name} = { + inherit check; executable = true; text = "#! ${interpreter}\n${text}"; }; @@ -69,7 +70,9 @@ with import ; strip --strip-unneeded "$exe" ''; - writeDash = pkgs.makeScriptWriter "${pkgs.dash}/bin/dash"; + writeDash = pkgs.makeScriptWriter { + interpreter = "${pkgs.dash}/bin/dash"; + }; writeDashBin = name: assert types.filename.check name; @@ -305,5 +308,7 @@ with import ; }; }; - writeSed = pkgs.makeScriptWriter "${pkgs.gnused}/bin/sed -f"; + writeSed = pkgs.makeScriptWriter { + interpreter = "${pkgs.gnused}/bin/sed -f"; + }; } From 5742f322891d380b15b6570bf523e50c17c45212 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 1 Aug 2017 11:27:03 +0200 Subject: [PATCH 04/39] krebs.sitemap: init --- krebs/3modules/default.nix | 6 ++++++ lib/types.nix | 16 +++++++++++++++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index b0ad2baf5..abb3d37eb 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -70,6 +70,12 @@ let type = types.hostname; default = "r"; }; + + sitemap = mkOption { + default = {}; + type = types.attrsOf types.sitemap.entry; + }; + zone-head-config = mkOption { type = with types; attrsOf str; description = '' diff --git a/lib/types.nix b/lib/types.nix index 236190ccd..8c6846887 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -5,7 +5,7 @@ let all any concatMapStringsSep concatStringsSep const filter flip genid hasSuffix head isInt isString length mergeOneOption mkOption mkOptionType optional optionalAttrs optionals range splitString - stringLength substring test typeOf; + stringLength substring test testString typeOf; inherit (lib.types) attrsOf bool either enum int listOf nullOr path str string submodule; in @@ -357,6 +357,20 @@ rec { pgp-pubkey = str; + sitemap.entry = submodule ({ config, ... }: { + options = { + desc = mkOption { + default = null; + type = nullOr str; + }; + href = mkOption { + ${if testString "https?://.*" config._module.args.name + then "default" else null} = config._module.args.name; + type = nullOr str; # TODO nullOr uri? + }; + }; + }); + ssh-pubkey = str; ssh-privkey = submodule { options = { From 3d53636ab2ee3835f3cc823761843e22347d892d Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 1 Aug 2017 11:27:27 +0200 Subject: [PATCH 05/39] tv: add cgit.krebsco.de and krebs.xu.r to sitemap --- krebs/3modules/tv/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 26e8e2f34..81db2d411 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -375,6 +375,14 @@ with import ; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNjHxyUC7afNGSwfwBfQizmDnHTNLWDRHE8SY9W4oiw2lPhCFGTN8Jz84CKtnABbZhbNY1E8T58emF2h45WzDg/OGi8DPAk4VsXSkIhyvAto+nkTy2L4atjqfvXDvqxTDC9sui+t8p5OqOK+sghe4kiy+Vx1jhnjSnkQsx9Kocu24BYTkNqYxG7uwOz6t262XYNwMn13Y2K/yygDR3Uw3wTnEjpaYnObRxxJS3iTECDzgixiQ6ewXwYNggpzO/+EfW1BTz5vmuEVf4GbQ9iEc7IsVXHhR+N0boCscvSgae9KW9MBun0A2veRFXNkkfBEMfzelz+S63oeVfelkBq6N5aLsHYYGC4VQjimScelHYVwxR7O4fV+NttJaFF7H06FJeFzPt3NYZeoPKealD5y2Muh1UnewpmkMgza9hQ9EmI4/G1fMowqeMq0U6Hu0QMDUAagyalizN97AfsllY2cs0qLNg7+zHMPwc5RgLzs73oPUsF3umz0O42I5p5733vveUlWi5IZeI8CA1ZKdpwyMXXNhIOHs8u+yGsOLfSy3RgjVKp2GjN4lfnFd0LI+p7iEsEWDRkIAvGCOFepsebyVpBjGP+Kqs10bPGpk5dMcyn9iBJejoz9ka+H9+JAG04LnXwt6Rf1CRV3VRCRX1ayZEjRv9czV7U9ZpuFQcIlVRJQ== root@zu"; }; }; + sitemap = { + "http://cgit.krebsco.de" = { + desc = "Git repositories"; + }; + "http://krebs.xu.r" = { + desc = "krebs-pages mirror"; + }; + }; users = { dv = { mail = "dv@alnus.r"; From 8f5fc9bc4fff53936e8bba5b2a4de3d362b94f09 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 1 Aug 2017 11:28:25 +0200 Subject: [PATCH 06/39] tv sudo: env_keep += XMONAD_SPAWN_WORKSPACE --- tv/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index b59311092..420548bce 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -47,7 +47,7 @@ in { { security.hideProcessInformation = true; security.sudo.extraConfig = '' - Defaults env_keep+="SSH_CLIENT" + Defaults env_keep+="SSH_CLIENT XMONAD_SPAWN_WORKSPACE" Defaults mailto="${config.krebs.users.tv.mail}" Defaults !lecture ''; From 2f52158dec91a87cddd3e643f29870a6acc233f6 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 1 Aug 2017 11:30:16 +0200 Subject: [PATCH 07/39] tv: drop explicit stockholm deps --- tv/2configs/default.nix | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 420548bce..834a89083 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -21,16 +21,6 @@ in { ./sshd.nix ./vim.nix ./xdg.nix - { - # stockholm dependencies - environment.systemPackages = with pkgs; [ - git - gnumake - hashPassword - populate - whatsupnix - ]; - } { users = { defaultUserShell = "/run/current-system/sw/bin/bash"; @@ -142,6 +132,8 @@ in { { environment.systemPackages = [ pkgs.get + pkgs.git + pkgs.hashPassword pkgs.htop pkgs.kpaste pkgs.krebspaste From e19b506f36c8848ece02d7796a91ff0634191609 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 1 Aug 2017 12:15:45 +0200 Subject: [PATCH 08/39] tv retiolum: LocalDiscovery = yes --- tv/2configs/retiolum.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tv/2configs/retiolum.nix b/tv/2configs/retiolum.nix index a914dad43..9940b1026 100644 --- a/tv/2configs/retiolum.nix +++ b/tv/2configs/retiolum.nix @@ -10,6 +10,9 @@ with import ; "ni" "prism" ]; + extraConfig = '' + LocalDiscovery = yes + ''; tincPackage = pkgs.tinc_pre; }; tv.iptables.input-internet-accept-tcp = singleton "tinc"; From dfcb663af9b116d07ec09603a6837230419a2785 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 1 Aug 2017 13:47:10 +0200 Subject: [PATCH 09/39] l mail: show html mails --- lass/2configs/mail.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index fe82fea59..cfc179842 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -15,6 +15,10 @@ let ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} "$@" ''; + mailcap = pkgs.writeText "mailcap" '' + text/html; ${pkgs.elinks}/bin/elinks -dump ; copiousoutput; + ''; + muttrc = pkgs.writeText "muttrc" '' # gpg source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc @@ -37,6 +41,9 @@ let set crypt_verify_sig=\$my_crypt_verify_sig" \ 'Verify PGP signature' + # read html mails + auto_view text/html + set mailcap_path = ${mailcap} # notmuch set nm_default_uri="notmuch://$HOME/Maildir" # path to the maildir From e740022bc524a57dd671a5c714ab117b6331cf27 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 1 Aug 2017 14:15:45 +0200 Subject: [PATCH 10/39] l mail: use ISO date format --- lass/2configs/mail.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index cfc179842..afd90315f 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -66,7 +66,7 @@ let recipent="$(echo $1 | sed 's/[^,]*<\([^>]*\)[^,]*/ \1/g')" # output to mutt # V - echo "%4C %Z %?GI?%GI& ? %[%d/%b] %-20.20a %?M?(%3M)& ? %s %> $recipent %?g?%g?%" + echo "%4C %Z %?GI?%GI& ? %[%y-%m-%d] %-20.20a %?M?(%3M)& ? %s %> $recipent %?g?%g?%" # args to mutt-index dash script # V ''} %r |" From d56a90778408a199cc79ab47e1c2313a68cd2451 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 1 Aug 2017 18:06:13 +0200 Subject: [PATCH 11/39] l mail: activate indexbar in mailview --- lass/2configs/mail.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index afd90315f..a90890aab 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -126,6 +126,8 @@ let bind pager t noop macro index t "+TODO\n" # tag as Archived + # top index bar in email view + set pager_index_lines=7 # sidebar set sidebar_width = 20 From e4042e132a50c343d3b42039140abb0695724e69 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 1 Aug 2017 19:28:47 +0200 Subject: [PATCH 12/39] move subdirsOf from lib to makefu --- lib/default.nix | 4 ---- makefu/5pkgs/default.nix | 5 ++++- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/lib/default.nix b/lib/default.nix index 4c54f60aa..e5e40975e 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -20,10 +20,6 @@ let then lib.lpad n c (c + s) else s; - subdirsOf = path: - lib.mapAttrs (name: _: path + "/${name}") - (filterAttrs (_: eq "directory") (readDir path)); - genAttrs' = names: f: listToAttrs (map f names); getAttrs = names: set: diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 99f8cf864..bb776ef25 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -15,6 +15,10 @@ self: super: let override else override; + subdirsOf = path: + mapAttrs (name: _: path + "/${name}") + (filterAttrs (_: eq "directory") (readDir path)); + in { alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";}; alsa-hdspmixer = callPackage ./alsa-tools { alsaToolTarget="hdspmixer";}; @@ -27,7 +31,6 @@ in { sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb"; }; }; - } // mapAttrs (_: flip callPackage {}) From fc59b6c395ffd68d7cd0504d1745fdc08e521525 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 1 Aug 2017 19:56:42 +0200 Subject: [PATCH 13/39] tv test system: RIP It was committed by accident. --- tv/1systems/test/source.nix | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 tv/1systems/test/source.nix diff --git a/tv/1systems/test/source.nix b/tv/1systems/test/source.nix deleted file mode 100644 index f756b8586..000000000 --- a/tv/1systems/test/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import { - name = "test"; -} From f51f58f5ede75767b27354646d055649d7e37d82 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 1 Aug 2017 20:07:17 +0200 Subject: [PATCH 14/39] tv: only xu is a virtualbox host --- tv/1systems/wu/config.nix | 2 -- tv/1systems/xu/config.nix | 4 ++-- tv/1systems/zu/config.nix | 2 -- 3 files changed, 2 insertions(+), 6 deletions(-) diff --git a/tv/1systems/wu/config.nix b/tv/1systems/wu/config.nix index 1e28cc78a..9767f467a 100644 --- a/tv/1systems/wu/config.nix +++ b/tv/1systems/wu/config.nix @@ -169,6 +169,4 @@ with import ; KERNEL=="rtc0", GROUP="audio" KERNEL=="hpet", GROUP="audio" ''; - - virtualisation.virtualbox.host.enable = true; } diff --git a/tv/1systems/xu/config.nix b/tv/1systems/xu/config.nix index e7516a455..2c5e827a9 100644 --- a/tv/1systems/xu/config.nix +++ b/tv/1systems/xu/config.nix @@ -167,9 +167,9 @@ with import ; #services.bitlbee.enable = true; #services.tor.client.enable = true; #services.tor.enable = true; - #services.virtualboxHost.enable = true; - # The NixOS release to be compatible with for stateful data such as databases. system.stateVersion = "15.09"; + + virtualisation.virtualbox.host.enable = true; } diff --git a/tv/1systems/zu/config.nix b/tv/1systems/zu/config.nix index d2aab8c51..8eb64a27b 100644 --- a/tv/1systems/zu/config.nix +++ b/tv/1systems/zu/config.nix @@ -162,8 +162,6 @@ with import ; #services.bitlbee.enable = true; #services.tor.client.enable = true; #services.tor.enable = true; - #services.virtualboxHost.enable = true; - # The NixOS release to be compatible with for stateful data such as databases. system.stateVersion = "15.09"; From 11a65914542870cf5326ea602926b55553362b17 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 1 Aug 2017 20:09:48 +0200 Subject: [PATCH 15/39] tv zu: drop test secret-file --- tv/1systems/zu/config.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/tv/1systems/zu/config.nix b/tv/1systems/zu/config.nix index 8eb64a27b..272fba880 100644 --- a/tv/1systems/zu/config.nix +++ b/tv/1systems/zu/config.nix @@ -6,12 +6,6 @@ with import ; krebs.build.host = config.krebs.hosts.zu; imports = [ - { - options.tv.test.sercret-file = mkOption { - type = types.secret-file; - default = {}; - }; - } From e749d26c4fd2401b7f8e0293aaf780b4700af3c1 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 1 Aug 2017 20:11:14 +0200 Subject: [PATCH 16/39] tv public_html: add server aliases for gg23 --- tv/2configs/nginx/public_html.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/2configs/nginx/public_html.nix b/tv/2configs/nginx/public_html.nix index a686d281c..cc7a39891 100644 --- a/tv/2configs/nginx/public_html.nix +++ b/tv/2configs/nginx/public_html.nix @@ -9,6 +9,7 @@ with import ; serverAliases = [ "localhost" "${config.krebs.build.host.name}" + "${config.krebs.build.host.name}.gg23" "${config.krebs.build.host.name}.r" ]; locations."~ ^/~(.+?)(/.*)?\$".extraConfig = '' From 06d2c2d773559c0c059768e1ab8a350ae2a82c0e Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 1 Aug 2017 20:12:04 +0200 Subject: [PATCH 17/39] tv vim: colorize search results --- tv/2configs/vim.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index f0b1cf520..85283238d 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -70,6 +70,8 @@ let { hi diffSubname ctermfg=207 hi diffAdded ctermfg=010 hi diffRemoved ctermfg=009 + + hi Search cterm=NONE ctermbg=216 ''; }))) ((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let From 5aad878c525c16e98922858bbc85eade10365526 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 1 Aug 2017 20:13:30 +0200 Subject: [PATCH 18/39] tv vim: relaxt sh.extraStart for variable names --- tv/2configs/vim.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index 85283238d..ca4718646 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -229,7 +229,7 @@ let { lua = {}; sed.extraStart = ''writeSed[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; sh.extraStart = concatStringsSep ''\|'' [ - ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"'' + ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)'' ''[a-z]*Phase[ \t\r\n]*='' ]; yaml = {}; From ad0f78278968b3cd0656a72be8db9a287bd6398a Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 1 Aug 2017 20:27:36 +0200 Subject: [PATCH 19/39] tv djbdns: RIP --- tv/5pkgs/simple/djbdns/default.nix | 20 -------------------- 1 file changed, 20 deletions(-) delete mode 100644 tv/5pkgs/simple/djbdns/default.nix diff --git a/tv/5pkgs/simple/djbdns/default.nix b/tv/5pkgs/simple/djbdns/default.nix deleted file mode 100644 index ad5a530bd..000000000 --- a/tv/5pkgs/simple/djbdns/default.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ coreutils, gawk, fetchurl, stdenv, ... }: - -with stdenv.lib; - -stdenv.mkDerivation rec { - name = "djbdns-1.05"; - src = fetchurl { - url = "http://cr.yp.to/djbdns/djbdns-1.05.tar.gz"; - sha256 = "0j3baf92vkczr5fxww7rp1b7gmczxmmgrqc8w2dy7kgk09m85k9w"; - }; - configurePhase = '' - echo $out > conf-home - echo gcc -O2 -include errno.h > conf-cc - ''; - patchPhase = '' - sed -i 's:c("/","etc","dnsroots.global",-1,-1,0644);:// &:' hier.c - sed -i '1s@^@PATH=${makeBinPath [ coreutils gawk ]}\n@' dnstracesort.sh - ''; - installTargets = "setup check"; -} From bcd8c5a9661634a53c88029fc9028e1dbf2228b2 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 1 Aug 2017 20:46:32 +0200 Subject: [PATCH 20/39] tv tarantool: RIP --- krebs/5pkgs/simple/tarantool/default.nix | 21 --------------------- 1 file changed, 21 deletions(-) delete mode 100644 krebs/5pkgs/simple/tarantool/default.nix diff --git a/krebs/5pkgs/simple/tarantool/default.nix b/krebs/5pkgs/simple/tarantool/default.nix deleted file mode 100644 index 9e22fd4f3..000000000 --- a/krebs/5pkgs/simple/tarantool/default.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ stdenv, fetchgit, cmake, ncurses, openssl, readline, ... }: - -stdenv.mkDerivation rec { - name = "tarantool-1.7.1-164-g0fd0239"; - src = fetchgit { - url = https://github.com/tarantool/tarantool; - rev = builtins.elemAt (builtins.match ".*-g([0-9a-f]+)" name) 0; - sha256 = "1jnaiizbl9j4a8vsihqx75iqa9bkh1kpwsyrgmim8ikiyzfw54dz"; - fetchSubmodules = true; - }; - buildInputs = [ - cmake - ncurses - openssl - readline - ]; - preConfigure = '' - echo ${(builtins.parseDrvName name).version} > VERSION - sed -i 's/NAMES termcap/NAMES ncurses/' cmake/FindTermcap.cmake - ''; -} From 95aef46c56564ce82e3f0e864cc0508e310a0825 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 1 Aug 2017 20:18:38 +0200 Subject: [PATCH 21/39] l statig_nginx: RIP --- lass/3modules/static_nginx.nix | 78 ---------------------------------- 1 file changed, 78 deletions(-) delete mode 100644 lass/3modules/static_nginx.nix diff --git a/lass/3modules/static_nginx.nix b/lass/3modules/static_nginx.nix deleted file mode 100644 index cd33a2cf1..000000000 --- a/lass/3modules/static_nginx.nix +++ /dev/null @@ -1,78 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; - -let - cfg = config.lass.staticPage; - - out = { - options.lass.staticPage = api; - config = imp; - }; - - api = mkOption { - type = with types; attrsOf (submodule ({ config, ... }: { - options = { - domain = mkOption { - type = str; - default = config._module.args.name; - }; - folder = mkOption { - type = str; - default = "/srv/http/${config.domain}"; - }; - #sslEnable = mkEnableOption "ssl"; - #certificate = mkOption { - # type = str; - #}; - #certificate_key = mkOption { - # type = str; - #}; - #ciphers = mkOption { - # type = str; - # default = "AES128+EECDH:AES128+EDH"; - #}; - ssl = mkOption { - type = with types; submodule ({ - options = { - enable = mkEnableOption "ssl"; - certificate = mkOption { - type = str; - }; - certificate_key = mkOption { - type = str; - }; - }; - }); - default = {}; - }; - }; - })); - default = {}; - }; - - user = config.services.nginx.user; - group = config.services.nginx.group; - - external-ip = config.krebs.build.host.nets.internet.ip4.addr; - - imp = { - krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ssl, ... }: { - server-names = [ - "${domain}" - "www.${domain}" - ]; - locations = [ - (nameValuePair "/" '' - root ${folder}; - '') - (nameValuePair "~ /\\." '' - deny all; - '') - ]; - inherit ssl; - - }); - }; - -in out From 8c9e0ad35d330e980a59c57b89715c21971c1819 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 1 Aug 2017 20:47:34 +0200 Subject: [PATCH 22/39] l websites: add default.nix for 404 --- lass/2configs/websites/default.nix | 26 ++++++++++++++++++++++++++ lass/2configs/websites/domsen.nix | 1 + lass/2configs/websites/fritz.nix | 1 + lass/2configs/websites/lassulus.nix | 1 + 4 files changed, 29 insertions(+) create mode 100644 lass/2configs/websites/default.nix diff --git a/lass/2configs/websites/default.nix b/lass/2configs/websites/default.nix new file mode 100644 index 000000000..1ffa105a7 --- /dev/null +++ b/lass/2configs/websites/default.nix @@ -0,0 +1,26 @@ +{ config, lib, ... }: + +with import ; + +{ + services.nginx = { + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + + virtualHosts._http = { + default = true; + extraConfig = '' + return 404; + ''; + }; + + virtualHosts.default = { + locations."= /etc/os-release".extraConfig = '' + default_type text/plain; + alias /etc/os-release; + ''; + }; + }; +} + diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index b0e5375c7..10ff142f9 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -23,6 +23,7 @@ let in { imports = [ + ./default.nix ./sqlBackup.nix (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) (servePage [ diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index 45927b102..aa57a9857 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -26,6 +26,7 @@ in { services.nginx.enable = true; imports = [ + ./default.nix ./sqlBackup.nix (serveWordpress [ "radical-dreamers.de" "www.radical-dreamers.de" ]) diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 0771570ca..93b817c3b 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -8,6 +8,7 @@ let in { imports = [ + ./default.nix ../git.nix ]; From 24a515c4a0069828bc84ac60d239f88f9b637524 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 1 Aug 2017 22:22:10 +0200 Subject: [PATCH 23/39] tv {wu,zu}: remove extra systemPackages --- tv/1systems/wu/config.nix | 92 ------------------------------------- tv/1systems/zu/config.nix | 96 --------------------------------------- 2 files changed, 188 deletions(-) diff --git a/tv/1systems/wu/config.nix b/tv/1systems/wu/config.nix index 9767f467a..5ec6a462e 100644 --- a/tv/1systems/wu/config.nix +++ b/tv/1systems/wu/config.nix @@ -17,91 +17,6 @@ with import ; - { - environment.systemPackages = with pkgs; [ - # root - cryptsetup - - # tv - bc - bind # dig - cac-api - dic - file - get - gnupg1compat - haskellPackages.hledger - jq - mkpasswd - netcat - nix-repl - nmap - p7zip - push - qrencode - tmux - - #ack - #apache-httpd - #ascii - #emacs - #es - #esniper - #gcc - #gptfdisk - #graphviz - #haskellPackages.cabal2nix - #haskellPackages.ghc - #haskellPackages.shake - #hdparm - #i7z - #iftop - #imagemagick - #inotifyTools - #iodine - #iotop - #lshw - #lsof - #minicom - #mtools - #ncmpc - #neovim - #nethogs - #nix-prefetch-scripts #cvs bug - #openssl - #openswan - #parted - #perl - #powertop - #ppp - #proot - #pythonPackages.arandr - #pythonPackages.youtube-dl - #racket - #rxvt_unicode-with-plugins - #scrot - #sec - #silver-searcher - #sloccount - #smartmontools - #socat - #sshpass - #strongswan - #sysdig - #sysstat - #tcpdump - #tlsdate - #unetbootin - #utillinuxCurses - #wvdial - #xdotool - #xkill - #xl2tpd - #xsel - - unison - ]; - } ]; boot.initrd.luks = { @@ -143,13 +58,6 @@ with import ; hardware.enableRedistributableFirmware= true; hardware.opengl.driSupport32Bit = true; - environment.systemPackages = with pkgs; [ - ethtool - tinc_pre - iptables - #jack2 - ]; - security.wrappers = { sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron }; diff --git a/tv/1systems/zu/config.nix b/tv/1systems/zu/config.nix index 272fba880..5936ddfe1 100644 --- a/tv/1systems/zu/config.nix +++ b/tv/1systems/zu/config.nix @@ -16,93 +16,6 @@ with import ; - { - environment.systemPackages = with pkgs; [ - - # root - cryptsetup - - # tv - bc - bind # dig - cac-api - dic - file - gnupg1compat - haskellPackages.hledger - jq - mkpasswd - netcat - nix-repl - nmap - p7zip - pass - q - qrencode - # XXX fails at systemd.services.dbus.unitConfig - #texlive - tmux - - #ack - #apache-httpd - #ascii - #emacs - #es - #esniper - #gcc - #gptfdisk - #graphviz - #haskellPackages.cabal2nix - #haskellPackages.ghc - #haskellPackages.shake - #hdparm - #i7z - #iftop - #imagemagick - #inotifyTools - #iodine - #iotop - #lshw - #lsof - #minicom - #mtools - #ncmpc - #nethogs - #nix-prefetch-scripts #cvs bug - #openssl - #openswan - #parted - #perl - #powertop - #ppp - #proot - #pythonPackages.arandr - #pythonPackages.youtube-dl - #racket - #rxvt_unicode-with-plugins - #scrot - #sec - #silver-searcher - #sloccount - #smartmontools - #socat - #sshpass - #strongswan - #sysdig - #sysstat - #tcpdump - #tlsdate - #unetbootin - #utillinuxCurses - #wvdial - #xdotool - #xkill - #xl2tpd - #xsel - - unison - ]; - } ]; boot.initrd.luks = { @@ -133,15 +46,6 @@ with import ; }; }; - environment.systemPackages = with pkgs; [ - ethtool - tinc_pre - iptables - #jack2 - - gptfdisk - ]; - security.wrappers = { sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron }; From 0b4d3edff8f3e0e33756355f1b3121cf311bafdb Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 1 Aug 2017 22:32:14 +0200 Subject: [PATCH 24/39] tv: boot.tmpOnTmpfs = true --- tv/1systems/mu/config.nix | 10 ---------- tv/1systems/nomic/config.nix | 3 --- tv/1systems/wu/config.nix | 10 ---------- tv/1systems/xu/config.nix | 10 ---------- tv/1systems/zu/config.nix | 10 ---------- tv/2configs/default.nix | 2 ++ 6 files changed, 2 insertions(+), 43 deletions(-) diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix index 4c6d16329..01de9ee6b 100644 --- a/tv/1systems/mu/config.nix +++ b/tv/1systems/mu/config.nix @@ -50,11 +50,6 @@ with import ; "/boot" = { device = "/dev/sda1"; }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = [ "nosuid" "nodev" "noatime" ]; - }; }; swapDevices =[ ]; @@ -152,9 +147,4 @@ with import ; "networkmanager" ]; }; - - # see tmpfiles.d(5) - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" # does this work with mounted /tmp? - ]; } diff --git a/tv/1systems/nomic/config.nix b/tv/1systems/nomic/config.nix index d0144986b..64cccde0c 100644 --- a/tv/1systems/nomic/config.nix +++ b/tv/1systems/nomic/config.nix @@ -52,9 +52,6 @@ with import ; swapDevices = [ ]; - # TODO base - boot.tmpOnTmpfs = true; - environment.systemPackages = with pkgs; [ (writeDashBin "play" '' set -euf diff --git a/tv/1systems/wu/config.nix b/tv/1systems/wu/config.nix index 5ec6a462e..cdcaa98d9 100644 --- a/tv/1systems/wu/config.nix +++ b/tv/1systems/wu/config.nix @@ -45,11 +45,6 @@ with import ; "/boot" = { device = "/dev/sda1"; }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; }; krebs.nixpkgs.allowUnfreePredicate = pkg: hasPrefix "nvidia-x11-" pkg.name; @@ -64,11 +59,6 @@ with import ; services.printing.enable = true; - # see tmpfiles.d(5) - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" # does this work with mounted /tmp? - ]; - services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="00:90:f5:da:aa:c3", NAME="en0" SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:1b:ae:6c", NAME="wl0" diff --git a/tv/1systems/xu/config.nix b/tv/1systems/xu/config.nix index 2c5e827a9..0525be858 100644 --- a/tv/1systems/xu/config.nix +++ b/tv/1systems/xu/config.nix @@ -137,11 +137,6 @@ with import ; "/boot" = { device = "/dev/sda1"; }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; }; environment.systemPackages = with pkgs; [ @@ -159,11 +154,6 @@ with import ; services.printing.enable = true; - # see tmpfiles.d(5) - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" # does this work with mounted /tmp? - ]; - #services.bitlbee.enable = true; #services.tor.client.enable = true; #services.tor.enable = true; diff --git a/tv/1systems/zu/config.nix b/tv/1systems/zu/config.nix index 5936ddfe1..7267bbc9e 100644 --- a/tv/1systems/zu/config.nix +++ b/tv/1systems/zu/config.nix @@ -39,11 +39,6 @@ with import ; "/boot" = { device = "/dev/sda1"; }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; }; security.wrappers = { @@ -52,11 +47,6 @@ with import ; services.printing.enable = true; - # see tmpfiles.d(5) - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" # does this work with mounted /tmp? - ]; - #services.bitlbee.enable = true; #services.tor.client.enable = true; #services.tor.enable = true; diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 834a89083..c58525e98 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -4,6 +4,8 @@ with import ; then "buildbot" else "tv"; in { + boot.tmpOnTmpfs = true; + krebs.enable = true; krebs.build.user = config.krebs.users.tv; From f58b49aa82769b4f3eca5ee0e63de407224c7dd9 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 1 Aug 2017 22:34:14 +0200 Subject: [PATCH 25/39] tv config: drop unused "builder" variable --- tv/2configs/default.nix | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index c58525e98..730b055a2 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -1,9 +1,6 @@ with import ; -{ config, lib, pkgs, ... }: let - builder = if getEnv "dummy_secrets" == "true" - then "buildbot" - else "tv"; -in { +{ config, pkgs, ... }: { + boot.tmpOnTmpfs = true; krebs.enable = true; From 9b62b9d74ba298b10823d5b71aa46d6ea46f0e13 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 1 Aug 2017 22:37:41 +0200 Subject: [PATCH 26/39] tv systems: normalize head --- tv/1systems/alnus/config.nix | 4 +--- tv/1systems/mu/config.nix | 4 +--- tv/1systems/nomic/config.nix | 4 +--- tv/1systems/wu/config.nix | 4 +--- tv/1systems/xu/config.nix | 4 +--- tv/1systems/zu/config.nix | 4 +--- 6 files changed, 6 insertions(+), 18 deletions(-) diff --git a/tv/1systems/alnus/config.nix b/tv/1systems/alnus/config.nix index dd9e594fc..b53a8ea9e 100644 --- a/tv/1systems/alnus/config.nix +++ b/tv/1systems/alnus/config.nix @@ -1,8 +1,6 @@ -{ config, pkgs, ... }: - with import ; +{ config, pkgs, ... }: { -{ imports = [ diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix index 01de9ee6b..11715c14d 100644 --- a/tv/1systems/mu/config.nix +++ b/tv/1systems/mu/config.nix @@ -1,8 +1,6 @@ -{ config, pkgs, ... }: - with import ; +{ config, pkgs, ... }: { -{ imports = [ diff --git a/tv/1systems/nomic/config.nix b/tv/1systems/nomic/config.nix index 64cccde0c..e96699800 100644 --- a/tv/1systems/nomic/config.nix +++ b/tv/1systems/nomic/config.nix @@ -1,8 +1,6 @@ -{ config, lib, pkgs, ... }: - with import ; +{ config, pkgs, ... }: { -{ krebs.build.host = config.krebs.hosts.nomic; imports = [ diff --git a/tv/1systems/wu/config.nix b/tv/1systems/wu/config.nix index cdcaa98d9..24a1141ba 100644 --- a/tv/1systems/wu/config.nix +++ b/tv/1systems/wu/config.nix @@ -1,8 +1,6 @@ -{ config, lib, pkgs, ... }: - with import ; +{ config, pkgs, ... }: { -{ krebs.build.host = config.krebs.hosts.wu; imports = [ diff --git a/tv/1systems/xu/config.nix b/tv/1systems/xu/config.nix index 0525be858..0444b95cb 100644 --- a/tv/1systems/xu/config.nix +++ b/tv/1systems/xu/config.nix @@ -1,8 +1,6 @@ -{ config, lib, pkgs, ... }: - with import ; +{ config, pkgs, ... }: { -{ krebs.build.host = config.krebs.hosts.xu; imports = [ diff --git a/tv/1systems/zu/config.nix b/tv/1systems/zu/config.nix index 7267bbc9e..1a924a477 100644 --- a/tv/1systems/zu/config.nix +++ b/tv/1systems/zu/config.nix @@ -1,8 +1,6 @@ -{ config, lib, pkgs, ... }: - with import ; +{ config, pkgs, ... }: { -{ krebs.build.host = config.krebs.hosts.zu; imports = [ From 91e48fae045a8b00239ae65bb027143ef9fcc50c Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 1 Aug 2017 22:47:08 +0200 Subject: [PATCH 27/39] tv: drop redundant swapDevices defs --- tv/1systems/alnus/config.nix | 2 -- tv/1systems/mu/config.nix | 2 -- tv/1systems/nomic/config.nix | 2 -- 3 files changed, 6 deletions(-) diff --git a/tv/1systems/alnus/config.nix b/tv/1systems/alnus/config.nix index b53a8ea9e..71302d594 100644 --- a/tv/1systems/alnus/config.nix +++ b/tv/1systems/alnus/config.nix @@ -79,8 +79,6 @@ with import ; }; }; - swapDevices =[ ]; - users.users.dv = { inherit (config.krebs.users.dv) home uid; isNormalUser = true; diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix index 11715c14d..0c1e79238 100644 --- a/tv/1systems/mu/config.nix +++ b/tv/1systems/mu/config.nix @@ -50,8 +50,6 @@ with import ; }; }; - swapDevices =[ ]; - nixpkgs.config.allowUnfree = true; hardware.opengl.driSupport32Bit = true; diff --git a/tv/1systems/nomic/config.nix b/tv/1systems/nomic/config.nix index e96699800..996a5e7ec 100644 --- a/tv/1systems/nomic/config.nix +++ b/tv/1systems/nomic/config.nix @@ -48,8 +48,6 @@ with import ; fsType = "btrfs"; }; - swapDevices = [ ]; - environment.systemPackages = with pkgs; [ (writeDashBin "play" '' set -euf From 4580d831a889b6260210ec2abb01ca387f35f801 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 1 Aug 2017 22:55:16 +0200 Subject: [PATCH 28/39] tv zu: add fileSystems."/bku" --- tv/1systems/zu/config.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tv/1systems/zu/config.nix b/tv/1systems/zu/config.nix index 1a924a477..05c14299c 100644 --- a/tv/1systems/zu/config.nix +++ b/tv/1systems/zu/config.nix @@ -29,6 +29,11 @@ with import ; fsType = "btrfs"; options = ["defaults" "noatime" "ssd" "compress=lzo"]; }; + "/bku" = { + device = "/dev/mapper/zuvga-bku"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; "/home" = { device = "/dev/mapper/zuvga-home"; fsType = "btrfs"; From 51042442288c2d27a2fb7ce073801932c5457813 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 1 Aug 2017 23:28:21 +0200 Subject: [PATCH 29/39] tv: drop security.wrappers.sendmail --- tv/1systems/mu/config.nix | 1 - tv/1systems/wu/config.nix | 4 ---- tv/1systems/xu/config.nix | 4 ---- tv/1systems/zu/config.nix | 4 ---- 4 files changed, 13 deletions(-) diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix index 0c1e79238..95b01bffc 100644 --- a/tv/1systems/mu/config.nix +++ b/tv/1systems/mu/config.nix @@ -88,7 +88,6 @@ with import ; programs.ssh.startAgent = false; security.wrappers = { - sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron slock.source = "${pkgs.slock}/bin/slock"; }; diff --git a/tv/1systems/wu/config.nix b/tv/1systems/wu/config.nix index 24a1141ba..79b5aa269 100644 --- a/tv/1systems/wu/config.nix +++ b/tv/1systems/wu/config.nix @@ -51,10 +51,6 @@ with import ; hardware.enableRedistributableFirmware= true; hardware.opengl.driSupport32Bit = true; - security.wrappers = { - sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron - }; - services.printing.enable = true; services.udev.extraRules = '' diff --git a/tv/1systems/xu/config.nix b/tv/1systems/xu/config.nix index 0444b95cb..0abd544ce 100644 --- a/tv/1systems/xu/config.nix +++ b/tv/1systems/xu/config.nix @@ -146,10 +146,6 @@ with import ; gptfdisk ]; - security.wrappers = { - sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron - }; - services.printing.enable = true; #services.bitlbee.enable = true; diff --git a/tv/1systems/zu/config.nix b/tv/1systems/zu/config.nix index 05c14299c..414d2f226 100644 --- a/tv/1systems/zu/config.nix +++ b/tv/1systems/zu/config.nix @@ -44,10 +44,6 @@ with import ; }; }; - security.wrappers = { - sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron - }; - services.printing.enable = true; #services.bitlbee.enable = true; From c5fae75443a7f13b54a0952d12275e9016628db2 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 1 Aug 2017 23:28:41 +0200 Subject: [PATCH 30/39] mv: drop security.wrappers.sendmail --- mv/1systems/stro.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/mv/1systems/stro.nix b/mv/1systems/stro.nix index c8035b88e..bb37aedda 100644 --- a/mv/1systems/stro.nix +++ b/mv/1systems/stro.nix @@ -143,10 +143,6 @@ with import ; }; }; - security.wrappers = { - sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron - }; - security.sudo.extraConfig = '' Defaults env_keep+="SSH_CLIENT" Defaults mailto="${config.krebs.users.mv.mail}" From 13b161949cee6f1fb97781fcfa0a700ac4f5b352 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 2 Aug 2017 00:22:49 +0200 Subject: [PATCH 31/39] tv mu: drop boot.extraModprobeConfig --- tv/1systems/mu/config.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix index 95b01bffc..32143f37c 100644 --- a/tv/1systems/mu/config.nix +++ b/tv/1systems/mu/config.nix @@ -31,10 +31,6 @@ with import ; boot.kernelModules = [ "fbcon" "kvm-intel" ]; boot.extraModulePackages = [ ]; - boot.extraModprobeConfig = '' - options kvm_intel nested=1 - ''; - fileSystems = { "/" = { device = "/dev/vgmu1/nixroot"; From 26b88c04c59ed05ae29b9a65563322aa01527b96 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 2 Aug 2017 02:13:21 +0200 Subject: [PATCH 32/39] tv: add x0vncserver module --- tv/3modules/default.nix | 1 + tv/3modules/x0vncserver.nix | 52 +++++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 tv/3modules/x0vncserver.nix diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix index 397ee8e85..83dc212a6 100644 --- a/tv/3modules/default.nix +++ b/tv/3modules/default.nix @@ -6,5 +6,6 @@ _: ./ejabberd ./hosts.nix ./iptables.nix + ./x0vncserver.nix ]; } diff --git a/tv/3modules/x0vncserver.nix b/tv/3modules/x0vncserver.nix new file mode 100644 index 000000000..44fed590d --- /dev/null +++ b/tv/3modules/x0vncserver.nix @@ -0,0 +1,52 @@ +with import ; +{ config, pkgs, ... }: let + + cfg = config.tv.x0vncserver; + +in { + options.tv.x0vncserver = { + display = mkOption { + default = ":${toString config.services.xserver.display}"; + type = types.str; + }; + enable = mkEnableOption "tv.x0vncserver"; + pwfile = mkOption { + default = { + owner = cfg.user; + path = "${cfg.user.home}/.vncpasswd"; + source-path = toString + "/vncpasswd"; + }; + description = '' + Use vncpasswd to edit pwfile. + See: nix-shell -p tigervnc --run 'man vncpasswd' + ''; + type = types.secret-file; + }; + rfbport = mkOption { + default = 5900; + type = types.int; + }; + user = mkOption { + default = config.krebs.build.user; + type = types.user; + }; + }; + config = mkIf cfg.enable { + krebs.secret.files = { + x0vncserver-pwfile = cfg.pwfile; + }; + systemd.services.x0vncserver = { + after = [ "graphical.target" "secret.service" ]; + requires = [ "graphical.target" "secret.service" ]; + serviceConfig = { + ExecStart = "${pkgs.tigervnc}/bin/x0vncserver ${toString [ + "-display ${cfg.display}" + "-passwordfile ${cfg.pwfile.path}" + "-rfbport ${toString cfg.rfbport}" + ]}"; + User = cfg.user.name; + }; + }; + tv.iptables.input-retiolum-accept-tcp = singleton (toString cfg.rfbport); + }; +} From f607ba46109e11466988b980ff36e395aa0c4049 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 2 Aug 2017 02:13:57 +0200 Subject: [PATCH 33/39] tv mu: drop udev extraRules --- tv/1systems/mu/config.nix | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix index 32143f37c..42fcfdb29 100644 --- a/tv/1systems/mu/config.nix +++ b/tv/1systems/mu/config.nix @@ -12,16 +12,6 @@ with import ; krebs.build.host = config.krebs.hosts.mu; krebs.build.user = mkForce config.krebs.users.vv; - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="00:90:f5:da:aa:c3", NAME="en0" - SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:1b:ae:6c", NAME="wl0" - - # for jack - KERNEL=="rtc0", GROUP="audio" - KERNEL=="hpet", GROUP="audio" - ''; - - # hardware configuration boot.initrd.luks.devices = [ { name = "vgmu1"; device = "/dev/sda2"; } From d97d86eddec8002a7a7e5b01320e33121a6ff27f Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 2 Aug 2017 02:14:23 +0200 Subject: [PATCH 34/39] tv mu: boot.loader.{gummiboot => systemd-boot} --- tv/1systems/mu/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix index 42fcfdb29..96ccd321e 100644 --- a/tv/1systems/mu/config.nix +++ b/tv/1systems/mu/config.nix @@ -43,8 +43,8 @@ with import ; hardware.enableRedistributableFirmware = true; - boot.loader.gummiboot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + boot.loader.systemd-boot.enable = true; networking.networkmanager.enable = true; From 87c7d8dcf933c2de783098dfe9b6f1b383062daf Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 2 Aug 2017 02:14:49 +0200 Subject: [PATCH 35/39] tv mu: enable x0vncserver --- tv/1systems/mu/config.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix index 96ccd321e..089481872 100644 --- a/tv/1systems/mu/config.nix +++ b/tv/1systems/mu/config.nix @@ -12,6 +12,8 @@ with import ; krebs.build.host = config.krebs.hosts.mu; krebs.build.user = mkForce config.krebs.users.vv; + tv.x0vncserver.enable = true; + # hardware configuration boot.initrd.luks.devices = [ { name = "vgmu1"; device = "/dev/sda2"; } From 37373468839e8b734d0ea9ddabb49d2196206d4f Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 2 Aug 2017 01:08:12 +0200 Subject: [PATCH 36/39] ma sane-extra: init --- makefu/3modules/default.nix | 1 + makefu/3modules/sane-extra.nix | 45 ++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+) create mode 100644 makefu/3modules/sane-extra.nix diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index 2981e0fa3..00df56bee 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -9,6 +9,7 @@ _: ./opentracker.nix ./ps3netsrv.nix ./logging-config.nix + ./sane-extra.nix ./server-config.nix ./snapraid.nix ./torrent.nix diff --git a/makefu/3modules/sane-extra.nix b/makefu/3modules/sane-extra.nix new file mode 100644 index 000000000..2e0ce8f2f --- /dev/null +++ b/makefu/3modules/sane-extra.nix @@ -0,0 +1,45 @@ +{ config, lib, pkgs, ... }: +# https://github.com/michalrus/dotfiles/blob/d943be3089aa436e07cea5f22d829402936a9229/.nixos-config.symlink/modules/sane-extra-config.nix +# via https://github.com/NixOS/nixpkgs/issues/17411 +# via https://unix.stackexchange.com/questions/321954/install-epson-v39-on-nixos +with lib; + +let + + cfg = config.hardware.sane; + + pkg = if cfg.snapshot + then pkgs.sane-backends-git + else pkgs.sane-backends; + + backends = [ pkg ] ++ cfg.extraBackends; + + saneConfig = pkgs.mkSaneConfig { paths = backends; }; + + saneExtraConfig = pkgs.runCommand "sane-extra-config" {} '' + cp -Lr '${pkgs.mkSaneConfig { paths = [ pkgs.sane-backends ]; }}'/etc/sane.d $out + chmod +w $out + ${concatMapStrings (c: '' + f="$out/${c.name}.conf" + [ ! -e "$f" ] || chmod +w "$f" + cat ${builtins.toFile "" (c.value + "\n")} >>"$f" + chmod -w "$f" + '') (mapAttrsToList nameValuePair cfg.extraConfig)} + chmod -w $out + ''; + +in + +{ + options = { + hardware.sane.extraConfig = mkOption { + type = types.attrsOf types.lines; + default = {}; + example = { "some-backend" = "# some lines to add to its .conf"; }; + }; + }; + + config = mkIf (cfg.enable && cfg.extraConfig != {}) { + hardware.sane.configDir = saneExtraConfig.outPath; + }; +} From a5c7310cc24145aee4f8c7fc3f89dde9b95fe7f9 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 2 Aug 2017 11:49:27 +0200 Subject: [PATCH 37/39] ma printer: add support for magicolor --- makefu/2configs/printer.nix | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix index 509ed512d..0865a0841 100644 --- a/makefu/2configs/printer.nix +++ b/makefu/2configs/printer.nix @@ -1,15 +1,30 @@ -{ pkgs, ... }: +{ config, pkgs, ... }: -{ +let + mainUser = config.krebs.build.user.name; +in { services.printing = { enable = true; drivers = [ pkgs.samsungUnifiedLinuxDriver - pkgs.cups-dymo + pkgs.cups-dymo # dymo labelwriter + pkgs.foo2zjs # magicolor 1690mf ]; }; # scanners are printers just in reverse anyway - hardware.sane.enable = true; - hardware.sane.extraBackends = [ pkgs.samsungUnifiedLinuxDriver ]; + services.saned.enable = true; + users.users."${mainUser}".extraGroups = [ "scanner" ]; + + hardware.sane = { + enable = true; + extraBackends = [ pkgs.samsungUnifiedLinuxDriver ]; + + # $ scanimage -p --format=jpg --mode=Gray --source="Automatic Document Feeder" -v --batch="lol%d.jpg" --resolution=150 + + # requires 'sane-extra', scan via: + extraConfig."magicolor" = '' + net 10.42.20.30 0x2098 + ''; # 10.42.20.30: uhrenkind.shack magicolor 1690mf + }; } From a00db299ace1d0950d7d8030a9684fec3b3b2c43 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 2 Aug 2017 22:17:41 +0200 Subject: [PATCH 38/39] ma x: enable stk1160 --- makefu/1systems/x/config.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 969e78bee..368655575 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -54,7 +54,7 @@ with import ; - # + # # Filesystem @@ -62,6 +62,9 @@ with import ; # Security + { + programs.adb.enable = true; + } ]; From 1310375624b7fbcb6c165a032edc9d3ef336d57b Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 2 Aug 2017 22:38:26 +0200 Subject: [PATCH 39/39] ma stk1160: revert to hacky override --- makefu/2configs/hw/stk1160.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/hw/stk1160.nix b/makefu/2configs/hw/stk1160.nix index e73741e26..b3a9e1a5a 100644 --- a/makefu/2configs/hw/stk1160.nix +++ b/makefu/2configs/hw/stk1160.nix @@ -1,8 +1,9 @@ { pkgs, ... }: { # TODO: un-pin linuxPackages somehow + boot.kernelPackages = builtins.trace "Warning: overriding kernel Packages with 4.9" pkgs.linuxPackages; nixpkgs.config.packageOverrides = pkgs: { - linux_latest = pkgs.linux_latest.override { + linux_4_9 = pkgs.linux_4_9.override { extraConfig = '' MEDIA_ANALOG_TV_SUPPORT y VIDEO_STK1160_COMMON m