From 4cd09fa26b79dea323e6c7fb4d41eb4eb3440972 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 7 Jul 2016 21:24:37 +0200 Subject: [PATCH 1/5] k 3 buildbot: use last working nixpkgs --- krebs/3modules/buildbot/master.nix | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index f23981f44..bd17c3765 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -3,13 +3,14 @@ with config.krebs.lib; let - nixpkgs-1509 = import (pkgs.fetchFromGitHub { - owner = "NixOS"; repo = "nixpkgs-channels"; - rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda"; - sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73"; + # https://github.com/NixOS/nixpkgs/issues/14026 + nixpkgs-fix = import (pkgs.fetchgit { + url = https://github.com/nixos/nixpkgs; + rev = "e026b5c243ea39810826e68362718f5d703fb5d0"; + sha256 = "87e0724910a6df0371f883f99a8cf42e366fb4119f676f6f74ffb404beca2632"; }) {}; - buildbot = nixpkgs-1509.buildbot; + buildbot = nixpkgs-fix.buildbot; buildbot-master-config = pkgs.writeText "buildbot-master.cfg" '' # -*- python -*- from buildbot.plugins import * From 60b85fb15384f4d1fdffa1f00d6218de5fb3282f Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 7 Jul 2016 22:06:10 +0200 Subject: [PATCH 2/5] Revert "l 2 websites: phpIni -> phpOptions" This reverts commit abdf11a17331401e3fca5e73dd38b241614c5aea. --- lass/2configs/websites/domsen.nix | 24 ++++++++++++------------ lass/2configs/websites/fritz.nix | 21 ++++++++------------- 2 files changed, 20 insertions(+), 25 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 3c33c0702..8a2161e45 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -113,18 +113,18 @@ in { createHome = true; }; - services.phpfpm.phpOptions = '' - extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - sendmail_path = ${sendmail} -t - ''; - #services.phpfpm.phpIni = pkgs.runCommand "php.ini" { - # options = '' - # extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - # sendmail_path = "${sendmail} -t -i" - # ''; - #} '' - # cat ${pkgs.php}/etc/php-recommended.ini > $out - # echo "$options" >> $out + #services.phpfpm.phpOptions = '' + # extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so + # sendmail_path = ${sendmail} -t #''; + services.phpfpm.phpIni = pkgs.runCommand "php.ini" { + options = '' + extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so + sendmail_path = "${sendmail} -t -i" + ''; + } '' + cat ${pkgs.php}/etc/php-recommended.ini > $out + echo "$options" >> $out + ''; } diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index 0107da739..39f0cce06 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -74,18 +74,13 @@ in { config.krebs.users.fritz.pubkey ]; - services.phpfpm.phpOptions = '' - extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - sendmail_path = ${sendmail} -t + services.phpfpm.phpIni = pkgs.runCommand "php.ini" { + options = '' + extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so + sendmail_path = "${sendmail} -t -i" + ''; + } '' + cat ${pkgs.php}/etc/php-recommended.ini > $out + echo "$options" >> $out ''; - - #services.phpfpm.phpIni = pkgs.runCommand "php.ini" { - # options = '' - # extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - # sendmail_path = "${sendmail} -t -i" - # ''; - #} '' - # cat ${pkgs.php}/etc/php-recommended.ini > $out - # echo "$options" >> $out - #''; } From cd990015e15555570561af2e3a20e4d812ae2043 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 7 Jul 2016 22:09:59 +0200 Subject: [PATCH 3/5] l 2 nixpkgs: c78f9ad -> 446d4c1 --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 0021a8615..0f940a369 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs = { url = https://github.com/lassulus/nixpkgs; - rev = "c78f9ad2f91019648bdcf5a911f86ea3a397d290"; + rev = "446d4c1fc10f53cf97abea1996d067ad93de2ded"; }; } From 8f3639df51ed85ac130b45525fabe6ce6f9cac26 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 7 Jul 2016 22:10:41 +0200 Subject: [PATCH 4/5] l 1 helios: configure batter monitoring --- lass/1systems/helios.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 10b00de47..51d2afe84 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -26,6 +26,9 @@ with builtins; enable = true; }; } + { + lass.power-action.battery = "BAT1"; + } ]; krebs.build.host = config.krebs.hosts.helios; From 6eab08eef60d634324056b58c98a1b2a4fa1ed1f Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 7 Jul 2016 22:19:29 +0200 Subject: [PATCH 5/5] l 3 ejabberd: take config from tv --- lass/3modules/ejabberd/config.nix | 4 ++-- lass/3modules/ejabberd/default.nix | 18 ++++++++++++++---- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/lass/3modules/ejabberd/config.nix b/lass/3modules/ejabberd/config.nix index 9a4882644..83ca5dc2a 100644 --- a/lass/3modules/ejabberd/config.nix +++ b/lass/3modules/ejabberd/config.nix @@ -10,7 +10,7 @@ in toFile "ejabberd.conf" '' [ {5222, ejabberd_c2s, [ starttls, - {certfile, ${toErlang cfg.certfile}}, + {certfile, ${toErlang cfg.certfile.path}}, {access, c2s}, {shaper, c2s_shaper}, {max_stanza_size, 65536} @@ -27,7 +27,7 @@ in toFile "ejabberd.conf" '' ]} ]}. {s2s_use_starttls, required}. - {s2s_certfile, ${toErlang cfg.s2s_certfile}}. + {s2s_certfile, ${toErlang cfg.s2s_certfile.path}}. {auth_method, internal}. {shaper, normal, {maxrate, 1000}}. {shaper, fast, {maxrate, 50000}}. diff --git a/lass/3modules/ejabberd/default.nix b/lass/3modules/ejabberd/default.nix index c68f32ef0..18c7cd656 100644 --- a/lass/3modules/ejabberd/default.nix +++ b/lass/3modules/ejabberd/default.nix @@ -4,7 +4,12 @@ in { options.lass.ejabberd = { enable = mkEnableOption "lass.ejabberd"; certfile = mkOption { - type = types.str; + type = types.secret-file; + default = { + path = "${cfg.user.home}/ejabberd.pem"; + owner = cfg.user; + source-path = "/var/lib/acme/lassul.us/full.pem"; + }; }; hosts = mkOption { type = with types; listOf str; @@ -17,12 +22,11 @@ in { export EJABBERD_CONFIG_PATH=${shell.escape (import ./config.nix args)} exec ${pkgs.ejabberd}/bin/ejabberdctl \ --logs ${shell.escape cfg.user.home} \ - --spool ${shell.escape cfg.user.home} \ "$@" ''; }; s2s_certfile = mkOption { - type = types.str; + type = types.secret-file; default = cfg.certfile; }; user = mkOption { @@ -36,9 +40,15 @@ in { config = lib.mkIf cfg.enable { environment.systemPackages = [ cfg.pkgs.ejabberdctl ]; + krebs.secret.files = { + ejabberd-certfile = cfg.certfile; + ejabberd-s2s_certfile = cfg.s2s_certfile; + }; + systemd.services.ejabberd = { wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; + requires = [ "secret.service" ]; + after = [ "network.target" "secret.service" ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = "yes";