diff options
| author | tv <tv@krebsco.de> | 2019-06-25 19:21:20 +0200 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2019-06-25 20:16:12 +0200 |
| commit | 8c667f09c0e6e412283c8d7982a7112123ba5c0c (patch) | |
| tree | 983c08ee1f2e73fe6b3680a9fbf71866bb4ac173 /krebs | |
| parent | d343910e98736a94431fcac3da21274d2ecec449 (diff) | |
| parent | 153505206cba1896685bf1fd7252cffeae19e290 (diff) | |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'krebs')
| -rw-r--r-- | krebs/0tests/data/secrets/shackspace-gitlab-ci | 0 | ||||
| -rw-r--r-- | krebs/1systems/wolf/config.nix | 87 | ||||
| -rw-r--r-- | krebs/2configs/shack/gitlab-runner.nix | 21 | ||||
| -rw-r--r-- | krebs/2configs/shack/netbox.nix | 39 | ||||
| -rw-r--r-- | krebs/3modules/external/default.nix | 37 | ||||
| -rw-r--r-- | krebs/3modules/external/palo.nix | 6 | ||||
| -rw-r--r-- | krebs/3modules/external/ssh/0x4a6f.pub | 1 | ||||
| -rw-r--r-- | krebs/3modules/lass/default.nix | 1 | ||||
| -rw-r--r-- | krebs/3modules/makefu/default.nix | 24 | ||||
| -rw-r--r-- | krebs/3modules/makefu/wiregrill/gum.pub | 2 | ||||
| -rw-r--r-- | krebs/3modules/makefu/wiregrill/rockit.pub | 1 | ||||
| -rw-r--r-- | krebs/3modules/mb/default.nix | 54 | ||||
| -rw-r--r-- | krebs/3modules/syncthing.nix | 45 | ||||
| -rw-r--r-- | krebs/5pkgs/haskell/xmonad-stockholm.nix | 3 | ||||
| -rw-r--r-- | krebs/krops.nix | 2 | ||||
| -rw-r--r-- | krebs/nixpkgs.json | 6 |
16 files changed, 235 insertions, 94 deletions
diff --git a/krebs/0tests/data/secrets/shackspace-gitlab-ci b/krebs/0tests/data/secrets/shackspace-gitlab-ci new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/krebs/0tests/data/secrets/shackspace-gitlab-ci diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index ec883071..7ca0f0ec 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -11,83 +11,44 @@ in <stockholm/krebs> <stockholm/krebs/2configs> <nixpkgs/nixos/modules/profiles/qemu-guest.nix> - <stockholm/krebs/2configs/collectd-base.nix> - <stockholm/krebs/2configs/stats/wolf-client.nix> - <stockholm/krebs/2configs/graphite.nix> <stockholm/krebs/2configs/binary-cache/nixos.nix> <stockholm/krebs/2configs/binary-cache/prism.nix> + # handle the worlddomination map via coap <stockholm/krebs/2configs/shack/worlddomination.nix> + + # drivedroid.shack for shackphone <stockholm/krebs/2configs/shack/drivedroid.nix> # <stockholm/krebs/2configs/shack/nix-cacher.nix> - <stockholm/krebs/2configs/shack/mqtt_sub.nix> + # Say if muell will be collected <stockholm/krebs/2configs/shack/muell_caller.nix> - <stockholm/krebs/2configs/shack/radioactive.nix> + + # create samba share for anonymous usage with the laser and 3d printer pc <stockholm/krebs/2configs/shack/share.nix> + + # mobile.lounge.mpd.shack <stockholm/krebs/2configs/shack/mobile.mpd.nix> - { - systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate - systemd.services.telegraf.environment = { - MIBDIRS = pkgs.fetchgit { - url = "http://git.shackspace.de/makefu/modem-mibs.git"; - sha256 = - "1rhrpaascvj5p3dj29hrw79gm39rp0aa787x95m3r2jrcq83ln1k"; - }; # extra mibs like ADSL - }; - services.telegraf = { - enable = true; - extraConfig = { - inputs = { - snmp = { - agents = [ "10.0.1.3:161" ]; - version = 2; - community = "shack"; - name = "snmp"; - field = [ - { - name = "hostname"; - oid = "RFC1213-MIB::sysName.0"; - is_tag = true; - } - { - name = "load-percent"; #cisco - oid = ".1.3.6.1.4.1.9.9.109.1.1.1.1.4.9"; - } - { - name = "uptime"; - oid = "DISMAN-EVENT-MIB::sysUpTimeInstance"; - } - ]; - table = [{ - name = "snmp"; - inherit_tags = [ "hostname" ]; - oid = "IF-MIB::ifXTable"; - field = [{ - name = "ifName"; - oid = "IF-MIB::ifName"; - is_tag = true; - }]; - }]; - }; - }; - outputs = { - influxdb = { - urls = [ "http://${influx-host}:8086" ]; - database = "telegraf"; - write_consistency = "any"; - timeout = "5s"; - }; - }; - }; - }; - } + # connect to git.shackspace.de as group runner for rz + <stockholm/krebs/2configs/shack/gitlab-runner.nix> + + # Statistics collection and visualization + <stockholm/krebs/2configs/graphite.nix> + ## Collect data from mqtt.shack and store in graphite database + <stockholm/krebs/2configs/shack/mqtt_sub.nix> + ## Collect radioactive data and put into graphite + <stockholm/krebs/2configs/shack/radioactive.nix> + ## Collect local statistics via collectd and send to collectd + <stockholm/krebs/2configs/stats/wolf-client.nix> + ## write collectd statistics to wolf.shack + <stockholm/krebs/2configs/collectd-base.nix> + { services.influxdb.enable = true; } + <stockholm/krebs/2configs/shack/netbox.nix> ]; # use your own binary cache, fallback use cache.nixos.org (which is used by # apt-cacher-ng in first place) - services.influxdb.enable = true; # local discovery in shackspace nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; @@ -156,10 +117,10 @@ in # fallout of ipv6calypse networking.extraHosts = '' hass.shack 10.42.2.191 - heidi.shack 10.42.2.135 ''; users.extraUsers.root.openssh.authorizedKeys.keys = [ + config.krebs.users."0x4a6f".pubkey config.krebs.users.ulrich.pubkey config.krebs.users.raute.pubkey config.krebs.users.makefu-omo.pubkey diff --git a/krebs/2configs/shack/gitlab-runner.nix b/krebs/2configs/shack/gitlab-runner.nix new file mode 100644 index 00000000..0fd06426 --- /dev/null +++ b/krebs/2configs/shack/gitlab-runner.nix @@ -0,0 +1,21 @@ +{ pkgs, ... }: +let + runner-src = builtins.fetchTarball { + url = "https://gitlab.com/arianvp/nixos-gitlab-runner/-/archive/master/nixos-gitlab-runner-master.tar.gz"; + sha256 = "1s0fy5ny2ygcfvx35xws8xz5ih4z4kdfqlq3r6byxpylw7r52fyi"; + }; +in +{ + systemd.services.gitlab-runner.path = [ + "/run/wrappers" # /run/wrappers/bin/su + "/" # /bin/sh + ]; + imports = [ + "${runner-src}/gitlab-runner.nix" + ]; + services.gitlab-runner2.enable = true; + ## registrationConfigurationFile contains: + # CI_SERVER_URL=<CI server URL> + # REGISTRATION_TOKEN=<registration secret> + services.gitlab-runner2.registrationConfigFile = <secrets/shackspace-gitlab-ci>; +} diff --git a/krebs/2configs/shack/netbox.nix b/krebs/2configs/shack/netbox.nix new file mode 100644 index 00000000..4fb5a7db --- /dev/null +++ b/krebs/2configs/shack/netbox.nix @@ -0,0 +1,39 @@ +{ pkgs, ... }: +{ + environment.systemPackages = [ pkgs.docker-compose ]; + virtualisation.docker.enable = true; + services.nginx = { + enable = true; + virtualHosts."netbox.shack".locations."/".proxyPass = "http://localhost:18080"; + }; + # we store the netbox config there: + # state = [ "/var/lib/netbox" ]; + systemd.services.backup-netbox = { + after = [ "netbox-docker-compose.service" ]; + startAt = "daily"; + path = with pkgs; [ docker-compose docker gzip coreutils ]; + script = '' + cd /var/lib/netbox + mkdir -p backup + docker-compose exec -T -upostgres postgres pg_dumpall \ + | gzip > backup/netdata_$(date -Iseconds).dump.gz + ''; + }; + + systemd.services.netbox-docker-compose = { + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" "docker.service" ]; + environment.VERSION = "v2.5.13"; + serviceConfig = { + WorkingDirectory = "/var/lib/netbox"; + # TODO: grep -q NAPALM_SECRET env/netbox.env + # TODO: grep -q NAPALM_SECRET netbox-netprod-importer/switches.yml + ExecStartPre = "${pkgs.docker-compose}/bin/docker-compose pull"; + ExecStart = "${pkgs.docker-compose}/bin/docker-compose up"; + Restart = "always"; + RestartSec = "10"; + StartLimitIntervalSec = 60; + StartLimitBurst = 3; + }; + }; +} diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 080c259a..ac656f46 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -43,6 +43,31 @@ in { }; }; }; + wilde = { + owner = config.krebs.users.kmein; + nets = { + retiolum = { + ip4.addr = "10.243.2.4"; + aliases = [ "wilde.r" ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtz/MY5OSxJqrEMv6Iwjk + g/V58MATljj+2bmOuOuPui/AUYHEZX759lHW4MgLjYdNbZEoVq8UgkxNk0KPGlSg + 2lsJ7FneCU7jBSE2iLT1aHuNFFa56KzSThFUl6Nj6Vyg5ghSmDF2tikurtG2q+Ay + uxf5/yEhFUPc1ZxmvJDqVHMeW5RZkuKXH00C7yN+gdcPuuFEFq+OtHNkBVmaxu7L + a8Q6b/QbrwQJAR9FAcm5WSQIj2brv50qnD8pZrU4loVu8dseQIicWkRowC0bzjAo + IHZTbF/S+CK0u0/q395sWRQJISkD+WAZKz5qOGHc4djJHBR3PWgHWBnRdkYqlQYM + C9zA/n4I+Y2BEfTWtgkD2g0dDssNGP5dlgFScGmRclR9pJ/7dsIbIeo9C72c6q3q + sg0EIWggQ8xyWrUTXIMoDXt37htlTSnTgjGsuwRzjotAEMJmgynWRf3br3yYChrq + 10Exq8Lej+iOuKbdAXlwjKEk0qwN7JWft3OzVc2DMtKf7rcZQkBoLfWKzaCTQ4xo + 1Y7d4OlcjbgrkLwHltTaShyosm8kbttdeinyBG1xqQcK11pMO43GFj8om+uKrz57 + lQUVipu6H3WIVGnvLmr0e9MQfThpC1em/7Aq2exn1JNUHhCdEho/mK2x/doiiI+0 + QAD64zPmuo9wsHnSMR2oKs0CAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; dpdkm = { owner = config.krebs.users.Mic92; nets = rec { @@ -241,6 +266,13 @@ in { }; }; }; + rilke = { + owner = config.krebs.users.kmein; + nets.wiregrill = { + aliases = [ "rilke.w" ]; + wireguard.pubkey = "09yVPHL/ucvqc6V5n7vFQ2Oi1LBMdwQZDL+7jBwy+iQ="; + }; + }; rock = { owner = config.krebs.users.Mic92; nets = { @@ -487,10 +519,13 @@ in { mail = "shackspace.de@myvdr.de"; pubkey = ssh-for "ulrich"; }; + "0x4a6f" = { + mail = "0x4a6f@shackspace.de"; + pubkey = ssh-for "0x4a6f"; + }; miaoski = { }; filly = { }; }; } - diff --git a/krebs/3modules/external/palo.nix b/krebs/3modules/external/palo.nix index cefac095..05808714 100644 --- a/krebs/3modules/external/palo.nix +++ b/krebs/3modules/external/palo.nix @@ -34,7 +34,10 @@ in { retiolum = { ip4.addr = "10.243.23.3"; tinc.port = 720; - aliases = [ "kruck.r" ]; + aliases = [ + "kruck.r" + "video.kruck.r" + ]; tinc.pubkey = tinc-for "palo"; }; }; @@ -49,6 +52,7 @@ in { tinc.pubkey = tinc-for "palo"; }; }; + syncthing.id = "FLY7DHI-TJLEQBJ-JZNC4YV-NBX53Z2-ZBRWADL-BKSFXYZ-L4FMDVH-MOSEVAQ"; }; workhorse = { owner = config.krebs.users.palo; diff --git a/krebs/3modules/external/ssh/0x4a6f.pub b/krebs/3modules/external/ssh/0x4a6f.pub new file mode 100644 index 00000000..1ea084ba --- /dev/null +++ b/krebs/3modules/external/ssh/0x4a6f.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKMoQSUz0wcV8tnTKsYO3sO6XG6EHap8R63ihfMHkxPS diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 41f3852b..f4c8f5c6 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -35,6 +35,7 @@ in { default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + codi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} io 60 IN NS ions.lassul.us. ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index b38c9104..601762b9 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -143,11 +143,19 @@ in { ci = true; cores = 4; nets = { + lan = { + ip4.addr = "192.168.8.11"; + aliases = [ + "wbob.lan" + "log.wbob.lan" + ]; + }; retiolum = { ip4.addr = "10.243.214.15"; aliases = [ "wbob.r" "hydra.wbob.r" + "log.wbob.r" ]; }; }; @@ -182,6 +190,7 @@ in { wiki.euer IN A ${nets.internet.ip4.addr} wikisearch IN A ${nets.internet.ip4.addr} io IN NS gum.krebsco.de. + mediengewitter IN CNAME over.dose.io. ''; }; cores = 8; @@ -196,13 +205,13 @@ in { }; wiregrill = { via = internet; + ip4.addr = "10.244.245.1"; ip6.addr = w6 "1"; - wireguard = { - subnets = [ - (krebs.genipv6 "wiregrill" "external" 0).subnetCIDR + wireguard.port = 51821; + wireguard.subnets = [ (krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR - ]; - }; + "10.244.245.0/24" # required for routing directly to gum via rockit + ]; }; retiolum = { via = internet; @@ -247,7 +256,6 @@ in { cores = 1; extraZones = { "krebsco.de" = '' - mediengewitter IN A ${nets.internet.ip4.addr} flap IN A ${nets.internet.ip4.addr} ''; }; @@ -281,6 +289,10 @@ in { }; }; }; + rockit = rec { # router@home + cores = 1; + nets.wiregrill.ip4.addr = "10.244.245.2"; + }; senderechner = rec { cores = 2; diff --git a/krebs/3modules/makefu/wiregrill/gum.pub b/krebs/3modules/makefu/wiregrill/gum.pub index 4a5f666c..67d6c721 100644 --- a/krebs/3modules/makefu/wiregrill/gum.pub +++ b/krebs/3modules/makefu/wiregrill/gum.pub @@ -1 +1 @@ -yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo= +A7UPKSUaCZaJ9hXv6X4jvcZ+5X+PlS1EmCwxlLBAKH0= diff --git a/krebs/3modules/makefu/wiregrill/rockit.pub b/krebs/3modules/makefu/wiregrill/rockit.pub new file mode 100644 index 00000000..6cb0d960 --- /dev/null +++ b/krebs/3modules/makefu/wiregrill/rockit.pub @@ -0,0 +1 @@ +YmvTL4c13WS6f88ZAz2m/2deL2pnPXI0Ay3edCPE1Qc= diff --git a/krebs/3modules/mb/default.nix b/krebs/3modules/mb/default.nix index c98db4b2..e77811f0 100644 --- a/krebs/3modules/mb/default.nix +++ b/krebs/3modules/mb/default.nix @@ -3,7 +3,6 @@ with import <stockholm/lib>; hostDefaults = hostName: host: flip recursiveUpdate host { ci = true; - monitoring = true; owner = config.krebs.users.mb; }; @@ -63,6 +62,59 @@ in { }; }; }; + gr33n = { + nets = { + retiolum = { + ip4.addr = "10.243.42.123"; + aliases = [ + "gr33n.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvcqecLfk8TlGFF7JJpv8 + kjLFNgoNfu9FYRMNG4GSxWL5w+49n6b+GC5ciOC+RJ+N56jfB9JYE0MtbuOmkY5M + JUphuvgOCNhTbBJsjnmG9n02evpxZn9HWypNC3oQCvY2K7vHpIxGKR5PyTVKPO0P + OOYKAbCLD9F2bmuLaBQ/dFXFQxfu3tjvJI9mYDWBpSkh1mYeMZLw2xxnRZLs0bEO + ZWdzxCh9UM/mgb4WYuNED9+sz7MSsaMPAqquarFCguUxhjp6rElGFcNWjXaxA5zt + JGS6VompUViVSHjSaQ5/3VRKoIQjr4NOFYQqLpmB5S2OpiggV6I9OpB7QUGlvcYd + I3j+1AeK11HuEyPqSwxjNCCrI12bSIo3685BPHbl+AMhWGhzrCkAGcOCbAefreXQ + 5v4SaKUIDlCYhN+vyNdlu2jvqQlxfJrPAfBt+jJBK6gMcAEKc7P/Oj4B9Fsl331X + s0kWH5G9t6OhO/Of8/kb2/P+YEbM6zi1QQdZAOr6Cg0y4cMt9zxLWknaM4yEDAXH + oSM33PTv9DOvBjfxRXqOHqOHRq5ayqZdIFgfLUlPTdbWRkhNzjG8f7k7p32m20A6 + Kal+OF//I2c9E9vKFzyepyTcnwi3B8+cFJ74+XYaNApdwHSb1BU/+c3O9RJExZGV + jtTSbSJHU5esECtAuXy1XH8CAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; + sunsh1n3 = { + ci = false; + nets = { + retiolum = { + ip4.addr = "10.243.42.142"; + aliases = [ + "sunsh1n3.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo2VCqp6mUbyo3n+1XpKf + QavpgRYQyv9wAZzYSYHjxThuLmNb/wERPbWJFMZfAGuku0blKWJISSgFWd9YL7dU + pZQZxfqo/9xnS/r0xIKrKSsBiTZt7JZmTQzj1ri11TIO0S1QPjIP5HsxlZZAw0nz + idEDlKmgWs74FPdezlXqvJyEUKDqL/ZQBtdhZZIDMkSJnCdBzXxKwv+uLVE46ZBf + 4HrtQjcj+dyVMogMIoseAgf5lS6V3pyCM7/NHZFxrIxoIAxSsUoB59i2EbK6aUK5 + yuiWHI6ZHToxN2K/0SX96hzxcwrUmdk49tTHBY0Zhn2ku6NjQPU3LuxgIwrSaSJD + /KWh6XkqR7EsCVN0AIsLvFelI2ckSyNyAlnYbMAHDt7GwHlNp4Lsy+x4ZQ6m0xTY + Z+/jt6sfoMiulPcwWEpqNCCf5A65lF77DldQhH3qYrdQ756n/kOqSfQtPCnVNYXy + LlN5rKCOgxKxxtKkwMUif2OM9RPHpM7wS09Rvek6zpL9ymhU5THF7UylLKxKGjYj + 6dTooyRVQRJdrwIYLrJIy0MfGyYiGAJxf/C0KOOZnJPCW2b51+bo5Zh+BhKZYN8H + C2DEGc8+4h5hX1TAaUfTpfVm3mMTh8H2m9N8Pdl5ji+A0m0IwHDLQyaoskcxSjvU + 9IxYLfkSD6AJqasnHlz0L08CAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; }; users = { mb = { diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix index f653f7fa..939c8fdd 100644 --- a/krebs/3modules/syncthing.nix +++ b/krebs/3modules/syncthing.nix @@ -24,7 +24,7 @@ let getApiKey = pkgs.writeDash "getAPIKey" '' ${pkgs.libxml2}/bin/xmllint \ --xpath 'string(configuration/gui/apikey)'\ - ${scfg.dataDir}/config.xml + ${scfg.configDir}/config.xml ''; updateConfig = pkgs.writeDash "merge-syncthing-config" '' @@ -47,14 +47,20 @@ let } old_config=$(_curl /system/config) - patch=${shell.escape (toJSON { + new_config=${shell.escape (toJSON { inherit devices folders; })} new_config=$(${pkgs.jq}/bin/jq -en \ --argjson old_config "$old_config" \ - --argjson patch "$patch" \ + --argjson new_config "$new_config" \ ' - $old_config * $patch + $old_config * $new_config + ${optionalString (!kcfg.overridePeers) '' + * { devices: $old_config.devices } + ''} + ${optionalString (!kcfg.overrideFolders) '' + * { folders: $old_config.folders } + ''} ' ) echo $new_config | _curl /system/config -d @- @@ -68,11 +74,6 @@ in enable = mkEnableOption "syncthing-init"; - id = mkOption { - type = types.str; - default = config.krebs.build.host.name; - }; - cert = mkOption { type = types.nullOr types.absolute-pathname; default = null; @@ -83,6 +84,13 @@ in default = null; }; + overridePeers = mkOption { + type = types.bool; + default = true; + description = '' + Whether to delete the peers which are not configured via the peers option + ''; + }; peers = mkOption { default = {}; type = types.attrsOf (types.submodule ({ @@ -103,6 +111,13 @@ in })); }; + overrideFolders = mkOption { + type = types.bool; + default = true; + description = '' + Whether to delete the folders which are not configured via the peers option + ''; + }; folders = mkOption { default = {}; type = types.attrsOf (types.submodule ({ config, ... }: { @@ -163,14 +178,14 @@ in systemd.services.syncthing = mkIf (kcfg.cert != null || kcfg.key != null) { preStart = '' ${optionalString (kcfg.cert != null) '' - cp ${toString kcfg.cert} ${scfg.dataDir}/cert.pem - chown ${scfg.user}:${scfg.group} ${scfg.dataDir}/cert.pem - chmod 400 ${scfg.dataDir}/cert.pem + cp ${toString kcfg.cert} ${scfg.configDir}/cert.pem + chown ${scfg.user}:${scfg.group} ${scfg.configDir}/cert.pem + chmod 400 ${scfg.configDir}/cert.pem ''} ${optionalString (kcfg.key != null) '' - cp ${toString kcfg.key} ${scfg.dataDir}/key.pem - chown ${scfg.user}:${scfg.group} ${scfg.dataDir}/key.pem - chmod 400 ${scfg.dataDir}/key.pem + cp ${toString kcfg.key} ${scfg.configDir}/key.pem + chown ${scfg.user}:${scfg.group} ${scfg.configDir}/key.pem + chmod 400 ${scfg.configDir}/key.pem ''} ''; }; diff --git a/krebs/5pkgs/haskell/xmonad-stockholm.nix b/krebs/5pkgs/haskell/xmonad-stockholm.nix index 228d365a..1b197b91 100644 --- a/krebs/5pkgs/haskell/xmonad-stockholm.nix +++ b/krebs/5pkgs/haskell/xmonad-stockholm.nix @@ -1,5 +1,4 @@ -{ mkDerivation, base, containers, fetchgit, filepath, stdenv, unix, X11, X11-xft -, X11-xshape, xmonad, xmonad-contrib +{ mkDerivation, base, containers, fetchgit, filepath, stdenv, unix, X11, X11-xft , X11-xshape, xmonad, xmonad-contrib }: mkDerivation rec { pname = "xmonad-stockholm"; diff --git a/krebs/krops.nix b/krebs/krops.nix index 94418fdc..8d38ed5b 100644 --- a/krebs/krops.nix +++ b/krebs/krops.nix @@ -50,7 +50,7 @@ { nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix"; secrets = if test then { - file = toString <stockholm/krebs/0tests/data/secrets>; + file = toString ./0tests/data/secrets; } else { pass = { dir = "${lib.getEnv "HOME"}/brain"; diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 0bc3abf9..4118a1dd 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "cf3e277dd0bd710af0df667e9364f4bd80c72713", - "date": "2019-04-24T23:55:21+02:00", - "sha256": "1abyadl3sxf67yi65758hq6hf2j07afgp1fmkk7kd94dadx6r6f4", + "rev": "d77e3bd661354ea775a8cacc97bb59ddde513c09", + "date": "2019-06-18T23:08:17+02:00", + "sha256": "1m82zs00n6nc0pkdpmd9amm013qxwksjfhzcm6gck3p469q7n866", "fetchSubmodules": false } |