Merge branch '21.05'

author: makefu <github@syntax-fehler.de> 2021-06-06 19:15:44 +0200
committer: makefu <github@syntax-fehler.de> 2021-06-06 19:15:44 +0200
commit: 74058abe0b5da0753c2167d6bab29eb1eae88366 (patch)
tree: 748e9e75c0498161629597f7469933e69303168b /makefu
parent: 88a845f7a1a037bf6bcf23863d41f36c4cedcd7e (diff)
parent: a5bc9126db72f59062ff9d6a72b2fa35437b42cb (diff)
30 files changed, 49 insertions, 107 deletions
diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix
index 857e7d6e..6afe792e 100644
--- a/makefu/1systems/omo/config.nix
+++ b/makefu/1systems/omo/config.nix
@@ -43,7 +43,6 @@ in {
       <stockholm/makefu/2configs/tools/dev.nix>
       <stockholm/makefu/2configs/tools/desktop.nix>
       <stockholm/makefu/2configs/tools/mobility.nix>
-      { environment.systemPackages = [ pkgs.esniper ]; }
       #<stockholm/makefu/2configs/graphite-standalone.nix>
       #<stockholm/makefu/2configs/share-user-sftp.nix>
 
@@ -141,6 +140,7 @@ in {
     ];
   makefu.full-populate =  true;
   nixpkgs.config.allowUnfree = true;
+  users.users.share.isNormalUser = true;
   users.groups.share = {
     gid = (import <stockholm/lib>).genid "share";
     members = [ "makefu" "misa" ];
@@ -152,6 +152,7 @@ in {
   users.users.misa = {
     uid = 9002;
     name = "misa";
+    isNormalUser = true;
   };
 
   zramSwap.enable = true;
diff --git a/makefu/1systems/x/x13/default.nix b/makefu/1systems/x/x13/default.nix
index f0d663ee..ea557bbe 100644
--- a/makefu/1systems/x/x13/default.nix
+++ b/makefu/1systems/x/x13/default.nix
@@ -8,7 +8,7 @@
     <nixos-hardware/lenovo/thinkpad/l14/amd> # close enough
     # <stockholm/makefu/2configs/hw/tpm.nix>
     <stockholm/makefu/2configs/hw/ssd.nix>
-    <stockholm/makefu/2configs/hw/xmm7360.nix>
+    # <stockholm/makefu/2configs/hw/xmm7360.nix>
   ];
   boot.zfs.requestEncryptionCredentials = true;
   networking.hostId = "f8b8e0a2";
diff --git a/makefu/1systems/x/x13/zfs.nix b/makefu/1systems/x/x13/zfs.nix
index adfebbf9..d6b99df4 100644
--- a/makefu/1systems/x/x13/zfs.nix
+++ b/makefu/1systems/x/x13/zfs.nix
@@ -13,6 +13,7 @@
   boot.kernelModules = [ "kvm-amd" ];
   boot.extraModulePackages = [ ];
 
+  boot.zfs.enableUnstable = true; # required for 21.05
   fileSystems."/" =
     { device = "zroot/root/nixos";
       fsType = "zfs";
diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix
index 4abc7d34..6ce0606a 100644
--- a/makefu/2configs/bgt/download.binaergewitter.de.nix
+++ b/makefu/2configs/bgt/download.binaergewitter.de.nix
@@ -22,6 +22,7 @@ in {
     uid = genid "auphonic";
     group = "nginx";
     useDefaultShell = true;
+    isSystemUser = true;
     openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ];
   };
 
diff --git a/makefu/2configs/bgt/hidden_service.nix b/makefu/2configs/bgt/hidden_service.nix
index c1a31b8d..56d319e3 100644
--- a/makefu/2configs/bgt/hidden_service.nix
+++ b/makefu/2configs/bgt/hidden_service.nix
@@ -41,8 +41,8 @@ in
   services.tor = {
     enable = true;
     hiddenServices."${name}".map = [
-     { port = "80"; }
-     # { port = "443"; toHost = "blog.binaergewitter.de"; }
+     { port = 80; }
+     # { port = 443; toHost = "blog.binaergewitter.de"; }
     ];
   };
 }
diff --git a/makefu/2configs/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix
index 669754ca..46bf0596 100644
--- a/makefu/2configs/bureautomation/default.nix
+++ b/makefu/2configs/bureautomation/default.nix
@@ -6,7 +6,7 @@ in {
   imports = [
     ./ota.nix
     ./comic-updater.nix
-    ./puppy-proxy.nix
+    # ./puppy-proxy.nix
 
     ./zigbee2mqtt
 
diff --git a/makefu/2configs/dcpp/hub.nix b/makefu/2configs/dcpp/hub.nix
index fbbce1f0..d9a2869c 100644
--- a/makefu/2configs/dcpp/hub.nix
+++ b/makefu/2configs/dcpp/hub.nix
@@ -33,10 +33,11 @@ let
   uhubDir = "/var/lib/uhub";
 
 in {
-  users.extraUsers."${ddclientUser}" = {
+  users.users."${ddclientUser}" = {
     uid = genid "ddclient";
     description = "ddclient daemon user";
     home = stateDir;
+    isSystemUser = true;
     createHome = true;
   };
 
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index be64e402..52206c38 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -23,6 +23,7 @@ with import <stockholm/lib>;
       group = "users";
       home = "/home/makefu";
       createHome = true;
+      isNormalUser = true;
       useDefaultShell = true;
       extraGroups = [ "wheel" ];
         openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix
index 86bd4b52..0593cf7f 100644
--- a/makefu/2configs/deployment/owncloud.nix
+++ b/makefu/2configs/deployment/owncloud.nix
@@ -75,7 +75,7 @@ in {
     };
   };
   services.redis.enable = true;
-  systemd.services.redis.serviceConfig.LimitNOFILE=65536;
+  systemd.services.redis.serviceConfig.LimitNOFILE=mkForce "65536";
   services.postgresql = {
     enable = true;
     # Ensure the database, user, and permissions always exist
diff --git a/makefu/2configs/deployment/rss.euer.krebsco.de.nix b/makefu/2configs/deployment/rss.euer.krebsco.de.nix
index a7ada939..098ffcdd 100644
--- a/makefu/2configs/deployment/rss.euer.krebsco.de.nix
+++ b/makefu/2configs/deployment/rss.euer.krebsco.de.nix
@@ -7,6 +7,11 @@ in {
     virtualHost = fqdn;
     selfUrlPath = "https://${fqdn}";
   };
+
+  nixpkgs.config.permittedInsecurePackages = [
+    "python2.7-Pillow-6.2.2"
+  ];
+
   systemd.services.tt-rss.serviceConfig.ExecStart = lib.mkForce "${pkgs.php}/bin/php /var/lib/tt-rss/update_daemon2.php";
   services.postgresql.package = pkgs.postgresql_9_6;
   state = [ config.services.postgresqlBackup.location ];
diff --git a/makefu/2configs/filepimp-share.nix b/makefu/2configs/filepimp-share.nix
index 70c0320a..abbdcbbb 100644
--- a/makefu/2configs/filepimp-share.nix
+++ b/makefu/2configs/filepimp-share.nix
@@ -6,7 +6,7 @@ let
 in {
   users.users.smbguest = {
     name = "smbguest";
-    uid = config.ids.uids.smbguest;
+    uid = config.ids.uids.smbguest; # effectively systemUser
     description = "smb guest user";
     home = "/var/empty";
   };
diff --git a/makefu/2configs/home/metube.nix b/makefu/2configs/home/metube.nix
index 50646d21..e6008d47 100644
--- a/makefu/2configs/home/metube.nix
+++ b/makefu/2configs/home/metube.nix
@@ -26,7 +26,10 @@ in
     ];
     user = "metube";
   };
-  users.users.metube.uid = uid;
+  users.users.metube = {
+    uid = uid;
+    isSystemUser = true;
+  };
 
   systemd.services.docker-metube.serviceConfig = {
     StandardOutput = lib.mkForce "journal";
diff --git a/makefu/2configs/home/zigbee2mqtt/default.nix b/makefu/2configs/home/zigbee2mqtt/default.nix
index 95ee5683..1c4582ed 100644
--- a/makefu/2configs/home/zigbee2mqtt/default.nix
+++ b/makefu/2configs/home/zigbee2mqtt/default.nix
@@ -20,7 +20,7 @@ in
   services.zigbee2mqtt = {
     enable = true;
     inherit dataDir;
-    config = {
+    settings = {
       permit_join = true;
       serial.port = "/dev/cc2531";
       homeassistant = true;
diff --git a/makefu/2configs/lanparty/samba.nix b/makefu/2configs/lanparty/samba.nix
index 4176d7b3..0bd29497 100644
--- a/makefu/2configs/lanparty/samba.nix
+++ b/makefu/2configs/lanparty/samba.nix
@@ -3,7 +3,7 @@
   networking.firewall.allowedTCPPorts = [ 139 445 ];
   users.users.smbguest = {
     name = "smbguest";
-    uid = config.ids.uids.smbguest;
+    uid = config.ids.uids.smbguest; #effectively systemUser
     description = "smb guest user";
     home = "/data/lanparty";
     createHome = true;
diff --git a/makefu/2configs/nsupdate-data.nix b/makefu/2configs/nsupdate-data.nix
index cfa6193c..2f8f4acc 100644
--- a/makefu/2configs/nsupdate-data.nix
+++ b/makefu/2configs/nsupdate-data.nix
@@ -34,6 +34,7 @@ in {
     description = "ddclient daemon user";
     home = stateDir;
     createHome = true;
+    isSystemUser = true;
   };
 
   systemd.services = {
diff --git a/makefu/2configs/remote-build/slave.nix b/makefu/2configs/remote-build/slave.nix
index 0227f512..039698f1 100644
--- a/makefu/2configs/remote-build/slave.nix
+++ b/makefu/2configs/remote-build/slave.nix
@@ -1,11 +1,12 @@
 {config,...}:{
   nix.trustedUsers = [ "nixBuild" ];
   users.users.nixBuild = {
-      name = "nixBuild";
-      useDefaultShell = true;
-      openssh.authorizedKeys.keys = [
-        config.krebs.users.buildbotSlave.pubkey
-        config.krebs.users.makefu-remote-builder.pubkey
-      ];
-    };
+    name = "nixBuild";
+    isNormalUser = true;
+    useDefaultShell = true;
+    openssh.authorizedKeys.keys = [
+      config.krebs.users.buildbotSlave.pubkey
+      config.krebs.users.makefu-remote-builder.pubkey
+    ];
+  };
 }
diff --git a/makefu/2configs/share-user-sftp.nix b/makefu/2configs/share-user-sftp.nix
index 2c93143e..26f1d3ba 100644
--- a/makefu/2configs/share-user-sftp.nix
+++ b/makefu/2configs/share-user-sftp.nix
@@ -5,6 +5,7 @@
     share = {
       uid = 9002;
       home = "/var/empty";
+      isNormalUser = true;
       openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
     };
   };
diff --git a/makefu/2configs/share/gum.nix b/makefu/2configs/share/gum.nix
index 27e0c638..fd81f28c 100644
--- a/makefu/2configs/share/gum.nix
+++ b/makefu/2configs/share/gum.nix
@@ -11,7 +11,10 @@ in {
   #   home = "/var/empty";
   # };
   environment.systemPackages = [ pkgs.samba ];
-  users.users.download.uid = genid "download";
+  users.users.download = {
+    uid = genid "download";
+    isNormalUser = true;
+  };
   services.samba = {
     enable = true;
     shares = {
diff --git a/makefu/2configs/share/temp-share-samba.nix b/makefu/2configs/share/temp-share-samba.nix
index ac0eaa97..56beb5b4 100644
--- a/makefu/2configs/share/temp-share-samba.nix
+++ b/makefu/2configs/share/temp-share-samba.nix
@@ -9,7 +9,7 @@
   networking.firewall.allowedTCPPorts = [ 139 445 ];
   users.users.smbguest = {
     name = "smbguest";
-    uid = config.ids.uids.smbguest;
+    uid = config.ids.uids.smbguest; # effectively systemUser
     description = "smb guest user";
     home = "/home/share";
     createHome = true;
diff --git a/makefu/2configs/share/wbob.nix b/makefu/2configs/share/wbob.nix
index 9695751f..f2c36b55 100644
--- a/makefu/2configs/share/wbob.nix
+++ b/makefu/2configs/share/wbob.nix
@@ -3,7 +3,7 @@
   networking.firewall.allowedTCPPorts = [ 139 445 ];
   users.users.smbguest = {
     name = "smbguest";
-    uid = config.ids.uids.smbguest;
+    uid = config.ids.uids.smbguest;  # effectively systemUser
     description = "smb guest user";
     home = "/home/share";
     createHome = true;
diff --git a/makefu/2configs/stats/arafetch.nix b/makefu/2configs/stats/arafetch.nix
index e96daa03..c8ccbfbb 100644
--- a/makefu/2configs/stats/arafetch.nix
+++ b/makefu/2configs/stats/arafetch.nix
@@ -23,6 +23,7 @@ in {
     uid = genid "arafetch";
     inherit home;
     createHome = true;
+    isSystemUser = true;
   };
 
   systemd.services.ara2mqtt = {
diff --git a/makefu/2configs/temp/share-samba.nix b/makefu/2configs/temp/share-samba.nix
index 34f0ab0b..106f8fac 100644
--- a/makefu/2configs/temp/share-samba.nix
+++ b/makefu/2configs/temp/share-samba.nix
@@ -1,7 +1,7 @@
 {config, ... }:{
   users.users.smbguest = {
     name = "smbguest";
-    uid = config.ids.uids.smbguest;
+    uid = config.ids.uids.smbguest;  # effectively systemUser
     group = "share";
     description = "smb guest user";
     home = "/var/empty";
diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix
index 5a6ef7c9..763603df 100644
--- a/makefu/2configs/tools/extra-gui.nix
+++ b/makefu/2configs/tools/extra-gui.nix
@@ -20,5 +20,6 @@
     # rambox
 
     vscode
+    chitubox
   ];
 }
diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix
index d66ea776..14e782e3 100644
--- a/makefu/2configs/tools/media.nix
+++ b/makefu/2configs/tools/media.nix
@@ -15,6 +15,6 @@
     streamripper
     youtube-dl
 
-    pulseeffects
+    pulseeffects-legacy # for pulse
   ];
 }
diff --git a/makefu/2configs/tools/sec.nix b/makefu/2configs/tools/sec.nix
index 17a980ef..acc22d64 100644
--- a/makefu/2configs/tools/sec.nix
+++ b/makefu/2configs/tools/sec.nix
@@ -4,7 +4,7 @@
   users.users.makefu.packages = with pkgs; [
     aria2
     # mitmproxy
-    pythonPackages.binwalk-full
+    python3Packages.binwalk-full
     dnsmasq
     iodine
     mtr
diff --git a/makefu/3modules/ps3netsrv.nix b/makefu/3modules/ps3netsrv.nix
index 5222e50a..30070430 100644
--- a/makefu/3modules/ps3netsrv.nix
+++ b/makefu/3modules/ps3netsrv.nix
@@ -50,6 +50,7 @@ let
     # TODO only create if user is ps3netsrv
     users.users.ps3netsrv = {
       uid = genid "ps3netsrv";
+      isSystemUser = true;
     };
     users.groups.ps3netsrv.gid = genid "ps3netsrv";
   };
diff --git a/makefu/5pkgs/droidcam/default.nix b/makefu/5pkgs/droidcam/default.nix
deleted file mode 100644
index d30fb01a..00000000
--- a/makefu/5pkgs/droidcam/default.nix
+++ /dev/null
@@ -1,55 +0,0 @@
-{ stdenv, fetchFromGitHub
-, pkg-config
-, alsaLib
-, libjpeg_turbo
-, ffmpeg
-, libusbmuxd
-, speex
-, gtk3
-, libappindicator-gtk3
-}:
-
-stdenv.mkDerivation rec {
-  pname = "droidcam";
-  version = "1.6";
-
-  src = fetchFromGitHub {
-    owner = "aramg";
-    repo = "droidcam";
-    rev = "v${version}";
-    sha256 = "1d9qpnmqa3pfwsrpjnxdz76ipk4w37bbxyrazchh4vslnfc886fx";
-  };
-
-  sourceRoot = "source/linux";
-
-  nativeBuildInputs = [ pkg-config ];
-  buildInputs = [
-    alsaLib
-    libjpeg_turbo
-    ffmpeg
-    libusbmuxd
-    speex
-    gtk3
-    libappindicator-gtk3
-  ];
-
-  buildPhase = ''
-    runHook preBuild
-    make JPEG_DIR="" JPEG_INCLUDE="" JPEG_LIB="" JPEG="$(pkg-config --libs --cflags libturbojpeg)"
-  '';
-  installPhase = ''
-    runHook preInstall
-    install -Dm755 "droidcam" "$out/bin/droidcam"
-    install -Dm755 "droidcam-cli" "$out/bin/droidcam-cli"
-    install -Dm644 icon2.png "$out/share/pixmaps/droidcam.png"
-    install -Dm644 README.md "$out/share/licenses/droidcam/LICENSE"
-  '';
-
-  meta = with stdenv.lib; {
-    description = "A kernel module to create V4L2 loopback devices";
-    homepage = "https://github.com/aramg/droidcam";
-    license = licenses.gpl2;
-    maintainers = [ maintainers.makefu ];
-    platforms = platforms.linux;
-  };
-}
diff --git a/makefu/5pkgs/shiori/default.nix b/makefu/5pkgs/shiori/default.nix
index ee4aa930..7de1e5ae 100644
--- a/makefu/5pkgs/shiori/default.nix
+++ b/makefu/5pkgs/shiori/default.nix
@@ -1,6 +1,6 @@
-{ go_1_14, buildGoPackage, fetchFromGitHub }:
+{ buildGoPackage, fetchFromGitHub }:
 let
-  builder = buildGoPackage.override { go = go_1_14; };
+  builder = buildGoPackage;
 in
 builder rec {
   name = "shiori-${version}";
diff --git a/makefu/5pkgs/tt-rss/default.nix b/makefu/5pkgs/tt-rss/default.nix
deleted file mode 100644
index 4907a73a..00000000
--- a/makefu/5pkgs/tt-rss/default.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ stdenv, fetchurl }:
-
-stdenv.mkDerivation rec {
-  pname = "tt-rss";
-  version = "2020-09-23";
-  rev = "d0ed7890df";
-
-  src = fetchurl {
-    url = "https://git.tt-rss.org/git/tt-rss/archive/${rev}.tar.gz";
-    sha256 = "1b2fczd41bqg9bq37r99svrqswr9qrp35m6gn3nz032yqcwc22ij";
-  };
-
-  installPhase = ''
-    mkdir $out
-    cp -ra * $out/
-  '';
-
-  meta = with stdenv.lib; {
-    description = "Web-based news feed (RSS/Atom) aggregator";
-    license = licenses.gpl2Plus;
-    homepage = "https://tt-rss.org";
-    maintainers = with maintainers; [ globin zohl ];
-    platforms = platforms.all;
-  };
-}
diff --git a/makefu/krops.nix b/makefu/krops.nix
index 69703972..fd53f004 100644
--- a/makefu/krops.nix
+++ b/makefu/krops.nix
@@ -77,7 +77,7 @@
     (lib.mkIf ( host-src.home-manager ) {
       home-manager.git = {
         url = https://github.com/rycee/home-manager;
-        ref = "63f299b";
+        ref = "fd5fbb0a241f644908cdf01ccd1821d0606fb4fd";
       };
     })
   ];
author	makefu <github@syntax-fehler.de>	2021-06-06 19:15:44 +0200
committer	makefu <github@syntax-fehler.de>	2021-06-06 19:15:44 +0200
commit	74058abe0b5da0753c2167d6bab29eb1eae88366 (patch)
tree	748e9e75c0498161629597f7469933e69303168b /makefu
parent	88a845f7a1a037bf6bcf23863d41f36c4cedcd7e (diff)
parent	a5bc9126db72f59062ff9d6a72b2fa35437b42cb (diff)