diff options
| -rw-r--r-- | krebs/1systems/filebitch/hardware-configuration.nix | 28 | ||||
| -rw-r--r-- | krebs/1systems/hotdog/config.nix | 1 | ||||
| -rw-r--r-- | krebs/2configs/default.nix | 1 | ||||
| -rw-r--r-- | krebs/2configs/nscd-fix.nix | 24 | ||||
| -rw-r--r-- | krebs/2configs/reaktor2.nix | 2 | ||||
| -rw-r--r-- | krebs/3modules/github-hosts-sync.nix | 4 | ||||
| -rw-r--r-- | krebs/3modules/jeschli/default.nix | 3 | ||||
| -rw-r--r-- | krebs/5pkgs/haskell/reaktor2/default.nix | 8 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/alertmanager-bot-telegram/default.nix | 2 | ||||
| -rw-r--r-- | krebs/nixpkgs.json | 6 | ||||
| -rwxr-xr-x | krebs/update-nixpkgs.sh | 2 | ||||
| -rw-r--r-- | lass/1systems/icarus/config.nix | 1 | ||||
| -rw-r--r-- | lass/1systems/morpheus/physical.nix | 5 | ||||
| -rw-r--r-- | lass/1systems/shodan/config.nix | 1 | ||||
| -rw-r--r-- | lass/1systems/uriel/physical.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/copyq.nix | 3 | ||||
| -rw-r--r-- | lass/2configs/dcso-vpn.nix | 44 | ||||
| -rw-r--r-- | lass/2configs/default.nix | 1 | ||||
| -rw-r--r-- | lass/2configs/websites/domsen.nix | 1 | ||||
| -rw-r--r-- | lass/2configs/websites/lassulus.nix | 2 | ||||
| -rw-r--r-- | makefu/2configs/minimal.nix | 2 |
21 files changed, 30 insertions, 113 deletions
diff --git a/krebs/1systems/filebitch/hardware-configuration.nix b/krebs/1systems/filebitch/hardware-configuration.nix index 574618e3..1e7fa787 100644 --- a/krebs/1systems/filebitch/hardware-configuration.nix +++ b/krebs/1systems/filebitch/hardware-configuration.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let byid = dev: "/dev/disk/by-id/" + dev; - keyFile = byid "usb-SMI_USB_DISK_AA08061700009650-0:0"; + keyFile = byid "usb-SMI_USB_DISK_AA08061700009650-0:0"; in { imports = @@ -19,7 +19,7 @@ in boot.tmpOnTmpfs = true; - boot.initrd.availableKernelModules = [ + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ohci_pci" "ehci_pci" "usb_storage" "usbhid" "sd_mod" "raid456" "usbhid" @@ -77,20 +77,18 @@ in networking.hostId = "54d97450"; # required for zfs use boot.initrd.luks.devices = let - usbkey = name: device: { - inherit name device keyFile; + usbkey = device: { + inherit device keyFile; keyFileSize = 2048; preLVM = true; }; - in [ - ((usbkey "swap" (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part2")) - // { allowDiscards = true; } ) - ((usbkey "root" (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part3")) - // { allowDiscards = true; } ) - (usbkey "125" "/dev/md125") - (usbkey "126" "/dev/md126") - (usbkey "127" "/dev/md127") - ]; - - + in { + swap = ((usbkey (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part2")) + // { allowDiscards = true; } ); + root = ((usbkey (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part3")) + // { allowDiscards = true; } ); + md125 = usbkey "/dev/md125"; + md126 = usbkey "/dev/md126"; + md127 = usbkey "/dev/md127"; + }; } diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index bb84b187..c0fa3828 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -12,7 +12,6 @@ <stockholm/krebs/2configs/buildbot-stockholm.nix> <stockholm/krebs/2configs/binary-cache/nixos.nix> <stockholm/krebs/2configs/ircd.nix> - <stockholm/krebs/2configs/nscd-fix.nix> <stockholm/krebs/2configs/reaktor2.nix> <stockholm/krebs/2configs/wiki.nix> ]; diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix index 3442272e..f56f6045 100644 --- a/krebs/2configs/default.nix +++ b/krebs/2configs/default.nix @@ -43,7 +43,6 @@ with import <stockholm/lib>; ]; }; services.cron.enable = false; - services.nscd.enable = false; services.ntp.enable = false; users.mutableUsers = false; diff --git a/krebs/2configs/nscd-fix.nix b/krebs/2configs/nscd-fix.nix deleted file mode 100644 index 8e5909e7..00000000 --- a/krebs/2configs/nscd-fix.nix +++ /dev/null @@ -1,24 +0,0 @@ -with import <stockholm/lib>; -{ pkgs, ... }: let - - enable = versionOlderThan "19.03"; - - versionOlderThan = v: - compareVersions - (versions.majorMinor version) - (versions.majorMinor v) - == -1; - - warning = '' - Using custom services.nscd.config because - https://github.com/NixOS/nixpkgs/pull/50316 - ''; - -in - optionalAttrs enable (trace warning { - services.nscd.enable = mkForce true; - services.nscd.config = mkForce (readFile (pkgs.fetchurl { - url = https://raw.githubusercontent.com/arianvp/nixpkgs/1d5f4cb/nixos/modules/services/system/nscd.conf; - sha256 = "1jlddk38lyynjn51zx3xi1nc29ahajyh0qg48qbq6dqlsrn3wxqs"; - })); - }) diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index b80198b0..473028f9 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -95,7 +95,7 @@ let } hooks.sed (generators.command_hook { - inherit (commands) hello random-emoji nixos-version stockholm-issue; + inherit (commands) hello random-emoji nixos-version; tell = { filename = "${pkgs.Reaktor.src}/reaktor/commands/tell-on_privmsg"; diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index 0b7d5609..7d618ebf 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -62,8 +62,8 @@ let }; }; - users.extraUsers = singleton { - inherit (user) name uid; + users.users.${user.name} = { + inherit (user) uid; home = cfg.dataDir; }; }; diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix index 75d7eda6..390f7585 100644 --- a/krebs/3modules/jeschli/default.nix +++ b/krebs/3modules/jeschli/default.nix @@ -12,6 +12,7 @@ with import <stockholm/lib>; in { hosts = mapAttrs hostDefaults { brauerei = { + ci = false; nets = { retiolum = { ip4.addr = "10.243.27.29"; @@ -93,6 +94,7 @@ in { }; bolide = { + ci = false; nets = { retiolum = { ip4.addr = "10.243.27.31"; @@ -130,6 +132,7 @@ in { }; reagenzglas = { + ci = false; nets = { retiolum = { ip4.addr = "10.243.27.32"; diff --git a/krebs/5pkgs/haskell/reaktor2/default.nix b/krebs/5pkgs/haskell/reaktor2/default.nix index ae242efe..6a48f865 100644 --- a/krebs/5pkgs/haskell/reaktor2/default.nix +++ b/krebs/5pkgs/haskell/reaktor2/default.nix @@ -6,13 +6,13 @@ , time, transformers, unagi-chan, unix, unordered-containers , vector, wai, warp }: -mkDerivation { +mkDerivation rec { pname = "reaktor2"; - version = "0.3.0"; + version = "0.4.0"; src = fetchgit { url = "https://cgit.krebsco.de/reaktor2"; - sha256 = "02hqpq8wcfd6rvi8qk10zy3f3lrzzqnjwqal4cbvksjn3vahz36h"; - rev = "a6893c00f78a8acd0a4bfe7da87ab6889eabcf21"; + sha256 = "0bnn23hjl57y0a5rf3h8kq078dziby7il7fandz5wh6s4i3psicp"; + rev = "v${version}"; fetchSubmodules = true; }; isLibrary = false; diff --git a/krebs/5pkgs/simple/alertmanager-bot-telegram/default.nix b/krebs/5pkgs/simple/alertmanager-bot-telegram/default.nix index f0e22140..a8440745 100644 --- a/krebs/5pkgs/simple/alertmanager-bot-telegram/default.nix +++ b/krebs/5pkgs/simple/alertmanager-bot-telegram/default.nix @@ -11,7 +11,7 @@ buildGoModule rec { sha256 = "09cciml1j8x76jpm2v5v6h2q6j1fkhsz1kswslmx8wl4wk40xgp4"; }; - modSha256 = "0nlnxkpcna7g7qslyz5i1619paw4jkb1ma4fgpsgvgx1spwrjm8h"; + vendorSha256 = "0nlnxkpcna7g7qslyz5i1619paw4jkb1ma4fgpsgvgx1spwrjm8h"; postInstall = '' install -D ./default.tmpl $out/templates/default.tmpl ''; diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 161a099e..68d95020 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "7c2a362b58a1c2ba72d24aa3869da3b1a91d39e1", - "date": "2020-10-20T09:32:31+02:00", - "sha256": "0gl4xndyahasa9dv5mi3x9w8s457wl2xh9lcldizcn1irjvkrzs4", + "rev": "896270d629efd47d14972e96f4fbb79fc9f45c80", + "date": "2020-11-10T22:42:32+01:00", + "sha256": "0xmjjayg19wm6cn88sh724mrsdj6mgrql6r3zc0g4x9bx4y342p7", "fetchSubmodules": false } diff --git a/krebs/update-nixpkgs.sh b/krebs/update-nixpkgs.sh index b0ffb6ad..9a0ea7ed 100755 --- a/krebs/update-nixpkgs.sh +++ b/krebs/update-nixpkgs.sh @@ -3,7 +3,7 @@ dir=$(dirname $0) oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ --url https://github.com/NixOS/nixpkgs \ - --rev refs/heads/nixos-20.03' \ + --rev refs/heads/nixos-20.09' \ > $dir/nixpkgs.json newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev" diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 8332e7c5..609da601 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -19,7 +19,6 @@ with import <stockholm/lib>; <stockholm/lass/2configs/syncthing.nix> <stockholm/lass/2configs/nfs-dl.nix> #<stockholm/lass/2configs/prism-share.nix> - <stockholm/lass/2configs/ssh-cryptsetup.nix> <stockholm/lass/2configs/network-manager.nix> <stockholm/lass/2configs/home-media.nix> ]; diff --git a/lass/1systems/morpheus/physical.nix b/lass/1systems/morpheus/physical.nix index 3fb03cda..6e59a227 100644 --- a/lass/1systems/morpheus/physical.nix +++ b/lass/1systems/morpheus/physical.nix @@ -34,10 +34,7 @@ }; boot.initrd.luks = { cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - devices = [{ - name = "luksroot"; - device = "/dev/nvme0n1p3"; - }]; + devices.luksroot.device = "/dev/nvme0n1p3"; }; services.udev.extraRules = '' diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index d7b43f2c..9e01396b 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -15,7 +15,6 @@ with import <stockholm/lib>; <stockholm/lass/2configs/bitcoin.nix> <stockholm/lass/2configs/backup.nix> <stockholm/lass/2configs/blue-host.nix> - <stockholm/lass/2configs/ssh-cryptsetup.nix> <stockholm/lass/2configs/nfs-dl.nix> <stockholm/lass/2configs/gg23.nix> <stockholm/lass/2configs/hass> diff --git a/lass/1systems/uriel/physical.nix b/lass/1systems/uriel/physical.nix index 2d21f00d..82a08864 100644 --- a/lass/1systems/uriel/physical.nix +++ b/lass/1systems/uriel/physical.nix @@ -15,7 +15,7 @@ loader.systemd-boot.enable = true; loader.timeout = 5; - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + initrd.luks.devices.luksroot.device = "/dev/sda2"; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; #kernelModules = [ "kvm-intel" "msr" ]; diff --git a/lass/2configs/copyq.nix b/lass/2configs/copyq.nix index 56c091a6..ed78699b 100644 --- a/lass/2configs/copyq.nix +++ b/lass/2configs/copyq.nix @@ -25,9 +25,6 @@ in { environment = { DISPLAY = ":${toString config.services.xserver.display}"; }; - path = with pkgs; [ - qt5.full - ]; serviceConfig = { SyslogIdentifier = "copyq"; ExecStart = "${pkgs.copyq}/bin/copyq"; diff --git a/lass/2configs/dcso-vpn.nix b/lass/2configs/dcso-vpn.nix deleted file mode 100644 index 0a5623bf..00000000 --- a/lass/2configs/dcso-vpn.nix +++ /dev/null @@ -1,44 +0,0 @@ -with import <stockholm/lib>; -{ ... }: - -{ - - users.extraUsers = { - dcsovpn = rec { - name = "dcsovpn"; - uid = genid "dcsovpn"; - description = "user for running dcso openvpn"; - home = "/home/${name}"; - }; - }; - - users.extraGroups.dcsovpn.gid = genid "dcsovpn"; - - services.openvpn.servers = { - dcso = { - config = '' - client - dev tun - tun-mtu 1356 - mssfix - proto udp - float - remote 217.111.55.41 1194 - nobind - user dcsovpn - group dcsovpn - persist-key - persist-tun - ca ${toString <secrets/dcsovpn/ca.pem>} - cert ${toString <secrets/dcsovpn/cert.pem>} - key ${toString <secrets/dcsovpn/cert.key>} - verb 3 - mute 20 - auth-user-pass ${toString <secrets/dcsovpn/login.txt>} - route-method exe - route-delay 2 - ''; - updateResolvConf = true; - }; - }; -} diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index f59988b7..babcb51d 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -2,7 +2,6 @@ with import <stockholm/lib>; { config, pkgs, ... }: { imports = [ - <stockholm/krebs/2configs/nscd-fix.nix> ./binary-cache/client.nix ./backup.nix ./gc.nix diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 78cfb29c..ac7db10f 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -97,7 +97,6 @@ in { overwriteProtocol = "https"; }; https = true; - nginx.enable = true; }; services.nginx.virtualHosts."o.xanf.org" = { enableACME = true; diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 74585a6f..17df7131 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -16,7 +16,6 @@ in { email = "acme@lassul.us"; acceptTerms = true; certs."lassul.us" = { - allowKeysForGroup = true; group = "lasscert"; }; }; @@ -78,7 +77,6 @@ in { email = "lassulus@lassul.us"; webroot = "/var/lib/acme/acme-challenge"; group = "nginx"; - user = "nginx"; }; diff --git a/makefu/2configs/minimal.nix b/makefu/2configs/minimal.nix index 78a9dcfa..d4feb998 100644 --- a/makefu/2configs/minimal.nix +++ b/makefu/2configs/minimal.nix @@ -81,6 +81,4 @@ "net.ipv6.conf.all.use_tempaddr" = 2; "net.ipv6.conf.default.use_tempaddr" = 2; }; - - services.nscd.enable = false; } |