summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--krebs/1systems/filebitch/hardware-configuration.nix28
-rw-r--r--krebs/1systems/hotdog/config.nix1
-rw-r--r--krebs/2configs/default.nix1
-rw-r--r--krebs/2configs/nscd-fix.nix24
-rw-r--r--krebs/2configs/reaktor2.nix2
-rw-r--r--krebs/3modules/external/default.nix143
-rw-r--r--krebs/3modules/github-hosts-sync.nix4
-rw-r--r--krebs/3modules/jeschli/default.nix3
-rw-r--r--krebs/5pkgs/haskell/reaktor2/default.nix (renamed from krebs/5pkgs/haskell/reaktor2.nix)8
-rw-r--r--krebs/5pkgs/simple/alertmanager-bot-telegram/default.nix2
-rw-r--r--krebs/nixpkgs-unstable.json6
-rw-r--r--krebs/nixpkgs.json6
-rwxr-xr-xkrebs/update-nixpkgs.sh2
-rw-r--r--lass/1systems/icarus/config.nix1
-rw-r--r--lass/1systems/littleT/config.nix1
-rw-r--r--lass/1systems/morpheus/physical.nix5
-rw-r--r--lass/1systems/prism/config.nix7
-rw-r--r--lass/1systems/shodan/config.nix2
-rw-r--r--lass/1systems/skynet/config.nix1
-rw-r--r--lass/1systems/uriel/physical.nix2
-rw-r--r--lass/2configs/copyq.nix3
-rw-r--r--lass/2configs/dcso-vpn.nix44
-rw-r--r--lass/2configs/default.nix1
-rw-r--r--lass/2configs/green-host.nix99
-rw-r--r--lass/2configs/minecraft.nix22
-rw-r--r--lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem0
-rw-r--r--lass/2configs/tests/dummy-secrets/dcsovpn/cert.key0
-rw-r--r--lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem0
-rw-r--r--lass/2configs/tests/dummy-secrets/dcsovpn/login.txt0
-rw-r--r--lass/2configs/websites/domsen.nix14
-rw-r--r--lass/2configs/websites/lassulus.nix2
31 files changed, 177 insertions, 257 deletions
diff --git a/krebs/1systems/filebitch/hardware-configuration.nix b/krebs/1systems/filebitch/hardware-configuration.nix
index 574618e3..1e7fa787 100644
--- a/krebs/1systems/filebitch/hardware-configuration.nix
+++ b/krebs/1systems/filebitch/hardware-configuration.nix
@@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }:
let
byid = dev: "/dev/disk/by-id/" + dev;
- keyFile = byid "usb-SMI_USB_DISK_AA08061700009650-0:0";
+ keyFile = byid "usb-SMI_USB_DISK_AA08061700009650-0:0";
in
{
imports =
@@ -19,7 +19,7 @@ in
boot.tmpOnTmpfs = true;
- boot.initrd.availableKernelModules = [
+ boot.initrd.availableKernelModules = [
"xhci_pci" "ahci" "ohci_pci" "ehci_pci" "usb_storage" "usbhid" "sd_mod"
"raid456"
"usbhid"
@@ -77,20 +77,18 @@ in
networking.hostId = "54d97450"; # required for zfs use
boot.initrd.luks.devices = let
- usbkey = name: device: {
- inherit name device keyFile;
+ usbkey = device: {
+ inherit device keyFile;
keyFileSize = 2048;
preLVM = true;
};
- in [
- ((usbkey "swap" (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part2"))
- // { allowDiscards = true; } )
- ((usbkey "root" (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part3"))
- // { allowDiscards = true; } )
- (usbkey "125" "/dev/md125")
- (usbkey "126" "/dev/md126")
- (usbkey "127" "/dev/md127")
- ];
-
-
+ in {
+ swap = ((usbkey (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part2"))
+ // { allowDiscards = true; } );
+ root = ((usbkey (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part3"))
+ // { allowDiscards = true; } );
+ md125 = usbkey "/dev/md125";
+ md126 = usbkey "/dev/md126";
+ md127 = usbkey "/dev/md127";
+ };
}
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index bb84b187..c0fa3828 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -12,7 +12,6 @@
<stockholm/krebs/2configs/buildbot-stockholm.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/ircd.nix>
- <stockholm/krebs/2configs/nscd-fix.nix>
<stockholm/krebs/2configs/reaktor2.nix>
<stockholm/krebs/2configs/wiki.nix>
];
diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix
index 3442272e..f56f6045 100644
--- a/krebs/2configs/default.nix
+++ b/krebs/2configs/default.nix
@@ -43,7 +43,6 @@ with import <stockholm/lib>;
];
};
services.cron.enable = false;
- services.nscd.enable = false;
services.ntp.enable = false;
users.mutableUsers = false;
diff --git a/krebs/2configs/nscd-fix.nix b/krebs/2configs/nscd-fix.nix
deleted file mode 100644
index 8e5909e7..00000000
--- a/krebs/2configs/nscd-fix.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-with import <stockholm/lib>;
-{ pkgs, ... }: let
-
- enable = versionOlderThan "19.03";
-
- versionOlderThan = v:
- compareVersions
- (versions.majorMinor version)
- (versions.majorMinor v)
- == -1;
-
- warning = ''
- Using custom services.nscd.config because
- https://github.com/NixOS/nixpkgs/pull/50316
- '';
-
-in
- optionalAttrs enable (trace warning {
- services.nscd.enable = mkForce true;
- services.nscd.config = mkForce (readFile (pkgs.fetchurl {
- url = https://raw.githubusercontent.com/arianvp/nixpkgs/1d5f4cb/nixos/modules/services/system/nscd.conf;
- sha256 = "1jlddk38lyynjn51zx3xi1nc29ahajyh0qg48qbq6dqlsrn3wxqs";
- }));
- })
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix
index b80198b0..473028f9 100644
--- a/krebs/2configs/reaktor2.nix
+++ b/krebs/2configs/reaktor2.nix
@@ -95,7 +95,7 @@ let
}
hooks.sed
(generators.command_hook {
- inherit (commands) hello random-emoji nixos-version stockholm-issue;
+ inherit (commands) hello random-emoji nixos-version;
tell = {
filename =
"${pkgs.Reaktor.src}/reaktor/commands/tell-on_privmsg";
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index f9a7e7f3..d4858c67 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -197,6 +197,60 @@ in {
};
};
};
+ makanek = {
+ owner = config.krebs.users.kmein;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.2.84";
+ aliases = [
+ "makanek.r"
+ "makanek.kmein.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAwvtxCG7Vua6+WoStGrkL+H/g4BABidL2eikDBtbxWN+oGv2Bjrwb
+ VzXB8lMTCsu6M2wb3YTXXzAkc5oI4gE1sSOiCKyhYnQRrndc91KewquxTPfKL19u
+ JiRqax/E49IvWKARPRPXUhPfU/NNw1oIxhbcFkjwJmqDvh9SWhl5VZVynCE28ov5
+ hjjhqNXZHOR8CQqPJeY8v38OAAwTWvJ6rhEQwp5dLBqmRAbvPXj7OOzCxKluDY2X
+ Dl4k6QAjI6NddJXsXHRYRNGiB0CP1UBC91NDtW2+HIjf1Q1Lip5agO4/SkkSUt39
+ de7uYKrNcfyDUBb9Suconw0HvW+Dv4Ce5um+aa1RUrWIQdqBCOECbsXYKp66vAnK
+ Hidf2uznFseWxiyxz1ow8AvvSseABej5GuHI/56lywnFlnHEZLREUF/4PT+BZ0vE
+ uPRkzqeSNybsYYFieK8aany/RmJaoIsduGutgAiKBvkCCHru895n02xuLhZVkM2G
+ zfVjA2le+Gxr21/sVPrHfxResLUh4RA8fkS7erWMRF4a3IOpIS4yrM+p4pZTlTxO
+ Ya8buh4RgyE/0hp4QNpa4K7fvntriK+k6zHs7BcZcG2aMWP3O9/4DgjzBR3eslQV
+ oou23ajP11wyfrmZK0/PQGTpsU472Jj+06KtMAaH0zo4vAR8s2kV1ukCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ manakish = {
+ owner = config.krebs.users.kmein;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.2.85";
+ aliases = [
+ "manakish.r"
+ "manakish.kmein.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAtZcWwm1tTFoMcO0EOwNdSrZW9m2tSNWzwTGjlfuNFQKPnHiKdFFH
+ Hym72+WtaIZmffermGTfYdMoB/lWgOB0glqH9oSBFvrLVDgdQL2il589EXBd/1Qy
+ 7Ye5EVy2/xEA7iZGg3j0i+q1ic48tt6ePd4+QR0LmLEa8+Gz5X0Tp9TTf7gdv+lB
+ dVA6p7LJixKcBsC5W0jY5oTGUP0fM844AtWbpflmlz0JZNWrkJhCksOnfhUzeIsF
+ 1m9rCsyK+3jGMV6ZxhEbwaOt99Wlv0N0ouPePw+xLnnGTu0rJ/RKWceYnWnrHIyb
+ GgGIHnm9GbMd4mAfyp63emRYDMclSQSrddpDUL2GK8TCTttr6bZm4M/pFuXQGJsQ
+ EG0iaE8FM+nCrhmCRnX8dRWcNmHybd34UoVGCDJ6u+ksLIivqgWeY41CauqN0vQw
+ U4zqp6XMXRB6vlVcyLzdTASxVKaLJt+BuvHcyqz/YslJ97z4yoLE3d7s/9gZkM//
+ +FD970bsyvKpKRx72rNRCO9tQJNgPsaMiW5nuHUFw71XxX8o0w//5a0h5cdbiT64
+ I4ISySa4ynmHI1/v0a937/sFS0IvRI1Va0Efh2VxasNIqpDmM3hA8auPDj0Js/4c
+ qVnWMbvqqYlY9l//HCNxUXIhi0vcOr2PoCxBtcP5pHY8nNphQrPjRrcCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
qubasa = {
owner = config.krebs.users.qubasa;
nets = {
@@ -254,30 +308,29 @@ in {
};
};
};
- scardanelli = {
+ zaatar = {
owner = config.krebs.users.kmein;
nets = {
retiolum = {
- ip4.addr = "10.243.2.2";
+ ip4.addr = "10.243.2.34";
aliases = [
- "scardanelli.r"
- "scardanelli.kmein.r"
+ "zaatar.r"
+ "zaatar.kmein.r"
];
tinc.pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxM93+YgGhk5PtcOrE7E/
- MAOMF/c9c4Ps6m8xd4VZat3ru07yH8Yfox1yM6jwZBwIwK2AC9DK0/k3WIvZQUge
- UKSTiXpE4z/0ceaesugLQ9KTjUty1e/2vQ78bOqmd7EG3aPV2QsjlgpjJ6qQxeFi
- kjlHoFi9NNBLVkIyaAdlAhwvZuYFmAY/FQEmm6+XOb+Nmo+fccQlG6+NinA2GOg0
- gdY/dKYxa04Ns/yu7TK3sBQIt6cg/YUk9VpyC4yIIRPMdyVcAPz3Kd2mp23fhSvx
- we80prWXYtdct4vXaBZm9FUY5y4SL3c0TEScuM73VXtr2tPAxjD5W4XMWhrjnIiY
- QzoyAquVS9rR4fCaoP+hw3Tjy7Att3voa/YlHEDaendxjZ3nuO0m0vcgOa+SfCNm
- SqLsqb8to1y8yJ8LnR2og4MbtasxqSe1L9VLTsb4k/AGfmAdlqyG4Q1h5pCBh0GL
- 2F6FbYHzwrwqBvVCz4DTPygPtta5o7THpP50PgojtzNLm1yKWpfdcWeMgGQJSI0f
- m3yenytM1u0jjw7KbBG79Z3etFNIYZy4Uq/dryEJnwpTFls+zZn9Q3tDEnO4a38Q
- FgzV0VLQpRM/uf1powSDzoWp+/JYgB9464OKcTsSlVJpi3crxF86xFqqc39U2/u5
- lM61fOMcVW1KREdWypiDtu8CAwEAAQ==
- -----END PUBLIC KEY-----
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAn1L8LaoLuvHnN39Vz/8Mu/G20+z2DdWeG8XCX53seG2R+Nv4K/Fb
+ PikALazrN5TIxjRSRL4HEOsYAHWrHyMyRiK0RTuVZxYX4ArilpWz6+5dyt9CkPDg
+ mpUqhkpHuWO7zXnCcMVkn2ESzJaDIClLaaZP9klrGoaOJLGSJhfF/y4z8p6C/HlR
+ AjxI4z+90ReRWHWj+adSd3FZnN9yfeVQwUyqohGM0tIHvLCiDVewigLOI3IWjPom
+ MyUFV/UPVn0/A81C2eADgKbwn6EiJnxDtlPZWBrEJ9vd8lNWBCyGTxTcD0DuDVCe
+ yP5+r3uV2OYgQPYFrmWwCZJDu7qBdR4MpPP974iPFZ7WCHrvqQQNPYNZ78zBVA4x
+ YPNpXxp7i3Q10Vnp5fDQlxy+tfE9deeS3vk15Ydyc6gC2D9YClch720cAtPemgs3
+ F1O9Uc1PfJkUS5T0t9dpxH/0k6GZ9RQyJGCW7nupWTXmnDW7+TTjszLX3KYmG7XO
+ pQiic0oMvSCHwEPygnHTLWSt7rroje84htbatzplpQo8GS2tffieOEsgOaHp8TNr
+ QkRQnNbkAermVod6yK7wtutOk55f7WtYSCw+Kdo/pdQQQpcayKpTBikUQgdGwtTV
+ z9V1ZlEoLaaRxqisT4DB8279Bzy3QRV+eSHMMqw3+ePjxn7NbJxFn3sCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
'';
};
};
@@ -432,6 +485,58 @@ in {
};
};
};
+ nxbg = {
+ owner = config.krebs.users.rtjure;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.122.123";
+ aliases = [
+ "nxbg.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEArnkpu+oD59Shu9xcppkcelMT/uHsKvMKdudr67WZG/4F0xhd/5ex
+ an8v3OWClztIsnB+5uwl0dgamfKDAfIdg5ll2ZHcXo7dAdAN7q8DkegJD9k/Pmmi
+ YGsEwyENhAcX0/L1xHD5rGqH+6qQ/HrXPKPquoWCIlDDX41dyZQxJCTzkKlRGWhl
+ uwEMHkR4sfGgsD/OFmTVHMqygWbQIBIrUKXcHahsVj5k0LZW+ejVAQwNlzuKZi2B
+ n4maa6R0s4kRk2N8TPW11BcCl+rZlaX7RSn8vi+lA0Aq+A5SL1kXaKkKQT/9j2+n
+ G/uCDpQ6ruXaNycDkemqZg/MHDanbm5SUtjqZarfT6tRr3bwvpndxeGCeOZHkehw
+ iDiRsXszdwVDziRBlHs4WvFHTZUBLBsetOeo/LaB3Lt069nF5Cs6SZDi3z17ZMow
+ 5IU66KLQBDnSHqJWvAkBZsWrlZHMr3Csefaqli+qGpPr2gVgiwh3BrH8Ie1DBWJM
+ ysY0XK98s3jhLfWtc8Fg99H7QYenrh9IwfiIr5kRTmYxLBoGHO7GBRovuziJYzj+
+ G1D160xnRSqVdbIg9Az9OMBHfv9/HwYwwLpQ/154SRTY6f4H3iFMt+0lJwSS6nIl
+ yN7HY7PKXieun8OsS3GhV/+r8UVcRmVk+who3x8Hw8MQJHp8lUNGjLUCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ nxrm = {
+ owner = config.krebs.users.rtjure;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.122.124";
+ aliases = [
+ "nxrm.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAxPg9J+cpmazp8ZH2eCQwbq6GdU22Nhd/ySm+K/aN+x55C4QN6gMM
+ cBW2o0nfHi4JtvqDtdw0s9pGh0GsLHHoQlFD/lGr1oCMAe0FeN4cSAwbUH1DYFPw
+ KsyiXpXLVYCqt42JjzCM8HNUMBNDlnZ60z2Ashxj79PbYJ+i3oPEIE//Vf6MPOta
+ vaDUXCbqsWKKEqG8t+rM4WRrqzVVpASq6Avs2x+eijVe0Yeq4tkHcO0z3SrV2TM1
+ nAPYDL0QlHHBVtAt0tAfo4CC+HAwZJz8yZ0sWPzz/fJj/K3HwuFDBKZSrsIgSPBc
+ +JCFefuI3aNc1fKTYIu0XqCqgdB0Xu2g/AkJcqXSvJQaNPFuyk5n79C2INHcpLrp
+ s8NWwaUAH7XhNUGYnzevan3hiuSgIsT0T2cfERmEGyMn90fioYWN7TW9txfEX9qL
+ I4mkmh1xqt8ipdpfGxYmUAAj9KoHEhAnDElblIXRWY3KLdY6gT4sO80K+hTbK/J+
+ oyhU0nYcAnrFJNlSNjNucM/4UlCXqs4TaCM9cRggT6PmHy+M7vLebI4JGoOpCuYw
+ W1fiyXCrzlTP0vidDtv9mr0vTTK78Nc8oGc46Yu3K1kFSQYS/pRCjnOin35sYe/K
+ ahpclNJjom6tHxcwTriT0w6Yh/fCei7WCqpWtK2m4Qho/+WA3rFc3WUCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
ada = {
owner = config.krebs.users.filly;
nets = {
@@ -496,7 +601,7 @@ in {
mail = "jacek.galowicz@gmail.com";
};
kmein = {
- mail = "kieran.meinhardt@gmail.com";
+ mail = "kmein@posteo.de";
pubkey = ssh-for "kmein";
};
mic92 = {
diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix
index 0b7d5609..7d618ebf 100644
--- a/krebs/3modules/github-hosts-sync.nix
+++ b/krebs/3modules/github-hosts-sync.nix
@@ -62,8 +62,8 @@ let
};
};
- users.extraUsers = singleton {
- inherit (user) name uid;
+ users.users.${user.name} = {
+ inherit (user) uid;
home = cfg.dataDir;
};
};
diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix
index 75d7eda6..390f7585 100644
--- a/krebs/3modules/jeschli/default.nix
+++ b/krebs/3modules/jeschli/default.nix
@@ -12,6 +12,7 @@ with import <stockholm/lib>;
in {
hosts = mapAttrs hostDefaults {
brauerei = {
+ ci = false;
nets = {
retiolum = {
ip4.addr = "10.243.27.29";
@@ -93,6 +94,7 @@ in {
};
bolide = {
+ ci = false;
nets = {
retiolum = {
ip4.addr = "10.243.27.31";
@@ -130,6 +132,7 @@ in {
};
reagenzglas = {
+ ci = false;
nets = {
retiolum = {
ip4.addr = "10.243.27.32";
diff --git a/krebs/5pkgs/haskell/reaktor2.nix b/krebs/5pkgs/haskell/reaktor2/default.nix
index ae242efe..6a48f865 100644
--- a/krebs/5pkgs/haskell/reaktor2.nix
+++ b/krebs/5pkgs/haskell/reaktor2/default.nix
@@ -6,13 +6,13 @@
, time, transformers, unagi-chan, unix, unordered-containers
, vector, wai, warp
}:
-mkDerivation {
+mkDerivation rec {
pname = "reaktor2";
- version = "0.3.0";
+ version = "0.4.0";
src = fetchgit {
url = "https://cgit.krebsco.de/reaktor2";
- sha256 = "02hqpq8wcfd6rvi8qk10zy3f3lrzzqnjwqal4cbvksjn3vahz36h";
- rev = "a6893c00f78a8acd0a4bfe7da87ab6889eabcf21";
+ sha256 = "0bnn23hjl57y0a5rf3h8kq078dziby7il7fandz5wh6s4i3psicp";
+ rev = "v${version}";
fetchSubmodules = true;
};
isLibrary = false;
diff --git a/krebs/5pkgs/simple/alertmanager-bot-telegram/default.nix b/krebs/5pkgs/simple/alertmanager-bot-telegram/default.nix
index f0e22140..a8440745 100644
--- a/krebs/5pkgs/simple/alertmanager-bot-telegram/default.nix
+++ b/krebs/5pkgs/simple/alertmanager-bot-telegram/default.nix
@@ -11,7 +11,7 @@ buildGoModule rec {
sha256 = "09cciml1j8x76jpm2v5v6h2q6j1fkhsz1kswslmx8wl4wk40xgp4";
};
- modSha256 = "0nlnxkpcna7g7qslyz5i1619paw4jkb1ma4fgpsgvgx1spwrjm8h";
+ vendorSha256 = "0nlnxkpcna7g7qslyz5i1619paw4jkb1ma4fgpsgvgx1spwrjm8h";
postInstall = ''
install -D ./default.tmpl $out/templates/default.tmpl
'';
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index 22c33bd6..9ea1d414 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "007126eef72271480cb7670e19e501a1ad2c1ff2",
- "date": "2020-10-20T10:30:15+10:00",
- "sha256": "1rfvw560vp2wn3dxdhqn1rk1fgk0ak9lnqm2dqpnsrkl4b8ay9mq",
+ "rev": "34ad166a830d3ac1541dcce571c52231f2f0865a",
+ "date": "2020-11-02T21:18:15-05:00",
+ "sha256": "1jvi1562x3kq65w642vfimpszv65zbc7c2nv8gakhzcx4n3f47xq",
"fetchSubmodules": false
}
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 161a099e..68d95020 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "7c2a362b58a1c2ba72d24aa3869da3b1a91d39e1",
- "date": "2020-10-20T09:32:31+02:00",
- "sha256": "0gl4xndyahasa9dv5mi3x9w8s457wl2xh9lcldizcn1irjvkrzs4",
+ "rev": "896270d629efd47d14972e96f4fbb79fc9f45c80",
+ "date": "2020-11-10T22:42:32+01:00",
+ "sha256": "0xmjjayg19wm6cn88sh724mrsdj6mgrql6r3zc0g4x9bx4y342p7",
"fetchSubmodules": false
}
diff --git a/krebs/update-nixpkgs.sh b/krebs/update-nixpkgs.sh
index b0ffb6ad..9a0ea7ed 100755
--- a/krebs/update-nixpkgs.sh
+++ b/krebs/update-nixpkgs.sh
@@ -3,7 +3,7 @@ dir=$(dirname $0)
oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
--url https://github.com/NixOS/nixpkgs \
- --rev refs/heads/nixos-20.03' \
+ --rev refs/heads/nixos-20.09' \
> $dir/nixpkgs.json
newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev"
diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix
index 8332e7c5..609da601 100644
--- a/lass/1systems/icarus/config.nix
+++ b/lass/1systems/icarus/config.nix
@@ -19,7 +19,6 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/syncthing.nix>
<stockholm/lass/2configs/nfs-dl.nix>
#<stockholm/lass/2configs/prism-share.nix>
- <stockholm/lass/2configs/ssh-cryptsetup.nix>
<stockholm/lass/2configs/network-manager.nix>
<stockholm/lass/2configs/home-media.nix>
];
diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix
index d44e6205..eee23ee6 100644
--- a/lass/1systems/littleT/config.nix
+++ b/lass/1systems/littleT/config.nix
@@ -8,7 +8,6 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/green-host.nix>
];
networking.networkmanager.enable = true;
diff --git a/lass/1systems/morpheus/physical.nix b/lass/1systems/morpheus/physical.nix
index 3fb03cda..6e59a227 100644
--- a/lass/1systems/morpheus/physical.nix
+++ b/lass/1systems/morpheus/physical.nix
@@ -34,10 +34,7 @@
};
boot.initrd.luks = {
cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
- devices = [{
- name = "luksroot";
- device = "/dev/nvme0n1p3";
- }];
+ devices.luksroot.device = "/dev/nvme0n1p3";
};
services.udev.extraRules = ''
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index b335353b..944a68be 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -90,13 +90,6 @@ with import <stockholm/lib>;
];
openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ];
};
- users.users.kmein = {
- uid = genid_uint31 "kmein";
- isNormalUser = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.kmein.pubkey
- ];
- };
}
{
#hotdog
diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix
index e41c9bd1..9e01396b 100644
--- a/lass/1systems/shodan/config.nix
+++ b/lass/1systems/shodan/config.nix
@@ -15,8 +15,6 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/bitcoin.nix>
<stockholm/lass/2configs/backup.nix>
<stockholm/lass/2configs/blue-host.nix>
- <stockholm/lass/2configs/green-host.nix>
- <stockholm/lass/2configs/ssh-cryptsetup.nix>
<stockholm/lass/2configs/nfs-dl.nix>
<stockholm/lass/2configs/gg23.nix>
<stockholm/lass/2configs/hass>
diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix
index 1bc440a9..507ccd14 100644
--- a/lass/1systems/skynet/config.nix
+++ b/lass/1systems/skynet/config.nix
@@ -8,7 +8,6 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/power-action.nix>
<stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/green-host.nix>
{
services.xserver.enable = true;
services.xserver.desktopManager.xfce.enable = true;
diff --git a/lass/1systems/uriel/physical.nix b/lass/1systems/uriel/physical.nix
index 2d21f00d..82a08864 100644
--- a/lass/1systems/uriel/physical.nix
+++ b/lass/1systems/uriel/physical.nix
@@ -15,7 +15,7 @@
loader.systemd-boot.enable = true;
loader.timeout = 5;
- initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
+ initrd.luks.devices.luksroot.device = "/dev/sda2";
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
#kernelModules = [ "kvm-intel" "msr" ];
diff --git a/lass/2configs/copyq.nix b/lass/2configs/copyq.nix
index 56c091a6..ed78699b 100644
--- a/lass/2configs/copyq.nix
+++ b/lass/2configs/copyq.nix
@@ -25,9 +25,6 @@ in {
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
};
- path = with pkgs; [
- qt5.full
- ];
serviceConfig = {
SyslogIdentifier = "copyq";
ExecStart = "${pkgs.copyq}/bin/copyq";
diff --git a/lass/2configs/dcso-vpn.nix b/lass/2configs/dcso-vpn.nix
deleted file mode 100644
index 0a5623bf..00000000
--- a/lass/2configs/dcso-vpn.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-with import <stockholm/lib>;
-{ ... }:
-
-{
-
- users.extraUsers = {
- dcsovpn = rec {
- name = "dcsovpn";
- uid = genid "dcsovpn";
- description = "user for running dcso openvpn";
- home = "/home/${name}";
- };
- };
-
- users.extraGroups.dcsovpn.gid = genid "dcsovpn";
-
- services.openvpn.servers = {
- dcso = {
- config = ''
- client
- dev tun
- tun-mtu 1356
- mssfix
- proto udp
- float
- remote 217.111.55.41 1194
- nobind
- user dcsovpn
- group dcsovpn
- persist-key
- persist-tun
- ca ${toString <secrets/dcsovpn/ca.pem>}
- cert ${toString <secrets/dcsovpn/cert.pem>}
- key ${toString <secrets/dcsovpn/cert.key>}
- verb 3
- mute 20
- auth-user-pass ${toString <secrets/dcsovpn/login.txt>}
- route-method exe
- route-delay 2
- '';
- updateResolvConf = true;
- };
- };
-}
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index f59988b7..babcb51d 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -2,7 +2,6 @@ with import <stockholm/lib>;
{ config, pkgs, ... }:
{
imports = [
- <stockholm/krebs/2configs/nscd-fix.nix>
./binary-cache/client.nix
./backup.nix
./gc.nix
diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix
deleted file mode 100644
index 6cccab4b..00000000
--- a/lass/2configs/green-host.nix
+++ /dev/null
@@ -1,99 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-
-let
-
- cname = "green";
- cryfs = pkgs.cryfs.overrideAttrs (old: {
- patches = [
- (pkgs.writeText "file_mode.patch" ''
- --- a/src/cryfs/filesystem/CryNode.cpp
- +++ b/src/cryfs/filesystem/CryNode.cpp
- @@ -171,7 +171,7 @@ CryNode::stat_info CryNode::stat() const {
- result.uid = fspp::uid_t(getuid());
- result.gid = fspp::gid_t(getgid());
- #endif
- - result.mode = fspp::mode_t().addDirFlag().addUserReadFlag().addUserWriteFlag().addUserExecFlag();
- + result.mode = fspp::mode_t().addDirFlag().addUserReadFlag().addUserWriteFlag().addUserExecFlag().addGroupReadFlag().addGroupExecFlag().addOtherReadFlag().addOtherExecFlag();;
- result.size = fsblobstore::DirBlob::DIR_LSTAT_SIZE;
- //TODO If possible without performance loss, then for a directory, st_nlink should return number of dir entries (including "." and "..")
- result.nlink = 1;
- '')
- ] ++ old.patches;
- });
-
-in {
- imports = [
- <stockholm/lass/2configs/container-networking.nix>
- <stockholm/lass/2configs/syncthing.nix>
- ];
-
- programs.fuse.userAllowOther = true;
-
- services.syncthing.declarative.folders."/var/lib/sync-containers/${cname}".devices = [ "icarus" "skynet" "littleT" "shodan" ];
- # krebs.permown."/var/lib/sync-containers/${cname}" = {
- # owner = "root";
- # group = "syncthing";
- # umask = "0007";
- # };
-
- systemd.services."container@green".reloadIfChanged = mkForce false;
- containers.${cname} = {
- config = { ... }: {
- environment.systemPackages = [
- pkgs.git
- pkgs.rxvt_unicode.terminfo
- ];
- services.openssh.enable = true;
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- ];
- system.activationScripts.fuse = {
- text = ''
- ${pkgs.coreutils}/bin/mknod /dev/fuse c 10 229
- '';
- deps = [];
- };
- };
- allowedDevices = [
- { modifier = "rwm"; node = "/dev/fuse"; }
- ];
- autoStart = false;
- enableTun = true;
- privateNetwork = true;
- hostAddress = "10.233.2.15"; # TODO find way to automatically calculate IPs
- localAddress = "10.233.2.16"; # TODO find way to automatically calculate IPs
- };
-
- environment.systemPackages = [
- (pkgs.writeDashBin "start-${cname}" ''
- set -euf
-
- mkdir -p /var/lib/containers/${cname}/var/state
- chown ${config.services.syncthing.user}: /var/lib/containers/${cname}/va