From 179e95d0bfc985940d4970d6c1365c2c8e000d0d Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 9 Apr 2019 22:47:03 +0200 Subject: ma pkgs.nixpkgs-pytools: init at 1.0.0-dev --- makefu/5pkgs/nixpkgs-pytools/default.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 makefu/5pkgs/nixpkgs-pytools/default.nix diff --git a/makefu/5pkgs/nixpkgs-pytools/default.nix b/makefu/5pkgs/nixpkgs-pytools/default.nix new file mode 100644 index 00000000..35146d15 --- /dev/null +++ b/makefu/5pkgs/nixpkgs-pytools/default.nix @@ -0,0 +1,17 @@ +{pkgs, fetchFromGitHub}: +with pkgs.python3.pkgs; + +buildPythonPackage rec { + pname = "nixpkgs-pytools"; + version = "1.0.0-dev"; + src = fetchFromGitHub { + owner = "nix-community"; + repo = pname; + rev = "593443b5689333cad3b6fa5b42e96587df68b0f8"; + sha256 = "1cjpngr1rn5q59a1krgmpq2qm96wbiirc8yf1xmm21p3mskb2db4"; + }; + propagatedBuildInputs = [ + jinja2 setuptools + ]; + checkInputs = [ black ]; +} -- cgit v1.2.3 From d8590aefb252087111364aa718b59e33d79a60db Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 12 Apr 2019 19:30:02 +0200 Subject: ma krops: use upstream krebs nixpkgs.json --- makefu/krops.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/makefu/krops.nix b/makefu/krops.nix index 7c3fbcf4..c180dcf3 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -20,10 +20,6 @@ } // import (./. + "/1systems/${name}/source.nix"); source = { test }: lib.evalSource [ { - # nixos-18.09 @ 2018-09-18 - # + uhub/sqlite: 5dd7610401747 - # + hovercraft: 7134801b17d72 - # + PR#53934: eac6797380af1 nixpkgs = if host-src.arm6 then { # TODO: we want to track the unstable channel symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/"; @@ -31,7 +27,7 @@ derivation = '' with import {}; pkgs.fetchFromGitHub { - owner = "makefu"; + owner = "nixos"; repo = "nixpkgs"; rev = "${nixpkgs-src.rev}"; sha256 = "${nixpkgs-src.sha256}"; -- cgit v1.2.3 From 1c3ac6e6cf4eb673f8ba8ccb3be3fd8d03d78202 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 12 Apr 2019 20:42:32 +0200 Subject: ma krops: use krebs upstream json --- makefu/krops.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/krops.nix b/makefu/krops.nix index c180dcf3..219e00d7 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -1,6 +1,6 @@ { config ? config, name, target ? name }: let krops = ../submodules/krops; - nixpkgs-src = lib.importJSON ./nixpkgs.json; + nixpkgs-src = lib.importJSON ../krebs/nixpkgs.json; lib = import "${krops}/lib"; pkgs = import "${krops}/pkgs" {}; -- cgit v1.2.3 From d03c70bb86ef1fb3e88a2dc9143faf34240feec0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 13 Apr 2019 14:48:26 +0200 Subject: l hw x220: disable lid via new api --- lass/2configs/hw/x220.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/lass/2configs/hw/x220.nix b/lass/2configs/hw/x220.nix index f5651da1..5649041f 100644 --- a/lass/2configs/hw/x220.nix +++ b/lass/2configs/hw/x220.nix @@ -30,8 +30,7 @@ }; }; - services.logind.extraConfig = '' - HandleLidSwitch=ignore - ''; + services.logind.lidSwitch = "ignore"; + services.logind.lidSwitchDocked = "ignore"; } -- cgit v1.2.3 From ec4b7f30f5f4dfbc5b2164fdb6f25ff32e841cde Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 13 Apr 2019 14:49:48 +0200 Subject: l usershadow: add setuid wrapper for check_pw --- lass/3modules/usershadow.nix | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix index cb289096..383b9a53 100644 --- a/lass/3modules/usershadow.nix +++ b/lass/3modules/usershadow.nix @@ -31,13 +31,20 @@ session required pam_loginuid.so ''; - security.pam.services.dovecot2.text = '' - auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern} - auth required pam_permit.so - account required pam_permit.so - session required pam_permit.so - session required pam_env.so envfile=${config.system.build.pamEnvironment} - ''; + security.pam.services.dovecot2 = { + text = '' + auth required pam_exec.so debug expose_authtok log=/tmp/lol /run/wrappers/bin/shadow_verify_pam ${cfg.pattern} + auth required pam_permit.so + account required pam_permit.so + session required pam_permit.so + session required pam_env.so envfile=${config.system.build.pamEnvironment} + ''; + }; + + security.wrappers.shadow_verify_pam = { + source = "${usershadow}/bin/verify_pam"; + owner = "root"; + }; }; usershadow = let { -- cgit v1.2.3 From 91bab57c35d61550ae4fec98cd8e985c037ed7f7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 13 Apr 2019 14:54:29 +0200 Subject: l usershadow: build without -threaded --- lass/3modules/usershadow.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix index 383b9a53..d967a108 100644 --- a/lass/3modules/usershadow.nix +++ b/lass/3modules/usershadow.nix @@ -53,10 +53,13 @@ "bytestring" ]; body = pkgs.writeHaskellPackage "passwords" { + ghc-options = [ + "-rtsopts" + "-Wall" + ]; executables.verify_pam = { extra-depends = deps; text = '' - import Data.Monoid import System.IO import Data.Char (chr) import System.Environment (getEnv, getArgs) @@ -79,7 +82,6 @@ executables.verify_arg = { extra-depends = deps; text = '' - import Data.Monoid import System.Environment (getArgs) import Crypto.PasswordStore (verifyPasswordWith, pbkdf2) import qualified Data.ByteString.Char8 as BS8 -- cgit v1.2.3 From 7f9b2c6f45ce0ca09c0fe8ba07fab16bf4428f38 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 13 Apr 2019 15:39:40 +0200 Subject: ci: create gcroot only if result exists --- krebs/3modules/ci.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index a47dbe61..244de1a0 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -108,10 +108,12 @@ let name=str(new_step), command=[ "${pkgs.writeDash "build-stepper.sh" '' - set -efu + set -xefu profile=${shell.escape profileRoot}/$build_name result=$("$build_script") - ${pkgs.nix}/bin/nix-env -p "$profile" --set "$result" + if [ -n "$result" ]; then + ${pkgs.nix}/bin/nix-env -p "$profile" --set "$result" + fi ''}" ], env={ -- cgit v1.2.3 From 6e28354f923f25b4bddc4835fe1d1457de71412c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 13 Apr 2019 16:36:34 +0200 Subject: l: sync .weechat --- lass/1systems/blue/config.nix | 2 ++ lass/1systems/mors/config.nix | 2 ++ 2 files changed, 4 insertions(+) diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index a287f548..43c80d52 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -15,9 +15,11 @@ with import ; krebs.syncthing.folders = [ { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } + { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; } ]; lass.ensure-permissions = [ { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } + { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; } ]; environment.shellAliases = { diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index fa5fb551..52bcc9e1 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -52,10 +52,12 @@ with import ; krebs.syncthing.folders = [ { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } { id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" ]; } + { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; } ]; lass.ensure-permissions = [ { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } { folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; } + { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; } ]; } { -- cgit v1.2.3 From 167f19018d856d233cd405612e215869ffc925b4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 13 Apr 2019 16:37:21 +0200 Subject: l syncthing: set configDir to 18.09 default --- lass/2configs/syncthing.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix index 842abc19..d8b3c9f9 100644 --- a/lass/2configs/syncthing.nix +++ b/lass/2configs/syncthing.nix @@ -4,6 +4,7 @@ with import ; services.syncthing = { enable = true; group = "syncthing"; + configDir = "/var/lib/syncthing"; }; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 22000"; target = "ACCEPT";} -- cgit v1.2.3 From 4ac7399b75e57bb33a10ed647c34ed64c7bc3877 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 13 Apr 2019 21:54:15 +0200 Subject: bepasty-server: use python2 again --- krebs/3modules/bepasty-server.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index 0f00cd38..94a50952 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -2,10 +2,10 @@ with import ; let - gunicorn = pkgs.python3Packages.gunicorn; - bepasty = pkgs.bepasty; - gevent = pkgs.python3Packages.gevent; - python = pkgs.python3Packages.python; + gunicorn = pkgs.python27Packages.gunicorn; + bepasty = pkgs.bepasty.override { python3Packages = pkgs.python27Packages; }; + gevent = pkgs.python27Packages.gevent; + python = pkgs.python27Packages.python; cfg = config.krebs.bepasty; out = { -- cgit v1.2.3