From 28249452e79ed9b51ec5ea4d7d7d32fbacfde38a Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 12 Dec 2022 19:40:29 +0100 Subject: ma gui/look-up: add pkgs --- makefu/2configs/gui/look-up.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/gui/look-up.nix b/makefu/2configs/gui/look-up.nix index d27f5cff..244cf21b 100644 --- a/makefu/2configs/gui/look-up.nix +++ b/makefu/2configs/gui/look-up.nix @@ -1,3 +1,4 @@ +{pkgs, ... }: { systemd.services.look-up = { startAt = "*:30"; -- cgit v1.2.3 From 754d36818c85925b36e0de03e81d22473eb5b7ad Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 12 Dec 2022 19:41:47 +0100 Subject: ma download.binaergewitter: fix logrotate --- makefu/2configs/bgt/download.binaergewitter.de.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix index d49ad158..bd5dc5bf 100644 --- a/makefu/2configs/bgt/download.binaergewitter.de.nix +++ b/makefu/2configs/bgt/download.binaergewitter.de.nix @@ -43,7 +43,7 @@ in { services.logrotate = { enable = true; - config = '' + settings.header = '' ${bgtaccess} ${bgterror} { rotate 5 weekly -- cgit v1.2.3 From c78b8c9d7c9b160a748aa9dd165d0e6330c741a0 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 12 Dec 2022 19:42:41 +0100 Subject: ma security/hotfix: rip --- makefu/2configs/default.nix | 2 +- makefu/2configs/security/hotfix.nix | 4 ---- 2 files changed, 1 insertion(+), 5 deletions(-) delete mode 100644 makefu/2configs/security/hotfix.nix diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 66c77e1e..9a08a449 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -11,7 +11,7 @@ with import ; ./editor/vim.nix ./binary-cache/nixos.nix ./minimal.nix - ./security/hotfix.nix + # ./security/hotfix.nix ]; # users are super important diff --git a/makefu/2configs/security/hotfix.nix b/makefu/2configs/security/hotfix.nix deleted file mode 100644 index fc52f21e..00000000 --- a/makefu/2configs/security/hotfix.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ pkgs, lib,... }: { - # https://github.com/berdav/CVE-2021-4034 - security.wrappers.pkexec.source = lib.mkForce (pkgs.writeText "pkexec" ""); -} -- cgit v1.2.3 From 96e934dc8a353cff91ef824f6a125ed49996d058 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 12 Dec 2022 19:43:38 +0100 Subject: k 3 wiregrill: add telex --- krebs/3modules/makefu/default.nix | 6 ++++++ krebs/3modules/makefu/wiregrill/telex.pub | 1 + 2 files changed, 7 insertions(+) create mode 100644 krebs/3modules/makefu/wiregrill/telex.pub diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 0d535998..c1aeffe4 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -151,6 +151,12 @@ in { }; }; }; + # pixel3a + telex.nets.wiregrill = { + aliases = ["telex.w"]; + ip6.addr = (krebs.genipv6 "wiregrill" "makefu" { hostName = "telex"; }).address; + }; + latte = rec { ci = true; extraZones = { diff --git a/krebs/3modules/makefu/wiregrill/telex.pub b/krebs/3modules/makefu/wiregrill/telex.pub new file mode 100644 index 00000000..12a42177 --- /dev/null +++ b/krebs/3modules/makefu/wiregrill/telex.pub @@ -0,0 +1 @@ +T7Cr80dBbtPFCPdz4OS7whDlQJzn2Orclq5rLVtD+Ds= -- cgit v1.2.3 From ce30f4b31833062f328d2bda3a82bfc1425a6471 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 12 Dec 2022 19:48:02 +0100 Subject: ma krops: bump home-manager , nix-hardware --- makefu/krops.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/makefu/krops.nix b/makefu/krops.nix index d907c8e3..94677609 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -75,20 +75,20 @@ (lib.mkIf ( host-src.hw ) { nixos-hardware.git = { url = https://github.com/nixos/nixos-hardware.git; - ref = "12620020f76b1b5d2b0e6fbbda831ed4f5fe56e1"; + ref = "9d87bc030a0bf3f00e953dbf095a7d8e852dab6b"; }; }) (lib.mkIf ( host-src.nix-ld ) { nix-ld.git = { url = https://github.com/Mic92/nix-ld.git; - ref = "c25cc4b"; + ref = "7d251c0c5adf6b9b003499243be257d0f130b3d6"; }; }) (lib.mkIf ( host-src.home-manager ) { home-manager.git = { url = https://github.com/rycee/home-manager; - ref = "1de492f"; + ref = "054d9e3187ca00479e8036dc0e92900a384f30fd"; }; }) ]; -- cgit v1.2.3 From 6c391d7361240671b9165b7092105a1bf86517a0 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 12 Dec 2022 20:00:20 +0100 Subject: ma download.binaergewitter: logrotate new format --- makefu/2configs/bgt/download.binaergewitter.de.nix | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix index bd5dc5bf..31da31a7 100644 --- a/makefu/2configs/bgt/download.binaergewitter.de.nix +++ b/makefu/2configs/bgt/download.binaergewitter.de.nix @@ -43,16 +43,13 @@ in { services.logrotate = { enable = true; - settings.header = '' - ${bgtaccess} ${bgterror} { - rotate 5 - weekly - create 600 nginx nginx - postrotate - ${pkgs.systemd}/bin/systemctl reload nginx - endscript - } - ''; + settings.bgt = { + files = [ bgtaccess bgterror ]; + rotate = 5; + frequency = "weekly"; + create = "600 nginx nginx"; + postrotate = "${pkgs.systemd}/bin/systemctl reload nginx"; + }; }; # 20.09 unharden nginx to write logs -- cgit v1.2.3 From 369803fe3126aaf4a6921f6d5995477c071e2d3e Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 12 Dec 2022 20:02:06 +0100 Subject: ma gui/look-up: fix refactoring --- makefu/2configs/gui/look-up.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/gui/look-up.nix b/makefu/2configs/gui/look-up.nix index 244cf21b..eea84bc4 100644 --- a/makefu/2configs/gui/look-up.nix +++ b/makefu/2configs/gui/look-up.nix @@ -1,5 +1,8 @@ -{pkgs, ... }: -{ +{pkgs, config, ... }: +let + user = config.krebs.build.user.name; +in + { systemd.services.look-up = { startAt = "*:30"; serviceConfig = { -- cgit v1.2.3 From 543783c1bb1bb5dd21e9203d37e400cdb6af5ef4 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 12 Dec 2022 20:15:54 +0100 Subject: ma pkgs.ratt: update vendor sha256 --- makefu/5pkgs/ratt/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/5pkgs/ratt/default.nix b/makefu/5pkgs/ratt/default.nix index 0ad94c55..575a33f2 100644 --- a/makefu/5pkgs/ratt/default.nix +++ b/makefu/5pkgs/ratt/default.nix @@ -11,7 +11,7 @@ buildGoModule rec { }; proxyVendor = true; - vendorSha256 = "sha256-AOtWR7Ew+0I7+TrMZOCxOKGCv+mlvcqy9s+gX2JKwnE="; + vendorSha256 = "sha256-tCSwyusVstEkz2pXYGX5JmS+VgqErSPtnh4LomaaFcE="; # tests try to access the internet to scrape websites doCheck = false; -- cgit v1.2.3 From 20a0952d87f1c25ac85758d03d0a1b2339fe57c6 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 12 Dec 2022 20:38:03 +0100 Subject: ma pkgs.pkgrename: allow-multiple-definitions i have no idea what i am doing --- makefu/5pkgs/pkgrename/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/makefu/5pkgs/pkgrename/default.nix b/makefu/5pkgs/pkgrename/default.nix index 5eeb161e..c0944b03 100644 --- a/makefu/5pkgs/pkgrename/default.nix +++ b/makefu/5pkgs/pkgrename/default.nix @@ -2,19 +2,19 @@ }: stdenv.mkDerivation rec { name = "pkgrename"; - version = "1.03"; + version = "1.05"; src = fetchFromGitHub { owner = "hippie68"; repo = "pkgrename"; - rev = "c3e5c47ed9367273bd09577af46d3d9bf87b2a50"; + rev = "c7c95f0ea49324433db4a7df8db8b0905198e62e"; sha256 = "0cphxdpj04h1i0qf5mji3xqdsbyilvd5b4gwp4vx914r6k5f0xf3"; }; buildInputs = [ curl.dev ]; buildPhase = '' cd pkgrename.c - gcc pkgrename.c src/*.c -o pkgrename -lcurl -s -O1 $(curl-config --cflags --libs) + $CC pkgrename.c src/*.c -o pkgrename -s -O3 $(curl-config --cflags --libs) -Wl,--allow-multiple-definition ''; installPhase = '' install -D pkgrename $out/bin/pkgrename -- cgit v1.2.3 From 26f67c6c803d70e0c947790d5f8cf60db8199910 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 12 Dec 2022 20:55:37 +0100 Subject: k puyak.r: rip alertmanager-telegram --- krebs/1systems/puyak/config.nix | 1 + .../2configs/shack/prometheus/alertmanager-telegram.nix | 17 ----------------- 2 files changed, 1 insertion(+), 17 deletions(-) delete mode 100644 krebs/2configs/shack/prometheus/alertmanager-telegram.nix diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index f4bd472a..de98a84c 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -110,6 +110,7 @@ # + # TODO: alertmanager 0.24+ supports telegram ]; diff --git a/krebs/2configs/shack/prometheus/alertmanager-telegram.nix b/krebs/2configs/shack/prometheus/alertmanager-telegram.nix deleted file mode 100644 index 8527001c..00000000 --- a/krebs/2configs/shack/prometheus/alertmanager-telegram.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ pkgs, ...}: -{ - systemd.services.alertmanager-bot-telegram = { - wantedBy = [ "multi-user.target" ]; - after = [ "ip-up.target" ]; - serviceConfig = { - EnvironmentFile = toString ; - DynamicUser = true; - StateDirectory = "alertbot"; - ExecStart = ''${pkgs.alertmanager-bot-telegram}/bin/alertmanager-bot \ - --alertmanager.url=http://alert.prometheus.shack --log.level=info \ - --store=bolt --bolt.path=/var/lib/alertbot/bot.db \ - --listen.addr="0.0.0.0:16320" \ - --template.paths=${./templates}/shack.tmpl''; - }; - }; -} -- cgit v1.2.3 From 908bb16cc8356a1b77fc79a9f49c0bd0a3d8b3e0 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 12 Dec 2022 20:59:24 +0100 Subject: ma gui/look-up: fix configuration --- krebs/1systems/puyak/config.nix | 2 +- makefu/2configs/gui/look-up.nix | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index de98a84c..033cb94d 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -111,7 +111,7 @@ # # TODO: alertmanager 0.24+ supports telegram - + # ]; krebs.build.host = config.krebs.hosts.puyak; diff --git a/makefu/2configs/gui/look-up.nix b/makefu/2configs/gui/look-up.nix index eea84bc4..e04098cc 100644 --- a/makefu/2configs/gui/look-up.nix +++ b/makefu/2configs/gui/look-up.nix @@ -1,6 +1,7 @@ {pkgs, config, ... }: let user = config.krebs.build.user.name; + window-manager = "awesome"; in { systemd.services.look-up = { -- cgit v1.2.3 From d4281b3dbeb8452844ccb679839ad601b20fe64a Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 12 Dec 2022 23:43:16 +0100 Subject: k pkgs.passwdqc: 1.3.0 -> 2.0.2 --- krebs/5pkgs/simple/passwdqc-utils/default.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/krebs/5pkgs/simple/passwdqc-utils/default.nix b/krebs/5pkgs/simple/passwdqc-utils/default.nix index c6f866e5..1def3167 100644 --- a/krebs/5pkgs/simple/passwdqc-utils/default.nix +++ b/krebs/5pkgs/simple/passwdqc-utils/default.nix @@ -1,17 +1,17 @@ { fetchurl, lib, stdenv , libxcrypt -, pam +, linux-pam , wordset-file ? null, # set your own wordset-file }: stdenv.mkDerivation rec { - name = "passwdqc-utils-${version}"; - version = "1.3.0"; - buildInputs = [ libxcrypt pam ]; + pname = "passwdqc-utils"; + version = "2.0.2"; + buildInputs = [ libxcrypt linux-pam ]; src = fetchurl { url = "http://www.openwall.com/passwdqc/passwdqc-${version}.tar.gz"; - sha256 = "0l3zbrp4pvah0dz33m48aqlz9nx663cc1fqhnlwr0p853b10la93"; + hash = "sha256-/x9QV2TAIPakSEseDMT9vy4/cbUikm2QtHCRBMoGBKs="; }; buildTargets = "utils"; -- cgit v1.2.3