From e662c0151398e43a4b344618a819339362568418 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 6 Dec 2022 19:31:22 +0100 Subject: htgen: 1.3.1 -> 1.4.0 --- krebs/5pkgs/simple/htgen/default.nix | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/krebs/5pkgs/simple/htgen/default.nix b/krebs/5pkgs/simple/htgen/default.nix index 14b6f4c5..1ee13783 100644 --- a/krebs/5pkgs/simple/htgen/default.nix +++ b/krebs/5pkgs/simple/htgen/default.nix @@ -1,13 +1,12 @@ { fetchgit, lib, pkgs, stdenv }: stdenv.mkDerivation rec { pname = "htgen"; - version = "1.3.1"; + version = "1.4.0"; - #src = ; src = fetchgit { - url = "http://cgit.krebsco.de/htgen"; + url = "https://cgit.krebsco.de/htgen"; rev = "refs/tags/${version}"; - sha256 = "0ml8kp89bwkrwy6iqclzyhxgv2qn9dcpwaafbmsr4mgcl70zx22r"; + sha256 = "1k6xdr4g1p2wjiyizwh33ihw3azbar7kmhyxywcq0whpip9inpmj"; }; installPhase = '' -- cgit v1.2.3 From 139c750ee6dd22f4d52d45f3f5e4ee843162833d Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 6 Dec 2022 19:45:38 +0100 Subject: htgen: add scriptFile option --- krebs/3modules/htgen.nix | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix index 375e2697..1e7e6992 100644 --- a/krebs/3modules/htgen.nix +++ b/krebs/3modules/htgen.nix @@ -2,6 +2,12 @@ with import ; let + optionalAttr = name: value: + if name != null then + { ${name} = value; } + else + {}; + cfg = config.krebs.htgen; out = { @@ -30,8 +36,15 @@ let }; script = mkOption { - type = types.str; + type = types.nullOr types.str; + default = null; + }; + + scriptFile = mkOption { + type = types.nullOr types.str; + default = null; }; + user = mkOption { type = types.user; default = { @@ -54,8 +67,10 @@ let after = [ "network.target" ]; environment = { HTGEN_PORT = toString htgen.port; - HTGEN_SCRIPT = htgen.script; - }; + } + // optionalAttr "HTGEN_SCRIPT" htgen.script + // optionalAttr "HTGEN_SCRIPT_FILE" htgen.scriptFile + ; serviceConfig = { SyslogIdentifier = "htgen"; User = htgen.user.name; -- cgit v1.2.3 From 9a9b8e56eb6234650a369bbd24d41b8f4c66c78d Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 6 Dec 2022 19:51:40 +0100 Subject: tv imgur htgen: use scriptFile --- tv/2configs/imgur.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tv/2configs/imgur.nix b/tv/2configs/imgur.nix index ba84fd2d..1df67f93 100644 --- a/tv/2configs/imgur.nix +++ b/tv/2configs/imgur.nix @@ -18,8 +18,6 @@ with import ; krebs.htgen.imgur = { port = 7771; - script = /* sh */ '' - (. ${pkgs.htgen-imgur}/bin/htgen-imgur) - ''; + scriptFile = "${pkgs.htgen-imgur}/bin/htgen-imgur"; }; } -- cgit v1.2.3 From e1988655a3a6cbc785bacd3a75595a12de81aa77 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 7 Dec 2022 19:51:13 +0100 Subject: Revert "Revert "exim-smarthost: check SPF"" This reverts commit 2eb33e60b45c2b37d51a57b0fbe4a023861a7429. --- krebs/3modules/exim-smarthost.nix | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index 38cc828b..5923b610 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -126,8 +126,9 @@ let domainlist sender_domains = ${concatStringsSep ":" cfg.sender_domains} hostlist relay_from_hosts = <;${concatStringsSep ";" cfg.relay_from_hosts} - acl_smtp_rcpt = acl_check_rcpt acl_smtp_data = acl_check_data + acl_smtp_mail = acl_check_mail + acl_smtp_rcpt = acl_check_rcpt never_users = root @@ -179,6 +180,36 @@ let accept + acl_check_mail: + accept + sender_domains = +sender_domains + hosts = +relay_from_hosts + deny + spf = fail : softfail + log_message = spf=$spf_result + message = SPF validation failed: \ + $sender_host_address is not allowed to send mail from \ + ''${if def:sender_address_domain\ + {$sender_address_domain}\ + {$sender_helo_name}} + deny + spf = permerror + log_message = spf=$spf_result + message = SPF validation failed: \ + syntax error in SPF record(s) for \ + ''${if def:sender_address_domain\ + {$sender_address_domain}\ + {$sender_helo_name}} + defer + spf = temperror + log_message = spf=$spf_result; deferred + message = temporary error during SPF validation; \ + please try again later + warn + spf = none : neutral + log_message = spf=$spf_result + accept + add_header = $spf_received begin routers -- cgit v1.2.3 From df93a24faae49012aae107031b12c43f2e6e5c54 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 7 Dec 2022 19:57:46 +0100 Subject: exim-smarthost: don't check SPF when authenticated --- krebs/3modules/exim-smarthost.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index 5923b610..218d83ab 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -181,6 +181,8 @@ let accept acl_check_mail: + accept + authenticated = * accept sender_domains = +sender_domains hosts = +relay_from_hosts -- cgit v1.2.3 From 1796bf491246bc3e728d8b8502cc27c7ea9d06ea Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 7 Dec 2022 20:03:15 +0100 Subject: exim-smarthost: make SPF check optional --- krebs/3modules/exim-smarthost.nix | 67 +++++++++++++++++++++------------------ 1 file changed, 36 insertions(+), 31 deletions(-) diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index 218d83ab..7c176d22 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -12,6 +12,8 @@ let api = { enable = mkEnableOption "krebs.exim-smarthost"; + enableSPFVerification = mkEnableOption "SPF verification"; + authenticators = mkOption { type = types.attrsOf types.str; default = {}; @@ -181,37 +183,40 @@ let accept acl_check_mail: - accept - authenticated = * - accept - sender_domains = +sender_domains - hosts = +relay_from_hosts - deny - spf = fail : softfail - log_message = spf=$spf_result - message = SPF validation failed: \ - $sender_host_address is not allowed to send mail from \ - ''${if def:sender_address_domain\ - {$sender_address_domain}\ - {$sender_helo_name}} - deny - spf = permerror - log_message = spf=$spf_result - message = SPF validation failed: \ - syntax error in SPF record(s) for \ - ''${if def:sender_address_domain\ - {$sender_address_domain}\ - {$sender_helo_name}} - defer - spf = temperror - log_message = spf=$spf_result; deferred - message = temporary error during SPF validation; \ - please try again later - warn - spf = none : neutral - log_message = spf=$spf_result - accept - add_header = $spf_received + ${if cfg.enableSPFVerification then indent /* exim */ '' + accept + authenticated = * + accept + hosts = +relay_from_hosts + deny + spf = fail : softfail + log_message = spf=$spf_result + message = SPF validation failed: \ + $sender_host_address is not allowed to send mail from \ + ''${if def:sender_address_domain\ + {$sender_address_domain}\ + {$sender_helo_name}} + deny + spf = permerror + log_message = spf=$spf_result + message = SPF validation failed: \ + syntax error in SPF record(s) for \ + ''${if def:sender_address_domain\ + {$sender_address_domain}\ + {$sender_helo_name}} + defer + spf = temperror + log_message = spf=$spf_result; deferred + message = temporary error during SPF validation; \ + please try again later + warn + spf = none : neutral + log_message = spf=$spf_result + accept + add_header = $spf_received + '' else indent /* exim */ '' + accept + ''} begin routers -- cgit v1.2.3 From 4939592fa67b4e07842d96f0beeee2f8eb4baff9 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 7 Dec 2022 20:31:34 +0100 Subject: tv x220: disable power-profiles-daemon --- tv/2configs/hw/x220.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tv/2configs/hw/x220.nix b/tv/2configs/hw/x220.nix index 25e2effb..c3ec7b40 100644 --- a/tv/2configs/hw/x220.nix +++ b/tv/2configs/hw/x220.nix @@ -61,6 +61,9 @@ in emulateWheel = true; }; + # Conflicts with TLP, but gets enabled by DEs. + services.power-profiles-daemon.enable = false; + services.tlp.enable = true; services.tlp.settings = { START_CHARGE_THRESH_BAT0 = 80; -- cgit v1.2.3 From aabdb85c81407448c81d85efe0b4c08a0a86bfa4 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 7 Dec 2022 21:08:02 +0100 Subject: tv imagescan-plugin-networkscan: stdenv -> pkgs.pkgsi686Linux --- tv/5pkgs/simple/imagescan-plugin-networkscan.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/5pkgs/simple/imagescan-plugin-networkscan.nix b/tv/5pkgs/simple/imagescan-plugin-networkscan.nix index c3f2deac..4f9b84b2 100644 --- a/tv/5pkgs/simple/imagescan-plugin-networkscan.nix +++ b/tv/5pkgs/simple/imagescan-plugin-networkscan.nix @@ -32,7 +32,7 @@ stdenv.mkDerivation rec { preFixup = '' patchelf --set-interpreter \ - ${stdenv.glibc}/lib/ld-linux-x86-64.so.2 \ + ${pkgs.pkgsi686Linux.glibc}/lib/ld-linux-x86-64.so.2 \ $out/lib/utsushi/networkscan # libstdc++.so.6 -- cgit v1.2.3 From f8fdd76e7195d4a4f0117f7e64032075bb01a98e Mon Sep 17 00:00:00 2001 From: oxzi Date: Thu, 8 Dec 2022 12:51:16 +0100 Subject: kartei: init ancha --- kartei/oxzi/default.nix | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 kartei/oxzi/default.nix diff --git a/kartei/oxzi/default.nix b/kartei/oxzi/default.nix new file mode 100644 index 00000000..6e797649 --- /dev/null +++ b/kartei/oxzi/default.nix @@ -0,0 +1,31 @@ +{ config, ... }: let + lib = import ../../lib; +in { + users.oxzi = { + mail = "post@0x21.biz"; + }; + hosts.ancha = { + owner = config.krebs.users.oxzi; + nets.retiolum = { + aliases = [ "ancha.oxzi.r" ]; + ip4.addr = "10.243.32.1"; + ip6.addr = (lib.krebs.genipv6 "retiolum" "oxzi" { hostName = "ancha"; }).address; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA5RSP7nWZ1c04kvQBxoHqcdRKpJuRDzD3f0Nl2KhS7QsAqHJGdK7T + RrsoZcvJaKIFnlohJ4T1YpGGcXqShhTmKt3sm/0awLhD+zTE8lAlvEj+lnCkHls8 + eXO+VDB5FelibW/wEnvdImxKBaSVt4RLmMyTuzS9xklEq8Q+wMvzJktnV3pWJjYX + /JBYQEUHlrqXldBlKGHkU1KhFZHD/wzV5Ybkku4w1BHrMUHJNwHpTshD/QBDiJFj + iRA3e3Jfpp3qj2uWetGuP7NlFpZCh/fSrTqkAE8uShcFlplbgJIEGz2pp644maqw + XxRWPH1Iy5NHwVz/GSzQ67vsEunRJjueFQk8gxnhjh/CAlmE9VdxfGQOkejBAq+X + zCbqyflLPPz3Qx56TVpmAOY4gma7sfsaYAv+zv2paUxFKBfZrEL5UNoIevV9kZDn + nDixTQ6cDxHt3yCVzvwqTTBktZ0mYom43lvKSUnihDrQL1u338labFPtsZTOK4bo + 687ToSUC6u80VcnMTZxPFYOgTMjdCZPo+j1bhzmCQQCzcStRSeKRta+LOYb73Tjz + M6CwC9uaHDxhtmysXpZ4Qp83tfU6h/AsBJJpBdpkyLYXTq+E32pIq6RtKFFQL00O + /e0DzUzSB30oKLW1i2ZxWRQMVqvNdKsyq4glI4eRjnRmrnXOwTb7Y2MCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "oLvC/Y3jfGH4a8mBbv9eCCWKsx32gDGW/iCyia/fuBD"; + }; + }; +} -- cgit v1.2.3