From d3ad361ec52d8f963178646e8bac6ca587644c8c Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 1 Aug 2023 13:45:54 +0200 Subject: reaktor2: fix agenda.html reference --- krebs/2configs/reaktor2.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index 0f7ab0ad..bc5bfc0f 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -486,7 +486,7 @@ in { services.nginx.virtualHosts."agenda.r" = { serverAliases = [ "kri.r" ]; locations."= /index.html".extraConfig = '' - alias ./agenda.html; + alias ${./agenda.html}; ''; locations."/agenda.json".extraConfig = '' proxy_set_header Host $host; -- cgit v1.2.3 From 61d90dcde00082dfaf4bf0e4d4c7774e420c0632 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 4 Aug 2023 12:58:08 +0200 Subject: nixpkgs-unstable: 2a9d660 -> 66aedfd --- krebs/nixpkgs-unstable.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'krebs') diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 4ae0716e..0dcb20e9 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,10 +1,10 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "2a9d660ff0f7ffde9d73be328ee6e6f10ef66b28", - "date": "2023-07-28T14:55:37+02:00", - "path": "/nix/store/38nmp3rkbjic5dm6g9qp4ldwi7pr602p-nixpkgs", - "sha256": "0c2x3bcal4kyxgf6i408622zqvxamz986h11z8zjvd7gc8y4wxn7", - "hash": "sha256-x3ZOPGLvtC0/+iFAg9Kvqm/8hTAIkGjc634SqtgaXTA=", + "rev": "66aedfd010204949cb225cf749be08cb13ce1813", + "date": "2023-08-02T21:56:37+02:00", + "path": "/nix/store/wwmgy3p8svf9ag2s6fimr3fpz5v40mya-nixpkgs", + "sha256": "1jspq3g1wzdfgmnp4wzzrwh2cfn9q2w86b25bgwr7ygdcdap3fqd", + "hash": "sha256-DbtxVWPt+ZP5W0Usg7jAyTomIM//c3Jtfa59Ht7AV8s=", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, -- cgit v1.2.3 From d42dcd7ad63557cdfa5e6b7bc52f55efd6e016f9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 4 Aug 2023 12:59:09 +0200 Subject: nixpkgs: 48e82fe -> bd836ac --- krebs/nixpkgs.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'krebs') diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 55e54ec6..cd0714cf 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,10 +1,10 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "48e82fe1b1c863ee26a33ce9bd39621d2ada0a33", - "date": "2023-07-28T18:34:19+03:00", - "path": "/nix/store/pgqfg8ip3lv0lr6mpwh558npz3c1wwcr-nixpkgs", - "sha256": "0d7na9ygda2r7gs3gbixd9gvcxgdv84993cilkj86bcwbpbg4vp5", - "hash": "sha256-5W7y1l2cLYPkpJGNlAja7XW2X2o9rjf0O1mo9nxS9jQ=", + "rev": "bd836ac5e5a7358dea73cb74a013ca32864ccb86", + "date": "2023-08-02T00:11:43+02:00", + "path": "/nix/store/qj37rmkpa5spmxsr3vb5hrwkahnsn4pm-nixpkgs", + "sha256": "1xcg07nmzz74s99ln079rqzlxyiv2gzzz9g71h5337jf4il0560g", + "hash": "sha256-D5gCaCROnjEKDOel//8TO/pOP87pAEtT0uT8X+0Bj/U=", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, -- cgit v1.2.3 From 947dd631235359a22993ed213828266f0fc60313 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 16 Aug 2023 11:21:52 +0200 Subject: nixpkgs-unstable: 66aedfd -> 8353344 --- krebs/nixpkgs-unstable.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'krebs') diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 0dcb20e9..c31b7f70 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,10 +1,10 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "66aedfd010204949cb225cf749be08cb13ce1813", - "date": "2023-08-02T21:56:37+02:00", - "path": "/nix/store/wwmgy3p8svf9ag2s6fimr3fpz5v40mya-nixpkgs", - "sha256": "1jspq3g1wzdfgmnp4wzzrwh2cfn9q2w86b25bgwr7ygdcdap3fqd", - "hash": "sha256-DbtxVWPt+ZP5W0Usg7jAyTomIM//c3Jtfa59Ht7AV8s=", + "rev": "8353344d3236d3fda429bb471c1ee008857d3b7c", + "date": "2023-08-15T09:25:12+02:00", + "path": "/nix/store/r7sblbzjhxfl07r4l3nywhaprk3486zx-nixpkgs", + "sha256": "02431z7g8zmjrmqpmsxsnzz4r91cdl3a2sdz6kiqpsjalnlbxbv5", + "hash": "sha256-Za++qKVK6ovjNL9poQZtLKRM/re663pxzbJ+9M4Pgwg=", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, -- cgit v1.2.3 From 03f86e7faa67f953b3829b96402f752b1df19c9d Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 23 Aug 2023 22:06:13 +0200 Subject: vicuna-chat: update model name --- krebs/5pkgs/simple/vicuna-chat/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/5pkgs/simple/vicuna-chat/default.nix b/krebs/5pkgs/simple/vicuna-chat/default.nix index 11a11aab..db15899d 100644 --- a/krebs/5pkgs/simple/vicuna-chat/default.nix +++ b/krebs/5pkgs/simple/vicuna-chat/default.nix @@ -23,7 +23,7 @@ pkgs.writers.writeDashBin "vicuna-chat" '' add_to_context "{\"role\": \"user\", \"content\": \"$PROMPT\"}" response=$( jq -nc --slurpfile context "$CONTEXT" '{ - model: "vicuna-13b", + model: "vicuna-13b-v1.5-16k", messages: $context[0], }' | curl -Ss http://vicuna.r/v1/chat/completions -H 'Content-Type: application/json' -d @- -- cgit v1.2.3 From 36eaa0d88d631905e9d439a6b2b7ae6e6df84919 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 26 Aug 2023 08:24:47 +0200 Subject: mastodon: add clear-cache command --- krebs/2configs/mastodon.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'krebs') diff --git a/krebs/2configs/mastodon.nix b/krebs/2configs/mastodon.nix index 145b383e..af308b2c 100644 --- a/krebs/2configs/mastodon.nix +++ b/krebs/2configs/mastodon.nix @@ -33,8 +33,10 @@ ]; environment.systemPackages = [ - (pkgs.writers.writeDashBin "tootctl" '' - sudo -u mastodon /etc/profiles/per-user/mastodon/bin/mastodon-env /etc/profiles/per-user/mastodon/bin/tootctl "$@" + (pkgs.writers.writeDashBin "clear-mastodon-cache" '' + mastodon-tootctl media remove --prune-profiles --days=14 --concurrency=30 + mastodon-tootctl media remove-orphans + mastodon-tootctl preview_cards remove --days=14 '') (pkgs.writers.writeDashBin "create-mastodon-user" '' set -efu -- cgit v1.2.3 From 046651c48c43b366900d3f3cd46c6413b93e8d01 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 2 Sep 2023 21:24:33 +0200 Subject: nixpkgs: bd836ac -> 9075cba --- krebs/nixpkgs.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'krebs') diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index cd0714cf..0b6021ed 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,10 +1,10 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "bd836ac5e5a7358dea73cb74a013ca32864ccb86", - "date": "2023-08-02T00:11:43+02:00", - "path": "/nix/store/qj37rmkpa5spmxsr3vb5hrwkahnsn4pm-nixpkgs", - "sha256": "1xcg07nmzz74s99ln079rqzlxyiv2gzzz9g71h5337jf4il0560g", - "hash": "sha256-D5gCaCROnjEKDOel//8TO/pOP87pAEtT0uT8X+0Bj/U=", + "rev": "9075cba53e86dc318d159aee55dc9a7c9a4829c1", + "date": "2023-09-02T08:28:47+02:00", + "path": "/nix/store/605bv7zssv38j0ii8rbnxkv1m0f0b53p-nixpkgs", + "sha256": "0kymzp32d31c0hny2b2f7zfn49nzrxlm963xbm4v0axka6abym36", + "hash": "sha256-ZlS/lFGzK7BJXX2YVGnP3yZi3T9OLOEtBCyMJsb91U8=", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, -- cgit v1.2.3 From 40db172916f1b328d0d03f3753500b3ee2a41c7f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 2 Sep 2023 21:25:12 +0200 Subject: nixpkgs-unstable: 8353344 -> aa8aa7e --- krebs/nixpkgs-unstable.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'krebs') diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index c31b7f70..2233cd20 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,10 +1,10 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "8353344d3236d3fda429bb471c1ee008857d3b7c", - "date": "2023-08-15T09:25:12+02:00", - "path": "/nix/store/r7sblbzjhxfl07r4l3nywhaprk3486zx-nixpkgs", - "sha256": "02431z7g8zmjrmqpmsxsnzz4r91cdl3a2sdz6kiqpsjalnlbxbv5", - "hash": "sha256-Za++qKVK6ovjNL9poQZtLKRM/re663pxzbJ+9M4Pgwg=", + "rev": "aa8aa7e2ea35ce655297e8322dc82bf77a31d04b", + "date": "2023-09-01T18:51:16+08:00", + "path": "/nix/store/10xskkarnksmn1fahylswv0y4216c73w-nixpkgs", + "sha256": "0bbv3y86kfpn02zh5vvdbkmnqyzagzbc1gzpvvlb6qbvgg639bf9", + "hash": "sha256-ya00zHt7YbPo3ve/wNZ/6nts61xt7wK/APa6aZAfey0=", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, -- cgit v1.2.3 From bbe4e5652118609aefb8833440b61224f6d8e0b1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 3 Sep 2023 12:36:54 +0200 Subject: nix-serve-ng: 1.0.0 -> 1.0.1 --- krebs/5pkgs/haskell/nix-serve-ng.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'krebs') diff --git a/krebs/5pkgs/haskell/nix-serve-ng.nix b/krebs/5pkgs/haskell/nix-serve-ng.nix index 8866b205..62e02ce8 100644 --- a/krebs/5pkgs/haskell/nix-serve-ng.nix +++ b/krebs/5pkgs/haskell/nix-serve-ng.nix @@ -6,11 +6,11 @@ }: mkDerivation { pname = "nix-serve-ng"; - version = "1.0.0"; + version = "1.0.1"; src = fetchgit { url = "https://github.com/aristanetworks/nix-serve-ng"; - sha256 = "0mqp67z5mi8rsjahdh395n7ppf0b65k8rd3pvnl281g02rbr69y2"; - rev = "433f70f4daae156b84853f5aaa11987aa5ce7277"; + sha256 = "sha256-PkzwtjUgYuqfWtCH1nRqVRaajihN1SqMVjWmoSG/CCY="; + rev = "9b546864f4090736f3f9069a01ea5d42cf7bab7c"; fetchSubmodules = true; }; isLibrary = false; -- cgit v1.2.3 From 654c596efd4f57687583532dc1531868d314a644 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 3 Sep 2023 12:37:42 +0200 Subject: ovh-zone: remove broken d2to1 --- krebs/5pkgs/simple/ovh-zone/default.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'krebs') diff --git a/krebs/5pkgs/simple/ovh-zone/default.nix b/krebs/5pkgs/simple/ovh-zone/default.nix index 051a14e8..bc0e45cb 100644 --- a/krebs/5pkgs/simple/ovh-zone/default.nix +++ b/krebs/5pkgs/simple/ovh-zone/default.nix @@ -9,7 +9,6 @@ python3Packages.buildPythonPackage rec { name = "ovh-zone-${version}"; version = "0.4.4"; propagatedBuildInputs = with pkgs.python3Packages;[ - d2to1 # for setup to work ovh docopt ]; -- cgit v1.2.3 From de37ad95995c89054fb3a864ce4e56f2b2aa12df Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 4 Sep 2023 13:44:51 +0200 Subject: realwallpaper get_constellations: make importable --- .../simple/realwallpaper/get_constellations.py | 29 +++++++++++++--------- 1 file changed, 17 insertions(+), 12 deletions(-) (limited to 'krebs') diff --git a/krebs/5pkgs/simple/realwallpaper/get_constellations.py b/krebs/5pkgs/simple/realwallpaper/get_constellations.py index 5d8d3df5..4ba766f6 100644 --- a/krebs/5pkgs/simple/realwallpaper/get_constellations.py +++ b/krebs/5pkgs/simple/realwallpaper/get_constellations.py @@ -18,19 +18,24 @@ def points_to_lines(points): return lines -with open(sys.argv[1]) as f: - constellations = json.load(f)['features'] +def main(): + with open(sys.argv[1]) as f: + constellations = json.load(f)['features'] -output = [] + output = [] -for const in constellations: - for line in const['geometry']['coordinates']: - transformed_line = [] - for point in line: - transformed_line.append(convert_to_itrs(point)) + for const in constellations: + for line in const['geometry']['coordinates']: + transformed_line = [] + for point in line: + transformed_line.append(convert_to_itrs(point)) - line_combined = points_to_lines(transformed_line) - for l in line_combined: # noqa - output.append(f'{l[0][0]} {l[0][1]} {l[1][0]} {l[1][1]} # {const["id"]}') # noqa + line_combined = points_to_lines(transformed_line) + for l in line_combined: # noqa + output.append(f'{l[0][0]} {l[0][1]} {l[1][0]} {l[1][1]} # {const["id"]}') # noqa -print('\n'.join(output)) + print('\n'.join(output)) + + +if __name__ == "__main__": + main() -- cgit v1.2.3 From da71141921958d50e6845ccbdad08a117c7d9be4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 4 Sep 2023 13:45:19 +0200 Subject: init renew-krebs-intermediate-ca --- .../simple/renew-krebs-intermediate-ca/default.nix | 30 ++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 krebs/5pkgs/simple/renew-krebs-intermediate-ca/default.nix (limited to 'krebs') diff --git a/krebs/5pkgs/simple/renew-krebs-intermediate-ca/default.nix b/krebs/5pkgs/simple/renew-krebs-intermediate-ca/default.nix new file mode 100644 index 00000000..d3557894 --- /dev/null +++ b/krebs/5pkgs/simple/renew-krebs-intermediate-ca/default.nix @@ -0,0 +1,30 @@ +{ pkgs }: +pkgs.writers.writeDashBin "renew-intermediate-ca" '' + TMPDIR=$(mktemp -d) + trap "rm -rf $TMPDIR;" INT TERM EXIT + mkdir -p "$TMPDIR/krebs" + brain show ca/ca.key > "$TMPDIR/krebs/ca.key" + brain show ca/ca.crt > "$TMPDIR/krebs/ca.crt" + brain show krebs-secrets/hotdog/acme_ca.key > "$TMPDIR/acme.key" + cp ${toString ../../../6assets/krebsAcmeCA.crt} "$TMPDIR/acme.crt" + export STEPPATH="$TMPDIR/step" + cat << EOF > "$TMPDIR/intermediate.tpl" + { + "subject": {{ toJson .Subject }}, + "keyUsage": ["certSign", "crlSign"], + "basicConstraints": { + "isCA": true, + "maxPathLen": 0 + }, + "nameConstraints": { + "critical": true, + "permittedDNSDomains": ["r" ,"w"] + } + } + EOF + + ${pkgs.step-cli}/bin/step ca renew "$TMPDIR/ca.crt" "$TMPDIR/ca.key" \ + --offline \ + --root "$TMPDIR/krebs/ca.crt" \ + --ca-config "$TMPDIR/intermediate.tpl" +'' -- cgit v1.2.3 From 1105d9ef32d5512b0e6eee7fb6c8d7e0435a893c Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 4 Sep 2023 20:32:48 +0200 Subject: fetchWallpaper: use upstream writers --- krebs/3modules/fetchWallpaper.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index 79187adf..0d67120f 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -40,7 +40,7 @@ let }; }; - fetchWallpaperScript = pkgs.writeDash "fetchWallpaper" '' + fetchWallpaperScript = pkgs.writers.writeDash "fetchWallpaper" '' set -euf mkdir -p ${cfg.stateDir} -- cgit v1.2.3 From 245dd8b67ffe133dbff76a59a4f9e7f5401f7aec Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 4 Sep 2023 20:35:32 +0200 Subject: iptables: use upstream writers --- krebs/3modules/iptables.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix index c1c5b68c..32a5273a 100644 --- a/krebs/3modules/iptables.nix +++ b/krebs/3modules/iptables.nix @@ -177,7 +177,7 @@ let ${buildTables iptables-version cfg.tables} ''; - startScript = pkgs.writeDash "krebs-iptables_start" '' + startScript = pkgs.writers.writeDash "krebs-iptables_start" '' set -euf iptables-restore < ${rules "v4"} ip6tables-restore < ${rules "v6"} -- cgit v1.2.3 From 5e215d87e53f97e73247c0d415a416cade9f9328 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 4 Sep 2023 20:36:51 +0200 Subject: power-action: use upstream writers --- krebs/3modules/power-action.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/power-action.nix b/krebs/3modules/power-action.nix index 71e2b541..a9ed24d3 100644 --- a/krebs/3modules/power-action.nix +++ b/krebs/3modules/power-action.nix @@ -60,7 +60,7 @@ let }; }; - startScript = pkgs.writeDash "power-action" '' + startScript = pkgs.writers.writeDash "power-action" '' set -euf power="$(${powerlvl})" @@ -77,11 +77,11 @@ let writeRule = _: plan: "if [ $power -ge ${toString plan.lowerLimit} ] && [ $power -le ${toString plan.upperLimit} ] ${charging_check plan}; then ${plan.action}; fi"; - powerlvl = pkgs.writeDash "powerlvl" '' + powerlvl = pkgs.writers.writeDash "powerlvl" '' cat /sys/class/power_supply/${cfg.battery}/capacity ''; - state = pkgs.writeDash "state" '' + state = pkgs.writers.writeDash "state" '' if [ "$(cat /sys/class/power_supply/${cfg.battery}/status)" = "Discharging" ] then echo "false" else echo "true" -- cgit v1.2.3 From a2f58988f5c35c5782dc75c2c6c8635cb82339a5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 7 Sep 2023 11:54:02 +0200 Subject: fzfmenu: handle dumb terminal as no terminal --- krebs/5pkgs/simple/fzfmenu/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/5pkgs/simple/fzfmenu/default.nix b/krebs/5pkgs/simple/fzfmenu/default.nix index eb244133..030c1b1b 100644 --- a/krebs/5pkgs/simple/fzfmenu/default.nix +++ b/krebs/5pkgs/simple/fzfmenu/default.nix @@ -43,7 +43,7 @@ pkgs.writers.writeDashBin "fzfmenu" '' set -efu # Spawn terminal if called without one, like e.g. from a window manager. - if [ -z ''${TERM+x} ]; then + if [ -z ''${TERM+x} ] || [ $TERM = dumb ]; then exec 3<&0 exec 4>&1 export FZFMENU_INPUT_FD=3 -- cgit v1.2.3 From 083229d0211096daec08673f743ccc45b1d8a0ac Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 7 Sep 2023 19:00:57 +0200 Subject: krebs: krebs.secret.directory --- krebs/2configs/acme.nix | 2 +- krebs/2configs/cal.nix | 2 +- krebs/2configs/hotdog-host.nix | 3 ++- krebs/2configs/news-host.nix | 3 ++- krebs/2configs/repo-sync.nix | 2 +- krebs/2configs/syncthing.nix | 4 ++-- krebs/2configs/tor/initrd.nix | 4 ++-- krebs/2configs/wiki.nix | 2 +- krebs/3modules/exim-smarthost.nix | 4 ++-- krebs/3modules/github/hosts-sync.nix | 2 +- krebs/3modules/repo-sync.nix | 2 +- krebs/3modules/retiolum-bootstrap.nix | 4 ++-- krebs/3modules/tinc.nix | 4 ++-- 13 files changed, 20 insertions(+), 18 deletions(-) (limited to 'krebs') diff --git a/krebs/2configs/acme.nix b/krebs/2configs/acme.nix index 056aa7ae..0b9cb91a 100644 --- a/krebs/2configs/acme.nix +++ b/krebs/2configs/acme.nix @@ -24,7 +24,7 @@ in { path = "/var/lib/step-ca/intermediate_ca.key"; owner.name = "root"; mode = "1444"; - source-path = builtins.toString + "/acme_ca.key"; + source-path = "${config.krebs.secret.directory}/acme_ca.key"; }; services.step-ca = { enable = true; diff --git a/krebs/2configs/cal.nix b/krebs/2configs/cal.nix index a1fe47b5..1a0cdf01 100644 --- a/krebs/2configs/cal.nix +++ b/krebs/2configs/cal.nix @@ -108,7 +108,7 @@ in { krebs.secret.files.calendar = { path = "/var/lib/radicale/.ssh/id_ed25519"; owner = { name = "radicale"; }; - source-path = "${}"; + source-path = "${config.krebs.secret.directory}/radicale.id_ed25519"; }; security.sudo.extraConfig = '' diff --git a/krebs/2configs/hotdog-host.nix b/krebs/2configs/hotdog-host.nix index 95d70376..ab2b22b7 100644 --- a/krebs/2configs/hotdog-host.nix +++ b/krebs/2configs/hotdog-host.nix @@ -1,6 +1,7 @@ +{ config, ... }: { krebs.sync-containers3.containers.hotdog = { - sshKey = "${toString }/hotdog.sync.key"; + sshKey = "${config.krebs.secret.directory}/hotdog.sync.key"; }; containers.hotdog.bindMounts."/var/lib" = { hostPath = "/var/lib/sync-containers3/hotdog/state"; diff --git a/krebs/2configs/news-host.nix b/krebs/2configs/news-host.nix index 71793e51..81922ef8 100644 --- a/krebs/2configs/news-host.nix +++ b/krebs/2configs/news-host.nix @@ -1,5 +1,6 @@ +{ config, ... }: { krebs.sync-containers3.containers.news = { - sshKey = "${toString }/news.sync.key"; + sshKey = "${config.krebs.secret.directory}/news.sync.key"; }; } diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix index 1b72924a..a488fdfe 100644 --- a/krebs/2configs/repo-sync.nix +++ b/krebs/2configs/repo-sync.nix @@ -98,7 +98,7 @@ in { krebs.secret.files.konsens = { path = "/var/lib/konsens/.ssh/id_ed25519"; owner = konsens-user; - source-path = "${}"; + source-path = "${config.krebs.secret.directory}/konsens.id_ed25519>"; }; imports = [ diff --git a/krebs/2configs/syncthing.nix b/krebs/2configs/syncthing.nix index 59178516..90ae66f6 100644 --- a/krebs/2configs/syncthing.nix +++ b/krebs/2configs/syncthing.nix @@ -10,8 +10,8 @@ in { services.syncthing = { enable = true; configDir = "/var/lib/syncthing"; - key = toString ; - cert = toString ; + key = "${config.krebs.secret.directory}/syncthing.key"; + cert = "${config.krebs.secret.directory}/syncthing.cert"; # workaround for infinite recursion on unstable, remove in 23.11 } // (if builtins.hasAttr "settings" options.services.syncthing then { settings.devices = mk_peers used_peers; } diff --git a/krebs/2configs/tor/initrd.nix b/krebs/2configs/tor/initrd.nix index 98ed039b..21c46a0a 100644 --- a/krebs/2configs/tor/initrd.nix +++ b/krebs/2configs/tor/initrd.nix @@ -13,12 +13,12 @@ config.krebs.users.makefu.pubkey config.krebs.users.tv.pubkey ]; - hostKeys = [ ]; + hostKeys = [ "${config.krebs.secret.directory}/initrd/openssh_host_ecdsa_key" ]; }; boot.initrd.availableKernelModules = [ "e1000e" ]; boot.initrd.secrets = { - "/etc/tor/onion/bootup" = ; + "/etc/tor/onion/bootup" = "${config.krebs.secret.directory}/initrd"; }; boot.initrd.extraUtilsCommands = '' diff --git a/krebs/2configs/wiki.nix b/krebs/2configs/wiki.nix index a227ceb4..4b0bf976 100644 --- a/krebs/2configs/wiki.nix +++ b/krebs/2configs/wiki.nix @@ -96,7 +96,7 @@ in krebs.secret.files.gollum = { path = "${config.services.gollum.stateDir}/.ssh/id_ed25519"; owner = { name = "gollum"; }; - source-path = "${}"; + source-path = "${config.krebs.secret.directory}/gollum.id_ed25519"; }; security.sudo.extraConfig = '' diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index 093ae203..4e42ce72 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -20,14 +20,14 @@ let }; dkim = mkOption { - type = types.listOf (types.submodule ({ config, ... }: { + type = types.listOf (types.submodule (dkim: { options = { domain = mkOption { type = types.str; }; private_key = mkOption { type = types.absolute-pathname; - default = toString + "/${config.domain}.dkim.priv"; + default = "${config.krebs.secret.directory}/${dkim.config.domain}.dkim.priv"; defaultText = "‹secrets/‹domain›.dkim.priv›"; }; selector = mkOption { diff --git a/krebs/3modules/github/hosts-sync.nix b/krebs/3modules/github/hosts-sync.nix index 6f9aee0c..2f373f9b 100644 --- a/krebs/3modules/github/hosts-sync.nix +++ b/krebs/3modules/github/hosts-sync.nix @@ -22,7 +22,7 @@ let }; ssh-identity-file = mkOption { type = types.suffixed-str [".ssh.id_ed25519" ".ssh.id_rsa"]; - default = toString ; + default = "${config.krebs.secret.directory}/github-hosts-sync.ssh.id_ed25519"; defaultText = "‹secrets/github-hosts-sync.ssh.id_ed25519›"; }; url = mkOption { diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix index a6de3f3f..5208d91a 100644 --- a/krebs/3modules/repo-sync.nix +++ b/krebs/3modules/repo-sync.nix @@ -123,7 +123,7 @@ let privateKeyFile = mkOption { type = types.absolute-pathname; - default = toString + "/repo-sync.ssh.key"; + default = "${config.krebs.secret.directory}/repo-sync.ssh.key"; defaultText = "‹secrets/repo-sync.ssh.key›"; }; diff --git a/krebs/3modules/retiolum-bootstrap.nix b/krebs/3modules/retiolum-bootstrap.nix index c9ea8a61..bd7e7c5f 100644 --- a/krebs/3modules/retiolum-bootstrap.nix +++ b/krebs/3modules/retiolum-bootstrap.nix @@ -14,12 +14,12 @@ in sslCertificate = mkOption { type = types.str; description = "Certificate file to use for ssl"; - default = "${toString }/tinc.krebsco.de.crt" ; + default = "${config.krebs.secret.directory}/tinc.krebsco.de.crt" ; }; sslCertificateKey = mkOption { type = types.str; description = "Certificate key to use for ssl"; - default = "${toString }/tinc.krebsco.de.key"; + default = "${config.krebs.secret.directory}/tinc.krebsco.de.key"; }; # in use: # diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 2f9efad4..9df368cf 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -149,7 +149,7 @@ with import ../../lib/pure.nix { inherit lib; }; { privkey = mkOption { type = types.absolute-pathname; - default = toString + "/${tinc.config.netname}.rsa_key.priv"; + default = "${config.krebs.secret.directory}/${tinc.config.netname}.rsa_key.priv"; defaultText = "‹secrets/‹netname›.rsa_key.priv›"; }; @@ -158,7 +158,7 @@ with import ../../lib/pure.nix { inherit lib; }; { default = if tinc.config.host.nets.${netname}.tinc.pubkey_ed25519 == null then null - else toString + "/${tinc.config.netname}.ed25519_key.priv"; + else "${config.krebs.secret.directory}/${tinc.config.netname}.ed25519_key.priv"; defaultText = "‹secrets/‹netname›.ed25519_key.priv›"; }; -- cgit v1.2.3