From 18c1da0012737ec39385499b2447f85251b37cdc Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 15:02:20 +0200 Subject: ma: pulseeffects{,-legacy} , add isNormalUser --- makefu/2configs/default.nix | 1 + makefu/2configs/tools/media.nix | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index be64e402..52206c38 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -23,6 +23,7 @@ with import ; group = "users"; home = "/home/makefu"; createHome = true; + isNormalUser = true; useDefaultShell = true; extraGroups = [ "wheel" ]; openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix index d66ea776..14e782e3 100644 --- a/makefu/2configs/tools/media.nix +++ b/makefu/2configs/tools/media.nix @@ -15,6 +15,6 @@ streamripper youtube-dl - pulseeffects + pulseeffects-legacy # for pulse ]; } -- cgit v1.2.3 From e044c3121ac1f886eab15a350c4ab9fd909716e9 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 15:08:59 +0200 Subject: ma: isSystemUser everything --- makefu/2configs/bgt/download.binaergewitter.de.nix | 1 + makefu/2configs/dcpp/hub.nix | 3 ++- makefu/2configs/nsupdate-data.nix | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix index 4abc7d34..6ce0606a 100644 --- a/makefu/2configs/bgt/download.binaergewitter.de.nix +++ b/makefu/2configs/bgt/download.binaergewitter.de.nix @@ -22,6 +22,7 @@ in { uid = genid "auphonic"; group = "nginx"; useDefaultShell = true; + isSystemUser = true; openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ]; }; diff --git a/makefu/2configs/dcpp/hub.nix b/makefu/2configs/dcpp/hub.nix index fbbce1f0..d9a2869c 100644 --- a/makefu/2configs/dcpp/hub.nix +++ b/makefu/2configs/dcpp/hub.nix @@ -33,10 +33,11 @@ let uhubDir = "/var/lib/uhub"; in { - users.extraUsers."${ddclientUser}" = { + users.users."${ddclientUser}" = { uid = genid "ddclient"; description = "ddclient daemon user"; home = stateDir; + isSystemUser = true; createHome = true; }; diff --git a/makefu/2configs/nsupdate-data.nix b/makefu/2configs/nsupdate-data.nix index cfa6193c..2f8f4acc 100644 --- a/makefu/2configs/nsupdate-data.nix +++ b/makefu/2configs/nsupdate-data.nix @@ -34,6 +34,7 @@ in { description = "ddclient daemon user"; home = stateDir; createHome = true; + isSystemUser = true; }; systemd.services = { -- cgit v1.2.3 From e097e3c577ea4a83e508b3aa2a37dc86b8295131 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 15:52:06 +0200 Subject: ma treewide: make 21.05 compatible (is*User, other fixes) --- makefu/2configs/bgt/hidden_service.nix | 4 ++-- makefu/2configs/deployment/owncloud.nix | 2 +- makefu/2configs/deployment/rss.euer.krebsco.de.nix | 5 +++++ makefu/2configs/home/metube.nix | 5 ++++- makefu/2configs/home/zigbee2mqtt/default.nix | 2 +- makefu/2configs/lanparty/samba.nix | 1 + makefu/2configs/remote-build/slave.nix | 15 ++++++++------- makefu/2configs/share-user-sftp.nix | 1 + makefu/2configs/share/gum.nix | 5 ++++- makefu/2configs/temp/share-samba.nix | 1 + 10 files changed, 28 insertions(+), 13 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/bgt/hidden_service.nix b/makefu/2configs/bgt/hidden_service.nix index c1a31b8d..56d319e3 100644 --- a/makefu/2configs/bgt/hidden_service.nix +++ b/makefu/2configs/bgt/hidden_service.nix @@ -41,8 +41,8 @@ in services.tor = { enable = true; hiddenServices."${name}".map = [ - { port = "80"; } - # { port = "443"; toHost = "blog.binaergewitter.de"; } + { port = 80; } + # { port = 443; toHost = "blog.binaergewitter.de"; } ]; }; } diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index 86bd4b52..0593cf7f 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -75,7 +75,7 @@ in { }; }; services.redis.enable = true; - systemd.services.redis.serviceConfig.LimitNOFILE=65536; + systemd.services.redis.serviceConfig.LimitNOFILE=mkForce "65536"; services.postgresql = { enable = true; # Ensure the database, user, and permissions always exist diff --git a/makefu/2configs/deployment/rss.euer.krebsco.de.nix b/makefu/2configs/deployment/rss.euer.krebsco.de.nix index a7ada939..098ffcdd 100644 --- a/makefu/2configs/deployment/rss.euer.krebsco.de.nix +++ b/makefu/2configs/deployment/rss.euer.krebsco.de.nix @@ -7,6 +7,11 @@ in { virtualHost = fqdn; selfUrlPath = "https://${fqdn}"; }; + + nixpkgs.config.permittedInsecurePackages = [ + "python2.7-Pillow-6.2.2" + ]; + systemd.services.tt-rss.serviceConfig.ExecStart = lib.mkForce "${pkgs.php}/bin/php /var/lib/tt-rss/update_daemon2.php"; services.postgresql.package = pkgs.postgresql_9_6; state = [ config.services.postgresqlBackup.location ]; diff --git a/makefu/2configs/home/metube.nix b/makefu/2configs/home/metube.nix index 50646d21..e6008d47 100644 --- a/makefu/2configs/home/metube.nix +++ b/makefu/2configs/home/metube.nix @@ -26,7 +26,10 @@ in ]; user = "metube"; }; - users.users.metube.uid = uid; + users.users.metube = { + uid = uid; + isSystemUser = true; + }; systemd.services.docker-metube.serviceConfig = { StandardOutput = lib.mkForce "journal"; diff --git a/makefu/2configs/home/zigbee2mqtt/default.nix b/makefu/2configs/home/zigbee2mqtt/default.nix index 95ee5683..1c4582ed 100644 --- a/makefu/2configs/home/zigbee2mqtt/default.nix +++ b/makefu/2configs/home/zigbee2mqtt/default.nix @@ -20,7 +20,7 @@ in services.zigbee2mqtt = { enable = true; inherit dataDir; - config = { + settings = { permit_join = true; serial.port = "/dev/cc2531"; homeassistant = true; diff --git a/makefu/2configs/lanparty/samba.nix b/makefu/2configs/lanparty/samba.nix index 4176d7b3..0a9694f6 100644 --- a/makefu/2configs/lanparty/samba.nix +++ b/makefu/2configs/lanparty/samba.nix @@ -7,6 +7,7 @@ description = "smb guest user"; home = "/data/lanparty"; createHome = true; + isNormalUser = true; }; services.samba = { enable = true; diff --git a/makefu/2configs/remote-build/slave.nix b/makefu/2configs/remote-build/slave.nix index 0227f512..039698f1 100644 --- a/makefu/2configs/remote-build/slave.nix +++ b/makefu/2configs/remote-build/slave.nix @@ -1,11 +1,12 @@ {config,...}:{ nix.trustedUsers = [ "nixBuild" ]; users.users.nixBuild = { - name = "nixBuild"; - useDefaultShell = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.buildbotSlave.pubkey - config.krebs.users.makefu-remote-builder.pubkey - ]; - }; + name = "nixBuild"; + isNormalUser = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.buildbotSlave.pubkey + config.krebs.users.makefu-remote-builder.pubkey + ]; + }; } diff --git a/makefu/2configs/share-user-sftp.nix b/makefu/2configs/share-user-sftp.nix index 2c93143e..26f1d3ba 100644 --- a/makefu/2configs/share-user-sftp.nix +++ b/makefu/2configs/share-user-sftp.nix @@ -5,6 +5,7 @@ share = { uid = 9002; home = "/var/empty"; + isNormalUser = true; openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; }; }; diff --git a/makefu/2configs/share/gum.nix b/makefu/2configs/share/gum.nix index 27e0c638..fd81f28c 100644 --- a/makefu/2configs/share/gum.nix +++ b/makefu/2configs/share/gum.nix @@ -11,7 +11,10 @@ in { # home = "/var/empty"; # }; environment.systemPackages = [ pkgs.samba ]; - users.users.download.uid = genid "download"; + users.users.download = { + uid = genid "download"; + isNormalUser = true; + }; services.samba = { enable = true; shares = { diff --git a/makefu/2configs/temp/share-samba.nix b/makefu/2configs/temp/share-samba.nix index 34f0ab0b..33d68da0 100644 --- a/makefu/2configs/temp/share-samba.nix +++ b/makefu/2configs/temp/share-samba.nix @@ -4,6 +4,7 @@ uid = config.ids.uids.smbguest; group = "share"; description = "smb guest user"; + isNormalUser = true; home = "/var/empty"; }; users.groups.share.members = [ "makefu" ]; -- cgit v1.2.3 From 0ec91f780275da036c7bdba85897645d6c4c101b Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 18:00:52 +0200 Subject: ma tools: disable binwalk --- makefu/2configs/tools/sec.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/tools/sec.nix b/makefu/2configs/tools/sec.nix index 17a980ef..5a30b8d6 100644 --- a/makefu/2configs/tools/sec.nix +++ b/makefu/2configs/tools/sec.nix @@ -4,7 +4,7 @@ users.users.makefu.packages = with pkgs; [ aria2 # mitmproxy - pythonPackages.binwalk-full + # pythonPackages.binwalk-full dnsmasq iodine mtr -- cgit v1.2.3 From ffafc5dd3a889480893610b513bef4f1ca68f01b Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 19:21:36 +0200 Subject: ma arafetch: isSystemUser --- makefu/2configs/stats/arafetch.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'makefu/2configs') diff --git a/makefu/2configs/stats/arafetch.nix b/makefu/2configs/stats/arafetch.nix index e96daa03..c8ccbfbb 100644 --- a/makefu/2configs/stats/arafetch.nix +++ b/makefu/2configs/stats/arafetch.nix @@ -23,6 +23,7 @@ in { uid = genid "arafetch"; inherit home; createHome = true; + isSystemUser = true; }; systemd.services.ara2mqtt = { -- cgit v1.2.3 From 9f2a1f8db104853fc74ae0f21c64e0fe42b3ad98 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 19:23:13 +0200 Subject: ma smbguest: isNormalUser --- makefu/2configs/share/omo.nix | 1 + makefu/2configs/share/temp-share-samba.nix | 1 + makefu/2configs/share/wbob.nix | 1 + 3 files changed, 3 insertions(+) (limited to 'makefu/2configs') diff --git a/makefu/2configs/share/omo.nix b/makefu/2configs/share/omo.nix index 308142f0..32ac018e 100644 --- a/makefu/2configs/share/omo.nix +++ b/makefu/2configs/share/omo.nix @@ -14,6 +14,7 @@ in { uid = config.ids.uids.smbguest; description = "smb guest user"; home = "/var/empty"; + isNormalUser = true; }; services.samba = { enable = true; diff --git a/makefu/2configs/share/temp-share-samba.nix b/makefu/2configs/share/temp-share-samba.nix index ac0eaa97..8d597f33 100644 --- a/makefu/2configs/share/temp-share-samba.nix +++ b/makefu/2configs/share/temp-share-samba.nix @@ -12,6 +12,7 @@ uid = config.ids.uids.smbguest; description = "smb guest user"; home = "/home/share"; + isNormalUser = true; createHome = true; }; services.samba = { diff --git a/makefu/2configs/share/wbob.nix b/makefu/2configs/share/wbob.nix index 9695751f..fd07d6ad 100644 --- a/makefu/2configs/share/wbob.nix +++ b/makefu/2configs/share/wbob.nix @@ -7,6 +7,7 @@ description = "smb guest user"; home = "/home/share"; createHome = true; + isNormalUser = true; }; users.groups.mpd.members = [ "makefu" ]; services.samba = { -- cgit v1.2.3 From bc71d49f1e02ca04a5a0bdffd6515795c9e7e6f8 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 19:23:34 +0200 Subject: ma tools/extra-gui: add chitubox --- makefu/2configs/tools/extra-gui.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'makefu/2configs') diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index 5a29eea8..841d0c85 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -18,5 +18,6 @@ signal-desktop # rambox vscode + chitubox ]; } -- cgit v1.2.3 From 3af3e6dab39e4c30d867d67228cb4c70bfc48446 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 19:23:51 +0200 Subject: ma tools/sec: use py3 binwalk --- makefu/2configs/tools/sec.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/tools/sec.nix b/makefu/2configs/tools/sec.nix index 5a30b8d6..acc22d64 100644 --- a/makefu/2configs/tools/sec.nix +++ b/makefu/2configs/tools/sec.nix @@ -4,7 +4,7 @@ users.users.makefu.packages = with pkgs; [ aria2 # mitmproxy - # pythonPackages.binwalk-full + python3Packages.binwalk-full dnsmasq iodine mtr -- cgit v1.2.3 From f7dfc2c43ad99f5971b12a6f6a8c88cca3634f77 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 20:06:00 +0200 Subject: ma samba: remove isNormalUser again --- makefu/2configs/filepimp-share.nix | 2 +- makefu/2configs/lanparty/samba.nix | 3 +-- makefu/2configs/share/omo.nix | 1 - makefu/2configs/share/temp-share-samba.nix | 3 +-- makefu/2configs/share/wbob.nix | 3 +-- makefu/2configs/temp/share-samba.nix | 3 +-- 6 files changed, 5 insertions(+), 10 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/filepimp-share.nix b/makefu/2configs/filepimp-share.nix index 70c0320a..abbdcbbb 100644 --- a/makefu/2configs/filepimp-share.nix +++ b/makefu/2configs/filepimp-share.nix @@ -6,7 +6,7 @@ let in { users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; # effectively systemUser description = "smb guest user"; home = "/var/empty"; }; diff --git a/makefu/2configs/lanparty/samba.nix b/makefu/2configs/lanparty/samba.nix index 0a9694f6..0bd29497 100644 --- a/makefu/2configs/lanparty/samba.nix +++ b/makefu/2configs/lanparty/samba.nix @@ -3,11 +3,10 @@ networking.firewall.allowedTCPPorts = [ 139 445 ]; users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; #effectively systemUser description = "smb guest user"; home = "/data/lanparty"; createHome = true; - isNormalUser = true; }; services.samba = { enable = true; diff --git a/makefu/2configs/share/omo.nix b/makefu/2configs/share/omo.nix index 32ac018e..308142f0 100644 --- a/makefu/2configs/share/omo.nix +++ b/makefu/2configs/share/omo.nix @@ -14,7 +14,6 @@ in { uid = config.ids.uids.smbguest; description = "smb guest user"; home = "/var/empty"; - isNormalUser = true; }; services.samba = { enable = true; diff --git a/makefu/2configs/share/temp-share-samba.nix b/makefu/2configs/share/temp-share-samba.nix index 8d597f33..56beb5b4 100644 --- a/makefu/2configs/share/temp-share-samba.nix +++ b/makefu/2configs/share/temp-share-samba.nix @@ -9,10 +9,9 @@ networking.firewall.allowedTCPPorts = [ 139 445 ]; users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; # effectively systemUser description = "smb guest user"; home = "/home/share"; - isNormalUser = true; createHome = true; }; services.samba = { diff --git a/makefu/2configs/share/wbob.nix b/makefu/2configs/share/wbob.nix index fd07d6ad..f2c36b55 100644 --- a/makefu/2configs/share/wbob.nix +++ b/makefu/2configs/share/wbob.nix @@ -3,11 +3,10 @@ networking.firewall.allowedTCPPorts = [ 139 445 ]; users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; # effectively systemUser description = "smb guest user"; home = "/home/share"; createHome = true; - isNormalUser = true; }; users.groups.mpd.members = [ "makefu" ]; services.samba = { diff --git a/makefu/2configs/temp/share-samba.nix b/makefu/2configs/temp/share-samba.nix index 33d68da0..106f8fac 100644 --- a/makefu/2configs/temp/share-samba.nix +++ b/makefu/2configs/temp/share-samba.nix @@ -1,10 +1,9 @@ {config, ... }:{ users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; # effectively systemUser group = "share"; description = "smb guest user"; - isNormalUser = true; home = "/var/empty"; }; users.groups.share.members = [ "makefu" ]; -- cgit v1.2.3 From a5bc9126db72f59062ff9d6a72b2fa35437b42cb Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 6 Jun 2021 13:34:37 +0200 Subject: ma bureautomation: disable puppy-proxy for now --- makefu/2configs/bureautomation/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix index 669754ca..46bf0596 100644 --- a/makefu/2configs/bureautomation/default.nix +++ b/makefu/2configs/bureautomation/default.nix @@ -6,7 +6,7 @@ in { imports = [ ./ota.nix ./comic-updater.nix - ./puppy-proxy.nix + # ./puppy-proxy.nix ./zigbee2mqtt -- cgit v1.2.3