summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMarkus Hihn <markus.hihn@dcso.de>2017-12-15 19:58:16 +0100
committerMarkus Hihn <markus.hihn@dcso.de>2017-12-15 19:58:16 +0100
commit60676b4a8e6dea18a215df76f4dbd6fdf8176638 (patch)
tree139b0ee5d7f801efe62a7682fba73208c4bef184
parent98e5141a8d43064daf6dc75fc9eefb9cb5bb29b7 (diff)
parent5b86fe1cd63a5c4cf5a83b7afabe5be34016e8a7 (diff)
Merge branch 'master' of prism.r:stockholm
-rw-r--r--jeschli/1systems/brauerei/config.nix99
-rw-r--r--jeschli/1systems/brauerei/hardware-configuration.nix33
-rw-r--r--jeschli/1systems/brauerei/source.nix4
-rw-r--r--jeschli/2configs/tests/dummy-secrets/empty0
-rw-r--r--krebs/2configs/save-diskspace.nix1
-rw-r--r--krebs/3modules/backup.nix1
-rw-r--r--krebs/3modules/default.nix36
-rw-r--r--krebs/3modules/jeschli/default.nix45
-rw-r--r--krebs/3modules/lass/default.nix3
-rw-r--r--krebs/3modules/repo-sync.nix1
-rw-r--r--krebs/3modules/xresources.nix (renamed from lass/3modules/xresources.nix)0
-rw-r--r--krebs/5pkgs/haskell/nix-diff/default.nix (renamed from krebs/5pkgs/haskell/nix-diff.nix)5
-rw-r--r--krebs/5pkgs/haskell/nix-diff/nixos-system.patch18
-rw-r--r--krebs/5pkgs/simple/apt-cacher-ng/default.nix21
-rw-r--r--krebs/5pkgs/simple/cidr2glob.nix30
-rw-r--r--krebs/5pkgs/simple/populate/default.nix11
-rw-r--r--krebs/source.nix11
-rw-r--r--lass/2configs/baseX.nix8
-rw-r--r--lass/2configs/br.nix2
-rw-r--r--lass/2configs/browsers.nix2
-rw-r--r--lass/2configs/dcso-dev.nix5
-rw-r--r--lass/2configs/exim-smarthost.nix1
-rw-r--r--lass/2configs/games.nix2
-rw-r--r--lass/2configs/hw/brcmfmac4356-pcie.txt125
-rw-r--r--lass/2configs/hw/gpd-pocket.nix1
-rw-r--r--lass/2configs/hw/x220.nix5
-rw-r--r--lass/2configs/urxvt.nix2
-rw-r--r--lass/2configs/websites/lassulus.nix11
-rw-r--r--lass/3modules/default.nix1
-rw-r--r--lass/3modules/xserver/default.nix6
-rw-r--r--lass/5pkgs/default.nix2
-rw-r--r--lass/5pkgs/xmonad-lass.nix9
-rw-r--r--lass/source.nix2
-rw-r--r--lib/types.nix22
-rw-r--r--nin/1systems/hiawatha/config.nix2
-rw-r--r--nin/2configs/default.nix1
-rw-r--r--nin/2configs/git.nix4
-rw-r--r--nin/source.nix2
-rw-r--r--tv/1systems/querel/config.nix3
-rw-r--r--tv/2configs/urlwatch.nix12
40 files changed, 462 insertions, 87 deletions
diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
new file mode 100644
index 000000000..9988fc22a
--- /dev/null
+++ b/jeschli/1systems/brauerei/config.nix
@@ -0,0 +1,99 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+ imports =
+ [ # Include the results of the hardware scan.
+ ./hardware-configuration.nix
+ ];
+
+ # Use the GRUB 2 boot loader.
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ boot.loader.grub.efiSupport = true;
+ # boot.loader.grub.efiInstallAsRemovable = true;
+ # boot.loader.efi.efiSysMountPoint = "/boot/efi";
+ # Define on which hard drive you want to install Grub.
+ boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
+
+ boot.initrd.luks.devices = [
+ {
+ name = "root";
+ device = "/dev/sda2";
+ preLVM = true;
+ allowDiscards = true;
+ }
+ ];
+
+ # networking.hostName = "nixos"; # Define your hostname.
+ networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
+
+ # Select internationalisation properties.
+ # i18n = {
+ # consoleFont = "Lat2-Terminus16";
+ # consoleKeyMap = "us";
+ # defaultLocale = "en_US.UTF-8";
+ # };
+
+ # Set your time zone.
+ # time.timeZone = "Europe/Amsterdam";
+
+ # List packages installed in system profile. To search by name, run:
+ # $ nix-env -qaP | grep wget
+ environment.systemPackages = with pkgs; [
+ vim
+ git
+ ];
+
+ # Some programs need SUID wrappers, can be configured further or are
+ # started in user sessions.
+ # programs.bash.enableCompletion = true;
+ # programs.mtr.enable = true;
+ # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
+
+ # List services that you want to enable:
+
+ # Enable the OpenSSH daemon.
+ services.openssh.enable = true;
+
+ # Open ports in the firewall.
+ # networking.firewall.allowedTCPPorts = [ ... ];
+ # networking.firewall.allowedUDPPorts = [ ... ];
+ # Or disable the firewall altogether.
+ # networking.firewall.enable = false;
+
+ # Enable CUPS to print documents.
+ # services.printing.enable = true;
+
+ # Enable the X11 windowing system.
+ # services.xserver.enable = true;
+ # services.xserver.layout = "us";
+ # services.xserver.xkbOptions = "eurosign:e";
+
+ # Enable touchpad support.
+ # services.xserver.libinput.enable = true;
+
+ # Enable the KDE Desktop Environment.
+ # services.xserver.displayManager.sddm.enable = true;
+ # services.xserver.desktopManager.plasma5.enable = true;
+
+ # Define a user account. Don't forget to set a password with ‘passwd’.
+ users.extraUsers.jeschli = {
+ isNormalUser = true;
+ uid = 1000;
+ };
+
+ users.users.root.openssh.authorizedKeys.keys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"
+ ];
+
+ # This value determines the NixOS release with which your system is to be
+ # compatible, in order to avoid breaking some software such as database
+ # servers. You should change this only after NixOS release notes say you
+ # should.
+ system.stateVersion = "18.03"; # Did you read the comment?
+
+}
diff --git a/jeschli/1systems/brauerei/hardware-configuration.nix b/jeschli/1systems/brauerei/hardware-configuration.nix
new file mode 100644
index 000000000..75fdb89fd
--- /dev/null
+++ b/jeschli/1systems/brauerei/hardware-configuration.nix
@@ -0,0 +1,33 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+ imports =
+ [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+ ];
+
+ boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sdhci_pci" ];
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/e264fc21-45bb-4224-93fc-b0e19c2c3478";
+ fsType = "ext4";
+ };
+
+ fileSystems."/home" =
+ { device = "/dev/disk/by-uuid/bd0846ce-7d39-4329-bcb4-7c76becd6ab1";
+ fsType = "ext4";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/42BF-0795";
+ fsType = "vfat";
+ };
+
+ swapDevices = [ ];
+
+ nix.maxJobs = lib.mkDefault 4;
+}
diff --git a/jeschli/1systems/brauerei/source.nix b/jeschli/1systems/brauerei/source.nix
new file mode 100644
index 000000000..61978768e
--- /dev/null
+++ b/jeschli/1systems/brauerei/source.nix
@@ -0,0 +1,4 @@
+import <stockholm/jeschli/source.nix> {
+ name = "brauerei";
+ secure = true;
+}
diff --git a/jeschli/2configs/tests/dummy-secrets/empty b/jeschli/2configs/tests/dummy-secrets/empty
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/jeschli/2configs/tests/dummy-secrets/empty
diff --git a/krebs/2configs/save-diskspace.nix b/krebs/2configs/save-diskspace.nix
index ab074c750..b1416a97a 100644
--- a/krebs/2configs/save-diskspace.nix
+++ b/krebs/2configs/save-diskspace.nix
@@ -1,7 +1,6 @@
{lib, ... }:
# TODO: do not check out nixpkgs master but fetch revision from github
{
- environment.noXlibs = true;
nix.gc.automatic = true;
nix.gc.dates = lib.mkDefault "03:10";
programs.info.enable = false;
diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix
index 6f015d66b..c0b218c15 100644
--- a/krebs/3modules/backup.nix
+++ b/krebs/3modules/backup.nix
@@ -83,6 +83,7 @@ let
rsync
utillinux
];
+ restartIfChanged = false;
serviceConfig = rec {
ExecStart = start plan;
SyslogIdentifier = ExecStart.name;
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 2a3a64a82..9c343309a 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -44,6 +44,7 @@ let
./tinc_graphs.nix
./urlwatch.nix
./repo-sync.nix
+ ./xresources.nix
./zones.nix
];
options.krebs = api;
@@ -226,21 +227,26 @@ let
};
})
//
- # GitHub's IPv4 address range is 192.30.252.0/22
- # Refs https://help.github.com/articles/github-s-ip-addresses/
- # 192.30.252.0/22 = 192.30.252.0-192.30.255.255 (1024 addresses)
- # Because line length is limited by OPENSSH_LINE_MAX (= 8192),
- # we split each /24 into its own entry.
- listToAttrs (map
- (c: {
- name = "github${toString c}";
- value = {
- hostNames = ["github.com"] ++
- map (d: "192.30.${toString c}.${toString d}") (range 0 255);
- publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
- };
- })
- (range 252 255))
+ {
+ github = {
+ hostNames = [
+ "github.com"
+ # List generated with
+ # curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob
+ "192.30.253.*"
+ "192.30.254.*"
+ "192.30.255.*"
+ "185.199.108.*"
+ "185.199.109.*"
+ "185.199.110.*"
+ "185.199.111.*"
+ "18.195.85.27"
+ "18.194.104.89"
+ "35.159.8.160"
+ ];
+ publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
+ };
+ }
//
mapAttrs
(name: host: {
diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix
index 2a3fe3cfd..bc821f296 100644
--- a/krebs/3modules/jeschli/default.nix
+++ b/krebs/3modules/jeschli/default.nix
@@ -7,10 +7,7 @@ with import <stockholm/lib>;
owner = config.krebs.users.jeschli;
ci = true;
}) {
-
bln = {
- ci = false;
- external = true;
nets = {
retiolum = {
ip4.addr = "10.243.27.28";
@@ -47,9 +44,44 @@ with import <stockholm/lib>;
};
};
};
+ brauerei = {
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.27.29";
+ ip6.addr = "42::29";
+ aliases = [
+ "brauerei.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIECgKCBAEAvC4AjkAoH01sKDXE3xVM2YUpPQ9iewIPQCCCSWYZQh2BWOfl+FFs
+ pW3ix5FjAzTxzkIf5NxW0usff8UTkFHB+sGZLZ9DPqvb8AM4GJsvXR06LORHtBlo
+ Vt/g1sndD3i3NXn5IJ2G4mZDImQjI3vuTkPyFQsR5LRAaPQgIORHBtN/X1UEVMRq
+ gThUeMb1kZ/y4AmUx0pepQYmAcYf0cN/7r9n68dWJCZ7DWX3q49bIz4TPG519IQp
+ KzoCtdXImKl6cFDepa2pRmIW4SPaDXztHDmXoJA1NBfdDOMOW67FUjzhcwZS9usM
+ q9x/1Tph63PJy4Vc0jsJnY29WrInx/nVAb22QuTOXQ9SfBNoOATYoFoVmY+yw1FX
+ 67y3bRbq8lQk1y3F2vZVYxQ52WiYLmtNtuzUMZHErL7VgFIEfQKoO2Oa/WZXdgSJ
+ Asmn67NSicc5QNI4rBUthju1JDuM/3ja0yCXh7trDCmPxKd94KzxMlq9VA6S2f/Q
+ uke3VnXEDqOWOZdcon5DnRTT1y4xjk1XHuO/9tVDcrL7x1unkdGL9BNMU6opJiLm
+ batAtKQ/7EJrlgIxYpEQyCNAjj0dEn0BgNZNqQSKkeGe6giVMuHtnXeTYMEraDas
+ DWxHmGOvYWrs3tZdELkB/h/y7DdijOabS4AlLOljKHiacw8e0D7p9qeIU2EwRaXD
+ ebPYaAIIWn1FU1aCYpvF4YJYbdNJZg6aKpoWNz86ZjO9t3GBkf612xB7fRO9mbTg
+ Ww2Hl6lir0rnlo7P9M1xhQqmZ0phaUjkqYRCaTOW1kC5ACpJJ/Jrq0oyplHVBY8Y
+ IvzPDA4nu/YOpyhQjlQwcVt62NgW0CZdwp3ZnMMoy7akgEo71bjoHbRxAeWy5oRB
+ 5CgGvQAB+qdf97XjZ5RggWQ2rglkCn49X4fXN6r4zuaIji1VVFTEZGRNsi0vt1YC
+ Eedz68auu1ZDO1qwNcX00n94E09B05DQBjE/6SAX6wBCY/BwUtzdQ9JnyfHNSl8i
+ dmHBPLssB9Dku4U0mo+LLer+bf6fiR7r5gp/KRuY/tMGFahprZRfWFtyO2Pg1cYI
+ HCdmDmSlbFq3EJmBl0egbU8Ym1m6t4EvPcoTxwy3ljZWybHlhm4wvhGcA/2bDRZA
+ jcXSL3G7buBOf8WJNYnMXCtPEyIYUdRyNvz3EUfvmbzZDhHd/bc0pJRrrtI7HqoF
+ +g67gCrtXx6i9PD0LSDJ1jExMZcmU1+DPg0dzDEmLHvW+HW538/HXGJ8FsunWBwD
+ /8wsQfoqAwlBSucLHDDrYVvfSp0+TLzg/HDMhNkcN7d5hm3syrI+IN4gEEjYeZIO
+ g7fjR1X7g5FGCDQnRA/dzNsZVnk6UFpCRwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
reagenzglas = {
- ci = false;
- external = true;
nets = {
retiolum = {
ip4.addr = "10.243.27.27";
@@ -92,5 +124,8 @@ with import <stockholm/lib>;
mail = "jeschli@gmail.com";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPuFzd6p3zZETIjoV5mRxCTQgeZk9s/P374mEDbj58wDTT0uGWu2JRf7cL1QRTvd5238tYl0eSHXH65+oaFB/mIvmiRnuw6qQODOMHlSbJN5/J2hEw/3v5gveiP1xNLfKlFhj6mmMRF7Etvzns/kLGLCSjj1UTlfo4iHmtinPmU+iQ8J4foS4cZj4oZesF8gndkc2EFMfL6en7EuU8GK6U9GtwKNL9N4UoUZXu8Nf00pkn/jrpmsDdI4zdVVAxWeu/Lo4li43EVixLcfwQiwzf6S9FvYIv30xPdy92GJSJwxm/QkYuc48VZWUoE+qThf3IEPETtX+MRZrM8RTtY01";
};
+ jeschli-bln = {
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDhQdDQFMxXOjbC+Avx3mlcFHqQpFUk/q9sO6ATA65jCV3YzN11vhZDDv54hABVS2h8TPXs7Lu3PCvK9qouASd2h4Ie9cExUmn50G/iwgFIODsCugVYBzVt1iwaAdwz1Hb9DKYXbVXanzVJjimmrrlQNvsyZg85lcnfyedpPX5ad+4FdSP68LHqEHC18LTitldR6V4P1omaKHlOtVpDgR/72tDgbtNZDBn3EU+TPk9OLTzjc6PinPw4iIvjEfiu14APwXpFDIqT7P7SjOEFpa0v/1z7dhxIy/Z9XbqyEdUfhv3PjZR5K2C+VzR7g6jVEVR2xFId51MpLv/Un4/lalbphBEw3I90Rr8tatOJiFhyrXbaKTcLqp1sIu05OxdPkm3hzfmLIhoKxhaIlXH7WQ9sAqxL1NAQ7O+J6yT4DMnwKzvpkkJjBaGtV84Pp1cccfNRH8XXID3FkWkrUpdgXWBpyLnRq4ilUJTajkU0GSdXkq8kLL3mWg9LPRTg3dmDj61ZB/qhjM61ppwHJvDRN9WI5HruXIU6nOQjh5yE2C/JZfLcsZD4Y1UDBy5/JSZrCVT2sQjFopkkYEkRCbX7oITHOH4iyRdxZkKWLUPboFrcmBpXO+owCEhO4JZrtfFWMC6qM++nrmiZWOrdIOIvdYHWluhKR2shlkisEKQP5pUqkw== markus.hihn@dcso.de";
+ };
};
}
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 6158882ec..ba6d85e7a 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -628,8 +628,5 @@ with import <stockholm/lib>;
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE";
mail = "joerg@higgsboson.tk";
};
- jeschli = {
- pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPuFzd6p3zZETIjoV5mRxCTQgeZk9s/P374mEDbj58wDTT0uGWu2JRf7cL1QRTvd5238tYl0eSHXH65+oaFB/mIvmiRnuw6qQODOMHlSbJN5/J2hEw/3v5gveiP1xNLfKlFhj6mmMRF7Etvzns/kLGLCSjj1UTlfo4iHmtinPmU+iQ8J4foS4cZj4oZesF8gndkc2EFMfL6en7EuU8GK6U9GtwKNL9N4UoUZXu8Nf00pkn/jrpmsDdI4zdVVAxWeu/Lo4li43EVixLcfwQiwzf6S9FvYIv30xPdy92GJSJwxm/QkYuc48VZWUoE+qThf3IEPETtX+MRZrM8RTtY01";
- };
};
}
diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix
index 0211b31ba..b2e3aa7c5 100644
--- a/krebs/3modules/repo-sync.nix
+++ b/krebs/3modules/repo-sync.nix
@@ -173,6 +173,7 @@ let
REPONAME = "${name}.git";
};
+ restartIfChanged = false;
serviceConfig = {
Type = "simple";
PermissionsStartOnly = true;
diff --git a/lass/3modules/xresources.nix b/krebs/3modules/xresources.nix
index 017dbff2b..017dbff2b 100644
--- a/lass/3modules/xresources.nix
+++ b/krebs/3modules/xresources.nix
diff --git a/krebs/5pkgs/haskell/nix-diff.nix b/krebs/5pkgs/haskell/nix-diff/default.nix
index 2070dbd2e..df0315048 100644
--- a/krebs/5pkgs/haskell/nix-diff.nix
+++ b/krebs/5pkgs/haskell/nix-diff/default.nix
@@ -4,12 +4,15 @@
}:
mkDerivation {
pname = "nix-diff";
- version = "1.0.0";
+ version = "1.0.0-krebs1";
src = fetchgit {
url = "https://github.com/Gabriel439/nix-diff";
sha256 = "1k00nx8pannqmpzadkwfrs6bf79yk22ynhd033z5rsyw0m8fcz9k";
rev = "e32ffa2c7f38b47a71325a042c1d887fb46cdf7d";
};
+ patches = [
+ ./nixos-system.patch
+ ];
isLibrary = false;
isExecutable = true;
executableHaskellDepends = [
diff --git a/krebs/5pkgs/haskell/nix-diff/nixos-system.patch b/krebs/5pkgs/haskell/nix-diff/nixos-system.patch
new file mode 100644
index 000000000..03e186aa9
--- /dev/null
+++ b/krebs/5pkgs/haskell/nix-diff/nixos-system.patch
@@ -0,0 +1,18 @@
+diff --git a/src/Main.hs b/src/Main.hs
+index 959ab8e..d3b6077 100644
+--- a/src/Main.hs
++++ b/src/Main.hs
+@@ -95,7 +95,12 @@ pathToText path =
+ underneath `/nix/store`, but this is the overwhelmingly common use case
+ -}
+ derivationName :: FilePath -> Text
+-derivationName = Data.Text.dropEnd 4 . Data.Text.drop 44 . pathToText
++derivationName p =
++ if Data.Text.isPrefixOf "nixos-system" s
++ then "nixos-system"
++ else s
++ where
++ s = Data.Text.dropEnd 4 . Data.Text.drop 44 . pathToText $ p
+
+ -- | Group input derivations by their name
+ groupByName :: Map FilePath (Set Text) -> Map Text (Map FilePath (Set Text))
diff --git a/krebs/5pkgs/simple/apt-cacher-ng/default.nix b/krebs/5pkgs/simple/apt-cacher-ng/default.nix
deleted file mode 100644
index e3986713b..000000000
--- a/krebs/5pkgs/simple/apt-cacher-ng/default.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ stdenv, fetchurl, cmake, doxygen, zlib, openssl, bzip2, pkgconfig, libpthreadstubs }:
-
-stdenv.mkDerivation rec {
- name = "apt-cacher-ng-${version}";
- version = "2";
-
- src = fetchurl {
- url = "http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/apt-cacher-ng_${version}.orig.tar.xz";
- sha256 = "0bkc3012vinridl5ch46pwnxjalymx4wf6nxax64nm7bdkcj9azf";
- };
-
- NIX_LDFLAGS = "-lpthread";
- buildInputs = [ doxygen cmake zlib openssl bzip2 pkgconfig libpthreadstubs ];
-
- meta = {
- description = "A caching proxy specialized for linux distribution files";
- homepage = http://www.unix-ag.uni-kl.de/~bloch/acng/;
- license = stdenv.lib.licenses.gpl2;
- maintainers = [ stdenv.lib.maintainers.makefu ];
- };
-}
diff --git a/krebs/5pkgs/simple/cidr2glob.nix b/krebs/5pkgs/simple/cidr2glob.nix
new file mode 100644
index 000000000..9b0b3f86b
--- /dev/null
+++ b/krebs/5pkgs/simple/cidr2glob.nix
@@ -0,0 +1,30 @@
+{ python, writeScriptBin, ... }:
+
+let
+ pythonEnv = python.withPackages (ps: [ ps.netaddr ]);
+in
+ writeScriptBin "cidr2glob" ''
+ #! ${pythonEnv}/bin/python
+
+ import netaddr
+ import re
+ import sys
+
+ def cidr2glob(cidr):
+ net = netaddr.IPNetwork(cidr)
+
+ if net.prefixlen <= 8:
+ return map(lambda subnet: re.sub(r'\.0\.0\.0$', '.*', str(subnet.ip)), net.subnet(8))
+ elif net.prefixlen <= 16:
+ return map(lambda subnet: re.sub(r'\.0\.0$', '.*', str(subnet.ip)), net.subnet(16))
+ elif net.prefixlen <= 24:
+ return map(lambda subnet: re.sub(r'\.0$', '.*', str(subnet.ip)), net.subnet(24))
+ else:
+ return map(lambda ip: str(ip), list(net))
+
+ if __name__ == "__main__":
+ for cidr in sys.stdin:
+ for glob in cidr2glob(cidr):
+ print glob
+
+ ''
diff --git a/krebs/5pkgs/simple/populate/default.nix b/krebs/5pkgs/simple/populate/default.nix
index 78ee2f042..62e3ab216 100644
--- a/krebs/5pkgs/simple/populate/default.nix
+++ b/krebs/5pkgs/simple/populate/default.nix
@@ -1,24 +1,27 @@
-{ coreutils, fetchgit, git, jq, openssh, proot, rsync, stdenv, ... }:
+{ coreutils, fetchgit, findutils, git, gnused, jq, openssh, pass, rsync, stdenv
+}:
let
PATH = stdenv.lib.makeBinPath [
coreutils
+ findutils
git
+ gnused
jq
openssh
- proot
+ pass
rsync
];
in
stdenv.mkDerivation rec {
name = "populate";
- version = "1.2.5";
+ version = "2.1.0";
src = fetchgit {
url = http://cgit.ni.krebsco.de/populate;
rev = "refs/tags/v${version}";
- sha256 = "10s4x117zp5whqq991xzw1i2jc1xhl580kx8hhzv8f1b4c9carx1";
+ sha256 = "0cr50y6h6nps0qgpmi01h0z9wzpv2704y5zgx2salk1grkmvcfmh";
};
phases = [
diff --git a/krebs/source.nix b/krebs/source.nix
index 39a388e03..8fbdce284 100644
--- a/krebs/source.nix
+++ b/krebs/source.nix
@@ -7,13 +7,16 @@ host@{ name, secure ? false }: let
in
evalSource (toString _file) {
nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix";
- secrets.file = getAttr builder {
- buildbot = toString <stockholm/krebs/6tests/data/secrets>;
- krebs = "${getEnv "HOME"}/secrets/krebs/${host.name}";
+ secrets = getAttr builder {
+ buildbot.file = toString <stockholm/krebs/6tests/data/secrets>;
+ krebs.pass = {
+ dir = "${getEnv "HOME"}/brain";
+ name = "krebs-secrets/${name}";
+ };
};
stockholm.file = toString <stockholm>;
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
- ref = "0c5a587eeba5302ff87e494baefd2f14f4e19bee"; # nixos-17.09 @ 2017-11-10
+ ref = "cb751f9b1c3fe6885f3257e69ce328f77523ad77"; # nixos-17.09 @ 2017-12-13
};
}
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 32a9f66cf..0ff47407a 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -41,7 +41,7 @@ in {
default = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1";
};
};
- config.services.xresources.resources.X = ''
+ config.krebs.xresources.resources.X = ''
*.font: ${config.lass.fonts.regular}
*.boldFont: ${config.lass.fonts.bold}
*.italicFont: ${config.lass.fonts.italic}
@@ -112,11 +112,7 @@ in {
xkbOptions = "caps:backspace";
};
- services.logind.extraConfig = ''
- HandleLidSwitch=ignore
- '';
-
services.urxvtd.enable = true;
- services.xresources.enable = true;
+ krebs.xresources.enable = true;
lass.screenlock.enable = true;
}
diff --git a/lass/2configs/br.nix b/lass/2configs/br.nix
index 35bac8fee..ad307c797 100644
--- a/lass/2configs/br.nix
+++ b/lass/2configs/br.nix
@@ -18,7 +18,7 @@ with import <stockholm/lib>;
netDevices = {
bra = {
model = "MFCL2700DN";
- ip = "10.23.42.221";
+ ip = "10.42.23.221";
};
};
};
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index a858d3fec..9459cfd6f 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -47,7 +47,7 @@ let
createFirefoxUser = name: extraGroups: precedence:
let
bin = pkgs.writeScriptBin name ''
- /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@
+ /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox-devedition-bin}/bin/firefox-devedition $@
'';
in {
users.extraUsers.${name} = {
diff --git a/lass/2configs/dcso-dev.nix b/lass/2configs/dcso-dev.nix
index b7fcc7aab..2b91f91d6 100644
--- a/lass/2configs/dcso-dev.nix
+++ b/lass/2configs/dcso-dev.nix
@@ -15,6 +15,7 @@ in {
createHome = true;
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
+ config.krebs.users.lass-android.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDhQdDQFMxXOjbC+Avx3mlcFHqQpFUk/q9sO6ATA65jCV3YzN11vhZDDv54hABVS2h8TPXs7Lu3PCvK9qouASd2h4Ie9cExUmn50G/iwgFIODsCugVYBzVt1iwaAdwz1Hb9DKYXbVXanzVJjimmrrlQNvsyZg85lcnfyedpPX5ad+4FdSP68LHqEHC18LTitldR6V4P1omaKHlOtVpDgR/72tDgbtNZDBn3EU+TPk9OLTzjc6PinPw4iIvjEfiu14APwXpFDIqT7P7SjOEFpa0v/1z7dhxIy/Z9XbqyEdUfhv3PjZR5K2C+VzR7g6jVEVR2xFId51MpLv/Un4/lalbphBEw3I90Rr8tatOJiFhyrXbaKTcLqp1sIu05OxdPkm3hzfmLIhoKxhaIlXH7WQ9sAqxL1NAQ7O+J6yT4DMnwKzvpkkJjBaGtV84Pp1cccfNRH8XXID3FkWkrUpdgXWBpyLnRq4ilUJTajkU0GSdXkq8kLL3mWg9LPRTg3dmDj61ZB/qhjM61ppwHJvDRN9WI5HruXIU6nOQjh5yE2C/JZfLcsZD4Y1UDBy5/JSZrCVT2sQjFopkkYEkRCbX7oITHOH4iyRdxZkKWLUPboFrcmBpXO+owCEhO4JZrtfFWMC6qM++nrmiZWOrdIOIvdYHWluhKR2shlkisEKQP5pUqkw== markus.hihn@dcso.de"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1T5+2epslFARSnETdr4wdolA6ocJaD4H9tmz6BZFQKXlwIq+OMp+sSEdwYwW3Lu9+mNbBHPxVVJDWg/We9DXB0ezXPM5Bs1+FcehmkoGwkmgKaFCDt0sL+CfSnog/3wEkN21O/rQxVFqMmiJ7WUDGci6IKCFZ5ZjOsmmfHg5p3LYxU9xv33fNr2v+XauhrGbFtQ7eDz4kSywxN/aw73LN4d8em0V0UV8VPI3Qkw7MamDFwefA+K1TfK8pBzMeruU6N7HLuNkpkAp7kS+K4Zzd72aQtR37a5qMiFUbOxQ9B7iFypuPx0iu6ZwY1s/sM8t3kLmcDJ9O4FOTzlbpneet3as6iJ+Ckr/TlfKor2Tl5pWcXh2FXHoG8VUu5bYmIViJBrKihAlAQfQN0mJ9fdFTnCXVTtbYTy11s4eEVHgUlb7oSpgBnx5bnBONgApbsOX9zyoo8wz8KkZBcf1SQpkV5br8uUAHCcZtHuY6I3kKlv+8lJmgUipiYzMdTi7+dHa49gVEcEKL4ZnJ0msQkl4XT7JjKETLvumC4/TIqVuRu48wuYalkCR9OzxCsTXQ/msBJBztPdYLrEOXVb2HfzuCT+43UuMQ5rP/EoPy0TWQO9BaqfEXqvbOvWjVxj/GMvglQ2ChZTwHxwwTKB8qRVvJLnbZQwizQiSrkzjb6hRJfQ== u0_a165@localhost"
];
@@ -42,6 +43,10 @@ in {
};
};
+ krebs.per-user.dev.packages = [
+ pkgs.go
+ ];
+
security.sudo.extraConfig = ''
${mainUser.name} ALL=(dev) NOPASSWD: ALL
'';
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 763633dd9..2d848773f 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -48,6 +48,7 @@ with import <stockholm/lib>;
{ from = "tomtop@lassul.us"; to = lass.mail; }
{ from = "aliexp