summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2019-04-17 17:17:25 +0200
committertv <tv@krebsco.de>2019-04-17 17:17:25 +0200
commit20fa5109afc6263a023005e7a40fbf6c14b7ca93 (patch)
tree572727d1dc699545e416e8cb199210a3f582fd44
parentd0883b3d3e44051fa569f4bc205abc557b0466e2 (diff)
parent7083200810b4cca19b02550e1ec2a000aa686b63 (diff)
Merge remote-tracking branch 'prism/master'
-rw-r--r--krebs/3modules/bepasty-server.nix8
-rw-r--r--krebs/3modules/ci.nix6
-rw-r--r--lass/1systems/blue/config.nix2
-rw-r--r--lass/1systems/mors/config.nix2
-rw-r--r--lass/2configs/hw/x220.nix5
-rw-r--r--lass/2configs/syncthing.nix1
-rw-r--r--lass/3modules/usershadow.nix27
-rw-r--r--makefu/5pkgs/nixpkgs-pytools/default.nix17
-rw-r--r--makefu/krops.nix8
9 files changed, 52 insertions, 24 deletions
diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix
index 0f00cd381..94a509520 100644
--- a/krebs/3modules/bepasty-server.nix
+++ b/krebs/3modules/bepasty-server.nix
@@ -2,10 +2,10 @@
with import <stockholm/lib>;
let
- gunicorn = pkgs.python3Packages.gunicorn;
- bepasty = pkgs.bepasty;
- gevent = pkgs.python3Packages.gevent;
- python = pkgs.python3Packages.python;
+ gunicorn = pkgs.python27Packages.gunicorn;
+ bepasty = pkgs.bepasty.override { python3Packages = pkgs.python27Packages; };
+ gevent = pkgs.python27Packages.gevent;
+ python = pkgs.python27Packages.python;
cfg = config.krebs.bepasty;
out = {
diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix
index a47dbe611..244de1a0d 100644
--- a/krebs/3modules/ci.nix
+++ b/krebs/3modules/ci.nix
@@ -108,10 +108,12 @@ let
name=str(new_step),
command=[
"${pkgs.writeDash "build-stepper.sh" ''
- set -efu
+ set -xefu
profile=${shell.escape profileRoot}/$build_name
result=$("$build_script")
- ${pkgs.nix}/bin/nix-env -p "$profile" --set "$result"
+ if [ -n "$result" ]; then
+ ${pkgs.nix}/bin/nix-env -p "$profile" --set "$result"
+ fi
''}"
],
env={
diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix
index a287f548b..43c80d52f 100644
--- a/lass/1systems/blue/config.nix
+++ b/lass/1systems/blue/config.nix
@@ -15,9 +15,11 @@ with import <stockholm/lib>;
krebs.syncthing.folders = [
{ id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
+ { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; }
];
lass.ensure-permissions = [
{ folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
+ { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; }
];
environment.shellAliases = {
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index fa5fb5518..52bcc9e15 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -52,10 +52,12 @@ with import <stockholm/lib>;
krebs.syncthing.folders = [
{ id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
{ id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" ]; }
+ { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; }
];
lass.ensure-permissions = [
{ folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
{ folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; }
+ { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; }
];
}
{
diff --git a/lass/2configs/hw/x220.nix b/lass/2configs/hw/x220.nix
index f5651da13..5649041f9 100644
--- a/lass/2configs/hw/x220.nix
+++ b/lass/2configs/hw/x220.nix
@@ -30,8 +30,7 @@
};
};
- services.logind.extraConfig = ''
- HandleLidSwitch=ignore
- '';
+ services.logind.lidSwitch = "ignore";
+ services.logind.lidSwitchDocked = "ignore";
}
diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix
index 842abc195..d8b3c9f90 100644
--- a/lass/2configs/syncthing.nix
+++ b/lass/2configs/syncthing.nix
@@ -4,6 +4,7 @@ with import <stockholm/lib>;
services.syncthing = {
enable = true;
group = "syncthing";
+ configDir = "/var/lib/syncthing";
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 22000"; target = "ACCEPT";}
diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix
index cb2890969..d967a108a 100644
--- a/lass/3modules/usershadow.nix
+++ b/lass/3modules/usershadow.nix
@@ -31,13 +31,20 @@
session required pam_loginuid.so
'';
- security.pam.services.dovecot2.text = ''
- auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
- auth required pam_permit.so
- account required pam_permit.so
- session required pam_permit.so
- session required pam_env.so envfile=${config.system.build.pamEnvironment}
- '';
+ security.pam.services.dovecot2 = {
+ text = ''
+ auth required pam_exec.so debug expose_authtok log=/tmp/lol /run/wrappers/bin/shadow_verify_pam ${cfg.pattern}
+ auth required pam_permit.so
+ account required pam_permit.so
+ session required pam_permit.so
+ session required pam_env.so envfile=${config.system.build.pamEnvironment}
+ '';
+ };
+
+ security.wrappers.shadow_verify_pam = {
+ source = "${usershadow}/bin/verify_pam";
+ owner = "root";
+ };
};
usershadow = let {
@@ -46,10 +53,13 @@
"bytestring"
];
body = pkgs.writeHaskellPackage "passwords" {
+ ghc-options = [
+ "-rtsopts"
+ "-Wall"
+ ];
executables.verify_pam = {
extra-depends = deps;
text = ''
- import Data.Monoid
import System.IO
import Data.Char (chr)
import System.Environment (getEnv, getArgs)
@@ -72,7 +82,6 @@
executables.verify_arg = {
extra-depends = deps;
text = ''
- import Data.Monoid
import System.Environment (getArgs)
import Crypto.PasswordStore (verifyPasswordWith, pbkdf2)
import qualified Data.ByteString.Char8 as BS8
diff --git a/makefu/5pkgs/nixpkgs-pytools/default.nix b/makefu/5pkgs/nixpkgs-pytools/default.nix
new file mode 100644
index 000000000..35146d155
--- /dev/null
+++ b/makefu/5pkgs/nixpkgs-pytools/default.nix
@@ -0,0 +1,17 @@
+{pkgs, fetchFromGitHub}:
+with pkgs.python3.pkgs;
+
+buildPythonPackage rec {
+ pname = "nixpkgs-pytools";
+ version = "1.0.0-dev";
+ src = fetchFromGitHub {
+ owner = "nix-community";
+ repo = pname;
+ rev = "593443b5689333cad3b6fa5b42e96587df68b0f8";
+ sha256 = "1cjpngr1rn5q59a1krgmpq2qm96wbiirc8yf1xmm21p3mskb2db4";
+ };
+ propagatedBuildInputs = [
+ jinja2 setuptools
+ ];
+ checkInputs = [ black ];
+}
diff --git a/makefu/krops.nix b/makefu/krops.nix
index 7c3fbcf4a..219e00d72 100644
--- a/makefu/krops.nix
+++ b/makefu/krops.nix
@@ -1,6 +1,6 @@
{ config ? config, name, target ? name }: let
krops = ../submodules/krops;
- nixpkgs-src = lib.importJSON ./nixpkgs.json;
+ nixpkgs-src = lib.importJSON ../krebs/nixpkgs.json;
lib = import "${krops}/lib";
pkgs = import "${krops}/pkgs" {};
@@ -20,10 +20,6 @@
} // import (./. + "/1systems/${name}/source.nix");
source = { test }: lib.evalSource [
{
- # nixos-18.09 @ 2018-09-18
- # + uhub/sqlite: 5dd7610401747
- # + hovercraft: 7134801b17d72
- # + PR#53934: eac6797380af1
nixpkgs = if host-src.arm6 then {
# TODO: we want to track the unstable channel
symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/";
@@ -31,7 +27,7 @@
derivation = ''
with import <nixpkgs> {};
pkgs.fetchFromGitHub {
- owner = "makefu";
+ owner = "nixos";
repo = "nixpkgs";
rev = "${nixpkgs-src.rev}";
sha256 = "${nixpkgs-src.sha256}";