summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2021-12-13 09:29:58 +0100
committermakefu <github@syntax-fehler.de>2021-12-13 09:29:58 +0100
commited065e8add0376384b8f23a016f0fedab13f7fd2 (patch)
tree1e596ac0432bb6d085d2861efee5f54bdea37e75
parentd424c3f6af7c505d5ad64210d0a1b59af7483916 (diff)
parentf2533d88924feb48834a07c4dc1e82cd21acd025 (diff)
Merge remote-tracking branch 'lass/master'
-rw-r--r--krebs/2configs/wiki.nix14
-rw-r--r--krebs/3modules/ci.nix17
-rw-r--r--krebs/5pkgs/simple/generate-krebs-intermediate-ca/default.nix1
-rw-r--r--krebs/6assets/krebsAcmeCA.crt22
-rw-r--r--tv/1systems/mu/config.nix7
-rw-r--r--tv/2configs/hw/AO753.nix23
-rw-r--r--tv/2configs/hw/CAC-Developer-1.nix8
-rw-r--r--tv/2configs/hw/CAC-Developer-2.nix8
-rw-r--r--tv/2configs/hw/CAC.nix13
-rw-r--r--tv/2configs/hw/w110er.nix26
-rw-r--r--tv/5pkgs/haskell/xmonad-tv/default.nix4
11 files changed, 69 insertions, 74 deletions
diff --git a/krebs/2configs/wiki.nix b/krebs/2configs/wiki.nix
index e7faca1f4..40d946f7d 100644
--- a/krebs/2configs/wiki.nix
+++ b/krebs/2configs/wiki.nix
@@ -29,6 +29,7 @@ in
{
services.gollum = {
enable = true;
+ address = "::1";
extraConfig = ''
Gollum::Hook.register(:post_commit, :hook_id) do |committer, sha1|
system('${pushCgit}')
@@ -45,12 +46,13 @@ in
virtualHosts."wiki.r" = {
enableACME = true;
addSSL = true;
- locations."/".extraConfig = ''
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_set_header Host $host;
- proxy_pass http://127.0.0.1:${toString config.services.gollum.port};
- '';
+ locations."/" = {
+ proxyPass = "http://[::1]:${toString config.services.gollum.port}";
+ proxyWebsockets = true;
+ extraConfig = ''
+ proxy_set_header Host $host;
+ '';
+ };
};
};
diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix
index bb941a1fb..822dbab61 100644
--- a/krebs/3modules/ci.nix
+++ b/krebs/3modules/ci.nix
@@ -108,8 +108,21 @@ let
# create a ShellCommand for each stage and add them to the build
stages = self.extract_stages(self.observer.getStdout())
self.build.addStepsAfterCurrentStep([
- steps.ShellCommand(name=stage, command=[stages[stage]])
- for stage in stages
+ steps.ShellCommand(
+ name=stage,
+ env=dict(
+ build_name = stage,
+ build_script = stages[stage],
+ ),
+ command="${pkgs.writeDash "build.sh" ''
+ set -xefu
+ profile=${shell.escape profileRoot}/$build_name
+ result=$("$build_script")
+ if [ -n "$result" ]; then
+ ${pkgs.nix}/bin/nix-env -p "$profile" --set "$result"
+ fi
+ ''}",
+ ) for stage in stages
])
return result
diff --git a/krebs/5pkgs/simple/generate-krebs-intermediate-ca/default.nix b/krebs/5pkgs/simple/generate-krebs-intermediate-ca/default.nix
index 8cec54327..5055a78aa 100644
--- a/krebs/5pkgs/simple/generate-krebs-intermediate-ca/default.nix
+++ b/krebs/5pkgs/simple/generate-krebs-intermediate-ca/default.nix
@@ -23,6 +23,7 @@ pkgs.writers.writeDashBin "generate-intermediate-ca" ''
${pkgs.step-cli}/bin/step certificate create "Krebs ACME CA" intermediate_ca.crt intermediate_ca.key \
--template "$TMPDIR/intermediate.tpl" \
+ --not-after 8760h \
--ca "$TMPDIR/krebs/ca.crt" \
--ca-key "$TMPDIR/krebs/ca.key" \
--no-password --insecure
diff --git a/krebs/6assets/krebsAcmeCA.crt b/krebs/6assets/krebsAcmeCA.crt
index 54729e250..1cd5aed0b 100644
--- a/krebs/6assets/krebsAcmeCA.crt
+++ b/krebs/6assets/krebsAcmeCA.crt
@@ -1,15 +1,15 @@
-----BEGIN CERTIFICATE-----
-MIICWzCCAcSgAwIBAgIQVavHn7XtM7NJ8bnph6hGoTANBgkqhkiG9w0BAQsFADCB
+MIICWTCCAcKgAwIBAgIQbAfVX2J0VIzhEYSPVAB4SzANBgkqhkiG9w0BAQsFADCB
gTELMAkGA1UEBhMCWloxEjAQBgNVBAgMCXN0YXRlbGVzczEQMA4GA1UECgwHS3Jl
YnNjbzELMAkGA1UECwwCS00xFjAUBgNVBAMMDUtyZWJzIFJvb3QgQ0ExJzAlBgkq
-hkiG9w0BCQEWGHJvb3QtY2FAc3ludGF4LWZlaGxlci5kZTAeFw0yMTEyMDgxNTU5
-MDRaFw0yMTEyMDkxNTU5MDRaMBoxGDAWBgNVBAMTD0tyZWJzIEFDTUUgQ0EgMTBZ
-MBMGByqGSM49AgEGCCqGSM49AwEHA0IABDOK4g3pJPhOErk49zQgpNKE1cAyoeLp
-PqWXkHZVLIVg8CBzPyCYiHS8RtaJ1kwWxwo5OTypCDOLxf1isR5HgZOjgYAwfjAO
-BgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUv758
-A4RPewsRtgjdB6AE1tn632swHwYDVR0jBBgwFoAUinqtNfqwMKe8gF8M5cGQaNxB
-lS8wGAYDVR0eAQH/BA4wDKAKMAOCAXIwA4IBdzANBgkqhkiG9w0BAQsFAAOBgQAT
-ewOSGWGTCWcJFGSxgnt8/WspMERq1hL1PikwwVMp7wzJmbHcbA0Es4fcrE5Xf8vQ
-dGenlvyQjkQNahbsyGBoja7bpWpnw9qofLQkns1AZWp7q7GBqyKm30keM/E/stjH
-YkgY4QaxlIL+6N0f4nKL3RSf6GQ1hWJOHf+RrboaMw==
+hkiG9w0BCQEWGHJvb3QtY2FAc3ludGF4LWZlaGxlci5kZTAeFw0yMTEyMTAwODQ5
+MDZaFw0yMjEyMTAwODQ5MDZaMBgxFjAUBgNVBAMTDUtyZWJzIEFDTUUgQ0EwWTAT
+BgcqhkjOPQIBBggqhkjOPQMBBwNCAATL8dNO7ajNe60Km7wHrG06tCUj5kQKWsrQ
+Ay7KX8zO+RwQpYhd/i4bqpeGkGWh8uHLZ+164FlZaLgHO10DRja5o4GAMH4wDgYD
+VR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFMt9yJED
+mPRhXsrNZ0x+GtzjdnTLMB8GA1UdIwQYMBaAFIp6rTX6sDCnvIBfDOXBkGjcQZUv
+MBgGA1UdHgEB/wQOMAygCjADggFyMAOCAXcwDQYJKoZIhvcNAQELBQADgYEANo/2
+teIuEsniwxVdqu+ukjqOXHIkBK7F91+G7BuDjBlx2U96v1MwsmT4D9upajERnOOD
+tLx990Sj4t3avRTpytt+qLeIMIxt62YksUXVjDWndqaDcEUat5ZVEQsZ0ZmjOHrA
+BaB65eU0xhJWKAZdk55GqHEFz3Ym4rx7WUaomzk=
-----END CERTIFICATE-----
diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix
index 8fd6ee45b..7c3f8cfdb 100644
--- a/tv/1systems/mu/config.nix
+++ b/tv/1systems/mu/config.nix
@@ -83,8 +83,11 @@ with import <stockholm/lib>;
programs.ssh.startAgent = false;
- security.wrappers = {
- slock.source = "${pkgs.slock}/bin/slock";
+ krebs.setuid = {
+ slock = {
+ filename = "${pkgs.slock}/bin/slock";
+ mode = "4111";
+ };
};
security.pam.loginLimits = [
diff --git a/tv/2configs/hw/AO753.nix b/tv/2configs/hw/AO753.nix
index 469f5c6f8..dd6fcfe67 100644
--- a/tv/2configs/hw/AO753.nix
+++ b/tv/2configs/hw/AO753.nix
@@ -5,6 +5,18 @@ with import <stockholm/lib>;
{
imports = [
../smartd.nix
+
+ {
+ nix.buildCores = 2;
+ nix.maxJobs = 2;
+ }
+ (if lib.versionAtLeast (lib.versions.majorMinor lib.version) "21.11" then {
+ nix.daemonCPUSchedPolicy = "batch";
+ nix.daemonIOSchedPriority = 1;
+ } else {
+ nix.daemonIONiceLevel = 1;
+ nix.daemonNiceLevel = 1;
+ })
];
boot.loader.grub = {
@@ -21,21 +33,10 @@ with import <stockholm/lib>;
"wl"
];
- # broadcom_sta is marked as broken for 5.9+
- # pkgs.linuxPackages_latest ist 5.9
- boot.kernelPackages = pkgs.linuxPackages_5_8;
-
boot.extraModulePackages = [
config.boot.kernelPackages.broadcom_sta
];
- nix = {
- buildCores = 2;
- maxJobs = 2;
- daemonIONiceLevel = 1;
- daemonNiceLevel = 1;
- };
-
services.logind.extraConfig = ''
HandleHibernateKey=ignore
HandleLidSwitch=ignore
diff --git a/tv/2configs/hw/CAC-Developer-1.nix b/tv/2configs/hw/CAC-Developer-1.nix
deleted file mode 100644
index 5143c8359..000000000
--- a/tv/2configs/hw/CAC-Developer-1.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-_:
-{
- imports = [ ./CAC.nix ];
- nix = {
- buildCores = 1;
- maxJobs = 1;
- };
-}
diff --git a/tv/2configs/hw/CAC-Developer-2.nix b/tv/2configs/hw/CAC-Developer-2.nix
deleted file mode 100644
index 1b3b102cc..000000000
--- a/tv/2configs/hw/CAC-Developer-2.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-_:
-{
- imports = [ ./CAC.nix ];
- nix = {
- buildCores = 2;
- maxJobs = 2;
- };
-}
diff --git a/tv/2configs/hw/CAC.nix b/tv/2configs/hw/CAC.nix
deleted file mode 100644
index 9ed18344a..000000000
--- a/tv/2configs/hw/CAC.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-_:
-{
- boot.initrd.availableKernelModules = [
- "ata_piix"
- "vmw_pvscsi"
- ];
- boot.loader.grub.splashImage = null;
- nix = {
- daemonIONiceLevel = 1;
- daemonNiceLevel = 1;
- };
- sound.enable = false;
-}
diff --git a/tv/2configs/hw/w110er.nix b/tv/2configs/hw/w110er.nix
index 818d1aca6..09dd9a49d 100644
--- a/tv/2configs/hw/w110er.nix
+++ b/tv/2configs/hw/w110er.nix
@@ -1,7 +1,6 @@
-with import <stockholm/lib>;
-{ pkgs, ... }:
-
-{
+{ pkgs, ... }: let
+ lib = import <stockholm/lib>;
+in {
imports = [
../smartd.nix
{
@@ -16,6 +15,18 @@ with import <stockholm/lib>;
# "nvidia-settings"
#];
}
+
+ {
+ nix.buildCores = 4;
+ nix.maxJobs = 4;
+ }
+ (if lib.versionAtLeast (lib.versions.majorMinor lib.version) "21.11" then {
+ nix.daemonCPUSchedPolicy = "batch";
+ nix.daemonIOSchedPriority = 1;
+ } else {
+ nix.daemonIONiceLevel = 1;
+ nix.daemonNiceLevel = 1;
+ })
];
boot.extraModprobeConfig = ''
@@ -35,13 +46,6 @@ with import <stockholm/lib>;
networking.wireless.enable = true;
- nix = {
- buildCores = 4;
- maxJobs = 4;
- daemonIONiceLevel = 1;
- daemonNiceLevel = 1;
- };
-
services.logind.extraConfig = ''
HandleHibernateKey=ignore
HandleLidSwitch=ignore
diff --git a/tv/5pkgs/haskell/xmonad-tv/default.nix b/tv/5pkgs/haskell/xmonad-tv/default.nix
index 36dffaa13..edb5f258e 100644
--- a/tv/5pkgs/haskell/xmonad-tv/default.nix
+++ b/tv/5pkgs/haskell/xmonad-tv/default.nix
@@ -1,5 +1,5 @@
{ mkDerivation, aeson, base, bytestring, containers, directory
-, extra, stdenv, template-haskell, th-env, unix, X11, xmonad
+, extra, lib, template-haskell, th-env, unix, X11, xmonad
, xmonad-contrib, xmonad-stockholm
}:
mkDerivation {
@@ -12,5 +12,5 @@ mkDerivation {
aeson base bytestring containers directory extra template-haskell
th-env unix X11 xmonad xmonad-contrib xmonad-stockholm
];
- license = stdenv.lib.licenses.mit;
+ license = lib.licenses.mit;
}