diff options
author | makefu <github@syntax-fehler.de> | 2021-06-06 19:15:44 +0200 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2021-06-06 19:15:44 +0200 |
commit | 74058abe0b5da0753c2167d6bab29eb1eae88366 (patch) | |
tree | 748e9e75c0498161629597f7469933e69303168b /krebs/2configs | |
parent | 88a845f7a1a037bf6bcf23863d41f36c4cedcd7e (diff) | |
parent | a5bc9126db72f59062ff9d6a72b2fa35437b42cb (diff) |
Merge branch '21.05'
Diffstat (limited to 'krebs/2configs')
-rw-r--r-- | krebs/2configs/hw/x220.nix | 2 | ||||
-rw-r--r-- | krebs/2configs/ircd.nix | 2 | ||||
-rw-r--r-- | krebs/2configs/news.nix | 1 | ||||
-rw-r--r-- | krebs/2configs/reaktor2.nix | 1 | ||||
-rw-r--r-- | krebs/2configs/shack/muell_mail.nix | 1 | ||||
-rw-r--r-- | krebs/2configs/shack/muellshack.nix | 1 | ||||
-rw-r--r-- | krebs/2configs/shack/node-light.nix | 1 | ||||
-rw-r--r-- | krebs/2configs/shack/powerraw.nix | 5 | ||||
-rw-r--r-- | krebs/2configs/shack/s3-power.nix | 1 | ||||
-rw-r--r-- | krebs/2configs/shack/shackDNS.nix | 1 | ||||
-rw-r--r-- | krebs/2configs/shack/share.nix | 2 | ||||
-rw-r--r-- | krebs/2configs/shack/worlddomination.nix | 4 |
12 files changed, 15 insertions, 7 deletions
diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix index 3780e0d7d..bb273652d 100644 --- a/krebs/2configs/hw/x220.nix +++ b/krebs/2configs/hw/x220.nix @@ -22,8 +22,6 @@ with import <stockholm/lib>; pkgs.vaapiVdpau ]; - security.rngd.enable = mkDefault true; - services.xserver = { videoDriver = "intel"; }; diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index d4ac9e42a..d26aa5962 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -61,7 +61,7 @@ }; privset "op" { - privs = oper:admin; + privs = oper:admin, oper:general; }; operator "aids" { diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index 2da3e6fcc..84a39f95b 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -68,6 +68,7 @@ wantedBy = [ "multi-user.target" ]; }; + systemd.services.brockman.bindsTo = [ "solanum.service" ]; systemd.services.brockman.serviceConfig.LimitNOFILE = 16384; systemd.services.brockman.environment.BROCKMAN_LOG_LEVEL = "DEBUG"; krebs.brockman = { diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index 2823aabef..14e0a3d7a 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -119,6 +119,7 @@ in { users.users.reaktor2 = { uid = genid_uint31 "reaktor2"; home = stateDir; + isSystemUser = true; }; krebs.reaktor2 = { diff --git a/krebs/2configs/shack/muell_mail.nix b/krebs/2configs/shack/muell_mail.nix index 481564719..951450200 100644 --- a/krebs/2configs/shack/muell_mail.nix +++ b/krebs/2configs/shack/muell_mail.nix @@ -12,6 +12,7 @@ let in { users.users.muell_mail = { inherit home; + isSystemUser = true; createHome = true; }; systemd.services.muell_mail = { diff --git a/krebs/2configs/shack/muellshack.nix b/krebs/2configs/shack/muellshack.nix index e894b9394..b032b4299 100644 --- a/krebs/2configs/shack/muellshack.nix +++ b/krebs/2configs/shack/muellshack.nix @@ -13,6 +13,7 @@ let in { users.users.muellshack = { inherit home; + isSystemUser = true; createHome = true; }; services.nginx.virtualHosts."muell.shack" = { diff --git a/krebs/2configs/shack/node-light.nix b/krebs/2configs/shack/node-light.nix index 4a981ea87..2e69d5aaa 100644 --- a/krebs/2configs/shack/node-light.nix +++ b/krebs/2configs/shack/node-light.nix @@ -14,6 +14,7 @@ in { networking.firewall.allowedUDPPorts = [ 2342 ]; users.users.node-light = { inherit home; + isSystemUser = true; createHome = true; }; services.nginx.virtualHosts."lounge.light.shack" = { diff --git a/krebs/2configs/shack/powerraw.nix b/krebs/2configs/shack/powerraw.nix index cc3692e85..43c743587 100644 --- a/krebs/2configs/shack/powerraw.nix +++ b/krebs/2configs/shack/powerraw.nix @@ -14,7 +14,10 @@ let in { # receive response from light.shack / standby.shack networking.firewall.allowedUDPPorts = [ 11111 ]; - users.users.powermeter.extraGroups = [ "dialout" ]; + users.users.powermeter = { + extraGroups = [ "dialout" ]; + isSystemUser = true; + }; # we make sure that usb-ttl has the correct permissions # creates /dev/powerraw diff --git a/krebs/2configs/shack/s3-power.nix b/krebs/2configs/shack/s3-power.nix index f3ea67f79..0ce8a8786 100644 --- a/krebs/2configs/shack/s3-power.nix +++ b/krebs/2configs/shack/s3-power.nix @@ -14,6 +14,7 @@ in { users.users.s3_power = { inherit home; createHome = true; + isSystemUser = true; }; systemd.services.s3-power = { startAt = "daily"; diff --git a/krebs/2configs/shack/shackDNS.nix b/krebs/2configs/shack/shackDNS.nix index 807bb7e65..c9cdfd24b 100644 --- a/krebs/2configs/shack/shackDNS.nix +++ b/krebs/2configs/shack/shackDNS.nix @@ -30,6 +30,7 @@ in { users.users.shackDNS = { inherit home; createHome = true; + isSystemUser = true; }; services.nginx.virtualHosts."leases.shack" = { locations."/" = { diff --git a/krebs/2configs/shack/share.nix b/krebs/2configs/shack/share.nix index d8d65d309..3eb30964e 100644 --- a/krebs/2configs/shack/share.nix +++ b/krebs/2configs/shack/share.nix @@ -1,7 +1,7 @@ {config, ... }:{ users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; #effectively systemUser group = "share"; description = "smb guest user"; home = "/home/share"; diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix index 61b72d9a8..4bdb095f1 100644 --- a/krebs/2configs/shack/worlddomination.nix +++ b/krebs/2configs/shack/worlddomination.nix @@ -58,7 +58,7 @@ let src = pkgs.fetchurl { url = "https://pypi.python.org/packages/9c/f6/d839e4b14258d76e74a39810829c13f8dd31de2bfe0915579b2a609d1bbe/aiocoap-0.3.tar.gz"; sha256 = "402d4151db6d8d0b1d66af5b6e10e0de1521decbf12140637e5b8d2aa9c5aef6"; }; propagatedBuildInputs = [ ]; doCheck = false; # 2 errors, dunnolol - meta = with pkgs.stdenv.lib; { + meta = with pkgs.lib; { homepage = ""; license = licenses.mit; description = "Python CoAP library"; @@ -68,7 +68,7 @@ let name = "LinkHeader-0.4.3"; src = pkgs.fetchurl { url = "https://files.pythonhosted.org/packages/27/d4/eb1da743b2dc825e936ef1d9e04356b5701e3a9ea022c7aaffdf4f6b0594/LinkHeader-0.4.3.tar.gz"; sha256 = "7fbbc35c0ba3fbbc530571db7e1c886e7db3d718b29b345848ac9686f21b50c3"; }; propagatedBuildInputs = [ ]; - meta = with pkgs.stdenv.lib; { + meta = with pkgs.lib; { homepage = ""; license = licenses.bsdOriginal; description = "Parse and format link headers according to RFC 5988 \"Web Linking\""; |