summaryrefslogtreecommitdiffstats
path: root/krebs/2configs
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2021-06-06 19:15:44 +0200
committermakefu <github@syntax-fehler.de>2021-06-06 19:15:44 +0200
commit74058abe0b5da0753c2167d6bab29eb1eae88366 (patch)
tree748e9e75c0498161629597f7469933e69303168b /krebs/2configs
parent88a845f7a1a037bf6bcf23863d41f36c4cedcd7e (diff)
parenta5bc9126db72f59062ff9d6a72b2fa35437b42cb (diff)
Merge branch '21.05'
Diffstat (limited to 'krebs/2configs')
-rw-r--r--krebs/2configs/hw/x220.nix2
-rw-r--r--krebs/2configs/ircd.nix2
-rw-r--r--krebs/2configs/news.nix1
-rw-r--r--krebs/2configs/reaktor2.nix1
-rw-r--r--krebs/2configs/shack/muell_mail.nix1
-rw-r--r--krebs/2configs/shack/muellshack.nix1
-rw-r--r--krebs/2configs/shack/node-light.nix1
-rw-r--r--krebs/2configs/shack/powerraw.nix5
-rw-r--r--krebs/2configs/shack/s3-power.nix1
-rw-r--r--krebs/2configs/shack/shackDNS.nix1
-rw-r--r--krebs/2configs/shack/share.nix2
-rw-r--r--krebs/2configs/shack/worlddomination.nix4
12 files changed, 15 insertions, 7 deletions
diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix
index 3780e0d7d..bb273652d 100644
--- a/krebs/2configs/hw/x220.nix
+++ b/krebs/2configs/hw/x220.nix
@@ -22,8 +22,6 @@ with import <stockholm/lib>;
pkgs.vaapiVdpau
];
- security.rngd.enable = mkDefault true;
-
services.xserver = {
videoDriver = "intel";
};
diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix
index d4ac9e42a..d26aa5962 100644
--- a/krebs/2configs/ircd.nix
+++ b/krebs/2configs/ircd.nix
@@ -61,7 +61,7 @@
};
privset "op" {
- privs = oper:admin;
+ privs = oper:admin, oper:general;
};
operator "aids" {
diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
index 2da3e6fcc..84a39f95b 100644
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@@ -68,6 +68,7 @@
wantedBy = [ "multi-user.target" ];
};
+ systemd.services.brockman.bindsTo = [ "solanum.service" ];
systemd.services.brockman.serviceConfig.LimitNOFILE = 16384;
systemd.services.brockman.environment.BROCKMAN_LOG_LEVEL = "DEBUG";
krebs.brockman = {
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix
index 2823aabef..14e0a3d7a 100644
--- a/krebs/2configs/reaktor2.nix
+++ b/krebs/2configs/reaktor2.nix
@@ -119,6 +119,7 @@ in {
users.users.reaktor2 = {
uid = genid_uint31 "reaktor2";
home = stateDir;
+ isSystemUser = true;
};
krebs.reaktor2 = {
diff --git a/krebs/2configs/shack/muell_mail.nix b/krebs/2configs/shack/muell_mail.nix
index 481564719..951450200 100644
--- a/krebs/2configs/shack/muell_mail.nix
+++ b/krebs/2configs/shack/muell_mail.nix
@@ -12,6 +12,7 @@ let
in {
users.users.muell_mail = {
inherit home;
+ isSystemUser = true;
createHome = true;
};
systemd.services.muell_mail = {
diff --git a/krebs/2configs/shack/muellshack.nix b/krebs/2configs/shack/muellshack.nix
index e894b9394..b032b4299 100644
--- a/krebs/2configs/shack/muellshack.nix
+++ b/krebs/2configs/shack/muellshack.nix
@@ -13,6 +13,7 @@ let
in {
users.users.muellshack = {
inherit home;
+ isSystemUser = true;
createHome = true;
};
services.nginx.virtualHosts."muell.shack" = {
diff --git a/krebs/2configs/shack/node-light.nix b/krebs/2configs/shack/node-light.nix
index 4a981ea87..2e69d5aaa 100644
--- a/krebs/2configs/shack/node-light.nix
+++ b/krebs/2configs/shack/node-light.nix
@@ -14,6 +14,7 @@ in {
networking.firewall.allowedUDPPorts = [ 2342 ];
users.users.node-light = {
inherit home;
+ isSystemUser = true;
createHome = true;
};
services.nginx.virtualHosts."lounge.light.shack" = {
diff --git a/krebs/2configs/shack/powerraw.nix b/krebs/2configs/shack/powerraw.nix
index cc3692e85..43c743587 100644
--- a/krebs/2configs/shack/powerraw.nix
+++ b/krebs/2configs/shack/powerraw.nix
@@ -14,7 +14,10 @@ let
in {
# receive response from light.shack / standby.shack
networking.firewall.allowedUDPPorts = [ 11111 ];
- users.users.powermeter.extraGroups = [ "dialout" ];
+ users.users.powermeter = {
+ extraGroups = [ "dialout" ];
+ isSystemUser = true;
+ };
# we make sure that usb-ttl has the correct permissions
# creates /dev/powerraw
diff --git a/krebs/2configs/shack/s3-power.nix b/krebs/2configs/shack/s3-power.nix
index f3ea67f79..0ce8a8786 100644
--- a/krebs/2configs/shack/s3-power.nix
+++ b/krebs/2configs/shack/s3-power.nix
@@ -14,6 +14,7 @@ in {
users.users.s3_power = {
inherit home;
createHome = true;
+ isSystemUser = true;
};
systemd.services.s3-power = {
startAt = "daily";
diff --git a/krebs/2configs/shack/shackDNS.nix b/krebs/2configs/shack/shackDNS.nix
index 807bb7e65..c9cdfd24b 100644
--- a/krebs/2configs/shack/shackDNS.nix
+++ b/krebs/2configs/shack/shackDNS.nix
@@ -30,6 +30,7 @@ in {
users.users.shackDNS = {
inherit home;
createHome = true;
+ isSystemUser = true;
};
services.nginx.virtualHosts."leases.shack" = {
locations."/" = {
diff --git a/krebs/2configs/shack/share.nix b/krebs/2configs/shack/share.nix
index d8d65d309..3eb30964e 100644
--- a/krebs/2configs/shack/share.nix
+++ b/krebs/2configs/shack/share.nix
@@ -1,7 +1,7 @@
{config, ... }:{
users.users.smbguest = {
name = "smbguest";
- uid = config.ids.uids.smbguest;
+ uid = config.ids.uids.smbguest; #effectively systemUser
group = "share";
description = "smb guest user";
home = "/home/share";
diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix
index 61b72d9a8..4bdb095f1 100644
--- a/krebs/2configs/shack/worlddomination.nix
+++ b/krebs/2configs/shack/worlddomination.nix
@@ -58,7 +58,7 @@ let
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/9c/f6/d839e4b14258d76e74a39810829c13f8dd31de2bfe0915579b2a609d1bbe/aiocoap-0.3.tar.gz"; sha256 = "402d4151db6d8d0b1d66af5b6e10e0de1521decbf12140637e5b8d2aa9c5aef6"; };
propagatedBuildInputs = [ ];
doCheck = false; # 2 errors, dunnolol
- meta = with pkgs.stdenv.lib; {
+ meta = with pkgs.lib; {
homepage = "";
license = licenses.mit;
description = "Python CoAP library";
@@ -68,7 +68,7 @@ let
name = "LinkHeader-0.4.3";
src = pkgs.fetchurl { url = "https://files.pythonhosted.org/packages/27/d4/eb1da743b2dc825e936ef1d9e04356b5701e3a9ea022c7aaffdf4f6b0594/LinkHeader-0.4.3.tar.gz"; sha256 = "7fbbc35c0ba3fbbc530571db7e1c886e7db3d718b29b345848ac9686f21b50c3"; };
propagatedBuildInputs = [ ];
- meta = with pkgs.stdenv.lib; {
+ meta = with pkgs.lib; {
homepage = "";
license = licenses.bsdOriginal;
description = "Parse and format link headers according to RFC 5988 \"Web Linking\"";