diff options
author | makefu <github@syntax-fehler.de> | 2021-06-06 19:15:44 +0200 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2021-06-06 19:15:44 +0200 |
commit | 74058abe0b5da0753c2167d6bab29eb1eae88366 (patch) | |
tree | 748e9e75c0498161629597f7469933e69303168b /krebs | |
parent | 88a845f7a1a037bf6bcf23863d41f36c4cedcd7e (diff) | |
parent | a5bc9126db72f59062ff9d6a72b2fa35437b42cb (diff) |
Merge branch '21.05'
Diffstat (limited to 'krebs')
52 files changed, 248 insertions, 179 deletions
diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix index 3780e0d7d..bb273652d 100644 --- a/krebs/2configs/hw/x220.nix +++ b/krebs/2configs/hw/x220.nix @@ -22,8 +22,6 @@ with import <stockholm/lib>; pkgs.vaapiVdpau ]; - security.rngd.enable = mkDefault true; - services.xserver = { videoDriver = "intel"; }; diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index d4ac9e42a..d26aa5962 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -61,7 +61,7 @@ }; privset "op" { - privs = oper:admin; + privs = oper:admin, oper:general; }; operator "aids" { diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index 2da3e6fcc..84a39f95b 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -68,6 +68,7 @@ wantedBy = [ "multi-user.target" ]; }; + systemd.services.brockman.bindsTo = [ "solanum.service" ]; systemd.services.brockman.serviceConfig.LimitNOFILE = 16384; systemd.services.brockman.environment.BROCKMAN_LOG_LEVEL = "DEBUG"; krebs.brockman = { diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index 2823aabef..14e0a3d7a 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -119,6 +119,7 @@ in { users.users.reaktor2 = { uid = genid_uint31 "reaktor2"; home = stateDir; + isSystemUser = true; }; krebs.reaktor2 = { diff --git a/krebs/2configs/shack/muell_mail.nix b/krebs/2configs/shack/muell_mail.nix index 481564719..951450200 100644 --- a/krebs/2configs/shack/muell_mail.nix +++ b/krebs/2configs/shack/muell_mail.nix @@ -12,6 +12,7 @@ let in { users.users.muell_mail = { inherit home; + isSystemUser = true; createHome = true; }; systemd.services.muell_mail = { diff --git a/krebs/2configs/shack/muellshack.nix b/krebs/2configs/shack/muellshack.nix index e894b9394..b032b4299 100644 --- a/krebs/2configs/shack/muellshack.nix +++ b/krebs/2configs/shack/muellshack.nix @@ -13,6 +13,7 @@ let in { users.users.muellshack = { inherit home; + isSystemUser = true; createHome = true; }; services.nginx.virtualHosts."muell.shack" = { diff --git a/krebs/2configs/shack/node-light.nix b/krebs/2configs/shack/node-light.nix index 4a981ea87..2e69d5aaa 100644 --- a/krebs/2configs/shack/node-light.nix +++ b/krebs/2configs/shack/node-light.nix @@ -14,6 +14,7 @@ in { networking.firewall.allowedUDPPorts = [ 2342 ]; users.users.node-light = { inherit home; + isSystemUser = true; createHome = true; }; services.nginx.virtualHosts."lounge.light.shack" = { diff --git a/krebs/2configs/shack/powerraw.nix b/krebs/2configs/shack/powerraw.nix index cc3692e85..43c743587 100644 --- a/krebs/2configs/shack/powerraw.nix +++ b/krebs/2configs/shack/powerraw.nix @@ -14,7 +14,10 @@ let in { # receive response from light.shack / standby.shack networking.firewall.allowedUDPPorts = [ 11111 ]; - users.users.powermeter.extraGroups = [ "dialout" ]; + users.users.powermeter = { + extraGroups = [ "dialout" ]; + isSystemUser = true; + }; # we make sure that usb-ttl has the correct permissions # creates /dev/powerraw diff --git a/krebs/2configs/shack/s3-power.nix b/krebs/2configs/shack/s3-power.nix index f3ea67f79..0ce8a8786 100644 --- a/krebs/2configs/shack/s3-power.nix +++ b/krebs/2configs/shack/s3-power.nix @@ -14,6 +14,7 @@ in { users.users.s3_power = { inherit home; createHome = true; + isSystemUser = true; }; systemd.services.s3-power = { startAt = "daily"; diff --git a/krebs/2configs/shack/shackDNS.nix b/krebs/2configs/shack/shackDNS.nix index 807bb7e65..c9cdfd24b 100644 --- a/krebs/2configs/shack/shackDNS.nix +++ b/krebs/2configs/shack/shackDNS.nix @@ -30,6 +30,7 @@ in { users.users.shackDNS = { inherit home; createHome = true; + isSystemUser = true; }; services.nginx.virtualHosts."leases.shack" = { locations."/" = { diff --git a/krebs/2configs/shack/share.nix b/krebs/2configs/shack/share.nix index d8d65d309..3eb30964e 100644 --- a/krebs/2configs/shack/share.nix +++ b/krebs/2configs/shack/share.nix @@ -1,7 +1,7 @@ {config, ... }:{ users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; #effectively systemUser group = "share"; description = "smb guest user"; home = "/home/share"; diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix index 61b72d9a8..4bdb095f1 100644 --- a/krebs/2configs/shack/worlddomination.nix +++ b/krebs/2configs/shack/worlddomination.nix @@ -58,7 +58,7 @@ let src = pkgs.fetchurl { url = "https://pypi.python.org/packages/9c/f6/d839e4b14258d76e74a39810829c13f8dd31de2bfe0915579b2a609d1bbe/aiocoap-0.3.tar.gz"; sha256 = "402d4151db6d8d0b1d66af5b6e10e0de1521decbf12140637e5b8d2aa9c5aef6"; }; propagatedBuildInputs = [ ]; doCheck = false; # 2 errors, dunnolol - meta = with pkgs.stdenv.lib; { + meta = with pkgs.lib; { homepage = ""; license = licenses.mit; description = "Python CoAP library"; @@ -68,7 +68,7 @@ let name = "LinkHeader-0.4.3"; src = pkgs.fetchurl { url = "https://files.pythonhosted.org/packages/27/d4/eb1da743b2dc825e936ef1d9e04356b5701e3a9ea022c7aaffdf4f6b0594/LinkHeader-0.4.3.tar.gz"; sha256 = "7fbbc35c0ba3fbbc530571db7e1c886e7db3d718b29b345848ac9686f21b50c3"; }; propagatedBuildInputs = [ ]; - meta = with pkgs.stdenv.lib; { + meta = with pkgs.lib; { homepage = ""; license = licenses.bsdOriginal; description = "Parse and format link headers according to RFC 5988 \"Web Linking\""; diff --git a/krebs/3modules/airdcpp.nix b/krebs/3modules/airdcpp.nix index 56fb31795..0ac9d3350 100644 --- a/krebs/3modules/airdcpp.nix +++ b/krebs/3modules/airdcpp.nix @@ -268,6 +268,7 @@ let uid = genid "airdcpp"; home = cfg.stateDir; createHome = true; + isSystemUser = true; inherit (cfg) extraGroups; }; groups.airdcpp.gid = genid "airdcpp"; diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index ffa9a29e9..051646b63 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -146,6 +146,7 @@ let uid = genid_uint31 "bepasty"; group = "bepasty"; home = "/var/lib/bepasty-server"; + isSystemUser = true; }; users.extraGroups.bepasty = { gid = genid_uint31 "bepasty"; diff --git a/krebs/3modules/brockman.nix b/krebs/3modules/brockman.nix index 9b2ed4a71..7a78880ea 100644 --- a/krebs/3modules/brockman.nix +++ b/krebs/3modules/brockman.nix @@ -12,7 +12,7 @@ in { users.extraUsers.brockman = { home = "/var/lib/brockman"; createHome = true; - isNormalUser = false; + isSystemUser = true; uid = genid_uint31 "brockman"; }; diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index 8995753ac..a845bb281 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -322,6 +322,7 @@ let description = "Buildbot Master"; home = cfg.workDir; createHome = false; + isSystemUser = true; }; users.extraGroups.buildbotMaster = { diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix index c15169fba..d877b9911 100644 --- a/krebs/3modules/buildbot/slave.nix +++ b/krebs/3modules/buildbot/slave.nix @@ -131,6 +131,7 @@ let description = "Buildbot Slave"; home = cfg.workDir; createHome = false; + isSystemUser = true; }; users.extraGroups.buildbotSlave = { diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix index 83d88cb0d..972c7f437 100644 --- a/krebs/3modules/exim.nix +++ b/krebs/3modules/exim.nix @@ -78,6 +78,7 @@ in { inherit (cfg.user) home name uid; createHome = true; group = cfg.group.name; + isSystemUser = true; }; }; }; diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 7a2075702..31cd9e2c3 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -563,6 +563,58 @@ in { }; }; }; + nxnx = { + owner = config.krebs.users.rtjure; + nets = { + retiolum = { + ip4.addr = "10.243.122.126"; + aliases = [ + "nxnx.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA2JWNe54YaFM+flK3LlPwgOSgVRmZi+e+Qhc6uJYIxkQcAvJKpKJQ + 1M4h7OE7eiJLdDp/aGaHe4BuII15/0lFJwYf1Zt8E1zN54QtwuELkDgOhgkhgvVb + tO+maHh10xsQMFlhpUztEk8oQuBu5toC795nKY7lBR2o6V2dPbbVo1+qr7qArOWo + cBlshRhEDjuzJUMHLlUGu43/miWeDewAq4O7U/nNNEz/v8KbESqP9HtTjelAeWz6 + zGha8hSn+Snkt76kP15drgn1L8MMFvnm5EeJ5VkehnpOi8Vi9Yqln+VGwlvbhEdK + ST0gxNBKoSvLITS1P/ypfiEXARUOffgq+kLA2Hyet0DfBjCMD+WkTBlj1QyXLs10 + 3/xBntlOQqBcLIdpi/yRs7miyQlyblqsyiQOCukIvibdHB1RLdVBhUE3A7hgw4R+ + +3ug/mQR+fDOpNB/sOkorcTVgA04KENUHc+6OqA0dvoAYr8l7N4+az3AtyHDNr5x + 4otjxOq4fmu80sbm5Ry9SoNYMc4fOuWIZDHZ/ntDKqzHw3BaNB9vNkpKj22nArI4 + cwAMPPJMJJ+Ef7tIzZ+NKtPudqztoLa5AYNllV7K9gS6NG0Yzk6iIQ42bKgfsZFn + 9AkCdv8EycNIAIbBomPv2XIKYlKs3RfWEjRcSl3TQl4b3bilCicgnLECAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + nxnv = { + owner = config.krebs.users.rtjure; + nets = { + retiolum = { + ip4.addr = "10.243.122.127"; + aliases = [ + "nxnv.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxEs92W/wRl3wlB6fNS2KUS+ubFAPLkgQYhk4JXeEeTpUq1H27oxB + ZWgWOlLMqnvn3w+aHQviWWPl5F6jXCxDOWCwyLhZU4cs45+ub9KKezCeE8IN+gAt + NKDqmRFzao9EXoT7sR65BblqEUR/Aqpykv7n4JdL5pGDbw1GGJ6Xf5QZo2sYm4wp + wdqOROn/V2Sm8NgmD1K6Sa2i6BLHSvHqunI4qoTyMfGXl8sbw6I2iclpQy8td9bt + 1WA7F9kVTZdhaWgfpiZ8sKQ9LoFKoy6jnoppQcl/E8V2XNnjPy8obaLX9rTJ/deT + eW9qmfZeYiFSaDLLWEIZjhaU2l9z72oWyUW8w8GZQD+ypGi+UDMkbAhRHiaVGOZy + S7AodiEL2Ebzj6XJaNYC3LYm5R8U6XlvcHwn4FDtgKkqwXz08cZsPwQLoBjXUEi/ + 9/A5WEwrmp62TJ/ZRcRwV8/dBklrc/4FT0q0CiMuCWcbjF891d68TvcXlVU3gCwN + ld80CS17o2dOsBBW4nft7+9tL545p7mMjw6Oa4kRUTo2n1mYkMdTGZR+tOCD6hvW + 45IG7vGq5EnRwolekGoMRf8RthajU2RXcIoNWnVon0so0Rja+AU9G7dobd/2qila + jta1Mou2vzUSAbdwXtBwJHlV9882p1utMlU9XVEZwQXfWSt488tQqzsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; ada = { owner = config.krebs.users.filly; nets = { diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index e89b86e32..852c8f630 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -57,6 +57,7 @@ let description = "fetchWallpaper user"; home = cfg.stateDir; createHome = true; + isSystemUser = true; }; systemd.timers.fetchWallpaper = { diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 4eb881341..d31d91b7c 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -366,6 +366,7 @@ let # To allow running cgit-clear-cache via hooks. cfg.cgit.fcgiwrap.group.name ]; + isSystemUser = true; shell = "/bin/sh"; openssh.authorizedKeys.keys = unique @@ -384,6 +385,7 @@ let users.${cfg.cgit.fcgiwrap.user.name} = { inherit (cfg.cgit.fcgiwrap.user) home name uid; group = cfg.cgit.fcgiwrap.group.name; + isSystemUser = true; }; }; diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index 7d618ebfd..d385ec355 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -65,6 +65,7 @@ let users.users.${user.name} = { inherit (user) uid; home = cfg.dataDir; + isSystemUser = true; }; }; diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix index 70c4fcd2b..063bccc68 100644 --- a/krebs/3modules/htgen.nix +++ b/krebs/3modules/htgen.nix @@ -66,6 +66,7 @@ let nameValuePair htgen.user.name { inherit (htgen.user) home name uid; createHome = true; + isSystemUser = true; } ) cfg; diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index 86b74a8ca..76f333963 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -60,6 +60,7 @@ let uid = genid "realwallpaper"; home = cfg.workingDir; createHome = true; + isSystemUser = true; }; }; diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 4252c8d3b..a8a78a43e 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -236,6 +236,7 @@ let nameValuePair "${netname}" { inherit (cfg.user) home name uid; createHome = true; + isSystemUser = true; } ) config.krebs.tinc; diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index 33a24871f..19cce8aa4 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -127,6 +127,7 @@ let users.extraUsers.tinc_graphs = { uid = genid_uint31 "tinc_graphs"; home = "/var/spool/tinc_graphs"; + isSystemUser = true; }; services.nginx = mkIf cfg.nginx.enable { enable = mkDefault true; diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix index 0b7a71db5..6a159a5b2 100644 --- a/krebs/3modules/urlwatch.nix +++ b/krebs/3modules/urlwatch.nix @@ -193,6 +193,7 @@ let inherit (user) uid; home = cfg.dataDir; createHome = true; + isSystemUser = true; }; }; diff --git a/krebs/5pkgs/override/default.nix b/krebs/5pkgs/override/default.nix index 926e9dccd..4cb6a1cb4 100644 --- a/krebs/5pkgs/override/default.nix +++ b/krebs/5pkgs/override/default.nix @@ -11,44 +11,14 @@ self: super: { }); flameshot = super.flameshot.overrideAttrs (old: rec { - patches = old.patches or [] ++ [ - (self.writeText "flameshot-imgur.patch" /* diff */ '' ---- a/src/tools/imgur/imguruploader.cpp -+++ b/src/tools/imgur/imguruploader.cpp -@@ -40,6 +40,7 @@ - #include <QTimer> - #include <QJsonDocument> - #include <QJsonObject> -+#include <stdlib.h> - - ImgurUploader::ImgurUploader(const QPixmap &capture, QWidget *parent) : - QWidget(parent), m_pixmap(capture) -@@ -74,7 +75,10 @@ void ImgurUploader::handleReply(QNetworkReply *reply) { - QJsonObject json = response.object(); - QJsonObject data = json["data"].toObject(); - m_imageURL.setUrl(data["link"].toString()); -- m_deleteImageURL.setUrl(QString("https://imgur.com/delete/%1").arg( -+ char *deleteImageURLPattern = secure_getenv("IMGUR_DELETE_URL"); -+ if (deleteImageURLPattern == NULL) -+ deleteImageURLPattern = "https://imgur.com/delete/%1"; -+ m_deleteImageURL.setUrl(QString(deleteImageURLPattern).arg( - data["deletehash"].toString())); - onUploadOk(); - } else { -@@ -105,7 +109,10 @@ void ImgurUploader::upload() { - QString description = FileNameHandler().parsedPattern(); - urlQuery.addQueryItem("description", description); - -- QUrl url("https://api.imgur.com/3/image"); -+ char *createImageURLPattern = secure_getenv("IMGUR_CREATE_URL"); -+ if (createImageURLPattern == NULL) -+ createImageURLPattern = "https://api.imgur.com/3/image"; -+ QUrl url(createImageURLPattern); - url.setQuery(urlQuery); - QNetworkRequest request(url); - request.setHeader(QNetworkRequest::ContentTypeHeader, - '') - ]; + patches = old.patches or [] ++ { + "0.6.0" = [ + ./flameshot/flameshot_imgur_0.6.0.patch + ]; + "0.9.0" = [ + ./flameshot/flameshot_imgur_0.9.0.patch + ]; + }.${old.version}; }); # https://github.com/proot-me/PRoot/issues/106 diff --git a/krebs/5pkgs/override/flameshot/flameshot_imgur_0.6.0.patch b/krebs/5pkgs/override/flameshot/flameshot_imgur_0.6.0.patch new file mode 100644 index 000000000..92023554a --- /dev/null +++ b/krebs/5pkgs/override/flameshot/flameshot_imgur_0.6.0.patch @@ -0,0 +1,34 @@ +--- a/src/tools/imgur/imguruploader.cpp ++++ b/src/tools/imgur/imguruploader.cpp +@@ -40,6 +40,7 @@ + #include <QTimer> + #include <QJsonDocument> + #include <QJsonObject> ++#include <stdlib.h> + + ImgurUploader::ImgurUploader(const QPixmap &capture, QWidget *parent) : + QWidget(parent), m_pixmap(capture) +@@ -74,7 +75,10 @@ void ImgurUploader::handleReply(QNetworkReply *reply) { + QJsonObject json = response.object(); + QJsonObject data = json["data"].toObject(); + m_imageURL.setUrl(data["link"].toString()); +- m_deleteImageURL.setUrl(QString("https://imgur.com/delete/%1").arg( ++ char *deleteImageURLPattern = secure_getenv("IMGUR_DELETE_URL"); ++ if (deleteImageURLPattern == NULL) ++ deleteImageURLPattern = "https://imgur.com/delete/%1"; ++ m_deleteImageURL.setUrl(QString(deleteImageURLPattern).arg( + data["deletehash"].toString())); + onUploadOk(); + } else { +@@ -105,7 +109,10 @@ void ImgurUploader::upload() { + QString description = FileNameHandler().parsedPattern(); + urlQuery.addQueryItem("description", description); + +- QUrl url("https://api.imgur.com/3/image"); ++ char *createImageURLPattern = secure_getenv("IMGUR_CREATE_URL"); ++ if (createImageURLPattern == NULL) ++ createImageURLPattern = "https://api.imgur.com/3/image"; ++ QUrl url(createImageURLPattern); + url.setQuery(urlQuery); + QNetworkRequest request(url); + request.setHeader(QNetworkRequest::ContentTypeHeader, diff --git a/krebs/5pkgs/override/flameshot/flameshot_imgur_0.9.0.patch b/krebs/5pkgs/override/flameshot/flameshot_imgur_0.9.0.patch new file mode 100644 index 000000000..c4c0bf38a --- /dev/null +++ b/krebs/5pkgs/override/flameshot/flameshot_imgur_0.9.0.patch @@ -0,0 +1,35 @@ +--- a/src/tools/imgur/imguruploader.cpp ++++ b/src/tools/imgur/imguruploader.cpp +@@ -31,6 +31,7 @@ + #include <QTimer> + #include <QUrlQuery> + #include <QVBoxLayout> ++#include <stdlib.h> + + ImgurUploader::ImgurUploader(const QPixmap& captu |