summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2022-06-07 00:17:23 +0200
committermakefu <github@syntax-fehler.de>2022-06-07 00:17:23 +0200
commit9c1799914a2e6f2dc736fe2eaad7134602a3d837 (patch)
tree08347f7f29bc00c3b40be2a49e069268c0163716 /krebs
parent1e405be047a79e1abd0c28e52b5009b9675909b8 (diff)
parentbdc80e55411e197f89990e988f8b7e67c084d3d3 (diff)
Merge remote-tracking branch 'lass/master' into 22.05
Diffstat (limited to 'krebs')
-rw-r--r--krebs/2configs/container-networking.nix2
-rw-r--r--krebs/2configs/matterbridge.nix9
-rw-r--r--krebs/2configs/news.nix2
-rw-r--r--krebs/2configs/reaktor2.nix1
-rw-r--r--krebs/2configs/security-workarounds.nix2
-rw-r--r--krebs/3modules/acl.nix19
-rw-r--r--krebs/3modules/krebs/default.nix1
-rw-r--r--krebs/5pkgs/haskell/brockman/default.nix6
-rw-r--r--krebs/5pkgs/haskell/reaktor2/default.nix8
-rw-r--r--krebs/5pkgs/simple/realwallpaper/default.nix2
-rw-r--r--krebs/5pkgs/simple/weechat-declarative/default.nix85
-rw-r--r--krebs/nixpkgs-unstable.json8
-rw-r--r--krebs/nixpkgs.json8
-rwxr-xr-xkrebs/update-nixpkgs.sh2
14 files changed, 82 insertions, 73 deletions
diff --git a/krebs/2configs/container-networking.nix b/krebs/2configs/container-networking.nix
index fa4488800..bf3fe711e 100644
--- a/krebs/2configs/container-networking.nix
+++ b/krebs/2configs/container-networking.nix
@@ -1,7 +1,7 @@
{ lib, ... }:
{
networking.nat.enable = true;
- networking.nat.internalInterfaces = ["ve-+"];
+ networking.nat.internalInterfaces = ["ve-+" "ctr+" ];
networking.nat.externalInterface = lib.mkDefault "et0";
networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
}
diff --git a/krebs/2configs/matterbridge.nix b/krebs/2configs/matterbridge.nix
index 9c0908def..a68aa292c 100644
--- a/krebs/2configs/matterbridge.nix
+++ b/krebs/2configs/matterbridge.nix
@@ -19,11 +19,6 @@
inherit Nick;
};
};
- mumble.lassulus = {
- Server = "lassul.us:64738";
- Nick = "krebs_bridge";
- SkipTLSVerify = true;
- };
gateway = [
{
name = "krebs-bridge";
@@ -37,10 +32,6 @@
account = "telegram.krebs";
channel = "-330372458";
}
- {
- account = "mumble.lassulus";
- channel = 6; # "nixos"
- }
];
}
];
diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
index 1f966bf24..9e2cec10a 100644
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@@ -164,7 +164,7 @@
if [ ''${#youtube_url} -eq 24 ]; then
youtube_id=$youtube_url
else
- youtube_id=$(${pkgs.youtube-dl}/bin/youtube-dl --max-downloads 1 -j "$youtube_url" | ${pkgs.jq}/bin/jq -r '.channel_id')
+ youtube_id=$(${pkgs.yt-dlp}/bin/yt-dlp --max-downloads 1 -j "$youtube_url" | ${pkgs.jq}/bin/jq -r '.channel_id')
fi
echo "brockman: add yt_$youtube_nick http://rss.r/?action=display&bridge=Youtube&context=By+channel+id&c=$youtube_id&duration_min=&duration_max=&format=Mrss"
'';
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix
index 305d31405..205cc96f4 100644
--- a/krebs/2configs/reaktor2.nix
+++ b/krebs/2configs/reaktor2.nix
@@ -148,6 +148,7 @@ in {
services.nginx = {
virtualHosts."agenda.r" = {
+ serverAliases = [ "kri.r" ];
locations."= /index.html".extraConfig = ''
alias ${pkgs.writeText "agenda.html" ''
<!DOCTYPE html>
diff --git a/krebs/2configs/security-workarounds.nix b/krebs/2configs/security-workarounds.nix
index 0743f2b49..b1a492f51 100644
--- a/krebs/2configs/security-workarounds.nix
+++ b/krebs/2configs/security-workarounds.nix
@@ -1,6 +1,4 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
- # https://github.com/Lassulus/CVE-2021-4034
- security.wrappers.pkexec.source = lib.mkForce (pkgs.writeText "pkexec" "");
}
diff --git a/krebs/3modules/acl.nix b/krebs/3modules/acl.nix
index 9cdbb6cff..d23706499 100644
--- a/krebs/3modules/acl.nix
+++ b/krebs/3modules/acl.nix
@@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }: let
parents = dir:
if dir == "/" then
- [ dir ]
+ []
else
[ dir ] ++ parents (builtins.dirOf dir)
;
@@ -40,13 +40,16 @@ in {
pkgs.coreutils
];
serviceConfig = {
- ExecStart = pkgs.writers.writeDash "acl" (lib.concatStrings (
- lib.mapAttrsToList (_: rule: ''
- setfacl -${lib.optionalString rule.recursive "R"}m ${rule.rule} ${path}
- ${lib.optionalString rule.default "setfacl -${lib.optionalString rule.recursive "R"}dm ${rule.rule} ${path}"}
- ${lib.optionalString rule.parents (lib.concatMapStringsSep "\n" (folder: "setfacl -m ${rule.rule} ${folder}") (parents path))}
- '') rules
- ));
+ ExecStart = pkgs.writers.writeDash "acl" ''
+ mkdir -p "${path}"
+ ${lib.concatStrings (
+ lib.mapAttrsToList (_: rule: ''
+ setfacl -${lib.optionalString rule.recursive "R"}m ${rule.rule} ${path}
+ ${lib.optionalString rule.default "setfacl -${lib.optionalString rule.recursive "R"}dm ${rule.rule} ${path}"}
+ ${lib.optionalString rule.parents (lib.concatMapStringsSep "\n" (folder: "setfacl -m ${rule.rule} ${folder}") (parents (builtins.dirOf path)))}
+ '') rules
+ )}
+ '';
RemainAfterExit = true;
Type = "simple";
};
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index d58f0fbaa..854176f0b 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -74,6 +74,7 @@ in {
aliases = [
"hotdog.r"
"agenda.r"
+ "kri.r"
"build.r"
"build.hotdog.r"
"ca.r"
diff --git a/krebs/5pkgs/haskell/brockman/default.nix b/krebs/5pkgs/haskell/brockman/default.nix
index 8a2311a2e..6a0c7f9df 100644
--- a/krebs/5pkgs/haskell/brockman/default.nix
+++ b/krebs/5pkgs/haskell/brockman/default.nix
@@ -7,19 +7,19 @@
}:
mkDerivation rec {
pname = "brockman";
- version = "4.0.3";
+ version = "4.0.4";
src = fetchFromGitHub {
owner = "kmein";
repo = "brockman";
rev = version;
- sha256 = "sha256-rjwroSG9ys0FV2JM70kzmCutMVpUTx8cQ+jQq8Hw1kw=";
+ sha256 = "sha256-GOEEUjehFgMMf6cNpi0AP/Rz74sTDEcpKRbLD+6YEz0=";
};
isLibrary = false;
isExecutable = true;
executableHaskellDepends = [
aeson aeson-pretty base bytestring case-insensitive conduit
containers directory feed filepath hashable hslogger html-entity
- http-client irc-conduit lens lrucache lrucaching network
+ http-client irc-conduit lens lrucache network
optparse-applicative random safe text time timerep wreq
];
license = lib.licenses.mit;
diff --git a/krebs/5pkgs/haskell/reaktor2/default.nix b/krebs/5pkgs/haskell/reaktor2/default.nix
index d41d8d818..9ff2bd883 100644
--- a/krebs/5pkgs/haskell/reaktor2/default.nix
+++ b/krebs/5pkgs/haskell/reaktor2/default.nix
@@ -8,11 +8,11 @@
}:
mkDerivation rec {
pname = "reaktor2";
- version = "0.4.0";
+ version = "0.4.0a";
src = fetchgit {
- url = "https://cgit.krebsco.de/reaktor2";
- sha256 = "0bnn23hjl57y0a5rf3h8kq078dziby7il7fandz5wh6s4i3psicp";
- rev = "v${version}";
+ url = "https://cgit.lassul.us/reaktor2";
+ sha256 = "sha256-x1i2TWcycYVFij6832xaBiQa1RQ1VmSfu5Qt1QrUtds=";
+ rev = "6d3eb6de5e770ee26874bb7449934f0c55bd1efa";
fetchSubmodules = true;
};
isLibrary = false;
diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix
index 2fbc7ff86..832e47f26 100644
--- a/krebs/5pkgs/simple/realwallpaper/default.nix
+++ b/krebs/5pkgs/simple/realwallpaper/default.nix
@@ -122,7 +122,7 @@ pkgs.writers.writeDashBin "generate-wallpaper" ''
'https://neo.sci.gsfc.nasa.gov/view.php?datasetId=MOD14A1_E_FIRE') &
# regular fetches
- fetch marker.json.tmp "$marker_url"
+ fetch marker.json.tmp "$marker_url" || :
if [ -s marker.json.tmp ]; then
mv marker.json.tmp marker.json
fi
diff --git a/krebs/5pkgs/simple/weechat-declarative/default.nix b/krebs/5pkgs/simple/weechat-declarative/default.nix
index e6ecfd631..5f9c8635b 100644
--- a/krebs/5pkgs/simple/weechat-declarative/default.nix
+++ b/krebs/5pkgs/simple/weechat-declarative/default.nix
@@ -109,45 +109,60 @@ let
};
};
+ setFile = pkgs.writeText "weechat.set" (
+ lib.optionalString (cfg.settings != {})
+ (lib.concatStringsSep "\n" (
+ lib.optionals
+ (cfg.settings.irc or {} != {})
+ (lib.mapAttrsToList
+ (name: server: "/server add ${name} ${lib.toWeechatValue server.addresses}")
+ cfg.settings.irc.server)
+ ++
+ lib.optionals
+ (cfg.settings.matrix or {} != {})
+ (lib.mapAttrsToList
+ (name: server: "/matrix server add ${name} ${server.address}")
+ cfg.settings.matrix.server)
+ ++
+ lib.mapAttrsToList lib.setCommand (lib.attrPathsSep "." cfg.settings)
+ ++
+ lib.optionals
+ (cfg.settings.filters or {} != {})
+ (lib.mapAttrsToList lib.filterAddreplace cfg.settings.filters)
+ ++
+ lib.singleton cfg.extraCommands
+ ))
+ );
+
weechat = pkgs.weechat.override {
configure = _: {
- init = lib.optionalString (cfg.settings != {})
- (lib.concatStringsSep "\n" (
- lib.optionals
- (cfg.settings.irc or {} != {})
- (lib.mapAttrsToList
- (name: server: "/server add ${name} ${server.address}")
- cfg.settings.irc.server)
- ++
- lib.optionals
- (cfg.settings.matrix or {} != {})
- (lib.mapAttrsToList
- (name: server: "/matrix server add ${name} ${server.address}")
- cfg.settings.matrix.server)
- ++
- lib.mapAttrsToList lib.setCommand (lib.attrPathsSep "." cfg.settings)
- ++
- lib.optionals
- (cfg.settings.filters or {} != {})
- (lib.mapAttrsToList lib.filterAddreplace cfg.settings.filters)
- ++
- lib.singleton cfg.extraCommands
- ));
+ init = "/exec -oc cat ${setFile}";
scripts = cfg.scripts;
};
};
-in pkgs.writers.writeDashBin "weechat" ''
- CONFDIR=''${XDG_CONFIG_HOME:-$HOME/.config}/weechat
- ${pkgs.coreutils}/bin/mkdir -p "$CONFDIR"
- ${lib.concatStringsSep "\n"
- (lib.mapAttrsToList
- (name: target: /* sh */ ''
- ${pkgs.coreutils}/bin/ln -s ${lib.escapeShellArg target} "$CONFDIR"/${lib.escapeShellArg name}
- '')
- cfg.files
- )
- }
- exec ${weechat}/bin/weechat "$@"
-''
+ wrapper = pkgs.writers.writeDashBin "weechat" ''
+ CONFDIR=''${XDG_CONFIG_HOME:-$HOME/.config}/weechat
+ ${pkgs.coreutils}/bin/mkdir -p "$CONFDIR"
+ ${lib.concatStringsSep "\n"
+ (lib.mapAttrsToList
+ (name: target: /* sh */ ''
+ ${pkgs.coreutils}/bin/ln -s ${lib.escapeShellArg target} "$CONFDIR"/${lib.escapeShellArg name}
+ '')
+ cfg.files
+ )
+ }
+ exec ${weechat}/bin/weechat "$@"
+ '';
+
+in pkgs.symlinkJoin {
+ name = "weechat-configured";
+ paths = [
+ wrapper
+ pkgs.weechat
+ ];
+ postBuild = ''
+ ln -s ${setFile} $out/weechat.set
+ '';
+}
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index 30be112d1..49d65160d 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "2a3aac479caeba0a65b2ad755fe5f284f1fde74d",
- "date": "2022-05-09T07:45:23+00:00",
- "path": "/nix/store/56hy8l0ky71qdx5zibjzzg0q8ivkk7vc-nixpkgs",
- "sha256": "0px2fk64s56qxd8ir8xg8bsj5yz1w399ps4xfkyx29n2ywp9ar7c",
+ "rev": "5ce6597eca7d7b518c03ecda57d45f9404b5e060",
+ "date": "2022-05-24T17:55:48+02:00",
+ "path": "/nix/store/glvcj0zmqq9z5wf6bppnppbpf8w85iwf-nixpkgs",
+ "sha256": "1hs1lnnbp1dky3nfp7xlricpp5c63sr46jyrnvykci8bl8jnxnl3",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 970ffa20a..3e20b2a87 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "fd3e33d696b81e76b30160dfad2efb7ac1f19879",
- "date": "2022-04-30T11:27:15+02:00",
- "path": "/nix/store/4n9dqxd8j90h0j99n8pyim6n5q1zviwg-nixpkgs",
- "sha256": "1liw3glyv1cx0bxgxnq2yjp0ismg0np2ycg72rqghv75qb73zf9h",
+ "rev": "d1086907f56c5a6c33c0c2e8dc9f42ef6988294f",
+ "date": "2022-05-28T12:29:49+02:00",
+ "path": "/nix/store/56gsa390lyiik6jdapnj98a2ww8af8ig-nixpkgs",
+ "sha256": "009dc0njvdn5pzcyd8bp4sc9byf70w4msdkv6q2zfdlnh36im1jl",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
diff --git a/krebs/update-nixpkgs.sh b/krebs/update-nixpkgs.sh
index bc421a75f..59dbd91b5 100755
--- a/krebs/update-nixpkgs.sh
+++ b/krebs/update-nixpkgs.sh
@@ -3,7 +3,7 @@ dir=$(dirname $0)
oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
--url https://github.com/NixOS/nixpkgs \
- --rev refs/heads/nixos-21.11' \
+ --rev refs/heads/nixos-22.05' \
> $dir/nixpkgs.json
newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev"