diff options
62 files changed, 633 insertions, 314 deletions
diff --git a/.github/workflows/repo-sync.yml b/.github/workflows/repo-sync.yml index b4c91299f..5112f7e0c 100644 --- a/.github/workflows/repo-sync.yml +++ b/.github/workflows/repo-sync.yml @@ -8,7 +8,7 @@ jobs: if: github.repository_owner == 'Mic92' runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: persist-credentials: false - name: repo-sync diff --git a/krebs/2configs/container-networking.nix b/krebs/2configs/container-networking.nix index fa4488800..bf3fe711e 100644 --- a/krebs/2configs/container-networking.nix +++ b/krebs/2configs/container-networking.nix @@ -1,7 +1,7 @@ { lib, ... }: { networking.nat.enable = true; - networking.nat.internalInterfaces = ["ve-+"]; + networking.nat.internalInterfaces = ["ve-+" "ctr+" ]; networking.nat.externalInterface = lib.mkDefault "et0"; networking.networkmanager.unmanaged = [ "interface-name:ve-*" ]; } diff --git a/krebs/2configs/matterbridge.nix b/krebs/2configs/matterbridge.nix index 9c0908def..a68aa292c 100644 --- a/krebs/2configs/matterbridge.nix +++ b/krebs/2configs/matterbridge.nix @@ -19,11 +19,6 @@ inherit Nick; }; }; - mumble.lassulus = { - Server = "lassul.us:64738"; - Nick = "krebs_bridge"; - SkipTLSVerify = true; - }; gateway = [ { name = "krebs-bridge"; @@ -37,10 +32,6 @@ account = "telegram.krebs"; channel = "-330372458"; } - { - account = "mumble.lassulus"; - channel = 6; # "nixos" - } ]; } ]; diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index 1f966bf24..9e2cec10a 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -164,7 +164,7 @@ if [ ''${#youtube_url} -eq 24 ]; then youtube_id=$youtube_url else - youtube_id=$(${pkgs.youtube-dl}/bin/youtube-dl --max-downloads 1 -j "$youtube_url" | ${pkgs.jq}/bin/jq -r '.channel_id') + youtube_id=$(${pkgs.yt-dlp}/bin/yt-dlp --max-downloads 1 -j "$youtube_url" | ${pkgs.jq}/bin/jq -r '.channel_id') fi echo "brockman: add yt_$youtube_nick http://rss.r/?action=display&bridge=Youtube&context=By+channel+id&c=$youtube_id&duration_min=&duration_max=&format=Mrss" ''; diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index 305d31405..205cc96f4 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -148,6 +148,7 @@ in { services.nginx = { virtualHosts."agenda.r" = { + serverAliases = [ "kri.r" ]; locations."= /index.html".extraConfig = '' alias ${pkgs.writeText "agenda.html" '' <!DOCTYPE html> diff --git a/krebs/2configs/security-workarounds.nix b/krebs/2configs/security-workarounds.nix index 0743f2b49..b1a492f51 100644 --- a/krebs/2configs/security-workarounds.nix +++ b/krebs/2configs/security-workarounds.nix @@ -1,6 +1,4 @@ { config, lib, pkgs, ... }: with import <stockholm/lib>; { - # https://github.com/Lassulus/CVE-2021-4034 - security.wrappers.pkexec.source = lib.mkForce (pkgs.writeText "pkexec" ""); } diff --git a/krebs/3modules/acl.nix b/krebs/3modules/acl.nix index 9cdbb6cff..d23706499 100644 --- a/krebs/3modules/acl.nix +++ b/krebs/3modules/acl.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let parents = dir: if dir == "/" then - [ dir ] + [] else [ dir ] ++ parents (builtins.dirOf dir) ; @@ -40,13 +40,16 @@ in { pkgs.coreutils ]; serviceConfig = { - ExecStart = pkgs.writers.writeDash "acl" (lib.concatStrings ( - lib.mapAttrsToList (_: rule: '' - setfacl -${lib.optionalString rule.recursive "R"}m ${rule.rule} ${path} - ${lib.optionalString rule.default "setfacl -${lib.optionalString rule.recursive "R"}dm ${rule.rule} ${path}"} - ${lib.optionalString rule.parents (lib.concatMapStringsSep "\n" (folder: "setfacl -m ${rule.rule} ${folder}") (parents path))} - '') rules - )); + ExecStart = pkgs.writers.writeDash "acl" '' + mkdir -p "${path}" + ${lib.concatStrings ( + lib.mapAttrsToList (_: rule: '' + setfacl -${lib.optionalString rule.recursive "R"}m ${rule.rule} ${path} + ${lib.optionalString rule.default "setfacl -${lib.optionalString rule.recursive "R"}dm ${rule.rule} ${path}"} + ${lib.optionalString rule.parents (lib.concatMapStringsSep "\n" (folder: "setfacl -m ${rule.rule} ${folder}") (parents (builtins.dirOf path)))} + '') rules + )} + ''; RemainAfterExit = true; Type = "simple"; }; diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index d58f0fbaa..854176f0b 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -74,6 +74,7 @@ in { aliases = [ "hotdog.r" "agenda.r" + "kri.r" "build.r" "build.hotdog.r" "ca.r" diff --git a/krebs/5pkgs/haskell/brockman/default.nix b/krebs/5pkgs/haskell/brockman/default.nix index 8a2311a2e..6a0c7f9df 100644 --- a/krebs/5pkgs/haskell/brockman/default.nix +++ b/krebs/5pkgs/haskell/brockman/default.nix @@ -7,19 +7,19 @@ }: mkDerivation rec { pname = "brockman"; - version = "4.0.3"; + version = "4.0.4"; src = fetchFromGitHub { owner = "kmein"; repo = "brockman"; rev = version; - sha256 = "sha256-rjwroSG9ys0FV2JM70kzmCutMVpUTx8cQ+jQq8Hw1kw="; + sha256 = "sha256-GOEEUjehFgMMf6cNpi0AP/Rz74sTDEcpKRbLD+6YEz0="; }; isLibrary = false; isExecutable = true; executableHaskellDepends = [ aeson aeson-pretty base bytestring case-insensitive conduit containers directory feed filepath hashable hslogger html-entity - http-client irc-conduit lens lrucache lrucaching network + http-client irc-conduit lens lrucache network optparse-applicative random safe text time timerep wreq ]; license = lib.licenses.mit; diff --git a/krebs/5pkgs/haskell/reaktor2/default.nix b/krebs/5pkgs/haskell/reaktor2/default.nix index d41d8d818..9ff2bd883 100644 --- a/krebs/5pkgs/haskell/reaktor2/default.nix +++ b/krebs/5pkgs/haskell/reaktor2/default.nix @@ -8,11 +8,11 @@ }: mkDerivation rec { pname = "reaktor2"; - version = "0.4.0"; + version = "0.4.0a"; src = fetchgit { - url = "https://cgit.krebsco.de/reaktor2"; - sha256 = "0bnn23hjl57y0a5rf3h8kq078dziby7il7fandz5wh6s4i3psicp"; - rev = "v${version}"; + url = "https://cgit.lassul.us/reaktor2"; + sha256 = "sha256-x1i2TWcycYVFij6832xaBiQa1RQ1VmSfu5Qt1QrUtds="; + rev = "6d3eb6de5e770ee26874bb7449934f0c55bd1efa"; fetchSubmodules = true; }; isLibrary = false; diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix index 2fbc7ff86..832e47f26 100644 --- a/krebs/5pkgs/simple/realwallpaper/default.nix +++ b/krebs/5pkgs/simple/realwallpaper/default.nix @@ -122,7 +122,7 @@ pkgs.writers.writeDashBin "generate-wallpaper" '' 'https://neo.sci.gsfc.nasa.gov/view.php?datasetId=MOD14A1_E_FIRE') & # regular fetches - fetch marker.json.tmp "$marker_url" + fetch marker.json.tmp "$marker_url" || : if [ -s marker.json.tmp ]; then mv marker.json.tmp marker.json fi diff --git a/krebs/5pkgs/simple/weechat-declarative/default.nix b/krebs/5pkgs/simple/weechat-declarative/default.nix index e6ecfd631..5f9c8635b 100644 --- a/krebs/5pkgs/simple/weechat-declarative/default.nix +++ b/krebs/5pkgs/simple/weechat-declarative/default.nix @@ -109,45 +109,60 @@ let }; }; + setFile = pkgs.writeText "weechat.set" ( + lib.optionalString (cfg.settings != {}) + (lib.concatStringsSep "\n" ( + lib.optionals + (cfg.settings.irc or {} != {}) + (lib.mapAttrsToList + (name: server: "/server add ${name} ${lib.toWeechatValue server.addresses}") + cfg.settings.irc.server) + ++ + lib.optionals + (cfg.settings.matrix or {} != {}) + (lib.mapAttrsToList + (name: server: "/matrix server add ${name} ${server.address}") + cfg.settings.matrix.server) + ++ + lib.mapAttrsToList lib.setCommand (lib.attrPathsSep "." cfg.settings) + ++ + lib.optionals + (cfg.settings.filters or {} != {}) + (lib.mapAttrsToList lib.filterAddreplace cfg.settings.filters) + ++ + lib.singleton cfg.extraCommands + )) + ); + weechat = pkgs.weechat.override { configure = _: { - init = lib.optionalString (cfg.settings != {}) - (lib.concatStringsSep "\n" ( - lib.optionals - (cfg.settings.irc or {} != {}) - (lib.mapAttrsToList - (name: server: "/server add ${name} ${server.address}") - cfg.settings.irc.server) - ++ - lib.optionals - (cfg.settings.matrix or {} != {}) - (lib.mapAttrsToList - (name: server: "/matrix server add ${name} ${server.address}") - cfg.settings.matrix.server) - ++ - lib.mapAttrsToList lib.setCommand (lib.attrPathsSep "." cfg.settings) - ++ - lib.optionals - (cfg.settings.filters or {} != {}) - (lib.mapAttrsToList lib.filterAddreplace cfg.settings.filters) - ++ - lib.singleton cfg.extraCommands - )); + init = "/exec -oc cat ${setFile}"; scripts = cfg.scripts; }; }; -in pkgs.writers.writeDashBin "weechat" '' - CONFDIR=''${XDG_CONFIG_HOME:-$HOME/.config}/weechat - ${pkgs.coreutils}/bin/mkdir -p "$CONFDIR" - ${lib.concatStringsSep "\n" - (lib.mapAttrsToList - (name: target: /* sh */ '' - ${pkgs.coreutils}/bin/ln -s ${lib.escapeShellArg target} "$CONFDIR"/${lib.escapeShellArg name} - '') - cfg.files - ) - } - exec ${weechat}/bin/weechat "$@" -'' + wrapper = pkgs.writers.writeDashBin "weechat" '' + CONFDIR=''${XDG_CONFIG_HOME:-$HOME/.config}/weechat + ${pkgs.coreutils}/bin/mkdir -p "$CONFDIR" + ${lib.concatStringsSep "\n" + (lib.mapAttrsToList + (name: target: /* sh */ '' + ${pkgs.coreutils}/bin/ln -s ${lib.escapeShellArg target} "$CONFDIR"/${lib.escapeShellArg name} + '') + cfg.files + ) + } + exec ${weechat}/bin/weechat "$@" + ''; + +in pkgs.symlinkJoin { + name = "weechat-configured"; + paths = [ + wrapper + pkgs.weechat + ]; + postBuild = '' + ln -s ${setFile} $out/weechat.set + ''; +} diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 30be112d1..49d65160d 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "2a3aac479caeba0a65b2ad755fe5f284f1fde74d", - "date": "2022-05-09T07:45:23+00:00", - "path": "/nix/store/56hy8l0ky71qdx5zibjzzg0q8ivkk7vc-nixpkgs", - "sha256": "0px2fk64s56qxd8ir8xg8bsj5yz1w399ps4xfkyx29n2ywp9ar7c", + "rev": "5ce6597eca7d7b518c03ecda57d45f9404b5e060", + "date": "2022-05-24T17:55:48+02:00", + "path": "/nix/store/glvcj0zmqq9z5wf6bppnppbpf8w85iwf-nixpkgs", + "sha256": "1hs1lnnbp1dky3nfp7xlricpp5c63sr46jyrnvykci8bl8jnxnl3", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 970ffa20a..3e20b2a87 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "fd3e33d696b81e76b30160dfad2efb7ac1f19879", - "date": "2022-04-30T11:27:15+02:00", - "path": "/nix/store/4n9dqxd8j90h0j99n8pyim6n5q1zviwg-nixpkgs", - "sha256": "1liw3glyv1cx0bxgxnq2yjp0ismg0np2ycg72rqghv75qb73zf9h", + "rev": "d1086907f56c5a6c33c0c2e8dc9f42ef6988294f", + "date": "2022-05-28T12:29:49+02:00", + "path": "/nix/store/56gsa390lyiik6jdapnj98a2ww8af8ig-nixpkgs", + "sha256": "009dc0njvdn5pzcyd8bp4sc9byf70w4msdkv6q2zfdlnh36im1jl", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/krebs/update-nixpkgs.sh b/krebs/update-nixpkgs.sh index bc421a75f..59dbd91b5 100755 --- a/krebs/update-nixpkgs.sh +++ b/krebs/update-nixpkgs.sh @@ -3,7 +3,7 @@ dir=$(dirname $0) oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ --url https://github.com/NixOS/nixpkgs \ - --rev refs/heads/nixos-21.11' \ + --rev refs/heads/nixos-22.05' \ > $dir/nixpkgs.json newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev" diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index b08919802..d6943c110 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -43,7 +43,7 @@ with import <stockholm/lib>; libreoffice audacity zathura - skype + skypeforlinux wine geeqie vlc @@ -56,22 +56,32 @@ with import <stockholm/lib>; services.xserver.layout = "de"; } { - krebs.per-user.bitcoin.packages = [ - pkgs.electrum - pkgs.electron-cash - pkgs.litecoin - ]; - users.extraUsers = { - bitcoin = { - name = "bitcoin"; - description = "user for bitcoin stuff"; - home = "/home/bitcoin"; - isNormalUser = true; - useDefaultShell = true; - createHome = true; - extraGroups = [ "audio" ]; + users = { + groups.plugdev = {}; + users = { + bitcoin = { + name = "bitcoin"; + description = "user for bitcoin stuff"; + home = "/home/bitcoin"; + isNormalUser = true; + useDefaultShell = true; + createHome = true; + extraGroups = [ + "audio" + "networkmanager" + "plugdev" + ]; + packages = let + unstable = import <nixpkgs-unstable> { config.allowUnfree = true; }; + in [ + pkgs.electrum + pkgs.electron-cash + unstable.ledger-live-desktop + ]; + }; }; }; + hardware.ledger.enable = true; security.sudo.extraConfig = '' bubsy ALL=(bitcoin) NOPASSWD: ALL ''; diff --git a/lass/1systems/lasspi/physical.nix b/lass/1systems/lasspi/physical.nix index 80c459a95..868bafad5 100644 --- a/lass/1systems/lasspi/physical.nix +++ b/lass/1systems/lasspi/physical.nix @@ -25,7 +25,6 @@ version = 4; }; boot.loader.grub.enable = false; - boot.loader.generic-extlinux-compatible.enable = true; # Required for the Wireless firmware hardware.enableRedistributableFirmware = true; diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index d174e6057..62c6f0b71 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -124,6 +124,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/container-networking.nix> <stockholm/lass/2configs/jitsi.nix> <stockholm/lass/2configs/fysiirc.nix> + <stockholm/lass/2configs/bgt-bot> { services.tor = { enable = true; diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix index bf818a9b2..6972567d7 100644 --- a/lass/1systems/xerxes/config.nix +++ b/lass/1systems/xerxes/config.nix @@ -47,7 +47,7 @@ wantedBy = [ "multi-user.target" ]; script = '' ${pkgs.xboxdrv.overrideAttrs(o: { - patches = [ (pkgs.fetchurl { + patches = o.patches ++ [ (pkgs.fetchurl { url = "https://patch-diff.githubusercontent.com/raw/xboxdrv/xboxdrv/pull/251.patch"; |