summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--kartei/makefu/default.nix6
-rw-r--r--kartei/makefu/wiregrill/telex.pub1
-rw-r--r--krebs/1systems/puyak/config.nix3
-rw-r--r--krebs/2configs/shack/prometheus/alertmanager-telegram.nix17
-rw-r--r--krebs/5pkgs/simple/passwdqc-utils/default.nix10
-rw-r--r--makefu/2configs/bgt/download.binaergewitter.de.nix17
-rw-r--r--makefu/2configs/default.nix2
-rw-r--r--makefu/2configs/gui/look-up.nix7
-rw-r--r--makefu/2configs/security/hotfix.nix4
-rw-r--r--makefu/5pkgs/pkgrename/default.nix6
-rw-r--r--makefu/5pkgs/ratt/default.nix2
-rw-r--r--makefu/krops.nix6
12 files changed, 35 insertions, 46 deletions
diff --git a/kartei/makefu/default.nix b/kartei/makefu/default.nix
index f9997b2d2..ecb834bbf 100644
--- a/kartei/makefu/default.nix
+++ b/kartei/makefu/default.nix
@@ -151,6 +151,12 @@ in {
};
};
};
+ # pixel3a
+ telex.nets.wiregrill = {
+ aliases = ["telex.w"];
+ ip6.addr = (krebs.genipv6 "wiregrill" "makefu" { hostName = "telex"; }).address;
+ };
+
latte = rec {
ci = true;
extraZones = {
diff --git a/kartei/makefu/wiregrill/telex.pub b/kartei/makefu/wiregrill/telex.pub
new file mode 100644
index 000000000..12a42177e
--- /dev/null
+++ b/kartei/makefu/wiregrill/telex.pub
@@ -0,0 +1 @@
+T7Cr80dBbtPFCPdz4OS7whDlQJzn2Orclq5rLVtD+Ds=
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index f4bd472a4..033cb94d1 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -110,7 +110,8 @@
<stockholm/krebs/2configs/shack/prometheus/server.nix>
<stockholm/krebs/2configs/shack/prometheus/blackbox.nix>
#<stockholm/krebs/2configs/shack/prometheus/unifi.nix>
- <stockholm/krebs/2configs/shack/prometheus/alertmanager-telegram.nix>
+ # TODO: alertmanager 0.24+ supports telegram
+ # <stockholm/krebs/2configs/shack/prometheus/alertmanager-telegram.nix>
];
krebs.build.host = config.krebs.hosts.puyak;
diff --git a/krebs/2configs/shack/prometheus/alertmanager-telegram.nix b/krebs/2configs/shack/prometheus/alertmanager-telegram.nix
deleted file mode 100644
index 8527001cb..000000000
--- a/krebs/2configs/shack/prometheus/alertmanager-telegram.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ pkgs, ...}:
-{
- systemd.services.alertmanager-bot-telegram = {
- wantedBy = [ "multi-user.target" ];
- after = [ "ip-up.target" ];
- serviceConfig = {
- EnvironmentFile = toString <secrets/shack/telegram_bot.env>;
- DynamicUser = true;
- StateDirectory = "alertbot";
- ExecStart = ''${pkgs.alertmanager-bot-telegram}/bin/alertmanager-bot \
- --alertmanager.url=http://alert.prometheus.shack --log.level=info \
- --store=bolt --bolt.path=/var/lib/alertbot/bot.db \
- --listen.addr="0.0.0.0:16320" \
- --template.paths=${./templates}/shack.tmpl'';
- };
- };
-}
diff --git a/krebs/5pkgs/simple/passwdqc-utils/default.nix b/krebs/5pkgs/simple/passwdqc-utils/default.nix
index c6f866e56..1def3167c 100644
--- a/krebs/5pkgs/simple/passwdqc-utils/default.nix
+++ b/krebs/5pkgs/simple/passwdqc-utils/default.nix
@@ -1,17 +1,17 @@
{ fetchurl, lib, stdenv
, libxcrypt
-, pam
+, linux-pam
, wordset-file ? null, # set your own wordset-file
}:
stdenv.mkDerivation rec {
- name = "passwdqc-utils-${version}";
- version = "1.3.0";
- buildInputs = [ libxcrypt pam ];
+ pname = "passwdqc-utils";
+ version = "2.0.2";
+ buildInputs = [ libxcrypt linux-pam ];
src = fetchurl {
url = "http://www.openwall.com/passwdqc/passwdqc-${version}.tar.gz";
- sha256 = "0l3zbrp4pvah0dz33m48aqlz9nx663cc1fqhnlwr0p853b10la93";
+ hash = "sha256-/x9QV2TAIPakSEseDMT9vy4/cbUikm2QtHCRBMoGBKs=";
};
buildTargets = "utils";
diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix
index d49ad158b..31da31a71 100644
--- a/makefu/2configs/bgt/download.binaergewitter.de.nix
+++ b/makefu/2configs/bgt/download.binaergewitter.de.nix
@@ -43,16 +43,13 @@ in {
services.logrotate = {
enable = true;
- config = ''
- ${bgtaccess} ${bgterror} {
- rotate 5
- weekly
- create 600 nginx nginx
- postrotate
- ${pkgs.systemd}/bin/systemctl reload nginx
- endscript
- }
- '';
+ settings.bgt = {
+ files = [ bgtaccess bgterror ];
+ rotate = 5;
+ frequency = "weekly";
+ create = "600 nginx nginx";
+ postrotate = "${pkgs.systemd}/bin/systemctl reload nginx";
+ };
};
# 20.09 unharden nginx to write logs
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 66c77e1eb..9a08a4497 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -11,7 +11,7 @@ with import <stockholm/lib>;
./editor/vim.nix
./binary-cache/nixos.nix
./minimal.nix
- ./security/hotfix.nix
+ # ./security/hotfix.nix
];
# users are super important
diff --git a/makefu/2configs/gui/look-up.nix b/makefu/2configs/gui/look-up.nix
index d27f5cff7..e04098cc2 100644
--- a/makefu/2configs/gui/look-up.nix
+++ b/makefu/2configs/gui/look-up.nix
@@ -1,4 +1,9 @@
-{
+{pkgs, config, ... }:
+let
+ user = config.krebs.build.user.name;
+ window-manager = "awesome";
+in
+ {
systemd.services.look-up = {
startAt = "*:30";
serviceConfig = {
diff --git a/makefu/2configs/security/hotfix.nix b/makefu/2configs/security/hotfix.nix
deleted file mode 100644
index fc52f21e6..000000000
--- a/makefu/2configs/security/hotfix.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-{ pkgs, lib,... }: {
- # https://github.com/berdav/CVE-2021-4034
- security.wrappers.pkexec.source = lib.mkForce (pkgs.writeText "pkexec" "");
-}
diff --git a/makefu/5pkgs/pkgrename/default.nix b/makefu/5pkgs/pkgrename/default.nix
index 5eeb161e7..c0944b03c 100644
--- a/makefu/5pkgs/pkgrename/default.nix
+++ b/makefu/5pkgs/pkgrename/default.nix
@@ -2,19 +2,19 @@
}:
stdenv.mkDerivation rec {
name = "pkgrename";
- version = "1.03";
+ version = "1.05";
src = fetchFromGitHub {
owner = "hippie68";
repo = "pkgrename";
- rev = "c3e5c47ed9367273bd09577af46d3d9bf87b2a50";
+ rev = "c7c95f0ea49324433db4a7df8db8b0905198e62e";
sha256 = "0cphxdpj04h1i0qf5mji3xqdsbyilvd5b4gwp4vx914r6k5f0xf3";
};
buildInputs = [ curl.dev ];
buildPhase = ''
cd pkgrename.c
- gcc pkgrename.c src/*.c -o pkgrename -lcurl -s -O1 $(curl-config --cflags --libs)
+ $CC pkgrename.c src/*.c -o pkgrename -s -O3 $(curl-config --cflags --libs) -Wl,--allow-multiple-definition
'';
installPhase = ''
install -D pkgrename $out/bin/pkgrename
diff --git a/makefu/5pkgs/ratt/default.nix b/makefu/5pkgs/ratt/default.nix
index 0ad94c55e..575a33f2b 100644
--- a/makefu/5pkgs/ratt/default.nix
+++ b/makefu/5pkgs/ratt/default.nix
@@ -11,7 +11,7 @@ buildGoModule rec {
};
proxyVendor = true;
- vendorSha256 = "sha256-AOtWR7Ew+0I7+TrMZOCxOKGCv+mlvcqy9s+gX2JKwnE=";
+ vendorSha256 = "sha256-tCSwyusVstEkz2pXYGX5JmS+VgqErSPtnh4LomaaFcE=";
# tests try to access the internet to scrape websites
doCheck = false;
diff --git a/makefu/krops.nix b/makefu/krops.nix
index d907c8e36..94677609e 100644
--- a/makefu/krops.nix
+++ b/makefu/krops.nix
@@ -75,20 +75,20 @@
(lib.mkIf ( host-src.hw ) {
nixos-hardware.git = {
url = https://github.com/nixos/nixos-hardware.git;
- ref = "12620020f76b1b5d2b0e6fbbda831ed4f5fe56e1";
+ ref = "9d87bc030a0bf3f00e953dbf095a7d8e852dab6b";
};
})
(lib.mkIf ( host-src.nix-ld ) {
nix-ld.git = {
url = https://github.com/Mic92/nix-ld.git;
- ref = "c25cc4b";
+ ref = "7d251c0c5adf6b9b003499243be257d0f130b3d6";
};
})
(lib.mkIf ( host-src.home-manager ) {
home-manager.git = {
url = https://github.com/rycee/home-manager;
- ref = "1de492f";
+ ref = "054d9e3187ca00479e8036dc0e92900a384f30fd";
};
})
];