diff options
-rw-r--r-- | kartei/makefu/default.nix | 6 | ||||
-rw-r--r-- | kartei/makefu/wiregrill/telex.pub | 1 | ||||
-rw-r--r-- | krebs/1systems/puyak/config.nix | 3 | ||||
-rw-r--r-- | krebs/2configs/shack/prometheus/alertmanager-telegram.nix | 17 | ||||
-rw-r--r-- | krebs/5pkgs/simple/passwdqc-utils/default.nix | 10 | ||||
-rw-r--r-- | makefu/2configs/bgt/download.binaergewitter.de.nix | 17 | ||||
-rw-r--r-- | makefu/2configs/default.nix | 2 | ||||
-rw-r--r-- | makefu/2configs/gui/look-up.nix | 7 | ||||
-rw-r--r-- | makefu/2configs/security/hotfix.nix | 4 | ||||
-rw-r--r-- | makefu/5pkgs/pkgrename/default.nix | 6 | ||||
-rw-r--r-- | makefu/5pkgs/ratt/default.nix | 2 | ||||
-rw-r--r-- | makefu/krops.nix | 6 |
12 files changed, 35 insertions, 46 deletions
diff --git a/kartei/makefu/default.nix b/kartei/makefu/default.nix index f9997b2d2..ecb834bbf 100644 --- a/kartei/makefu/default.nix +++ b/kartei/makefu/default.nix @@ -151,6 +151,12 @@ in { }; }; }; + # pixel3a + telex.nets.wiregrill = { + aliases = ["telex.w"]; + ip6.addr = (krebs.genipv6 "wiregrill" "makefu" { hostName = "telex"; }).address; + }; + latte = rec { ci = true; extraZones = { diff --git a/kartei/makefu/wiregrill/telex.pub b/kartei/makefu/wiregrill/telex.pub new file mode 100644 index 000000000..12a42177e --- /dev/null +++ b/kartei/makefu/wiregrill/telex.pub @@ -0,0 +1 @@ +T7Cr80dBbtPFCPdz4OS7whDlQJzn2Orclq5rLVtD+Ds= diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index f4bd472a4..033cb94d1 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -110,7 +110,8 @@ <stockholm/krebs/2configs/shack/prometheus/server.nix> <stockholm/krebs/2configs/shack/prometheus/blackbox.nix> #<stockholm/krebs/2configs/shack/prometheus/unifi.nix> - <stockholm/krebs/2configs/shack/prometheus/alertmanager-telegram.nix> + # TODO: alertmanager 0.24+ supports telegram + # <stockholm/krebs/2configs/shack/prometheus/alertmanager-telegram.nix> ]; krebs.build.host = config.krebs.hosts.puyak; diff --git a/krebs/2configs/shack/prometheus/alertmanager-telegram.nix b/krebs/2configs/shack/prometheus/alertmanager-telegram.nix deleted file mode 100644 index 8527001cb..000000000 --- a/krebs/2configs/shack/prometheus/alertmanager-telegram.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ pkgs, ...}: -{ - systemd.services.alertmanager-bot-telegram = { - wantedBy = [ "multi-user.target" ]; - after = [ "ip-up.target" ]; - serviceConfig = { - EnvironmentFile = toString <secrets/shack/telegram_bot.env>; - DynamicUser = true; - StateDirectory = "alertbot"; - ExecStart = ''${pkgs.alertmanager-bot-telegram}/bin/alertmanager-bot \ - --alertmanager.url=http://alert.prometheus.shack --log.level=info \ - --store=bolt --bolt.path=/var/lib/alertbot/bot.db \ - --listen.addr="0.0.0.0:16320" \ - --template.paths=${./templates}/shack.tmpl''; - }; - }; -} diff --git a/krebs/5pkgs/simple/passwdqc-utils/default.nix b/krebs/5pkgs/simple/passwdqc-utils/default.nix index c6f866e56..1def3167c 100644 --- a/krebs/5pkgs/simple/passwdqc-utils/default.nix +++ b/krebs/5pkgs/simple/passwdqc-utils/default.nix @@ -1,17 +1,17 @@ { fetchurl, lib, stdenv , libxcrypt -, pam +, linux-pam , wordset-file ? null, # set your own wordset-file }: stdenv.mkDerivation rec { - name = "passwdqc-utils-${version}"; - version = "1.3.0"; - buildInputs = [ libxcrypt pam ]; + pname = "passwdqc-utils"; + version = "2.0.2"; + buildInputs = [ libxcrypt linux-pam ]; src = fetchurl { url = "http://www.openwall.com/passwdqc/passwdqc-${version}.tar.gz"; - sha256 = "0l3zbrp4pvah0dz33m48aqlz9nx663cc1fqhnlwr0p853b10la93"; + hash = "sha256-/x9QV2TAIPakSEseDMT9vy4/cbUikm2QtHCRBMoGBKs="; }; buildTargets = "utils"; diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix index d49ad158b..31da31a71 100644 --- a/makefu/2configs/bgt/download.binaergewitter.de.nix +++ b/makefu/2configs/bgt/download.binaergewitter.de.nix @@ -43,16 +43,13 @@ in { services.logrotate = { enable = true; - config = '' - ${bgtaccess} ${bgterror} { - rotate 5 - weekly - create 600 nginx nginx - postrotate - ${pkgs.systemd}/bin/systemctl reload nginx - endscript - } - ''; + settings.bgt = { + files = [ bgtaccess bgterror ]; + rotate = 5; + frequency = "weekly"; + create = "600 nginx nginx"; + postrotate = "${pkgs.systemd}/bin/systemctl reload nginx"; + }; }; # 20.09 unharden nginx to write logs diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 66c77e1eb..9a08a4497 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -11,7 +11,7 @@ with import <stockholm/lib>; ./editor/vim.nix ./binary-cache/nixos.nix ./minimal.nix - ./security/hotfix.nix + # ./security/hotfix.nix ]; # users are super important diff --git a/makefu/2configs/gui/look-up.nix b/makefu/2configs/gui/look-up.nix index d27f5cff7..e04098cc2 100644 --- a/makefu/2configs/gui/look-up.nix +++ b/makefu/2configs/gui/look-up.nix @@ -1,4 +1,9 @@ -{ +{pkgs, config, ... }: +let + user = config.krebs.build.user.name; + window-manager = "awesome"; +in + { systemd.services.look-up = { startAt = "*:30"; serviceConfig = { diff --git a/makefu/2configs/security/hotfix.nix b/makefu/2configs/security/hotfix.nix deleted file mode 100644 index fc52f21e6..000000000 --- a/makefu/2configs/security/hotfix.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ pkgs, lib,... }: { - # https://github.com/berdav/CVE-2021-4034 - security.wrappers.pkexec.source = lib.mkForce (pkgs.writeText "pkexec" ""); -} diff --git a/makefu/5pkgs/pkgrename/default.nix b/makefu/5pkgs/pkgrename/default.nix index 5eeb161e7..c0944b03c 100644 --- a/makefu/5pkgs/pkgrename/default.nix +++ b/makefu/5pkgs/pkgrename/default.nix @@ -2,19 +2,19 @@ }: stdenv.mkDerivation rec { name = "pkgrename"; - version = "1.03"; + version = "1.05"; src = fetchFromGitHub { owner = "hippie68"; repo = "pkgrename"; - rev = "c3e5c47ed9367273bd09577af46d3d9bf87b2a50"; + rev = "c7c95f0ea49324433db4a7df8db8b0905198e62e"; sha256 = "0cphxdpj04h1i0qf5mji3xqdsbyilvd5b4gwp4vx914r6k5f0xf3"; }; buildInputs = [ curl.dev ]; buildPhase = '' cd pkgrename.c - gcc pkgrename.c src/*.c -o pkgrename -lcurl -s -O1 $(curl-config --cflags --libs) + $CC pkgrename.c src/*.c -o pkgrename -s -O3 $(curl-config --cflags --libs) -Wl,--allow-multiple-definition ''; installPhase = '' install -D pkgrename $out/bin/pkgrename diff --git a/makefu/5pkgs/ratt/default.nix b/makefu/5pkgs/ratt/default.nix index 0ad94c55e..575a33f2b 100644 --- a/makefu/5pkgs/ratt/default.nix +++ b/makefu/5pkgs/ratt/default.nix @@ -11,7 +11,7 @@ buildGoModule rec { }; proxyVendor = true; - vendorSha256 = "sha256-AOtWR7Ew+0I7+TrMZOCxOKGCv+mlvcqy9s+gX2JKwnE="; + vendorSha256 = "sha256-tCSwyusVstEkz2pXYGX5JmS+VgqErSPtnh4LomaaFcE="; # tests try to access the internet to scrape websites doCheck = false; diff --git a/makefu/krops.nix b/makefu/krops.nix index d907c8e36..94677609e 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -75,20 +75,20 @@ (lib.mkIf ( host-src.hw ) { nixos-hardware.git = { url = https://github.com/nixos/nixos-hardware.git; - ref = "12620020f76b1b5d2b0e6fbbda831ed4f5fe56e1"; + ref = "9d87bc030a0bf3f00e953dbf095a7d8e852dab6b"; }; }) (lib.mkIf ( host-src.nix-ld ) { nix-ld.git = { url = https://github.com/Mic92/nix-ld.git; - ref = "c25cc4b"; + ref = "7d251c0c5adf6b9b003499243be257d0f130b3d6"; }; }) (lib.mkIf ( host-src.home-manager ) { home-manager.git = { url = https://github.com/rycee/home-manager; - ref = "1de492f"; + ref = "054d9e3187ca00479e8036dc0e92900a384f30fd"; }; }) ]; |