diff options
-rw-r--r-- | Zhosts/flap | 1 | ||||
-rw-r--r-- | Zhosts/gum | 1 | ||||
-rw-r--r-- | krebs/3modules/default.nix | 3 | ||||
-rw-r--r-- | krebs/4lib/types.nix | 3 | ||||
-rw-r--r-- | krebs/5pkgs/default.nix | 1 | ||||
-rw-r--r-- | krebs/5pkgs/youtube-tools.nix | 21 | ||||
-rw-r--r-- | lass/1systems/cloudkrebs.nix | 2 | ||||
-rw-r--r-- | lass/1systems/mors.nix | 7 | ||||
-rw-r--r-- | lass/2configs/base.nix | 5 | ||||
-rw-r--r-- | lass/2configs/bitlbee.nix | 15 | ||||
-rw-r--r-- | lass/2configs/retiolum.nix | 2 | ||||
-rw-r--r-- | lass/3modules/bitlbee.nix | 153 | ||||
-rw-r--r-- | lass/5pkgs/bitlbee-dev.nix | 20 | ||||
-rw-r--r-- | lass/5pkgs/bitlbee-steam.nix | 31 | ||||
-rw-r--r-- | lass/5pkgs/bitlbee.nix | 71 | ||||
-rw-r--r-- | lass/5pkgs/default.nix | 13 | ||||
-rw-r--r-- | tv/1systems/cd.nix | 4 | ||||
-rw-r--r-- | tv/1systems/nomic.nix | 4 | ||||
-rw-r--r-- | tv/1systems/wu.nix | 4 | ||||
-rw-r--r-- | tv/2configs/git.nix | 12 | ||||
-rw-r--r-- | tv/2configs/urlwatch.nix | 2 |
21 files changed, 357 insertions, 18 deletions
diff --git a/Zhosts/flap b/Zhosts/flap index ea6aace53..94e6bdc75 100644 --- a/Zhosts/flap +++ b/Zhosts/flap @@ -1,4 +1,5 @@ Subnet = 10.243.211.172 +Subnet = 10.243.211.172 53 Subnet = 42:472a:3d01:bbe4:4425:567e:592b:065d -----BEGIN RSA PUBLIC KEY----- diff --git a/Zhosts/gum b/Zhosts/gum index 9749f975a..f1eaa4eab 100644 --- a/Zhosts/gum +++ b/Zhosts/gum @@ -1,4 +1,5 @@ Address= 195.154.108.70 +Address= 195.154.108.70 53 Subnet = 10.243.0.211 Subnet = 42:f9f0:0000:0000:0000:0000:0000:70d2 Aliases = paste diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index f143e64b8..3d34ddf12 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -272,6 +272,7 @@ let ''; }; }; + secure = true; }; mors = { cores = 2; @@ -307,7 +308,7 @@ let }; uriel = { pubkey = readFile ../../Zpubkeys/uriel.ssh.pub; - mail = "uriel@mors.retiolum"; + mail = "lass@uriel.retiolum"; }; }; }; diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index f767d20fe..4e123e723 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -47,7 +47,8 @@ types // rec { }; addrs = mkOption { type = listOf addr; - apply = _: config.addrs4 ++ config.addrs6; + default = config.addrs4 ++ config.addrs6; + # TODO only default addrs make sense }; addrs4 = mkOption { type = listOf addr4; diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index 89872f1eb..062f0a515 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -13,4 +13,5 @@ pkgs // github-known_hosts = callPackage ./github-known_hosts.nix {}; hashPassword = callPackage ./hashPassword.nix {}; posix-array = callPackage ./posix-array.nix {}; + youtube-tools = callPackage ./youtube-tools.nix {}; } diff --git a/krebs/5pkgs/youtube-tools.nix b/krebs/5pkgs/youtube-tools.nix new file mode 100644 index 000000000..d767728be --- /dev/null +++ b/krebs/5pkgs/youtube-tools.nix @@ -0,0 +1,21 @@ +{ stdenv, fetchgit, ... }: + +stdenv.mkDerivation { + name = "youtube-tools"; + + src = fetchgit { + url = https://github.com/Lassulus/the_playlist; + rev = "9218b163f2d8bc965b853ed9fc9e13d15a703456"; + sha256 = "ae5db4be652d015a518e57e4ed2de34b9127e77d9272af3049832bb134e96e4d"; + }; + + phases = [ + "unpackPhase" + "installPhase" + ]; + + installPhase = '' + mkdir -p $out/bin + cp bin/* $out/bin/ + ''; +} diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix index 515810e44..6e814e643 100644 --- a/lass/1systems/cloudkrebs.nix +++ b/lass/1systems/cloudkrebs.nix @@ -30,7 +30,7 @@ deps = { nixpkgs = { url = https://github.com/Lassulus/nixpkgs; - rev = "1879a011925c561f0a7fd4043da0768bbff41d0b"; + rev = "961fcbabd7643171ea74bd550fee1ce5c13c2e90"; }; secrets = { url = "/home/lass/secrets/${config.krebs.build.host.name}"; diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index e7f8d5276..19d7030d6 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -15,12 +15,13 @@ ../2configs/wine.nix ../2configs/texlive.nix ../2configs/binary-caches.nix - ../2configs/ircd.nix + #../2configs/ircd.nix ../2configs/chromium-patched.nix ../2configs/new-repos.nix #../../2configs/tv/synaptics.nix ../2configs/retiolum.nix ../2configs/wordpress.nix + ../2configs/bitlbee.nix ]; krebs.build = { @@ -30,7 +31,7 @@ deps = { nixpkgs = { url = https://github.com/Lassulus/nixpkgs; - rev = "961fd7b7a0f88dde7dac2f7a4c05ee4e1a25381d"; + rev = "961fcbabd7643171ea74bd550fee1ce5c13c2e90"; }; secrets = { url = "/home/lass/secrets/${config.krebs.build.host.name}"; @@ -128,7 +129,7 @@ #VM writeback timeout echo '1500' > '/proc/sys/vm/dirty_writeback_centisecs' #Autosuspend for USB device Broadcom Bluetooth Device [Broadcom Corp] - echo 'auto' > '/sys/bus/usb/devices/1-1.4/power/control' + #echo 'auto' > '/sys/bus/usb/devices/1-1.4/power/control' #Autosuspend for USB device Biometric Coprocessor echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control' diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 095c7660c..256c29ab1 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -39,12 +39,16 @@ with lib; krebs = { enable = true; search-domain = "retiolum"; + exim-retiolum.enable = true; }; nix.useChroot = true; users.mutableUsers = false; + #why is this on in the first place? + services.ntp.enable = false; + boot.tmpOnTmpfs = true; # see tmpfiles.d(5) systemd.tmpfiles.rules = [ @@ -134,6 +138,7 @@ with lib; { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } + { predicate = "-i retiolum"; target = "REJECT"; precedence = -10000; } ]; }; }; diff --git a/lass/2configs/bitlbee.nix b/lass/2configs/bitlbee.nix new file mode 100644 index 000000000..3a0080402 --- /dev/null +++ b/lass/2configs/bitlbee.nix @@ -0,0 +1,15 @@ +{ config, pkgs, ... }: + +let + lpkgs = import ../5pkgs { inherit pkgs; }; +in { + + imports = [ + ../3modules/bitlbee.nix + ]; + + config.lass.bitlbee = { + enable = true; + bitlbeePkg = lpkgs.bitlbee; + }; +} diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index 2d583a88a..7c7f2b4d4 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -22,6 +22,8 @@ "fastpoke" "cloudkrebs" "pigstarter" + "gum" + "flap" ]; }; } diff --git a/lass/3modules/bitlbee.nix b/lass/3modules/bitlbee.nix new file mode 100644 index 000000000..8ce560146 --- /dev/null +++ b/lass/3modules/bitlbee.nix @@ -0,0 +1,153 @@ +{ config, lib, pkgs, ... }: + + +let + + inherit (lib) + mkIf + mkOption + types + singleton + ; + + authModeCheck = v: + v == "Open" || + v == "Closed" || + v == "Registered" + ; + + bitlbeeConfig = pkgs.writeText "bitlbee.conf" '' + [settings] + RunMode = Daemon + User = bitlbee + ConfigDir = ${cfg.configDir} + DaemonInterface = ${cfg.interface} + DaemonPort = ${toString cfg.portNumber} + AuthMode = ${cfg.authMode} + ${lib.optionalString (cfg.hostName != "") "HostName = ${cfg.hostName}"} + ${lib.optionalString (cfg.protocols != "") "Protocols = ${cfg.protocols}"} + ${cfg.extraSettings} + + [defaults] + ${cfg.extraDefaults} + ''; + + cfg = config.lass.bitlbee; + + out = { + options.lass.bitlbee = api; + config = mkIf cfg.enable imp; + }; + + api = { + enable = mkOption { + default = false; + description = '' + Whether to run the BitlBee IRC to other chat network gateway. + Running it allows you to access the MSN, Jabber, Yahoo! and ICQ chat + networks via an IRC client. + ''; + }; + + interface = mkOption { + default = "127.0.0.1"; + description = '' + The interface the BitlBee deamon will be listening to. If `127.0.0.1', + only clients on the local host can connect to it; if `0.0.0.0', clients + can access it from any network interface. + ''; + }; + + portNumber = mkOption { + default = 6667; + description = '' + Number of the port BitlBee will be listening to. + ''; + }; + + authMode = mkOption { + default = "Open"; + type = types.addCheck types.str authModeCheck; + description = '' + The following authentication modes are available: + Open -- Accept connections from anyone, use NickServ for user authentication. + Closed -- Require authorization (using the PASS command during login) before allowing the user to connect at all. + Registered -- Only allow registered users to use this server; this disables the register- and the account command until the user identifies himself. + ''; + }; + + hostName = mkOption { + default = ""; + type = types.str; + description = '' + Normally, BitlBee gets a hostname using getsockname(). If you have a nicer + alias for your BitlBee daemon, you can set it here and BitlBee will identify + itself with that name instead. + ''; + }; + + configDir = mkOption { + default = "/var/lib/bitlbee"; + type = types.path; + description = '' + Specify an alternative directory to store all the per-user configuration + files. + ''; + }; + + protocols = mkOption { + default = ""; + type = types.str; + description = '' + This option allows to remove the support of protocol, even if compiled + in. If nothing is given, there are no restrictions. + ''; + }; + + extraSettings = mkOption { + default = ""; + description = '' + Will be inserted in the Settings section of the config file. + ''; + }; + + extraDefaults = mkOption { + default = ""; + description = '' + Will be inserted in the Default section of the config file. + ''; + }; + + bitlbeePkg = mkOption { + default = pkgs.bitlbee; + description = '' + the bitlbee pkg to use. + ''; + }; + }; + + imp = { + users.extraUsers = singleton { + name = "bitlbee"; + uid = config.ids.uids.bitlbee; + description = "BitlBee user"; + home = "/var/lib/bitlbee"; + createHome = true; + }; + + users.extraGroups = singleton { + name = "bitlbee"; + gid = config.ids.gids.bitlbee; + }; + + systemd.services.bitlbee = { + description = "BitlBee IRC to other chat networks gateway"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig.User = "bitlbee"; + serviceConfig.ExecStart = "${cfg.bitlbeePkg}/sbin/bitlbee -F -n -c ${bitlbeeConfig}"; + }; + }; + +in +out diff --git a/lass/5pkgs/bitlbee-dev.nix b/lass/5pkgs/bitlbee-dev.nix new file mode 100644 index 000000000..dd129591e --- /dev/null +++ b/lass/5pkgs/bitlbee-dev.nix @@ -0,0 +1,20 @@ +{ fetchurl, stdenv, gnutls, glib, pkgconfig, check, libotr, python }: + +stdenv.mkDerivation rec { + name = "bitlbee-3.4.1"; + + src = fetchurl { + url = "mirror://bitlbee/src/${name}.tar.gz"; + sha256 = "1qf0ypa9ba5jvsnpg9slmaran16hcc5fnfzbb1sdch1hjhchn2jh"; + }; + + buildInputs = [ gnutls glib pkgconfig libotr python ]; + + buildPhase = ""; + + installPhase = '' + make install-dev + ''; + +} + diff --git a/lass/5pkgs/bitlbee-steam.nix b/lass/5pkgs/bitlbee-steam.nix new file mode 100644 index 000000000..d869eaac5 --- /dev/null +++ b/lass/5pkgs/bitlbee-steam.nix @@ -0,0 +1,31 @@ +{ stdenv, fetchgit, autoconf, automake, bitlbee-dev, glib, libgcrypt, libtool, pkgconfig }: + +stdenv.mkDerivation rec { + name = "bitlbee-steam-1.3.1"; + + src = fetchgit { + url = "https://github.com/jgeboski/bitlbee-steam"; + rev = "439d777c7e8d06712ffc15c3e51d61799f4c0d0c"; + sha256 = "493924da1083a3b23073c595a9e1989a7ae09a196524ad66ca99c4d8ccc20d2a"; + }; + + buildInputs = [ + autoconf + automake + bitlbee-dev + glib + libgcrypt + libtool + pkgconfig + ]; + + configurePhase = '' + ./autogen.sh + ''; + + installPhase = '' + mkdir -p $out + cp steam/.libs/steam.la $out/ + cp steam/.libs/steam.so $out/ + ''; +} diff --git a/lass/5pkgs/bitlbee.nix b/lass/5pkgs/bitlbee.nix new file mode 100644 index 000000000..2a5a8d86d --- /dev/null +++ b/lass/5pkgs/bitlbee.nix @@ -0,0 +1,71 @@ +{ fetchurl, stdenv, gnutls, glib, pkgconfig, check, libotr, python + , bitlbee-facebook ? null + , bitlbee-steam ? null +}: + +with stdenv.lib; +stdenv.mkDerivation rec { + name = "bitlbee-3.4.1"; + + src = fetchurl { + url = "mirror://bitlbee/src/${name}.tar.gz"; + sha256 = "1qf0ypa9ba5jvsnpg9slmaran16hcc5fnfzbb1sdch1hjhchn2jh"; + }; + + + buildInputs = [ gnutls glib pkgconfig libotr python ] + ++ optional doCheck check; + + configureFlags = [ + "--gcov=1" + "--otr=1" + "--ssl=gnutls" + ]; + + postBuild = '' + ${if (bitlbee-steam != null) then + '' + mkdir -p $out/lib/bitlbee/ + find ${bitlbee-steam} + cp ${bitlbee-steam}/* $out/lib/bitlbee/ + '' + else + "" + } + ''; + #${concatMapStringsSep "\n" ([] ++ + # (if (bitlbee-facebook != null) then + # "cp ${bitlbee-faceook}/* $out/" + # else + # "" + # ) ++ + # (if (bitlbee-steam != null) then + # "cp ${bitlbee-steam}/* $out/" + # else + # "" + # ) + #)} + + doCheck = true; + + meta = { + description = "IRC instant messaging gateway"; + + longDescription = '' + BitlBee brings IM (instant messaging) to IRC clients. It's a + great solution for people who have an IRC client running all the + time and don't want to run an additional MSN/AIM/whatever + client. + + BitlBee currently supports the following IM networks/protocols: + XMPP/Jabber (including Google Talk), MSN Messenger, Yahoo! + Messenger, AIM and ICQ. + ''; + + homepage = http://www.bitlbee.org/; + license = licenses.gpl2Plus; + + maintainers = with maintainers; [ wkennington pSub ]; + platforms = platforms.gnu; # arbitrary choice + }; +} diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix new file mode 100644 index 000000000..c776262ff --- /dev/null +++ b/lass/5pkgs/default.nix @@ -0,0 +1,13 @@ +{ pkgs, ... }: + +let + inherit (pkgs) callPackage; + kpkgs = import ../../krebs/5pkgs { inherit pkgs; }; +in + +kpkgs // +rec { + bitlbee-dev = callPackage ./bitlbee-dev.nix {}; + bitlbee-steam = callPackage ./bitlbee-steam.nix { inherit bitlbee-dev; }; + bitlbee = callPackage ./bitlbee.nix { inherit bitlbee-steam; }; +} diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix index 659b95065..9f412d9b8 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd.nix @@ -14,8 +14,8 @@ in krebs.build.deps = { nixpkgs = { - url = https://github.com/NixOS/nixpkgs; - rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870"; + url = https://github.com/4z3/nixpkgs; + rev = "03130ec91356cd250b80f144022ee2f4d665ca36"; # 1357692 }; secrets = { url = "/home/tv/secrets/${config.krebs.build.host.name}"; diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix index 6418cdc5e..028e53539 100644 --- a/tv/1systems/nomic.nix +++ b/tv/1systems/nomic.nix @@ -10,8 +10,8 @@ with lib; krebs.build.deps = { nixpkgs = { - url = https://github.com/NixOS/nixpkgs; - rev = "9d5508d85c33b8fb22d79dde6176792eac2c2696"; + url = https://github.com/4z3/nixpkgs; + rev = "03130ec91356cd250b80f144022ee2f4d665ca36"; # 1357692 }; secrets = { url = "/home/tv/secrets/${config.krebs.build.host.name}"; diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 20dbca12f..2233b48d1 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -14,8 +14,8 @@ in krebs.build.deps = { nixpkgs = { - url = https://github.com/NixOS/nixpkgs; - rev = "9d5508d85c33b8fb22d79dde6176792eac2c2696"; + url = https://github.com/4z3/nixpkgs; + rev = "03130ec91356cd250b80f144022ee2f4d665ca36"; # 1357692 }; secrets = { url = "/home/tv/secrets/${config.krebs.build.host.name}"; diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix index 8d662494c..264cb4a1c 100644 --- a/tv/2configs/git.nix +++ b/tv/2configs/git.nix @@ -8,14 +8,14 @@ let enable = true; root-title = "public repositories at ${config.krebs.build.host.name}"; root-desc = "keep calm and engage"; - inherit repos rules; + repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; + rules = rules; }; }; - repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) ( + repos = public-repos // - optionalAttrs config.krebs.build.host.secure restricted-repos - ); + optionalAttrs config.krebs.build.host.secure restricted-repos; rules = concatMap make-rules (attrValues repos); @@ -66,8 +66,8 @@ let }; }; - make-restricted-repo = name: { desc ? null, ... }: { - inherit name desc; + make-restricted-repo = name: { collaborators ? [], desc ? null, ... }: { + inherit name collaborators desc; public = false; }; diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix index a69b1519c..26e56e09c 100644 --- a/tv/2configs/urlwatch.nix +++ b/tv/2configs/urlwatch.nix @@ -11,6 +11,8 @@ # 2014-07-29 when one of the following urls change # then we have to update the package + http://www.exim.org/ + # ref src/nixpkgs/pkgs/tools/admin/sec/default.nix https://api.github.com/repos/simple-evcorr/sec/tags |