summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/1systems/filebitch/hardware-configuration.nix28
-rw-r--r--krebs/1systems/hotdog/config.nix1
-rw-r--r--krebs/2configs/default.nix1
-rw-r--r--krebs/2configs/nscd-fix.nix24
-rw-r--r--krebs/2configs/reaktor2.nix2
-rw-r--r--krebs/3modules/github-hosts-sync.nix4
-rw-r--r--krebs/3modules/jeschli/default.nix3
-rw-r--r--krebs/5pkgs/haskell/reaktor2/default.nix8
-rw-r--r--krebs/5pkgs/simple/alertmanager-bot-telegram/default.nix2
-rw-r--r--krebs/nixpkgs.json6
-rwxr-xr-xkrebs/update-nixpkgs.sh2
-rw-r--r--lass/1systems/icarus/config.nix1
-rw-r--r--lass/1systems/morpheus/physical.nix5
-rw-r--r--lass/1systems/shodan/config.nix1
-rw-r--r--lass/1systems/uriel/physical.nix2
-rw-r--r--lass/2configs/copyq.nix3
-rw-r--r--lass/2configs/dcso-vpn.nix44
-rw-r--r--lass/2configs/default.nix1
-rw-r--r--lass/2configs/websites/domsen.nix1
-rw-r--r--lass/2configs/websites/lassulus.nix2
-rw-r--r--makefu/2configs/minimal.nix2
21 files changed, 30 insertions, 113 deletions
diff --git a/krebs/1systems/filebitch/hardware-configuration.nix b/krebs/1systems/filebitch/hardware-configuration.nix
index 574618e39..1e7fa7872 100644
--- a/krebs/1systems/filebitch/hardware-configuration.nix
+++ b/krebs/1systems/filebitch/hardware-configuration.nix
@@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }:
let
byid = dev: "/dev/disk/by-id/" + dev;
- keyFile = byid "usb-SMI_USB_DISK_AA08061700009650-0:0";
+ keyFile = byid "usb-SMI_USB_DISK_AA08061700009650-0:0";
in
{
imports =
@@ -19,7 +19,7 @@ in
boot.tmpOnTmpfs = true;
- boot.initrd.availableKernelModules = [
+ boot.initrd.availableKernelModules = [
"xhci_pci" "ahci" "ohci_pci" "ehci_pci" "usb_storage" "usbhid" "sd_mod"
"raid456"
"usbhid"
@@ -77,20 +77,18 @@ in
networking.hostId = "54d97450"; # required for zfs use
boot.initrd.luks.devices = let
- usbkey = name: device: {
- inherit name device keyFile;
+ usbkey = device: {
+ inherit device keyFile;
keyFileSize = 2048;
preLVM = true;
};
- in [
- ((usbkey "swap" (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part2"))
- // { allowDiscards = true; } )
- ((usbkey "root" (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part3"))
- // { allowDiscards = true; } )
- (usbkey "125" "/dev/md125")
- (usbkey "126" "/dev/md126")
- (usbkey "127" "/dev/md127")
- ];
-
-
+ in {
+ swap = ((usbkey (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part2"))
+ // { allowDiscards = true; } );
+ root = ((usbkey (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part3"))
+ // { allowDiscards = true; } );
+ md125 = usbkey "/dev/md125";
+ md126 = usbkey "/dev/md126";
+ md127 = usbkey "/dev/md127";
+ };
}
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index bb84b1873..c0fa38284 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -12,7 +12,6 @@
<stockholm/krebs/2configs/buildbot-stockholm.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/ircd.nix>
- <stockholm/krebs/2configs/nscd-fix.nix>
<stockholm/krebs/2configs/reaktor2.nix>
<stockholm/krebs/2configs/wiki.nix>
];
diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix
index 3442272ec..f56f6045a 100644
--- a/krebs/2configs/default.nix
+++ b/krebs/2configs/default.nix
@@ -43,7 +43,6 @@ with import <stockholm/lib>;
];
};
services.cron.enable = false;
- services.nscd.enable = false;
services.ntp.enable = false;
users.mutableUsers = false;
diff --git a/krebs/2configs/nscd-fix.nix b/krebs/2configs/nscd-fix.nix
deleted file mode 100644
index 8e5909e72..000000000
--- a/krebs/2configs/nscd-fix.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-with import <stockholm/lib>;
-{ pkgs, ... }: let
-
- enable = versionOlderThan "19.03";
-
- versionOlderThan = v:
- compareVersions
- (versions.majorMinor version)
- (versions.majorMinor v)
- == -1;
-
- warning = ''
- Using custom services.nscd.config because
- https://github.com/NixOS/nixpkgs/pull/50316
- '';
-
-in
- optionalAttrs enable (trace warning {
- services.nscd.enable = mkForce true;
- services.nscd.config = mkForce (readFile (pkgs.fetchurl {
- url = https://raw.githubusercontent.com/arianvp/nixpkgs/1d5f4cb/nixos/modules/services/system/nscd.conf;
- sha256 = "1jlddk38lyynjn51zx3xi1nc29ahajyh0qg48qbq6dqlsrn3wxqs";
- }));
- })
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix
index b80198b03..473028f95 100644
--- a/krebs/2configs/reaktor2.nix
+++ b/krebs/2configs/reaktor2.nix
@@ -95,7 +95,7 @@ let
}
hooks.sed
(generators.command_hook {
- inherit (commands) hello random-emoji nixos-version stockholm-issue;
+ inherit (commands) hello random-emoji nixos-version;
tell = {
filename =
"${pkgs.Reaktor.src}/reaktor/commands/tell-on_privmsg";
diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix
index 0b7d56098..7d618ebfd 100644
--- a/krebs/3modules/github-hosts-sync.nix
+++ b/krebs/3modules/github-hosts-sync.nix
@@ -62,8 +62,8 @@ let
};
};
- users.extraUsers = singleton {
- inherit (user) name uid;
+ users.users.${user.name} = {
+ inherit (user) uid;
home = cfg.dataDir;
};
};
diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix
index 75d7eda6e..390f7585f 100644
--- a/krebs/3modules/jeschli/default.nix
+++ b/krebs/3modules/jeschli/default.nix
@@ -12,6 +12,7 @@ with import <stockholm/lib>;
in {
hosts = mapAttrs hostDefaults {
brauerei = {
+ ci = false;
nets = {
retiolum = {
ip4.addr = "10.243.27.29";
@@ -93,6 +94,7 @@ in {
};
bolide = {
+ ci = false;
nets = {
retiolum = {
ip4.addr = "10.243.27.31";
@@ -130,6 +132,7 @@ in {
};
reagenzglas = {
+ ci = false;
nets = {
retiolum = {
ip4.addr = "10.243.27.32";
diff --git a/krebs/5pkgs/haskell/reaktor2/default.nix b/krebs/5pkgs/haskell/reaktor2/default.nix
index ae242efea..6a48f865c 100644
--- a/krebs/5pkgs/haskell/reaktor2/default.nix
+++ b/krebs/5pkgs/haskell/reaktor2/default.nix
@@ -6,13 +6,13 @@
, time, transformers, unagi-chan, unix, unordered-containers
, vector, wai, warp
}:
-mkDerivation {
+mkDerivation rec {
pname = "reaktor2";
- version = "0.3.0";
+ version = "0.4.0";
src = fetchgit {
url = "https://cgit.krebsco.de/reaktor2";
- sha256 = "02hqpq8wcfd6rvi8qk10zy3f3lrzzqnjwqal4cbvksjn3vahz36h";
- rev = "a6893c00f78a8acd0a4bfe7da87ab6889eabcf21";
+ sha256 = "0bnn23hjl57y0a5rf3h8kq078dziby7il7fandz5wh6s4i3psicp";
+ rev = "v${version}";
fetchSubmodules = true;
};
isLibrary = false;
diff --git a/krebs/5pkgs/simple/alertmanager-bot-telegram/default.nix b/krebs/5pkgs/simple/alertmanager-bot-telegram/default.nix
index f0e221406..a84407457 100644
--- a/krebs/5pkgs/simple/alertmanager-bot-telegram/default.nix
+++ b/krebs/5pkgs/simple/alertmanager-bot-telegram/default.nix
@@ -11,7 +11,7 @@ buildGoModule rec {
sha256 = "09cciml1j8x76jpm2v5v6h2q6j1fkhsz1kswslmx8wl4wk40xgp4";
};
- modSha256 = "0nlnxkpcna7g7qslyz5i1619paw4jkb1ma4fgpsgvgx1spwrjm8h";
+ vendorSha256 = "0nlnxkpcna7g7qslyz5i1619paw4jkb1ma4fgpsgvgx1spwrjm8h";
postInstall = ''
install -D ./default.tmpl $out/templates/default.tmpl
'';
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 161a099e5..72f85ab3a 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "7c2a362b58a1c2ba72d24aa3869da3b1a91d39e1",
- "date": "2020-10-20T09:32:31+02:00",
- "sha256": "0gl4xndyahasa9dv5mi3x9w8s457wl2xh9lcldizcn1irjvkrzs4",
+ "rev": "13d0c311e3ae923a00f734b43fd1d35b47d8943a",
+ "date": "2020-10-27T08:58:28+01:00",
+ "sha256": "0izp5y55whbdaf26w3zy2xvkjvlll39lib1ifvb61ps9gmvlqn39",
"fetchSubmodules": false
}
diff --git a/krebs/update-nixpkgs.sh b/krebs/update-nixpkgs.sh
index b0ffb6adc..9a0ea7ed4 100755
--- a/krebs/update-nixpkgs.sh
+++ b/krebs/update-nixpkgs.sh
@@ -3,7 +3,7 @@ dir=$(dirname $0)
oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
--url https://github.com/NixOS/nixpkgs \
- --rev refs/heads/nixos-20.03' \
+ --rev refs/heads/nixos-20.09' \
> $dir/nixpkgs.json
newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev"
diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix
index 8332e7c53..609da6011 100644
--- a/lass/1systems/icarus/config.nix
+++ b/lass/1systems/icarus/config.nix
@@ -19,7 +19,6 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/syncthing.nix>
<stockholm/lass/2configs/nfs-dl.nix>
#<stockholm/lass/2configs/prism-share.nix>
- <stockholm/lass/2configs/ssh-cryptsetup.nix>
<stockholm/lass/2configs/network-manager.nix>
<stockholm/lass/2configs/home-media.nix>
];
diff --git a/lass/1systems/morpheus/physical.nix b/lass/1systems/morpheus/physical.nix
index 3fb03cda4..6e59a2273 100644
--- a/lass/1systems/morpheus/physical.nix
+++ b/lass/1systems/morpheus/physical.nix
@@ -34,10 +34,7 @@
};
boot.initrd.luks = {
cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
- devices = [{
- name = "luksroot";
- device = "/dev/nvme0n1p3";
- }];
+ devices.luksroot.device = "/dev/nvme0n1p3";
};
services.udev.extraRules = ''
diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix
index d7b43f2cd..9e01396bc 100644
--- a/lass/1systems/shodan/config.nix
+++ b/lass/1systems/shodan/config.nix
@@ -15,7 +15,6 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/bitcoin.nix>
<stockholm/lass/2configs/backup.nix>
<stockholm/lass/2configs/blue-host.nix>
- <stockholm/lass/2configs/ssh-cryptsetup.nix>
<stockholm/lass/2configs/nfs-dl.nix>
<stockholm/lass/2configs/gg23.nix>
<stockholm/lass/2configs/hass>
diff --git a/lass/1systems/uriel/physical.nix b/lass/1systems/uriel/physical.nix
index 2d21f00d5..82a088643 100644
--- a/lass/1systems/uriel/physical.nix
+++ b/lass/1systems/uriel/physical.nix
@@ -15,7 +15,7 @@
loader.systemd-boot.enable = true;
loader.timeout = 5;
- initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
+ initrd.luks.devices.luksroot.device = "/dev/sda2";
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
#kernelModules = [ "kvm-intel" "msr" ];
diff --git a/lass/2configs/copyq.nix b/lass/2configs/copyq.nix
index 56c091a6e..ed78699b0 100644
--- a/lass/2configs/copyq.nix
+++ b/lass/2configs/copyq.nix
@@ -25,9 +25,6 @@ in {
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
};
- path = with pkgs; [
- qt5.full
- ];
serviceConfig = {
SyslogIdentifier = "copyq";
ExecStart = "${pkgs.copyq}/bin/copyq";
diff --git a/lass/2configs/dcso-vpn.nix b/lass/2configs/dcso-vpn.nix
deleted file mode 100644
index 0a5623bf0..000000000
--- a/lass/2configs/dcso-vpn.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-with import <stockholm/lib>;
-{ ... }:
-
-{
-
- users.extraUsers = {
- dcsovpn = rec {
- name = "dcsovpn";
- uid = genid "dcsovpn";
- description = "user for running dcso openvpn";
- home = "/home/${name}";
- };
- };
-
- users.extraGroups.dcsovpn.gid = genid "dcsovpn";
-
- services.openvpn.servers = {
- dcso = {
- config = ''
- client
- dev tun
- tun-mtu 1356
- mssfix
- proto udp
- float
- remote 217.111.55.41 1194
- nobind
- user dcsovpn
- group dcsovpn
- persist-key
- persist-tun
- ca ${toString <secrets/dcsovpn/ca.pem>}
- cert ${toString <secrets/dcsovpn/cert.pem>}
- key ${toString <secrets/dcsovpn/cert.key>}
- verb 3
- mute 20
- auth-user-pass ${toString <secrets/dcsovpn/login.txt>}
- route-method exe
- route-delay 2
- '';
- updateResolvConf = true;
- };
- };
-}
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index f59988b75..babcb51de 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -2,7 +2,6 @@ with import <stockholm/lib>;
{ config, pkgs, ... }:
{
imports = [
- <stockholm/krebs/2configs/nscd-fix.nix>
./binary-cache/client.nix
./backup.nix
./gc.nix
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 78cfb29cd..ac7db10f5 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -97,7 +97,6 @@ in {
overwriteProtocol = "https";
};
https = true;
- nginx.enable = true;
};
services.nginx.virtualHosts."o.xanf.org" = {
enableACME = true;
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index 74585a6f8..17df71310 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -16,7 +16,6 @@ in {
email = "acme@lassul.us";
acceptTerms = true;
certs."lassul.us" = {
- allowKeysForGroup = true;
group = "lasscert";
};
};
@@ -78,7 +77,6 @@ in {
email = "lassulus@lassul.us";
webroot = "/var/lib/acme/acme-challenge";
group = "nginx";
- user = "nginx";
};
diff --git a/makefu/2configs/minimal.nix b/makefu/2configs/minimal.nix
index 78a9dcfa6..d4feb9980 100644
--- a/makefu/2configs/minimal.nix
+++ b/makefu/2configs/minimal.nix
@@ -81,6 +81,4 @@
"net.ipv6.conf.all.use_tempaddr" = 2;
"net.ipv6.conf.default.use_tempaddr" = 2;
};
-
- services.nscd.enable = false;
}