summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/2configs/hw/x220.nix2
-rw-r--r--krebs/2configs/ircd.nix2
-rw-r--r--krebs/2configs/news.nix1
-rw-r--r--krebs/2configs/reaktor2.nix1
-rw-r--r--krebs/2configs/shack/worlddomination.nix4
-rw-r--r--krebs/3modules/bepasty-server.nix1
-rw-r--r--krebs/3modules/brockman.nix2
-rw-r--r--krebs/3modules/buildbot/master.nix1
-rw-r--r--krebs/3modules/buildbot/slave.nix1
-rw-r--r--krebs/3modules/exim.nix1
-rw-r--r--krebs/3modules/external/default.nix52
-rw-r--r--krebs/3modules/fetchWallpaper.nix1
-rw-r--r--krebs/3modules/git.nix2
-rw-r--r--krebs/3modules/github-hosts-sync.nix1
-rw-r--r--krebs/3modules/htgen.nix1
-rw-r--r--krebs/3modules/realwallpaper.nix1
-rw-r--r--krebs/3modules/tinc.nix1
-rw-r--r--krebs/3modules/tinc_graphs.nix1
-rw-r--r--krebs/5pkgs/override/default.nix46
-rw-r--r--krebs/5pkgs/override/flameshot/flameshot_imgur_0.6.0.patch34
-rw-r--r--krebs/5pkgs/override/flameshot/flameshot_imgur_0.9.0.patch35
-rw-r--r--krebs/5pkgs/simple/airdcpp-webclient/default.nix5
-rw-r--r--krebs/5pkgs/simple/cac-api/default.nix6
-rw-r--r--krebs/5pkgs/simple/dic/default.nix6
-rw-r--r--krebs/5pkgs/simple/drivedroid-gen-repo/default.nix6
-rw-r--r--krebs/5pkgs/simple/ergo.nix23
-rw-r--r--krebs/5pkgs/simple/ftb/default.nix4
-rw-r--r--krebs/5pkgs/simple/get/default.nix6
-rw-r--r--krebs/5pkgs/simple/github-hosts-sync/default.nix4
-rw-r--r--krebs/5pkgs/simple/internetarchive/default.nix4
-rw-r--r--krebs/5pkgs/simple/passwdqc-utils/default.nix14
-rw-r--r--krebs/5pkgs/simple/populate/default.nix5
-rw-r--r--krebs/5pkgs/simple/slog/default.nix4
-rw-r--r--krebs/5pkgs/simple/solanum/default.nix62
-rw-r--r--krebs/5pkgs/simple/solanum/dont-create-logdir.patch14
-rw-r--r--krebs/5pkgs/simple/ssh-audit.nix6
-rw-r--r--krebs/5pkgs/simple/tinc_graphs/default.nix4
-rw-r--r--krebs/5pkgs/simple/translate-shell/default.nix10
-rw-r--r--krebs/5pkgs/simple/whatsupnix/default.nix6
-rw-r--r--krebs/5pkgs/test/infest-cac-centos7/default.nix10
-rw-r--r--krebs/nixpkgs.json8
-rwxr-xr-xkrebs/update-nixpkgs.sh2
-rw-r--r--lass/1systems/coaxmetal/config.nix44
-rw-r--r--lass/1systems/coaxmetal/physical.nix1
-rw-r--r--lass/1systems/daedalus/config.nix1
-rw-r--r--lass/1systems/green/config.nix2
-rw-r--r--lass/1systems/icarus/physical.nix11
-rw-r--r--lass/1systems/prism/config.nix1
-rw-r--r--lass/1systems/uriel/config.nix1
-rw-r--r--lass/1systems/xerxes/config.nix5
-rw-r--r--lass/2configs/bitcoin.nix27
-rw-r--r--lass/2configs/ciko.nix1
-rw-r--r--lass/2configs/default.nix5
-rw-r--r--lass/2configs/elster.nix1
-rw-r--r--lass/2configs/games.nix1
-rw-r--r--lass/2configs/gg23.nix2
-rw-r--r--lass/2configs/htop.nix1
-rw-r--r--lass/2configs/mpv.nix2
-rw-r--r--lass/2configs/pass.nix2
-rw-r--r--lass/2configs/power-action.nix9
-rw-r--r--lass/2configs/review.nix14
-rw-r--r--lass/2configs/websites/domsen.nix45
-rw-r--r--lass/2configs/websites/lassulus.nix1
-rw-r--r--lass/2configs/wine.nix3
-rw-r--r--lass/2configs/xonsh.nix7
-rw-r--r--lass/3modules/browsers.nix13
-rw-r--r--lass/3modules/xjail.nix1
-rw-r--r--lass/5pkgs/tdlib-purple/default.nix22
-rw-r--r--tv/2configs/default.nix1
-rw-r--r--tv/2configs/gitrepos.nix2
-rw-r--r--tv/2configs/pulse.nix1
-rw-r--r--tv/2configs/xp-332.nix21
-rw-r--r--tv/5pkgs/override/default.nix8
-rw-r--r--tv/5pkgs/rpi/433Utils/default.nix4
-rw-r--r--tv/5pkgs/rpi/WiringPi/default.nix4
-rw-r--r--tv/5pkgs/simple/diff-so-fancy.nix6
-rw-r--r--tv/5pkgs/simple/fzmenu/default.nix9
-rw-r--r--tv/5pkgs/simple/hc.nix6
-rw-r--r--tv/5pkgs/simple/imagescan-plugin-networkscan.nix55
-rw-r--r--tv/5pkgs/simple/rox-filer.nix5
-rw-r--r--tv/5pkgs/simple/utsushi.nix217
81 files changed, 484 insertions, 478 deletions
diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix
index 3780e0d7d..bb273652d 100644
--- a/krebs/2configs/hw/x220.nix
+++ b/krebs/2configs/hw/x220.nix
@@ -22,8 +22,6 @@ with import <stockholm/lib>;
pkgs.vaapiVdpau
];
- security.rngd.enable = mkDefault true;
-
services.xserver = {
videoDriver = "intel";
};
diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix
index d4ac9e42a..d26aa5962 100644
--- a/krebs/2configs/ircd.nix
+++ b/krebs/2configs/ircd.nix
@@ -61,7 +61,7 @@
};
privset "op" {
- privs = oper:admin;
+ privs = oper:admin, oper:general;
};
operator "aids" {
diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
index 2da3e6fcc..84a39f95b 100644
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@@ -68,6 +68,7 @@
wantedBy = [ "multi-user.target" ];
};
+ systemd.services.brockman.bindsTo = [ "solanum.service" ];
systemd.services.brockman.serviceConfig.LimitNOFILE = 16384;
systemd.services.brockman.environment.BROCKMAN_LOG_LEVEL = "DEBUG";
krebs.brockman = {
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix
index 2823aabef..14e0a3d7a 100644
--- a/krebs/2configs/reaktor2.nix
+++ b/krebs/2configs/reaktor2.nix
@@ -119,6 +119,7 @@ in {
users.users.reaktor2 = {
uid = genid_uint31 "reaktor2";
home = stateDir;
+ isSystemUser = true;
};
krebs.reaktor2 = {
diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix
index 61b72d9a8..4bdb095f1 100644
--- a/krebs/2configs/shack/worlddomination.nix
+++ b/krebs/2configs/shack/worlddomination.nix
@@ -58,7 +58,7 @@ let
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/9c/f6/d839e4b14258d76e74a39810829c13f8dd31de2bfe0915579b2a609d1bbe/aiocoap-0.3.tar.gz"; sha256 = "402d4151db6d8d0b1d66af5b6e10e0de1521decbf12140637e5b8d2aa9c5aef6"; };
propagatedBuildInputs = [ ];
doCheck = false; # 2 errors, dunnolol
- meta = with pkgs.stdenv.lib; {
+ meta = with pkgs.lib; {
homepage = "";
license = licenses.mit;
description = "Python CoAP library";
@@ -68,7 +68,7 @@ let
name = "LinkHeader-0.4.3";
src = pkgs.fetchurl { url = "https://files.pythonhosted.org/packages/27/d4/eb1da743b2dc825e936ef1d9e04356b5701e3a9ea022c7aaffdf4f6b0594/LinkHeader-0.4.3.tar.gz"; sha256 = "7fbbc35c0ba3fbbc530571db7e1c886e7db3d718b29b345848ac9686f21b50c3"; };
propagatedBuildInputs = [ ];
- meta = with pkgs.stdenv.lib; {
+ meta = with pkgs.lib; {
homepage = "";
license = licenses.bsdOriginal;
description = "Parse and format link headers according to RFC 5988 \"Web Linking\"";
diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix
index ffa9a29e9..051646b63 100644
--- a/krebs/3modules/bepasty-server.nix
+++ b/krebs/3modules/bepasty-server.nix
@@ -146,6 +146,7 @@ let
uid = genid_uint31 "bepasty";
group = "bepasty";
home = "/var/lib/bepasty-server";
+ isSystemUser = true;
};
users.extraGroups.bepasty = {
gid = genid_uint31 "bepasty";
diff --git a/krebs/3modules/brockman.nix b/krebs/3modules/brockman.nix
index 9b2ed4a71..7a78880ea 100644
--- a/krebs/3modules/brockman.nix
+++ b/krebs/3modules/brockman.nix
@@ -12,7 +12,7 @@ in {
users.extraUsers.brockman = {
home = "/var/lib/brockman";
createHome = true;
- isNormalUser = false;
+ isSystemUser = true;
uid = genid_uint31 "brockman";
};
diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix
index 8995753ac..a845bb281 100644
--- a/krebs/3modules/buildbot/master.nix
+++ b/krebs/3modules/buildbot/master.nix
@@ -322,6 +322,7 @@ let
description = "Buildbot Master";
home = cfg.workDir;
createHome = false;
+ isSystemUser = true;
};
users.extraGroups.buildbotMaster = {
diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix
index c15169fba..d877b9911 100644
--- a/krebs/3modules/buildbot/slave.nix
+++ b/krebs/3modules/buildbot/slave.nix
@@ -131,6 +131,7 @@ let
description = "Buildbot Slave";
home = cfg.workDir;
createHome = false;
+ isSystemUser = true;
};
users.extraGroups.buildbotSlave = {
diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix
index 83d88cb0d..972c7f437 100644
--- a/krebs/3modules/exim.nix
+++ b/krebs/3modules/exim.nix
@@ -78,6 +78,7 @@ in {
inherit (cfg.user) home name uid;
createHome = true;
group = cfg.group.name;
+ isSystemUser = true;
};
};
};
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index 7a2075702..31cd9e2c3 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -563,6 +563,58 @@ in {
};
};
};
+ nxnx = {
+ owner = config.krebs.users.rtjure;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.122.126";
+ aliases = [
+ "nxnx.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA2JWNe54YaFM+flK3LlPwgOSgVRmZi+e+Qhc6uJYIxkQcAvJKpKJQ
+ 1M4h7OE7eiJLdDp/aGaHe4BuII15/0lFJwYf1Zt8E1zN54QtwuELkDgOhgkhgvVb
+ tO+maHh10xsQMFlhpUztEk8oQuBu5toC795nKY7lBR2o6V2dPbbVo1+qr7qArOWo
+ cBlshRhEDjuzJUMHLlUGu43/miWeDewAq4O7U/nNNEz/v8KbESqP9HtTjelAeWz6
+ zGha8hSn+Snkt76kP15drgn1L8MMFvnm5EeJ5VkehnpOi8Vi9Yqln+VGwlvbhEdK
+ ST0gxNBKoSvLITS1P/ypfiEXARUOffgq+kLA2Hyet0DfBjCMD+WkTBlj1QyXLs10
+ 3/xBntlOQqBcLIdpi/yRs7miyQlyblqsyiQOCukIvibdHB1RLdVBhUE3A7hgw4R+
+ +3ug/mQR+fDOpNB/sOkorcTVgA04KENUHc+6OqA0dvoAYr8l7N4+az3AtyHDNr5x
+ 4otjxOq4fmu80sbm5Ry9SoNYMc4fOuWIZDHZ/ntDKqzHw3BaNB9vNkpKj22nArI4
+ cwAMPPJMJJ+Ef7tIzZ+NKtPudqztoLa5AYNllV7K9gS6NG0Yzk6iIQ42bKgfsZFn
+ 9AkCdv8EycNIAIbBomPv2XIKYlKs3RfWEjRcSl3TQl4b3bilCicgnLECAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ nxnv = {
+ owner = config.krebs.users.rtjure;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.122.127";
+ aliases = [
+ "nxnv.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAxEs92W/wRl3wlB6fNS2KUS+ubFAPLkgQYhk4JXeEeTpUq1H27oxB
+ ZWgWOlLMqnvn3w+aHQviWWPl5F6jXCxDOWCwyLhZU4cs45+ub9KKezCeE8IN+gAt
+ NKDqmRFzao9EXoT7sR65BblqEUR/Aqpykv7n4JdL5pGDbw1GGJ6Xf5QZo2sYm4wp
+ wdqOROn/V2Sm8NgmD1K6Sa2i6BLHSvHqunI4qoTyMfGXl8sbw6I2iclpQy8td9bt
+ 1WA7F9kVTZdhaWgfpiZ8sKQ9LoFKoy6jnoppQcl/E8V2XNnjPy8obaLX9rTJ/deT
+ eW9qmfZeYiFSaDLLWEIZjhaU2l9z72oWyUW8w8GZQD+ypGi+UDMkbAhRHiaVGOZy
+ S7AodiEL2Ebzj6XJaNYC3LYm5R8U6XlvcHwn4FDtgKkqwXz08cZsPwQLoBjXUEi/
+ 9/A5WEwrmp62TJ/ZRcRwV8/dBklrc/4FT0q0CiMuCWcbjF891d68TvcXlVU3gCwN
+ ld80CS17o2dOsBBW4nft7+9tL545p7mMjw6Oa4kRUTo2n1mYkMdTGZR+tOCD6hvW
+ 45IG7vGq5EnRwolekGoMRf8RthajU2RXcIoNWnVon0so0Rja+AU9G7dobd/2qila
+ jta1Mou2vzUSAbdwXtBwJHlV9882p1utMlU9XVEZwQXfWSt488tQqzsCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
ada = {
owner = config.krebs.users.filly;
nets = {
diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix
index e89b86e32..852c8f630 100644
--- a/krebs/3modules/fetchWallpaper.nix
+++ b/krebs/3modules/fetchWallpaper.nix
@@ -57,6 +57,7 @@ let
description = "fetchWallpaper user";
home = cfg.stateDir;
createHome = true;
+ isSystemUser = true;
};
systemd.timers.fetchWallpaper = {
diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix
index 4eb881341..d31d91b7c 100644
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@@ -366,6 +366,7 @@ let
# To allow running cgit-clear-cache via hooks.
cfg.cgit.fcgiwrap.group.name
];
+ isSystemUser = true;
shell = "/bin/sh";
openssh.authorizedKeys.keys =
unique
@@ -384,6 +385,7 @@ let
users.${cfg.cgit.fcgiwrap.user.name} = {
inherit (cfg.cgit.fcgiwrap.user) home name uid;
group = cfg.cgit.fcgiwrap.group.name;
+ isSystemUser = true;
};
};
diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix
index 7d618ebfd..d385ec355 100644
--- a/krebs/3modules/github-hosts-sync.nix
+++ b/krebs/3modules/github-hosts-sync.nix
@@ -65,6 +65,7 @@ let
users.users.${user.name} = {
inherit (user) uid;
home = cfg.dataDir;
+ isSystemUser = true;
};
};
diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix
index 70c4fcd2b..063bccc68 100644
--- a/krebs/3modules/htgen.nix
+++ b/krebs/3modules/htgen.nix
@@ -66,6 +66,7 @@ let
nameValuePair htgen.user.name {
inherit (htgen.user) home name uid;
createHome = true;
+ isSystemUser = true;
}
) cfg;
diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix
index 86b74a8ca..76f333963 100644
--- a/krebs/3modules/realwallpaper.nix
+++ b/krebs/3modules/realwallpaper.nix
@@ -60,6 +60,7 @@ let
uid = genid "realwallpaper";
home = cfg.workingDir;
createHome = true;
+ isSystemUser = true;
};
};
diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix
index 4252c8d3b..a8a78a43e 100644
--- a/krebs/3modules/tinc.nix
+++ b/krebs/3modules/tinc.nix
@@ -236,6 +236,7 @@ let
nameValuePair "${netname}" {
inherit (cfg.user) home name uid;
createHome = true;
+ isSystemUser = true;
}
) config.krebs.tinc;
diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix
index 33a24871f..19cce8aa4 100644
--- a/krebs/3modules/tinc_graphs.nix
+++ b/krebs/3modules/tinc_graphs.nix
@@ -127,6 +127,7 @@ let
users.extraUsers.tinc_graphs = {
uid = genid_uint31 "tinc_graphs";
home = "/var/spool/tinc_graphs";
+ isSystemUser = true;
};
services.nginx = mkIf cfg.nginx.enable {
enable = mkDefault true;
diff --git a/krebs/5pkgs/override/default.nix b/krebs/5pkgs/override/default.nix
index 926e9dccd..4cb6a1cb4 100644
--- a/krebs/5pkgs/override/default.nix
+++ b/krebs/5pkgs/override/default.nix
@@ -11,44 +11,14 @@ self: super: {
});
flameshot = super.flameshot.overrideAttrs (old: rec {
- patches = old.patches or [] ++ [
- (self.writeText "flameshot-imgur.patch" /* diff */ ''
---- a/src/tools/imgur/imguruploader.cpp
-+++ b/src/tools/imgur/imguruploader.cpp
-@@ -40,6 +40,7 @@
- #include <QTimer>
- #include <QJsonDocument>
- #include <QJsonObject>
-+#include <stdlib.h>
-
- ImgurUploader::ImgurUploader(const QPixmap &capture, QWidget *parent) :
- QWidget(parent), m_pixmap(capture)
-@@ -74,7 +75,10 @@ void ImgurUploader::handleReply(QNetworkReply *reply) {
- QJsonObject json = response.object();
- QJsonObject data = json["data"].toObject();
- m_imageURL.setUrl(data["link"].toString());
-- m_deleteImageURL.setUrl(QString("https://imgur.com/delete/%1").arg(
-+ char *deleteImageURLPattern = secure_getenv("IMGUR_DELETE_URL");
-+ if (deleteImageURLPattern == NULL)
-+ deleteImageURLPattern = "https://imgur.com/delete/%1";
-+ m_deleteImageURL.setUrl(QString(deleteImageURLPattern).arg(
- data["deletehash"].toString()));
- onUploadOk();
- } else {
-@@ -105,7 +109,10 @@ void ImgurUploader::upload() {
- QString description = FileNameHandler().parsedPattern();
- urlQuery.addQueryItem("description", description);
-
-- QUrl url("https://api.imgur.com/3/image");
-+ char *createImageURLPattern = secure_getenv("IMGUR_CREATE_URL");
-+ if (createImageURLPattern == NULL)
-+ createImageURLPattern = "https://api.imgur.com/3/image";
-+ QUrl url(createImageURLPattern);
- url.setQuery(urlQuery);
- QNetworkRequest request(url);
- request.setHeader(QNetworkRequest::ContentTypeHeader,
- '')
- ];
+ patches = old.patches or [] ++ {
+ "0.6.0" = [
+ ./flameshot/flameshot_imgur_0.6.0.patch
+ ];
+ "0.9.0" = [
+ ./flameshot/flameshot_imgur_0.9.0.patch
+ ];