diff options
-rw-r--r-- | krebs/3modules/tv/default.nix | 46 | ||||
-rw-r--r-- | krebs/5pkgs/simple/withGetopt.nix | 118 | ||||
-rw-r--r-- | lass/1systems/helios/config.nix | 5 | ||||
-rw-r--r-- | lass/1systems/mors/config.nix | 3 | ||||
-rw-r--r-- | lass/2configs/exim-smarthost.nix | 1 | ||||
-rw-r--r-- | lass/2configs/websites/lassulus.nix | 56 | ||||
-rw-r--r-- | lass/3modules/umts.nix | 6 | ||||
-rw-r--r-- | lib/shell.nix | 11 | ||||
-rw-r--r-- | shell.nix | 142 | ||||
-rw-r--r-- | tv/1systems/cd/config.nix | 35 | ||||
-rw-r--r-- | tv/1systems/cd/source.nix | 3 | ||||
-rw-r--r-- | tv/1systems/xu/config.nix | 6 | ||||
-rw-r--r-- | tv/2configs/br.nix | 49 | ||||
-rw-r--r-- | tv/2configs/default.nix | 6 | ||||
-rw-r--r-- | tv/3modules/charybdis/default.nix | 2 | ||||
-rw-r--r-- | tv/3modules/default.nix | 1 | ||||
-rw-r--r-- | tv/3modules/nixpkgs-overlays.nix | 23 | ||||
-rw-r--r-- | tv/5pkgs/simple/mfcl2700dncupswrapper/default.nix | 45 | ||||
-rw-r--r-- | tv/5pkgs/simple/mfcl2700dnlpr/default.nix | 44 |
19 files changed, 417 insertions, 185 deletions
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 79fa27bad..e80becfa7 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -32,52 +32,6 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_rsa>; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q=="; }; - cd = { - ci = true; - cores = 2; - extraZones = { - # TODO generate krebsco.de zone from nets and don't use extraZones at all - "krebsco.de" = '' - cd 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr} - ''; - }; - nets = { - internet = { - ip4.addr = "45.62.237.203"; - aliases = [ - "cd.i" - "cd.krebsco.de" - ]; - ssh.port = 11423; - }; - retiolum = { - via = config.krebs.hosts.cd.nets.internet; - ip4.addr = "10.243.113.222"; - ip6.addr = "42:4522:25f8:36bb:8ccb:150:231a:2af3"; - aliases = [ - "cd.r" - "cgit.cd.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAvmCBVNKT/Su4v9nl/Nm3STPo5QxWPg7xEkzIs3Oh39BS8+r6/7UQ - rebib7mczb+ebZd+Rg2yFoGrWO8cmM0VcLy5bYRMK7in8XroLEjWecNNM4TRfNR4 - e53+LhcPdkxo0A3/D+yiut+A2Mkqe+4VXDm/JhAiAYkZTn7jUtj00Atrc7CWW1gN - sP3jIgv4+CGftdSYOB4dm699B7OD9XDLci2kOaFqFl4cjDYUok03G0AduUlRx10v - CKbKOTIdm8C36A902/3ms+Hyzkruu+VagGIZuPSwqXHJPCu7Ju+jarKQstMmpQi0 - PubweWDL0o/Dfz2qT3DuL4xDecIvGE6kv3m41hHJYiK+2/azTSehyPFbsVbL7w0V - LgKN3usnZNcpTsBWxRGT7nMFSnX2FLDu7d9OfCuaXYxHVFLZaNrpccOq8NF/7Hbk - DDW81W7CvLyJDlp0WLnAawSOGTUTPoYv/2wAapJ89i8QGCueGvEc6o2EcnBVMFEW - ejWTQzyD816f4RsplnrRqLVlIMbr9Q/n5TvlgjjhX7IMEfMy4+7qLGRQkNbFzgwK - jxNG2fFSCjOEQitm0gAtx7QRIyvYr6c7/xiHz4AwxYzBmvQsL/OK57NO4+Krwgj5 - Vk8TQ2jGO7J4bB38zaxK+Lrtfl8i1AK1171JqFMhOc34JSJ7T4LWDMECAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOd/HqZIO9Trn3eycl23GZAz21HQCISaVNfNyaLSQvJ6"; - }; ju = { external = true; nets = { diff --git a/krebs/5pkgs/simple/withGetopt.nix b/krebs/5pkgs/simple/withGetopt.nix new file mode 100644 index 000000000..196e6765a --- /dev/null +++ b/krebs/5pkgs/simple/withGetopt.nix @@ -0,0 +1,118 @@ +with import <stockholm/lib>; +{ utillinux, writeDash }: + +opt-spec: cmd-spec: let + + cmd = cmd-spec opts; + + cmd-script = + if typeOf cmd == "set" + then "exec ${cmd}" + else cmd; + + opts = mapAttrs (name: value: value // rec { + long = value.long or (replaceStrings ["_"] ["-"] name); + ref = value.ref or "\"\$${varname}\""; + short = value.short or null; + switch = value.switch or false; + varname = value.varname or (replaceStrings ["-"] ["_"] name); + }) opt-spec; + + # true if b requires a to define its default value + opts-before = a: b: + test ".*[$]${stringAsChars (c: "[${c}]") a.varname}\\>.*" (b.default or ""); + + opts-list = let + sort-out = toposort opts-before (attrValues opts); + in + if sort-out ? result + then sort-out.result + else throw "toposort output: ${toJSON sort-out}"; + + wrapper-name = + if typeOf cmd == "set" && cmd ? name + then "${cmd.name}-getopt" + else "getopt-wrapper"; + +in writeDash wrapper-name '' + set -efu + + wrapper_name=${shell.escape wrapper-name} + + ${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ '' + unset ${opt.varname} + '') opts)} + + args=$(${utillinux}/bin/getopt \ + -l ${shell.escape + (concatMapStringsSep "," + (opt: opt.long + optionalString (!opt.switch) ":") + (filter (opt: opt.long != null) + (attrValues opts)))} \ + -n "$wrapper_name" \ + -o ${shell.escape + (concatMapStringsSep "" + (opt: opt.short + optionalString (!opt.switch) ":") + (filter (opt: opt.short != null) + (attrValues opts)))} \ + -s sh \ + -- "$@") + if \test $? != 0; then exit 1; fi + eval set -- "$args" + + while :; do + case $1 in + ${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ '' + (${concatMapStringsSep "|" shell.escape (filter (x: x != "") [ + (optionalString (opt.long != null) "--${opt.long}") + (optionalString (opt.short != null) "-${opt.short}") + ])}) + ${if opt.switch then /* sh */ '' + ${opt.varname}=true + shift + '' else /* sh */ '' + ${opt.varname}=$2 + shift 2 + ''} + ;; + '') (filterAttrs + (_: opt: opt.long != null || opt.short != null) + opts))} + --) + shift + break + esac + done + + ${concatMapStringsSep "\n" + (opt: /* sh */ '' + if \test "''${${opt.varname}+1}" != 1; then + printf '%s: missing mandatory option '--%s'\n' \ + "$wrapper_name" \ + ${shell.escape opt.long} + error=1 + fi + '') + (filter + (x: ! hasAttr "default" x) + (attrValues opts))} + if test "''${error+1}" = 1; then + exit 1 + fi + + ${concatMapStringsSep "\n" + (opt: /* sh */ '' + if \test "''${${opt.varname}+1}" != 1; then + ${opt.varname}=${opt.default} + fi + '') + (filter + (hasAttr "default") + opts-list)} + + ${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ '' + export ${opt.varname} + '') opts)} + + ${cmd-script} "$@" +'' diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 89949bcbf..37bdc0290 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -11,6 +11,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/otp-ssh.nix> <stockholm/lass/2configs/git.nix> + <stockholm/lass/2configs/fetchWallpaper.nix> { # automatic hardware detection boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.kernelModules = [ "kvm-intel" ]; @@ -31,7 +32,6 @@ with import <stockholm/lib>; }; nix.maxJobs = lib.mkDefault 8; - powerManagement.cpuFreqGovernor = "powersave"; } { # crypto stuff boot.initrd.luks = { @@ -45,7 +45,7 @@ with import <stockholm/lib>; { services.xserver.dpi = 200; fonts.fontconfig.dpi = 200; - lass.myFont = "-schumacher-clean-*-*-*-*-26-*-*-*-*-*-iso10646-1"; + lass.myFont = "-schumacher-clean-*-*-*-*-25-*-*-*-*-*-iso10646-1"; } ]; krebs.build.host = config.krebs.hosts.helios; @@ -83,4 +83,5 @@ with import <stockholm/lib>; programs.ssh.startAgent = lib.mkForce true; + services.tlp.enable = true; } diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 4d2f8b0f8..8b90cce77 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -38,7 +38,7 @@ with import <stockholm/lib>; { lass.umts = { enable = true; - modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_C12AD95CB7B78F90-if09"; + modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_2C7D8D7C35FC7040-if09"; initstrings = '' Init1 = AT+CFUN=1 Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 @@ -133,6 +133,7 @@ with import <stockholm/lib>; iodine macchanger + dpass ]; #TODO: fix this shit diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index a70d58828..c9d7a369a 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -42,6 +42,7 @@ with import <stockholm/lib>; { from = "securityfocus@lassul.us"; to = lass.mail; } { from = "radio@lassul.us"; to = lass.mail; } { from = "btce@lassul.us"; to = lass.mail; } + { from = "raf@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index d37dd5301..17c39a5f4 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -6,10 +6,66 @@ let genid ; + servephpBB = domains: + let + domain = head domains; + + in { + services.nginx.virtualHosts."${domain}" = { + enableACME = true; + forceSSL = true; + serverAliases = domains; + extraConfig = '' + index index.php; + root /srv/http/${domain}/; + access_log /tmp/nginx_acc.log; + error_log /tmp/nginx_err.log; + error_page 404 /404.html; + error_page 500 502 503 504 /50x.html; + client_max_body_size 100m; + ''; + locations."/".extraConfig = '' + try_files $uri $uri/ /index.php?$args; + ''; + locations."~ \.php(?:$|/)".extraConfig = '' + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include ${pkgs.nginx}/conf/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param HTTPS on; + fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice + fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool; + fastcgi_intercept_errors on; + ''; + #Directives to send expires headers and turn off 404 error logging. + locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = '' + access_log off; + log_not_found off; + expires max; + ''; + }; + services.phpfpm.poolConfigs."${domain}" = '' + listen = /srv/http/${domain}/phpfpm.pool + user = nginx + group = nginx + pm = dynamic + pm.max_children = 25 + pm.start_servers = 5 + pm.min_spare_servers = 3 + pm.max_spare_servers = 20 + listen.owner = nginx + listen.group = nginx + php_admin_value[error_log] = 'stderr' + php_admin_flag[log_errors] = on + catch_workers_output = yes + ''; + }; + in { imports = [ ./default.nix ../git.nix + (servephpBB [ "rote-allez-fraktion.de" ]) ]; security.acme = { diff --git a/lass/3modules/umts.nix b/lass/3modules/umts.nix index c93c65ad2..207278440 100644 --- a/lass/3modules/umts.nix +++ b/lass/3modules/umts.nix @@ -61,6 +61,7 @@ let ''; wvdial-defaults = '' + [Dialer Defaults] Modem = ${cfg.modem} ${cfg.initstrings} Modem Type = Analog Modem @@ -70,6 +71,7 @@ let Password = ${cfg.password} Stupid Mode = 1 Idle Seconds = 0 + PPPD Path = ${pkgs.ppp}/bin/pppd ''; imp = { @@ -77,6 +79,10 @@ let umts = "sudo ${umts-bin}/bin/umts"; }; + environment.systemPackages = [ + pkgs.ppp + ]; + security.sudo.extraConfig = '' lass ALL= (root) NOPASSWD: ${umts-bin}/bin/umts ''; diff --git a/lib/shell.nix b/lib/shell.nix index f9779028e..5be8d6759 100644 --- a/lib/shell.nix +++ b/lib/shell.nix @@ -7,10 +7,13 @@ rec { let isSafeChar = testString "[-+./0-9:=A-Z_a-z]"; in - stringAsChars (c: - if isSafeChar c then c - else if c == "\n" then "'\n'" - else "\\${c}"); + x: + if x == "" then "''" + else stringAsChars (c: + if isSafeChar c then c + else if c == "\n" then "'\n'" + else "\\${c}" + ) x; # # shell script generators @@ -6,43 +6,38 @@ let # high level commands # - # usage: deploy - # [--force-populate] - # [--quiet] - # [--source=PATH] - # --system=SYSTEM - # [--target=TARGET] - # [--user=USER] - cmds.deploy = pkgs.writeDash "cmds.deploy" '' + cmds.deploy = pkgs.withGetopt { + force-populate = { default = /* sh */ "false"; switch = true; }; + quiet = { default = /* sh */ "false"; switch = true; }; + source_file = { + default = /* sh */ "$user/1systems/$system/source.nix"; + long = "source"; + }; + system = {}; + target.default = /* sh */ "$system"; + user.default = /* sh */ "$LOGNAME"; + } (opts: pkgs.writeDash "cmds.deploy" '' set -efu - command=deploy - . ${init.args} - \test -n "''${quiet-}" || quiet=false - \test -n "''${target-}" || target=$system - \test -n "''${user-}" || user=$LOGNAME - \test -n "''${source_file}" || source_file=$user/1systems/$system/source.nix . ${init.env} - . ${init.proxy} + . ${init.proxy opts} exec ${utils.deploy} - ''; - - # usage: install - # [--force-populate] - # [--quiet] - # [--source=PATH] - # --system=SYSTEM - # --target=TARGET - # [--user=USER] - cmds.install = pkgs.writeBash "cmds.install" '' + ''); + + cmds.install = pkgs.withGetopt { + force-populate = { default = /* sh */ "false"; switch = true; }; + quiet = { default = /* sh */ "false"; switch = true; }; + source_file = { + default = /* sh */ "$user/1systems/$system/source.nix"; + long = "source"; + }; + system = {}; + target = {}; + user.default = /* sh */ "$LOGNAME"; + } (opts: pkgs.writeBash "cmds.install" '' set -efu - command=install - . ${init.args} - \test -n "''${quiet-}" || quiet=false - \test -n "''${user-}" || user=$LOGNAME - \test -n "''${source_file}" || source_file=$user/1systems/$system/source.nix . ${init.env} if \test "''${using_proxy-}" != true; then @@ -55,7 +50,7 @@ let # TODO inline prepare.sh? fi - . ${init.proxy} + . ${init.proxy opts} # Reset PATH because we need access to nixos-install. # TODO provide nixos-install instead of relying on prepare.sh @@ -75,30 +70,28 @@ let cd exec nixos-install - ''; - - # usage: test - # [--force-populate] - # [--quiet] - # [--source=PATH] - # --system=SYSTEM - # --target=TARGET - # [--user=USER] - cmds.test = pkgs.writeDash "cmds.test" /* sh */ '' + ''); + + cmds.test = pkgs.withGetopt { + force-populate = { default = /* sh */ "false"; switch = true; }; + quiet = { default = /* sh */ "false"; switch = true; }; + source_file = { + default = /* sh */ "$user/1systems/$system/source.nix"; + long = "source"; + }; + system = {}; + target = {}; + user.default = /* sh */ "$LOGNAME"; + } (opts: pkgs.writeDash "cmds.test" /* sh */ '' set -efu export dummy_secrets=true - command=test - . ${init.args} - \test -n "''${quiet-}" || quiet=false - \test -n "''${user-}" || user=$LOGNAME - \test -n "''${source_file}" || source_file=$user/1systems/$system/source.nix . ${init.env} - . ${init.proxy} + . ${init.proxy opts} exec ${utils.build} config.system.build.toplevel - ''; + ''); # # low level commands @@ -118,19 +111,13 @@ let # usage: parse-target [--default=TARGET] TARGET # TARGET = [USER@]HOST[:PORT][/PATH] - cmds.parse-target = pkgs.writeDash "cmds.parse-target" '' + cmds.parse-target = pkgs.withGetopt { + default_target = { + long = "default"; + short = "d"; + }; + } (opts: pkgs.writeDash "cmds.parse-target" '' set -efu - args=$(${pkgs.utillinux}/bin/getopt -n "$0" -s sh \ - -o d: \ - -l default: \ - -- "$@") - if \test $? != 0; then exit 1; fi - eval set -- "$args" - default_target= - while :; do case $1 in - -d|--default) default_target=$2; shift 2;; - --) shift; break;; - esac; done target=$1; shift for arg; do echo "$0: bad argument: $arg" >&2; done if \test $# != 0; then exit 2; fi @@ -149,7 +136,7 @@ let ($default_target | parse) + ($target | parse | sanitize) | . + { local: (.user == env.LOGNAME and .host == env.HOSTNAME) } ''} - ''; + ''); # usage: quote [ARGS...] cmds.quote = pkgs.writeDash "cmds.quote" '' @@ -163,28 +150,6 @@ let echo ''; - init.args = pkgs.writeText "init.args" /* sh */ '' - args=$(${pkgs.utillinux}/bin/getopt -n "$command" -s sh \ - -o Qs:t:u: \ - -l force-populate,quiet,source:,system:,target:,user: \ - -- "$@") - if \test $? != 0; then exit 1; fi - eval set -- "$args" - force_populate=false - source_file= - while :; do case $1 in - --force-populate) force_populate=true; shift;; - -Q|--quiet) quiet=true; shift;; - --source) source_file=$2; shift 2;; - -s|--system) system=$2; shift 2;; - -t|--target) target=$2; shift 2;; - -u|--user) user=$2; shift 2;; - --) shift; break;; - esac; done - for arg; do echo "$command: bad argument: $arg" >&2; done - if \test $# != 0; then exit 2; fi - ''; - init.env = pkgs.writeText "init.env" /* sh */ '' export quiet export system @@ -201,7 +166,7 @@ let export target_local="$(echo $target_object | ${pkgs.jq}/bin/jq -r .local)" ''; - init.proxy = pkgs.writeText "init.proxy" /* sh */ '' + init.proxy = opts: pkgs.writeText "init.proxy" /* sh */ '' if \test "''${using_proxy-}" != true; then source=$(get-source "$source_file") @@ -219,11 +184,12 @@ let NIX_PATH=$(quote "$target_path") \ STOCKHOLM_VERSION=$(quote "$STOCKHOLM_VERSION") \ nix-shell --run "$(quote " - quiet=$(quote "$quiet") \ - system=$(quote "$system") \ - target=$(quote "$target") \ + ${lib.concatStringsSep " " (lib.mapAttrsToList + (name: opt: /* sh */ "${opt.varname}=\$(quote ${opt.ref})") + opts + )} \ using_proxy=true \ - $(quote "$command" "$@") + $(quote "$0" "$@") ")" fi fi diff --git a/tv/1systems/cd/config.nix b/tv/1systems/cd/config.nix deleted file mode 100644 index 341a62e45..000000000 --- a/tv/1systems/cd/config.nix +++ /dev/null @@ -1,35 +0,0 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: let - - bestGuessGateway = addr: elemAt (match "(.*)(\.[^.])" addr) 0 + ".1"; - -in { - krebs.build.host = config.krebs.hosts.cd; - - imports = [ - <stockholm/tv> - <stockholm/tv/2configs/hw/CAC-Developer-2.nix> - <stockholm/tv/2configs/fs/CAC-CentOS-7-64bit.nix> - <stockholm/tv/2configs/exim-smarthost.nix> - <stockholm/tv/2configs/retiolum.nix> - ]; - - networking = let - address = config.krebs.build.host.nets.internet.ip4.addr; - in { - defaultGateway = bestGuessGateway address; - interfaces.enp2s1.ip4 = singleton { - inherit address; - prefixLength = 24; - }; - nameservers = ["8.8.8.8"]; - }; - - environment.systemPackages = with pkgs; [ - iftop - iotop - iptables - nethogs - tcpdump - ]; -} diff --git a/tv/1systems/cd/source.nix b/tv/1systems/cd/source.nix deleted file mode 100644 index 019e8bc22..000000000 --- a/tv/1systems/cd/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/tv/source.nix> { - name = "cd"; -} diff --git a/tv/1systems/xu/config.nix b/tv/1systems/xu/config.nix index 0abd544ce..0363c983d 100644 --- a/tv/1systems/xu/config.nix +++ b/tv/1systems/xu/config.nix @@ -16,6 +16,7 @@ with import <stockholm/lib>; <stockholm/tv/2configs/pulse.nix> <stockholm/tv/2configs/retiolum.nix> <stockholm/tv/2configs/binary-cache> + <stockholm/tv/2configs/br.nix> <stockholm/tv/2configs/xserver> { environment.systemPackages = with pkgs; [ @@ -155,5 +156,10 @@ with import <stockholm/lib>; # The NixOS release to be compatible with for stateful data such as databases. system.stateVersion = "15.09"; + tv.nixpkgs-overlays = { + krebs = "/home/tv/stockholm/krebs/5pkgs"; + tv = "/home/tv/stockholm/tv/5pkgs"; + }; + virtualisation.virtualbox.host.enable = true; } diff --git a/tv/2configs/br.nix b/tv/2configs/br.nix new file mode 100644 index 000000000..c7eb20e90 --- /dev/null +++ b/tv/2configs/br.nix @@ -0,0 +1,49 @@ +with import <stockholm/lib>; +{ config, pkgs, ... }: { + + imports = [ + <nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix> + ]; + + krebs.nixpkgs.allowUnfreePredicate = pkg: any (flip hasPrefix pkg.name) [ + "brother-udev-rule-type1-" + "brscan4-" + "mfcl2700dnlpr-" + ]; + + hardware.sane = { + enable = true; + brscan4 = { + enable = true; + netDevices = { + bra = { + model = "MFCL2700DN"; + ip = "10.23.1.214"; + }; + }; + }; + }; + + services.saned.enable = true; + + # usage: scanimage -d "$(find-scanner bra)" --batch --format=tiff --resolution 150 -x 211 -y 298 + environment.systemPackages = [ + (pkgs.writeDashBin "find-scanner" '' + set -efu + name=$1 + ${pkgs.sane-backends}/bin/scanimage -f '%m %d + ' \ + | ${pkgs.gawk}/bin/awk -v dev="*$name" '$1 == dev { print $2; exit }' \ + | ${pkgs.gnugrep}/bin/grep . + '') + ]; + + services.printing = { + enable = true; + drivers = [ + pkgs.mfcl2700dncupswrapper + ]; + }; + + systemd.services.cups.serviceConfig.PrivateTmp = true; +} diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 241a16b25..9ad0253a3 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -90,11 +90,7 @@ with import <stockholm/lib>; environment.variables = { NIX_PATH = mkForce (concatStringsSep ":" [ "secrets=/var/src/stockholm/null" - "nixpkgs-overlays=${pkgs.runCommand "nixpkgs-overlays" {} '' - mkdir $out - ln -s /home/tv/stockholm/krebs/5pkgs $out/krebs - ln -s /home/tv/stockholm/tv/5pkgs $out/tv - ''}" + "nixpkgs-overlays=${config.tv.nixpkgs-overlays}" "/var/src" ]); }; diff --git a/tv/3modules/charybdis/default.nix b/tv/3modules/charybdis/default.nix index 859dc122c..e252f2e1d 100644 --- a/tv/3modules/charybdis/default.nix +++ b/tv/3modules/charybdis/default.nix @@ -52,7 +52,7 @@ in { systemd.services.charybdis = { wantedBy = [ "multi-user.target" ]; requires = [ "secret.service" ]; - after = [ "network.target" "secret.service" ]; + after = [ "network-online.target" "secret.service" ]; environment = { BANDB_DBPATH = "${cfg.user.home}/ban.db"; }; diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix index 83dc212a6..57ffbfab8 100644 --- a/tv/3modules/default.nix +++ b/tv/3modules/default.nix @@ -6,6 +6,7 @@ _: ./ejabberd ./hosts.nix ./iptables.nix + ./nixpkgs-overlays.nix ./x0vncserver.nix ]; } diff --git a/tv/3modules/nixpkgs-overlays.nix b/tv/3modules/nixpkgs-overlays.nix new file mode 100644 index 000000000..4eb7a86bd --- /dev/null +++ b/tv/3modules/nixpkgs-overlays.nix @@ -0,0 +1,23 @@ +with import <stockholm/lib>; +{ config, pkgs, ... }: { + + options.tv.nixpkgs-overlays = mkOption { + apply = src: + pkgs.runCommand "nixpkgs-overlays" {} '' + mkdir $out + ${concatStringsSep "\n" (mapAttrsToList (name: path: + "ln -s ${shell.escape path} $out/${shell.escape name}" + ) src)} + '' // { + inherit src; + }; + type = types.attrsOf types.absolute-pathname; + }; + + config = { + tv.nixpkgs-overlays = { + krebs = mkDefault "/var/src/stockholm/krebs/5pkgs"; + tv = mkDefault "/var/src/stockholm/tv/5pkgs"; + }; + }; +} diff --git a/tv/5pkgs/simple/mfcl2700dncupswrapper/default.nix b/tv/5pkgs/simple/mfcl2700dncupswrapper/default.nix new file mode 100644 index 000000000..1ef018b33 --- /dev/null +++ b/tv/5pkgs/simple/mfcl2700dncupswrapper/default.nix @@ -0,0 +1,45 @@ +{ coreutils, dpkg, fetchurl, gnugrep, gnused, makeWrapper, mfcl2700dnlpr, +perl, stdenv }: + +stdenv.mkDerivation rec { + name = "mfcl2700dncupswrapper-${meta.version}"; + + src = fetchurl { + url = "http://download.brother.com/welcome/dlf102086/${name}.i386.deb"; + sha256 = "07w48mah0xbv4h8vsh1qd5cd4b463bx8y6gc5x9pfgsxsy6h6da1"; + }; + + nativeBuildInputs = [ dpkg makeWrapper ]; + + phases = [ "installPhase" ]; + + installPhase = '' + dpkg-deb -x $src $out + + basedir=${mfcl2700dnlpr}/opt/brother/Printers/MFCL2700DN + dir=$out/opt/brother/Printers/MFCL2700DN + + substituteInPlace $dir/cupswrapper/brother_lpdwrapper_MFCL2700DN \ + --replace /usr/bin/perl ${perl}/bin/perl \ + --replace "basedir =~" "basedir = \"$basedir\"; #" \ + --replace "PRINTER =~" "PRINTER = \"MFCL2700DN\"; #" + + wrapProgram $dir/cupswrapper/brother_lpdwrapper_MFCL2700DN \ + --prefix PATH : ${stdenv.lib.makeBinPath [ coreutils gnugrep gnused ]} + + mkdir -p $out/lib/cups/filter + mkdir -p $out/share/cups/model + + ln $dir/cupswrapper/brother_lpdwrapper_MFCL2700DN $out/lib/cups/filter + ln $dir/cupswrapper/brother-MFCL2700DN-cups-en.ppd $out/share/cups/model + ''; + + meta = { + description = "Brother MFC-L2700DN CUPS wrapper driver"; + homepage = "http://www.brother.com/"; + license = stdenv.lib.licenses.gpl2Plus; + maintainers = [ stdenv.lib.maintainers.tv ]; + platforms = stdenv.lib.platforms.linux; + version = "3.2.0-1"; + }; +} diff --git a/tv/5pkgs/simple/mfcl2700dnlpr/default.nix b/tv/5pkgs/simple/mfcl2700dnlpr/default.nix new file mode 100644 index 000000000..fc11b53e9 --- /dev/null +++ b/tv/5pkgs/simple/mfcl2700dnlpr/default.nix @@ -0,0 +1,44 @@ +{ coreutils, dpkg, fetchurl, ghostscript, gnugrep, gnused, pkgsi686Linux, makeWrapper, perl, stdenv, which }: + +stdenv.mkDerivation rec { + name = "mfcl2700dnlpr-${meta.version}"; + + src = fetchurl { + url = "http://download.brother.com/welcome/dlf102085/${name}.i386.deb"; + sha256 = "170qdzxlqikzvv2wphvfb37m19mn13az4aj88md87ka3rl5knk4m"; + }; + + nativeBuildInputs = [ dpkg makeWrapper ]; + + phases = [ "installPhase" ]; + + installPhase = '' + dpkg-deb -x $src $out + + dir=$out/opt/brother/Printers/MFCL2700DN + + substituteInPlace $dir/lpd/filter_MFCL2700DN \ + --replace /usr/bin/perl ${perl}/bin/perl \ + --replace "BR_PRT_PATH =~" "BR_PRT_PATH = \"$dir\"; #" \ + --replace "PRINTER =~" "PRINTER = \"MFCL2700DN\"; #" + + wrapProgram $dir/lpd/filter_MFCL2700DN \ + --prefix PATH : ${stdenv.lib.makeBinPath [ + coreutils ghostscript gnugrep gnused which + ]} + + interpreter=${pkgsi686Linux.stdenv.cc.libc.out}/lib/ld-linux.so.2 + patchelf --set-interpreter "$interpreter" $dir/inf/braddprinter + patchelf --set-interpreter "$interpreter" $dir/lpd/brprintconflsr3 + patchelf --set-interpreter "$interpreter" $dir/lpd/rawtobr3 + ''; + + meta = { + description = "Brother MFC-L2700DN LPR driver"; + homepage = "http://www.brother.com/"; + license = stdenv.lib.licenses.unfree; + maintainers = [ stdenv.lib.maintainers.tv ]; + platforms = stdenv.lib.platforms.linux; + version = "3. |