summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/tv/default.nix46
-rw-r--r--krebs/5pkgs/simple/withGetopt.nix118
-rw-r--r--lass/1systems/helios/config.nix5
-rw-r--r--lass/1systems/mors/config.nix3
-rw-r--r--lass/2configs/exim-smarthost.nix1
-rw-r--r--lass/2configs/websites/lassulus.nix56
-rw-r--r--lass/3modules/umts.nix6
-rw-r--r--lib/shell.nix11
-rw-r--r--shell.nix142
-rw-r--r--tv/1systems/cd/config.nix35
-rw-r--r--tv/1systems/cd/source.nix3
-rw-r--r--tv/1systems/xu/config.nix6
-rw-r--r--tv/2configs/br.nix49
-rw-r--r--tv/2configs/default.nix6
-rw-r--r--tv/3modules/charybdis/default.nix2
-rw-r--r--tv/3modules/default.nix1
-rw-r--r--tv/3modules/nixpkgs-overlays.nix23
-rw-r--r--tv/5pkgs/simple/mfcl2700dncupswrapper/default.nix45
-rw-r--r--tv/5pkgs/simple/mfcl2700dnlpr/default.nix44
19 files changed, 417 insertions, 185 deletions
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 79fa27bad..e80becfa7 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -32,52 +32,6 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_rsa>;
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q==";
};
- cd = {
- ci = true;
- cores = 2;
- extraZones = {
- # TODO generate krebsco.de zone from nets and don't use extraZones at all
- "krebsco.de" = ''
- cd 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
- '';
- };
- nets = {
- internet = {
- ip4.addr = "45.62.237.203";
- aliases = [
- "cd.i"
- "cd.krebsco.de"
- ];
- ssh.port = 11423;
- };
- retiolum = {
- via = config.krebs.hosts.cd.nets.internet;
- ip4.addr = "10.243.113.222";
- ip6.addr = "42:4522:25f8:36bb:8ccb:150:231a:2af3";
- aliases = [
- "cd.r"
- "cgit.cd.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAvmCBVNKT/Su4v9nl/Nm3STPo5QxWPg7xEkzIs3Oh39BS8+r6/7UQ
- rebib7mczb+ebZd+Rg2yFoGrWO8cmM0VcLy5bYRMK7in8XroLEjWecNNM4TRfNR4
- e53+LhcPdkxo0A3/D+yiut+A2Mkqe+4VXDm/JhAiAYkZTn7jUtj00Atrc7CWW1gN
- sP3jIgv4+CGftdSYOB4dm699B7OD9XDLci2kOaFqFl4cjDYUok03G0AduUlRx10v
- CKbKOTIdm8C36A902/3ms+Hyzkruu+VagGIZuPSwqXHJPCu7Ju+jarKQstMmpQi0
- PubweWDL0o/Dfz2qT3DuL4xDecIvGE6kv3m41hHJYiK+2/azTSehyPFbsVbL7w0V
- LgKN3usnZNcpTsBWxRGT7nMFSnX2FLDu7d9OfCuaXYxHVFLZaNrpccOq8NF/7Hbk
- DDW81W7CvLyJDlp0WLnAawSOGTUTPoYv/2wAapJ89i8QGCueGvEc6o2EcnBVMFEW
- ejWTQzyD816f4RsplnrRqLVlIMbr9Q/n5TvlgjjhX7IMEfMy4+7qLGRQkNbFzgwK
- jxNG2fFSCjOEQitm0gAtx7QRIyvYr6c7/xiHz4AwxYzBmvQsL/OK57NO4+Krwgj5
- Vk8TQ2jGO7J4bB38zaxK+Lrtfl8i1AK1171JqFMhOc34JSJ7T4LWDMECAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOd/HqZIO9Trn3eycl23GZAz21HQCISaVNfNyaLSQvJ6";
- };
ju = {
external = true;
nets = {
diff --git a/krebs/5pkgs/simple/withGetopt.nix b/krebs/5pkgs/simple/withGetopt.nix
new file mode 100644
index 000000000..196e6765a
--- /dev/null
+++ b/krebs/5pkgs/simple/withGetopt.nix
@@ -0,0 +1,118 @@
+with import <stockholm/lib>;
+{ utillinux, writeDash }:
+
+opt-spec: cmd-spec: let
+
+ cmd = cmd-spec opts;
+
+ cmd-script =
+ if typeOf cmd == "set"
+ then "exec ${cmd}"
+ else cmd;
+
+ opts = mapAttrs (name: value: value // rec {
+ long = value.long or (replaceStrings ["_"] ["-"] name);
+ ref = value.ref or "\"\$${varname}\"";
+ short = value.short or null;
+ switch = value.switch or false;
+ varname = value.varname or (replaceStrings ["-"] ["_"] name);
+ }) opt-spec;
+
+ # true if b requires a to define its default value
+ opts-before = a: b:
+ test ".*[$]${stringAsChars (c: "[${c}]") a.varname}\\>.*" (b.default or "");
+
+ opts-list = let
+ sort-out = toposort opts-before (attrValues opts);
+ in
+ if sort-out ? result
+ then sort-out.result
+ else throw "toposort output: ${toJSON sort-out}";
+
+ wrapper-name =
+ if typeOf cmd == "set" && cmd ? name
+ then "${cmd.name}-getopt"
+ else "getopt-wrapper";
+
+in writeDash wrapper-name ''
+ set -efu
+
+ wrapper_name=${shell.escape wrapper-name}
+
+ ${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ ''
+ unset ${opt.varname}
+ '') opts)}
+
+ args=$(${utillinux}/bin/getopt \
+ -l ${shell.escape
+ (concatMapStringsSep ","
+ (opt: opt.long + optionalString (!opt.switch) ":")
+ (filter (opt: opt.long != null)
+ (attrValues opts)))} \
+ -n "$wrapper_name" \
+ -o ${shell.escape
+ (concatMapStringsSep ""
+ (opt: opt.short + optionalString (!opt.switch) ":")
+ (filter (opt: opt.short != null)
+ (attrValues opts)))} \
+ -s sh \
+ -- "$@")
+ if \test $? != 0; then exit 1; fi
+ eval set -- "$args"
+
+ while :; do
+ case $1 in
+ ${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ ''
+ (${concatMapStringsSep "|" shell.escape (filter (x: x != "") [
+ (optionalString (opt.long != null) "--${opt.long}")
+ (optionalString (opt.short != null) "-${opt.short}")
+ ])})
+ ${if opt.switch then /* sh */ ''
+ ${opt.varname}=true
+ shift
+ '' else /* sh */ ''
+ ${opt.varname}=$2
+ shift 2
+ ''}
+ ;;
+ '') (filterAttrs
+ (_: opt: opt.long != null || opt.short != null)
+ opts))}
+ --)
+ shift
+ break
+ esac
+ done
+
+ ${concatMapStringsSep "\n"
+ (opt: /* sh */ ''
+ if \test "''${${opt.varname}+1}" != 1; then
+ printf '%s: missing mandatory option '--%s'\n' \
+ "$wrapper_name" \
+ ${shell.escape opt.long}
+ error=1
+ fi
+ '')
+ (filter
+ (x: ! hasAttr "default" x)
+ (attrValues opts))}
+ if test "''${error+1}" = 1; then
+ exit 1
+ fi
+
+ ${concatMapStringsSep "\n"
+ (opt: /* sh */ ''
+ if \test "''${${opt.varname}+1}" != 1; then
+ ${opt.varname}=${opt.default}
+ fi
+ '')
+ (filter
+ (hasAttr "default")
+ opts-list)}
+
+ ${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ ''
+ export ${opt.varname}
+ '') opts)}
+
+ ${cmd-script} "$@"
+''
diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix
index 89949bcbf..37bdc0290 100644
--- a/lass/1systems/helios/config.nix
+++ b/lass/1systems/helios/config.nix
@@ -11,6 +11,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/otp-ssh.nix>
<stockholm/lass/2configs/git.nix>
+ <stockholm/lass/2configs/fetchWallpaper.nix>
{ # automatic hardware detection
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
@@ -31,7 +32,6 @@ with import <stockholm/lib>;
};
nix.maxJobs = lib.mkDefault 8;
- powerManagement.cpuFreqGovernor = "powersave";
}
{ # crypto stuff
boot.initrd.luks = {
@@ -45,7 +45,7 @@ with import <stockholm/lib>;
{
services.xserver.dpi = 200;
fonts.fontconfig.dpi = 200;
- lass.myFont = "-schumacher-clean-*-*-*-*-26-*-*-*-*-*-iso10646-1";
+ lass.myFont = "-schumacher-clean-*-*-*-*-25-*-*-*-*-*-iso10646-1";
}
];
krebs.build.host = config.krebs.hosts.helios;
@@ -83,4 +83,5 @@ with import <stockholm/lib>;
programs.ssh.startAgent = lib.mkForce true;
+ services.tlp.enable = true;
}
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 4d2f8b0f8..8b90cce77 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -38,7 +38,7 @@ with import <stockholm/lib>;
{
lass.umts = {
enable = true;
- modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_C12AD95CB7B78F90-if09";
+ modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_2C7D8D7C35FC7040-if09";
initstrings = ''
Init1 = AT+CFUN=1
Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
@@ -133,6 +133,7 @@ with import <stockholm/lib>;
iodine
macchanger
+ dpass
];
#TODO: fix this shit
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index a70d58828..c9d7a369a 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -42,6 +42,7 @@ with import <stockholm/lib>;
{ from = "securityfocus@lassul.us"; to = lass.mail; }
{ from = "radio@lassul.us"; to = lass.mail; }
{ from = "btce@lassul.us"; to = lass.mail; }
+ { from = "raf@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index d37dd5301..17c39a5f4 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -6,10 +6,66 @@ let
genid
;
+ servephpBB = domains:
+ let
+ domain = head domains;
+
+ in {
+ services.nginx.virtualHosts."${domain}" = {
+ enableACME = true;
+ forceSSL = true;
+ serverAliases = domains;
+ extraConfig = ''
+ index index.php;
+ root /srv/http/${domain}/;
+ access_log /tmp/nginx_acc.log;
+ error_log /tmp/nginx_err.log;
+ error_page 404 /404.html;
+ error_page 500 502 503 504 /50x.html;
+ client_max_body_size 100m;
+ '';
+ locations."/".extraConfig = ''
+ try_files $uri $uri/ /index.php?$args;
+ '';
+ locations."~ \.php(?:$|/)".extraConfig = ''
+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
+ include ${pkgs.nginx}/conf/fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ fastcgi_param PATH_INFO $fastcgi_path_info;
+ fastcgi_param HTTPS on;
+ fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
+ fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
+ fastcgi_intercept_errors on;
+ '';
+ #Directives to send expires headers and turn off 404 error logging.
+ locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = ''
+ access_log off;
+ log_not_found off;
+ expires max;
+ '';
+ };
+ services.phpfpm.poolConfigs."${domain}" = ''
+ listen = /srv/http/${domain}/phpfpm.pool
+ user = nginx
+ group = nginx
+ pm = dynamic
+ pm.max_children = 25
+ pm.start_servers = 5
+ pm.min_spare_servers = 3
+ pm.max_spare_servers = 20
+ listen.owner = nginx
+ listen.group = nginx
+ php_admin_value[error_log] = 'stderr'
+ php_admin_flag[log_errors] = on
+ catch_workers_output = yes
+ '';
+ };
+
in {
imports = [
./default.nix
../git.nix
+ (servephpBB [ "rote-allez-fraktion.de" ])
];
security.acme = {
diff --git a/lass/3modules/umts.nix b/lass/3modules/umts.nix
index c93c65ad2..207278440 100644
--- a/lass/3modules/umts.nix
+++ b/lass/3modules/umts.nix
@@ -61,6 +61,7 @@ let
'';
wvdial-defaults = ''
+ [Dialer Defaults]
Modem = ${cfg.modem}
${cfg.initstrings}
Modem Type = Analog Modem
@@ -70,6 +71,7 @@ let
Password = ${cfg.password}
Stupid Mode = 1
Idle Seconds = 0
+ PPPD Path = ${pkgs.ppp}/bin/pppd
'';
imp = {
@@ -77,6 +79,10 @@ let
umts = "sudo ${umts-bin}/bin/umts";
};
+ environment.systemPackages = [
+ pkgs.ppp
+ ];
+
security.sudo.extraConfig = ''
lass ALL= (root) NOPASSWD: ${umts-bin}/bin/umts
'';
diff --git a/lib/shell.nix b/lib/shell.nix
index f9779028e..5be8d6759 100644
--- a/lib/shell.nix
+++ b/lib/shell.nix
@@ -7,10 +7,13 @@ rec {
let
isSafeChar = testString "[-+./0-9:=A-Z_a-z]";
in
- stringAsChars (c:
- if isSafeChar c then c
- else if c == "\n" then "'\n'"
- else "\\${c}");
+ x:
+ if x == "" then "''"
+ else stringAsChars (c:
+ if isSafeChar c then c
+ else if c == "\n" then "'\n'"
+ else "\\${c}"
+ ) x;
#
# shell script generators
diff --git a/shell.nix b/shell.nix
index a4ccc3187..4b8abed58 100644
--- a/shell.nix
+++ b/shell.nix
@@ -6,43 +6,38 @@ let
# high level commands
#
- # usage: deploy
- # [--force-populate]
- # [--quiet]
- # [--source=PATH]
- # --system=SYSTEM
- # [--target=TARGET]
- # [--user=USER]
- cmds.deploy = pkgs.writeDash "cmds.deploy" ''
+ cmds.deploy = pkgs.withGetopt {
+ force-populate = { default = /* sh */ "false"; switch = true; };
+ quiet = { default = /* sh */ "false"; switch = true; };
+ source_file = {
+ default = /* sh */ "$user/1systems/$system/source.nix";
+ long = "source";
+ };
+ system = {};
+ target.default = /* sh */ "$system";
+ user.default = /* sh */ "$LOGNAME";
+ } (opts: pkgs.writeDash "cmds.deploy" ''
set -efu
- command=deploy
- . ${init.args}
- \test -n "''${quiet-}" || quiet=false
- \test -n "''${target-}" || target=$system
- \test -n "''${user-}" || user=$LOGNAME
- \test -n "''${source_file}" || source_file=$user/1systems/$system/source.nix
. ${init.env}
- . ${init.proxy}
+ . ${init.proxy opts}
exec ${utils.deploy}
- '';
-
- # usage: install
- # [--force-populate]
- # [--quiet]
- # [--source=PATH]
- # --system=SYSTEM
- # --target=TARGET
- # [--user=USER]
- cmds.install = pkgs.writeBash "cmds.install" ''
+ '');
+
+ cmds.install = pkgs.withGetopt {
+ force-populate = { default = /* sh */ "false"; switch = true; };
+ quiet = { default = /* sh */ "false"; switch = true; };
+ source_file = {
+ default = /* sh */ "$user/1systems/$system/source.nix";
+ long = "source";
+ };
+ system = {};
+ target = {};
+ user.default = /* sh */ "$LOGNAME";
+ } (opts: pkgs.writeBash "cmds.install" ''
set -efu
- command=install
- . ${init.args}
- \test -n "''${quiet-}" || quiet=false
- \test -n "''${user-}" || user=$LOGNAME
- \test -n "''${source_file}" || source_file=$user/1systems/$system/source.nix
. ${init.env}
if \test "''${using_proxy-}" != true; then
@@ -55,7 +50,7 @@ let
# TODO inline prepare.sh?
fi
- . ${init.proxy}
+ . ${init.proxy opts}
# Reset PATH because we need access to nixos-install.
# TODO provide nixos-install instead of relying on prepare.sh
@@ -75,30 +70,28 @@ let
cd
exec nixos-install
- '';
-
- # usage: test
- # [--force-populate]
- # [--quiet]
- # [--source=PATH]
- # --system=SYSTEM
- # --target=TARGET
- # [--user=USER]
- cmds.test = pkgs.writeDash "cmds.test" /* sh */ ''
+ '');
+
+ cmds.test = pkgs.withGetopt {
+ force-populate = { default = /* sh */ "false"; switch = true; };
+ quiet = { default = /* sh */ "false"; switch = true; };
+ source_file = {
+ default = /* sh */ "$user/1systems/$system/source.nix";
+ long = "source";
+ };
+ system = {};
+ target = {};
+ user.default = /* sh */ "$LOGNAME";
+ } (opts: pkgs.writeDash "cmds.test" /* sh */ ''
set -efu
export dummy_secrets=true
- command=test
- . ${init.args}
- \test -n "''${quiet-}" || quiet=false
- \test -n "''${user-}" || user=$LOGNAME
- \test -n "''${source_file}" || source_file=$user/1systems/$system/source.nix
. ${init.env}
- . ${init.proxy}
+ . ${init.proxy opts}
exec ${utils.build} config.system.build.toplevel
- '';
+ '');
#
# low level commands
@@ -118,19 +111,13 @@ let
# usage: parse-target [--default=TARGET] TARGET
# TARGET = [USER@]HOST[:PORT][/PATH]
- cmds.parse-target = pkgs.writeDash "cmds.parse-target" ''
+ cmds.parse-target = pkgs.withGetopt {
+ default_target = {
+ long = "default";
+ short = "d";
+ };
+ } (opts: pkgs.writeDash "cmds.parse-target" ''
set -efu
- args=$(${pkgs.utillinux}/bin/getopt -n "$0" -s sh \
- -o d: \
- -l default: \
- -- "$@")
- if \test $? != 0; then exit 1; fi
- eval set -- "$args"
- default_target=
- while :; do case $1 in
- -d|--default) default_target=$2; shift 2;;
- --) shift; break;;
- esac; done
target=$1; shift
for arg; do echo "$0: bad argument: $arg" >&2; done
if \test $# != 0; then exit 2; fi
@@ -149,7 +136,7 @@ let
($default_target | parse) + ($target | parse | sanitize) |
. + { local: (.user == env.LOGNAME and .host == env.HOSTNAME) }
''}
- '';
+ '');
# usage: quote [ARGS...]
cmds.quote = pkgs.writeDash "cmds.quote" ''
@@ -163,28 +150,6 @@ let
echo
'';
- init.args = pkgs.writeText "init.args" /* sh */ ''
- args=$(${pkgs.utillinux}/bin/getopt -n "$command" -s sh \
- -o Qs:t:u: \
- -l force-populate,quiet,source:,system:,target:,user: \
- -- "$@")
- if \test $? != 0; then exit 1; fi
- eval set -- "$args"
- force_populate=false
- source_file=
- while :; do case $1 in
- --force-populate) force_populate=true; shift;;
- -Q|--quiet) quiet=true; shift;;
- --source) source_file=$2; shift 2;;
- -s|--system) system=$2; shift 2;;
- -t|--target) target=$2; shift 2;;
- -u|--user) user=$2; shift 2;;
- --) shift; break;;
- esac; done
- for arg; do echo "$command: bad argument: $arg" >&2; done
- if \test $# != 0; then exit 2; fi
- '';
-
init.env = pkgs.writeText "init.env" /* sh */ ''
export quiet
export system
@@ -201,7 +166,7 @@ let
export target_local="$(echo $target_object | ${pkgs.jq}/bin/jq -r .local)"
'';
- init.proxy = pkgs.writeText "init.proxy" /* sh */ ''
+ init.proxy = opts: pkgs.writeText "init.proxy" /* sh */ ''
if \test "''${using_proxy-}" != true; then
source=$(get-source "$source_file")
@@ -219,11 +184,12 @@ let
NIX_PATH=$(quote "$target_path") \
STOCKHOLM_VERSION=$(quote "$STOCKHOLM_VERSION") \
nix-shell --run "$(quote "
- quiet=$(quote "$quiet") \
- system=$(quote "$system") \
- target=$(quote "$target") \
+ ${lib.concatStringsSep " " (lib.mapAttrsToList
+ (name: opt: /* sh */ "${opt.varname}=\$(quote ${opt.ref})")
+ opts
+ )} \
using_proxy=true \
- $(quote "$command" "$@")
+ $(quote "$0" "$@")
")"
fi
fi
diff --git a/tv/1systems/cd/config.nix b/tv/1systems/cd/config.nix
deleted file mode 100644
index 341a62e45..000000000
--- a/tv/1systems/cd/config.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-with import <stockholm/lib>;
-{ config, pkgs, ... }: let
-
- bestGuessGateway = addr: elemAt (match "(.*)(\.[^.])" addr) 0 + ".1";
-
-in {
- krebs.build.host = config.krebs.hosts.cd;
-
- imports = [
- <stockholm/tv>
- <stockholm/tv/2configs/hw/CAC-Developer-2.nix>
- <stockholm/tv/2configs/fs/CAC-CentOS-7-64bit.nix>
- <stockholm/tv/2configs/exim-smarthost.nix>
- <stockholm/tv/2configs/retiolum.nix>
- ];
-
- networking = let
- address = config.krebs.build.host.nets.internet.ip4.addr;
- in {
- defaultGateway = bestGuessGateway address;
- interfaces.enp2s1.ip4 = singleton {
- inherit address;
- prefixLength = 24;
- };
- nameservers = ["8.8.8.8"];
- };
-
- environment.systemPackages = with pkgs; [
- iftop
- iotop
- iptables
- nethogs
- tcpdump
- ];
-}
diff --git a/tv/1systems/cd/source.nix b/tv/1systems/cd/source.nix
deleted file mode 100644
index 019e8bc22..000000000
--- a/tv/1systems/cd/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-import <stockholm/tv/source.nix> {
- name = "cd";
-}
diff --git a/tv/1systems/xu/config.nix b/tv/1systems/xu/config.nix
index 0abd544ce..0363c983d 100644
--- a/tv/1systems/xu/config.nix
+++ b/tv/1systems/xu/config.nix
@@ -16,6 +16,7 @@ with import <stockholm/lib>;
<stockholm/tv/2configs/pulse.nix>
<stockholm/tv/2configs/retiolum.nix>
<stockholm/tv/2configs/binary-cache>
+ <stockholm/tv/2configs/br.nix>
<stockholm/tv/2configs/xserver>
{
environment.systemPackages = with pkgs; [
@@ -155,5 +156,10 @@ with import <stockholm/lib>;
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "15.09";
+ tv.nixpkgs-overlays = {
+ krebs = "/home/tv/stockholm/krebs/5pkgs";
+ tv = "/home/tv/stockholm/tv/5pkgs";
+ };
+
virtualisation.virtualbox.host.enable = true;
}
diff --git a/tv/2configs/br.nix b/tv/2configs/br.nix
new file mode 100644
index 000000000..c7eb20e90
--- /dev/null
+++ b/tv/2configs/br.nix
@@ -0,0 +1,49 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }: {
+
+ imports = [
+ <nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
+ ];
+
+ krebs.nixpkgs.allowUnfreePredicate = pkg: any (flip hasPrefix pkg.name) [
+ "brother-udev-rule-type1-"
+ "brscan4-"
+ "mfcl2700dnlpr-"
+ ];
+
+ hardware.sane = {
+ enable = true;
+ brscan4 = {
+ enable = true;
+ netDevices = {
+ bra = {
+ model = "MFCL2700DN";
+ ip = "10.23.1.214";
+ };
+ };
+ };
+ };
+
+ services.saned.enable = true;
+
+ # usage: scanimage -d "$(find-scanner bra)" --batch --format=tiff --resolution 150 -x 211 -y 298
+ environment.systemPackages = [
+ (pkgs.writeDashBin "find-scanner" ''
+ set -efu
+ name=$1
+ ${pkgs.sane-backends}/bin/scanimage -f '%m %d
+ ' \
+ | ${pkgs.gawk}/bin/awk -v dev="*$name" '$1 == dev { print $2; exit }' \
+ | ${pkgs.gnugrep}/bin/grep .
+ '')
+ ];
+
+ services.printing = {
+ enable = true;
+ drivers = [
+ pkgs.mfcl2700dncupswrapper
+ ];
+ };
+
+ systemd.services.cups.serviceConfig.PrivateTmp = true;
+}
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 241a16b25..9ad0253a3 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -90,11 +90,7 @@ with import <stockholm/lib>;
environment.variables = {
NIX_PATH = mkForce (concatStringsSep ":" [
"secrets=/var/src/stockholm/null"
- "nixpkgs-overlays=${pkgs.runCommand "nixpkgs-overlays" {} ''
- mkdir $out
- ln -s /home/tv/stockholm/krebs/5pkgs $out/krebs
- ln -s /home/tv/stockholm/tv/5pkgs $out/tv
- ''}"
+ "nixpkgs-overlays=${config.tv.nixpkgs-overlays}"
"/var/src"
]);
};
diff --git a/tv/3modules/charybdis/default.nix b/tv/3modules/charybdis/default.nix
index 859dc122c..e252f2e1d 100644
--- a/tv/3modules/charybdis/default.nix
+++ b/tv/3modules/charybdis/default.nix
@@ -52,7 +52,7 @@ in {
systemd.services.charybdis = {
wantedBy = [ "multi-user.target" ];
requires = [ "secret.service" ];
- after = [ "network.target" "secret.service" ];
+ after = [ "network-online.target" "secret.service" ];
environment = {
BANDB_DBPATH = "${cfg.user.home}/ban.db";
};
diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix
index 83dc212a6..57ffbfab8 100644
--- a/tv/3modules/default.nix
+++ b/tv/3modules/default.nix
@@ -6,6 +6,7 @@ _:
./ejabberd
./hosts.nix
./iptables.nix
+ ./nixpkgs-overlays.nix
./x0vncserver.nix
];
}
diff --git a/tv/3modules/nixpkgs-overlays.nix b/tv/3modules/nixpkgs-overlays.nix
new file mode 100644
index 000000000..4eb7a86bd
--- /dev/null
+++ b/tv/3modules/nixpkgs-overlays.nix
@@ -0,0 +1,23 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }: {
+
+ options.tv.nixpkgs-overlays = mkOption {
+ apply = src:
+ pkgs.runCommand "nixpkgs-overlays" {} ''
+ mkdir $out
+ ${concatStringsSep "\n" (mapAttrsToList (name: path:
+ "ln -s ${shell.escape path} $out/${shell.escape name}"
+ ) src)}
+ '' // {
+ inherit src;
+ };
+ type = types.attrsOf types.absolute-pathname;
+ };
+
+ config = {
+ tv.nixpkgs-overlays = {
+ krebs = mkDefault "/var/src/stockholm/krebs/5pkgs";
+ tv = mkDefault "/var/src/stockholm/tv/5pkgs";
+ };
+ };
+}
diff --git a/tv/5pkgs/simple/mfcl2700dncupswrapper/default.nix b/tv/5pkgs/simple/mfcl2700dncupswrapper/default.nix
new file mode 100644
index 000000000..1ef018b33
--- /dev/null
+++ b/tv/5pkgs/simple/mfcl2700dncupswrapper/default.nix
@@ -0,0 +1,45 @@
+{ coreutils, dpkg, fetchurl, gnugrep, gnused, makeWrapper, mfcl2700dnlpr,
+perl, stdenv }:
+
+stdenv.mkDerivation rec {
+ name = "mfcl2700dncupswrapper-${meta.version}";
+
+ src = fetchurl {
+ url = "http://download.brother.com/welcome/dlf102086/${name}.i386.deb";
+ sha256 = "07w48mah0xbv4h8vsh1qd5cd4b463bx8y6gc5x9pfgsxsy6h6da1";
+ };
+
+ nativeBuildInputs = [ dpkg makeWrapper ];
+
+ phases = [ "installPhase" ];
+
+ installPhase = ''
+ dpkg-deb -x $src $out
+
+ basedir=${mfcl2700dnlpr}/opt/brother/Printers/MFCL2700DN
+ dir=$out/opt/brother/Printers/MFCL2700DN
+
+ substituteInPlace $dir/cupswrapper/brother_lpdwrapper_MFCL2700DN \
+ --replace /usr/bin/perl ${perl}/bin/perl \
+ --replace "basedir =~" "basedir = \"$basedir\"; #" \
+ --replace "PRINTER =~" "PRINTER = \"MFCL2700DN\"; #"
+
+ wrapProgram $dir/cupswrapper/brother_lpdwrapper_MFCL2700DN \
+ --prefix PATH : ${stdenv.lib.makeBinPath [ coreutils gnugrep gnused ]}
+
+ mkdir -p $out/lib/cups/filter
+ mkdir -p $out/share/cups/model
+
+ ln $dir/cupswrapper/brother_lpdwrapper_MFCL2700DN $out/lib/cups/filter
+ ln $dir/cupswrapper/brother-MFCL2700DN-cups-en.ppd $out/share/cups/model
+ '';
+
+ meta = {
+ description = "Brother MFC-L2700DN CUPS wrapper driver";
+ homepage = "http://www.brother.com/";
+ license = stdenv.lib.licenses.gpl2Plus;
+ maintainers = [ stdenv.lib.maintainers.tv ];
+ platforms = stdenv.lib.platforms.linux;
+ version = "3.2.0-1";
+ };
+}
diff --git a/tv/5pkgs/simple/mfcl2700dnlpr/default.nix b/tv/5pkgs/simple/mfcl2700dnlpr/default.nix
new file mode 100644
index 000000000..fc11b53e9
--- /dev/null
+++ b/tv/5pkgs/simple/mfcl2700dnlpr/default.nix
@@ -0,0 +1,44 @@
+{ coreutils, dpkg, fetchurl, ghostscript, gnugrep, gnused, pkgsi686Linux, makeWrapper, perl, stdenv, which }:
+
+stdenv.mkDerivation rec {
+ name = "mfcl2700dnlpr-${meta.version}";
+
+ src = fetchurl {
+ url = "http://download.brother.com/welcome/dlf102085/${name}.i386.deb";
+ sha256 = "170qdzxlqikzvv2wphvfb37m19mn13az4aj88md87ka3rl5knk4m";
+ };
+
+ nativeBuildInputs = [ dpkg makeWrapper ];
+
+ phases = [ "installPhase" ];
+
+ installPhase = ''
+ dpkg-deb -x $src $out
+
+ dir=$out/opt/brother/Printers/MFCL2700DN
+
+ substituteInPlace $dir/lpd/filter_MFCL2700DN \
+ --replace /usr/bin/perl ${perl}/bin/perl \
+ --replace "BR_PRT_PATH =~" "BR_PRT_PATH = \"$dir\"; #" \
+ --replace "PRINTER =~" "PRINTER = \"MFCL2700DN\"; #"
+
+ wrapProgram $dir/lpd/filter_MFCL2700DN \
+ --prefix PATH : ${stdenv.lib.makeBinPath [
+ coreutils ghostscript gnugrep gnused which
+ ]}
+
+ interpreter=${pkgsi686Linux.stdenv.cc.libc.out}/lib/ld-linux.so.2
+ patchelf --set-interpreter "$interpreter" $dir/inf/braddprinter
+ patchelf --set-interpreter "$interpreter" $dir/lpd/brprintconflsr3
+ patchelf --set-interpreter "$interpreter" $dir/lpd/rawtobr3
+ '';
+
+ meta = {
+ description = "Brother MFC-L2700DN LPR driver";
+ homepage = "http://www.brother.com/";
+ license = stdenv.lib.licenses.unfree;
+ maintainers = [ stdenv.lib.maintainers.tv ];
+ platforms = stdenv.lib.platforms.linux;
+ version = "3.