diff options
Diffstat (limited to 'krebs')
-rw-r--r-- | krebs/2configs/buildbot-all.nix | 1 | ||||
-rw-r--r-- | krebs/3modules/exim.nix | 12 | ||||
-rw-r--r-- | krebs/3modules/lass/default.nix | 43 | ||||
-rw-r--r-- | krebs/3modules/os-release.nix | 7 | ||||
-rw-r--r-- | krebs/5pkgs/simple/electron-cash/default.nix | 64 | ||||
-rw-r--r-- | krebs/source.nix | 2 |
6 files changed, 51 insertions, 78 deletions
diff --git a/krebs/2configs/buildbot-all.nix b/krebs/2configs/buildbot-all.nix index 5ea78f227..d85cde175 100644 --- a/krebs/2configs/buildbot-all.nix +++ b/krebs/2configs/buildbot-all.nix @@ -5,6 +5,5 @@ with import <stockholm/lib>; krebs.ci.enable = true; krebs.ci.treeStableTimer = 1; krebs.ci.hosts = filter (getAttr "ci") (attrValues config.krebs.hosts); - krebs.ci.tests = [ "deploy" ]; } diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix index cfcbbc438..274a943b1 100644 --- a/krebs/3modules/exim.nix +++ b/krebs/3modules/exim.nix @@ -50,15 +50,9 @@ in { ''; systemPackages = [ pkgs.exim ]; }; - krebs.setuid = { - exim = { - filename = "${pkgs.exim}/bin/exim"; - mode = "4111"; - }; - sendmail = { - filename = "${pkgs.exim}/bin/exim"; - mode = "4111"; - }; + security.wrappers = { + exim.source = "${pkgs.exim}/bin/exim"; + sendmail.source = "${pkgs.exim}/bin/exim"; }; systemd.services.exim = { restartTriggers = [ diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index e269d1fa1..0c3e68c39 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -89,7 +89,7 @@ with import <stockholm/lib>; 60 IN NS ns16.ovh.net. 60 IN NS dns16.ovh.net. 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - 60 IN TXT v=spf1 mx -all + 60 IN TXT v=spf1 mx a:lassul.us -all cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} io 60 IN NS ions.lassul.us. ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} @@ -618,6 +618,47 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n"; }; + cabal = { + cores = 2; + nets = rec { + retiolum = { + ip4.addr = "10.243.1.4"; + ip6.addr = "42::1:4"; + aliases = [ + "cabal.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEAukXm8xPpC6/F+wssYqQbqt1QDwsPrF3TJ9ToLFcN1WgDlhDhjM3A + SuRDMNjRT1fvVTuXyplH5g16eokW/yLOpNnznMS3/VR372pLPEOqfuRf7wAy18jj + rZkW3EO7nyZ8KMb+SXA8Q0KIpHY50Ezh+tqGoTZDICwoK6N5dKLgAZShS55JXwwK + qRG3vyzV3mDjgVyT0FNfyL1/BN1qvJ+tQQ40lEbkcQauMunMzNbH058kAd6H2/0e + LK4JkxI9XpZHE6Pf1epXyClHW7vT7APFRp9gL9tZS/XMC18+aEMFfQrNW9jb3FIq + rU5MfJ7aubboe7dT6CRaRSWpduiKLVzY/JCoGvUziyvmR7qHsQWTEjtNuQX9joc3 + 6iq1o+gmLV0G8Xwq8cEcg5USlLxNsGBQPwYnTG6iTPPHqOv7BKucekE/opnVZseE + fSNCGl1+tGwa3soSMI97LkpQTZxdeqf+jWZve0RbSa2Ihyod91ldFCqi1+PZx68v + yBI0PJamlt+dBx6WQKbPngWYeD8hXo7tg0XVRVa3ZQyX+Mq6uCCb2GM8ewMUPl+A + kcY1osFt6+sdkFGdiv3FMyijAiZumPoPprXC/4SGIsMnkoI4JfSAbTpHi2QuesqR + KMeairdB7XGUYlMvWpDLKN2dbMdRc+l3kDUKT7hALjKeyWS/27WYeK/STxvZXEXi + TZGHopvOFv6wcrb6nI49vIJo5mDLFamAPN3ZjeR20wP95UP7cUUSaTYX49M4lX6U + oL5BaFrcLn2PTvS84pUxcXKAp70FgTpvGJbaWwETgDjW+H+qlGmI/BTejpL7flVs + TOtaP/uCMxhVZSFv9bzo0ih10o+4gtU8lqxfJsVxlf2K7LVZ++LQba/u+XxRY+xw + 3IFBfg34tnO6zYlV8XgAiJ6IUOHUZANsuBD4iMoFSVOig6t5eIOkgXR6GEkP8FBD + rkroRMmxcu4lTCOzWIuAVOxCd4XXguoGQ4HAzpGd5ccdcb8Ev4RYEvNJY7B5tIQZ + 4J0F9ECzJuSu1HvWTL+T6a36d2MDTkXU2IJ2tSHciXqiP+QMMF7p9Ux0tiAq4mtf + luA94uKWg3cSyTyEM/jF66CgO6Ts3AivNE0MRNupV6AbUdr+TjzotGn9rxi168py + w/49OVbpR9EIGC2wxx7qcSEk5chFOcgvNQMRqgIx51bbOL7JYb0f4XuA38GUqLkG + 09PXmPeyqGzR9HsV2XZDprZdD3Dy4ojdexw0+YILg9bHaAxLHYs6WFZvzfaLLsf1 + K2I39vvrEEOy8tHi4jvMk7oVX6RWG+DOZMeXTvyUCaBHyYkA0eDlC6NeKOHxnW/g + ZtN1W93UdklEqc5okM0/ZIke1HDRt3ZLdQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + secure = true; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym"; + }; }; users = { lass = { diff --git a/krebs/3modules/os-release.nix b/krebs/3modules/os-release.nix index 8f71a357f..5fbfe6614 100644 --- a/krebs/3modules/os-release.nix +++ b/krebs/3modules/os-release.nix @@ -1,8 +1,11 @@ { config, ... }: with import <stockholm/lib>; let - nixos-version-id = "${config.system.nixosVersion}"; - nixos-version = "${nixos-version-id} (${config.system.nixosCodeName})"; + nixos-version-id = if (hasAttr "nixos" config.system) then + "${config.system.nixos.version}" else "${config.system.nixosVersion}"; + nixos-codeName = if (hasAttr "nixos" config.system) then + "${config.system.nixos.codeName}" else "${config.system.nixosCodeName}"; + nixos-version = "${nixos-version-id} (${nixos-codeName})"; nixos-pretty-name = "NixOS ${nixos-version}"; stockholm-version-id = let diff --git a/krebs/5pkgs/simple/electron-cash/default.nix b/krebs/5pkgs/simple/electron-cash/default.nix deleted file mode 100644 index e51136c60..000000000 --- a/krebs/5pkgs/simple/electron-cash/default.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ stdenv, fetchFromGitHub, python2Packages }: - -python2Packages.buildPythonApplication rec { - name = "electron-cash-${src.rev}"; - - src = fetchFromGitHub { - owner = "fyookball"; - repo = "electrum"; - rev = "a2245ea"; - sha256 = "1a0ym94azfd1yn97n2jcky344ajbj2amr9l6jpx30pqxndffpbgv"; - }; - - propagatedBuildInputs = with python2Packages; [ - dns - ecdsa - jsonrpclib - pbkdf2 - pyaes - pycrypto - pyqt4 - pysocks - qrcode - requests - tlslite - - # plugins - keepkey - trezor - ]; - - preBuild = '' - sed -i 's,usr_share = .*,usr_share = "'$out'/share",g' setup.py - pyrcc4 icons.qrc -o gui/qt/icons_rc.py - # Recording the creation timestamps introduces indeterminism to the build - sed -i '/Created: .*/d' gui/qt/icons_rc.py - ''; - - postInstall = '' - # Despite setting usr_share above, these files are installed under - # $out/nix ... - mv $out/lib/python2.7/site-packages/nix/store"/"*/share $out - rm -rf $out/lib/python2.7/site-packages/nix - - substituteInPlace $out/share/applications/electron.desktop \ - --replace "Exec=electrum %u" "Exec=$out/bin/electrum %u" - ''; - - doInstallCheck = true; - installCheckPhase = '' - $out/bin/electrum help >/dev/null - ''; - - meta = with stdenv.lib; { - description = "A lightweight Bitcoin wallet"; - longDescription = '' - An easy-to-use Bitcoin client featuring wallets generated from - mnemonic seeds (in addition to other, more advanced, wallet options) - and the ability to perform transactions without downloading a copy - of the blockchain. - ''; - homepage = https://electrum.org/; - license = licenses.mit; - }; -} diff --git a/krebs/source.nix b/krebs/source.nix index 7e0ea7e47..0bd797a16 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -24,7 +24,7 @@ in stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "c5bc83b503dfb29eb27c1deb0268f15c1858e7ce"; # nixos-17.09 @ 2018-02-27 + ref = "48856a91c02b456c80c37c863d8610090b38707a"; # nixos-18.03 # 2018-03-24 }; } override |