summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
Diffstat (limited to 'krebs')
-rw-r--r--krebs/1systems/hotdog/config.nix1
-rw-r--r--krebs/1systems/onebutton/config.nix44
-rw-r--r--krebs/1systems/onebutton/source.nix16
-rw-r--r--krebs/2configs/buildbot-all.nix1
-rw-r--r--krebs/2configs/news-spam.nix3
-rw-r--r--krebs/2configs/news.nix2
-rw-r--r--krebs/2configs/shack/worlddomination.nix72
-rw-r--r--krebs/3modules/krebs/default.nix31
-rw-r--r--krebs/3modules/lass/default.nix134
-rw-r--r--krebs/3modules/makefu/default.nix1
-rw-r--r--krebs/3modules/newsbot-js.nix1
-rw-r--r--krebs/3modules/os-release.nix7
-rw-r--r--krebs/5pkgs/haskell/nix-diff/default.nix25
-rw-r--r--krebs/5pkgs/haskell/nix-diff/nixos-system.patch18
-rw-r--r--krebs/5pkgs/simple/Reaktor/plugins.nix23
-rw-r--r--krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py17
-rw-r--r--krebs/5pkgs/simple/buildbot-classic/default.nix7
-rw-r--r--krebs/5pkgs/simple/ejabberd/default.nix123
-rw-r--r--krebs/5pkgs/simple/ejabberd/ejabberdctl.patch32
-rw-r--r--krebs/5pkgs/simple/electron-cash/default.nix64
-rw-r--r--krebs/5pkgs/simple/font-size.nix26
-rw-r--r--krebs/5pkgs/simple/generate-secrets/default.nix46
-rw-r--r--krebs/5pkgs/simple/go-shortener/default.nix35
-rw-r--r--krebs/5pkgs/simple/go-shortener/node-packages.nix76
-rw-r--r--krebs/5pkgs/simple/go-shortener/packages.nix44
-rw-r--r--krebs/5pkgs/simple/go-shortener/pkgs.json4
-rwxr-xr-xkrebs/5pkgs/simple/go-shortener/update.sh2
-rw-r--r--krebs/5pkgs/simple/hashPassword/default.nix4
-rw-r--r--krebs/5pkgs/simple/kops.nix7
-rw-r--r--krebs/5pkgs/simple/newsbot-js/default.nix39
-rw-r--r--krebs/5pkgs/simple/newsbot-js/node-packages.nix844
-rw-r--r--krebs/5pkgs/simple/newsbot-js/packages.nix1747
-rw-r--r--krebs/5pkgs/simple/newsbot-js/pkgs.json7
-rwxr-xr-xkrebs/5pkgs/simple/newsbot-js/update.sh2
-rw-r--r--krebs/5pkgs/simple/pass-otp/default.nix30
-rw-r--r--krebs/5pkgs/simple/pass/default.nix121
-rw-r--r--krebs/5pkgs/simple/pass/no-darwin-getopt.patch9
-rw-r--r--krebs/5pkgs/simple/pass/rofi-pass.nix57
-rw-r--r--krebs/5pkgs/simple/pass/set-correct-program-name-for-sleep.patch69
-rw-r--r--krebs/5pkgs/simple/pssh/default.nix36
-rw-r--r--krebs/5pkgs/simple/stockholm/default.nix60
-rw-r--r--krebs/5pkgs/simple/ucspi-tcp/chmod.patch15
-rw-r--r--krebs/5pkgs/simple/ucspi-tcp/default.nix86
-rw-r--r--krebs/5pkgs/simple/urlwatch/default.nix29
-rw-r--r--krebs/5pkgs/simple/zandronum-bin/default.nix83
-rw-r--r--krebs/5pkgs/writers.nix3
-rw-r--r--krebs/kops.nix64
-rw-r--r--krebs/source.nix5
48 files changed, 1835 insertions, 2337 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index 98fb88702..662e094d1 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -21,4 +21,5 @@
boot.isContainer = true;
networking.useDHCP = false;
krebs.ci.stockholmSrc = "http://cgit.prism.r/stockholm";
+ environment.variables.NIX_REMOTE = "daemon";
}
diff --git a/krebs/1systems/onebutton/config.nix b/krebs/1systems/onebutton/config.nix
new file mode 100644
index 000000000..c634d73ce
--- /dev/null
+++ b/krebs/1systems/onebutton/config.nix
@@ -0,0 +1,44 @@
+{ config, pkgs, lib, ... }:
+{
+ imports = [
+ <stockholm/krebs>
+ <stockholm/krebs/2configs>
+ { # minimal disk usage
+ environment.noXlibs = true;
+ nix.gc.automatic = true;
+ nix.gc.dates = "03:10";
+ programs.info.enable = false;
+ programs.man.enable = false;
+ services.journald.extraConfig = "SystemMaxUse=50M";
+ services.nixosManual.enable = false;
+ }
+ ];
+ krebs.build.host = config.krebs.hosts.onebutton;
+ # NixOS wants to enable GRUB by default
+ boot.loader.grub.enable = false;
+ # Enables the generation of /boot/extlinux/extlinux.conf
+ boot.loader.generic-extlinux-compatible.enable = true;
+
+ # !!! If your board is a Raspberry Pi 1, select this:
+ boot.kernelPackages = pkgs.linuxPackages_rpi;
+
+ nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ];
+ nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ];
+
+ # !!! Needed for the virtual console to work on the RPi 3, as the default of 16M doesn't seem to be enough.
+ # boot.kernelParams = ["cma=32M"];
+
+ fileSystems = {
+ "/boot" = {
+ device = "/dev/disk/by-label/NIXOS_BOOT";
+ fsType = "vfat";
+ };
+ "/" = {
+ device = "/dev/disk/by-label/NIXOS_SD";
+ fsType = "ext4";
+ };
+ };
+
+ swapDevices = [ { device = "/swapfile"; size = 1024; } ];
+ services.openssh.enable = true;
+}
diff --git a/krebs/1systems/onebutton/source.nix b/krebs/1systems/onebutton/source.nix
new file mode 100644
index 000000000..8f25881c9
--- /dev/null
+++ b/krebs/1systems/onebutton/source.nix
@@ -0,0 +1,16 @@
+with import <stockholm/lib>;
+let
+ pkgs = import <nixpkgs> {};
+ nixpkgs = pkgs.fetchFromGitHub {
+ owner = "nixos";
+ repo = "nixpkgs-channels";
+ rev = "6c064e6b"; # only binary cache for unstable arm6
+ sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd";
+ };
+in import <stockholm/krebs/source.nix> {
+ name = "onebutton";
+ override.nixpkgs = mkForce {
+ file = toString nixpkgs;
+ };
+
+}
diff --git a/krebs/2configs/buildbot-all.nix b/krebs/2configs/buildbot-all.nix
index 5ea78f227..d85cde175 100644
--- a/krebs/2configs/buildbot-all.nix
+++ b/krebs/2configs/buildbot-all.nix
@@ -5,6 +5,5 @@ with import <stockholm/lib>;
krebs.ci.enable = true;
krebs.ci.treeStableTimer = 1;
krebs.ci.hosts = filter (getAttr "ci") (attrValues config.krebs.hosts);
- krebs.ci.tests = [ "deploy" ];
}
diff --git a/krebs/2configs/news-spam.nix b/krebs/2configs/news-spam.nix
index 63848c234..69c503bf9 100644
--- a/krebs/2configs/news-spam.nix
+++ b/krebs/2configs/news-spam.nix
@@ -2,6 +2,7 @@
{
krebs.newsbot-js.news-spam = {
+ urlShortenerHost = "go.lassul.us";
feeds = pkgs.writeText "feeds" ''
[SPAM]aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews
[SPAM]allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews
@@ -120,7 +121,7 @@
[SPAM]sciencemag|http://news.sciencemag.org/rss/current.xml|#snews
[SPAM]scmp|http://www.scmp.com/rss/91/feed|#snews
[SPAM]sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#snews
- [SPAM]shackspace|http://blog.shackspace.de/?feed=rss2|#snews
+ [SPAM]shackspace|http://shackspace.de/atom.xml|#snews
[SPAM]shz_news|http://www.shz.de/nachrichten/newsticker/rss|#snews
[SPAM]sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#snews
[SPAM]sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#snews
diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
index 2628c7986..49a5e3459 100644
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@@ -11,7 +11,7 @@
painload|https://github.com/krebscode/painload/commits/master.atom|#news
reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news
reddit_nix|http://www.reddit.com/r/nixos/.rss|#news
- shackspace|http://blog.shackspace.de/?feed=rss2|#news
+ shackspace|http://shackspace.de/atom.xml|#news
tinc|http://tinc-vpn.org/news/index.rss|#news
vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news
weechat|http://dev.weechat.org/feed/atom|#news
diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix
index 828b6cd70..838c1958e 100644
--- a/krebs/2configs/shack/worlddomination.nix
+++ b/krebs/2configs/shack/worlddomination.nix
@@ -2,8 +2,56 @@
with import <stockholm/lib>;
let
+ pkg = pkgs.stdenv.mkDerivation {
+ name = "worlddomination-2018-04-21";
+ src = pkgs.fetchgit {
+ url = "https://github.com/shackspace/worlddomination/";
+ rev = "1b32403b9";
+ sha256 = "10x7aiil13k3x9wqy95mi1ys999d6fxg5sys3jwv7a1p930gkl1i";
+ };
+ buildInputs = [
+ (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
+ docopt
+ LinkHeader
+ aiocoap
+ grequests
+ paramiko
+ python
+ ]))
+ ];
+ installPhase = ''
+ install -m755 -D backend/push_led.py $out/bin/push-led
+ install -m755 -D backend/loop_single.py $out/bin/loop-single
+ # copy the provided file to the package
+ install -m755 -D backend/wd.lst $out/${wdpath}
+ '';
+ };
pythonPackages = pkgs.python3Packages;
# https://github.com/chrysn/aiocoap
+ grequests = pythonPackages.buildPythonPackage rec {
+ pname = "grequests";
+ version = "0.3.1";
+ name = "${pname}-${version}";
+
+ src = pkgs.fetchFromGitHub {
+ owner = "kennethreitz";
+ repo = "grequests";
+ rev = "d1e70eb";
+ sha256 = "0drfx4fx65k0g5sj0pw8z3q1s0sp7idn2yz8xfb45nd6v82i37hc";
+ };
+
+ doCheck = false;
+
+ propagatedBuildInputs = with pythonPackages; [ requests gevent ];
+
+ meta = with lib;{
+ description = "Asynchronous HTTP requests";
+ homepage = https://github.com/kennethreitz/grequests;
+ license = with licenses; [ bsd2 ];
+ maintainers = with maintainers; [ matejc ];
+ };
+ };
+
aiocoap = pythonPackages.buildPythonPackage {
name = "aiocoap-0.3";
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/9c/f6/d839e4b14258d76e74a39810829c13f8dd31de2bfe0915579b2a609d1bbe/aiocoap-0.3.tar.gz"; sha256 = "402d4151db6d8d0b1d66af5b6e10e0de1521decbf12140637e5b8d2aa9c5aef6"; };
@@ -25,30 +73,6 @@ let
description = "Parse and format link headers according to RFC 5988 \"Web Linking\"";
};
};
- pkg = pkgs.stdenv.mkDerivation {
- name = "worlddomination-2017-06-10";
- src = pkgs.fetchgit {
- url = "https://github.com/shackspace/worlddomination/";
- rev = "72fc9b5";
- sha256 = "05h500rswzypcxy4i22qc1vkc8izbzfqa9m86xg289hjxh133xyf";
- };
- buildInputs = [
- (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
- docopt
- LinkHeader
- aiocoap
- requests
- paramiko
- python
- ]))
- ];
- installPhase = ''
- install -m755 -D backend/push_led.py $out/bin/push-led
- install -m755 -D backend/loop_single.py $out/bin/loop-single
- # copy the provided file to the package
- install -m755 -D backend/wd.lst $out/${wdpath}
- '';
- };
wdpath = "/usr/worlddomination/wd.lst";
esphost = "10.42.24.7"; # esp8266
timeout = 10; # minutes
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index 1e626f0a0..a916c1873 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -91,6 +91,37 @@ in {
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICxFkBln23wUxt4RhIHE3GvdKeBpJbjn++6maupHqUHp";
};
+ onebutton = {
+ cores = 1;
+ owner = config.krebs.users.krebs;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.101";
+ ip6.addr = "42:0:0:0:0:0:0:101";
+ aliases = [
+ "onebutton.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA11w6votRExwE0ZEiQmPa
+ 9WGNsMfNAZEd14iHaHCZH7UPQEH+cH/T6isGPpaysindroMnqFe9mUf/cdYChb6N
+ aaFreApwGBQaJPUcdy4cfphrFpzmOClpOFuFbnV7ZvAk/wefBad3kUzsq/lK4HvB
+ 7nPKeOB9kljphLrkzuLL/h2yOenMpO2ZdvwxyWN8HKmUNgvpBQjIr+Hka6cgy7Gp
+ pBVFHfSnad/eHeEvq91O/bHxrAxzH5N5DVagPDpkbiWYGl+0XVGP/h0CApr15Ael
+ +j2pJYc0ZlaXIp4KmNRqbd/fLe52JLrWbnFX4rRuY/DhoMqK8kjECEZ7gLiNSpCC
+ KlnlJ2LXX9c+d79ubzl5yLAJ3d6T4IJqkbAWJDuCrj821M9ZDk/qZwerayhrrvkF
+ tMYkQoGSe8MvSOU0rTEoH5iSRwDC7M0XzUe4l8/yZLFyD4Prz/dq6coqANfk/tlE
+ DnH3vDu9lmFvYrLcd6yDWzFfI3mWDJoUa6AKKoScCOaCkRfIM4Aew0i73+h1nJLO
+ 59AAbZIkDYyWs53QniIG4EQteI9y/9j/628nPAVj68V5oIN76RDXfFHWDWq4DxmU
+ PpGVmoIKcKZmnl7RrDomRVpuGMdyQ+kCzIGH3XYe12v8Y5beHZBrd3OajgHZ/Tfp
+ jP873cT6h0hsGm9glgOYho8CAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcZg+iLaPZ0SpLM+nANxIjZC/RIsansjyutK0+gPhIe ";
+ };
puyak = {
ci = true;
owner = config.krebs.users.krebs;
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index e269d1fa1..48df04bcb 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -9,6 +9,7 @@ with import <stockholm/lib>;
hosts = mapAttrs (_: recursiveUpdate {
owner = config.krebs.users.lass;
ci = true;
+ monitoring = true;
}) {
dishfire = {
cores = 4;
@@ -43,39 +44,6 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy";
};
- echelon = {
- cores = 2;
- nets = rec {
- internet = {
- ip4.addr = "64.137.242.41";
- aliases = [
- "echelon.i"
- ];
- ssh.port = 45621;
- };
- retiolum = {
- via = internet;
- ip4.addr = "10.243.206.103";
- ip6.addr = "42:941e:2816:35f4:5c5e:206b:3f0b:f763";
- aliases = [
- "echelon.r"
- "cgit.echelon.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAuscWOYdHu0bpWacvwTNd6bcmrAQ0YFxJWHZF8kPZr+bMKIhnXLkJ
- oJheENIM6CA9lQQQFUxh2P2pxZavW5rgVlJxIKeiB+MB4v6ZO60LmZgpCsWGD/dX
- MipM2tLtQxYhvLJIJxEBWn3rxIgeEnCtZsH1KLWyLczb+QpvTjMJ4TNh1nEBPE/f
- 4LUH1JHaGhcaHl2dLemR9wnnDIjmSj0ENJp2al+hWnIggcA/Zp0e4b86Oqbbs5wA
- n++n5j971cTrBdA89nJDYOEtepisglScVRbgLqJG81lDA+n24RWFynn+U3oD/L8p
- do+kxlwZUEDRbPU4AO5L+UeIbimsuIfXiQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK";
- };
prism = rec {
cores = 4;
extraZones = {
@@ -86,14 +54,17 @@ with import <stockholm/lib>;
"lassul.us" = ''
$TTL 3600
@ IN SOA dns16.ovh.net. tech.ovh.net. (2017093001 86400 3600 3600000 300)
- 60 IN NS ns16.ovh.net.
- 60 IN NS dns16.ovh.net.
- 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- 60 IN TXT v=spf1 mx -all
- cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- io 60 IN NS ions.lassul.us.
- ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ 60 IN NS ns16.ovh.net.
+ 60 IN NS dns16.ovh.net.
+ 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ 60 IN TXT v=spf1 mx a:lassul.us -all
+ 60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" )
+ default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
+ cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ io 60 IN NS ions.lassul.us.
+ ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
'';
};
nets = rec {
@@ -149,6 +120,7 @@ with import <stockholm/lib>;
};
domsen-nas = {
ci = false;
+ monitoring = false;
external = true;
nets = rec {
internet = {
@@ -161,6 +133,7 @@ with import <stockholm/lib>;
};
};
uriel = {
+ monitoring = false;
cores = 1;
nets = {
gg23 = {
@@ -399,10 +372,12 @@ with import <stockholm/lib>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
};
iso = {
+ monitoring = false;
ci = false;
cores = 1;
};
sokrateslaptop = {
+ monitoring = false;
ci = false;
external = true;
nets = {
@@ -426,6 +401,7 @@ with import <stockholm/lib>;
};
};
turingmachine = {
+ monitoring = false;
ci = false;
external = true;
nets = {
@@ -454,6 +430,7 @@ with import <stockholm/lib>;
};
};
eddie = {
+ monitoring = false;
ci = false;
external = true;
nets = rec {
@@ -494,6 +471,7 @@ with import <stockholm/lib>;
};
};
borg = {
+ monitoring = false;
ci = false;
external = true;
nets = {
@@ -521,6 +499,7 @@ with import <stockholm/lib>;
};
};
inspector = {
+ monitoring = false;
ci = false;
external = true;
nets = rec {
@@ -552,6 +531,7 @@ with import <stockholm/lib>;
};
};
dpdkm = {
+ monitoring = false;
ci = false;
external = true;
nets = rec {
@@ -618,6 +598,78 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n";
};
+ cabal = {
+ cores = 2;
+ nets = rec {
+ retiolum = {
+ ip4.addr = "10.243.1.4";
+ ip6.addr = "42::1:4";
+ aliases = [
+ "cabal.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIECgKCBAEAukXm8xPpC6/F+wssYqQbqt1QDwsPrF3TJ9ToLFcN1WgDlhDhjM3A
+ SuRDMNjRT1fvVTuXyplH5g16eokW/yLOpNnznMS3/VR372pLPEOqfuRf7wAy18jj
+ rZkW3EO7nyZ8KMb+SXA8Q0KIpHY50Ezh+tqGoTZDICwoK6N5dKLgAZShS55JXwwK
+ qRG3vyzV3mDjgVyT0FNfyL1/BN1qvJ+tQQ40lEbkcQauMunMzNbH058kAd6H2/0e
+ LK4JkxI9XpZHE6Pf1epXyClHW7vT7APFRp9gL9tZS/XMC18+aEMFfQrNW9jb3FIq
+ rU5MfJ7aubboe7dT6CRaRSWpduiKLVzY/JCoGvUziyvmR7qHsQWTEjtNuQX9joc3
+ 6iq1o+gmLV0G8Xwq8cEcg5USlLxNsGBQPwYnTG6iTPPHqOv7BKucekE/opnVZseE
+ fSNCGl1+tGwa3soSMI97LkpQTZxdeqf+jWZve0RbSa2Ihyod91ldFCqi1+PZx68v
+ yBI0PJamlt+dBx6WQKbPngWYeD8hXo7tg0XVRVa3ZQyX+Mq6uCCb2GM8ewMUPl+A
+ kcY1osFt6+sdkFGdiv3FMyijAiZumPoPprXC/4SGIsMnkoI4JfSAbTpHi2QuesqR
+ KMeairdB7XGUYlMvWpDLKN2dbMdRc+l3kDUKT7hALjKeyWS/27WYeK/STxvZXEXi
+ TZGHopvOFv6wcrb6nI49vIJo5mDLFamAPN3ZjeR20wP95UP7cUUSaTYX49M4lX6U
+ oL5BaFrcLn2PTvS84pUxcXKAp70FgTpvGJbaWwETgDjW+H+qlGmI/BTejpL7flVs
+ TOtaP/uCMxhVZSFv9bzo0ih10o+4gtU8lqxfJsVxlf2K7LVZ++LQba/u+XxRY+xw
+ 3IFBfg34tnO6zYlV8XgAiJ6IUOHUZANsuBD4iMoFSVOig6t5eIOkgXR6GEkP8FBD
+ rkroRMmxcu4lTCOzWIuAVOxCd4XXguoGQ4HAzpGd5ccdcb8Ev4RYEvNJY7B5tIQZ
+ 4J0F9ECzJuSu1HvWTL+T6a36d2MDTkXU2IJ2tSHciXqiP+QMMF7p9Ux0tiAq4mtf
+ luA94uKWg3cSyTyEM/jF66CgO6Ts3AivNE0MRNupV6AbUdr+TjzotGn9rxi168py
+ w/49OVbpR9EIGC2wxx7qcSEk5chFOcgvNQMRqgIx51bbOL7JYb0f4XuA38GUqLkG
+ 09PXmPeyqGzR9HsV2XZDprZdD3Dy4ojdexw0+YILg9bHaAxLHYs6WFZvzfaLLsf1
+ K2I39vvrEEOy8tHi4jvMk7oVX6RWG+DOZMeXTvyUCaBHyYkA0eDlC6NeKOHxnW/g
+ ZtN1W93UdklEqc5okM0/ZIke1HDRt3ZLdQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ secure = true;
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym";
+ };
+ red = {
+ monitoring = false;
+ cores = 1;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.13";
+ ip6.addr = "42:0:0:0:0:0:0:12ed";
+ aliases = [
+ "red.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArAN/62V2MV18wsZ9VMTG
+ 4/cqsjvHlffAN8jYDq+GImgREvbiLlFhhHgxwKh0gcDTR8P1xX/00P3/fx/g5bRF
+ Te7LZT2AFmVFFFfx1n9NBweN/gG2/hzB9J8epbWLNT+RzpzHuAoREvDZ+jweSXaI
+ phdmQY2s36yrR3TAShqq0q4cwlXuHT00J+InDutM0mTftBQG/fvYkBhHOfq4WSY0
+ FeMK7DTKNbsqQiKKQ/kvWi7KfTW0F0c7SDpi7BLwbQzP2WbogtGy9MIrw9ZhE6Ox
+ TVdAksPKw0TlYdb16X/MkbzBqTYbxFlmWzpMJABMxIVwAfQx3ZGYvJDdDXmQS2qa
+ mDN2xBb/5pj3fbfp4wbwWlRVSd/AJQtRvaNY24F+UsRJb0WinIguDI6oRZx7Xt8w
+ oYirKqqq1leb3EYUt8TMIXQsOw0/Iq+JJCwB+ZyLLGVNB19XOxdR3RN1JYeZANpE
+ cMSS3SdFGgZ//ZAdhIN5kw9yMeKo6Rnt+Vdz3vZWTuSVp/xYO3IMGXNGAdIWIwrJ
+ 7fwSl/rfXGG816h0sD46U0mxd+i68YOtHlzOKe+vMZ4/FJZYd/E5/IDQluV8HLwa
+ 5lODfZXUmfStdV+GDA9KVEGUP5xSkC3rMnir66NgHzKpIL002/g/HfGu7O3MrvpW
+ ng7AMvRv5vbsYcJBj2HUhKUCAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp";
+ };
};
users = {
lass = {
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index e137da7ca..d7a750c6e 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -539,6 +539,7 @@ with import <stockholm/lib>;
dl.euer IN A ${nets.internet.ip4.addr}
boot.euer IN A ${nets.internet.ip4.addr}
wiki.euer IN A ${nets.internet.ip4.addr}
+ mon.euer IN A ${nets.internet.ip4.addr}
graph IN A ${nets.internet.ip4.addr}
ghook IN A ${nets.internet.ip4.addr}
dockerhub IN A ${nets.internet.ip4.addr}
diff --git a/krebs/3modules/newsbot-js.nix b/krebs/3modules/newsbot-js.nix
index d372081ee..00e346f8e 100644
--- a/krebs/3modules/newsbot-js.nix
+++ b/krebs/3modules/newsbot-js.nix
@@ -93,6 +93,7 @@ let
User = "newsbot-js";
Restart = "always";
ExecStart = "${newsbot.package}/bin/newsbot";
+ WatchdogSec = "86400";
};
}
) cfg;
diff --git a/krebs/3modules/os-release.nix b/krebs/3modules/os-release.nix
index 8f71a357f..5fbfe6614 100644
--- a/krebs/3modules/os-release.nix
+++ b/krebs/3modules/os-release.nix
@@ -1,8 +1,11 @@
{ config, ... }:
with import <stockholm/lib>;
let
- nixos-version-id = "${config.system.nixosVersion}";
- nixos-version = "${nixos-version-id} (${config.system.nixosCodeName})";
+ nixos-version-id = if (hasAttr "nixos" config.system) then
+ "${config.system.nixos.version}" else "${config.system.nixosVersion}";
+ nixos-codeName = if (hasAttr "nixos" config.system) then
+ "${config.system.nixos.codeName}" else "${config.system.nixosCodeName}";
+ nixos-version = "${nixos-version-id} (${nixos-codeName})";
nixos-pretty-name = "NixOS ${nixos-version}";
stockholm-version-id = let
diff --git a/krebs/5pkgs/haskell/nix-diff/default.nix b/krebs/5pkgs/haskell/nix-diff/default.nix
deleted file mode 100644
index df0315048..000000000
--- a/krebs/5pkgs/haskell/nix-diff/default.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ mkDerivation, attoparsec, base, containers, Diff, fetchgit, mtl
-, nix-derivation, optparse-generic, stdenv, system-filepath, text
-, unix, vector
-}:
-mkDerivation {
- pname = "nix-diff";
- version = "1.0.0-krebs1";
- src = fetchgit {
- url = "https://github.com/Gabriel439/nix-diff";
- sha256 = "1k00nx8pannqmpzadkwfrs6bf79yk22ynhd033z5rsyw0m8fcz9k";
- rev = "e32ffa2c7f38b47a71325a042c1d887fb46cdf7d";
- };
- patches = [
- ./nixos-system.patch
- ];
- isLibrary = false;
- isExecutable = true;
- executableHaskellDepends = [
- attoparsec base containers Diff mtl nix-derivation optparse-generic
- system-filepath text unix vector
- ];
- homepage = "https://github.com/Gabriel439/nix-diff";
- description = "Explain why two Nix derivations differ";
- license = stdenv.lib.licenses.bsd3;
-}
diff --git a/krebs/5pkgs/haskell/nix-diff/nixos-system.patch b/krebs/5pkgs/haskell/nix-diff/nixos-system.patch
deleted file mode 100644
index 03e186aa9..000000000
--- a/krebs/5pkgs/haskell/nix-diff/nixos-system.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-diff --git a/src/Main.hs b/src/Main.hs
-index 959ab8e..d3b6077 100644
---- a/src/Main.hs
-+++ b/src/Main.hs
-@@ -95,7 +95,12 @@ pathToText path =
- underneath `/nix/store`, but this is the overwhelmingly common use case
- -}
- derivationName :: FilePath -> Text
--derivationName = Data.Text.dropEnd 4 . Data.Text.drop 44 . pathToText
-+derivationName p =
-+ if Data.Text.isPrefixOf "nixos-system" s
-+ then "nixos-system"
-+ else s
-+ where
-+ s = Data.Text.dropEnd 4 . Data.Text.drop 44 . pathToText $ p
-
- -- | Group input