summaryrefslogtreecommitdiffstats
path: root/makefu
diff options
context:
space:
mode:
Diffstat (limited to 'makefu')
-rw-r--r--makefu/1systems/darth/config.nix93
-rw-r--r--makefu/1systems/gum/config.nix24
-rw-r--r--makefu/1systems/x/config.nix9
-rw-r--r--makefu/2configs/audio/jack-on-pulse.nix2
-rw-r--r--makefu/2configs/backup.nix1
-rw-r--r--makefu/2configs/deployment/gitlab.nix39
-rw-r--r--makefu/2configs/elchos/search.nix17
-rw-r--r--makefu/2configs/fs/sda-crypto-root.nix6
-rw-r--r--makefu/2configs/git/gitlab-runner-shackspace.nix32
-rw-r--r--makefu/2configs/hw/tp-x230.nix4
-rw-r--r--makefu/2configs/lanparty/samba.nix31
-rw-r--r--makefu/2configs/nsupdate-data.nix55
-rw-r--r--makefu/2configs/share/anon-ftp.nix2
-rw-r--r--makefu/2configs/share/gum.nix4
-rw-r--r--makefu/2configs/tools/android-pentest.nix3
-rw-r--r--makefu/2configs/tools/dev.nix3
-rw-r--r--makefu/2configs/tools/extra-gui.nix1
-rw-r--r--makefu/2configs/urlwatch/default.nix25
-rw-r--r--makefu/2configs/vim.nix3
-rw-r--r--makefu/2configs/virtualisation/docker.nix6
-rw-r--r--makefu/5pkgs/cmpforopenssl/default.nix82
-rw-r--r--makefu/5pkgs/cmpforopenssl/nix-ssl-cert-file.patch14
-rw-r--r--makefu/5pkgs/custom/alsa-tools/default.nix (renamed from makefu/5pkgs/alsa-tools/default.nix)0
-rw-r--r--makefu/5pkgs/custom/default.nix3
-rw-r--r--makefu/5pkgs/custom/inkscape/dxf_fix.patch13
-rw-r--r--makefu/5pkgs/custom/qcma/default.nix (renamed from makefu/5pkgs/qcma/default.nix)5
-rw-r--r--makefu/5pkgs/default.nix14
-rw-r--r--makefu/5pkgs/dionaea/default.nix50
-rw-r--r--makefu/5pkgs/farpd/default.nix2
-rw-r--r--makefu/5pkgs/libopencm3/default.nix30
-rw-r--r--makefu/5pkgs/logstash-output-exec/default.nix32
-rw-r--r--makefu/5pkgs/mcomix/default.nix20
-rw-r--r--makefu/5pkgs/minibar/default.nix12
-rw-r--r--makefu/5pkgs/nltk/default.nix17
-rw-r--r--makefu/5pkgs/novnc/default.nix1
-rw-r--r--makefu/5pkgs/programs-db/default.nix12
-rw-r--r--makefu/6tests/data/secrets/nsupdate-data.nix1
-rw-r--r--makefu/6tests/data/secrets/shackspace-gitlab-ci-token.nix1
-rw-r--r--makefu/source.nix5
39 files changed, 595 insertions, 79 deletions
diff --git a/makefu/1systems/darth/config.nix b/makefu/1systems/darth/config.nix
index 9dbe67429..7accb13d3 100644
--- a/makefu/1systems/darth/config.nix
+++ b/makefu/1systems/darth/config.nix
@@ -3,44 +3,62 @@
with import <stockholm/lib>;
let
byid = dev: "/dev/disk/by-id/" + dev;
- rootDisk = byid "ata-ADATA_SSD_S599_64GB_10460000000000000039";
- auxDisk = byid "ata-HGST_HTS721010A9E630_JR10006PH3A02F";
- dataPartition = auxDisk + "-part1";
+ rootDisk = byid "ata-INTEL_SSDSC2BW480H6_CVTR53120385480EGN";
+ bootPart = rootDisk + "-part1";
+ rootPart = rootDisk + "-part2";
allDisks = [ rootDisk ]; # auxDisk
in {
imports = [
<stockholm/makefu>
- <stockholm/makefu/2configs/fs/single-partition-ext4.nix>
+ <stockholm/makefu/2configs/fs/sda-crypto-root.nix>
+ <stockholm/makefu/2configs/sshd-totp.nix>
<stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/smart-monitor.nix>
<stockholm/makefu/2configs/exim-retiolum.nix>
- <stockholm/makefu/2configs/virtualisation/libvirt.nix>
+ # <stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
- <stockholm/makefu/2configs/share/temp-share-samba.nix>
+ <stockholm/makefu/2configs/tools/core.nix>
+ <stockholm/makefu/2configs/stats/client.nix>
+ <stockholm/makefu/2configs/nsupdate-data.nix>
+
+ # SIEM
+ #<stockholm/makefu/2configs/tinc/siem.nix>
+ # {services.tinc.networks.siem = {
+ # name = "sdarth";
+ # extraConfig = "ConnectTo = sjump";
+ # };
+ # }
+
+ # {
+ # makefu.forward-journal = {
+ # enable = true;
+ # src = "10.8.10.2";
+ # dst = "10.8.10.6";
+ # };
+ # }
+
+ ## Sharing
+ # <stockholm/makefu/2configs/share/temp-share-samba.nix>
+ #{
+ # services.samba.shares = {
+ # isos = {
+ # path = "/data/isos/";
+ # "read only" = "yes";
+ # browseable = "yes";
+ # "guest ok" = "yes";
+ # };
+ # };
+ #}
+ <stockholm/makefu/2configs/share/anon-ftp.nix>
];
- services.samba.shares = {
- isos = {
- path = "/data/isos/";
- "read only" = "yes";
- browseable = "yes";
- "guest ok" = "yes";
- };
- };
- services.tinc.networks.siem = {
- name = "sdarth";
- extraConfig = "ConnectTo = sjump";
- };
- makefu.forward-journal = {
- enable = true;
- src = "10.8.10.2";
- dst = "10.8.10.6";
- };
- #networking.firewall.enable = false;
+ #networking.firewall.enable = false;
+ makefu.server.primary-itf = "enp0s25";
+ krebs.hidden-ssh.enable = true;
boot.kernelModules = [ "coretemp" "f71882fg" ];
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
@@ -49,31 +67,28 @@ in {
firewall = {
allowPing = true;
logRefusedConnections = false;
- trustedInterfaces = [ "eno1" ];
+ # trustedInterfaces = [ "eno1" ];
allowedUDPPorts = [ 80 655 1655 67 ];
allowedTCPPorts = [ 80 655 1655 ];
};
# fallback connection to the internal virtual network
- interfaces.virbr3.ip4 = [{
- address = "10.8.8.2";
- prefixLength = 24;
- }];
+ # interfaces.virbr3.ip4 = [{
+ # address = "10.8.8.2";
+ # prefixLength = 24;
+ # }];
};
# TODO smartd omo darth gum all-in-one
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
- zramSwap.enable = true;
-
- #fileSystems."/data" = {
- # device = dataPartition;
- # fsType = "ext4";
- #};
boot.loader.grub.device = rootDisk;
-
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.makefu-omo.pubkey
- config.krebs.users.makefu-vbob.pubkey
+ boot.initrd.luks.devices = [
+ { name = "luksroot";
+ device = rootPart;
+ allowDiscards = true;
+ keyFileSize = 4096;
+ keyFile = "/dev/sdb";
+ }
];
krebs.build.host = config.krebs.hosts.darth;
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index bbb8cfe11..110edc130 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -9,6 +9,7 @@ let
external-gw6 = "fe80::1";
external-netmask = 22;
external-netmask6 = 64;
+ ext-if = "et0"; # gets renamed on the fly
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
in {
@@ -41,6 +42,7 @@ in {
<stockholm/makefu/2configs/sabnzbd.nix>
<stockholm/makefu/2configs/torrent.nix>
<stockholm/makefu/2configs/iodined.nix>
+ <stockholm/makefu/2configs/vpn/openvpn-server.nix>
## Web
<stockholm/makefu/2configs/nginx/share-download.nix>
@@ -94,7 +96,7 @@ in {
];
};
-
+ makefu.server.primary-itf = ext-if;
# access
users.users = {
@@ -120,7 +122,7 @@ in {
# Network
services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="et0"
+ SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
'';
boot.kernelParams = [ ];
networking = {
@@ -152,14 +154,16 @@ in {
21032
];
};
- interfaces.et0.ip4 = [{
- address = external-ip;
- prefixLength = external-netmask;
- }];
- interfaces.et0.ip6 = [{
- address = external-ip6;
- prefixLength = external-netmask6;
- }];
+ interfaces."${ext-if}" = {
+ ip4 = [{
+ address = external-ip;
+ prefixLength = external-netmask;
+ }];
+ ip6 = [{
+ address = external-ip6;
+ prefixLength = external-netmask6;
+ }];
+ };
defaultGateway6 = external-gw6;
defaultGateway = external-gw;
nameservers = [ "8.8.8.8" ];
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index 368655575..8e8c8a736 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -42,6 +42,14 @@ with import <stockholm/lib>;
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
<stockholm/makefu/2configs/virtualisation/virtualbox.nix>
+ {
+ networking.firewall.allowedTCPPorts = [ 8080 ];
+ networking.nat = {
+ enable = true;
+ externalInterface = "wlp3s0";
+ internalInterfaces = [ "vboxnet0" ];
+ };
+ }
# Services
<stockholm/makefu/2configs/git/brain-retiolum.nix>
@@ -81,6 +89,7 @@ with import <stockholm/lib>;
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ];
networking.firewall.allowedUDPPorts = [ 665 26061 ];
+ networking.firewall.trustedInterfaces = [ "vboxnet0" ];
krebs.build.host = config.krebs.hosts.x;
diff --git a/makefu/2configs/audio/jack-on-pulse.nix b/makefu/2configs/audio/jack-on-pulse.nix
index a8ee05c7d..e18b2192a 100644
--- a/makefu/2configs/audio/jack-on-pulse.nix
+++ b/makefu/2configs/audio/jack-on-pulse.nix
@@ -45,7 +45,7 @@ in
Restart = "always";
RestartSec = "5";
};
- # after = [ "display-manager.service" "sound.target" ];
+ after = [ "display-manager.service" "sound.target" ];
wantedBy = [ "default.target" ];
};
};
diff --git a/makefu/2configs/backup.nix b/makefu/2configs/backup.nix
index 1cc78bfc1..166365ba0 100644
--- a/makefu/2configs/backup.nix
+++ b/makefu/2configs/backup.nix
@@ -31,6 +31,7 @@ in {
krebs.backup.plans = {
# wry-to-omo_root = defaultPull config.krebs.hosts.wry "/";
gum-to-omo_root = defaultPull config.krebs.hosts.gum "/";
+ # wolf-to-omo_root = defaultPull config.krebs.hosts.wolf "/";
};
environment.systemPackages = [
pkgs.borgbackup
diff --git a/makefu/2configs/deployment/gitlab.nix b/makefu/2configs/deployment/gitlab.nix
new file mode 100644
index 000000000..d61f50c1d
--- /dev/null
+++ b/makefu/2configs/deployment/gitlab.nix
@@ -0,0 +1,39 @@
+{ lib, config, ... }:
+let
+ web-port = 19453;
+ hostn = "gitlab.makefu.r";
+ internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
+in {
+
+ services.gitlab = {
+ enable = true;
+ https = false;
+ port = web-port;
+ secrets = import <secrets/gitlab/secrets.nix>;
+ databasePassword = import <secrets/gitlab/dbpw.nix>;
+ initialRootEmail = "makefu@x.r";
+ initialRootPassword = import <secrets/gitlab/rootpw.nix>;
+ host = hostn;
+ smtp = {
+ enable = true;
+ domain = "r";
+ enableStartTLSAuto = false;
+ port = 25;
+ };
+ };
+
+ services.nginx = {
+ enable = lib.mkDefault true;
+ virtualHosts."${hostn}".locations."/" = {
+ proxyPass = "http://localhost:${toString web-port}/";
+ extraConfig = ''
+ if ( $server_addr != "${internal-ip}" ) {
+ return 403;
+ }
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ '';
+ };
+ };
+}
diff --git a/makefu/2configs/elchos/search.nix b/makefu/2configs/elchos/search.nix
index 5777be373..521bfc80a 100644
--- a/makefu/2configs/elchos/search.nix
+++ b/makefu/2configs/elchos/search.nix
@@ -23,10 +23,21 @@ let
pid=${ddclientPIDFile}
${concatStringsSep "\n" (mapAttrsToList (user: pass: ''
+ protocol=dyndns2
use=if, if=${primary-itf}
- protocol=dyndns2, server=ipv4.nsupdate.info, login=${user}, password='${pass}' ${user}
- #usev6=if, if=${primary-itf}
- #protocol=dyndns2, server=ipv6.nsupdate.info, login=${user}, password='${pass}' ${user}
+ ssl=yes
+ server=ipv4.nsupdate.info
+ login=${user}
+ password='${pass}'
+ ${user}
+
+ protocol=dyndns2
+ usev5=if, if=${primary-itf}
+ ssl=yes
+ server=ipv6.nsupdate.info
+ login=${user}
+ password='${pass}'
+ ${user}
'') dict)}
'';
diff --git a/makefu/2configs/fs/sda-crypto-root.nix b/makefu/2configs/fs/sda-crypto-root.nix
index cfa703aaf..55cfd74f5 100644
--- a/makefu/2configs/fs/sda-crypto-root.nix
+++ b/makefu/2configs/fs/sda-crypto-root.nix
@@ -4,6 +4,12 @@
# sda1: boot ext4 (label nixboot) - must be unlocked on boot if required:
# boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
# sda2: cryptoluks -> ext4
+
+# fdisk /dev/sda
+ # boot 500M
+ # rest rest
+# cryptsetup luksFormat /dev/sda2
+#
with import <stockholm/lib>;
{
boot = {
diff --git a/makefu/2configs/git/gitlab-runner-shackspace.nix b/makefu/2configs/git/gitlab-runner-shackspace.nix
new file mode 100644
index 000000000..a5a1247ba
--- /dev/null
+++ b/makefu/2configs/git/gitlab-runner-shackspace.nix
@@ -0,0 +1,32 @@
+{ config, ... }:
+let
+ url = "https://git.shackspace.de/";
+ # generate token from CI-token via:
+ ## gitlab-runner register
+ token = import <secrets/shackspace-gitlab-ci-token.nix> ;
+in {
+ virtualisation.docker.enable = true;
+ services.gitlab-runner = {
+ enable = true;
+ gracefulTimeout = "120min";
+ # configFile = "/var/src/secrets/runner.toml";
+ configOptions = {
+ concurrent = 2;
+ runners = [{
+ name = "nix-krebs-1.11";
+ inherit token url;
+ executor = "docker";
+ builds_dir = "";
+ docker = {
+ host = "";
+ image = "nixos/nix:1.11";
+ privileged = false;
+ disable_cache = false;
+ volumes = ["/cache"];
+ shm_size = 0;
+ };
+ cache = {};
+ }];
+ };
+ };
+}
diff --git a/makefu/2configs/hw/tp-x230.nix b/makefu/2configs/hw/tp-x230.nix
index c705b52a7..14572b35c 100644
--- a/makefu/2configs/hw/tp-x230.nix
+++ b/makefu/2configs/hw/tp-x230.nix
@@ -33,8 +33,8 @@ with import <stockholm/lib>;
Option "Backlight" "intel_backlight"
'';
};
- # no entropy source working
- # security.rngd.enable = true;
+
+ security.rngd.enable = true;
services.xserver.displayManager.sessionCommands =''
xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1
diff --git a/makefu/2configs/lanparty/samba.nix b/makefu/2configs/lanparty/samba.nix
new file mode 100644
index 000000000..de834ab16
--- /dev/null
+++ b/makefu/2configs/lanparty/samba.nix
@@ -0,0 +1,31 @@
+{config, ... }:{
+ networking.firewall.allowedUDPPorts = [ 137 138 ];
+ networking.firewall.allowedTCPPorts = [ 139 445 ];
+ users.users.smbguest = {
+ name = "smbguest";
+ uid = config.ids.uids.smbguest;
+ description = "smb guest user";
+ home = "/data/lanparty";
+ createHome = true;
+ };
+ services.samba = {
+ enable = true;
+ shares = {
+ share-home = {
+ path = "/data/lanparty/";
+ "read only" = "no";
+ browseable = "yes";
+ "guest ok" = "yes";
+ };
+ };
+ extraConfig = ''
+ guest account = smbguest
+ map to guest = bad user
+ # disable printing
+ load printers = no
+ printing = bsd
+ printcap name = /dev/null
+ disable spoolss = yes
+ '';
+ };
+}
diff --git a/makefu/2configs/nsupdate-data.nix b/makefu/2configs/nsupdate-data.nix
new file mode 100644
index 000000000..cfa6193c6
--- /dev/null
+++ b/makefu/2configs/nsupdate-data.nix
@@ -0,0 +1,55 @@
+{ config, lib, pkgs, ... }:
+
+# search also generates ddclient entries for all other logs
+
+with import <stockholm/lib>;
+let
+ #primary-itf = "eth0";
+ #primary-itf = "wlp2s0";
+ primary-itf = config.makefu.server.primary-itf;
+ ddclientUser = "ddclient";
+ sec = toString <secrets>;
+ nsupdate = import "${sec}/nsupdate-data.nix";
+ stateDir = "/var/spool/ddclient";
+ cfg = "${stateDir}/cfg";
+ ddclientPIDFile = "${stateDir}/ddclient.pid";
+
+ # TODO: correct cert generation requires a `real` internet ip address
+
+ gen-cfg = dict: ''
+ ssl=yes
+ cache=${stateDir}/ddclient.cache
+ pid=${ddclientPIDFile}
+ ${concatStringsSep "\n" (mapAttrsToList (user: pass: ''
+
+ use=if, if=${primary-itf} protocol=dyndns2, server=ipv4.nsupdate.info, login=${user}, password='${pass}' ${user}
+ usev6=if, if=${primary-itf} protocol=dyndns2, server=ipv6.nsupdate.info, login=${user}, password='${pass}' ${user}
+ '') dict)}
+ '';
+
+in {
+ users.extraUsers = singleton {
+ name = ddclientUser;
+ uid = genid "ddclient";
+ description = "ddclient daemon user";
+ home = stateDir;
+ createHome = true;
+ };
+
+ systemd.services = {
+ ddclient-nsupdate-elchos = {
+ wantedBy = [ "multi-user.target" ];
+ after = [ "ip-up.target" ];
+ serviceConfig = {
+ Type = "forking";
+ User = ddclientUser;
+ PIDFile = ddclientPIDFile;
+ ExecStartPre = pkgs.writeDash "init-nsupdate" ''
+ cp -vf ${pkgs.writeText "ddclient-config" (gen-cfg nsupdate)} ${cfg}
+ chmod 700 ${cfg}
+ '';
+ ExecStart = "${pkgs.ddclient}/bin/ddclient -verbose -daemon 1 -noquiet -file ${cfg}";
+ };
+ };
+ };
+}
diff --git a/makefu/2configs/share/anon-ftp.nix b/makefu/2configs/share/anon-ftp.nix
index 471f22cba..d2a535f97 100644
--- a/makefu/2configs/share/anon-ftp.nix
+++ b/makefu/2configs/share/anon-ftp.nix
@@ -1,6 +1,6 @@
{ config, lib, ... }:
let
- ftpdir = "/home/ftp";
+ ftpdir = "/data";
in {
networking.firewall = {
allowedTCPPorts = [ 20 21 ];
diff --git a/makefu/2configs/share/gum.nix b/makefu/2configs/share/gum.nix
index e578f43d3..f5942a0f7 100644
--- a/makefu/2configs/share/gum.nix
+++ b/makefu/2configs/share/gum.nix
@@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }:
-with config.krebs.lib;
+with import <stockholm/lib>;
let
hostname = config.krebs.build.host.name;
in {
@@ -11,7 +11,7 @@ in {
# home = "/var/empty";
# };
- users.users.download = { };
+ users.users.download.uid = genid "download";
services.samba = {
enable = true;
shares = {
diff --git a/makefu/2configs/tools/android-pentest.nix b/makefu/2configs/tools/android-pentest.nix
index 3f65424cc..da8a357ae 100644
--- a/makefu/2configs/tools/android-pentest.nix
+++ b/makefu/2configs/tools/android-pentest.nix
@@ -10,5 +10,8 @@
apktool
jd-gui
android-studio
+ jdk
+ jre
+ openssl
];
}
diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix
index 42006eb22..6681484fd 100644
--- a/makefu/2configs/tools/dev.nix
+++ b/makefu/2configs/tools/dev.nix
@@ -1,9 +1,10 @@
{ pkgs, ... }:
{
- krebs.per-user.makefu.packages = with pkgs;[
+ users.users.makefu.packages = with pkgs;[
python35Packages.virtualenv
# embedded
+ gi
flashrom
mosquitto
libcoap
diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix
index 1e68e935c..b2d616764 100644
--- a/makefu/2configs/tools/extra-gui.nix
+++ b/makefu/2configs/tools/extra-gui.nix
@@ -13,5 +13,6 @@
# Dev
saleae-logic
arduino-user-env
+ gitAndTools.gitFull
];
}
diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix
index f17bcdc3a..47b5d7fc3 100644
--- a/makefu/2configs/urlwatch/default.nix
+++ b/makefu/2configs/urlwatch/default.nix
@@ -1,6 +1,11 @@
{ config, lib, ... }:
-{
+let
+ grss = name: { #github rss feed
+ url = "https://github.com/${name}/releases.atom";
+ filter = "grepi:(<updated|<media.thumbnail)";
+ };
+in {
krebs.urlwatch = {
enable = true;
mailto = config.krebs.users.makefu.mail;
@@ -10,14 +15,7 @@
## nixpkgs maintenance
# github
## No rate limit
- https://github.com/amadvance/snapraid/releases.atom
- https://github.com/radare/radare2/releases.atom
- https://github.com/ovh/python-ovh/releases.atom
- https://github.com/embray/d2to1/releases.atom
- https://github.com/Mic92/vicious/releases.atom
- https://github.com/embray/d2to1/releases.atom
- https://github.com/dorimanx/exfat-nofuse/releases.atom
- https://github.com/rapid7/metasploit-framework/releases.atom
+
## rate limited
# https://api.github.com/repos/dorimanx/exfat-nofuse/commits
# https://api.github.com/repos/mcepl/gen-oath-safe/commits
@@ -39,6 +37,15 @@
filter = "grep:Software/Linux/dymo-cups-drivers";
}
# TODO: dymo cups
+ ] ++ map grss [
+ "amadvance/snapraid"
+ "radare/radare2"
+ "ovh/python-ovh"
+ "embray/d2to1"
+ "Mic92/vicious"
+ "embray/d2to1"
+ "dorimanx/exfat-nofuse"
+ "rapid7/metasploit-framework"
];
};
}
diff --git a/makefu/2configs/vim.nix b/makefu/2configs/vim.nix
index 227d73c81..524caf8f5 100644
--- a/makefu/2configs/vim.nix
+++ b/makefu/2configs/vim.nix
@@ -21,6 +21,9 @@ in {
vimrcConfig.customRC = ''
set nocompatible
syntax on
+ set list
+ set listchars=tab:▸
+ "set list listchars=tab:>-,trail:.,extends:>
filetype off
filetype plugin indent on
diff --git a/makefu/2configs/virtualisation/docker.nix b/makefu/2configs/virtualisation/docker.nix
index 98fd980cc..ddef9e371 100644
--- a/makefu/2configs/virtualisation/docker.nix
+++ b/makefu/2configs/virtualisation/docker.nix
@@ -1,4 +1,8 @@
-{...}:
+{ pkgs, ... }:
{
virtualisation.docker.enable = true;
+ environment.systemPackages = with pkgs;[
+ docker
+ docker_compose
+ ];
}
diff --git a/makefu/5pkgs/cmpforopenssl/default.nix b/makefu/5pkgs/cmpforopenssl/default.nix
new file mode 100644
index 000000000..3b9a20098
--- /dev/null
+++ b/makefu/5pkgs/cmpforopenssl/default.nix
@@ -0,0 +1,82 @@
+{ stdenv, fetchurl, buildPackages, perl, fetchgit
+, hostPlatform
+}:
+
+with stdenv.lib;
+
+let
+
+ common = args@{ rev, sha256, patches ? [] }: stdenv.mkDerivation rec {
+ name = "cmpforopenssl-${rev}";
+
+ src = fetchgit {
+ url = "https://git.code.sf.net/p/cmpforopenssl/git";
+ inherit sha256 rev;
+ fetchSubmodules = false;
+ deepClone = false;
+ };
+
+ patches =
+ (args.patches or [])
+ ++ [ ./nix-ssl-cert-file.patch ];
+
+ outputs = [ "bin" "dev" "out" "man" ];
+ setOutputFlags = false;
+ separateDebugInfo = stdenv.isLinux;
+
+ nativeBuildInputs = [ perl ];
+
+ configureScript = "./config";
+
+ configureFlags = [
+ "shared"
+ "--libdir=lib"
+ "--openssldir=etc/ssl"
+ ] ;
+
+ makeFlags = [ "MANDIR=$(man)/share/man" ];
+
+ # Parallel building is broken in OpenSSL.
+ enableParallelBuilding = false;
+
+ postInstall = ''
+ # If we're building dynamic libraries, then don't install static
+ # libraries.
+ if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib $out/lib/*.dll)" ]; then
+ rm "$out/lib/"*.a
+ fi
+
+ mkdir -p $bin
+ mv $out/bin $bin/
+
+ mkdir $dev
+ mv $out/include $dev/
+
+ # remove dependency on Perl at runtime
+ rm -r $out/etc/ssl/misc
+
+ rmdir $out/etc/ssl/{certs,private}
+ '';
+
+ postFixup = ''
+ # Check to make sure the main output doesn't depend on perl
+ if grep -r '${buildPackages.perl}' $out; then
+ echo "Found an erroneous dependency on perl ^^^" >&2
+ exit 1
+ fi
+ '';
+
+
+ meta = {
+ homepage = https://sourceforge.net/p/cmpforopenssl ;
+ description = "A cryptographic library that implements the SSL and TLS protocols";
+ platforms = stdenv.lib.platforms.all;
+ maintainers = [ stdenv.lib.maintainers.makefu ];
+ priority = 0; # resolves collision with ‘man-pages’
+ };
+ };
+
+in common {
+ rev = "462b3";
+ sha256 = "1h2k1c4lg27gmsyd72zrlr303jw765x8sscxblq2jwb44jag85na";
+ }
diff --git a/makefu/5pkgs/cmpforopenssl/nix-ssl-cert-file.patch b/makefu/5pkgs/cmpforopenssl/nix-ssl-cert-file.patch
new file mode 100644
index 000000000..b615f1482
--- /dev/null
+++ b/makefu/5pkgs/cmpforopenssl/nix-ssl-cert-file.patch
@@ -0,0 +1,14 @@
+diff -ru -x '*~' openssl-1.0.2j-orig/crypto/x509/by_file.c openssl-1.0.2j/crypto/x509/by_file.c
+--- openssl-1.0.2j-orig/crypto/x509/by_file.c 2016-09-26 11:49:07.000000000 +0200
++++ openssl-1.0.2j/crypto/x509/by_file.c 2016-10-13 16:54:31.400288302 +0200
+@@ -97,7 +97,9 @@
+ switch (cmd) {
+ case X509_L_FILE_LOAD:
+ if (argl == X509_FILETYPE_DEFAULT) {
+- file = (char *)getenv(X509_get_default_cert_file_env());