From 64c8c06f02d6ea59484d94354a574b3a9f5810cd Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 6 Mar 2019 16:38:28 +0100 Subject: 18.09 -> 19.03 --- krebs/update-channel.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/update-channel.sh b/krebs/update-channel.sh index 7f24cd31a..08354357a 100755 --- a/krebs/update-channel.sh +++ b/krebs/update-channel.sh @@ -3,7 +3,7 @@ dir=$(dirname $0) oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ --url https://github.com/NixOS/nixpkgs-channels \ - --rev refs/heads/nixos-18.09' \ + --rev refs/heads/nixos-19.03' \ > $dir/nixpkgs.json newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev" -- cgit v1.2.3 From 04d10421ed339a2342e92f5cabda83afbd7fd450 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 6 Mar 2019 16:54:31 +0100 Subject: l: NIX_REMOTE is now set by nixos correctly --- lass/1systems/blue/physical.nix | 1 - lass/1systems/red/physical.nix | 1 - lass/1systems/yellow/physical.nix | 1 - 3 files changed, 3 deletions(-) diff --git a/lass/1systems/blue/physical.nix b/lass/1systems/blue/physical.nix index 7499ff723..b6aa3a894 100644 --- a/lass/1systems/blue/physical.nix +++ b/lass/1systems/blue/physical.nix @@ -4,5 +4,4 @@ ]; boot.isContainer = true; networking.useDHCP = false; - environment.variables.NIX_REMOTE = "daemon"; } diff --git a/lass/1systems/red/physical.nix b/lass/1systems/red/physical.nix index 7499ff723..b6aa3a894 100644 --- a/lass/1systems/red/physical.nix +++ b/lass/1systems/red/physical.nix @@ -4,5 +4,4 @@ ]; boot.isContainer = true; networking.useDHCP = false; - environment.variables.NIX_REMOTE = "daemon"; } diff --git a/lass/1systems/yellow/physical.nix b/lass/1systems/yellow/physical.nix index 7499ff723..b6aa3a894 100644 --- a/lass/1systems/yellow/physical.nix +++ b/lass/1systems/yellow/physical.nix @@ -4,5 +4,4 @@ ]; boot.isContainer = true; networking.useDHCP = false; - environment.variables.NIX_REMOTE = "daemon"; } -- cgit v1.2.3 From a1cf824e2f5d8bd751f6e625718eb59e345cb666 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 7 Mar 2019 13:14:41 +0100 Subject: blessings: add 19.03 compatibility --- krebs/5pkgs/haskell/blessings.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/krebs/5pkgs/haskell/blessings.nix b/krebs/5pkgs/haskell/blessings.nix index f730cc72b..c35706ebf 100644 --- a/krebs/5pkgs/haskell/blessings.nix +++ b/krebs/5pkgs/haskell/blessings.nix @@ -10,6 +10,10 @@ with import ; version = "2.2.0"; sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1"; }; + "19.03" = { + version = "2.2.0"; + sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1"; + }; }.${versions.majorMinor nixpkgsVersion}; in mkDerivation { -- cgit v1.2.3 From 9eb7244146b29d772a0fc173d02394d05a22dae6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 7 Mar 2019 13:23:23 +0100 Subject: email-header: add 19.03 compatibility --- krebs/5pkgs/haskell/email-header.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/krebs/5pkgs/haskell/email-header.nix b/krebs/5pkgs/haskell/email-header.nix index 4049168c1..6689f1d2c 100644 --- a/krebs/5pkgs/haskell/email-header.nix +++ b/krebs/5pkgs/haskell/email-header.nix @@ -15,6 +15,11 @@ with import ; rev = "refs/tags/v${cfg.version}"; sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x"; }; + "19.03" = { + version = "0.4.1-tv1"; + rev = "refs/tags/v${cfg.version}"; + sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x"; + }; }.${versions.majorMinor nixpkgsVersion}; in mkDerivation { -- cgit v1.2.3 From 7d7be871d84241aec9b820ed8e379bd3ca610d8e Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 8 Apr 2019 17:34:12 +0200 Subject: nixpkgs: 2229509 -> 67bc63f --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 1ee21020b..b58208685 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "222950952f15f6b1e9f036b80440b597f23e652d", - "date": "2019-04-05T10:07:50+02:00", - "sha256": "1hfchhy8vlc333sglabk1glkcnv4mrnarm9j4havqn7g5ri68vrd", + "rev": "67bc63f9a7ac1b4d1a7114c88ca1a4df03bfdb0e", + "date": "2019-04-06T21:36:45+02:00", + "sha256": "0jzy9kd81dz1v0by3h0znz3z6bmpll3ssza5i5f14j2q54ib145g", "fetchSubmodules": false } -- cgit v1.2.3 From 9c0fa83f5326cf419dbb7565653eaba1919bf45e Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 8 Apr 2019 19:05:25 +0200 Subject: tv pulse: use pkgs.pkgsi686Linux --- tv/2configs/pulse.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tv/2configs/pulse.nix b/tv/2configs/pulse.nix index 2e679bd14..ea3970152 100644 --- a/tv/2configs/pulse.nix +++ b/tv/2configs/pulse.nix @@ -1,10 +1,12 @@ -{ config, lib, pkgs, pkgs_i686, ... }: +{ config, lib, pkgs, ... }: with import ; let pkg = pkgs.pulseaudioLight; runDir = "/run/pulse"; + pkgs_i686 = pkgs.pkgsi686Linux; + support32Bit = pkgs.stdenv.isx86_64 && pkgs_i686.alsaLib != null && -- cgit v1.2.3 From 9b2355521f8447e7da3af30bce8fb7ba6f83ed69 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 8 Apr 2019 19:30:06 +0200 Subject: tv mail-client: kill alot due to python 2 relation --- tv/2configs/mail-client.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/tv/2configs/mail-client.nix b/tv/2configs/mail-client.nix index 0caf5264a..fc8fc81f2 100644 --- a/tv/2configs/mail-client.nix +++ b/tv/2configs/mail-client.nix @@ -3,7 +3,6 @@ pkgs.haskellPackages.much pkgs.msmtp pkgs.notmuch - pkgs.pythonPackages.alot pkgs.qprint pkgs.w3m ]; -- cgit v1.2.3 From ade34e2ccd55585c50d6cafd533c512755a048bc Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 8 Apr 2019 18:53:54 +0200 Subject: hotdog.r: don't set NIX_REMOTE --- krebs/1systems/hotdog/config.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 916073375..f68c8ce50 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -21,5 +21,4 @@ boot.isContainer = true; networking.useDHCP = false; - environment.variables.NIX_REMOTE = "daemon"; } -- cgit v1.2.3 From 8f0b3d939eb933bfb1d9a3b2ac2147960abbbfd8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 8 Apr 2019 18:56:09 +0200 Subject: l green.r: don't set NIX_REMOTE --- lass/1systems/green/physical.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/1systems/green/physical.nix b/lass/1systems/green/physical.nix index 7499ff723..b6aa3a894 100644 --- a/lass/1systems/green/physical.nix +++ b/lass/1systems/green/physical.nix @@ -4,5 +4,4 @@ ]; boot.isContainer = true; networking.useDHCP = false; - environment.variables.NIX_REMOTE = "daemon"; } -- cgit v1.2.3 From 07a56f4d03da08739cafe7c0006a01a9ff8e345a Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 8 Apr 2019 19:02:42 +0200 Subject: l mors.r: disable hardening --- lass/1systems/mors/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 250d96e53..fa5fb5518 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -36,7 +36,7 @@ with import ; - + # { krebs.iptables.tables.filter.INPUT.rules = [ #risk of rain -- cgit v1.2.3 From 2dbdf0185a42fd654706766b12bb1efe40ce712f Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 8 Apr 2019 19:05:25 +0200 Subject: tv pulse: use pkgs.pkgsi686Linux --- tv/2configs/pulse.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tv/2configs/pulse.nix b/tv/2configs/pulse.nix index 2e679bd14..ea3970152 100644 --- a/tv/2configs/pulse.nix +++ b/tv/2configs/pulse.nix @@ -1,10 +1,12 @@ -{ config, lib, pkgs, pkgs_i686, ... }: +{ config, lib, pkgs, ... }: with import ; let pkg = pkgs.pulseaudioLight; runDir = "/run/pulse"; + pkgs_i686 = pkgs.pkgsi686Linux; + support32Bit = pkgs.stdenv.isx86_64 && pkgs_i686.alsaLib != null && -- cgit v1.2.3 From 3fee51f7378a523a95e494d160b7562206cf714b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 9 Apr 2019 16:52:17 +0200 Subject: syncthing: fix permissions of keys --- krebs/3modules/syncthing.nix | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix index 34879fd3f..bfbac1db9 100644 --- a/krebs/3modules/syncthing.nix +++ b/krebs/3modules/syncthing.nix @@ -133,8 +133,16 @@ in systemd.services.syncthing = mkIf (cfg.cert != null || cfg.key != null) { preStart = '' - ${optionalString (cfg.cert != null) "cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem"} - ${optionalString (cfg.key != null) "cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem"} + ${optionalString (cfg.cert != null) '' + cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem + chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/cert.pem + chmod 400 ${config.services.syncthing.dataDir}/cert.pem + ''} + ${optionalString (cfg.key != null) '' + cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem + chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/key.pem + chmod 400 ${config.services.syncthing.dataDir}/key.pem + ''} ''; }; -- cgit v1.2.3 From 179e95d0bfc985940d4970d6c1365c2c8e000d0d Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 9 Apr 2019 22:47:03 +0200 Subject: ma pkgs.nixpkgs-pytools: init at 1.0.0-dev --- makefu/5pkgs/nixpkgs-pytools/default.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 makefu/5pkgs/nixpkgs-pytools/default.nix diff --git a/makefu/5pkgs/nixpkgs-pytools/default.nix b/makefu/5pkgs/nixpkgs-pytools/default.nix new file mode 100644 index 000000000..35146d155 --- /dev/null +++ b/makefu/5pkgs/nixpkgs-pytools/default.nix @@ -0,0 +1,17 @@ +{pkgs, fetchFromGitHub}: +with pkgs.python3.pkgs; + +buildPythonPackage rec { + pname = "nixpkgs-pytools"; + version = "1.0.0-dev"; + src = fetchFromGitHub { + owner = "nix-community"; + repo = pname; + rev = "593443b5689333cad3b6fa5b42e96587df68b0f8"; + sha256 = "1cjpngr1rn5q59a1krgmpq2qm96wbiirc8yf1xmm21p3mskb2db4"; + }; + propagatedBuildInputs = [ + jinja2 setuptools + ]; + checkInputs = [ black ]; +} -- cgit v1.2.3 From 46c06dd997ba8857bef217845cb5c450410383fa Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 11 Apr 2019 15:17:54 +0200 Subject: nixpkgs: 67bc63f -> 5c52b25 --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index b58208685..de6403bd0 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "67bc63f9a7ac1b4d1a7114c88ca1a4df03bfdb0e", - "date": "2019-04-06T21:36:45+02:00", - "sha256": "0jzy9kd81dz1v0by3h0znz3z6bmpll3ssza5i5f14j2q54ib145g", + "rev": "5c52b25283a6cccca443ffb7a358de6fe14b4a81", + "date": "2019-04-09T21:48:56+02:00", + "sha256": "0fhbl6bgabhi1sw1lrs64i0hibmmppy1bh256lq8hxy3a2p1haip", "fetchSubmodules": false } -- cgit v1.2.3 From 72cd01d104bb61b5a5e28c2c10e0bd2bd55ce681 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 11 Apr 2019 15:43:25 +0200 Subject: l domsen: increment duckdns domain --- lass/2configs/websites/domsen.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index b58484773..5bd5a7cac 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -237,8 +237,8 @@ in { krebs.on-failure.plans.restic-backups-domsen = {}; services.restic.backups.domsen = { initialize = true; - extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr.duckdns.org -S none -v -p 52222 -i ${toString + "/ssh.id_ed25519"} -s sftp'" ]; - repository = "sftp:efOVcMWSZ@wilhelmstr.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES"; + extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr2.duckdns.org -S none -v -p 52222 -i ${toString + "/ssh.id_ed25519"} -s sftp'" ]; + repository = "sftp:efOVcMWSZ@wilhelmstr2.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES"; passwordFile = toString + "/domsen_backup_pw"; timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; }; paths = [ -- cgit v1.2.3 From d8590aefb252087111364aa718b59e33d79a60db Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 12 Apr 2019 19:30:02 +0200 Subject: ma krops: use upstream krebs nixpkgs.json --- makefu/krops.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/makefu/krops.nix b/makefu/krops.nix index 7c3fbcf4a..c180dcf3e 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -20,10 +20,6 @@ } // import (./. + "/1systems/${name}/source.nix"); source = { test }: lib.evalSource [ { - # nixos-18.09 @ 2018-09-18 - # + uhub/sqlite: 5dd7610401747 - # + hovercraft: 7134801b17d72 - # + PR#53934: eac6797380af1 nixpkgs = if host-src.arm6 then { # TODO: we want to track the unstable channel symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/"; @@ -31,7 +27,7 @@ derivation = '' with import {}; pkgs.fetchFromGitHub { - owner = "makefu"; + owner = "nixos"; repo = "nixpkgs"; rev = "${nixpkgs-src.rev}"; sha256 = "${nixpkgs-src.sha256}"; -- cgit v1.2.3 From 9efae807efcd4a483396340f5dc8317f51398cdb Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 12 Apr 2019 20:28:11 +0200 Subject: tv pass: add 19.03 compatibility --- tv/5pkgs/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index 605d827ef..8f960dd79 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -45,10 +45,9 @@ foldl' mergeAttrs {} self.callPackage ./compat/18.03/pass { pass-otp = self.callPackage ./compat/18.03/pass-otp {}; }; - "18.09" = + }.${versions.majorMinor nixpkgsVersion} or super.pass.withExtensions (ext: [ ext.pass-otp ]); - }.${versions.majorMinor nixpkgsVersion}; } -- cgit v1.2.3 From 1c3ac6e6cf4eb673f8ba8ccb3be3fd8d03d78202 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 12 Apr 2019 20:42:32 +0200 Subject: ma krops: use krebs upstream json --- makefu/krops.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/krops.nix b/makefu/krops.nix index c180dcf3e..219e00d72 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -1,6 +1,6 @@ { config ? config, name, target ? name }: let krops = ../submodules/krops; - nixpkgs-src = lib.importJSON ./nixpkgs.json; + nixpkgs-src = lib.importJSON ../krebs/nixpkgs.json; lib = import "${krops}/lib"; pkgs = import "${krops}/pkgs" {}; -- cgit v1.2.3 From 6c28491768cc6b86c69dd732544a3dbb0801faf4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 13 Apr 2019 11:30:43 +0200 Subject: bepasty: use python3 --- krebs/3modules/bepasty-server.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index e12367b7c..0f00cd381 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -2,10 +2,10 @@ with import ; let - gunicorn = pkgs.pythonPackages.gunicorn; + gunicorn = pkgs.python3Packages.gunicorn; bepasty = pkgs.bepasty; - gevent = pkgs.pythonPackages.gevent; - python = pkgs.pythonPackages.python; + gevent = pkgs.python3Packages.gevent; + python = pkgs.python3Packages.python; cfg = config.krebs.bepasty; out = { -- cgit v1.2.3 From 70500f88458f7801be2382c75123ac6f914bd669 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 13 Apr 2019 12:28:47 +0200 Subject: tv utsushi: 3.54.0 -> 3.55.0 --- tv/5pkgs/simple/utsushi.nix | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/tv/5pkgs/simple/utsushi.nix b/tv/5pkgs/simple/utsushi.nix index 55e8800a6..0ae4ed880 100644 --- a/tv/5pkgs/simple/utsushi.nix +++ b/tv/5pkgs/simple/utsushi.nix @@ -51,13 +51,19 @@ let src = if stdenv.system == "i686-linux" then fetchurl { - url = "https://download2.ebz.epson.net/imagescanv3/debian/latest1/deb/x64/imagescan-bundle-debian-9-1.3.21.x86.deb.tar.gz"; - sha256 = "16xv1pdfm2ryis815fawb7zqg6c4swww726g272ssx044r5dp80r"; + urls = [ + "https://download2.ebz.epson.net/imagescanv3/debian/latest1/deb/x86/imagescan-bundle-debian-9-3.55.0.x86.deb.tar.gz" + "http://ni.r/~tv/mirrors/epson/imagescan-bundle-debian-9-3.55.0.x86.deb.tar.gz" + ]; + sha256 = "12syk4y8z22hm9r1lgxqp81vd24jbqgmq83b7yiyqfd4wfxb6k3s"; } else if stdenv.system == "x86_64-linux" then fetchurl { - url = "https://download2.ebz.epson.net/imagescanv3/debian/latest1/deb/x64/imagescan-bundle-debian-9-1.3.21.x64.deb.tar.gz"; - sha256 = "0zik35h2jwrvkwcmq55wc72imidwdnmn1bayhypzhjcz61rasjg2"; + urls = [ + "https://download2.ebz.epson.net/imagescanv3/debian/latest1/deb/x64/imagescan-bundle-debian-9-3.55.0.x64.deb.tar.gz" + "http://ni.r/~tv/mirrors/epson/imagescan-bundle-debian-9-3.55.0.x64.deb.tar.gz" + ]; + sha256 = "1wp372hqhzdar6ldxy7s9js2s872x8c5nwq3608dwg9gca11ppc5"; } else throw "${name} is not supported on ${stdenv.system} (only i686-linux and x86_64 linux are supported)"; @@ -92,7 +98,7 @@ let license = stdenv.lib.licenses.eapl; maintainers = [ stdenv.lib.maintainers.tv ]; platforms = stdenv.lib.platforms.linux; - version = "1.1.0"; + version = "1.1.2"; }; }; @@ -102,8 +108,11 @@ stdenv.mkDerivation rec { name = "utsushi-${meta.version}"; src = fetchurl { - url = "http://support.epson.net/linux/src/scanner/imagescanv3/debian/imagescan_${meta.version}.orig.tar.gz"; - sha256 = "1gmiimwkcyzbkfr25vzqczjhgh90fgxd96agbnkpf9gah1mpd6qj"; + urls = [ + "http://support.epson.net/linux/src/scanner/imagescanv3/debian/imagescan_${meta.version}.orig.tar.gz" + "http://ni.r/~tv/mirrors/epson/imagescan_${meta.version}.orig.tar.gz" + ]; + sha256 = "0xwl4xp07cigslbi1qc52jsjvxcyvjlx54g812mn7211p01v2h4l"; }; preConfigure = '' @@ -203,6 +212,6 @@ stdenv.mkDerivation rec { license = stdenv.lib.licenses.gpl3; maintainers = [ stdenv.lib.maintainers.tv ]; platforms = stdenv.lib.platforms.linux; - version = "3.54.0"; + version = "3.55.0"; }; } -- cgit v1.2.3 From 39fba33bed71c7553da47e56c5e34a0389950c71 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 13 Apr 2019 13:44:39 +0200 Subject: krebs.setuid: propagate env by default --- krebs/3modules/setuid.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix index 3ba598a45..97cf21cdd 100644 --- a/krebs/3modules/setuid.nix +++ b/krebs/3modules/setuid.nix @@ -21,8 +21,8 @@ let default = config._module.args.name; }; envp = mkOption { - type = types.attrsOf types.str; - default = {}; + type = types.nullOr (types.attrsOf types.str); + default = null; }; filename = mkOption { type = mkOptionType { -- cgit v1.2.3 From bb2f8b9b920287df33e194a3b62d86669d8e6ddd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 13 Apr 2019 14:06:36 +0200 Subject: types.syncthing.id: string -> str --- lib/types.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/types.nix b/lib/types.nix index 9001bc7c3..23919af38 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -89,7 +89,7 @@ rec { syncthing.id = mkOption { # TODO syncthing id type - type = nullOr string; + type = nullOr str; default = null; }; }; -- cgit v1.2.3 From d03c70bb86ef1fb3e88a2dc9143faf34240feec0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 13 Apr 2019 14:48:26 +0200 Subject: l hw x220: disable lid via new api --- lass/2configs/hw/x220.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/lass/2configs/hw/x220.nix b/lass/2configs/hw/x220.nix index f5651da13..5649041f9 100644 --- a/lass/2configs/hw/x220.nix +++ b/lass/2configs/hw/x220.nix @@ -30,8 +30,7 @@ }; }; - services.logind.extraConfig = '' - HandleLidSwitch=ignore - ''; + services.logind.lidSwitch = "ignore"; + services.logind.lidSwitchDocked = "ignore"; } -- cgit v1.2.3 From ec4b7f30f5f4dfbc5b2164fdb6f25ff32e841cde Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 13 Apr 2019 14:49:48 +0200 Subject: l usershadow: add setuid wrapper for check_pw --- lass/3modules/usershadow.nix | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix index cb2890969..383b9a537 100644 --- a/lass/3modules/usershadow.nix +++ b/lass/3modules/usershadow.nix @@ -31,13 +31,20 @@ session required pam_loginuid.so ''; - security.pam.services.dovecot2.text = '' - auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern} - auth required pam_permit.so - account required pam_permit.so - session required pam_permit.so - session required pam_env.so envfile=${config.system.build.pamEnvironment} - ''; + security.pam.services.dovecot2 = { + text = '' + auth required pam_exec.so debug expose_authtok log=/tmp/lol /run/wrappers/bin/shadow_verify_pam ${cfg.pattern} + auth required pam_permit.so + account required pam_permit.so + session required pam_permit.so + session required pam_env.so envfile=${config.system.build.pamEnvironment} + ''; + }; + + security.wrappers.shadow_verify_pam = { + source = "${usershadow}/bin/verify_pam"; + owner = "root"; + }; }; usershadow = let { -- cgit v1.2.3 From 91bab57c35d61550ae4fec98cd8e985c037ed7f7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 13 Apr 2019 14:54:29 +0200 Subject: l usershadow: build without -threaded --- lass/3modules/usershadow.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix index 383b9a537..d967a108a 100644 --- a/lass/3modules/usershadow.nix +++ b/lass/3modules/usershadow.nix @@ -53,10 +53,13 @@ "bytestring" ]; body = pkgs.writeHaskellPackage "passwords" { + ghc-options = [ + "-rtsopts" + "-Wall" + ]; executables.verify_pam = { extra-depends = deps; text = '' - import Data.Monoid import System.IO import Data.Char (chr) import System.Environment (getEnv, getArgs) @@ -79,7 +82,6 @@ executables.verify_arg = { extra-depends = deps; text = '' - import Data.Monoid import System.Environment (getArgs) import Crypto.PasswordStore (verifyPasswordWith, pbkdf2) import qualified Data.ByteString.Char8 as BS8 -- cgit v1.2.3 From 7f9b2c6f45ce0ca09c0fe8ba07fab16bf4428f38 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 13 Apr 2019 15:39:40 +0200 Subject: ci: create gcroot only if result exists --- krebs/3modules/ci.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index a47dbe611..244de1a0d 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -108,10 +108,12 @@ let name=str(new_step), command=[ "${pkgs.writeDash "build-stepper.sh" '' - set -efu + set -xefu profile=${shell.escape profileRoot}/$build_name result=$("$build_script") - ${pkgs.nix}/bin/nix-env -p "$profile" --set "$result" + if [ -n "$result" ]; then + ${pkgs.nix}/bin/nix-env -p "$profile" --set "$result" + fi ''}" ], env={ -- cgit v1.2.3 From 6e28354f923f25b4bddc4835fe1d1457de71412c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 13 Apr 2019 16:36:34 +0200 Subject: l: sync .weechat --- lass/1systems/blue/config.nix | 2 ++ lass/1systems/mors/config.nix | 2 ++ 2 files changed, 4 insertions(+) diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index a287f548b..43c80d52f 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -15,9 +15,11 @@ with import ; krebs.syncthing.folders = [ { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } + { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; } ]; lass.ensure-permissions = [ { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } + { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; } ]; environment.shellAliases = { diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index fa5fb5518..52bcc9e15 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -52,10 +52,12 @@ with import ; krebs.syncthing.folders = [ { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } { id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" ]; } + { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; } ]; lass.ensure-permissions = [ { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } { folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; } + { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; } ]; } { -- cgit v1.2.3 From 167f19018d856d233cd405612e215869ffc925b4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 13 Apr 2019 16:37:21 +0200 Subject: l syncthing: set configDir to 18.09 default --- lass/2configs/syncthing.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix index 842abc195..d8b3c9f90 100644 --- a/lass/2configs/syncthing.nix +++ b/lass/2configs/syncthing.nix @@ -4,6 +4,7 @@ with import ; services.syncthing = { enable = true; group = "syncthing"; + configDir = "/var/lib/syncthing"; }; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 22000"; target = "ACCEPT";} -- cgit v1.2.3 From 00ea95a20c02467812c4a9d945cfd7088e5cca5e Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 13 Apr 2019 18:16:37 +0200 Subject: ma tools: disable packages broken in 19.03 --- makefu/2configs/tools/android-pentest.nix | 2 +- makefu/2configs/tools/core-gui.nix | 3 ++- makefu/2configs/tools/media.nix | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/makefu/2configs/tools/android-pentest.nix b/makefu/2configs/tools/android-pentest.nix index 05560db90..036f6e6fe 100644 --- a/makefu/2configs/tools/android-pentest.nix +++ b/makefu/2configs/tools/android-pentest.nix @@ -3,7 +3,7 @@ { nixpkgs.config.android_sdk.accept_license = true; users.users.makefu.packages = with pkgs; [ - mitmproxy + # mitmproxy nmap msf drozer diff --git a/makefu/2configs/tools/core-gui.nix b/makefu/2configs/tools/core-gui.nix index 41bfef270..ee4f05980 100644 --- a/makefu/2configs/tools/core-gui.nix +++ b/makefu/2configs/tools/core-gui.nix @@ -10,7 +10,8 @@ keepassx pcmanfm evince - mirage + # replacement for mirage: + sxiv tightvnc gnome3.dconf xdotool diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix index 88a7c6882..3f2cf3096 100644 --- a/makefu/2configs/tools/media.nix +++ b/makefu/2configs/tools/media.nix @@ -7,7 +7,7 @@ vlc mumble mplayer - quodlibet # exfalso + # quodlibet # exfalso plowshare streamripper -- cgit v1.2.3 From a224e77dfbb8dc88119891c492651458cfacd39a Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 13 Apr 2019 21:41:58 +0200 Subject: lass paste: add p.krebsco.de --- krebs/3modules/lass/default.nix | 1 + krebs/5pkgs/simple/kpaste/default.nix | 5 +++-- lass/2configs/paste.nix | 10 ++++++++++ 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index a3b8cab39..a2548d6c1 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -38,6 +38,7 @@ in { io 60 IN NS ions.lassul.us. ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + p 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; diff --git a/krebs/5pkgs/simple/kpaste/default.nix b/krebs/5pkgs/simple/kpaste/default.nix index d6823d584..217cb8a44 100644 --- a/krebs/5pkgs/simple/kpaste/default.nix +++ b/krebs/5pkgs/simple/kpaste/default.nix @@ -1,5 +1,6 @@ -{ curl, writeDashBin }: +{ curl, gnused, writeDashBin }: writeDashBin "kpaste" '' - exec ${curl}/bin/curl -sS http://p.r --data-binary @- + ${curl}/bin/curl -sS http://p.r --data-binary @- | + ${gnused}/bin/sed '$ {p;s/\/krebsco.de/}' '' diff --git a/lass/2configs/paste.nix b/lass/2configs/paste.nix index 293691c0f..3c3d8e636 100644 --- a/lass/2configs/paste.nix +++ b/lass/2configs/paste.nix @@ -10,6 +10,16 @@ with import ; proxy_pass http://localhost:9081; ''; }; + services.nginx.virtualHosts.paste-readonly = { + serverAliases = [ "p.krebsco.de" ]; + locations."/".extraConfig = '' + if ($request_method != GET) { + return 403; + } + proxy_set_header Host $host; + proxy_pass http://localhost:9081; + ''; + }; krebs.htgen.paste = { port = 9081; script = toString [ -- cgit v1.2.3 From 4ac7399b75e57bb33a10ed647c34ed64c7bc3877 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 13 Apr 2019 21:54:15 +0200 Subject: bepasty-server: use python2 again --- krebs/3modules/bepasty-server.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index 0f00cd381..94a509520 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -2,10 +2,10 @@ with import ; let - gunicorn = pkgs.python3Packages.gunicorn; - bepasty = pkgs.bepasty; - gevent = pkgs.python3Packages.gevent; - python = pkgs.python3Packages.python; + gunicorn = pkgs.python27Packages.gunicorn; + bepasty = pkgs.bepasty.override { python3Packages = pkgs.python27Packages; }; + gevent = pkgs.python27Packages.gevent; + python = pkgs.python27Packages.python; cfg = config.krebs.bepasty; out = { -- cgit v1.2.3 From 3214a47d45d1ba52797b6ffdac7bfbafba347480 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 13 Apr 2019 22:01:13 +0200 Subject: krebspaste: print public URL --- krebs/5pkgs/simple/krebspaste/default.nix | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/krebs/5pkgs/simple/krebspaste/default.nix b/krebs/5pkgs/simple/krebspaste/default.nix index a11c8c90a..d97b6a053 100644 --- a/krebs/5pkgs/simple/krebspaste/default.nix +++ b/krebs/5pkgs/simple/krebspaste/default.nix @@ -1,6 +1,12 @@ -{ writeDashBin, bepasty-client-cli }: +{ bepasty-client-cli, gnused, writeDashBin }: -# TODO use `pkgs.exec` instead? writeDashBin "krebspaste" '' - exec ${bepasty-client-cli}/bin/bepasty-cli -L 1m --url http://paste.r "$@" | sed '$ s/$/\/+inline/g' + ${bepasty-client-cli}/bin/bepasty-cli -L 1m --url http://paste.r "$@" | + ${gnused}/bin/sed ' + $ { + s/$/\/+inline/ + p + s/\/krebsco.de/ + } + ' '' -- cgit v1.2.3 From d0883b3d3e44051fa569f4bc205abc557b0466e2 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 13 Apr 2019 22:05:48 +0200 Subject: lass: move p from lassul.us to krebsco.de --- krebs/3modules/lass/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index a2548d6c1..3396c2802 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -20,6 +20,7 @@ in { extraZones = { "krebsco.de" = '' cache IN A ${nets.internet.ip4.addr} + p IN A ${nets.internet.ip4.addr} paste IN A ${nets.internet.ip4.addr} prism IN A ${nets.internet.ip4.addr} ''; @@ -38,7 +39,6 @@ in { io 60 IN NS ions.lassul.us. ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - p 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; -- cgit v1.2.3 From 8058af6c74fca7725393750f3a6653512db6c72e Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 14:16:53 +0200 Subject: realwallpaper: reduce log noise --- krebs/3modules/realwallpaper.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index cb940efef..a0c00c20d 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -78,7 +78,7 @@ let serviceConfig = { Type = "simple"; ExecStart = pkgs.writeDash "generate-wallpaper" '' - set -xeuf + set -euf # usage: getimg FILENAME URL fetch() { -- cgit v1.2.3 From 40f83f1140d9d4cd669d692d594f232be434e654 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 17:37:28 +0200 Subject: external: add ada.r --- krebs/3modules/external/default.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index c9715cb85..9bfc920a3 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -429,6 +429,17 @@ in { }; }; }; + ada = { + owner = config.krebs.users.filly; + nets = { + wiregrill = { + aliases = [ "ada.w" ]; + wireguard = { + pubkey = "+t0j9j7TZqvSFPzgunnON/ArXVGpMS/L3DldpanLoUk="; + }; + }; + }; + }; }; users = { ciko = { @@ -464,6 +475,8 @@ in { }; miaoski = { }; + filly = { + }; }; } -- cgit v1.2.3 From c4af929d398e9e8bcb9a67644814018451c87d45 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 17:38:15 +0200 Subject: l shodan.r: add syncthing.id --- krebs/3modules/lass/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 3396c2802..1daaffbfb 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -240,6 +240,7 @@ in { secure = true; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9vup68R0I+62FK+8LNtwM90V9P4ukBmU7G7d54wf4C"; + syncthing.id = "AU5RTWC-HXNMDRT-TN4ZHXY-JMQ6EQB-4ZPOZL7-AICZMCZ-LNS2XXQ-DGTI2Q6"; }; icarus = { cores = 2; -- cgit v1.2.3 From d61f9654f294f4e491e6ff8bb04f34c916d7cf67 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 17:38:57 +0200 Subject: l daedalus.r: add ublock origin --- krebs/3modules/lass/default.nix | 1 + lass/1systems/daedalus/config.nix | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 1daaffbfb..41f3852b9 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -39,6 +39,7 @@ in { io 60 IN NS ions.lassul.us. ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + matrix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index e28fbf2f8..56c9c5fba 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -27,6 +27,12 @@ with import ; enable = true; systemWide = true; }; + programs.chromium = { + enable = true; + extensions = [ + "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin + ]; + }; environment.systemPackages = with pkgs; [ pavucontrol #firefox -- cgit v1.2.3 From cef929303a5c0a992aeddedc6aa57d503c7891df Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 17:39:50 +0200 Subject: l littleT: import green-host --- lass/1systems/littleT/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix index eee23ee60..d44e62053 100644 --- a/lass/1systems/littleT/config.nix +++ b/lass/1systems/littleT/config.nix @@ -8,6 +8,7 @@ with import ; + ]; networking.networkmanager.enable = true; -- cgit v1.2.3 From 0dc099791b311afabf4ce26de98e9ab628b2d2a0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 17:41:51 +0200 Subject: l mors.r: add dns update scripts --- lass/1systems/mors/config.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 52bcc9e15..3db29a712 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -137,6 +137,18 @@ with import ; (pkgs.writeDashBin "btc-kraken" '' ${pkgs.curl}/bin/curl -Ss 'https://api.kraken.com/0/public/Ticker?pair=BTCEUR' | ${pkgs.jq}/bin/jq '.result.XXBTZEUR.a[0]' '') + (pkgs.writeDashBin "krebsco.de" '' + TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) + ${pkgs.brain}/bin/brain show krebs-secrets/ovh-secrets.json > "$TMPDIR"/ovh-secrets.json + OVH_ZONE_CONFIG="$TMPDIR"/ovh-secrets.json ${pkgs.krebszones}/bin/krebszones import + ${pkgs.coreutils}/bin/rm -rf "$TMPDIR" + '') + (pkgs.writeDashBin "lassul.us" '' + TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) + ${pkgs.pass}/bin/pass show admin/ovh/api.config > "$TMPDIR"/ovh-secrets.json + OVH_ZONE_CONFIG="$TMPDIR"/ovh-secrets.json ${pkgs.ovh-zone}/bin/ovh-zone import /etc/zones/lassul.us lassul.us + ${pkgs.coreutils}/bin/rm -rf "$TMPDIR" + '') ]; #TODO: fix this shit -- cgit v1.2.3 From 8d6957c64f310b38df47da587ee1a01437bd6489 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 17:48:20 +0200 Subject: l green.r: sync .weechat --- lass/1systems/green/config.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix index 6ae157e38..3abc03c2f 100644 --- a/lass/1systems/green/config.nix +++ b/lass/1systems/green/config.nix @@ -16,12 +16,13 @@ with import ; krebs.syncthing.folders = [ { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } + { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; } ]; lass.ensure-permissions = [ { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } + { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; } ]; - #networking.nameservers = [ "1.1.1.1" ]; #time.timeZone = "Europe/Berlin"; -- cgit v1.2.3 From 2e6376fbd04000597557e69bce0c00ee0db5277e Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 17:50:47 +0200 Subject: l mors.r: sync the_playlist with prism.r --- lass/1systems/mors/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 3db29a712..706c3f58b 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -51,7 +51,7 @@ with import ; { krebs.syncthing.folders = [ { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } - { id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" ]; } + { id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" "prism" ]; } { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; } ]; lass.ensure-permissions = [ -- cgit v1.2.3 From 631bc1c48068a3649762074178f85e3024bd1736 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 18:10:23 +0200 Subject: l: add more green.r hosts --- lass/1systems/shodan/config.nix | 1 + lass/1systems/skynet/config.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 39c0791fc..7236d5e9f 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -15,6 +15,7 @@ with import ; + ]; krebs.build.host = config.krebs.hosts.shodan; diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix index 0bf3e6b4d..70787e514 100644 --- a/lass/1systems/skynet/config.nix +++ b/lass/1systems/skynet/config.nix @@ -8,6 +8,7 @@ with import ; + { services.xserver.enable = true; services.xserver.desktopManager.xfce.enable = true; -- cgit v1.2.3 From ff86e4a137ff28b0a3ef2279d7397aa81cea1c03 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 18:12:47 +0200 Subject: l shodan.r & icarus.r: decrypt via ssh --- lass/1systems/icarus/config.nix | 1 + lass/1systems/shodan/config.nix | 1 + lass/2configs/ssh-cryptsetup.nix | 17 +++++++++++++++++ 3 files changed, 19 insertions(+) create mode 100644 lass/2configs/ssh-cryptsetup.nix diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 06b1e7366..d8c8699ae 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -20,6 +20,7 @@ + ]; krebs.build.host = config.krebs.hosts.icarus; diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 7236d5e9f..5de87d790 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -16,6 +16,7 @@ with import ; + ]; krebs.build.host = config.krebs.hosts.shodan; diff --git a/lass/2configs/ssh-cryptsetup.nix b/lass/2configs/ssh-cryptsetup.nix new file mode 100644 index 000000000..c5e1c5928 --- /dev/null +++ b/lass/2configs/ssh-cryptsetup.nix @@ -0,0 +1,17 @@ +{ config, ... }: +{ + boot.initrd = { + network = { + enable = true; + ssh = { + enable = true; + authorizedKeys = with config.krebs.users; [ + config.krebs.users.lass-mors.pubkey + config.krebs.users.lass-blue.pubkey + config.krebs.users.lass-shodan.pubkey + config.krebs.users.lass-icarus.pubkey + ]; + }; + }; + }; +} -- cgit v1.2.3 From f6e73456d0a3acbd8c59fdfde2faf930ec085bf9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 19:41:33 +0200 Subject: l: add green-host.nix --- lass/2configs/green-host.nix | 83 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100644 lass/2configs/green-host.nix diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix new file mode 100644 index 000000000..860d7c113 --- /dev/null +++ b/lass/2configs/green-host.nix @@ -0,0 +1,83 @@ +{ config, lib, pkgs, ... }: +with import ; + +{ + imports = [ + + + { #hack for already defined + systemd.services."container@green".reloadIfChanged = mkForce false; + systemd.services."container@green".preStart = '' + ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q ' on /var/lib/containers/green ' + ''; + systemd.services."container@green".postStop = '' + set -x + ${pkgs.umount}/bin/umount /var/lib/containers/green + ls -la /dev/mapper/control + ${pkgs.devicemapper}/bin/dmsetup ls + ${pkgs.cryptsetup}/bin/cryptsetup -v luksClose /var/lib/sync-containers/green.img + ''; + } + ]; + + lass.ensure-permissions = [ + { folder = "/var/lib/sync-containers"; owner = "root"; group = "syncthing"; } + ]; + + krebs.syncthing.folders = [ + { path = "/var/lib/sync-containers"; peers = [ "icarus" "skynet" "littleT" "shodan" ]; } + ]; + + system.activationScripts.containerPermissions = '' + mkdir -p /var/lib/containers + chmod 711 /var/lib/containers + ''; + + containers.green = { + config = { ... }: { + environment.systemPackages = [ + pkgs.git + pkgs.rxvt_unicode.terminfo + ]; + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + ]; + }; + autoStart = false; + enableTun = true; + privateNetwork = true; + hostAddress = "10.233.2.15"; + localAddress = "10.233.2.16"; + }; + + environment.systemPackages = [ + (pkgs.writeDashBin "start-green" '' + set -fu + CONTAINER='green' + IMAGE='/var/lib/sync-containers/green.img' + + ${pkgs.cryptsetup}/bin/cryptsetup status "$CONTAINER" >/dev/null + if [ "$?" -ne 0 ]; then + ${pkgs.cryptsetup}/bin/cryptsetup luksOpen "$IMAGE" "$CONTAINER" + fi + + mkdir -p /var/lib/containers/"$CONTAINER" + + ${pkgs.mount}/bin/mount | grep -q " on /var/lib/containers/"$CONTAINER" " + if [ "$?" -ne 0 ]; then + ${pkgs.mount}/bin/mount -o sync /dev/mapper/"$CONTAINER" /var/lib/containers/"$CONTAINER" + fi + + STATE=$(${pkgs.nixos-container}/bin/nixos-container status "$CONTAINER") + if [ "$STATE" = 'down' ]; then + ${pkgs.nixos-container}/bin/nixos-container start "$CONTAINER" + fi + ping -c1 green.r + if [ "$?" -ne 0 ]; then + ${pkgs.nixos-container}/bin/nixos-container run green -- nixos-rebuild -I /var/src switch + fi + + '') + ]; +} -- cgit v1.2.3 From bfff3b0a698bd5a7ea1f90511c2578bdb4828b97 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:00:06 +0200 Subject: l: reorganize syncs --- lass/1systems/blue/config.nix | 11 ++--------- lass/1systems/green/config.nix | 12 ++---------- lass/1systems/mors/config.nix | 6 ++---- lass/2configs/sync/decsync.nix | 8 ++++++++ lass/2configs/sync/weechat.nix | 8 ++++++++ 5 files changed, 22 insertions(+), 23 deletions(-) create mode 100644 lass/2configs/sync/decsync.nix create mode 100644 lass/2configs/sync/weechat.nix diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index 43c80d52f..14f4971f7 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -9,19 +9,12 @@ with import ; + + ]; krebs.build.host = config.krebs.hosts.blue; - krebs.syncthing.folders = [ - { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } - { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; } - ]; - lass.ensure-permissions = [ - { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } - { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; } - ]; - environment.shellAliases = { deploy = pkgs.writeDash "deploy" '' set -eu diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix index 3abc03c2f..0b4b50ee4 100644 --- a/lass/1systems/green/config.nix +++ b/lass/1systems/green/config.nix @@ -8,21 +8,13 @@ with import ; - # + + ]; krebs.build.host = config.krebs.hosts.green; - krebs.syncthing.folders = [ - { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } - { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; } - ]; - lass.ensure-permissions = [ - { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } - { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; } - ]; - #networking.nameservers = [ "1.1.1.1" ]; #time.timeZone = "Europe/Berlin"; diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 706c3f58b..01410cdb6 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -26,6 +26,8 @@ with import ; + + @@ -50,14 +52,10 @@ with import ; } { krebs.syncthing.folders = [ - { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } { id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" "prism" ]; } - { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; } ]; lass.ensure-permissions = [ - { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } { folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; } - { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; } ]; } { diff --git a/lass/2configs/sync/decsync.nix b/lass/2configs/sync/decsync.nix new file mode 100644 index 000000000..94569c94d --- /dev/null +++ b/lass/2configs/sync/decsync.nix @@ -0,0 +1,8 @@ +{ + krebs.syncthing.folders = [ + { id = "decsync"; path = "/home/lass/decsync"; peers = [ "mors" "blue" "green" "phone" ]; } + ]; + lass.ensure-permissions = [ + { folder = "/home/lass/decsync"; owner = "lass"; group = "syncthing"; } + ]; +} diff --git a/lass/2configs/sync/weechat.nix b/lass/2configs/sync/weechat.nix new file mode 100644 index 000000000..d10177b1d --- /dev/null +++ b/lass/2configs/sync/weechat.nix @@ -0,0 +1,8 @@ +{ + krebs.syncthing.folders = [ + { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; } + ]; + lass.ensure-permissions = [ + { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; } + ]; +} -- cgit v1.2.3 From 23e81c6a15f1617fc9064eb13372fb7e12498ff3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:01:03 +0200 Subject: l daedalus.r: add zsnes --- lass/1systems/daedalus/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 56c9c5fba..37a1b6d4c 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -47,6 +47,7 @@ with import ; geeqie vlc minecraft + zsnes ]; nixpkgs.config.firefox.enableAdobeFlash = true; services.xserver.enable = true; -- cgit v1.2.3 From ee89afab29f40c70fc863ea1aa27f72ed0411d3d Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:01:14 +0200 Subject: l daedalus.r: remove minecraft --- lass/1systems/daedalus/config.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 37a1b6d4c..6e3df12f0 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -46,7 +46,6 @@ with import ; wine geeqie vlc - minecraft zsnes ]; nixpkgs.config.firefox.enableAdobeFlash = true; -- cgit v1.2.3 From 61da9d16449409f02509c1c2ec201f8dc7ad87b2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:01:34 +0200 Subject: l iso: fix build --- lass/1systems/iso.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix index be064bed2..a814cc6b9 100644 --- a/lass/1systems/iso.nix +++ b/lass/1systems/iso.nix @@ -6,7 +6,6 @@ with import ; - { @@ -40,9 +39,10 @@ with import ; networking.hostName = "lass-iso"; } { + nixpkgs.config.packageOverrides = import pkgs; krebs.enable = true; krebs.build.user = config.krebs.users.lass; - krebs.build.host = config.krebs.hosts.iso; + krebs.build.host = {}; } { nixpkgs.config.allowUnfree = true; @@ -174,11 +174,13 @@ with import ; user = "lass"; }; windowManager.default = "xmonad"; - windowManager.session = [{ + windowManager.session = let + xmonad-lass = pkgs.callPackage { inherit config; }; + in [{ name = "xmonad"; start = '' ${pkgs.xorg.xhost}/bin/xhost +LOCAL: - ${pkgs.xmonad-lass}/bin/xmonad & + ${xmonad-lass}/bin/xmonad & waitPID=$! ''; }]; -- cgit v1.2.3 From 9f19b5f9619688a8249c0db5fcc9aec4d2fc7fbf Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:05:20 +0200 Subject: l mors.r: add transgui to pkgs --- lass/1systems/mors/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 01410cdb6..69b931a95 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -92,6 +92,7 @@ with import ; pkgs.ovh-zone pkgs.bank pkgs.adb-sync + pkgs.transgui ]; } { -- cgit v1.2.3 From b246b8ac43c0ab552617956357cc12b36d5a18fd Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:08:14 +0200 Subject: l morpheus.r: add autologin --- lass/1systems/morpheus/config.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lass/1systems/morpheus/config.nix b/lass/1systems/morpheus/config.nix index 0d82ba611..cab267d54 100644 --- a/lass/1systems/morpheus/config.nix +++ b/lass/1systems/morpheus/config.nix @@ -30,4 +30,12 @@ with import ; ]; }; }; + + + services.xserver.desktopManager.default = "none"; + services.xserver.displayManager.lightdm.autoLogin = { + enable = true; + user = "lass"; + timeout = 5; + }; } -- cgit v1.2.3 From 40968c0129b389415bdca5647b71b3a82b1ddd15 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:10:20 +0200 Subject: l prism.r: add samba wiregrill share --- lass/1systems/prism/config.nix | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index b3b7ac0df..d7b0b701a 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -413,6 +413,42 @@ with import ; ]; }; } + { #macos mounting of yellow + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i wiregrill -p tcp --dport 139"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p tcp --dport 445"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p udp --dport 137"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p udp --dport 138"; target = "ACCEPT"; } + ]; + users.users.smbguest = { + name = "smbguest"; + uid = config.ids.uids.smbguest; + description = "smb guest user"; + home = "/home/share"; + createHome = true; + }; + services.samba = { + enable = true; + enableNmbd = true; + shares = { + download = { + path = "/var/download/finished"; + "read only" = "yes"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; + extraConfig = '' + guest account = smbguest + map to guest = bad user + # disable printing + load printers = no + printing = bsd + printcap name = /dev/null + disable spoolss = yes + ''; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; -- cgit v1.2.3 From e4c59ba54992a80671c45d38ab96f7ff0d22b900 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:11:20 +0200 Subject: l yellow.r: reduce transmission journal spam --- lass/1systems/yellow/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 8b3b2814f..cda0d0a33 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -31,6 +31,7 @@ with import ; download-dir = "/var/download/finished"; incomplete-dir = "/var/download/incoming"; incomplete-dir-enable = true; + message-level = 1; umask = "002"; rpc-whitelist-enabled = false; rpc-host-whitelist-enabled = false; -- cgit v1.2.3 From d06a5ce073133f74de8d5513d457e2c470d1eaa2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:12:01 +0200 Subject: l: add xdg-open settings --- lass/2configs/baseX.nix | 1 + lass/2configs/xdg-open.nix | 66 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+) create mode 100644 lass/2configs/xdg-open.nix diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 26d6622ae..5003d2279 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -9,6 +9,7 @@ in { ./power-action.nix ./copyq.nix ./urxvt.nix + ./xdg-open.nix { hardware.pulseaudio = { enable = true; diff --git a/lass/2configs/xdg-open.nix b/lass/2configs/xdg-open.nix new file mode 100644 index 000000000..824c36dc7 --- /dev/null +++ b/lass/2configs/xdg-open.nix @@ -0,0 +1,66 @@ +{ config, pkgs, lib, ... }: with import ; let + + xdg-open-wrapper = pkgs.writeDashBin "xdg-open" '' + /run/wrappers/bin/sudo -u lass ${xdg-open} "$@" + ''; + + xdg-open = pkgs.writeBash "xdg-open" '' + set -e + FILE="$1" + mime= + + case "$FILE" in + http://*|https://*) + mime=text/html + ;; + mailto:*) + mime=special/mailaddress + ;; + magnet:*) + mime=application/x-bittorrent + ;; + irc:*) + mime=x-scheme-handler/irc + ;; + *) + # it’s a file + + # strip possible protocol + FILE=''${FILE#file://} + mime=''$(file -E --brief --mime-type "$FILE") \ + || (echo "$mime" 1>&2; exit 1) + # ^ echo the error message of file + ;; + esac + + case "$mime" in + special/mailaddress) + urxvtc --execute vim "$FILE" ;; + ${optionalString (hasAttr "browser" config.lass) '' + text/html) + ${config.lass.browser.select}/bin/browser-select "$FILE" ;; + text/xml) + ${config.lass.browser.select}/bin/browser-select "$FILE" ;; + ''} + text/*) + urxvtc --execute vim "$FILE" ;; + image/*) + sxiv "$FILE" ;; + application/x-bittorrent) + env DISPLAY=:0 transgui "$FILE" ;; + application/pdf) + zathura "$FILE" ;; + inode/directory) + sudo -u lass -i urxvtc --execute mc "$FILE" ;; + *) + # open dmenu and ask for program to open with + $(dmenu_path | dmenu) "$FILE";; + esac + ''; +in { + environment.systemPackages = [ xdg-open-wrapper ]; + + security.sudo.extraConfig = '' + cr ALL=(lass) NOPASSWD: ${xdg-open} * + ''; +} -- cgit v1.2.3 From cc986ff84ba2893b8f68b95842b46fb65987e437 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:12:38 +0200 Subject: l: add more emails --- lass/2configs/exim-smarthost.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index aec59261c..4216bd67a 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-sma