From 7adf24631f14409208376f5554c31db73e4af0c8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Sep 2017 20:42:12 +0200 Subject: l nixpkgs: d151161 -> 670b4e2 (17.09) --- lass/source.nix | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/lass/source.nix b/lass/source.nix index 01631bef..5155a272 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -9,13 +9,8 @@ in { nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { - url = http://cgit.lassul.us/nixpkgs; - # nixos-17.03 - # + copytoram: - # 87a4615 & 334ac4f - # + acme permissions for groups - # fd7a8f1 - ref = "d151161"; + url = https://github.com/nixos/nixpkgs; + ref = "670b4e2"; }; secrets.file = getAttr builder { buildbot = toString ; -- cgit v1.2.3 From 7c1f36ca1bafb4b415a5c9423842d6bef0102813 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 26 Aug 2017 20:03:57 +0200 Subject: requests2 -> requsts --- krebs/2configs/shack/muell_caller.nix | 2 +- krebs/2configs/shack/radioactive.nix | 2 +- krebs/2configs/shack/worlddomination.nix | 2 +- krebs/5pkgs/simple/Reaktor/default.nix | 2 +- krebs/5pkgs/simple/bepasty-client-cli/default.nix | 2 +- krebs/5pkgs/simple/cac-panel/default.nix | 2 +- krebs/5pkgs/simple/treq/default.nix | 2 +- krebs/5pkgs/simple/urlwatch/default.nix | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/krebs/2configs/shack/muell_caller.nix b/krebs/2configs/shack/muell_caller.nix index 2d8d78e3..a39d0cc0 100644 --- a/krebs/2configs/shack/muell_caller.nix +++ b/krebs/2configs/shack/muell_caller.nix @@ -12,7 +12,7 @@ let buildInputs = [ (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ docopt - requests2 + requests paramiko python ])) diff --git a/krebs/2configs/shack/radioactive.nix b/krebs/2configs/shack/radioactive.nix index 378b5405..566146d6 100644 --- a/krebs/2configs/shack/radioactive.nix +++ b/krebs/2configs/shack/radioactive.nix @@ -12,7 +12,7 @@ let buildInputs = [ (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ docopt - requests2 + requests python ])) ]; diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix index d0f9f5fa..828b6cd7 100644 --- a/krebs/2configs/shack/worlddomination.nix +++ b/krebs/2configs/shack/worlddomination.nix @@ -37,7 +37,7 @@ let docopt LinkHeader aiocoap - requests2 + requests paramiko python ])) diff --git a/krebs/5pkgs/simple/Reaktor/default.nix b/krebs/5pkgs/simple/Reaktor/default.nix index fc371082..6989bb02 100644 --- a/krebs/5pkgs/simple/Reaktor/default.nix +++ b/krebs/5pkgs/simple/Reaktor/default.nix @@ -8,7 +8,7 @@ python3Packages.buildPythonPackage rec { propagatedBuildInputs = with pkgs;[ python3Packages.docopt - python3Packages.requests2 + python3Packages.requests ]; src = fetchurl { url = "https://pypi.python.org/packages/source/R/Reaktor/Reaktor-${version}.tar.gz"; diff --git a/krebs/5pkgs/simple/bepasty-client-cli/default.nix b/krebs/5pkgs/simple/bepasty-client-cli/default.nix index c58e637b..7811ef5f 100644 --- a/krebs/5pkgs/simple/bepasty-client-cli/default.nix +++ b/krebs/5pkgs/simple/bepasty-client-cli/default.nix @@ -5,7 +5,7 @@ with pythonPackages; buildPythonPackage rec { propagatedBuildInputs = [ python_magic click - requests2 + requests ]; src = fetchFromGitHub { diff --git a/krebs/5pkgs/simple/cac-panel/default.nix b/krebs/5pkgs/simple/cac-panel/default.nix index fd479953..57f58f4d 100644 --- a/krebs/5pkgs/simple/cac-panel/default.nix +++ b/krebs/5pkgs/simple/cac-panel/default.nix @@ -11,7 +11,7 @@ python3Packages.buildPythonPackage rec { propagatedBuildInputs = with python3Packages; [ docopt - requests2 + requests beautifulsoup4 ]; } diff --git a/krebs/5pkgs/simple/treq/default.nix b/krebs/5pkgs/simple/treq/default.nix index 20387b9c..7cb826a5 100644 --- a/krebs/5pkgs/simple/treq/default.nix +++ b/krebs/5pkgs/simple/treq/default.nix @@ -11,7 +11,7 @@ pythonPackages.buildPythonPackage rec { propagatedBuildInputs = with pythonPackages; [ twisted pyopenssl - requests2 + requests service-identity ]; } diff --git a/krebs/5pkgs/simple/urlwatch/default.nix b/krebs/5pkgs/simple/urlwatch/default.nix index 50955566..adaefbc4 100644 --- a/krebs/5pkgs/simple/urlwatch/default.nix +++ b/krebs/5pkgs/simple/urlwatch/default.nix @@ -13,7 +13,7 @@ python3Packages.buildPythonPackage rec { minidb pycodestyle pyyaml - requests2 + requests ]; meta = { -- cgit v1.2.3 From 1fd1ff57c82e6684702406ca32bfdca1c5785565 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Sep 2017 19:40:30 +0200 Subject: bepasty: pythonPackages.bepasty-server -> bepasty --- krebs/3modules/bepasty-server.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index 0ca13366..dd29a4e1 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -3,7 +3,7 @@ with import ; let gunicorn = pkgs.pythonPackages.gunicorn; - bepasty = pkgs.pythonPackages.bepasty-server; + bepasty = pkgs.bepasty; gevent = pkgs.pythonPackages.gevent; python = pkgs.pythonPackages.python; cfg = config.krebs.bepasty; -- cgit v1.2.3 From c0a4063c2d183ecf1cf7a1dc4e1a35f1f1be0733 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Sep 2017 21:13:53 +0200 Subject: l bepasty: forceSSL conflicts with enableSSL --- lass/2configs/bepasty.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/bepasty.nix b/lass/2configs/bepasty.nix index b2d40d4f..43647892 100644 --- a/lass/2configs/bepasty.nix +++ b/lass/2configs/bepasty.nix @@ -31,7 +31,6 @@ in { } // genAttrs ext-doms (ext-dom: { nginx = { - enableSSL = true; forceSSL = true; enableACME = true; }; -- cgit v1.2.3 From af52d7028adddabc8f21c3989ea600206fd64666 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Sep 2017 20:59:27 +0200 Subject: nixpkgs 8ed299f -> 670b4e2 (17.09) --- krebs/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/source.nix b/krebs/source.nix index 1aba3d7f..e70ee2d8 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -14,6 +14,6 @@ in stockholm.file = toString ; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "8ed299faacbf8813fc47b4fca34f32b835d6481e"; # nixos-17.03 @ 2017-09-09 + ref = "670b4e29adc16e0a29aa5b4c126703dcca56aeb6"; # nixos-17.09 @ 2017-09-18 }; } -- cgit v1.2.3 From d973c779eb71749af464edb1ed0216b0d5317eb2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Sep 2017 21:45:42 +0200 Subject: gitlab-runner: configText -> configFile --- krebs/2configs/gitlab-runner-shackspace.nix | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/krebs/2configs/gitlab-runner-shackspace.nix b/krebs/2configs/gitlab-runner-shackspace.nix index d9b4cd58..f4247b6d 100644 --- a/krebs/2configs/gitlab-runner-shackspace.nix +++ b/krebs/2configs/gitlab-runner-shackspace.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, pkgs, ... }: let url = "https://git.shackspace.de/"; # generate token from CI-token via: @@ -6,7 +6,7 @@ let ## cat /etc/gitlab-runner/config.toml token = import ; in { - systemd.services.gitlab-runner.path = [ + systemd.services.gitlab-runner.path = [ "/run/wrappers" # /run/wrappers/bin/su "/" # /bin/sh ]; @@ -16,19 +16,18 @@ in { enable = true; # configFile, configOptions and gracefulTimeout not yet in stable # gracefulTimeout = "120min"; - configText = '' - concurrent = 1 - check_interval = 0 - - [[runners]] - name = "krebs-shell" - url = "${url}" - token = "${token}" - executor = "shell" - shell = "sh" - environment = ["PATH=/bin:/run/wrappers/bin:/etc/per-user/gitlab-runner/bin:/etc/per-user-pkgs/gitlab-runner/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"] - [runners.cache] + configFile = pkgs.writeText "gitlab-runner.cfg" '' + concurrent = 1 + check_interval = 0 + [[runners]] + name = "krebs-shell" + url = "${url}" + token = "${token}" + executor = "shell" + shell = "sh" + environment = ["PATH=/bin:/run/wrappers/bin:/etc/per-user/gitlab-runner/bin:/etc/per-user-pkgs/gitlab-runner/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"] + [runners.cache] ''; }; } -- cgit v1.2.3 From c37c568baaa369b218b7e85a48e93725f2725371 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 21 Sep 2017 02:09:17 +0200 Subject: ma pkgs.beef: init (broken state) --- makefu/5pkgs/beef/Gemfile | 97 +++++++++ makefu/5pkgs/beef/Gemfile.lock | 139 ++++++++++++ makefu/5pkgs/beef/default.nix | 37 ++++ makefu/5pkgs/beef/gemset.nix | 475 +++++++++++++++++++++++++++++++++++++++++ makefu/5pkgs/beef/shell.nix | 16 ++ 5 files changed, 764 insertions(+) create mode 100644 makefu/5pkgs/beef/Gemfile create mode 100644 makefu/5pkgs/beef/Gemfile.lock create mode 100644 makefu/5pkgs/beef/default.nix create mode 100644 makefu/5pkgs/beef/gemset.nix create mode 100644 makefu/5pkgs/beef/shell.nix diff --git a/makefu/5pkgs/beef/Gemfile b/makefu/5pkgs/beef/Gemfile new file mode 100644 index 00000000..1420feff --- /dev/null +++ b/makefu/5pkgs/beef/Gemfile @@ -0,0 +1,97 @@ +# BeEF's Gemfile + +# +# Copyright (c) 2006-2017 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# + +gem 'eventmachine' +gem 'thin' +gem 'sinatra' +gem 'rack', '~> 1.6.5' +gem 'em-websocket' # WebSocket support +gem 'uglifier' +gem 'mime-types' +gem 'execjs' +gem 'ansi' +gem 'term-ansicolor', :require => 'term/ansicolor' +gem 'dm-core' +gem 'json' +gem 'data_objects' +gem 'rubyzip', '>= 1.2.1' +gem 'espeak-ruby', '>= 1.0.4' # Text-to-Voice +gem 'nokogiri', '>= 1.7' + +gem 'therubyracer' + +# SQLite support +group :sqlite do + gem 'dm-sqlite-adapter' +end + +# PostgreSQL support +group :postgres do + #gem dm-postgres-adapter +end + +# MySQL support +group :mysql do + #gem dm-mysql-adapter +end + +# Geolocation support +group :geoip do + gem 'geoip' +end + +gem 'parseconfig' +gem 'erubis' +gem 'dm-migrations' + +# Metasploit Integration extension +group :ext_msf do + gem 'msfrpc-client' +end + +# Twitter Notifications extension +group :ext_twitter do + #gem 'twitter', '>= 5.0.0' +end + +# DNS extension +group :ext_dns do + gem 'rubydns', '~> 0.7.3' +end + +# network extension +group :ext_network do + gem 'dm-serializer' +end + +# QRcode extension +group :ext_qrcode do + gem 'qr4r' +end + +# For running unit tests +group :test do +if ENV['BEEF_TEST'] + gem 'rake' + gem 'test-unit' + gem 'test-unit-full' + gem 'curb' + gem 'selenium' + gem 'selenium-webdriver' + gem 'rspec' + gem 'bundler-audit' + # nokogirl is needed by capybara which may require one of the below commands + # sudo apt-get install libxslt-dev libxml2-dev + # sudo port install libxml2 libxslt + gem 'capybara' + # RESTful API tests/generic command module tests + gem 'rest-client', '>= 2.0.1' +end +end + +source 'https://rubygems.org' diff --git a/makefu/5pkgs/beef/Gemfile.lock b/makefu/5pkgs/beef/Gemfile.lock new file mode 100644 index 00000000..d2e6ad45 --- /dev/null +++ b/makefu/5pkgs/beef/Gemfile.lock @@ -0,0 +1,139 @@ +GEM + remote: https://rubygems.org/ + specs: + addressable (2.5.2) + public_suffix (>= 2.0.2, < 4.0) + ansi (1.5.0) + chunky_png (1.3.8) + daemons (1.2.4) + data_objects (0.10.17) + addressable (~> 2.1) + dm-core (1.2.1) + addressable (~> 2.3) + dm-do-adapter (1.2.0) + data_objects (~> 0.10.6) + dm-core (~> 1.2.0) + dm-migrations (1.2.0) + dm-core (~> 1.2.0) + dm-serializer (1.2.2) + dm-core (~> 1.2.0) + fastercsv (~> 1.5) + json (~> 1.6) + json_pure (~> 1.6) + multi_json (~> 1.0) + dm-sqlite-adapter (1.2.0) + dm-do-adapter (~> 1.2.0) + do_sqlite3 (~> 0.10.6) + do_sqlite3 (0.10.17) + data_objects (= 0.10.17) + em-websocket (0.5.1) + eventmachine (>= 0.12.9) + http_parser.rb (~> 0.6.0) + erubis (2.7.0) + espeak-ruby (1.0.4) + eventmachine (1.0.9.1) + execjs (2.7.0) + fastercsv (1.5.5) + filesize (0.1.1) + geoip (1.6.3) + http_parser.rb (0.6.0) + jsobfu (0.4.2) + rkelly-remix + json (1.8.6) + json_pure (1.8.6) + libv8 (3.16.14.19) + metasm (1.0.3) + mime-types (3.1) + mime-types-data (~> 3.2015) + mime-types-data (3.2016.0521) + mini_portile2 (2.3.0) + mojo_magick (0.5.6) + msfrpc-client (1.1.1) + msgpack (~> 1) + rex (~> 2) + msgpack (1.1.0) + multi_json (1.12.2) + nokogiri (1.8.1) + mini_portile2 (~> 2.3.0) + parseconfig (1.0.8) + public_suffix (3.0.0) + qr4r (0.4.1) + mojo_magick + rqrcode + rack (1.6.8) + rack-protection (1.5.3) + rack + rainbow (2.2.2) + rake + rake (12.1.0) + rb-readline (0.5.5) + ref (2.0.0) + rex (2.0.11) + filesize + jsobfu (~> 0.4.1) + json + metasm (~> 1.0.2) + nokogiri + rb-readline + robots + rexec (1.6.3) + rainbow + rkelly-remix (0.0.7) + robots (0.10.1) + rqrcode (0.10.1) + chunky_png (~> 1.0) + rubydns (0.7.3) + eventmachine (~> 1.0.0) + rexec (~> 1.6.2) + rubyzip (1.2.1) + sinatra (1.4.8) + rack (~> 1.5) + rack-protection (~> 1.4) + tilt (>= 1.3, < 3) + term-ansicolor (1.6.0) + tins (~> 1.0) + therubyracer (0.12.3) + libv8 (~> 3.16.14.15) + ref + thin (1.7.2) + daemons (~> 1.0, >= 1.0.9) + eventmachine (~> 1.0, >= 1.0.4) + rack (>= 1, < 3) + tilt (2.0.8) + tins (1.15.0) + uglifier (3.2.0) + execjs (>= 0.3.0, < 3) + +PLATFORMS + ruby + +DEPENDENCIES + ansi + data_objects + dm-core + dm-migrations + dm-serializer + dm-sqlite-adapter + em-websocket + erubis + espeak-ruby (>= 1.0.4) + eventmachine + execjs + geoip + json + mime-types + msfrpc-client + nokogiri (>= 1.7) + parseconfig + qr4r + rack (~> 1.6.5) + rubydns (~> 0.7.3) + rubyzip (>= 1.2.1) + sinatra + term-ansicolor + therubyracer + thin + uglifier + +BUNDLED WITH + 1.15.4 diff --git a/makefu/5pkgs/beef/default.nix b/makefu/5pkgs/beef/default.nix new file mode 100644 index 00000000..82540cde --- /dev/null +++ b/makefu/5pkgs/beef/default.nix @@ -0,0 +1,37 @@ +{ stdenv, bundlerEnv, ruby, fetchFromGitHub }: +# nix-shell --command "bundler install && bundix" in the clone, copy gemset.nix, Gemfile and Gemfile.lock +let + gems = bundlerEnv { + name = "beef-env"; + inherit ruby; + gemdir = ./.; + }; +in stdenv.mkDerivation { + name = "beef-2017-09-21"; + src = fetchFromGitHub { + owner = "beefproject"; + repo = "beef"; + rev = "69aa2a3"; + sha256 = "1rky61i0wzpwcq3kqfa0m5hf6wyz8q8jgzs7dpfh04w9qh32ic4p"; + }; + buildInputs = [gems ruby]; + installPhase = '' + mkdir -p $out/{bin,share/beef} + + cp -r * $out/share/beef + # set the default db path, unfortunately setting to /tmp does not seem to work + # sed -i 's#db_file: .*#db_file: "/tmp/beef.db"#' $out/share/beef/config.yaml + + bin=$out/bin/beef + cat > $bin < {}; +stdenv.mkDerivation { + name = "env"; + buildInputs = [ + ruby.devEnv + git + sqlite + libpcap + postgresql + libxml2 + libxslt + pkgconfig + bundix + ]; +} -- cgit v1.2.3 From d2c388ce3928764a78e4158162cb64ce3b5e43ce Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 21 Sep 2017 20:59:38 +0200 Subject: iana-etc module: init --- krebs/3modules/default.nix | 1 + krebs/3modules/iana-etc.nix | 55 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+) create mode 100644 krebs/3modules/iana-etc.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 42df3f05..48cf7971 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -24,6 +24,7 @@ let ./go.nix ./hidden-ssh.nix ./htgen.nix + ./iana-etc.nix ./iptables.nix ./kapacitor.nix ./monit.nix diff --git a/krebs/3modules/iana-etc.nix b/krebs/3modules/iana-etc.nix new file mode 100644 index 00000000..f6d47f27 --- /dev/null +++ b/krebs/3modules/iana-etc.nix @@ -0,0 +1,55 @@ +with import ; +{ config, pkgs, ... }: { + + options.krebs.iana-etc.services = mkOption { + default = {}; + type = types.attrsOf (types.submodule ({ config, ... }: { + options = { + port = mkOption { + default = config._module.args.name; + type = types.addCheck types.str (test "[1-9][0-9]*"); + }; + } // genAttrs ["tcp" "udp"] (protocol: mkOption { + default = null; + type = types.nullOr (types.submodule { + options = { + name = mkOption { + type = types.str; + }; + }; + }); + }); + })); + }; + + config.environment.etc = mkIf (config.krebs.iana-etc.services != {}) { + services.source = mkForce (pkgs.runCommand "krebs-iana-etc" {} '' + exec < ${pkgs.iana_etc}/etc/services + exec > $out + awk -F '[ /]+' ' + BEGIN { + port=0 + } + ${concatMapStringsSep "\n" (entry: '' + $2 == ${entry.port} { + port=$2 + next + } + port == ${entry.port} { + ${concatMapStringsSep "\n" + (proto: let + s = "${entry.${proto}.name} ${entry.port}/${proto}"; + in + "print ${toJSON s}") + (filter (proto: entry.${proto} != null) ["tcp" "udp"])} + port=0 + } + '') (attrValues config.krebs.iana-etc.services)} + { + print $0 + } + ' + ''); + }; + +} -- cgit v1.2.3 From 43b891ef00b10a4aa574e77b58773b0f2e7d15b4 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 21 Sep 2017 21:06:38 +0200 Subject: tv modules: s/_:// --- tv/3modules/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix index 57ffbfab..493cc8b7 100644 --- a/tv/3modules/default.nix +++ b/tv/3modules/default.nix @@ -1,5 +1,3 @@ -_: - { imports = [ ./charybdis -- cgit v1.2.3 From 79df0635690a7e8457b3d4fa509be75b8f344146 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 21 Sep 2017 21:08:34 +0200 Subject: shell: inline utils.deploy --- shell.nix | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/shell.nix b/shell.nix index 4b8abed5..c9b197a2 100644 --- a/shell.nix +++ b/shell.nix @@ -22,7 +22,12 @@ let . ${init.env} . ${init.proxy opts} - exec ${utils.deploy} + # Use system's nixos-rebuild, which is not self-contained + export PATH=/run/current-system/sw/bin + exec ${utils.with-whatsupnix} \ + nixos-rebuild switch \ + --show-trace \ + -I "$target_path" ''); cmds.install = pkgs.withGetopt { @@ -205,16 +210,6 @@ let -I "$target_path" \ ''; - utils.deploy = pkgs.writeDash "utils.deploy" '' - set -efu - # Use system's nixos-rebuild, which is not self-contained - export PATH=/run/current-system/sw/bin - ${utils.with-whatsupnix} \ - nixos-rebuild switch \ - --show-trace \ - -I "$target_path" - ''; - utils.with-whatsupnix = pkgs.writeDash "utils.with-whatsupnix" '' set -efu if \test "$quiet" = true; then -- cgit v1.2.3 From ea0b2cca51106bc7e92f36017bb3dc3ecdcc085e Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 22 Sep 2017 00:18:15 +0200 Subject: git-preview: init --- krebs/5pkgs/simple/git-preview.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 krebs/5pkgs/simple/git-preview.nix diff --git a/krebs/5pkgs/simple/git-preview.nix b/krebs/5pkgs/simple/git-preview.nix new file mode 100644 index 00000000..d6c9579a --- /dev/null +++ b/krebs/5pkgs/simple/git-preview.nix @@ -0,0 +1,17 @@ +{ coreutils, git, writeDashBin }: + +writeDashBin "git-preview" '' + set -efu + head_commit=$(${git}/bin/git log -1 --format=%H) + merge_commit=$1; shift + merge_message='Merge for git-preview' + preview_dir=$(${coreutils}/bin/mktemp --tmpdir -d git-preview.XXXXXXXX) + preview_branch=$(${coreutils}/bin/basename "$preview_dir") + ${git}/bin/git worktree add -b "$preview_branch" "$preview_dir" >/dev/null + ${git}/bin/git -C "$preview_dir" checkout "$head_commit" + ${git}/bin/git -C "$preview_dir" merge -m "$merge_message" "$merge_commit" + ${git}/bin/git -C "$preview_dir" diff "$head_commit.." "$@" & + ${git}/bin/git branch -fd "$preview_branch" + ${coreutils}/bin/rm -fR "$preview_dir" + wait +'' -- cgit v1.2.3 From aa8f67903971b2786608567e63f168826122d14e Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 23 Sep 2017 15:23:15 +0200 Subject: ma urlwatch: add sqlalchemy_migrate --- makefu/2configs/urlwatch/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix index 47b5d7fc..1434f1bf 100644 --- a/makefu/2configs/urlwatch/default.nix +++ b/makefu/2configs/urlwatch/default.nix @@ -24,8 +24,10 @@ in { # pypi https://pypi.python.org/simple/bepasty/ - https://pypi.python.org/simple/xstatic/ https://pypi.python.org/simple/devpi-client/ + https://pypi.python.org/simple/oslo.config/ + https://pypi.python.org/simple/sqlalchemy_migrate/ + https://pypi.python.org/simple/xstatic/ # weird shit http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/ http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/ -- cgit v1.2.3 From bbced2ea622d97aa14f8b9bf6a75748d7d51da53 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 25 Sep 2017 12:00:29 +0200 Subject: mv nixpkgs: 56da88a -> 3d04a55 --- mv/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mv/source.nix b/mv/source.nix index aa2b13fd..5dea13e7 100644 --- a/mv/source.nix +++ b/mv/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/mv/1systems/${name}/config.nix"; nixpkgs.git = { # nixos-17.03 - ref = mkDefault "56da88a298a6f549701a10bb12072804a1ebfbd5"; + ref = mkDefault "3d04a557b72aa0987d9bf079e1445280b6bfd907"; url = https://github.com/NixOS/nixpkgs; }; secrets.file = getAttr builder { -- cgit v1.2.3 From 1514a6502dfeed739a4752652ca5437222110375 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 26 Sep 2017 00:22:53 +0200 Subject: puyak.r: enable fan control --- krebs/1systems/puyak/config.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 978bd18e..cca8850f 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -65,7 +65,12 @@ ''; environment.systemPackages = [ pkgs.zsh ]; - boot.kernelModules = [ "kvm-intel" ]; + boot = { + kernelModules = [ "kvm-intel" ]; + extraModprobeConfig = '' + options thinkpad_acpi fan_control=1 + ''; + } users.users.joerg = { openssh.authorizedKeys.keys = [ config.krebs.users.Mic92.pubkey ]; isNormalUser = true; -- cgit v1.2.3 From f1d2f346a3c1bf9df0dda32a5b797169dcb88620 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 26 Sep 2017 00:24:30 +0200 Subject: puyak.r: fan speed to 11 --- krebs/1systems/puyak/config.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index cca8850f..444bf383 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -71,6 +71,10 @@ options thinkpad_acpi fan_control=1 ''; } + + system.activationScripts."disengage fancontrol" = '' + echo level disengaged > /proc/acpi/ibm/fan + ''; users.users.joerg = { openssh.authorizedKeys.keys = [ config.krebs.users.Mic92.pubkey ]; isNormalUser = true; -- cgit v1.2.3 From 18d0d7df819a82c97965cc6ab5756f0a7894f081 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 27 Sep 2017 00:03:50 +0200 Subject: ma pkgs.drozer: remove dots --- makefu/5pkgs/drozer/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/5pkgs/drozer/default.nix b/makefu/5pkgs/drozer/default.nix index f91d5b98..885777be 100644 --- a/makefu/5pkgs/drozer/default.nix +++ b/makefu/5pkgs/drozer/default.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, fetchFromGitHub, pythonPackages, jre7, jdk7, ... }: +{ pkgs, lib, fetchFromGitHub, pythonPackages, jre7, jdk7 }: pythonPackages.buildPythonApplication rec { name = "drozer-${version}"; -- cgit v1.2.3 From ba907218ef263c3f0653ceac657796389709bc12 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 00:16:36 +0200 Subject: ma pkgs.esptool: 2.0 -> 2.1 --- makefu/5pkgs/esptool/default.nix | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/makefu/5pkgs/esptool/default.nix b/makefu/5pkgs/esptool/default.nix index 84bb232c..4e0d29e1 100644 --- a/makefu/5pkgs/esptool/default.nix +++ b/makefu/5pkgs/esptool/default.nix @@ -13,20 +13,19 @@ let doCheck = false; }; in -buildPythonPackage rec { - name = "esptool-${version}"; - version = "2.0beta2"; + buildPythonPackage rec { + name = "${pname}-${version}"; + pname = "esptool"; + version = "2.1"; propagatedBuildInputs = [ pyserial flake8 ecdsa pyaes ]; - src = fetchFromGitHub { - owner = "themadinventor"; - repo = "esptool"; - rev = "v${version}"; - sha256 = "0n96pyi1k4qlyfqk5k7xpgq8726wz74qvd3gqjg0bpsl3wr7l94i"; + src = fetchPypi { + inherit pname version; + sha256 = "08g393fiqhanixzjbs54pqr6xk1a4dsfaddw7gdwfvp3kvwdn2fp"; }; doCheck = false; -} + } -- cgit v1.2.3 From f7b367e96d5ed1ee76b1f9d048a7915e3da4e653 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 10:04:56 +0200 Subject: ma udpt,esptool: now in upstream --- makefu/5pkgs/esptool/default.nix | 31 ------------------------------- makefu/5pkgs/udpt/default.nix | 29 ----------------------------- 2 files changed, 60 deletions(-) delete mode 100644 makefu/5pkgs/esptool/default.nix delete mode 100644 makefu/5pkgs/udpt/default.nix diff --git a/makefu/5pkgs/esptool/default.nix b/makefu/5pkgs/esptool/default.nix deleted file mode 100644 index 4e0d29e1..00000000 --- a/makefu/5pkgs/esptool/default.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ pkgs, fetchFromGitHub, ... }: -with pkgs.python2Packages; -let - pyaes = buildPythonPackage rec { - name = "pyaes-${version}"; - version = "1.6.0"; - src = fetchFromGitHub { - owner = "ricmoo"; - repo = "pyaes"; - rev = "v${version}"; - sha256 = "04934a9zgwc8g3qhfrkcfv0bs557paigllnkrnfhp9m1azr3bfqb"; - }; - doCheck = false; - }; -in - buildPythonPackage rec { - name = "${pname}-${version}"; - pname = "esptool"; - version = "2.1"; - propagatedBuildInputs = [ - pyserial - flake8 - ecdsa - pyaes - ]; - src = fetchPypi { - inherit pname version; - sha256 = "08g393fiqhanixzjbs54pqr6xk1a4dsfaddw7gdwfvp3kvwdn2fp"; - }; - doCheck = false; - } diff --git a/makefu/5pkgs/udpt/default.nix b/makefu/5pkgs/udpt/default.nix deleted file mode 100644 index 99bcac18..00000000 --- a/makefu/5pkgs/udpt/default.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ stdenv, boost, sqlite, fetchFromGitHub }: - -stdenv.mkDerivation rec { - proj = "udpt"; - name = "udpt-${rev}"; - rev = "0790558"; - - enableParallelBuilding = true; - - src = fetchFromGitHub { - owner = "naim94a"; - repo = "udpt"; - inherit rev; - sha256 = "0rgkjwvnqwbnqy7pm3dk176d3plb5lypaf12533yr0yfzcp6gnzk"; - }; - buildInputs = [ boost sqlite ]; - installPhase = '' - mkdir -p $out/bin $out/etc/ - cp udpt $out/bin - cp udpt.conf $out/etc/ - ''; - meta = { - description = "udp tracker"; - homepage = https://github.com/naim94a/udpt; - license = stdenv.lib.licenses.gpl3; - platforms = stdenv.lib.platforms.linux; - maintainers = with stdenv.lib.maintainers; [ makefu ]; - }; -} -- cgit v1.2.3 From 9d9e9bc3d8087974370e3d62bc05d2332b2efab2 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 14:59:56 +0200 Subject: ma urlwatch: add pyserial,semantic_version --- makefu/2configs/urlwatch/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix index 1434f1bf..2eecd642 100644 --- a/makefu/2configs/urlwatch/default.nix +++ b/makefu/2configs/urlwatch/default.nix @@ -28,6 +28,8 @@ in { https://pypi.python.org/simple/oslo.config/ https://pypi.python.org/simple/sqlalchemy_migrate/ https://pypi.python.org/simple/xstatic/ + https://pypi.python.org/simple/pyserial/ + https://pypi.python.org/simple/semantic_version/ # weird shit http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/ http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/ -- cgit v1.2.3 From 37951eed3dd7806f73c40c47ec9cd047ad76c15d Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 29 Sep 2017 20:05:13 +0200 Subject: hw/x220: enable opengl --- krebs/2configs/hw/x220.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix index c85bac0d..44743b87 100644 --- a/krebs/2configs/hw/x220.nix +++ b/krebs/2configs/hw/x220.nix @@ -8,6 +8,8 @@ with import ; hardware.cpu.intel.updateMicrocode = true; + hardware.opengl.enable = true; + services.tlp.enable = true; boot = { -- cgit v1.2.3 From 7db4c634fc266d25ac80f2545c6c77d5b4d28708 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:29:26 +0200 Subject: ma latte.r: init --- krebs/3modules/makefu/default.nix | 33 ++++++++++++++++++++++++ makefu/1systems/latte/config.nix | 53 +++++++++++++++++++++++++++++++++++++++ makefu/1systems/latte/source.nix | 3 +++ 3 files changed, 89 insertions(+) create mode 100644 makefu/1systems/latte/config.nix create mode 100644 makefu/1systems/latte/source.nix diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 6e0e876b..a34c8cd9 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -78,6 +78,37 @@ with import ; }; }; }; + latte = rec { + ci = true; + cores = 1; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte"; + nets = { + internet = { + ip4.addr = "185.215.224.160"; + aliases = [ + "latte.i" + ]; + }; + retiolum = { + ip4.addr = "10.243.80.249"; + ip6.addr = "42:ecb0:376:b37d:cf47:1ecf:f32b:a3b9"; + aliases = [ + "latte.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAx70gmNoP4RYeF3ShddEMsbNad9L5ezegwxJTZA7XTfF+/cwr/QwU + 5BL0QXTwBnKzS0gun5NXmhwPzvOdvfczAxtJLk8/NjVHFeE39CiTHGgIxkZFgnbo + r2Rj6jJb89ZPaTr+hl0+0WQQVpl9NI7MTCUimvFBaD6IPmBh5wTySu6mYBs0mqmf + 43RrvS42ieqQJAvVPkIzxxJeTS/M3NXmjbJ3bdx/2Yzd7INdfPkMhOONHcQhTKS4 + GSXJRTytLYZEah8lp8F4ONggN6ixlhlcQAotToFP4s8c+KqYfIZrtP+pRj7W72Y6 + vhnobLDJwBbAsW1RQ6FHcw10TrP2H+haewIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; pnp = { ci = true; @@ -460,6 +491,8 @@ with import ; ''; }; }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr"; }; gum = rec { diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix new file mode 100644 index 00000000..d532f216 --- /dev/null +++ b/makefu/1systems/latte/config.nix @@ -0,0 +1,53 @@ +{ config, pkgs, ... }: +let + + # external-ip = config.krebs.build.host.nets.internet.ip4.addr; + # internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; + # default-gw = "185.215.224.1"; + # prefixLength = 24; + # external-mac = "46:5b:fc:f4:44:c9"; + # ext-if = "et0"; +in { + + imports = [ + + # configure your hw: + + + + + # Security + + + + # Tools + + + + # Services + + + ]; + krebs = { + enable = true; + build.host = config.krebs.hosts.latte; + }; + boot.initrd.availableKernelModules = [ "ata_piix" "ehci_pci" "virtio_pci" "virtio_blk" "virtio_net" "virtio_scsi" ]; + + boot.loader.grub.device = "/dev/vda"; + boot.loader.grub.copyKernels = true; + fileSystems."/" = { + device = "/dev/vda1"; + fsType = "ext4"; + }; + networking = { + firewall = { + allowPing = true; + logRefusedConnections = false; + allowedTCPPorts = [ ]; + allowedUDPPorts = [ 655 ]; + }; + # network interface receives dhcp address + nameservers = [ "8.8.8.8" ]; + }; +} diff --git a/makefu/1systems/latte/source.nix b/makefu/1systems/latte/source.nix new file mode 100644 index 00000000..d997fb3f --- /dev/null +++ b/makefu/1systems/latte/source.nix @@ -0,0 +1,3 @@ +import { + name="latte"; +} -- cgit v1.2.3 From d52d28d5d9e96d167490b45e7c96c668d86451c7 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:30:09 +0200 Subject: ma source: bump rev --- makefu/source.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/makefu/source.nix b/makefu/source.nix index fdd367cb..1a5d4a5d 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -11,10 +11,13 @@ let then "buildbot" else "makefu"; _file = + "/makefu/1systems/${name}/source.nix"; - ref = "c91346e"; # unstable @ 2017-09-04 - # + graceful requests2 (a772c3aa) - # + mitmproxy fix (eee2d174) + ref = "46cfb36"; # unstable @ 2017-09-04 + # + graceful requests2 (a772c3a) + # + mitmproxy fix (eee2d17) # + tpm-tools fix (5cb9987) + # + dnscrypt-wrapper (25703c3) + # + lass wvstream fix (76f4910,37cc2bc,0d48837) + # + ruby stuff (2f0b17e4be9,55a952be5b5) in evalSource (toString _file) [ -- cgit v1.2.3 From 1e635e4d49ba73e83ce09e25f1f11343f1eb8fc9 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:30:28 +0200 Subject: ma remote-build: init config --- makefu/2configs/remote-build/master.nix | 14 ++++++++++++++ makefu/2configs/remote-build/slave.nix | 11 +++++++++++ 2 files changed, 25 insertions(+) create mode 100644 makefu/2configs/remote-build/master.nix create mode 100644 makefu/2configs/remote-build/slave.nix diff --git a/makefu/2configs/remote-build/master.nix b/makefu/2configs/remote-build/master.nix new file mode 100644 index 00000000..4ad2c5ed --- /dev/null +++ b/makefu/2configs/remote-build/master.nix @@ -0,0 +1,14 @@ +{ pkgs, ...}: +let + sshKey = (toString ) + "/id_nixBuild"; +in { + nix.distributedBuilds = true; + # TODO: iterate over krebs.hosts + nix.buildMachines = map ( hostName: + { inherit hostName sshKey; + sshUser = "nixBuild"; + system = "x86_64-linux"; + maxJobs = 1; + }) [ "omo.r" "gum.r" "latte.r" ]; + # puyak.r "wbob.r" +} diff --git a/makefu/2configs/remote-build/slave.nix b/makefu/2configs/remote-build/slave.nix new file mode 100644 index 00000000..b6e000a3 --- /dev/null +++ b/makefu/2configs/remote-build/slave.nix @@ -0,0 +1,11 @@ +{ + nix.trustedUsers = [ "nixBuild" ]; + users.users.nixBuild = { + name = "nixBuild"; + useDefaultShell = true; + # TODO: put this somewhere else + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild" + ]; + }; +} -- cgit v1.2.3 From d0d8d1bb645e28803b43e4e902141d3a4a858ecf Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:30:55 +0200 Subject: ma modules.wvdial: remove (cherry-picked module from lass --- makefu/3modules/default.nix | 1 - makefu/3modules/wvdial.nix | 70 --------------------------------------------- 2 files changed, 71 deletions(-) delete mode 100644 makefu/3modules/wvdial.nix diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index af0e81df..00df56be 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -15,7 +15,6 @@ _: ./torrent.nix ./udpt.nix ./umts.nix - ./wvdial.nix ]; } diff --git a/makefu/3modules/wvdial.nix b/makefu/3modules/wvdial.nix deleted file mode 100644 index 982f4a7d..00000000 --- a/makefu/3modules/wvdial.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ config, lib, pkgs, ... }: -# from 17.03/nixos/modules/programs/wvdial.nix - -with lib; - -let - - configFile = '' - [Dialer Defaults] - PPPD PATH = ${pkgs.ppp}/sbin/pppd - ${config.environment.wvdial.dialerDefaults} - ''; - - cfg = config.environment.wvdial; - -in -{ - ###### interface - - options = { - - environment.wvdial = { - - dialerDefaults = mkOption { - default = ""; - type = types.str; - example = ''Init1 = AT+CGDCONT=1,"IP","internet.t-mobile"''; - description = '' - Contents of the "Dialer Defaults" section of - /etc/wvdial.conf. - ''; - }; - - pppDefaults = mkOption { - default = '' - noipdefault - usepeerdns - defaultroute - persist - noauth - ''; - type = types.str; - description = "Default ppp settings for wvdial."; - }; - - }; - - }; - - ###### implementation - - config = mkIf (cfg.dialerDefaults != "") { - - environment = { - - etc = - [ - { source = pkgs.writeText "wvdial.conf" configFile; - target = "wvdial.conf"; - } - { source = pkgs.writeText "wvdial" cfg.pppDefaults; - target = "ppp/peers/wvdial"; - } - ]; - - }; - - }; - -} -- cgit v1.2.3 From 4875a39aebc2e430bff85e0cb07d76f8d8f77763 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:32:01 +0200 Subject: ma vpn/openvpn-server: retab --- makefu/2configs/vpn/openvpn-server.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/makefu/2configs/vpn/openvpn-server.nix b/makefu/2configs/vpn/openvpn-server.nix index 1e7edbf7..79754264 100644 --- a/makefu/2configs/vpn/openvpn-server.nix +++ b/makefu/2configs/vpn/openvpn-server.nix @@ -1,13 +1,13 @@ { config, pkgs, ... }: let - out-itf = config.makefu.server.primary-itf; - # generate via openvpn --genkey --secret static.key - client-key = (toString ) + "/openvpn-laptop.key"; + out-itf = config.makefu.server.primary-itf; + # generate via openvpn --genkey --secret static.key + client-key = (toString ) + "/openvpn-laptop.key"; # domain = "vpn.euer.krebsco.de"; domain = "gum.krebsco.de"; dev = "tun0"; port = 1194; - tcp-port = 3306; + tcp-port = 3306; in { boot.kernel.sysctl."net.ipv4.ip_forward" = 1; networking.nat = { -- cgit v1.2.3 From c83e5ad0d5588e733b860daf3506ae44482020bc Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:33:50 +0200 Subject: ma vim: add remarks about vim-nix --- makefu/2configs/vim.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/vim.nix b/makefu/2configs/vim.nix index 9f3a5971..43d362ed 100644 --- a/makefu/2configs/vim.nix +++ b/makefu/2configs/vim.nix @@ -127,6 +127,7 @@ in { { names = [ "undotree" # "YouCompleteMe" "vim-better-whitespace" ]; } + # vim-nix handles indentation better but does not perform sanity { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } ]; -- cgit v1.2.3 From 8962c8f1fc8c37d5f5f55bb2394f8f6e673a87f8 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:34:12 +0200 Subject: ma tools/steam: install steam for makefu, not all users --- makefu/2configs/tools/steam.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/tools/steam.nix b/makefu/2configs/tools/steam.nix index dbe51270..200ea471 100644 --- a/makefu/2configs/tools/steam.nix +++ b/makefu/2configs/tools/steam.nix @@ -1,6 +1,6 @@ {pkgs, ...}: { - environment.systemPackages = [ + users.users.makefu.packages = [ (pkgs.steam.override { newStdcpp = true; }) -- cgit v1.2.3 From ff5e7c0dcb7d102c9881212a3286faa7412e97d0 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:34:38 +0200 Subject: ma stats/server: announce errors into #noise --- makefu/2configs/stats/server.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/stats/server.nix b/makefu/2configs/stats/server.nix index 8f993565..bb91b447 100644 --- a/makefu/2configs/stats/server.nix +++ b/makefu/2configs/stats/server.nix @@ -2,6 +2,8 @@ with import ; let + irc-server = "ni.r"; + irc-nick = "m-alarm"; collectd-port = 25826; influx-port = 8086; grafana-port = 3000; # TODO nginx forward @@ -37,9 +39,9 @@ in { echoToIrc = pkgs.writeDash "echo_irc" '' set -euf data="$(${pkgs.jq}/bin/jq -r .message)" - export LOGNAME=malarm + export LOGNAME=${irc-nick} ${pkgs.irc-announce}/bin/irc-announce \ - irc.freenode.org 6667 malarm \#krebs-bots "$data" >/dev/null + ${irc-server} 6667 ${irc-nick} \#noise "$data" >/dev/null ''; in { enable = true; -- cgit v1.2.3 From e1fb8de2d0facadc57f17e052fc7809b3993c28e Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:35:17 +0200 Subject: ma gui: do not run pulseaudio system-wide required for pacmd --- makefu/2configs/gui/base.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/gui/base.nix b/makefu/2configs/gui/base.nix index 0247010b..daa0282b 100644 --- a/makefu/2configs/gui/base.nix +++ b/makefu/2configs/gui/base.nix @@ -58,7 +58,7 @@ in hardware.pulseaudio = { enable = true; - systemWide = true; + # systemWide = true; }; services.xserver.displayManager.sessionCommands = let xdefaultsfile = pkgs.writeText "Xdefaults" '' -- cgit v1.2.3 From a4ffb72c5ccb7e81c9aa60125aeb71f16644ef47 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:35:35 +0200 Subject: ma git: init europastats --- makefu/2configs/git/cgit-retiolum.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 30c0b0b8..5604383e 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -24,6 +24,7 @@ let cac-api = { }; euer_blog = { }; ampel = { }; + europastats = { }; init-stockholm = { cgit.desc = "Init stuff for stockholm"; }; -- cgit v1.2.3 From 00bdcff9012b0369c1c2cb22e4cacbdf50d20b72 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:36:01 +0200 Subject: ma led-fader: wait for mosquitto --- makefu/2configs/deployment/led-fader.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/deployment/led-fader.nix b/makefu/2configs/deployment/led-fader.nix index 678370c6..4c17a1d5 100644 --- a/makefu/2configs/deployment/led-fader.nix +++ b/makefu/2configs/deployment/led-fader.nix @@ -29,11 +29,11 @@ in { environment = { NIX_PATH = "/var/src"; }; - # after = [ (lib.optional config.services.mosqitto.enable "mosquitto.service") ]; + after = [ "network-online.target" ] ++ (lib.optional config.services.mosquitto.enable "mosquitto.service"); wantedBy = [ "multi-user.target" ]; - after = [ "network-online.target" ]; serviceConfig = { # User = "nobody"; # need a user with permissions to run nix-shell + ExecStartPre = pkgs.writeDash "sleep.sh" "sleep 2"; ExecStart = "${pkg}/bin/ampel 4 ${pkg}/share/times.json"; PrivateTmp = true; }; -- cgit v1.2.3 From e2a8aab44294584d185b6501cede7857c0529d36 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:37:24 +0200 Subject: ma: enable remote-build on gum,omo - x is master --- makefu/1systems/gum/config.nix | 8 +++++++- makefu/1systems/omo/config.nix | 2 ++ makefu/1systems/x/config.nix | 1 + 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 2f288e70..e1357ff0 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -40,10 +40,11 @@ in { # services - # + + ## Web @@ -74,6 +75,9 @@ in { # + # Temporary: + + ]; makefu.dl-dir = "/var/download"; @@ -143,6 +147,8 @@ in { 53589 # temp vnc 18001 + # temp reverseshell + 31337 ]; allowedUDPPorts = [ # tinc diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 32cd3f90..a22ff10b 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -65,6 +65,8 @@ in { # services + + # security diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 892eb109..443f912d 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -57,6 +57,7 @@ with import ; # + # Hardware -- cgit v1.2.3 From aa273ee8802c7de6283e0bea2a7624bf099d251d Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:38:08 +0200 Subject: ma wbob: enable extended logging --- makefu/1systems/wbob/config.nix | 106 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 104 insertions(+), 2 deletions(-) diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index b776b49d..3a53b70c 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -25,7 +25,9 @@ in { # # - ]; + # Services + + ]; krebs = { enable = true; @@ -33,10 +35,48 @@ in { }; swapDevices = [ { device = "/var/swap"; } ]; + services.collectd.extraConfig = lib.mkAfter '' + #LoadPlugin ping + # does not work because it requires privileges + # + # Host "google.de" + # Host "heise.de" + # + + LoadPlugin curl + + TotalTime true + NamelookupTime true + ConnectTime true + + + MeasureResponseTime true + MeasureResponseCode true + URL "https://google.de" + + + + MeasureResponseTime true + MeasureResponseCode true + URL "http://web.de" + + + + #LoadPlugin netlink + # + # Interface "enp0s25" + # Interface "wlp2s0" + # IgnoreSelected false + # + ''; networking.firewall.allowedUDPPorts = [ 655 ]; - networking.firewall.allowedTCPPorts = [ 655 49152 ]; + networking.firewall.allowedTCPPorts = [ + 655 + 8081 #smokeping + 49152 + ]; networking.firewall.trustedInterfaces = [ "enp0s25" ]; #services.tinc.networks.siem = { # name = "display"; @@ -90,4 +130,66 @@ in { serverAddress = "x.r"; }; }; + security.wrappers.fping = { + source = "${pkgs.fping}/bin/fping"; + setuid = true; + }; + services.smokeping = { + enable = true; + targetConfig = '' + probe = FPing + menu = Top + title = Network Latency Grapher + remark = Welcome to this SmokePing website. + + + network + menu = Net latency + title = Network latency (ICMP pings) + + ++ google + probe = FPing + host = google.de + ++ webde + probe = FPing + host = web.de + + + services + menu = Service latency + title = Service latency (DNS, HTTP) + + ++ HTTP + menu = HTTP latency + title = Service latency (HTTP) + + +++ webdeping + probe = EchoPingHttp + host = web.de + + +++ googwebping + probe = EchoPingHttp + host = google.de + + #+++ webwww + #probe = Curl + #host = web.de + + #+++ googwebwww + #probe = Curl + #host = google.d