From d58e8035b4101b20539279247ec083b72ba0a647 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 26 Jun 2017 14:22:11 +0200 Subject: k 4 infest: prepare Regression for stockholm --- krebs/4lib/infest/prepare.sh | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) (limited to 'krebs') diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index 50d521e1..8e921ce0 100644 --- a/krebs/4lib/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh @@ -36,14 +36,7 @@ prepare() {( ;; esac ;; - nixos) - case $(cat /proc/cmdline) in - *' root=LABEL=NIXOS_ISO '*) - prepare_nixos_iso "$@" - exit - esac - ;; - stockholm) + nixos|stockholm) case $(cat /proc/cmdline) in *' root=LABEL=NIXOS_ISO '*) prepare_nixos_iso "$@" @@ -102,7 +95,8 @@ prepare_nixos_iso() { mkdir -p bin rm -f bin/nixos-install cp "$(type -p nixos-install)" bin/nixos-install - sed -i "s@^NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install + sed -i 's@^\(\(export \|\)NIX_PATH\)=\"[^\"]*\"@\1=$target_path@' bin/nixos-install + } get_nixos_install() { @@ -217,7 +211,7 @@ prepare_common() {( mkdir -p bin rm -f bin/nixos-install cp "$(type -p nixos-install)" bin/nixos-install - sed -i "s@^NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install + sed -i 's@^\(\(export \|\)NIX_PATH\)=\"[^\"]*\"@\1=$target_path@' bin/nixos-install if ! grep -q '^PATH.*#krebs' .bashrc; then echo '. /root/.nix-profile/etc/profile.d/nix.sh' >> .bashrc -- cgit v1.2.3 From 62e50105badbe23a3e448d8ca9f5770f7698b22b Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 27 Jun 2017 23:48:05 +0200 Subject: krebs.build.source: stockholm default is --- krebs/3modules/build.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix index 51f19270..976d378f 100644 --- a/krebs/3modules/build.nix +++ b/krebs/3modules/build.nix @@ -24,4 +24,6 @@ with import ; type = types.user; }; }; + + config.krebs.build.source.stockholm.file = mkDefault (toString ); } -- cgit v1.2.3 From 10adb2d27e3005c7239585eb38dbbe3b5b01a400 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 28 Jun 2017 03:31:14 +0200 Subject: whatsupnix: use gawk and nix-store explicitly --- krebs/5pkgs/simple/whatsupnix/whatsupnix.bash | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'krebs') diff --git a/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash b/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash index 04276304..12720957 100644 --- a/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash +++ b/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash @@ -17,15 +17,12 @@ # 2 Build error; at least one failed derivation could be found. # -GAWK=${GAWK:-gawk} -NIX_STORE=${NIX_STORE:-nix-store} - failed_drvs=$(mktemp --tmpdir whatsupnix.XXXXXXXX) trap 'rm -f -- "$failed_drvs"' EXIT exec >&2 -$GAWK -v failed_drvs="$failed_drvs" ' +gawk -v failed_drvs="$failed_drvs" ' match($0, /^builder for ‘(\/nix\/store\/[^’]+\.drv)’ failed/, m) { print m[1] >> failed_drvs } @@ -35,7 +32,7 @@ $GAWK -v failed_drvs="$failed_drvs" ' case $# in 0) print_log() { - NIX_PAGER= $NIX_STORE -l "$1" + NIX_PAGER= nix-store -l "$1" } ;; 1) -- cgit v1.2.3 From 0d9ded0b58b79fd35fa14f41726d9f8a4aa4a78e Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 29 Jun 2017 23:51:16 +0200 Subject: Revert "k 4 infest: prepare Regression for stockholm" This reverts commit d58e8035b4101b20539279247ec083b72ba0a647. --- krebs/4lib/infest/prepare.sh | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'krebs') diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index 8e921ce0..50d521e1 100644 --- a/krebs/4lib/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh @@ -36,7 +36,14 @@ prepare() {( ;; esac ;; - nixos|stockholm) + nixos) + case $(cat /proc/cmdline) in + *' root=LABEL=NIXOS_ISO '*) + prepare_nixos_iso "$@" + exit + esac + ;; + stockholm) case $(cat /proc/cmdline) in *' root=LABEL=NIXOS_ISO '*) prepare_nixos_iso "$@" @@ -95,8 +102,7 @@ prepare_nixos_iso() { mkdir -p bin rm -f bin/nixos-install cp "$(type -p nixos-install)" bin/nixos-install - sed -i 's@^\(\(export \|\)NIX_PATH\)=\"[^\"]*\"@\1=$target_path@' bin/nixos-install - + sed -i "s@^NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install } get_nixos_install() { @@ -211,7 +217,7 @@ prepare_common() {( mkdir -p bin rm -f bin/nixos-install cp "$(type -p nixos-install)" bin/nixos-install - sed -i 's@^\(\(export \|\)NIX_PATH\)=\"[^\"]*\"@\1=$target_path@' bin/nixos-install + sed -i "s@^NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install if ! grep -q '^PATH.*#krebs' .bashrc; then echo '. /root/.nix-profile/etc/profile.d/nix.sh' >> .bashrc -- cgit v1.2.3 From dbe4cc21e33ccc22b9dd352dd8c6913d60a0cbc0 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 30 Jun 2017 04:53:34 +0200 Subject: pkgs.whatsupnix: print gawk output ASAP --- krebs/5pkgs/simple/whatsupnix/whatsupnix.bash | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash b/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash index 12720957..2ad9aadc 100644 --- a/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash +++ b/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash @@ -26,7 +26,7 @@ gawk -v failed_drvs="$failed_drvs" ' match($0, /^builder for ‘(\/nix\/store\/[^’]+\.drv)’ failed/, m) { print m[1] >> failed_drvs } - { print $0 } + { print $0; fflush("/dev/stdout") } ' case $# in -- cgit v1.2.3 From 01a4ed89c72af0beefd2ba4bcd894017002720ff Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 2 Jul 2017 12:41:14 +0200 Subject: gum.r: provide iodine endpoint gum now runs io.krebsco.de (was configured before but not exposed via the DNS zone file) --- krebs/3modules/makefu/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 4c0ce0fe..c517ac1d 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -308,7 +308,6 @@ with import ; extraZones = { "krebsco.de" = '' wry IN A ${nets.internet.ip4.addr} - io IN NS wry.krebsco.de. tinc IN A ${nets.internet.ip4.addr} ''; }; @@ -470,6 +469,7 @@ with import ; wiki.euer IN A ${nets.internet.ip4.addr} graph IN A ${nets.internet.ip4.addr} ghook IN A ${nets.internet.ip4.addr} + io IN NS gum.krebsco.de. ''; }; nets = rec { -- cgit v1.2.3 From c36d644059049dba69cf4e5a072f2c5b4c6f5856 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 2 Jul 2017 21:06:04 +0200 Subject: urlwatch: set dataDir to home of urlwatch user otherwise /var/empty will be used which then will clash with exim which tries to create Maildir in this folder explicitly setting the home directory in users also avoids the usage of execstartpre in favor of createHome --- krebs/3modules/urlwatch.nix | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix index c06e5ddb..380e30ae 100644 --- a/krebs/3modules/urlwatch.nix +++ b/krebs/3modules/urlwatch.nix @@ -142,17 +142,6 @@ let PrivateTmp = "true"; SyslogIdentifier = "urlwatch"; Type = "oneshot"; - ExecStartPre = - pkgs.writeDash "urlwatch-prestart" '' - set -euf - - dataDir=$HOME - - if ! test -e "$dataDir"; then - mkdir -m 0700 -p "$dataDir" - chown ${user.name}: "$dataDir" - fi - ''; ExecStart = pkgs.writeDash "urlwatch" '' set -euf @@ -185,6 +174,8 @@ let }; users.extraUsers = singleton { inherit (user) name uid; + home = cfg.dataDir; + createHome = true; }; }; -- cgit v1.2.3 From 5c26d65ae48aa73c8a738e4ef22dcb3ad6daa00d Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 2 Jul 2017 23:08:09 +0200 Subject: urlwatch: filter _module with kv before this commit { url= ...; filter=... } didn't work because the result contained _module --- krebs/3modules/urlwatch.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix index 380e30ae..463fa26b 100644 --- a/krebs/3modules/urlwatch.nix +++ b/krebs/3modules/urlwatch.nix @@ -60,6 +60,7 @@ let description = "URL to watch."; example = [ https://nixos.org/channels/nixos-unstable/git-revision + { url = http://localhost ; filter = "grep:important.*stuff"; } ]; apply = map (x: getAttr (typeOf x) { set = x; @@ -79,7 +80,8 @@ let }; urlsFile = pkgs.writeText "urls" - (concatMapStringsSep "\n---\n" toJSON cfg.urls); + (concatMapStringsSep "\n---\n" + (x: toJSON (filterAttrs (n: v: n != "_module") x)) cfg.urls); hooksFile = cfg.hooksFile; -- cgit v1.2.3 From e86202da34332c6cd1a270a6d6b105dd2fb6e888 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 4 Jul 2017 17:39:43 +0200 Subject: pkgs.ucspi-tcp: init current stable of this pkg is broken, so we vendor it in nixpkgs. We removed the setuid bit from the build binaries --- krebs/5pkgs/simple/ucspi-tcp/chmod.patch | 15 ++++++ krebs/5pkgs/simple/ucspi-tcp/default.nix | 86 ++++++++++++++++++++++++++++++++ 2 files changed, 101 insertions(+) create mode 100644 krebs/5pkgs/simple/ucspi-tcp/chmod.patch create mode 100644 krebs/5pkgs/simple/ucspi-tcp/default.nix (limited to 'krebs') diff --git a/krebs/5pkgs/simple/ucspi-tcp/chmod.patch b/krebs/5pkgs/simple/ucspi-tcp/chmod.patch new file mode 100644 index 00000000..dd693320 --- /dev/null +++ b/krebs/5pkgs/simple/ucspi-tcp/chmod.patch @@ -0,0 +1,15 @@ +diff --git a/hier.c b/hier.c +index 5663ada..1d73b84 100644 +--- a/hier.c ++++ b/hier.c +@@ -2,8 +2,8 @@ + + void hier() + { +- h(auto_home,-1,-1,02755); +- d(auto_home,"bin",-1,-1,02755); ++ h(auto_home,-1,-1,0755); ++ d(auto_home,"bin",-1,-1,0755); + + c(auto_home,"bin","tcpserver",-1,-1,0755); + c(auto_home,"bin","tcprules",-1,-1,0755); diff --git a/krebs/5pkgs/simple/ucspi-tcp/default.nix b/krebs/5pkgs/simple/ucspi-tcp/default.nix new file mode 100644 index 00000000..3b043be0 --- /dev/null +++ b/krebs/5pkgs/simple/ucspi-tcp/default.nix @@ -0,0 +1,86 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + name = "ucspi-tcp-0.88"; + + src = fetchurl { + url = "http://cr.yp.to/ucspi-tcp/${name}.tar.gz"; + sha256 = "171yl9kfm8w7l17dfxild99mbf877a9k5zg8yysgb1j8nz51a1ja"; + }; + + # Plain upstream tarball doesn't build, get patches from Debian + patches = [ + (fetchurl { + url = "http://ftp.de.debian.org/debian/pool/main/u/ucspi-tcp/ucspi-tcp_0.88-3.diff.gz"; + sha256 = "0mzmhz8hjkrs0khmkzs5i0s1kgmgaqz07h493bd5jj5fm5njxln6"; + }) + ./chmod.patch + ]; + + # Apply Debian patches + postPatch = '' + for fname in debian/diff/*.diff; do + echo "Applying patch $fname" + patch < "$fname" + done + ''; + + # The build system is weird; 'make install' doesn't install anything, instead + # it builds an executable called ./install (from C code) which installs + # binaries to the directory given on line 1 in ./conf-home. + # + # Also, assume getgroups and setgroups work, instead of doing a build time + # test that breaks on NixOS (I think because nixbld users lack CAP_SETGID + # capability). + preBuild = '' + echo "$out" > conf-home + + echo "main() { return 0; }" > chkshsgr.c + ''; + + installPhase = '' + mkdir -p "$out/bin" + mkdir -p "$out/share/man/man1" + + # run the newly built installer + ./install + + # Install Debian man pages (upstream has none) + cp debian/ucspi-tcp-man/*.1 "$out/share/man/man1" + ''; + + meta = with stdenv.lib; { + description = "Command-line tools for building TCP client-server applications"; + longDescription = '' + tcpserver waits for incoming connections and, for each connection, runs a + program of your choice. Your program receives environment variables + showing the local and remote host names, IP addresses, and port numbers. + + tcpserver offers a concurrency limit to protect you from running out of + processes and memory. When you are handling 40 (by default) simultaneous + connections, tcpserver smoothly defers acceptance of new connections. + + tcpserver also provides TCP access control features, similar to + tcp-wrappers/tcpd's hosts.allow but much faster. Its access control rules + are compiled into a hashed format with cdb, so it can easily deal with + thousands of different hosts. + + This package includes a recordio tool that monitors all the input and + output of a server. + + tcpclient makes a TCP connection and runs a program of your choice. It + sets up the same environment variables as tcpserver. + + This package includes several sample clients built on top of tcpclient: + who@, date@, finger@, http@, tcpcat, and mconnect. + + tcpserver and tcpclient conform to UCSPI, the UNIX Client-Server Program + Interface, using the TCP protocol. UCSPI tools are available for several + different networks. + ''; + homepage = http://cr.yp.to/ucspi-tcp.html; + license = licenses.publicDomain; + platforms = platforms.linux; + maintainers = [ maintainers.bjornfor ]; + }; +} -- cgit v1.2.3