From c6b4c7920fd9c0eb11f3bd3c5602980934fafd20 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:39:03 +0200 Subject: ma gum.r: handle new domain --- makefu/1systems/gum/config.nix | 4 ++++ makefu/2configs/nginx/misa-felix-hochzeit.ml.nix | 17 +++++++++++++++++ 2 files changed, 21 insertions(+) create mode 100644 makefu/2configs/nginx/misa-felix-hochzeit.ml.nix (limited to 'makefu') diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 40fa233d3..578e4add8 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -64,8 +64,10 @@ in { + # + @@ -222,6 +224,8 @@ in { 25 # http 80 443 + # httptunnel + 8080 8443 # tinc 655 # tinc-shack diff --git a/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix b/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix new file mode 100644 index 000000000..d0881a934 --- /dev/null +++ b/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix @@ -0,0 +1,17 @@ +{ config, lib, pkgs, ... }: +{ + services.nginx = { + enable = lib.mkDefault true; + virtualHosts."misa-felix-hochzeit.ml" = { + serverAliases = [ "www.misa-felix-hochzeit.ml" "misa-felix.ml" "www.misa-felix.ml" ]; + forceSSL = true; + enableACME = true; + locations = { + "/" = { + index = "index.html"; + root = "/var/www/misa-felix-hochzeit.ml"; + }; + }; + }; + }; +} -- cgit v1.2.3 From a2c1afe2a253589bc38380a75c7b156216b40667 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:39:44 +0200 Subject: ma x.r: allow automatic mounting by pcmanfm --- makefu/1systems/x/config.nix | 38 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 36 insertions(+), 2 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index f72f2a15b..483fc81e5 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -141,14 +141,47 @@ with import ; # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio hardware.bluetooth.enable = true; } - { # auto-mounting + { # auto-mounting via polkit services.udisks2.enable = true; - services.devmon.enable = true; + ## automount all disks: + # services.devmon.enable = true; # services.gnome3.gvfs.enable = true; + users.groups.storage = { + gid = genid "storage"; + members = [ "makefu" ]; + }; users.users.makefu.packages = with pkgs;[ gvfs pcmanfm lxmenu-data ]; environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ]; + + ## allow users in group "storage" to mount disk + # https://github.com/coldfix/udiskie/wiki/Permissions + security.polkit.extraConfig = + '' + polkit.addRule(function(action, subject) { + var YES = polkit.Result.YES; + var permission = { + "org.freedesktop.udisks.filesystem-mount": YES, + "org.freedesktop.udisks.luks-unlock": YES, + "org.freedesktop.udisks.drive-eject": YES, + "org.freedesktop.udisks.drive-detach": YES, + "org.freedesktop.udisks2.filesystem-mount": YES, + "org.freedesktop.udisks2.encrypted-unlock": YES, + "org.freedesktop.udisks2.eject-media": YES, + "org.freedesktop.udisks2.power-off-drive": YES, + "org.freedesktop.udisks2.filesystem-mount-other-seat": YES, + "org.freedesktop.udisks2.filesystem-unmount-others": YES, + "org.freedesktop.udisks2.encrypted-unlock-other-seat": YES, + "org.freedesktop.udisks2.eject-media-other-seat": YES, + "org.freedesktop.udisks2.power-off-drive-other-seat": YES + }; + if (subject.isInGroup("storage")) { + return permission[action.id]; + } + }); + ''; + } ]; @@ -170,6 +203,7 @@ with import ; networking.extraHosts = '' 192.168.1.11 omo.local + 80.92.65.53 www.wifionice.de wifionice.de ''; # hard dependency because otherwise the device will not be unlocked boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; -- cgit v1.2.3 From 0d4bb21df59c08eccf5db522242d3cb80f2b9425 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:44:06 +0200 Subject: ma automatic-diskmount: put into separate config --- makefu/1systems/x/config.nix | 42 --------------------------- makefu/2configs/gui/automatic-diskmount.nix | 44 +++++++++++++++++++++++++++++ makefu/2configs/main-laptop.nix | 1 + 3 files changed, 45 insertions(+), 42 deletions(-) create mode 100644 makefu/2configs/gui/automatic-diskmount.nix (limited to 'makefu') diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 483fc81e5..93bb27efe 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -141,48 +141,6 @@ with import ; # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio hardware.bluetooth.enable = true; } - { # auto-mounting via polkit - services.udisks2.enable = true; - ## automount all disks: - # services.devmon.enable = true; - # services.gnome3.gvfs.enable = true; - users.groups.storage = { - gid = genid "storage"; - members = [ "makefu" ]; - }; - users.users.makefu.packages = with pkgs;[ - gvfs pcmanfm lxmenu-data - ]; - environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ]; - - ## allow users in group "storage" to mount disk - # https://github.com/coldfix/udiskie/wiki/Permissions - security.polkit.extraConfig = - '' - polkit.addRule(function(action, subject) { - var YES = polkit.Result.YES; - var permission = { - "org.freedesktop.udisks.filesystem-mount": YES, - "org.freedesktop.udisks.luks-unlock": YES, - "org.freedesktop.udisks.drive-eject": YES, - "org.freedesktop.udisks.drive-detach": YES, - "org.freedesktop.udisks2.filesystem-mount": YES, - "org.freedesktop.udisks2.encrypted-unlock": YES, - "org.freedesktop.udisks2.eject-media": YES, - "org.freedesktop.udisks2.power-off-drive": YES, - "org.freedesktop.udisks2.filesystem-mount-other-seat": YES, - "org.freedesktop.udisks2.filesystem-unmount-others": YES, - "org.freedesktop.udisks2.encrypted-unlock-other-seat": YES, - "org.freedesktop.udisks2.eject-media-other-seat": YES, - "org.freedesktop.udisks2.power-off-drive-other-seat": YES - }; - if (subject.isInGroup("storage")) { - return permission[action.id]; - } - }); - ''; - - } ]; diff --git a/makefu/2configs/gui/automatic-diskmount.nix b/makefu/2configs/gui/automatic-diskmount.nix new file mode 100644 index 000000000..19933111a --- /dev/null +++ b/makefu/2configs/gui/automatic-diskmount.nix @@ -0,0 +1,44 @@ +{ pkgs, ... }: +with import ; #genid +{ # auto-mounting via polkit + services.udisks2.enable = true; +## automount all disks: +# services.devmon.enable = true; +# services.gnome3.gvfs.enable = true; + users.groups.storage = { + gid = genid "storage"; + members = [ "makefu" ]; + }; + users.users.makefu.packages = with pkgs;[ + gvfs pcmanfm lxmenu-data + ]; + environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ]; + +## allow users in group "storage" to mount disk +# https://github.com/coldfix/udiskie/wiki/Permissions + security.polkit.extraConfig = + '' + polkit.addRule(function(action, subject) { + var YES = polkit.Result.YES; + var permission = { + "org.freedesktop.udisks.filesystem-mount": YES, + "org.freedesktop.udisks.luks-unlock": YES, + "org.freedesktop.udisks.drive-eject": YES, + "org.freedesktop.udisks.drive-detach": YES, + "org.freedesktop.udisks2.filesystem-mount": YES, + "org.freedesktop.udisks2.encrypted-unlock": YES, + "org.freedesktop.udisks2.eject-media": YES, + "org.freedesktop.udisks2.power-off-drive": YES, + "org.freedesktop.udisks2.filesystem-mount-other-seat": YES, + "org.freedesktop.udisks2.filesystem-unmount-others": YES, + "org.freedesktop.udisks2.encrypted-unlock-other-seat": YES, + "org.freedesktop.udisks2.eject-media-other-seat": YES, + "org.freedesktop.udisks2.power-off-drive-other-seat": YES + }; + if (subject.isInGroup("storage")) { + return permission[action.id]; + } + }); + ''; + +} diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix index 827da0c8d..315fc4706 100644 --- a/makefu/2configs/main-laptop.nix +++ b/makefu/2configs/main-laptop.nix @@ -16,6 +16,7 @@ in { ./zsh-user.nix ./tools/core.nix ./tools/core-gui.nix + ./gui/automatic-diskmount.nix ]; users.users.${config.krebs.build.user.name}.extraGroups = [ "dialout" ]; -- cgit v1.2.3 From bb41144dc0e18ea704ebea00f5f2da0573a443cc Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:44:28 +0200 Subject: ma wbob.r: put self into pulse group --- makefu/1systems/wbob/config.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'makefu') diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index cfbcf0e9c..42f3bddb1 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -33,6 +33,9 @@ in { + { + users.users.makefu.extraGroups = [ "pulse" ]; + } # Sensors @@ -121,6 +124,7 @@ in { networking.firewall.allowedTCPPorts = [ 655 8081 #smokeping + 8086 #influx 49152 ]; networking.firewall.trustedInterfaces = [ "enp0s25" ]; -- cgit v1.2.3 From cab4eb5e430f0fce8698a0eb4a7f9825f133b519 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:45:30 +0200 Subject: ma bluetooth-mpd: provide anonymous unix socket for all programs --- makefu/2configs/bluetooth-mpd.nix | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/bluetooth-mpd.nix b/makefu/2configs/bluetooth-mpd.nix index 226f5cf1f..b59d3ce10 100644 --- a/makefu/2configs/bluetooth-mpd.nix +++ b/makefu/2configs/bluetooth-mpd.nix @@ -34,7 +34,7 @@ in { hardware.pulseaudio = { enable = true; package = pkgs.pulseaudioFull; - # systemWide = true; + # systemWide = true; support32Bit = true; zeroconf.discovery.enable = true; zeroconf.publish.enable = true; @@ -42,12 +42,13 @@ in { enable = true; # PULSE_SERVER=192.168.1.11 pavucontrol anonymousClients.allowAll = true; + anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.0.0/16" ]; }; configFile = pkgs.writeText "default.pa" '' load-module module-udev-detect load-module module-bluetooth-policy load-module module-bluetooth-discover - load-module module-native-protocol-unix + load-module module-native-protocol-unix auth-anonymous=1 load-module module-always-sink load-module module-console-kit load-module module-systemd-login @@ -56,13 +57,15 @@ in { load-module module-filter-heuristics load-module module-filter-apply load-module module-switch-on-connect + #load-module module-bluez5-device + #load-module module-bluez5-discover ''; }; - # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio + # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio hardware.bluetooth.enable = true; - #hardware.bluetooth.extraConfig = '' - # [general] - # Enable=Source,Sink,Media,Socket - #''; + # environment.etc."bluetooth/audio.conf".text = '' + # [General] + # Enable = Source,Sink,Media,Socket + # ''; }; } -- cgit v1.2.3 From fc3a10ebec641d49a83389d28ab45da519cb4727 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:45:45 +0200 Subject: ma cgit-retiolum: init arafetch --- makefu/2configs/git/cgit-retiolum.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'makefu') diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 30d90f9e3..c209b83f6 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -30,6 +30,7 @@ let euer_blog = { }; ampel = { }; europastats = { }; + arafetch = { }; init-stockholm = { cgit.desc = "Init stuff for stockholm"; }; -- cgit v1.2.3 From d1542ef7739a61e9ee11ff86300ed6a3486569ac Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:46:15 +0200 Subject: ma arafetch: add extra logic for remote stats generation --- makefu/2configs/stats/arafetch.nix | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/stats/arafetch.nix b/makefu/2configs/stats/arafetch.nix index e04b12f9c..422676b24 100644 --- a/makefu/2configs/stats/arafetch.nix +++ b/makefu/2configs/stats/arafetch.nix @@ -3,7 +3,7 @@ with import ; let pkg = with pkgs.python3Packages;buildPythonPackage rec { rev = "762d747"; - name = "europastats-${rev}"; + name = "arafetch-${rev}"; propagatedBuildInputs = [ requests docopt @@ -25,12 +25,25 @@ in { }; systemd.services.arafetch = { - startAt = "Mon 09:15:00"; + startAt = "Mon,Wed,Fri 09:15:00"; wantedBy = [ "multi-user.target" ]; environment = { OUTDIR = home; }; path = [ pkg pkgs.git pkgs.wget ]; - script = "${pkg}/bin/weekrun"; + serviceConfig = { + User = "arafetch"; + WorkingDirectory = home; + PrivateTmp = true; + ExecStart = pkgs.writeDash "start-weekrun" '' + set -x + weekrun || echo "weekrun failed!" + find $OUTDIR/db -name \*.json | while read path;do + file=''${path##*/} + cantine=''${file%%.json} + ara2influx $path --cantine $cantine --host wbob.r + done + ''; + }; }; } -- cgit v1.2.3 From 402a0c9847df5b1195cb8b49e2f0cf632668ca71 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:46:44 +0200 Subject: ma hydra/stockholm: remove enable for postgres --- makefu/2configs/hydra/stockholm.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'makefu') diff --git a/makefu/2configs/hydra/stockholm.nix b/makefu/2configs/hydra/stockholm.nix index 4bdb09213..35999ae57 100644 --- a/makefu/2configs/hydra/stockholm.nix +++ b/makefu/2configs/hydra/stockholm.nix @@ -5,7 +5,6 @@ { # TODO postgres backup - services.postgresql.enable = true; services.hydra = { enable = true; -- cgit v1.2.3 From af5698307560b8cd1ab2ff2713684debab74fd5d Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:47:14 +0200 Subject: ma remote-build: rip --- makefu/2configs/remote-build/master.nix | 14 -------------- 1 file changed, 14 deletions(-) delete mode 100644 makefu/2configs/remote-build/master.nix (limited to 'makefu') diff --git a/makefu/2configs/remote-build/master.nix b/makefu/2configs/remote-build/master.nix deleted file mode 100644 index 2a2c68119..000000000 --- a/makefu/2configs/remote-build/master.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ pkgs, ...}: -let - sshKey = (toString ) + "/id_nixBuild"; -in { - nix.distributedBuilds = true; - # TODO: iterate over krebs.hosts - nix.buildMachines = map ( hostName: - { inherit hostName sshKey; - sshUser = "nixBuild"; - system = "x86_64-linux"; - maxJobs = 8; - }) [ "hotdog.r" ]; - # puyak.r "wbob.r" "omo.r" "gum.r" "latte.r" -} -- cgit v1.2.3 From 8f1907ef4eaa6b8be9838b69cf0243c441d52c3e Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:48:01 +0200 Subject: ma urlwatch: do not track oslo.config anymore --- makefu/2configs/urlwatch/default.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'makefu') diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix index d0fb4fe41..f93d47caa 100644 --- a/makefu/2configs/urlwatch/default.nix +++ b/makefu/2configs/urlwatch/default.nix @@ -25,7 +25,6 @@ in { # pypi https://pypi.python.org/simple/bepasty/ https://pypi.python.org/simple/devpi-client/ - https://pypi.python.org/simple/oslo.config/ https://pypi.python.org/simple/sqlalchemy_migrate/ https://pypi.python.org/simple/xstatic/ https://pypi.python.org/simple/pyserial/ -- cgit v1.2.3 From 5dd8342aafd204863e826327af9222f22b2dd040 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:48:18 +0200 Subject: ma pkgs.ampel: bump to 0.2.1 --- makefu/5pkgs/ampel/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'makefu') diff --git a/makefu/5pkgs/ampel/default.nix b/makefu/5pkgs/ampel/default.nix index 86518b9b8..9792c2c59 100644 --- a/makefu/5pkgs/ampel/default.nix +++ b/makefu/5pkgs/ampel/default.nix @@ -2,7 +2,7 @@ with pkgs.python3Packages;buildPythonPackage rec { name = "ampel-${version}"; - version = "0.2"; + version = "0.2.1"; propagatedBuildInputs = [ docopt @@ -16,8 +16,8 @@ with pkgs.python3Packages;buildPythonPackage rec { src = pkgs.fetchgit { url = "http://cgit.euer.krebsco.de/ampel"; - rev = "d8a0250"; - sha256 = "0n36lc17ca5db6pl6dswdqd5w9f881rfqck9yc4w33a5qpsxj85f"; + rev = "92321d7"; + sha256 = "0mvpbpf1rx8sc589qjb73gl8z6fir2zs3gl3br1pbhg5jgn0ij4n"; }; meta = { homepage = http://cgit.euer.krebsco.de/ampel; -- cgit v1.2.3 From d4fcbba9086cadad2de132e18e64cb66e87a7df6 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:48:59 +0200 Subject: ma pkgs.awesomecfg.full: use maximized instead of horizontal/vertical --- makefu/5pkgs/awesomecfg/full.cfg | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'makefu') diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg index e748981c6..e49a88697 100644 --- a/makefu/5pkgs/awesomecfg/full.cfg +++ b/makefu/5pkgs/awesomecfg/full.cfg @@ -412,8 +412,7 @@ clientkeys = awful.util.table.join( end), awful.key({ modkey, }, "m", function (c) - c.maximized_horizontal = not c.maximized_horizontal - c.maximized_vertical = not c.maximized_vertical + c.maximized = not c.maximized end) ) -- cgit v1.2.3 From bd08fef3bd33658782cddc8bfa537de6c1f42c76 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:51:59 +0200 Subject: ma devpi-web: bump to latest version --- makefu/5pkgs/devpi/default.nix | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'makefu') diff --git a/makefu/5pkgs/devpi/default.nix b/makefu/5pkgs/devpi/default.nix index 3ddcd9641..6515ea3d1 100644 --- a/makefu/5pkgs/devpi/default.nix +++ b/makefu/5pkgs/devpi/default.nix @@ -16,16 +16,17 @@ let }; devpi-web = pkgs.python3Packages.buildPythonPackage rec { name = "devpi-web"; - version = "3.1.1"; + version = "3.2.2"; src = pkgs.fetchurl { url = "mirror://pypi/d/devpi-web/devpi-web-${version}.tar.gz"; - sha256 = "0bvqv52jmasfm4sdyccwsgvk9a663d3grj7zjw8r9x7xm7l3svqv"; + sha256 = "1mwg2fcw88rn47ypnhg5f4s1r066129z922113shyinwrwfddhay"; }; - propagatedBuildInputs = with pkgs.python3Packages; - [ pkgs.devpi-server pyramid_chameleon beautifulsoup4 defusedxml readme-renderer ]; + propagatedBuildInputs = with pkgs.python3Packages; builtins.trace pkgs.devpi-server.version + [ pkgs.devpi-server pyramid_chameleon pygments docutils devpi-common + whoosh beautifulsoup4 defusedxml readme-renderer ]; meta = { homepage = https://bitbucket.org/hpk42/devpi; @@ -37,6 +38,6 @@ let in { devpi-web = pkgs.python3.buildEnv.override { - extraLibs = [ devpi-web devpi-server ]; - }; + extraLibs = [ devpi-web pkgs.devpi-server ]; + }; } -- cgit v1.2.3 From 1b740bf9ef32972f7242226699a75b39feeb18b2 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:56:11 +0200 Subject: ma source: 18.03 --- makefu/source.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'makefu') diff --git a/makefu/source.nix b/makefu/source.nix index d25fe5528..bbc059947 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -21,9 +21,8 @@ let ]; }; # TODO: automate updating of this ref + cherry-picks - ref = "6583793"; # nixos-17.09 @ 2018-03-07 - # + do_sqlite3 ruby: 55a952be5b5 - # + signal: 0f19beef3, 50ad913, 9449782, b7046ab2 + ref = "a09afbfb8a4"; # nixos-18.03 @ 2018-04-04 + # + do_sqlite3 ruby: 55a952be5b5 in evalSource (toString _file) [ -- cgit v1.2.3 From 241973f2ec1f4fcf217c37fd102feba82bc0b66e Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 5 Apr 2018 09:32:22 +0200 Subject: ma source: follow musnix master --- makefu/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/source.nix b/makefu/source.nix index bbc059947..bcdb66a66 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -53,7 +53,7 @@ in (mkIf ( musnix ) { musnix.git = { url = https://github.com/musnix/musnix.git; - ref = "d8b989f"; + ref = "master"; # follow the musnix channel, lets see how this works out }; }) -- cgit v1.2.3 From b0829854211bc23c98247fb9cd2e22b70616f217 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 21 Apr 2018 20:52:46 +0200 Subject: ma source: use .pass --- makefu/source.nix | 51 +++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 37 insertions(+), 14 deletions(-) (limited to 'makefu') diff --git a/makefu/source.nix b/makefu/source.nix index bcdb66a66..40aeac8b6 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -1,14 +1,16 @@ with import ; host@{ name, override ? {} -, secure ? false -, full ? false -, torrent ? false -, hw ? false -, musnix ? false -, python ? false -, unstable ? false #unstable channel checked out -, mic92 ? false +, secure ? false +, full ? false +, torrent ? false +, hw ? false +, musnix ? false +, python ? false +, unstable ? false #unstable channel checked out +, mic92 ? false +, nms ? false +, clever_kexec ?false }: let builder = if getEnv "dummy_secrets" == "true" @@ -42,11 +44,15 @@ in file = "/home/makefu/store/${ref}"; }; - secrets.file = getAttr builder { - buildbot = toString ; - makefu = "/home/makefu/secrets/${name}"; + secrets = getAttr builder { + buildbot.file = toString ; + makefu.pass = { + inherit name; + dir = "${getEnv "HOME"}/.secrets-pass"; + }; }; + stockholm.file = toString ; stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; } @@ -72,9 +78,12 @@ in }) (mkIf ( torrent ) { - torrent-secrets.file = getAttr builder { - buildbot = toString ; - makefu = "/home/makefu/secrets/torrent" ; + torrent-secrets = getAttr builder { + buildbot.file = toString ; + makefu.pass = { + name = "torrent"; + dir = "${getEnv "HOME"}/.secrets-pass"; + }; }; }) @@ -92,5 +101,19 @@ in }; }) + (mkIf ( nms ) { + nms.git = { + url = https://github.com/r-raymond/nixos-mailserver; + ref = "v2.1.2"; + }; + }) + + (mkIf ( clever_kexec ) { + clever_kexec.git = { + url = https://github.com/cleverca22/nix-tests; + ref = "5a670de7f2decfaafc95c34ffeb0f1896662f3d7"; + }; + }) + override ] -- cgit v1.2.3 From 309124175425cb7abd6dad166f485ae832435562 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 25 Apr 2018 14:50:06 +0200 Subject: ma gum.r: expose euer.mon --- makefu/1systems/gum/config.nix | 1 + makefu/2configs/nginx/euer.mon.nix | 26 ++++++++++++++++++++++++++ 2 files changed, 27 insertions(+) create mode 100644 makefu/2configs/nginx/euer.mon.nix (limited to 'makefu') diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 578e4add8..9b6d9d571 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -62,6 +62,7 @@ in { ## Web + # diff --git a/makefu/2configs/nginx/euer.mon.nix b/makefu/2configs/nginx/euer.mon.nix new file mode 100644 index 000000000..c5a7e68af --- /dev/null +++ b/makefu/2configs/nginx/euer.mon.nix @@ -0,0 +1,26 @@ +{ config, lib, pkgs, ... }: + +with import ; +let + hostname = config.krebs.build.host.name; + user = config.services.nginx.user; + group = config.services.nginx.group; + external-ip = config.krebs.build.host.nets.internet.ip4.addr; + internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; +in { + services.nginx = { + enable = mkDefault true; + virtualHosts."mon.euer.krebsco.de" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://wbob.r:3000/"; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + ''; + }; + }; + }; +} -- cgit v1.2.3 From 0ea7fd530f5b0b74ebff8b352283a7b399e9a109 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 May 2018 18:41:03 +0200 Subject: ma core-gui: rip flash on firefox --- makefu/2configs/tools/core-gui.nix | 4 ---- 1 file changed, 4 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/tools/core-gui.nix b/makefu/2configs/tools/core-gui.nix index 2f80b08c9..898bae10d 100644 --- a/makefu/2configs/tools/core-gui.nix +++ b/makefu/2configs/tools/core-gui.nix @@ -1,10 +1,6 @@ { pkgs, ... }: { - nixpkgs.config.firefox = { - enableAdobeFlash = true; - }; - krebs.per-user.makefu.packages = with pkgs; [ chromium clipit -- cgit v1.2.3 From 49193180cb66b35dc95ab34003c739af575adc77 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 May 2018 18:41:54 +0200 Subject: ma network-manager: wanted by multi-user --- makefu/2configs/hw/network-manager.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/hw/network-manager.nix b/makefu/2configs/hw/network-manager.nix index 7e29849b1..d322c683d 100644 --- a/makefu/2configs/hw/network-manager.nix +++ b/makefu/2configs/hw/network-manager.nix @@ -11,9 +11,8 @@ systemd.services.modemmanager = { description = "ModemManager"; - after = [ "network-manager.service" ]; bindsTo = [ "network-manager.service" ]; - wantedBy = [ "network-manager.service" ]; + wantedBy = [ "network-manager.service" "multi-user.target" ]; serviceConfig = { ExecStart = "${pkgs.modemmanager}/bin/ModemManager"; PrivateTmp = true; -- cgit v1.2.3 From 4f4c06d9f9494e627f67d73e13b3cf5003d4caeb Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 May 2018 18:46:46 +0200 Subject: ma gum: deploy kexec --- makefu/1systems/gum/source.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'makefu') diff --git a/makefu/1systems/gum/source.nix b/makefu/1systems/gum/source.nix index b3ce743ca..e3ca472e4 100644 --- a/makefu/1systems/gum/source.nix +++ b/makefu/1systems/gum/source.nix @@ -1,4 +1,5 @@ import { name="gum"; torrent = true; + clever_kexec = true; } -- cgit v1.2.3 From e26634bb487a37553d12fc4335a8c1f278cbcf93 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 May 2018 18:48:31 +0200 Subject: ma wbob.r: allow port 3000 --- makefu/1systems/wbob/config.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index 42f3bddb1..3cf3274f9 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -52,9 +52,10 @@ in { db = "collectd_db"; logging-interface = "enp0s25"; in { + networking.firewall.allowedTCPPorts = [ 3000 ]; + services.grafana.enable = true; services.grafana.addr = "0.0.0.0"; - services.influxdb.enable = true; services.influxdb.extraConfig = { meta.hostname = config.krebs.build.host.name; -- cgit v1.2.3 From dd71e3f657fb8680a83a47cc2e9bc7a0478240be Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 May 2018 18:49:02 +0200 Subject: ma omo.r: re-enable torrent --- makefu/1systems/omo/config.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index bed6ae9fd..a85d5f5ce 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -50,6 +50,7 @@ in { + # # # @@ -85,7 +86,7 @@ in { # - # + # # @@ -100,7 +101,7 @@ in { makefu.full-populate = true; makefu.server.primary-itf = primaryInterface; krebs.rtorrent = { - downloadDir = lib.mkForce "/media/crypt0/torrent"; + downloadDir = lib.mkForce "/media/cryptX/torrent"; extraConfig = '' upload_rate = 200 ''; -- cgit v1.2.3 From 47c0b0261eabdf230bfc7a375a3a008a04b61c4a Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 9 May 2018 11:11:50 +0200 Subject: krebs: 6tests -> 0tests --- makefu/0tests/data/secrets/auth.nix | 3 +++ makefu/0tests/data/secrets/bepasty-secret.nix | 1 + makefu/0tests/data/secrets/bgt_cyberwar_hidden_service/hostname | 1 + makefu/0tests/data/secrets/daemon-pw | 1 + makefu/0tests/data/secrets/dl.euer.krebsco.de-auth.nix | 1 + makefu/0tests/data/secrets/extra-hosts.nix | 1 + makefu/0tests/data/secrets/grafana_security.nix | 5 +++++ makefu/0tests/data/secrets/hashedPasswords.nix | 1 + makefu/0tests/data/secrets/iodinepw.nix | 1 + makefu/0tests/data/secrets/kibana-auth.nix | 4 ++++ makefu/0tests/data/secrets/nsupdate-data.nix | 1 + makefu/0tests/data/secrets/nsupdate-search.nix | 3 +++ makefu/0tests/data/secrets/retiolum-ci.rsa_key.priv | 0 makefu/0tests/data/secrets/retiolum.rsa_key.priv | 0 makefu/0tests/data/secrets/retiolum.rsa_key.pub | 0 makefu/0tests/data/secrets/sambacred | 0 makefu/0tests/data/secrets/shackspace-gitlab-ci-token.nix | 1 + makefu/0tests/data/secrets/ssh.id_ed25519 | 0 makefu/0tests/data/secrets/ssh.makefu.id_rsa | 0 makefu/0tests/data/secrets/ssh.makefu.id_rsa.pub | 0 makefu/0tests/data/secrets/ssh_host_ed25519_key | 0 makefu/0tests/data/secrets/ssh_host_rsa_key | 0 makefu/0tests/data/secrets/tinc.krebsco.de.crt | 0 makefu/0tests/data/secrets/tinc.krebsco.de.key | 0 makefu/0tests/data/secrets/tw-pass.ini | 0 makefu/0tests/data/secrets/wildcard.krebsco.de.crt | 0 makefu/0tests/data/secrets/wildcard.krebsco.de.key | 0 makefu/6tests/data/secrets/auth.nix | 3 --- makefu/6tests/data/secrets/bepasty-secret.nix | 1 - makefu/6tests/data/secrets/bgt_cyberwar_hidden_service/hostname | 1 - makefu/6tests/data/secrets/daemon-pw | 1 - makefu/6tests/data/secrets/dl.euer.krebsco.de-auth.nix | 1 - makefu/6tests/data/secrets/extra-hosts.nix | 1 - makefu/6tests/data/secrets/grafana_security.nix | 5 ----- makefu/6tests/data/secrets/hashedPasswords.nix | 1 - makefu/6tests/data/secrets/iodinepw.nix | 1 - makefu/6tests/data/secrets/kibana-auth.nix | 4 ---- makefu/6tests/data/secrets/nsupdate-data.nix | 1 - makefu/6tests/data/secrets/nsupdate-search.nix | 3 --- makefu/6tests/data/secrets/retiolum-ci.rsa_key.priv | 0 makefu/6tests/data/secrets/retiolum.rsa_key.priv | 0 makefu/6tests/data/secrets/retiolum.rsa_key.pub | 0 makefu/6tests/data/secrets/sambacred | 0 makefu/6tests/data/secrets/shackspace-gitlab-ci-token.nix | 1 - makefu/6tests/data/secrets/ssh.id_ed25519 | 0 makefu/6tests/data/secrets/ssh.makefu.id_rsa | 0 makefu/6tests/data/secrets/ssh.makefu.id_rsa.pub | 0 makefu/6tests/data/secrets/ssh_host_ed25519_key | 0 makefu/6tests/data/secrets/ssh_host_rsa_key | 0 makefu/6tests/data/secrets/tinc.krebsco.de.crt | 0 makefu/6tests/data/secrets/tinc.krebsco.de.key | 0 makefu/6tests/data/secrets/tw-pass.ini | 0 makefu/6tests/data/secrets/wildcard.krebsco.de.crt | 0 makefu/6tests/data/secrets/wildcard.krebsco.de.key | 0 makefu/source.nix | 4 ++-- 55 files changed, 26 insertions(+), 26 deletions(-) create mode 100644 makefu/0tests/data/secrets/auth.nix create mode 100644 makefu/0tests/data/secrets/bepasty-secret.nix create mode 100644 makefu/0tests/data/secrets/bgt_cyberwar_hidden_service/hostname create mode 100644 makefu/0tests/data/secrets/daemon-pw create mode 100644 makefu/0tests/data/secrets/dl.euer.krebsco.de-auth.nix create mode 100644 makefu/0tests/data/secrets/extra-hosts.nix create mode 100644 makefu/0tests/data/secrets/grafana_security.nix create mode 100644 makefu/0tests/data/secrets/hashedPasswords.nix create mode 100644 makefu/0tests/data/secrets/iodinepw.nix create mode 100644 makefu/0tests/data/secrets/kibana-auth.nix create mode 100644 makefu/0tests/data/secrets/nsupdate-data.nix create mode 100644 makefu/0tests/data/secrets/nsupdate-search.nix create mode 100644 makefu/0tests/data/secrets/retiolum-ci.rsa_key.priv create mode 100644 makefu/0tests/data/secrets/retiolum.rsa_key.priv create mode 100644 makefu/0tests/data/secrets/retiolum.rsa_key.pub create mode 100644 makefu/0tests/data/secrets/sambacred create mode 100644 makefu/0tests/data/secrets/shackspace-gitlab-ci-token.nix create mode 100644 makefu/0tests/data/secrets/ssh.id_ed25519 create mode 100644 makefu/0tests/data/secrets/ssh.makefu.id_rsa create mode 100644 makefu/0tests/data/secrets/ssh.makefu.id_rsa.pub create mode 100644 makefu/0tests/data/secrets/ssh_host_ed25519_key create mode 100644 makefu/0tests/data/secrets/ssh_host_rsa_key create mode 100644 makefu/0tests/data/secrets/tinc.krebsco.de.crt create mode 100644 makefu/0tests/data/secrets/tinc.krebsco.de.key create mode 100644 makefu/0tests/data/secrets/tw-pass.ini create mode 100644 makefu/0tests/data/secrets/wildcard.krebsco.de.crt create mode 100644 makefu/0tests/data/secrets/wildcard.krebsco.de.key delete mode 100644 makefu/6tests/data/secrets/auth.nix delete mode 100644 makefu/6tests/data/secrets/bepasty-secret.nix delete mode 100644 makefu/6tests/data/secrets/bgt_cyberwar_hidden_service/hostname delete mode 100644 makefu/6tests/data/secrets/daemon-pw delete mode 100644 makefu/6tests/data/secrets/dl.euer.krebsco.de-auth.nix delete mode 100644 makefu/6tests/data/secrets/extra-hosts.nix delete mode 100644 makefu/6tests/data/secrets/grafana_security.nix delete mode 100644 makefu/6tests/data/secrets/hashedPasswords.nix delete mode 100644 makefu/6tests/data/secrets/iodinepw.nix delete mode 100644 makefu/6tests/data/secrets/kibana-auth.nix delete mode 100644 makefu/6tests/data/secrets/nsupdate-data.nix delete mode 100644 makefu/6tests/data/secrets/nsupdate-search.nix delete mode 100644 makefu/6tests/data/secrets/retiolum-ci.rsa_key.priv delete mode 100644 makefu/6tests/data/secrets/retiolum.rsa_key.priv delete mode 100644 makefu/6tests/data/secrets/retiolum.rsa_key.pub delete mode 100644 makefu/6tests/data/secrets/sambacred delete mode 100644 makefu/6tests/data/secrets/shackspace-gitlab-ci-token.nix delete mode 100644 makefu/6tests/data/secrets/ssh.id_ed25519 delete mode 100644 makefu/6tests/data/secrets/ssh.makefu.id_rsa delete mode 100644 makefu/6tests/data/secrets/ssh.makefu.id_rsa.pub delete mode 100644 makefu/6tests/data/secrets/ssh_host_ed25519_key delete mode 100644 makefu/6tests/data/secrets/ssh_host_rsa_key delete mode 100644 makefu/6tests/data/secrets/tinc.krebsco.de.crt delete mode 100644 makefu/6tests/data/secrets/tinc.krebsco.de.key delete mode 100644 makefu/6tests/data/secrets/tw-pass.ini delete mode 100644 makefu/6tests/data/secrets/wildcard.krebsco.de.crt delete mode 100644 makefu/6tests/data/secrets/wildcard.krebsco.de.key (limited to 'makefu') diff --git a/makefu/0tests/data/secrets/auth.nix b/makefu/0tests/data/secrets/auth.nix new file mode 100644 index 000000000..92d5c34a8 --- /dev/null +++ b/makefu/0tests/data/secrets/auth.nix @@ -0,0 +1,3 @@ +{ + user = "password"; +} diff --git a/makefu/0tests/data/secrets/bepasty-secret.nix b/makefu/0tests/data/secrets/bepasty-secret.nix new file mode 100644 index 000000000..f5e704702 --- /dev/null +++ b/makefu/0tests/data/secrets/bepasty-secret.nix @@ -0,0 +1 @@ +"derp" diff --git a/makefu/0tests/data/secrets/bgt_cyberwar_hidden_service/hostname b/makefu/0tests/data/secrets/bgt_cyberwar_hidden_service/hostname new file mode 100644 index 000000000..2ae3807f1 --- /dev/null +++ b/makefu/0tests/data/secrets/bgt_cyberwar_hidden_service/hostname @@ -0,0 +1 @@ +dickbutt2342.onion diff --git a/makefu/0tests/data/secrets/daemon-pw b/makefu/0tests/data/secrets/daemon-pw new file mode 100644 index 000000000..e16c76dff --- /dev/null +++ b/makefu/0tests/data/secrets/daemon-pw @@ -0,0 +1 @@ +"" diff --git a/makefu/0tests/data/secrets/dl.euer.krebsco.de-auth.nix b/makefu/0tests/data/secrets/dl.euer.krebsco.de-auth.nix new file mode 100644 index 000000000..0967ef424 --- /dev/null +++ b/makefu/0tests/data/secrets/dl.euer.krebsco.de-auth.nix @@ -0,0 +1 @@ +{} diff --git a/makefu/0tests/data/secrets/extra-hosts.nix b/makefu/0tests/data/secrets/extra-hosts.nix new file mode 100644 index 000000000..e16c76dff --- /dev/null +++ b/makefu/0tests/data/secrets/extra-hosts.nix @@ -0,0 +1 @@ +"" diff --git a/makefu/0tests/data/secrets/grafana_security.nix b/makefu/0tests/data/secrets/grafana_security.nix new file mode 100644 index 000000000..f9096b7cf --- /dev/null +++ b/makefu/0tests/data/secrets/grafana_security.nix @@ -0,0 +1,5 @@ +{ + adminUser = "dick"; + adminPassword = "butt"; +} + diff --git a/makefu/0tests/data/secrets/hashedPasswords.nix b/makefu/0tests/data/secrets/hashedPasswords.nix new file mode 100644 index 000000000..0967ef424 --- /dev/null +++ b/makefu/0tests/data/secrets/hashedPasswords.nix @@ -0,0 +1 @@ +{} diff --git a/makefu/0tests/data/secrets/iodinepw.nix b/makefu/0tests/data/secrets/iodinepw.nix new file mode 100644 index 000000000..f5e704702 --- /dev/null +++ b/makefu/0tests/data/secrets/iodinepw.nix @@ -0,0 +1 @@ +"derp" diff --git a/makefu/0tests/data/secrets/kibana-auth.nix b/makefu/0tests/data/secrets/kibana-auth.nix new file mode 100644 index 000000000..80e8f44c1 --- /dev/null +++ b/makefu/0tests/data/secrets/kibana-auth.nix @@ -0,0 +1,4 @@ +{ + "dick" = "butt"; +} + diff --git a/makefu/0tests/data/secrets/nsupdate-data.nix b/makefu/0tests/data/secrets/nsupdate-data.nix new file mode 100644 index 000000000..e76c0e87e --- /dev/null +++ b/makefu/0tests/data/secrets/nsupdate-data.nix @@ -0,0 +1 @@ +{ "lol" = "wut"; } diff --git a/makefu/0tests/data/secrets/nsupdate-search.nix b/makefu/0tests/data/secrets/nsupdate-search.nix new file mode 100644 index 000000000..a9646aeb7 --- /dev/null +++ b/makefu/0tests/data/secrets/nsupdate-search.nix @@ -0,0 +1,3 @@ +{ + "dick.nsupdate.info" = "butt"; +} diff --git a/makefu/0tests/data/secrets/retiolum-ci.rsa_key.priv b/makefu/0tests/data/secrets/retiolum-ci.rsa_key.priv new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/0tests/data/secrets/retiolum.rsa_key.priv b/makefu/0tests/data/secrets/retiolum.rsa_key.priv new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/0tests/data/secrets/retiolum.rsa_key.pub b/makefu/0tests/data/secrets/retiolum.rsa_key.pub new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/0tests/data/secrets/sambacred b/makefu/0tests/data/secrets/sambacred new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/0tests/data/secrets/shackspace-gitlab-ci-token.nix b/makefu/0tests/data/secrets/shackspace-gitlab-ci-token.nix new file mode 100644 index 000000000..963e6db8b --- /dev/null +++ b/makefu/0tests/data/secrets/shackspace-gitlab-ci-token.nix @@ -0,0 +1 @@ +"lol" diff --git a/makefu/0tests/data/secrets/ssh.id_ed25519 b/makefu/0tests/data/secrets/ssh.id_ed25519 new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/0tests/data/secrets/ssh.makefu.id_rsa b/makefu/0tests/data/secrets/ssh.makefu.id_rsa new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/0tests/data/secrets/ssh.makefu.id_rsa.pub b/makefu/0tests/data/secrets/ssh.makefu.id_rsa.pub new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/0tests/data/secrets/ssh_host_ed25519_key b/makefu/0tests/data/secrets/ssh_host_ed25519_key new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/0tests/data/secrets/ssh_host_rsa_key b/makefu/0tests/data/secrets/ssh_host_rsa_key new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/0tests/data/secrets/tinc.krebsco.de.crt b/makefu/0tests/data/secrets/tinc.krebsco.de.crt new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/0tests/data/secrets/tinc.krebsco.de.key b/makefu/0tests/data/secrets/tinc.krebsco.de.key new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/0tests/data/secrets/tw-pass.ini b/makefu/0tests/data/secrets/tw-pass.ini new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/0tests/data/secrets/wildcard.krebsco.de.crt b/makefu/0tests/data/secrets/wildcard.krebsco.de.crt new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/0tests/data/secrets/wildcard.krebsco.de.key b/makefu/0tests/data/secrets/wildcard.krebsco.de.key new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/6tests/data/secrets/auth.nix b/makefu/6tests/data/secrets/auth.nix deleted file mode 100644 index 92d5c34a8..000000000 --- a/makefu/6tests/data/secrets/auth.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - user = "password"; -} diff --git a/makefu/6tests/data/secrets/bepasty-secret.nix b/makefu/6tests/data/secrets/bepasty-secret.nix deleted file mode 100644 index f5e704702..000000000 --- a/makefu/6tests/data/secrets/bepasty-secret.nix +++ /dev/null @@ -1 +0,0 @@ -"derp" diff --git a/makefu/6tests/data/secrets/bgt_cyberwar_hidden_service/hostname b/makefu/6tests/data/secrets/bgt_cyberwar_hidden_service/hostname deleted file mode 100644 index 2ae3807f1..000000000 --- a/makefu/6tests/data/secrets/bgt_cyberwar_hidden_service/hostname +++ /dev/null @@ -1 +0,0 @@ -dickbutt2342.onion diff --git a/makefu/6tests/data/secrets/daemon-pw b/makefu/6tests/data/secrets/daemon-pw deleted file mode 100644 index e16c76dff..000000000 --- a/makefu/6tests/data/secrets/daemon-pw +++ /dev/null @@ -1 +0,0 @@ -"" diff --git a/makefu/6tests/data/secrets/dl.euer.krebsco.de-auth.nix b/makefu/6tests/data/secrets/dl.euer.krebsco.de-auth.nix deleted file mode 100644 index 0967ef424..000000000 --- a/makefu/6tests/data/secrets/dl.euer.krebsco.de-auth.nix +++ /dev/null @@ -1 +0,0 @@ -{} diff --git a/makefu/6tests/data/secrets/extra-hosts.nix b/makefu/6tests/data/secrets/extra-hosts.nix deleted file mode 100644 index e16c76dff..000000000 --- a/makefu/6tests/data/secrets/extra-hosts.nix +++ /dev/null @@ -1 +0,0 @@ -"" diff --git a/makefu/6tests/data/secrets/grafana_security.nix b/makefu/6tests/data/secrets/grafana_security.nix deleted file mode 100644 index f9096b7cf..000000000 --- a/makefu/6tests/data/secrets/grafana_security.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - adminUser = "dick"; - adminPassword = "butt"; -} - diff --git a/makefu/6tests/data/secrets/hashedPasswords.nix b/makefu/6tests/data/secrets/hashedPasswords.nix deleted file mode 100644 index 0967ef424..000000000 --- a/makefu/6tests/data/secrets/hashedPasswords.nix +++ /dev/null @@ -1 +0,0 @@ -{} diff --git a/makefu/6tests/data/secrets/iodinepw.nix b/makefu/6tests/data/secrets/iodinepw.nix deleted file mode 100644 index f5e704702..000000000 --- a/makefu/6tests/data/secrets/iodinepw.nix +++ /dev/null @@ -1 +0,0 @@ -"derp" diff --git a/makefu/6tests/data/secrets/kibana-auth.nix b/makefu/6tests/data/secrets/kibana-auth.nix deleted file mode 100644 index 80e8f44c1..000000000 --- a/makefu/6tests/data/secrets/kibana-auth.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ - "dick" = "butt"; -} - diff --git a/makefu/6tests/data/secrets/nsupdate-data.nix b/makefu/6tests/data/secrets/nsupdate-data.nix deleted file mode 100644 index e76c0e87e..000000000 --- a/makefu/6tests/data/secrets/nsupdate-data.nix +++ /dev/null @@ -1 +0,0 @@ -{ "lol" = "wut"; } diff --git a/makefu/6tests/data/secrets/nsupdate-search.nix b/makefu/6tests/data/secrets/nsupdate-search.nix deleted file mode 100644 index a9646aeb7..000000000 --- a/makefu/6tests/data/secrets/nsupdate-search.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - "dick.nsupdate.info" = "butt"; -} diff --git a/makefu/6tests/data/secrets/retiolum-ci.rsa_key.priv b/makefu/6tests/data/secrets/retiolum-ci.rsa_key.priv deleted file mode 100644 index e69de29bb..000000000 diff --git a/makefu/6tests/data/secrets/retiolum.rsa_key.priv b/makefu/6tests/data/secrets/retiolum.rsa_key.priv deleted file mode 100644 index e69de29bb..000000000 diff --git a/makefu/6tests/data/secrets/retiolum.rsa_key.pub b/makefu/6tests/data/secrets/retiolum.rsa_key.pub deleted file mode 100644 index e69de29bb..000000000 diff --git a/makefu/6tests/data/secrets/sambacred b/makefu/6tests/data/secrets/sambacred deleted file mode 100644 index e69de29bb..000000000 diff --git a/makefu/6tests/data/secrets/shackspace-gitlab-ci-token.nix b/makefu/6tests/data/secrets/shackspace-gitlab-ci-token.nix deleted file mode 100644 index 963e6db8b..000000000 --- a/makefu/6tests/data/secrets/shackspace-gitlab-ci-token.nix +++ /dev/null @@ -1 +0,0 @@ -"lol" diff --git a/makefu/6tests/data/secrets/ssh.id_ed25519 b/makefu/6tests/data/secrets/ssh.id_ed25519 deleted file mode 100644 index e69de29bb..000000000 diff --git a/makefu/6tests/data/secrets/ssh.makefu.id_rsa b/makefu/6tests/data/secrets/ssh.makefu.id_rsa deleted file mode 100644 index e69de29bb..000000000 diff --git a/makefu/6tests/data/secrets/ssh.makefu.id_rsa.pub b/makefu/6tests/data/secrets/ssh.makefu.id_rsa.pub deleted file mode 100644 index e69de29bb..000000000 diff --git a/makefu/6tests/data/secrets/ssh_host_ed25519_key b/makefu/6tests/data/secrets/ssh_host_ed25519_key deleted file mode 100644 index e69de29bb..000000000 diff --git a/makefu/6tests/data/secrets/ssh_host_rsa_key b/makefu/6tests/data/secrets/ssh_host_rsa_key deleted file mode 100644 index e69de29bb..000000000 diff --git a/makefu/6tests/data/secrets/tinc.krebsco.de.crt b/makefu/6tests/data/secrets/tinc.krebsco.de.crt deleted file mode 100644 index e69de29bb..000000000 diff --git a/makefu/6tests/data/secrets/tinc.krebsco.de.key b/makefu/6tests/data/secrets/tinc.krebsco.de.key deleted file mode 100644 index e69de29bb..000000000 diff --git a/makefu/6tests/data/secrets/tw-pass.ini b/makefu/6tests/data/secrets/tw-pass.ini deleted file mode 100644 index e69de29bb..000000000 diff --git a/makefu/6tests/data/secrets/wildcard.krebsco.de.crt b/makefu/6tests/data/secrets/wildcard.krebsco.de.crt deleted file mode 100644 index e69de29bb..000000000 diff --git a/makefu/6tests/data/secrets/wildcard.krebsco.de.key b/makefu/6tests/data/secrets/wildcard.krebsco.de.key deleted file mode 100644 index e69de29bb..000000000 diff --git a/makefu/source.nix b/makefu/source.nix index 40aeac8b6..1039ba654 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -45,7 +45,7 @@ in }; secrets = getAttr builder { - buildbot.file = toString ; + buildbot.file = toString ; makefu.pass = { inherit name; dir = "${getEnv "HOME"}/.secrets-pass"; @@ -79,7 +79,7 @@ in (mkIf ( torrent ) { torrent-secrets = getAttr builder { - buildbot.file = toString ; + buildbot.file = toString ; makefu.pass = { name = "torrent"; dir = "${getEnv "HOME"}/.secrets-pass"; -- cgit v1.2.3 From 5dd486eabdec439cc67b2341519d1afdd577c34f Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 31 May 2018 10:33:08 +0200 Subject: ma bluetooth: separate file --- makefu/1systems/x/config.nix | 47 ++++++---------------------------------- makefu/2configs/hw/bluetooth.nix | 39 +++++++++++++++++++++++++++++++++ makefu/2configs/hw/rad1o.nix | 19 ++++++++++++++++ makefu/2configs/rad1o.nix | 19 ---------------- 4 files changed, 65 insertions(+), 59 deletions(-) create mode 100644 makefu/2configs/hw/bluetooth.nix create mode 100644 makefu/2configs/hw/rad1o.nix delete mode 100644 makefu/2configs/rad1o.nix (limited to 'makefu') diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 93bb27efe..451689f91 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -19,6 +19,7 @@ with import ; # Debugging # + # # Testing # @@ -67,7 +68,9 @@ with import ; # - # + + + # # Filesystem @@ -103,44 +106,9 @@ with import ; ]; }; } - { # bluetooth+pulse config - # for blueman-applet - users.users.makefu.packages = [ - pkgs.blueman - ]; - hardware.pulseaudio = { - enable = true; - package = pkgs.pulseaudioFull; - # systemWide = true; - support32Bit = true; - configFile = pkgs.writeText "default.pa" '' - load-module module-udev-detect - load-module module-bluetooth-policy - load-module module-bluetooth-discover - load-module module-native-protocol-unix - load-module module-always-sink - load-module module-console-kit - load-module module-systemd-login - load-module module-intended-roles - load-module module-position-event-sounds - load-module module-filter-heuristics - load-module module-filter-apply - load-module module-switch-on-connect - load-module module-switch-on-port-available - ''; - }; - - # presumably a2dp Sink - # Enable profile: - ## pacmd set-card-profile "$(pactl list cards short | egrep -o bluez_card[[:alnum:]._]+)" a2dp_sink - hardware.bluetooth.extraConfig = ''; - [general] - Enable=Source,Sink,Media,Socket - ''; - - # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio - hardware.bluetooth.enable = true; - } + # { + # services.zerotierone.enable = true; + # } ]; @@ -166,7 +134,6 @@ with import ; # hard dependency because otherwise the device will not be unlocked boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; - nix.package = pkgs.nixUnstable; environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ]; nixpkgs.overlays = [ (import ) ]; diff --git a/makefu/2configs/hw/bluetooth.nix b/makefu/2configs/hw/bluetooth.nix new file mode 100644 index 000000000..85c3190ff --- /dev/null +++ b/makefu/2configs/hw/bluetooth.nix @@ -0,0 +1,39 @@ +{ pkgs, ... }: +{ # bluetooth+pulse config +# for blueman-applet + users.users.makefu.packages = [ + pkgs.blueman + ]; + hardware.pulseaudio = { + enable = true; + package = pkgs.pulseaudioFull; +# systemWide = true; + support32Bit = true; + configFile = pkgs.writeText "default.pa" '' + load-module module-udev-detect + load-module module-bluetooth-policy + load-module module-bluetooth-discover + load-module module-native-protocol-unix + load-module module-always-sink + load-module module-console-kit + load-module module-systemd-login + load-module module-intended-roles + load-module module-position-event-sounds + load-module module-filter-heuristics + load-module module-filter-apply + load-module module-switch-on-connect + load-module module-switch-on-port-available + ''; + }; + +# presumably a2dp Sink +# Enable profile: +## pacmd set-card-profile "$(pactl list cards short | egrep -o bluez_card[[:alnum:]._]+)" a2dp_sink + hardware.bluetooth.extraConfig = ''; + [general] + Enable=Source,Sink,Media,Socket + ''; + +# connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio + hardware.bluetooth.enable = true; +} diff --git a/makefu/2configs/hw/rad1o.nix b/makefu/2configs/hw/rad1o.nix new file mode 100644 index 000000000..6eca69e0c --- /dev/null +++ b/makefu/2configs/hw/rad1o.nix @@ -0,0 +1,19 @@ +{ config, lib, pkgs, ... }: + +{ + + environment.systemPackages = with pkgs; [ + gnuradio-with-packages + gnuradio-osmosdr + gqrx + ]; + + users.extraUsers.${config.krebs.build.user.name}.extraGroups = [ "dialout" ]; + + services.udev.extraRules = '' + ATTR{idVendor}=="1d50", ATTR{idProduct}=="604b", SYMLINK+="hackrf-jawbreaker-%k", MODE="0666", GROUP="dialout" + ATTR{idVendor}=="1d50", ATTR{idProduct}=="6089", SYMLINK+="hackrf-one-%k", MODE="0666", GROUP="dialout" + ATTR{idVendor}=="1d50", ATTR{idProduct}=="cc15", SYMLINK+="rad1o-%k", MODE="0666", GROUP="dialout" + ATTR{idVendor}=="1fc9", ATTR{idProduct}=="000c", SYMLINK+="nxp-dfu-%k", MODE="0666", GROUP="dialout" + ''; +} diff --git a/makefu/2configs/rad1o.nix b/makefu/2configs/rad1o.nix deleted file mode 100644 index 6eca69e0c..000000000 --- a/makefu/2configs/rad1o.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - - environment.systemPackages = with pkgs; [ - gnuradio-with-packages - gnuradio-osmosdr - gqrx - ]; - - users.extraUsers.${config.krebs.build.user.name}.extraGroups = [ "dialout" ]; - - services.udev.extraRules = '' - ATTR{idVendor}=="1d50", ATTR{idProduct}=="604b", SYMLINK+="hackrf-jawbreaker-%k", MODE="0666", GROUP="dialout" - ATTR{idVendor}=="1d50", ATTR{idProduct}=="6089", SYMLINK+="hackrf-one-%k", MODE="0666", GROUP="dialout" - ATTR{idVendor}=="1d50", ATTR{idProduct}=="cc15", SYMLINK+="rad1o-%k", MODE="0666", GROUP="dialout" - ATTR{idVendor}=="1fc9", ATTR{idProduct}=="000c", SYMLINK+="nxp-dfu-%k", MODE="0666", GROUP="dialout" - ''; -} -- cgit v1.2.3 From b31dff172455519e93292ccee5e3c8441a5888e3 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 31 May 2018 10:33:48 +0200 Subject: ma omo.r: also deploy torrent secrets --- makefu/1systems/omo/source.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'makefu') diff --git a/makefu/1systems/omo/source.nix b/makefu/1systems/omo/source.nix index 94fd9cbe6..da0d87aad 100644 --- a/makefu/1systems/omo/source.nix +++ b/makefu/1systems/omo/source.nix @@ -1,3 +1,4 @@ import { name="omo"; + torrent = true; } -- cgit v1.2.3 From b7c156e5d25f0acf0a430eb1477890482009c51e Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 31 May 2018 10:34:46 +0200 Subject: ma source: bump nixpkgs to today --- makefu/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/source.nix b/makefu/source.nix index 40aeac8b6..d956a06cd 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -23,7 +23,7 @@ let ]; }; # TODO: automate updating of this ref + cherry-picks - ref = "a09afbfb8a4"; # nixos-18.03 @ 2018-04-04 + ref = "a8e3e2cc1f7"; # nixos-18.03 @ 2018-05-31 # + do_sqlite3 ruby: 55a952be5b5 in -- cgit v1.2.3 From 319bb6fa89e24d0da9eca1b9d69c685b95f329f0 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 31 May 2018 10:36:10 +0200 Subject: ma hw/irtoy: init --- makefu/2configs/hw/irtoy.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 makefu/2configs/hw/irtoy.nix (limited to 'makefu') diff --git a/makefu/2configs/hw/irtoy.nix b/makefu/2configs/hw/irtoy.nix new file mode 100644 index 000000000..688f1b2b9 --- /dev/null +++ b/makefu/2configs/hw/irtoy.nix @@ -0,0 +1,15 @@ +{ config, lib, pkgs, ... }: + +{ + + users.users.makefu.packages = with pkgs; [ + lirc + ]; + + users.extraUsers.${config.krebs.build.user.name}.extraGroups = [ "dialout" ]; + + services.udev.extraRules = '' + SUBSYSTEMS=="usb", ATTRS{idProduct}=="fd08", ATTRS{idVendor}=="04d8", SYMLINK+="irtoy", MODE="0666", GROUP="dialout" + ''; +} + -- cgit v1.2.3 From f6006d7df1fbe2e24b32d945eb55aede97b41886 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 31 May 2018 12:26:53 +0200 Subject: ma source: fix exfat-nofuse build --- makefu/source.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'makefu') diff --git a/makefu/source.nix b/makefu/source.nix index a15edd1aa..56d9095b2 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -23,8 +23,9 @@ let ]; }; # TODO: automate updating of this ref + cherry-picks - ref = "a8e3e2cc1f7"; # nixos-18.03 @ 2018-05-31 - # + do_sqlite3 ruby: 55a952be5b5 + ref = "60b6ab055ad"; # nixos-18.03 @ 2018-05-31 + # + do_sqlite3 ruby: 55a952be5b5 + # + exfat-nofuse bump: ee6a5296a35 in evalSource (toString _file) [ -- cgit v1.2.3 From 3c704cf61e2dc48629af6e331c21d9c5be5d277b Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 7 Jun 2018 21:18:39 +0200 Subject: ma tools: core -> desktop --- makefu/2configs/tools/all.nix | 1 + makefu/2configs/tools/core.nix | 9 --------- makefu/2configs/tools/desktop.nix | 11 +++++++++++ 3 files changed, 12 insertions(+), 9 deletions(-) create mode 100644 makefu/2configs/tools/desktop.nix (limited to 'makefu') diff --git a/makefu/2configs/tools/all.nix b/makefu/2configs/tools/all.nix index 2bb438f16..b6554e040 100644 --- a/makefu/2configs/tools/all.nix +++ b/makefu/2configs/tools/all.nix @@ -5,6 +5,7 @@ ./core.nix ./core-gui.nix ./dev.nix + ./desktop.nix ./extra-gui.nix ./games.nix ./media.nix diff --git a/makefu/2configs/tools/core.nix b/makefu/2configs/tools/core.nix index 7e9a459c3..604288904 100644 --- a/makefu/2configs/tools/core.nix +++ b/makefu/2configs/tools/core.nix @@ -24,7 +24,6 @@ # io pv - sshpass usbutils p7zip hdparm @@ -39,11 +38,6 @@ wol iftop - mkpasswd - mutt - weechat - tmux - # stockholm git gnumake @@ -55,8 +49,5 @@ rxvt_unicode.terminfo krebspaste - # TODO: - taskwarrior - pass ]; } diff --git a/makefu/2configs/tools/desktop.nix b/makefu/2configs/tools/desktop.nix new file mode 100644 index 000000000..1fe03e111 --- /dev/null +++ b/makefu/2configs/tools/desktop.nix @@ -0,0 +1,11 @@ +{ pkgs, ... }: + +{ + users.users.makefu.packages = with pkgs; [ + taskwarrior + pass + mutt + weechat + tmux + ]; +} -- cgit v1.2.3 From 8cad4d187446901206e8110d27d1763c2df942d2 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 10 Jun 2018 23:36:29 +0200 Subject: ma pkgs.python-firetv: no need for nixpkgs-unstable anymore --- makefu/5pkgs/python-firetv/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/5pkgs/python-firetv/default.nix b/makefu/5pkgs/python-firetv/default.nix index 1fb772f1f..593f4e718 100644 --- a/makefu/5pkgs/python-firetv/default.nix +++ b/makefu/5pkgs/python-firetv/default.nix @@ -1,6 +1,6 @@ { lib, pkgs, python2Packages, ... }: # requires libusb1 from unstable -with (import {}).python2Packages; let +with python2Packages; let python-adb = buildPythonPackage rec { pname = "adb"; -- cgit v1.2.3 From c01b6860809fb455c060e143c596590f61fc62c5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 12 Jun 2018 18:43:12 +0200 Subject: github krebscode -> krebs --- makefu/5pkgs/elchhub/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'makefu') diff --git a/makefu/5pkgs/elchhub/default.nix b/makefu/5pkgs/elchhub/default.nix index 76ba834ab..df5777135 100644 --- a/makefu/5pkgs/elchhub/default.nix +++ b/makefu/5pkgs/elchhub/default.nix @@ -22,13 +22,13 @@ in buildPythonPackage rec { ]; doCheck = false; src = fetchFromGitHub { - owner = "krebscode"; + owner = "krebs"; repo = "elchhub"; rev = "58707c6"; sha256 = "04spbcr660dxyc4jvrai094na25zizd2cfi36jz19lahb0k66lqm"; }; meta = { - homepage = https://github.com/krebscode/elchhub; + ho