From 461ca80e6dff653360012d3eb5373a479a6e54ed Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 2 Mar 2017 19:42:44 +0100 Subject: tv nixpkgs: 5d03aab -> 53a2baa --- tv/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index dc26a6c..1d3ee39 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -14,7 +14,7 @@ with import ; stockholm.file = "/home/tv/stockholm"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "5d03aab044970e72a9c6cb07dab734c9c2a391e4"; + ref = "53a2baa"; # nixos-unstable (17.03-rc) }; } // optionalAttrs host.secure { secrets-master.file = "/home/tv/secrets/master"; -- cgit v1.2.3 From a51975b1dc7cbeb75291706d1309ecef43d484a8 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 2 Mar 2017 19:57:52 +0100 Subject: krebs,tv: /var/setuid-wrappers -> /run/wrappers/bin --- tv/2configs/xserver/default.nix | 2 +- tv/5pkgs/xmonad-tv/default.nix | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 7dcfecc..deb929c 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -18,7 +18,7 @@ in { ]; # TODO dedicated group, i.e. with a single user [per-user-setuid] - # TODO krebs.setuid.slock.path vs /var/setuid-wrappers + # TODO krebs.setuid.slock.path vs /run/wrappers/bin krebs.setuid.slock = { filename = "${pkgs.slock}/bin/slock"; group = "wheel"; diff --git a/tv/5pkgs/xmonad-tv/default.nix b/tv/5pkgs/xmonad-tv/default.nix index c6a622b..5ac8f83 100644 --- a/tv/5pkgs/xmonad-tv/default.nix +++ b/tv/5pkgs/xmonad-tv/default.nix @@ -132,7 +132,7 @@ spawnRootTerm :: X () spawnRootTerm = forkFile urxvtcPath - ["-name", "root-urxvt", "-e", "/var/setuid-wrappers/su", "-"] + ["-name", "root-urxvt", "-e", "/run/wrappers/bin/su", "-"] Nothing spawnTermAt :: String -> X () @@ -143,7 +143,7 @@ spawnTermAt ws = do myKeys :: XConfig Layout -> Map (KeyMask, KeySym) (X ()) myKeys conf = Map.fromList $ - [ ((_4 , xK_Escape ), forkFile "/var/setuid-wrappers/slock" [] Nothing) + [ ((_4 , xK_Escape ), forkFile "/run/wrappers/bin/slock" [] Nothing) , ((_4S , xK_c ), kill) , ((_4 , xK_x ), chooseAction spawnTermAt) -- cgit v1.2.3 From 94820dc07c9ebc0d346a2a3b0df8b18cff53a617 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 2 Mar 2017 20:02:01 +0100 Subject: mv,tv: security.setuidPrograms -> security.wrappers --- mv/1systems/stro.nix | 6 +++--- tv/1systems/mu.nix | 8 ++++---- tv/1systems/wu.nix | 6 +++--- tv/1systems/xu.nix | 6 +++--- tv/1systems/zu.nix | 6 +++--- 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/mv/1systems/stro.nix b/mv/1systems/stro.nix index e371db7..c8035b8 100644 --- a/mv/1systems/stro.nix +++ b/mv/1systems/stro.nix @@ -143,9 +143,9 @@ with import ; }; }; - security.setuidPrograms = [ - "sendmail" - ]; + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + }; security.sudo.extraConfig = '' Defaults env_keep+="SSH_CLIENT" diff --git a/tv/1systems/mu.nix b/tv/1systems/mu.nix index e9a8a13..fcd0a21 100644 --- a/tv/1systems/mu.nix +++ b/tv/1systems/mu.nix @@ -99,10 +99,10 @@ with import ; programs.ssh.startAgent = false; - security.setuidPrograms = [ - "sendmail" # for cron - "slock" - ]; + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + slock.slock = "${pkgs.slock}/bin/slock"; + }; security.pam.loginLimits = [ # for jack diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index a9d7e94..4cde8b9 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -157,9 +157,9 @@ with import ; #jack2 ]; - security.setuidPrograms = [ - "sendmail" # for cron - ]; + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + }; services.printing.enable = true; diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 974d820..4b8fe8d 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -167,9 +167,9 @@ with import ; gptfdisk ]; - security.setuidPrograms = [ - "sendmail" # for cron - ]; + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + }; services.printing.enable = true; diff --git a/tv/1systems/zu.nix b/tv/1systems/zu.nix index 59e8b1c..194ac29 100644 --- a/tv/1systems/zu.nix +++ b/tv/1systems/zu.nix @@ -167,9 +167,9 @@ with import ; gptfdisk ]; - security.setuidPrograms = [ - "sendmail" # for cron - ]; + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + }; services.printing.enable = true; -- cgit v1.2.3 From 6509ec280346b7cfda73b2f6adc7f07838b70ab0 Mon Sep 17 00:00:00 2001 From: nin Date: Wed, 22 Feb 2017 21:35:38 +0100 Subject: n 2 nixpkgs: d2cd8a0 -> 6651c72 --- nin/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nin/2configs/nixpkgs.nix b/nin/2configs/nixpkgs.nix index 27a845b..ad39848 100644 --- a/nin/2configs/nixpkgs.nix +++ b/nin/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "d2cd8a0"; + ref = "6651c72"; }; } -- cgit v1.2.3 From aca6985dd5f2f53b81c60470b86e5ee86ebf8ba1 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 2 Mar 2017 19:42:44 +0100 Subject: tv nixpkgs: 5d03aab -> 53a2baa --- tv/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index dc26a6c..1d3ee39 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -14,7 +14,7 @@ with import ; stockholm.file = "/home/tv/stockholm"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "5d03aab044970e72a9c6cb07dab734c9c2a391e4"; + ref = "53a2baa"; # nixos-unstable (17.03-rc) }; } // optionalAttrs host.secure { secrets-master.file = "/home/tv/secrets/master"; -- cgit v1.2.3 From cd3ec877e71b32278b0af99997ceb5df56d85aac Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 2 Mar 2017 19:57:52 +0100 Subject: krebs,tv: /var/setuid-wrappers -> /run/wrappers/bin --- tv/2configs/xserver/default.nix | 2 +- tv/5pkgs/xmonad-tv/default.nix | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 7dcfecc..deb929c 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -18,7 +18,7 @@ in { ]; # TODO dedicated group, i.e. with a single user [per-user-setuid] - # TODO krebs.setuid.slock.path vs /var/setuid-wrappers + # TODO krebs.setuid.slock.path vs /run/wrappers/bin krebs.setuid.slock = { filename = "${pkgs.slock}/bin/slock"; group = "wheel"; diff --git a/tv/5pkgs/xmonad-tv/default.nix b/tv/5pkgs/xmonad-tv/default.nix index c6a622b..5ac8f83 100644 --- a/tv/5pkgs/xmonad-tv/default.nix +++ b/tv/5pkgs/xmonad-tv/default.nix @@ -132,7 +132,7 @@ spawnRootTerm :: X () spawnRootTerm = forkFile urxvtcPath - ["-name", "root-urxvt", "-e", "/var/setuid-wrappers/su", "-"] + ["-name", "root-urxvt", "-e", "/run/wrappers/bin/su", "-"] Nothing spawnTermAt :: String -> X () @@ -143,7 +143,7 @@ spawnTermAt ws = do myKeys :: XConfig Layout -> Map (KeyMask, KeySym) (X ()) myKeys conf = Map.fromList $ - [ ((_4 , xK_Escape ), forkFile "/var/setuid-wrappers/slock" [] Nothing) + [ ((_4 , xK_Escape ), forkFile "/run/wrappers/bin/slock" [] Nothing) , ((_4S , xK_c ), kill) , ((_4 , xK_x ), chooseAction spawnTermAt) -- cgit v1.2.3 From 10332711d609668e68491d6d8e32bbfcf0228b82 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 2 Mar 2017 20:02:01 +0100 Subject: mv,tv: security.setuidPrograms -> security.wrappers --- mv/1systems/stro.nix | 6 +++--- tv/1systems/mu.nix | 8 ++++---- tv/1systems/wu.nix | 6 +++--- tv/1systems/xu.nix | 6 +++--- tv/1systems/zu.nix | 6 +++--- 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/mv/1systems/stro.nix b/mv/1systems/stro.nix index e371db7..c8035b8 100644 --- a/mv/1systems/stro.nix +++ b/mv/1systems/stro.nix @@ -143,9 +143,9 @@ with import ; }; }; - security.setuidPrograms = [ - "sendmail" - ]; + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + }; security.sudo.extraConfig = '' Defaults env_keep+="SSH_CLIENT" diff --git a/tv/1systems/mu.nix b/tv/1systems/mu.nix index e9a8a13..fcd0a21 100644 --- a/tv/1systems/mu.nix +++ b/tv/1systems/mu.nix @@ -99,10 +99,10 @@ with import ; programs.ssh.startAgent = false; - security.setuidPrograms = [ - "sendmail" # for cron - "slock" - ]; + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + slock.slock = "${pkgs.slock}/bin/slock"; + }; security.pam.loginLimits = [ # for jack diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index a9d7e94..4cde8b9 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -157,9 +157,9 @@ with import ; #jack2 ]; - security.setuidPrograms = [ - "sendmail" # for cron - ]; + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + }; services.printing.enable = true; diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 974d820..4b8fe8d 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -167,9 +167,9 @@ with import ; gptfdisk ]; - security.setuidPrograms = [ - "sendmail" # for cron - ]; + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + }; services.printing.enable = true; diff --git a/tv/1systems/zu.nix b/tv/1systems/zu.nix index 59e8b1c..194ac29 100644 --- a/tv/1systems/zu.nix +++ b/tv/1systems/zu.nix @@ -167,9 +167,9 @@ with import ; gptfdisk ]; - security.setuidPrograms = [ - "sendmail" # for cron - ]; + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + }; services.printing.enable = true; -- cgit v1.2.3 From 694cf22e02ffd7041c5f2cf7b31f3fc0bb3cc7e9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 4 Mar 2017 20:46:59 +0100 Subject: s 2: bump nixpkgs to 17.03 --- shared/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/2configs/default.nix b/shared/2configs/default.nix index cae2bc8..bf2ce84 100644 --- a/shared/2configs/default.nix +++ b/shared/2configs/default.nix @@ -11,7 +11,7 @@ with import ; nixos-config.symlink = "stockholm/${user.name}/1systems/${host.name}.nix"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "b8ede35d2efa96490857c22c751e75d600bea44f"; # nixos-16.09 @ 2016-10-19 + ref = "5b0c9d4f92f15f171afa65caf13a29ac1c068a10"; # nixos-17.03 @ 2017-03-04 }; secrets.file = if getEnv "dummy_secrets" == "true" -- cgit v1.2.3 From 55a73e4278fc8d0645802eb1ea8cd6a461ed2529 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 4 Mar 2017 23:04:07 +0100 Subject: wolf: drop packageOverride for nano --- shared/2configs/default.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/shared/2configs/default.nix b/shared/2configs/default.nix index cae2bc8..0f72b2b 100644 --- a/shared/2configs/default.nix +++ b/shared/2configs/default.nix @@ -30,10 +30,6 @@ with import ; ]; nix.useSandbox = true; - nixpkgs.config.packageOverrides = pkgs: { - nano = pkgs.vim; - }; - environment.systemPackages = with pkgs; [ git rxvt_unicode.terminfo -- cgit v1.2.3 From 36b37c55b6148c4d27668a0b708e19bbdf97a70a Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 4 Mar 2017 23:04:26 +0100 Subject: shared nixpkgs: b8ede35 -> 5b0c9d4 --- shared/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/2configs/default.nix b/shared/2configs/default.nix index 0f72b2b..49c0d3d 100644 --- a/shared/2configs/default.nix +++ b/shared/2configs/default.nix @@ -11,7 +11,7 @@ with import ; nixos-config.symlink = "stockholm/${user.name}/1systems/${host.name}.nix"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "b8ede35d2efa96490857c22c751e75d600bea44f"; # nixos-16.09 @ 2016-10-19 + ref = "5b0c9d4f92f15f171afa65caf13a29ac1c068a10"; # nixos-17.03 @ 2017-03-03 }; secrets.file = if getEnv "dummy_secrets" == "true" -- cgit v1.2.3 From 5b569ce10e7156fd0a7e0caec51f79bff0dd6007 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 4 Mar 2017 23:15:56 +0100 Subject: tv urlwatch: nixos-16.09 -> nixos-17.03 --- tv/2configs/urlwatch.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix index 6e11e02..5779240 100644 --- a/tv/2configs/urlwatch.nix +++ b/tv/2configs/urlwatch.nix @@ -31,7 +31,7 @@ with import ; ## other - https://nixos.org/channels/nixos-16.09/git-revision + https://nixos.org/channels/nixos-17.03/git-revision https://nixos.org/channels/nixos-unstable/git-revision ## 2014-10-17 -- cgit v1.2.3 From 59870808ac04f4f9c829c3dcf87d02c63ea37feb Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 4 Mar 2017 23:21:53 +0100 Subject: tv nixpkgs: 53a2baa -> 5b0c9d4 --- tv/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 1d3ee39..33fb7e4 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -14,7 +14,7 @@ with import ; stockholm.file = "/home/tv/stockholm"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "53a2baa"; # nixos-unstable (17.03-rc) + ref = "5b0c9d4f92f15f171afa65caf13a29ac1c068a10"; # nixos-17.03 }; } // optionalAttrs host.secure { secrets-master.file = "/home/tv/secrets/master"; -- cgit v1.2.3 From 515c345cf4d058b49a871f7bf50be736608816f3 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 6 Mar 2017 12:45:56 +0100 Subject: tv q: respect terminal width when printing calenders --- tv/5pkgs/q/default.nix | 38 +++++++++++++++++++++++++++++--------- 1 file changed, 29 insertions(+), 9 deletions(-) diff --git a/tv/5pkgs/q/default.nix b/tv/5pkgs/q/default.nix index a3a7cd7..2e7aa5c 100644 --- a/tv/5pkgs/q/default.nix +++ b/tv/5pkgs/q/default.nix @@ -1,7 +1,19 @@ { pkgs, ... }: +with import ; let q-cal = let - # XXX 23 is the longest line of cal's output + + # Maximum width of cal's output. + calwidth = 23; + + # Number of space characters between two calendars. + hspace = 2; + + # Return number of columns required to print n calenders side by side. + need_width = n: + assert n >= 1; + n * calwidth + (n - 1) * hspace; + pad = ''{ ${pkgs.gnused}/bin/sed ' # rtrim @@ -10,7 +22,7 @@ let # delete last empty line ''${/^$/d} ' \ - | ${pkgs.gawk}/bin/awk '{printf "%-23s\n", $0}' \ + | ${pkgs.gawk}/bin/awk '{printf "%-${toString calwidth}s\n", $0}' \ | ${pkgs.gnused}/bin/sed ' # colorize header 1,2s/.*/&/ @@ -20,23 +32,31 @@ let ' }''; in '' + cols=$(${pkgs.ncurses}/bin/tput cols) ${pkgs.coreutils}/bin/paste \ - <(${pkgs.utillinux}/bin/cal -mw \ + <(if test $cols -ge ${toString (need_width 3)}; then + ${pkgs.utillinux}/bin/cal -mw \ $(${pkgs.coreutils}/bin/date +'%m %Y' -d 'last month') \ | ${pad} - ) \ - <(${pkgs.utillinux}/bin/cal -mw \ + fi) \ + <(if test $cols -ge ${toString (need_width 1)}; then + ${pkgs.utillinux}/bin/cal -mw \ | ${pkgs.gnused}/bin/sed ' # colorize day of month s/\(^\| \)'"$(${pkgs.coreutils}/bin/date +%e)"'\>/&/ ' \ | ${pad} - ) \ - <(${pkgs.utillinux}/bin/cal -mw \ + fi) \ + <(if test $cols -ge ${toString (need_width 2)}; then + ${pkgs.utillinux}/bin/cal -mw \ $(${pkgs.coreutils}/bin/date +'%m %Y' -d 'next month') \ | ${pad} - ) \ - | ${pkgs.gnused}/bin/sed 's/\t/ /g' + fi) \ + | ${pkgs.gnused}/bin/sed ' + s/^\t// + s/\t$// + s/\t/${lpad hspace " " ""}/g + ' ''; q-isodate = '' -- cgit v1.2.3 From f927ed394ce174587a29c58eba0dfa81a5ddafa8 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 6 Mar 2017 13:11:21 +0100 Subject: tv pulse: talk about hijacking audio devices --- tv/2configs/pulse.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tv/2configs/pulse.nix b/tv/2configs/pulse.nix index 2a3b5cb..4185512 100644 --- a/tv/2configs/pulse.nix +++ b/tv/2configs/pulse.nix @@ -76,6 +76,9 @@ in }; }; + # TODO assert that pulse is the only user with "audio" in group/extraGroups + # otherwise the audio device can be hijacked while the pulse service restarts + # (e.g. when mpv is running) and then the service will fail. users = { groups.pulse.gid = config.users.users.pulse.uid; users.pulse = { -- cgit v1.2.3 From af162549b12cc7b1f496b2d4d8fe99c9dab85428 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 7 Mar 2017 15:32:31 +0100 Subject: Revert "cd: hart eingeCACt" This reverts commit ec2983a34290311bf4602aeec52eb065e29099b2. --- tv/1systems/cd.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix index b718d19..108006f 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd.nix @@ -16,11 +16,11 @@ with import ; networking = { interfaces.enp2s1.ip4 = singleton { address = let - addr = "64.137.177.226"; + addr = "45.62.237.203"; in assert config.krebs.build.host.nets.internet.ip4.addr == addr; addr; prefixLength = 24; }; - defaultGateway = "64.137.177.1"; + defaultGateway = "45.62.237.1"; nameservers = ["8.8.8.8"]; }; -- cgit v1.2.3