diff options
25 files changed, 193 insertions, 107 deletions
diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix index b610ff3d1..a4a4de6f9 100644 --- a/krebs/3modules/iptables.nix +++ b/krebs/3modules/iptables.nix @@ -1,5 +1,7 @@ { config, lib, pkgs, ... }: +with import <stockholm/lib>; + let inherit (pkgs) writeText; @@ -7,27 +9,6 @@ let elem ; - inherit (lib) - concatMapStringsSep - concatStringsSep - attrNames - unique - fold - any - attrValues - catAttrs - filter - flatten - length - hasAttr - hasPrefix - mkEnableOption - mkOption - mkIf - types - sort - ; - cfg = config.krebs.iptables; out = { @@ -65,6 +46,14 @@ let type = int; default = 0; }; + v4 = mkOption { + type = bool; + default = true; + }; + v6 = mkOption { + type = bool; + default = true; + }; }; }))); default = null; @@ -93,7 +82,7 @@ let Type = "simple"; RemainAfterExit = true; Restart = "always"; - ExecStart = "@${startScript} krebs-iptables_start"; + ExecStart = startScript; }; }; }; @@ -109,7 +98,8 @@ let buildChain = tn: cn: let - sortedRules = sort (a: b: a.precedence > b.precedence) ts."${tn}"."${cn}".rules; + filteredRules = filter (r: r."${v}") ts."${tn}"."${cn}".rules; + sortedRules = sort (a: b: a.precedence > b.precedence) filteredRules; in #TODO: double check should be unneccessary, refactor! @@ -123,13 +113,6 @@ let buildRule = tn: cn: rule: - #target validation test: - assert (elem rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}"))) || hasPrefix "REDIRECT" rule.target || hasPrefix "DNAT" rule.target; - - #predicate validation test: - #maybe use iptables-test - #TODO: howto exit with evaluation error by shellscript? - #apperantly not possible from nix because evalatution wouldn't be deterministic. "${rule.predicate} -j ${rule.target}"; buildTable = tn: @@ -149,7 +132,7 @@ let #===== - rules4 = iptables-version: + rules = iptables-version: let #TODO: find out good defaults. tables-defaults = { @@ -171,14 +154,14 @@ let tables = tables-defaults // cfg.tables; in - writeText "krebs-iptables-rules${toString iptables-version}" '' + pkgs.writeText "krebs-iptables-rules${iptables-version}" '' ${buildTables iptables-version tables} ''; startScript = pkgs.writeDash "krebs-iptables_start" '' set -euf - iptables-restore < ${rules4 4} - ip6tables-restore < ${rules4 6} + iptables-restore < ${rules "v4"} + ip6tables-restore < ${rules "v6"} ''; in diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix index 1577c5b64..933c2e513 100644 --- a/krebs/3modules/nginx.nix +++ b/krebs/3modules/nginx.nix @@ -53,9 +53,22 @@ let default = ""; }; ssl = mkOption { - type = with types; submodule ({ + type = with types; submodule ({ config, ... }: { options = { enable = mkEnableOption "ssl"; + acmeEnable = mkOption { + type = bool; + apply = x: + if x && config.enable + #conflicts because of certificate/certificate_key location + then throw "can't use ssl.enable and ssl.acmeEnable together" + else x; + default = false; + description = '' + enables automatical generation of lets-encrypt certificates and setting them as certificate + conflicts with ssl.enable + ''; + }; certificate = mkOption { type = str; }; @@ -95,6 +108,7 @@ let }; imp = { + security.acme.certs = mapAttrs (_: to-acme) (filterAttrs (_: server: server.ssl.acmeEnable) cfg.servers); services.nginx = { enable = true; httpConfig = '' @@ -117,13 +131,24 @@ let indent = replaceChars ["\n"] ["\n "]; + to-acme = { server-names, ssl, ... }: + optionalAttrs ssl.acmeEnable { + email = "lassulus@gmail.com"; + webroot = "${config.security.acme.directory}/${head server-names}"; + }; + to-location = { name, value }: '' location ${name} { ${indent value} } ''; - to-server = { server-names, listen, locations, extraConfig, ssl, ... }: '' + to-server = { server-names, listen, locations, extraConfig, ssl, ... }: let + domain = head server-names; + acmeLocation = optionalAttrs ssl.acmeEnable (nameValuePair "/.well-known/acme-challenge" '' + root ${config.security.acme.certs.${domain}.webroot}; + ''); + in '' server { server_name ${toString (unique server-names)}; ${concatMapStringsSep "\n" (x: indent "listen ${x};") listen} @@ -142,7 +167,23 @@ let ssl_ciphers ${ssl.ciphers}; ssl_protocols ${toString ssl.protocols}; '')} + ${optionalString ssl.acmeEnable (indent '' + ${optionalString ssl.force_encryption '' + if ($scheme = http){ + return 301 https://$server_name$request_uri; + } + ''} + listen 443 ssl; + ssl_certificate ${config.security.acme.directory}/${domain}/fullchain.pem; + ssl_certificate_key ${config.security.acme.directory}/${domain}/key.pem; + ${optionalString ssl.prefer_server_ciphers '' + ssl_prefer_server_ciphers On; + ''} + ssl_ciphers ${ssl.ciphers}; + ssl_protocols ${toString ssl.protocols}; + '')} ${indent extraConfig} + ${optionalString ssl.acmeEnable (indent (to-location acmeLocation))} ${indent (concatMapStrings to-location locations)} } ''; diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 8e266e1b3..3315dd157 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -78,7 +78,9 @@ with import <stockholm/lib>; extraZones = { # TODO generate krebsco.de zone from nets and don't use extraZones at all "krebsco.de" = '' + krebsco.de. 60 IN MX 5 mx23 cd 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr} + mx23 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr} ''; }; nets = { @@ -213,7 +215,6 @@ with import <stockholm/lib>; ni = { extraZones = { "krebsco.de" = '' - krebsco.de. 60 IN MX 5 ni ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} cgit 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} cgit.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} @@ -351,11 +352,17 @@ with import <stockholm/lib>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa"; }; xu = { + binary-cache = { + pubkey = "xu-1:pYRENvaxZqGeImwLA9qHmRwHV4jfKaYx4u1VcZ31x0s="; + }; cores = 4; nets = { gg23 = { ip4.addr = "10.23.1.38"; - aliases = ["xu.gg23"]; + aliases = [ + "cache.xu.gg23" + "xu.gg23" + ]; ssh.port = 11423; }; retiolum = { diff --git a/krebs/5pkgs/builders.nix b/krebs/5pkgs/builders.nix index 5860b9a15..49d04be4d 100644 --- a/krebs/5pkgs/builders.nix +++ b/krebs/5pkgs/builders.nix @@ -37,7 +37,17 @@ rec { }; }; - writeBash = makeScriptWriter "${pkgs.bash}/bin/bash"; + writeBash = name: text: + assert (with types; either absolute-pathname filename).check name; + pkgs.writeOut (baseNameOf name) { + ${optionalString (types.absolute-pathname.check name) name} = { + check = pkgs.writeDash "shellcheck.sh" '' + ${pkgs.haskellPackages.ShellCheck}/bin/shellcheck "$1" || : + ''; + executable = true; + text = "#! ${pkgs.bash}/bin/bash\n${text}"; + }; + }; writeBashBin = name: assert types.filename.check name; @@ -91,6 +101,7 @@ rec { writers.text = { path + , check ? null , executable ? false , mode ? if executable then "0755" else "0644" , text @@ -102,6 +113,9 @@ rec { var = "file_${hashString "sha1" path}"; val = text; install = /* sh */ '' + ${optionalString (check != null) /* sh */ '' + ${check} ''$${var}Path + ''} ${pkgs.coreutils}/bin/install -m ${mode} -D ''$${var}Path $out${path} ''; }; diff --git a/krebs/5pkgs/dic/default.nix b/krebs/5pkgs/dic/default.nix index ea70f34d7..963786f0c 100644 --- a/krebs/5pkgs/dic/default.nix +++ b/krebs/5pkgs/dic/default.nix @@ -5,8 +5,8 @@ stdenv.mkDerivation { src = fetchgit { url = http://cgit.ni.krebsco.de/dic; - rev = "refs/tags/v1.0.0"; - sha256 = "0f3f5dqpw5y79p2k68qw6jdlkrnapqs3nvnc41zwacyhgppiww0k"; + rev = "refs/tags/v1.0.1"; + sha256 = "1686mba1z4m7vq70w26qpl00z1cz286c9bya9ql36g6w2pbcs8d3"; }; phases = [ diff --git a/krebs/5pkgs/github-hosts-sync/default.nix b/krebs/5pkgs/github-hosts-sync/default.nix index bc4c58bb0..cdfed468c 100644 --- a/krebs/5pkgs/github-hosts-sync/default.nix +++ b/krebs/5pkgs/github-hosts-sync/default.nix @@ -19,6 +19,7 @@ stdenv.mkDerivation { git gnugrep gnused + nettools openssh socat ]); diff --git a/krebs/5pkgs/haskell-overrides/blessings.nix b/krebs/5pkgs/haskell-overrides/blessings.nix index 5fb57a332..f852b4a44 100644 --- a/krebs/5pkgs/haskell-overrides/blessings.nix +++ b/krebs/5pkgs/haskell-overrides/blessings.nix @@ -1,11 +1,11 @@ { mkDerivation, base, fetchgit, stdenv }: -mkDerivation { +mkDerivation rec { pname = "blessings"; - version = "1.0.0"; + version = "1.1.0"; src = fetchgit { url = http://cgit.ni.krebsco.de/blessings; - rev = "25a510dcb38ea9158e9969d56eb66cb1b860ab5f"; - sha256 = "0xg329h1y68ndg4w3m1jp38pkg3gqg7r19q70gqqj4mswb6qcrqc"; + rev = "refs/tags/v${version}"; + sha256 = "1k908zap3694fcxdk4bb29s54b0lhdh557y10ybjskfwnym7szn1"; }; libraryHaskellDepends = [ base ]; doHaddock = false; diff --git a/krebs/5pkgs/painload/default.nix b/krebs/5pkgs/painload/default.nix index 10fd379c0..136ec4394 100644 --- a/krebs/5pkgs/painload/default.nix +++ b/krebs/5pkgs/painload/default.nix @@ -2,6 +2,6 @@ fetchgit { url = https://github.com/krebscode/painload; - rev = "8df031f810a2776d8c43b03a9793cb49398bd33b"; - sha256 = "03md5k6fmz0j1ny22iw96dzq7cvijbz24ii85i0h2dhcychdp650"; + rev = "c113487f73713a03b1a139b22bb34b86234d0495"; + sha256 = "1irxklnmvm8wsa70ypjahkr8rfqq7357vcy8r0x1sfncs1hy6gr6"; } diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 82db8ef7b..4472816e3 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -28,6 +28,9 @@ with import <stockholm/lib>; services.xserver.enable = true; services.xserver.desktopManager.xfce.enable = true; networking.wireless.enable = true; + hardware.pulseaudio = { + enable = true; + }; users.users.ferret = { uid = genid "ferret"; home = "/home/ferret"; diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index a7d2a6cef..21a2ec038 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -194,7 +194,9 @@ with import <stockholm/lib>; { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } - { predicate = "-i retiolum"; target = "REJECT"; precedence = -10000; } + { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } + { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; } + { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; } ]; }; }; diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index c637b08fb..872acc003 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -12,7 +12,7 @@ let msmtp = pkgs.writeBashBin "msmtp" '' ${pkgs.coreutils}/bin/tee >(${pkgs.notmuch}/bin/notmuch insert +sent) | \ - ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@ + ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} "$@" ''; muttrc = pkgs.writeText "muttrc" '' diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index e665b6c6f..caca98746 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "0195ab84607ac3a3aa07a79d2d6c2781b1bb6731"; + ref = "ee52e9809185bdf44452f2913e3f6ef839c15c4e"; }; } diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index baa4bb380..765769936 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -41,7 +41,7 @@ let mirror.url = "${mirror}${name}"; }; tv = { - origin.url = "http://cgit.ni.i/${name}"; + origin.url = "http://cgit.ni.r/${name}"; mirror.url = "${mirror}${name}"; }; lassulus = { diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index 55be8a8d9..3356fe9a8 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -8,28 +8,29 @@ rec { let domain = head domains; in { - security.acme = { - certs."${domain}" = { - email = "lassulus@gmail.com"; - webroot = "/var/lib/acme/challenges/${domain}"; - plugins = [ - "account_key.json" - "key.pem" - "fullchain.pem" - ]; - group = "nginx"; - allowKeysForGroup = true; - extraDomains = genAttrs domains (_: null); - }; - }; + #security.acme = { + # certs."${domain}" = { + # email = "lassulus@gmail.com"; + # webroot = "/var/lib/acme/challenges/${domain}"; + # plugins = [ + # "account_key.json" + # "key.pem" + # "fullchain.pem" + # ]; + # group = "nginx"; + # allowKeysForGroup = true; + # extraDomains = genAttrs domains (_: null); + # }; + #}; krebs.nginx.servers."${domain}" = { + ssl.acmeEnable = true; server-names = domains; - locations = [ - (nameValuePair "/.well-known/acme-challenge" '' - root /var/lib/acme/challenges/${domain}/; - '') - ]; + #locations = [ + # (nameValuePair "/.well-known/acme-challenge" '' + # root /var/lib/acme/challenges/${domain}/; + # '') + #]; }; }; @@ -37,7 +38,7 @@ rec { { imports = [ ( manageCerts domains ) - ( activateACME (head domains) ) + #( activateACME (head domains) ) ]; }; diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix index a8ab1c52a..c0be053ab 100644 --- a/lass/3modules/usershadow.nix +++ b/lass/3modules/usershadow.nix @@ -70,9 +70,7 @@ extra-depends = deps; text = '' import Data.Monoid - import System.IO - import Data.Char (chr) - import System.Environment (getEnv, getArgs) + import System.Environment (getArgs) import Crypto.PasswordStore (verifyPasswordWith, pbkdf2) import qualified Data.ByteString.Char8 as BS8 import System.Exit (exitFailure, exitSuccess) @@ -96,16 +94,29 @@ import System.Environment (getEnv) import Crypto.PasswordStore (makePasswordWith, pbkdf2) import qualified Data.ByteString.Char8 as BS8 - import System.IO (stdin, hSetEcho, putStrLn) + import System.IO (stdin, stdout, hSetEcho, hFlush, putStr, putStrLn) + import Control.Exception (bracket_) main :: IO () main = do home <- getEnv "HOME" - putStrLn "password:" - hSetEcho stdin False - password <- BS8.hGetLine stdin - hash <- makePasswordWith pbkdf2 password 10 - BS8.writeFile (home ++ "/.shadow") hash + mb_password <- bracket_ (hSetEcho stdin False) (hSetEcho stdin True) $ do + putStr "Enter new UNIX password: " + hFlush stdout + password <- BS8.hGetLine stdin + putStrLn "" + putStr "Retype new UNIX password: " + hFlush stdout + password2 <- BS8.hGetLine stdin + return $ if password == password2 + then Just password + else Nothing + case mb_password of + Just password -> do + hash <- makePasswordWith pbkdf2 password 10 + BS8.writeFile (home ++ "/.shadow") hash + putStrLn "passwd: all authentication tokens updated successfully." + Nothing -> putStrLn "Sorry, passwords do not match" ''; }; }; diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix index 6669b5dcf..7d6a1d682 100644 --- a/tv/1systems/nomic.nix +++ b/tv/1systems/nomic.nix @@ -15,7 +15,6 @@ with import <stockholm/lib>; ../2configs/nginx/public_html.nix ../2configs/pulse.nix ../2configs/retiolum.nix - ../2configs/wu-binary-cache/client.nix ../2configs/xserver ]; diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 19db559f1..d5be57bb8 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -16,7 +16,6 @@ with import <stockholm/lib>; ../2configs/nginx/public_html.nix ../2configs/pulse.nix ../2configs/retiolum.nix - ../2configs/wu-binary-cache ../2configs/xserver { environment.systemPackages = with pkgs; [ diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index a7e0b839d..b6fe6dc5c 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -15,7 +15,7 @@ with import <stockholm/lib>; ../2configs/nginx/public_html.nix ../2configs/pulse.nix ../2configs/retiolum.nix - ../2configs/wu-binary-cache/client.nix + ../2configs/binary-cache ../2configs/xserver ../2configs/xu-qemu0.nix { diff --git a/tv/1systems/zu.nix b/tv/1systems/zu.nix index 056652e4b..59e8b1c7f 100644 --- a/tv/1systems/zu.nix +++ b/tv/1systems/zu.nix @@ -21,7 +21,6 @@ with import <stockholm/lib>; ../2configs/nginx/public_html.nix ../2configs/pulse.nix ../2configs/retiolum.nix - ../2configs/wu-binary-cache/client.nix ../2configs/xserver { environment.systemPackages = with pkgs; [ diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix index 6dd24b32f..7c91b1cf1 100644 --- a/tv/2configs/backup.nix +++ b/tv/2configs/backup.nix @@ -58,6 +58,18 @@ with import <stockholm/lib>; dst = { host = config.krebs.hosts.xu; path = "/bku/cd-home"; }; startAt = "07:00"; }; + xu-pull-ni-ejabberd = { + method = "pull"; + src = { host = config.krebs.hosts.ni; path = "/var/ejabberd"; }; + dst = { host = config.krebs.hosts.xu; path = "/bku/ni-ejabberd"; }; + startAt = "07:00"; + }; + xu-pull-ni-home = { + method = "pull"; + src = { host = config.krebs.hosts.ni; path = "/home"; }; + dst = { host = config.krebs.hosts.xu; path = "/bku/ni-home"; }; + startAt = "07:00"; + }; zu-home-xu = { method = "push"; src = { host = config.krebs.hosts.zu; path = "/home"; }; @@ -76,6 +88,18 @@ with import <stockholm/lib>; dst = { host = config.krebs.hosts.zu; path = "/bku/cd-home"; }; startAt = "06:30"; }; + zu-pull-ni-ejabberd = { + method = "pull"; + src = { host = config.krebs.hosts.ni; path = "/var/ejabberd"; }; + dst = { host = config.krebs.hosts.zu; path = "/bku/ni-ejabberd"; }; + startAt = "06:00"; + }; + zu-pull-ni-home = { + method = "pull"; + src = { host = config.krebs.hosts.ni; path = "/home"; }; + dst = { host = config.krebs.hosts.zu; path = "/bku/ni-home"; }; + startAt = "06:30"; + }; } // mapAttrs (_: recursiveUpdate { snapshots = { minutely = { format = "%Y-%m-%dT%H:%M"; retain = 3; }; diff --git a/tv/2configs/wu-binary-cache/default.nix b/tv/2configs/binary-cache/default.nix index f039a552b..5902f1895 100644 --- a/tv/2configs/wu-binary-cache/default.nix +++ b/tv/2configs/binary-cache/default.nix @@ -1,22 +1,30 @@ { config, lib, pkgs, ... }: with import <stockholm/lib>; { - services.nix-serve = assert config.krebs.build.host.name == "wu"; { + environment.etc."binary-cache.pubkey".text = + config.krebs.build.host.binary-cache.pubkey; + + services.nix-serve = { enable = true; - secretKeyFile = config.krebs.secret.files.nix-serve-key.path; + secretKeyFile = config.krebs.secret.files.binary-cache-seckey.path; }; + systemd.services.nix-serve = { requires = ["secret.service"]; after = ["secret.service"]; }; - krebs.secret.files.nix-serve-key = { + + krebs.secret.files.binary-cache-seckey = { path = "/run/secret/nix-serve.key"; owner.name = "nix-serve"; source-path = toString <secrets> + "/nix-serve.key"; }; + krebs.nginx = { enable = true; servers.nix-serve = { - server-names = [ "cache.wu.gg23" ]; + server-names = [ + "cache.${config.krebs.build.host.name}.gg23" + ]; locations = singleton (nameValuePair "/" '' proxy_pass http://localhost:${toString config.services.nix-serve.port}; ''); diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index b5b1fc240..8852100e2 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -14,7 +14,7 @@ with import <stockholm/lib>; stockholm.file = "/home/tv/stockholm"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "a6728e15cbca1d11553f01d7c3c477ae2debfd8e"; + ref = "728a9578e31a0f78f6ad07a3a2ec706ec5290f10"; }; } // optionalAttrs host.secure { secrets-master.file = "/home/tv/secrets/master"; diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix index b6724f40e..48d738365 100644 --- a/tv/2configs/git.nix +++ b/tv/2configs/git.nix @@ -29,8 +29,10 @@ let cac-api = { cgit.desc = "CloudAtCost API command line interface"; }; + dic = { + cgit.desc = "dict.leo.org command line interface"; + }; get = {}; - hack = {}; load-env = {}; loldns = { cgit.desc = "toy DNS server"; @@ -40,12 +42,9 @@ let netcup = { cgit.desc = "netcup command line interface"; }; - newsbot-js = {}; - nixpkgs = {}; populate = { cgit.desc = "source code installer"; }; - push = {}; regfish = {}; soundcloud = { cgit.desc = "SoundCloud command line interface"; @@ -53,8 +52,10 @@ let stockholm = { cgit.desc = "NixOS configuration"; }; - with-tmpdir = {}; - } // mapAttrs (_: recursiveUpdate { cgit.section = "2. Haskell libraries"; }) { + } // mapAttrs (_: recursiveUpdate { cgit.section = "2. Host configurations"; }) { + ni = { + }; + } // mapAttrs (_: recursiveUpdate { cgit.section = "3. Haskell libraries"; }) { blessings = {}; mime = {}; quipper = {}; @@ -63,12 +64,15 @@ let web-routes-wai-custom = {}; xintmap = {}; xmonad-stockholm = {}; - } // mapAttrs (_: recursiveUpdate { cgit.section = "3. museum"; }) { + } // mapAttrs (_: recursiveUpdate { cgit.section = "4. museum"; }) { cgserver = {}; crude-mail-setup = {}; dot-xmonad = {}; + make-snapshot = {}; nixos-infest = {}; painload = {}; + push = {}; + with-tmpdir = {}; }); restricted-repos = mapAttrs make-restricted-repo ( diff --git a/tv/2configs/wu-binary-cache/client.nix b/tv/2configs/wu-binary-cache/client.nix deleted file mode 100644 index 9634c21d4..000000000 --- a/tv/2configs/wu-binary-cache/client.nix +++ /dev/null @@ -1,7 +0,0 @@ -_: -{ - nix = { - binaryCaches = ["http://cache.wu.gg23"]; - binaryCachePublicKeys = ["cache.wu-1:cdhA201O2R2Ect463vhJFmhpMaNyT/tOvzYvtceT9q8="]; - }; -} diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index 4eb8a10b4..ae47ab0f3 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -35,9 +35,6 @@ with import <stockholm/lib>; ff = pkgs.writeDashBin "ff" '' exec ${pkgs.firefoxWrapper}/bin/firefox "$@" ''; - gnupg = - if elem config.krebs.build.host.name ["xu" "wu"] - then super.gnupg21 - else super.gnupg; + gnupg = pkgs.gnupg21; }; } |