diff options
26 files changed, 62 insertions, 730 deletions
@@ -1,6 +1,6 @@ # usage: nix-instantiate --eval --json --read-write-mode --strict ci.nix | jq . -with import ./lib; let + lib = pkgs.lib; pkgs = import <nixpkgs> { overlays = [ (import ./submodules/nix-writers/pkgs) ]; }; system = import <nixpkgs/nixos/lib/eval-config.nix> { @@ -16,9 +16,9 @@ let } ; - ci-systems = filterAttrs (_: v: v.ci) system.config.krebs.hosts; + ci-systems = lib.filterAttrs (_: v: v.ci) system.config.krebs.hosts; build = host: owner: - ((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-build";}); + ((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${builtins.getEnv "HOME"}/stockholm-build";}); -in mapAttrs (n: h: build n h.owner.name) ci-systems +in lib.mapAttrs (n: h: build n h.owner.name) ci-systems diff --git a/flake.lock b/flake.lock index b11c289b4..c7b051683 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1760516981, - "narHash": "sha256-4AYTAH7WDL6C6WKktc9UEQRiav6oPzVpKuFWRyYeuTQ=", + "lastModified": 1768927382, + "narHash": "sha256-qdmb8Pm73PADLgO8Q06QfyPbEQS6el9Si+dGQc3TB1I=", "owner": "Mic92", "repo": "buildbot-nix", - "rev": "01dfc9a07c070092e3187be8edbd2243a9e301a5", + "rev": "eb4e904a8dc1aa12a964752e4fd9977c6aead724", "type": "github" }, "original": { @@ -31,11 +31,11 @@ ] }, "locked": { - "lastModified": 1756770412, - "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "4524271976b625a4a605beefd893f270620fd751", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", "type": "github" }, "original": { @@ -71,11 +71,11 @@ ] }, "locked": { - "lastModified": 1758022363, - "narHash": "sha256-ENUhCRWgSX4ni751HieNuQoq06dJvApV/Nm89kh+/A0=", + "lastModified": 1768476106, + "narHash": "sha256-V0YOJRum50gtKgwavsAfwXc9+XAsJCC7386YZx1sWGQ=", "owner": "hercules-ci", "repo": "hercules-ci-effects", - "rev": "1a3667d33e247ad35ca250698d63f49a5453d824", + "rev": "c19e263e6e22ec7379d972f19e6a322f943c73fb", "type": "github" }, "original": { @@ -87,7 +87,9 @@ "nix-writers": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1677612737, @@ -105,26 +107,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1677608380, - "narHash": "sha256-k82O23qBAK+43X0KSBjsMYXG2x4kWWXeAmpPTc2KRGY=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "4aba90e89f6d4ac6138939961f62842bd94ec929", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1760878510, - "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", + "lastModified": 1768886240, + "narHash": "sha256-C2TjvwYZ2VDxYWeqvvJ5XPPp6U7H66zeJlRaErJKoEM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", + "rev": "80e4adbcf8992d3fd27ad4964fbb84907f9478b0", "type": "github" }, "original": { @@ -138,7 +125,7 @@ "inputs": { "buildbot-nix": "buildbot-nix", "nix-writers": "nix-writers", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs" } }, "treefmt-nix": { @@ -149,11 +136,11 @@ ] }, "locked": { - "lastModified": 1758728421, - "narHash": "sha256-ySNJ008muQAds2JemiyrWYbwbG+V7S5wg3ZVKGHSFu8=", + "lastModified": 1768158989, + "narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "5eda4ee8121f97b218f7cc73f5172098d458f1d1", + "rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca", "type": "github" }, "original": { @@ -2,6 +2,7 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nix-writers.url = "git+https://cgit.krebsco.de/nix-writers"; + nix-writers.inputs.nixpkgs.follows = "nixpkgs"; # disko.url = "github:nix-community/disko"; # disko.inputs.nixpkgs.follows = "nixpkgs"; buildbot-nix.url = "github:Mic92/buildbot-nix"; diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 91071ec85..655192077 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -5,6 +5,17 @@ ../../../krebs ../../../krebs/2configs ../../../krebs/2configs/nginx.nix + { + # Cherry-pick services.nginx.recommendedTlsSettings to fix: + # nginx: [emerg] "ssl_conf_command" directive is not supported on this platform + services.nginx.recommendedTlsSettings = lib.mkForce false; + services.nginx.appendHttpConfig = '' + ssl_session_timeout 1d; + ssl_session_cache shared:SSL:10m; + ssl_session_tickets off; + ssl_prefer_server_ciphers off; + ''; + } ../../../krebs/2configs/binary-cache/nixos.nix ../../../krebs/2configs/ircd.nix diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 0c361cc42..60479fd90 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -27,11 +27,11 @@ ### shackspace ### # handle the worlddomination map via coap - ../../2configs/shack/worlddomination.nix + #../../2configs/shack/worlddomination.nix (FIXME error: python3.13-LinkHeader-0.4.3 does not configure a `format`. To build with setuptools as before, set `pyproject = true` and `build-system = [ setuptools ]`.) ../../2configs/shack/ssh-keys.nix # drivedroid.shack for shackphone - ../../2configs/shack/drivedroid.nix + #../../2configs/shack/drivedroid.nix (FIXME error: attribute 'drivedroid-gen-repo' missing) # ../../2configs/shack/nix-cacher.nix # Say if muell will be collected @@ -70,7 +70,7 @@ # ../../2configs/shack/share.nix # mobile.lounge.mpd.shack - ../../2configs/shack/mobile.mpd.nix + #../../2configs/shack/mobile.mpd.nix (FIXME Compatibility with CMake < 3.5 has been removed from CMake.) # hass.shack ../../2configs/shack/glados diff --git a/krebs/2configs/buildbot-stockholm.nix b/krebs/2configs/buildbot-stockholm.nix index 32452e010..c51d3c651 100644 --- a/krebs/2configs/buildbot-stockholm.nix +++ b/krebs/2configs/buildbot-stockholm.nix @@ -19,7 +19,6 @@ with import ../../lib/pure.nix { inherit lib; }; enable = true; repos = { disko.urls = [ - "http://cgit.gum.r/disko" "http://cgit.ni.r/disko" "http://cgit.orange.r/disko" ]; @@ -33,7 +32,6 @@ with import ../../lib/pure.nix { inherit lib; }; "http://cgit.orange.r/nix-writers" ]; stockholm.urls = [ - "http://cgit.gum.r/stockholm" "http://cgit.ni.r/stockholm" "http://cgit.orange.r/stockholm" ]; diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix index a797673c9..937a20c29 100644 --- a/krebs/2configs/hw/x220.nix +++ b/krebs/2configs/hw/x220.nix @@ -17,8 +17,8 @@ }; hardware.opengl.extraPackages = [ - pkgs.vaapiIntel - pkgs.vaapiVdpau + pkgs.intel-vaapi-driver + pkgs.libva-vdpau-driver ]; services.xserver = { diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index e7d348d50..600f7cd6d 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -235,20 +235,20 @@ let env.TASKDATA = "${stateDir}/${name}"; commands = rec { add.filename = pkgs.writers.writeDash "${name}-task-add" '' - ${pkgs.taskwarrior}/bin/task rc:${taskRcFile} add "$1" + ${pkgs.taskwarrior2}/bin/task rc:${taskRcFile} add "$1" ''; list.filename = pkgs.writers.writeDash "${name}-task-list" '' - ${pkgs.taskwarrior}/bin/task rc:${taskRcFile} export \ + ${pkgs.taskwarrior2}/bin/task rc:${taskRcFile} export \ | ${pkgs.jq}/bin/jq -r ' .[] | select(.id != 0) | "\(.id) \(.description)" ' ''; delete.filename = pkgs.writers.writeDash "${name}-task-delete" '' - ${pkgs.taskwarrior}/bin/task rc:${taskRcFile} delete "$1" + ${pkgs.taskwarrior2}/bin/task rc:${taskRcFile} delete "$1" ''; del = delete; done.filename = pkgs.writers.writeDash "${name}-task-done" '' - ${pkgs.taskwarrior}/bin/task rc:${taskRcFile} done "$1" + ${pkgs.taskwarrior2}/bin/task rc:${taskRcFile} done "$1" ''; }; }; @@ -456,7 +456,7 @@ in { printf 'HTTP/1.1 200 OK\r\n' printf 'Connection: close\r\n' printf '\r\n' - TASKDATA=/var/lib/reaktor2/agenda ${pkgs.taskwarrior}/bin/task rc:${taskRcFile} export + TASKDATA=/var/lib/reaktor2/agenda ${pkgs.taskwarrior2}/bin/task rc:${taskRcFile} export exit ;; esac diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix index a488fdfea..1c7ed4719 100644 --- a/krebs/2configs/repo-sync.nix +++ b/krebs/2configs/repo-sync.nix @@ -98,7 +98,7 @@ in { krebs.secret.files.konsens = { path = "/var/lib/konsens/.ssh/id_ed25519"; owner = konsens-user; - source-path = "${config.krebs.secret.directory}/konsens.id_ed25519>"; + source-path = "${config.krebs.secret.directory}/konsens.id_ed25519"; }; imports = [ @@ -107,9 +107,10 @@ in { desc = "take all computers hostage, they love it"; section = "configuration"; remotes = { - makefu = "http://cgit.gum.r/stockholm"; - tv = "http://cgit.ni.r/stockholm"; + krebs = "https://github.com/krebs/stockholm"; lassulus = "http://cgit.orange.r/stockholm"; + makefu = "https://cgit.euer.krebsco.de/makefu/stockholm.git"; + tv = "http://cgit.ni.r/stockholm"; }; }) ({ krebs.git = defineRepo { diff --git a/krebs/3modules/ci/default.nix b/krebs/3modules/ci/default.nix index 1f029276a..18fe46a98 100644 --- a/krebs/3modules/ci/default.nix +++ b/krebs/3modules/ci/default.nix @@ -50,7 +50,7 @@ let "${url}", workdir='${name}-${elemAt(splitString "." url) 1}', branches=True, project='${name}', - pollinterval=30 + pollInterval=30 ) '') repo.urls ) cfg.repos; diff --git a/krebs/3modules/secret.nix b/krebs/3modules/secret.nix index 13c4ecaec..ad9ceccbe 100644 --- a/krebs/3modules/secret.nix +++ b/krebs/3modules/secret.nix @@ -15,7 +15,7 @@ in { secret-file else secret-file // { - source-path = "${config.krebs.secret.directory}/secret-file.source-path"; + source-path = "${config.krebs.secret.directory}/${secret-file.source-path}"; } ); }; diff --git a/krebs/3modules/sync-containers3.nix b/krebs/3modules/sync-containers3.nix index 872f04db2..cbffeb6f3 100644 --- a/krebs/3modules/sync-containers3.nix +++ b/krebs/3modules/sync-containers3.nix @@ -358,9 +358,7 @@ in { networking.useNetworkd = true; services.resolved = { enable = true; - extraConfig = '' - Domains=~. - ''; + settings.Resolve.Domains = [ "~." ]; }; systemd.network = { enable = true; diff --git a/krebs/5pkgs/simple/K_belwagen.nix b/krebs/5pkgs/simple/K_belwagen.nix deleted file mode 100644 index 2f64bb09d..000000000 --- a/krebs/5pkgs/simple/K_belwagen.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ lib, pkgs, stdenv }: - -stdenv.mkDerivation { - pname = "K_belwagen"; - version = "1.0"; - - src = pkgs.painload; - sourceRoot = "source/K_belwagen"; - - buildInputs = [ - pkgs.jack1 - pkgs.pkg-config - ]; - - patchPhase = '' - sed -i ' - s@^cd@# &@ - s@^make@# &@ - s@^jackd@# &@ - s@^trap@# &@ - - s@^set.*@&\nPATH=${lib.makeBinPath [ - pkgs.bc - pkgs.coreutils - ]}; export PATH@ - - s@\./a\.out@'"$out"'/lib/a.out@ - ' alarm - ''; - - installPhase = '' - mkdir -p $out/lib - mkdir -p $out/bin - - cp alarm $out/bin - cp a.out $out/lib - ''; -} diff --git a/krebs/5pkgs/simple/certaids.nix b/krebs/5pkgs/simple/certaids.nix deleted file mode 100644 index 094868680..000000000 --- a/krebs/5pkgs/simple/certaids.nix +++ /dev/null @@ -1,114 +0,0 @@ -{ pkgs }: - -let - cert2json = pkgs.writeDash "cert2json" '' - # usage: cert2json < CERT > JSON - set -efu - - ${pkgs.openssl}/bin/openssl crl2pkcs7 -nocrl -certfile /dev/stdin | - ${pkgs.openssl}/bin/openssl pkcs7 -print_certs -text | - ${pkgs.gawk}/bin/awk -F, -f ${pkgs.writeText "cert2json.awk" '' - function abort(msg) { - print(msg) > "/dev/stderr" - exit 1 - } - - function toJSON(x, type, ret) { - type = typeof(x) - switch (type) { - case "array": - if (isArray(x)) return arrayToJSON(x) - if (isObject(x)) return objectToJSON(x) - abort("cannot render array to JSON", x) - case "number": - return numberToJSON(x) - case "string": - return stringToJSON(x) - case "strnum": - case "unassigned": - case "regexp": - case "untyped": - default: - abort("cannot render type: " type) - } - } - - function isArray(x, i, k) { - i = 1 - for (k in x) { - if (k != i++) return 0 - i++ - } - return 1 - } - - function isObject(x, k) { - for (k in x) { - if (typeof(k) != "string") return 0 - } - return 1 - } - - function arrayToJSON(x, k, ret) { - ret = "[" - for (k in x) { - ret=ret toJSON(x[k]) "," - } - sub(/,$/,"",ret) - ret=ret "]" - return ret - } - - function objectToJSON(x, k,ret) { - ret = "{" - for (k in x) { - ret = ret toJSON(k) ":" toJSON(x[k]) "," - } - sub(/,$/, "", ret) - ret = ret "}" - return ret - } - - function numberToJSON(x) { - return x - } - - function stringToJSON(x) { - gsub(/\\/, "&&",x) - gsub(/\n/, "\\n", x) - return "\"" x "\"" - } - - $1 ~ /^ *(Subject|Issuer):/ { - sub(/^ */, "") - sub(/: */, ",") - key=tolower($1) - sub(/[^,]*,/, "") - - # Normalize separators between relative distinguished names. - # [1]: RFC2253, 3. Parsing a String back to a Distinguished Name - # TODO support any distinguished name - gsub(/ *[;,] */, ",") - - for(i = 0; i <= NF; i++) { - split($i, a, "=") - cache[key][a[1]] = a[2] - } - } - - /BEGIN CERTIFICATE/,/END CERTIFICATE/{ - cache["certificate"] = cache["certificate"] $0 "\n" - } - - /END CERTIFICATE/{ - print toJSON(cache) - delete cache - } - ''} - ''; -in - -pkgs.runCommand "certaids" {} '' - mkdir -p $out/bin - ln -s ${cert2json} $out/bin/cert2json -'' diff --git a/krebs/5pkgs/simple/collectd-connect-time/default.nix b/krebs/5pkgs/simple/collectd-connect-time/default.nix index 525388029..abbfae40a 100644 --- a/krebs/5pkgs/simple/collectd-connect-time/default.nix +++ b/krebs/5pkgs/simple/collectd-connect-time/default.nix @@ -1,8 +1,10 @@ -{lib, pkgs, pythonPackages, fetchurl, ... }: +{lib, pkgs, python3Packages, fetchurl, ... }: -pythonPackages.buildPythonPackage rec { +python3Packages.buildPythonPackage rec { name = "collectd-connect-time-${version}"; version = "0.3.0"; + pyproject = true; + build-system = [ python3Packages.setuptools ]; src = fetchurl { url = "https://pypi.python.org/packages/source/c/collectd-connect-time/collectd-connect-time-${version}.tar.gz"; sha256 = "0vvrf9py9bwc8hk3scxwg4x2j8jlp2qva0mv4q8d9m4b4mk99c95"; diff --git a/krebs/5pkgs/simple/dic/default.nix b/krebs/5pkgs/simple/dic/default.nix deleted file mode 100644 index 39402c012..000000000 --- a/krebs/5pkgs/simple/dic/default.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ fetchgit, lib, stdenv -, coreutils, curl, gnugrep, gnused, util-linux -}: - -stdenv.mkDerivation { - name = "dic"; - - src = fetchgit { - url = https://cgit.ni.krebsco.de/dic; - rev = "refs/tags/v1.1.1"; - sha256 = "1gbj967a5hj53fdkkxijqgwnl9hb8kskz0cmpjq7v65ffz3v6vag"; - }; - - phases = [ - "unpackPhase" - "installPhase" - ]; - - installPhase = - let - path = lib.makeBinPath [ - coreutils - curl - gnused - gnugrep - util-linux - ]; - in - '' - mkdir -p $out/bin - - sed \ - 's,^main() {$,&\n PATH=${path}; export PATH,' \ - < ./dic \ - > $out/bin/dic - - chmod +x $out/bin/dic - ''; -} diff --git a/krebs/5pkgs/simple/ecrypt/default.nix b/krebs/5pkgs/simple/ecrypt/default.nix deleted file mode 100644 index f83f8cfe7..000000000 --- a/krebs/5pkgs/simple/ecrypt/default.nix +++ /dev/null @@ -1,111 +0,0 @@ -{ pkgs, lib }: - -#usage: ecrypt mount /var/crypted /var/unencrypted -pkgs.writers.writeDashBin "ecrypt" '' - set -euf - - PATH=${lib.makeBinPath (with pkgs; [ - coreutils - ecryptfs - gnused - gnugrep - jq - mount - keyutils - umount - ])} - - # turn echo back on if killed - trap 'stty echo' INT - - case "$1" in - init) - shift - mkdir -p "$1" "$2" - - # abort if src or dest are not empty - if [ -e "$1"/.cfg.json ]; then - echo 'source dir is already configured, aborting' - exit 1 - elif ls -1qA "$2" | grep -q .; then - echo 'destination dir is not empty, aborting' - exit 1 - else - # we start and exit ecryptfs-manager again to circumvent a bug where mounting the ecryptfs fails - echo 4 | ecryptfs-manager - stty -echo - printf "passphrase: " - read passphrase - stty echo - sig=$(echo "$passphrase" | ecryptfs-add-passphrase | grep 'Inserted auth tok' | sed 's/.*\[\(.*\)\].*/\1/') - mount -t ecryptfs \ - -o ecryptfs_unlink_sigs,ecryptfs_fnek_sig="$sig",ecryptfs_key_bytes=16,ecryptfs_cipher=aes,ecryptfs_sig="$sig" \ - "$1" "$2" - - # add sig to json state file - jq -n --arg sig "$sig" '{ "sig": $sig }' > "$1"/.cfg.json - fi - ;; - - mount) - shift - if ! [ -e "$1"/.cfg.json ]; then - echo '.cfg.json missing in src' - exit 1 - fi - old_sig=$(cat "$1"/.cfg.json | jq -r .sig) - - # check if key is already in keyring, otherwise add it - - if keyctl list @u | grep -q "$old_sig"; then - echo 'pw already saved' - else - # we start and exit ecryptfs-manager again to circumvent a bug where mounting the ecryptfs fails - echo 4 | ecryptfs-manager - stty -echo - printf "passphrase: " - read passphrase - stty echo - new_sig=$(echo "$passphrase" | ecryptfs-add-passphrase | grep 'Inserted auth tok' | sed 's/.*\[\(.*\)\].*/\1/') - - # check if passphrase matches sig - if [ "$old_sig" != "$new_sig" ]; then - echo 'passphrase does not match sig, bailing out' - new_keyid=$(keyctl list @u | grep "$new_sig" | sed 's/\([0-9]*\).*/\1/') - keyctl revoke "$new_keyid" - keyctl unlink "$new_keyid" - exit 1 - fi - fi - - sig=$old_sig - keyid=$(keyctl list @u | grep "$sig" | sed 's/\([0-9]*\).*/\1/') - if (ls -1qA "$2" | grep -q .); then - echo 'destination is not empty, bailing out' - exit 1 - else - mount -i -t ecryptfs \ - -o ecryptfs_passthrough=no,verbose=no,ecryptfs_unlink_sigs,ecryptfs_fnek_sig="$sig",ecryptfs_key_bytes=16,ecryptfs_cipher=aes,ecryptfs_sig="$sig" \ - "$1" "$2" - fi - ;; - - unmount) - shift - - sig=$(cat "$1"/.cfg.json | jq -r .sig) - keyid=$(keyctl list @u | grep "$sig" | sed 's/\s*\([0-9]*\).*/\1/') - - umount "$2" || : - keyctl revoke "$keyid" - keyctl unlink "$keyid" - ;; - - *) - echo 'usage: - ecrypt init /tmp/src/ /tmp/dst/ - ecrypt mount /tmp/src/ /tmp/dst/ - ecrypt unmount /tmp/src/ /tmp/dst/ - ' - esac -'' diff --git a/krebs/5pkgs/simple/eximlog.nix b/krebs/5pkgs/simple/eximlog.nix deleted file mode 100644 index 4abbcfc5a..000000000 --- a/krebs/5pkgs/simple/eximlog.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ jq, lib, systemd, writeDashBin }: - -let - stockholm.lib = import ../../../lib/pure.nix { inherit lib; }; - user = "exim"; # TODO make this configurable -in - -# TODO execute eximlog only if journalctl doesn't fail -# bash's set -o pipefail isn't enough - -writeDashBin "eximlog" '' - ${systemd}/bin/journalctl \ - -u ${stockholm.lib.shell.escape user} \ - -o short-unix \ - "$@" \ - | - ${jq}/bin/jq -Rr ' - # Only select lines that start with a timestamp - select(test("^[0-9]")) | - - split(" ") | - (.[0] | tonumber) as $time | - (.[3:] | join(" ")) as $message | - - "\($time | strftime("%Y-%m-%d %H:%M:%S %z")) \($message)" - - ' -'' diff --git a/krebs/5pkgs/simple/gitignore.nix b/krebs/5pkgs/simple/gitignore.nix deleted file mode 100644 index 50c8d6190..000000000 --- a/krebs/5pkgs/simple/gitignore.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ pkgs, writeDashBin }: - -/* gitignore - Filter for intentionally untracked lines or blocks of code - -This is a filter that allows specifying intentionally untracked lines and -blocks of code that Git should ignore. - -Example: - - int main(void) { - printf("I would never say derp.\n"); - //#gitignore-begin - printf("DERP!\n"); - //#gitignore-end - printf("DERP!\n"); //#gitignore - return 0; - } - -Installation: - - Define a filter, e.g. in ~/.config/git/config[1]: - - [filter "gitignore"] - clean = gitignore - smudge = cat - - Assing that filter to some paths, e.g. in ~/.config/git/attributes[2]: - - *.hs filter=gitignore - *.c filter=gitignore - ... - - [1]: For more information about defining filters see git-config(1). - [2]: For more information about assigning filters see gitattributes(5). -*/ - -writeDashBin "gitignore" '' - exec ${pkgs.gnused}/bin/sed ' - /#gitignore-begin/,/#gitignore-end/d - /#gitignore/d - ' -'' diff --git a/krebs/5pkgs/simple/hashPassword/default.nix b/krebs/5pkgs/simple/hashPassword/default.nix deleted file mode 100644 index 8d3ba2525..000000000 --- a/krebs/5pkgs/simple/hashPassword/default.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ lib, pkgs, ... }: - -pkgs.writers.writeDashBin "hashPassword" '' - # usage: hashPassword [...] - set -euf - - export PATH=${lib.makeBinPath (with pkgs; [ - coreutils - mkpasswd - openssl - ])} - - salt=$(openssl rand -base64 16 | tr -d '+=' | head -c 16) - exec mkpasswd -m sha-512 -S "$salt" "$@" -'' diff --git a/krebs/5pkgs/simple/logf/default.nix b/krebs/5pkgs/simple/logf/default.nix deleted file mode 100644 index 3a4c84de2..000000000 --- a/krebs/5pkgs/simple/logf/default.nix +++ /dev/null @@ -1,112 +0,0 @@ -{ lib, pkgs, writeDash, writeDashBin, writeJSON, writeJq, ... }: - -let - default-host-colors = writeJSON "logf.default-host-colors.json" { - }; - default-prio-colors = writeJSON "logf.default-prio-colors.json" { - "0" = 196; # emerg - "1" = 160; # alert - "2" = 124; # crit - "3" = 009; # err - "4" = 011; # warning - "5" = 255; # notice - "6" = 250; # info - "7" = 139; # debug - "-" = 005; # undefined priority - }; - default-urgent = writeJSON "logf.default-urgent.json" [ - ]; -in - -writeDashBin "logf" '' - export LOGF_HOST_COLORS LOGF_PRIO_COLORS LOGF_URGENT - LOGF_HOST_COLORS=$(cat "''${LOGF_HOST_COLORS-${default-host-colors}}") - LOGF_PRIO_COLORS=$(cat "''${LOGF_PRIO_COLORS-${default-prio-colors}}") - LOGF_URGENT=$(cat "''${LOGF_URGENT-${default-urgent}}") - printf '%s\0' "$@" \ - | ${pkgs.findutils}/bin/xargs -0 -P 0 -n 1 ${writeDash "logf-remote" '' - target=$1 - target_host=$(echo "$1" | sed 's/^.*@//;s/\..*//') - exec 3>&1 - 2>&1 1>&3 ssh "$target" -T \ - -o PreferredAuthentications=publickey \ - -o StrictHostKeyChecking=yes \ - exec journalctl -af -n 0 -o json \ - | stdbuf -oL jq -Rcf ${writeJq "logf-remote-error.jq" '' - { - PRIORITY: "4", - MESSAGE: ., - SYSLOG_IDENTIFIER: env.target_host, - } - ''} - sleep 10m - exec "$0" "$@" - ''} \ - | ${pkgs.jq}/bin/jq -Rrf ${writeJq "logf-filter.jq" '' - (env.LOGF_HOST_COLORS | fromjson) as $host_colors | - (env.LOGF_PRIO_COLORS | fromjson) as $prio_colors | - (env.LOGF_URGENT | fromjson | map("(\(.))") | join("|")) - as $urgent_regex | - - def when(c; f): if c then f else . end; - - # anaphoric gsub - def agsub(re; f): - # Don't try empty regex: https://github.com/stedolan/jq/issues/1206 - when(re != ""; gsub("(?<it>\(re))"; .it | f)); - - # :: [int] -> sgr - def sgr: "\u001b[\(map(tostring) | join(";"))m"; - - # :: sgr - def rst: [] | sgr; - - # :: int -> sgr - def fg(i): [38,5,i]|sgr; - # TODO def fg(r;g;b): [38,2,r,g,b]|sgr; - # http://cvs.schmorp.de/rxvt-unicode/src/command.C?revision=1.570&view=markup&sortby=log&sortdi |