From 865aa9c1d0198fbd57342c7593396bf4f007e71f Mon Sep 17 00:00:00 2001
From: lassulus <lass@lassul.us>
Date: Sun, 16 Apr 2017 23:32:43 +0200
Subject: l 1 mors: disable ipfs
---
lass/1systems/mors.nix | 4 ----
1 file changed, 4 deletions(-)
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index c196b391a..8891d1829 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -76,10 +76,6 @@ with import <stockholm/lib>;
{
services.redis.enable = true;
}
- {
- #ipfs-testing
- services.ipfs.enable = true;
- }
{
environment.systemPackages = [
pkgs.krebszones
--
cgit v1.2.3
From 6a53a331d11fcf1ff1d36645c3bd42c4c9d0c51c Mon Sep 17 00:00:00 2001
From: lassulus <lass@lassul.us>
Date: Sun, 16 Apr 2017 23:33:54 +0200
Subject: l 1 iso: make sshd work
---
lass/1systems/iso.nix | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix
index bee1c148f..01d698c4c 100644
--- a/lass/1systems/iso.nix
+++ b/lass/1systems/iso.nix
@@ -15,7 +15,6 @@ with import <stockholm/lib>;
krebs.enable = true;
krebs.build.user = config.krebs.users.lass;
krebs.build.host = config.krebs.hosts.iso;
- krebs.build.source.nixos-config.symlink = "stockholm/lass/1systems/${config.krebs.buil.host.name}.nix";
}
{
nixpkgs.config.allowUnfree = true;
@@ -122,18 +121,12 @@ with import <stockholm/lib>;
{ bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
];
};
+ systemd.services.sshd.wantedBy = mkForce [ "multi-user.target" ];
}
{
krebs.iptables = {
enable = true;
tables = {
- nat.PREROUTING.rules = [
- { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
- { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
- ];
- nat.OUTPUT.rules = [
- { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
- ];
filter.INPUT.policy = "DROP";
filter.FORWARD.policy = "DROP";
filter.INPUT.rules = [
--
cgit v1.2.3
From bd58053b7e8123850ca04601505efadace807100 Mon Sep 17 00:00:00 2001
From: lassulus <lass@lassul.us>
Date: Sun, 16 Apr 2017 23:34:25 +0200
Subject: l 2: add sshn to pkgs
---
lass/2configs/default.nix | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 69f8a681e..b53efa75d 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -151,6 +151,10 @@ with import <stockholm/lib>;
p7zip
unzip
unrar
+
+ (pkgs.writeDashBin "sshn" ''
+ ${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@"
+ '')
];
programs.bash = {
--
cgit v1.2.3
From cb36b4fb7cd4c51b89328a06ba0b994d627813aa Mon Sep 17 00:00:00 2001
From: lassulus <lass@lassul.us>
Date: Sun, 16 Apr 2017 23:35:02 +0200
Subject: l 1 mors: enable tor
---
lass/1systems/mors.nix | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 8891d1829..d80665a6b 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -85,6 +85,12 @@ with import <stockholm/lib>;
#ps vita stuff
boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
}
+ {
+ services.tor = {
+ enable = true;
+ client.enable = true;
+ };
+ }
];
krebs.build.host = config.krebs.hosts.mors;
--
cgit v1.2.3
From b3463a3b8227a0732b1c3c4c90998f24c8ab1edf Mon Sep 17 00:00:00 2001
From: lassulus <lass@lassul.us>
Date: Sun, 16 Apr 2017 23:35:25 +0200
Subject: l 2: add syncthing.nix
---
lass/1systems/mors.nix | 1 +
lass/1systems/prism.nix | 1 +
lass/2configs/syncthing.nix | 12 ++++++++++++
3 files changed, 14 insertions(+)
create mode 100644 lass/2configs/syncthing.nix
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index d80665a6b..c8d9465d5 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -25,6 +25,7 @@ with import <stockholm/lib>;
../2configs/repo-sync.nix
../2configs/ircd.nix
../2configs/logf.nix
+ ../2configs/syncthing.nix
{
#risk of rain port
krebs.iptables.tables.filter.INPUT.rules = [
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 9c17c4433..41a909f16 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -46,6 +46,7 @@ in {
../2configs/monitoring/server.nix
../2configs/monitoring/monit-alarms.nix
../2configs/paste.nix
+ ../2configs/syncthing.nix
{
imports = [
../2configs/bepasty.nix
diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix
new file mode 100644
index 000000000..cef43d1e6
--- /dev/null
+++ b/lass/2configs/syncthing.nix
@@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+{
+ services.syncthing = {
+ enable = true;
+ useInotify = true;
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 22000"; target = "ACCEPT";}
+ { predicate = "-p udp --dport 21027"; target = "ACCEPT";}
+ ];
+}
--
cgit v1.2.3
From 87acf579a91c5fb41393d5ffe027d287194205a4 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 15 Apr 2017 18:55:15 +0200
Subject: k 5 tinc_graphs: bump to 0.3.10
---
krebs/5pkgs/tinc_graphs/default.nix | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/krebs/5pkgs/tinc_graphs/default.nix b/krebs/5pkgs/tinc_graphs/default.nix
index e5f1e40e8..20bbc53ba 100644
--- a/krebs/5pkgs/tinc_graphs/default.nix
+++ b/krebs/5pkgs/tinc_graphs/default.nix
@@ -2,14 +2,14 @@
python3Packages.buildPythonPackage rec {
name = "tinc_graphs-${version}";
- version = "0.3.9";
+ version = "0.3.10";
propagatedBuildInputs = with pkgs;[
python3Packages.pygeoip
## ${geolite-legacy}/share/GeoIP/GeoIPCity.dat
];
src = fetchurl {
- url = "https://pypi.python.org/packages/source/t/tinc_graphs/tinc_graphs-${version}.tar.gz";
- sha256 = "0hjmkiclvyjb3707285x4b8mk5aqjcvh383hvkad1h7p1n61qrfx";
+ url = "mirror://pypi/t/tinc_graphs/${name}.tar.gz";
+ sha256 = "0f4cvb9424fhfmc0hbzmynzh9528fyhx00ayq1nbpgd1p89yw7mc";
};
preFixup = with pkgs;''
wrapProgram $out/bin/build-graphs --prefix PATH : "$out/bin"
--
cgit v1.2.3
From 3b0fa5dbe7a7e4f0b6047746545b1ce602f8e65f Mon Sep 17 00:00:00 2001
From: lassulus <lass@lassul.us>
Date: Mon, 17 Apr 2017 15:43:10 +0200
Subject: l 2 baseX: remove redundant libvirt
---
lass/2configs/baseX.nix | 2 --
1 file changed, 2 deletions(-)
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 3032e244f..9c51effdc 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -32,8 +32,6 @@ in {
time.timeZone = "Europe/Berlin";
- virtualisation.libvirtd.enable = true;
-
programs.ssh.startAgent = false;
services.printing = {
--
cgit v1.2.3
From 7c89a9be2b7d41e0feba0a51c6e80bf046179f65 Mon Sep 17 00:00:00 2001
From: lassulus <lass@lassul.us>
Date: Tue, 18 Apr 2017 17:04:40 +0200
Subject: l 2 buildbot: get stockholm source from cgit.prism
---
lass/2configs/buildbot-standalone.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index 3006e9dfb..7b38e44c6 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -20,7 +20,7 @@ in {
};
config.krebs.buildbot.master = let
- stockholm-mirror-url = http://cgit.lassul.us/stockholm ;
+ stockholm-mirror-url = http://cgit.prism.r/stockholm ;
in {
workers = {
testworker = "lasspass";
--
cgit v1.2.3
From 4e55661dc4e32af76f074f57c035136a7e7b3869 Mon Sep 17 00:00:00 2001
From: lassulus <lass@lassul.us>
Date: Tue, 18 Apr 2017 17:04:59 +0200
Subject: l 2: set dnscrypt resolver to cs-de
---
lass/2configs/default.nix | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index b53efa75d..e964704c3 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -64,7 +64,10 @@ with import <stockholm/lib>;
];
}
{
- services.dnscrypt-proxy.enable = true;
+ services.dnscrypt-proxy = {
+ enable = true;
+ resolverName = "cs-de";
+ };
networking.extraResolvconfConf = ''
name_servers='127.0.0.1'
'';
--
cgit v1.2.3
From 5443d2b08ba11323844dcd4b4b79c7580c4029ef Mon Sep 17 00:00:00 2001
From: lassulus <lass@lassul.us>
Date: Tue, 18 Apr 2017 17:05:18 +0200
Subject: l 2 fetchWallpaper: get new wp from prism
---
lass/2configs/fetchWallpaper.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix
index 971be9588..31a01c754 100644
--- a/lass/2configs/fetchWallpaper.nix
+++ b/lass/2configs/fetchWallpaper.nix
@@ -6,7 +6,7 @@ in {
krebs.fetchWallpaper = {
enable = true;
unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
- url = "prism/wallpaper.png";
+ url = "prism/realwallpaper-sat-krebs.png";
maxTime = 10;
};
}
--
cgit v1.2.3
From a773c4c1db47312f5bc8b564b870a826e3bff5fc Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 15 Apr 2017 14:32:05 +0200
Subject: tv nixpkgs: 5acb454 -> 76c6313
---
tv/2configs/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index cbbd5c439..8d7ed2b4f 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -14,7 +14,7 @@ with import <stockholm/lib>;
stockholm.file = "/home/tv/stockholm";
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
- ref = "5acb454e2ad3e3783e63b86a9a31e800d2507e66"; # nixos-17.03
+ ref = "76c63133c5310d362c7c23157616b263db9a9510"; # nixos-17.03
};
} // optionalAttrs host.secure {
secrets-master.file = "/home/tv/secrets/master";
--
cgit v1.2.3
From 0efdaf3a2d66a6166b135818748bd1da5e32ab12 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 17 Apr 2017 13:46:38 +0200
Subject: tv nixpkgs: 76c6313 -> b647a67
---
tv/2configs/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 8d7ed2b4f..ede73f4e5 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -14,7 +14,7 @@ with import <stockholm/lib>;
stockholm.file = "/home/tv/stockholm";
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
- ref = "76c63133c5310d362c7c23157616b263db9a9510"; # nixos-17.03
+ ref = "b647a67dfee066b75d2f54b789f7646016662071"; # nixos-17.03
};
} // optionalAttrs host.secure {
secrets-master.file = "/home/tv/secrets/master";
--
cgit v1.2.3
From 6df0b60f8af8a486ec89f6630e827720efd445ca Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 17 Apr 2017 15:45:32 +0200
Subject: wolf: cleanup
---
shared/1systems/wolf.nix | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix
index 722a08812..0b4448022 100644
--- a/shared/1systems/wolf.nix
+++ b/shared/1systems/wolf.nix
@@ -1,20 +1,18 @@
-{ config, lib, pkgs, ... }:
-
+{ config, pkgs, ... }:
let
shack-ip = config.krebs.build.host.nets.shack.ip4.addr;
- internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
in
{
imports = [
../.
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+ ../2configs/cgit-mirror.nix
../2configs/collectd-base.nix
- ../2configs/shack-nix-cacher.nix
+ ../2configs/graphite.nix
+ ../2configs/repo-sync.nix
../2configs/shack-drivedroid.nix
+ ../2configs/shack-nix-cacher.nix
../2configs/shared-buildbot.nix
- ../2configs/cgit-mirror.nix
- ../2configs/repo-sync.nix
- ../2configs/graphite.nix
../2configs/share-shack.nix
];
# use your own binary cache, fallback use cache.nixos.org (which is used by
--
cgit v1.2.3
From 6b453f7068e4eff470821341e9fcfdbb6d5483ca Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 17 Apr 2017 15:46:45 +0200
Subject: shared shack-drivedroid: krebs.nginx -> services.nginx
---
shared/2configs/shack-drivedroid.nix | 30 +++++++++++++++---------------
1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/shared/2configs/shack-drivedroid.nix b/shared/2configs/shack-drivedroid.nix
index 3581f9e96..07fcffa42 100644
--- a/shared/2configs/shack-drivedroid.nix
+++ b/shared/2configs/shack-drivedroid.nix
@@ -1,4 +1,4 @@
-{ pkgs, lib, config, ... }:
+{ config, pkgs, ... }:
with import <stockholm/lib>;
let
repodir = "/var/srv/drivedroid";
@@ -7,6 +7,20 @@ in
{
environment.systemPackages = [ pkgs.drivedroid-gen-repo ];
+ services.nginx = {
+ enable = mkDefault true;
+ virtualHosts.shack-drivedroid = {
+ serverAliases = [
+ "drivedroid.shack"
+ ];
+ # TODO: prepare this somehow
+ locations."/".extraConfig = ''
+ root ${repodir};
+ index main.json;
+ '';
+ };
+ };
+
systemd.services.drivedroid = {
description = "generates drivedroid repo file";
restartIfChanged = true;
@@ -27,18 +41,4 @@ in
'';
};
};
-
- krebs.nginx = {
- enable = lib.mkDefault true;
- servers = {
- drivedroid-repo = {
- server-names = [ "drivedroid.shack" ];
- # TODO: prepare this somehow
- locations = lib.singleton (lib.nameValuePair "/" ''
- root ${repodir};
- index main.json;
- '');
- };
- };
- };
}
--
cgit v1.2.3
From 82aa7c6f101c16d7e2607f3429cfbb222c572438 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 17 Apr 2017 15:47:07 +0200
Subject: shared shack-nix-cacher: krebs.nginx -> services.nginx
---
shared/2configs/shack-nix-cacher.nix | 37 +++++++++++++++++++-----------------
1 file changed, 20 insertions(+), 17 deletions(-)
diff --git a/shared/2configs/shack-nix-cacher.nix b/shared/2configs/shack-nix-cacher.nix
index 7519bb3ac..4fcbf3a4e 100644
--- a/shared/2configs/shack-nix-cacher.nix
+++ b/shared/2configs/shack-nix-cacher.nix
@@ -1,25 +1,28 @@
-{ pkgs, lib, ... }:
-
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+let
+ cfg = config.krebs.apt-cacher-ng;
+in
{
- krebs.nginx = {
- enable = lib.mkDefault true;
- servers = {
- apt-cacher-ng = {
- server-names = [ "acng.shack" ];
- locations = lib.singleton (lib.nameValuePair "/" ''
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_pass http://localhost:3142/;
- '');
- };
- };
- };
-
krebs.apt-cacher-ng = {
enable = true;
port = 3142;
bindAddress = "localhost";
cacheExpiration = 30;
};
+
+ services.nginx = {
+ enable = mkDefault true;
+ virtualHosts.shack-nix-cacher = {
+ serverAliases = [
+ "acng.shack"
+ ];
+ locations."/".extraConfig = ''
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_pass http://localhost:${toString cfg.port}/;
+ '';
+ };
+ };
}
--
cgit v1.2.3
From d34d95ec3ed4230faa2dc9dd90938e9991dd73d7 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 17 Apr 2017 15:59:27 +0200
Subject: shared shack-drivedroid: cleanup
---
shared/2configs/shack-drivedroid.nix | 27 ++++++++++++++++-----------
1 file changed, 16 insertions(+), 11 deletions(-)
diff --git a/shared/2configs/shack-drivedroid.nix b/shared/2configs/shack-drivedroid.nix
index 07fcffa42..12e4a39c3 100644
--- a/shared/2configs/shack-drivedroid.nix
+++ b/shared/2configs/shack-drivedroid.nix
@@ -1,8 +1,7 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
let
- repodir = "/var/srv/drivedroid";
- srepodir = shell.escape repodir;
+ root = "/var/srv/drivedroid";
in
{
environment.systemPackages = [ pkgs.drivedroid-gen-repo ];
@@ -15,28 +14,34 @@ in
];
# TODO: prepare this somehow
locations."/".extraConfig = ''
- root ${repodir};
+ root ${root};
index main.json;
'';
};
};
- systemd.services.drivedroid = {
+ systemd.services.drivedroid-gen-repo = {
description = "generates drivedroid repo file";
- restartIfChanged = true;
+ path = [
+ pkgs.coreutils
+ pkgs.drivedroid-gen-repo
+ pkgs.inotify-tools
+ ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
Restart = "always";
- ExecStartPre = pkgs.writeScript "prepare-drivedroid-gen-repo" ''
- #!/bin/sh
- mkdir -p ${srepodir}/repos
+ ExecStartPre = pkgs.writeDash "prepare-drivedroid-gen-repo" ''
+ mkdir -p ${root}/repos
'';
- ExecStart = pkgs.writeScript "start-drivedroid-gen-repo" ''
- #!/bin/sh
+ ExecStart = pkgs.writeDash "start-drivedroid-gen-repo" ''
+ set -efu
+ cd ${root}
while sleep 60; do
- ${pkgs.inotify-tools}/bin/inotifywait -r ${srepodir} && ${pkgs.drivedroid-gen-repo}/bin/drivedroid-gen-repo --chdir "${srepodir}" repos/ > "${srepodir}/main.json"
+ if inotifywait -r .; then
+ drivedroid-gen-repo repos > main.json
+ fi
done
'';
};
--
cgit v1.2.3
From 57b4a87962e273525a0e3a955ae4a13ca45c59f3 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 17 Apr 2017 16:20:05 +0200
Subject: retiolum-bootstrap: krebs.nginx -> services.nginx
---
krebs/3modules/retiolum-bootstrap.nix | 56 ++++++++++++-----------------------
1 file changed, 19 insertions(+), 37 deletions(-)
diff --git a/krebs/3modules/retiolum-bootstrap.nix b/krebs/3modules/retiolum-bootstrap.nix
index 4bcd596d4..53b06a702 100644
--- a/krebs/3modules/retiolum-bootstrap.nix
+++ b/krebs/3modules/retiolum-bootstrap.nix
@@ -1,53 +1,38 @@
-{ config, lib, pkgs, ... }:
-
+{ config, pkgs, ... }:
with import <stockholm/lib>;
let
cfg = config.krebs.retiolum-bootstrap;
-
- out = {
- options.krebs.retiolum-bootstrap = api;
- config = lib.mkIf cfg.enable imp;
- };
-
- api = {
- enable = mkEnableOption "retiolum boot strap for tinc.krebsco.de";
- hostname = mkOption {
+in
+{
+ options.krebs.retiolum-bootstrap = {
+ enable = mkEnableOption "retiolum boot strap for ${cfg.serverName}";
+ serverName = mkOption {
type = types.str;
description = "hostname which serves tinc boot";
default = "tinc.krebsco.de" ;
};
- listen = mkOption {
- type = with types; listOf str;
- description = ''Addresses to listen on (nginx-syntax).
- ssl will be configured, http will be redirected to ssl.
- Make sure to have at least 1 ssl port configured.
- '';
- default = [ "80" "443 ssl" ] ;
+ sslCertificate = mkOption {
+ type = types.str;
+ description = "Certificate file to use for ssl";
+ default = "${toString <secrets>}/tinc.krebsco.de.crt" ;
};
- ssl_certificate_key = mkOption {
+ sslCertificateKey = mkOption {
type = types.str;
description = "Certificate key to use for ssl";
default = "${toString <secrets>}/tinc.krebsco.de.key";
};
- ssl_certificate = mkOption {
- type = types.str;
- description = "Certificate file to use for ssl";
- default = "${toString <secrets>}/tinc.krebsco.de.crt" ;
- };
# in use:
# <secrets/tinc.krebsco.de.crt>
# <secrets/tinc.krebsco.de.key>
};
- imp = {
- krebs.nginx.servers = assert config.krebs.nginx.enable; {
- retiolum-boot-ssl = {
- server-names = singleton cfg.hostname;
- listen = cfg.listen;
- extraConfig = ''
- ssl_certificate ${cfg.ssl_certificate};
- ssl_certificate_key ${cfg.ssl_certificate_key};
-
+ config = mkIf cfg.enable {
+ services.nginx = {
+ enable = mkDefault true;
+ virtualHosts.retiolum-bootstrap = {
+ inherit (cfg) serverName sslCertificate sslCertificateKey;
+ enableSSL = true;
+ extraConfig =''
if ($scheme = http){
return 301 https://$server_name$request_uri;
}
@@ -55,10 +40,7 @@ let
root ${pkgs.retiolum-bootstrap};
try_files $uri $uri/retiolum.sh;
'';
- locations = [];
};
};
};
-
-in
-out
+}
--
cgit v1.2.3
From c577d6b9972203941c577d9fb5488345d5fe84b5 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 17 Apr 2017 16:22:09 +0200
Subject: krebs.nginx: RIP
---
krebs/3modules/bepasty-server.nix | 2 +-
krebs/3modules/buildbot/master.nix | 1 -
krebs/3modules/default.nix | 1 -
krebs/3modules/nginx.nix | 190 -----------------------------
shared/1systems/test-all-krebs-modules.nix | 1 -
5 files changed, 1 insertion(+), 194 deletions(-)
delete mode 100644 krebs/3modules/nginx.nix
diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix
index 4e035e725..0ca13366b 100644
--- a/krebs/3modules/bepasty-server.nix
+++ b/krebs/3modules/bepasty-server.nix
@@ -37,7 +37,7 @@ let
# TODO use the correct type
type = with types; attrsOf unspecified;
description = ''
- additional nginx configuration. see krebs.nginx for all options
+ Additional nginx configuration.
'';
};
secretKey = mkOption {
diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix
index b31661572..d75e6c880 100644
--- a/krebs/3modules/buildbot/master.nix
+++ b/krebs/3modules/buildbot/master.nix
@@ -78,7 +78,6 @@ let
# stopAllBuilds = 'auth',
# cancelPendingBuild = 'auth'
#)
- # TODO: configure krebs.nginx
c['www'] = dict(
port = ${toString cfg.web.port},
plugins = { 'waterfall_view':{}, 'console_view':{} }
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 37db5bfe7..d539d4166 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -26,7 +26,6 @@ let
./kapacitor.nix
./monit.nix
./newsbot-js.nix
- ./nginx.nix
./nixpkgs.nix
./on-failure.nix
./os-release.nix
diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix
deleted file mode 100644
index b28e97e37..000000000
--- a/krebs/3modules/nginx.nix
+++ /dev/null
@@ -1,190 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-let
- cfg = config.krebs.nginx;
-
- out = {
- options.krebs.nginx = api;
- config = lib.mkIf cfg.enable imp;
- };
-
- api = {
- enable = mkEnableOption "krebs.nginx";
-
- default404 = mkOption {
- type = types.bool;
- default = true;
- description = ''
- By default all requests not directed to an explicit hostname are
- replied with a 404 error to avoid accidental exposition of nginx
- services.
-
- Set this value to `false` to disable this behavior - you will then be
- able to configure a new `default_server` in the listen address entries
- again.
- '';
- };
-
- servers = mkOption {
- type = types.attrsOf (types.submodule {
- options = {
- server-names = mkOption {
- type = with types; listOf str;
- default =
- [config.krebs.build.host.name] ++
- concatMap (getAttr "aliases")
- (attrValues config.krebs.build.host.nets);
- };
- listen = mkOption {
- type = with types; either str (listOf str);
- default = "80";
- apply = x:
- if typeOf x != "list"
- then [x]
- else x;
- };
- locations = mkOption {
- type = with types; listOf (attrsOf str);
- default = [];
- };
- extraConfig = mkOption {
- type = with types; string;
- default = "";
- };
- ssl = mkOption {
- type = with types; submodule ({ config, ... }: {
- options = {
- enable = mkEnableOption "ssl";
- acmeEnable = mkOption {
- type = bool;
- apply = x:
- if x && config.enable
- #conflicts because of certificate/certificate_key location
- then throw "can't use ssl.enable and ssl.acmeEnable together"
- else x;
- default = false;
- description = ''
- enables automatical generation of lets-encrypt certificates and setting them as certificate
- conflicts with ssl.enable
- '';
- };
- certificate = mkOption {
- type = str;
- };
- certificate_key = mkOption {
- type = str;
- };
- #TODO: check for valid cipher
- ciphers = mkOption {
- type = str;
- default = "AES128+EECDH:AES128+EDH";
- };
- prefer_server_ciphers = mkOption {
- type = bool;
- default = true;
- };
- force_encryption = mkOption {
- type = bool;
- default = false;
- description = ''
- redirect all `http` traffic to the same domain but with ssl
- protocol.
- '';
- };
- protocols = mkOption {
- type = listOf (enum [ "SSLv2" "SSLv3" "TLSv1" "TLSv1.1" "TLSv1.2" ]);
- default = [ "TLSv1.1" "TLSv1.2" ];
-
- };
- };
- });
- default = {};
- };
- };
- });
- default = {};
- };
- };
-
- imp = {
- security.acme.certs = mapAttrs (_: to-acme) (filterAttrs (_: server: server.ssl.acmeEnable) cfg.servers);
- services.nginx = {
- enable = true;
- httpConfig = ''
- default_type application/octet-stream;
- sendfile on;
- keepalive_timeout 65;
- gzip on;
-
- ${optionalString cfg.default404 ''
- server {
- listen 80 default_server;
- server_name _;
- return 404;
- }''}
-
- ${concatStrings (mapAttrsToList (_: to-server) cfg.servers)}
- '';
- };
- };
-
- to-acme = { server-names, ssl, ... }:
- optionalAttrs ssl.acmeEnable {
- email = "lassulus@gmail.com";
- webroot = "${config.security.acme.directory}/${head server-names}";
- };
-
- to-location = { name, value }: ''
- location ${name} {
- ${indent value}
- }
- '';
-
- to-server = { server-names, listen, locations, extraConfig, ssl, ... }: let
- domain = head server-names;
- acmeLocation = optionalAttrs ssl.acmeEnable (nameValuePair "/.well-known/acme-challenge" ''
- root ${config.security.acme.certs.${domain}.webroot};
- '');
- in ''
- server {
- server_name ${toString (unique server-names)};
- ${concatMapStringsSep "\n" (x: indent "listen ${x};") listen}
- ${optionalString ssl.enable (indent ''
- ${optionalString ssl.force_encryption ''
- if ($scheme = http){
- return 301 https://$server_name$request_uri;
- }
- ''}
- listen 443 ssl;
- ssl_certificate ${ssl.certificate};
- ssl_certificate_key ${ssl.certificate_key};
- ${optionalString ssl.prefer_server_ciphers ''
- ssl_prefer_server_ciphers On;
- ''}
- ssl_ciphers ${ssl.ciphers};
- ssl_protocols ${toString ssl.protocols};
- '')}
- ${optionalString ssl.acmeEnable (indent ''
- ${optionalString ssl.force_encryption ''
- if ($scheme = http){
- return 301 https://$server_name$request_uri;
- }
- ''}
- listen 443 ssl;
- ssl_certificate ${config.security.acme.directory}/${domain}/fullchain.pem;
- ssl_certificate_key ${config.security.acme.directory}/${domain}/key.pem;
- ${optionalString ssl.prefer_server_ciphers ''
- ssl_prefer_server_ciphers On;
- ''}
- ssl_ciphers ${ssl.ciphers};
- ssl_protocols ${toString ssl.protocols};
- '')}
- ${indent extraConfig}
- ${optionalString ssl.acmeEnable (indent (to-location acmeLocation))}
- ${indent (concatMapStrings to-location locations)}
- }
- '';
-
-in
-out
diff --git a/shared/1systems/test-all-krebs-modules.nix b/shared/1systems/test-all-krebs-modules.nix
index b42968cfb..39d7c494b 100644
--- a/shared/1systems/test-all-krebs-modules.nix
+++ b/shared/1systems/test-all-krebs-modules.nix
@@ -36,7 +36,6 @@ in {
enable = true;
tables = {};
};
- nginx.enable = true;
realwallpaper.enable = true;
tinc.retiolum.enable = true;
retiolum-bootstrap.enable = true;
--
cgit v1.2.3
From d53824e7b551759854c6e0ae77411c179a168754 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 17 Apr 2017 13:08:36 +0200
Subject: m: init syncthing for hosts
---
makefu/1systems/fileleech.nix | 2 +-
makefu/1systems/gum.nix | 5 +++--
makefu/1systems/omo.nix | 5 +++--
makefu/2configs/ipfs.nix | 5 +++++
makefu/2configs/syncthing.nix | 11 +++++++++++
5 files changed, 23 insertions(+), 5 deletions(-)
create mode 100644 makefu/2configs/ipfs.nix
create mode 100644 makefu/2configs/syncthing.nix
diff --git a/makefu/1systems/fileleech.nix b/makefu/1systems/fileleech.nix
index 4f92c2b90..3aa5a54f8 100644
--- a/makefu/1systems/fileleech.nix
+++ b/makefu/1systems/fileleech.nix
@@ -32,7 +32,6 @@ in {
../2configs/elchos/log.nix
../2configs/elchos/search.nix
../2configs/elchos/stats.nix
- ../2configs/stats-srv.nix
];
systemd.services.grafana.serviceConfig.LimitNOFILE=10032;
@@ -129,6 +128,7 @@ in {
# createHome = true;
openssh.authorizedKeys.keys = [
config.krebs.users.makefu.pubkey
+ config.krebs.users.lass.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7betFnMWVeBYRhJ+2f0B5WbDdbpteIVg/BlyimXbx79R7lZ7nUq5GyMLrp7B00frUuA0su8oFFN3ODPJDstgBslBIP7kWPR2zW8NOXorrbFo3J2fKvlO77k6/wD5/M11m5nS01/aVJgAgMGLg2W12G7EMf5Wq75YsQJC/S9p8kMca589djMPRuQETu7fWq0t/Gmwq+2ELLL0csRK87LvybA92JYkAIneRnGzIlCguOXq0Vcq6pGQ1J1PfVEP76Do33X29l2hZc/+vR9ExW6s2g7fs5/5LDX9Wnq7+AEsxiEf4IOeL0hCG4/CGGCN23J+6cDrNKOP94AHO1si0O2lxFsxgNU2vdVWPNgSLottiUFBPPNEZFD++sZyutzH6PIz6D90hB2Q52X6WN9ZUtlDfQ91rHd+S2BhR6f4dAqiRDXlI5MNNDdoTT4S5R0wU/UrNwjiV/xiu/hWZYGQK7YgY4grFRblr378r8FqjLvumPDFMDLVa9eJKq1ad1x/GV5tZpsttzWj4nbixaKlZOg+TN2GHboujLx3bANz1Jqfvfto8UOeKTtA8pkb8E1PJPpBMOZcA7oHaqJrp6Vuf/SkmglHnQvGbi60OK3s61nuRmIcBiTXd+4qeAJpq1QyEDj3X/+hV0Gwz8rCo6JGkF1ETW37ZYvqU9rxNXjS+/Pfktw== jules@kvasir-2015-02-13"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDINUD+p2yrc9KoTbCiuYhdfLlRu/eNX6BftToSMLs8O9qWQORjgXbDn8M9iUWXCHzdUZ9sm6Rz8TMdEV0jZq/nB01zYnW4NhMrt+NGtrmGqDa+eYrRZ4G7Rx8AYzM/ZSwERKX10txAVugV44xswRxWvFbCedujjXyWsxelf1ngb+Hiy9/CPuWNYEhTZs/YuvNkupCui2BuKuoSivJAkLhGk5YqwwcllCr39YXa/tFJWsgoQNcB9hwpzfhFm6Cc7m5DhmTWSVhQHEWyaas8Lukmd4v+mRY+KZpuhbomCHWzkxqzdBun8SXiiAKlgem9rtBIgeTEfz9OtOfF3/6VfqE7 toerb@mittagspause ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0IP143FAHBHWjEEKGOnM8SSTIgNF1MJxGCMKaJvTHf momo@k2.local"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1ZJSpBb7Cxo+c2r2JJIcbYOTm/sJxOv2NFRoDfjxGS9CCwzRbzrwJcv2d23j35mu97x3+fUvo8DyMFLvLvume2PFCijqhMDzZZvjYXZdvXA+hnh53nqZf+Pjq8Xc3tSWBHQxUokaBmZbd4LlKHh8NgKVrP2zve6OPZMzo/Es93v37KEmT8d/PfVMrQEMPZzFrCVdq2RbpdQ1nhx09zRFW7OJOazgotafjx6IYXbVq2VDnjffXInsE9ZxDzYq1cNKIH0c2BLpTd3mv76iD9i+nD6W6s48+usFQnVLt2TY1uKkfMr7043E6jBxx5kNHBe5Xxr6Zs0SkR8kKOEhMO//4ucviUYKZJn8wk2SLkAyMYVBexx8jrTdlI4xgQ7RLpSIDTCm9dfbZY/YhZDJ21lsWduQqu7DFWMe05gg4NZDjf2kwYQOzATyqISGA7ttSEPT1iymr/ffAOgLBLSqWQAteUbI2U5cnflWZGwm33JF/Pyb4S3k3/f2mIBKiRx2lsGv6mx1w0SaYRtJxDWqGYMHuFiNYbq9r/bZfLqV3Fy9kRODFJTfJh8mcTnC4zabpiQ7fnqbh1qHu0WrrBSgFW0PR2WWCJ0e5Btj1yRgXp0+d5OuxxlVInRs+l2HogdxjonMhAHrTCzJtI8UJTKXKN0FBPRDRcepeExhvNqcOUz4Kvw== me@andreaskist.de"
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index c39997ebf..3186f8887 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -35,10 +35,12 @@ in {
../2configs/nginx/update.connector.one.nix
../2configs/deployment/mycube.connector.one.nix
../2configs/deployment/graphs.nix
+ # ../2configs/ipfs.nix
+ ../2configs/syncthing.nix
# ../2configs/opentracker.nix
../2configs/logging/central-stats-client.nix
- ../2configs/logging/central-logging-client.nix
+ # ../2configs/logging/central-logging-client.nix
];
services.smartd.devices = [ { device = "/dev/sda";} ];
@@ -79,7 +81,6 @@ in {
];
services.bitlbee.enable = true;
systemd.services.bitlbee.environment.BITLBEE_DEBUG="1";
- # systemd.services.bitlbee.serviceConfig.ExecStart = "${pkgs.bitlbee}/bin/bitlbee -Dnv -c
# Hardware
boot.loader.grub.device = "/dev/sda";
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index 99303b604..ff34ee843 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -53,9 +53,10 @@ in {
../2configs/omo-share.nix
../2configs/tinc/retiolum.nix
../2configs/logging/central-stats-server.nix
- ../2configs/logging/central-logging-server.nix
+ # ../2configs/logging/central-logging-server.nix
../2configs/logging/central-stats-client.nix
- ../2configs/logging/central-logging-client.nix
+ ../2configs/syncthing.nix
+ # ../2configs/logging/central-logging-client.nix
# ../2configs/torrent.nix
diff --git a/makefu/2configs/ipfs.nix b/makefu/2configs/ipfs.nix
new file mode 100644
index 000000000..cc07e063d
--- /dev/null
+++ b/makefu/2configs/ipfs.nix
@@ -0,0 +1,5 @@
+{...}:
+{
+ services.ipfs.enable = true;
+ networking.firewall.allowedTCPPorts = [ 4001 ];
+}
diff --git a/makefu/2configs/syncthing.nix b/makefu/2configs/syncthing.nix
new file mode 100644
index 000000000..6b758ea2d
--- /dev/null
+++ b/makefu/2configs/syncthing.nix
@@ -0,0 +1,11 @@
+{...}:
+
+with import <stockholm/lib>; {
+ services.syncthing = {
+ enable = true;
+ openDefaultPorts = true;
+ useInotify = true;
+ group = "download";
+ };
+ users.extraGroups.download.gid = genid "download";
+}
--
cgit v1.2.3
From 6436eac7b9081c3a2f06aff5c27c40a2f54a4eff Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 17 Apr 2017 13:11:32 +0200
Subject: m 2 urxvtd: init
---
makefu/1systems/x.nix | 3 ++-
makefu/2configs/base-gui.nix | 5 ++++-
makefu/2configs/urxvtd.nix | 21 +++++++++++++++++++++
makefu/5pkgs/awesomecfg/full.cfg | 2 +-
4 files changed, 28 insertions(+), 3 deletions(-)
create mode 100644 makefu/2configs/urxvtd.nix
diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix
index 9cedc04a8..51c9543ef 100644
--- a/makefu/1systems/x.nix
+++ b/makefu/1systems/x.nix
@@ -2,6 +2,7 @@
#
#
{ config, pkgs, ... }:
+with import <stockholm/lib>;
{
imports =
@@ -78,7 +79,7 @@
};
boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
- environment.systemPackages = [ pkgs.passwdqc-utils pkgs.bintray-upload ];
+ environment.systemPackages = [ pkgs.passwdqc-utils ];
virtualisation.docker.enable = true;
diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix
index ba4c551b3..1a19ab36b 100644
--- a/makefu/2configs/base-gui.nix
+++ b/makefu/2configs/base-gui.nix
@@ -16,7 +16,10 @@ let
mainUser = config.krebs.build.user.name;
in
{
- imports = [ ];
+ imports = [
+ ./urxvtd.nix
+ ];
+
services.xserver = {
enable = true;
layout = "us";
diff --git a/makefu/2configs/urxvtd.nix b/makefu/2configs/urxvtd.nix
new file mode 100644
index 000000000..286b87ab3
--- /dev/null
+++ b/makefu/2configs/urxvtd.nix
@@ -0,0 +1,21 @@
+{ config, pkgs, ... }:
+
+let
+ mainUser = config.krebs.build.user.name;
+in {
+ systemd.services.urxvtd = {
+ wantedBy = [ "multi-user.target" ];
+ before = [ "graphical.target" ];
+ reloadIfChanged = true;
+ serviceConfig = {
+ SyslogIdentifier = "urxvtd";
+ ExecReload = "${pkgs.coreutils}/bin/echo NOP";
+ ExecStart = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtd";
+ Restart = "always";
+ RestartSec = "2s";
+ StartLimitBurst = 0;
+ User = mainUser;
+ };
+ };
+ # TODO: sessionCommands from base-gui related to urxvt in this file
+}
diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg
index e43341d25..73ff42e9f 100644
--- a/makefu/5pkgs/awesomecfg/full.cfg
+++ b/makefu/5pkgs/awesomecfg/full.cfg
@@ -90,7 +90,7 @@ client.connect_signal("focus", function(c) c.border_color = beautiful.border_foc
client.connect_signal("unfocus", function(c) c.border_color = beautiful.border_normal end)
-- This is used later as the default terminal and editor to run.
-terminal = "urxvt"
+terminal = "urxvtc"
editor = os.getenv("EDITOR") or "vim"
editor_cmd = terminal .. " -e " .. editor
browser = "firefox"
--
cgit v1.2.3
From c762622a293248f55e46ff83fb870df128a0fb59 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 17 Apr 2017 13:12:16 +0200
Subject: m 2 default: 2982661 -> 4fac473
---
makefu/2configs/default.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index cd9b4c056..0865c3a31 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -11,7 +11,7 @@ with import <stockholm/lib>;
./vim.nix
./binary-cache/nixos.nix
];
-
+ programs.command-not-found.enable = false;
nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name);
krebs = {
enable = true;
@@ -22,7 +22,7 @@ with import <stockholm/lib>;
user = config.krebs.users.makefu;
source = let
inherit (config.krebs.build) host user;
- ref = "2982661"; # unstable @ 2017-03-31 + cups-dymo + snapraid-11.1
+ ref = "4fac473"; # unstable @ 2017-03-31 + command-not-found
in {
nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then
{
--
cgit v1.2.3
From 52ff49d7d5a7bc7a815fd457d69e028cfb9b8325 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 17 Apr 2017 13:13:07 +0200
Subject: m 2 tools: add packages
---
makefu/2configs/tools/core-gui.nix | 2 +-
makefu/2configs/tools/core.nix | 1 +
makefu/2configs/tools/extra-gui.nix | 1 +
makefu/2configs/tools/sec.nix | 1 +
4 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/makefu/2configs/tools/core-gui.nix b/makefu/2configs/tools/core-gui.nix
index 6d62e92c0..0538647ae 100644
--- a/makefu/2configs/tools/core-gui.nix
+++ b/makefu/2configs/tools/core-gui.nix
@@ -12,11 +12,11 @@
firefox
keepassx
pcmanfm
+ evince
skype
mirage
tightvnc
gnome3.dconf
- wireshark
xdotool
xorg.xbacklight
scrot
diff --git a/makefu/2configs/tools/core.nix b/makefu/2configs/tools/core.nix
index 86d72c662..6ae2951eb 100644
--- a/makefu/2configs/tools/core.nix
+++ b/makefu/2configs/tools/core.nix
@@ -40,6 +40,7 @@
cac-api
cac-panel
krebspaste
+ krebszones
ledger
pass
];
diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix
index 9cfacf408..596734dd5 100644
--- a/makefu/2configs/tools/extra-gui.nix
+++ b/makefu/2configs/tools/extra-gui.nix
@@ -4,6 +4,7 @@
krebs.per-user.makefu.packages = with pkgs;[
inkscape
gimp
+ libreoffice
skype
virtmanager
synergy
diff --git a/makefu/2configs/tools/sec.nix b/makefu/2configs/tools/sec.nix
index 5ab699f35..e53d9ee8e 100644
--- a/makefu/2configs/tools/sec.nix
+++ b/makefu/2configs/tools/sec.nix
@@ -11,5 +11,6 @@
nmap
msf
thc-hydra
+ wireshark
];
}
--
cgit v1.2.3
From 456f20deda1d5d651a8c382aa8edc3cb59e26e7e Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 17 Apr 2017 13:13:35 +0200
Subject: m 1 shoney: graphs -> graph
---
makefu/1systems/shoney.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix
index 96aeb2856..9f04e97eb 100644
--- a/makefu/1systems/shoney.nix
+++ b/makefu/1systems/shoney.nix
@@ -31,7 +31,7 @@ in {
anonymous-domain = "localhost.localdomain";
anonymous.extraConfig = "return 403;";
complete = {
- serverAliases = [ "graphs.siem" ];
+ serverAliases = [ "graph.siem" ];
extraConfig = ''
if ( $server_addr = "${ip}" ) {
return 403;
--
cgit v1.2.3
From 0011f32a343a88ec1b7e5426d271a419bfeb6444 Mon Sep 17 00:00:00 2001
From: lassulus <lass@lassul.us>
Date: Tue, 18 Apr 2017 19:55:19 +0200
Subject: l 1 iso: enable copytoram
---
lass/1systems/iso.nix | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix
index 01d698c4c..5bbd0c1d7 100644
--- a/lass/1systems/iso.nix
+++ b/lass/1systems/iso.nix
@@ -11,6 +11,9 @@ with import <stockholm/lib>;
../2configs/mc.nix
../2configs/nixpkgs.nix
../2configs/vim.nix
+ {
+ boot.kernelParams = [ "copytoram" ];
+ }
{
krebs.enable = true;
krebs.build.user = config.krebs.users.lass;
--
cgit v1.2.3
From d528daf9e8d4ec59b3e5355576eaf001136763cc Mon Sep 17 00:00:00 2001
From: lassulus <lass@lassul.us>
Date: Tue, 18 Apr 2017 21:02:17 +0200
Subject: l 2 nixpkgs: 5acb454 -> c85f39e
---
lass/2configs/nixpkgs.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index 5309c9551..5f9800b0f 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://cgit.lassul.us/nixpkgs;
- ref = "5acb454";
+ ref = "c85f39e";
};
}
--
cgit v1.2.3
From d40738d41573eca83d7e84f8a9946f8d8441a0d0 Mon Sep 17 00:00:00 2001
From: lassulus <lass@lassul.us>
Date: Wed, 19 Apr 2017 00:13:52 +0200
Subject: l 1 iso: hack around buggy /dev/stderr in live iso
---
lass/1systems/iso.nix | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix
index 5bbd0c1d7..99399550c 100644
--- a/lass/1systems/iso.nix
+++ b/lass/1systems/iso.nix
@@ -12,6 +12,27 @@ with import <stockholm/lib>;
../2configs/nixpkgs.nix
../2configs/vim.nix
{
+ # /dev/stderr doesn't work. I don't know why
+ # /proc/self doesn't seem to work correctly
+ # /dev/pts is empty except for 1 file
+ # my life sucks
+ nixpkgs.config.packageOverrides = super: {
+ irc-announce = super.callPackage <stockholm/krebs/5pkgs/irc-announce> {
+ pkgs = pkgs // { coreutils = pkgs.concat "coreutils-hack" [
+ pkgs.coreutils
+ (pkgs.writeDashBin "tee" ''
+ if test "$1" = /dev/stderr; then
+ while read -r line; do
+ echo "$line"
+ echo "$line" >&2
+ done
+ else
+ ${super.coreutils}/bin/tee "$@"
+ fi
+ '')
+ ];};
+ };
+ };
boot.kernelParams = [ "copytoram" ];
}
{
--
cgit v1.2.3