steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'staging' into 'master'

Browse source 
Staging

See merge request steveeJ/infra!13
This commit is contained in:
steveej 2019-02-04 08:26:52 +00:00
commit ae32e0113b
20 changed files with 676 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

98
certificates/sat-r220-02.lab.eng.rdu2.redhat.com.crt Normal file
View file

@ -0,0 +1,98 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d0:17:d1:86:81:d4:f1:28
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=North Carolina, L=Raleigh, O=Katello, OU=SomeOrgUnit, CN=sat-r220-02.lab.eng.rdu2.redhat.com
Validity
Not Before: Nov 2 15:37:13 2018 GMT
Not After : Jan 17 15:37:13 2038 GMT
Subject: C=US, ST=North Carolina, L=Raleigh, O=Katello, OU=SomeOrgUnit, CN=sat-r220-02.lab.eng.rdu2.redhat.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ba:03:39:e3:af:3e:c7:89:bd:d0:07:66:83:18:
9c:c0:da:56:e8:bb:37:fe:03:67:94:9a:1c:9d:47:
da:6a:a7:6e:56:6d:0a:73:05:79:0e:44:61:71:78:
33:33:79:b1:ce:a6:9d:87:d0:01:81:10:d5:e3:21:
0f:d0:e9:ef:86:dc:13:34:62:42:47:81:f6:ce:d8:
78:de:00:0c:a6:5d:25:d8:cc:72:6a:c4:7c:e1:5b:
84:2b:e2:3c:b6:51:7e:8e:e6:e1:55:7d:b4:c8:e7:
98:76:eb:20:15:48:6f:2e:91:ca:b7:17:d4:d9:76:
5b:40:1c:7e:4c:0b:6f:2c:63:fa:78:c5:8b:b5:36:
b6:01:d9:da:58:a9:06:76:32:18:ca:b2:7c:2d:aa:
4f:4e:f5:67:30:4c:a6:a3:e3:ef:7c:1d:d3:67:de:
da:a5:b9:57:0d:74:01:c3:24:a9:03:61:98:91:c2:
1f:1d:a4:36:d2:a6:f4:95:6f:01:6a:99:41:ea:f0:
8c:7a:7d:a0:0d:34:93:a3:80:cb:19:fb:1a:e1:c4:
0b:60:5c:8d:33:ea:90:ed:98:d2:2a:06:6e:a2:02:
1f:f8:2c:1e:d4:d0:d4:8f:93:8d:c9:fe:21:39:6a:
5b:7b:60:5d:2a:9c:1e:3f:51:31:b1:be:56:28:cb:
4d:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE
X509v3 Key Usage:
Digital Signature, Key Encipherment, Certificate Sign, CRL Sign
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Netscape Cert Type:
SSL Server, SSL CA
Netscape Comment:
Katello SSL Tool Generated Certificate
X509v3 Subject Key Identifier:
72:CD:88:06:03:FE:5D:A2:D0:B3:20:C7:37:74:06:84:A8:A8:13:DF
X509v3 Authority Key Identifier:
keyid:72:CD:88:06:03:FE:5D:A2:D0:B3:20:C7:37:74:06:84:A8:A8:13:DF
DirName:/C=US/ST=North Carolina/L=Raleigh/O=Katello/OU=SomeOrgUnit/CN=sat-r220-02.lab.eng.rdu2.redhat.com
serial:D0:17:D1:86:81:D4:F1:28
Signature Algorithm: sha256WithRSAEncryption
70:fe:c6:9f:1a:62:e8:b0:a6:25:df:e8:51:6c:e9:08:48:00:
72:2b:d8:a2:95:6e:57:01:8e:2a:9c:a0:14:f8:c9:8a:e3:5d:
48:64:f9:0f:81:e7:3e:b1:c2:cb:a0:ec:55:d6:e4:7f:c0:46:
7b:bc:66:15:88:61:73:3b:ea:9e:ea:cb:32:79:35:bc:dc:eb:
6f:d8:d0:89:c2:ae:fd:02:43:cd:e0:38:d6:9c:16:d7:6d:bb:
2c:73:53:3c:82:56:51:d8:96:71:e1:28:49:31:be:fb:ed:23:
08:e5:8d:eb:48:c7:25:5d:ef:0e:30:22:d3:93:7f:f1:66:b8:
7f:8f:5c:d2:97:e7:13:0e:5b:06:1d:fd:97:1d:a5:24:93:d9:
8a:d2:ba:51:00:b3:71:c8:61:da:79:31:64:75:96:d0:b8:d8:
45:57:24:40:2f:11:d6:63:70:f5:bf:8d:fc:7f:1b:b9:ad:e0:
16:6a:89:9b:6a:0c:d3:e3:b5:14:b4:5c:36:8a:b0:dd:15:4d:
4e:77:e9:9b:29:df:e9:e3:27:dc:87:f8:6e:5d:a9:14:42:5c:
8b:7b:13:9d:8b:c7:7a:4d:6d:52:7e:5f:02:9f:21:15:de:98:
5d:f5:25:30:d3:fa:b4:34:f3:ff:8d:36:c7:e3:1c:d3:b1:f7:
b6:7b:ad:40
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgIJANAX0YaB1PEoMA0GCSqGSIb3DQEBCwUAMIGOMQswCQYD
VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcMB1JhbGVp
Z2gxEDAOBgNVBAoMB0thdGVsbG8xFDASBgNVBAsMC1NvbWVPcmdVbml0MSwwKgYD
VQQDDCNzYXQtcjIyMC0wMi5sYWIuZW5nLnJkdTIucmVkaGF0LmNvbTAeFw0xODEx
MDIxNTM3MTNaFw0zODAxMTcxNTM3MTNaMIGOMQswCQYDVQQGEwJVUzEXMBUGA1UE
CAwOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcMB1JhbGVpZ2gxEDAOBgNVBAoMB0th
dGVsbG8xFDASBgNVBAsMC1NvbWVPcmdVbml0MSwwKgYDVQQDDCNzYXQtcjIyMC0w
Mi5sYWIuZW5nLnJkdTIucmVkaGF0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALoDOeOvPseJvdAHZoMYnMDaVui7N/4DZ5SaHJ1H2mqnblZtCnMF
eQ5EYXF4MzN5sc6mnYfQAYEQ1eMhD9Dp74bcEzRiQkeB9s7YeN4ADKZdJdjMcmrE
fOFbhCviPLZRfo7m4VV9tMjnmHbrIBVIby6RyrcX1Nl2W0AcfkwLbyxj+njFi7U2
tgHZ2lipBnYyGMqyfC2qT071ZzBMpqPj73wd02fe2qW5Vw10AcMkqQNhmJHCHx2k
NtKm9JVvAWqZQerwjHp9oA00k6OAyxn7GuHEC2BcjTPqkO2Y0ioGbqICH/gsHtTQ
1I+Tjcn+ITlqW3tgXSqcHj9RMbG+VijLTc0CAwEAAaOCAW0wggFpMAwGA1UdEwQF
MAMBAf8wCwYDVR0PBAQDAgGmMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
AjARBglghkgBhvhCAQEEBAMCAkQwNQYJYIZIAYb4QgENBCgWJkthdGVsbG8gU1NM
IFRvb2wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRyzYgGA/5dotCz
IMc3dAaEqKgT3zCBwwYDVR0jBIG7MIG4gBRyzYgGA/5dotCzIMc3dAaEqKgT36GB
lKSBkTCBjjELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRAw
DgYDVQQHDAdSYWxlaWdoMRAwDgYDVQQKDAdLYXRlbGxvMRQwEgYDVQQLDAtTb21l
T3JnVW5pdDEsMCoGA1UEAwwjc2F0LXIyMjAtMDIubGFiLmVuZy5yZHUyLnJlZGhh
dC5jb22CCQDQF9GGgdTxKDANBgkqhkiG9w0BAQsFAAOCAQEAcP7Gnxpi6LCmJd/o
UWzpCEgAcivYopVuVwGOKpygFPjJiuNdSGT5D4HnPrHCy6DsVdbkf8BGe7xmFYhh
czvqnurLMnk1vNzrb9jQicKu/QJDzeA41pwW1227LHNTPIJWUdiWceEoSTG+++0j
COWN60jHJV3vDjAi05N/8Wa4f49c0pfnEw5bBh39lx2lJJPZitK6UQCzcchh2nkx
ZHWW0LjYRVckQC8R1mNw9b+N/H8bua3gFmqJm2oM0+O1FLRcNoqw3RVNTnfpmynf
6eMn3If4bl2pFEJci3sTnYvHek1tUn5fAp8hFd6YXfUlMNP6tDTz/402x+Mc07H3
tnutQA==
-----END CERTIFICATE-----

2
nix/home-manager/configuration/graphical-fullblown.nix
View file

@ -87,6 +87,7 @@ in {
nix-index nix-index
nox nox
nix-prefetch-scripts nix-prefetch-scripts
nix-prefetch-github
# Version Control Systems # Version Control Systems
unstablepkgs.pijul unstablepkgs.pijul
@ -303,6 +304,7 @@ in {
testdisk testdisk
python27Packages.binwalk python27Packages.binwalk
gptfdisk gptfdisk
gparted
# games # games
zeroad zeroad

1
nix/home-manager/configuration/text-minimal.nix
View file

@ -23,5 +23,6 @@ in {
home.packages = [] home.packages = []
++ (with pkgs; [ ++ (with pkgs; [
iperf3 iperf3
telnet
]); ]);
} }

147
nix/os/containers/mailserver.nix Normal file
View file

@ -0,0 +1,147 @@
{ ... } @ args:
let
passwords = import ../../variables/passwords.crypt.nix;
in args // {
config = { pkgs, ... }: {
imports = [
../profiles/containers/configuration.nix
../profiles/common/user.nix
];
networking.firewall.enable = false;
services.ddclientovh = {
enable = true;
domain = "mailserver.svc.stefanjunker.de";
};
services.dovecot2 = {
enable = true;
modules = [ pkgs.dovecot_pigeonhole ];
protocols = [ "sieve" ];
enableImap = true;
enableLmtp = true;
enablePAM = true;
showPAMFailure = true;
mailLocation = "maildir:~/.maildir";
sslServerCert = "/etc/secrets/server.pem";
sslServerKey = "/etc/secrets/server.key";
#configFile = "/etc/dovecot/dovecot2_manual.conf";
extraConfig = ''
auth_mechanisms = cram-md5 digest-md5
auth_verbose = yes
passdb {
driver = passwd-file
args = scheme=CRYPT username_format=%u /etc/dovecot/users
}
'';
};
environment.etc."dovecot/users".text = ''
steveej:${passwords.email.steveej}
'';
systemd.services.steveej-getmail-stefanjunker = {
enable = true;
wantedBy = [ "multi-user.target" ];
serviceConfig.User = "steveej";
serviceConfig.Group = "users";
description = "Getmail service";
path = [ pkgs.getmail ];
script = let
rc = pkgs.writeText "mailATstefanjunker.de.getmail.rc" ''
[options]
verbose = 1
read_all = 0
delete_after = 30
[retriever]
type = SimpleIMAPSSLRetriever
server = ssl0.ovh.net
port = 993
username = mail@stefanjunker.de
password = ${passwords.email.mailStefanjunkerDe}
mailboxes = ('INBOX',)
[destination]
type = Maildir
path = ~/.maildir/
'';
in ''
getmail --rcfile=${rc} --idle=INBOX
'';
};
systemd.services.steveej-getmail-webde = {
enable = true;
wantedBy = [ "multi-user.target" ];
serviceConfig.User = "steveej";
serviceConfig.Group = "users";
description = "Getmail service";
path = [ pkgs.getmail ];
serviceConfig.RestartSec = 900;
serviceConfig.Restart = "always";
script = let
rc = pkgs.writeText "schtifATweb.de.getmail.rc" ''
[options]
verbose = 1
read_all = 0
delete_after = 30
[retriever]
type = SimpleIMAPSSLRetriever
server = imap.web.de
port = 993
username = schtif
password = ${passwords.email.schtifATwebDe}
mailboxes = ('INBOX',)
[destination]
type = Maildir
path = ~/.maildir/
'';
in ''
getmail --rcfile=${rc}
'';
};
};
autoStart = true;
bindMounts = {
"/etc/secrets/" = {
hostPath = "/var/lib/container-volumes/mailserver/etc-secrets";
isReadOnly = false;
};
"/home" = {
hostPath = "/var/lib/container-volumes/mailserver/home";
isReadOnly = false;
};
};
privateNetwork = true ;
forwardPorts = [
{
# imaps
containerPort = 993;
hostPort = 993;
protocol = "tcp";
}
{
# sieve
containerPort = 4190;
hostPort = 4190;
protocol = "tcp";
}
];
}

88
nix/os/containers/webserver.nix Normal file
View file

@ -0,0 +1,88 @@
{ ... } @ args:
let
in args // {
config = { config, pkgs, ... }: {
imports = [
../profiles/containers/configuration.nix
];
networking.firewall.enable = false;
services.ddclientovh = {
enable = true;
domain = "www.stefanjunker.de";
};
services.nginx.enable = true;
services.nginx.virtualHosts."stefanjunker.de" = {
default = true;
onlySSL = true;
root = "/var/www/stefanjunker.de/htdocs";
sslCertificate = "/etc/secrets/stefanjunker.de/nginx/nginx.crt";
sslCertificateKey = "/etc/secrets/stefanjunker.de/nginx/nginx.key";
locations."/fi" = {
index = "index.php";
};
locations."~ ^(.+\.php)(.*)$".extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
'';
};
services.phpfpm.phpPackage = pkgs.php56;
services.phpfpm.poolConfigs.mypool = ''
listen = 127.0.0.1:9000
user = nobody
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.max_requests = 500
php_admin_value[error_reporting] = E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED
'';
services.mysql = {
enable = true;
package = pkgs.mariadb;
};
};
autoStart = true;
bindMounts = {
"/etc/secrets/" = {
hostPath = "/var/lib/container-volumes/webserver/etc-secrets";
isReadOnly = true;
};
"/var/www" = {
hostPath = "/var/lib/container-volumes/webserver/var-www";
isReadOnly = false;
};
"/var/lib/mysql" = {
hostPath = "/var/lib/container-volumes/webserver/var-lib-mysql";
isReadOnly = false;
};
};
privateNetwork = true;
forwardPorts = [
{
# https
containerPort = 443;
hostPort = 443;
protocol = "tcp";
}
];
}

2
nix/os/devices/steveej-t480s-work/configuration.nix
View file

@ -15,5 +15,7 @@
./system.nix ./system.nix
./hw.nix ./hw.nix
./pkg.nix ./pkg.nix
../../profiles/podman/configuration.nix
]; ];
} }

5
nix/os/devices/steveej-t480s-work/system.nix
View file

@ -72,4 +72,9 @@ in {
authorizedKeys = keys.users.steveej.openssh; authorizedKeys = keys.users.steveej.openssh;
}; };
}; };
security.pki.certificateFiles = [
"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
../../../../certificates/sat-r220-02.lab.eng.rdu2.redhat.com.crt
];
} }

0
nix/os/devices/CFB4ED74/boot.nix → nix/os/devices/vmd32387.contaboserver.net/boot.nix
View file

0
nix/os/devices/CFB4ED74/configuration.nix → nix/os/devices/vmd32387.contaboserver.net/configuration.nix
View file

0
nix/os/devices/CFB4ED74/hw.nix → nix/os/devices/vmd32387.contaboserver.net/hw.nix
View file

0
nix/os/devices/CFB4ED74/pkg.nix → nix/os/devices/vmd32387.contaboserver.net/pkg.nix
View file

30
nix/os/devices/CFB4ED74/system.nix → nix/os/devices/vmd32387.contaboserver.net/system.nix
View file

@ -8,18 +8,24 @@ let
in { in {
# TASK: new device # TASK: new device
networking.hostName = "contabo1"; # Define your hostname. networking.hostName = "vmd32387"; # Define your hostname.
networking.domain = "bootstrap.clusters.stefanjunker.de"; networking.domain = "contaboserver.net";
networking.firewall.enable = true; networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
# iperf3 # iperf3
5201 5201
]; ];
networking.firewall.logRefusedConnections = false;
networking.useDHCP = true;
networking.usePredictableInterfaceNames = false; networking.usePredictableInterfaceNames = false;
networking.dhcpcd = {
enable = true;
persistent = true;
};
networking.interfaces.eth0 = { networking.interfaces.eth0 = {
useDHCP = true;
ipv6.addresses = [ ipv6.addresses = [
{ address = "2a02:c207:3003:2387::1"; prefixLength = 64; } { address = "2a02:c207:3003:2387::1"; prefixLength = 64; }
]; ];
@ -29,6 +35,12 @@ in {
interface = "eth0"; interface = "eth0";
}; };
networking.nat = {
enable = true;
internalInterfaces = [ "ve-+" ];
externalInterface = "eth0";
};
# Kubernetes # Kubernetes
# services.kubernetes.roles = ["master" "node"]; # services.kubernetes.roles = ["master" "node"];
@ -57,4 +69,16 @@ in {
ip link set $iface down ip link set $iface down
done done
''; '';
containers = {
mailserver = import ../../containers/mailserver.nix {
hostAddress = "192.168.100.10";
localAddress = "192.168.100.11";
};
webserver = import ../../containers/webserver.nix {
hostAddress = "192.168.100.12";
localAddress = "192.168.100.13";
};
};
} }

0
nix/os/devices/CFB4ED74/versions.nix → nix/os/devices/vmd32387.contaboserver.net/versions.nix
View file

30
nix/os/modules/ddclient-ovh.nix Normal file
View file

@ -0,0 +1,30 @@
{ lib
, config
, ... }:
let
cfg = config.services.ddclientovh;
passwords = import ../../variables/passwords.crypt.nix;
in {
options.services.ddclientovh = with lib; {
enable = mkEnableOption "Enable ddclient-ovh";
domain = mkOption {
type = types.string;
};
};
config = lib.mkIf cfg.enable {
services.ddclient = {
enable = true;
protocol = "dyndns2";
server = "www.ovh.com";
ssl = true;
domains = [ cfg.domain ];
use = "web, web=ifconfig.co";
inherit (passwords.dyndns.${cfg.domain}) username password;
};
};
}

11
nix/os/profiles/containers/configuration.nix Normal file
View file

@ -0,0 +1,11 @@
{ ... }:
{
nixpkgs.overlays = [
(import ../../../overlay.nix)
];
imports = [
../../modules/ddclient-ovh.nix
];
}

187
nix/os/profiles/podman/configuration.nix Normal file
View file

@ -0,0 +1,187 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
podman
runc
conmon
cni
cni-plugins
slirp4netns
];
environment.etc."containers/registries.conf".text = ''
# This is a system-wide configuration file used to
# keep track of registries for various container backends.
# It adheres to TOML format and does not support recursive
# lists of registries.
[registries.search]
registries = [ 'docker.io'
, 'registry.fedoraproject.org'
, 'registry.access.redhat.com'
, 'quay.io'
]
# If you need to access insecure registries, add the registry's fully-qualified name.
# An insecure registry is one that does not have a valid SSL certificate or only does HTTP.
[registries.insecure]
registries = ['localhost:5000']
'';
environment.etc."containers/policy.json".text = ''
{
"default": [
{
"type": "insecureAcceptAnything"
}
],
"transports":
{
"docker-daemon":
{
"": [{"type":"insecureAcceptAnything"}]
}
}
}
'';
environment.etc."cni/net.d/00-loopback.conf".text = ''
{
"cniVersion": "0.3.0",
"type": "loopback"
}
'';
environment.etc."cni/net.d/87-podman-bridge.conflist".text = ''
{
"cniVersion": "0.3.0",
"name": "podman",
"plugins": [
{
"type": "bridge",
"bridge": "cni0",
"isGateway": true,
"ipMasq": true,
"ipam": {
"type": "host-local",
"subnet": "10.88.0.0/16",
"routes": [
{ "dst": "0.0.0.0/0" }
]
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
'';
environment.etc."containers/libpod.conf".text = ''
# libpod.conf is the default configuration file for all tools using libpod to
# manage containers
# Default transport method for pulling and pushing for images
image_default_transport = "docker://"
# Paths to search for the Conmon container manager binary
runtime_path = [
"${pkgs.runc}/bin/runc"
]
# Paths to look for the Conmon container manager binary
conmon_path = [
"${pkgs.conmon}/bin/conmon"
]
# Environment variables to pass into conmon
conmon_env_vars = [
# "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
]
# CGroup Manager - valid values are "systemd" and "cgroupfs"
cgroup_manager = "systemd"
# Container init binary
#init_path = "/usr/libexec/podman/catatonit"
# Directory for persistent libpod files (database, etc)
# By default, this will be configured relative to where containers/storage
# stores containers
# Uncomment to change location from this default
#static_dir = "/var/lib/containers/storage/libpod"
# Directory for temporary files. Must be tmpfs (wiped after reboot)
tmp_dir = "/var/run/libpod"
# Maximum size of log files (in bytes)
# -1 is unlimited
max_log_size = -1
# Whether to use chroot instead of pivot_root in the runtime
no_pivot_root = false
# Directory containing CNI plugin configuration files
cni_config_dir = "/etc/cni/net.d/"
# Directories where the CNI plugin binaries may be located
cni_plugin_dir = [
"${pkgs.cni-plugins}/bin"
]
# Default CNI network for libpod.
# If multiple CNI network configs are present, libpod will use the network with
# the name given here for containers unless explicitly overridden.
# The default here is set to the name we set in the
# 87-podman-bridge.conflist included in the repository.
# Not setting this, or setting it to the empty string, will use normal CNI
# precedence rules for selecting between multiple networks.
cni_default_network = "podman"
# Default libpod namespace
# If libpod is joined to a namespace, it will see only containers and pods
# that were created in the same namespace, and will create new containers and
# pods in that namespace.
# The default namespace is "", which corresponds to no namespace. When no
# namespace is set, all containers and pods are visible.
#namespace = ""
# Default pause image name for pod pause containers
pause_image = "k8s.gcr.io/pause:3.1"
# Default command to run the pause container
pause_command = "/pause"
# Determines whether libpod will reserve ports on the host when they are
# forwarded to containers. When enabled, when ports are forwarded to containers,
# they are held open by conmon as long as the container is running, ensuring that
# they cannot be reused by other programs on the host. However, this can cause
# significant memory usage if a container has many ports forwarded to it.
# Disabling this can save memory.
#enable_port_reservation = true
# Default libpod support for container labeling
# label=true
# Paths to look for a valid OCI runtime (runc, runv, etc)
# FIXME: this doesn't seem to take effect
[runtimes]
runc = [
"${pkgs.runc}/bin/runc"
]
'';
environment.etc."subuid".text = ''
steveej:10000:65536
'';
environment.etc."subgid".text = ''
steveej:10000:65536
'';
}

27
nix/overlay.nix
View file

@ -1,15 +1,26 @@
self: super:
let let
nixpkgs-master = import (builtins.fetchTarball { nixpkgs-master = import (builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs-channels/archive/de5fd9e6110489722e8667664dce9fdc17331866.tar.gz"; url = "https://github.com/NixOS/nixpkgs-channels/archive/de5fd9e6110489722e8667664dce9fdc17331866.tar.gz";
sha256 = "0z1j2pmvn15m2ir2i9l2prr81cq7f1x8xs4cv2s7q4fslz586ghn"; sha256 = "0z1j2pmvn15m2ir2i9l2prr81cq7f1x8xs4cv2s7q4fslz586ghn";
}) {}; }) {};
# one application requires php5
nixpkgsWithPhp5 = super.fetchFromGitHub {
owner = "nixos";
repo = "nixpkgs-channels";
rev = "846d8f8305192dcc3a63139102698b4ac6b9ef9f";
sha256 = "1qifgc1q2i4g0ivpfjnxp4jl2cc82gfjws08dsllgw7q7kw4b4rb";
};
in self: super: { in {
podman = nixpkgs-master.podman; podman = nixpkgs-master.podman;
conmon = nixpkgs-master.conmon;
duplicacy = super.callPackage ./pkgs/duplicacy {}; duplicacy = super.callPackage ./pkgs/duplicacy {};
just = super.callPackage ./pkgs/just.nix {}; just = super.callPackage ./pkgs/just.nix {};
mfcl3770cdw = super.callPackage ./pkgs/mfcl3770cdw.nix {}; mfcl3770cdw = super.callPackage ./pkgs/mfcl3770cdw.nix {};
slirp4netns = super.callPackage ./pkgs/slirp4netns.nix {};
staruml = super.callPackage ./pkgs/staruml.nix { inherit (super.gnome2) GConf; libgcrypt = super.libgcrypt_1_5; }; staruml = super.callPackage ./pkgs/staruml.nix { inherit (super.gnome2) GConf; libgcrypt = super.libgcrypt_1_5; };
busyboxStatic = super.busybox.override { busyboxStatic = super.busybox.override {
@ -23,4 +34,18 @@ in self: super: {
dropbearStatic = super.dropbear.override { dropbearStatic = super.dropbear.override {
enableStatic = true; enableStatic = true;
}; };
php56 = (super.callPackages
"${nixpkgsWithPhp5}/pkgs/development/interpreters/php/default.nix" {})
.php56.overrideAttrs(drv: rec {
# See https://secure.php.net/ChangeLog-5.php
version = "5.6.40";
name = "php-${version}";
sha256 = "005s7w167dypl41wlrf51niryvwy1hfv53zxyyr3lm938v9jbl7z";
src = super.fetchurl {
url = "http://www.php.net/distributions/php-${version}.tar.bz2";
inherit sha256;
};
});
} }

49
nix/pkgs/slirp4netns.nix Normal file
View file

@ -0,0 +1,49 @@
{ stdenv
, fetchFromGitHub
, autoconf
, automake
, libtool
, gnumake
, gcc
}:
stdenv.mkDerivation rec {
name = "slirp4netns-${version}";
version = "v0.2.1";
src = fetchFromGitHub {
owner = "rootless-containers";
repo = "slirp4netns";
rev = "${version}";
sha256 = "0kqncza4kgqkqiki569j7ym9pvp7879i6q2z0djvda9y0i6b80w4";
};
buildInputs = [
autoconf
automake
libtool
gnumake
gcc
];
configurePhase = ''
./autogen.sh
./configure --prefix=""
'';
buildPhase = ''
make
'';
installPhase = ''
make DESTDIR="$out" install
'';
meta = with stdenv.lib; {
description = "User-mode networking for unprivileged network namespaces";
homepage = https://github.com/rootless-containers/slirp4netns;
license = null;
maintainers = [ maintainers.steveej ];
platforms = platforms.all;
};
}

BIN
nix/variables/passwords.crypt.nix
View file

Binary file not shown.