update inputs

This commit is contained in:
chayleaf 2023-11-21 04:46:52 +07:00
parent ebab2df5c1
commit ef8c0dec63
Signed by: chayleaf
GPG key ID: 78171AD46227E68E
15 changed files with 107 additions and 360 deletions

View file

@ -69,11 +69,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1693611461,
"narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=",
"lastModified": 1698882062,
"narHash": "sha256-HkhafUayIqxXyHH1X8d9RDl1M2CkFgZLjKD3MzabiEo=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca",
"rev": "8c9fa2545007b49a5db5f650ae91f227672c3877",
"type": "github"
},
"original": {
@ -107,11 +107,11 @@
]
},
"locked": {
"lastModified": 1696446489,
"narHash": "sha256-xSjMKdNR+q/3hdSPyg/LUMsZT/WIoUi8dcm5zT4SMUQ=",
"lastModified": 1700419052,
"narHash": "sha256-U6a5f9ynbzcp8PMIHULbHPkbwp7YfPKOYmTcLqlalD4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "68f7d8c0fb0bfc67d1916dd7f06288424360d43a",
"rev": "993fb02d20760067b8ee19c713d94cee07037759",
"type": "github"
},
"original": {
@ -122,11 +122,11 @@
},
"impermanence": {
"locked": {
"lastModified": 1694622745,
"narHash": "sha256-z397+eDhKx9c2qNafL1xv75lC0Q4nOaFlhaU1TINqb8=",
"lastModified": 1697303681,
"narHash": "sha256-caJ0rXeagaih+xTgRduYtYKL1rZ9ylh06CIrt1w5B4g=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "e9643d08d0d193a2e074a19d4d90c67a874d932e",
"rev": "0f317c2e9e56550ce12323eb39302d251618f5b5",
"type": "github"
},
"original": {
@ -143,11 +143,11 @@
]
},
"locked": {
"lastModified": 1697331506,
"narHash": "sha256-N6RD9EudU+i7SJO3z3S309XQRhp81iqaN9G9sxRtVts=",
"lastModified": 1700512623,
"narHash": "sha256-UpIxPW8Y5RauHugB9GRXge77vEs77RycZEDhh41V6Lc=",
"owner": "chayleaf",
"repo": "maubot.nix",
"rev": "cf32a2873523c80cebdd1ee409c45593040944b8",
"rev": "efe241fe720dfc9799348e5b12e7d55facd4bafa",
"type": "github"
},
"original": {
@ -181,11 +181,11 @@
]
},
"locked": {
"lastModified": 1696468271,
"narHash": "sha256-ZpzAIqs8VmgRDz+rBe28+TErlXkhzrgPKg3YKYraReE=",
"lastModified": 1700468447,
"narHash": "sha256-CGCewYuVPnlyC6cFHNrYVEx5BwFPZuEUA466odTS8wQ=",
"owner": "fufexan",
"repo": "nix-gaming",
"rev": "cc55064e30efdf1b1ad3df4d39983314ef440aae",
"rev": "cd4ca3d39babd063f36b6a46b31bf9a1be2ee7cc",
"type": "github"
},
"original": {
@ -196,11 +196,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1696614066,
"narHash": "sha256-nAyYhO7TCr1tikacP37O9FnGr2USOsVBD3IgvndUYjM=",
"lastModified": 1700392353,
"narHash": "sha256-KARn8aVJu5fdW0jdJYoOQ1SPqWlNdz4l7r90NbArWSY=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "bb2db418b616fea536b1be7f6ee72fb45c11afe0",
"rev": "2b00bc76dc893cd996a3d76a2f059d657a5ef37a",
"type": "github"
},
"original": {
@ -225,11 +225,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1689976554,
"narHash": "sha256-uWJq3sIhkqfzPmfB2RWd5XFVooGFfSuJH9ER/r302xQ=",
"lastModified": 1700085753,
"narHash": "sha256-qtib7f3eRwfaUF+VziJXiBcZFqpHCAXS4HlrFsnzzl4=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "c63f6e7b053c18325194ff0e274dba44e8d2271e",
"rev": "008d78cc21959e33d0d31f375b88353a7d7121ae",
"type": "gitlab"
},
"original": {
@ -245,11 +245,11 @@
]
},
"locked": {
"lastModified": 1698227887,
"narHash": "sha256-QDVR3tZ5ugxtyCb9TlZLmqNTdAAH6wMUU8sGnPtduTA=",
"lastModified": 1698842376,
"narHash": "sha256-bQN00rn8GFwUt1uX8gPuhjdWo3Ev4z+wRcD/ziKUcRQ=",
"owner": "chayleaf",
"repo": "nixos-router",
"rev": "7d9669390a87da7e67dabcbce34681630e67cf32",
"rev": "e91a680d9e643208d818aafd15523ce2e387be2d",
"type": "github"
},
"original": {
@ -260,15 +260,16 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1697804921,
"narHash": "sha256-PAoThb0U52HGscrU/Qp1GKwidqM6xnWxgovJCXNpjCc=",
"owner": "chayleaf",
"lastModified": 1700509298,
"narHash": "sha256-I2BUpeOm77z+QpUPikxzjNw6bfLQ7ytN9TIUULv8y5Q=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "77ba48251d2b629d347e566c888000a379711ce0",
"rev": "929e4c17a6016102ce8c0e8888fee06f8e62973e",
"type": "github"
},
"original": {
"owner": "chayleaf",
"owner": "nixos",
"ref": "release-23.11",
"repo": "nixpkgs",
"type": "github"
}
@ -276,11 +277,11 @@
"nixpkgs-lib": {
"locked": {
"dir": "lib",
"lastModified": 1693471703,
"narHash": "sha256-0l03ZBL8P1P6z8MaSDS/MvuU8E75rVxe5eE1N6gxeTo=",
"lastModified": 1698611440,
"narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3e52e76b70d5508f3cec70b882a29199f4d1ee85",
"rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735",
"type": "github"
},
"original": {
@ -291,22 +292,6 @@
"type": "github"
}
},
"nixpkgs2": {
"locked": {
"lastModified": 1696696817,
"narHash": "sha256-K8/YirUEkUD1Xd9Qg5R9czYU03M8wDN5W3DYns9F0rc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "0df1d6c8cac8e8dc08f42bfe062a1025555c9b6a",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
"notlua": {
"inputs": {
"nixpkgs": [
@ -314,11 +299,11 @@
]
},
"locked": {
"lastModified": 1691609126,
"narHash": "sha256-InbGoENdL8LNT/09pl7AW5uv2ZSDburqr5LgvkJDfj0=",
"lastModified": 1697413333,
"narHash": "sha256-2nmu/+QhR/VhxFFr54l0Ok/yVhLCrrYVuTgeD4LHEhE=",
"owner": "chayleaf",
"repo": "notlua",
"rev": "0e972a0d23f2faa511b9a3f6d445204e18cd5020",
"rev": "ef7cdb7a883fe87238c9fff13bc14ad1fd06f4ba",
"type": "github"
},
"original": {
@ -334,11 +319,11 @@
]
},
"locked": {
"lastModified": 1691616520,
"narHash": "sha256-loZuL2YnMNwgH5GEZfXgXZadvo5P3Sp+YZSf9L3Wpu8=",
"lastModified": 1700483422,
"narHash": "sha256-ni6niOmObnG9EVGtaeT1I7ULz5+EkEewGTJVeFuWNuc=",
"owner": "chayleaf",
"repo": "notnft",
"rev": "118e25deeb741ba7963931212f02c96c50898578",
"rev": "b3e6a023a13a81d70a6a30997e2f1aaf36feafb3",
"type": "github"
},
"original": {
@ -349,11 +334,11 @@
},
"nur": {
"locked": {
"lastModified": 1696624462,
"narHash": "sha256-lGmf7IPqWLfxvEQcPujB8dzu+++NHqGYQkmC05y3ByA=",
"lastModified": 1700512041,
"narHash": "sha256-fAl29aDdOj4AjORaEh85hS0GkCCfjFFCymuOfF4P+Ek=",
"owner": "nix-community",
"repo": "NUR",
"rev": "560b6a71f7fe0353dc19bc366a5ace71fbda51d1",
"rev": "4486267d862ccc8fbbac6c112ccf1f0595cfbd74",
"type": "github"
},
"original": {
@ -374,7 +359,6 @@
"nixos-mailserver": "nixos-mailserver",
"nixos-router": "nixos-router",
"nixpkgs": "nixpkgs",
"nixpkgs2": "nixpkgs2",
"notlua": "notlua",
"notnft": "notnft",
"nur": "nur",
@ -389,11 +373,11 @@
]
},
"locked": {
"lastModified": 1696558324,
"narHash": "sha256-TnnP4LGwDB8ZGE7h2n4nA9Faee8xPkMdNcyrzJ57cbw=",
"lastModified": 1700446608,
"narHash": "sha256-q/87GqBvQoUNBYiI3hwhsDqfyfk972RuZK+EwKab5s0=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "fdb37574a04df04aaa8cf7708f94a9309caebe2b",
"rev": "e17bfe3baa0487f0671c9ed0e9057d10987ba7f7",
"type": "github"
},
"original": {

View file

@ -4,8 +4,7 @@
inputs = {
#nixpkgs.url = "github:nixos/nixpkgs/3dc2b4f8166f744c3b3e9ff8224e7c5d74a5424f";
# nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs.url = "github:chayleaf/nixpkgs";
nixpkgs2.url = "github:nixos/nixpkgs/master";
nixpkgs.url = "github:nixos/nixpkgs/release-23.11";
nixos-hardware.url = "github:NixOS/nixos-hardware";
mobile-nixos = {
# url = "github:NixOS/mobile-nixos";
@ -59,7 +58,6 @@
outputs = inputs@
{ self
, nixpkgs
, nixpkgs2
, nixos-hardware
, mobile-nixos
, impermanence
@ -157,7 +155,6 @@
./system/devices/radxa-rock5a-server.nix
(if devMaubot then import /${devPath}/maubot.nix/module else maubot.nixosModules.default)
./system/modules/scanservjs.nix
./system/modules/certspotter.nix
];
};
server-cross = crossConfig server;
@ -172,7 +169,6 @@
notlua = notlua.lib.${system};
};
home.user = [
{ _module.args.pkgs2 = import nixpkgs2 { inherit system; overlays = [ overlay ]; }; }
nur.nixosModules.nur
./home/hosts/nixmsi.nix
];

View file

@ -1,4 +1,4 @@
{ config, pkgs, pkgs2, lib, ... }:
{ config, pkgs, lib, ... }:
{
imports = [ ./terminal.nix ];
i18n.inputMethod = let fcitx5-qt = pkgs.libsForQt5.fcitx5-qt; in {
@ -261,7 +261,7 @@
# for working with nix
nix-init
pkgs2.nvfetcher
nvfetcher
config.nur.repos.rycee.mozilla-addons-to-nix
anki-bin

View file

@ -22,24 +22,24 @@
"pinned": false,
"src": {
"name": null,
"sha256": "sha256-DcS5ov656f/l1zWPt+UYKxarDGcAWd6zTvi50Lsa1s8=",
"sha256": "sha256-72jxUJdn4j0FV1qFH0r7UEVrAvSwrWgWsxCXyT1N/1A=",
"type": "url",
"url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-16/GE-Proton8-16.tar.gz"
"url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-24/GE-Proton8-24.tar.gz"
},
"version": "GE-Proton8-16"
"version": "GE-Proton8-24"
},
"searxng": {
"cargoLocks": null,
"date": "2023-10-06",
"date": "2023-11-14",
"extract": null,
"name": "searxng",
"passthru": null,
"pinned": false,
"src": {
"sha256": "sha256-/blIZOaeOwQMp6T6GkNh8Fvtzh3Ik5UiPwuGjViENuE=",
"sha256": "sha256-vgDQ7cdWN79TFEbJGq0AdvC8p2YOmogk9iVViDkZDXw=",
"type": "tarball",
"url": "https://github.com/searxng/searxng/archive/ce270961e82585971579844c64d7cde5f5d855ec.tar.gz"
"url": "https://github.com/searxng/searxng/archive/b3d29cb86db4cc1a4e6320016529d1361451e1f1.tar.gz"
},
"version": "ce270961e82585971579844c64d7cde5f5d855ec"
"version": "b3d29cb86db4cc1a4e6320016529d1361451e1f1"
}
}
}

View file

@ -12,19 +12,19 @@
};
proton-ge = {
pname = "proton-ge";
version = "GE-Proton8-16";
version = "GE-Proton8-24";
src = fetchurl {
url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-16/GE-Proton8-16.tar.gz";
sha256 = "sha256-DcS5ov656f/l1zWPt+UYKxarDGcAWd6zTvi50Lsa1s8=";
url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-24/GE-Proton8-24.tar.gz";
sha256 = "sha256-72jxUJdn4j0FV1qFH0r7UEVrAvSwrWgWsxCXyT1N/1A=";
};
};
searxng = {
pname = "searxng";
version = "ce270961e82585971579844c64d7cde5f5d855ec";
version = "b3d29cb86db4cc1a4e6320016529d1361451e1f1";
src = fetchTarball {
url = "https://github.com/searxng/searxng/archive/ce270961e82585971579844c64d7cde5f5d855ec.tar.gz";
sha256 = "sha256-/blIZOaeOwQMp6T6GkNh8Fvtzh3Ik5UiPwuGjViENuE=";
url = "https://github.com/searxng/searxng/archive/b3d29cb86db4cc1a4e6320016529d1361451e1f1.tar.gz";
sha256 = "sha256-vgDQ7cdWN79TFEbJGq0AdvC8p2YOmogk9iVViDkZDXw=";
};
date = "2023-10-06";
date = "2023-11-14";
};
}

View file

@ -1,71 +0,0 @@
diff --git a/cmd/certspotter/main.go b/cmd/certspotter/main.go
index 9730789..f2eb081 100644
--- a/cmd/certspotter/main.go
+++ b/cmd/certspotter/main.go
@@ -163,6 +163,7 @@ func main() {
logs string
noSave bool
script string
+ sendmail string
startAtEnd bool
stateDir string
stdout bool
@@ -176,6 +177,7 @@ func main() {
flag.StringVar(&flags.logs, "logs", defaultLogList, "File path or URL of JSON list of logs to monitor")
flag.BoolVar(&flags.noSave, "no_save", false, "Do not save a copy of matching certificates in state directory")
flag.StringVar(&flags.script, "script", "", "Program to execute when a matching certificate is discovered")
+ flag.StringVar(&flags.sendmail, "sendmail", "/usr/sbin/sendmail", "Path to the sendmail-compatible program to use")
flag.BoolVar(&flags.startAtEnd, "start_at_end", false, "Start monitoring logs from the end rather than the beginning (saves considerable bandwidth)")
flag.StringVar(&flags.stateDir, "state_dir", defaultStateDir(), "Directory for storing log position and discovered certificates")
flag.BoolVar(&flags.stdout, "stdout", false, "Write matching certificates to stdout")
@@ -201,6 +203,7 @@ func main() {
Verbose: flags.verbose,
Script: flags.script,
ScriptDir: defaultScriptDir(),
+ SendmailPath: flags.sendmail,
Email: flags.email,
Stdout: flags.stdout,
HealthCheckInterval: flags.healthcheck,
diff --git a/monitor/config.go b/monitor/config.go
index 1e0d60c..d1bc430 100644
--- a/monitor/config.go
+++ b/monitor/config.go
@@ -20,6 +20,7 @@ type Config struct {
WatchList WatchList
Verbose bool
SaveCerts bool
+ SendmailPath string
Script string
ScriptDir string
Email []string
diff --git a/monitor/notify.go b/monitor/notify.go
index 8fc6d09..86cabca 100644
--- a/monitor/notify.go
+++ b/monitor/notify.go
@@ -36,7 +36,7 @@ func notify(ctx context.Context, config *Config, notif notification) error {
}
if len(config.Email) > 0 {
- if err := sendEmail(ctx, config.Email, notif); err != nil {
+ if err := sendEmail(ctx, config.SendmailPath, config.Email, notif); err != nil {
return err
}
}
@@ -62,7 +62,7 @@ func writeToStdout(notif notification) {
os.Stdout.WriteString(notif.Text() + "\n")
}
-func sendEmail(ctx context.Context, to []string, notif notification) error {
+func sendEmail(ctx context.Context, sendmailPath string, to []string, notif notification) error {
stdin := new(bytes.Buffer)
stderr := new(bytes.Buffer)
@@ -77,7 +77,7 @@ func sendEmail(ctx context.Context, to []string, notif notification) error {
args := []string{"-i", "--"}
args = append(args, to...)
- sendmail := exec.CommandContext(ctx, "/usr/sbin/sendmail", args...)
+ sendmail := exec.CommandContext(ctx, sendmailPath, args...)
sendmail.Stdin = stdin
sendmail.Stderr = stderr

View file

@ -1,41 +0,0 @@
{ lib
, buildGoModule
, fetchFromGitHub
, lowdown
}:
buildGoModule rec {
pname = "certspotter";
version = "0.16.0";
src = fetchFromGitHub {
owner = "SSLMate";
repo = "certspotter";
rev = "v${version}";
hash = "sha256-0+7GWxbV4j2vVdmool8J9hqRqUi8O/yKedCyynWJDkE=";
};
vendorHash = "sha256-haYmWc2FWZNFwMhmSy3DAtj9oW5G82dX0fxpGqI8Hbw=";
patches = [ ./configurable-sendmail.patch ];
ldflags = [ "-s" "-w" ];
nativeBuildInputs = [ lowdown ];
postInstall = ''
cd man
make
mkdir -p $out/share/man/man8
mv *.8 $out/share/man/man8
'';
meta = with lib; {
description = "Certificate Transparency Log Monitor";
homepage = "https://github.com/SSLMate/certspotter";
changelog = "https://github.com/SSLMate/certspotter/blob/${src.rev}/CHANGELOG.md";
license = licenses.mpl20;
mainProgram = "certspotter";
maintainers = with maintainers; [ chayleaf ];
};
}

View file

@ -61,7 +61,6 @@ in
meta = builtins.removeAttrs old.meta [ "broken" ];
});
certspotter = callPackage ./certspotter { };
clang-tools_latest = pkgs.clang-tools_16;
clang_latest = pkgs.clang_16;
/*ghidra = pkgs.ghidra.overrideAttrs (old: {
@ -108,7 +107,6 @@ in
kvmfrOverlay = kvmfr: kvmfr.overrideAttrs (old: {
inherit (pkgs'.looking-glass-client) version src;
});
pineapplebot = callPackage ./pineapplebot.nix { };
proton-ge = pkgs.stdenvNoCC.mkDerivation {
inherit (sources.proton-ge) pname version src;
installPhase = ''
@ -121,6 +119,7 @@ in
searxng = pkgs'.python3.pkgs.toPythonModule (pkgs.searxng.overrideAttrs (old: {
inherit (sources.searxng) src;
version = "unstable-" + sources.searxng.date;
postInstall = builtins.replaceStrings [ "/botdetection" ] [ "" ] old.postInstall;
}));
techmino = callPackage ./techmino { };

View file

@ -63,10 +63,10 @@
};
"youtube-nonstop" = buildFirefoxXpiAddon {
pname = "youtube-nonstop";
version = "0.9.1";
version = "0.9.2";
addonId = "{0d7cafdd-501c-49ca-8ebb-e3341caaa55e}";
url = "https://addons.mozilla.org/firefox/downloads/file/3848483/youtube_nonstop-0.9.1.xpi";
sha256 = "8340d57622a663949ec1768eb37d47651c809fadf0ffaa5ff546c48fdd28e33d";
url = "https://addons.mozilla.org/firefox/downloads/file/4187690/youtube_nonstop-0.9.2.xpi";
sha256 = "7659d180f76ea908ea81b84ed9bdd188624eaaa62b88accbe6d8ad4e8caeff38";
meta = with lib;
{
homepage = "https://github.com/lawfx/YoutubeNonStop";

View file

@ -1,34 +0,0 @@
{ python3
, fetchFromGitHub
, rustPlatform
, magic ? "<PIZZABOT_MAGIC_SEP>"
, ... }:
python3.pkgs.buildPythonPackage rec {
pname = "pineapplebot";
version = "0.1.0";
src = fetchFromGitHub {
owner = "chayleaf";
repo = "pizzabot_v3";
rev = "master";
sha256 = "sha256-ZLskMlllZfmqIlbSr0pNHHJehDycohiwqgYbuEYP7Qc=";
};
preBuild = ''
head -n13 Cargo.toml > Cargo.toml.new
mv Cargo.toml.new Cargo.toml
'';
sourceRoot = "source/pineapplebot";
cargoDeps = rustPlatform.fetchCargoTarball {
inherit src sourceRoot;
name = "${pname}-${version}";
sha256 = "14jxgykwg1apy97gy1j8mz7ny2cqg4q9s03a2bk9kx2y6ibm4668";
};
nativeBuildInputs = with rustPlatform; [
cargoSetupHook
maturinBuildHook
];
doCheck = false;
doInstallCheck = true;
pythonImportsCheck = [ "pineapplebot" ];
PIZZABOT_MAGIC = magic;
}

View file

@ -6,8 +6,44 @@
boot.initrd.availableKernelModules = [ "ahci" "usbhid" "usb_storage" ];
# TODO: switch to upstream when PCIe support works
# boot.kernelPackages = pkgs.linuxPackages_testing;
boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.buildLinux {
boot.kernelPackages = pkgs.linuxPackages_testing;
# not sure whether they are needed anymore, but it won't hurt, right?
boot.kernelPatches = [
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/fab08a275f328e2e0a6fef73226e45eb1d4bb108.patch"; sha256 = "1rw9n9if9xh91k05284vwbarmhpscspvl4cg7qrfd99myd2z3dql"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/967c218122840e468981031fd8888846727f5282.patch"; sha256 = "1i0bxsmpxpykxychcaww5schilngk1whh8wrmvh5rng84nmn8bn4"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/5747896098cee178de4bed1eb0052893690eb40e.patch"; sha256 = "1lmgj0azkc1jbjmay5swdikicvqgjzz80qwxlk8i932rkih1snjs"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/a2439d839c103c029294042b5b3d4a065e5073d0.patch"; sha256 = "1vga1vj3b0zgyla8qfjgwgxgrcffmvzrhhk75rlfd0x42xjfj011"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/292226fcc7af3e6d5e3b1587459146042fb8a2cf.patch"; sha256 = "1k0mfw9gzqzpn449rk2jd9db6py470q95r1kb4yi6vh2slg52img"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/b53d373e700628a5126a49a8a73028cb553e5083.patch"; sha256 = "1lrwlymaa5wrv6lgns6ciadlg8hbkq16g9y0bnf9mwxkmm2bkf7j"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/5e036b1a0c501beec312c2aa362b265a84a09076.patch"; sha256 = "182xyd069fzpf3gql9kjj1707kfm3ziwav7p2px5c3p6rz06fmfc"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/d51dcd5c602d78fadc4cc8f83b851264c4ac18db.patch"; sha256 = "0lbk2b08pv593gng4h32jw6cbgfq524y510p4gv5cnv8l7w7p3ra"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/b3b601dd3a6d35779385b716a898e43071f802e5.patch"; sha256 = "176w6k0fbawm9svhfdh3yh1s4dmnk6gjvafwhv79dsqy2c0n88w8"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/5c34bb1e195fbbcaccf42a04f56e8d035d0864bb.patch"; sha256 = "09b9f3bh80jxpj0rry19s0c6j01636lc66xmyrsin8ajga26d77x"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/27a37c0495193fcfef1787086821c57f20b759bc.patch"; sha256 = "1kwll337nayzr0yv5pl7h6m85fyf227l501xa7ph44d2p7z2kjl0"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/acb101c5f99c54d083427b2a07f8a9610a468bef.patch"; sha256 = "0qav04ld4h6mq081fff50gr2354kmcplya9bfdxyp35mw3m3h1g0"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/479c1ae8a93f901a5898e2ed204b931c68de63fd.patch"; sha256 = "1w6wf0p5480qny69wkvsjdydz2xhax0ifgshsp5hp5mwpliqvgnq"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/ddb788db4d8b352742a6efcc8559f4c32c38925c.patch"; sha256 = "1djrn683p5q7wkd9j8lrmfvjj43pkgg0njp7gs7lb51fm9fq4khk"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/0080918c3a50cad588fba468fb7934c80777aa07.patch"; sha256 = "09iyrybgw1y9mqaw2fz3yv32hjxnh58gqpv6fd5ws16n26qr4yc8"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/5afa85f867c29153afc1b801a31f55cd3021f3a6.patch"; sha256 = "0azzj4vnkc4l6bxkwav3xjbm78zlprqf54lfq31n2nlbv59rhmmg"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/8f64d6bcf306fa5b5de66fdee2458cb584a78b2e.patch"; sha256 = "1w1yccwr487nm4zi0prgjzqaxasvfxnfl81a7xhgza69ahslc8f4"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/aa4d816546e1bf38077df0b2ca367abc5ff6601c.patch"; sha256 = "1vx6dc6xrpb3zlg7sr1gimfa918p3flcyixnfy9xb2k1y6qjlmh8"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/8baebef8be9691a28f8efa284dfce9a5b9395130.patch"; sha256 = "1kk6d3g3silsjbjz6ckhvi9jvmcw1pxswp20xz9krdcmnagp65fl"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/f542d93ac2d5c4b6458599494f90bd4021d34b2c.patch"; sha256 = "1xzdylb4bbrbi0is50yyc6a3zg6mdhcjwzi0hxar2vr1zdz82v4h"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/e84f55d8a9d849eac51f73c47cdb90eb7dbac90f.patch"; sha256 = "1fz70l7qwsqh81a3bdw7parn2s9y59c38xlpcm2gc53ka1mfkml5"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/643d555335b4c0dc228111a74cfa5189e17616df.patch"; sha256 = "05svkfpla9la94dz8vlis7kwq8sa32zvbdgydq3wnz979s91k8aq"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/c8bd3a53671c48ccf642bbc6453fdb0274022bad.patch"; sha256 = "0j8faqv066vwy41m0wqk3qlwrj1va6dndkrq5avlqqrqkm2hkabv"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/1066dd8203fdb05902b963968e8a29292dc1f2a8.patch"; sha256 = "0w08x9658c4j63lmjdg7ahpcgxnz661fcmfzv6sgqp6208jp6x2a"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/e4e39588f8b46db104817795a703b1f701da9c36.patch"; sha256 = "0drdi61f0dnf3ya63is6sq8mky13kkqkb36lqk4plspckg6jx8ik"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/7ec0cb44173dd1a5357a66afa7f3b5de956df7ee.patch"; sha256 = "1ll2clz0x7znn9d3rvijfl72647lnj3f3j7acbmp5aqhd766f1ib"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/171fd53717525f0f6dc56e90e6f38a9038c5c779.patch"; sha256 = "0vv8z9rcbyf3ynm46974ajff1i7mpbvh68pw19wpvnj8lvyyf8mb"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/140267c1c11d90f4889e57ae6d58280b261081c0.patch"; sha256 = "1wsy7w5bl3hyqr3rf54xzi9akz2ccn1cqzjy6d17p6nywsd0s9cf"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/94b6bcb0b87d896e764615f9c1601ac270300ce8.patch"; sha256 = "137fjvnr4i3z4b14x945zhxgfpl5xagcqr2nl08b1xc5j2pniqx0"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/5760547fa8739f1185b4b2523fb801fd678cfbde.patch"; sha256 = "03asnrwini33xfc8aq2arfazvyn8c1qfxzinmq6h4pr5vlfincry"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/3b1edb31f3ac2f55d62968f2fd7d9b5d430cd3ec.patch"; sha256 = "0azsmjzjh1b407vqzp597l11h367qac82bffmy1kyhh4qv3i7a84"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/3e33bc702048b524d4faaa7d8f151bfe4a48fd2b.patch"; sha256 = "0playww4l3b0w2q0wkydqfvdj7bcr3faw94hbmnqxqs26fm8yam3"; })
(pkgs.fetchPatch { url = "https://gitlab.collabora.com/hardware-enablement/rockchip-3588/linux/-/commit/f41b3e9a9d7f22bef0735b4fe0007321ce6b6d6b.patch"; sha256 = "02ppav6iwg8f00458r1rah0yj2khvayhr5xadh2pw33jlgp9i7im"; })
];
/*boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.buildLinux {
version = "6.6.0-rc1";
kernelPatches = [ ];
src = pkgs.fetchFromGitLab {
@ -18,7 +54,7 @@
rev = "f04271158aee35d270748301c5077231a75bc589";
hash = "sha256-B85162plbt92p51f/M82y2zOg3/TqrBWqgw80ksJVGc=";
};
});
});*/
boot.kernelParams = [ "dtb=/${config.hardware.deviceTree.name}" ];
hardware.deviceTree.enable = true;

View file

@ -65,7 +65,6 @@ in {
};
services.nextcloud = {
enable = true;
enableBrokenCiphersForSSE = false;
package = pkgs.nextcloud27;
autoUpdateApps.enable = true;
# TODO: use socket auth and remove the next line

View file

@ -61,9 +61,7 @@ in {
translate
rss
];
services.maubot.pythonPackages = [
(pkgs.pineapplebot.override { magic = cfg.pizzabotMagic; })
] ++ (with pkgs.python3.pkgs; [
services.maubot.pythonPackages = (with pkgs.python3.pkgs; [
levenshtein
]);
}

View file

@ -57,10 +57,6 @@
description = "unhashed noreply password for internal access only. \
This should be different from the password that is hashed for better security";
};
pizzabotMagic = mkOption {
type = types.str;
default = "<PIZZABOT_MAGIC_SEP>";
};
};
};
description = "server settings";

View file

@ -1,115 +0,0 @@
{ config
, lib
, pkgs
, ... }:
let
cfg = config.services.certspotter;
in {
options.services.certspotter = {
enable = lib.mkEnableOption "Cert Spotter, a Certificate Transparency log monitor";
sendmailPath = lib.mkOption {
type = lib.types.path;
description = ''
Path to the `sendmail` binary. By default, the local sendmail wrapper is used
(see `config.services.mail.sendmailSetuidWrapper`).
'';
example = lib.literalExpression ''"''${pkgs.system-sendmail}/bin/sendmail"'';
};
watchlist = lib.mkOption {
type = with lib.types; listOf str;
description = "Domain names to watch. To monitor a domain with all subdomains, prefix its name with `.` (e.g. `.example.org`).";
default = [ ];
example = [ ".example.org" "another.example.com" ];
};
emailRecipients = lib.mkOption {
type = with lib.types; listOf str;
description = "A list of email addresses to send certificate updates to.";
default = [ ];
};
hooks = lib.mkOption {
type = with lib.types; listOf path;
description = ''
Scripts to run upon the detection of a new certificate. See `man 8 certspotter-script` or [the GitHub page](https://github.com/SSLMate/certspotter/blob/master/man/certspotter-script.md) for more info.
'';
default = [];
example = lib.literalExpression ''
[
(pkgs.writeShellScript "certspotter-hook" '''
echo "Event summary: $SUMMARY."
''')
]
'';
};
extraFlags = lib.mkOption {
type = with lib.types; listOf str;
description = "Extra command-line arguments to pass to Cert Spotter";
example = [ "-start_at_end" ];
default = [ ];
};
};
config = lib.mkIf cfg.enable {
assertions = [
{
assertion = cfg.watchlist != [ ];
message = "You must specify at least one domain for Cert Spotter to watch";
}
{
assertion = cfg.hooks != [] || cfg.emailRecipients != [];
message = "You must specify at least one hook or email recipient for Cert Spotter";
}
{
assertion = (cfg.emailRecipients != []) -> (cfg.sendmailPath != "/run/current-system/sw/bin/false");
message = ''
You must configure the sendmail setuid wrapper (services.mail.sendmailSetuidWrapper)
or services.certspotter.sendmailPath
'';
}
];
services.certspotter.sendmailPath = lib.mkMerge [
(lib.mkIf (config.services.mail.sendmailSetuidWrapper != null) (lib.mkOptionDefault "/run/wrappers/bin/sendmail"))
(lib.mkIf (config.services.mail.sendmailSetuidWrapper == null) (lib.mkOptionDefault "/run/current-system/sw/bin/false"))
];
users.users.certspotter = {
group = "certspotter";
home = "/var/lib/certspotter";
createHome = true;
isSystemUser = true;
# uid = config.ids.uids.certspotter;
};
users.groups.certspotter = {
# gid = config.ids.gids.certspotter;
};
systemd.services.certspotter = {
description = "Cert Spotter - Certificate Transparency Monitor";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment.CERTSPOTTER_CONFIG_DIR = pkgs.linkFarm "certspotter-config"
(lib.toList {
name = "watchlist";
path = pkgs.writeText "cerspotter-watchlist" (builtins.concatStringsSep "\n" cfg.watchlist);
}
++ lib.optional (cfg.emailRecipients != [ ]) {
name = "email_recipients";
path = pkgs.writeText "cerspotter-email_recipients" (builtins.concatStringsSep "\n" cfg.emailRecipients);
}
++ lib.optional (cfg.hooks != [ ]) {
name = "hooks.d";
path = pkgs.linkFarm "certspotter-hooks" (lib.imap1 (i: path: {
inherit path;
name = "hook${toString i}";
}) cfg.hooks);
});
serviceConfig = {
User = "certspotter";
Group = "certspotter";
StateDirectory = "certspotter";
};
script = ''
export CERTSPOTTER_STATE_DIR="$STATE_DIRECTORY"
cd "$CERTSPOTTER_STATE_DIR"
${pkgs.certspotter}/bin/certspotter -sendmail ${cfg.sendmailPath} ${lib.escapeShellArgs cfg.extraFlags}
'';
};
};
}