Skip to content

Instantly share code, notes, and snippets.

@aszlig
aszlig / module.nix
Last active April 12, 2024 19:45
Passing secrets to NixOS containers without exposing them world-readable
{ pkgs, lib, config, ... }:
let
inherit (lib) mkOption types;
secretsModule = {
options.path = mkOption {
type = types.path;
example = lib.literalExample "pkgs.hello";
description = ''
item_fields:
has_albums: |
import gc
from beets import library
from beetsplug.convert import _fs_lock # Abuse the lock for our purpose
with _fs_lock:
if not hasattr(library, '_artists_with_albums'):
libs = [l for l in gc.get_objects()
if isinstance(l, library.Library)]
with import <nixpkgs> {};
let
junitFuck = junit.overrideDerivation (drv: {
postPatch = (drv.postPatch or "") + ''
sed -i -e '/InaccessibleBaseClassTest/d' \
src/test/java/org/junit/tests/AllTests.java
'';
});
@aszlig
aszlig / ejabberd2mongooseim.erl
Created September 1, 2015 07:03
Converting the most relevant tables from an Ejabberd 2.10.0 text dump to a MongooseIM 1.5.1 text dump
#!/usr/bin/env escript
mxml([]) -> [].
m(Str) when is_list(Str) -> unicode:characters_to_binary(Str);
m(Str) when is_binary(Str) -> Str;
m(_) -> exit("WAT!?").
mjid({jid, A, B, C, D, E, F}) -> {jid, m(A), m(B), m(C), m(D), m(E), m(F)}.
{ stdenv, fetchurl }:
stdenv.mkDerivation rec {
name = "suisseid-pkcs11-${version}";
version = "1.0.4292";
src = fetchurl {
url = "http://update.swisssign.com/media/stick/repository/dists/unstable"
+ "/non-free/binary-amd64/suisseid-pkcs11_1.0.4292-1_amd64.deb";
sha256 = "05qp5k079796dfpj76pcdbl3r2m7g0wjp66i9siphzkdzci0gbr1";
{ pkgs ? import <nixpkgs> {} }:
pkgs.stdenv.mkDerivation rec {
name = "unbrick-ftdi";
src = pkgs.fetchurl {
url = "http://rtr.ca/ft232r/ft232r_prog-1.24.tar.gz";
sha256 = "10shyjdgg66cxisqzq2ff17vgyniynjsxq2griz8jxqmr3lic43v";
};
{ stdenv, fetchgit, coreutils, openssh, writeScript }:
attrs:
let
cleanAttrs = removeAttrs attrs [ "privateKey" ];
in stdenv.lib.overrideDerivation (fetchgit cleanAttrs) (o: {
inherit (attrs) privateKey;
GIT_SSH = writeScript "gitssh.sh" ''
#!${stdenv.shell}
@aszlig
aszlig / ssh-multiplex.patch
Created January 13, 2014 10:17
Old version before OAuth could be used for HTTPS.
commit 34f081e38a0c6e41de03ca288c5717e95f7cf04b
Merge: 49c940b 7a6ada0
Author: aszlig <[email protected]>
Date: Wed Sep 19 16:47:33 2012 +0200
Merge branch 'ssh-multiplex'.
This now allows us to fetchgit from private GitHub repositories.
The procedure is somewhat complicated, as OpenSSH has a bunch of security checks
which prevent the nasty things we are doing here.
@aszlig
aszlig / release.nix
Last active May 27, 2016 19:38
Chromium autoupdate builds
{ chromium ? null, nixpkgs ? <nixpkgs>, systems ? [ "x86_64-linux" "i686-linux" ] }:
let
opkgs = import nixpkgs {
system = "x86_64-linux";
};
mkChromiumForSystem = system: chan: let
pkgs = import nixpkgs {
inherit system;
@aszlig
aszlig / default.nix
Last active December 22, 2015 09:08
This updates the NixOps state from the old (and **unreleased**) Hetzner backend state format to the new one. So if you always use the release versions, you won't need this.
with import <nixpkgs> {};
stdenv.mkDerivation rec {
name = "nixops-update-hetzner-netinfo";
src = ./update.py;
buildInputs = [ python pythonPackages.wrapPython ];
pythonPath = [ pythonPackages.sqlite3 ];
phases = [ "installPhase" "fixupPhase" ];