Merge remote-tracking branch 'ni/master'

4 files changed, 57 insertions, 9 deletions

diff --git a/tv/1systems/bu/config.nix b/tv/1systems/bu/config.nix
index c7f7da2..a3959cd 100644
--- a/tv/1systems/bu/config.nix
+++ b/tv/1systems/bu/config.nix
@@ -13,8 +13,6 @@ with import ./lib;
 
   krebs.build.host = config.krebs.hosts.bu;
 
-  networking.hostId = lib.mkDefault "00000000";
-
   networking.wireless.enable = true;
   networking.useDHCP = false;
   networking.interfaces.enp0s25.useDHCP = true;
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index d138484..53b11c6 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -6,6 +6,7 @@ with import ./lib;
 
   krebs.build.user = config.krebs.users.tv;
 
+  networking.hostId = mkDefault (hashToLength 8 config.networking.hostName);
   networking.hostName = config.krebs.build.host.name;
 
   imports = [
diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix
index 7ba364f..f5260ee 100644
--- a/tv/2configs/urlwatch.nix
+++ b/tv/2configs/urlwatch.nix
@@ -2,12 +2,16 @@ with import ./lib;
 { config, pkgs, ... }: let
   exec = filename: args: url: {
     inherit url;
-    filter = "system:${
-      concatMapStringsSep " " shell.escape ([filename] ++ toList args)
-    }";
+    filter = singleton {
+      system =
+        concatMapStringsSep " " shell.escape ([filename] ++ toList args);
+    };
   };
   json = json' ["."];
   json' = exec "${pkgs.jq}/bin/jq";
+  urigrep' = exec (pkgs.writeDash "urigrep" ''
+    ${pkgs.urix}/bin/urix | ${pkgs.gnugrep}/bin/grep -E "$1"
+  '');
   xml = xml' ["--format" "-"];
   xml' = exec "${pkgs.libxml2}/bin/xmllint";
 in {
@@ -68,22 +72,30 @@ in {
       https://raw.githubusercontent.com/NixOS/nixpkgs/master/nixos/modules/services/x11/xserver.nix
 
       https://www.rabbitmq.com/changelog.html
+
+      (urigrep' ["software-resources"] https://semiconductor.samsung.com/consumer-storage/support/tools/)
     ];
     hooksFile = toFile "hooks.py" ''
       import subprocess
       import urlwatch
 
-      class CaseFilter(urlwatch.filters.FilterBase):
+      class SystemFilter(urlwatch.filters.FilterBase):
           """Filter for piping data through an external process"""
 
           __kind__ = 'system'
 
+          __supported_subfilters__ = {
+              'command': 'shell command line to tranform data',
+          }
+
+          __default_subfilter__ = 'command'
+
           def filter(self, data, subfilter=None):
-              if subfilter is None:
-                  raise ValueError('The system filter needs a command')
+              if 'command' not in subfilter:
+                  raise ValueError('{} filter needs a command'.format(self.__kind__))
 
               proc = subprocess.Popen(
-                  subfilter,
+                  subfilter['command'],
                   shell=True,
                   stdin=subprocess.PIPE,
                   stdout=subprocess.PIPE,
diff --git a/tv/2configs/wiregrill.nix b/tv/2configs/wiregrill.nix
new file mode 100644
index 0000000..d28a1ec
--- /dev/null
+++ b/tv/2configs/wiregrill.nix
@@ -0,0 +1,37 @@
+with import ./lib;
+{ config, pkgs, ... }: let
+  cfg = {
+    enable = cfg.net != null;
+    net = config.krebs.build.host.nets.wiregrill or null;
+  };
+  toCidrNotation = ip: "${ip.addr}/${toString ip.prefixLength}";
+in
+  mkIf cfg.enable {
+    networking.wireguard.interfaces.wiregrill = {
+      ips =
+        optional (cfg.net.ip4 != null) cfg.net.ip4.addr ++
+        optional (cfg.net.ip6 != null) cfg.net.ip6.addr;
+      listenPort = 51820;
+      privateKeyFile = (toString <secrets>) + "/wiregrill.key";
+      allowedIPsAsRoutes = true;
+      peers = mapAttrsToList
+        (_: host: {
+          allowedIPs = host.nets.wiregrill.wireguard.subnets;
+          endpoint =
+            mkIf (host.nets.wiregrill.via != null) (host.nets.wiregrill.via.ip4.addr + ":${toString host.nets.wiregrill.wireguard.port}");
+          persistentKeepalive = mkIf (host.nets.wiregrill.via != null) 61;
+          publicKey =
+            replaceStrings ["\n"] [""] host.nets.wiregrill.wireguard.pubkey;
+        })
+        (filterAttrs (_: h: hasAttr "wiregrill" h.nets) config.krebs.hosts);
+    };
+    systemd.network.networks.wiregrill = {
+      matchConfig.Name = "wiregrill";
+      address =
+        optional (!isNull cfg.net.ip4) (toCidrNotation cfg.net.ip4) ++
+        optional (!isNull cfg.net.ip6) (toCidrNotation cfg.net.ip6);
+    };
+    tv.iptables.extra.filter.INPUT = [
+      "-p udp --dport ${toString cfg.net.wireguard.port} -j ACCEPT"
+    ];
+  }