diff options
author | tv <tv@krebsco.de> | 2022-11-29 19:54:28 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2022-11-29 19:54:28 +0100 |
commit | 43428ccca56bdf10572f1c93ebafa82cfdf7dbf5 (patch) | |
tree | b6c79e4f047ccb8842c9e5f7b73688ccbc5ff053 | |
parent | 5c05e2a9b68b01e1f0f69a1e4414bce21a801f1f (diff) | |
parent | 32b23666d15861f6f4d8b1f522ee53d4f21fabb6 (diff) |
Merge remote-tracking branch 'prism/master'
-rw-r--r-- | kartei/krebs/default.nix | 1 | ||||
-rw-r--r-- | kartei/others/ssh/xkey.pub | 2 | ||||
-rw-r--r-- | krebs/1systems/hotdog/config.nix | 2 | ||||
-rw-r--r-- | krebs/2configs/cal.nix | 33 | ||||
-rw-r--r-- | krebs/2configs/reaktor2.nix | 27 | ||||
-rw-r--r-- | lass/1systems/prism/config.nix | 18 | ||||
-rw-r--r-- | lass/1systems/prism/physical.nix | 18 | ||||
-rw-r--r-- | lass/2configs/baseX.nix | 4 | ||||
-rw-r--r-- | lass/2configs/xmonad.nix | 3 | ||||
-rw-r--r-- | lass/3modules/drbd.nix | 35 | ||||
-rw-r--r-- | lass/5pkgs/drbd9/default.nix | 35 | ||||
-rw-r--r-- | lass/5pkgs/sxiv/default.nix | 27 |
12 files changed, 171 insertions, 34 deletions
diff --git a/kartei/krebs/default.nix b/kartei/krebs/default.nix index b33a54f9a..6da73ff83 100644 --- a/kartei/krebs/default.nix +++ b/kartei/krebs/default.nix @@ -78,6 +78,7 @@ in { "build.r" "build.hotdog.r" "ca.r" + "calendar.r" "cgit.hotdog.r" "irc.r" "wiki.r" diff --git a/kartei/others/ssh/xkey.pub b/kartei/others/ssh/xkey.pub index cd09f06bb..a50522fce 100644 --- a/kartei/others/ssh/xkey.pub +++ b/kartei/others/ssh/xkey.pub @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZFKgFcAEGXcsssJxDeUVvOTKD0U4LlT2Yw85+WmMTj +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPVwyWKyTjg00x1M1PCDBXbixmdZObZiMLAW0f9KGFvC diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index cf07d3b4d..02749dafe 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -13,6 +13,8 @@ <stockholm/krebs/2configs/acme.nix> <stockholm/krebs/2configs/mud.nix> + <stockholm/krebs/2configs/cal.nix> + ## shackie irc bot <stockholm/krebs/2configs/shack/reaktor.nix> ]; diff --git a/krebs/2configs/cal.nix b/krebs/2configs/cal.nix new file mode 100644 index 000000000..90093e8eb --- /dev/null +++ b/krebs/2configs/cal.nix @@ -0,0 +1,33 @@ +{ config, lib, pkgs, ... }: +{ + users.users.testing = { + uid = pkgs.stockholm.lib.genid_uint31 "testing"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.xkey.pubkey + config.krebs.users.lass.pubkey + ]; + packages = [ + pkgs.calendar-cli + pkgs.tmux + ]; + }; + + services.xandikos = { + enable = true; + extraOptions = [ + "--autocreate" + "--defaults" + "--current-user-principal /krebs" + "--dump-dav-xml" + ]; + }; + + services.nginx = { + enable = true; + + virtualHosts = { + "calendar.r".locations."/".proxyPass = "http://localhost:${toString config.services.xandikos.port}/"; + }; + }; +} diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index c1af2d8b4..13b59fa82 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -62,7 +62,6 @@ let export PATH=${makeBinPath [ pkgs.coreutils pkgs.curl - pkgs.gnused pkgs.stable-generate ]} stable_url=$(stable-generate "$@") @@ -85,7 +84,6 @@ let export PATH=${makeBinPath [ pkgs.coreutils pkgs.curl - pkgs.gnused pkgs.stable-generate ]} case $_msgtarget in \#*) @@ -100,6 +98,30 @@ let }; }; + say = { + pattern = "^!say (.*)$"; + activate = "match"; + arguments = [1]; + command = { + filename = pkgs.writeDash "say" '' + set -efu + + export PATH=${makeBinPath [ + pkgs.coreutils + pkgs.curl + pkgs.opusTools + ]} + paste_url=$(printf '%s' "$1" | + curl -fSsG http://tts.r/api/tts --data-urlencode 'text@-' | + opusenc - - | + curl -Ss https://p.krebsco.de --data-binary @- | + tail -1 + ) + echo "$_from: $paste_url" + ''; + }; + }; + taskRcFile = builtins.toFile "taskrc" '' confirmation=no ''; @@ -275,6 +297,7 @@ let bedger-add bedger-balance hooks.sed + say (generators.command_hook { inherit (commands) dance random-emoji nixos-version; tell = { diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 62c6f0b71..7bffc39aa 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -25,7 +25,6 @@ with import <stockholm/lib>; ]; } { # TODO make new hfos.nix out of this vv - boot.kernel.sysctl."net.ipv4.ip_forward" = 1; users.users.riot = { uid = genid_uint31 "riot"; isNormalUser = true; @@ -33,23 +32,10 @@ with import <stockholm/lib>; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange" ]; - packages = [ - (pkgs.writeDashBin "kick-routing" '' - /run/wrappers/bin/sudo ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service - '') - ]; }; - security.sudo.extraConfig = '' - riot ALL=(root) NOPASSWD: ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service - ''; - - # TODO write function for proxy_pass (ssl/nonssl) - krebs.iptables.tables.filter.FORWARD.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 192.168.122.141"; target = "ACCEPT"; } - ]; - krebs.iptables.tables.nat.PREROUTING.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 95.216.1.130"; target = "DNAT --to-destination 192.168.122.141"; } + { v6 = false; precedence = 1000; predicate = "--destination 95.216.1.130"; target = "ACCEPT"; } + { v6 = false; precedence = 1000; predicate = "--source 95.216.1.130"; target = "ACCEPT"; } ]; } { diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index 151cfbf41..027a27b2b 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -78,29 +78,31 @@ boot.loader.grub.version = 2; boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" ]; - boot.kernelParams = [ "net.ifnames=0" ]; + # we don't pay for power there and this might solve a problem we observed at least once + # https://www.thomas-krenn.com/de/wiki/PCIe_Bus_Error_Status_00001100_beheben + boot.kernelParams = [ "pcie_aspm=off" "net.ifnames=0" ]; networking.dhcpcd.enable = false; + + # bridge config + networking.bridges."ext-br".interfaces = [ "eth0" ]; networking = { hostId = "2283aaae"; defaultGateway = "95.216.1.129"; - defaultGateway6 = { address = "fe80::1"; interface = "eth0"; }; + defaultGateway6 = { address = "fe80::1"; interface = "ext-br"; }; # Use google's public DNS server nameservers = [ "8.8.8.8" ]; - interfaces.eth0.ipv4.addresses = [ + interfaces.ext-br.ipv4.addresses = [ { address = "95.216.1.150"; prefixLength = 26; } - { - address = "95.216.1.130"; - prefixLength = 26; - } ]; - interfaces.eth0.ipv6.addresses = [ + interfaces.ext-br.ipv6.addresses = [ { address = "2a01:4f9:2a:1e9::1"; prefixLength = 64; } ]; }; + } diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 9b2b58f22..efd6c8a24 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -79,9 +79,7 @@ in { powertop rxvt-unicode sshvnc - (pkgs.writers.writeDashBin "sxiv" '' - ${pkgs.nsxiv}/bin/nsxiv "$@" - '') + sxiv nsxiv taskwarrior termite diff --git a/lass/2configs/xmonad.nix b/lass/2configs/xmonad.nix index fd70f8b15..05d719b8f 100644 --- a/lass/2configs/xmonad.nix +++ b/lass/2configs/xmonad.nix @@ -45,6 +45,7 @@ import XMonad.Layout.Minimize (minimize) import XMonad.Layout.NoBorders (smartBorders) import XMonad.Layout.MouseResizableTile (mouseResizableTile) import XMonad.Layout.SimplestFloat (simplestFloat) +import XMonad.Layout.StateFull import XMonad.ManageHook (composeAll) import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig) import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy) @@ -87,7 +88,7 @@ main = do myLayoutHook = defLayout where - defLayout = minimize . boringWindows $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile ||| Grid) + defLayout = minimize . boringWindows $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| StateFull ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile ||| Grid) floatHooks = composeAll [ className =? "Pinentry" --> doCenterFloat diff --git a/lass/3modules/drbd.nix b/lass/3modules/drbd.nix index 816e58f0a..dbc3db4db 100644 --- a/lass/3modules/drbd.nix +++ b/lass/3modules/drbd.nix @@ -64,13 +64,42 @@ in { services.udev.packages = [ pkgs.drbd ]; boot.kernelModules = [ "drbd" ]; - environment.systemPackages = [ pkgs.drbd ]; + environment.systemPackages = [ + pkgs.drbd + (pkgs.writers.writeDashBin "drbd-change-nodeid" '' + # https://linbit.com/drbd-user-guide/drbd-guide-9_0-en/#s-using-truck-based-replication + set -efux + if [ "$#" -ne 2 ]; then + echo '$1 needs to be drbd volume name' + echo '$2 needs to be new node id' + exit 1 + fi + + + TMPDIR=$(mktemp -d) + trap 'rm -rf $TMPDIR' EXIT + + V=$1 + NODE_TO=$2 + META_DATA_LOCATION=internal + + ${pkgs.drbd}/bin/drbdadm -- --force dump-md $V > "$TMPDIR"/md_orig.txt + NODE_FROM=$(cat "$TMPDIR"/md_orig.txt | ${pkgs.gnused}/bin/sed -n 's/^node-id \(.*\);$/\1/p') + ${pkgs.gnused}/bin/sed -e "s/node-id $NODE_FROM/node-id $NODE_TO/" \ + -e "s/^peer.$NODE_FROM. /peer-NEW /" \ + -e "s/^peer.$NODE_TO. /peer[$NODE_FROM] /" \ + -e "s/^peer-NEW /peer[$NODE_TO] /" \ + < "$TMPDIR"/md_orig.txt > "$TMPDIR"/md.txt + + drbdmeta --force $(drbdadm sh-minor $V) v09 $(drbdadm sh-md-dev $V) $META_DATA_LOCATION restore-md "$TMPDIR"/md.txt + '') + ]; networking.firewall.allowedTCPPorts = map (device: device.port) (lib.attrValues cfg); systemd.services = lib.mapAttrs' (_: device: lib.nameValuePair "drbd-${device.name}" { - after = [ "systemd-udev.settle.service" "network.target" ]; + after = [ "systemd-udev.settle.service" "network.target" "retiolum.service" ]; wants = [ "systemd-udev.settle.service" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { @@ -88,7 +117,7 @@ in { ''} if ! ${pkgs.drbd}/bin/drbdadm adjust ${device.name}; then ${pkgs.drbd}/bin/drbdadm down ${device.name} - ${pkgs.drbd}/bin/drbdadm create-md ${device.name} + ${pkgs.drbd}/bin/drbdadm create-md ${device.name}/0 --max-peers 31 ${pkgs.drbd}/bin/drbdadm up ${device.name} fi ''; diff --git a/lass/5pkgs/drbd9/default.nix b/lass/5pkgs/drbd9/default.nix new file mode 100644 index 000000000..34ef0f564 --- /dev/null +++ b/lass/5pkgs/drbd9/default.nix @@ -0,0 +1,35 @@ +{ lib, stdenv, git, fetchzip, fetchFromGitHub, kernel }: let + + version = "9.1.7"; + +in stdenv.mkDerivation { + pname = "drbd"; + version = "${kernel.version}-${version}"; + + src = fetchzip { + url = "https://pkg.linbit.com//downloads/drbd/9/drbd-9.1.7.tar.gz"; + sha256 = "sha256-JsbtOrqhZkG7tFEc6tDmj3RlxZggl0HOKfCI8lYtQok="; + }; + # src = fetchFromGitHub { + # owner = "LINBIT"; + # repo = "drbd"; + # rev = "drbd-${version}"; + # sha256 = "sha256-8HAt+k0yi6XsZZ9mkVCQkv2pn65o3Zsa0KwTSBJh0yY="; + # leaveDotGit = true; + # }; + + nativeBuildInputs = [ git ] ++ kernel.moduleBuildDependencies; + + # hardeningDisable = [ "pic" ]; + + makeFlags = kernel.makeFlags ++ [ + "KDIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" + ]; + + installPhase = '' + install -D drbd/drbd.ko -t "$out/lib/modules/${kernel.modDirVersion}/updates/" + install -D drbd/drbd_transport_tcp.ko -t "$out/lib/modules/${kernel.modDirVersion}/updates/" + ''; + + enableParallelBuilding = true; +} diff --git a/lass/5pkgs/sxiv/default.nix b/lass/5pkgs/sxiv/default.nix new file mode 100644 index 000000000..04fc1c3f6 --- /dev/null +++ b/lass/5pkgs/sxiv/default.nix @@ -0,0 +1,27 @@ +{ nsxiv, writers }: + +writers.writeDashBin "sxiv" '' + set -efu + tmpfile="''${TMPDIR:-/tmp}/nsxiv_pipe_$$" + trap 'rm -f -- $tmpfile' EXIT + + if [ "$#" -eq 0 ]; then + if [ -t 0 ]; then + echo "sxiv: No arguments provided" >&2; exit 1 + else + # Consume stdin and put it in the temporal file + cat > "$tmpfile" + fi + fi + + for arg in "$@"; do + # if it's a pipe then drain it to $tmpfile + [ -p "$arg" ] && cat "$arg" > "$tmpfile" + done + + if [ -s "$tmpfile" ]; then + ${nsxiv}/bin/nsxiv -q "$@" "$tmpfile" # -q to silence warnings + else + ${nsxiv}/bin/nsxiv "$@" # fallback + fi +'' |