diff options
author | tv <tv@krebsco.de> | 2021-01-18 15:24:18 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2021-01-18 15:24:18 +0100 |
commit | ff6f5ef5e1cdbd27b2211c54643fa2754f888cbb (patch) | |
tree | b33763a7ac8040efe988f8bed2fe1c649cc155dd /krebs/3modules | |
parent | 7b7ebd8708885633c926c21a4b71d5d4ce8931cf (diff) | |
parent | 2a32b7731496615e43a06ec1049f6716c49a1999 (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'krebs/3modules')
-rw-r--r-- | krebs/3modules/brockman.nix | 34 | ||||
-rw-r--r-- | krebs/3modules/default.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/external/default.nix | 25 | ||||
-rw-r--r-- | krebs/3modules/go.nix | 96 | ||||
-rw-r--r-- | krebs/3modules/krebs/default.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/lass/default.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/makefu/default.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/newsbot-js.nix | 102 |
8 files changed, 127 insertions, 138 deletions
diff --git a/krebs/3modules/brockman.nix b/krebs/3modules/brockman.nix new file mode 100644 index 000000000..55e8255b4 --- /dev/null +++ b/krebs/3modules/brockman.nix @@ -0,0 +1,34 @@ +{ pkgs, lib, config, ... }: +with lib; +let + cfg = config.krebs.brockman; +in { + options.krebs.brockman = { + enable = mkEnableOption "brockman"; + config = mkOption { type = types.attrs; }; # TODO make real config here + }; + + config = mkIf cfg.enable { + users.extraUsers.brockman = { + home = "/var/lib/brockman"; + createHome = true; + isNormalUser = false; + }; + + systemd.services.brockman = { + description = "RSS to IRC broadcaster"; + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + serviceConfig = { + Restart = "always"; + ExecStart = '' + ${pkgs.brockman}/bin/brockman ${pkgs.writeText "brockman.json" (builtins.toJSON cfg.config)} + ''; + User = config.users.extraUsers.brockman.name; + PrivateTmp = true; + RuntimeDirectory = "brockman"; + WorkingDirectory = "%t/brockman"; + }; + }; + }; +} diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index bd6bab376..8c620a4e2 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -11,6 +11,7 @@ let ./apt-cacher-ng.nix ./backup.nix ./bepasty-server.nix + ./brockman.nix ./buildbot/master.nix ./buildbot/slave.nix ./build.nix @@ -36,7 +37,6 @@ let ./kapacitor.nix ./konsens.nix ./monit.nix - ./newsbot-js.nix ./nixpkgs.nix ./on-failure.nix ./os-release.nix diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 277169e11..efe3ace0f 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -579,6 +579,31 @@ in { }; }; }; + karakalpakstan = { + owner = config.krebs.users.xkey; + nets = { + retiolum = { + ip4.addr = "10.243.161.1"; + aliases = [ "karakalpakstan.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA45kRCvWIaVteKQiz31AOjkEwHwOns/6SGXYzL5IswoEOT/i/8Ihl + l+ydTMTE28zs1nQp8MUBEdsJF02U8aEjPCyyMtZflZ+uaUAeJ0zAWTcb4AwdSjp+ + RKApp+LmVNDyx3W6rIgK7WYLfKhge4nRAlnshpekzaS2j7ccKhZMBIqyntYDJb6K + lE4poAgemMlE0apFV54d3ohWCZurfJ/K6BpsX7h+uwqFPOHi+pD7D/e2dHhSLXtS + 0cuFseQwqDF+xd5MAmApHO8w/BEdKWeU19TZmzkC5TlIO1HcknMq4Y8QkzCc5PXb + 5WeEdi1CyIGePldFv91LoHepsMV3nrIF7n6ZmdTuxj5GH0A0Zg0z4hrWJuXk64JM + bTpe/rDXWOG0IK0HN4z14ySD8yafLTV4gvH9Mg6jUqyqGfLpIK+o/N7ZavOeVKq5 + 3Hf9c246v1vhHjnbat5GyY79PmimEvxR51mOItpRoyJYfdSa3KrvUki0MboCiYAU + GKBmEw2BR3eybnejHqvAFov30MkmkOTz3mV/UPKELqhGCQf6UJAKG0GoxGpK3m8k + epNSAKUpj8B7+JM3Ybgl+CoAm/+qu7Ojp5j4Onn0kgB2yXryHJaNOdgraCXI2yzt + /n/eHElmKWoMCXhkV/mee1Cl2Y74XKivM6ov3lLvIDRxdXl46PvBFVkCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + }; users = { ajs124 = { diff --git a/krebs/3modules/go.nix b/krebs/3modules/go.nix index 218ac9221..4df73509c 100644 --- a/krebs/3modules/go.nix +++ b/krebs/3modules/go.nix @@ -13,52 +13,78 @@ let api = { enable = mkEnableOption "Enable go url shortener"; port = mkOption { - type = types.str; - default = "1337"; + type = types.int; + default = 1337; description = "on which port go should run on"; }; - redisKeyPrefix = mkOption { - type = types.str; - default = "go:"; - description = "change the Redis key prefix which defaults to `go:`"; - }; }; imp = { - services.redis = { - enable = mkDefault true; - bind = mkDefault "127.0.0.1"; - }; + krebs.htgen.go = { + port = cfg.port; + script = ''. ${pkgs.writeDash "go" '' + find_item() { + if test ''${#1} -ge 7; then + set -- "$(find "$STATEDIR/items" -mindepth 1 -maxdepth 1 \ + -regex "$STATEDIR/items/$1[0-9A-Za-z]*$")" + if test -n "$1" && test $(echo "$1" | wc -l) = 1; then + echo "$1" + return 0 + fi + fi + return 1 + } - users.extraUsers.go = rec { - name = "go"; - uid = genid name; - description = "go url shortener user"; - home = "/var/lib/go"; - createHome = true; - }; + STATEDIR=$HOME + mkdir -p "$STATEDIR/items" - systemd.services.go = { - description = "go url shortener"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; + case "$Method $Request_URI" in + "GET /"*) + if item=$(find_item "''${Request_URI#/}"); then + uri=$(cat "$item") + printf 'HTTP/1.1 302 Found\r\n' + printf 'Content-Type: text/plain\r\n' + printf 'Connection: closed\r\n' + printf 'Location: %s\r\n' "$uri" + printf '\r\n' + exit + fi + ;; + "POST /") + uri=$(mktemp -t htgen.$$.content.XXXXXXXX) + trap 'rm $uri >&2' EXIT - path = with pkgs; [ - go-shortener - ]; + head -c "$req_content_length" \ + | sed 's/+/ /g;s/%\(..\)/\\x\1/g;' \ + | xargs -0 echo -e \ + | tee /tmp/tee.log \ + | ${pkgs.urix}/bin/urix \ + | head -1 \ + > "$uri" + sha256=$(sha256sum -b "$uri" | cut -d\ -f1) + base32=$(${pkgs.nixStable}/bin/nix-hash --to-base32 --type sha256 "$sha256") + item="$STATEDIR/items/$base32" + ref="http://$req_host/$base32" - environment = { - PORT = cfg.port; - REDIS_KEY_PREFIX = cfg.redisKeyPrefix; - }; + if ! test -e "$item"; then + mkdir -v -p "$STATEDIR/items" >&2 + cp -v "$uri" "$item" >&2 + fi - restartIfChanged = true; + base32short=$(echo "$base32" | cut -b-7) + if item=$(find_item "$base32short"); then + ref="http://$req_host/$base32short" + fi - serviceConfig = { - User = "go"; - Restart = "always"; - ExecStart = "${pkgs.go-shortener}/bin/go"; - }; + printf 'HTTP/1.1 200 OK\r\n' + printf 'Content-Type: text/plain; charset=UTF-8\r\n' + printf 'Connection: close\r\n' + printf '\r\n' + printf '%s\n' "$ref" + exit + ;; + esac + ''}''; }; }; diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 5e3ddcb2d..d0648418f 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -128,9 +128,11 @@ in { ip4.addr = "10.243.77.2"; aliases = [ "puyak.r" + "brockman.r" "build.puyak.r" "cgit.puyak.r" "go.r" + "rss.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 3466ef8eb..a4586bed4 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -44,6 +44,7 @@ in { matrix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + streaming 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; }; nets = rec { @@ -604,6 +605,7 @@ in { }; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXS60mmNWMdMRvaPxGn91Cm/hm7zY8xn5rkI4n2KG/f "; + syncthing.id = "JS4RFIL-MJP2SMJ-EOQXCPQ-MC3NB4V-BQ77GN5-LPKGLWY-GHDP732-G22OJQQ"; }; hilum = { cores = 1; diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index e204b4f31..2cb70eec4 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -243,6 +243,8 @@ in { "wiki.makefu.r" "warrior.gum.r" "sick.makefu.r" + "dl.gum.r" + "dl.makefu.r" ]; }; }; diff --git a/krebs/3modules/newsbot-js.nix b/krebs/3modules/newsbot-js.nix deleted file mode 100644 index a3640caa5..000000000 --- a/krebs/3modules/newsbot-js.nix +++ /dev/null @@ -1,102 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -let - - cfg = config.krebs.newsbot-js; - - enable = cfg != {}; - - out = { - options.krebs.newsbot-js = api; - config = mkIf enable imp; - }; - - api = mkOption { - type = types.attrsOf (types.submodule ({ config, ... }: { - options = { - enable = mkEnableOption "Enable krebs newsbot" // { default = true; }; - - channel = mkOption { - type = types.str; - default = "#${config._module.args.name}"; - description = "post the news in this channel"; - }; - feeds = mkOption { - type = types.path; - description = '' - file with feeds to post - format: - $nick|$feedURI - ''; - }; - ircServer = mkOption { - type = types.str; - default = "localhost"; - description = "to which server the bot should connect"; - }; - masterNick = mkOption { - type = types.str; - default = config._module.args.name; - description = "nickname of the master bot"; - }; - package = mkOption { - type = types.package; - default = pkgs.newsbot-js; - description = "newsbot package to use"; - }; - urlShortenerHost = mkOption { - type = types.str; - default = "go.r"; - description = "what server to use for url shortening, host"; - }; - urlShortenerPort = mkOption { - type = types.str; - default = "80"; - description = "what server to use for url shortening, port"; - }; - }; - })); - default = {}; - }; - - imp = { - users.extraUsers.newsbot-js = { - name = "newsbot-js"; - uid = genid "newsbot-js"; - description = "newsbot-js user"; - home = "/var/empty"; - }; - - systemd.services = mapAttrs' (name: newsbot: - nameValuePair "newsbot-${name}" { - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - - path = with pkgs; [ - newsbot-js - ]; - - environment = { - irc_server = newsbot.ircServer; - master_nick = newsbot.masterNick; - news_channel = newsbot.channel; - feeds_file = newsbot.feeds; - url_shortener_host = newsbot.urlShortenerHost; - url_shortener_port = newsbot.urlShortenerPort; - }; - - restartIfChanged = true; - - serviceConfig = { - User = "newsbot-js"; - Restart = "always"; - ExecStart = "${newsbot.package}/bin/newsbot"; - WatchdogSec = "86400"; - }; - } - ) cfg; - }; - -in out |