summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2022-09-23 22:25:15 +0200
committermakefu <github@syntax-fehler.de>2022-09-23 22:25:15 +0200
commit57eceb7c056f90da0bc107e73795967e76ad92bf (patch)
tree7087e89c115ff4a97f74ca629d5e59e740b04b25 /krebs
parent092e42f7370b604ba05eda9b3ab1e07c91541d9a (diff)
parent55957c6d6adb51d2079c117c1e7309c60ee0fe0f (diff)
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'krebs')
-rw-r--r--krebs/2configs/reaktor2.nix6
-rw-r--r--krebs/3modules/default.nix81
-rw-r--r--krebs/3modules/external/default.nix50
-rw-r--r--krebs/3modules/external/mic92.nix163
-rw-r--r--krebs/3modules/tv/default.nix13
-rw-r--r--krebs/3modules/zones.nix107
-rw-r--r--krebs/5pkgs/haskell/default.nix10
-rw-r--r--krebs/5pkgs/haskell/mailaids.nix10
-rw-r--r--krebs/5pkgs/haskell/nix-serve-ng.nix30
-rw-r--r--krebs/5pkgs/haskell/purebred-email/default.nix16
-rw-r--r--krebs/5pkgs/simple/certaids.nix109
-rw-r--r--krebs/nixpkgs-unstable.json8
-rw-r--r--krebs/nixpkgs.json8
13 files changed, 393 insertions, 218 deletions
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix
index 2ed0b08fb..233fe2fd7 100644
--- a/krebs/2configs/reaktor2.nix
+++ b/krebs/2configs/reaktor2.nix
@@ -61,7 +61,7 @@ let
];
hooks.PRIVMSG = [
{
- pattern = "^bier bal(an(ce)?)?$";
+ pattern = "^bier (ballern|bal(an(ce)?)?)$";
activate = "match";
command = {
env = {
@@ -90,6 +90,10 @@ let
amt=$2
unit=$3
printf '%s\n %s %d %s\n %s %d %s\n' "$(date -Id)" "$tonick" "$amt" "$unit" "$_from" "$(expr 0 - "''${amt#+}")" "$unit" >> $state_file
+ ${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \
+ | ${pkgs.coreutils}/bin/tail +2 \
+ | ${pkgs.miller}/bin/mlr --icsv --opprint cat \
+ | ${pkgs.gnugrep}/bin/grep "$_from"
'';
};
}
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 8ea727dc7..7f0070483 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -138,41 +138,54 @@ let
let inherit (config.krebs.build.host.ssh) privkey; in
mkIf (privkey != null) [privkey];
- # TODO use imports for merging
services.openssh.knownHosts =
- (let inherit (config.krebs.build.host.ssh) pubkey; in
- optionalAttrs (pubkey != null) {
- localhost = {
- hostNames = ["localhost" "127.0.0.1" "::1"];
- publicKey = pubkey;
- };
- })
- //
- mapAttrs
- (name: host: {
- hostNames =
- concatLists
- (mapAttrsToList
- (net-name: net:
- let
- longs = net.aliases;
- shorts =
- optionals
- (cfg.dns.search-domain != null)
- (map (removeSuffix ".${cfg.dns.search-domain}")
- (filter (hasSuffix ".${cfg.dns.search-domain}")
- longs));
- add-port = a:
- if net.ssh.port != 22
- then "[${a}]:${toString net.ssh.port}"
- else a;
- in
- map add-port (shorts ++ longs ++ net.addrs))
- host.nets);
-
- publicKey = host.ssh.pubkey;
- })
- (filterAttrs (_: host: host.ssh.pubkey != null) cfg.hosts);
+ filterAttrs
+ (knownHostName: knownHost:
+ knownHost.publicKey != null &&
+ knownHost.hostNames != []
+ )
+ (mapAttrs
+ (hostName: host: {
+ hostNames =
+ concatLists
+ (mapAttrsToList
+ (netName: net:
+ let
+ aliases =
+ concatLists [
+ shortAliases
+ net.aliases
+ net.addrs
+ ];
+ shortAliases =
+ optionals
+ (cfg.dns.search-domain != null)
+ (map (removeSuffix ".${cfg.dns.search-domain}")
+ (filter (hasSuffix ".${cfg.dns.search-domain}")
+ net.aliases));
+ addPort = alias:
+ if net.ssh.port != 22
+ then "[${alias}]:${toString net.ssh.port}"
+ else alias;
+ in
+ map addPort aliases
+ )
+ host.nets);
+ publicKey = host.ssh.pubkey;
+ })
+ (foldl' mergeAttrs {} [
+ cfg.hosts
+ {
+ localhost = {
+ nets.local = {
+ addrs = [ "127.0.0.1" "::1" ];
+ aliases = [ "localhost" ];
+ ssh.port = 22;
+ };
+ ssh.pubkey = config.krebs.build.host.ssh.pubkey;
+ };
+ }
+ ]));
programs.ssh.extraConfig = concatMapStrings
(net: ''
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index bf0b82de0..8ddd565d6 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -588,6 +588,31 @@ in {
};
};
};
+ aland = {
+ owner = config.krebs.users.xkey;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.12.34";
+ aliases = [ "aland.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAwR1e8/4Lx7gqSyFhA5WpfT4LsnXqYARR6y+gYAOSre6wMvBm/OBY
+ CKEYCCfqQD3naukID9FqleXaZdIxp6xxBIYZ1yi1Xn032MPP0S37oZAxJlXvlEaU
+ plG9ct6Zh6qTzpghP2UyYD4RxhLwvsRTycwLF93D+a1z1/CNNDLSoTS11BLtvhDb
+ DmxTVY/1hWJUiVR4KyRsYnJ3N1Heg/4R/Su4oFm+DatfFYdzhaNsk9q3YYIRdRcx
+ aHLF65ygVTjG/rUJp/OvkeU1G5rc0ldpd7zR8N8kkjgI1lmZe50mUGghKr1zexV+
+ OkIjXGrwTk4RZk3kZO6PZu56rrsR8HZirfrtJWRy7UgAm3S/lZku7X4SN3+7pfL1
+ ero6/XB4CHeQ9OpQemcR5o6AR0ncE0TApqeoLd1U710XmwM09ifawAO3jm9ER19X
+ TKFHeBzqsToPmternXnAKgg2NYyKStkavQu6JTl/uOXdfqfMc9TU6mzV8aBo7ZDa
+ aLdlg0phcFCcZT8zJGzA3des70AHWmQ7G49pBysnXk8p+1l3SPazGAlIWBCT6oZX
+ zUUauGEgsuTkDC+JijUm/1HrrMfiigHeBTZKPLqe/75MkumukXqTzd3zfUEcA5Vf
+ VgEnL2jNVFfocJtmhLQdkmnSiIQslRSOHMC94ZWa0ku0kHZ3XawwwY0CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "gOEzoUsuJyaGIjoZIyS9uZa+zLYfN6BEZrbCTeAWW7A";
+ };
+ };
+ };
papawhakaaro = {
owner = config.krebs.users.feliks;
nets = {
@@ -613,6 +638,31 @@ in {
};
};
};
+ iti = {
+ owner = config.krebs.users.feliks;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.10.244";
+ aliases = [ "iti.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA5TXEmw3F3lCekITBPW8QYF1ciKHN8RSi47k1vW+jXb6gdWcVo5KL
+ Ithq3T2+jWJJQoOJEDl5Tvo9ilF0oE0AqSNnvfgS/t8xfFVEsNvHodbonXXku5cF
+ N7oFooAgQRXAUJpEQLtcfx9kJutSYgGeEvoRGZkWaqY6tzPL45U2WEna+MJ/P1Cd
+ 57JMOLeJJEjZKtC/XqPOQ81KNcm161RKekHas5ZNK30QEVP9QsjTDoLesYwm1ywt
+ 4LiHRHSSHd65pKXJvi1haEYw25BxIun7kY4IQHrfEuK3DNs0kyYJj2rKL4C9kHgT
+ hYd+fFl1i/X1BjPzo+ZY91ahLVX3UPpOsB8vC9Q7Ctm1Nkc/bCfKRUNbamkS0Bwf
+ tngak3heGvuek6Y7qWQUkvMkPLhZwZUXUz+DBXGWXabP5LL8Z/y3V+Qqj0snEsZ3
+ 9iOF+eeDw2/9hBzRzBPGtwL1DREgd+1J/XlHLcjF4jzkMhweIXw2Yh0Jq7D5Nqf3
+ kPF9n/50zbQneSGEiKFeHm1ykag/KV0ebWHUOy1Gydbs7+RxT9GUiZofI6kyjJUI
+ g1w1ajkZYIIqhIvhMHudLay5h4kLkdGN9yuRNO/BG5sGk5MywZHyMploIX0ZRVui
+ +H3Sx2y268r/Fs6JcaddmzFwFqNmdRTRv/KBp91QGnjcaJDzQPKg/IsCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "uG9D7hrWNx+9otDFlZ8Yi31L6xxC7dzGlqXBLkzJCwE";
+ };
+ };
+ };
hydrogen = {
owner = config.krebs.users.sandro;
nets = rec {
diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix
index 3bd2c1b7b..e89b8c7fb 100644
--- a/krebs/3modules/external/mic92.nix
+++ b/krebs/3modules/external/mic92.nix
@@ -10,66 +10,6 @@ with import <stockholm/lib>;
});
in {
hosts = mapAttrs hostDefaults {
- amy = {
- owner = config.krebs.users.mic92;
- nets = rec {
- internet = {
- ip4.addr = "129.215.165.57";
- ip6.addr = "2001:630:3c1:164:b62e:99ff:fe3e:d369";
- aliases = [ "amy.i" ];
- };
- retiolum = {
- ip4.addr = "10.243.29.181";
- aliases = [ "amy.r" ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAr3jQRA1+hLKYVgHJA2ax5W8J3GVMTnaGpYw9Q2xXXrX/jxLZ6Ia8
- hBjIcCBDVL5Q3FnyrKB9NJeeIvCOKg8WG+8O0+wKcePKd0Vhbsx4Whog/6PWs6qh
- q2sURs2tp1hjHks4kZo2WtiYD7Ue9HHdV6FlUO6yuBV0bW2RzHdLPCDSGxnQVkBM
- tSwAvMCZwvVBiv4m6RyMXqmpdbAPBzgJcmJS0FY+zGxpiwsR/AdoVvnzYyFMCVpG
- iFl5+k9OGhUJq72MwAXzjW5ZdCPrG+2Dd+QBhhtIMJGA2sJiJteT8vdvpTNCiHJ/
- HnW7movliN2mW86qwo7QqB5v0c9f9TjfpOld7sS/4vE3zlGi/Stf6SQWaoXez/u3
- /P9GzupcYgj76m8Z3j7BMHXCBw8iwP2pZpL9hnLdIyCcyLrzXDIzq4hlt60DPhSU
- klTDBUA/cUdSJGcSn2N+WHLOTfI6qeBNKqcTk70OQsa69jAJeAtA+I9OprNYOXqb
- MmQakNNlrTaNtGQxfQqEL+wqHlo8CVDGm3O9pQSNF309P4TLNU1EYm+ItScNiVCE
- DKhcgvE6xHCwZnVyJN8MMy1CVyDmnHVYoaTEZ2cCvNi/hXIXgO9KWjSpAv5tP764
- UkOE4dlDpEW6G1pNf84BERfRYGDj29A/Jk9LJC/6D09QJXNu18HR0sUCAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
- tinc.pubkey_ed25519 = "6VktF9Fg9E0hCW5g+rwGnrPACPSx/8vkl+hPNaFYeND";
- };
- };
- };
- clara = {
- owner = config.krebs.users.mic92;
- nets = rec {
- internet = {
- ip4.addr = "129.215.165.58";
- ip6.addr = "2001:630:3c1:164:b62e:99ff:fe3d:70f2";
- aliases = [ "clara.i" ];
- };
- retiolum = {
- ip4.addr = "10.243.29.182";
- aliases = [ "clara.r" ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEA07G1n2sA804nnjWQzq0Fi9i6kxJUo+jVJjtkm5unw3hjflAAd/3d
- WN+01GdJCk/gr7DfU/Xr5KnR39Z3ADoT1tbUb+i5AJZ5/8VHUwWM8D8mQAam6LBf
- UEeLxhVH8rG6lHaKwVi9oe4gPhgptUOzX/YIlJOMYDlYRxc7Wbj7YQOAKlPuTAjY
- Z5bLswfkqTMO0cioJNwwMCNWSMJf3jbKi3eTQ36sf7TDMEneNGSBUpeSjGddoNT/
- rrVIDDT8tGmtACKr+3Y0H+EA2K5IxdQKKfnPRR31RBWiTkEXBbaJzYO/ZV5/xlbN
- wmblskwq9d9IwDY7qeMctci+ZUZ3epG8MUwYa4faOrgmmkQpa5B+6UOMzw/WDJEc
- jTfvSzfPo4anoj8C+MOQYzRvYmp60YEZKomv2BQdBvpGIpUul8WAR2aV0K+wz66e
- mUamljAXmLiPxgGKduX5VFVuXzYxeMiBBujQCLTjc+xTB2EdwihxNX1rkxz10BDc
- WrgPV+/VVyThKhOvVCifWARHtT2VGcZazfQOW/y3ZmEPOYuc5ZvrSEiMeG3f64+v
- UU8cQZ3yBLIhTtC+38pRlsdBQHt526q0j0rrnd30JXVAUdWBunP2UJ5QGtA8/mWn
- cWSlvRf5sfbyrISz6+mLPM2qGHnCkKwORNxmv/1DY07O3Rn6hX0OY4ECAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
- tinc.pubkey_ed25519 = "qnJmS6W7QSKG3mjW1kPnHGeVmKzhGkyP9xBLGwH5XvD";
- };
- };
- };
dimitrios = {
owner = config.krebs.users.mic92;
nets = {
@@ -111,37 +51,6 @@ in {
};
};
};
- donna = {
- owner = config.krebs.users.mic92;
- nets = rec {
- internet = {
- ip4.addr = "129.215.165.54";
- ip6.addr = "2001:630:3c1:164:30a2:6e7b:c58b:cafd";
- aliases = [ "donna.i" ];
- };
- retiolum = {
- via = internet;
- ip4.addr = "10.243.29.180";
- aliases = [ "donna.r" ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAnv5zVPwjHk5Q72D3tv2rlQkp7SOsZD7Wvz8l1yI/mWkxoriJ9MVa
- x8RziSB3KF8sF1lRWIKmuynkgLI3w0X/YFs/fAvtayxk6Qf8DOl23Vd8Is0h/i3I
- 0fCmCEIHhHboKsREW6NxY7w5WAI2+SFNmGef1P7vzrAv7iLyPbo9nQ8wlrAmc+PJ
- Ao3BOf4U7kP778fhsPA4dlGtF2v9CBhygeGVI/DQR8jcvzeiPd2Dr0k/JvrVMYtf
- wJW4xUwZkIpws/yfI8b4VJOFl2X/Yw9712Z8Jvga0rR32OG4YbnggvuCMum1g94k
- YwMjaSckv1XTalvPQuf1Od96XzwL2hjPFpEK3Tdl4AitMnArgj9HNzhcRL+eGonf
- U24zk52OToHnoP3palNpodi7DziIBeXIaIMl7VMXku2ymbOUJsI6zeew+uZahJkv
- QIWjxveQ8N40BoTc8Yg6pea1AId3l4f3brtwJbQOVbb3bVQ5VcrxM9Q/TBvyADYR
- Knwszxw3uBw5Za1FMbwCPwd8/y/Ar19qGCx25xK0QnsyqZZT/cHsbBOTzh6BBWwI
- IzbYu49VO/B1rktYzZ2l2ENQy6OILXWbvFjC8Pt8f1ZZQ4A21PyNA1AdyJ/rbVj7
- awm3OnnvKSvMCXWnwHPFHjksb3qMx96Aep1cw3ZBx0sQQ41UWBoOsi8CAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
- tinc.pubkey_ed25519 = "ikUmx5IC1dvfaHFhpZM9xotwF2LH6EkvpcPTRm6TjeD";
- };
- };
- };
herbert = {
owner = config.krebs.users.mic92;
nets = rec {
@@ -497,37 +406,6 @@ in {
};
};
};
- rose = {
- owner = config.krebs.users.mic92;
- nets = rec {
- internet = {
- ip4.addr = "129.215.165.52";
- ip6.addr = "2001:630:3c1:164:6d4:c4ff:fe04:4e4b";
- aliases = [ "rose.i" ];
- };
- retiolum = {
- via = internet;
- ip4.addr = "10.243.29.178";
- aliases = [ "rose.r" ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEA0h88uEcgVFhggGh3xqHySt8T+oDdoSN8ve4ZPmMzrGCD4dnlWcUO
- 6uMiwE7XG667wvjB0J2RbCJ8n8/r6eQgp6sRfPzSQL/Mc74J+py+sOVOjjjL5wJX
- btrYmASO3GKUSMhGmM0IiwHMIPrmUViaREDrweF3bUwK45d/ocqpBkc+nF27kksd
- DMYjHMWRIkKuQaj592zo/kY1pAJ/yAvDPess0x1CLL6uDNbjTr2S/L7JHdzZs9Xq
- 1+SGdVtqD0sWgSBKA0PC/Mi+Divd4PC1SoSL7wZRWD0Y2DNgj3+xUc7hAWRCw2Gs
- 5wofK+qiwnyYAmeNYcyQfDLosKZF9hOM8U3UbxptkPLsOK3cfZoGoLQCuOryVDBe
- 6GfJkJ49WfuSSNWs3WPWL6/6zmVPeGR0TvoMt02VQ3cKTmeIkWyTIzSVoC7wYv5D
- Dl8Xt3aFr9UFI2GxenesViyuDLi8cy2fOsM3r+gowXQtgEKoXc9W2vyPwIIlcWUJ
- QrKVsyNlkKKL0YjsnGazaEvqdiE30/Iq7f7VBnXnWXRLnZhr85HbTdDQnpT4GcEv
- W3jpl1y5zShr5Hz90QoYcUTsxg9uk/+yqKpwUySZ6Gh4q0bo5k7nkM9i8mCMfNGZ
- 0UU94QmwS9RoV4Mt4pSLYRcCs0mVeEjLuIfTFHkXc6LCjBWMn8ICfeMCAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
- tinc.pubkey_ed25519 = "0O1LrgXAFOuei1NfU0vow+qUfim3htBOyCJvPrQFwHE";
- };
- };
- };
turingmachine = {
owner = config.krebs.users.mic92;
nets = rec {
@@ -661,26 +539,6 @@ in {
};
};
};
- doctor = {
- owner = config.krebs.users.mic92;
- nets = rec {
- retiolum = {
- ip4.addr = "10.243.29.186";
- aliases = [ "doctor.r" ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAx0zdjPX9C0fBQR+8kdlsBTuMr4KxWhqw4ARqW02oSGKJxY+D57oO
- ORVfjBhrvIiZJfXaY0M+/n+M4Bvt4r5ol3N1NxkT7vc0bAbz9Kk/0M8dlspNoSO9
- WW+mITVfxg/DgzDegjj4TOrsWC1jBjo4PVrvA+PnxZC4VucnqZZ55JHWAk/mPtzs
- PUc3mkn3e9pwwrJMQRy7qg9fbatljHCb/fJoDk6DiQP4ZRE/pCf4OYCx7huHibsd
- EMp7y5QJySmKwJ/XsS6yiHeYXLFwWvfReja/IRFL4RiDSW+6ES4PTEXxoLVDpqgv
- KF44qim4UBabCMTPVtZcU3Rr+ufBALKJCwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- tinc.pubkey_ed25519 = "PmZ8i6lB0Ij/d8qjA0y3QI2rMAlrTZn1ES/hUSNNWMP";
- };
- };
- };
bernie = {
owner = config.krebs.users.mic92;
nets = rec {
@@ -1048,6 +906,27 @@ in {
};
};
};
+
+ blob64 = {
+ owner = config.krebs.users.mic92;
+ nets = rec {
+ retiolum = {
+ aliases = [ "blob64.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAsl8LfS/l8zhkF9wqUTXndGZovIdIeZXeH/AZ3VopHn2yMn7HN3sy
+ sM+p0ypXgV02h8faWgQsKzbhZI1XNl8vK5jo0snb9wO0qTiIViSeVfcGJN3rMvsW
+ FmgcoVX7Juf3RD+oHbBc9CM7+vRbk6aIKyr3zRbGF1Ge9x/N2HSqjhYYKZ74JzJf
+ kTbN/t05gvzYcQCa6ueR1K+jysALC2SCbRNXMLDQtgMc9Jv+oPJfxxCxZUJR2/M6
+ E/+sfbJ+oOl/EviXzM/HH14sOeO1v1xbw0ih75BWAOC1zvrIPg/Cr3y+RmDsK53K
+ eWa+2bvT7quaBLsVh9N51RSORUlXKdd2lwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "m6YO0REcHjSORwOJCUBLciavYTNewcbxdt2TJnGz9xE";
+ };
+ };
+ };
+
hal9000 = {
owner = config.krebs.users.mic92;
nets = rec {
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 965505a75..016d5ca9f 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -164,15 +164,26 @@ in {
extraZones = {
"krebsco.de" = ''
ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
+ ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr}
cgit 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
+ cgit 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr}
cgit.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
+ cgit.ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr}
krebsco.de. 60 IN MX 5 ni
krebsco.de. 60 IN TXT v=spf1 mx -all
+ tv 300 IN NS ni
'';
};
nets = {
internet = {
- ip4.addr = "188.68.36.196";
+ ip4 = rec {
+ addr = "188.68.36.196";
+ prefix = "${addr}/32";
+ };
+ ip6 = rec {
+ addr = "2a03:4000:13:4c::1";
+ prefix = "${addr}/64";
+ };
aliases = [
"ni.i"
"cgit.ni.i"
diff --git a/krebs/3modules/zones.nix b/krebs/3modules/zones.nix
index eb1351866..51ced6f95 100644
--- a/krebs/3modules/zones.nix
+++ b/krebs/3modules/zones.nix
@@ -1,22 +1,103 @@
with import <stockholm/lib>;
-{ config, ... }: {
+{ config, pkgs, ... }: {
config = {
- # Implements environment.etc."zones/<zone-name>"
- environment.etc = let
- stripEmptyLines = s: (concatStringsSep "\n"
- (remove "\n" (remove "" (splitString "\n" s)))) + "\n";
- all-zones = foldAttrs (sum: current: sum + "\n" +current ) ""
- ([config.krebs.zone-head-config] ++ combined-hosts);
- combined-hosts =
- mapAttrsToList (name: getAttr "extraZones") config.krebs.hosts;
- in
+ environment.etc =
mapAttrs'
- (name: value: {
+ (name: pkg: {
name = "zones/${name}";
- value.text = stripEmptyLines value;
+ value.source = pkg;
})
- all-zones;
+ pkgs.krebs.zones;
+
+ nixpkgs.overlays = [
+ # Explicit zones generated from config.krebs.hosts.*.extraZones
+ (self: super: let
+ stripEmptyLines = s: (concatStringsSep "\n"
+ (remove "\n" (remove "" (splitString "\n" s)))) + "\n";
+ all-zones = foldAttrs (sum: current: sum + "\n" + current) ""
+ ([config.krebs.zone-head-config] ++ combined-hosts);
+ combined-hosts =
+ mapAttrsToList (name: getAttr "extraZones") config.krebs.hosts;
+ in {
+ krebs = super.krebs or {} // {
+ zones = super.krebs.zones or {} //
+ mapAttrs'
+ (name: value: {
+ name = name;
+ value = self.writeText "${name}.zone" (stripEmptyLines value);
+ })
+ all-zones;
+ };
+ })
+
+ # Implicit zones generated from config.krebs.hosts.*.nets.*.ip{4,6}.addr
+ (self: super: let
+ # record : { name : str, type : enum [ "A" "AAAA" ], data : str }
+
+ # toRecord : record.name -> record.type -> record.data -> record
+ toRecord = name: type: data:
+ { inherit name type data; };
+
+ # toRecords : str -> host -> [record]
+ toRecords = netname: host:
+ let
+ net = host.nets.${netname};
+ in
+ optionals
+ (hasAttr netname host.nets)
+ (filter
+ (x: x.data != null)
+ (concatLists [
+ (map
+ (name: toRecord name "A" (net.ip4.addr or null))
+ (concatMap
+ (name: [ "${name}." "4.${name}." ])
+ (net.aliases or [])))
+ (map
+ (name: toRecord name "AAAA" (net.ip6.addr or null))
+ (concatMap
+ (name: [ "${name}." "6.${name}." ])
+ (net.aliases or [])))
+ ]));
+
+ # formatRecord : record -> str
+ formatRecord = { name, type, data }: "${name} IN ${type} ${data}";
+
+ # writeZone : attrs -> package
+ writeZone =
+ { name ? "${domain}.zone"
+ , domain ? substring 0 1 netname
+ , nameservers ? [ "ni" ]
+ , netname
+ , hosts ? config.krebs.hosts
+ }:
+ self.writeText name /* bindzone */ ''
+ $TTL 60
+ @ IN SOA ns admin 1 3600 600 86400 60
+ @ IN NS ns
+ ${concatMapStringsSep "\n"
+ (name: /* bindzone */ "ns IN CNAME ${name}")
+ nameservers
+ }
+ ${concatMapStringsSep
+ "\n"
+ formatRecord
+ (concatMap
+ (toRecords netname)
+ (attrValues hosts))
+ }
+ '';
+ in {
+ krebs = super.krebs or {} // {
+ zones = super.krebs.zones or {} // {
+ i = writeZone { netname = "internet"; };
+ r = writeZone { netname = "retiolum"; };
+ w = writeZone { netname = "wiregrill"; };
+ };
+ };
+ })
+ ];
};
}
diff --git a/krebs/5pkgs/haskell/default.nix b/krebs/5pkgs/haskell/default.nix
index 98cbcb3b9..7e9ee7521 100644
--- a/krebs/5pkgs/haskell/default.nix
+++ b/krebs/5pkgs/haskell/default.nix
@@ -8,11 +8,13 @@ in
haskell = super.haskell // {
packages = mapAttrs (name: value:
if hasAttr "override" value
- then value.override { inherit overrides; }
+ then value.override (old: {
+ overrides = composeExtensions (old.overrides or (_: _: {})) overrides;
+ })
else value
) super.haskell.packages;
};
- haskellPackages = super.haskellPackages.override {
- inherit overrides;
- };
+ haskellPackages = super.haskellPackages.override (old: {
+ overrides = composeExtensions (old.overrides or (_: _: {})) overrides;
+ });
}
diff --git a/krebs/5pkgs/haskell/mailaids.nix b/krebs/5pkgs/haskell/mailaids.nix
index f152a76f4..91b4cc451 100644
--- a/krebs/5pkgs/haskell/mailaids.nix
+++ b/krebs/5pkgs/haskell/mailaids.nix
@@ -1,14 +1,14 @@
{ mkDerivation, aeson, aeson-pretty, base, bytestring
-, case-insensitive, fetchgit, lens, optparse-applicative
-, purebred-email, lib, text, vector, word8
+, case-insensitive, fetchgit, lens, lib, optparse-applicative
+, purebred-email, text, vector, word8
}:
mkDerivation {
pname = "mailaids";
- version = "1.0.0";
+ version = "1.1.0";
src = fetchgit {
url = "https://cgit.krebsco.de/mailaids";
- sha256 = "15h0k82czm89gkwhp1rwdy77jz8dmb626qdz7c2narvz9j7169v5";
- rev = "8f11927ea74d6adb332c884502ebd9c486837523";
+ sha256 = "0mkq3b0j28h7ydg6aaqlqnvajb8nhdc9g7rmil2d4vl5fxxaqspv";
+ rev = "a25fc32eceefc10a91ef77ff2763b3f1b9324aaf";
fetchSubmodules = true;
};
isLibrary = false;
diff --git a/krebs/5pkgs/haskell/nix-serve-ng.nix b/krebs/5pkgs/haskell/nix-serve-ng.nix
new file mode 100644
index 000000000..8866b205b
--- /dev/null
+++ b/krebs/5pkgs/haskell/nix-serve-ng.nix
@@ -0,0 +1,30 @@
+{ mkDerivation, async, base, base16, base32, bytestring, charset
+, fetchgit, http-client, http-types, lib, managed, megaparsec, mtl
+, network, nix, optparse-applicative, tasty-bench, temporary, text
+, turtle, vector, wai, wai-extra, warp, warp-tls
+, boost
+}:
+mkDerivation {
+ pname = "nix-serve-ng";
+ version = "1.0.0";
+ src = fetchgit {
+ url = "https://github.com/aristanetworks/nix-serve-ng";
+ sha256 = "0mqp67z5mi8rsjahdh395n7ppf0b65k8rd3pvnl281g02rbr69y2";
+ rev = "433f70f4daae156b84853f5aaa11987aa5ce7277";
+ fetchSubmodules = true;
+ };
+ isLibrary = false;
+ isExecutable = true;
+ executableHaskellDepends = [
+ base base16 base32 bytestring charset http-types managed megaparsec
+ mtl network optparse-applicative vector wai wai-extra warp warp-tls
+ ];
+ executablePkgconfigDepends = [ nix ];
+ executableSystemDepends = [ boost.dev ];
+ benchmarkHaskellDepends = [
+ async base bytestring http-client tasty-bench temporary text turtle
+ vector
+ ];
+ description = "A drop-in replacement for nix-serve that's faster and more stable";
+ license = lib.licenses.bsd3;
+}
diff --git a/krebs/5pkgs/haskell/purebred-email/default.nix b/krebs/5pkgs/haskell/purebred-email/default.nix
index ebf315388..62fc82183 100644
--- a/krebs/5pkgs/haskell/purebred-email/default.nix
+++ b/krebs/5pkgs/haskell/purebred-email/default.nix
@@ -1,31 +1,27 @@
{ mkDerivation, attoparsec, base, base64-bytestring, bytestring
, case-insensitive, concise, deepseq, fetchgit, hedgehog, lens, lib
-, QuickCheck, quickcheck-instances, semigroupoids, semigroups
+, QuickCheck, quickcheck-instances, random, semigroupoids
, stringsearch, tasty, tasty-golden, tasty-hedgehog, tasty-hunit
, tasty-quickcheck, text, time
}:
mkDerivation {
pname = "purebred-email";
- version = "0.4.3";
+ version = "0.5.1";
src = fetchgit {
url = "https://github.com/purebred-mua/purebred-email";
- sha256 = "06xhccavrdzfsvg65mzdnp0a7b1ilk2rqpnyvkr171ir6mqdpb19";
- rev = "769b360643f699c0a8cd6f1c3a3de36cf0479834";
+ sha256 = "0iilyy5dkbzbiazyyfjdz585c3x8b7c2piynmycm7krkc48993vw";
+ rev = "7ba346e10ad1521a923bc04a4ffeca479d8dd071";
fetchSubmodules = true;
};
- patches = [
- ./untweak-mime-version-header.patch
- ];
isLibrary = true;
isExecutable = true;
libraryHaskellDepends = [
attoparsec base base64-bytestring bytestring case-insensitive
- concise deepseq lens semigroupoids semigroups stringsearch text
- time
+ concise deepseq lens random semigroupoids stringsearch text time
];
testHaskellDepends = [
attoparsec base bytestring case-insensitive hedgehog lens
- QuickCheck quickcheck-instances semigroups tasty tasty-golden
+ QuickCheck quickcheck-instances random tasty tasty-golden
tasty-hedgehog tasty-hunit tasty-quickcheck text time
];
homepage = "https://github.com/purebred-mua/purebred-email";
diff --git a/krebs/5pkgs/simple/certaids.nix b/krebs/5pkgs/simple/certaids.nix
new file mode 100644
index 000000000..34f4c3e14
--- /dev/null
+++ b/krebs/5pkgs/simple/certaids.nix
@@ -0,0 +1,109 @@
+{ pkgs }:
+
+pkgs.write "certaids" {
+ "/bin/cert2json".link = pkgs.writeDash "cert2json" ''
+ # usage: cert2json < CERT > JSON
+ set -efu
+
+ ${pkgs.openssl}/bin/openssl crl2pkcs7 -nocrl -certfile /dev/stdin |
+ ${pkgs.openssl}/bin/openssl pkcs7 -print_certs -text |
+ ${pkgs.gawk}/bin/awk -F, -f ${pkgs.writeText "cert2json.awk" ''
+ function abort(msg) {
+ print(msg) > "/dev/stderr"
+ exit 1
+ }
+
+ function toJSON(x, type, ret) {
+ type = typeof(x)
+ switch (type) {
+ case "array":
+ if (isArray(x)) return arrayToJSON(x)
+ if (isObject(x)) return objectToJSON(x)
+ abort("cannot render array to JSON", x)
+ case "number":
+ return numberToJSON(x)
+ case "string":
+ return stringToJSON(x)
+ case "strnum":
+ case "unassigned":
+ case "regexp":
+ case "untyped":
+ default:
+ abort("cannot render type: " type)
+ }
+ }
+
+ function isArray(x, i, k) {
+ i = 1
+ for (k in x) {
+ if (k != i++) return 0
+ i++
+ }
+ return 1
+ }
+
+ function isObject(x, k) {
+ for (k in x) {
+ if (typeof(k) != "string") return 0
+ }
+ return 1
+ }
+
+ function arrayToJSON(x, k, ret) {
+ ret = "["
+ for (k in x) {
+ ret=ret toJSON(x[k]) ","
+ }
+ sub(/,$/,"",ret)
+ ret=ret "]"
+ return ret
+ }
+
+ function objectToJSON(x, k,ret) {
+ ret = "{"
+ for (k in x) {
+ ret = ret toJSON(k) ":" toJSON(x[k]) ","
+ }
+ sub(/,$/, "", ret)
+ ret = ret "}"
+ return ret
+ }
+
+ function numberToJSON(x) {
+ return x
+ }
+
+ function stringToJSON(x) {
+ gsub(/\\/, "&&",x)
+ gsub(/\n/, "\\n", x)
+ return "\"" x "\""
+ }
+
+ $1 ~ /^ *(Subject|Issuer):/ {
+ sub(/^ */, "")
+ sub(/: */, ",")
+ key=tolower($1)
+ sub(/[^,]*,/, "")
+
+ # Normalize separators between relative distinguished names.
+ # [1]: RFC2253, 3. Parsing a String back to a Distinguished Name
+ # TODO support any distinguished name
+ gsub(/ *[;,] */, ",")
+
+ for(i = 0; i <= NF; i++) {
+ split($i, a, "=")
+ cache[key][a[1]] = a[2]
+ }
+ }
+
+ /BEGIN CERTIFICATE/,/END CERTIFICATE/{
+ cache["certificate"] = cache["certificate"] $0 "\n"
+ }
+
+ /END CERTIFICATE/{
+ print toJSON(cache)
+ delete cache
+ }
+ ''}
+ '';
+}
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index e881d4bdc..fd33ef219 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "f034b5693a26625f56068af983ed7727a60b5f8b",
- "date": "2022-08-24T10:06:14+02:00",
- "path": "/nix/store/8rr2y7lwwm09a5cvr26a2yc019b13zxb-nixpkgs",
- "sha256": "05x3bjz1af4liwsgha3r85kqa60j22vldp8g0p7nr51zz6jjwqqq",
+ "rev": "c97e777ff06fcb8d37dcdf5e21e9eff1f34f0e90",
+ "date": "2022-09-11T12:47:08-03:00",
+ "path": "/nix/store/ixhh3xyag61ps64dgbclgkz80hgv36qv-nixpkgs",
+ "sha256": "1h4g8hf7zi6an5j2lnwf7kbmmbrwp6hhqdf87gd14y24d43sp4x0",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 799399ea7..c0dee0c6e 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "e732e1fdbf79bec59f7ade4a3675b091b4a9f6d6",
- "date": "2022-07-19T15:32:15+02:00",
- "path": "/nix/store/4dcxnk4xplx79xrwxg2m6pqh8b5k6ya0-nixpkgs",
- "sha256": "1j73j17g852zfc75b7ll4avp30pnyvm37pgm66cz844phkv5ywfg",
+ "rev": "bf014cad818ecd1b28e68c1e7138fb988f504fdc",
+ "date": "2022-09-12T09:29:23+02:00",
+ "path": "/nix/store/cpp120bajfgdb8sb1nmm316pav16cjk4-nixpkgs",
+ "sha256": "0xdf1xclck8j8zxlnhkjgci4a4405rh9n6wx9c3vmk0dvb31lvi9",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,