diff options
author | makefu <github@syntax-fehler.de> | 2022-09-23 22:25:15 +0200 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2022-09-23 22:25:15 +0200 |
commit | 57eceb7c056f90da0bc107e73795967e76ad92bf (patch) | |
tree | 7087e89c115ff4a97f74ca629d5e59e740b04b25 /krebs | |
parent | 092e42f7370b604ba05eda9b3ab1e07c91541d9a (diff) | |
parent | 55957c6d6adb51d2079c117c1e7309c60ee0fe0f (diff) |
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'krebs')
-rw-r--r-- | krebs/2configs/reaktor2.nix | 6 | ||||
-rw-r--r-- | krebs/3modules/default.nix | 81 | ||||
-rw-r--r-- | krebs/3modules/external/default.nix | 50 | ||||
-rw-r--r-- | krebs/3modules/external/mic92.nix | 163 | ||||
-rw-r--r-- | krebs/3modules/tv/default.nix | 13 | ||||
-rw-r--r-- | krebs/3modules/zones.nix | 107 | ||||
-rw-r--r-- | krebs/5pkgs/haskell/default.nix | 10 | ||||
-rw-r--r-- | krebs/5pkgs/haskell/mailaids.nix | 10 | ||||
-rw-r--r-- | krebs/5pkgs/haskell/nix-serve-ng.nix | 30 | ||||
-rw-r--r-- | krebs/5pkgs/haskell/purebred-email/default.nix | 16 | ||||
-rw-r--r-- | krebs/5pkgs/simple/certaids.nix | 109 | ||||
-rw-r--r-- | krebs/nixpkgs-unstable.json | 8 | ||||
-rw-r--r-- | krebs/nixpkgs.json | 8 |
13 files changed, 393 insertions, 218 deletions
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index 2ed0b08fb..233fe2fd7 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -61,7 +61,7 @@ let ]; hooks.PRIVMSG = [ { - pattern = "^bier bal(an(ce)?)?$"; + pattern = "^bier (ballern|bal(an(ce)?)?)$"; activate = "match"; command = { env = { @@ -90,6 +90,10 @@ let amt=$2 unit=$3 printf '%s\n %s %d %s\n %s %d %s\n' "$(date -Id)" "$tonick" "$amt" "$unit" "$_from" "$(expr 0 - "''${amt#+}")" "$unit" >> $state_file + ${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \ + | ${pkgs.coreutils}/bin/tail +2 \ + | ${pkgs.miller}/bin/mlr --icsv --opprint cat \ + | ${pkgs.gnugrep}/bin/grep "$_from" ''; }; } diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 8ea727dc7..7f0070483 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -138,41 +138,54 @@ let let inherit (config.krebs.build.host.ssh) privkey; in mkIf (privkey != null) [privkey]; - # TODO use imports for merging services.openssh.knownHosts = - (let inherit (config.krebs.build.host.ssh) pubkey; in - optionalAttrs (pubkey != null) { - localhost = { - hostNames = ["localhost" "127.0.0.1" "::1"]; - publicKey = pubkey; - }; - }) - // - mapAttrs - (name: host: { - hostNames = - concatLists - (mapAttrsToList - (net-name: net: - let - longs = net.aliases; - shorts = - optionals - (cfg.dns.search-domain != null) - (map (removeSuffix ".${cfg.dns.search-domain}") - (filter (hasSuffix ".${cfg.dns.search-domain}") - longs)); - add-port = a: - if net.ssh.port != 22 - then "[${a}]:${toString net.ssh.port}" - else a; - in - map add-port (shorts ++ longs ++ net.addrs)) - host.nets); - - publicKey = host.ssh.pubkey; - }) - (filterAttrs (_: host: host.ssh.pubkey != null) cfg.hosts); + filterAttrs + (knownHostName: knownHost: + knownHost.publicKey != null && + knownHost.hostNames != [] + ) + (mapAttrs + (hostName: host: { + hostNames = + concatLists + (mapAttrsToList + (netName: net: + let + aliases = + concatLists [ + shortAliases + net.aliases + net.addrs + ]; + shortAliases = + optionals + (cfg.dns.search-domain != null) + (map (removeSuffix ".${cfg.dns.search-domain}") + (filter (hasSuffix ".${cfg.dns.search-domain}") + net.aliases)); + addPort = alias: + if net.ssh.port != 22 + then "[${alias}]:${toString net.ssh.port}" + else alias; + in + map addPort aliases + ) + host.nets); + publicKey = host.ssh.pubkey; + }) + (foldl' mergeAttrs {} [ + cfg.hosts + { + localhost = { + nets.local = { + addrs = [ "127.0.0.1" "::1" ]; + aliases = [ "localhost" ]; + ssh.port = 22; + }; + ssh.pubkey = config.krebs.build.host.ssh.pubkey; + }; + } + ])); programs.ssh.extraConfig = concatMapStrings (net: '' diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index bf0b82de0..8ddd565d6 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -588,6 +588,31 @@ in { }; }; }; + aland = { + owner = config.krebs.users.xkey; + nets = { + retiolum = { + ip4.addr = "10.243.12.34"; + aliases = [ "aland.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAwR1e8/4Lx7gqSyFhA5WpfT4LsnXqYARR6y+gYAOSre6wMvBm/OBY + CKEYCCfqQD3naukID9FqleXaZdIxp6xxBIYZ1yi1Xn032MPP0S37oZAxJlXvlEaU + plG9ct6Zh6qTzpghP2UyYD4RxhLwvsRTycwLF93D+a1z1/CNNDLSoTS11BLtvhDb + DmxTVY/1hWJUiVR4KyRsYnJ3N1Heg/4R/Su4oFm+DatfFYdzhaNsk9q3YYIRdRcx + aHLF65ygVTjG/rUJp/OvkeU1G5rc0ldpd7zR8N8kkjgI1lmZe50mUGghKr1zexV+ + OkIjXGrwTk4RZk3kZO6PZu56rrsR8HZirfrtJWRy7UgAm3S/lZku7X4SN3+7pfL1 + ero6/XB4CHeQ9OpQemcR5o6AR0ncE0TApqeoLd1U710XmwM09ifawAO3jm9ER19X + TKFHeBzqsToPmternXnAKgg2NYyKStkavQu6JTl/uOXdfqfMc9TU6mzV8aBo7ZDa + aLdlg0phcFCcZT8zJGzA3des70AHWmQ7G49pBysnXk8p+1l3SPazGAlIWBCT6oZX + zUUauGEgsuTkDC+JijUm/1HrrMfiigHeBTZKPLqe/75MkumukXqTzd3zfUEcA5Vf + VgEnL2jNVFfocJtmhLQdkmnSiIQslRSOHMC94ZWa0ku0kHZ3XawwwY0CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "gOEzoUsuJyaGIjoZIyS9uZa+zLYfN6BEZrbCTeAWW7A"; + }; + }; + }; papawhakaaro = { owner = config.krebs.users.feliks; nets = { @@ -613,6 +638,31 @@ in { }; }; }; + iti = { + owner = config.krebs.users.feliks; + nets = { + retiolum = { + ip4.addr = "10.243.10.244"; + aliases = [ "iti.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA5TXEmw3F3lCekITBPW8QYF1ciKHN8RSi47k1vW+jXb6gdWcVo5KL + Ithq3T2+jWJJQoOJEDl5Tvo9ilF0oE0AqSNnvfgS/t8xfFVEsNvHodbonXXku5cF + N7oFooAgQRXAUJpEQLtcfx9kJutSYgGeEvoRGZkWaqY6tzPL45U2WEna+MJ/P1Cd + 57JMOLeJJEjZKtC/XqPOQ81KNcm161RKekHas5ZNK30QEVP9QsjTDoLesYwm1ywt + 4LiHRHSSHd65pKXJvi1haEYw25BxIun7kY4IQHrfEuK3DNs0kyYJj2rKL4C9kHgT + hYd+fFl1i/X1BjPzo+ZY91ahLVX3UPpOsB8vC9Q7Ctm1Nkc/bCfKRUNbamkS0Bwf + tngak3heGvuek6Y7qWQUkvMkPLhZwZUXUz+DBXGWXabP5LL8Z/y3V+Qqj0snEsZ3 + 9iOF+eeDw2/9hBzRzBPGtwL1DREgd+1J/XlHLcjF4jzkMhweIXw2Yh0Jq7D5Nqf3 + kPF9n/50zbQneSGEiKFeHm1ykag/KV0ebWHUOy1Gydbs7+RxT9GUiZofI6kyjJUI + g1w1ajkZYIIqhIvhMHudLay5h4kLkdGN9yuRNO/BG5sGk5MywZHyMploIX0ZRVui + +H3Sx2y268r/Fs6JcaddmzFwFqNmdRTRv/KBp91QGnjcaJDzQPKg/IsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "uG9D7hrWNx+9otDFlZ8Yi31L6xxC7dzGlqXBLkzJCwE"; + }; + }; + }; hydrogen = { owner = config.krebs.users.sandro; nets = rec { diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 3bd2c1b7b..e89b8c7fb 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -10,66 +10,6 @@ with import <stockholm/lib>; }); in { hosts = mapAttrs hostDefaults { - amy = { - owner = config.krebs.users.mic92; - nets = rec { - internet = { - ip4.addr = "129.215.165.57"; - ip6.addr = "2001:630:3c1:164:b62e:99ff:fe3e:d369"; - aliases = [ "amy.i" ]; - }; - retiolum = { - ip4.addr = "10.243.29.181"; - aliases = [ "amy.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAr3jQRA1+hLKYVgHJA2ax5W8J3GVMTnaGpYw9Q2xXXrX/jxLZ6Ia8 - hBjIcCBDVL5Q3FnyrKB9NJeeIvCOKg8WG+8O0+wKcePKd0Vhbsx4Whog/6PWs6qh - q2sURs2tp1hjHks4kZo2WtiYD7Ue9HHdV6FlUO6yuBV0bW2RzHdLPCDSGxnQVkBM - tSwAvMCZwvVBiv4m6RyMXqmpdbAPBzgJcmJS0FY+zGxpiwsR/AdoVvnzYyFMCVpG - iFl5+k9OGhUJq72MwAXzjW5ZdCPrG+2Dd+QBhhtIMJGA2sJiJteT8vdvpTNCiHJ/ - HnW7movliN2mW86qwo7QqB5v0c9f9TjfpOld7sS/4vE3zlGi/Stf6SQWaoXez/u3 - /P9GzupcYgj76m8Z3j7BMHXCBw8iwP2pZpL9hnLdIyCcyLrzXDIzq4hlt60DPhSU - klTDBUA/cUdSJGcSn2N+WHLOTfI6qeBNKqcTk70OQsa69jAJeAtA+I9OprNYOXqb - MmQakNNlrTaNtGQxfQqEL+wqHlo8CVDGm3O9pQSNF309P4TLNU1EYm+ItScNiVCE - DKhcgvE6xHCwZnVyJN8MMy1CVyDmnHVYoaTEZ2cCvNi/hXIXgO9KWjSpAv5tP764 - UkOE4dlDpEW6G1pNf84BERfRYGDj29A/Jk9LJC/6D09QJXNu18HR0sUCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "6VktF9Fg9E0hCW5g+rwGnrPACPSx/8vkl+hPNaFYeND"; - }; - }; - }; - clara = { - owner = config.krebs.users.mic92; - nets = rec { - internet = { - ip4.addr = "129.215.165.58"; - ip6.addr = "2001:630:3c1:164:b62e:99ff:fe3d:70f2"; - aliases = [ "clara.i" ]; - }; - retiolum = { - ip4.addr = "10.243.29.182"; - aliases = [ "clara.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEA07G1n2sA804nnjWQzq0Fi9i6kxJUo+jVJjtkm5unw3hjflAAd/3d - WN+01GdJCk/gr7DfU/Xr5KnR39Z3ADoT1tbUb+i5AJZ5/8VHUwWM8D8mQAam6LBf - UEeLxhVH8rG6lHaKwVi9oe4gPhgptUOzX/YIlJOMYDlYRxc7Wbj7YQOAKlPuTAjY - Z5bLswfkqTMO0cioJNwwMCNWSMJf3jbKi3eTQ36sf7TDMEneNGSBUpeSjGddoNT/ - rrVIDDT8tGmtACKr+3Y0H+EA2K5IxdQKKfnPRR31RBWiTkEXBbaJzYO/ZV5/xlbN - wmblskwq9d9IwDY7qeMctci+ZUZ3epG8MUwYa4faOrgmmkQpa5B+6UOMzw/WDJEc - jTfvSzfPo4anoj8C+MOQYzRvYmp60YEZKomv2BQdBvpGIpUul8WAR2aV0K+wz66e - mUamljAXmLiPxgGKduX5VFVuXzYxeMiBBujQCLTjc+xTB2EdwihxNX1rkxz10BDc - WrgPV+/VVyThKhOvVCifWARHtT2VGcZazfQOW/y3ZmEPOYuc5ZvrSEiMeG3f64+v - UU8cQZ3yBLIhTtC+38pRlsdBQHt526q0j0rrnd30JXVAUdWBunP2UJ5QGtA8/mWn - cWSlvRf5sfbyrISz6+mLPM2qGHnCkKwORNxmv/1DY07O3Rn6hX0OY4ECAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "qnJmS6W7QSKG3mjW1kPnHGeVmKzhGkyP9xBLGwH5XvD"; - }; - }; - }; dimitrios = { owner = config.krebs.users.mic92; nets = { @@ -111,37 +51,6 @@ in { }; }; }; - donna = { - owner = config.krebs.users.mic92; - nets = rec { - internet = { - ip4.addr = "129.215.165.54"; - ip6.addr = "2001:630:3c1:164:30a2:6e7b:c58b:cafd"; - aliases = [ "donna.i" ]; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.29.180"; - aliases = [ "donna.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAnv5zVPwjHk5Q72D3tv2rlQkp7SOsZD7Wvz8l1yI/mWkxoriJ9MVa - x8RziSB3KF8sF1lRWIKmuynkgLI3w0X/YFs/fAvtayxk6Qf8DOl23Vd8Is0h/i3I - 0fCmCEIHhHboKsREW6NxY7w5WAI2+SFNmGef1P7vzrAv7iLyPbo9nQ8wlrAmc+PJ - Ao3BOf4U7kP778fhsPA4dlGtF2v9CBhygeGVI/DQR8jcvzeiPd2Dr0k/JvrVMYtf - wJW4xUwZkIpws/yfI8b4VJOFl2X/Yw9712Z8Jvga0rR32OG4YbnggvuCMum1g94k - YwMjaSckv1XTalvPQuf1Od96XzwL2hjPFpEK3Tdl4AitMnArgj9HNzhcRL+eGonf - U24zk52OToHnoP3palNpodi7DziIBeXIaIMl7VMXku2ymbOUJsI6zeew+uZahJkv - QIWjxveQ8N40BoTc8Yg6pea1AId3l4f3brtwJbQOVbb3bVQ5VcrxM9Q/TBvyADYR - Knwszxw3uBw5Za1FMbwCPwd8/y/Ar19qGCx25xK0QnsyqZZT/cHsbBOTzh6BBWwI - IzbYu49VO/B1rktYzZ2l2ENQy6OILXWbvFjC8Pt8f1ZZQ4A21PyNA1AdyJ/rbVj7 - awm3OnnvKSvMCXWnwHPFHjksb3qMx96Aep1cw3ZBx0sQQ41UWBoOsi8CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "ikUmx5IC1dvfaHFhpZM9xotwF2LH6EkvpcPTRm6TjeD"; - }; - }; - }; herbert = { owner = config.krebs.users.mic92; nets = rec { @@ -497,37 +406,6 @@ in { }; }; }; - rose = { - owner = config.krebs.users.mic92; - nets = rec { - internet = { - ip4.addr = "129.215.165.52"; - ip6.addr = "2001:630:3c1:164:6d4:c4ff:fe04:4e4b"; - aliases = [ "rose.i" ]; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.29.178"; - aliases = [ "rose.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEA0h88uEcgVFhggGh3xqHySt8T+oDdoSN8ve4ZPmMzrGCD4dnlWcUO - 6uMiwE7XG667wvjB0J2RbCJ8n8/r6eQgp6sRfPzSQL/Mc74J+py+sOVOjjjL5wJX - btrYmASO3GKUSMhGmM0IiwHMIPrmUViaREDrweF3bUwK45d/ocqpBkc+nF27kksd - DMYjHMWRIkKuQaj592zo/kY1pAJ/yAvDPess0x1CLL6uDNbjTr2S/L7JHdzZs9Xq - 1+SGdVtqD0sWgSBKA0PC/Mi+Divd4PC1SoSL7wZRWD0Y2DNgj3+xUc7hAWRCw2Gs - 5wofK+qiwnyYAmeNYcyQfDLosKZF9hOM8U3UbxptkPLsOK3cfZoGoLQCuOryVDBe - 6GfJkJ49WfuSSNWs3WPWL6/6zmVPeGR0TvoMt02VQ3cKTmeIkWyTIzSVoC7wYv5D - Dl8Xt3aFr9UFI2GxenesViyuDLi8cy2fOsM3r+gowXQtgEKoXc9W2vyPwIIlcWUJ - QrKVsyNlkKKL0YjsnGazaEvqdiE30/Iq7f7VBnXnWXRLnZhr85HbTdDQnpT4GcEv - W3jpl1y5zShr5Hz90QoYcUTsxg9uk/+yqKpwUySZ6Gh4q0bo5k7nkM9i8mCMfNGZ - 0UU94QmwS9RoV4Mt4pSLYRcCs0mVeEjLuIfTFHkXc6LCjBWMn8ICfeMCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "0O1LrgXAFOuei1NfU0vow+qUfim3htBOyCJvPrQFwHE"; - }; - }; - }; turingmachine = { owner = config.krebs.users.mic92; nets = rec { @@ -661,26 +539,6 @@ in { }; }; }; - doctor = { - owner = config.krebs.users.mic92; - nets = rec { - retiolum = { - ip4.addr = "10.243.29.186"; - aliases = [ "doctor.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAx0zdjPX9C0fBQR+8kdlsBTuMr4KxWhqw4ARqW02oSGKJxY+D57oO - ORVfjBhrvIiZJfXaY0M+/n+M4Bvt4r5ol3N1NxkT7vc0bAbz9Kk/0M8dlspNoSO9 - WW+mITVfxg/DgzDegjj4TOrsWC1jBjo4PVrvA+PnxZC4VucnqZZ55JHWAk/mPtzs - PUc3mkn3e9pwwrJMQRy7qg9fbatljHCb/fJoDk6DiQP4ZRE/pCf4OYCx7huHibsd - EMp7y5QJySmKwJ/XsS6yiHeYXLFwWvfReja/IRFL4RiDSW+6ES4PTEXxoLVDpqgv - KF44qim4UBabCMTPVtZcU3Rr+ufBALKJCwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "PmZ8i6lB0Ij/d8qjA0y3QI2rMAlrTZn1ES/hUSNNWMP"; - }; - }; - }; bernie = { owner = config.krebs.users.mic92; nets = rec { @@ -1048,6 +906,27 @@ in { }; }; }; + + blob64 = { + owner = config.krebs.users.mic92; + nets = rec { + retiolum = { + aliases = [ "blob64.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAsl8LfS/l8zhkF9wqUTXndGZovIdIeZXeH/AZ3VopHn2yMn7HN3sy + sM+p0ypXgV02h8faWgQsKzbhZI1XNl8vK5jo0snb9wO0qTiIViSeVfcGJN3rMvsW + FmgcoVX7Juf3RD+oHbBc9CM7+vRbk6aIKyr3zRbGF1Ge9x/N2HSqjhYYKZ74JzJf + kTbN/t05gvzYcQCa6ueR1K+jysALC2SCbRNXMLDQtgMc9Jv+oPJfxxCxZUJR2/M6 + E/+sfbJ+oOl/EviXzM/HH14sOeO1v1xbw0ih75BWAOC1zvrIPg/Cr3y+RmDsK53K + eWa+2bvT7quaBLsVh9N51RSORUlXKdd2lwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "m6YO0REcHjSORwOJCUBLciavYTNewcbxdt2TJnGz9xE"; + }; + }; + }; + hal9000 = { owner = config.krebs.users.mic92; nets = rec { diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 965505a75..016d5ca9f 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -164,15 +164,26 @@ in { extraZones = { "krebsco.de" = '' ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} + ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr} cgit 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} + cgit 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr} cgit.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} + cgit.ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr} krebsco.de. 60 IN MX 5 ni krebsco.de. 60 IN TXT v=spf1 mx -all + tv 300 IN NS ni ''; }; nets = { internet = { - ip4.addr = "188.68.36.196"; + ip4 = rec { + addr = "188.68.36.196"; + prefix = "${addr}/32"; + }; + ip6 = rec { + addr = "2a03:4000:13:4c::1"; + prefix = "${addr}/64"; + }; aliases = [ "ni.i" "cgit.ni.i" diff --git a/krebs/3modules/zones.nix b/krebs/3modules/zones.nix index eb1351866..51ced6f95 100644 --- a/krebs/3modules/zones.nix +++ b/krebs/3modules/zones.nix @@ -1,22 +1,103 @@ with import <stockholm/lib>; -{ config, ... }: { +{ config, pkgs, ... }: { config = { - # Implements environment.etc."zones/<zone-name>" - environment.etc = let - stripEmptyLines = s: (concatStringsSep "\n" - (remove "\n" (remove "" (splitString "\n" s)))) + "\n"; - all-zones = foldAttrs (sum: current: sum + "\n" +current ) "" - ([config.krebs.zone-head-config] ++ combined-hosts); - combined-hosts = - mapAttrsToList (name: getAttr "extraZones") config.krebs.hosts; - in + environment.etc = mapAttrs' - (name: value: { + (name: pkg: { name = "zones/${name}"; - value.text = stripEmptyLines value; + value.source = pkg; }) - all-zones; + pkgs.krebs.zones; + + nixpkgs.overlays = [ + # Explicit zones generated from config.krebs.hosts.*.extraZones + (self: super: let + stripEmptyLines = s: (concatStringsSep "\n" + (remove "\n" (remove "" (splitString "\n" s)))) + "\n"; + all-zones = foldAttrs (sum: current: sum + "\n" + current) "" + ([config.krebs.zone-head-config] ++ combined-hosts); + combined-hosts = + mapAttrsToList (name: getAttr "extraZones") config.krebs.hosts; + in { + krebs = super.krebs or {} // { + zones = super.krebs.zones or {} // + mapAttrs' + (name: value: { + name = name; + value = self.writeText "${name}.zone" (stripEmptyLines value); + }) + all-zones; + }; + }) + + # Implicit zones generated from config.krebs.hosts.*.nets.*.ip{4,6}.addr + (self: super: let + # record : { name : str, type : enum [ "A" "AAAA" ], data : str } + + # toRecord : record.name -> record.type -> record.data -> record + toRecord = name: type: data: + { inherit name type data; }; + + # toRecords : str -> host -> [record] + toRecords = netname: host: + let + net = host.nets.${netname}; + in + optionals + (hasAttr netname host.nets) + (filter + (x: x.data != null) + (concatLists [ + (map + (name: toRecord name "A" (net.ip4.addr or null)) + (concatMap + (name: [ "${name}." "4.${name}." ]) + (net.aliases or []))) + (map + (name: toRecord name "AAAA" (net.ip6.addr or null)) + (concatMap + (name: [ "${name}." "6.${name}." ]) + (net.aliases or []))) + ])); + + # formatRecord : record -> str + formatRecord = { name, type, data }: "${name} IN ${type} ${data}"; + + # writeZone : attrs -> package + writeZone = + { name ? "${domain}.zone" + , domain ? substring 0 1 netname + , nameservers ? [ "ni" ] + , netname + , hosts ? config.krebs.hosts + }: + self.writeText name /* bindzone */ '' + $TTL 60 + @ IN SOA ns admin 1 3600 600 86400 60 + @ IN NS ns + ${concatMapStringsSep "\n" + (name: /* bindzone */ "ns IN CNAME ${name}") + nameservers + } + ${concatMapStringsSep + "\n" + formatRecord + (concatMap + (toRecords netname) + (attrValues hosts)) + } + ''; + in { + krebs = super.krebs or {} // { + zones = super.krebs.zones or {} // { + i = writeZone { netname = "internet"; }; + r = writeZone { netname = "retiolum"; }; + w = writeZone { netname = "wiregrill"; }; + }; + }; + }) + ]; }; } diff --git a/krebs/5pkgs/haskell/default.nix b/krebs/5pkgs/haskell/default.nix index 98cbcb3b9..7e9ee7521 100644 --- a/krebs/5pkgs/haskell/default.nix +++ b/krebs/5pkgs/haskell/default.nix @@ -8,11 +8,13 @@ in haskell = super.haskell // { packages = mapAttrs (name: value: if hasAttr "override" value - then value.override { inherit overrides; } + then value.override (old: { + overrides = composeExtensions (old.overrides or (_: _: {})) overrides; + }) else value ) super.haskell.packages; }; - haskellPackages = super.haskellPackages.override { - inherit overrides; - }; + haskellPackages = super.haskellPackages.override (old: { + overrides = composeExtensions (old.overrides or (_: _: {})) overrides; + }); } diff --git a/krebs/5pkgs/haskell/mailaids.nix b/krebs/5pkgs/haskell/mailaids.nix index f152a76f4..91b4cc451 100644 --- a/krebs/5pkgs/haskell/mailaids.nix +++ b/krebs/5pkgs/haskell/mailaids.nix @@ -1,14 +1,14 @@ { mkDerivation, aeson, aeson-pretty, base, bytestring -, case-insensitive, fetchgit, lens, optparse-applicative -, purebred-email, lib, text, vector, word8 +, case-insensitive, fetchgit, lens, lib, optparse-applicative +, purebred-email, text, vector, word8 }: mkDerivation { pname = "mailaids"; - version = "1.0.0"; + version = "1.1.0"; src = fetchgit { url = "https://cgit.krebsco.de/mailaids"; - sha256 = "15h0k82czm89gkwhp1rwdy77jz8dmb626qdz7c2narvz9j7169v5"; - rev = "8f11927ea74d6adb332c884502ebd9c486837523"; + sha256 = "0mkq3b0j28h7ydg6aaqlqnvajb8nhdc9g7rmil2d4vl5fxxaqspv"; + rev = "a25fc32eceefc10a91ef77ff2763b3f1b9324aaf"; fetchSubmodules = true; }; isLibrary = false; diff --git a/krebs/5pkgs/haskell/nix-serve-ng.nix b/krebs/5pkgs/haskell/nix-serve-ng.nix new file mode 100644 index 000000000..8866b205b --- /dev/null +++ b/krebs/5pkgs/haskell/nix-serve-ng.nix @@ -0,0 +1,30 @@ +{ mkDerivation, async, base, base16, base32, bytestring, charset +, fetchgit, http-client, http-types, lib, managed, megaparsec, mtl +, network, nix, optparse-applicative, tasty-bench, temporary, text +, turtle, vector, wai, wai-extra, warp, warp-tls +, boost +}: +mkDerivation { + pname = "nix-serve-ng"; + version = "1.0.0"; + src = fetchgit { + url = "https://github.com/aristanetworks/nix-serve-ng"; + sha256 = "0mqp67z5mi8rsjahdh395n7ppf0b65k8rd3pvnl281g02rbr69y2"; + rev = "433f70f4daae156b84853f5aaa11987aa5ce7277"; + fetchSubmodules = true; + }; + isLibrary = false; + isExecutable = true; + executableHaskellDepends = [ + base base16 base32 bytestring charset http-types managed megaparsec + mtl network optparse-applicative vector wai wai-extra warp warp-tls + ]; + executablePkgconfigDepends = [ nix ]; + executableSystemDepends = [ boost.dev ]; + benchmarkHaskellDepends = [ + async base bytestring http-client tasty-bench temporary text turtle + vector + ]; + description = "A drop-in replacement for nix-serve that's faster and more stable"; + license = lib.licenses.bsd3; +} diff --git a/krebs/5pkgs/haskell/purebred-email/default.nix b/krebs/5pkgs/haskell/purebred-email/default.nix index ebf315388..62fc82183 100644 --- a/krebs/5pkgs/haskell/purebred-email/default.nix +++ b/krebs/5pkgs/haskell/purebred-email/default.nix @@ -1,31 +1,27 @@ { mkDerivation, attoparsec, base, base64-bytestring, bytestring , case-insensitive, concise, deepseq, fetchgit, hedgehog, lens, lib -, QuickCheck, quickcheck-instances, semigroupoids, semigroups +, QuickCheck, quickcheck-instances, random, semigroupoids , stringsearch, tasty, tasty-golden, tasty-hedgehog, tasty-hunit , tasty-quickcheck, text, time }: mkDerivation { pname = "purebred-email"; - version = "0.4.3"; + version = "0.5.1"; src = fetchgit { url = "https://github.com/purebred-mua/purebred-email"; - sha256 = "06xhccavrdzfsvg65mzdnp0a7b1ilk2rqpnyvkr171ir6mqdpb19"; - rev = "769b360643f699c0a8cd6f1c3a3de36cf0479834"; + sha256 = "0iilyy5dkbzbiazyyfjdz585c3x8b7c2piynmycm7krkc48993vw"; + rev = "7ba346e10ad1521a923bc04a4ffeca479d8dd071"; fetchSubmodules = true; }; - patches = [ - ./untweak-mime-version-header.patch - ]; isLibrary = true; isExecutable = true; libraryHaskellDepends = [ attoparsec base base64-bytestring bytestring case-insensitive - concise deepseq lens semigroupoids semigroups stringsearch text - time + concise deepseq lens random semigroupoids stringsearch text time ]; testHaskellDepends = [ attoparsec base bytestring case-insensitive hedgehog lens - QuickCheck quickcheck-instances semigroups tasty tasty-golden + QuickCheck quickcheck-instances random tasty tasty-golden tasty-hedgehog tasty-hunit tasty-quickcheck text time ]; homepage = "https://github.com/purebred-mua/purebred-email"; diff --git a/krebs/5pkgs/simple/certaids.nix b/krebs/5pkgs/simple/certaids.nix new file mode 100644 index 000000000..34f4c3e14 --- /dev/null +++ b/krebs/5pkgs/simple/certaids.nix @@ -0,0 +1,109 @@ +{ pkgs }: + +pkgs.write "certaids" { + "/bin/cert2json".link = pkgs.writeDash "cert2json" '' + # usage: cert2json < CERT > JSON + set -efu + + ${pkgs.openssl}/bin/openssl crl2pkcs7 -nocrl -certfile /dev/stdin | + ${pkgs.openssl}/bin/openssl pkcs7 -print_certs -text | + ${pkgs.gawk}/bin/awk -F, -f ${pkgs.writeText "cert2json.awk" '' + function abort(msg) { + print(msg) > "/dev/stderr" + exit 1 + } + + function toJSON(x, type, ret) { + type = typeof(x) + switch (type) { + case "array": + if (isArray(x)) return arrayToJSON(x) + if (isObject(x)) return objectToJSON(x) + abort("cannot render array to JSON", x) + case "number": + return numberToJSON(x) + case "string": + return stringToJSON(x) + case "strnum": + case "unassigned": + case "regexp": + case "untyped": + default: + abort("cannot render type: " type) + } + } + + function isArray(x, i, k) { + i = 1 + for (k in x) { + if (k != i++) return 0 + i++ + } + return 1 + } + + function isObject(x, k) { + for (k in x) { + if (typeof(k) != "string") return 0 + } + return 1 + } + + function arrayToJSON(x, k, ret) { + ret = "[" + for (k in x) { + ret=ret toJSON(x[k]) "," + } + sub(/,$/,"",ret) + ret=ret "]" + return ret + } + + function objectToJSON(x, k,ret) { + ret = "{" + for (k in x) { + ret = ret toJSON(k) ":" toJSON(x[k]) "," + } + sub(/,$/, "", ret) + ret = ret "}" + return ret + } + + function numberToJSON(x) { + return x + } + + function stringToJSON(x) { + gsub(/\\/, "&&",x) + gsub(/\n/, "\\n", x) + return "\"" x "\"" + } + + $1 ~ /^ *(Subject|Issuer):/ { + sub(/^ */, "") + sub(/: */, ",") + key=tolower($1) + sub(/[^,]*,/, "") + + # Normalize separators between relative distinguished names. + # [1]: RFC2253, 3. Parsing a String back to a Distinguished Name + # TODO support any distinguished name + gsub(/ *[;,] */, ",") + + for(i = 0; i <= NF; i++) { + split($i, a, "=") + cache[key][a[1]] = a[2] + } + } + + /BEGIN CERTIFICATE/,/END CERTIFICATE/{ + cache["certificate"] = cache["certificate"] $0 "\n" + } + + /END CERTIFICATE/{ + print toJSON(cache) + delete cache + } + ''} + ''; +} diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index e881d4bdc..fd33ef219 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "f034b5693a26625f56068af983ed7727a60b5f8b", - "date": "2022-08-24T10:06:14+02:00", - "path": "/nix/store/8rr2y7lwwm09a5cvr26a2yc019b13zxb-nixpkgs", - "sha256": "05x3bjz1af4liwsgha3r85kqa60j22vldp8g0p7nr51zz6jjwqqq", + "rev": "c97e777ff06fcb8d37dcdf5e21e9eff1f34f0e90", + "date": "2022-09-11T12:47:08-03:00", + "path": "/nix/store/ixhh3xyag61ps64dgbclgkz80hgv36qv-nixpkgs", + "sha256": "1h4g8hf7zi6an5j2lnwf7kbmmbrwp6hhqdf87gd14y24d43sp4x0", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 799399ea7..c0dee0c6e 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "e732e1fdbf79bec59f7ade4a3675b091b4a9f6d6", - "date": "2022-07-19T15:32:15+02:00", - "path": "/nix/store/4dcxnk4xplx79xrwxg2m6pqh8b5k6ya0-nixpkgs", - "sha256": "1j73j17g852zfc75b7ll4avp30pnyvm37pgm66cz844phkv5ywfg", + "rev": "bf014cad818ecd1b28e68c1e7138fb988f504fdc", + "date": "2022-09-12T09:29:23+02:00", + "path": "/nix/store/cpp120bajfgdb8sb1nmm316pav16cjk4-nixpkgs", + "sha256": "0xdf1xclck8j8zxlnhkjgci4a4405rh9n6wx9c3vmk0dvb31lvi9", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, |