summaryrefslogtreecommitdiffstats
path: root/lass/2configs
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2019-02-02 09:16:32 +0100
committertv <tv@krebsco.de>2019-02-02 09:16:32 +0100
commitbca298e1a8582f5704e1e154ead6d1f866ac3206 (patch)
tree7ca3a33bc72108b392b35d8c014df0ceda33e75e /lass/2configs
parenta09bf933da2d31645872f1e2332507da98fb6a00 (diff)
parente2ae92445cc439203427a58720fc394cf1ca4b44 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/2configs')
-rw-r--r--lass/2configs/hardening.nix11
-rw-r--r--lass/2configs/radio.nix61
-rw-r--r--lass/2configs/reaktor-coders.nix46
3 files changed, 64 insertions, 54 deletions
diff --git a/lass/2configs/hardening.nix b/lass/2configs/hardening.nix
new file mode 100644
index 000000000..aee4bf06f
--- /dev/null
+++ b/lass/2configs/hardening.nix
@@ -0,0 +1,11 @@
+{ pkgs, lib, ... }:
+with lib;
+{
+ security.chromiumSuidSandbox.enable = true;
+ security.lockKernelModules = false;
+ boot.kernel.sysctl."user.max_user_namespaces" = 63414;
+
+ imports = [
+ <nixpkgs/nixos/modules/profiles/hardened.nix>
+ ];
+}
diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix
index 987632cd1..f88b2627b 100644
--- a/lass/2configs/radio.nix
+++ b/lass/2configs/radio.nix
@@ -170,32 +170,45 @@ in {
};
};
- krebs.Reaktor.playlist = {
- nickname = "the_playlist|r";
- channels = [
- "#the_playlist"
- "#krebs"
- ];
- extraEnviron = {
- REAKTOR_HOST = "irc.freenode.org";
- };
- plugins = with pkgs.ReaktorPlugins; [
- (buildSimpleReaktorPlugin "skip" {
- script = "${skip_track}/bin/skip_track";
- pattern = "^skip$";
- })
- (buildSimpleReaktorPlugin "current" {
- script = "${print_current}/bin/print_current";
- pattern = "^current$";
- })
- (buildSimpleReaktorPlugin "suggest" {
- script = "${pkgs.writeDash "suggest" ''
- echo "$@" >> $HOME/playlist_suggest
- ''}";
- pattern = "^suggest: (?P<args>.*)$";
- })
+ krebs.reaktor2.the_playlist = {
+ hostname = "irc.freenode.org";
+ port = "6697";
+ useTLS = true;
+ nick = "the_playlist";
+ plugins = [
+ {
+ plugin = "register";
+ config = {
+ channels = [
+ "#the_playlist"
+ "#krebs"
+ ];
+ };
+ }
+ {
+ plugin = "system";
+ config = {
+ workdir = config.krebs.reaktor2.the_playlist.stateDir;
+ hooks.PRIVMSG = [
+ {
+ activate = "match";
+ pattern = ''!([^ ]+)(?:\s*(.*))?'';
+ command = 1;
+ arguments = [2];
+ commands = {
+ skip.filename = "${skip_track}/bin/skip_track";
+ current.filename = "${print_current}/bin/print_current";
+ suggest.filename = pkgs.writeDash "suggest" ''
+ echo "$@" >> playlist_suggest
+ '';
+ };
+ }
+ ];
+ };
+ }
];
};
+
services.nginx = {
enable = true;
virtualHosts."radio.lassul.us" = {
diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix
index 44d9d6866..4baec1976 100644
--- a/lass/2configs/reaktor-coders.nix
+++ b/lass/2configs/reaktor-coders.nix
@@ -32,6 +32,7 @@ in {
pattern = ''@([^ ]+) (.*)$'';
command = 1;
arguments = [2];
+ env.HOME = config.krebs.reaktor2.coders.stateDir;
commands = let
lambdabot = (import (pkgs.fetchFromGitHub {
owner = "NixOS"; repo = "nixpkgs";
@@ -46,36 +47,21 @@ in {
-e "$@"
'';
in {
- pl = {
- env.HOME = config.krebs.reaktor2.coders.stateDir;
- filename = pkgs.writeDash "lambdabot-pl" ''
- ${lambdabotWrapper} "@pl $1"
- '';
- };
- type = {
- env.HOME = config.krebs.reaktor2.coders.stateDir;
- filename = pkgs.writeDash "lambdabot-type" ''
- ${lambdabotWrapper} "@type $1"
- '';
- };
- "let" = {
- env.HOME = config.krebs.reaktor2.coders.stateDir;
- filename = pkgs.writeDash "lambdabot-let" ''
- ${lambdabotWrapper} "@let $1"
- '';
- };
- run = {
- env.HOME = config.krebs.reaktor2.coders.stateDir;
- filename = pkgs.writeDash "lambdabot-run" ''
- ${lambdabotWrapper} "@run $1"
- '';
- };
- kind = {
- env.HOME = config.krebs.reaktor2.coders.stateDir;
- filename = pkgs.writeDash "lambdabot-kind" ''
- ${lambdabotWrapper} "@kind $1"
- '';
- };
+ pl.filename = pkgs.writeDash "lambdabot-pl" ''
+ ${lambdabotWrapper} "@pl $1"
+ '';
+ type.filename = pkgs.writeDash "lambdabot-type" ''
+ ${lambdabotWrapper} "@type $1"
+ '';
+ "let".filename = pkgs.writeDash "lambdabot-let" ''
+ ${lambdabotWrapper} "@let $1"
+ '';
+ run.filename = pkgs.writeDash "lambdabot-run" ''
+ ${lambdabotWrapper} "@run $1"
+ '';
+ kind.filename = pkgs.writeDash "lambdabot-kind" ''
+ ${lambdabotWrapper} "@kind $1"
+ '';
};
}
{