diff options
95 files changed, 1129 insertions, 2113 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index c0fa38284..a100e414d 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -1,7 +1,3 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - { config, lib, pkgs, ... }: { diff --git a/krebs/1systems/news/config.nix b/krebs/1systems/news/config.nix new file mode 100644 index 000000000..5c4b37aef --- /dev/null +++ b/krebs/1systems/news/config.nix @@ -0,0 +1,36 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + <stockholm/krebs> + <stockholm/krebs/2configs> + + <stockholm/krebs/2configs/ircd.nix> + <stockholm/krebs/2configs/go.nix> + + #### NEWS #### + <stockholm/krebs/2configs/ircd.nix> + <stockholm/krebs/2configs/news.nix> + ]; + + krebs.build.host = config.krebs.hosts.news; + + boot.isContainer = true; + networking.useDHCP = false; + krebs.bindfs = { + "/var/lib/htgen-go" = { + source = "/var/state/htgen-go"; + options = [ + "-m ${toString config.users.users.htgen-go.uid}" + ]; + clearTarget = true; + }; + "/var/lib/brockman" = { + source = "/var/state/brockman"; + options = [ + "-m ${toString config.users.users.brockman.uid}:${toString config.users.users.nginx.uid}" + ]; + clearTarget = true; + }; + }; +} diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 19cf22280..1e0687ba7 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -19,14 +19,6 @@ <stockholm/krebs/2configs/binary-cache/nixos.nix> <stockholm/krebs/2configs/binary-cache/prism.nix> - ### Krebs ### - <stockholm/krebs/2configs/go.nix> - - #### NEWS #### - <stockholm/krebs/2configs/ircd.nix> - <stockholm/krebs/2configs/news.nix> - - ### shackspace ### # handle the worlddomination map via coap <stockholm/krebs/2configs/shack/worlddomination.nix> diff --git a/krebs/2configs/go.nix b/krebs/2configs/go.nix index c39b08a8e..ce5db62d4 100644 --- a/krebs/2configs/go.nix +++ b/krebs/2configs/go.nix @@ -2,9 +2,6 @@ with import <stockholm/lib>; { - environment.systemPackages = [ - pkgs.go-shortener - ]; krebs.go = { enable = true; }; diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index 65972aacc..789fc2f2f 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -11,12 +11,12 @@ hello ''; config = '' + loadmodule "extensions/m_omode"; serverinfo { name = "${config.krebs.build.host.name}.irc.r"; sid = "1as"; description = "miep!"; network_name = "irc.r"; - hub = yes; vhost = "0.0.0.0"; vhost6 = "::"; @@ -26,7 +26,7 @@ #ssl_dh_params = "etc/dh.pem"; #ssld_count = 1; - default_max_clients = 10000; + default_max_clients = 100000; #nicklen = 30; }; @@ -43,19 +43,31 @@ /* Listen on IPv6 (if you used host= above). */ host = "::"; port = 6667; - sslport = 9999; + sslport = 6697; }; class "users" { ping_time = 2 minutes; number_per_ident = 10; - number_per_ip = 2048; + number_per_ip = 4096; number_per_ip_global = 4096; cidr_ipv4_bitlen = 24; cidr_ipv6_bitlen = 64; number_per_cidr = 65536; - max_number = 3000; - sendq = 1 megabyte; + max_number = 100000; + sendq = 10 megabyte; + }; + + privset "op" { + privs = oper:admin; + }; + + operator "aids" { + user = "*@*"; + password = "balls"; + flags = ~encrypted; + snomask = "+s"; + privset = "op"; }; exempt { @@ -93,12 +105,13 @@ channel_target_change = yes; disable_local_channels = no; }; + general { #maybe we want ident someday? - default_floodcount = 1000; + default_floodcount = 10000; disable_auth = yes; throttle_duration = 1; - throttle_count = 1000; + throttle_count = 10000; }; ''; }; diff --git a/krebs/2configs/news-host.nix b/krebs/2configs/news-host.nix new file mode 100644 index 000000000..82360a670 --- /dev/null +++ b/krebs/2configs/news-host.nix @@ -0,0 +1,12 @@ +{ + krebs.sync-containers.containers.news = { + peers = [ + "shodan" + "mors" + "styx" + ]; + hostIp = "10.233.2.101"; + localIp = "10.233.2.102"; + format = "plain"; + }; +} diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index 11c136f85..3bf991433 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -1,168 +1,112 @@ -{ pkgs, ... }: +{ config, pkgs, ... }: { + services.rss-bridge = { + enable = true; + whitelist = [ "*" ]; + }; + services.nginx.virtualHosts = { + rss-bridge = { + serverAliases = [ + "rss.r" + ]; + }; + "brockman.r" = { + serverAliases = [ + "news.r" + ]; + locations."/".extraConfig = '' + root /var/lib/brockman; + index brockman.json; + ''; + }; + }; + systemd.tmpfiles.rules = [ + "d /var/lib/brockman 1750 brockman nginx -" + ]; + krebs.brockman = { enable = true; config = { irc.host = "localhost"; + channel = "#all"; shortener = "http://go.r"; - bots = { - aje = { feed ="http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989"; channels = [ "#snews" ]; }; - allafrica = { feed ="http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf"; channels = [ "#snews" ]; }; - antirez = { feed ="http://antirez.com/rss"; channels = [ "#snews" "#news" ]; }; - archlinux = { feed ="http://www.archlinux.org/feeds/news/"; channels = [ "#snews" "#news" ]; }; - ars = { feed ="http://feeds.arstechnica.com/arstechnica/index?format=xml"; channels = [ "#snews" ]; }; - augustl = { feed ="http://augustl.com/atom.xml"; channels = [ "#snews" ]; }; - bbc = { feed ="http://feeds.bbci.co.uk/news/rss.xml"; channels = [ "#snews" ]; }; - bdt_aktuelle_themen = { feed ="http://www.bundestag.de/blueprint/servlet/service/de/14154/asFeed/index.rss"; channels = [ "#snews" ]; }; - bdt_drucksachen = { feed ="http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss"; channels = [ "#snews" ]; }; - bdt_plenarproto = { feed ="http://www.bundestag.de/rss_feeds/plenarprotokolle.rss"; channels = [ "#snews" ]; }; - bdt_pressemitteilungen = { feed ="http://www.bundestag.de/blueprint/servlet/service/de/273112/asFeed/index.rss"; channels = [ "#snews" ]; }; - bitcoinpakistan = { feed ="https://bitcoinspakistan.com/feed/"; channels = [ "#snews" ]; }; - cancer = { feed ="http://feeds.feedburner.com/ncinewsreleases?format=xml"; channels = [ "#snews" ]; }; - carta = { feed ="http://feeds2.feedburner.com/carta-standard-rss"; channels = [ "#snews" ]; }; - catholic_news = { feed ="http://feeds.feedburner.com/catholicnewsagency/dailynews"; channels = [ "#snews" ]; }; - cbc_busi = { feed ="http://rss.cbc.ca/lineup/business.xml"; channels = [ "#snews" ]; }; - cbc_offbeat = { feed ="http://www.cbc.ca/cmlink/rss-offbeat"; channels = [ "#snews" ]; }; - cbc_pol = { feed ="http://rss.cbc.ca/lineup/politics.xml"; channels = [ "#snews" ]; }; - cbc_tech = { feed ="http://rss.cbc.ca/lineup/technology.xml"; channels = [ "#snews" ]; }; - cbc_top = { feed ="http://rss.cbc.ca/lineup/topstories.xml"; channels = [ "#snews" ]; }; - ccc = { feed ="http://www.ccc.de/rss/updates.rdf"; channels = [ "#snews" ]; }; - chan_biz = { feed ="http://boards.4chan.org/biz/index.rss"; channels = [ "#snews" ]; }; - chan_g = { feed ="http://boards.4chan.org/g/index.rss"; channels = [ "#snews" ]; }; - chan_int = { feed ="http://boards.4chan.org/int/index.rss"; channels = [ "#snews" ]; }; - chan_sci = { feed ="http://boards.4chan.org/sci/index.rss"; channels = [ "#snews" ]; }; - chan_x = { feed ="http://boards.4chan.org/x/index.rss"; channels = [ "#snews" ]; }; - c = { feed ="http://www.tempolimit-lichtgeschwindigkeit.de/news.xml"; channels = [ "#snews" ]; }; - cryptogon = { feed ="http://www.cryptogon.com/?feed=rss2"; channels = [ "#snews" ]; }; - csm = { feed ="http://rss.csmonitor.com/feeds/csm"; channels = [ "#snews" ]; }; - csm_world = { feed ="http://rss.csmonitor.com/feeds/world"; channels = [ "#snews" ]; }; - danisch = { feed ="http://www.danisch.de/blog/feed/"; channels = [ "#snews" ]; }; - dod = { feed ="http://www.defense.gov/news/afps2.xml"; channels = [ "#snews" ]; }; - dwn = { feed ="http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/"; channels = [ "#snews" ]; }; - ecat = { feed ="http://ecat.com/feed"; channels = [ "#snews" ]; }; - eia_press = { feed ="http://www.eia.gov/rss/press_rss.xml"; channels = [ "#snews" ]; }; - eia_today = { feed ="http://www.eia.gov/rss/todayinenergy.xml"; channels = [ "#snews" ]; }; - embargowatch = { feed ="https://embargowatch.wordpress.com/feed/"; channels = [ "#snews" ]; }; - ethereum-comments = { feed ="http://blog.ethereum.org/comments/feed"; channels = [ "#snews" ]; }; - ethereum = { feed ="http://blog.ethereum.org/feed"; channels = [ "#snews" "#news" ]; }; - europa_ric = { feed ="http://ec.europa.eu/research/infocentre/rss/infocentre-rss.xml"; channels = [ "#snews" ]; }; - eu_survei = { fee |