7 files changed, 111 insertions, 30 deletions

diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix
index 38d770316..fffe128e6 100644
--- a/krebs/2configs/default.nix
+++ b/krebs/2configs/default.nix
@@ -27,9 +27,6 @@ with import <stockholm/lib>;
   ];
 
   console.keyMap = "us";
-  i18n = {
-    defaultLocale = lib.mkForce "C";
-  };
 
   programs.ssh.startAgent = false;
 
@@ -60,4 +57,7 @@ with import <stockholm/lib>;
 
   # The NixOS release to be compatible with for stateful data such as databases.
   system.stateVersion = "17.03";
+
+  # maybe fix Error: unsupported locales detected:
+  i18n.defaultLocale = mkDefault "C.UTF-8";
 }
diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix
index c6c91e074..5435ea166 100644
--- a/krebs/2configs/ircd.nix
+++ b/krebs/2configs/ircd.nix
@@ -5,9 +5,10 @@
     6667
   ];
 
-  krebs.ergo = {
+  services.ergochat = {
     enable = true;
-    config = {
+    settings = {
+      server.name = "irc.r";
       server.secure-nets = [
         "42::0/16"
         "10.240.0.0/12"
diff --git a/krebs/2configs/mastodon-proxy.nix b/krebs/2configs/mastodon-proxy.nix
new file mode 100644
index 000000000..4d359c3fe
--- /dev/null
+++ b/krebs/2configs/mastodon-proxy.nix
@@ -0,0 +1,24 @@
+{ config, lib, pkgs, ... }:
+{
+  services.nginx = {
+    enable = true;
+    virtualHosts."social.krebsco.de" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        # TODO use this in 22.11
+        # recommendedProxySettings = true;
+        proxyPass = "http://hotdog.r";
+        proxyWebsockets = true;
+        extraConfig = ''
+          proxy_set_header        Host $host;
+          proxy_set_header        X-Real-IP $remote_addr;
+          proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header        X-Forwarded-Proto $scheme;
+          proxy_set_header        X-Forwarded-Host $host;
+          proxy_set_header        X-Forwarded-Server $host;
+        '';
+      };
+    };
+  };
+}
diff --git a/krebs/2configs/mastodon.nix b/krebs/2configs/mastodon.nix
new file mode 100644
index 000000000..145b383ed
--- /dev/null
+++ b/krebs/2configs/mastodon.nix
@@ -0,0 +1,46 @@
+{ config, lib, pkgs, ... }:
+{
+  services.postgresql = {
+    enable = true;
+    dataDir = "/var/state/postgresql/${config.services.postgresql.package.psqlSchema}";
+    package = pkgs.postgresql_11;
+  };
+  systemd.tmpfiles.rules = [
+    "d /var/state/postgresql 0700 postgres postgres -"
+  ];
+
+  services.mastodon = {
+    enable = true;
+    localDomain = "social.krebsco.de";
+    configureNginx = true;
+    trustedProxy = config.krebs.hosts.prism.nets.retiolum.ip6.addr;
+    smtp.createLocally = false;
+    smtp.fromAddress = "derp";
+  };
+
+  services.nginx.virtualHosts.${config.services.mastodon.localDomain} = {
+    forceSSL = lib.mkForce false;
+    enableACME = lib.mkForce false;
+    locations."@proxy".extraConfig = ''
+      proxy_redirect off;
+      proxy_pass_header Server;
+      proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+    '';
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    80
+  ];
+
+  environment.systemPackages = [
+    (pkgs.writers.writeDashBin "tootctl" ''
+      sudo -u mastodon /etc/profiles/per-user/mastodon/bin/mastodon-env /etc/profiles/per-user/mastodon/bin/tootctl "$@"
+    '')
+    (pkgs.writers.writeDashBin "create-mastodon-user" ''
+      set -efu
+      nick=$1
+      /run/current-system/sw/bin/tootctl accounts create "$nick" --email "$nick"@krebsco.de --confirmed
+      /run/current-system/sw/bin/tootctl accounts approve "$nick"
+    '')
+  ];
+}
diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
index 3649aeeea..d6c6371da 100644
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@@ -68,8 +68,8 @@
     wantedBy = [ "multi-user.target" ];
   };
 
-  krebs.ergo.openFilesLimit = 16384;
-  krebs.ergo.config = {
+  services.ergochat.openFilesLimit = 16384;
+  services.ergochat.settings = {
     limits.nicklen = 100;
     limits.identlen = 100;
     history.enabled = false;
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix
index 13b59fa82..11aaf876a 100644
--- a/krebs/2configs/reaktor2.nix
+++ b/krebs/2configs/reaktor2.nix
@@ -64,8 +64,7 @@ let
           pkgs.curl
           pkgs.stable-generate
         ]}
-        stable_url=$(stable-generate "$@")
-        paste_url=$(curl -Ss "$stable_url" |
+        paste_url=$(stable-generate "$@" |
           curl -Ss http://p.r --data-binary @- |
           tail -1
         )
@@ -73,6 +72,22 @@ let
       '';
     };
   };
+  interrogate = {
+    pattern = "^!interrogate (.*)$";
+    activate = "match";
+    arguments = [1];
+    command = {
+      filename = pkgs.writeDash "interrogate" ''
+        set -efux
+
+        export PATH=${makeBinPath [
+          pkgs.stable-interrogate
+        ]}
+        caption=$(stable-interrogate "$@")
+        echo "$_from: $caption"
+      '';
+    };
+  };
 
   confuse_hackint = {
     pattern = "^!confuse (.*)$";
@@ -87,8 +102,7 @@ let
           pkgs.stable-generate
         ]}
         case $_msgtarget in \#*)
-          stable_url=$(stable-generate "$@")
-          paste_url=$(curl -Ss "$stable_url" |
+          paste_url=$(stable-generate "$@" |
             curl -Ss https://p.krebsco.de --data-binary @- |
             tail -1
           )
@@ -132,7 +146,7 @@ let
     command = 1;
     arguments = [2];
     env.TASKDATA = "${stateDir}/${name}";
-    commands = {
+    commands = rec {
       add.filename = pkgs.writeDash "${name}-task-add" ''
         ${pkgs.taskwarrior}/bin/task rc:${taskRcFile} add "$1"
       '';
@@ -145,6 +159,7 @@ let
       delete.filename = pkgs.writeDash "${name}-task-delete" ''
         ${pkgs.taskwarrior}/bin/task rc:${taskRcFile} delete "$1"
       '';
+      del = delete;
       done.filename = pkgs.writeDash "${name}-task-done" ''
         ${pkgs.taskwarrior}/bin/task rc:${taskRcFile} done "$1"
       '';
@@ -289,7 +304,18 @@ let
                 longitude=$(echo "$poi" | jq -r .longitude)
               fi
 
-              restaurant=$(osm-restaurants --radius "$2" --latitude "$latitude" --longitude "$longitude")
+              for api_endpoint in \
+                https://lz4.overpass-api.de/api/interpreter \
+                https://z.overpass-api.de/api/interpreter \
+                https://maps.mail.ru/osm/tools/overpass/api/interpreter \
+                https://overpass.openstreetmap.ru/api/interpreter \
+                https://overpass.kumi.systems/api/interpreter
+              do
+                restaurant=$(osm-restaurants --endpoint "$api_endpoint" --radius "$2" --latitude "$latitude" --longitude "$longitude")
+                if [ "$?" -eq 0 ]; then
+                  break
+                fi
+              done
               printf '%s' "$restaurant" | tail -1 | jq -r '"How about \(.tags.name) (https://www.openstreetmap.org/\(.type)/\(.id)), open \(.tags.opening_hours)?"'
             '';
           };
@@ -297,6 +323,7 @@ let
         bedger-add
         bedger-balance
         hooks.sed
+        interrogate
         say
         (generators.command_hook {
           inherit (commands) dance random-emoji nixos-version;
diff --git a/krebs/2configs/shack/prometheus/alertmanager-telegram.nix b/krebs/2configs/shack/prometheus/alertmanager-telegram.nix
deleted file mode 100644
index 8527001cb..000000000
--- a/krebs/2configs/shack/prometheus/alertmanager-telegram.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ pkgs, ...}:
-{
-  systemd.services.alertmanager-bot-telegram = {
-    wantedBy = [ "multi-user.target" ];
-    after = [ "ip-up.target" ];
-    serviceConfig = {
-      EnvironmentFile = toString <secrets/shack/telegram_bot.env>;
-      DynamicUser = true;
-      StateDirectory = "alertbot";
-      ExecStart = ''${pkgs.alertmanager-bot-telegram}/bin/alertmanager-bot \
-        --alertmanager.url=http://alert.prometheus.shack --log.level=info \
-        --store=bolt --bolt.path=/var/lib/alertbot/bot.db \
-        --listen.addr="0.0.0.0:16320" \
-        --template.paths=${./templates}/shack.tmpl'';
-    };
-  };
-}