diff options
Diffstat (limited to 'krebs/2configs')
| -rw-r--r-- | krebs/2configs/buildbot/worker.nix | 4 | ||||
| -rw-r--r-- | krebs/2configs/default.nix | 1 | ||||
| -rw-r--r-- | krebs/2configs/exim-smarthost.nix | 5 | ||||
| -rw-r--r-- | krebs/2configs/hw/x220.nix | 2 | ||||
| -rw-r--r-- | krebs/2configs/mastodon.nix | 29 | ||||
| -rw-r--r-- | krebs/2configs/mud.nix | 26 | ||||
| -rw-r--r-- | krebs/2configs/nameserver.nix | 5 | ||||
| -rw-r--r-- | krebs/2configs/news-host.nix | 7 | ||||
| -rw-r--r-- | krebs/2configs/news.nix | 207 | ||||
| -rw-r--r-- | krebs/2configs/reaktor2.nix | 20 | ||||
| -rw-r--r-- | krebs/2configs/shack/share.nix | 28 | ||||
| -rw-r--r-- | krebs/2configs/shack/ssh-keys.nix | 1 | ||||
| -rw-r--r-- | krebs/2configs/shack/worlddomination.nix | 40 |
13 files changed, 52 insertions, 323 deletions
diff --git a/krebs/2configs/buildbot/worker.nix b/krebs/2configs/buildbot/worker.nix index e96c6df14..5526a83d3 100644 --- a/krebs/2configs/buildbot/worker.nix +++ b/krebs/2configs/buildbot/worker.nix @@ -1,4 +1,4 @@ -{ buildbot-nix, ... }: +{ config, buildbot-nix, ... }: { imports = [ buildbot-nix.nixosModules.buildbot-worker @@ -6,6 +6,8 @@ services.buildbot-nix.worker = { enable = true; + name = config.krebs.build.host.name; workerPasswordFile = "/var/src/secrets/nix-worker-file"; + masterUrl = "tcp:host=gum:port=9989"; }; } diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix index 6ca7c732a..e7bf3078f 100644 --- a/krebs/2configs/default.nix +++ b/krebs/2configs/default.nix @@ -33,7 +33,6 @@ with import ../../lib/pure.nix { inherit lib; }; environment.systemPackages = with pkgs; [ git vim - rxvt_unicode.terminfo ]; console.keyMap = "us"; diff --git a/krebs/2configs/exim-smarthost.nix b/krebs/2configs/exim-smarthost.nix index 89ff74cfd..11b8b3ec1 100644 --- a/krebs/2configs/exim-smarthost.nix +++ b/krebs/2configs/exim-smarthost.nix @@ -16,7 +16,9 @@ in { makefu tv ]; - eloop-ml = spam-ml; + eloop-ml = spam-ml ++ [ + { mail = "unreal@rtinf.net"; } + ]; krebstel-ml = [ config.krebs.users."0x4A6F" { mail = "krebstel-1rxz0mqa95nkmk298s1731ly0ii7vc36kkm36pnjj89hrq52pgn1@ni.r"; } @@ -33,6 +35,7 @@ in { "brain@krebsco.de" = brain-ml; "eloop2022@krebsco.de" = eloop-ml; "2024@eloop.org" = eloop-ml; + "2025@eloop.org" = eloop-ml; "root@eloop.org" = eloop-ml; # obsolete, use spam@eloop.org instead "spam@eloop.org" = eloop-ml; "youtube@eloop.org" = eloop-ml; # obsolete, use spam@eloop.org instead diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix index 980c2c9aa..a797673c9 100644 --- a/krebs/2configs/hw/x220.nix +++ b/krebs/2configs/hw/x220.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ lib, pkgs, ... }: { networking.wireless.enable = lib.mkDefault true; diff --git a/krebs/2configs/mastodon.nix b/krebs/2configs/mastodon.nix index ebc4207a0..3c7205167 100644 --- a/krebs/2configs/mastodon.nix +++ b/krebs/2configs/mastodon.nix @@ -1,4 +1,14 @@ { config, lib, pkgs, ... }: +let + mastodon-clear-cache = pkgs.writers.writeDashBin "mastodon-clear-cache" '' + /run/current-system/sw/bin/mastodon-tootctl media remove --prune-profiles --days=14 --concurrency=30 + /run/current-system/sw/bin/mastodon-tootctl media remove-orphans + /run/current-system/sw/bin/mastodon-tootctl preview_cards remove --days=14 + /run/current-system/sw/bin/mastodon-tootctl accounts prune + /run/current-system/sw/bin/mastodon-tootctl statuses remove --days 4 + /run/current-system/sw/bin/mastodon-tootctl media remove --days 4 + ''; +in { services.postgresql = { enable = true; @@ -14,7 +24,6 @@ localDomain = "social.krebsco.de"; configureNginx = true; streamingProcesses = 3; - trustedProxy = config.krebs.hosts.prism.nets.retiolum.ip6.addr; smtp.createLocally = false; smtp.fromAddress = "derp"; }; @@ -26,12 +35,20 @@ 443 ]; + systemd.services.mastodon-clear-cache = { + description = "Mastodon Clear Cache"; + wantedBy = [ "timers.target" ]; + startAt = "daily"; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${mastodon-clear-cache}/bin/mastodon-clear-cache"; + User = "mastodon"; + WorkingDirectory = "/var/lib/mastodon"; + }; + }; + environment.systemPackages = [ - (pkgs.writers.writeDashBin "clear-mastodon-cache" '' - mastodon-tootctl media remove --prune-profiles --days=14 --concurrency=30 - mastodon-tootctl media remove-orphans - mastodon-tootctl preview_cards remove --days=14 - '') + mastodon-clear-cache (pkgs.writers.writeDashBin "create-mastodon-user" '' set -efu nick=$1 diff --git a/krebs/2configs/mud.nix b/krebs/2configs/mud.nix index a53596cc6..992f2ebdc 100644 --- a/krebs/2configs/mud.nix +++ b/krebs/2configs/mud.nix @@ -5,18 +5,6 @@ MUD_SERVER=''${MUD_SERVER:-127.0.0.1} MUD_PORT=''${MUD_PORT:-8080} - if $(${pkgs.libressl.nc}/bin/nc -z "$MUD_SERVER" "$MUD_PORT"); then - ${nvim}/bin/nvim \ - +"let g:instant_username = \"$MUD_NICKNAME\"" \ - +":InstantJoinSession $MUD_SERVER $MUD_PORT" \ - "$@" - else - ${nvim}/bin/nvim \ - +"let g:instant_username = \"$MUD_NICKNAME\"" \ - +":InstantStartServer $MUD_SERVER $MUD_PORT" \ - +":InstantStartSession $MUD_SERVER $MUD_PORT" \ - "$@" - fi ''; nvim = pkgs.neovim.override { # vimAlias = true; @@ -31,7 +19,6 @@ nerdtree # file structure inside nvim rainbow # Color parenthesis customPlugins.hack-color - customPlugins.instant ]; opt = []; }; @@ -97,15 +84,6 @@ inoremap <f2> <esc>:tabn<cr> ''; customPlugins = { - instant = pkgs.vimUtils.buildVimPlugin { - name = "instant"; - src = pkgs.fetchFromGitHub { - owner = "jbyuki"; - repo = "instant.nvim"; - rev = "c02d72267b12130609b7ad39b76cf7f4a3bc9554"; - sha256 = "sha256-7Pr2Au/oGKp5kMXuLsQY4BK5Wny9L1EBdXtyS5EaZPI="; - }; - }; hack-color = (rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let name = "hack"; in { @@ -162,10 +140,6 @@ in { ]; packages = with pkgs; [ tmux - (pkgs.writers.writeDashBin "instant_server" '' - find ${customPlugins.instant} - find ${customPlugins.instant.src} - '') mud ]; }; diff --git a/krebs/2configs/nameserver.nix b/krebs/2configs/nameserver.nix index 633f6f5d5..fb22dc6f9 100644 --- a/krebs/2configs/nameserver.nix +++ b/krebs/2configs/nameserver.nix @@ -66,6 +66,10 @@ in { - id: hostingde_ns1 address: 134.0.30.178 + - id: krebscode_ne + address: ${config.krebs.hosts.ne.nets.internet.ip4.addr} + key: krebs_transfer_notify_key + - id: krebscode_ni address: ${config.krebs.hosts.ni.nets.internet.ip4.addr} key: krebs_transfer_notify_key @@ -119,6 +123,7 @@ in { dnssec-policy: rsa2k notify: henet_ns1 notify: hostingde_ns1 + notify: krebscode_ne notify: krebscode_ni acl: transfer_to_henet_secondary acl: transfer_to_hostingde_secondary diff --git a/krebs/2configs/news-host.nix b/krebs/2configs/news-host.nix deleted file mode 100644 index 9b8627d61..000000000 --- a/krebs/2configs/news-host.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ config,lib, ... }: -{ - nixpkgs.config.allowUnfree = true; # "consul-1.18.0" - krebs.sync-containers3.containers.news = { - sshKey = "${config.krebs.secret.directory}/news.sync.key"; - }; -} diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix deleted file mode 100644 index 9d9470727..000000000 --- a/krebs/2configs/news.nix +++ /dev/null @@ -1,207 +0,0 @@ -{ config, pkgs, ... }: - -{ - services.rss-bridge = { - enable = true; - whitelist = [ "*" ]; - }; - services.nginx.virtualHosts = { - rss-bridge = { - serverAliases = [ - "rss.r" - ]; - }; - "brockman.r" = { - serverAliases = [ - "news.r" - ]; - locations."/api".extraConfig = '' - proxy_pass http://127.0.0.1:7777/; - proxy_pass_header Server; - ''; - locations."= /graph.html".extraConfig = '' - alias ${pkgs.fetchurl { - url = "https://raw.githubusercontent.com/kmein/brockman/05d33c8caaaf6255752f9600981974bb58390851/tools/graph.html"; - sha256 = "0iw2vdzj6kzkix1c447ybmc953lns6z4ap6sr9pcib8bany4g43w"; - }}; - ''; - locations."/".extraConfig = '' - root /var/lib/brockman; - index brockman.json; - ''; - extraConfig = '' - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - ''; - }; - }; - systemd.tmpfiles.rules = [ - "d /var/lib/brockman 1750 brockman nginx -" - "d /run/irc-api 1750 brockman nginx -" - ]; - - systemd.services.brockman-graph = { - path = [ - pkgs.graphviz - pkgs.jq - pkgs.inotify-tools - ]; - serviceConfig = { - ExecStart = pkgs.writers.writeDash "brockman-graph" '' - - while :; do - graphviz="$(cat /var/lib/brockman/brockman.json \ - | jq -r ' - .bots | - to_entries | - map(select(.value.extraChannels|length > 1 )) | - .[] | - "\"\(.key)\" -> {\(.value.extraChannels|map("\""+.+"\"")|join(" "))}" - ')" - echo "digraph news { $graphviz }" | circo -Tsvg > /var/lib/brockman/graph.svg - - inotifywait -q -e MODIFY /var/lib/brockman/brockman.json - done - ''; - User = "brockman"; - }; - wantedBy = [ "multi-user.target" ]; - }; - - services.ergochat.openFilesLimit = 16384; - services.ergochat.settings = { - limits.nicklen = 100; - limits.identlen = 100; - history.enabled = false; - }; - systemd.services.brockman.bindsTo = [ "ergochat.service" ]; - systemd.services.brockman.serviceConfig.LimitNOFILE = 16384; - systemd.services.brockman.environment.BROCKMAN_LOG_LEVEL = "DEBUG"; - krebs.brockman = { - enable = true; - config = { - irc.host = "localhost"; - channel = "#all"; - shortener = "http://go.r"; - controller = { - nick = "brockman"; - extraChannels = [ "#all" ]; - }; - statePath = "/var/state/brockman/brockman.json"; - bots = {}; - }; - }; - - krebs.reaktor2.api = { - hostname = "localhost"; - port = "6667"; - nick = "api"; - API.listen = "inet://127.0.0.1:7777"; - plugins = [ - { - plugin = "register"; - config = { - channels = [ - "#all" - ]; - }; - } - ]; - }; - krebs.reaktor2.news = let - name = "candyman"; - in { - hostname = "localhost"; - port = "6667"; - nick = name; - plugins = [ - { - plugin = "register"; - config = { - channels = [ - "#all" - "#aluhut" - "#news" - "#lasstube" - ]; - }; - } - { - plugin = "system"; - config = { - hooks.PRIVMSG = [ - { - activate = "match"; - pattern = "^${name}:\\s*(\\S*)(?:\\s+(.*\\S))?\\s*$"; - command = 1; - arguments = [2]; - commands = { - add-reddit.filename = pkgs.writeDash "add-reddit" '' - set -euf - if [ "$#" -ne 1 ]; then - echo 'usage: ${name}: add-reddit $reddit_channel' - exit 1 - fi - reddit_channel=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]') - echo "brockman: add r_$reddit_channel http://rss.r/?action=display&bridge=Reddit&context=single&r=$reddit_channel&format=Atom" - ''; - add-telegram.filename = pkgs.writeDash "add-telegram" '' - set -euf - if [ "$#" -ne 1 ]; then - echo 'usage: ${name}: add-telegram $telegram_user' - exit 1 - fi - telegram_user=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]') - echo "brockman: add t_$telegram_user http://rss.r/?action=display&bridge=Telegram&username=$telegram_user&format=Mrss" - ''; - add-youtube.filename = pkgs.writeDash "add-youtube" '' - set -euf - if [ "$#" -ne 1 ]; then - echo 'usage: ${name}: add-youtube $nick $channel/video/stream/id' - exit 1 - fi - youtube_nick=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]') - youtube_url=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][1]') - if [ ''${#youtube_url} -eq 24 ]; then - youtube_id=$youtube_url - else - youtube_id=$(${pkgs.yt-dlp}/bin/yt-dlp --max-downloads 1 -j "$youtube_url" | ${pkgs.jq}/bin/jq -r '.channel_id') - fi - echo "brockman: add yt_$youtube_nick http://rss.r/?action=display&bridge=Youtube&context=By+channel+id&c=$youtube_id&duration_min=&duration_max=&format=Mrss" - ''; - add-twitch.filename = pkgs.writeDash "add-twitch" '' - set -euf - if [ "$#" -ne 1 ]; then - echo 'usage: ${name}: add-twitch $handle' - exit 1 - fi - twitch_nick=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]') - echo "brockman: add twitch_$twitch_nick http://rss.r/?action=display&bridge=Twitch&channel=$twitch_nick&type=all&format=Atom" - ''; - add-twitter.filename = pkgs.writeDash "add-twitter" '' - set -euf - if [ "$#" -ne 1 ]; then - echo 'usage: ${name}: add-twitter $handle' - exit 1 - fi - twitter_nick=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]') - echo "brockman: add tw_$twitter_nick http://rss.r/?action=display&bridge=Twitter&context=By+username&u=$twitter_nick&norep=on&noretweet=on&nopinned=on&nopic=on&format=Atom" - ''; - search.filename = pkgs.writeDash "search" '' - set -euf - if [ "$#" -ne 1 ]; then - echo 'usage: ${name}: search $searchterm' - exit 1 - fi - searchterm=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]') - ${pkgs.curl}/bin/curl -Ss "https://feedsearch.dev/api/v1/search?url=$searchterm&info=true&favicon=false" | - ${pkgs.jq}/bin/jq '.[].url' - ''; - }; - } - ]; - }; - } - ]; - }; -} diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index e84827656..faabf7677 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -253,24 +253,6 @@ let }; }; - vicuna = { - pattern = "^!vicuna (.*)$"; - activate = "match"; - arguments = [1]; - timeoutSec = 1337; - command = { - filename = pkgs.writeDash "vicuna" '' - set -efu - - mkdir -p ${stateDir}/vicuna - export CONTEXT=${stateDir}/vicuna/"$_msgtarget".context - ${pkgs.vicuna-chat}/bin/vicuna-chat "$@" | - echo "$_from: $(cat)" | - fold -s -w 426 - ''; - }; - }; - locationsLib = pkgs.writeText "locations.sh" '' ENDPOINT=http://c.r/poi.json get_locations() { @@ -428,10 +410,8 @@ let bedger-balance bing bing-img - hooks.sed interrogate say - vicuna (generators.command_hook { inherit (commands) dance random-emoji nixos-version; tell = { diff --git a/krebs/2configs/shack/share.nix b/krebs/2configs/shack/share.nix index bc483e8d0..0ba22af78 100644 --- a/krebs/2configs/shack/share.nix +++ b/krebs/2configs/shack/share.nix @@ -26,21 +26,17 @@ "guest ok" = "yes"; }; }; - extraConfig = '' - guest account = smbguest - map to guest = bad user - # disable printing - load printers = no - printing = bsd - printcap name = /dev/null - disable spoolss = yes - - # for legacy systems - client min protocol = NT1 - server min protocol = NT1 - workgroup = WORKGROUP - server string = ${config.networking.hostName} - netbios name = ${config.networking.hostName} - ''; + settings.global = { + "guest account" = "smbguest"; + "map to guest" = "bad user"; + # disable printing + "load printers" = "no"; + "printing" = "bsd"; + "printcap name" = "/dev/null"; + "disable spoolss" = "yes"; + "workgroup" = "WORKGROUP"; + "server string" = config.networking.hostName; + "netbios name" = config.networking.hostName; + }; }; } diff --git a/krebs/2configs/shack/ssh-keys.nix b/krebs/2configs/shack/ssh-keys.nix index 80957f3a5..183a81f99 100644 --- a/krebs/2configs/shack/ssh-keys.nix +++ b/krebs/2configs/shack/ssh-keys.nix @@ -2,6 +2,7 @@ { users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users."0x4A6F".pubkey + config.krebs.users.susanne.pubkey config.krebs.users.hase.pubkey config.krebs.users.neos.pubkey config.krebs.users.raute.pubkey diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix index b7a8f18df..66a4095db 100644 --- a/krebs/2configs/shack/worlddomination.nix +++ b/krebs/2configs/shack/worlddomination.nix @@ -7,11 +7,11 @@ let src = pkgs.fetchFromGitHub { owner = "shackspace"; repo = "worlddomination"; - rev = "c7aedcde7cd1fcb870b5356a6125e1a384b0776c"; - sha256 = "0y6haz5apwa33lz64l7b2x78wrrckbw39j4wzyd1hfk46478xi2y"; + rev = "934387c3525e819e6b5981c417a7561d70b8b61a"; + sha256 = "sha256-AbRqxxY6hYNg4qkk/akuw4f+wJh4nx1hfEA4Lp5B+1E="; }; buildInputs = [ - (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ + (pkgs.python310.withPackages (pythonPackages: with pythonPackages; [ docopt LinkHeader aiocoap @@ -30,41 +30,7 @@ let }; pythonPackages = pkgs.python3Packages; # https://github.com/chrysn/aiocoap - grequests = pythonPackages.buildPythonPackage rec { - pname = "grequests"; - version = "0.3.1"; - name = "${pname}-${version}"; - src = pkgs.fetchFromGitHub { - owner = "kennethreitz"; - repo = "grequests"; - rev = "d1e70eb"; - sha256 = "0drfx4fx65k0g5sj0pw8z3q1s0sp7idn2yz8xfb45nd6v82i37hc"; - }; - - doCheck = false; - - propagatedBuildInputs = with pythonPackages; [ requests gevent ]; - - meta = with lib;{ - description = "Asynchronous HTTP requests"; - homepage = https://github.com/kennethreitz/grequests; - license = with licenses; [ bsd2 ]; - maintainers = with maintainers; [ matejc ]; - }; - }; - - aiocoap = pythonPackages.buildPythonPackage { - name = "aiocoap-0.3"; - src = pkgs.fetchurl { url = "https://pypi.python.org/packages/9c/f6/d839e4b14258d76e74a39810829c13f8dd31de2bfe0915579b2a609d1bbe/aiocoap-0.3.tar.gz"; sha256 = "402d4151db6d8d0b1d66af5b6e10e0de1521decbf12140637e5b8d2aa9c5aef6"; }; - propagatedBuildInputs = [ ]; - doCheck = false; # 2 errors, dunnolol - meta = with pkgs.lib; { - homepage = ""; - license = licenses.mit; - description = "Python CoAP library"; - }; - }; LinkHeader = pythonPackages.buildPythonPackage { name = "LinkHeader-0.4.3"; src = pkgs.fetchurl { url = "https://files.pythonhosted.org/packages/27/d4/eb1da743b2dc825e936ef1d9e04356b5701e3a9ea022c7aaffdf4f6b0594/LinkHeader-0.4.3.tar.gz"; sha256 = "7fbbc35c0ba3fbbc530571db7e1c886e7db3d718b29b345848ac9686f21b50c3"; }; |