diff options
Diffstat (limited to 'krebs/3modules')
| -rw-r--r-- | krebs/3modules/backup.nix | 6 | ||||
| -rw-r--r-- | krebs/3modules/ergo.nix | 15 | ||||
| -rw-r--r-- | krebs/3modules/external/default.nix | 1 | ||||
| -rw-r--r-- | krebs/3modules/external/mic92.nix | 19 | ||||
| -rw-r--r-- | krebs/3modules/tv/default.nix | 26 |
5 files changed, 61 insertions, 6 deletions
diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index c5cb1cae6..4a88582a2 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -157,7 +157,8 @@ let # of the deepest directory: # shellcheck disable=SC2174 ${local.rsync} >&2 \ - -aAXF --delete \ + -aAX --delete \ + --filter='dir-merge /.backup-filter' \ --rsh=${shell.escape ssh} \ --rsync-path=${shell.escape remote.rsync} \ --link-dest=${shell.escape plan.dst.path}/current \ @@ -191,7 +192,8 @@ let echo >&2 "create snapshot: $ns/$name" mkdir -m 0700 -p "$dst_path/$ns" rsync >&2 \ - -aAXF --delete \ + -aAX --delete \ + --filter='dir-merge /.backup-filter' \ --link-dest="$dst_path/current" \ "$dst_path/current/" \ "$dst_path/$ns/.partial.$name" diff --git a/krebs/3modules/ergo.nix b/krebs/3modules/ergo.nix index 3153e4cfc..50c5ab628 100644 --- a/krebs/3modules/ergo.nix +++ b/krebs/3modules/ergo.nix @@ -2,6 +2,13 @@ options = { krebs.ergo = { enable = lib.mkEnableOption "Ergo IRC daemon"; + openFilesLimit = lib.mkOption { + type = lib.types.int; + default = 1024; + description = '' + Maximum number of open files. Limits the clients and server connections. + ''; + }; config = lib.mkOption { type = (pkgs.formats.json {}).type; description = '' @@ -54,8 +61,8 @@ multiclient = { enabled = true; allowed-by-default = true; - always-on = "opt-in"; - auto-away = "opt-in"; + always-on = "opt-out"; + auto-away = "opt-out"; }; }; channels = { @@ -111,13 +118,15 @@ systemd.services.ergo = { description = "Ergo IRC daemon"; wantedBy = [ "multi-user.target" ]; - reloadIfChanged = true; + # reload currently not working as expected + # reloadIfChanged = true; restartTriggers = [ configFile ]; serviceConfig = { ExecStart = "${pkgs.ergo}/bin/ergo run --conf /etc/ergo.yaml"; ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID"; DynamicUser = true; StateDirectory = "ergo"; + LimitNOFILE = "${toString cfg.openFilesLimit}"; }; }; }); diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 66914797d..4a1efe8fc 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -321,7 +321,6 @@ in { "zaatar.r" "zaatar.kmein.r" "grocy.kmein.r" - "bvg.kmein.r" "moodle.kmein.r" ]; tinc.pubkey = '' diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index f8c371b7f..349a6c343 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -675,6 +675,25 @@ in { }; }; }; + jarvis = { + owner = config.krebs.users.mic92; + nets = rec { + retiolum = { + aliases = [ "jarvis.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA7PtJlYBpBr2TK5CAvAukkGvj+esC+sMPKd3mO9iDwdViBrqKdf+D + yEy8SI80Y02dpkL97NjvnzepKpyGQWpG1ZQflJLhCTj7oFyVpWd4XsbIuzYp5ES6 + r8qKWs2xcItc1pbW0ZmrCBzdWsC1B0VAHlYkiz+7vM6pCTvg6hNQugP4c1TRCtJC + Sr+n+EjTXN/NTaKl+f7eoHJGnT5liDO3/xZVxm8AuLnron1xPPDghXClVHfDj5mt + f66f+CLwZhq3BrZuptwXp7TerMfrNtPyTx96b+EyuLPjrYxKeKL/+Nbr3VmmiDIV + tsraNc+0a8OBpVsYh4MQLp55NYwqxAoetQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "RRkMnGSg+nMkz4L2iqmdFf2fIf4wIfcTM0TlTWLLNCE"; + }; + }; + }; bernie = { owner = config.krebs.users.mic92; nets = rec { diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 8d48c2a47..4e40561c2 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -82,6 +82,32 @@ in { ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsqDuhGJpjpqNv4QmjoOhcODObrPyY3GHLvtVkgXV0g root@au"; }; + bu = { + ci = true; + cores = 4; + nets = { + retiolum = { + ip4.addr = "10.243.13.36"; + aliases = [ + "bu.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAxjAvT1sfHPWExhWRoXG+NJbYUmf5q4yfpfBRvb232LC9sLn4Z2wb + hxKreR5/j9a/2hRIlCz4IwKftl5vroG9Vy4e7zZIz6QvN4TqED8dUjJ1ubhtj47l + jjHW4cHLUWsaqqu6TAuPH26qPSxm9VrD6rZIX9RmQ1bWIaonVB3Q+XnDfPlISw6M + gbQXz4tOsOnC+y/6C3VPUo0nqC+PuA/kyRq/ivVutKd0dTSY8LmCDNla6AEVD5dG + sIqPWX5h8fjqU7G3oOMvMsBrCkvRRB0F0dQzGo8EXwCDJxa+xOuk5n1GYJ2lqeM/ + st7KIxmLvO5AE7cUxdLlDj4EzVLSDoAqOwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "/MXEuv96HlrpHBto8KP2S6Ztiahhi3H7AevmbYS+xqE"; + }; + }; + secure = true; + ssh.privkey.path = config.krebs.secret.file "ssh.id_rsa"; + ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1Y13PvTn+9VjQbgy2ZmpAEFXyYaroYP/5nK9o7B8cidf01Sh39184mG8KN8VuEzCj7b37KnLH8qUDcsukvkxOVSoVHmXH+/Pgbmsxp4c9sxLQLHBfCazhT0S3Zs+BkR6LNQ8GOCS1qsgy05L6fMXoQgds3Zx/X4ZYjLnYVnJo8k+6aP4pU/rB6GFzGG9UrLDvSvk/PoswpEr7S6uFa4bF8JWD5VPkQTPTNwm1LWH4va+ABcw9KOgL2tsAk/jJlkLD4qgXowqgbwcpfe+QCukJb7uIQjRtOgxSAhHqT1nxjS6gROhGt0ojuwALaZaFPr9YtGlqxPhUzAXWKvvbVcr6kkR17HrtXZeLdFqwrUPlkIDFV6yLbYzQGKPFwxtpoJaH/irv6cgeXnHaa9XQJk+XJ5pE0X9uNljGr3B8LMKymdlvvBiWOOLpYsHg5aVOR+K7HvydLSuaah8hpCLjjVyIYIl/pIDL4F/FUSxcFBB4fgdXB77LXm5UizmI7+dqZaOQSm8qXbLZ8P+13ele2JyV1pmvJbLFlhCksDMOXx9jvSJQ6DOjPd+2vtABWh9XGo2Fiy+ekB9LTzlW+xON4FRZDoTPrPmhg40v+s7lySHx3miwCIJfNfLJpf0dxm3pQYWZPIra1RA9hbgstXBJ3+2VA5JEuVRt0SEygN5Kgk1Y5w== root@bu"; + }; hu = { nets = { retiolum = { |