summaryrefslogtreecommitdiffstats
path: root/krebs/3modules
diff options
context:
space:
mode:
Diffstat (limited to 'krebs/3modules')
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/lass/default.nix9
-rw-r--r--krebs/3modules/newsbot-js.nix89
-rw-r--r--krebs/3modules/nginx.nix58
4 files changed, 149 insertions, 8 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 77fb3d61c..be530d46f 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -21,6 +21,7 @@ let
./go.nix
./iptables.nix
./lib.nix
+ ./newsbot-js.nix
./nginx.nix
./nixpkgs.nix
./on-failure.nix
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 4bf10ac56..148460735 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -19,6 +19,7 @@ with config.krebs.lib;
addrs6 = ["42:0000:0000:0000:0000:0000:d15f:1233"];
aliases = [
"dishfire.retiolum"
+ "dishfire.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -50,8 +51,10 @@ with config.krebs.lib;
addrs6 = ["42:941e:2816:35f4:5c5e:206b:3f0b:f763"];
aliases = [
"echelon.retiolum"
+ "echelon.r"
"cgit.echelon.retiolum"
"go.retiolum"
+ "go.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -83,6 +86,7 @@ with config.krebs.lib;
addrs6 = ["42:0000:0000:0000:0000:0000:0000:15ab"];
aliases = [
"prism.retiolum"
+ "prism.r"
"cgit.prism.retiolum"
];
tinc.pubkey = ''
@@ -114,6 +118,7 @@ with config.krebs.lib;
addrs6 = ["42:422a:194f:ff3b:e196:2f82:5cf5:bc00"];
aliases = [
"fastpoke.retiolum"
+ "fastpoke.r"
"cgit.fastpoke.retiolum"
];
tinc.pubkey = ''
@@ -144,6 +149,7 @@ with config.krebs.lib;
addrs6 = ["42:941e:2816:35f4:5c5e:206b:3f0b:f762"];
aliases = [
"cloudkrebs.retiolum"
+ "cloudkrebs.r"
"cgit.cloudkrebs.retiolum"
];
tinc.pubkey = ''
@@ -173,6 +179,7 @@ with config.krebs.lib;
addrs6 = ["42:dc25:60cf:94ef:759b:d2b6:98a9:2e56"];
aliases = [
"uriel.retiolum"
+ "uriel.r"
"cgit.uriel.retiolum"
];
tinc.pubkey = ''
@@ -203,6 +210,7 @@ with config.krebs.lib;
addrs6 = ["42:0:0:0:0:0:0:dea7"];
aliases = [
"mors.retiolum"
+ "mors.r"
"cgit.mors.retiolum"
];
tinc.pubkey = ''
@@ -229,6 +237,7 @@ with config.krebs.lib;
addrs6 = ["42:0:0:0:0:0:0:7105"];
aliases = [
"helios.retiolum"
+ "helios.r"
"cgit.helios.retiolum"
];
tinc.pubkey = ''
diff --git a/krebs/3modules/newsbot-js.nix b/krebs/3modules/newsbot-js.nix
new file mode 100644
index 000000000..b58c555e7
--- /dev/null
+++ b/krebs/3modules/newsbot-js.nix
@@ -0,0 +1,89 @@
+{ config, lib, pkgs, ... }:
+
+with builtins;
+with lib;
+
+let
+ inherit (config.krebs.lib) genid;
+
+ cfg = config.krebs.newsbot-js;
+
+ out = {
+ options.krebs.newsbot-js = api;
+ config = mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "Enable krebs newsbot";
+ ircServer = mkOption {
+ type = types.str;
+ default = "echelon.retiolum";
+ description = "to which server the bot should connect";
+ };
+ channel = mkOption {
+ type = types.str;
+ default = "#news";
+ description = "post the news in this channel";
+ };
+ masterNick = mkOption {
+ type = types.str;
+ default = "knews";
+ description = "nickname of the master bot";
+ };
+ feeds = mkOption {
+ type = types.path;
+ description = ''
+ file with feeds to post
+ format:
+ $nick|$feedURI
+ '';
+ };
+ urlShortenerHost = mkOption {
+ type = types.str;
+ default = "echelon";
+ description = "what server to use for url shortening, host";
+ };
+ urlShortenerPort = mkOption {
+ type = types.str;
+ default = "80";
+ description = "what server to use for url shortening, port";
+ };
+ };
+
+ imp = {
+ users.extraUsers.newsbot-js = {
+ name = "newsbot-js";
+ uid = genid "newsbot-js";
+ description = "newsbot-js user";
+ home = "/var/empty";
+ };
+
+ systemd.services.newsbot-js = {
+ description = "krebs newsbot";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+
+ path = with pkgs; [
+ newsbot-js
+ ];
+
+ environment = {
+ irc_server = cfg.ircServer;
+ master_nick = cfg.masterNick;
+ news_channel = cfg.channel;
+ feeds_file = cfg.feeds;
+ url_shortener_host = cfg.urlShortenerHost;
+ url_shortener_port = cfg.urlShortenerPort;
+ };
+
+ restartIfChanged = true;
+
+ serviceConfig = {
+ User = "newsbot-js";
+ Restart = "always";
+ ExecStart = "${pkgs.newsbot-js}/bin/newsbot";
+ };
+ };
+ };
+
+in out
diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix
index 8d0704e8c..816c2ff69 100644
--- a/krebs/3modules/nginx.nix
+++ b/krebs/3modules/nginx.nix
@@ -54,6 +54,34 @@ let
type = with types; string;
default = "";
};
+ ssl = mkOption {
+ type = with types; submodule ({
+ options = {
+ enable = mkEnableOption "ssl";
+ certificate = mkOption {
+ type = str;
+ };
+ certificate_key = mkOption {
+ type = str;
+ };
+ #TODO: check for valid cipher
+ ciphers = mkOption {
+ type = str;
+ default = "AES128+EECDH:AES128+EDH";
+ };
+ prefer_server_ciphers = mkOption {
+ type = bool;
+ default = true;
+ };
+ protocols = mkOption {
+ type = listOf (enum [ "SSLv2" "SSLv3" "TLSv1" "TLSv1.1" "TLSv1.2" ]);
+ default = [ "TLSv1.1" "TLSv1.2" ];
+
+ };
+ };
+ });
+ default = {};
+ };
};
});
default = {};
@@ -89,14 +117,28 @@ let
}
'';
- to-server = { server-names, listen, locations, extraConfig, ... }: ''
- server {
- ${concatMapStringsSep "\n" (x: "listen ${x};") listen}
- server_name ${toString server-names};
- ${indent extraConfig}
- ${indent (concatMapStrings to-location locations)}
- }
- '';
+ to-server = { server-names, listen, locations, extraConfig, ssl, ... }:
+ let
+ _extraConfig = if ssl.enable then
+ extraConfig + ''
+ ssl_certificate ${ssl.certificate};
+ ssl_certificate_key ${ssl.certificate_key};
+ ${optionalString ssl.prefer_server_ciphers "ssl_prefer_server_ciphers On;"}
+ ssl_ciphers ${ssl.ciphers};
+ ssl_protocols ${toString ssl.protocols};
+ ''
+ else
+ extraConfig
+ ;
+
+ in ''
+ server {
+ ${concatMapStringsSep "\n" (x: "listen ${x};") (listen ++ optional ssl.enable "443 ssl")}
+ server_name ${toString server-names};
+ ${indent _extraConfig}
+ ${indent (concatMapStrings to-location locations)}
+ }
+ '';
in
out