diff options
Diffstat (limited to 'krebs')
32 files changed, 131 insertions, 1119 deletions
diff --git a/krebs/1systems/filebitch/config.nix b/krebs/1systems/filebitch/config.nix index 254306ecb..44c14674e 100644 --- a/krebs/1systems/filebitch/config.nix +++ b/krebs/1systems/filebitch/config.nix @@ -28,7 +28,6 @@ in ]; krebs.build.host = config.krebs.hosts.filebitch; - sound.enable = false; services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="60:a4:4c:3d:52:cf", NAME="et0" diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 0a103ed1a..91071ec85 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -6,7 +6,6 @@ ../../../krebs/2configs ../../../krebs/2configs/nginx.nix - ../../../krebs/2configs/buildbot-stockholm.nix ../../../krebs/2configs/binary-cache/nixos.nix ../../../krebs/2configs/ircd.nix ../../../krebs/2configs/reaktor2.nix @@ -15,6 +14,10 @@ ../../../krebs/2configs/mud.nix ../../../krebs/2configs/repo-sync.nix + ../../../krebs/2configs/buildbot-stockholm.nix + #../../../krebs/2configs/buildbot/master.nix + #../../../krebs/2configs/buildbot/worker.nix + ../../../krebs/2configs/cal.nix ../../../krebs/2configs/mastodon.nix diff --git a/krebs/1systems/news/config.nix b/krebs/1systems/news/config.nix deleted file mode 100644 index 290870fce..000000000 --- a/krebs/1systems/news/config.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - ../../../krebs - ../../../krebs/2configs - - ../../../krebs/2configs/ircd.nix - ../../../krebs/2configs/go.nix - - #### NEWS #### - ../../../krebs/2configs/ircd.nix - ../../../krebs/2configs/news.nix - ]; - - krebs.build.host = config.krebs.hosts.news; - krebs.hosts.news.ssh.privkey.path = "${config.krebs.secret.directory}/ssh.id_ed25519"; - - boot.isContainer = true; - networking.useDHCP = lib.mkForce true; - krebs.sync-containers3.inContainer = { - enable = true; - pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBVZomw68WDQy0HsHhNbWK1KpzaR5aRUG1oioE7IgCv"; - }; -} diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index d3891af82..542106d5f 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -2,51 +2,52 @@ { imports = [ ./net.nix - <stockholm/krebs> - <stockholm/krebs/2configs> - <stockholm/krebs/2configs/secret-passwords.nix> - <stockholm/krebs/2configs/hw/x220.nix> + ../../../krebs + ../../../krebs/2configs + ../../2configs/secret-passwords.nix + ../../2configs/hw/x220.nix # see documentation in included getty-for-esp.nix: # brain hosts/puyak/root - <stockholm/krebs/2configs/hw/getty-for-esp.nix> + ../../2configs/hw/getty-for-esp.nix + ../../2configs/buildbot/worker.nix ## initrd unlocking - # (brain hosts/puyak/luks-ssd;echo) | ssh root@$(brain krebs-secrets/puyak/initrd/hostname) 'cat > /crypt-ramfs/passphrase' - <stockholm/krebs/2configs/tor/initrd.nix> + # (brain hosts/puyak/luks-ssd;echo) | ssh root@$(brain krebs-secrets/puyak/initrd/hostname) 'cat /crypt-ramfs/passphrase' + ../../2configs/tor/initrd.nix - <stockholm/krebs/2configs/binary-cache/nixos.nix> - <stockholm/krebs/2configs/binary-cache/prism.nix> + ../../2configs/binary-cache/nixos.nix + ../../2configs/binary-cache/prism.nix ## news host - <stockholm/krebs/2configs/container-networking.nix> - <stockholm/krebs/2configs/syncthing.nix> + ../../2configs/container-networking.nix + ../../2configs/syncthing.nix ### shackspace ### # handle the worlddomination map via coap - <stockholm/krebs/2configs/shack/worlddomination.nix> - <stockholm/krebs/2configs/shack/ssh-keys.nix> + ../../2configs/shack/worlddomination.nix + ../../2configs/shack/ssh-keys.nix # drivedroid.shack for shackphone - <stockholm/krebs/2configs/shack/drivedroid.nix> - # <stockholm/krebs/2configs/shack/nix-cacher.nix> + ../../2configs/shack/drivedroid.nix + # ../../2configs/shack/nix-cacher.nix # Say if muell will be collected - <stockholm/krebs/2configs/shack/muell_caller.nix> + ../../2configs/shack/muell_caller.nix # provide muellshack api: muell.shack - <stockholm/krebs/2configs/shack/muellshack.nix> + ../../2configs/shack/muellshack.nix # send mail if muell was not handled - <stockholm/krebs/2configs/shack/muell_mail.nix> + ../../2configs/shack/muell_mail.nix # provide light control api - <stockholm/krebs/2configs/shack/node-light.nix> # light.shack lounge.light.shack power.light.shack openhab.shack lightapi.shack + ../../2configs/shack/node-light.nix # light.shack lounge.light.shack power.light.shack openhab.shack lightapi.shack # light.shack web-ui - <stockholm/krebs/2configs/shack/light.shack.nix> #light.shack + ../../2configs/shack/light.shack.nix #light.shack # fetch the u300 power stats - <stockholm/krebs/2configs/shack/power/u300-power.nix> + ../../2configs/shack/power/u300-power.nix { # do not log to /var/spool/log @@ -66,56 +67,55 @@ } # create samba share for anonymous usage with the laser and 3d printer pc - <stockholm/krebs/2configs/shack/share.nix> + ../../2configs/shack/share.nix # mobile.lounge.mpd.shack - <stockholm/krebs/2configs/shack/mobile.mpd.nix> + ../../2configs/shack/mobile.mpd.nix # hass.shack - <stockholm/krebs/2configs/shack/glados> - <stockholm/krebs/2configs/shack/esphome.nix> + ../../2configs/shack/glados + ../../2configs/shack/esphome.nix # connect to git.shackspace.de as group runner for rz - <stockholm/krebs/2configs/shack/gitlab-runner.nix> + ../../2configs/shack/gitlab-runner.nix # Statistics collection and visualization - # <stockholm/krebs/2configs/shack/graphite.nix> # graphiteApi is broken and unused(hopefully) + # ../../2configs/shack/graphite.nix # graphiteApi is broken and unused(hopefully) ## Collect data from mqtt.shack and store in graphite database - <stockholm/krebs/2configs/shack/mqtt_sub.nix> + ../../2configs/shack/mqtt_sub.nix ## Collect radioactive data and put into graphite - <stockholm/krebs/2configs/shack/radioactive.nix> + ../../2configs/shack/radioactive.nix ## mqtt.shack - <stockholm/krebs/2configs/shack/mqtt.nix> + ../../2configs/shack/mqtt.nix ## influx.shack - <stockholm/krebs/2configs/shack/influx.nix> + ../../2configs/shack/influx.nix ## Collect local statistics via collectd and send to collectd - # <stockholm/krebs/2configs/stats/shack-client.nix> - # <stockholm/krebs/2configs/stats/shack-debugging.nix> + # ../../2configs/stats/shack-client.nix + # ../../2configs/stats/shack-debugging.nix ## netbox.shack: Netbox is disabled as nobody seems to be using it anyway - # <stockholm/krebs/2configs/shack/netbox.nix> + # ../../2configs/shack/netbox.nix # grafana.shack - <stockholm/krebs/2configs/shack/grafana.nix> + ../../2configs/shack/grafana.nix # shackdns.shack # replacement for leases.shack and shackles.shack - <stockholm/krebs/2configs/shack/shackDNS.nix> + ../../2configs/shack/shackDNS.nix # monitoring: prometheus.shack - <stockholm/krebs/2configs/shack/prometheus/node.nix> - <stockholm/krebs/2configs/shack/prometheus/server.nix> - <stockholm/krebs/2configs/shack/prometheus/blackbox.nix> - #<stockholm/krebs/2configs/shack/prometheus/unifi.nix> + ../../2configs/shack/prometheus/node.nix + ../../2configs/shack/prometheus/server.nix + ../../2configs/shack/prometheus/blackbox.nix + #../../2configs/shack/prometheus/unifi.nix # TODO: alertmanager 0.24+ supports telegram - # <stockholm/krebs/2configs/shack/prometheus/alertmanager-telegram.nix> + # ../../2configs/shack/prometheus/alertmanager-telegram.nix ]; krebs.build.host = config.krebs.hosts.puyak; krebs.hosts.puyak.ssh.privkey.path = "${config.krebs.secret.directory}/ssh.id_ed25519"; - sound.enable = false; boot = { loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = true; diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 6ff280f79..9f966ee01 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -73,7 +73,6 @@ in ''; time.timeZone = "Europe/Berlin"; - sound.enable = false; # avahi services.avahi = { diff --git a/krebs/2configs/buildbot/master.nix b/krebs/2configs/buildbot/master.nix new file mode 100644 index 000000000..9598f6fa0 --- /dev/null +++ b/krebs/2configs/buildbot/master.nix @@ -0,0 +1,33 @@ +{buildbot-nix,...}: +let + #domain = "buildbot.krebsco.de"; + domain = "build.hotdog.r"; +in { + imports = [ + buildbot-nix.nixosModules.buildbot-master + ]; + + #services.nginx.virtualHosts."${domain}" = { + # enableACME = true; + # forceSSL = true; + #}; + + + services.buildbot-nix.master = { + enable = true; + admins = [ "makefu" ]; + buildSystems = [ "x86_64-linux" "aarch64-linux" ]; + inherit domain; + evalMaxMemorySize = "4096"; + evalWorkerCount = 16; + workersFile = "/var/src/secrets/buildbot/nix-workers"; + github = { + tokenFile = "/var/src/secrets/buildbot/github-token"; + webhookSecretFile = "/var/src/secrets/buildbot/github-webhook-secret"; + oauthSecretFile = "/var/src/secrets/buildbot/github-oauth-secret"; + oauthId = "Ov23lizFP7t7qoE9FuDA"; + user = "krebs-bob"; + topic = "buildbot"; + }; + }; +} diff --git a/krebs/2configs/buildbot/worker.nix b/krebs/2configs/buildbot/worker.nix new file mode 100644 index 000000000..5526a83d3 --- /dev/null +++ b/krebs/2configs/buildbot/worker.nix @@ -0,0 +1,13 @@ +{ config, buildbot-nix, ... }: +{ + imports = [ + buildbot-nix.nixosModules.buildbot-worker + ]; + + services.buildbot-nix.worker = { + enable = true; + name = config.krebs.build.host.name; + workerPasswordFile = "/var/src/secrets/nix-worker-file"; + masterUrl = "tcp:host=gum:port=9989"; + }; +} diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix index 5d64555c8..e7bf3078f 100644 --- a/krebs/2configs/default.nix +++ b/krebs/2configs/default.nix @@ -28,12 +28,11 @@ with import ../../lib/pure.nix { inherit lib; }; networking.hostName = config.krebs.build.host.name; nix.maxJobs = 1; - nix.useSandbox = true; + nix.settings.sandbox = true; environment.systemPackages = with pkgs; [ git vim - rxvt_unicode.terminfo ]; console.keyMap = "us"; diff --git a/krebs/2configs/exim-smarthost.nix b/krebs/2configs/exim-smarthost.nix index 6445783f0..ceb11ca64 100644 --- a/krebs/2configs/exim-smarthost.nix +++ b/krebs/2configs/exim-smarthost.nix @@ -16,7 +16,9 @@ in { makefu tv ]; - eloop-ml = spam-ml; + eloop-ml = spam-ml ++ [ + { mail = "unreal@rtinf.net"; } + ]; krebstel-ml = [ config.krebs.users."0x4A6F" { mail = "krebstel-1rxz0mqa95nkmk298s1731ly0ii7vc36kkm36pnjj89hrq52pgn1@ni.r"; } @@ -32,6 +34,7 @@ in { in { "brain@krebsco.de" = brain-ml; "eloop2022@krebsco.de" = eloop-ml; + "2024@eloop.org" = eloop-ml; "root@eloop.org" = eloop-ml; # obsolete, use spam@eloop.org instead "spam@eloop.org" = eloop-ml; "youtube@eloop.org" = eloop-ml; # obsolete, use spam@eloop.org instead diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix index 980c2c9aa..a797673c9 100644 --- a/krebs/2configs/hw/x220.nix +++ b/krebs/2configs/hw/x220.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ lib, pkgs, ... }: { networking.wireless.enable = lib.mkDefault true; diff --git a/krebs/2configs/mastodon.nix b/krebs/2configs/mastodon.nix index ebc4207a0..b81c229b6 100644 --- a/krebs/2configs/mastodon.nix +++ b/krebs/2configs/mastodon.nix @@ -14,7 +14,6 @@ localDomain = "social.krebsco.de"; configureNginx = true; streamingProcesses = 3; - trustedProxy = config.krebs.hosts.prism.nets.retiolum.ip6.addr; smtp.createLocally = false; smtp.fromAddress = "derp"; }; diff --git a/krebs/2configs/matterbridge.nix b/krebs/2configs/matterbridge.nix index f42921824..aa33f748f 100644 --- a/krebs/2configs/matterbridge.nix +++ b/krebs/2configs/matterbridge.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: { +{ pkgs, lib, config, ... }: { services.matterbridge = { enable = true; configPath = let diff --git a/krebs/2configs/mud.nix b/krebs/2configs/mud.nix index a53596cc6..992f2ebdc 100644 --- a/krebs/2configs/mud.nix +++ b/krebs/2configs/mud.nix @@ -5,18 +5,6 @@ MUD_SERVER=''${MUD_SERVER:-127.0.0.1} MUD_PORT=''${MUD_PORT:-8080} - if $(${pkgs.libressl.nc}/bin/nc -z "$MUD_SERVER" "$MUD_PORT"); then - ${nvim}/bin/nvim \ - +"let g:instant_username = \"$MUD_NICKNAME\"" \ - +":InstantJoinSession $MUD_SERVER $MUD_PORT" \ - "$@" - else - ${nvim}/bin/nvim \ - +"let g:instant_username = \"$MUD_NICKNAME\"" \ - +":InstantStartServer $MUD_SERVER $MUD_PORT" \ - +":InstantStartSession $MUD_SERVER $MUD_PORT" \ - "$@" - fi ''; nvim = pkgs.neovim.override { # vimAlias = true; @@ -31,7 +19,6 @@ nerdtree # file structure inside nvim rainbow # Color parenthesis customPlugins.hack-color - customPlugins.instant ]; opt = []; }; @@ -97,15 +84,6 @@ inoremap <f2> <esc>:tabn<cr> ''; customPlugins = { - instant = pkgs.vimUtils.buildVimPlugin { - name = "instant"; - src = pkgs.fetchFromGitHub { - owner = "jbyuki"; - repo = "instant.nvim"; - rev = "c02d72267b12130609b7ad39b76cf7f4a3bc9554"; - sha256 = "sha256-7Pr2Au/oGKp5kMXuLsQY4BK5Wny9L1EBdXtyS5EaZPI="; - }; - }; hack-color = (rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let name = "hack"; in { @@ -162,10 +140,6 @@ in { ]; packages = with pkgs; [ tmux - (pkgs.writers.writeDashBin "instant_server" '' - find ${customPlugins.instant} - find ${customPlugins.instant.src} - '') mud ]; }; diff --git a/krebs/2configs/news-host.nix b/krebs/2configs/news-host.nix deleted file mode 100644 index 9b8627d61..000000000 --- a/krebs/2configs/news-host.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ config,lib, ... }: -{ - nixpkgs.config.allowUnfree = true; # "consul-1.18.0" - krebs.sync-containers3.containers.news = { - sshKey = "${config.krebs.secret.directory}/news.sync.key"; - }; -} diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix deleted file mode 100644 index 9d9470727..000000000 --- a/krebs/2configs/news.nix +++ /dev/null @@ -1,207 +0,0 @@ -{ config, pkgs, ... }: - -{ - services.rss-bridge = { - enable = true; - whitelist = [ "*" ]; - }; - services.nginx.virtualHosts = { - rss-bridge = { - serverAliases = [ - "rss.r" - ]; - }; - "brockman.r" = { - serverAliases = [ - "news.r" - ]; - locations."/api".extraConfig = '' - proxy_pass http://127.0.0.1:7777/; - proxy_pass_header Server; - ''; - locations."= /graph.html".extraConfig = '' - alias ${pkgs.fetchurl { - url = "https://raw.githubusercontent.com/kmein/brockman/05d33c8caaaf6255752f9600981974bb58390851/tools/graph.html"; - sha256 = "0iw2vdzj6kzkix1c447ybmc953lns6z4ap6sr9pcib8bany4g43w"; - }}; - ''; - locations."/".extraConfig = '' - root /var/lib/brockman; - index brockman.json; - ''; - extraConfig = '' - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - ''; - }; - }; - systemd.tmpfiles.rules = [ - "d /var/lib/brockman 1750 brockman nginx -" - "d /run/irc-api 1750 brockman nginx -" - ]; - - systemd.services.brockman-graph = { - path = [ - pkgs.graphviz - pkgs.jq - pkgs.inotify-tools - ]; - serviceConfig = { - ExecStart = pkgs.writers.writeDash "brockman-graph" '' - - while :; do - graphviz="$(cat /var/lib/brockman/brockman.json \ - | jq -r ' - .bots | - to_entries | - map(select(.value.extraChannels|length > 1 )) | - .[] | - "\"\(.key)\" -> {\(.value.extraChannels|map("\""+.+"\"")|join(" "))}" - ')" - echo "digraph news { $graphviz }" | circo -Tsvg > /var/lib/brockman/graph.svg - - inotifywait -q -e MODIFY /var/lib/brockman/brockman.json - done - ''; - User = "brockman"; - }; - wantedBy = [ "multi-user.target" ]; - }; - - services.ergochat.openFilesLimit = 16384; - services.ergochat.settings = { - limits.nicklen = 100; - limits.identlen = 100; - history.enabled = false; - }; - systemd.services.brockman.bindsTo = [ "ergochat.service" ]; - systemd.services.brockman.serviceConfig.LimitNOFILE = 16384; - systemd.services.brockman.environment.BROCKMAN_LOG_LEVEL = "DEBUG"; - krebs.brockman = { - enable = true; - config = { - irc.host = "localhost"; - channel = "#all"; - shortener = "http://go.r"; - controller = { - nick = "brockman"; - extraChannels = [ "#all" ]; - }; - statePath = "/var/state/brockman/brockman.json"; - bots = {}; - }; - }; - - krebs.reaktor2.api = { - hostname = "localhost"; - port = "6667"; - nick = "api"; - API.listen = "inet://127.0.0.1:7777"; - plugins = [ - { - plugin = "register"; - config = { - channels = [ - "#all" - ]; - }; - } - ]; - }; - krebs.reaktor2.news = let - name = "candyman"; - in { - hostname = "localhost"; - port = "6667"; - nick = name; - plugins = [ - { - plugin = "register"; - config = { - channels = [ - "#all" - "#aluhut" - "#news" - "#lasstube" - ]; - }; - } - { - plugin = "system"; - config = { - hooks.PRIVMSG = [ - { - activate = "match"; - pattern = "^${name}:\\s*(\\S*)(?:\\s+(.*\\S))?\\s*$"; - command = 1; - arguments = [2]; - commands = { - add-reddit.filename = pkgs.writeDash "add-reddit" '' - set -euf - if [ "$#" -ne 1 ]; then - echo 'usage: ${name}: add-reddit $reddit_channel' - exit 1 - fi - reddit_channel=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]') - echo "brockman: add r_$reddit_channel http://rss.r/?action=display&bridge=Reddit&context=single&r=$reddit_channel&format=Atom" - ''; - add-telegram.filename = pkgs.writeDash "add-telegram" '' - set -euf - if [ "$#" -ne 1 ]; then - echo 'usage: ${name}: add-telegram $telegram_user' - exit 1 - fi - telegram_user=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]') - echo "brockman: add t_$telegram_user http://rss.r/?action=display&bridge=Telegram&username=$telegram_user&format=Mrss" - ''; - add-youtube.filename = pkgs.writeDash "add-youtube" '' - set -euf - if [ "$#" -ne 1 ]; then - echo 'usage: ${name}: add-youtube $nick $channel/video/stream/id' - exit 1 - fi - youtube_nick=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]') - youtube_url=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][1]') - if [ ''${#youtube_url} -eq 24 ]; then - youtube_id=$youtube_url - else - youtube_id=$(${pkgs.yt-dlp}/bin/yt-dlp --max-downloads 1 -j "$youtube_url" | ${pkgs.jq}/bin/jq -r '.channel_id') - fi - echo "brockman: add yt_$youtube_nick http://rss.r/?action=display&bridge=Youtube&context=By+channel+id&c=$youtube_id&duration_min=&duration_max=&format=Mrss" - ''; - add-twitch.filename = pkgs.writeDash "add-twitch" '' - set -euf - if [ "$#" -ne 1 ]; then - echo 'usage: ${name}: add-twitch $handle' - exit 1 - fi - twitch_nick=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]') - echo "brockman: add twitch_$twitch_nick http://rss.r/?action=display&bridge=Twitch&channel=$twitch_nick&type=all&format=Atom" - ''; - add-twitter.filename = pkgs.writeDash "add-twitter" '' - set -euf - if [ "$#" -ne 1 ]; then - echo 'usage: ${name}: add-twitter $handle' - exit 1 - fi - twitter_nick=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]') - echo "brockman: add tw_$twitter_nick http://rss.r/?action=display&bridge=Twitter&context=By+username&u=$twitter_nick&norep=on&noretweet=on&nopinned=on&nopic=on&format=Atom" - ''; - search.filename = pkgs.writeDash "search" '' - set -euf - if [ "$#" -ne 1 ]; then - echo 'usage: ${name}: search $searchterm' - exit 1 - fi - searchterm=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]') - ${pkgs.curl}/bin/curl -Ss "https://feedsearch.dev/api/v1/search?url=$searchterm&info=true&favicon=false" | - ${pkgs.jq}/bin/jq '.[].url' - ''; - }; - } - ]; - }; - } - ]; - }; -} diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index e84827656..faabf7677 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -253,24 +253,6 @@ let }; }; - vicuna = { - pattern = "^!vicuna (.*)$"; - activate = "match"; - arguments = [1]; - timeoutSec = 1337; - command = { - filename = pkgs.writeDash "vicuna" '' - set -efu - - mkdir -p ${stateDir}/vicuna - export CONTEXT=${stateDir}/vicuna/"$_msgtarget".context - ${pkgs.vicuna-chat}/bin/vicuna-chat "$@" | - echo "$_from: $(cat)" | - fold -s -w 426 - ''; - }; - }; - locationsLib = pkgs.writeText "locations.sh" '' ENDPOINT=http://c.r/poi.json get_locations() { @@ -428,10 +410,8 @@ let bedger-balance bing bing-img - hooks.sed interrogate say - vicuna (generators.command_hook { inherit (commands) dance random-emoji nixos-version; tell = { diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 961b217e1..6d666b6d6 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -391,12 +391,12 @@ let }; }; - services.fcgiwrap = { - enable = true; - user = cfg.cgit.fcgiwrap.user.name; - group = cfg.cgit.fcgiwrap.group.name; - # socketAddress = "/run/fcgiwrap.sock" (default) - # socketType = "unix" (default) + services.fcgiwrap.instances.cgit = { + process.user = cfg.cgit.fcgiwrap.user.name; + process.group = cfg.cgit.fcgiwrap.group.name; + socket.user = cfg.cgit.fcgiwrap.user.name; + socket.group = config.services.nginx.group; + socket.mode = "0660"; }; environment.etc."cgitrc".text = let @@ -460,7 +460,7 @@ let fastcgi_param PATH_INFO $uri; fastcgi_param QUERY_STRING $args; fastcgi_param HTTP_HOST $server_name; - fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_pass unix:${config.services.fcgiwrap.instances.cgit.socket.address}; ''; # Smart HTTP transport. Regex based on. # https://github.com/git/git/blob/v2.27.0/http-backend.c#L708-L721 @@ -480,7 +480,7 @@ let }}; fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_param SCRIPT_FILENAME ${pkgs.git}/bin/git-http-backend; - fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_pass unix:${config.services.fcgiwrap.instances.cgit.socket.address}; ''; locations."/static/".extraConfig = '' root ${pkgs.cgit}/cgit; diff --git a/krebs/3modules/go.nix b/krebs/3modules/go.nix index 0c3f42f1c..1db19e1ca 100644 --- a/krebs/3modules/go.nix +++ b/krebs/3modules/go.nix @@ -21,15 +21,16 @@ let imp = { services.redis.servers.go.enable = true; + users.users.htgen-go.extraGroups = [ "redis-go" ]; krebs.htgen.go = { port = cfg.port; - script = ''. ${pkgs.writeDash "go" '' + script = ''. ${pkgs.writers.writeDash "go" '' set -x case "$Method $Request_URI" in "GET /"*) - if item=$(${pkgs.redis}/b |