summaryrefslogtreecommitdiffstats
path: root/tv/2configs
diff options
context:
space:
mode:
Diffstat (limited to 'tv/2configs')
-rw-r--r--tv/2configs/default.nix1
-rw-r--r--tv/2configs/urlwatch.nix26
-rw-r--r--tv/2configs/wiregrill.nix37
3 files changed, 57 insertions, 7 deletions
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index d1384845a..53b11c620 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -6,6 +6,7 @@ with import ./lib;
krebs.build.user = config.krebs.users.tv;
+ networking.hostId = mkDefault (hashToLength 8 config.networking.hostName);
networking.hostName = config.krebs.build.host.name;
imports = [
diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix
index 7ba364ff3..f5260ee05 100644
--- a/tv/2configs/urlwatch.nix
+++ b/tv/2configs/urlwatch.nix
@@ -2,12 +2,16 @@ with import ./lib;
{ config, pkgs, ... }: let
exec = filename: args: url: {
inherit url;
- filter = "system:${
- concatMapStringsSep " " shell.escape ([filename] ++ toList args)
- }";
+ filter = singleton {
+ system =
+ concatMapStringsSep " " shell.escape ([filename] ++ toList args);
+ };
};
json = json' ["."];
json' = exec "${pkgs.jq}/bin/jq";
+ urigrep' = exec (pkgs.writeDash "urigrep" ''
+ ${pkgs.urix}/bin/urix | ${pkgs.gnugrep}/bin/grep -E "$1"
+ '');
xml = xml' ["--format" "-"];
xml' = exec "${pkgs.libxml2}/bin/xmllint";
in {
@@ -68,22 +72,30 @@ in {
https://raw.githubusercontent.com/NixOS/nixpkgs/master/nixos/modules/services/x11/xserver.nix
https://www.rabbitmq.com/changelog.html
+
+ (urigrep' ["software-resources"] https://semiconductor.samsung.com/consumer-storage/support/tools/)
];
hooksFile = toFile "hooks.py" ''
import subprocess
import urlwatch
- class CaseFilter(urlwatch.filters.FilterBase):
+ class SystemFilter(urlwatch.filters.FilterBase):
"""Filter for piping data through an external process"""
__kind__ = 'system'
+ __supported_subfilters__ = {
+ 'command': 'shell command line to tranform data',
+ }
+
+ __default_subfilter__ = 'command'
+
def filter(self, data, subfilter=None):
- if subfilter is None:
- raise ValueError('The system filter needs a command')
+ if 'command' not in subfilter:
+ raise ValueError('{} filter needs a command'.format(self.__kind__))
proc = subprocess.Popen(
- subfilter,
+ subfilter['command'],
shell=True,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
diff --git a/tv/2configs/wiregrill.nix b/tv/2configs/wiregrill.nix
new file mode 100644
index 000000000..d28a1ec29
--- /dev/null
+++ b/tv/2configs/wiregrill.nix
@@ -0,0 +1,37 @@
+with import ./lib;
+{ config, pkgs, ... }: let
+ cfg = {
+ enable = cfg.net != null;
+ net = config.krebs.build.host.nets.wiregrill or null;
+ };
+ toCidrNotation = ip: "${ip.addr}/${toString ip.prefixLength}";
+in
+ mkIf cfg.enable {
+ networking.wireguard.interfaces.wiregrill = {
+ ips =
+ optional (cfg.net.ip4 != null) cfg.net.ip4.addr ++
+ optional (cfg.net.ip6 != null) cfg.net.ip6.addr;
+ listenPort = 51820;
+ privateKeyFile = (toString <secrets>) + "/wiregrill.key";
+ allowedIPsAsRoutes = true;
+ peers = mapAttrsToList
+ (_: host: {
+ allowedIPs = host.nets.wiregrill.wireguard.subnets;
+ endpoint =
+ mkIf (host.nets.wiregrill.via != null) (host.nets.wiregrill.via.ip4.addr + ":${toString host.nets.wiregrill.wireguard.port}");
+ persistentKeepalive = mkIf (host.nets.wiregrill.via != null) 61;
+ publicKey =
+ replaceStrings ["\n"] [""] host.nets.wiregrill.wireguard.pubkey;
+ })
+ (filterAttrs (_: h: hasAttr "wiregrill" h.nets) config.krebs.hosts);
+ };
+ systemd.network.networks.wiregrill = {
+ matchConfig.Name = "wiregrill";
+ address =
+ optional (!isNull cfg.net.ip4) (toCidrNotation cfg.net.ip4) ++
+ optional (!isNull cfg.net.ip6) (toCidrNotation cfg.net.ip6);
+ };
+ tv.iptables.extra.filter.INPUT = [
+ "-p udp --dport ${toString cfg.net.wireguard.port} -j ACCEPT"
+ ];
+ }