From 34930b3db2d4386e4826ae782f0c24044e45b9c5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 31 Aug 2021 20:26:53 +0200 Subject: htgen-cyberlocker: remove crud, exit after success POST --- krebs/5pkgs/simple/htgen-cyberlocker/src/htgen-cyberlocker | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/krebs/5pkgs/simple/htgen-cyberlocker/src/htgen-cyberlocker b/krebs/5pkgs/simple/htgen-cyberlocker/src/htgen-cyberlocker index 6c3ed6552..ab9c4e8e3 100644 --- a/krebs/5pkgs/simple/htgen-cyberlocker/src/htgen-cyberlocker +++ b/krebs/5pkgs/simple/htgen-cyberlocker/src/htgen-cyberlocker @@ -57,10 +57,7 @@ case "$Method $path" in mkdir -v -p $STATEDIR/items >&2 cp -v $content $item >&2 - - scheme=${req_x_forwarded_proto-http} - link=$scheme://$req_host/$path - + exit ;; 'GET /'*) item=$STATEDIR/items/$(echo "$path" | jq -rR @uri) -- cgit v1.2.3 From e6884999a9a002c20ab854aa14c428792ab72b21 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 31 Aug 2021 21:35:23 +0200 Subject: ma pkgs.mediawiki-matrix-bot: init at 1.0.0 --- makefu/5pkgs/mediawiki-matrix-bot/default.nix | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 makefu/5pkgs/mediawiki-matrix-bot/default.nix diff --git a/makefu/5pkgs/mediawiki-matrix-bot/default.nix b/makefu/5pkgs/mediawiki-matrix-bot/default.nix new file mode 100644 index 000000000..4a91a9161 --- /dev/null +++ b/makefu/5pkgs/mediawiki-matrix-bot/default.nix @@ -0,0 +1,22 @@ +{ buildPythonApplication, fetchFromGitHub, feedparser, matrix-nio, docopt, aiohttp, aiofiles, +mypy }: + +buildPythonApplication rec { + pname = "mediawiki-matrix-bot"; + version = "1.0.0"; + src = fetchFromGitHub { + owner = "nix-community"; + repo = "mediawiki-matrix-bot"; + rev = "v${version}"; + sha256 = "1923097j1xh34jmm0zhmvma614jcxaagj89c1fc1j2qyv14ybsvs"; + }; + propagatedBuildInputs = [ + feedparser matrix-nio docopt aiohttp aiofiles + ]; + nativeBuildInputs = [ + mypy + ]; + checkPhase = '' + mypy --strict mediawiki_matrix_bot + ''; +} -- cgit v1.2.3 From e8dc3141ae6a7f109c6ce9e5852dd1a62c60d543 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 31 Aug 2021 22:44:27 +0200 Subject: cyberlocker-tools: normalize url --- krebs/5pkgs/simple/cyberlocker-tools/default.nix | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/krebs/5pkgs/simple/cyberlocker-tools/default.nix b/krebs/5pkgs/simple/cyberlocker-tools/default.nix index d43be1d69..6e6563fb1 100644 --- a/krebs/5pkgs/simple/cyberlocker-tools/default.nix +++ b/krebs/5pkgs/simple/cyberlocker-tools/default.nix @@ -5,15 +5,19 @@ pkgs.symlinkJoin { (pkgs.writers.writeDashBin "cput" '' set -efu path=''${1:-$(hostname)} + path=$(echo "/$path" | sed -E 's:/+:/:') + url=http://c.r$path - ${pkgs.curl}/bin/curl -fSs --data-binary @- "http://c.r/$path" - echo "http://c.r/$path" + ${pkgs.curl}/bin/curl -fSs --data-binary @- "$url" + echo "$url" '') (pkgs.writers.writeDashBin "cdel" '' set -efu path=$1 + path=$(echo "/$path" | sed -E 's:/+:/:') + url=http://c.r$path - ${pkgs.curl}/bin/curl -f -X DELETE "http://c.r/$path" + ${pkgs.curl}/bin/curl -f -X DELETE "$url" '') ]; } -- cgit v1.2.3 From 5c570ab3fc90ca689a9f01c0bffd2470130738ba Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 1 Sep 2021 13:35:05 +0200 Subject: ma nix-community: add mediawiki-matrix-bot --- makefu/1systems/gum/config.nix | 3 ++- .../nix-community/mediawiki-matrix-bot.nix | 23 ++++++++++++++++++++++ .../5pkgs/custom/mediawiki-matrix-bot/default.nix | 22 +++++++++++++++++++++ makefu/5pkgs/mediawiki-matrix-bot/default.nix | 22 --------------------- 4 files changed, 47 insertions(+), 23 deletions(-) create mode 100644 makefu/2configs/nix-community/mediawiki-matrix-bot.nix create mode 100644 makefu/5pkgs/custom/mediawiki-matrix-bot/default.nix delete mode 100644 makefu/5pkgs/mediawiki-matrix-bot/default.nix diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 1cfa8e4a4..adf025fd3 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -23,6 +23,7 @@ in { } + # @@ -182,7 +183,7 @@ in { # krebs infrastructure services - + # ]; makefu.dl-dir = "/var/download"; diff --git a/makefu/2configs/nix-community/mediawiki-matrix-bot.nix b/makefu/2configs/nix-community/mediawiki-matrix-bot.nix new file mode 100644 index 000000000..6dff64121 --- /dev/null +++ b/makefu/2configs/nix-community/mediawiki-matrix-bot.nix @@ -0,0 +1,23 @@ +{ pkgs, ... }: +let + seccfg = toString ; + statecfg = "/var/lib/mediawiki-matrix-bot/config.json"; +in { + systemd.services.mediawiki-matrix-bot = { + description = "Mediawiki Matrix Bot"; + after = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Restart = "always"; + RestartSec = "60s"; + DynamicUser = true; + StateDirectory = "mediawiki-matrix-bot"; + PermissionsStartOnly = true; + ExecStartPre = pkgs.writeDash "mediawikibot-copy-config" '' + install -D -m644 ${seccfg} ${statecfg} + ''; + ExecStart = "${pkgs.mediawiki-matrix-bot}/bin/mediawiki-matrix-bot ${statecfg}"; + PrivateTmp = true; + }; + }; +} diff --git a/makefu/5pkgs/custom/mediawiki-matrix-bot/default.nix b/makefu/5pkgs/custom/mediawiki-matrix-bot/default.nix new file mode 100644 index 000000000..4a91a9161 --- /dev/null +++ b/makefu/5pkgs/custom/mediawiki-matrix-bot/default.nix @@ -0,0 +1,22 @@ +{ buildPythonApplication, fetchFromGitHub, feedparser, matrix-nio, docopt, aiohttp, aiofiles, +mypy }: + +buildPythonApplication rec { + pname = "mediawiki-matrix-bot"; + version = "1.0.0"; + src = fetchFromGitHub { + owner = "nix-community"; + repo = "mediawiki-matrix-bot"; + rev = "v${version}"; + sha256 = "1923097j1xh34jmm0zhmvma614jcxaagj89c1fc1j2qyv14ybsvs"; + }; + propagatedBuildInputs = [ + feedparser matrix-nio docopt aiohttp aiofiles + ]; + nativeBuildInputs = [ + mypy + ]; + checkPhase = '' + mypy --strict mediawiki_matrix_bot + ''; +} diff --git a/makefu/5pkgs/mediawiki-matrix-bot/default.nix b/makefu/5pkgs/mediawiki-matrix-bot/default.nix deleted file mode 100644 index 4a91a9161..000000000 --- a/makefu/5pkgs/mediawiki-matrix-bot/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ buildPythonApplication, fetchFromGitHub, feedparser, matrix-nio, docopt, aiohttp, aiofiles, -mypy }: - -buildPythonApplication rec { - pname = "mediawiki-matrix-bot"; - version = "1.0.0"; - src = fetchFromGitHub { - owner = "nix-community"; - repo = "mediawiki-matrix-bot"; - rev = "v${version}"; - sha256 = "1923097j1xh34jmm0zhmvma614jcxaagj89c1fc1j2qyv14ybsvs"; - }; - propagatedBuildInputs = [ - feedparser matrix-nio docopt aiohttp aiofiles - ]; - nativeBuildInputs = [ - mypy - ]; - checkPhase = '' - mypy --strict mediawiki_matrix_bot - ''; -} -- cgit v1.2.3 From c7db9e13cde6ba34afd863d0f9e77410c194039c Mon Sep 17 00:00:00 2001 From: xkey Date: Sat, 4 Sep 2021 14:02:28 +0200 Subject: external: add aleph.r --- krebs/3modules/external/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 75be58326..29c0d34f0 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -639,7 +639,7 @@ in { nets = { retiolum = { ip4.addr = "10.243.13.12"; - aliases = [ "catalonia.r" ]; + aliases = [ "catalonia.r" "aleph.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEAug+nej8/spuRHdzcfBYAuzUVoiq4YufmJqXSshvgf4aqjeVEt91Y -- cgit v1.2.3 From ee66b2f02d455060267f8f59c1fea97b8310668d Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 5 Sep 2021 18:23:38 +0200 Subject: ma pkgs/dev: add cyberlocker --- makefu/2configs/tools/dev.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index ac6d91e85..36f867559 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -33,6 +33,7 @@ cac-api cac-panel krebszones + cyberlocker-tools ovh-zone gen-oath-safe cdrtools -- cgit v1.2.3 From e3e859c14eb34bc045544ff64c3340b9f4dbe1f0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 Sep 2021 18:38:13 +0200 Subject: brockman: 3.4.5 -> 4.0.1 --- krebs/5pkgs/haskell/brockman/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/haskell/brockman/default.nix b/krebs/5pkgs/haskell/brockman/default.nix index ef9f36217..d3dbcd89c 100644 --- a/krebs/5pkgs/haskell/brockman/default.nix +++ b/krebs/5pkgs/haskell/brockman/default.nix @@ -7,12 +7,12 @@ }: mkDerivation rec { pname = "brockman"; - version = "3.4.5"; + version = "4.0.1"; src = fetchFromGitHub { owner = "kmein"; repo = "brockman"; rev = version; - sha256 = "1q56ibgijcz6fgd60h0d1f2020l4n2i2nh98yaq95zhzwg0qsciy"; + sha256 = "0hppgban8hfyhn4c8qgm8j7ml6jaa35pjgrv3k3q27ln71wnr8rz"; }; isLibrary = false; isExecutable = true; -- cgit v1.2.3 From 1ea6362ab559036bc86e8576b810b0f500fa3a30 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 5 Sep 2021 18:40:25 +0200 Subject: ma pkgs: add mediawiki-matrix-bot --- makefu/5pkgs/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 756734b65..2d54455e6 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -41,6 +41,7 @@ in { inherit (callPackage ./devpi {}) devpi-web ; nodemcu-uploader = super.pkgs.callPackage ./nodemcu-uploader {}; liveproxy = super.pkgs.python3Packages.callPackage ./custom/liveproxy {}; + mediawiki-matrix-bot = super.pkgs.python3Packages.callPackage ./custom/mediawiki-matrix-bot {}; hydra-check = super.pkgs.python3Packages.callPackage ./custom/hydra-check {}; pwqgen-ger = super.pkgs.passwdqc-utils.override { wordset-file = super.pkgs.fetchurl { -- cgit v1.2.3 From 4c94f3db361b9d7cd2fa4ae49a534910da178c32 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 5 Sep 2021 19:51:31 +0200 Subject: shack: move repos to github --- krebs/2configs/shack/light.shack.nix | 6 ++++-- krebs/2configs/shack/muell_mail.nix | 5 +++-- krebs/2configs/shack/muellshack.nix | 5 +++-- krebs/2configs/shack/node-light.nix | 5 +++-- krebs/2configs/shack/powerraw.nix | 5 +++-- krebs/2configs/shack/s3-power.nix | 5 +++-- krebs/2configs/shack/shackDNS.nix | 7 ++++--- krebs/2configs/shack/worlddomination.nix | 5 +++-- 8 files changed, 26 insertions(+), 17 deletions(-) diff --git a/krebs/2configs/shack/light.shack.nix b/krebs/2configs/shack/light.shack.nix index 8e01cb1bf..715339a69 100644 --- a/krebs/2configs/shack/light.shack.nix +++ b/krebs/2configs/shack/light.shack.nix @@ -1,7 +1,9 @@ { config, pkgs, ... }: let - light-shack-src = pkgs.fetchgit { - url = "https://git.shackspace.de/rz/standby.shack"; + light-shack-src = + pkgs.fetchFromGitHub { + owner = "shackspace"; + repo = "standby.shack"; rev = "e1b90a0a"; sha256 = "07fmz63arc5rxa0a3778srwz0jflp4ad6xnwkkc56hwybby0bclh"; }; diff --git a/krebs/2configs/shack/muell_mail.nix b/krebs/2configs/shack/muell_mail.nix index 951450200..9308c7b13 100644 --- a/krebs/2configs/shack/muell_mail.nix +++ b/krebs/2configs/shack/muell_mail.nix @@ -2,8 +2,9 @@ let pkg = pkgs.callPackage ( - pkgs.fetchgit { - url = "https://git.shackspace.de/rz/muell_mail"; + pkgs.fetchFromGitHub { + owner = "shackspace"; + repo = "muell_mail"; rev = "c3e43687879f95e01a82ef176fa15678543b2eb8"; sha256 = "0hgchwam5ma96s2v6mx2jfkh833psadmisjbm3k3153rlxp46frx"; }) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; }; diff --git a/krebs/2configs/shack/muellshack.nix b/krebs/2configs/shack/muellshack.nix index b032b4299..cabe72b40 100644 --- a/krebs/2configs/shack/muellshack.nix +++ b/krebs/2configs/shack/muellshack.nix @@ -2,8 +2,9 @@ let pkg = pkgs.callPackage ( - pkgs.fetchgit { - url = "https://git.shackspace.de/rz/muellshack"; + pkgs.fetchFromGitHub { + owner = "shackspace"; + repo = "muellshack"; rev = "dc80cf1edaa3d86ec2bebae8596ad1d4c4e3650a"; sha256 = "1yipr66zhrg5m20pf3rzvgvvl78an6ddkq6zc45rxb2r0i7ipkyh"; diff --git a/krebs/2configs/shack/node-light.nix b/krebs/2configs/shack/node-light.nix index 2e69d5aaa..7a648d4ee 100644 --- a/krebs/2configs/shack/node-light.nix +++ b/krebs/2configs/shack/node-light.nix @@ -2,8 +2,9 @@ let pkg = pkgs.callPackage ( - pkgs.fetchgit { - url = "https://git.shackspace.de/rz/node-light.git"; + pkgs.fetchFromGitHub { + owner = "shackspace"; + repo = "node-light"; rev = "90a9347b73af3a9960bd992e6293b357226ef6a0"; sha256 = "1av9w3w8aknlra25jw6gqxzbb01i9kdlfziy29lwz7mnryjayvwk"; }) { }; diff --git a/krebs/2configs/shack/powerraw.nix b/krebs/2configs/shack/powerraw.nix index 43c743587..ace74cbc3 100644 --- a/krebs/2configs/shack/powerraw.nix +++ b/krebs/2configs/shack/powerraw.nix @@ -6,8 +6,9 @@ let influx-url = "http://influx.shack:8086"; pkg = pkgs.python3.pkgs.callPackage ( - pkgs.fetchgit { - url = "https://git.shackspace.de/rz/powermeter.git"; + pkgs.fetchFromGitHub { + owner = "shackspace"; + repo = "powermeter"; rev = "438b08f"; sha256 = "0c5czmrwlw985b7ia6077mfrvbf2fq51iajb481pgqbywgxqis5m"; }) {}; diff --git a/krebs/2configs/shack/s3-power.nix b/krebs/2configs/shack/s3-power.nix index 0ce8a8786..bed98d860 100644 --- a/krebs/2configs/shack/s3-power.nix +++ b/krebs/2configs/shack/s3-power.nix @@ -2,8 +2,9 @@ let pkg = pkgs.callPackage ( - pkgs.fetchgit { - url = "https://git.shackspace.de/rz/s3-power"; + pkgs.fetchFromGitHub { + owner = "shackspace"; + repo = "s3-power"; rev = "0687ab64"; sha256 = "1m8h4bwykv24bbgr5v51mam4wsbp5424xcrawhs4izv563jjf130"; }) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; }; diff --git a/krebs/2configs/shack/shackDNS.nix b/krebs/2configs/shack/shackDNS.nix index c9cdfd24b..00f79abc4 100644 --- a/krebs/2configs/shack/shackDNS.nix +++ b/krebs/2configs/shack/shackDNS.nix @@ -1,9 +1,10 @@ { config, lib, pkgs, ... }: let - pkg = - pkgs.fetchgit { - url = "https://git.shackspace.de/rz/shackdns"; + pkg = + pkgs.fetchFromGitHub { + owner = "shackspace"; + repo = "shackdns"; rev = "e55cc906c734b398683f9607b93f1ad6435d8575"; sha256 = "1hkwhf3hqb4fz06b1ckh7sl0zcyi4da5fgdlksian8lxyd19n8sq"; }; diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix index 4bdb095f1..e339d3174 100644 --- a/krebs/2configs/shack/worlddomination.nix +++ b/krebs/2configs/shack/worlddomination.nix @@ -4,8 +4,9 @@ with import ; let pkg = pkgs.stdenv.mkDerivation { name = "worlddomination-2020-12-01"; - src = pkgs.fetchgit { - url = "https://git.shackspace.de/rz/worlddomination.git"; + src = pkgs.fetchFromGitHub { + owner = "shackspace"; + repo = "worlddomination"; rev = "c7aedcde7cd1fcb870b5356a6125e1a384b0776c"; sha256 = "0y6haz5apwa33lz64l7b2x78wrrckbw39j4wzyd1hfk46478xi2y"; }; -- cgit v1.2.3 From 5dbb36955870955f643c89d65430d2440e747e3a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 Sep 2021 20:22:06 +0200 Subject: l prism.r: add telegraf.nix --- lass/1systems/prism/config.nix | 3 +- lass/2configs/telegraf.nix | 67 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+), 1 deletion(-) create mode 100644 lass/2configs/telegraf.nix diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 421afab2a..6ce4332da 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -7,11 +7,12 @@ with import ; + + { services.nginx.enable = true; imports = [ - ]; # needed by domsen.nix ^^ lass.usershadow = { diff --git a/lass/2configs/telegraf.nix b/lass/2configs/telegraf.nix new file mode 100644 index 000000000..4f46cd721 --- /dev/null +++ b/lass/2configs/telegraf.nix @@ -0,0 +1,67 @@ +{ config, lib, pkgs, ... }: +let + isVM = lib.any (mod: mod == "xen-blkfront" || mod == "virtio_console") config.boot.initrd.kernelModules; +in { + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 9273"; target = "ACCEPT"; } + ]; + + systemd.services.telegraf.path = [ pkgs.nvme-cli ]; + + services.telegraf = { + enable = true; + extraConfig = { + agent.interval = "60s"; + inputs = { + prometheus.metric_version = 2; + kernel_vmstat = { }; + # smart = lib.mkIf (!isVM) { + # path = pkgs.writeShellScript "smartctl" '' + # exec /run/wrappers/bin/sudo ${pkgs.smartmontools}/bin/smartctl "$@" + # ''; + # }; + system = { }; + mem = { }; + file = [{ + data_format = "influx"; + file_tag = "name"; + files = [ "/var/log/telegraf/*" ]; + }] ++ lib.optional (lib.any (fs: fs == "ext4") config.boot.supportedFilesystems) { + name_override = "ext4_errors"; + files = [ "/sys/fs/ext4/*/errors_count" ]; + data_format = "value"; + }; + exec = lib.optionalAttrs (lib.any (fs: fs == "zfs") config.boot.supportedFilesystems) { + ## Commands array + commands = [ + (pkgs.writeScript "zpool-health" '' + #!${pkgs.gawk}/bin/awk -f + BEGIN { + while ("${pkgs.zfs}/bin/zpool status" | getline) { + if ($1 ~ /pool:/) { printf "zpool_status,name=%s ", $2 } + if ($1 ~ /state:/) { printf " state=\"%s\",", $2 } + if ($1 ~ /errors:/) { + if (index($2, "No")) printf "errors=0i\n"; else printf "errors=%di\n", $2 + } + } + } + '') + ]; + data_format = "influx"; + }; + systemd_units = { }; + swap = { }; + disk.tagdrop = { + fstype = [ "tmpfs" "ramfs" "devtmpfs" "devfs" "iso9660" "overlay" "aufs" "squashfs" ]; + device = [ "rpc_pipefs" "lxcfs" "nsfs" "borgfs" ]; + }; + diskio = { }; + }; + outputs.prometheus_client = { + listen = ":9273"; + metric_version = 2; + }; + }; + }; +} -- cgit v1.2.3 From 05381eb02e1b39b3a371b4d530c20ea1201aeaae Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 5 Sep 2021 20:42:42 +0200 Subject: ma gum: add supervision --- makefu/1systems/gum/config.nix | 1 + makefu/2configs/nix-community/supervision.nix | 82 +++++++++++++++++++++++++++ 2 files changed, 83 insertions(+) create mode 100644 makefu/2configs/nix-community/supervision.nix diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index adf025fd3..2a1d39c04 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -24,6 +24,7 @@ in { + # diff --git a/makefu/2configs/nix-community/supervision.nix b/makefu/2configs/nix-community/supervision.nix new file mode 100644 index 000000000..f648b9c17 --- /dev/null +++ b/makefu/2configs/nix-community/supervision.nix @@ -0,0 +1,82 @@ +{ config, lib, pkgs, ... }: +let + isVM = lib.any (mod: mod == "xen-blkfront" || mod == "virtio_console") config.boot.initrd.kernelModules; + port = "9273"; +in { + + networking.firewall.extraCommands = '' + iptables -A INPUT -i retiolum -p tcp --dport ${port} -j ACCEPT + ''; + + services.telegraf = { + enable = true; + extraConfig = { + agent.interval = "60s"; + inputs = { + prometheus.metric_version = 2; + kernel_vmstat = { }; + smart = lib.mkIf (!isVM) { + path = pkgs.writeShellScript "smartctl" '' + exec /run/wrappers/bin/sudo ${pkgs.smartmontools}/bin/smartctl "$@" + ''; + }; + system = { }; + mem = { }; + file = [{ + data_format = "influx"; + file_tag = "name"; + files = [ "/var/log/telegraf/*" ]; + }] ++ lib.optional (lib.any (fs: fs == "ext4") config.boot.supportedFilesystems) { + name_override = "ext4_errors"; + files = [ "/sys/fs/ext4/*/errors_count" ]; + data_format = "value"; + }; + exec = lib.optionalAttrs (lib.any (fs: fs == "zfs") config.boot.supportedFilesystems) { + ## Commands array + commands = [ + (pkgs.writeScript "zpool-health" '' + #!${pkgs.gawk}/bin/awk -f + BEGIN { + while ("${pkgs.zfs}/bin/zpool status" | getline) { + if ($1 ~ /pool:/) { printf "zpool_status,name=%s ", $2 } + if ($1 ~ /state:/) { printf " state=\"%s\",", $2 } + if ($1 ~ /errors:/) { + if (index($2, "No")) printf "errors=0i\n"; else printf "errors=%di\n", $2 + } + } + } + '') + ]; + data_format = "influx"; + }; + systemd_units = { }; + swap = { }; + disk.tagdrop = { + fstype = [ "tmpfs" "ramfs" "devtmpfs" "devfs" "iso9660" "overlay" "aufs" "squashfs" ]; + device = [ "rpc_pipefs" "lxcfs" "nsfs" "borgfs" ]; + }; + diskio = { }; + }; + outputs.prometheus_client = { + listen = ":${port}"; + metric_version = 2; + }; + }; + }; + + security.sudo.extraRules = lib.mkIf (!isVM) [{ + users = [ "telegraf" ]; + commands = [{ + command = "${pkgs.smartmontools}/bin/smartctl"; + options = [ "NOPASSWD" ]; + }]; + }]; + # avoid logging sudo use + security.sudo.configFile = '' + Defaults:telegraf !syslog,!pam_session + ''; + # create dummy file to avoid telegraf errors + systemd.tmpfiles.rules = [ + "f /var/log/telegraf/dummy 0444 root root - -" + ]; +} -- cgit v1.2.3 From 434fba596af8edf91d0dc1635ab481dd838e60eb Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 5 Sep 2021 20:59:07 +0200 Subject: ma secrets: add mediawikibot-config.json dummy file --- makefu/0tests/data/secrets/mediawikibot-config.json | 1 + 1 file changed, 1 insertion(+) create mode 100644 makefu/0tests/data/secrets/mediawikibot-config.json diff --git a/makefu/0tests/data/secrets/mediawikibot-config.json b/makefu/0tests/data/secrets/mediawikibot-config.json new file mode 100644 index 000000000..0967ef424 --- /dev/null +++ b/makefu/0tests/data/secrets/mediawikibot-config.json @@ -0,0 +1 @@ +{} -- cgit v1.2.3 From 357a021c94dd67be170139b6d9da805adb238ebc Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 5 Sep 2021 21:15:06 +0200 Subject: ma: add rss.makefu.r --- krebs/3modules/makefu/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 30d90bf2b..03431ce5f 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -233,6 +233,7 @@ in { "wiki.gum.r" "wiki.makefu.r" "warrior.gum.r" + "rss.makefu.r" "sick.makefu.r" "dl.gum.r" "dl.makefu.r" -- cgit v1.2.3 From 87c758f629ce70addf40f0509b8a7856fe0f0da4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 Sep 2021 21:27:30 +0200 Subject: puyak: add shackie reaktor irc bot --- krebs/1systems/puyak/config.nix | 3 +++ krebs/2configs/shack/reaktor.nix | 19 +++++++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 krebs/2configs/shack/reaktor.nix diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 2f122f6ff..1dcf20308 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -115,6 +115,9 @@ ## Collect local statistics via collectd and send to collectd + + ## shackie irc bot + ]; krebs.build.host = config.krebs.hosts.puyak; diff --git a/krebs/2configs/shack/reaktor.nix b/krebs/2configs/shack/reaktor.nix new file mode 100644 index 000000000..40c121299 --- /dev/null +++ b/krebs/2configs/shack/reaktor.nix @@ -0,0 +1,19 @@ +{ config, lib, pkgs, ... }: +{ + krebs.reaktor2.shackie = { + hostname = "irc.libera.chat"; + port = "6697"; + nick = "shackie"; + API.listen = "inet://127.0.0.1:7777"; + plugins = [ + { + plugin = "register"; + config = { + channels = [ + "#shackspace" + ]; + }; + } + ]; + }; +} -- cgit v1.2.3 From 06e751c4bbbe4812d6b8c4cf0a964098a68e7b50 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 Sep 2021 21:28:13 +0200 Subject: puyak.r: remove legacy cryptoModules --- krebs/1systems/puyak/config.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 1dcf20308..ce355998f 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -127,7 +127,6 @@ loader.efi.canTouchEfiVariables = true; initrd.luks.devices.luksroot.device = "/dev/sda3"; - initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; kernelModules = [ "kvm-intel" ]; -- cgit v1.2.3 From e0c5b3f187310cae8f5ad0abb2e92d5aa79e94db Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 5 Sep 2021 21:52:47 +0200 Subject: puyak.r: announce doorstatus --- krebs/2configs/shack/doorstatus.sh | 74 ++++++++++++++++++++++++++++++++++++++ krebs/2configs/shack/reaktor.nix | 11 ++++++ 2 files changed, 85 insertions(+) create mode 100755 krebs/2configs/shack/doorstatus.sh diff --git a/krebs/2configs/shack/doorstatus.sh b/krebs/2configs/shack/doorstatus.sh new file mode 100755 index 000000000..11e710cfd --- /dev/null +++ b/krebs/2configs/shack/doorstatus.sh @@ -0,0 +1,74 @@ +#!/bin/sh +# needs in path: +# curl jq +# creates and manages $PWD/state +set -euf + +send_reaktor(){ + # usage: send_reaktor "text" + echo "send_reaktor: $1" + curl -fsS http://localhost:7777 \ + -H content-type:application/json \ + -d "$(jq -n \ + --arg text "$1" '{ + command:"PRIVMSG", + params:["#shackspace",$text] + }' + )" +} + +open=$(shuf -n1 < state +fi diff --git a/krebs/2configs/shack/reaktor.nix b/krebs/2configs/shack/reaktor.nix index 40c121299..a31c7a687 100644 --- a/krebs/2configs/shack/reaktor.nix +++ b/krebs/2configs/shack/reaktor.nix @@ -16,4 +16,15 @@ } ]; }; + systemd.services.announce_doorstatus = { + startAt = "*:0/1"; + path = with pkgs; [ curl jq ]; + script = builtins.readFile ./doorstatus.sh; + serviceConfig = { + DynamicUser = true; + StateDirectory = "doorstatus"; + WorkingDirectory = "/var/lib/doorstatus"; + PrivateTmp = true; + }; + }; } -- cgit v1.2.3 From 936ebe7ac1906b94c4c8074eb9755d1ff5d4e844 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 5 Sep 2021 21:54:30 +0200 Subject: puyak.r: disable nonfuc unifi --- krebs/1systems/puyak/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index ce355998f..81a53af80 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -109,7 +109,7 @@ - + # ## Collect local statistics via collectd and send to collectd -- cgit v1.2.3 From 9202b9b33eaf60500f33c68a15d6d7ac3c9f7343 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 5 Sep 2021 22:18:33 +0200 Subject: puyak.r glados: fix tts --- krebs/2configs/shack/glados/default.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix index 53d6e6f4a..51c2ad94f 100644 --- a/krebs/2configs/shack/glados/default.nix +++ b/krebs/2configs/shack/glados/default.nix @@ -112,7 +112,8 @@ in { } { platform = "mpd"; name = "kiosk"; - host = "lounge.kiosk.shack"; + #host = "lounge.kiosk.shack"; + host = "kiosk.shack"; } ]; @@ -123,7 +124,7 @@ in { http = { base_url = "http://hass.shack"; use_x_forwarded_for = true; - trusted_proxies = "127.0.0.1"; + trusted_proxies = [ "127.0.0.1" "::1" ]; }; #conversation = {}; @@ -139,6 +140,7 @@ in { language = "de"; cache = true; time_memory = 57600; + base_url = "http://hass.shack"; } ]; device_tracker = []; -- cgit v1.2.3 From aaae1b2f5b6532ae6f5def1678957e2a6dc00c28 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 Sep 2021 22:09:27 +0200 Subject: hidden-ssh: fix to work with new nixos tor service --- krebs/3modules/hidden-ssh.nix | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/krebs/3modules/hidden-ssh.nix b/krebs/3modules/hidden-ssh.nix index 1e56e62f9..4436a6167 100644 --- a/krebs/3modules/hidden-ssh.nix +++ b/krebs/3modules/hidden-ssh.nix @@ -27,14 +27,17 @@ let imp = let torDirectory = "/var/lib/tor"; # from tor.nix - hiddenServiceDir = torDirectory + "/ssh-announce-service"; + hiddenServiceDir = torDirectory + "/onion/hidden-ssh"; in { services.tor = { enable = true; - extraConfig = '' - HiddenServiceDir ${hiddenServiceDir} - HiddenServicePort 22 127.0.0.1:22 - ''; + relay.onionServices.hidden-ssh = { + version = 3; + map = [{ + port = 22; + target.port = 22; + }]; + }; client.enable = true; }; systemd.services.hidden-ssh-announce = { -- cgit v1.2.3 From b471ff4191011b000f60dd2c6dafc6e5ed9458c2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 Sep 2021 22:51:37 +0200 Subject: irc-announce: add tls flag --- krebs/3modules/announce-activation.nix | 5 +++++ krebs/3modules/hidden-ssh.nix | 20 ++++++++++++++++---- krebs/5pkgs/simple/git-hooks/default.nix | 3 +++ krebs/5pkgs/simple/irc-announce/default.nix | 9 +++++++-- 4 files changed, 31 insertions(+), 6 deletions(-) diff --git a/krebs/3modules/announce-activation.nix b/krebs/3modules/announce-activation.nix index 76eb4b136..a40ae8cef 100644 --- a/krebs/3modules/announce-activation.nix +++ b/krebs/3modules/announce-activation.nix @@ -9,6 +9,7 @@ with import ; ${shell.escape (toString cfg.irc.port)} \ ${shell.escape cfg.irc.nick} \ ${shell.escape cfg.irc.channel} \ + ${escapeShellArg cfg.irc.tls} \ "$message" ''; default-get-message = pkgs.writeDash "announce-activation-get-message" '' @@ -50,6 +51,10 @@ in { default = "irc.r"; type = types.hostname; }; + tls = mkOption { + default = false; + type = types.bool; + }; }; }; config = mkIf cfg.enable { diff --git a/krebs/3modules/hidden-ssh.nix b/krebs/3modules/hidden-ssh.nix index 4436a6167..acbe717d9 100644 --- a/krebs/3modules/hidden-ssh.nix +++ b/krebs/3modules/hidden-ssh.nix @@ -19,6 +19,14 @@ let type = types.str; default = "irc.hackint.org"; }; + port = mkOption { + type = types.int; + default = 6697; + }; + tls = mkOption { + type = types.bool; + default = true; + }; message = mkOption { type = types.str; default = "SSH Hidden Service at "; @@ -53,10 +61,14 @@ let echo "still waiting for ${hiddenServiceDir}/hostname" sleep 1 done - ${pkgs.untilport}/bin/untilport ${cfg.server} 6667 && \ - ${pkgs.irc-announce}/bin/irc-announce \ - ${cfg.server} 6667 ${config.krebs.build.host.name}-ssh \ - \${cfg.channel} \ + ${pkgs.untilport}/bin/untilport ${escapeShellArg cfg.server} ${toString cfg.port} + + ${pkgs.irc-announce}/bin/irc-announce \ + ${escapeShellArg cfg.server} \ + ${toString cfg.port} \ + "${config.krebs.build.host.name}-ssh" \ + ${escapeShellArg cfg.channel} \ + ${escapeShellArg cfg.tls} \ "${cfg.message}$(cat ${hiddenServiceDir}/hostname)" ''; PrivateTmp = "true"; diff --git a/krebs/5pkgs/simple/git-hooks/default.nix b/krebs/5pkgs/simple/git-hooks/default.nix index 0a2c84410..012c4ccf8 100644 --- a/krebs/5pkgs/simple/git-hooks/default.nix +++ b/krebs/5pkgs/simple/git-hooks/default.nix @@ -12,6 +12,7 @@ with import ; , port ? 6667 , refs ? [] , server + , tls ? false , verbose ? false }: /* sh */ '' #! /bin/sh @@ -39,6 +40,7 @@ with import ; nick=${escapeShellArg nick} channel=${escapeShellArg channel} server=${escapeShellArg server} + tls=${escapeShellArg tls} port=${toString port} host=$nick @@ -114,6 +116,7 @@ with import ; "$port" \ "$nick" \ "$channel" \ + "tls" \ "$message" fi ''; diff --git a/krebs/5pkgs/simple/irc-announce/default.nix b/krebs/5pkgs/simple/irc-announce/default.nix index 52cf12862..5797b3667 100644 --- a/krebs/5pkgs/simple/irc-announce/default.nix +++ b/krebs/5pkgs/simple/irc-announce/default.nix @@ -17,7 +17,8 @@ pkgs.writeDashBin "irc-announce" '' IRC_PORT=$2 IRC_NICK=$3_$$ IRC_CHANNEL=$4 - message=$5 + IRC_TLS=$5 + message=$6 export IRC_CHANNEL # for privmsg_cat @@ -34,6 +35,8 @@ pkgs.writeDashBin "irc-announce" '' # privmsg_cat transforms stdin to a privmsg privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; } + tls_flag() { if [ "$IRC_TLS" -eq 1 ]; then echo "-c"; fi } + # ircin is used to feed the output of netcat back to the "irc client" # so we can implement expect-like behavior with sed^_^ # XXX mkselfdestructingtmpfifo would be nice instead of this cruft @@ -51,6 +54,8 @@ pkgs.writeDashBin "irc-announce" '' echo2 "USER $LOGNAME 0 * :$LOGNAME@$(hostname)" echo2 "NICK $IRC_NICK" + awk 'match($0, /PING(.*)/, m) {print "PONG", m[1]; exit}' + # wait for MODE message sed -n '/^:[^ ]* MODE /q' @@ -67,5 +72,5 @@ pkgs.writeDashBin "irc-announce" '' echo2 'QUIT :Gone to have lunch' } < ircin \ - | nc "$IRC_SERVER" "$IRC_PORT" | tee -a ircin + | nc $(tls_flag) "$IRC_SERVER" "$IRC_PORT" | tee -a ircin '' -- cgit v1.2.3 From 5129440d6f13676cdeb998e6db705f820d9fbbbd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 Sep 2021 22:52:06 +0200 Subject: l wizard: fix autologinUser --- lass/1systems/wizard/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/wizard/config.nix b/lass/1systems/wizard/config.nix index 8f9db7d3c..e158fa728 100644 --- a/lass/1systems/wizard/config.nix +++ b/lass/1systems/wizard/config.nix @@ -271,7 +271,7 @@ in { message = "lassulus: torify sshn root@"; }; systemd.services.hidden-ssh-announce.wantedBy = mkForce []; - services.mingetty.autologinUser = lib.mkForce "root"; + services.getty.autologinUser = lib.mkForce "root"; nixpkgs.config.packageOverrides = super: { dmenu = pkgs.writeDashBin "dmenu" '' -- cgit v1.2.3 From 9cebb569811fb7975ca45997b3eb46e518397bec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 6 Sep 2021 18:51:51 +0200 Subject: mic92: restart realwallpaper on failure --- krebs/3modules/realwallpaper.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index 76f333963..1fa6012cf 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -51,6 +51,7 @@ let serviceConfig = { Type = "simple"; + Restart = "on-failure"; ExecStart = "${pkgs.realwallpaper}/bin/generate-wallpaper"; User = "realwallpaper"; }; -- cgit v1.2.3 From 9260452792d0b3722072f33940aebda3eafc128c Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 8 Sep 2021 16:03:38 +0200 Subject: move shackie from puyak.r to hotdog.r --- krebs/1systems/hotdog/config.nix | 3 +++ krebs/1systems/puyak/config.nix | 3 --- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index a100e414d..9f1ac9134 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -10,6 +10,9 @@ + + ## shackie irc bot + ]; krebs.build.host = config.krebs.hosts.hotdog; diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 81a53af80..5ed946aca 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -115,9 +115,6 @@ ## Collect local statistics via collectd and send to collectd - - ## shackie irc bot - ]; krebs.build.host = config.krebs.hosts.puyak; -- cgit v1.2.3 From 96de4530c3744867933d6e957697ce0a12859f78 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 9 Sep 2021 20:40:13 +0200 Subject: shack/powerraw: also open tcp port 11111 --- krebs/2configs/shack/powerraw.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/2configs/shack/powerraw.nix b/krebs/2configs/shack/powerraw.nix index ace74cbc3..64e1911cf 100644 --- a/krebs/2configs/shack/powerraw.nix +++ b/krebs/2configs/shack/powerraw.nix @@ -15,6 +15,7 @@ let in { # receive response from light.shack / standby.shack networking.firewall.allowedUDPPorts = [ 11111 ]; + networking.firewall.allowedTCPPorts = [ 11111 ]; users.users.powermeter = { extraGroups = [ "dialout" ]; isSystemUser = true; -- cgit v1.2.3 From f2287d2024a5e3634ffb2115204aa4065afe2a4f Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 10 Sep 2021 09:22:08 +0200 Subject: l: add mumble.lassul.us for mumble-web --- krebs/3modules/lass/default.nix | 1 + lass/1systems/prism/config.nix | 14 +------------- lass/2configs/murmur.nix | 39 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 41 insertions(+), 13 deletions(-) create mode 100644 lass/2configs/murmur.nix diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index b19e2e6fc..7ad725cd8 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -47,6 +47,7 @@ in { radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} jitsi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} streaming 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + mumble 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; }; nets = rec { diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 6ce4332da..3a6ab25a4 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -276,19 +276,7 @@ with import ; { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} ]; } - { - services.murmur = { - enable = true; - bandwidth = 10000000; - registerName = "lassul.us"; - autobanTime = 30; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 64738"; target = "ACCEPT";} - { predicate = "-p udp --dport 64738"; target = "ACCEPT";} - ]; - - } + { systemd.services."container@yellow".reloadIfChanged = mkForce false; containers.yellow = { diff --git a/lass/2configs/murmur.nix b/lass/2configs/murmur.nix new file mode 100644 index 000000000..9f325d0af --- /dev/null +++ b/lass/2configs/murmur.nix @@ -0,0 +1,39 @@ +{ config, lib, pkgs, ... }: +{ + services.murmur = { + enable = true; + bandwidth = 10000000; + registerName = "lassul.us"; + autobanTime = 30; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 64738"; target = "ACCEPT";} + { predicate = "-p udp --dport 64738"; target = "ACCEPT";} + ]; + + systemd.services.docker-mumble-web.serviceConfig = { + StandardOutput = lib.mkForce "journal"; + StandardError = lib.mkForce "journal"; + }; + virtualisation.oci-containers.containers.mumble-web = { + image = "rankenstein/mumble-web"; + environment = { + MUMBLE_SERVER = "lassul.us:64738"; + }; + ports = [ + "64739:8080" + ]; + }; + + services.nginx.virtualHosts."mumble.lassul.us" = { + enableACME = true; + forceSSL = true; + locations."/".extraConfig = '' + proxy_pass http://localhost:64739/; + proxy_set_header Accept-Encoding ""; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + ''; + }; +} -- cgit v1.2.3 From b8cd625a70fdd8811b8c5bfd0abf17a00c2e628c Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 10 Sep 2021 09:23:02 +0200 Subject: l: add lasspi & domsen-pixel hosts --- krebs/3modules/lass/default.nix | 55 +++++++++++++++++++++++++++++++++++++++ lass/1systems/lasspi/config.nix | 26 ++++++++++++++++++ lass/1systems/lasspi/physical.nix | 43 ++++++++++++++++++++++++++++++ 3 files changed, 124 insertions(+) create mode 100644 lass/1systems/lasspi/config.nix create mode 100644 lass/1systems/lasspi/physical.nix diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 7ad725cd8..693e04e6e 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -786,6 +786,61 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIn+o0uCBSot254kZKlNepVKFcwDPdr8s6+lQmYGM3Hd "; }; + lasspi = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.1.89"; + ip6.addr = r6 "189"; + aliases = [ + "lasspi.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3zUXIiw8/9okrGaxlAR1 + JvoXNxAzLj5wwE2B0A+9ppev7Vl52HJarNoM6+0RN4aZDGMhDWg8J5ZQSdGUNm5F + CIdxE1TwLXxzW5nd7BIb+MVsjtw0pxId7Gxq6Wgtx1QljUdsp8OVrJActqsmXYMl + oYEWdENHRONYTCyhs+Kd18MERyxQCqOXOnD170iaFuCcHiIa2nSOtlk+aIPNIE/P + Qsp7Q0RCRvqd5LszsI7bp3gZL9mgGquQEW+3ZxSaIYHGTdK/zI4PHYpEa7IvdJFS + BJjJj+PbilnSxy7iL826O8ckxBqA0rNS0EynCKCI0DoVimCeklk20vLagDyXiDyC + VW2774j1rF35eIowPTBVJNfquEptNDl9MLV3MC2P8gnCZp5x+7dEwpqsvecBQ7Z8 + +Ry9JZ/zlWi5qT86SrwKKqJqRhWHjZZSRzWdo4ypaNOy0cKHb2DcVfgn38Kf16xs + QM11XLCRE8VLIVl5UFgrF6q/0f8JP1BG8RO90NDsLwIW/EwKiJ9OGFtayvxkmgHP + zgmzgws8cn50762OPkp4OVzVexN77d9N8GU9QXAlsFyn2FJlO26DvFON4fHIf0bP + 6lqI1Up2jAy0eSl2txlxxKbKRlkIaebHulhxIxQ1djA+xPb/5cfasom9Qqwf6/Lc + 287nChBcbY+HlshTe0lZdrkCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + wiregrill = { + ip6.addr = w6 "189"; + aliases = [ + "lasspi.w" + ]; + wireguard.pubkey = '' + IIBAiG7jZEliQJJsNUQswLsB5FQFkAfq5IwyHAp71Vw= + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEjYOaTQE9OvvIaWWjO+3/uSy7rvnhnJA48rWYeB2DfB"; + }; + + domsen-pixel = { + nets = { + wiregrill = { + ip4.addr = "10.244.1.17"; + ip6.addr = w6 "d0"; + aliases = [ + "domsen-pixel.w" + ]; + wireguard.pubkey = "cGuBSB1DftIsanbxrSG/i4FiC+TmQrs+Z0uE6SPscHY="; + }; + }; + external = true; + ci = false; + }; + }; users = rec { lass = lass-yubikey; diff --git a/lass/1systems/lasspi/config.nix b/lass/1systems/lasspi/config.nix new file mode 100644 index 000000000..9f823dfc8 --- /dev/null +++ b/lass/1systems/lasspi/config.nix @@ -0,0 +1,26 @@ +with import ; +{ config, lib, pkgs, ... }: +let +in +{ + imports = [ + + + + ]; + + krebs.build.host = config.krebs.hosts.lasspi; + + networking = { + networkmanager = { + enable = true; + }; + }; + environment.systemPackages = with pkgs; [ + vim + rxvt_unicode.terminfo + ]; + services.openssh.enable = true; + + system.stateVersion = "21.05"; +} diff --git a/lass/1systems/lasspi/physical.nix b/lass/1systems/lasspi/physical.nix new file mode 100644 index 000000000..80c459a95 --- /dev/null +++ b/lass/1systems/lasspi/physical.nix @@ -0,0 +1,43 @@ +{ config, lib, pkgs, ... }: +{ + # This configuration worked on 09-03-2021 nixos-unstable @ commit 102eb68ceec + # The image used https://hydra.nixos.org/build/134720986 + imports = [ + ./config.nix + ]; + + boot = { + # kernelPackages = pkgs.linuxPackages_rpi4; + tmpOnTmpfs = true; + initrd.availableKernelModules = [ "usbhid" "usb_storage" ]; + # ttyAMA0 is the serial console broken out to the GPIO + kernelParams = [ + "8250.nr_uarts=1" + "console=ttyAMA0,115200" + "console=tty1" + # Some gui programs need this + "cma=128M" + ]; + }; + + boot.loader.raspberryPi = { + enable = true; + version = 4; + }; + boot.loader.grub.enable = false; + boot.loader.generic-extlinux-compatible.enable = true; + + # Required for the Wireless firmware + hardware.enableRedistributableFirmware = true; + + # Assuming this is installed on top of the disk image. + fileSystems = { + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + options = [ "noatime" ]; + }; + }; + + powerManagement.cpuFreqGovernor = "ondemand"; +} -- cgit v1.2.3 From 68c7f79174ad1d30514a6529fdfd5957d799a4e1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 10 Sep 2021 09:24:12 +0200 Subject: l echelon.r: add syncthing id --- krebs/3modules/lass/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 693e04e6e..3419d806c 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -784,6 +784,7 @@ in { }; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIn+o0uCBSot254kZKlNepVKFcwDPdr8s6+lQmYGM3Hd "; + syncthing.id = "TT4MBZS-YNDZUYO-Y6L4GOK-5IYUCXY-2RKFOSK-5SMZYSR-5QMOXSS-6DNJIAZ"; }; lasspi = { -- cgit v1.2.3 From 9a9abc561b63871c9237d185b6651e4e995cdb41 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 10 Sep 2021 09:30:46 +0200 Subject: git-hooks irc-announce: fix tls arg --- krebs/5pkgs/simple/git-hooks/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/5pkgs/simple/git-hooks/default.nix b/krebs/5pkgs/simple/git-hooks/default.nix index 012c4ccf8..acf34ad69 100644 --- a/krebs/5pkgs/simple/git-hooks/default.nix +++ b/krebs/5pkgs/simple/git-hooks/default.nix @@ -116,7 +116,7 @@ with import ; "$port" \ "$nick" \ "$channel" \ - "tls" \ + "$tls" \ "$message" fi ''; -- cgit v1.2.3 From 61430a5c9b5b50d9a02a443e6b95761374165eb7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 10 Sep 2021 13:15:42 +0200 Subject: nixpkgs: 74d017e -> 12eb1d1 --- krebs/nixpkgs.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 92ce9aa90..be5f1391b 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "74d017edb6717ad76d38edc02ad3210d4ad66b96", - "date": "2021-08-27T16:58:49+02:00", - "path": "/nix/store/82jg1p0rlf7mkryjpdn0z6b95q4i9lnq-nixpkgs", - "sha256": "0wvz41izp4djzzr0a6x54hcm3xjr51nlj8vqghfgyrjpk8plyk4s", + "rev": "12eb1d16ae3b6cbf0ea83e9228bca8ffd7cfe347", + "date": "2021-09-08T13:02:40+02:00", + "path": "/nix/store/08ylym1mlxg9a67v0r9lwgyy76dravfq-nixpkgs", + "sha256": "1i72kjml6z0fskfmim5am0v868dydgvm4yvc4ckm0447i7z8cgpa", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false -- cgit v1.2.3 From 99ad1246a417976e78dfbce588d6315f978595fb Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 10 Sep 2021 13:16:02 +0200 Subject: nixpkgs-unstable: 8d8a28b -> 09cd65b --- krebs/nixpkgs-unstable.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index d0d3cd82d..6b5f8ec8f 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "8d8a28b47b7c41aeb4ad01a2bd8b7d26986c3512", - "date": "2021-08-29T22:49:37+08:00", - "path": "/nix/store/vg29bg0awqam80djwz68ym0awvasrw6i-nixpkgs", - "sha256": "1s29nc3ppsjdq8kgbh8pc26xislkv01yph58xv2vjklkvsmz5pzm", + "rev": "09cd65b33c5653d7d2954fef4b9f0e718c899743", + "date": "2021-09-08T11:21:07-05:00", + "path": "/nix/store/h4hgs0aiaszmgqcwwhw7q10vqgvgbimf-nixpkgs", + "sha256": "1h696xv2wdl1859jcr0bmv0m0rfsq4vpc1vc0hg3msfsdnz0aixl", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false -- cgit v1.2.3 From d81a4fcfdfed37f5b6db61c50fae090aa84a2da5 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 10 Sep 2021 22:32:53 +0200 Subject: ma pkgs.chitubox: bump to 1.9.0 --- makefu/5pkgs/chitubox/default.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/makefu/5pkgs/chitubox/default.nix b/makefu/5pkgs/chitubox/default.nix index bea33e64f..d0596e700 100644 --- a/makefu/5pkgs/chitubox/default.nix +++ b/makefu/5pkgs/chitubox/default.nix @@ -4,26 +4,26 @@ , libpulseaudio , xlibs , gst_all_1 -, kerberos +, krb5 , alsaLib }: # via https://raw.githubusercontent.com/simon-the-sourcerer-ab/chitubox/main/default.nix stdenv.mkDerivation rec { pname = "chitubox"; - version = "1.8.1"; + version = "1.9.0"; src = builtins.fetchTarball { #url = "https://sac.chitubox.com/software/download.do?softwareId=17839&softwareVersionId=v${version}&fileName=CHITUBOX_V${version}.tar.gz"; url = "https://archive.org/download/chitubox-v-1.8.1.tar/CHITUBOX_V${version}.tar.gz"; - sha256 = "08fh8w7s5qvlx6bhdg24g81a7zprq7n8m27w2vdv0cd8j0wixbsx"; + sha256 = "1ywcizxdkwlhi8z3jshl3b6ha8iwibssxh8fk7s32h3z8vl8zcl7"; }; nativeBuildInputs = [ autoPatchelfHook ]; buildInputs = with xlibs; [ stdenv.cc.cc.lib libglvnd libgcrypt zlib glib fontconfig freetype libdrm - libxkbcommon libpulseaudio kerberos alsaLib + libxkbcommon libpulseaudio alsaLib xcbutilwm xcbutilimage xcbutilrenderutil xcbutilkeysyms - gst_all_1.gst-plugins-base gst_all_1.gstreamer + gst_all_1.gst-plugins-base gst_all_1.gstreamer krb5 ]; buildPhase = '' -- cgit v1.2.3 From 85aa4aa5b39016fcf603881c416c21a0c8d062af Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 12 Sep 2021 11:56:09 +0200 Subject: nixpkgs: 12eb1d1 -> 8b0b81d --- krebs/nixpkgs.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index be5f1391b..72a603c7b 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "12eb1d16ae3b6cbf0ea83e9228bca8ffd7cfe347", - "date": "2021-09-08T13:02:40+02:00", - "path": "/nix/store/08ylym1mlxg9a67v0r9lwgyy76dravfq-nixpkgs", - "sha256": "1i72kjml6z0fskfmim5am0v868dydgvm4yvc4ckm0447i7z8cgpa", + "rev": "8b0b81dab17753ab344a44c04be90a61dc55badf", + "date": "2021-09-10T08:00:45-04:00", + "path": "/nix/store/rxlq7jb68cnhfnq15d2rbpf2qc65g0pr-nixpkgs", + "sha256": "0rj17jpjxjcibcd4qygpxbq79m4px6b35nqq9353pns8w7a984xx", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false -- cgit v1.2.3 From eeb122aeff8d930eff336e50a2d14a0f0be8a020 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 14 Sep 2021 14:40:26 +0200 Subject: nixpkgs: 8b0b81d -> b3083bc --- krebs/nixpkgs.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 72a603c7b..11cc0527e 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "8b0b81dab17753ab344a44c04be90a61dc55badf", - "date": "2021-09-10T08:00:45-04:00", - "path": "/nix/store/rxlq7jb68cnhfnq15d2rbpf2qc65g0pr-nixpkgs", - "sha256": "0rj17jpjxjcibcd4qygpxbq79m4px6b35nqq9353pns8w7a984xx", + "rev": "b3083bc6933eb7fa4ee7bd4802e9f72b56f3e654", + "date": "2021-09-13T17:06:43+02:00", + "path": "/nix/store/18nwp35nj16hr2li3xbs6vczvw32rp5p-nixpkgs", + "sha256": "1cj8jmzgf2rpf8n8yjsh6qsh66rqpyxh8jhn65ll15578fh98gb9", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false -- cgit v1.2.3 From 04ba40838dc4d3b644bf8af2d4da7c0ea417e7c4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 14 Sep 2021 19:18:53 +0200 Subject: l coaxmetal.r: use default kernel --- lass/1systems/coaxmetal/physical.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/lass/1systems/coaxmetal/physical.nix b/lass/1systems/coaxmetal/physical.nix index 3632ffd3e..d3810e768 100644 --- a/lass/1systems/coaxmetal/physical.nix +++ b/lass/1systems/coaxmetal/physical.nix @@ -22,8 +22,6 @@ ]; hardware.opengl.extraPackages = [ pkgs.amdvlk ]; - # is required for amd graphics support ( xorg wont boot otherwise ) - boot.kernelPackages = pkgs.linuxPackages_latest; environment.variables.VK_ICD_FILENAMES = "/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json"; -- cgit v1.2.3 From e7d5d990837981496fd8883c85391132200a5319 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 14 Sep 2021 19:10:16 +0200 Subject: rip Reaktor --- krebs/1systems/test-all-krebs-modules/config.nix | 1 - krebs/2configs/reaktor2.nix | 6 +- krebs/2configs/repo-sync.nix | 1 - krebs/3modules/Reaktor.nix | 155 ------------------ krebs/3modules/default.nix | 1 - krebs/5pkgs/default.nix | 2 - krebs/5pkgs/simple/Reaktor/default.nix | 24 --- krebs/5pkgs/simple/Reaktor/plugins.nix | 182 --------------------- krebs/5pkgs/simple/Reaktor/scripts/tell-on_join.sh | 25 +++ .../simple/Reaktor/scripts/tell-on_privmsg.sh | 18 ++ krebs/5pkgs/simple/reaktor2-plugins.nix | 4 - 11 files changed, 46 insertions(+), 373 deletions(-) delete mode 100644 krebs/3modules/Reaktor.nix delete mode 100644 krebs/5pkgs/simple/Reaktor/default.nix delete mode 100644 krebs/5pkgs/simple/Reaktor/plugins.nix create mode 100755 krebs/5pkgs/simple/Reaktor/scripts/tell-on_join.sh create mode 100755 krebs/5pkgs/simple/Reaktor/scripts/tell-on_privmsg.sh diff --git a/krebs/1systems/test-all-krebs-modules/config.nix b/krebs/1systems/test-all-krebs-modules/config.nix index 2e1b5c1ad..8495a3ded 100644 --- a/krebs/1systems/test-all-krebs-modules/config.nix +++ b/krebs/1systems/test-all-krebs-modules/config.nix @@ -10,7 +10,6 @@ in { enable = true; build.user = config.krebs.users.krebs; build.host = config.krebs.hosts.test-all-krebs-modules; - Reaktor.test = {}; apt-cacher-ng.enable = true; backup.enable = true; bepasty.enable = true; diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index 4a33c33ec..79822668b 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -47,7 +47,7 @@ let activate = "always"; command = { filename = - "${pkgs.Reaktor.src}/reaktor/commands/tell-on_join"; + ; env = { PATH = makeBinPath [ pkgs.coreutils # XXX env, touch @@ -95,10 +95,10 @@ let } hooks.sed (generators.command_hook { - inherit (commands) hello random-emoji nixos-version; + inherit (commands) random-emoji nixos-version; tell = { filename = - "${pkgs.Reaktor.src}/reaktor/commands/tell-on_privmsg"; + ; env = { PATH = makeBinPath [ pkgs.coreutils # XXX date, env diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix index 392e6bed3..e2be477fd 100644 --- a/krebs/2configs/repo-sync.nix +++ b/krebs/2configs/repo-sync.nix @@ -183,7 +183,6 @@ in { (sync-remote { name = "skytraq-datalogger"; url = "https://github.com/makefu/skytraq-datalogger"; }) (sync-remote { name = "realwallpaper"; url = "https://github.com/lassulus/realwallpaper"; }) (sync-remote { name = "painload"; url = "https://github.com/krebs/painload"; }) - (sync-remote { name = "Reaktor"; url = "https://github.com/krebs/Reaktor"; }) (sync-remote { name = "nixos-wiki"; url = "https://github.com/Mic92/nixos-wiki.wiki.git"; }) ]; } diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix deleted file mode 100644 index 2a035d7be..000000000 --- a/krebs/3modules/Reaktor.nix +++ /dev/null @@ -1,155 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -let - - cfg = config.krebs.Reaktor; - homedir = "/var/lib/Reaktor"; - - out = { - options.krebs.Reaktor = api; - config = mkIf (cfg != {}) imp; - }; - - api = mkOption { - default = {}; - type = with types; attrsOf (submodule ({ options = { - - nickname = mkOption { - default = config.krebs.build.host.name + "|r"; - type = types.str; - description = '' - The nick name of the irc bot. - Defaults to {hostname}|r - ''; - }; - - overrideConfig = mkOption { - default = null; - type = types.nullOr types.str; - description = '' - configuration to be used instead of default ones. - Reaktor default cfg can be retrieved via `reaktor get-config` - ''; - }; - - plugins = mkOption { - default = [pkgs.ReaktorPlugins.nixos-version]; - }; - - workdir = mkOption { - default = "/var/lib/Reaktor"; - type = types.path; - description = '' - path to be used as workdir (home dir is still /var/lib/Reaktor) - ''; - }; - - extraConfig = mkOption { - default = ""; - type = types.str; - description = '' - configuration appended to the default or overridden configuration - ''; - }; - - extraEnviron = mkOption { - default = {}; - type = types.attrsOf types.str; - description = '' - Environment to be provided to the service, can be: - REAKTOR_HOST - REAKTOR_PORT - REAKTOR_STATEDIR - - debug and nickname can be set separately via the Reaktor api - ''; - }; - - channels = mkOption { - default = [ "#krebs" ]; - type = types.listOf types.str; - description = '' - Channels the Reaktor should connect to at startup. - ''; - }; - - debug = mkOption { - default = false; - description = '' - Reaktor debug output - ''; - }; - };})); - }; - - imp = { - # TODO get user per configured bot - # TODO get home from api - # for reaktor get-config - users.extraUsers = singleton rec { - name = "Reaktor"; - uid = genid name; - description = "Reaktor user"; - home = homedir; - createHome = true; - }; - - #users.extraGroups = singleton { - # name = "Reaktor"; - # gid = config.ids.g