From c7db9e13cde6ba34afd863d0f9e77410c194039c Mon Sep 17 00:00:00 2001 From: xkey Date: Sat, 4 Sep 2021 14:02:28 +0200 Subject: external: add aleph.r --- krebs/3modules/external/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 75be58326..29c0d34f0 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -639,7 +639,7 @@ in { nets = { retiolum = { ip4.addr = "10.243.13.12"; - aliases = [ "catalonia.r" ]; + aliases = [ "catalonia.r" "aleph.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEAug+nej8/spuRHdzcfBYAuzUVoiq4YufmJqXSshvgf4aqjeVEt91Y -- cgit v1.3.1 From 357a021c94dd67be170139b6d9da805adb238ebc Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 5 Sep 2021 21:15:06 +0200 Subject: ma: add rss.makefu.r --- krebs/3modules/makefu/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 30d90bf2b..03431ce5f 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -233,6 +233,7 @@ in { "wiki.gum.r" "wiki.makefu.r" "warrior.gum.r" + "rss.makefu.r" "sick.makefu.r" "dl.gum.r" "dl.makefu.r" -- cgit v1.3.1 From aaae1b2f5b6532ae6f5def1678957e2a6dc00c28 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 Sep 2021 22:09:27 +0200 Subject: hidden-ssh: fix to work with new nixos tor service --- krebs/3modules/hidden-ssh.nix | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/hidden-ssh.nix b/krebs/3modules/hidden-ssh.nix index 1e56e62f9..4436a6167 100644 --- a/krebs/3modules/hidden-ssh.nix +++ b/krebs/3modules/hidden-ssh.nix @@ -27,14 +27,17 @@ let imp = let torDirectory = "/var/lib/tor"; # from tor.nix - hiddenServiceDir = torDirectory + "/ssh-announce-service"; + hiddenServiceDir = torDirectory + "/onion/hidden-ssh"; in { services.tor = { enable = true; - extraConfig = '' - HiddenServiceDir ${hiddenServiceDir} - HiddenServicePort 22 127.0.0.1:22 - ''; + relay.onionServices.hidden-ssh = { + version = 3; + map = [{ + port = 22; + target.port = 22; + }]; + }; client.enable = true; }; systemd.services.hidden-ssh-announce = { -- cgit v1.3.1 From b471ff4191011b000f60dd2c6dafc6e5ed9458c2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 Sep 2021 22:51:37 +0200 Subject: irc-announce: add tls flag --- krebs/3modules/announce-activation.nix | 5 +++++ krebs/3modules/hidden-ssh.nix | 20 ++++++++++++++++---- krebs/5pkgs/simple/git-hooks/default.nix | 3 +++ krebs/5pkgs/simple/irc-announce/default.nix | 9 +++++++-- 4 files changed, 31 insertions(+), 6 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/announce-activation.nix b/krebs/3modules/announce-activation.nix index 76eb4b136..a40ae8cef 100644 --- a/krebs/3modules/announce-activation.nix +++ b/krebs/3modules/announce-activation.nix @@ -9,6 +9,7 @@ with import ; ${shell.escape (toString cfg.irc.port)} \ ${shell.escape cfg.irc.nick} \ ${shell.escape cfg.irc.channel} \ + ${escapeShellArg cfg.irc.tls} \ "$message" ''; default-get-message = pkgs.writeDash "announce-activation-get-message" '' @@ -50,6 +51,10 @@ in { default = "irc.r"; type = types.hostname; }; + tls = mkOption { + default = false; + type = types.bool; + }; }; }; config = mkIf cfg.enable { diff --git a/krebs/3modules/hidden-ssh.nix b/krebs/3modules/hidden-ssh.nix index 4436a6167..acbe717d9 100644 --- a/krebs/3modules/hidden-ssh.nix +++ b/krebs/3modules/hidden-ssh.nix @@ -19,6 +19,14 @@ let type = types.str; default = "irc.hackint.org"; }; + port = mkOption { + type = types.int; + default = 6697; + }; + tls = mkOption { + type = types.bool; + default = true; + }; message = mkOption { type = types.str; default = "SSH Hidden Service at "; @@ -53,10 +61,14 @@ let echo "still waiting for ${hiddenServiceDir}/hostname" sleep 1 done - ${pkgs.untilport}/bin/untilport ${cfg.server} 6667 && \ - ${pkgs.irc-announce}/bin/irc-announce \ - ${cfg.server} 6667 ${config.krebs.build.host.name}-ssh \ - \${cfg.channel} \ + ${pkgs.untilport}/bin/untilport ${escapeShellArg cfg.server} ${toString cfg.port} + + ${pkgs.irc-announce}/bin/irc-announce \ + ${escapeShellArg cfg.server} \ + ${toString cfg.port} \ + "${config.krebs.build.host.name}-ssh" \ + ${escapeShellArg cfg.channel} \ + ${escapeShellArg cfg.tls} \ "${cfg.message}$(cat ${hiddenServiceDir}/hostname)" ''; PrivateTmp = "true"; diff --git a/krebs/5pkgs/simple/git-hooks/default.nix b/krebs/5pkgs/simple/git-hooks/default.nix index 0a2c84410..012c4ccf8 100644 --- a/krebs/5pkgs/simple/git-hooks/default.nix +++ b/krebs/5pkgs/simple/git-hooks/default.nix @@ -12,6 +12,7 @@ with import ; , port ? 6667 , refs ? [] , server + , tls ? false , verbose ? false }: /* sh */ '' #! /bin/sh @@ -39,6 +40,7 @@ with import ; nick=${escapeShellArg nick} channel=${escapeShellArg channel} server=${escapeShellArg server} + tls=${escapeShellArg tls} port=${toString port} host=$nick @@ -114,6 +116,7 @@ with import ; "$port" \ "$nick" \ "$channel" \ + "tls" \ "$message" fi ''; diff --git a/krebs/5pkgs/simple/irc-announce/default.nix b/krebs/5pkgs/simple/irc-announce/default.nix index 52cf12862..5797b3667 100644 --- a/krebs/5pkgs/simple/irc-announce/default.nix +++ b/krebs/5pkgs/simple/irc-announce/default.nix @@ -17,7 +17,8 @@ pkgs.writeDashBin "irc-announce" '' IRC_PORT=$2 IRC_NICK=$3_$$ IRC_CHANNEL=$4 - message=$5 + IRC_TLS=$5 + message=$6 export IRC_CHANNEL # for privmsg_cat @@ -34,6 +35,8 @@ pkgs.writeDashBin "irc-announce" '' # privmsg_cat transforms stdin to a privmsg privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; } + tls_flag() { if [ "$IRC_TLS" -eq 1 ]; then echo "-c"; fi } + # ircin is used to feed the output of netcat back to the "irc client" # so we can implement expect-like behavior with sed^_^ # XXX mkselfdestructingtmpfifo would be nice instead of this cruft @@ -51,6 +54,8 @@ pkgs.writeDashBin "irc-announce" '' echo2 "USER $LOGNAME 0 * :$LOGNAME@$(hostname)" echo2 "NICK $IRC_NICK" + awk 'match($0, /PING(.*)/, m) {print "PONG", m[1]; exit}' + # wait for MODE message sed -n '/^:[^ ]* MODE /q' @@ -67,5 +72,5 @@ pkgs.writeDashBin "irc-announce" '' echo2 'QUIT :Gone to have lunch' } < ircin \ - | nc "$IRC_SERVER" "$IRC_PORT" | tee -a ircin + | nc $(tls_flag) "$IRC_SERVER" "$IRC_PORT" | tee -a ircin '' -- cgit v1.3.1 From 9cebb569811fb7975ca45997b3eb46e518397bec Mon Sep 17 00:00:00 2001 From: Jörg Thalheim Date: Mon, 6 Sep 2021 18:51:51 +0200 Subject: mic92: restart realwallpaper on failure --- krebs/3modules/realwallpaper.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index 76f333963..1fa6012cf 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -51,6 +51,7 @@ let serviceConfig = { Type = "simple"; + Restart = "on-failure"; ExecStart = "${pkgs.realwallpaper}/bin/generate-wallpaper"; User = "realwallpaper"; }; -- cgit v1.3.1 From f2287d2024a5e3634ffb2115204aa4065afe2a4f Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 10 Sep 2021 09:22:08 +0200 Subject: l: add mumble.lassul.us for mumble-web --- krebs/3modules/lass/default.nix | 1 + lass/1systems/prism/config.nix | 14 +------------- lass/2configs/murmur.nix | 39 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 41 insertions(+), 13 deletions(-) create mode 100644 lass/2configs/murmur.nix (limited to 'krebs/3modules') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index b19e2e6fc..7ad725cd8 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -47,6 +47,7 @@ in { radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} jitsi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} streaming 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + mumble 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; }; nets = rec { diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 6ce4332da..3a6ab25a4 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -276,19 +276,7 @@ with import ; { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} ]; } - { - services.murmur = { - enable = true; - bandwidth = 10000000; - registerName = "lassul.us"; - autobanTime = 30; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 64738"; target = "ACCEPT";} - { predicate = "-p udp --dport 64738"; target = "ACCEPT";} - ]; - - } + { systemd.services."container@yellow".reloadIfChanged = mkForce false; containers.yellow = { diff --git a/lass/2configs/murmur.nix b/lass/2configs/murmur.nix new file mode 100644 index 000000000..9f325d0af --- /dev/null +++ b/lass/2configs/murmur.nix @@ -0,0 +1,39 @@ +{ config, lib, pkgs, ... }: +{ + services.murmur = { + enable = true; + bandwidth = 10000000; + registerName = "lassul.us"; + autobanTime = 30; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 64738"; target = "ACCEPT";} + { predicate = "-p udp --dport 64738"; target = "ACCEPT";} + ]; + + systemd.services.docker-mumble-web.serviceConfig = { + StandardOutput = lib.mkForce "journal"; + StandardError = lib.mkForce "journal"; + }; + virtualisation.oci-containers.containers.mumble-web = { + image = "rankenstein/mumble-web"; + environment = { + MUMBLE_SERVER = "lassul.us:64738"; + }; + ports = [ + "64739:8080" + ]; + }; + + services.nginx.virtualHosts."mumble.lassul.us" = { + enableACME = true; + forceSSL = true; + locations."/".extraConfig = '' + proxy_pass http://localhost:64739/; + proxy_set_header Accept-Encoding ""; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + ''; + }; +} -- cgit v1.3.1 From b8cd625a70fdd8811b8c5bfd0abf17a00c2e628c Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 10 Sep 2021 09:23:02 +0200 Subject: l: add lasspi & domsen-pixel hosts --- krebs/3modules/lass/default.nix | 55 +++++++++++++++++++++++++++++++++++++++ lass/1systems/lasspi/config.nix | 26 ++++++++++++++++++ lass/1systems/lasspi/physical.nix | 43 ++++++++++++++++++++++++++++++ 3 files changed, 124 insertions(+) create mode 100644 lass/1systems/lasspi/config.nix create mode 100644 lass/1systems/lasspi/physical.nix (limited to 'krebs/3modules') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 7ad725cd8..693e04e6e 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -786,6 +786,61 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIn+o0uCBSot254kZKlNepVKFcwDPdr8s6+lQmYGM3Hd "; }; + lasspi = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.1.89"; + ip6.addr = r6 "189"; + aliases = [ + "lasspi.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3zUXIiw8/9okrGaxlAR1 + JvoXNxAzLj5wwE2B0A+9ppev7Vl52HJarNoM6+0RN4aZDGMhDWg8J5ZQSdGUNm5F + CIdxE1TwLXxzW5nd7BIb+MVsjtw0pxId7Gxq6Wgtx1QljUdsp8OVrJActqsmXYMl + oYEWdENHRONYTCyhs+Kd18MERyxQCqOXOnD170iaFuCcHiIa2nSOtlk+aIPNIE/P + Qsp7Q0RCRvqd5LszsI7bp3gZL9mgGquQEW+3ZxSaIYHGTdK/zI4PHYpEa7IvdJFS + BJjJj+PbilnSxy7iL826O8ckxBqA0rNS0EynCKCI0DoVimCeklk20vLagDyXiDyC + VW2774j1rF35eIowPTBVJNfquEptNDl9MLV3MC2P8gnCZp5x+7dEwpqsvecBQ7Z8 + +Ry9JZ/zlWi5qT86SrwKKqJqRhWHjZZSRzWdo4ypaNOy0cKHb2DcVfgn38Kf16xs + QM11XLCRE8VLIVl5UFgrF6q/0f8JP1BG8RO90NDsLwIW/EwKiJ9OGFtayvxkmgHP + zgmzgws8cn50762OPkp4OVzVexN77d9N8GU9QXAlsFyn2FJlO26DvFON4fHIf0bP + 6lqI1Up2jAy0eSl2txlxxKbKRlkIaebHulhxIxQ1djA+xPb/5cfasom9Qqwf6/Lc + 287nChBcbY+HlshTe0lZdrkCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + wiregrill = { + ip6.addr = w6 "189"; + aliases = [ + "lasspi.w" + ]; + wireguard.pubkey = '' + IIBAiG7jZEliQJJsNUQswLsB5FQFkAfq5IwyHAp71Vw= + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEjYOaTQE9OvvIaWWjO+3/uSy7rvnhnJA48rWYeB2DfB"; + }; + + domsen-pixel = { + nets = { + wiregrill = { + ip4.addr = "10.244.1.17"; + ip6.addr = w6 "d0"; + aliases = [ + "domsen-pixel.w" + ]; + wireguard.pubkey = "cGuBSB1DftIsanbxrSG/i4FiC+TmQrs+Z0uE6SPscHY="; + }; + }; + external = true; + ci = false; + }; + }; users = rec { lass = lass-yubikey; diff --git a/lass/1systems/lasspi/config.nix b/lass/1systems/lasspi/config.nix new file mode 100644 index 000000000..9f823dfc8 --- /dev/null +++ b/lass/1systems/lasspi/config.nix @@ -0,0 +1,26 @@ +with import ; +{ config, lib, pkgs, ... }: +let +in +{ + imports = [ + + + + ]; + + krebs.build.host = config.krebs.hosts.lasspi; + + networking = { + networkmanager = { + enable = true; + }; + }; + environment.systemPackages = with pkgs; [ + vim + rxvt_unicode.terminfo + ]; + services.openssh.enable = true; + + system.stateVersion = "21.05"; +} diff --git a/lass/1systems/lasspi/physical.nix b/lass/1systems/lasspi/physical.nix new file mode 100644 index 000000000..80c459a95 --- /dev/null +++ b/lass/1systems/lasspi/physical.nix @@ -0,0 +1,43 @@ +{ config, lib, pkgs, ... }: +{ + # This configuration worked on 09-03-2021 nixos-unstable @ commit 102eb68ceec + # The image used https://hydra.nixos.org/build/134720986 + imports = [ + ./config.nix + ]; + + boot = { + # kernelPackages = pkgs.linuxPackages_rpi4; + tmpOnTmpfs = true; + initrd.availableKernelModules = [ "usbhid" "usb_storage" ]; + # ttyAMA0 is the serial console broken out to the GPIO + kernelParams = [ + "8250.nr_uarts=1" + "console=ttyAMA0,115200" + "console=tty1" + # Some gui programs need this + "cma=128M" + ]; + }; + + boot.loader.raspberryPi = { + enable = true; + version = 4; + }; + boot.loader.grub.enable = false; + boot.loader.generic-extlinux-compatible.enable = true; + + # Required for the Wireless firmware + hardware.enableRedistributableFirmware = true; + + # Assuming this is installed on top of the disk image. + fileSystems = { + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + options = [ "noatime" ]; + }; + }; + + powerManagement.cpuFreqGovernor = "ondemand"; +} -- cgit v1.3.1 From 68c7f79174ad1d30514a6529fdfd5957d799a4e1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 10 Sep 2021 09:24:12 +0200 Subject: l echelon.r: add syncthing id --- krebs/3modules/lass/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 693e04e6e..3419d806c 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -784,6 +784,7 @@ in { }; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIn+o0uCBSot254kZKlNepVKFcwDPdr8s6+lQmYGM3Hd "; + syncthing.id = "TT4MBZS-YNDZUYO-Y6L4GOK-5IYUCXY-2RKFOSK-5SMZYSR-5QMOXSS-6DNJIAZ"; }; lasspi = { -- cgit v1.3.1 From e7d5d990837981496fd8883c85391132200a5319 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 14 Sep 2021 19:10:16 +0200 Subject: rip Reaktor --- krebs/1systems/test-all-krebs-modules/config.nix | 1 - krebs/2configs/reaktor2.nix | 6 +- krebs/2configs/repo-sync.nix | 1 - krebs/3modules/Reaktor.nix | 155 ------------------ krebs/3modules/default.nix | 1 - krebs/5pkgs/default.nix | 2 - krebs/5pkgs/simple/Reaktor/default.nix | 24 --- krebs/5pkgs/simple/Reaktor/plugins.nix | 182 --------------------- krebs/5pkgs/simple/Reaktor/scripts/tell-on_join.sh | 25 +++ .../simple/Reaktor/scripts/tell-on_privmsg.sh | 18 ++ krebs/5pkgs/simple/reaktor2-plugins.nix | 4 - 11 files changed, 46 insertions(+), 373 deletions(-) delete mode 100644 krebs/3modules/Reaktor.nix delete mode 100644 krebs/5pkgs/simple/Reaktor/default.nix delete mode 100644 krebs/5pkgs/simple/Reaktor/plugins.nix create mode 100755 krebs/5pkgs/simple/Reaktor/scripts/tell-on_join.sh create mode 100755 krebs/5pkgs/simple/Reaktor/scripts/tell-on_privmsg.sh (limited to 'krebs/3modules') diff --git a/krebs/1systems/test-all-krebs-modules/config.nix b/krebs/1systems/test-all-krebs-modules/config.nix index 2e1b5c1ad..8495a3ded 100644 --- a/krebs/1systems/test-all-krebs-modules/config.nix +++ b/krebs/1systems/test-all-krebs-modules/config.nix @@ -10,7 +10,6 @@ in { enable = true; build.user = config.krebs.users.krebs; build.host = config.krebs.hosts.test-all-krebs-modules; - Reaktor.test = {}; apt-cacher-ng.enable = true; backup.enable = true; bepasty.enable = true; diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index 4a33c33ec..79822668b 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -47,7 +47,7 @@ let activate = "always"; command = { filename = - "${pkgs.Reaktor.src}/reaktor/commands/tell-on_join"; + ; env = { PATH = makeBinPath [ pkgs.coreutils # XXX env, touch @@ -95,10 +95,10 @@ let } hooks.sed (generators.command_hook { - inherit (commands) hello random-emoji nixos-version; + inherit (commands) random-emoji nixos-version; tell = { filename = - "${pkgs.Reaktor.src}/reaktor/commands/tell-on_privmsg"; + ; env = { PATH = makeBinPath [ pkgs.coreutils # XXX date, env diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix index 392e6bed3..e2be477fd 100644 --- a/krebs/2configs/repo-sync.nix +++ b/krebs/2configs/repo-sync.nix @@ -183,7 +183,6 @@ in { (sync-remote { name = "skytraq-datalogger"; url = "https://github.com/makefu/skytraq-datalogger"; }) (sync-remote { name = "realwallpaper"; url = "https://github.com/lassulus/realwallpaper"; }) (sync-remote { name = "painload"; url = "https://github.com/krebs/painload"; }) - (sync-remote { name = "Reaktor"; url = "https://github.com/krebs/Reaktor"; }) (sync-remote { name = "nixos-wiki"; url = "https://github.com/Mic92/nixos-wiki.wiki.git"; }) ]; } diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix deleted file mode 100644 index 2a035d7be..000000000 --- a/krebs/3modules/Reaktor.nix +++ /dev/null @@ -1,155 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -let - - cfg = config.krebs.Reaktor; - homedir = "/var/lib/Reaktor"; - - out = { - options.krebs.Reaktor = api; - config = mkIf (cfg != {}) imp; - }; - - api = mkOption { - default = {}; - type = with types; attrsOf (submodule ({ options = { - - nickname = mkOption { - default = config.krebs.build.host.name + "|r"; - type = types.str; - description = '' - The nick name of the irc bot. - Defaults to {hostname}|r - ''; - }; - - overrideConfig = mkOption { - default = null; - type = types.nullOr types.str; - description = '' - configuration to be used instead of default ones. - Reaktor default cfg can be retrieved via `reaktor get-config` - ''; - }; - - plugins = mkOption { - default = [pkgs.ReaktorPlugins.nixos-version]; - }; - - workdir = mkOption { - default = "/var/lib/Reaktor"; - type = types.path; - description = '' - path to be used as workdir (home dir is still /var/lib/Reaktor) - ''; - }; - - extraConfig = mkOption { - default = ""; - type = types.str; - description = '' - configuration appended to the default or overridden configuration - ''; - }; - - extraEnviron = mkOption { - default = {}; - type = types.attrsOf types.str; - description = '' - Environment to be provided to the service, can be: - REAKTOR_HOST - REAKTOR_PORT - REAKTOR_STATEDIR - - debug and nickname can be set separately via the Reaktor api - ''; - }; - - channels = mkOption { - default = [ "#krebs" ]; - type = types.listOf types.str; - description = '' - Channels the Reaktor should connect to at startup. - ''; - }; - - debug = mkOption { - default = false; - description = '' - Reaktor debug output - ''; - }; - };})); - }; - - imp = { - # TODO get user per configured bot - # TODO get home from api - # for reaktor get-config - users.extraUsers = singleton rec { - name = "Reaktor"; - uid = genid name; - description = "Reaktor user"; - home = homedir; - createHome = true; - }; - - #users.extraGroups = singleton { - # name = "Reaktor"; - # gid = config.ids.gids.Reaktor; - #}; - - systemd.services = mapAttrs' (name: botcfg: - let - ReaktorConfig = pkgs.writeText "config.py" '' - ${if (isString botcfg.overrideConfig ) then '' - # Overriden Config - ${botcfg.overrideConfig} - '' else ""} - ## Extra Config - ${concatStringsSep "\n" (map (plug: plug.config) botcfg.plugins)} - ${botcfg.extraConfig} - ''; - in nameValuePair "Reaktor-${name}" { - path = with pkgs; [ - git # for nag - jq # for tell - python # for caps - utillinux # flock for tell - ]; - description = "Reaktor IRC Bot"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - environment = { - GIT_SSL_CAINFO = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - PYTHONPATH = "${pkgs.Reaktor}/lib/python3.6/site-packages"; - REAKTOR_NICKNAME = botcfg.nickname; - REAKTOR_DEBUG = (if botcfg.debug then "True" else "False"); - REAKTOR_CHANNELS = lib.concatStringsSep "," botcfg.channels; - state_dir = botcfg.workdir; - - } // botcfg.extraEnviron; - serviceConfig= { - ExecStartPre = pkgs.writeScript "Reaktor-init" '' - #! /bin/sh - ${if (isString botcfg.overrideConfig) then - ''cp ${ReaktorConfig} /tmp/reaktor-${name}-config.py'' - else - ''(${pkgs.Reaktor}/bin/reaktor get-config;cat "${ReaktorConfig}" ) > /tmp/reaktor-${name}-config.py'' - } - mkdir -p ${botcfg.workdir} - ''; - ExecStart = "${pkgs.Reaktor}/bin/reaktor run /tmp/reaktor-${name}-config.py"; - PrivateTmp = "true"; - User = "Reaktor"; - Restart = "always"; - RestartSec= "30" ; - }; - } - ) cfg; - - }; - -in -out diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 30ca82b97..149995a23 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -43,7 +43,6 @@ let ./permown.nix ./per-user.nix ./power-action.nix - ./Reaktor.nix ./reaktor2.nix ./realwallpaper.nix ./retiolum-bootstrap.nix diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index d18c3e4c8..c077bf4d7 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -15,6 +15,4 @@ foldl' mergeAttrs {} { brockman = self.haskellPackages.brockman; reaktor2 = self.haskellPackages.reaktor2; - - ReaktorPlugins = self.callPackage ./simple/Reaktor/plugins.nix {}; } diff --git a/krebs/5pkgs/simple/Reaktor/default.nix b/krebs/5pkgs/simple/Reaktor/default.nix deleted file mode 100644 index 1cc498a68..000000000 --- a/krebs/5pkgs/simple/Reaktor/default.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ lib, pkgs, python3Packages, fetchFromGitHub, ... }: - -python3Packages.buildPythonPackage rec { - name = "Reaktor-${version}"; - version = "0.7.1"; - - doCheck = false; - - propagatedBuildInputs = with pkgs;[ - python3Packages.docopt - python3Packages.requests - ]; - src = fetchFromGitHub { - owner = "krebs"; - repo = "Reaktor"; - rev = "v${version}"; - sha256 = "0cv5a4x73ls6sk8qj2qi6gqn31rv8kvdg13dsf3jv92xdfx6brjn"; - }; - meta = { - homepage = http://krebsco.de/; - description = "An IRC bot based on asynchat"; - license = lib.licenses.wtfpl; - }; -} diff --git a/krebs/5pkgs/simple/Reaktor/plugins.nix b/krebs/5pkgs/simple/Reaktor/plugins.nix deleted file mode 100644 index 1b19a1178..000000000 --- a/krebs/5pkgs/simple/Reaktor/plugins.nix +++ /dev/null @@ -1,182 +0,0 @@ -{ stdenv, lib, pkgs, makeWrapper }: - -rec { - # Begin API - buildBaseReaktorPlugin = { name - , config # python extra configuration for plugin - , phases ? [] - , ... } @ attrs: - stdenv.mkDerivation (attrs // { - name = "Reaktor-plugin-" + name; - isReaktorPlugin = true; - }); - - buildSimpleReaktorPlugin = name: { script - , path ? [] - , env ? {} - , append_rule ? false # append the rule instead of insert - , pattern ? "" - , ... } @ attrs: - let - path_env = { "PATH" = lib.makeSearchPath "bin" (path ++ [ pkgs.coreutils ]); }; - src_dir = pkgs.substituteAll ( { - inherit name; - dir = "bin"; - isExecutable = true; - src = script; - }); - src_file = "${src_dir}/bin/${name}"; - config = '' - public_commands.${if append_rule then "append(" else "insert(0," }{ - 'capname' : "${name}", - 'pattern' : ${if pattern == "" then - ''indirect_pattern.format("${name}")'' else - ''"${pattern}"'' }, - 'argv' : ["${src_file}"], - 'env' : ${builtins.toJSON (path_env // env)} }) - ''; - config_file = pkgs.writeText "plugin.py" config; - in buildBaseReaktorPlugin (attrs // rec { - inherit name config; - - phases = [ "installPhase" ]; - buildInputs = [ makeWrapper ]; - installPhase = '' - mkdir -p $out/bin $out/etc/Reaktor - ln -s ${src_file} $out/bin - wrapProgram $out/bin/${name} \ - --prefix PATH : ${path_env.PATH} - ln -s ${config_file} $out/etc/Reaktor/plugin.py - ''; - - }); - # End API - - # Begin Plugins - random-emoji = buildSimpleReaktorPlugin "emoji" { - path = with pkgs; [ gnused gnugrep xmlstarlet curl ]; - script = ./scripts/random-emoji.sh; - }; - - sed-plugin = buildSimpleReaktorPlugin "sed-plugin" { - path = [ pkgs.gnused pkgs.python3 ]; - # only support s///gi the plugin needs to see every msg - # TODO: this will eat up the last regex, fix Reaktor to support fallthru - append_rule = true; - pattern = "^(?P.*)$$"; - script = ./scripts/sed-plugin.py; - }; - - shack-correct = buildSimpleReaktorPlugin "shack-correct" { - path = [ pkgs.gnused ]; - pattern = "^(?P.*Shack.*)$$"; - script = ./scripts/shack-correct.sh; - }; - - nixos-version = buildSimpleReaktorPlugin "nixos-version" { - script = pkgs.writeDash "nixos-version" '' - . /etc/os-release - echo "$PRETTY_NAME" - ''; - }; - stockholm-issue = buildSimpleReaktorPlugin "stockholm-issue" { - script = ./scripts/random-issue.sh; - path = with pkgs; [ git gnused haskellPackages.lentil ]; - env = { "origin" = "http://cgit.gum/stockholm"; }; - }; - - titlebot = - let - pypkgs = pkgs.python3Packages; - titlebot_cmds = pypkgs.buildPythonPackage { - name = "titlebot_cmds"; - propagatedBuildInputs = with pypkgs; [ setuptools ]; - src = pkgs.fetchurl { - url = "https://github.com/makefu/reaktor-titlebot/archive/2.1.0.tar.gz"; - sha256 = "0wvf09wmk8b52f9j65qrw81nwrhs9pfhijwrlkzp5l7l2q8cjkp6"; - }; - }; - in buildBaseReaktorPlugin rec { - name = "titlebot"; - phases = [ "installPhase" ]; - installPhase = '' - mkdir -p $out - ln -s ${titlebot_cmds}/* $out - ''; - config = '' - def titlebot_cmd(cmd): - from os import environ - return { 'capname': None, - 'env': { 'TITLEDB': - environ['state_dir']+'/suggestions.json' }, - 'pattern': '^\\.' + cmd + '\\s*(?:\\s+(?P.*))?$$', - 'argv': [ '${titlebot_cmds}/bin/' + cmd ] } - for i in ['up','help','list','top','new']: - public_commands.insert(0,titlebot_cmd(i)) - commands.insert(0,titlebot_cmd('clear')) - ''; - }; - - url-title = (buildSimpleReaktorPlugin "url-title" { - pattern = "^.*(?Phttp[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$$"; - path = with pkgs; [ curl perl ]; - script = pkgs.writePython3 "url-title" { deps = with pkgs.python3Packages; [ beautifulsoup4 lxml ]; } '' - import cgi - import sys - import urllib.request - from bs4 import BeautifulSoup - - try: - req = urllib.request.Request(sys.argv[1]) - req.add_header('user-agent', 'Reaktor-url-title') - resp = urllib.request.urlopen(req) - if resp.headers['content-type'].find('text/html') >= 0: - soup = BeautifulSoup(resp.read(16000), "lxml") - title = soup.find('title').string - - if len(title.split('\n')) > 5: - title = '\n'.join(title.split('\n')[:5]) - - print(title[:450]) - else: - cd_header = resp.headers['content-disposition'] - print(cgi.parse_header(cd_header)[1]['filename']) - except: # noqa: E722 - pass - ''; - }); - - task = name: let - rcFile = builtins.toFile "taskrc" '' - confirmation=no - ''; - in { - add = buildSimpleReaktorPlugin "${name}-task-add" { - pattern = "^${name}-add: (?P.*)$$"; - script = pkgs.writeDash "${name}-add" '' - TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} add "$*" - ''; - }; - - list = buildSimpleReaktorPlugin "task-list" { - pattern = "^${name}-list"; - script = pkgs.writeDash "task-list" '' - TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} export | ${pkgs.jq}/bin/jq -r '.[] | select(.id != 0) | "\(.id) \(.description)"' - ''; - }; - - delete = buildSimpleReaktorPlugin "task-delete" { - pattern = "^${name}-delete: (?P.*)$$"; - script = pkgs.writeDash "task-delete" '' - TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} delete "$*" - ''; - }; - - done = buildSimpleReaktorPlugin "task-done" { - pattern = "^${name}-done: (?P.*)$$"; - script = pkgs.writeDash "task-done" '' - TASKDATA=$HOME/${name} ${pkgs.taskwarrior}/bin/task rc:${rcFile} done "$*" - ''; - }; - }; -} diff --git a/krebs/5pkgs/simple/Reaktor/scripts/tell-on_join.sh b/krebs/5pkgs/simple/Reaktor/scripts/tell-on_join.sh new file mode 100755 index 000000000..c21dc8776 --- /dev/null +++ b/krebs/5pkgs/simple/Reaktor/scripts/tell-on_join.sh @@ -0,0 +1,25 @@ +#! /bin/sh +set -euf + +# require flock from util-linux (pkgs.utillinux) +if test "${FLOCK-}" != "$state_file"; then + exec env FLOCK="$state_file" flock "$state_file" "$0" "$@" +fi + +# TODO tell now, if already joined +jq -r <"$state_file" \ + --arg to "$_from" \ + --arg msgtarget "$_msgtarget" \ + ' + select(.to == $to and .msgtarget == $msgtarget) | + "\(.to): \(.text) \u00032-- \(.from)\u00032 \(.date)" + ' + +jq -c <"$state_file" >"$state_file.tmp" \ + --arg to "$_from" \ + --arg msgtarget "$_msgtarget" \ + ' + select((.to == $to and .msgtarget == $msgtarget) | not) + ' + +mv "$state_file.tmp" "$state_file" diff --git a/krebs/5pkgs/simple/Reaktor/scripts/tell-on_privmsg.sh b/krebs/5pkgs/simple/Reaktor/scripts/tell-on_privmsg.sh new file mode 100755 index 000000000..fc05bdefb --- /dev/null +++ b/krebs/5pkgs/simple/Reaktor/scripts/tell-on_privmsg.sh @@ -0,0 +1,18 @@ +#! /bin/sh +set -euf + +# require flock from util-linux +if test "${FLOCK-}" != "$state_file"; then + exec env FLOCK="$state_file" flock "$state_file" "$0" "$@" +fi + +# TODO tell now, if already joined +jq -cn \ + --arg from "$_from" \ + --arg to "${1%% *}" \ + --arg text "${1#* }" \ + --arg msgtarget "$_msgtarget" \ + '{ $from, $to, $text, $msgtarget, date: (now | todate) }' \ + >> "$state_file" + +echo 'Consider it noted.' # that's what lambdabot says... diff --git a/krebs/5pkgs/simple/reaktor2-plugins.nix b/krebs/5pkgs/simple/reaktor2-plugins.nix index 48464c0b6..4cd9e7d89 100644 --- a/krebs/5pkgs/simple/reaktor2-plugins.nix +++ b/krebs/5pkgs/simple/reaktor2-plugins.nix @@ -14,10 +14,6 @@ rec { commands = { - hello = { - filename = "${pkgs.Reaktor.src}/reaktor/commands/hello"; - }; - random-emoji = { filename = ; env = { -- cgit v1.3.1 From 8a697d68974e8f8d8873120a9d2450babe3bfad0 Mon Sep 17 00:00:00 2001 From: Kierán Meinhardt Date: Sun, 19 Sep 2021 09:22:08 +0200 Subject: external: refactor kmein hosts --- krebs/3modules/external/default.nix | 64 +++---------------------------------- 1 file changed, 5 insertions(+), 59 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 29c0d34f0..eff2967e0 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -18,42 +18,14 @@ with import ; in { hosts = mapAttrs hostDefaults { - toum = { - owner = config.krebs.users.kmein; - nets = { - retiolum = { - ip4.addr = "10.243.2.3"; - aliases = [ - "toum.r" - "toum.kmein.r" - ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2tRtskPP6391+ZX9xzsx - CUotXuqYucYmnUbrRSIlxASVqTmAf3nDOE5EDBBcTdSwnb02JcJW4Zh7+BGgMxjF - GxDPs6ETI28mHK+6rp8TOkMnyDb5mtSGVZPvKJU9fFOt6aAX1J1BzTfwtHtVQq7K - WBzdpeKXlw4dIQ6K6SGmPIPpEh9pE1Xb+GuVljCXKxGJFbW40dmh2ZdadO7umBDu - vRk08jT9/BUnUP6KrZlvyePnG38z6srMrVU+XAHu5D2qZ9y+QIp3kw7Y5JUrNXc7 - 9q9P9TYx15GiIz2mSJKcLVmkLRebsaqdV7dBibPbfdGE+NB+F1FYPGDdW4cnonon - DzzjGm/FDfOCXEnSkYGQDBWpfd/8AWum1xGJxJCPNBJElGE2o5jDWo4Y1b9gHP0M - vARm8AOK8R1pQ7BP+pNMO0gGw2NDrtWiWpTeZ7SqXmZAZ/Gmyen9X+/fowcbTyDH - b9joIuMQeOtxbUV2JprZIdit9NBFSZq/7Re/GBUwjGBm3LabIXFNGKZovx/f9lf8 - r5tVs4SPauiKzZS0K1Gz1NSq+3OXaY5EwVrBUXptYqRT7uyhVloOPRUsqRFeB0Fn - Y5xOpDJ0UiJxgFbdH5Vb81D/VjNO9Q4nZib8wSEuLrYLHGoceQPX4+Ov9IdhIL4B - BMTCaF+VCWC5PCLr0e61KqMCAwEAAQ== - -----END PUBLIC KEY----- - ''; - }; - }; - }; - wilde = { + kabsa = { owner = config.krebs.users.kmein; nets = { retiolum = { ip4.addr = "10.243.2.4"; aliases = [ - "wilde.r" - "wilde.kmein.r" + "kabsa.r" + "kabsa.kmein.r" ]; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- @@ -99,34 +71,6 @@ in { }; }; }; - homeros = { - owner = config.krebs.users.kmein; - nets = { - retiolum = { - ip4.addr = "10.243.2.1"; - aliases = [ - "homeros.r" - "homeros.kmein.r" - ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoZq6BwB6rV6EfTf8PWOd - ZhEWig5VcK1FcH0qi7KgojAhGSHhWmtFlvRSoGpQrSFRN0g5eTnrrguuTiIs6djc - 6Al9HMqwSD1IOkqFm8jM4aG5NqjYg3in6blOFarBEOglfnsYHiUPt6T4fERxRZ9v - RguEWrishNMSv+D4vclKwctTB/6dQNsTAfnplcyDZ9un/ql9BG2cgU9yqeYLDdXd - vRvrWX9eZKGJvTrQmAiKONlSvspr1d28FxcUrUnCsdRLvP3Cc4JZiUhSA7ixFxn3 - +LgGIZiMKTnl8syrsHk5nvLi5EUER7xkVX8iBlKA4JD4XTZVyBxPB1mJnOCUShQc - QK6nVr6auvJbRn7DHHKxDflSBgYt4qaf92+5A4xEsZtgMpmIFH5t6ifGQsQwgYsm - fOexviy9gMyZrHjQDUs4smQxxYq3AJLdfOg2jQXeAbgZpCVw5l8YHk3ECoAk7Fvh - VMJVPwukErGuVn2LpCHeVyFBXNft4bem1g0gtaf2SuGFEnl7ABetQ0bRwClRSLd7 - k7PGDbdcCImsWhqyuLpkNcm95DfBrXa12GETm48Wv9jV52C5tfWFmOnJ0mOnvtxX - gpizJjFzHz275TVnJHhmIr2DkiGpaIVUL4FRkTslejSJQoUTZfDAvKF2gRyk+n6N - mJ/hywVtvLxNkNimyztoKKMCAwEAAQ== - -----END PUBLIC KEY----- - ''; - }; - }; - }; horisa = { cores = 2; owner = config.krebs.users.ulrich; # main laptop @@ -205,6 +149,7 @@ in { aliases = [ "makanek.r" "makanek.kmein.r" + "grafana.kmein.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -317,6 +262,7 @@ in { aliases = [ "zaatar.r" "zaatar.kmein.r" + "radio.kmein.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- -- cgit v1.3.1