From cc26a9e93d36ac5e9f01d6ee7339703ce3c8c1ab Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 3 Jan 2019 19:12:52 +0100 Subject: l baseX: don't automount prism.r --- lass/2configs/baseX.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 1f2bb511f..1b6a1d593 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -9,7 +9,6 @@ in { ./power-action.nix ./copyq.nix ./urxvt.nix - ./nfs-dl.nix { hardware.pulseaudio = { enable = true; -- cgit v1.3.1 From 7e814620a137b7b85b7d601ffa092caab05a6929 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 3 Jan 2019 19:14:09 +0100 Subject: l baseX: remove xephyrify from pkgs --- lass/2configs/baseX.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 1b6a1d593..b8a0a9f2a 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -79,7 +79,6 @@ in { taskwarrior termite xclip - xephyrify xorg.xbacklight xorg.xhost xsel -- cgit v1.3.1 From 3090179491a0988190b37b2309db4c0baef1ceed Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 4 Jan 2019 16:35:09 +0100 Subject: l: enable o.xanf.org nextcloud --- lass/1systems/prism/physical.nix | 5 +++++ lass/2configs/websites/domsen.nix | 14 ++++++++++++++ 2 files changed, 19 insertions(+) (limited to 'lass/2configs') diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index 116bdb92f..159ee0c90 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -40,6 +40,11 @@ fsType = "zfs"; }; + fileSystems."/var/lib/nextcloud" = { + device = "tank/nextcloud"; + fsType = "zfs"; + }; + nix.maxJobs = lib.mkDefault 8; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 25dac0ac4..223fc73ba 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -88,6 +88,20 @@ in { file_uploads = on ''; + services.nextcloud = { + enable = true; + hostName = "o.xanf.org"; + config = { + adminpassFile = toString + "/nextcloud_pw"; + }; + #https = true; + nginx.enable = true; + }; + services.nginx.virtualHosts."o.xanf.org" = { + enableACME = true; + forceSSL = true; + }; + # MAIL STUFF # TODO: make into its own module services.dovecot2 = { -- cgit v1.3.1 From 4175b47ea071b558484b7f3803e41136bfea3b97 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 4 Jan 2019 17:26:21 +0100 Subject: l gc: garbage collect on prism --- lass/2configs/gc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix index c5073e384..a1bb26049 100644 --- a/lass/2configs/gc.nix +++ b/lass/2configs/gc.nix @@ -3,6 +3,6 @@ with import ; { nix.gc = { - automatic = ! (elem config.krebs.build.host.name [ "prism" "mors" "helios" ] || config.boot.isContainer); + automatic = ! (elem config.krebs.build.host.name [ "mors" "helios" ] || config.boot.isContainer); }; } -- cgit v1.3.1 From c7630d003ee6fd77406f84262e97a362983d521b Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 4 Jan 2019 17:29:33 +0100 Subject: l mail: more list sorting --- lass/2configs/mail.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 21b9d7b49..3c19fe061 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -51,7 +51,7 @@ let eloop = [ "to:eloop.org" ]; github = [ "to:github@lassul.us" ]; gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ]; - india = [ "to:hillhackers@lists.hillhacks.in" "to:hackbeach@lists.hackbeach.in" ]; + india = [ "to:hillhackers@lists.hillhacks.in" "to:hackbeach@lists.hackbeach.in" "to:hackbeach@mail.hackbeach.in" ]; kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ]; lugs = [ "to:lugs@lug-s.org" ]; meetup = [ "to:meetup@lassul.us" ]; -- cgit v1.3.1 From bbbe09285a95cda654a344e42e1330bd53748936 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 4 Jan 2019 17:31:43 +0100 Subject: l websites lassulus: add mors pubkey location --- lass/2configs/websites/lassulus.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 307f1c2b3..27cadd100 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -101,6 +101,9 @@ in { locations."/pub".extraConfig = '' alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey}; ''; + locations."/pub1".extraConfig = '' + alias ${pkgs.writeText "pub" config.krebs.users.lass-mors.pubkey}; + ''; }; security.acme.certs."cgit.lassul.us" = { -- cgit v1.3.1 From 942d0f0f14e6c5b312128f1b111ad31f1a1f1d1f Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 18 Jan 2019 14:01:43 +0100 Subject: l games: remove broken ftb package --- lass/2configs/games.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 62e3f6d52..a3acb82bb 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -74,7 +74,6 @@ in { createHome = true; useDefaultShell = true; packages = with pkgs; [ - ftb minecraft steam-run dolphinEmu -- cgit v1.3.1 From da79d23ebbc0c3fb7c579b366f29fb3744948706 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 21 Jan 2019 10:32:15 +0100 Subject: krebs: move dns stuff to dedicated file --- krebs/3modules/default.nix | 26 ++++++++------------------ krebs/3modules/dns.nix | 12 ++++++++++++ lass/2configs/default.nix | 1 - makefu/2configs/default.nix | 1 - 4 files changed, 20 insertions(+), 20 deletions(-) create mode 100644 krebs/3modules/dns.nix (limited to 'lass/2configs') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 7b0f4ebf8..21d68ef3f 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -18,6 +18,7 @@ let ./charybdis.nix ./ci.nix ./current.nix + ./dns.nix ./exim.nix ./exim-retiolum.nix ./exim-smarthost.nix @@ -59,12 +60,6 @@ let api = { enable = mkEnableOption "krebs"; - dns = { - providers = mkOption { - type = with types; attrsOf str; - }; - }; - hosts = mkOption { type = with types; attrsOf host; default = {}; @@ -74,13 +69,6 @@ let type = with types; attrsOf user; }; - # XXX is there a better place to define search-domain? - # TODO search-domains :: listOf hostname - search-domain = mkOption { - type = types.hostname; - default = "r"; - }; - sitemap = mkOption { default = {}; type = types.attrsOf types.sitemap.entry; @@ -126,6 +114,8 @@ let w = "hosts"; }; + krebs.dns.search-domain = mkDefault "r"; + krebs.users = { krebs = { home = "/krebs"; @@ -147,7 +137,7 @@ let let aliases = longs ++ shorts; longs = filter check net.aliases; - shorts = let s = ".${cfg.search-domain}"; in + shorts = let s = ".${cfg.dns.search-domain}"; in map (removeSuffix s) (filter (hasSuffix s) longs); in optionals @@ -203,8 +193,8 @@ let let longs = net.aliases; shorts = - map (removeSuffix ".${cfg.search-domain}") - (filter (hasSuffix ".${cfg.search-domain}") + map (removeSuffix ".${cfg.dns.search-domain}") + (filter (hasSuffix ".${cfg.dns.search-domain}") longs); add-port = a: if net.ssh.port != 22 @@ -228,8 +218,8 @@ let (concatMap (host: attrValues host.nets) (mapAttrsToList (_: host: recursiveUpdate host - (optionalAttrs (hasAttr config.krebs.search-domain host.nets) { - nets."" = host.nets.${config.krebs.search-domain} // { + (optionalAttrs (hasAttr cfg.dns.search-domain host.nets) { + nets."" = host.nets.${cfg.dns.search-domain} // { aliases = [host.name]; addrs = []; }; diff --git a/krebs/3modules/dns.nix b/krebs/3modules/dns.nix new file mode 100644 index 000000000..b7e2a2cbb --- /dev/null +++ b/krebs/3modules/dns.nix @@ -0,0 +1,12 @@ +with import ; +{ + options = { + krebs.dns.providers = mkOption { + type = types.attrsOf types.str; + }; + + krebs.dns.search-domain = mkOption { + type = types.hostname; + }; + }; +} diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 62a42baf9..69e697a1d 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -72,7 +72,6 @@ with import ; krebs = { enable = true; - search-domain = "r"; build.user = config.krebs.users.lass; }; diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 61cba86d9..cbfb4da1c 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -36,7 +36,6 @@ with import ; enable = true; dns.providers.lan = "hosts"; - search-domain = "r"; build.user = config.krebs.users.makefu; }; -- cgit v1.3.1 From 6bb0dca62ff59ed006533ae68cba74d17c04dcc4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 22 Jan 2019 16:30:57 +0100 Subject: l: add tcpdump to pkgs --- lass/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 69e697a1d..d3676a9b9 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -115,6 +115,7 @@ with import ; #network iptables iftop + tcpdump #stuff for dl aria2 -- cgit v1.3.1 From bd6fb423e4aff7dd2f2fbefd8544961e420432d6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 22 Jan 2019 16:31:51 +0100 Subject: l mails: add more addresses --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index f487a9910..555295422 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -96,6 +96,7 @@ with import ; { from = "nordvpn@lassul.us"; to = lass.mail; } { from = "csv-direct@lassul.us"; to = lass.mail; } { from = "nintendo@lassul.us"; to = lass.mail; } + { from = "overleaf@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } -- cgit v1.3.1 From 39e9cf1aa6f20bb08c7e8d4d05dd2ed17113ca45 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 22 Jan 2019 16:32:18 +0100 Subject: l domsen: add UBIK-SFTP account --- lass/2configs/websites/domsen.nix | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 223fc73ba..10d3b56c2 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -155,6 +155,13 @@ in { ssl_key = "/var/lib/acme/lassul.us/key.pem"; }; + users.users.UBIK-SFTP = { + uid = genid_uint31 "UBIK-SFTP"; + home = "/home/UBIK-SFTP"; + useDefaultShell = true; + createHome = true; + }; + users.users.xanf = { uid = genid_uint31 "xanf"; home = "/home/xanf"; -- cgit v1.3.1 From e14abf9583a2605eb3fad186cfef1a5ec11beb7f Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 22 Jan 2019 16:32:48 +0100 Subject: l domsen: add backups --- lass/2configs/websites/domsen.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 10d3b56c2..7fb248139 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -234,5 +234,22 @@ in { createHome = true; }; + services.restic.backups.domsen = { + initialize = true; + extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr.duckdns.org -p 52222 -i ${toString + "/ssh.id_ed25519"} -s sftp'" ]; + repository = "sftp:efOVcMWSZ@wilhelmstr.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES"; + passwordFile = toString + "/domsen_backup_pw"; + paths = [ + "/srv/http" + "/home/domsen/Mail" + "/home/ms/Mail" + "/home/klabusterbeere/Mail" + "/home/jms/Mail" + "/home/bruno/Mail" + "/home/akayguen/Mail" + "/backups/sql_dumps" + ]; + }; + } -- cgit v1.3.1 From 7c160fd1fac105402c27925a46a84cec9c12ca1a Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 25 Jan 2019 14:26:50 +0100 Subject: blessings: 1.3.0 -> 2.1.0 --- krebs/5pkgs/haskell/blessings.nix | 4 ++-- krebs/5pkgs/haskell/much.nix | 29 +++++++++++++++++++++++++++++ krebs/5pkgs/haskell/reaktor2.nix | 6 +++--- krebs/5pkgs/simple/much/cabal.nix | 28 ---------------------------- krebs/5pkgs/simple/much/default.nix | 3 --- lass/2configs/mail.nix | 2 +- tv/2configs/mail-client.nix | 17 +++++++---------- 7 files changed, 42 insertions(+), 47 deletions(-) create mode 100644 krebs/5pkgs/haskell/much.nix delete mode 100644 krebs/5pkgs/simple/much/cabal.nix delete mode 100644 krebs/5pkgs/simple/much/default.nix (limited to 'lass/2configs') diff --git a/krebs/5pkgs/haskell/blessings.nix b/krebs/5pkgs/haskell/blessings.nix index 19f8da19d..97e4a717c 100644 --- a/krebs/5pkgs/haskell/blessings.nix +++ b/krebs/5pkgs/haskell/blessings.nix @@ -7,8 +7,8 @@ with import ; sha256 = "1k908zap3694fcxdk4bb29s54b0lhdh557y10ybjskfwnym7szn1"; }; "18.09" = { - version = "1.3.0"; - sha256 = "1y9jhh9pchrr48zgfib2jip97x1fkm7qb1gnfx477rmmryjs500h"; + version = "2.1.0"; + sha256 = "0wc8v48bb0bkvypc0j6imvnf8xc8572hykk9sgjhzf2w0ggqxv5d"; }; }.${versions.majorMinor nixpkgsVersion}; diff --git a/krebs/5pkgs/haskell/much.nix b/krebs/5pkgs/haskell/much.nix new file mode 100644 index 000000000..db168f8a1 --- /dev/null +++ b/krebs/5pkgs/haskell/much.nix @@ -0,0 +1,29 @@ +{ mkDerivation, aeson, attoparsec, base, base64-bytestring +, blaze-builder, blessings, bytestring, case-insensitive +, containers, deepseq, directory, docopt, email-header, fetchgit +, filepath, friendly-time, hyphenation, linebreak, old-locale +, process, random, rosezipper, safe, scanner, split, stdenv +, terminal-size, text, time, transformers, transformers-compat +, unix, vector +}: +mkDerivation { + pname = "much"; + version = "1.2.0"; + src = fetchgit { + url = "https://cgit.krebsco.de/much"; + sha256 = "0gfvppi8acylz0q7xh8dkm3dj676d4sc1m1gxwp663bkn4748873"; + rev = "8fc4fbb5bb7781626da8f63cd8df8bb0f554cfe7"; + fetchSubmodules = true; + }; + isLibrary = false; + isExecutable = true; + executableHaskellDepends = [ + aeson attoparsec base base64-bytestring blaze-builder blessings + bytestring case-insensitive containers deepseq directory docopt + email-header filepath friendly-time hyphenation linebreak + old-locale process random rosezipper safe scanner split + terminal-size text time transformers transformers-compat unix + vector + ]; + license = stdenv.lib.licenses.mit; +} diff --git a/krebs/5pkgs/haskell/reaktor2.nix b/krebs/5pkgs/haskell/reaktor2.nix index c0c7281a6..f0835428d 100644 --- a/krebs/5pkgs/haskell/reaktor2.nix +++ b/krebs/5pkgs/haskell/reaktor2.nix @@ -6,11 +6,11 @@ }: mkDerivation { pname = "reaktor2"; - version = "0.1.3"; + version = "0.1.4"; src = fetchgit { url = "https://cgit.krebsco.de/reaktor2"; - sha256 = "15qhycfja7psnd7v5hn4qb5wrs6bjx4qhny49nkhb7agj4vzwnwi"; - rev = "6c629a0cc422872abdfc40f9621ac0c4f6a420a8"; + sha256 = "1qfm3vb78r02ma8wdcfbwzmigj6skjl53nmp2z7czjcfjhm1zyq5"; + rev = "147f818a72f4561ed57131e0d181704b599d09f6"; fetchSubmodules = true; }; isLibrary = false; diff --git a/krebs/5pkgs/simple/much/cabal.nix b/krebs/5pkgs/simple/much/cabal.nix deleted file mode 100644 index 09bc7b5df..000000000 --- a/krebs/5pkgs/simple/much/cabal.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ mkDerivation, aeson, attoparsec, base, base64-bytestring -, blaze-builder, blessings, bytestring, case-insensitive -, containers, deepseq, directory, docopt, email-header, fetchgit -, filepath, friendly-time, hyphenation, linebreak, old-locale -, process, random, rosezipper, safe, scanner, split, stdenv -, terminal-size, text, time, transformers, transformers-compat -, unix, vector -}: -mkDerivation { - pname = "much"; - version = "1.1.0"; - src = fetchgit { - url = "http://cgit.ni.krebsco.de/much"; - sha256 = "1325554zymr1dd0clj8c5ygl70c791csvs0hz33jcfr6b8wysdrl"; - rev = "dfec37d848e11c00d9b7f03295af1fc7b0e83ef5"; - }; - isLibrary = false; - isExecutable = true; - executableHaskellDepends = [ - aeson attoparsec base base64-bytestring blaze-builder blessings - bytestring case-insensitive containers deepseq directory docopt - email-header filepath friendly-time hyphenation linebreak - old-locale process random rosezipper safe scanner split - terminal-size text time transformers transformers-compat unix - vector - ]; - license = stdenv.lib.licenses.mit; -} diff --git a/krebs/5pkgs/simple/much/default.nix b/krebs/5pkgs/simple/much/default.nix deleted file mode 100644 index cf55eb537..000000000 --- a/krebs/5pkgs/simple/much/default.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ haskellPackages, ... }: - -haskellPackages.callPackage ./cabal.nix {} diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 3c19fe061..52d380b7c 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -225,7 +225,7 @@ in { msmtp mutt pkgs.notmuch - pkgs.much + pkgs.haskellPackages.much tag-new-mails tag-old-mails ]; diff --git a/tv/2configs/mail-client.nix b/tv/2configs/mail-client.nix index 8b6f8bbcd..0caf5264a 100644 --- a/tv/2configs/mail-client.nix +++ b/tv/2configs/mail-client.nix @@ -1,13 +1,10 @@ -{ pkgs, ... }: - -with pkgs; -{ +{ pkgs, ... }: { environment.systemPackages = [ - much - msmtp - notmuch - pythonPackages.alot - qprint - w3m + pkgs.haskellPackages.much + pkgs.msmtp + pkgs.notmuch + pkgs.pythonPackages.alot + pkgs.qprint + pkgs.w3m ]; } -- cgit v1.3.1 From 0f1c14e647f8c8e4c90c9e5b099f5a470333e651 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Jan 2019 03:32:55 +0100 Subject: l: enable nscd with fix --- lass/2configs/default.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index d3676a9b9..2547e8bac 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -2,6 +2,7 @@ with import ; { config, pkgs, ... }: { imports = [ + ./binary-cache/client.nix ./gc.nix ./mc.nix @@ -81,9 +82,6 @@ with import ; services.timesyncd.enable = mkForce true; - #why is this on in the first place? - services.nscd.enable = false; - systemd.tmpfiles.rules = [ "d /tmp 1777 root root - -" ]; -- cgit v1.3.1 From 0830a0ccdcc60aea4aaaa79c01db66b88c0a65a0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Jan 2019 19:29:28 +0100 Subject: l reaktor-coders: Reaktor -> reaktor2 --- lass/2configs/reaktor-coders.nix | 194 ++++++++++++++++++++------------------- 1 file changed, 101 insertions(+), 93 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix index 7cdcdf20c..44d9d6866 100644 --- a/lass/2configs/reaktor-coders.nix +++ b/lass/2configs/reaktor-coders.nix @@ -1,99 +1,107 @@ { config, lib, pkgs, ... }: with import ; -{ - krebs.Reaktor.coders = { - nickname = "Reaktor|lass"; - channels = [ "#coders" "#germany" "#panthermoderns" ]; - extraEnviron = { - REAKTOR_HOST = "irc.hackint.org"; - }; - plugins = with pkgs.ReaktorPlugins; let - - lambdabot = (import (pkgs.fetchFromGitHub { - owner = "NixOS"; repo = "nixpkgs"; - rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac"; - sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy"; - }) {}).lambdabot; - - lambdabotflags = '' - -XStandaloneDeriving -XGADTs -XFlexibleContexts \ - -XFlexibleInstances -XMultiParamTypeClasses \ - -XOverloadedStrings -XFunctionalDependencies \''; - in [ - sed-plugin - url-title - (buildSimpleReaktorPlugin "lambdabot-pl" { - pattern = "^@pl (?P.*)$$"; - script = pkgs.writeDash "lambda-pl" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@pl $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-type" { - pattern = "^@type (?P.*)$$"; - script = pkgs.writeDash "lambda-type" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@type $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-let" { - pattern = "^@let (?P.*)$$"; - script = pkgs.writeDash "lambda-let" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@let $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-run" { - pattern = "^@run (?P.*)$$"; - script = pkgs.writeDash "lambda-run" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@run $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-kind" { - pattern = "^@kind (?P.*)$$"; - script = pkgs.writeDash "lambda-kind" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@kind $1" - ''; - }) - (buildSimpleReaktorPlugin "ping" { - pattern = "^!ping (?P.*)$$"; - script = pkgs.writeDash "ping" '' - exec /run/wrappers/bin/ping -q -c1 "$1" 2>&1 | tail -1 - ''; - }) - (buildSimpleReaktorPlugin "google" { - pattern = "^!g (?P.*)$$"; - script = pkgs.writeDash "google" '' - exec ${pkgs.ddgr}/bin/ddgr -C -n1 --json "$@" | \ - ${pkgs.jq}/bin/jq '@text "\(.[0].abstract) \(.[0].url)"' - ''; - }) - (buildSimpleReaktorPlugin "blockchain" { - pattern = ".*[Bb]lockchain.*$$"; - script = pkgs.writeDash "blockchain" '' - exec echo 'DID SOMEBODY SAY BLOCKCHAIN? https://paste.krebsco.de/r99pMoQq/+inline' - ''; - }) - (buildSimpleReaktorPlugin "shrug" { - pattern = "^!shrug$"; - script = pkgs.writeDash "shrug" '' - exec echo '¯\_(ツ)_/¯' - ''; - }) - (buildSimpleReaktorPlugin "flip" { - pattern = "^!flip$"; - script = pkgs.writeDash "shrug" '' - exec echo '(╯°□°)╯ ┻━┻' - ''; - }) +let + hooks = pkgs.reaktor2-plugins.hooks; +in { + krebs.reaktor2.coders = { + hostname = "irc.hackint.org"; + port = "9999"; + useTLS = true; + nick = "reaktor2|lass"; + plugins = [ + { + plugin = "register"; + config = { + channels = [ + "#coders" + "#germany" + "#panthermoderns" + ]; + }; + } + { + plugin = "system"; + config = { + workdir = config.krebs.reaktor2.coders.stateDir; + hooks.PRIVMSG = [ + hooks.sed + hooks.url-title + { + activate = "match"; + pattern = ''@([^ ]+) (.*)$''; + command = 1; + arguments = [2]; + commands = let + lambdabot = (import (pkgs.fetchFromGitHub { + owner = "NixOS"; repo = "nixpkgs"; + rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac"; + sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy"; + }) {}).lambdabot; + lambdabotWrapper = pkgs.writeDash "lambdabot.wrapper" '' + exec ${lambdabot}/bin/lambdabot \ + -XStandaloneDeriving -XGADTs -XFlexibleContexts \ + -XFlexibleInstances -XMultiParamTypeClasses \ + -XOverloadedStrings -XFunctionalDependencies \ + -e "$@" + ''; + in { + pl = { + env.HOME = config.krebs.reaktor2.coders.stateDir; + filename = pkgs.writeDash "lambdabot-pl" '' + ${lambdabotWrapper} "@pl $1" + ''; + }; + type = { + env.HOME = config.krebs.reaktor2.coders.stateDir; + filename = pkgs.writeDash "lambdabot-type" '' + ${lambdabotWrapper} "@type $1" + ''; + }; + "let" = { + env.HOME = config.krebs.reaktor2.coders.stateDir; + filename = pkgs.writeDash "lambdabot-let" '' + ${lambdabotWrapper} "@let $1" + ''; + }; + run = { + env.HOME = config.krebs.reaktor2.coders.stateDir; + filename = pkgs.writeDash "lambdabot-run" '' + ${lambdabotWrapper} "@run $1" + ''; + }; + kind = { + env.HOME = config.krebs.reaktor2.coders.stateDir; + filename = pkgs.writeDash "lambdabot-kind" '' + ${lambdabotWrapper} "@kind $1" + ''; + }; + }; + } + { + activate = "match"; + pattern = ''!([^ ]+)(?:\s*(.*))?''; + command = 1; + arguments = [2]; + commands = { + ping.filename = pkgs.writeDash "ping" '' + exec /run/wrappers/bin/ping -q -c1 "$1" 2>&1 | tail -1 + ''; + google.filename = pkgs.writeDash "google" '' + exec ${pkgs.ddgr}/bin/ddgr -C -n1 --json "$@" | \ + ${pkgs.jq}/bin/jq '@text "\(.[0].abstract) \(.[0].url)"' + ''; + shrug.filename = pkgs.writeDash "shrug" '' + exec echo '¯\_(ツ)_/¯' + ''; + table.filename = pkgs.writeDash "table" '' + exec echo '(╯°□°)╯ ┻━┻' + ''; + }; + } + ]; + }; + } ]; }; } -- cgit v1.3.1 From 4fd18dc654137de5a87c95a163efb9126ac07bf7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Jan 2019 19:32:04 +0100 Subject: l baseX: use correct urxvt packagename --- lass/2configs/baseX.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index b8a0a9f2a..1d2d1173d 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -74,7 +74,7 @@ in { nmap pavucontrol powertop - rxvt_unicode_with-plugins + rxvt_unicode-with-plugins sxiv taskwarrior termite -- cgit v1.3.1 From 33add1d75631ae2bd1c7711c43ab195f6c237fbe Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 28 Jan 2019 23:02:48 +0100 Subject: l mors.r: hardening --- lass/1systems/mors/config.nix | 1 + lass/2configs/hardening.nix | 11 +++++++++++ 2 files changed, 12 insertions(+) create mode 100644 lass/2configs/hardening.nix (limited to 'lass/2configs') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index b6565dc6a..f35ebff56 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -36,6 +36,7 @@ with import ; + { krebs.iptables.tables.filter.INPUT.rules = [ #risk of rain diff --git a/lass/2configs/hardening.nix b/lass/2configs/hardening.nix new file mode 100644 index 000000000..aee4bf06f --- /dev/null +++ b/lass/2configs/hardening.nix @@ -0,0 +1,11 @@ +{ pkgs, lib, ... }: +with lib; +{ + security.chromiumSuidSandbox.enable = true; + security.lockKernelModules = false; + boot.kernel.sysctl."user.max_user_namespaces" = 63414; + + imports = [ + + ]; +} -- cgit v1.3.1 From 10640237682d973012d79d6f6b1ab8de3667bb4d Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 28 Jan 2019 23:06:30 +0100 Subject: l radio: Reaktor -> reaktor2 --- lass/2configs/radio.nix | 61 ++++++++++++++++++++++++++++++------------------- 1 file changed, 37 insertions(+), 24 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 987632cd1..f88b2627b 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -170,32 +170,45 @@ in { }; }; - krebs.Reaktor.playlist = { - nickname = "the_playlist|r"; - channels = [ - "#the_playlist" - "#krebs" - ]; - extraEnviron = { - REAKTOR_HOST = "irc.freenode.org"; - }; - plugins = with pkgs.ReaktorPlugins; [ - (buildSimpleReaktorPlugin "skip" { - script = "${skip_track}/bin/skip_track"; - pattern = "^skip$"; - }) - (buildSimpleReaktorPlugin "current" { - script = "${print_current}/bin/print_current"; - pattern = "^current$"; - }) - (buildSimpleReaktorPlugin "suggest" { - script = "${pkgs.writeDash "suggest" '' - echo "$@" >> $HOME/playlist_suggest - ''}"; - pattern = "^suggest: (?P.*)$"; - }) + krebs.reaktor2.the_playlist = { + hostname = "irc.freenode.org"; + port = "6697"; + useTLS = true; + nick = "the_playlist"; + plugins = [ + { + plugin = "register"; + config = { + channels = [ + "#the_playlist" + "#krebs" + ]; + }; + } + { + plugin = "system"; + config = { + workdir = config.krebs.reaktor2.the_playlist.stateDir; + hooks.PRIVMSG = [ + { + activate = "match"; + pattern = ''!([^ ]+)(?:\s*(.*))?''; + command = 1; + arguments = [2]; + commands = { + skip.filename = "${skip_track}/bin/skip_track"; + current.filename = "${print_current}/bin/print_current"; + suggest.filename = pkgs.writeDash "suggest" '' + echo "$@" >> playlist_suggest + ''; + }; + } + ]; + }; + } ]; }; + services.nginx = { enable = true; virtualHosts."radio.lassul.us" = { -- cgit v1.3.1 From 32895b53c6291210bd52cacae7c6d5cb639e594e Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 28 Jan 2019 23:07:23 +0100 Subject: l reaktor-coders: set env in hook --- lass/2configs/reaktor-coders.nix | 46 ++++++++++++++-------------------------- 1 file changed, 16 insertions(+), 30 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix index 44d9d6866..4baec1976 100644 --- a/lass/2configs/reaktor-coders.nix +++ b/lass/2configs/reaktor-coders.nix @@ -32,6 +32,7 @@ in { pattern = ''@([^ ]+) (.*)$''; command = 1; arguments = [2]; + env.HOME = config.krebs.reaktor2.coders.stateDir; commands = let lambdabot = (import (pkgs.fetchFromGitHub { owner = "NixOS"; repo = "nixpkgs"; @@ -46,36 +47,21 @@ in { -e "$@" ''; in { - pl = { - env.HOME = config.krebs.reaktor2.coders.stateDir; - filename = pkgs.writeDash "lambdabot-pl" '' - ${lambdabotWrapper} "@pl $1" - ''; - }; - type = { - env.HOME = config.krebs.reaktor2.coders.stateDir; - filename = pkgs.writeDash "lambdabot-type" '' - ${lambdabotWrapper} "@type $1" - ''; - }; - "let" = { - env.HOME = config.krebs.reaktor2.coders.stateDir; - filename = pkgs.writeDash "lambdabot-let" '' - ${lambdabotWrapper} "@let $1" - ''; - }; - run = { - env.HOME = config.krebs.reaktor2.coders.stateDir; - filename = pkgs.writeDash "lambdabot-run" '' - ${lambdabotWrapper} "@run $1" - ''; - }; - kind = { - env.HOME = config.krebs.reaktor2.coders.stateDir; - filename = pkgs.writeDash "lambdabot-kind" '' - ${lambdabotWrapper} "@kind $1" - ''; - }; + pl.filename = pkgs.writeDash "lambdabot-pl" '' + ${lambdabotWrapper} "@pl $1" + ''; + type.filename = pkgs.writeDash "lambdabot-type" '' + ${lambdabotWrapper} "@type $1" + ''; + "let".filename = pkgs.writeDash "lambdabot-let" '' + ${lambdabotWrapper} "@let $1" + ''; + run.filename = pkgs.writeDash "lambdabot-run" '' + ${lambdabotWrapper} "@run $1" + ''; + kind.filename = pkgs.writeDash "lambdabot-kind" '' + ${lambdabotWrapper} "@kind $1" + ''; }; } { -- cgit v1.3.1