diff options
| author | lassulus <lassulus@lassul.us> | 2017-10-01 17:54:06 +0200 |
|---|---|---|
| committer | lassulus <lassulus@lassul.us> | 2017-10-01 17:54:06 +0200 |
| commit | d7f65ea679866f24e4ca52b51bd6f068a6b38195 (patch) | |
| tree | 6a09e7cc2a4c9af0507bdc189652c78832a2f952 /krebs | |
| parent | d973c779eb71749af464edb1ed0216b0d5317eb2 (diff) | |
| parent | e62f376e6177f3efb0e0bcd3aad97a991c3b6d60 (diff) | |
Merge branch 'master' into staging/17.09
Diffstat (limited to 'krebs')
| -rw-r--r-- | krebs/1systems/hotdog/config.nix | 1 | ||||
| -rw-r--r-- | krebs/1systems/puyak/config.nix | 10 | ||||
| -rw-r--r-- | krebs/1systems/wolf/config.nix | 57 | ||||
| -rw-r--r-- | krebs/2configs/binary-cache/prism.nix | 1 | ||||
| -rw-r--r-- | krebs/2configs/hw/x220.nix | 2 | ||||
| -rw-r--r-- | krebs/2configs/repo-sync.nix | 4 | ||||
| -rw-r--r-- | krebs/2configs/shack/muell_caller.nix | 4 | ||||
| -rw-r--r-- | krebs/3modules/announce-activation.nix | 4 | ||||
| -rw-r--r-- | krebs/3modules/ci.nix | 4 | ||||
| -rw-r--r-- | krebs/3modules/default.nix | 1 | ||||
| -rw-r--r-- | krebs/3modules/iana-etc.nix | 55 | ||||
| -rw-r--r-- | krebs/3modules/krebs/default.nix | 1 | ||||
| -rw-r--r-- | krebs/3modules/lass/default.nix | 135 | ||||
| -rw-r--r-- | krebs/3modules/makefu/default.nix | 58 | ||||
| -rw-r--r-- | krebs/3modules/tv/default.nix | 46 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/git-preview.nix | 17 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/git-preview/default.nix | 15 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/weechat/default.nix | 80 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/withGetopt.nix | 118 |
19 files changed, 476 insertions, 137 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 2ad22f49..7f49f948 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -12,6 +12,7 @@ <stockholm/krebs/2configs/buildbot-all.nix> <stockholm/krebs/2configs/gitlab-runner-shackspace.nix> <stockholm/krebs/2configs/binary-cache/nixos.nix> + <stockholm/krebs/2configs/ircd.nix> ]; krebs.build.host = config.krebs.hosts.hotdog; diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 978bd18e..d2664ef8 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -27,6 +27,11 @@ initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ]; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + + kernelModules = [ "kvm-intel" ]; + extraModprobeConfig = '' + options thinkpad_acpi fan_control=1 + ''; }; fileSystems = { @@ -65,7 +70,10 @@ ''; environment.systemPackages = [ pkgs.zsh ]; - boot.kernelModules = [ "kvm-intel" ]; + + system.activationScripts."disengage fancontrol" = '' + echo level disengaged > /proc/acpi/ibm/fan + ''; users.users.joerg = { openssh.authorizedKeys.keys = [ config.krebs.users.Mic92.pubkey ]; isNormalUser = true; diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 91aabb71..21ae20ea 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -1,6 +1,7 @@ { config, pkgs, ... }: let shack-ip = config.krebs.build.host.nets.shack.ip4.addr; + influx-host = "127.0.0.1"; in { imports = [ @@ -23,6 +24,58 @@ in <stockholm/krebs/2configs/shack/muell_caller.nix> <stockholm/krebs/2configs/shack/radioactive.nix> <stockholm/krebs/2configs/shack/share.nix> + { + systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate + #systemd.services.telegraf.environment = { + # "MIBDIRS" : ""; # extra mibs like ADSL + #}; + services.telegraf = { + enable = true; + extraConfig = { + inputs = { + snmp = { + agents = [ "10.0.1.3:161" ]; + version = 2; + community = "shack"; + name = "snmp"; + field = [ + { + name = "hostname"; + oid = "RFC1213-MIB::sysName.0"; + is_tag = true; + } + { + name = "load-percent"; #cisco + oid = ".1.3.6.1.4.1.9.9.109.1.1.1.1.4.9"; + } + { + name = "uptime"; + oid = "DISMAN-EVENT-MIB::sysUpTimeInstance"; + } + ]; + table = [{ + name = "snmp"; + inherit_tags = [ "hostname" ]; + oid = "IF-MIB::ifXTable"; + field = [{ + name = "ifName"; + oid = "IF-MIB::ifName"; + is_tag = true; + }]; + }]; + }; + }; + outputs = { + influxdb = { + urls = [ "http://${influx-host}:8086" ]; + database = "telegraf"; + write_consistency = "any"; + timeout = "5s"; + }; + }; + }; + }; + } ]; # use your own binary cache, fallback use cache.nixos.org (which is used by @@ -86,6 +139,9 @@ in boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/vda"; + # without it `/nix/store` is not added grub paths + boot.loader.grub.copyKernels = true; + fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; }; swapDevices = [ @@ -100,6 +156,7 @@ in users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users.ulrich.pubkey config.krebs.users.makefu-omo.pubkey + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup ]; time.timeZone = "Europe/Berlin"; diff --git a/krebs/2configs/binary-cache/prism.nix b/krebs/2configs/binary-cache/prism.nix index 4813eeb0..46b386e1 100644 --- a/krebs/2configs/binary-cache/prism.nix +++ b/krebs/2configs/binary-cache/prism.nix @@ -7,6 +7,7 @@ ]; binaryCachePublicKeys = [ "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" + "cache.prism-2:YwmCm3/s/D+SxrPKN/ETjlpw/219pNUbpnluatp6FKI=" ]; }; } diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix index c85bac0d..44743b87 100644 --- a/krebs/2configs/hw/x220.nix +++ b/krebs/2configs/hw/x220.nix @@ -8,6 +8,8 @@ with import <stockholm/lib>; hardware.cpu.intel.updateMicrocode = true; + hardware.opengl.enable = true; + services.tlp.enable = true; boot = { diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix index b0b0b2f6..84b7d9c0 100644 --- a/krebs/2configs/repo-sync.nix +++ b/krebs/2configs/repo-sync.nix @@ -15,8 +15,8 @@ let post-receive = pkgs.git-hooks.irc-announce { nick = config.networking.hostName; verbose = false; - channel = "#retiolum"; - server = "ni.r"; + channel = "#xxx"; + server = "irc.r"; branches = [ "master" ]; }; }); diff --git a/krebs/2configs/shack/muell_caller.nix b/krebs/2configs/shack/muell_caller.nix index a39d0cc0..19768cb2 100644 --- a/krebs/2configs/shack/muell_caller.nix +++ b/krebs/2configs/shack/muell_caller.nix @@ -6,8 +6,8 @@ let name = "muell_caller-2017-06-01"; src = pkgs.fetchgit { url = "https://github.com/shackspace/muell_caller/"; - rev = "bbd4009"; - sha256 = "1bfnfl2vdh0p5wzyz5p48qh04vvsg2445avg86fzhzragx25fqv0"; + rev = "ee4e499"; + sha256 = "0q1v07q633sbqg4wkgf0zya2bnqrikpyjhzp05iwn2vcs8rvsi3k"; }; buildInputs = [ (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ diff --git a/krebs/3modules/announce-activation.nix b/krebs/3modules/announce-activation.nix index 5a3a788c..8f8440eb 100644 --- a/krebs/3modules/announce-activation.nix +++ b/krebs/3modules/announce-activation.nix @@ -35,7 +35,7 @@ in { irc = { # TODO rename channel to target? channel = mkOption { - default = "#retiolum"; + default = "#xxx"; type = types.str; # TODO types.irc-channel }; nick = mkOption { @@ -47,7 +47,7 @@ in { type = types.int; }; server = mkOption { - default = "ni.r"; + default = "irc.r"; type = types.hostname; }; }; diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index dab87792..adbc1ebe 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -133,8 +133,8 @@ in irc = { enable = true; nick = "build|${hostname}"; - server = "ni.r"; - channels = [ "retiolum" "noise" ]; + server = "irc.r"; + channels = [ "xxx" "noise" ]; allowForce = true; }; extraConfig = '' diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 42df3f05..48cf7971 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -24,6 +24,7 @@ let ./go.nix ./hidden-ssh.nix ./htgen.nix + ./iana-etc.nix ./iptables.nix ./kapacitor.nix ./monit.nix diff --git a/krebs/3modules/iana-etc.nix b/krebs/3modules/iana-etc.nix new file mode 100644 index 00000000..f6d47f27 --- /dev/null +++ b/krebs/3modules/iana-etc.nix @@ -0,0 +1,55 @@ +with import <stockholm/lib>; +{ config, pkgs, ... }: { + + options.krebs.iana-etc.services = mkOption { + default = {}; + type = types.attrsOf (types.submodule ({ config, ... }: { + options = { + port = mkOption { + default = config._module.args.name; + type = types.addCheck types.str (test "[1-9][0-9]*"); + }; + } // genAttrs ["tcp" "udp"] (protocol: mkOption { + default = null; + type = types.nullOr (types.submodule { + options = { + name = mkOption { + type = types.str; + }; + }; + }); + }); + })); + }; + + config.environment.etc = mkIf (config.krebs.iana-etc.services != {}) { + services.source = mkForce (pkgs.runCommand "krebs-iana-etc" {} '' + exec < ${pkgs.iana_etc}/etc/services + exec > $out + awk -F '[ /]+' ' + BEGIN { + port=0 + } + ${concatMapStringsSep "\n" (entry: '' + $2 == ${entry.port} { + port=$2 + next + } + port == ${entry.port} { + ${concatMapStringsSep "\n" + (proto: let + s = "${entry.${proto}.name} ${entry.port}/${proto}"; + in + "print ${toJSON s}") + (filter (proto: entry.${proto} != null) ["tcp" "udp"])} + port=0 + } + '') (attrValues config.krebs.iana-etc.services)} + { + print $0 + } + ' + ''); + }; + +} diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 2fe3e511..1e626f0a 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -74,6 +74,7 @@ in { "build.r" "build.hotdog.r" "cgit.hotdog.r" + "irc.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index ce19c0a0..364c02d1 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -83,7 +83,7 @@ with import <stockholm/lib>; }; nets = rec { internet = { - ip4.addr = "213.239.205.240"; + ip4.addr = "46.4.114.247"; aliases = [ "prism.i" "paste.i" @@ -103,6 +103,47 @@ with import <stockholm/lib>; ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEAtpI0+jz2deUiH18T/+JcRshQi7lq8zlRvaXpvyuxJlYCz+o5cLje + fxrKn67JbDb0cTAiDkI88alHBd8xeq2I6+CY90NT6PNVfsQBFx2v5YXafELXJWlo + rBvPFrR7nt1VzmG/hzkY8RwgC8hC6jRn7cvWWPCkvm2ZnNtYqAjiYMcUcWv6Vn9Z + ytPgkebDF9KpD8bL4vQu9iPZGNZpwncCw/Ix66oyTM6e24j/fTYgp7xn28wVUzUB + wWDH0uMQOxyBGFutEvAQ48XZ+QQxZv+2ZGqWJ+MeXreUPNP5wTxFCQOrkR1EXNio + /jgdHXtU5wVvqPwziukwwnfGJYUUHw7mjdo6ps5rch/aDxs0lahNc2TMbhr3rqgA + BkXVfwDTt8W/PB6Z0Y/djXOlUmQKO39OgZuhsYzqM4Uj17up7CDY77SiQYrV901C + 9CR5oFsAvV+WIMFUBc7ZZGPotJ9nZ2yyLQh+fT3sXuqFpGlyaI2SAm2edZUXKWQ5 + Q6AIyQRPkTNRCDuvXxIMdmOE++tBnyCI/Psn/Qet5gFcSsUMPhto8Yaka4SgJfyu + 3iIojFUzskowLWt6dBOGm5brI/OaKz0gyw5K3Hb4T7Jz+EwoeJfhbdZYA6NIY+qH + TGGl+47ffT+8e+1hvcAnO+bN5Br8WPN3+VD4FQD5yTb6pCFdZuL3QEyoKc9eugDb + g/+rFOsI8bfVeH5zZrl6B6XJBLGeKEECf3zwE2JObO3IuwxATSkahx1jAEy+hFyZ + kPwooGj03tkgVGc2AxgdHbfmNUbSVkO+m+ouBojikSrnFNKRTS/wZ69RVg3tl4qg + 7F4Vs/aMQ9bSWycvRBZQXITPQ1Y6mCEUj2mSKVHmgy/5rqwz2va/Yc1zhUptcINo + 7ztGiEzFMPGagkTs/Ntuqh2VbC/MwTao0BKl+gyCNwrACnNW87X4og2gtG3ukduz + cnSupO84hdTrclthsSEH/rLUauBsuIch58S/F7KCz9hwK45+Btky7Kz4mf/pE451 + k88QfDHw/cTSzlESPnEnthrRnhxn0fW7FRwJpieKm2AmyEEjSiiYt8mUdD3teKj0 + dgYrcGQkCnhmKDawgcw46wstBG/sAKT8qnZPRmlzKpcCS186ffuobQvj42LSmuMu + ToANi5pw2yEfzwLxNG/3whozB9rqwbqV/YAR/mthMxD0IXpLDKXlV1IeD7MfpV8i + jx6SghnkX/s2F7UTOlwJYe/Gl1biLRB8EPnOZKadHR0BRWFd+Qz6pJDp0B13jT3/ + AEPNGXLwVjmdhy2TVec3OGL/CukPEdiW1Urw5lfOc9dacTXjTNTXzod7Ub6s7ZOE + T7Y4dsVeW4OM7NmE/riqS3cG9obGWO7gIQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; + }; + archprism = rec { + cores = 4; + nets = rec { + retiolum = { + via = internet; + ip4.addr = "10.243.0.104"; + ip6.addr = "42::fa17"; + aliases = [ + "archprism.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAvzhoBsxUaEwm7ctiw3xvLFP2RoVaiHnF+Sm4J8E4DOerPToXxlyl kxvMPaRnhtiO6MK0Vv2+VswKIeRkMm5YuD5MG7wni4vUKcRx9cCgKji/s0vGqLhl JKK9i23q7epvQ32Is/e3P+fQ5KM50EO+TWACNaroCNoyJvZ/G8BWXw6WnIOsuX0I @@ -112,6 +153,13 @@ with import <stockholm/lib>; -----END RSA PUBLIC KEY----- ''; }; + internet = { + ip4.addr = "213.239.205.240"; + aliases = [ + "archprism.i" + ]; + ssh.port = 45621; + }; }; ssh.privkey.path = <secrets/ssh.id_rsa>; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q=="; @@ -381,6 +429,85 @@ with import <stockholm/lib>; }; }; }; + eddie = { + ci = false; + external = true; + nets = { + retiolum = { + ip4.addr = "10.243.29.170"; + ip6.addr = "42:4992:6a6d:700::1"; + aliases = [ "eddie.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAuRQphRlSIC/aqRTfvStPdJOJCx1ACeFIDEjRdgoxuu32qoBl7i6d + j7Voh+Msditf2a5+f0fVsNDaPnjPGfk0NkZBjmn+RZQDRXk0krpTNj2Vb6W5quTm + 3yrjJMFJR9CU5khfppc47X+ir8bjn7RusWTFNEuDvUswHmRmnJHLS3Y+utOaRbCF + 2hxpyxCn423gpsaBfORPEK8X90nPbuNpFDugWPnC+R45TpNmIf4qyKvfhd9OKrua + KNanGHG30xhBW/DclUwwWi8D44d94xFnIRVcG1O+Uto93WoUWZn90lI1qywSj5Aq + iWstBK4tc7VwvAj0UzPlaRYYPfFjOEkPQzj8xC6l/leJcgxkup252uo6m1njMx3t + 6QWMgevjqosY22OZReZfIwb14aDWFKLTWs30J+zmWK4TjlRITdsOEKxlpODMbJAD + kfSoPwuwkWIzFhNOrFiD/NtKaRYmV8bTBCT3a9cvvObshJx13BP+IUFzBS1N1n/u + hJWYH5WFsQZn/8rHDwZGkS1zKPEaNoydjqCZNyJpJ5nhggyl6gpuD7wpXM/8tFay + pAjRP40+qRQLUWXmswV0hsZTOX1tvZs4f68y3WJ+GwCWw9HvvwmzYes5ayJrPsbJ + lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + borg = { + ci = false; + external = true; + nets = { + retiolum = { + ip4.addr = "10.243.29.171"; + ip6.addr = "42:4992:6a6d:700::2"; + aliases = [ "borg.r" ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0bHZApTM7Hl4qqNakSwq + bt7zJoTVK9ePoC3Mue1VmJ1mCKMaxKdzlO31kPeHtkilAzgyIJdgikyKFlApGsQL + aIuU9h55X7TbikoDD6ghbSrAe3Pgc+sJ3OZ7wO7Qb8CKgJvEbkk/u68YiJgyTjYD + HNjIQzlsGdpoSke9vwC8qWanfgN7c2MMGtakqfXDjYjCgp7O43i+SMupkMSXIXMA + 5XUFh/vVp6xgPxBofcw0uQIyZ5v4PPFjnGPm4rnMbFzbhubntHjDadwGd5Niyw4O + zNNKNchTLfNiuNGqTZeYd0kJ5fNMKykhpSs+ou34MvexvpuyPlFuotnPXN/nOMml + 3nwiqzthzPuBZRLswxT0WvlA8wlbeTOKJ0wTIR4dDuAF+euDtoNocVEN5PJNc7yN + fmwAV6geESoJbZQMSCtAp1NioaBlRPp1pFfoM/GotHywuFrTIxyoIBiYhkpWyQvq + WYw5j13IKqkL7jDchhoBmcardmh+AP5bL3uQ84BgaYNwFzHp04qIRrrdpF0eMaHB + /8zaqsNLn4/zQJB5ffkelwoIqfvLPQeCMLzHGHgP5xUnWgmZZGiiDLvhuaMeNq4U + EpCKoTL178sPOgNfHfd8mEqx0qKYuPrNQEdlpa5xOZqwx56pfYpGWY+KtF2FHLhS + iO64GCJqCi1MKBYx/NhaxKMCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; + inspector = { + ci = false; + external = true; + nets = { + retiolum = { + ip4.addr = "10.243.29.172"; + ip6.addr = "42:4992:6a6d:800::1"; + aliases = [ "inspector.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG + EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ + 7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF + m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw + WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd + eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03 + OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau + ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x + B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG + q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj + 7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; }; users = { lass = { @@ -408,10 +535,14 @@ with import <stockholm/lib>; fritz = { pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540"; }; - prism-repo-sync = { + archprism-repo-sync = { pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINR9oL/OPHjjKjQ+IyRqWpgrXdZrKKAwFKIte8gYml6C"; mail = "lass@prism.r"; }; + prism-repo-sync = { + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhpCKTnSq6VDJPB+0NiHu2ZxSKEIxHN6uPAPnbXYNCe"; + mail = "lass@prism.r"; + }; mors-repo-sync = { pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h"; mail = "lass@mors.r"; diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 6e0e876b..d8093568 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -4,6 +4,31 @@ with import <stockholm/lib>; { hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) { + cake = rec { + cores = 1; + ci = false; + nets = { + retiolum = { + ip4.addr = "10.243.136.236"; + ip6.addr = "42:b3b2:9552:eef0:ee67:f3b3:8d33:eee1"; + aliases = [ + "cake.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA0khdelSrOV/ZI9vvbV5aT1wVn2IfUfIdDCQIOnF2mZsrnIcuaedu + jRfZnJST1vOfL7JksF1+8pYwSn34CjJCGhyFf25lc6mARXmZe/araNrVpTntCy2+ + MqG8KZe4mIda/WPTXRYGtFVQZeClM5SCZ7EECtw8sEkwt2QtOv43p/hiMXAkOQsq + 6xc9/b4Bry7d+IjJs3waKfFQllF+C+GuK8yF0YnCEb6GZw7xkxHIO1QV4KSQ4CH7 + 36kEAdCSQ5rgaygRanUlUl+duQn1MLQ+lRlerAEcFfKrr3MKNz2jmGth8iUURdyP + MHjSWe+RkLQ6zzBaVgoKKuI9MbIbhenJWwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = <secrets/ssh_host_ed25519_key>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGyJlI0YpIh/LiiPMseD2IBHg+uVGrkSy0MPNeD+Jv8Y cake"; + }; drop = rec { ci = true; cores = 1; @@ -78,6 +103,37 @@ with import <stockholm/lib>; }; }; }; + latte = rec { + ci = true; + cores = 1; + ssh.privkey.path = <secrets/ssh_host_ed25519_key>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte"; + nets = { + internet = { + ip4.addr = "185.215.224.160"; + aliases = [ + "latte.i" + ]; + }; + retiolum = { + ip4.addr = "10.243.80.249"; + ip6.addr = "42:ecb0:376:b37d:cf47:1ecf:f32b:a3b9"; + aliases = [ + "latte.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAx70gmNoP4RYeF3ShddEMsbNad9L5ezegwxJTZA7XTfF+/cwr/QwU + 5BL0QXTwBnKzS0gun5NXmhwPzvOdvfczAxtJLk8/NjVHFeE39CiTHGgIxkZFgnbo + r2Rj6jJb89ZPaTr+hl0+0WQQVpl9NI7MTCUimvFBaD6IPmBh5wTySu6mYBs0mqmf + 43RrvS42ieqQJAvVPkIzxxJeTS/M3NXmjbJ3bdx/2Yzd7INdfPkMhOONHcQhTKS4 + GSXJRTytLYZEah8lp8F4ONggN6ixlhlcQAotToFP4s8c+KqYfIZrtP+pRj7W72Y6 + vhnobLDJwBbAsW1RQ6FHcw10TrP2H+haewIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; pnp = { ci = true; @@ -460,6 +516,8 @@ with import <stockholm/lib>; ''; }; }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr"; }; gum = rec { diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 79fa27ba..e80becfa 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -32,52 +32,6 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_rsa>; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q=="; }; - cd = { - ci = true; - cores = 2; - extraZones = { - # TODO generate krebsco.de zone from nets and don't use extraZones at all - "krebsco.de" = '' - cd 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr} - ''; - }; - nets = { - internet = { - ip4.addr = "45.62.237.203"; - aliases = [ - "cd.i" - "cd.krebsco.de" - ]; - ssh.port = 11423; - }; - retiolum = { - via = config.krebs.hosts.cd.nets.internet; - ip4.addr = "10.243.113.222"; - ip6.addr = "42:4522:25f8:36bb:8ccb:150:231a:2af3"; - aliases = [ - "cd.r" - "cgit.cd.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAvmCBVNKT/Su4v9nl/Nm3STPo5QxWPg7xEkzIs3Oh39BS8+r6/7UQ - rebib7mczb+ebZd+Rg2yFoGrWO8cmM0VcLy5bYRMK7in8XroLEjWecNNM4TRfNR4 - e53+LhcPdkxo0A3/D+yiut+A2Mkqe+4VXDm/JhAiAYkZTn7jUtj00Atrc7CWW1gN - sP3jIgv4+CGftdSYOB4dm699B7OD9XDLci2kOaFqFl4cjDYUok03G0AduUlRx10v - CKbKOTIdm8C36A902/3ms+Hyzkruu+VagGIZuPSwqXHJPCu7Ju+jarKQstMmpQi0 - PubweWDL0o/Dfz2qT3DuL4xDecIvGE6kv3m41hHJYiK+2/azTSehyPFbsVbL7w0V - LgKN3usnZNcpTsBWxRGT7nMFSnX2FLDu7d9OfCuaXYxHVFLZaNrpccOq8NF/7Hbk - DDW81W7CvLyJDlp0WLnAawSOGTUTPoYv/2wAapJ89i8QGCueGvEc6o2EcnBVMFEW - ejWTQzyD816f4RsplnrRqLVlIMbr9Q/n5TvlgjjhX7IMEfMy4+7qLGRQkNbFzgwK - jxNG2fFSCjOEQitm0gAtx7QRIyvYr6c7/xiHz4AwxYzBmvQsL/OK57NO4+Krwgj5 - Vk8TQ2jGO7J4bB38zaxK+Lrtfl8i1AK1171JqFMhOc34JSJ7T4LWDMECAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOd/HqZIO9Trn3eycl23GZAz21HQCISaVNfNyaLSQvJ6"; - }; ju = { external = true; nets = { diff --git a/krebs/5pkgs/simple/git-preview.nix b/krebs/5pkgs/simple/git-preview.nix new file mode 100644 index 00000000..d6c9579a --- /dev/null +++ b/krebs/5pkgs/simple/git-preview.nix @@ -0,0 +1,17 @@ +{ coreutils, git, writeDashBin }: + +writeDashBin "git-preview" '' + set -efu + head_commit=$(${git}/bin/git log -1 --format=%H) + merge_commit=$1; shift + merge_message='Merge for git-preview' + preview_dir=$(${coreutils}/bin/mktemp --tmpdir -d git-preview.XXXXXXXX) + preview_branch=$(${coreutils}/bin/basename "$preview_dir") + ${git}/bin/git worktree add -b "$preview_branch" "$preview_dir" >/dev/null + ${git}/bin/git -C "$preview_dir" checkout "$head_commit" + ${git}/bin/git -C "$preview_dir" merge -m "$merge_message" "$merge_commit" + ${git}/bin/git -C "$preview_dir" diff "$head_commit.." "$@" & + ${git}/bin/git branch -fd "$preview_branch" + ${coreutils}/bin/rm -fR "$preview_dir" + wait +'' diff --git a/krebs/5pkgs/simple/git-preview/default.nix b/krebs/5pkgs/simple/git-preview/default.nix new file mode 100644 index 00000000..f20f2a63 --- /dev/null +++ b/krebs/5pkgs/simple/git-preview/default.nix @@ -0,0 +1,15 @@ +{ coreutils, git, stdenv, writeDashBin }: + +writeDashBin "git-preview" '' + PATH=${stdenv.lib.makeBinPath [ + coreutils + git + ]}''${PATH+:$PATH} + hashes=$(git log --format=%h "..$1") + end=$(echo "$hashes" | head -1) + start=$(echo "$hashes" | tail -1) + # exit if no diff was found + test -z "$start" && exit 0 + shift + git diff "$start^..$end" "$@" +'' diff --git a/krebs/5pkgs/simple/weechat/default.nix b/krebs/5pkgs/simple/weechat/default.nix deleted file mode 100644 index c703ca8b..00000000 --- a/krebs/5pkgs/simple/weechat/default.nix +++ /dev/null @@ -1,80 +0,0 @@ -{ stdenv, fetchurl, ncurses, openssl, aspell, gnutls -, zlib, curl , pkgconfig, libgcrypt -, cmake, makeWrapper, libiconv -, asciidoctor # manpages -, guileSupport ? true, guile -, luaSupport ? true, lua5 -, perlSupport ? true, perl -, pythonPackages -, rubySupport ? true, ruby -, tclSupport ? true, tcl -, extraBuildInputs ? [] }: - -assert guileSupport -> guile != null; -assert luaSupport -> lua5 != null; -assert perlSupport -> perl != null; -assert rubySupport -> ruby != null; -assert tclSupport -> tcl != null; - -let - inherit (pythonPackages) python pycrypto pync; -in - -stdenv.mkDerivation rec { - version = "1.8"; - name = "weechat-${version}"; - - src = fetchurl { - url = "http://weechat.org/files/src/weechat-${version}.tar.bz2"; - sha256 = "10km0437lg9ms6f16h20s89l2w9f9g597rykybxb16s95ql48z08"; - }; - - outputs = [ "out" "doc" ]; - - enableParallelBuilding = true; - cmakeFlags = with stdenv.lib; [ - "-DENABLE_MAN=ON" - "-DENABLE_DOC=ON" - ] - ++ optionals stdenv.isDarwin ["-DICONV_LIBRARY=${libiconv}/lib/libiconv.dylib" "-DCMAKE_FIND_FRAMEWORK=LAST"] - ++ optional (!guileSupport) "-DENABLE_GUILE=OFF" - ++ optional (!luaSupport) "-DENABLE_LUA=OFF" - ++ optional (!perlSupport) "-DENABLE_PERL=OFF" - ++ optional (!rubySupport) "-DENABLE_RUBY=OFF" - ++ optional (!tclSupport) "-DENABLE_TCL=OFF" - ; - - buildInputs = with stdenv.lib; [ - ncurses python openssl aspell gnutls zlib curl pkgconfig - libgcrypt pycrypto makeWrapper - cmake - asciidoctor - ] - ++ optional guileSupport guile - ++ optional luaSupport lua5 - ++ optional perlSupport perl - ++ optional rubySupport ruby - ++ optional tclSupport tcl - ++ extraBuildInputs; - - NIX_CFLAGS_COMPILE = "-I${python}/include/${python.libPrefix}" - # Fix '_res_9_init: undefined symbol' error - + (stdenv.lib.optionalString stdenv.isDarwin "-DBIND_8_COMPAT=1 -lresolv"); - - postInstall = with stdenv.lib; '' - NIX_PYTHONPATH="$out/lib/${python.libPrefix}/site-packages" - wrapProgram "$out/bin/weechat" \ - ${optionalString perlSupport "--prefix PATH : ${perl}/bin"} \ - --prefix PATH : ${pythonPackages.python}/bin \ - --prefix PYTHONPATH : "$PYTHONPATH" \ - --prefix PYTHONPATH : "$NIX_PYTHONPATH" - ''; - - meta = { - homepage = http://www.weechat.org/; - description = "A fast, light and extensible chat client"; - license = stdenv.lib.licenses.gpl3; - maintainers = with stdenv.lib.maintainers; [ lovek323 garbas the-kenny ]; - platforms = stdenv.lib.platforms.unix; - }; -} diff --git a/krebs/5pkgs/simple/withGetopt.nix b/krebs/5pkgs/simple/withGetopt.nix new file mode 100644 index 00000000..196e6765 --- /dev/null +++ b/krebs/5pkgs/simple/withGetopt.nix @@ -0,0 +1,118 @@ +with import <stockholm/lib>; +{ utillinux, writeDash }: + +opt-spec: cmd-spec: let + + cmd = cmd-spec opts; + + cmd-script = + if typeOf cmd == "set" + then "exec ${cmd}" + else cmd; + + opts = mapAttrs (name: value: value // rec { + long = value.long or (replaceStrings ["_"] ["-"] name); + ref |