diff options
| -rw-r--r-- | kartei/feliks/default.nix | 20 | ||||
| -rw-r--r-- | kartei/mic92/default.nix | 30 | ||||
| -rw-r--r-- | kartei/rtunreal/default.nix | 7 | ||||
| -rwxr-xr-x | kartei/trust-gpg.sh | 13 | ||||
| -rw-r--r-- | kartei/tv/hosts/ni.nix | 4 | ||||
| -rw-r--r-- | kartei/ynnel/default.nix | 32 | ||||
| -rw-r--r-- | krebs/1systems/hotdog/config.nix | 1 | ||||
| -rw-r--r-- | krebs/2configs/ircd.nix | 2 | ||||
| -rw-r--r-- | krebs/2configs/reaktor2.nix | 40 | ||||
| -rw-r--r-- | krebs/2configs/repo-sync.nix | 110 | ||||
| -rw-r--r-- | krebs/3modules/konsens.nix | 3 | ||||
| -rw-r--r-- | krebs/nixpkgs-unstable.json | 8 | ||||
| -rw-r--r-- | krebs/nixpkgs.json | 8 | ||||
| -rw-r--r-- | lass/1systems/aergia/physical.nix | 1 | ||||
| -rw-r--r-- | lass/1systems/neoprism/config.nix | 1 | ||||
| -rw-r--r-- | lass/1systems/prism/config.nix | 1 | ||||
| -rw-r--r-- | lass/2configs/binary-cache/client.nix | 1 | ||||
| -rw-r--r-- | lass/2configs/binary-cache/proxy.nix | 13 | ||||
| -rw-r--r-- | lass/2configs/binary-cache/server.nix | 10 | ||||
| -rw-r--r-- | lass/2configs/gsm-wiki.nix | 26 | ||||
| -rw-r--r-- | lass/2configs/mumble-reminder.nix | 8 |
21 files changed, 220 insertions, 119 deletions
diff --git a/kartei/feliks/default.nix b/kartei/feliks/default.nix index 33f7f966..e98da7bc 100644 --- a/kartei/feliks/default.nix +++ b/kartei/feliks/default.nix @@ -1,12 +1,16 @@ with import ../../lib; { config, ... }: let hostDefaults = hostName: host: flip recursiveUpdate host ({ + owner = config.krebs.users.feliks; ci = false; external = true; monitoring = false; } // optionalAttrs (host.nets?retiolum) { nets.retiolum.ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + } // optionalAttrs (host.nets?wiregrill) { + nets.wiregrill.ip6.addr = + (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; }); in { users.feliks = { @@ -14,11 +18,10 @@ in { }; hosts = mapAttrs hostDefaults { papawhakaaro = { - owner = config.krebs.users.feliks; nets = { retiolum = { ip4.addr = "10.243.10.243"; - aliases = [ "papawhakaaro.r" ]; + aliases = [ "papawhakaaro.r" "tp.feliks.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEA4bd0lVUVlzFmM8TuH77C5VctcK4lkw02LbMVQDJ5U+Ww075nNahw @@ -39,11 +42,10 @@ in { }; }; iti = { - owner = config.krebs.users.feliks; nets = { retiolum = { ip4.addr = "10.243.10.244"; - aliases = [ "iti.r" ]; + aliases = [ "iti.r" "ltd.feliks.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEA5TXEmw3F3lCekITBPW8QYF1ciKHN8RSi47k1vW+jXb6gdWcVo5KL @@ -64,11 +66,10 @@ in { }; }; tumaukainga = { - owner = config.krebs.users.feliks; nets = { retiolum = { ip4.addr = "10.243.10.245"; - aliases = [ "tumaukainga.r" ]; + aliases = [ "tumaukainga.r" "hs.feliks.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEAj1q28QzUlag0i+2ZEpZyQEbrtuODj6pCCt2IX1Uz1B83outO2l/n @@ -88,5 +89,12 @@ in { }; }; }; + ahuatangata = { + nets.wiregrill = { + ip4.addr = "10.244.10.246"; + aliases = [ "ahuatangata" "ndrd.feliks.r" ]; + wireguard.pubkey = "QPDGBEYJ1znqUdjy6JWZJ+cqPMcU67dHlOX5beTM6TA="; + }; + }; }; } diff --git a/kartei/mic92/default.nix b/kartei/mic92/default.nix index 78206a24..952b5fd4 100644 --- a/kartei/mic92/default.nix +++ b/kartei/mic92/default.nix @@ -90,6 +90,7 @@ in { "tts.r" "flood.r" "warez.r" + "bing-gpt.r" "navidrome.r" ]; tinc.pubkey = '' @@ -788,7 +789,7 @@ in { aliases = [ "jack.r" "stable-confusion.r" - "llama.r" + "vicuna.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -910,6 +911,33 @@ in { }; }; + donna = { + owner = config.krebs.users.mic92; + nets = rec { + internet = { + # clara.dse.in.tum.de + ip4.addr = "131.159.38.222"; + ip6.addr = "2a09:80c0:38::222"; + aliases = [ "donna.i" ]; + }; + retiolum = { + via = internet; + aliases = [ "donna.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAs34lPq8SnVdzMdPkWQMfeM061Yh95wqqGOdGODiyoWdsP0ErRH3/ + HjgmB7luMl7MdL3ZKIpZe/IR2OSAL+6HBE/JPIapO2e1DFFEg42AI58lgjrR0yEr + Q59ZeGu+V95l+jC08IUoS9K6SVTkDCVe2b4Akf5oMtHAAG+ELtzh2zrPH6lkrXYd + LvzIWcrmqu1AnmmUiHT1JleCDfSn2m/ev+LcY109lN7LCFA5VL12/EP2FhM3ELHq + j2gAdvD1LAKq4var2MnR0MnKg0k1vMGSgwK+hj0AoLNiYivo8bxoRBNbUb94o4jQ + 8xfbYyAFxpxdi/bFDmT1UjkouJ1Y8I8GJwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "8XlFDxQoGq6Fr40PTDyF8GUwP2+YSDp8By0vlKn1OlO"; + }; + }; + }; + clara = { owner = config.krebs.users.mic92; nets = rec { diff --git a/kartei/rtunreal/default.nix b/kartei/rtunreal/default.nix index faa593c6..9d57c0fc 100644 --- a/kartei/rtunreal/default.nix +++ b/kartei/rtunreal/default.nix @@ -74,5 +74,12 @@ in tinc.pubkey_ed25519 = "YJE4KD9PhDjxucDAGrbec5Yqqf3A8/VU0J0NV8EPXuN"; }; }; + rtgraphene = { + nets.wiregrill = { + aliases = [ "graphene.rtunreal.w" ]; + ip4.addr = "10.244.20.20"; + wireguard.pubkey = "IZ7tnD5ZVqO886hFzk6k92R70p1J6jYvyIEAWUccehU="; + }; + }; }; } diff --git a/kartei/trust-gpg.sh b/kartei/trust-gpg.sh new file mode 100755 index 00000000..84b67aeb --- /dev/null +++ b/kartei/trust-gpg.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# usage: $0 +set -eu +WD=$(dirname "$(realpath "$0")") +PUBKEYS= +for key in "$WD"/kmein/kmein.gpg "$WD"/lass/pgp/* "$WD"/makefu/pgp/* "$WD"/tv/pgp/*; do + echo "$key" >&2 + keyid=$(gpg --with-colons --fingerprint --import-options show-only --import "$key" | grep fpr | cut -d : -f 10 | head -1) + gpg --import "$key" >&2 + printf '5\ny\n' | gpg --command-fd 0 --expert --edit-key "$keyid" trust >&2 + PUBKEYS="${PUBKEYS}${keyid}\n" +done +printf "$PUBKEYS" diff --git a/kartei/tv/hosts/ni.nix b/kartei/tv/hosts/ni.nix index c4532165..aae5c5cd 100644 --- a/kartei/tv/hosts/ni.nix +++ b/kartei/tv/hosts/ni.nix @@ -17,11 +17,11 @@ nets = { internet = { ip4 = rec { - addr = "188.68.36.196"; + addr = "185.162.251.237"; prefix = "${addr}/32"; }; ip6 = rec { - addr = "2a03:4000:13:4c::1"; + addr = "2a03:4000:1a:cf::1"; prefix = "${addr}/64"; }; aliases = [ diff --git a/kartei/ynnel/default.nix b/kartei/ynnel/default.nix new file mode 100644 index 00000000..e7d98527 --- /dev/null +++ b/kartei/ynnel/default.nix @@ -0,0 +1,32 @@ +{ config, ... }: +let + lib = import ../../lib; +in +{ + users.ynnel = { + mail = "retiolum@lenny.ninja"; + }; + hosts.mokemoke = { + owner = config.krebs.users.ynnel; + nets.retiolum = { + aliases = [ "mokemoke.ynnel.r" ]; + ip6.addr = (lib.krebs.genipv6 "retiolum" "ynnel" { hostName = "mokemoke"; }).address; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA7rS560SZEPcSekW30dRF6ZTHOnb8WvuVgt3BFLRWhTgV5DqLqFa8 + fxT2TJci8ogYZtlnSCNKEhxup3wlIrAPLLzu5jL6hx4okfmyARGQqeUn9kD+jmGL + 9N9wjGXDp/CVyMIb5mcK2l0mvElvs7ae700GScq+2ASsFTHC/w2w2KoeDtt/UED9 + Cjy+kxP7SuzksigIuuA8gncf9FmfRgG31XGctX1H6hUywtq05oVRd5qMHeiI/l4v + jHJSadtlR1FuExMT9l7nRZ98yOLKWhDUym4qmi/3zsnDl38f9gcqlp040McUqfZl + 6mclphcthOv6xp7nCbEd58djBU1hrPHJJrk5qL0CGcTwaTBzZFvrV4lklfBFPhVv + dwiagzZDsTvQfXe7UJTSHOKhw+i7a7ok2n+IFhyd+GnQYeOvaBropjYgYDHbZ/u7 + d6E1xUVjANLtt2oOYfaH/LlERgucEcQY2qRyMBQXYTwp+d3ThTc+Vs0Lbo08rvFN + y76KXPsH8ptVVFK4DclK0GxI64JpnSmG/BHcU114K7LPNONQBSvE8UyZlMVkuZfc + qwBzyM70tKPoWmoxjBkQcXsK6JgclXohZ0jbMhRV5K4oDocAhEuUtOC5qG4IZo+R + BWc0bxueCaOQFqB6UKcZLgCj6ZhXHpqTSk/8MBevxrbH44I+4oYwQOkCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "um4yKCJkkBX9pISAa78SttNSqyEPhpCDGfL6FJA0wzK"; + }; + }; +} diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index a2087848..68355608 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -12,6 +12,7 @@ <stockholm/krebs/2configs/wiki.nix> <stockholm/krebs/2configs/acme.nix> <stockholm/krebs/2configs/mud.nix> + <stockholm/krebs/2configs/repo-sync.nix> <stockholm/krebs/2configs/cal.nix> <stockholm/krebs/2configs/mastodon.nix> diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index 5435ea16..c56883d3 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -38,6 +38,8 @@ hidden = false; password = "$2a$04$0AtVycWQJ07ymrDdKyAm2un3UVSVIzpzL3wsWbWb3PF95d1CZMcMO"; }; + server.max-line-length = 1024; + server.lookup-hostnames = true; }; }; } diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index 39039cc1..0a503141 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -51,6 +51,45 @@ let }; }; + bing = { + pattern = "!bing (.*)$"; + activate = "match"; + arguments = [1]; + timeoutSec = 1337; + command = { + filename = pkgs.writeDash "bing" '' + set -efu + report_error() { + printf '%s' "$*" | + curl -Ss http://p.r --data-binary @- | + tail -1 | + echo "error $(cat)" + exit 0 + } + export PATH=${makeBinPath [ + pkgs.coreutils + pkgs.curl + pkgs.jq + ]} + response=$(printf '%s' "$*" | + curl -SsG http://bing-gpt.r/api/chat --data-urlencode 'prompt@-' + ) + if [ "$?" -ne 0 ]; then + report_error "$response" + else + if ! text=$(printf '%s' "$response" | jq -er '.item.messages[1].text'); then + echo "$_from: $(report_error "$response")" + exit 0 + fi + printf '%s' "$text" | echo "$_from: $(cat)" + + printf '%s' "$response" | + jq -r '[.item.messages[1].sourceAttributions[].seeMoreUrl] | to_entries[] | "[\(.key + 1)]: \(.value)"' + fi + ''; + }; + }; + confuse = { pattern = "!confuse (.*)$"; activate = "match"; @@ -322,6 +361,7 @@ let } bedger-add bedger-balance + bing hooks.sed interrogate say diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix index e2be477f..9f129d81 100644 --- a/krebs/2configs/repo-sync.nix +++ b/krebs/2configs/repo-sync.nix @@ -22,7 +22,6 @@ let post-receive = pkgs.git-hooks.irc-announce { channel = "#xxx"; refs = [ - "refs/heads/master" "refs/heads/newest" "refs/tags/*" ]; @@ -37,7 +36,6 @@ let { user = with config.krebs.users; [ config.krebs.users."${config.networking.hostName}-repo-sync" - jeschli lass makefu tv @@ -50,7 +48,7 @@ let konsens-user ]; repo = [ repo ]; - perm = push ''refs/heads/master'' [ create merge ]; + perm = push "refs/heads/common" [ create merge ]; } { user = attrValues config.krebs.users; @@ -61,31 +59,18 @@ let repos."${name}" = repo; }; - sync-retiolum = { + sync-repo = { name, + remotes, desc ? "mirror for ${name}", section ? "mirror" }: { krebs.repo-sync.repos.${name} = { - branches = { - lassulus = { - origin.url = "http://cgit.lassul.us/${name}"; - mirror.url = "${mirror}${name}"; - }; - makefu = { - origin.url = "http://cgit.gum/${name}"; - mirror.url = "${mirror}${name}"; - }; - nin = { - origin.url = "http://cgit.onondaga.r/${name}"; - mirror.url = "${mirror}${name}"; - }; - tv = { - origin.url = "http://cgit.ni.r/${name}"; - mirror.url = "${mirror}${name}"; - }; - }; + branches = (lib.mapAttrs' (user: url: lib.nameValuePair user { + origin.url = url; + mirror.url = "${mirror}${name}"; + }) remotes); latest = { url = "${mirror}${name}"; ref = "heads/newest"; @@ -94,24 +79,6 @@ let krebs.git = defineRepo { inherit name desc section; }; }; - sync-remote = { - name, - url, - desc ? "mirror for ${name}", - section ? "mirror" - }: - { - krebs.repo-sync.repos.${name} = { - branches = { - remote = { - origin.url = url; - mirror.url = "${mirror}${name}"; - }; - }; - }; - krebs.git = defineRepo { inherit name desc section; }; - }; - in { krebs.git = { enable = true; @@ -126,7 +93,6 @@ in { krebs.konsens = { enable = true; repos = { - krops = { branchesToCheck = [ "lassulus" "tv" ]; }; stockholm = {}; }; }; @@ -137,52 +103,20 @@ in { }; imports = [ - (sync-retiolum { name = "the_playlist"; desc = "Good Music collection + tools"; section = "art"; }) - - (sync-retiolum { name = "stockholm"; desc = "take all computers hostage, they love it"; section = "configuration"; }) - - (sync-retiolum { name = "cholerab"; desc = "krebs thesauron & enterprise-patterns"; section = "documentation"; }) - - (sync-retiolum { name = "buildbot-classic"; desc = "fork of buildbot"; section = "software"; }) - (sync-retiolum { name = "disko"; desc = "take a description of your disk layout and produce a format script"; section = "software"; }) - (sync-retiolum { name = "news"; desc = "take a rss feed and a timeout and print it to stdout"; section = "software"; }) - (sync-retiolum { name = "krops"; desc = "krebs ops"; section = "software"; }) - (sync-retiolum { name = "go"; desc = "url shortener"; section = "software"; }) - (sync-retiolum { name = "much"; desc = "curses email client"; section = "software"; }) - (sync-retiolum { name = "newsbot-js"; desc = "irc rss/atom bot"; section = "software"; }) - (sync-retiolum { name = "nix-writers"; desc = "high level writers for nix"; section = "software"; }) - - (sync-retiolum { name = "cac-api"; desc = "CloudAtCost API command line interface"; section = "miscellaneous"; }) - (sync-retiolum { name = "dic"; desc = "dict.leo.org command line interface"; section = "miscellaneous"; }) - (sync-retiolum { name = "get"; section = "miscellaneous"; }) - (sync-retiolum { name = "hstool"; desc = "Haskell Development Environment ^_^"; section = "miscellaneous"; }) - (sync-retiolum { name = "htgen"; desc = "toy HTTP server"; section = "miscellaneous"; }) - (sync-retiolum { name = "kirk"; desc = "IRC tools"; section = "miscellaneous"; }) - (sync-retiolum { name = "load-env"; section = "miscellaneous"; }) - (sync-retiolum { name = "loldns"; desc = "toy DNS server"; section = "miscellaneous"; }) - (sync-retiolum { name = "netcup"; desc = "netcup command line interface"; section = "miscellaneous"; }) - (sync-retiolum { name = "populate"; desc = "source code installer"; section = "miscellaneous"; }) - (sync-retiolum { name = "q"; section = "miscellaneous"; }) - (sync-retiolum { name = "regfish"; section = "miscellaneous"; }) - (sync-retiolum { name = "soundcloud"; desc = "SoundCloud command line interface"; section = "miscellaneous"; }) - - (sync-retiolum { name = "blessings"; section = "Haskell libraries"; }) - (sync-retiolum { name = "mime"; section = "Haskell libraries"; }) - (sync-retiolum { name = "quipper"; section = "Haskell libraries"; }) - (sync-retiolum { name = "scanner"; section = "Haskell libraries"; }) - (sync-retiolum { name = "wai-middleware-time"; section = "Haskell libraries"; }) - (sync-retiolum { name = "web-routes-wai-custom"; section = "Haskell libraries"; }) - (sync-retiolum { name = "xintmap"; section = "Haskell libraries"; }) - (sync-retiolum { name = "xmonad-stockholm"; desc = "krebs xmonad modules"; section = "Haskell libraries"; }) - - (sync-remote { name = "array"; url = "https://github.com/makefu/array"; }) - (sync-remote { name = "email-header"; url = "https://github.com/4z3/email-header"; }) - (sync-remote { name = "mycube-flask"; url = "https://github.com/makefu/mycube-flask"; }) - (sync-remote { name = "reaktor-titlebot"; url = "https://github.com/makefu/reaktor-titlebot"; }) - (sync-remote { name = "repo-sync"; url = "https://github.com/makefu/repo-sync"; }) - (sync-remote { name = "skytraq-datalogger"; url = "https://github.com/makefu/skytraq-datalogger"; }) - (sync-remote { name = "realwallpaper"; url = "https://github.com/lassulus/realwallpaper"; }) - (sync-remote { name = "painload"; url = "https://github.com/krebs/painload"; }) - (sync-remote { name = "nixos-wiki"; url = "https://github.com/Mic92/nixos-wiki.wiki.git"; }) + (sync-repo { + name = "stockholm"; + desc = "take all computers hostage, they love it"; + section = "configuration"; + remotes = { + makefu = "http://cgit.gum.r/stockholm"; + tv = "http://cgit.ni.r/stockholm"; + lassulus = "http://cgit.orange.r/stockholm"; + }; + }) + ({ krebs.git = defineRepo { + name = "krops"; + desc = "deployment tools"; + section = "deployment"; + };}) ]; } diff --git a/krebs/3modules/konsens.nix b/krebs/3modules/konsens.nix index 81486810..439bcc7f 100644 --- a/krebs/3modules/konsens.nix +++ b/krebs/3modules/konsens.nix @@ -39,10 +39,13 @@ let }; imp = { + users.groups.konsens.gid = genid "konsens"; users.users.konsens = rec { name = "konsens"; + group = "konsens"; uid = genid name; home = "/var/lib/konsens"; + isSystemUser = true; createHome = true; }; diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 88567273..bd1ab98c 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "19cf008bb18e47b6e3b4e16e32a9a4bdd4b45f7e", - "date": "2023-03-21T23:16:58+01:00", - "path": "/nix/store/rg3f6v4f7mba0kqnhiarj7yg6066cc5v-nixpkgs", - "sha256": "0myq7fnykna5qazbk6hdgahy148yd7f5l8nrxhzllj67y86a5sxw", + "rev": "645bc49f34fa8eff95479f0345ff57e55b53437e", + "date": "2023-04-19T18:04:47+02:00", + "path": "/nix/store/jh86824939585dinrs1zlkh6cvz8l8l7-nixpkgs", + "sha256": "0kfndc7xdkm89yl0f27wdnwd6gdad3i49jx7gvaib1hz0ifpmxzv", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 11841578..7e478e9c 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "e2c97799da5f5cd87adfa5017fba971771e123ef", - "date": "2023-03-20T14:29:52+01:00", - "path": "/nix/store/vxca9w313d1bzw9dx4yaw8c0vrqjxa0p-nixpkgs", - "sha256": "0qff1r8k0m19z1ppzb8gk5xrnlvabjdl3pqwpc3y5bm15qxzk25s", + "rev": "fd901ef4bf93499374c5af385b2943f5801c0833", + "date": "2023-04-22T11:27:49+08:00", + "path": "/nix/store/gpfv5hbki6g1b63nqw7md5bjlcpzsz1w-nixpkgs", + "sha256": "1fd7xyfna0klfbv37qq1ms2j4gzjpy14a8vbnw1i8ix6fijkywjf", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/lass/1systems/aergia/physical.nix b/lass/1systems/aergia/physical.nix index 02363908..692f68dc 100644 --- a/lass/1systems/aergia/physical.nix +++ b/lass/1systems/aergia/physical.nix @@ -87,7 +87,6 @@ # textsize services.xserver.dpi = 200; - hardware.video.hidpi.enable = lib.mkDefault true; # corectrl programs.corectrl = { diff --git a/lass/1systems/neoprism/config.nix b/lass/1systems/neoprism/config.nix index cc08070a..7b402f8a 100644 --- a/lass/1systems/neoprism/config.nix +++ b/lass/1systems/neoprism/config.nix @@ -4,6 +4,7 @@ imports = [ <stockholm/lass> <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/gsm-wiki.nix> # sync-containers <stockholm/lass/2configs/consul.nix> diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 2e82fae6..e1f92c51 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -127,6 +127,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/exim-smarthost.nix> <stockholm/lass/2configs/privoxy-retiolum.nix> <stockholm/lass/2configs/binary-cache/server.nix> + <stockholm/lass/2configs/binary-cache/proxy.nix> <stockholm/lass/2configs/iodined.nix> <stockholm/lass/2configs/paste.nix> <stockholm/lass/2configs/syncthing.nix> diff --git a/lass/2configs/binary-cache/client.nix b/lass/2configs/binary-cache/client.nix index b0e0a8b8..de15aff9 100644 --- a/lass/2configs/binary-cache/client.nix +++ b/lass/2configs/binary-cache/client.nix @@ -4,6 +4,7 @@ nix = { binaryCaches = [ "http://cache.prism.r" + "http://cache.neoprism.r" "https://cache.nixos.org/" ]; binaryCachePublicKeys = [ diff --git a/lass/2configs/binary-cache/proxy.nix b/lass/2configs/binary-cache/proxy.nix new file mode 100644 index 00000000..a6ecb044 --- /dev/null +++ b/lass/2configs/binary-cache/proxy.nix @@ -0,0 +1,13 @@ +{ config, lib, pkgs, ...}: +{ + services.nginx = { + enable = true; + virtualHosts."cache.krebsco.de" = { + enableACME = true; + forceSSL = true; + locations."/".extraConfig = '' + proxy_pass http://cache.neoprism.r/; + ''; + }; + }; +} diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix index 30bef513..bdd568c1 100644 --- a/lass/2configs/binary-cache/server.nix +++ b/lass/2configs/binary-cache/server.nix @@ -14,7 +14,7 @@ services.nginx = { enable = true; virtualHosts.nix-serve = { - serverAliases = [ "cache.prism.r" ]; + serverAliases = [ "cache.${config.networking.hostName}.r" ]; locations."/".extraConfig = '' proxy_pass http://localhost:${toString config.services.nix-serve.port}; ''; @@ -26,14 +26,6 @@ ''}; ''; }; - virtualHosts."cache.krebsco.de" = { - forceSSL = true; - serverAliases = [ "cache.lassul.us" ]; - enableACME = true; - locations."/".extraConfig = '' - proxy_pass http://localhost:${toString config.services.nix-serve.port}; - ''; - }; }; } diff --git a/lass/2configs/gsm-wiki.nix b/lass/2configs/gsm-wiki.nix new file mode 100644 index 00000000..69508a15 --- /dev/null +++ b/lass/2configs/gsm-wiki.nix @@ -0,0 +1,26 @@ +{ config, lib, pkgs, ... }: +{ + services.nginx.virtualHosts."docs.c3gsm.de" = { + forceSSL = true; + enableACME = true; + locations."/".extraConfig = '' + auth_basic "Restricted Content"; + auth_basic_user_file ${pkgs.writeText "flix-user-pass" '' + c3gsm:$apr1$q9OrPI4C$7AY4EIp3J2Xc4eLMbPGE21 + ''}; + root /srv/http/docs.c3gsm.de; + ''; + }; + + users.users.c3gsm-docs = { + isNormalUser = true; + home = "/srv/http/docs.c3gsm.de"; + createHome = true; + homeMode = "750"; + useDefaultShell = true; + group = "nginx"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAlW1fvCrVXhVH/z76fXBWYR/qyecYTE9VOOkFLJ6OwG user@osmocom-dev" + ]; + }; +} diff --git a/lass/2configs/mumble-reminder.nix b/lass/2configs/mumble-reminder.nix index c4cc60dc..0067d64e 100644 --- a/lass/2configs/mumble-reminder.nix +++ b/lass/2configs/mumble-reminder.nix @@ -80,26 +80,26 @@ in { }; systemd.services.mumble-reminder-nixos = { description = "weekly reminder for nixos mumble"; - startAt = "Thu *-*-* 17:00:00 Europe/Berlin"; + startAt = "Wed *-*-* 19:00:00 Europe/Berlin"; serviceConfig = { ExecStart = pkgs.writers.writeDash "mumble_reminder" '' animals=' ${animals} ' - ${write_to_irc "#nixos"} "Es ist Donnerstag meine $(echo "$animals" | grep -v '^$' | shuf -n1 )!" + ${write_to_irc "#nixos"} "Es ist Mittwoch meine $(echo "$animals" | grep -v '^$' | shuf -n1 )!" ${write_to_irc "#nixos"} "kommt auf mumble://lassul.us" ''; }; }; systemd.services.mumble-reminder-krebs = { description = "weekly reminder for nixos mumble"; - startAt = "Thu *-*-* 19:00:00 Europe/Berlin"; + startAt = "Wed *-*-* 19:00:00 Europe/Berlin"; serviceConfig = { ExecStart = pkgs.writers.writeDash "mumble_reminder" '' animals=' ${animals} ' - ${write_to_irc "#krebs"} "Es ist Donnerstag meine $(echo "$animals" | grep -v '^$' | shuf -n1 )!" + ${write_to_irc "#krebs"} "Es ist Mittwoch meine $(echo "$animals" | grep -v '^$' | shuf -n1 )!" ${write_to_irc "#krebs"} "$(cat /var/lib/reaktor2-mumble-reminder/users | ${pkgs.findutils}/bin/xargs echo) : mumble?" ''; }; |