From dba3ca21f28dbb213d6dc44cfc301a958f87a623 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 18 Jan 2021 21:00:08 +0100 Subject: update krebsco.de A records --- krebs/3modules/default.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 8c620a4e..0b3d2c79 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -90,8 +90,10 @@ let @ IN SOA dns19.ovh.net. tech.ovh.net. (2015052000 86400 3600 3600000 86400) IN NS ns19.ovh.net. IN NS dns19.ovh.net. - IN A 192.30.252.154 - IN A 192.30.252.153 + IN A 185.199.108.153 + IN A 185.199.109.153 + IN A 185.199.110.153 + IN A 185.199.111.153 ''; }; }; -- cgit v1.2.3 From 8d6a964c86d7a556cce6180a77a4828d4a93fe90 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 20 Jan 2021 19:55:52 +0100 Subject: brockman: 3.0.0 -> 3.2.0 --- krebs/5pkgs/haskell/brockman.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/krebs/5pkgs/haskell/brockman.nix b/krebs/5pkgs/haskell/brockman.nix index c6d01edc..798adeee 100644 --- a/krebs/5pkgs/haskell/brockman.nix +++ b/krebs/5pkgs/haskell/brockman.nix @@ -1,24 +1,26 @@ { mkDerivation, aeson, aeson-pretty, base, bloomfilter, bytestring , conduit, containers, directory, feed, filepath, hslogger , html-entity, http-client, irc-conduit, lens, network -, optparse-applicative, random, safe, stdenv, text, wreq +, optparse-applicative, random, safe, stdenv, text, time, timerep +, wreq , fetchFromGitHub }: mkDerivation rec { pname = "brockman"; - version = "3.0.0"; + version = "3.2.0"; src = fetchFromGitHub { owner = "kmein"; repo = "brockman"; rev = version; - sha256 = "08yla9q2mjd7znpasfwsdqzc3dp2vcvg53x9p4vlx4g7jr3dw3yp"; + sha256 = "0vvps5czl6qcpfyrm2a6vj00hdh941wj4zb2bd9jlgf9mfikqm77"; }; isLibrary = false; isExecutable = true; executableHaskellDepends = [ aeson aeson-pretty base bloomfilter bytestring conduit containers directory feed filepath hslogger html-entity http-client - irc-conduit lens network optparse-applicative random safe text wreq + irc-conduit lens network optparse-applicative random safe text time + timerep wreq ]; license = stdenv.lib.licenses.mit; } -- cgit v1.2.3 From f4846c2f93df980944ef583e8e593639f8ce3964 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 21 Jan 2021 17:58:27 +0100 Subject: news: add brockman-helper reaktor2 bot --- krebs/2configs/news.nix | 53 +++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 51 insertions(+), 2 deletions(-) diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index f40997f8..04a84392 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ config, pkgs, ... }: { services.rss-bridge = { @@ -22,7 +22,6 @@ "d /var/lib/brockman 1750 brockman nginx -" ]; - systemd.services.brockman.environment.BROCKMAN_LOG_LEVEL = "DEBUG"; krebs.brockman = { enable = true; config = { @@ -36,4 +35,54 @@ bots = {}; }; }; + + krebs.reaktor2.news = { + hostname = "localhost"; + port = "6667"; + nick = "brockman-helper"; + plugins = [ + { + plugin = "register"; + config = { + channels = [ + "#all" + "#aluhut" + "#news" + ]; + }; + } + { + plugin = "system"; + config = { + hooks.PRIVMSG = [ + { + activate = "match"; + pattern = "^(?:.*\\s)?\\s*brockman-helper:\\s*([0-9A-Za-z._][0-9A-Za-z._-]*)(?:\\s+(.*\\S))?\\s*$"; + command = 1; + arguments = [2]; + commands = { + add-telegram.filename = pkgs.writeDash "add-telegram" '' + if [ "$#" -ne 1 ]; then + echo 'usage: brockman-helper: add-telegram $telegramname' + echo "$#" + exit 1 + fi + echo "brockman: add t_$1 http://rss.r/?action=display&bridge=Telegram&username=$1&format=Mrss" + ''; + search.filename = pkgs.writeDash "search" '' + if [ "$#" -ne 1 ]; then + echo 'usage: brockman-helper: search $searchterm' + echo "$#" + exit 1 + fi + ${pkgs.curl}/bin/curl -Ss "https://feedsearch.dev/api/v1/search?url=$1&info=true&favicon=false" | \ + ${pkgs.jq}/bin/jq '.[].url' + ''; + }; + } + ]; + }; + } + ]; + }; } -- cgit v1.2.3 From 5c669397dac74d4c63281a7c785465569e93643e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 14:11:16 +0100 Subject: brockman: 3.2.0 -> 3.2.3 --- krebs/5pkgs/haskell/brockman.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/krebs/5pkgs/haskell/brockman.nix b/krebs/5pkgs/haskell/brockman.nix index 798adeee..5f1166a2 100644 --- a/krebs/5pkgs/haskell/brockman.nix +++ b/krebs/5pkgs/haskell/brockman.nix @@ -1,26 +1,26 @@ { mkDerivation, aeson, aeson-pretty, base, bloomfilter, bytestring -, conduit, containers, directory, feed, filepath, hslogger -, html-entity, http-client, irc-conduit, lens, network +, case-insensitive, conduit, containers, directory, feed, filepath +, hslogger, html-entity, http-client, irc-conduit, lens, network , optparse-applicative, random, safe, stdenv, text, time, timerep , wreq , fetchFromGitHub }: mkDerivation rec { pname = "brockman"; - version = "3.2.0"; + version = "3.2.3"; src = fetchFromGitHub { owner = "kmein"; repo = "brockman"; rev = version; - sha256 = "0vvps5czl6qcpfyrm2a6vj00hdh941wj4zb2bd9jlgf9mfikqm77"; + sha256 = "1qbjbf0l1ikfzmvky4cnvv7nlcwi2in4afliifh618j0a4f7j427"; }; isLibrary = false; isExecutable = true; executableHaskellDepends = [ - aeson aeson-pretty base bloomfilter bytestring conduit containers - directory feed filepath hslogger html-entity http-client - irc-conduit lens network optparse-applicative random safe text time - timerep wreq + aeson aeson-pretty base bloomfilter bytestring case-insensitive + conduit containers directory feed filepath hslogger html-entity + http-client irc-conduit lens network optparse-applicative random + safe text time timerep wreq ]; license = stdenv.lib.licenses.mit; } -- cgit v1.2.3 From 034185780670fc7466cce8a839b59abd849e3f89 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 14:11:48 +0100 Subject: realwallpaper: add wallpaper with markers but without krebs --- krebs/5pkgs/simple/realwallpaper/default.nix | 46 ++++++++++++++++++++-------- 1 file changed, 34 insertions(+), 12 deletions(-) diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix index 56a7dfb9..e55454a0 100644 --- a/krebs/5pkgs/simple/realwallpaper/default.nix +++ b/krebs/5pkgs/simple/realwallpaper/default.nix @@ -192,18 +192,15 @@ pkgs.writers.writeDashBin "generate-wallpaper" '' fi # create marker file from json - if [ -s marker.json ]; then - jq -r 'to_entries[] | @json "\(.value.latitude) \(.value.longitude) image=krebs.png"' marker.json > marker_file - echo 'position=sun image=sun.png' >> marker_file - echo 'position=moon image=moon.png' >> marker_file - echo 'position=mercury image=mercury.png' >> marker_file - echo 'position=venus image=venus.png' >> marker_file - echo 'position=mars image=mars.png' >> marker_file - echo 'position=jupiter image=jupiter.png' >> marker_file - echo 'position=saturn image=saturn.png' >> marker_file - echo 'position=uranus image=uranus.png' >> marker_file - echo 'position=neptune image=neptune.png' >> marker_file - fi + echo 'position=sun image=sun.png' > marker_file + echo 'position=moon image=moon.png' >> marker_file + echo 'position=mercury image=mercury.png' >> marker_file + echo 'position=venus image=venus.png' >> marker_file + echo 'position=mars image=mars.png' >> marker_file + echo 'position=jupiter image=jupiter.png' >> marker_file + echo 'position=saturn image=saturn.png' >> marker_file + echo 'position=uranus image=uranus.png' >> marker_file + echo 'position=neptune image=neptune.png' >> marker_file # generate moon xplanet -body moon --num_times 1 -origin earth \ @@ -227,6 +224,24 @@ pkgs.writers.writeDashBin "generate-wallpaper" '' shade=15 ''} + xplanet --num_times 1 --geometry $xplanet_out_size \ + --output xplanet-marker-output.png --projection merc \ + -config ${pkgs.writeText "xplanet-marker.config" '' + [earth] + "Earth" + map=daymap-final.png + night_map=nightmap-final.png + cloud_map=clouds.png + cloud_threshold=1 + cloud_gamma=10 + marker_file=marker_file + shade=15 + ''} + + if [ -s marker.json ]; then + jq -r 'to_entries[] | @json "\(.value.latitude) \(.value.longitude) image=krebs.png"' marker.json >> marker_file + fi + xplanet --num_times 1 --geometry $xplanet_out_size \ --output xplanet-krebs-output.png --projection merc \ -config ${pkgs.writeText "xplanet-krebs.config" '' @@ -248,6 +263,13 @@ pkgs.writers.writeDashBin "generate-wallpaper" '' mv realwallpaper-tmp.png realwallpaper.png fi + # trim xplanet output + if needs_rebuild realwallpaper-marker.png xplanet-marker-output.png; then + convert xplanet-marker-output.png -crop $out_geometry \ + realwallpaper-marker-tmp.png + mv realwallpaper-marker-tmp.png realwallpaper-marker.png + fi + if needs_rebuild realwallpaper-krebs.png xplanet-krebs-output.png; then convert xplanet-krebs-output.png -crop $out_geometry \ realwallpaper-krebs-tmp.png -- cgit v1.2.3 From 4484a3e5fc3181ae5ec8cc5056a23947756ff558 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 17:33:17 +0100 Subject: l: add lass-green user --- krebs/3modules/lass/default.nix | 5 +++++ krebs/3modules/lass/pgp/green.pgp | 40 +++++++++++++++++++++++++++++++++++ krebs/3modules/lass/ssh/green.ed25519 | 1 + 3 files changed, 46 insertions(+) create mode 100644 krebs/3modules/lass/pgp/green.pgp create mode 100644 krebs/3modules/lass/ssh/green.ed25519 diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index a4586bed..6d31bffd 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -699,6 +699,11 @@ in { pubkey = builtins.readFile ./ssh/blue.rsa; pgp.pubkeys.default = builtins.readFile ./pgp/blue.pgp; }; + lass-green = { + mail = "lass@green.r"; + pubkey = builtins.readFile ./ssh/green.ed25519; + pgp.pubkeys.default = builtins.readFile ./pgp/green.pgp; + }; lass-mors = { mail = "lass@mors.r"; pubkey = builtins.readFile ./ssh/mors.rsa; diff --git a/krebs/3modules/lass/pgp/green.pgp b/krebs/3modules/lass/pgp/green.pgp new file mode 100644 index 00000000..96b2b38e --- /dev/null +++ b/krebs/3modules/lass/pgp/green.pgp @@ -0,0 +1,40 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGNBGAMS3EBDACzbsaP9nhJ8GrAk5JLlz+ruDbEGuvJXvh+spVq9i9TCCGAraPo +z8Tmgsw6SJhJMW/170OZJ+GMMEDRpRbvh8tLZ0jsTIwINasRjC68tF9dgjjPZdNN +cVOpFw4Wf4ueMmoEG/9Xyehm+YEJFTj5wul2uJtfj5NJB43daDn4e3ieGExd+zE0 +FTP4yAmxVMbN4BiyZPX7CxeTzJS0g4aVnMq9RqtYbxd1Uv++LmPh1ZkEyNNKItfC +nRFeZzjhnmD7LvwsixE2ENnbiL9Ho7Mc4C7kRKSJ+LvXH6ChJJtDy9ApVA+u90i5 +Rd7y9rdzFY+NCHusWg0/U/t2FoLc/hRa0eLE1KFtzWzH35TMl8R/7NrPztTwT/fH +xt3qSiwMUvH9X9TGvh5N0WwqgtEe6mpZvpq+4gyOiyA+EwE73rnxG2DzmM6CFHyo +Qm/OOfjuFH+l0PkAqti+f41SqlEOiOAAFzgz7gaTdJ8gXs8piOGxk4U5EK/p1OTW +4e6DrxqcxmHgoAUAEQEAAbQMbGFzc0BncmVlbi5yiQHUBBMBCAA+FiEE6Ed5jGI3 +gop09K1NMwheLc2Sjz0FAmAMS3ECGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwEC +HgECF4AACgkQMwheLc2Sjz0otwv+I8Sw0ENqy6SsrZSGDtmhAouCeTIUseRQ66tp +UFnxDVPYhhdM2ubTtIqOfx20Xdy/7N/POyYMJ5VR+IaFcB9wUlrhdjwUlCtoUipx +EycZloccMPGySxAxR3Kcy/SFzUKWwQ10/mfSQg/4+vYayZNuSvEpviMEZn0prpmw +jwFJcHOu0NL+7eYULMdit1BDaZfBaAu/otKn18878+0hVimyjW27564uXtJYnbf1 +hUVGvPLaSo74XBFra+kujcA3zIjWiPn6dRA5dzLrRRkb30Unl1+0a9QwY3wd3vCV +UHWSgDNaV+o7yPTuxoMsfrxHPAc3JlaKM6ka/EdK04tbgMH/N7FHXqDqCEIBWML4 +1/+HxkP2UW59zLefQwvBqWcF6bA7kgHGhIDkg1yg7ygP0t2mH6ktuEAYYr24BFx7 +b8nK/jhK+rp3LomLTLQ6e/6mikfoDr636sB1/Bc+pTdWsJnuQTzaWBDloVEr/2hz +/K5+wH2kgSKaWYUtaR6wiMbVKq3HuQGNBGAMS3EBDAC1xQNCJD3hlnihHBv7jxfH +CI5HdnUEh1eP8mUKjSE+Z0xGEMq8Z9sbTHQxtDdmC4ZOq1Kkt2LmtQQQAIH+Qnu6 +RYFOAPRmegouIxg4S3eTPZhZRo1ZqCphqbL2mQ9ifNrG3VVvQGXNvjo3Cuwj0uzx +EDtOilKEtHZhG0cfehGV+nO1n/g50EQMC7JkFWnryxVL8i4l3KstOdj+LcIT6c27 +EE2fzOUekeltBHGRFSM1Yzmn2lxruuK4I8zoiqak2St1788ay//F9tiZPfhWRb6+ +DF+JgRLCXatqTJppPpkui1irw6jN5ZabjyS7GBtH+5wpnvuMEMr484OXEg17VnCd +Tx/RTLyjfffDtTkC4M7oiAr5SUbkJjVkEuwjxp1N19epD8gzrBQC2W7XKM3z+mtG +ZLJtiW5hM+QylMv7VWxbQ21ObJmUqBQUZLPlpl3dlGU/ILw3U4urBibD9oPT2QAX +J6Db/STyl6w0bzRbMJmaEM4P0FcdEKTuw7tOpl5zBUkAEQEAAYkBtgQYAQgAIBYh +BOhHeYxiN4KKdPStTTMIXi3Nko89BQJgDEtxAhsMAAoJEDMIXi3Nko89yc8MAJKg +M5lbA/PJYlIju/qWKWt7yZbsIGuDfmuKfYftjXDOqskEqDyYgr31Txd43bWM6Ec7 +gb5JVmtzvLull0/KRwMcKAFNTXIYcb3jKpanwWRgHQlt/D6zlQula73WxwNUlZWl +Q8FCWjGa2hC8oKlTbtzm5osdcK+YhlpTpK5y4Mrg0f9Rcd297ygFQSDInpGq7ILY +sFat3HU7w9oPp9Q5RS8/EmrvAx1kFj9mZRs4L9inJJnHFpb1R6snojcKPwEyIWBi ++PFZ6ns296FjW9C+Ci7C+aaAzVDM7NAwU0/EhWeDKKHITU3Zaz4gnShesKBiVxhI +JQNFCjWlnc+o3RqbAhDQhlwFrCZWUxQi1qWy4U88IYqR9hxV0eNtGSRmwnGCT9RV +Nxb6CjtmHpgUmzyvwBpBJya8bLYu5tCKnUodtFiq/poxEfI5WrP6pu5l648AwuPa +ioovprweDWs38Q8wd/SuoaUtIoj378UDXq8acFvHHnOS/bBBfAE9tutY1ycJdg== +=Fg3f +-----END PGP PUBLIC KEY BLOCK----- diff --git a/krebs/3modules/lass/ssh/green.ed25519 b/krebs/3modules/lass/ssh/green.ed25519 new file mode 100644 index 00000000..1aa7b180 --- /dev/null +++ b/krebs/3modules/lass/ssh/green.ed25519 @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOJfTJ37hWYTYLWY6egshmvigPfRF0Sa4N11gmphMLm lass@green -- cgit v1.2.3 From 4dfe7ef01ecc7a7db7cb37ac227fa842fee250fc Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 17:34:08 +0100 Subject: l: add jitsi.lassul.us to record --- krebs/3modules/lass/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 6d31bffd..f9e4c6fe 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -44,6 +44,7 @@ in { matrix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + jitsi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} streaming 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; }; -- cgit v1.2.3 From e95b720d97c0723f9ae7d72ae76788e2d8130d30 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 17:34:29 +0100 Subject: l: grant green access everywhere --- lass/2configs/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 1cf421fe..f3534d94 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -22,6 +22,7 @@ with import ; openssh.authorizedKeys.keys = [ config.krebs.users.lass-mors.pubkey config.krebs.users.lass-blue.pubkey + config.krebs.users.lass-green.pubkey config.krebs.users.lass-yubikey.pubkey ]; }; @@ -40,6 +41,7 @@ with import ; openssh.authorizedKeys.keys = [ config.krebs.users.lass-mors.pubkey config.krebs.users.lass-blue.pubkey + config.krebs.users.lass-green.pubkey config.krebs.users.lass-yubikey.pubkey ]; }; -- cgit v1.2.3 From 859a6d1e732bfc40e65f5ed7b33d4014d77740a8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 17:34:59 +0100 Subject: l bindfs: add clearTarget option --- lass/3modules/bindfs.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lass/3modules/bindfs.nix b/lass/3modules/bindfs.nix index 5c8df8dc..c489ef16 100644 --- a/lass/3modules/bindfs.nix +++ b/lass/3modules/bindfs.nix @@ -28,6 +28,13 @@ in { type = types.listOf types.str; default = []; }; + clearTarget = mkOption { + description = '' + whether to clear the target folder before mounting + ''; + type = types.bool; + default = false; + }; }; })); default = {}; @@ -41,6 +48,9 @@ in { path = [ pkgs.coreutils ]; serviceConfig = { ExecStartPre = pkgs.writeDash "bindfs-init-${name}" '' + ${optionalString mount.clearTarget '' + rm -rf '${mount.target}' + ''} mkdir -p '${mount.source}' mkdir -p '${mount.target}' ''; -- cgit v1.2.3 From 1fb7abde922545b3b1ea3887bd5a3f2a57bbb0be Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 17:35:53 +0100 Subject: l sync-containers: fix ecryptfs startup bug --- lass/3modules/sync-containers.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/3modules/sync-containers.nix b/lass/3modules/sync-containers.nix index ca81458a..25ba2589 100644 --- a/lass/3modules/sync-containers.nix +++ b/lass/3modules/sync-containers.nix @@ -10,6 +10,8 @@ with import ; plain = '' ''; ecryptfs = '' + # we start and exit ecryptfs-manager again to circumvent a bug where mounting the ecryptfs fails + echo 4 | ${pkgs.ecryptfs}/bin/ecryptfs-manager if ! mount | grep -q '${cfg.dataLocation}/${cname}/ecryptfs on /var/lib/containers/${cname}/var/state type ecryptfs'; then if [ -e ${cfg.dataLocation}/${cname}/ecryptfs/.cfg.json ]; then ${pkgs.ecrypt}/bin/ecrypt mount ${cfg.dataLocation}/${cname}/ecryptfs /var/lib/containers/${cname}/var/state -- cgit v1.2.3 From 7a654da5dec445482ef40c4b9642f92e19693f2c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 17:36:12 +0100 Subject: l sync-containers: shutdown container if already up --- lass/3modules/sync-containers.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/3modules/sync-containers.nix b/lass/3modules/sync-containers.nix index 25ba2589..ebf440c4 100644 --- a/lass/3modules/sync-containers.nix +++ b/lass/3modules/sync-containers.nix @@ -155,6 +155,8 @@ in { if [ -h /var/lib/containers/${ctr.name}/var/src/nixos-config ] && (! ping -c1 -q -w5 ${ctr.name}.r); then ${pkgs.nixos-container}/bin/nixos-container run ${ctr.name} -- nixos-rebuild -I /var/src switch + else + ${(stop ctr.name).${ctr.format}} fi '') (pkgs.writeDashBin "stop-${ctr.name}" '' -- cgit v1.2.3 From dd90d71a7f0dface27455e2138d712d0a8fa61ce Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 17:37:52 +0100 Subject: l styx.r: add syncthing.id --- krebs/3modules/lass/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index f9e4c6fe..c5cf5cb1 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -686,6 +686,7 @@ in { }; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3OpzRB3382d7c2apdHC+U/R0ZlaWxXZa3GFAj54ZhU "; + syncthing.id = "JAVJ6ON-WLCWOA3-YB7EHPX-VGIN4XF-635NIVZ-WZ4HN4M-QRMLT4N-5PL5MQN"; }; }; users = rec { -- cgit v1.2.3 From 2185fb0bfa56b365e33d0baf0274499076c1166b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 18:08:37 +0100 Subject: l blue.r: remove weechat --- lass/1systems/blue/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index f6dc23d2..c4286cca 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -9,8 +9,8 @@ with import ; + - ]; krebs.build.host = config.krebs.hosts.blue; -- cgit v1.2.3 From 0b5b4b8eab751d0d1d32573c6f69d08a82b4af1e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 18:09:13 +0100 Subject: l green.r: setup with sync-containers --- lass/1systems/green/config.nix | 71 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 69 insertions(+), 2 deletions(-) diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix index 0b4b50ee..d7683ff5 100644 --- a/lass/1systems/green/config.nix +++ b/lass/1systems/green/config.nix @@ -9,13 +9,80 @@ with import ; + + + + + + ]; krebs.build.host = config.krebs.hosts.green; - #networking.nameservers = [ "1.1.1.1" ]; + users.users.mainUser.openssh.authorizedKeys.keys = [ + config.krebs.users.lass-android.pubkey + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMe23IAHn4Ow4J4i8M9GJshqvY80U11NKPLum6b1XLn" # weechat ssh tunnel + ]; + + lass.bindfs = { + "/home/lass/.weechat" = { + source = "/var/state/lass_weechat"; + options = [ + "-M ${concatMapStringsSep ":" (u: toString config.users.users.${u}.uid) [ "syncthing" "mainUser" ]}" + "--create-for-user=${toString config.users.users.syncthing.uid}" + ]; + }; + "/home/lass/Maildir" = { + source = "/var/state/lass_mail"; + options = [ + "-M ${toString config.users.users.mainUser.uid}" + ]; + }; + "/home/lass/sync" = { + source = "/var/state/lass_sync"; + options = [ + "-M ${concatMapStringsSep ":" (u: toString config.users.users.${u}.uid) [ "syncthing" "mainUser" ]}" + "--create-for-user=${toString config.users.users.syncthing.uid}" + ]; + }; + "/var/lib/bitlbee" = { + source = "/var/state/bitlbee"; + options = [ + "-M ${toString config.users.users.bitlbee.uid}" + ]; + clearTarget = true; + }; + "/home/lass/.ssh" = { + source = "/var/state/lass_ssh"; + options = [ + "-M ${toString config.users.users.mainUser.uid}" + ]; + clearTarget = true; + }; + "/home/lass/.gnupg" = { + source = "/var/state/lass_gnupg"; + options = [ + "-M ${toString config.users.users.mainUser.uid}" + ]; + clearTarget = true; + }; + }; - #time.timeZone = "Europe/Berlin"; + systemd.services."bindfs-_home_lass_Maildir".serviceConfig.ExecStartPost = pkgs.writeDash "symlink-notmuch" '' + sleep 1 + mkdir -p /home/lass/notmuch + chown lass: /home/lass/notmuch + ln -sfTr /home/lass/notmuch /home/lass/Maildir/.notmuch + + mkdir -p /home/lass/notmuch/muchsync + chown lass: /home/lass/notmuch/muchsync + mkdir -p /home/lass/Maildir/.muchsync + ln -sfTr /home/lass/Maildir/.muchsync /home/lass/notmuch/muchsync/tmp + ''; + + krebs.iptables.tables.nat.PREROUTING.rules = [ + { predicate = "-i eth0 -p tcp -m tcp --dport 22"; target = "ACCEPT"; precedence = 101; } + ]; } -- cgit v1.2.3 From 9e4d47c5b46a92436d8e71c17a61ab729d4c4133 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 18:20:52 +0100 Subject: l: don't always sync basedir --- lass/2configs/sync/sync.nix | 13 +++++++++++++ lass/2configs/syncthing.nix | 13 +------------ 2 files changed, 14 insertions(+), 12 deletions(-) create mode 100644 lass/2configs/sync/sync.nix diff --git a/lass/2configs/sync/sync.nix b/lass/2configs/sync/sync.nix new file mode 100644 index 00000000..bee1d03a --- /dev/null +++ b/lass/2configs/sync/sync.nix @@ -0,0 +1,13 @@ +{ + services.syncthing.declarative.folders."/home/lass/sync" = { + devices = [ "mors" "icarus" "xerxes" "shodan" "green" "blue" ]; + }; + krebs.permown."/home/lass/sync" = { + file-mode = "u+rw,g+rw"; + owner = "lass"; + group = "syncthing"; + umask = "0002"; + keepGoing = true; + }; +} + diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix index 7758b860..d31ce780 100644 --- a/lass/2configs/syncthing.nix +++ b/lass/2configs/syncthing.nix @@ -1,6 +1,5 @@ { config, pkgs, ... }: with import ; let all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts; - own_peers = filterAttrs (n: v: v.owner.name == "lass") all_peers; mk_peers = mapAttrs (n: v: { id = v.syncthing.id; }); in { services.syncthing = { @@ -11,10 +10,6 @@ in { key = toString ; cert = toString ; devices = mk_peers all_peers; - folders."/home/lass/sync" = { - devices = attrNames (filterAttrs (n: v: n != "phone") own_peers); - # ignorePerms = false; - }; }; }; krebs.iptables.tables.filter.INPUT.rules = [ @@ -26,11 +21,5 @@ in { ${pkgs.coreutils}/bin/chmod a+x /home/lass ''; - krebs.permown."/home/lass/sync" = { - file-mode = "u+rw,g+rw"; - owner = "lass"; - group = "syncthing"; - umask = "0002"; - keepGoing = true; - }; + boot.kernel.sysctl."fs.inotify.max_user_watches" = 524288; } -- cgit v1.2.3 From df53de085f35b9da52e31ca2db6c1f6d97062127 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 18:32:56 +0100 Subject: l: add missing IM.nix --- lass/2configs/IM.nix | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 lass/2configs/IM.nix diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix new file mode 100644 index 00000000..b79af3b4 --- /dev/null +++ b/lass/2configs/IM.nix @@ -0,0 +1,45 @@ +with (import ); +{ config, lib, pkgs, ... }: + +{ + imports = [ + ./bitlbee.nix + ]; + + systemd.services.chat = let + tmux = pkgs.writeDash "tmux" '' + exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" '' + set-option -g prefix ` + unbind-key C-b + bind ` send-prefix + + set-option -g status off + set-option -g default-terminal screen-256color + + #use session instead of windows + bind-key c new-session + bind-key p switch-client -p + bind-key n switch-client -n + bind-key C-s switch-client -l + ''} "$@" + ''; + in { + description = "chat environment setup"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + restartIfChanged = false; + + path = [ + pkgs.rxvt_unicode.terminfo + ]; + + serviceConfig = { + User = "lass"; + RemainAfterExit = true; + Type = "oneshot"; + ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat"; + ExecStop = "${tmux} kill-session -t IM"; + }; + }; +} -- cgit v1.2.3 From fbec363f091221f476c4a133630b16bf88ceb26c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 18:33:31 +0100 Subject: l domsen: remove inotify limits --- lass/2configs/websites/domsen.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index f3beb9eb..c43c8c90 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -285,7 +285,6 @@ in { ]; }; - boot.kernel.sysctl."fs.inotify.max_user_watches" = "1048576"; services.syncthing.declarative.folders = { domsen-backups = { path = "/backups/domsen"; -- cgit v1.2.3 From d618f52cda36f62b3744aa84422b4c9f28bdc61d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 18:43:55 +0100 Subject: l: add missing muchsync.nix --- lass/2configs/muchsync.nix | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 lass/2configs/muchsync.nix diff --git a/lass/2configs/muchsync.nix b/lass/2configs/muchsync.nix new file mode 100644 index 00000000..b09bf579 --- /dev/null +++ b/lass/2configs/muchsync.nix @@ -0,0 +1,40 @@ +with (import ); +{ config, pkgs, ... }: + +{ + systemd.services.muchsync = let + hosts = [ + "mors.r" + "green.r" + "blue.r" + ]; + in { + description = "sync mails"; + environment = { + NOTMUCH_CONFIG = config.environment.variables.NOTMUCH_CONFIG; + }; + after = [ "network.target" ]; + + restartIfChanged = false; + + path = [ + pkgs.notmuch + pkgs.openssh + ]; + + startAt = "*:*"; # run every minute + serviceConfig = { + User = "lass"; + Type = "oneshot"; + ExecStart = pkgs.writeDash "sync-mails" '' + set -euf + + /run/current-system/sw/bin/nm-tag-init 2>/dev/null + ${concatMapStringsSep "\n" (host: '' + echo syncing ${host}: + ${pkgs.muchsync}/bin/muchsync -s 'ssh -CTaxq -o ConnectTimeout=4' --nonew lass@${host} || : + '') hosts} + ''; + }; + }; +} -- cgit v1.2.3 From 5b178eb4dfea1db9c578d9d389331fe5ffaaa082 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 18:54:08 +0100 Subject: l mail: export NOTMUCH_CONFIG --- lass/2configs/mail.nix | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 98affdd8..4c4f888c 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -21,6 +21,26 @@ let account default: prism ''; + notmuch-config = pkgs.writeText "notmuch-config" '' + [database] + path=/home/lass/Maildir + + [user] + name=lassulus + primary_email=lassulus@lassul.us + other_email=lass@mors.r;${concatStringsSep ";" (flatten (attrValues mailboxes))} + + [new] + tags=unread;inbox; + ignore= + + [search] + exclude_tags=deleted;spam; + + [maildir] + synchronize_flags=true + ''; + msmtp = pkgs.writeBashBin "msmtp" '' ${pkgs.coreutils}/bin/tee >(${pkgs.notmuch}/bin/notmuch insert +sent) | \ ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} "$@" @@ -232,6 +252,7 @@ let }; in { + environment.variables.NOTMUCH_CONFIG = toString notmuch-config; environment.systemPackages = [ msmtp mutt -- cgit v1.2.3 From 3c539a34f83862b577ea4c8291788c7ba253ee1f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 18:54:36 +0100 Subject: l mail: fix sidebar format --- lass/2configs/mail.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 4c4f888c..4682865c 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -227,7 +227,7 @@ let set sidebar_short_path set sidebar_folder_indent set sidebar_visible = yes - set sidebar_format = '%B%?F? [%F]?%* %?N?%N/? %?S?%S?' + set sidebar_format = '%D%?F? [%F]?%* %?N?%N/? %?S?%S?' set sidebar_width = 20 color sidebar_new yellow red -- cgit v1.2.3 From ea59935e5f57dfc03db3367f187ffaffafcc67a2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 19:06:07 +0100 Subject: l radio: simplify listeners counting --- lass/2configs/radio.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 8c95b535..6a020692 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -200,7 +200,7 @@ in { ${pkgs.mpc_cli}/bin/mpc idle player > /dev/null ${pkgs.mpc_cli}/bin/mpc current -f %file% done | while read track; do - listeners=$(${pkgs.iproute}/bin/ss -Hno state established '( sport = :8000 )' | wc -l) + listeners=$(${pkgs.iproute}/bin/ss -Hno state established 'sport = :8000' | wc -l) echo "$(date -Is)" "$track" | tee -a "$HISTORY_FILE" echo "$(tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE" ${write_to_irc} "playing: $track listeners: $listeners" -- cgit v1.2.3 From 348d5e476f0689f40c14b566c078c26ef6222676 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 19:06:20 +0100 Subject: l radio: import htgen script --- lass/2configs/radio.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 6a020692..707cc845 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -275,7 +275,7 @@ in { user = { name = "radio"; }; - script = '' + script = ''. ${pkgs.writeDash "radio" '' case "$Method $Request_URI" in "GET /current") printf 'HTTP/1.1 200 OK\r\n' @@ -303,7 +303,7 @@ in { exit ;; esac - ''; + ''}''; }; services.nginx = { -- cgit v1.2.3 From 0718e51e35c0ffb639f3f208e94d08521ec8df82 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 19:06:59 +0100 Subject: l tv: remove legacy interface --- lass/2configs/tv.nix | 88 +--------------------------------------------------- 1 file changed, 1 insertion(+), 87 deletions(-) diff --git a/lass/2configs/tv.nix b/lass/2configs/tv.nix index 0ca1b340..d49ed612 100644 --- a/lass/2configs/tv.nix +++ b/lass/2configs/tv.nix @@ -8,6 +8,7 @@ nginxCfg = pkgs.writeText "nginx.conf" '' worker_connections 128; } error_log stderr info; + http { client_body_temp_path /var/lib/rtmp/nginx_cache_client_body; proxy_temp_path /var/lib/rtmp/nginx_cache_proxy; @@ -25,92 +26,6 @@ nginxCfg = pkgs.writeText "nginx.conf" '' location /stat { rtmp_stat all; } - - location /hls { - # Serve HLS fragments - types { - application/vnd.apple.mpegurl m3u8; - video/mp2t ts; - } - root /var/lib/rtmp/tmp; - add_header Cache-Control no-cache; - - # CORS setup - add_header 'Access-Control-Allow-Origin' '*' always; - add_header 'Access-Control-Expose-Headers' 'Content-Length'; - - # Allow CORS preflight requests - if ($request_method = 'OPTIONS') { - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Max-Age' 1728000; - add_header 'Content-Type' 'text/plain charset=UTF-8'; - add_header 'Content-Length' 0; - return 204; - } - } - - location /dash { - # Serve DASH fragments - types { - application/dash+xml mpd; - video/mp4 mp4; - } - root /tmp; - add_header Cache-Control no-cache; - - # CORS setup - add_header 'Access-Control-Allow-Origin' '*' always; - add_header 'Access-Control-Expose-Headers' 'Content-Length'; - - # Allow CORS preflight requests - if ($request_method = 'OPTIONS') { - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Max-Age' 1728000; - add_header 'Content-Type' 'text/plain charset=UTF-8'; - add_header 'Content-Length' 0; - return 204; - } - } - - location "/dash.all.min.js" { - default_type "text/javascript"; - alias ${pkgs.fetchurl { - url = "http://cdn.dashjs.org/v3.2.0/dash.all.min.js"; - sha256 = "16f0b40gdqsnwqi01s5sz9f1q86dwzscgc3m701jd1sczygi481c"; - }}; - } - - location /player { - default_type "text/html"; - alias ${pkgs.writeText "player.html" '' - - - - - lassulus livestream - - -
- - -
- - - - - ''}; - } - - location /records { - autoindex on; - root /var/lib/rtmp; - } } } @@ -275,6 +190,5 @@ in { krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 1935"; target = "ACCEPT"; } - { predicate = "-p tcp --dport 8080"; target = "ACCEPT"; } ]; } -- cgit v1.2.3 From 33dbc0c0aeb82707b0d7cebe9183a640842db435 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 19:07:39 +0100 Subject: l git: add reaktor2 & workadventure-nix --- lass/2configs/git.nix | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index edec2dcb..e6aeca5d 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -97,6 +97,10 @@ let populate = { cgit.section = "software"; }; + reaktor2 = { + cgit.desc = "irc bot"; + cgit.section = "software"; + }; stockholm = { cgit.desc = "take all the computers hostage, they'll love you!"; cgit.section = "configuration"; @@ -109,6 +113,10 @@ let cgit.desc = "Good Music collection + tools"; cgit.section = "art"; }; + workadventure-nix = { + cgit.desc = "Nix packaging for workadventure"; + cgit.section = "deployment"; + }; xmonad-stockholm = { cgit.desc = "krebs xmonad modules"; cgit.section = "configuration"; @@ -142,9 +150,6 @@ let nick = config.krebs.build.host.name; channel = "#xxx"; # TODO define refs in some kind of option per repo - refs = [ - "refs/heads/master" - ]; server = "irc.r"; verbose = config.krebs.build.host.name == "prism"; }} -- cgit v1.2.3 From b40754586d80b1063cba3e9e0bf0b41bd1d63932 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 19:36:09 +0100 Subject: l icarus.r: fix thinkfan values --- lass/1systems/icarus/physical.nix | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/lass/1systems/icarus/physical.nix b/lass/1systems/icarus/physical.nix index bd74c29f..837872bf 100644 --- a/lass/1systems/icarus/physical.nix +++ b/lass/1systems/icarus/physical.nix @@ -51,12 +51,10 @@ (1, 48, 60) (2, 50, 61) (3, 52, 63) - (6, 60, 65) - (7, 80, 85) - (127, 90, 32767) + (6, 60, 85) + (7, 80, 90) + (127, 89, 32767) ''; services.logind.lidSwitch = "ignore"; - services.logind.lidSwitchDocked = "ignore"; - } -- cgit v1.2.3 From c5a63e4985cb81169ecf32483d9ceaa921b6f116 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 19:36:46 +0100 Subject: l codimd: codimd is now called hedgedoc --- lass/2configs/codimd.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lass/2configs/codimd.nix b/lass/2configs/codimd.nix index e55090de..d29a6521 100644 --- a/lass/2configs/codimd.nix +++ b/lass/2configs/codimd.nix @@ -12,8 +12,9 @@ with import ; ''; }; - services.codimd = { + services.hedgedoc = { enable = true; + configuration.allowOrigin = [ "*" ]; configuration = { db = { dialect = "sqlite"; -- cgit v1.2.3 From e0229e76309fef6825ff4126a7f9c9e334fb9aba Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 20:22:17 +0100 Subject: l realwallpaper: add video --- lass/2configs/realwallpaper.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/2configs/realwallpaper.nix b/lass/2configs/realwallpaper.nix index e0cb37f6..c3054d3a 100644 --- a/lass/2configs/realwallpaper.nix +++ b/lass/2configs/realwallpaper.nix @@ -28,6 +28,9 @@ in { locations."/realwallpaper-krebs.png".extraConfig = '' root /var/realwallpaper/; ''; + locations."/realwallpaper-video.mp4".extraConfig = '' + root /var/realwallpaper/archive; + ''; }; krebs.iptables = { -- cgit v1.2.3 From 78e687f288dc22d22d1cb88319f941caa0316623 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 20:23:56 +0100 Subject: l littleT.r: add as green-host --- lass/1systems/littleT/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix index eee23ee6..adf8aeeb 100644 --- a/lass/1systems/littleT/config.nix +++ b/lass/1systems/littleT/config.nix @@ -7,6 +7,7 @@ with import ; + ]; -- cgit v1.2.3 From e0708ab3ba6b9bb5dd826ea225d61745687a2f28 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 20:24:10 +0100 Subject: l morpheus.r: add green-host --- lass/1systems/morpheus/config.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/1systems/morpheus/config.nix b/lass/1systems/morpheus/config.nix index 79fbe4c9..79d4f528 100644 --- a/lass/1systems/morpheus/config.nix +++ b/lass/1systems/morpheus/config.nix @@ -4,6 +4,9 @@ with import ; imports = [ + + + ]; krebs.build.host = config.krebs.hosts.morpheus; -- cgit v1.2.3 From 34470a6e92439ffeb4cf9112343e9745d97b709c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 20:34:21 +0100 Subject: l: remove deprecated backup user --- lass/1systems/daedalus/config.nix | 1 - lass/1systems/mors/config.nix | 1 - lass/1systems/shodan/config.nix | 1 - lass/2configs/backup.nix | 14 -------------- lass/2configs/default.nix | 1 - 5 files changed, 18 deletions(-) delete mode 100644 lass/2configs/backup.nix diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index bd559944..d84502b3 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -6,7 +6,6 @@ with import ; - { # bubsy config diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index b03d95c4..21abb9c3 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -33,7 +33,6 @@ with import ; - diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 9e01396b..b34afe5e 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -13,7 +13,6 @@ with import ; - diff --git a/lass/2configs/backup.nix b/lass/2configs/backup.nix deleted file mode 100644 index f5c24178..00000000 --- a/lass/2configs/backup.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, lib, ... }: -with import ; - -{ - users.users.backup = { - useDefaultShell = true; - home = "/backups"; - createHome = true; - group = "syncthing"; - openssh.authorizedKeys.keys = with config.krebs.hosts; [ - blue.ssh.pubkey - ]; - }; -} diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index f3534d94..7b6f0114 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -3,7 +3,6 @@ with import ; { imports = [ ./binary-cache/client.nix - ./backup.nix ./gc.nix ./mc.nix ./vim.nix -- cgit v1.2.3 From 1562ee7ca9e271d4e2ddf3a5c2521b6243344fce Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 20:42:51 +0100 Subject: l: split ppp.nix by modem --- lass/2configs/ppp.nix | 32 -------------------------------- lass/2configs/ppp/umts-stick.nix | 33 +++++++++++++++++++++++++++++++++ lass/2configs/ppp/x220-modem.nix | 32 ++++++++++++++++++++++++++++++++ 3 files changed, 65 insertions(+), 32 deletions(-) delete mode 100644 lass/2configs/ppp.nix create mode 100644 lass/2configs/ppp/umts-stick.nix create mode 100644 lass/2configs/ppp/x220-modem.nix diff --git a/lass/2configs/ppp.nix b/lass/2configs/ppp.nix deleted file mode 100644 index 9cc7568a..00000000 --- a/lass/2configs/ppp.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ pkgs, ... }: { - - # usage: pppd call default - - environment.etc."ppp/peers/default".text = '' - /dev/ttyACM2 - 921600 - crtscts - defaultroute - holdoff 10 - lock - maxfail 0 - noauth - nodetach - noipdefault - passive - persist - usepeerdns - connect "${pkgs.ppp}/bin/chat -f ${pkgs.writeText "default.chat" '' - ABORT "BUSY" - ABORT "NO CARRIER" - REPORT CONNECT - "" "ATDT*99#" - CONNECT - ''}" - ''; - - environment.systemPackages = [ - pkgs.ppp - ]; - -} diff --git a/lass/2configs/ppp/umts-stick.nix b/lass/2configs/ppp/umts-stick.nix new file mode 100644 index 00000000..64551a2b --- /dev/null +++ b/lass/2configs/ppp/umts-stick.nix @@ -0,0 +1,33 @@ +{ pkgs, ... }: { + + # usage: pppd call stick + + environment.etc."ppp/peers/stick".text = '' + /dev/ttyUSB0 + 460800 + crtscts + defaultroute + holdoff 10 + lock + maxfail 0 + noauth + nodetach + noipdefault + passive + persist + usepeerdns + connect "${pkgs.ppp}/bin/chat -f ${pkgs.writeText "default.chat" '' + ABORT "BUSY" + ABORT "NO CARRIER" + REPORT CONNECT + "" "ATDT*99#" + CONNECT + ''}" + ''; + + environment.systemPackages = [ + pkgs.ppp + ]; + +} + diff --git a/lass/2configs/ppp/x220-modem.nix b/lass/2configs/ppp/x220-modem.nix new file mode 100644 index 00000000..d6facb72 --- /dev/null +++ b/lass/2configs/ppp/x220-modem.nix @@ -0,0 +1,32 @@ +{ pkgs, ... }: { + + # usage: pppd call x220 + + environment.etc."ppp/peers/x220".text = '' + /dev/ttyACM2 + 921600 + crtscts + defaultroute + holdoff 10 + lock + maxfail 0 + noauth + nodetach + noipdefault + passive + persist + usepeerdns + connect "${pkgs.ppp}/bin/chat -f ${pkgs.writeText "default.chat" '' + ABORT "BUSY" + ABORT "NO CARRIER" + REPORT CONNECT + "" "ATDT*99#" + CONNECT + ''}" + ''; + + environment.systemPackages = [ + pkgs.ppp + ]; + +} -- cgit v1.2.3 From 4ce8f6e13046574e287b599f4d0e87a74f04c13a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 20:43:56 +0100 Subject: l mors.r: remove old imports, add new ones --- lass/1systems/mors/config.nix | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 21abb9c3..90724250 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -18,27 +18,27 @@ with import ; - - - + + # - - - # - + + + + # + # { krebs.iptables.tables.filter.INPUT.rules = [ #risk of rain -- cgit v1.2.3 From 3ce3820553ddaf709d4a6aab50556ac619f5ba2f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 20:44:52 +0100 Subject: l: init ecrypt --- lass/5pkgs/ecrypt/default.nix | 108 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100644 lass/5pkgs/ecrypt/default.nix diff --git a/lass/5pkgs/ecrypt/default.nix b/lass/5pkgs/ecrypt/default.nix new file mode 100644 index 00000000..9bb35a8d --- /dev/null +++ b/lass/5pkgs/ecrypt/default.nix @@ -0,0 +1,108 @@ +{ pkgs, lib }: + +#usage: ecrypt mount /var/crypted /var/unencrypted +pkgs.writers.writeDashBin "ecrypt" '' + set -euf + set -x + + PATH=${lib.makeBinPath (with pkgs; [ + coreutils + ecryptfs + gnused + gnugrep + jq + mount + keyutils + umount + ])} + + # turn echo back on if killed + trap 'stty echo' INT + + case "$1" in + init) + shift + mkdir -p "$1" "$2" + + # abort if src or dest are not empty + if [ -e "$1"/.cfg.json ]; then + echo 'source dir is already configured, aborting' + exit 1 + elif ls -1qA "$2" | grep -q .; then + echo 'destination dir is not empty, aborting' + exit 1 + else + stty -echo + printf "passphrase: " + read passphrase + stty echo + sig=$(echo "$passphrase" | ecryptfs-add-passphrase | grep 'Inserted auth tok' | sed 's/.*\[\(.*\)\].*/\1/') + mount -t ecryptfs \ + -o ecryptfs_unlink_sigs,ecryptfs_fnek_sig="$sig",ecryptfs_key_bytes=16,ecryptfs_cipher=aes,ecryptfs_sig="$sig" \ + "$1" "$2" + + # add sig to json state file + jq -n --arg sig "$sig" '{ "sig": $sig }' > "$1"/.cfg.json + fi + ;; + + mount) + shift + if ! [ -e "$1"/.cfg.json ]; then + echo '.cfg.json missing in src' + exit 1 + fi + old_sig=$(cat "$1"/.cfg.json | jq -r .sig) + + # check if key is already in keyring, otherwise add it + + if keyctl list @u | grep -q "$old_sig"; then + echo 'pw already saved' + else + stty -echo + printf "passphrase: " + read passphrase + stty echo + new_sig=$(echo "$passphrase" | ecryptfs-add-passphrase | grep 'Inserted auth tok' | sed 's/.*\[\(.*\)\].*/\1/') + + # check if passphrase matches sig + if [ "$old_sig" != "$new_sig" ]; then + echo 'passphrase does not match sig, bailing out' + new_keyid=$(keyctl list @u | grep "$new_sig" | sed 's/\([0-9]*\).*/\1/') + keyctl revoke "$new_keyid" + keyctl unlink "$new_keyid" + exit 1 + fi + fi + + sig=$old_sig + keyid=$(keyctl list @u | grep "$sig" | sed 's/\([0-9]*\).*/\1/') + if (ls -1qA "$2" | grep -q .); then + echo 'destination is not empty, bailing out' + exit 1 + else + mount -i -t ecryptfs \ + -o ecryptfs_passthrough=no,verbose=no,ecryptfs_unlink_sigs,ecryptfs_fnek_sig="$sig",ecryptfs_key_bytes=16,ecryptfs_cipher=aes,ecryptfs_sig="$sig" \ + "$1" "$2" + fi + ;; + + unmount) + shift + + sig=$(cat "$1"/.cfg.json | jq -r .sig) + keyid=$(keyctl list @u | grep "$sig" | sed 's/\s*\([0-9]*\).*/\1/') + + umount "$2" || : + keyctl revoke "$keyid" + keyctl unlink "$keyid" + ;; + + *) + echo 'usage: + ecrypt init /tmp/src/ /tmp/dst/ + ecrypt mount /tmp/src/ /tmp/dst/ + ecrypt unmount /tmp/src/ /tmp/dst/ + ' + esac +'' -- cgit v1.2.3 From b2fdc7e18512582c1d520df7d8e86108ed88ba92 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 20:52:47 +0100 Subject: l browsers: remove cvim --- lass/2configs/browsers.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index eafab400..00a5d2db 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -7,7 +7,6 @@ enable = true; extensions = [ "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin - "ihlenndgcmojhcghmfjfneahoeklbjjh" #cVim ]; }; } -- cgit v1.2.3 From 7fc98767397a8f0ae7aa2bb1e764bb441b244bd7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 20:58:05 +0100 Subject: l prism.r: use as green-host --- lass/1systems/prism/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index f63c6a05..54ba0089 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -118,6 +118,7 @@ with import ; + -- cgit v1.2.3 From 8adbc446bfe2e577d4140d63e0f5bd1f8adf2c31 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 20:59:54 +0100 Subject: l: remove ejabberd --- lass/1systems/prism/config.nix | 10 --- lass/3modules/default.nix | 1 - lass/3modules/ejabberd/config.nix | 128 ------------------------------------- lass/3modules/ejabberd/default.nix | 103 ----------------------------- 4 files changed, 242 deletions(-) delete mode 100644 lass/3modules/ejabberd/config.nix delete mode 100644 lass/3modules/ejabberd/default.nix diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 54ba0089..81159573 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -138,16 +138,6 @@ with import ; enable = true; }; } - { - lass.ejabberd = { - enable = true; - hosts = [ "lassul.us" ]; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; } - { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; } - ]; - } { imports = [ diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 8bee08ca..3587e0f8 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -3,7 +3,6 @@ _: imports = [ ./bindfs.nix ./dnsmasq.nix - ./ejabberd ./folderPerms.nix ./hosts.nix ./klem.nix diff --git a/lass/3modules/ejabberd/config.nix b/lass/3modules/ejabberd/config.nix deleted file mode 100644 index 4630f25c..00000000 --- a/lass/3modules/ejabberd/config.nix +++ /dev/null @@ -1,128 +0,0 @@ -with import ; -{ config, ... }: let - - # See https://github.com/processone/ejabberd/blob/master/ejabberd.yml.example - - ciphers = concatStringsSep ":" [ - "ECDHE-ECDSA-AES256-GCM-SHA384" - "ECDHE-RSA-AES256-GCM-SHA384" - "ECDHE-ECDSA-CHACHA20-POLY1305" - "ECDHE-RSA-CHACHA20-POLY1305" - "ECDHE-ECDSA-AES128-GCM-SHA256" - "ECDHE-RSA-AES128-GCM-SHA256" - "ECDHE-ECDSA-AES256-SHA384" - "ECDHE-RSA-AES256-SHA384" - "ECDHE-ECDSA-AES128-SHA256" - "ECDHE-RSA-AES128-SHA256" - ]; - - protocol_options = [ - "no_sslv2" - "no_sslv3" - "no_tlsv1" - "no_tlsv1_10" - ]; - -in /* yaml */ '' - - access_rules: - announce: - - allow: admin - local: - - allow: local - configure: - - allow: admin - register: - - allow - s2s: - - allow - trusted_network: - - allow: loopback - - acl: - local: - user_regexp: "" - loopback: - ip: - - "127.0.0.0/8" - - "::1/128" - - "::FFFF:127.0.0.1/128" - - hosts: ${toJSON config.hosts} - - language: "en" - - listen: - - - port: 5222 - ip: "::" - module: ejabberd_c2s - shaper: c2s_shaper - certfile: ${toJSON config.certfile.path} - ciphers: ${toJSON ciphers} - dhfile: ${toJSON config.dhfile.path} - protocol_options: ${toJSON protocol_options} - starttls: true - starttls_required: true - tls: false - tls_compression: false - max_stanza_size: 65536 - - - port: 5269 - ip: "::" - module: ejabberd_s2s_in - shaper: s2s_shaper - max_stanza_size: 131072 - - loglevel: 4 - - modules: - mod_adhoc: {} - mod_admin_extra: {} - mod_announce: - access: announce - mod_caps: {} - mod_carboncopy: {} - mod_client_state: {} - mod_configure: {} - mod_disco: {} - mod_echo: {} - mod_bosh: {} - mod_last: {} - mod_offline: - access_max_user_messages: max_user_offline_messages - mod_ping: {} - mod_privacy: {} - mod_private: {} - mod_register: - access_from: allow - access: register - # ip_access: trusted_network - registration_watchers: ${toJSON config.registration_watchers} - mod_roster: {} - mod_shared_roster: {} - mod_stats: {} - mod_time: {} - mod_vcard: - search: false - mod_version: {} - mod_http_api: {} - - s2s_access: s2s - s2s_certfile: ${toJSON config.s2s_certfile.path} - s2s_ciphers: ${toJSON ciphers} - s2s_dhfile: ${toJSON config.dhfile.path} - s2s_protocol_options: ${toJSON protocol_options} - s2s_tls_compression: false - s2s_use_starttls: required - - shaper_rules: - max_user_offline_messages: - - 5000: admin - - 100 - max_user_sessions: 10 - c2s_shaper: - - none: admin - - normal - s2s_shaper: fast -'' diff --git a/lass/3modules/ejabberd/default.nix b/lass/3modules/ejabberd/default.nix deleted file mode 100644 index 20a38d57..00000000 --- a/lass/3modules/ejabberd/default.nix +++ /dev/null @@ -1,103 +0,0 @@ -{ config, lib, pkgs, ... }@args: with import ; let - cfg = config.lass.ejabberd; - - gen-dhparam = pkgs.writeDash "gen-dhparam" '' - set -efu - path=$1 - bits=2048 - # TODO regenerate dhfile after some time? - if ! test -e "$path"; then - ${pkgs.openssl}/bin/openssl dhparam "$bits" > "$path" - fi - ''; - -in { - options.lass.ejabberd = { - enable = mkEnableOption "lass.ejabberd"; - certfile = mkOption { - type = types.secret-file; - default = { - name = "ejabberd-certfile"; - path = "${cfg.user.home}/ejabberd.pem"; - owner = cfg.user; - source-path = "/var/lib/acme/lassul.us/full.pem"; - }; - }; - dhfile = mkOption { - type = types.secret-file; - default = { - name = "ejabberd-dhfile"; - path = "${cfg.user.home}/dhparams.pem"; - owner = cfg.user; - source-path = "/dev/null"; - }; - }; - hosts = mkOption { - type = with types; listOf str; - }; - pkgs.ejabberdctl = mkOption { - type = types.package; - default = pkgs.writeDashBin "ejabberdctl" '' - exec ${pkgs.ejabberd}/bin/ejabberdctl \ - --config ${toFile "ejabberd.yaml" (import ./config.nix { - inherit pkgs; - config = cfg; - })} \ - --logs ${shell.escape cfg.user.home} \ - --spool ${shell.escape cfg.user.home} \ - "$@" - ''; - }; - registration_watchers = mkOption { - type = types.listOf types.str; - default = [ - config.krebs.users.tv.mail - ]; - }; - s2s_certfile = mkOption { - type = types.secret-file; - default = cfg.certfile; - }; - user = mkOption { - type = types.user; - default = { - name = "ejabberd"; - home = "/var/ejabberd"; - }; - }; - }; - config = lib.mkIf cfg.enable { - environment.systemPackages = [ cfg.pkgs.ejabberdctl ]; - - krebs.secret.files = { - ejabberd-certfile = cfg.certfile; - ejabberd-s2s_certfile = cfg.s2s_certfile; - }; - - systemd.services.ejabberd = { - wantedBy = [ "multi-user.target" ]; - after = [ - config.krebs.secret.files.ejabberd-certfile.service - config.krebs.secret.files.ejabberd-s2s_certfile.service - "network.target" - ]; - partOf = [ - config.krebs.secret.files.ejabberd-certfile.service - config.krebs.secret.files.ejabberd-s2s_certfile.service - ]; - serviceConfig = { - ExecStartPre = "${gen-dhparam} ${cfg.dhfile.path}"; - ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl foreground"; - PermissionsStartOnly = true; - SyslogIdentifier = "ejabberd"; - User = cfg.user.name; - TimeoutStartSec = 60; - }; - }; - - users.users.${cfg.user.name} = { - inherit (cfg.user) home name uid; - createHome = true; - }; - }; -} -- cgit v1.2.3 From c9aac57896de2b3be96ca136d4fdbcfe1eaf5266 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 21:00:51 +0100 Subject: l prism.r: serve maker wallpaper publicly --- lass/1systems/prism/config.nix | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 81159573..da26e6b2 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -142,9 +142,14 @@ with import ; imports = [ ]; - services.nginx.virtualHosts."lassul.us".locations."= /wallpaper.png".extraConfig = '' - alias /var/realwallpaper/realwallpaper.png; - ''; + services.nginx.virtualHosts."lassul.us".locations = { + "= /wallpaper-marker.png".extraConfig = '' + alias /var/realwallpaper/realwallpaper-marker.png; + ''; + "= /wallpaper.png".extraConfig = '' + alias /var/realwallpaper/realwallpaper.png; + ''; + }; } { users.users.jeschli = { -- cgit v1.2.3 From 7e77033bfde0de1236a16b072a92236166facf3a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 21:01:11 +0100 Subject: l prism.r: set murmur autobanTime --- lass/1systems/prism/config.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index da26e6b2..1b6b0756 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -278,8 +278,9 @@ with import ; services.murmur = { enable = true; bandwidth = 10000000; + registerName =