From 53fd88bcef4d0cd45de4c4d48e8e282f4b225cba Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 2 Dec 2019 01:11:37 +0100 Subject: iana-etc module: allow adding new services This fixes a bug which only allowed modifying existing services. --- krebs/3modules/iana-etc.nix | 40 ++++++++++++++-------------------------- 1 file changed, 14 insertions(+), 26 deletions(-) diff --git a/krebs/3modules/iana-etc.nix b/krebs/3modules/iana-etc.nix index f6d47f27..e8037128 100644 --- a/krebs/3modules/iana-etc.nix +++ b/krebs/3modules/iana-etc.nix @@ -23,32 +23,20 @@ with import ; }; config.environment.etc = mkIf (config.krebs.iana-etc.services != {}) { - services.source = mkForce (pkgs.runCommand "krebs-iana-etc" {} '' - exec < ${pkgs.iana_etc}/etc/services - exec > $out - awk -F '[ /]+' ' - BEGIN { - port=0 - } - ${concatMapStringsSep "\n" (entry: '' - $2 == ${entry.port} { - port=$2 - next - } - port == ${entry.port} { - ${concatMapStringsSep "\n" - (proto: let - s = "${entry.${proto}.name} ${entry.port}/${proto}"; - in - "print ${toJSON s}") - (filter (proto: entry.${proto} != null) ["tcp" "udp"])} - port=0 - } - '') (attrValues config.krebs.iana-etc.services)} - { - print $0 - } - ' + services.source = mkForce (pkgs.runCommand "krebs-iana-etc" {} /* sh */ '' + { + ${concatMapStringsSep "\n" (entry: /* sh */ '' + ${concatMapStringsSep "\n" + (proto: let + line = "${entry.${proto}.name} ${entry.port}/${proto}"; + in /* sh */ '' + echo ${shell.escape line} + '') + (filter (proto: entry.${proto} != null) ["tcp" "udp"])} + '') (attrValues config.krebs.iana-etc.services)} + cat ${pkgs.iana_etc}/etc/services + } | + sort -b -k 2,2 -u > $out ''); }; -- cgit v1.2.3 From 37b0c5ae490bf94bf2e5df1502d0a284e3d60c37 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 2 Dec 2019 01:15:57 +0100 Subject: tv im: configs -> modules --- tv/1systems/nomic/config.nix | 1 - tv/2configs/im.nix | 24 --------------- tv/3modules/default.nix | 1 + tv/3modules/im.nix | 72 ++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 73 insertions(+), 25 deletions(-) delete mode 100644 tv/2configs/im.nix create mode 100644 tv/3modules/im.nix diff --git a/tv/1systems/nomic/config.nix b/tv/1systems/nomic/config.nix index a89f07e8..86f9b7ec 100644 --- a/tv/1systems/nomic/config.nix +++ b/tv/1systems/nomic/config.nix @@ -8,7 +8,6 @@ with import ; - diff --git a/tv/2configs/im.nix b/tv/2configs/im.nix deleted file mode 100644 index 82f1be04..00000000 --- a/tv/2configs/im.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ config, lib, pkgs, ... }: -with import ; -{ - environment.systemPackages = with pkgs; [ - (pkgs.writeDashBin "im" '' - export PATH=${makeSearchPath "bin" (with pkgs; [ - tmux - gnugrep - weechat - ])} - if tmux list-sessions -F\#S | grep -q '^im''$'; then - exec tmux attach -t im - else - exec tmux new -s im weechat - fi - '') - ]; - services.bitlbee = { - enable = true; - plugins = [ - pkgs.bitlbee-facebook - ]; - }; -} diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix index db2cdcd1..5be1beef 100644 --- a/tv/3modules/default.nix +++ b/tv/3modules/default.nix @@ -5,6 +5,7 @@ ./ejabberd ./focus.nix ./hosts.nix + ./im.nix ./iptables.nix ./slock.nix ./x0vncserver.nix diff --git a/tv/3modules/im.nix b/tv/3modules/im.nix new file mode 100644 index 00000000..830c4bae --- /dev/null +++ b/tv/3modules/im.nix @@ -0,0 +1,72 @@ +{ config, pkgs, ... }: let + im = config.tv.im; + lib = import ; +in { + options = { + tv.im.client.enable = lib.mkEnableOption "tv.im.client" // { + default = config.krebs.build.host.name == im.client.host.name; + }; + tv.im.client.term = lib.mkOption { + default = "rxvt-unicode-256color"; + type = lib.types.filename; + }; + tv.im.client.useIPv6 = lib.mkEnableOption "tv.im.client.useIPv6" // { + default = true; + }; + tv.im.client.host = lib.mkOption { + default = config.krebs.hosts.xu; + type = lib.types.host; + }; + tv.im.client.user = lib.mkOption { + default = config.krebs.users.tv; + type = lib.types.user; + }; + + tv.im.server.enable = lib.mkEnableOption "tv.im.server" // { + default = config.krebs.build.host.name == im.server.host.name; + }; + tv.im.server.host = lib.mkOption { + default = config.krebs.hosts.nomic; + type = lib.types.host; + }; + tv.im.server.user = lib.mkOption { + default = config.krebs.users.tv; + type = lib.types.user; + }; + }; + imports = [ + (lib.mkIf im.client.enable { + users.users.${im.client.user.name}.packages = [ + (pkgs.writeDashBin "im" '' + exec ${pkgs.openssh}/bin/ssh \ + ${lib.optionalString im.client.useIPv6 "-6"} \ + ${im.server.user.name}@${lib.head im.server.host.nets.retiolum.aliases} \ + -t \ + im + '') + ]; + }) + (lib.mkIf im.server.enable { + services.bitlbee = { + enable = true; + plugins = [ + pkgs.bitlbee-facebook + ]; + }; + users.users.${im.server.user.name}.packages = [ + (pkgs.writeDashBin "im" '' + export PATH=${lib.makeSearchPath "bin" [ + pkgs.tmux + pkgs.gnugrep + pkgs.weechat + ]} + if tmux list-sessions -F\#S | grep -q '^im''$'; then + exec tmux attach -t im + else + exec tmux new -s im weechat + fi + '') + ]; + }) + ]; +} -- cgit v1.2.3 From 3a02da9677be9c200be3972e4c358a388a63e4fd Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 2 Dec 2019 01:27:22 +0100 Subject: tv im: add mosh support --- tv/3modules/im.nix | 35 ++++++++++++++++++++++++++++++----- 1 file changed, 30 insertions(+), 5 deletions(-) diff --git a/tv/3modules/im.nix b/tv/3modules/im.nix index 830c4bae..905b7803 100644 --- a/tv/3modules/im.nix +++ b/tv/3modules/im.nix @@ -29,6 +29,9 @@ in { default = config.krebs.hosts.nomic; type = lib.types.host; }; + tv.im.server.mosh.enable = lib.mkEnableOption "tv.im.server.mosh" // { + default = true; + }; tv.im.server.user = lib.mkOption { default = config.krebs.users.tv; type = lib.types.user; @@ -38,11 +41,18 @@ in { (lib.mkIf im.client.enable { users.users.${im.client.user.name}.packages = [ (pkgs.writeDashBin "im" '' - exec ${pkgs.openssh}/bin/ssh \ - ${lib.optionalString im.client.useIPv6 "-6"} \ - ${im.server.user.name}@${lib.head im.server.host.nets.retiolum.aliases} \ - -t \ - im + ${if im.server.mosh.enable then /* sh */ '' + exec ${pkgs.mosh}/bin/mosh \ + ${lib.optionalString im.client.useIPv6 "-6"} \ + ${im.server.user.name}@${lib.head im.server.host.nets.retiolum.aliases} \ + env TERM=${im.client.term} im + '' else /* sh */ '' + exec ${pkgs.openssh}/bin/ssh \ + ${lib.optionalString im.client.useIPv6 "-6"} \ + ${im.server.user.name}@${lib.head im.server.host.nets.retiolum.aliases} \ + -t \ + im + ''} '') ]; }) @@ -54,6 +64,7 @@ in { ]; }; users.users.${im.server.user.name}.packages = [ + pkgs.mosh (pkgs.writeDashBin "im" '' export PATH=${lib.makeSearchPath "bin" [ pkgs.tmux @@ -68,5 +79,19 @@ in { '') ]; }) + (lib.mkIf im.server.mosh.enable { + krebs.setuid.utempter = { + filename = "${pkgs.libutempter}/lib/utempter/utempter"; + owner = "nobody"; + group = "utmp"; + mode = "2111"; + }; + tv.iptables.extra4.filter.Retiolum = [ + "-s ${im.client.host.nets.retiolum.ip4.addr} -p udp --dport 60000:61000 -j ACCEPT" + ]; + tv.iptables.extra6.filter.Retiolum = [ + "-s ${im.client.host.nets.retiolum.ip6.addr} -p udp --dport 60000:61000 -j ACCEPT" + ]; + }) ]; } -- cgit v1.2.3 From 8878105178928069a09fd56c22523cb041b3dfa3 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 2 Dec 2019 01:29:07 +0100 Subject: tv im: add weechat relay support --- tv/3modules/im.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tv/3modules/im.nix b/tv/3modules/im.nix index 905b7803..8cb13751 100644 --- a/tv/3modules/im.nix +++ b/tv/3modules/im.nix @@ -32,6 +32,8 @@ in { tv.im.server.mosh.enable = lib.mkEnableOption "tv.im.server.mosh" // { default = true; }; + tv.im.server.weechat.relay.enable = + lib.mkEnableOption "tv.im.server.weechat.relay"; tv.im.server.user = lib.mkOption { default = config.krebs.users.tv; type = lib.types.user; @@ -93,5 +95,16 @@ in { "-s ${im.client.host.nets.retiolum.ip6.addr} -p udp --dport 60000:61000 -j ACCEPT" ]; }) + (lib.mkIf im.server.weechat.relay.enable { + krebs.iana-etc.services = { + "9001".tcp.name = "weechat-ssl"; + }; + tv.iptables.extra4.filter.Retiolum = [ + "-s ${im.client.host.nets.retiolum.ip4.addr} -p tcp -m tcp --dport 9001 -j ACCEPT" + ]; + tv.iptables.extra6.filter.Retiolum = [ + "-s ${im.client.host.nets.retiolum.ip6.addr} -p tcp -m tcp --dport 9001 -j ACCEPT" + ]; + }) ]; } -- cgit v1.2.3 From 9b79b05f3282d405dcd7f737c9424b11464ac3e1 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 2 Dec 2019 14:32:19 +0100 Subject: krops: 1.18.0 -> 1.18.1 --- submodules/krops | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/submodules/krops b/submodules/krops index 53dfb30a..f2f8cbf1 160000 --- a/submodules/krops +++ b/submodules/krops @@ -1 +1 @@ -Subproject commit 53dfb30af324408c34fc7f664a05992e186ca4e9 +Subproject commit f2f8cbf1afcb2c26d11e5f82c0b523b2cb10205c -- cgit v1.2.3