From 0a6b7de9b8a7cb7265f5d024617e49c746cc3d98 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 26 Mar 2021 20:04:35 +0100
Subject: ircd: allow msg without join

---
 krebs/2configs/ircd.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'krebs/2configs')

diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix
index 0de07a02..3ef2e7d2 100644
--- a/krebs/2configs/ircd.nix
+++ b/krebs/2configs/ircd.nix
@@ -87,6 +87,7 @@
       };
 
       channel {
+        autochanmodes = "+t";
         use_invex = yes;
         use_except = yes;
         use_forward = yes;
-- 
cgit v1.2.3


From 8a02c7858c9958fce1173801cb5839306a87eae2 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 26 Mar 2021 20:06:56 +0100
Subject: news: add /api brockman

---
 krebs/2configs/news.nix | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

(limited to 'krebs/2configs')

diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
index 410beb04..2da3e6fc 100644
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@@ -15,6 +15,16 @@
       serverAliases = [
         "news.r"
       ];
+      locations."/api".extraConfig = ''
+        proxy_pass http://127.0.0.1:7777/;
+        proxy_pass_header Server;
+      '';
+      locations."= /graph.html".extraConfig = ''
+        alias ${pkgs.fetchurl {
+          url = "https://raw.githubusercontent.com/kmein/brockman/05d33c8caaaf6255752f9600981974bb58390851/tools/graph.html";
+          sha256 = "0iw2vdzj6kzkix1c447ybmc953lns6z4ap6sr9pcib8bany4g43w";
+        }};
+      '';
       locations."/".extraConfig = ''
         root /var/lib/brockman;
         index brockman.json;
@@ -27,6 +37,7 @@
   };
   systemd.tmpfiles.rules = [
     "d /var/lib/brockman 1750 brockman nginx -"
+    "d /run/irc-api 1750 brockman nginx -"
   ];
 
   systemd.services.brockman-graph = {
@@ -67,12 +78,28 @@
       shortener = "http://go.r";
       controller = {
         nick = "brockman";
-        channels = [ "#all" ];
+        extraChannels = [ "#all" ];
       };
       bots = {};
     };
   };
 
+  krebs.reaktor2.api = {
+    hostname = "localhost";
+    port = "6667";
+    nick = "api";
+    API.listen = "inet://127.0.0.1:7777";
+    plugins = [
+      {
+        plugin = "register";
+        config = {
+          channels = [
+            "#all"
+          ];
+        };
+      }
+    ];
+  };
   krebs.reaktor2.news = let
     name = "candyman";
   in {
-- 
cgit v1.2.3


From d97edee14c0db81f18ce901b4c63a863f7716887 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 26 Mar 2021 20:07:43 +0100
Subject: syncthing: configure key, cert & max_user_watches

---
 krebs/2configs/syncthing.nix | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'krebs/2configs')

diff --git a/krebs/2configs/syncthing.nix b/krebs/2configs/syncthing.nix
index 31e33ad5..125e2aea 100644
--- a/krebs/2configs/syncthing.nix
+++ b/krebs/2configs/syncthing.nix
@@ -10,6 +10,10 @@ in {
     configDir = "/var/lib/syncthing";
     declarative = {
       devices = mk_peers used_peers;
+      key = toString <secrets/syncthing.key>;
+      cert = toString <secrets/syncthing.cert>;
     };
   };
+
+  boot.kernel.sysctl."fs.inotify.max_user_watches" = 524288;
 }
-- 
cgit v1.2.3


From 55c348834bdb548cc01959f27aeb1d9ac8fd5670 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 26 Mar 2021 20:10:37 +0100
Subject: news-host: sync also with puyak.r

---
 krebs/2configs/news-host.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'krebs/2configs')

diff --git a/krebs/2configs/news-host.nix b/krebs/2configs/news-host.nix
index 82360a67..b7728986 100644
--- a/krebs/2configs/news-host.nix
+++ b/krebs/2configs/news-host.nix
@@ -4,6 +4,7 @@
       "shodan"
       "mors"
       "styx"
+      "puyak"
     ];
     hostIp = "10.233.2.101";
     localIp = "10.233.2.102";
-- 
cgit v1.2.3


From 7bfa242064e8a36a0568143fb66f46cd401cc734 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 26 Mar 2021 20:11:21 +0100
Subject: container-networking: configure nat for containers

---
 krebs/2configs/container-networking.nix | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 krebs/2configs/container-networking.nix

(limited to 'krebs/2configs')

diff --git a/krebs/2configs/container-networking.nix b/krebs/2configs/container-networking.nix
new file mode 100644
index 00000000..fa448880
--- /dev/null
+++ b/krebs/2configs/container-networking.nix
@@ -0,0 +1,7 @@
+{ lib, ... }:
+{
+  networking.nat.enable = true;
+  networking.nat.internalInterfaces = ["ve-+"];
+  networking.nat.externalInterface = lib.mkDefault "et0";
+  networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
+}
-- 
cgit v1.2.3