From de6ca6e60b0ac70042262d0d735c8f0991f0d7f4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 2 Jan 2019 21:41:05 +0100 Subject: external: add matchbox --- krebs/3modules/external/default.nix | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index baa49dbe..1363df1a 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -344,6 +344,30 @@ in { }; }; }; + matchbox = { + owner = config.krebs.users.Mic92; + nets = { + retiolum = { + ip4.addr = "10.243.29.172"; + aliases = [ "matchbox.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAqwB9pzV889vpMp/am+T0sfm5qO/wAWS/tv0auYK3Zyx3ChxrQX2m + VrxO5a/bjR/g1fi/t2kJIV/6tsVSRHfzKuKHprE2KxeNOmwUuSjjiM4CboASMR+w + nra6U0Ldf5vBxtEj5bj384QxwxxVLhSw8NbE43FCM07swSvAT8Y/ZmGUd738674u + TNC6zM6zwLvN0dxCDLuD5bwUq7y73JNQTm2YXv1Hfw3T8XqJK/Xson2Atv2Y5ZbE + TA0RaH3PoEkhkVeJG/EuUIJhvmunS5bBjFSiOiUZ8oEOSjo9nHUMD0u+x1BZIg/1 + yy5B5iB4YSGPAtjMJhwD/LRIoI8msWpdVCCnA+FlKCKAsgC7JbJgcOUtK9eDFdbO + 4FyzdUJbK+4PDguraPGzIX7p+K3SY8bbyo3SSp5rEb+CEWtFf26oJm7eBhDBT6K4 + Ofmzp0GjFbS8qkqEGCQcfi4cAsXMVCn4AJ6CKs89y19pLZ42fUtWg7WgUZA7GWV/ + bPE2RSBMUkGb0ovgoe7Z7NXsL3AST8EQEy+3lAEyUrPFLiwoeGJZmfTDTy1VBFI4 + nCShp7V+MSmz4DnLK1HLksLVLmGyZmouGsLjYUnEa414EI6NJF3bfEO2ZRGaswyR + /vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; miaoski = { owner = config.krebs.users.miaoski; nets = { -- cgit v1.2.3 From 7176d12ff89a2637f8ca0f828c4f05a6543885d1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 3 Jan 2019 22:28:44 +0100 Subject: external matchbox: use free ipv4 --- krebs/3modules/external/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 1363df1a..a7ec0e15 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -348,7 +348,7 @@ in { owner = config.krebs.users.Mic92; nets = { retiolum = { - ip4.addr = "10.243.29.172"; + ip4.addr = "10.243.29.176"; aliases = [ "matchbox.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- -- cgit v1.2.3 From 6e5a61b676eea8a066be7848e2a879f57f2c0c4a Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 5 Jan 2019 20:16:17 +0100 Subject: per-user module: enable only if configured --- krebs/3modules/per-user.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/per-user.nix b/krebs/3modules/per-user.nix index a7a07a8e..5beb859a 100644 --- a/krebs/3modules/per-user.nix +++ b/krebs/3modules/per-user.nix @@ -13,7 +13,7 @@ in { }); default = {}; }; - config = { + config = mkIf (cfg != {}) { environment = { etc = mapAttrs' -- cgit v1.2.3 From dd22da5e6b4232677a08c24609e9d6517ee2d1b7 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 11 Jan 2019 22:50:40 +0100 Subject: external: new ip for eve --- krebs/3modules/external/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index a7ec0e15..df18b4dd 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -84,8 +84,8 @@ in { nets = rec { internet = { # eve.thalheim.io - ip4.addr = "188.68.39.17"; - ip6.addr = "2a03:4000:13:31e::1"; + ip4.addr = "95.216.112.61"; + ip6.addr = "2a01:4f9:2b:1605::1"; aliases = [ "eve.i" ]; }; retiolum = { -- cgit v1.2.3 From 2d2ab95f0707209c4c248d43cb57877a50a37991 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 16 Jan 2019 11:10:34 +0100 Subject: krebs tinc: Broadcast = no --- krebs/3modules/tinc.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index ecd449b0..24eac715 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -27,6 +27,7 @@ let "tinc.conf" = pkgs.writeText "${netname}-tinc.conf" '' Name = ${tinc.config.host.name} Interface = ${netname} + Broadcast = no ${concatMapStrings (c: "ConnectTo = ${c}\n") tinc.config.connectTo} PrivateKeyFile = ${tinc.config.privkey.path} Port = ${toString tinc.config.host.nets.${netname}.tinc.port} -- cgit v1.2.3 From 9f2a6465666ee7a69d9261beee0e5ab3cd133933 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 21 Jan 2019 10:09:16 +0100 Subject: krebs: move github known hosts to dedicated file --- krebs/3modules/default.nix | 26 +---------------------- krebs/3modules/github-known-hosts.nix | 40 +++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 25 deletions(-) create mode 100644 krebs/3modules/github-known-hosts.nix (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 2e7c61fb..0b785c0c 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -23,6 +23,7 @@ let ./exim-smarthost.nix ./fetchWallpaper.nix ./github-hosts-sync.nix + ./github-known-hosts.nix ./git.nix ./go.nix ./hidden-ssh.nix @@ -238,31 +239,6 @@ let }; }) // - { - github = { - hostNames = [ - "github.com" - # List generated with - # curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob - "192.30.252.*" - "192.30.253.*" - "192.30.254.*" - "192.30.255.*" - "185.199.108.*" - "185.199.109.*" - "185.199.110.*" - "185.199.111.*" - "13.229.188.59" - "13.250.177.223" - "18.194.104.89" - "18.195.85.27" - "35.159.8.160" - "52.74.223.119" - ]; - publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; - }; - } - // mapAttrs (name: host: { hostNames = diff --git a/krebs/3modules/github-known-hosts.nix b/krebs/3modules/github-known-hosts.nix new file mode 100644 index 00000000..def06f17 --- /dev/null +++ b/krebs/3modules/github-known-hosts.nix @@ -0,0 +1,40 @@ +{ + services.openssh.knownHosts.github = { + hostNames = [ + "github.com" + # List generated with + # curl -sS https://api.github.com/meta | jq -r .git[] | nix-shell -p cidr2glob --run cidr2glob | jq -R . + "192.30.252.*" + "192.30.253.*" + "192.30.254.*" + "192.30.255.*" + "185.199.108.*" + "185.199.109.*" + "185.199.110.*" + "185.199.111.*" + "140.82.112.*" + "140.82.113.*" + "140.82.114.*" + "140.82.115.*" + "140.82.116.*" + "140.82.117.*" + "140.82.118.*" + "140.82.119.*" + "140.82.120.*" + "140.82.121.*" + "140.82.122.*" + "140.82.123.*" + "140.82.124.*" + "140.82.125.*" + "140.82.126.*" + "140.82.127.*" + "13.229.188.59" + "13.250.177.223" + "18.194.104.89" + "18.195.85.27" + "35.159.8.160" + "52.74.223.119" + ]; + publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; + }; +} -- cgit v1.2.3 From 9082adf6878b5f917efc633cba63932d94942d13 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 21 Jan 2019 10:22:18 +0100 Subject: krebs: move exim aliases to dedicated file --- krebs/3modules/default.nix | 45 --------------------------------------------- 1 file changed, 45 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 0b785c0c..7b0f4ebf 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -180,51 +180,6 @@ let ''; }; - krebs.exim-smarthost.internet-aliases = let - format = from: to: { - inherit from; - # TODO assert is-retiolum-mail-address to; - to = concatMapStringsSep "," (getAttr "mail") (toList to); - }; - in mapAttrsToList format (with config.krebs.users; let - brain-ml = [ - lass - makefu - tv - ]; - eloop-ml = spam-ml ++ [ ciko ]; - spam-ml = [ - lass - makefu - tv - ]; - ciko.mail = "ciko@slash16.net"; - in { - "anmeldung@eloop.org" = eloop-ml; - "brain@krebsco.de" = brain-ml; - "cfp@eloop.org" = eloop-ml; - "kontakt@eloop.org" = eloop-ml; - "root@eloop.org" = eloop-ml; - "youtube@eloop.org" = eloop-ml; - "eloop2016@krebsco.de" = eloop-ml; - "eloop2017@krebsco.de" = eloop-ml; - "postmaster@krebsco.de" = spam-ml; # RFC 822 - "lass@krebsco.de" = lass; - "makefu@krebsco.de" = makefu; - "spam@krebsco.de" = spam-ml; - "tv@krebsco.de" = tv; - # XXX These are no internet aliases - # XXX exim-retiolum hosts should be able to relay to retiolum addresses - "lass@retiolum" = lass; - "makefu@retiolum" = makefu; - "spam@retiolum" = spam-ml; - "tv@retiolum" = tv; - "lass@r" = lass; - "makefu@r" = makefu; - "spam@r" = spam-ml; - "tv@r" = tv; - }); - services.openssh.hostKeys = let inherit (config.krebs.build.host.ssh) privkey; in mkIf (privkey != null) (mkForce [privkey]); -- cgit v1.2.3 From da79d23ebbc0c3fb7c579b366f29fb3744948706 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 21 Jan 2019 10:32:15 +0100 Subject: krebs: move dns stuff to dedicated file --- krebs/3modules/default.nix | 26 ++++++++------------------ krebs/3modules/dns.nix | 12 ++++++++++++ 2 files changed, 20 insertions(+), 18 deletions(-) create mode 100644 krebs/3modules/dns.nix (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 7b0f4ebf..21d68ef3 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -18,6 +18,7 @@ let ./charybdis.nix ./ci.nix ./current.nix + ./dns.nix ./exim.nix ./exim-retiolum.nix ./exim-smarthost.nix @@ -59,12 +60,6 @@ let api = { enable = mkEnableOption "krebs"; - dns = { - providers = mkOption { - type = with types; attrsOf str; - }; - }; - hosts = mkOption { type = with types; attrsOf host; default = {}; @@ -74,13 +69,6 @@ let type = with types; attrsOf user; }; - # XXX is there a better place to define search-domain? - # TODO search-domains :: listOf hostname - search-domain = mkOption { - type = types.hostname; - default = "r"; - }; - sitemap = mkOption { default = {}; type = types.attrsOf types.sitemap.entry; @@ -126,6 +114,8 @@ let w = "hosts"; }; + krebs.dns.search-domain = mkDefault "r"; + krebs.users = { krebs = { home = "/krebs"; @@ -147,7 +137,7 @@ let let aliases = longs ++ shorts; longs = filter check net.aliases; - shorts = let s = ".${cfg.search-domain}"; in + shorts = let s = ".${cfg.dns.search-domain}"; in map (removeSuffix s) (filter (hasSuffix s) longs); in optionals @@ -203,8 +193,8 @@ let let longs = net.aliases; shorts = - map (removeSuffix ".${cfg.search-domain}") - (filter (hasSuffix ".${cfg.search-domain}") + map (removeSuffix ".${cfg.dns.search-domain}") + (filter (hasSuffix ".${cfg.dns.search-domain}") longs); add-port = a: if net.ssh.port != 22 @@ -228,8 +218,8 @@ let (concatMap (host: attrValues host.nets) (mapAttrsToList (_: host: recursiveUpdate host - (optionalAttrs (hasAttr config.krebs.search-domain host.nets) { - nets."" = host.nets.${config.krebs.search-domain} // { + (optionalAttrs (hasAttr cfg.dns.search-domain host.nets) { + nets."" = host.nets.${cfg.dns.search-domain} // { aliases = [host.name]; addrs = []; }; diff --git a/krebs/3modules/dns.nix b/krebs/3modules/dns.nix new file mode 100644 index 00000000..b7e2a2cb --- /dev/null +++ b/krebs/3modules/dns.nix @@ -0,0 +1,12 @@ +with import ; +{ + options = { + krebs.dns.providers = mkOption { + type = types.attrsOf types.str; + }; + + krebs.dns.search-domain = mkOption { + type = types.hostname; + }; + }; +} -- cgit v1.2.3 From 799f132d588f2a5f6c6dabc43e862c90d9efa4b7 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 21 Jan 2019 10:54:01 +0100 Subject: krebs: move retiolum-hosts to dedicated file --- krebs/3modules/default.nix | 24 +----------------------- krebs/3modules/retiolum-hosts.nix | 28 ++++++++++++++++++++++++++++ 2 files changed, 29 insertions(+), 23 deletions(-) create mode 100644 krebs/3modules/retiolum-hosts.nix (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 21d68ef3..ea4d03ad 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -43,6 +43,7 @@ let ./Reaktor.nix ./realwallpaper.nix ./retiolum-bootstrap.nix + ./retiolum-hosts.nix ./rtorrent.nix ./secret.nix ./setuid.nix @@ -147,29 +148,6 @@ let ) cfg.hosts )); - # TODO dedup with networking.extraHosts - nixpkgs.config.packageOverrides = oldpkgs: - let - domains = attrNames (filterAttrs (_: eq "hosts") cfg.dns.providers); - check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains; - in - { - retiolum-hosts = oldpkgs.writeText "retiolum-hosts" '' - ${concatStringsSep "\n" (flatten ( - map (host: - let - net = host.nets.retiolum; - aliases = longs; - longs = filter check net.aliases; - in - optionals - (aliases != []) - (map (addr: "${addr} ${toString aliases}") net.addrs) - ) (filter (host: hasAttr "retiolum" host.nets) - (attrValues cfg.hosts))))} - ''; - }; - services.openssh.hostKeys = let inherit (config.krebs.build.host.ssh) privkey; in mkIf (privkey != null) (mkForce [privkey]); diff --git a/krebs/3modules/retiolum-hosts.nix b/krebs/3modules/retiolum-hosts.nix new file mode 100644 index 00000000..2821d62d --- /dev/null +++ b/krebs/3modules/retiolum-hosts.nix @@ -0,0 +1,28 @@ +with import ; +{ config, ... }: let + # TODO dedup functions with networking.extraHosts + check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains; + domains = attrNames (filterAttrs (_: eq "hosts") config.krebs.dns.providers); +in { + nixpkgs.config.packageOverrides = super: { + retiolum-hosts = + super.writeText "retiolum-hosts" '' + ${ + concatStringsSep + "\n" + (flatten + (map + (host: let + net = host.nets.retiolum; + aliases = longs; + longs = filter check net.aliases; + in + optionals + (aliases != []) + (map (addr: "${addr} ${toString aliases}") net.addrs)) + (filter (host: hasAttr "retiolum" host.nets) + (attrValues config.krebs.hosts)))) + } + ''; + }; +} -- cgit v1.2.3 From af0463b23493d8c31ce725beb8ff5a2fd0398001 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 21 Jan 2019 11:04:37 +0100 Subject: krebs: move hosts to dedeicated file --- krebs/3modules/default.nix | 25 +------------------------ krebs/3modules/hosts.nix | 36 ++++++++++++++++++++++++++++++++++++ krebs/3modules/retiolum-hosts.nix | 2 +- 3 files changed, 38 insertions(+), 25 deletions(-) create mode 100644 krebs/3modules/hosts.nix (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index ea4d03ad..bb69bfad 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -28,6 +28,7 @@ let ./git.nix ./go.nix ./hidden-ssh.nix + ./hosts.nix ./htgen.nix ./iana-etc.nix ./iptables.nix @@ -61,11 +62,6 @@ let api = { enable = mkEnableOption "krebs"; - hosts = mkOption { - type = with types; attrsOf host; - default = {}; - }; - users = mkOption { type = with types; attrsOf user; }; @@ -129,25 +125,6 @@ let }; }; - networking.extraHosts = let - domains = attrNames (filterAttrs (_: eq "hosts") cfg.dns.providers); - check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains; - in concatStringsSep "\n" (flatten ( - mapAttrsToList (hostname: host: - mapAttrsToList (netname: net: - let - aliases = longs ++ shorts; - longs = filter check net.aliases; - shorts = let s = ".${cfg.dns.search-domain}"; in - map (removeSuffix s) (filter (hasSuffix s) longs); - in - optionals - (aliases != []) - (map (addr: "${addr} ${toString aliases}") net.addrs) - ) (filterAttrs (name: host: host.aliases != []) host.nets) - ) cfg.hosts - )); - services.openssh.hostKeys = let inherit (config.krebs.build.host.ssh) privkey; in mkIf (privkey != null) (mkForce [privkey]); diff --git a/krebs/3modules/hosts.nix b/krebs/3modules/hosts.nix new file mode 100644 index 00000000..a95557b3 --- /dev/null +++ b/krebs/3modules/hosts.nix @@ -0,0 +1,36 @@ +with import ; +{ config, ... }: let + # TODO dedup functions with ./retiolum-hosts.nix + check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains; + domains = attrNames (filterAttrs (_: eq "hosts") config.krebs.dns.providers); +in { + + options = { + krebs.hosts = mkOption { + default = {}; + type = types.attrsOf types.host; + }; + }; + + config = { + networking.extraHosts = + concatStringsSep + "\n" + (flatten + (mapAttrsToList + (hostname: host: + mapAttrsToList + (netname: net: let + aliases = longs ++ shorts; + longs = filter check net.aliases; + shorts = let s = ".${config.krebs.dns.search-domain}"; in + map (removeSuffix s) (filter (hasSuffix s) longs); + in + optionals + (aliases != []) + (map (addr: "${addr} ${toString aliases}") net.addrs)) + (filterAttrs (name: host: host.aliases != []) host.nets)) + config.krebs.hosts)); + }; + +} diff --git a/krebs/3modules/retiolum-hosts.nix b/krebs/3modules/retiolum-hosts.nix index 2821d62d..ddf85ead 100644 --- a/krebs/3modules/retiolum-hosts.nix +++ b/krebs/3modules/retiolum-hosts.nix @@ -1,6 +1,6 @@ with import ; { config, ... }: let - # TODO dedup functions with networking.extraHosts + # TODO dedup functions with ./hosts.nix check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains; domains = attrNames (filterAttrs (_: eq "hosts") config.krebs.dns.providers); in { -- cgit v1.2.3 From f1298103173cf1953be0e7c359f10d18894ce770 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 21 Jan 2019 11:51:15 +0100 Subject: krebs hosts: extraHost -> hosts --- krebs/3modules/hosts.nix | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/hosts.nix b/krebs/3modules/hosts.nix index a95557b3..0985bb53 100644 --- a/krebs/3modules/hosts.nix +++ b/krebs/3modules/hosts.nix @@ -13,24 +13,23 @@ in { }; config = { - networking.extraHosts = - concatStringsSep - "\n" - (flatten - (mapAttrsToList - (hostname: host: - mapAttrsToList - (netname: net: let + networking.hosts = + filterAttrs + (_name: value: value != []) + (zipAttrsWith + (_: concatLists) + (concatMap + (host: + concatMap + (net: let aliases = longs ++ shorts; longs = filter check net.aliases; shorts = let s = ".${config.krebs.dns.search-domain}"; in map (removeSuffix s) (filter (hasSuffix s) longs); in - optionals - (aliases != []) - (map (addr: "${addr} ${toString aliases}") net.addrs)) - (filterAttrs (name: host: host.aliases != []) host.nets)) - config.krebs.hosts)); + map (addr: { ${addr} = aliases; }) net.addrs) + (attrValues host.nets)) + (attrValues config.krebs.hosts))); }; } -- cgit v1.2.3 From fabef3638584e88be50b10ec1cf3649b98752eac Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 21 Jan 2019 12:11:03 +0100 Subject: reaktor2 service: init --- krebs/3modules/reaktor2.nix | 63 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 krebs/3modules/reaktor2.nix (limited to 'krebs/3modules') diff --git a/krebs/3modules/reaktor2.nix b/krebs/3modules/reaktor2.nix new file mode 100644 index 00000000..b667bcc9 --- /dev/null +++ b/krebs/3modules/reaktor2.nix @@ -0,0 +1,63 @@ +with import ; +{ config, pkgs, ... }: { + + options.krebs.reaktor2 = mkOption { + default = {}; + type = types.attrsOf (types.submodule (self: let + name = self.config._module.args.name; + in { + options = { + nick = mkOption { + default = name; + # TODO types.irc.nickname + type = types.str; + }; + hostname = mkOption { + default = "irc.r"; + type = types.hostname; + }; + port = mkOption { + default = "6667"; + # TODO type = types.service-name + }; + plugins = mkOption { + default = []; + type = types.listOf types.attrs; + }; + stateDir = mkOption { + default = "/var/lib/${self.config.systemd-service-name}"; + readOnly = true; + type = types.absolute-pathname; + }; + systemd-service-name = mkOption { + default = "reaktor2${optionalString (name != "default") "-${name}"}"; + type = types.filename; + }; + }; + })); + }; + + config = { + systemd.services = flip mapAttrs' config.krebs.reaktor2 (_: cfg: + nameValuePair cfg.systemd-service-name { + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = cfg.systemd-service-name; + Group = "reaktor2"; + DynamicUser = true; + StateDirectory = cfg.systemd-service-name; + ExecStart = let + configFile = pkgs.writeJSON configFileName configValue; + configFileName = "${cfg.systemd-service-name}.config.json"; + configValue = recursiveUpdate { + logTime = false; + } (removeAttrs cfg ["_module"]); + in "${pkgs.reaktor2}/bin/reaktor ${configFile}"; + Restart = "always"; + RestartSec = "30"; + }; + } + ); + }; +} -- cgit v1.2.3 From 9033d807f9ba6230f175dd1a0dd0ea1d710e247f Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 21 Jan 2019 16:25:27 +0100 Subject: external: add idontcare.r --- krebs/3modules/external/default.nix | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index df18b4dd..6f521fc4 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -141,6 +141,29 @@ in { }; }; }; + idontcare = { + owner = config.krebs.users.Mic92; + nets = rec { + retiolum = { + addrs = [ + config.krebs.hosts.idontcare.nets.retiolum.ip4.addr + config.krebs.hosts.idontcare.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.177"; + aliases = [ "idontcare.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAxmmbQLVXcnCU9Vg9TCoJxfq/RyNfzaTj8XJsn4Kpo3CvQOwFzL6O + qZnbG55WjPjPumuFgtUdHA/G8mgtrTVaIRbVE9ck2l2wWFzMWxORzuvDbMh5xP8A + OW2Z2qjlH6O9GTBCzpYyHuyBWCjtiN4x9zEqxkIsBARKOylAoy3zQIiiQF0d72An + lqKFi9vYUU90zo9rP8BTzx2ZsEWb28xhHUlwf1+vgaOHI1jI99gnr12dVYl/i/Hb + O28gDUogfpP/5pWFAHJ+53ZscHo8/Y7imjiKgGXmOHywoXOsKQ67M6ROEU/0xPnw + jKmq2p7zTJk2mDhphjePi5idd5yKNX5Q3wIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; justraute = { owner = config.krebs.users.raute; # laptop nets = { -- cgit v1.2.3 From bc2aedb2d0a6d22089d4f666082d440e4ffb07e6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 21 Jan 2019 16:25:51 +0100 Subject: Mic92: change mail address --- krebs/3modules/external/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 6f521fc4..089113ac 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -416,7 +416,7 @@ in { pubkey = ssh-for "kmein"; }; Mic92 = { - mail = "joerg@higgsboson.tk"; + mail = "joerg@thalheim.io"; pubkey = ssh-for "Mic92"; }; palo = { -- cgit v1.2.3 From ef6d1453c3119b3ba1f554c1e3860773e5c2e87e Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 22 Jan 2019 19:35:03 +0100 Subject: krebs: import reaktor2 service --- krebs/3modules/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index bb69bfad..9303a81f 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -42,6 +42,7 @@ let ./per-user.nix ./power-action.nix ./Reaktor.nix + ./reaktor2.nix ./realwallpaper.nix ./retiolum-bootstrap.nix ./retiolum-hosts.nix -- cgit v1.2.3 From 6271cfaed465ca826534494951b450713773c1a4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Jan 2019 13:41:51 +0100 Subject: reaktor2: add user option --- krebs/3modules/reaktor2.nix | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/reaktor2.nix b/krebs/3modules/reaktor2.nix index b667bcc9..d31447c9 100644 --- a/krebs/3modules/reaktor2.nix +++ b/krebs/3modules/reaktor2.nix @@ -25,7 +25,7 @@ with import ; type = types.listOf types.attrs; }; stateDir = mkOption { - default = "/var/lib/${self.config.systemd-service-name}"; + default = "/var/lib/${self.config.user}"; readOnly = true; type = types.absolute-pathname; }; @@ -33,6 +33,10 @@ with import ; default = "reaktor2${optionalString (name != "default") "-${name}"}"; type = types.filename; }; + user = mkOption { + default = self.config.systemd-service-name; + type = types.str; + }; }; })); }; @@ -43,10 +47,10 @@ with import ; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { - User = cfg.systemd-service-name; + User = cfg.user; Group = "reaktor2"; DynamicUser = true; - StateDirectory = cfg.systemd-service-name; + StateDirectory = cfg.user; ExecStart = let configFile = pkgs.writeJSON configFileName configValue; configFileName = "${cfg.systemd-service-name}.config.json"; -- cgit v1.2.3 From 6965a1df8e7fe5e85128349c31057fdc8c8d54f6 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 27 Jan 2019 18:33:22 +0100 Subject: reaktor2 service: add useTLS option --- krebs/3modules/reaktor2.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/reaktor2.nix b/krebs/3modules/reaktor2.nix index b667bcc9..3dd86503 100644 --- a/krebs/3modules/reaktor2.nix +++ b/krebs/3modules/reaktor2.nix @@ -33,6 +33,10 @@ with import ; default = "reaktor2${optionalString (name != "default") "-${name}"}"; type = types.filename; }; + useTLS = mkOption { + default = self.config.port == "6697"; + type = types.bool; + }; }; })); }; -- cgit v1.2.3 From 52ef20148e44f2b2017a0edc30899860799ad652 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 27 Jan 2019 20:06:06 +0100 Subject: reaktor2 service: user -> username + proper type --- krebs/3modules/reaktor2.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/reaktor2.nix b/krebs/3modules/reaktor2.nix index 3f263d01..e3e6ddf4 100644 --- a/krebs/3modules/reaktor2.nix +++ b/krebs/3modules/reaktor2.nix @@ -25,7 +25,7 @@ with import ; type = types.listOf types.attrs; }; stateDir = mkOption { - default = "/var/lib/${self.config.user}"; + default = "/var/lib/${self.config.username}"; readOnly = true; type = types.absolute-pathname; }; @@ -33,9 +33,9 @@ with import ; default = "reaktor2${optionalString (name != "default") "-${name}"}"; type = types.filename; }; - user = mkOption { + username = mkOption { default = self.config.systemd-service-name; - type = types.str; + type = types.username; }; useTLS = mkOption { default = self.config.port == "6697"; @@ -51,10 +51,10 @@ with import ; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { - User = cfg.user; + User = cfg.username; Group = "reaktor2"; DynamicUser = true; - StateDirectory = cfg.user; + StateDirectory = cfg.username; ExecStart = let configFile = pkgs.writeJSON configFileName configValue; configFileName = "${cfg.systemd-service-name}.config.json"; -- cgit v1.2.3 From 74dbc7c8b21a345626659cbbcc6bf11836939945 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 27 Jan 2019 20:15:40 +0100 Subject: Reaktor: 0.6.2 -> 0.7.0 --- krebs/3modules/Reaktor.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix index 669483f3..308c6d41 100644 --- a/krebs/3modules/Reaktor.nix +++ b/krebs/3modules/Reaktor.nix @@ -113,10 +113,11 @@ let ''; in nameValuePair "Reaktor-${name}" { path = with pkgs; [ - utillinux #flock for tell_on-join git # for nag + jq # for tell python # for caps - ]; + utillinux # flock for tell + ]; description = "Reaktor IRC Bot"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; -- cgit v1.2.3