Merge remote-tracking branch 'lass/master'

95 files changed, 1129 insertions, 2113 deletions

diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index c0fa3828..a100e414 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -1,7 +1,3 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
 { config, lib, pkgs, ... }:
 
 {
diff --git a/krebs/1systems/news/config.nix b/krebs/1systems/news/config.nix
new file mode 100644
index 00000000..5c4b37ae
--- /dev/null
+++ b/krebs/1systems/news/config.nix
@@ -0,0 +1,36 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [
+    <stockholm/krebs>
+    <stockholm/krebs/2configs>
+
+    <stockholm/krebs/2configs/ircd.nix>
+    <stockholm/krebs/2configs/go.nix>
+
+    #### NEWS ####
+    <stockholm/krebs/2configs/ircd.nix>
+    <stockholm/krebs/2configs/news.nix>
+  ];
+
+  krebs.build.host = config.krebs.hosts.news;
+
+  boot.isContainer = true;
+  networking.useDHCP = false;
+  krebs.bindfs = {
+    "/var/lib/htgen-go" = {
+      source = "/var/state/htgen-go";
+      options = [
+        "-m ${toString config.users.users.htgen-go.uid}"
+      ];
+      clearTarget = true;
+    };
+    "/var/lib/brockman" = {
+      source = "/var/state/brockman";
+      options = [
+        "-m ${toString config.users.users.brockman.uid}:${toString config.users.users.nginx.uid}"
+      ];
+      clearTarget = true;
+    };
+  };
+}
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index 19cf2228..1e0687ba 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -19,14 +19,6 @@
     <stockholm/krebs/2configs/binary-cache/nixos.nix>
     <stockholm/krebs/2configs/binary-cache/prism.nix>
 
-    ### Krebs ###
-    <stockholm/krebs/2configs/go.nix>
-
-    #### NEWS ####
-    <stockholm/krebs/2configs/ircd.nix>
-    <stockholm/krebs/2configs/news.nix>
-
-
     ### shackspace ###
     # handle the worlddomination map via coap
     <stockholm/krebs/2configs/shack/worlddomination.nix>
diff --git a/krebs/2configs/go.nix b/krebs/2configs/go.nix
index c39b08a8..ce5db62d 100644
--- a/krebs/2configs/go.nix
+++ b/krebs/2configs/go.nix
@@ -2,9 +2,6 @@
 
 with import <stockholm/lib>;
 {
-  environment.systemPackages = [
-    pkgs.go-shortener
-  ];
   krebs.go = {
     enable = true;
   };
diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix
index 65972aac..789fc2f2 100644
--- a/krebs/2configs/ircd.nix
+++ b/krebs/2configs/ircd.nix
@@ -11,12 +11,12 @@
       hello
     '';
     config = ''
+      loadmodule "extensions/m_omode";
       serverinfo {
         name = "${config.krebs.build.host.name}.irc.r";
         sid = "1as";
         description = "miep!";
         network_name = "irc.r";
-        hub = yes;
 
         vhost = "0.0.0.0";
         vhost6 = "::";
@@ -26,7 +26,7 @@
         #ssl_dh_params = "etc/dh.pem";
         #ssld_count = 1;
 
-        default_max_clients = 10000;
+        default_max_clients = 100000;
         #nicklen = 30;
       };
 
@@ -43,19 +43,31 @@
         /* Listen on IPv6 (if you used host= above). */
         host = "::";
         port = 6667;
-        sslport = 9999;
+        sslport = 6697;
       };
 
       class "users" {
         ping_time = 2 minutes;
         number_per_ident = 10;
-        number_per_ip = 2048;
+        number_per_ip = 4096;
         number_per_ip_global = 4096;
         cidr_ipv4_bitlen = 24;
         cidr_ipv6_bitlen = 64;
         number_per_cidr = 65536;
-        max_number = 3000;
-        sendq = 1 megabyte;
+        max_number = 100000;
+        sendq = 10 megabyte;
+      };
+
+      privset "op" {
+        privs = oper:admin;
+      };
+
+      operator "aids" {
+        user = "*@*";
+        password = "balls";
+        flags = ~encrypted;
+        snomask = "+s";
+        privset = "op";
       };
 
       exempt {
@@ -93,12 +105,13 @@
         channel_target_change = yes;
         disable_local_channels = no;
       };
+
       general {
         #maybe we want ident someday?
-        default_floodcount = 1000;
+        default_floodcount = 10000;
         disable_auth = yes;
         throttle_duration = 1;
-        throttle_count = 1000;
+        throttle_count = 10000;
       };
     '';
   };
diff --git a/krebs/2configs/news-host.nix b/krebs/2configs/news-host.nix
new file mode 100644
index 00000000..82360a67
--- /dev/null
+++ b/krebs/2configs/news-host.nix
@@ -0,0 +1,12 @@
+{
+  krebs.sync-containers.containers.news = {
+    peers = [
+      "shodan"
+      "mors"
+      "styx"
+    ];
+    hostIp = "10.233.2.101";
+    localIp = "10.233.2.102";
+    format = "plain";
+  };
+}
diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
index 11c136f8..3bf99143 100644
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@@ -1,168 +1,112 @@
-{ pkgs, ... }:
+{ config, pkgs, ... }:
 
 {
+  services.rss-bridge = {
+    enable = true;
+    whitelist = [ "*" ];
+  };
+  services.nginx.virtualHosts = {
+    rss-bridge = {
+      serverAliases = [
+        "rss.r"
+      ];
+    };
+    "brockman.r" = {
+      serverAliases = [
+        "news.r"
+      ];
+      locations."/".extraConfig = ''
+        root /var/lib/brockman;
+        index brockman.json;
+      '';
+    };
+  };
+  systemd.tmpfiles.rules = [
+    "d /var/lib/brockman 1750 brockman nginx -"
+  ];
+
   krebs.brockman = {
     enable = true;
     config = {
       irc.host = "localhost";
+      channel = "#all";
       shortener = "http://go.r";
-      bots = {
-        aje = { feed ="http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989"; channels = [ "#snews" ]; };
-        allafrica = { feed ="http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf"; channels = [ "#snews" ]; };
-        antirez = { feed ="http://antirez.com/rss"; channels = [ "#snews" "#news" ]; };
-        archlinux = { feed ="http://www.archlinux.org/feeds/news/"; channels = [ "#snews" "#news" ]; };
-        ars = { feed ="http://feeds.arstechnica.com/arstechnica/index?format=xml"; channels = [ "#snews" ]; };
-        augustl = { feed ="http://augustl.com/atom.xml"; channels = [ "#snews" ]; };
-        bbc = { feed ="http://feeds.bbci.co.uk/news/rss.xml"; channels = [ "#snews" ]; };
-        bdt_aktuelle_themen = { feed ="http://www.bundestag.de/blueprint/servlet/service/de/14154/asFeed/index.rss"; channels = [ "#snews" ]; };
-        bdt_drucksachen = { feed ="http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss"; channels = [ "#snews" ]; };
-        bdt_plenarproto = { feed ="http://www.bundestag.de/rss_feeds/plenarprotokolle.rss"; channels = [ "#snews" ]; };
-        bdt_pressemitteilungen = { feed ="http://www.bundestag.de/blueprint/servlet/service/de/273112/asFeed/index.rss"; channels = [ "#snews" ]; };
-        bitcoinpakistan = { feed ="https://bitcoinspakistan.com/feed/"; channels = [ "#snews" ]; };
-        cancer = { feed ="http://feeds.feedburner.com/ncinewsreleases?format=xml"; channels = [ "#snews" ]; };
-        carta = { feed ="http://feeds2.feedburner.com/carta-standard-rss"; channels = [ "#snews" ]; };
-        catholic_news = { feed ="http://feeds.feedburner.com/catholicnewsagency/dailynews"; channels = [ "#snews" ]; };
-        cbc_busi = { feed ="http://rss.cbc.ca/lineup/business.xml"; channels = [ "#snews" ]; };
-        cbc_offbeat = { feed ="http://www.cbc.ca/cmlink/rss-offbeat"; channels = [ "#snews" ]; };
-        cbc_pol = { feed ="http://rss.cbc.ca/lineup/politics.xml"; channels = [ "#snews" ]; };
-        cbc_tech = { feed ="http://rss.cbc.ca/lineup/technology.xml"; channels = [ "#snews" ]; };
-        cbc_top = { feed ="http://rss.cbc.ca/lineup/topstories.xml"; channels = [ "#snews" ]; };
-        ccc = { feed ="http://www.ccc.de/rss/updates.rdf"; channels = [ "#snews" ]; };
-        chan_biz = { feed ="http://boards.4chan.org/biz/index.rss"; channels = [ "#snews" ]; };
-        chan_g = { feed ="http://boards.4chan.org/g/index.rss"; channels = [ "#snews" ]; };
-        chan_int = { feed ="http://boards.4chan.org/int/index.rss"; channels = [ "#snews" ]; };
-        chan_sci = { feed ="http://boards.4chan.org/sci/index.rss"; channels = [ "#snews" ]; };
-        chan_x = { feed ="http://boards.4chan.org/x/index.rss"; channels = [ "#snews" ]; };
-        c = { feed ="http://www.tempolimit-lichtgeschwindigkeit.de/news.xml"; channels = [ "#snews" ]; };
-        cryptogon = { feed ="http://www.cryptogon.com/?feed=rss2"; channels = [ "#snews" ]; };
-        csm = { feed ="http://rss.csmonitor.com/feeds/csm"; channels = [ "#snews" ]; };
-        csm_world = { feed ="http://rss.csmonitor.com/feeds/world"; channels = [ "#snews" ]; };
-        danisch = { feed ="http://www.danisch.de/blog/feed/"; channels = [ "#snews" ]; };
-        dod = { feed ="http://www.defense.gov/news/afps2.xml"; channels = [ "#snews" ]; };
-        dwn = { feed ="http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/"; channels = [ "#snews" ]; };
-        ecat = { feed ="http://ecat.com/feed"; channels = [ "#snews" ]; };
-        eia_press = { feed ="http://www.eia.gov/rss/press_rss.xml"; channels = [ "#snews" ]; };
-        eia_today = { feed ="http://www.eia.gov/rss/todayinenergy.xml"; channels = [ "#snews" ]; };
-        embargowatch = { feed ="https://embargowatch.wordpress.com/feed/"; channels = [ "#snews" ]; };
-        ethereum-comments = { feed ="http://blog.ethereum.org/comments/feed"; channels = [ "#snews" ]; };
-        ethereum = { feed ="http://blog.ethereum.org/feed"; channels = [ "#snews" "#news" ]; };
-        europa_ric = { feed ="http://ec.europa.eu/research/infocentre/rss/infocentre-rss.xml"; channels = [ "#snews" ]; };
-        eu_survei = { feed ="http://www.eurosurveillance.org/public/RSSFeed/RSS.aspx"; channels = [ "#snews" ]; };
-        exploitdb = { feed ="http://www.exploit-db.com/rss.xml"; channels = [ "#snews" ]; };