summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2023-04-23 16:26:01 +0200
committermakefu <github@syntax-fehler.de>2023-04-23 16:26:01 +0200
commit60fb7a1aa12b1d18224babeaf5481e43663b65b8 (patch)
tree2054d6460bc1a4a35de4496c88d33644878757da
parentd8de7ad7063d6a2028e8dc40771f89af216fbfaf (diff)
parent4bf2909be3afb5e834cacdb4d6f949e4dd78400e (diff)
Merge remote-tracking branch 'lassul.us/master'
-rw-r--r--kartei/feliks/default.nix20
-rw-r--r--kartei/mic92/default.nix30
-rw-r--r--kartei/rtunreal/default.nix7
-rwxr-xr-xkartei/trust-gpg.sh13
-rw-r--r--kartei/tv/hosts/ni.nix4
-rw-r--r--kartei/ynnel/default.nix32
-rw-r--r--krebs/1systems/hotdog/config.nix1
-rw-r--r--krebs/2configs/ircd.nix2
-rw-r--r--krebs/2configs/reaktor2.nix40
-rw-r--r--krebs/2configs/repo-sync.nix110
-rw-r--r--krebs/3modules/konsens.nix3
-rw-r--r--krebs/nixpkgs-unstable.json8
-rw-r--r--krebs/nixpkgs.json8
-rw-r--r--lass/1systems/aergia/physical.nix1
-rw-r--r--lass/1systems/neoprism/config.nix1
-rw-r--r--lass/1systems/prism/config.nix1
-rw-r--r--lass/2configs/binary-cache/client.nix1
-rw-r--r--lass/2configs/binary-cache/proxy.nix13
-rw-r--r--lass/2configs/binary-cache/server.nix10
-rw-r--r--lass/2configs/gsm-wiki.nix26
-rw-r--r--lass/2configs/mumble-reminder.nix8
21 files changed, 220 insertions, 119 deletions
diff --git a/kartei/feliks/default.nix b/kartei/feliks/default.nix
index 33f7f9663..e98da7bc6 100644
--- a/kartei/feliks/default.nix
+++ b/kartei/feliks/default.nix
@@ -1,12 +1,16 @@
with import ../../lib;
{ config, ... }: let
hostDefaults = hostName: host: flip recursiveUpdate host ({
+ owner = config.krebs.users.feliks;
ci = false;
external = true;
monitoring = false;
} // optionalAttrs (host.nets?retiolum) {
nets.retiolum.ip6.addr =
(krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
+ } // optionalAttrs (host.nets?wiregrill) {
+ nets.wiregrill.ip6.addr =
+ (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
});
in {
users.feliks = {
@@ -14,11 +18,10 @@ in {
};
hosts = mapAttrs hostDefaults {
papawhakaaro = {
- owner = config.krebs.users.feliks;
nets = {
retiolum = {
ip4.addr = "10.243.10.243";
- aliases = [ "papawhakaaro.r" ];
+ aliases = [ "papawhakaaro.r" "tp.feliks.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA4bd0lVUVlzFmM8TuH77C5VctcK4lkw02LbMVQDJ5U+Ww075nNahw
@@ -39,11 +42,10 @@ in {
};
};
iti = {
- owner = config.krebs.users.feliks;
nets = {
retiolum = {
ip4.addr = "10.243.10.244";
- aliases = [ "iti.r" ];
+ aliases = [ "iti.r" "ltd.feliks.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA5TXEmw3F3lCekITBPW8QYF1ciKHN8RSi47k1vW+jXb6gdWcVo5KL
@@ -64,11 +66,10 @@ in {
};
};
tumaukainga = {
- owner = config.krebs.users.feliks;
nets = {
retiolum = {
ip4.addr = "10.243.10.245";
- aliases = [ "tumaukainga.r" ];
+ aliases = [ "tumaukainga.r" "hs.feliks.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAj1q28QzUlag0i+2ZEpZyQEbrtuODj6pCCt2IX1Uz1B83outO2l/n
@@ -88,5 +89,12 @@ in {
};
};
};
+ ahuatangata = {
+ nets.wiregrill = {
+ ip4.addr = "10.244.10.246";
+ aliases = [ "ahuatangata" "ndrd.feliks.r" ];
+ wireguard.pubkey = "QPDGBEYJ1znqUdjy6JWZJ+cqPMcU67dHlOX5beTM6TA=";
+ };
+ };
};
}
diff --git a/kartei/mic92/default.nix b/kartei/mic92/default.nix
index 78206a241..952b5fd40 100644
--- a/kartei/mic92/default.nix
+++ b/kartei/mic92/default.nix
@@ -90,6 +90,7 @@ in {
"tts.r"
"flood.r"
"warez.r"
+ "bing-gpt.r"
"navidrome.r"
];
tinc.pubkey = ''
@@ -788,7 +789,7 @@ in {
aliases = [
"jack.r"
"stable-confusion.r"
- "llama.r"
+ "vicuna.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -910,6 +911,33 @@ in {
};
};
+ donna = {
+ owner = config.krebs.users.mic92;
+ nets = rec {
+ internet = {
+ # clara.dse.in.tum.de
+ ip4.addr = "131.159.38.222";
+ ip6.addr = "2a09:80c0:38::222";
+ aliases = [ "donna.i" ];
+ };
+ retiolum = {
+ via = internet;
+ aliases = [ "donna.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAs34lPq8SnVdzMdPkWQMfeM061Yh95wqqGOdGODiyoWdsP0ErRH3/
+ HjgmB7luMl7MdL3ZKIpZe/IR2OSAL+6HBE/JPIapO2e1DFFEg42AI58lgjrR0yEr
+ Q59ZeGu+V95l+jC08IUoS9K6SVTkDCVe2b4Akf5oMtHAAG+ELtzh2zrPH6lkrXYd
+ LvzIWcrmqu1AnmmUiHT1JleCDfSn2m/ev+LcY109lN7LCFA5VL12/EP2FhM3ELHq
+ j2gAdvD1LAKq4var2MnR0MnKg0k1vMGSgwK+hj0AoLNiYivo8bxoRBNbUb94o4jQ
+ 8xfbYyAFxpxdi/bFDmT1UjkouJ1Y8I8GJwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "8XlFDxQoGq6Fr40PTDyF8GUwP2+YSDp8By0vlKn1OlO";
+ };
+ };
+ };
+
clara = {
owner = config.krebs.users.mic92;
nets = rec {
diff --git a/kartei/rtunreal/default.nix b/kartei/rtunreal/default.nix
index faa593c63..9d57c0fce 100644
--- a/kartei/rtunreal/default.nix
+++ b/kartei/rtunreal/default.nix
@@ -74,5 +74,12 @@ in
tinc.pubkey_ed25519 = "YJE4KD9PhDjxucDAGrbec5Yqqf3A8/VU0J0NV8EPXuN";
};
};
+ rtgraphene = {
+ nets.wiregrill = {
+ aliases = [ "graphene.rtunreal.w" ];
+ ip4.addr = "10.244.20.20";
+ wireguard.pubkey = "IZ7tnD5ZVqO886hFzk6k92R70p1J6jYvyIEAWUccehU=";
+ };
+ };
};
}
diff --git a/kartei/trust-gpg.sh b/kartei/trust-gpg.sh
new file mode 100755
index 000000000..84b67aeb4
--- /dev/null
+++ b/kartei/trust-gpg.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+# usage: $0
+set -eu
+WD=$(dirname "$(realpath "$0")")
+PUBKEYS=
+for key in "$WD"/kmein/kmein.gpg "$WD"/lass/pgp/* "$WD"/makefu/pgp/* "$WD"/tv/pgp/*; do
+ echo "$key" >&2
+ keyid=$(gpg --with-colons --fingerprint --import-options show-only --import "$key" | grep fpr | cut -d : -f 10 | head -1)
+ gpg --import "$key" >&2
+ printf '5\ny\n' | gpg --command-fd 0 --expert --edit-key "$keyid" trust >&2
+ PUBKEYS="${PUBKEYS}${keyid}\n"
+done
+printf "$PUBKEYS"
diff --git a/kartei/tv/hosts/ni.nix b/kartei/tv/hosts/ni.nix
index c45321656..aae5c5cd4 100644
--- a/kartei/tv/hosts/ni.nix
+++ b/kartei/tv/hosts/ni.nix
@@ -17,11 +17,11 @@
nets = {
internet = {
ip4 = rec {
- addr = "188.68.36.196";
+ addr = "185.162.251.237";
prefix = "${addr}/32";
};
ip6 = rec {
- addr = "2a03:4000:13:4c::1";
+ addr = "2a03:4000:1a:cf::1";
prefix = "${addr}/64";
};
aliases = [
diff --git a/kartei/ynnel/default.nix b/kartei/ynnel/default.nix
new file mode 100644
index 000000000..e7d985278
--- /dev/null
+++ b/kartei/ynnel/default.nix
@@ -0,0 +1,32 @@
+{ config, ... }:
+let
+ lib = import ../../lib;
+in
+{
+ users.ynnel = {
+ mail = "retiolum@lenny.ninja";
+ };
+ hosts.mokemoke = {
+ owner = config.krebs.users.ynnel;
+ nets.retiolum = {
+ aliases = [ "mokemoke.ynnel.r" ];
+ ip6.addr = (lib.krebs.genipv6 "retiolum" "ynnel" { hostName = "mokemoke"; }).address;
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA7rS560SZEPcSekW30dRF6ZTHOnb8WvuVgt3BFLRWhTgV5DqLqFa8
+ fxT2TJci8ogYZtlnSCNKEhxup3wlIrAPLLzu5jL6hx4okfmyARGQqeUn9kD+jmGL
+ 9N9wjGXDp/CVyMIb5mcK2l0mvElvs7ae700GScq+2ASsFTHC/w2w2KoeDtt/UED9
+ Cjy+kxP7SuzksigIuuA8gncf9FmfRgG31XGctX1H6hUywtq05oVRd5qMHeiI/l4v
+ jHJSadtlR1FuExMT9l7nRZ98yOLKWhDUym4qmi/3zsnDl38f9gcqlp040McUqfZl
+ 6mclphcthOv6xp7nCbEd58djBU1hrPHJJrk5qL0CGcTwaTBzZFvrV4lklfBFPhVv
+ dwiagzZDsTvQfXe7UJTSHOKhw+i7a7ok2n+IFhyd+GnQYeOvaBropjYgYDHbZ/u7
+ d6E1xUVjANLtt2oOYfaH/LlERgucEcQY2qRyMBQXYTwp+d3ThTc+Vs0Lbo08rvFN
+ y76KXPsH8ptVVFK4DclK0GxI64JpnSmG/BHcU114K7LPNONQBSvE8UyZlMVkuZfc
+ qwBzyM70tKPoWmoxjBkQcXsK6JgclXohZ0jbMhRV5K4oDocAhEuUtOC5qG4IZo+R
+ BWc0bxueCaOQFqB6UKcZLgCj6ZhXHpqTSk/8MBevxrbH44I+4oYwQOkCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "um4yKCJkkBX9pISAa78SttNSqyEPhpCDGfL6FJA0wzK";
+ };
+ };
+}
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index a20878487..683556081 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -12,6 +12,7 @@
<stockholm/krebs/2configs/wiki.nix>
<stockholm/krebs/2configs/acme.nix>
<stockholm/krebs/2configs/mud.nix>
+ <stockholm/krebs/2configs/repo-sync.nix>
<stockholm/krebs/2configs/cal.nix>
<stockholm/krebs/2configs/mastodon.nix>
diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix
index 5435ea166..c56883d3e 100644
--- a/krebs/2configs/ircd.nix
+++ b/krebs/2configs/ircd.nix
@@ -38,6 +38,8 @@
hidden = false;
password = "$2a$04$0AtVycWQJ07ymrDdKyAm2un3UVSVIzpzL3wsWbWb3PF95d1CZMcMO";
};
+ server.max-line-length = 1024;
+ server.lookup-hostnames = true;
};
};
}
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix
index 39039cc11..0a5031415 100644
--- a/krebs/2configs/reaktor2.nix
+++ b/krebs/2configs/reaktor2.nix
@@ -51,6 +51,45 @@ let
};
};
+ bing = {
+ pattern = "!bing (.*)$";
+ activate = "match";
+ arguments = [1];
+ timeoutSec = 1337;
+ command = {
+ filename = pkgs.writeDash "bing" ''
+ set -efu
+ report_error() {
+ printf '%s' "$*" |
+ curl -Ss http://p.r --data-binary @- |
+ tail -1 |
+ echo "error $(cat)"
+ exit 0
+ }
+ export PATH=${makeBinPath [
+ pkgs.coreutils
+ pkgs.curl
+ pkgs.jq
+ ]}
+ response=$(printf '%s' "$*" |
+ curl -SsG http://bing-gpt.r/api/chat --data-urlencode 'prompt@-'
+ )
+ if [ "$?" -ne 0 ]; then
+ report_error "$response"
+ else
+ if ! text=$(printf '%s' "$response" | jq -er '.item.messages[1].text'); then
+ echo "$_from: $(report_error "$response")"
+ exit 0
+ fi
+ printf '%s' "$text" | echo "$_from: $(cat)"
+
+ printf '%s' "$response" |
+ jq -r '[.item.messages[1].sourceAttributions[].seeMoreUrl] | to_entries[] | "[\(.key + 1)]: \(.value)"'
+ fi
+ '';
+ };
+ };
+
confuse = {
pattern = "!confuse (.*)$";
activate = "match";
@@ -322,6 +361,7 @@ let
}
bedger-add
bedger-balance
+ bing
hooks.sed
interrogate
say
diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix
index e2be477fd..9f129d81c 100644
--- a/krebs/2configs/repo-sync.nix
+++ b/krebs/2configs/repo-sync.nix
@@ -22,7 +22,6 @@ let
post-receive = pkgs.git-hooks.irc-announce {
channel = "#xxx";
refs = [
- "refs/heads/master"
"refs/heads/newest"
"refs/tags/*"
];
@@ -37,7 +36,6 @@ let
{
user = with config.krebs.users; [
config.krebs.users."${config.networking.hostName}-repo-sync"
- jeschli
lass
makefu
tv
@@ -50,7 +48,7 @@ let
konsens-user
];
repo = [ repo ];
- perm = push ''refs/heads/master'' [ create merge ];
+ perm = push "refs/heads/common" [ create merge ];
}
{
user = attrValues config.krebs.users;
@@ -61,31 +59,18 @@ let
repos."${name}" = repo;
};
- sync-retiolum = {
+ sync-repo = {
name,
+ remotes,
desc ? "mirror for ${name}",
section ? "mirror"
}:
{
krebs.repo-sync.repos.${name} = {
- branches = {
- lassulus = {
- origin.url = "http://cgit.lassul.us/${name}";
- mirror.url = "${mirror}${name}";
- };
- makefu = {
- origin.url = "http://cgit.gum/${name}";
- mirror.url = "${mirror}${name}";
- };
- nin = {
- origin.url = "http://cgit.onondaga.r/${name}";
- mirror.url = "${mirror}${name}";
- };
- tv = {
- origin.url = "http://cgit.ni.r/${name}";
- mirror.url = "${mirror}${name}";
- };
- };
+ branches = (lib.mapAttrs' (user: url: lib.nameValuePair user {
+ origin.url = url;
+ mirror.url = "${mirror}${name}";
+ }) remotes);
latest = {
url = "${mirror}${name}";
ref = "heads/newest";
@@ -94,24 +79,6 @@ let
krebs.git = defineRepo { inherit name desc section; };
};
- sync-remote = {
- name,
- url,
- desc ? "mirror for ${name}",
- section ? "mirror"
- }:
- {
- krebs.repo-sync.repos.${name} = {
- branches = {
- remote = {
- origin.url = url;
- mirror.url = "${mirror}${name}";
- };
- };
- };
- krebs.git = defineRepo { inherit name desc section; };
- };
-
in {
krebs.git = {
enable = true;
@@ -126,7 +93,6 @@ in {
krebs.konsens = {
enable = true;
repos = {
- krops = { branchesToCheck = [ "lassulus" "tv" ]; };
stockholm = {};
};
};
@@ -137,52 +103,20 @@ in {
};
imports = [
- (sync-retiolum { name = "the_playlist"; desc = "Good Music collection + tools"; section = "art"; })
-
- (sync-retiolum { name = "stockholm"; desc = "take all computers hostage, they love it"; section = "configuration"; })
-
- (sync-retiolum { name = "cholerab"; desc = "krebs thesauron & enterprise-patterns"; section = "documentation"; })
-
- (sync-retiolum { name = "buildbot-classic"; desc = "fork of buildbot"; section = "software"; })
- (sync-retiolum { name = "disko"; desc = "take a description of your disk layout and produce a format script"; section = "software"; })
- (sync-retiolum { name = "news"; desc = "take a rss feed and a timeout and print it to stdout"; section = "software"; })
- (sync-retiolum { name = "krops"; desc = "krebs ops"; section = "software"; })
- (sync-retiolum { name = "go"; desc = "url shortener"; section = "software"; })
- (sync-retiolum { name = "much"; desc = "curses email client"; section = "software"; })
- (sync-retiolum { name = "newsbot-js"; desc = "irc rss/atom bot"; section = "software"; })
- (sync-retiolum { name = "nix-writers"; desc = "high level writers for nix"; section = "software"; })
-
- (sync-retiolum { name = "cac-api"; desc = "CloudAtCost API command line interface"; section = "miscellaneous"; })
- (sync-retiolum { name = "dic"; desc = "dict.leo.org command line interface"; section = "miscellaneous"; })
- (sync-retiolum { name = "get"; section = "miscellaneous"; })
- (sync-retiolum { name = "hstool"; desc = "Haskell Development Environment ^_^"; section = "miscellaneous"; })
- (sync-retiolum { name = "htgen"; desc = "toy HTTP server"; section = "miscellaneous"; })
- (sync-retiolum { name = "kirk"; desc = "IRC tools"; section = "miscellaneous"; })
- (sync-retiolum { name = "load-env"; section = "miscellaneous"; })
- (sync-retiolum { name = "loldns"; desc = "toy DNS server"; section = "miscellaneous"; })
- (sync-retiolum { name = "netcup"; desc = "netcup command line interface"; section = "miscellaneous"; })
- (sync-retiolum { name = "populate"; desc = "source code installer"; section = "miscellaneous"; })
- (sync-retiolum { name = "q"; section = "miscellaneous"; })
- (sync-retiolum { name = "regfish"; section = "miscellaneous"; })
- (sync-retiolum { name = "soundcloud"; desc = "SoundCloud command line interface"; section = "miscellaneous"; })
-
- (sync-retiolum { name = "blessings"; section = "Haskell libraries"; })
- (sync-retiolum { name = "mime"; section = "Haskell libraries"; })
- (sync-retiolum { name = "quipper"; section = "Haskell libraries"; })
- (sync-retiolum { name = "scanner"; section = "Haskell libraries"; })
- (sync-retiolum { name = "wai-middleware-time"; section = "Haskell libraries"; })
- (sync-retiolum { name = "web-routes-wai-custom"; section = "Haskell libraries"; })
- (sync-retiolum { name = "xintmap"; section = "Haskell libraries"; })
- (sync-retiolum { name = "xmonad-stockholm"; desc = "krebs xmonad modules"; section = "Haskell libraries"; })
-
- (sync-remote { name = "array"; url = "https://github.com/makefu/array"; })
- (sync-remote { name = "email-header"; url = "https://github.com/4z3/email-header"; })
- (sync-remote { name = "mycube-flask"; url = "https://github.com/makefu/mycube-flask"; })
- (sync-remote { name = "reaktor-titlebot"; url = "https://github.com/makefu/reaktor-titlebot"; })
- (sync-remote { name = "repo-sync"; url = "https://github.com/makefu/repo-sync"; })
- (sync-remote { name = "skytraq-datalogger"; url = "https://github.com/makefu/skytraq-datalogger"; })
- (sync-remote { name = "realwallpaper"; url = "https://github.com/lassulus/realwallpaper"; })
- (sync-remote { name = "painload"; url = "https://github.com/krebs/painload"; })
- (sync-remote { name = "nixos-wiki"; url = "https://github.com/Mic92/nixos-wiki.wiki.git"; })
+ (sync-repo {
+ name = "stockholm";
+ desc = "take all computers hostage, they love it";
+ section = "configuration";
+ remotes = {
+ makefu = "http://cgit.gum.r/stockholm";
+ tv = "http://cgit.ni.r/stockholm";
+ lassulus = "http://cgit.orange.r/stockholm";
+ };
+ })
+ ({ krebs.git = defineRepo {
+ name = "krops";
+ desc = "deployment tools";
+ section = "deployment";
+ };})
];
}
diff --git a/krebs/3modules/konsens.nix b/krebs/3modules/konsens.nix
index 81486810b..439bcc7f4 100644
--- a/krebs/3modules/konsens.nix
+++ b/krebs/3modules/konsens.nix
@@ -39,10 +39,13 @@ let
};
imp = {
+ users.groups.konsens.gid = genid "konsens";
users.users.konsens = rec {
name = "konsens";
+ group = "konsens";
uid = genid name;
home = "/var/lib/konsens";
+ isSystemUser = true;
createHome = true;
};
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index 885672736..bd1ab98c0 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "19cf008bb18e47b6e3b4e16e32a9a4bdd4b45f7e",
- "date": "2023-03-21T23:16:58+01:00",
- "path": "/nix/store/rg3f6v4f7mba0kqnhiarj7yg6066cc5v-nixpkgs",
- "sha256": "0myq7fnykna5qazbk6hdgahy148yd7f5l8nrxhzllj67y86a5sxw",
+ "rev": "645bc49f34fa8eff95479f0345ff57e55b53437e",
+ "date": "2023-04-19T18:04:47+02:00",
+ "path": "/nix/store/jh86824939585dinrs1zlkh6cvz8l8l7-nixpkgs",
+ "sha256": "0kfndc7xdkm89yl0f27wdnwd6gdad3i49jx7gvaib1hz0ifpmxzv",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 118415785..7e478e9cf 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "e2c97799da5f5cd87adfa5017fba971771e123ef",
- "date": "2023-03-20T14:29:52+01:00",
- "path": "/nix/store/vxca9w313d1bzw9dx4yaw8c0vrqjxa0p-nixpkgs",
- "sha256": "0qff1r8k0m19z1ppzb8gk5xrnlvabjdl3pqwpc3y5bm15qxzk25s",
+ "rev": "fd901ef4bf93499374c5af385b2943f5801c0833",
+ "date": "2023-04-22T11:27:49+08:00",
+ "path": "/nix/store/gpfv5hbki6g1b63nqw7md5bjlcpzsz1w-nixpkgs",
+ "sha256": "1fd7xyfna0klfbv37qq1ms2j4gzjpy14a8vbnw1i8ix6fijkywjf",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
diff --git a/lass/1systems/aergia/physical.nix b/lass/1systems/aergia/physical.nix
index 023639083..692f68dcc 100644
--- a/lass/1systems/aergia/physical.nix
+++ b/lass/1systems/aergia/physical.nix
@@ -87,7 +87,6 @@
# textsize
services.xserver.dpi = 200;
- hardware.video.hidpi.enable = lib.mkDefault true;
# corectrl
programs.corectrl = {
diff --git a/lass/1systems/neoprism/config.nix b/lass/1systems/neoprism/config.nix
index cc08070af..7b402f8a6 100644
--- a/lass/1systems/neoprism/config.nix
+++ b/lass/1systems/neoprism/config.nix
@@ -4,6 +4,7 @@
imports = [
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
+ <stockholm/lass/2configs/gsm-wiki.nix>
# sync-containers
<stockholm/lass/2configs/consul.nix>
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 2e82fae6f..e1f92c51e 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -127,6 +127,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/exim-smarthost.nix>
<stockholm/lass/2configs/privoxy-retiolum.nix>
<stockholm/lass/2configs/binary-cache/server.nix>
+ <stockholm/lass/2configs/binary-cache/proxy.nix>
<stockholm/lass/2configs/iodined.nix>
<stockholm/lass/2configs/paste.nix>
<stockholm/lass/2configs/syncthing.nix>
diff --git a/lass/2configs/binary-cache/client.nix b/lass/2configs/binary-cache/client.nix
index b0e0a8b88..de15aff92 100644
--- a/lass/2configs/binary-cache/client.nix
+++ b/lass/2configs/binary-cache/client.nix
@@ -4,6 +4,7 @@
nix = {
binaryCaches = [
"http://cache.prism.r"
+ "http://cache.neoprism.r"
"https://cache.nixos.org/"
];
binaryCachePublicKeys = [
diff --git a/lass/2configs/binary-cache/proxy.nix b/lass/2configs/binary-cache/proxy.nix
new file mode 100644
index 000000000..a6ecb044d
--- /dev/null
+++ b/lass/2configs/binary-cache/proxy.nix
@@ -0,0 +1,13 @@
+{ config, lib, pkgs, ...}:
+{
+ services.nginx = {
+ enable = true;
+ virtualHosts."cache.krebsco.de" = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/".extraConfig = ''
+ proxy_pass http://cache.neoprism.r/;
+ '';
+ };
+ };
+}
diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix
index 30bef5137..bdd568c15 100644
--- a/lass/2configs/binary-cache/server.nix
+++ b/lass/2configs/binary-cache/server.nix
@@ -14,7 +14,7 @@
services.nginx = {
enable = true;
virtualHosts.nix-serve = {
- serverAliases = [ "cache.prism.r" ];
+ serverAliases = [ "cache.${config.networking.hostName}.r" ];
locations."/".extraConfig = ''
proxy_pass http://localhost:${toString config.services.nix-serve.port};
'';
@@ -26,14 +26,6 @@
''};
'';
};
- virtualHosts."cache.krebsco.de" = {
- forceSSL = true;
- serverAliases = [ "cache.lassul.us" ];
- enableACME = true;
- locations."/".extraConfig = ''
- proxy_pass http://localhost:${toString config.services.nix-serve.port};
- '';
- };
};
}
diff --git a/lass/2configs/gsm-wiki.nix b/lass/2configs/gsm-wiki.nix
new file mode 100644
index 000000000..69508a155
--- /dev/null
+++ b/lass/2configs/gsm-wiki.nix
@@ -0,0 +1,26 @@
+{ config, lib, pkgs, ... }:
+{
+ services.nginx.virtualHosts."docs.c3gsm.de" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/".extraConfig = ''
+ auth_basic "Restricted Content";
+ auth_basic_user_file ${pkgs.writeText "flix-user-pass" ''
+ c3gsm:$apr1$q9OrPI4C$7AY4EIp3J2Xc4eLMbPGE21
+ ''};
+ root /srv/http/docs.c3gsm.de;
+ '';
+ };
+
+ users.users.c3gsm-docs = {
+ isNormalUser = true;
+ home = "/srv/http/docs.c3gsm.de";
+ createHome = true;
+ homeMode = "750";
+ useDefaultShell = true;
+ group = "nginx";
+ openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAlW1fvCrVXhVH/z76fXBWYR/qyecYTE9VOOkFLJ6OwG user@osmocom-dev"
+ ];
+ };
+}
diff --git a/lass/2configs/mumble-reminder.nix b/lass/2configs/mumble-reminder.nix
index c4cc60dc5..0067d64eb 100644
--- a/lass/2configs/mumble-reminder.nix
+++ b/lass/2configs/mumble-reminder.nix
@@ -80,26 +80,26 @@ in {
};
systemd.services.mumble-reminder-nixos = {
description = "weekly reminder for nixos mumble";
- startAt = "Thu *-*-* 17:00:00 Europe/Berlin";
+ startAt = "Wed *-*-* 19:00:00 Europe/Berlin";
serviceConfig = {
ExecStart = pkgs.writers.writeDash "mumble_reminder" ''
animals='
${animals}
'
- ${write_to_irc "#nixos"} "Es ist Donnerstag meine $(echo "$animals" | grep -v '^$' | shuf -n1 )!"
+ ${write_to_irc "#nixos"} "Es ist Mittwoch meine $(echo "$animals" | grep -v '^$' | shuf -n1 )!"
${write_to_irc "#nixos"} "kommt auf mumble://lassul.us"
'';
};
};
systemd.services.mumble-reminder-krebs = {
description = "weekly reminder for nixos mumble";
- startAt = "Thu *-*-* 19:00:00 Europe/Berlin";
+ startAt = "Wed *-*-* 19:00:00 Europe/Berlin";
serviceConfig = {
ExecStart = pkgs.writers.writeDash "mumble_reminder" ''
animals='
${animals}
'
- ${write_to_irc "#krebs"} "Es ist Donnerstag meine $(echo "$animals" | grep -v '^$' | shuf -n1 )!"
+ ${write_to_irc "#krebs"} "Es ist Mittwoch meine $(echo "$animals" | grep -v '^$' | shuf -n1 )!"
${write_to_irc "#krebs"} "$(cat /var/lib/reaktor2-mumble-reminder/users | ${pkgs.findutils}/bin/xargs echo) : mumble?"
'';
};