diff options
author | lassulus <lass@blue.r> | 2019-12-02 14:56:04 +0100 |
---|---|---|
committer | lassulus <lass@blue.r> | 2019-12-02 14:56:04 +0100 |
commit | bfa577817e259c910c06be5a2e8d1cabe1be78fe (patch) | |
tree | 273c56115719b73be80d6367f5a007776401fc5a | |
parent | 5ad00a189b85f2deb9c7035f4b515a3b5733d382 (diff) | |
parent | 9b79b05f3282d405dcd7f737c9424b11464ac3e1 (diff) |
Merge remote-tracking branch 'ni/master'
-rw-r--r-- | krebs/3modules/iana-etc.nix | 40 | ||||
m--------- | submodules/krops | 0 | ||||
-rw-r--r-- | tv/1systems/nomic/config.nix | 1 | ||||
-rw-r--r-- | tv/2configs/im.nix | 24 | ||||
-rw-r--r-- | tv/3modules/default.nix | 1 | ||||
-rw-r--r-- | tv/3modules/im.nix | 110 |
6 files changed, 125 insertions, 51 deletions
diff --git a/krebs/3modules/iana-etc.nix b/krebs/3modules/iana-etc.nix index f6d47f27e..e8037128d 100644 --- a/krebs/3modules/iana-etc.nix +++ b/krebs/3modules/iana-etc.nix @@ -23,32 +23,20 @@ with import <stockholm/lib>; }; config.environment.etc = mkIf (config.krebs.iana-etc.services != {}) { - services.source = mkForce (pkgs.runCommand "krebs-iana-etc" {} '' - exec < ${pkgs.iana_etc}/etc/services - exec > $out - awk -F '[ /]+' ' - BEGIN { - port=0 - } - ${concatMapStringsSep "\n" (entry: '' - $2 == ${entry.port} { - port=$2 - next - } - port == ${entry.port} { - ${concatMapStringsSep "\n" - (proto: let - s = "${entry.${proto}.name} ${entry.port}/${proto}"; - in - "print ${toJSON s}") - (filter (proto: entry.${proto} != null) ["tcp" "udp"])} - port=0 - } - '') (attrValues config.krebs.iana-etc.services)} - { - print $0 - } - ' + services.source = mkForce (pkgs.runCommand "krebs-iana-etc" {} /* sh */ '' + { + ${concatMapStringsSep "\n" (entry: /* sh */ '' + ${concatMapStringsSep "\n" + (proto: let + line = "${entry.${proto}.name} ${entry.port}/${proto}"; + in /* sh */ '' + echo ${shell.escape line} + '') + (filter (proto: entry.${proto} != null) ["tcp" "udp"])} + '') (attrValues config.krebs.iana-etc.services)} + cat ${pkgs.iana_etc}/etc/services + } | + sort -b -k 2,2 -u > $out ''); }; diff --git a/submodules/krops b/submodules/krops -Subproject 53dfb30af324408c34fc7f664a05992e186ca4e +Subproject f2f8cbf1afcb2c26d11e5f82c0b523b2cb10205 diff --git a/tv/1systems/nomic/config.nix b/tv/1systems/nomic/config.nix index a89f07e8a..86f9b7ec2 100644 --- a/tv/1systems/nomic/config.nix +++ b/tv/1systems/nomic/config.nix @@ -8,7 +8,6 @@ with import <stockholm/lib>; <stockholm/tv/2configs/hw/x220.nix> <stockholm/tv/2configs/exim-retiolum.nix> <stockholm/tv/2configs/gitrepos.nix> - <stockholm/tv/2configs/im.nix> <stockholm/tv/2configs/mail-client.nix> <stockholm/tv/2configs/nginx/public_html.nix> <stockholm/tv/2configs/pulse.nix> diff --git a/tv/2configs/im.nix b/tv/2configs/im.nix deleted file mode 100644 index 82f1be042..000000000 --- a/tv/2configs/im.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ config, lib, pkgs, ... }: -with import <stockholm/lib>; -{ - environment.systemPackages = with pkgs; [ - (pkgs.writeDashBin "im" '' - export PATH=${makeSearchPath "bin" (with pkgs; [ - tmux - gnugrep - weechat - ])} - if tmux list-sessions -F\#S | grep -q '^im''$'; then - exec tmux attach -t im - else - exec tmux new -s im weechat - fi - '') - ]; - services.bitlbee = { - enable = true; - plugins = [ - pkgs.bitlbee-facebook - ]; - }; -} diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix index db2cdcd1f..5be1beef8 100644 --- a/tv/3modules/default.nix +++ b/tv/3modules/default.nix @@ -5,6 +5,7 @@ ./ejabberd ./focus.nix ./hosts.nix + ./im.nix ./iptables.nix ./slock.nix ./x0vncserver.nix diff --git a/tv/3modules/im.nix b/tv/3modules/im.nix new file mode 100644 index 000000000..8cb137510 --- /dev/null +++ b/tv/3modules/im.nix @@ -0,0 +1,110 @@ +{ config, pkgs, ... }: let + im = config.tv.im; + lib = import <stockholm/lib>; +in { + options = { + tv.im.client.enable = lib.mkEnableOption "tv.im.client" // { + default = config.krebs.build.host.name == im.client.host.name; + }; + tv.im.client.term = lib.mkOption { + default = "rxvt-unicode-256color"; + type = lib.types.filename; + }; + tv.im.client.useIPv6 = lib.mkEnableOption "tv.im.client.useIPv6" // { + default = true; + }; + tv.im.client.host = lib.mkOption { + default = config.krebs.hosts.xu; + type = lib.types.host; + }; + tv.im.client.user = lib.mkOption { + default = config.krebs.users.tv; + type = lib.types.user; + }; + + tv.im.server.enable = lib.mkEnableOption "tv.im.server" // { + default = config.krebs.build.host.name == im.server.host.name; + }; + tv.im.server.host = lib.mkOption { + default = config.krebs.hosts.nomic; + type = lib.types.host; + }; + tv.im.server.mosh.enable = lib.mkEnableOption "tv.im.server.mosh" // { + default = true; + }; + tv.im.server.weechat.relay.enable = + lib.mkEnableOption "tv.im.server.weechat.relay"; + tv.im.server.user = lib.mkOption { + default = config.krebs.users.tv; + type = lib.types.user; + }; + }; + imports = [ + (lib.mkIf im.client.enable { + users.users.${im.client.user.name}.packages = [ + (pkgs.writeDashBin "im" '' + ${if im.server.mosh.enable then /* sh */ '' + exec ${pkgs.mosh}/bin/mosh \ + ${lib.optionalString im.client.useIPv6 "-6"} \ + ${im.server.user.name}@${lib.head im.server.host.nets.retiolum.aliases} \ + env TERM=${im.client.term} im + '' else /* sh */ '' + exec ${pkgs.openssh}/bin/ssh \ + ${lib.optionalString im.client.useIPv6 "-6"} \ + ${im.server.user.name}@${lib.head im.server.host.nets.retiolum.aliases} \ + -t \ + im + ''} + '') + ]; + }) + (lib.mkIf im.server.enable { + services.bitlbee = { + enable = true; + plugins = [ + pkgs.bitlbee-facebook + ]; + }; + users.users.${im.server.user.name}.packages = [ + pkgs.mosh + (pkgs.writeDashBin "im" '' + export PATH=${lib.makeSearchPath "bin" [ + pkgs.tmux + pkgs.gnugrep + pkgs.weechat + ]} + if tmux list-sessions -F\#S | grep -q '^im''$'; then + exec tmux attach -t im + else + exec tmux new -s im weechat + fi + '') + ]; + }) + (lib.mkIf im.server.mosh.enable { + krebs.setuid.utempter = { + filename = "${pkgs.libutempter}/lib/utempter/utempter"; + owner = "nobody"; + group = "utmp"; + mode = "2111"; + }; + tv.iptables.extra4.filter.Retiolum = [ + "-s ${im.client.host.nets.retiolum.ip4.addr} -p udp --dport 60000:61000 -j ACCEPT" + ]; + tv.iptables.extra6.filter.Retiolum = [ + "-s ${im.client.host.nets.retiolum.ip6.addr} -p udp --dport 60000:61000 -j ACCEPT" + ]; + }) + (lib.mkIf im.server.weechat.relay.enable { + krebs.iana-etc.services = { + "9001".tcp.name = "weechat-ssl"; + }; + tv.iptables.extra4.filter.Retiolum = [ + "-s ${im.client.host.nets.retiolum.ip4.addr} -p tcp -m tcp --dport 9001 -j ACCEPT" + ]; + tv.iptables.extra6.filter.Retiolum = [ + "-s ${im.client.host.nets.retiolum.ip6.addr} -p tcp -m tcp --dport 9001 -j ACCEPT" + ]; + }) + ]; +} |