summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlassulus <lass@blue.r>2019-12-02 14:56:04 +0100
committerlassulus <lass@blue.r>2019-12-02 14:56:04 +0100
commitbfa577817e259c910c06be5a2e8d1cabe1be78fe (patch)
tree273c56115719b73be80d6367f5a007776401fc5a
parent5ad00a189b85f2deb9c7035f4b515a3b5733d382 (diff)
parent9b79b05f3282d405dcd7f737c9424b11464ac3e1 (diff)
Merge remote-tracking branch 'ni/master'
-rw-r--r--krebs/3modules/iana-etc.nix40
m---------submodules/krops0
-rw-r--r--tv/1systems/nomic/config.nix1
-rw-r--r--tv/2configs/im.nix24
-rw-r--r--tv/3modules/default.nix1
-rw-r--r--tv/3modules/im.nix110
6 files changed, 125 insertions, 51 deletions
diff --git a/krebs/3modules/iana-etc.nix b/krebs/3modules/iana-etc.nix
index f6d47f27e..e8037128d 100644
--- a/krebs/3modules/iana-etc.nix
+++ b/krebs/3modules/iana-etc.nix
@@ -23,32 +23,20 @@ with import <stockholm/lib>;
};
config.environment.etc = mkIf (config.krebs.iana-etc.services != {}) {
- services.source = mkForce (pkgs.runCommand "krebs-iana-etc" {} ''
- exec < ${pkgs.iana_etc}/etc/services
- exec > $out
- awk -F '[ /]+' '
- BEGIN {
- port=0
- }
- ${concatMapStringsSep "\n" (entry: ''
- $2 == ${entry.port} {
- port=$2
- next
- }
- port == ${entry.port} {
- ${concatMapStringsSep "\n"
- (proto: let
- s = "${entry.${proto}.name} ${entry.port}/${proto}";
- in
- "print ${toJSON s}")
- (filter (proto: entry.${proto} != null) ["tcp" "udp"])}
- port=0
- }
- '') (attrValues config.krebs.iana-etc.services)}
- {
- print $0
- }
- '
+ services.source = mkForce (pkgs.runCommand "krebs-iana-etc" {} /* sh */ ''
+ {
+ ${concatMapStringsSep "\n" (entry: /* sh */ ''
+ ${concatMapStringsSep "\n"
+ (proto: let
+ line = "${entry.${proto}.name} ${entry.port}/${proto}";
+ in /* sh */ ''
+ echo ${shell.escape line}
+ '')
+ (filter (proto: entry.${proto} != null) ["tcp" "udp"])}
+ '') (attrValues config.krebs.iana-etc.services)}
+ cat ${pkgs.iana_etc}/etc/services
+ } |
+ sort -b -k 2,2 -u > $out
'');
};
diff --git a/submodules/krops b/submodules/krops
-Subproject 53dfb30af324408c34fc7f664a05992e186ca4e
+Subproject f2f8cbf1afcb2c26d11e5f82c0b523b2cb10205
diff --git a/tv/1systems/nomic/config.nix b/tv/1systems/nomic/config.nix
index a89f07e8a..86f9b7ec2 100644
--- a/tv/1systems/nomic/config.nix
+++ b/tv/1systems/nomic/config.nix
@@ -8,7 +8,6 @@ with import <stockholm/lib>;
<stockholm/tv/2configs/hw/x220.nix>
<stockholm/tv/2configs/exim-retiolum.nix>
<stockholm/tv/2configs/gitrepos.nix>
- <stockholm/tv/2configs/im.nix>
<stockholm/tv/2configs/mail-client.nix>
<stockholm/tv/2configs/nginx/public_html.nix>
<stockholm/tv/2configs/pulse.nix>
diff --git a/tv/2configs/im.nix b/tv/2configs/im.nix
deleted file mode 100644
index 82f1be042..000000000
--- a/tv/2configs/im.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-{
- environment.systemPackages = with pkgs; [
- (pkgs.writeDashBin "im" ''
- export PATH=${makeSearchPath "bin" (with pkgs; [
- tmux
- gnugrep
- weechat
- ])}
- if tmux list-sessions -F\#S | grep -q '^im''$'; then
- exec tmux attach -t im
- else
- exec tmux new -s im weechat
- fi
- '')
- ];
- services.bitlbee = {
- enable = true;
- plugins = [
- pkgs.bitlbee-facebook
- ];
- };
-}
diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix
index db2cdcd1f..5be1beef8 100644
--- a/tv/3modules/default.nix
+++ b/tv/3modules/default.nix
@@ -5,6 +5,7 @@
./ejabberd
./focus.nix
./hosts.nix
+ ./im.nix
./iptables.nix
./slock.nix
./x0vncserver.nix
diff --git a/tv/3modules/im.nix b/tv/3modules/im.nix
new file mode 100644
index 000000000..8cb137510
--- /dev/null
+++ b/tv/3modules/im.nix
@@ -0,0 +1,110 @@
+{ config, pkgs, ... }: let
+ im = config.tv.im;
+ lib = import <stockholm/lib>;
+in {
+ options = {
+ tv.im.client.enable = lib.mkEnableOption "tv.im.client" // {
+ default = config.krebs.build.host.name == im.client.host.name;
+ };
+ tv.im.client.term = lib.mkOption {
+ default = "rxvt-unicode-256color";
+ type = lib.types.filename;
+ };
+ tv.im.client.useIPv6 = lib.mkEnableOption "tv.im.client.useIPv6" // {
+ default = true;
+ };
+ tv.im.client.host = lib.mkOption {
+ default = config.krebs.hosts.xu;
+ type = lib.types.host;
+ };
+ tv.im.client.user = lib.mkOption {
+ default = config.krebs.users.tv;
+ type = lib.types.user;
+ };
+
+ tv.im.server.enable = lib.mkEnableOption "tv.im.server" // {
+ default = config.krebs.build.host.name == im.server.host.name;
+ };
+ tv.im.server.host = lib.mkOption {
+ default = config.krebs.hosts.nomic;
+ type = lib.types.host;
+ };
+ tv.im.server.mosh.enable = lib.mkEnableOption "tv.im.server.mosh" // {
+ default = true;
+ };
+ tv.im.server.weechat.relay.enable =
+ lib.mkEnableOption "tv.im.server.weechat.relay";
+ tv.im.server.user = lib.mkOption {
+ default = config.krebs.users.tv;
+ type = lib.types.user;
+ };
+ };
+ imports = [
+ (lib.mkIf im.client.enable {
+ users.users.${im.client.user.name}.packages = [
+ (pkgs.writeDashBin "im" ''
+ ${if im.server.mosh.enable then /* sh */ ''
+ exec ${pkgs.mosh}/bin/mosh \
+ ${lib.optionalString im.client.useIPv6 "-6"} \
+ ${im.server.user.name}@${lib.head im.server.host.nets.retiolum.aliases} \
+ env TERM=${im.client.term} im
+ '' else /* sh */ ''
+ exec ${pkgs.openssh}/bin/ssh \
+ ${lib.optionalString im.client.useIPv6 "-6"} \
+ ${im.server.user.name}@${lib.head im.server.host.nets.retiolum.aliases} \
+ -t \
+ im
+ ''}
+ '')
+ ];
+ })
+ (lib.mkIf im.server.enable {
+ services.bitlbee = {
+ enable = true;
+ plugins = [
+ pkgs.bitlbee-facebook
+ ];
+ };
+ users.users.${im.server.user.name}.packages = [
+ pkgs.mosh
+ (pkgs.writeDashBin "im" ''
+ export PATH=${lib.makeSearchPath "bin" [
+ pkgs.tmux
+ pkgs.gnugrep
+ pkgs.weechat
+ ]}
+ if tmux list-sessions -F\#S | grep -q '^im''$'; then
+ exec tmux attach -t im
+ else
+ exec tmux new -s im weechat
+ fi
+ '')
+ ];
+ })
+ (lib.mkIf im.server.mosh.enable {
+ krebs.setuid.utempter = {
+ filename = "${pkgs.libutempter}/lib/utempter/utempter";
+ owner = "nobody";
+ group = "utmp";
+ mode = "2111";
+ };
+ tv.iptables.extra4.filter.Retiolum = [
+ "-s ${im.client.host.nets.retiolum.ip4.addr} -p udp --dport 60000:61000 -j ACCEPT"
+ ];
+ tv.iptables.extra6.filter.Retiolum = [
+ "-s ${im.client.host.nets.retiolum.ip6.addr} -p udp --dport 60000:61000 -j ACCEPT"
+ ];
+ })
+ (lib.mkIf im.server.weechat.relay.enable {
+ krebs.iana-etc.services = {
+ "9001".tcp.name = "weechat-ssl";
+ };
+ tv.iptables.extra4.filter.Retiolum = [
+ "-s ${im.client.host.nets.retiolum.ip4.addr} -p tcp -m tcp --dport 9001 -j ACCEPT"
+ ];
+ tv.iptables.extra6.filter.Retiolum = [
+ "-s ${im.client.host.nets.retiolum.ip6.addr} -p tcp -m tcp --dport 9001 -j ACCEPT"
+ ];
+ })
+ ];
+}