summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2017-03-05 00:28:32 +0100
committertv <tv@krebsco.de>2017-03-05 00:28:32 +0100
commit4499cc406560963d65b016075ba2df6451c834cd (patch)
treeffea19187190a105e7b0caf617a0215c02c281da /krebs
parentd7761aed6559adba3cfa61d822165c42c90fc276 (diff)
parent39fd77b84c7c14d6460722721726b378bdab7acd (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'krebs')
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/exim-smarthost.nix2
-rw-r--r--krebs/3modules/fetchWallpaper.nix28
-rw-r--r--krebs/3modules/lass/default.nix10
-rw-r--r--krebs/3modules/lass/ssh/icarus.rsa2
-rw-r--r--krebs/3modules/makefu/default.nix262
-rw-r--r--krebs/3modules/monit.nix116
-rw-r--r--krebs/3modules/nin/default.nix2
-rw-r--r--krebs/5pkgs/buildbot/default.nix8
-rw-r--r--krebs/5pkgs/buildbot/irc_messages.patch40
-rw-r--r--krebs/5pkgs/buildbot/worker.nix4
-rw-r--r--krebs/5pkgs/zandronum-bin/default.nix83
12 files changed, 358 insertions, 200 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index e0810ab63..f336c966f 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -22,6 +22,7 @@ let
./go.nix
./iptables.nix
./kapacitor.nix
+ ./monit.nix
./newsbot-js.nix
./nginx.nix
./nixpkgs.nix
diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix
index bda563f8d..0ad952e3b 100644
--- a/krebs/3modules/exim-smarthost.nix
+++ b/krebs/3modules/exim-smarthost.nix
@@ -55,7 +55,7 @@ let
local_domains = mkOption {
type = with types; listOf hostname;
- default = ["localhost"] ++ config.krebs.build.host.nets.retiolum.aliases;
+ default = unique (["localhost" cfg.primary_hostname] ++ config.krebs.build.host.nets.retiolum.aliases);
};
relay_from_hosts = mkOption {
diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix
index 29c4f50e9..e226a9060 100644
--- a/krebs/3modules/fetchWallpaper.nix
+++ b/krebs/3modules/fetchWallpaper.nix
@@ -21,13 +21,14 @@ let
OnCalendar = "*:00,10,20,30,40,50";
};
};
+ # TODO find a better default stateDir
stateDir = mkOption {
type = types.str;
- default = "/var/lib/wallpaper";
+ default = "$HOME/wallpaper";
};
display = mkOption {
type = types.str;
- default = ":11";
+ default = ":0";
};
unitConfig = mkOption {
type = types.attrsOf types.str;
@@ -48,38 +49,30 @@ let
fetchWallpaperScript = pkgs.writeDash "fetchWallpaper" ''
set -euf
- mkdir -p ${shell.escape cfg.stateDir}
- cd ${shell.escape cfg.stateDir}
+ mkdir -p ${cfg.stateDir}
+ cd ${cfg.stateDir}
(curl --max-time ${toString cfg.maxTime} -s -o wallpaper.tmp -z wallpaper ${shell.escape cfg.url} && mv wallpaper.tmp wallpaper) || :
- feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper
+ feh --no-fehbg --bg-scale wallpaper
'';
imp = {
- users.users.fetchWallpaper = {
- name = "fetchWallpaper";
- uid = genid "fetchWallpaper";
- description = "fetchWallpaper user";
- home = cfg.stateDir;
- createHome = true;
- };
-
- systemd.timers.fetchWallpaper = {
+ systemd.user.timers.fetchWallpaper = {
description = "fetch wallpaper timer";
wantedBy = [ "timers.target" ];
timerConfig = cfg.timerConfig;
};
- systemd.services.fetchWallpaper = {
+ systemd.user.services.fetchWallpaper = {
description = "fetch wallpaper";
- after = [ "network.target" ];
+ wantedBy = [ "default.target" ];
path = with pkgs; [
curl
feh
+ coreutils
];
environment = {
- URL = cfg.url;
DISPLAY = cfg.display;
};
restartIfChanged = true;
@@ -87,7 +80,6 @@ let
serviceConfig = {
Type = "simple";
ExecStart = fetchWallpaperScript;
- User = "fetchWallpaper";
};
unitConfig = cfg.unitConfig;
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 0b67abd11..6ab8ede56 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -73,13 +73,21 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK";
};
- prism = {
+ prism = rec {
cores = 4;
+ extraZones = {
+ "krebsco.de" = ''
+ prism IN A ${nets.internet.ip4.addr}
+ paste IN A ${nets.internet.ip4.addr}
+ '';
+ };
nets = rec {
internet = {
ip4.addr = "213.239.205.240";
aliases = [
"prism.internet"
+ "paste.i"
+ "paste.internet"
];
ssh.port = 45621;
};
diff --git a/krebs/3modules/lass/ssh/icarus.rsa b/krebs/3modules/lass/ssh/icarus.rsa
index da99fcfdf..e3cb74081 100644
--- a/krebs/3modules/lass/ssh/icarus.rsa
+++ b/krebs/3modules/lass/ssh/icarus.rsa
@@ -1 +1 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDz97C5WVGXgKZ3I7FMvL4TyUv+0rsrSOGI7jj5uQaaHx0SSR0V4tnZtv2hXYrfnkaPHwu2PYUeeUdMBHfbZS6l2dmaXRI9f2WG7182G3IUskMktpi84DMyh0kwK2pWmHoS+Kwo//q+lu4WXIRy4X5wVMVpPT1Oc7boDtqJt4rK8uZkuVmVzGi+5SFaBxspCsdZsX/uDWOeC4/U2l+2Pd4YYl8UdmgN3bJceKTwqKIcbK7AL91My0jrnRSU6XLuED0hcVKzjkjc6bcj1R+Mlch9cflsMQV8TfT6p7VGGvUOtVwhG1+CjraHfilzFn76wINClsQXF/ncKrGabTEWO3zTi12ukAzL2/B0IB0q61tror9uYqeI74WgLjwhnuF98hUL7hnqgV3KB1ytpt6yzXqf1Uz784z9dh0n9r0fLTkeTDbJ4uOz1XzpmAMRwuo0o7/Op7rRBLHohu2Tp6AV8sISKJN5hDGe0wD6861pH9ZrRBiUux6uylzfWp2qrZmERnk0brBl+oDQNhKs3Z0CZmLG4DZWMc5pxpQ5751/8bb6nEorg2ulDZ/h+G3myC+9Zbc/owb/HHOGOBMEpyYYYMvYAfchu50e4xtHd+wMqzFxzjfcM7u6dTdyDEXi6+TFXKBEZyvaAhW2J27HKj4iK6Td2GyK59myPG6OtCnIbw9BPw== lass@icarus
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDm4qnRU8/Zyb+7x/QxW1grN+i1qcN39Sr/TSkBdccAPyfPdk8ph/G+wZKgsyr9sl5CgbA4hOsqDBN97dp4dKghKARuk0GldHDgo+2odWwBTa4EOSmE4Bfj3z7r9tW33Y+ujy55L4w5Qw21lj51mbhc0qvC/03xypEeKsLM0RtNAf8TsdGMPGmbha7uCF75VjFJvrHysbjonh6ZQ+Or8N0MSNABZ9oawJQxxBUqtLFhnq20zCJmm281f9GS/EaGYwcpOjiHd4fj3XWyfEIJRK/LRBZXkidvVDN7mhOQY3G+qiGZfPeyged9CRDRFoc5QbZ43NtrmPS+yUtjHQZKynkjI0lA00fegRzb0FkEJmYSy1Vdqgj338CjNwcuTaKJTw2EotMqMuHyk1FllnphafJtgMTMLIGoZRTpJpC91gbP0MGTnRoCwD4McZcz1YD3cxng101QsLsDv/FPxzbyxr+P6rjBB6eP6IhP4k4ALjWzoMURdCo1BW4//zt+PXImUpcX2+urtAMmVBQ8BwZry1hsEcR+r6C1Yb+jzeWGnvtfjXSFv+ZjpA0eEnqeKeh3LDCxybjkok51zdTe97EZ0sDAnKcnrVzpXJwehY02E2N9Sw1HhvWIUUulr09a2bC2rYR7HWryOjaEzT2aKmUyrxPkflCawB8gn2iSbVMWK74VJw== lass@icarus
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 1e63a26e2..489f62b65 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -5,50 +5,50 @@ with import <stockholm/lib>;
{
hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) {
drop = rec {
- cores = 1;
- nets = {
- retiolum = {
- ip4.addr = "10.243.177.9";
- ip6.addr = "42:f63:ddf8:7520:cfec:9b61:d807:1dce";
- aliases = [
- "drop.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA1QxukdeDqI47nm7/gd5Y9dZZbJULA02ak0A2cB4lmysJjgMFAfbl
- 6qpH7HCZk6s+4eI7H+UHUF177W7Z1qq3bqGLmlgdMMAzuDNz9UvNLhrthZMp3tCI
- GIFD28O1bKgDAYgsF/X21CRqEvgk3vRDp9yqIVIzQDmerOrZUx62Rx9Fssl/7ooW
- 0319fxcTw6GZEp7RXNzgIobnWPydakh+/I0inP0rC6It/vM5Hi2bV71QPZUyJ78C
- Szh4S8TznW7yMzTQaOENeaUKfqEyN+CW2OomVdWIBOvTJVpvfAut/kg1dyUGgHlT
- F8OlAoNAyxCSxqbM0fY0wtqKD7FaYY9cbQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
+ cores = 1;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.177.9";
+ ip6.addr = "42:f63:ddf8:7520:cfec:9b61:d807:1dce";
+ aliases = [
+ "drop.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA1QxukdeDqI47nm7/gd5Y9dZZbJULA02ak0A2cB4lmysJjgMFAfbl
+ 6qpH7HCZk6s+4eI7H+UHUF177W7Z1qq3bqGLmlgdMMAzuDNz9UvNLhrthZMp3tCI
+ GIFD28O1bKgDAYgsF/X21CRqEvgk3vRDp9yqIVIzQDmerOrZUx62Rx9Fssl/7ooW
+ 0319fxcTw6GZEp7RXNzgIobnWPydakh+/I0inP0rC6It/vM5Hi2bV71QPZUyJ78C
+ Szh4S8TznW7yMzTQaOENeaUKfqEyN+CW2OomVdWIBOvTJVpvfAut/kg1dyUGgHlT
+ F8OlAoNAyxCSxqbM0fY0wtqKD7FaYY9cbQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
};
+ };
};
fileleech = rec {
- cores = 4;
- ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech";
- nets = {
- retiolum = {
- ip4.addr = "10.243.113.98";
- ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096";
- aliases = [
- "fileleech.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA2W20+jYvuFUjPQ+E+7Xlabf8fW/XSnTTelfo2uRcJ3FMLYQ9H3rF
- 8L8StPmxn8Q20FFH/MvRmgW8pU9z4RQ3nAi+utVYqAJQtOYA9FPMxssC08w82r0K
- YC6sgc9MeRjnCjQxQrQs4fqA6KpqSLxRf2c6kfNwYRgCxFMns2ncxOiPOoGLZait
- nJR3m0cSRm8yCTMbznlGH99+5+3HgvuBE/UYXmmGBs7w8DevaX76butzprZ8fm4z
- e5C7R9ofdVW70GGksfSI81y5xODWMbfjTRHKm4OBX7NOCiOTwx1wu8bYDN3EzN6V
- UM5PJfU42sViPEZmVuC8cDcP1xemHTkh9QIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
+ cores = 4;
+ ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech";
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.113.98";
+ ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096";
+ aliases = [
+ "fileleech.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA2W20+jYvuFUjPQ+E+7Xlabf8fW/XSnTTelfo2uRcJ3FMLYQ9H3rF
+ 8L8StPmxn8Q20FFH/MvRmgW8pU9z4RQ3nAi+utVYqAJQtOYA9FPMxssC08w82r0K
+ YC6sgc9MeRjnCjQxQrQs4fqA6KpqSLxRf2c6kfNwYRgCxFMns2ncxOiPOoGLZait
+ nJR3m0cSRm8yCTMbznlGH99+5+3HgvuBE/UYXmmGBs7w8DevaX76butzprZ8fm4z
+ e5C7R9ofdVW70GGksfSI81y5xODWMbfjTRHKm4OBX7NOCiOTwx1wu8bYDN3EzN6V
+ UM5PJfU42sViPEZmVuC8cDcP1xemHTkh9QIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
};
+ };
};
pnp = {
@@ -123,16 +123,16 @@ with import <stockholm/lib>;
aliases = [
"ossim.siem"
];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAv5qv9R3E1AHJOhTnHJ2E5zWjItRdXSw/inpz/W+KcBeM/HSG0XEl
- RyGAwty7VP4CiLp7CagWmtVsz/5ytnXJzLDeRLn5t+KzO6am0aOpvAt6ZggZXPhL
- cQkn4IGi1TJE5tw+lzabBkUZm3zD1KEXpqJeZ6spA4e9lB/+T3Tx23g9WDEOKand
- mAJrsdsvTCIiVJefidOAmgeZVVOV3ltBonNP1nqEy+5v4B3EBT/Uj7ImL2aRj/pd
- dPs6dGV2LqSQvnrSbFZzuKVXKpD1M+wgT/5NQk/hVJJxBQC6rxvpg1XyQkepcLWL
- WjvogOl4NjXStmKDX2+gPPFx6XTmwDenOwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAv5qv9R3E1AHJOhTnHJ2E5zWjItRdXSw/inpz/W+KcBeM/HSG0XEl
+ RyGAwty7VP4CiLp7CagWmtVsz/5ytnXJzLDeRLn5t+KzO6am0aOpvAt6ZggZXPhL
+ cQkn4IGi1TJE5tw+lzabBkUZm3zD1KEXpqJeZ6spA4e9lB/+T3Tx23g9WDEOKand
+ mAJrsdsvTCIiVJefidOAmgeZVVOV3ltBonNP1nqEy+5v4B3EBT/Uj7ImL2aRj/pd
+ dPs6dGV2LqSQvnrSbFZzuKVXKpD1M+wgT/5NQk/hVJJxBQC6rxvpg1XyQkepcLWL
+ WjvogOl4NjXStmKDX2+gPPFx6XTmwDenOwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
};
};
};
@@ -169,7 +169,7 @@ with import <stockholm/lib>;
XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ
teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ==
-----END RSA PUBLIC KEY-----
- '';
+ '';
};
};
};
@@ -228,16 +228,15 @@ with import <stockholm/lib>;
"vbob.retiolum"
];
tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr
- 4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI
- AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP
- hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o
- Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s
- AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB
- -----END RSA PUBLIC KEY-----
-
- '';
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr
+ 4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI
+ AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP
+ hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o
+ Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s
+ AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
};
};
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
@@ -278,7 +277,7 @@ with import <stockholm/lib>;
DdJadpzOcEgFatzXP3SoKVV9loRHz5HhV4WtAqBIkDvgjj2j+NnXolAUY25Ix+kv
sfqfIw5aNLoIX4kDhuDEVBIyoc7/ofSbkQIDAQAB
-----END RSA PUBLIC KEY-----
- '';
+ '';
};
};
};
@@ -291,7 +290,6 @@ with import <stockholm/lib>;
wry IN A ${nets.internet.ip4.addr}
io IN NS wry.krebsco.de.
graphs IN A ${nets.internet.ip4.addr}
- paste 60 IN A ${nets.internet.ip4.addr}
tinc IN A ${nets.internet.ip4.addr}
'';
};
@@ -300,9 +298,7 @@ with import <stockholm/lib>;
ip4.addr = "104.233.87.86";
aliases = [
"wry.i"
- "paste.i"
"wry.internet"
- "paste.internet"
];
};
retiolum = {
@@ -353,7 +349,7 @@ with import <stockholm/lib>;
ip6.addr = "42:4b0b:d990:55ba:8da8:630f:dc0e:aae0";
aliases = [
"filepimp.retiolum"
- "filepimp.r"
+ "filepimp.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -364,7 +360,7 @@ with import <stockholm/lib>;
UN0duBz/faRcl6IRytZOuHaIp30eJ4850ZK8RPz/Dqqj+USMFq60i0oMsuAi/ljB
8b+eQBt6OXu4MSntxoR8Ja7ht+EOTDnBOwIDAQAB
-----END RSA PUBLIC KEY-----
- '';
+ '';
};
};
};
@@ -389,15 +385,15 @@ with import <stockholm/lib>;
"stats.makefu.r"
];
tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAuHQEeowvxRkoHJUw6cUp431pnoIy4MVv7kTLgWEK46nzgZtld9LM
- ZdNMJB9CuOVVMHEaiY6Q5YchUmapGxwEObc0y+8zQxTPw3I4q0GkSJqKLPrsTpkn
- sgEkHPfs2GVdtIBXDn9I8i5JsY2+U8QF8fbIQSOO08/Vpa3nknDAMege9yEa3NFm
- s/+x+2pS+xV6uzf/H21XNv0oufInXwZH1NCNXAy5I2V6pz7BmAHilVOGCT7g2zn6
- GasmofiYEnro4V5s8gDlQkb7bCZEIA9EgX/HP6fZJQezSUHcDCQFI0vg26xywbr6
- 5+9tTn8fN2mWS5+Pdmx3haX1qFcBP5HglwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAuHQEeowvxRkoHJUw6cUp431pnoIy4MVv7kTLgWEK46nzgZtld9LM
+ ZdNMJB9CuOVVMHEaiY6Q5YchUmapGxwEObc0y+8zQxTPw3I4q0GkSJqKLPrsTpkn
+ sgEkHPfs2GVdtIBXDn9I8i5JsY2+U8QF8fbIQSOO08/Vpa3nknDAMege9yEa3NFm
+ s/+x+2pS+xV6uzf/H21XNv0oufInXwZH1NCNXAy5I2V6pz7BmAHilVOGCT7g2zn6
+ GasmofiYEnro4V5s8gDlQkb7bCZEIA9EgX/HP6fZJQezSUHcDCQFI0vg26xywbr6
+ 5+9tTn8fN2mWS5+Pdmx3haX1qFcBP5HglwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
@@ -428,18 +424,18 @@ with import <stockholm/lib>;
ip4.addr = "10.243.214.15";
ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732";
aliases = [
- "wbob.retiolum"
+ "wbob.retiolum"
];
tinc.pubkey = ''
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e
-QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal
-cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8
-khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs
-rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9
-TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
------END RSA PUBLIC KEY-----
-'';
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e
+ QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal
+ cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8
+ khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs
+ rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9
+ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
};
};
};
@@ -487,7 +483,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
-----END RSA PUBLIC KEY-----
- '';
+ '';
};
};
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
@@ -538,7 +534,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
+DAH8t1YusYi7ICHcYt5J1p0ZGizcs8oEnZLBy4D+bJX86g7zbix1lZ37LxDCpQ5
uCoAYFes7QqLVDYhucZ5ElRWdATM2mBtZwIDAQAB
-----END RSA PUBLIC KEY-----
- '';
+ '';
};
};
};
@@ -551,8 +547,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
ip4.addr = "10.243.83.237";
ip6.addr = "42:af50:99cf:c185:f1a8:14d5:acb:8101";
aliases = [
- "sdev.retiolum"
- "sdev.r"
+ "sdev.retiolum"
+ "sdev.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -569,7 +565,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
};
- # non-stockholm
+# non-stockholm
flap = rec {
cores = 1;
@@ -602,7 +598,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
hGgQMjHFOdKaLyatZOx6Pq4jAna+kiJoq3mVDsB4rcjLuz8XkAUZmVpe5fXAG4hr
Ig8l/SI6ilu0zCWNSJ/v3wUzksm0P9AJkwIDAQAB
-----END RSA PUBLIC KEY-----
- '';
+ '';
};
};
};
@@ -819,32 +815,30 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
};
};
tcac-0-1 = rec {
- cores = 1;
- ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcX7rlGmGp1zCStrERXZ3XuT/j69FDBXV4ceLn9RXsG tcac-0-1
- ";
- nets = {
- retiolum = {
- ip4.addr = "10.243.144.142";
- ip6.addr = "42:4bf8:94b:eec5:69e2:c837:686e:f278";
- aliases = [
- "tcac-0-1.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA+3zuZa8FhFBcUNdNGyTQph6Jes0WDQB4CDcEcnK9okP60Z0ONq8j
- 7sKmxzQ43WFm04fd992Aa/KLbYBbXmGtYuu68DQwQGwk3HVNksp6ha7uVK1ibgNs
- zJIKizpFqK4NAYit0OfAy7ugVSvtyIxg9CDhnASDZ5NRq8/OLhvo5M4c3r3lGOlO
- Hv1nf4Tl2IYRln3c+AJEiw2369K46mRlt28yHeKUw1ur6hrbahnkYW+bjeliROIs
- QLp8J8Jl6evtPOyZpgyGHLQ/WPsQRK5svVA9ou17R//m4KNL1kBjTfxs7GaJWHLl
- HpSZTqRKsuK6K9R6kzu7NU81Wz0HXxw/qwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
+ cores = 1;
+ ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcX7rlGmGp1zCStrERXZ3XuT/j69FDBXV4ceLn9RXsG tcac-0-1
+ ";
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.144.142";
+ ip6.addr = "42:4bf8:94b:eec5:69e2:c837:686e:f278";
+ aliases = [
+ "tcac-0-1.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA+3zuZa8FhFBcUNdNGyTQph6Jes0WDQB4CDcEcnK9okP60Z0ONq8j
+ 7sKmxzQ43WFm04fd992Aa/KLbYBbXmGtYuu68DQwQGwk3HVNksp6ha7uVK1ibgNs
+ zJIKizpFqK4NAYit0OfAy7ugVSvtyIxg9CDhnASDZ5NRq8/OLhvo5M4c3r3lGOlO
+ Hv1nf4Tl2IYRln3c+AJEiw2369K46mRlt28yHeKUw1ur6hrbahnkYW+bjeliROIs
+ QLp8J8Jl6evtPOyZpgyGHLQ/WPsQRK5svVA9ou17R//m4KNL1kBjTfxs7GaJWHLl
+ HpSZTqRKsuK6K9R6kzu7NU81Wz0HXxw/qwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
};
+ };
};
-
-
} // { # hosts only maintained in stockholm, not owned by me
muhbaasu = rec {
owner = config.krebs.users.root;
@@ -878,23 +872,23 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
tpsw = {
cores = 2;
owner = config.krebs.users.ciko; # main laptop
- nets = {
- retiolum = {
- ip4.addr = "10.243.183.236";
- ip6.addr = "42:8ca8:d2e4:adf6:5c0f:38cb:e9ef:eb3c";
- aliases = [ "tpsw.r" "tpsw.retiolum" ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAvwYPFAINwV0EH0myFpNzRjVbqXdAmJP616C5JvODklhZWJxFxlKJ
- Poczl57j2Z+4bonkTrJmsNtSaQLPKYH4H1qfo/lwz7nqEpPi3Xp4Fgts23w36eML
- WBvbw0fQO9R8zZJIIdRkJ2qqlhZiTlor1Gtlm8Z1RmpKkhL9O6Yzj94VhGLhABVl
- OsaF2M3PgXJMiLry67jzbAs3+mVaT3iBTzWOaOyREjKQEUg9B9IDxrmZMSWqdXZM
- 0wfzaCjS40jD73m7tqi7W3tXzAUP4mEeUqkC+NC2Zgm/lJ5B1KPx7AyNqtRLsBLd
- pIdJs6ng63WV1fyHYUWMYqZk9zB/tQ0b0wIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.183.236";
+ ip6.addr = "42:8ca8:d2e4:adf6:5c0f:38cb:e9ef:eb3c";
+ aliases = [ "tpsw.r" "tpsw.retiolum" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAvwYPFAINwV0EH0myFpNzRjVbqXdAmJP616C5JvODklhZWJxFxlKJ
+ Poczl57j2Z+4bonkTrJmsNtSaQLPKYH4H1qfo/lwz7nqEpPi3Xp4Fgts23w36eML
+ WBvbw0fQO9R8zZJIIdRkJ2qqlhZiTlor1Gtlm8Z1RmpKkhL9O6Yzj94VhGLhABVl
+ OsaF2M3PgXJMiLry67jzbAs3+mVaT3iBTzWOaOyREjKQEUg9B9IDxrmZMSWqdXZM
+ 0wfzaCjS40jD73m7tqi7W3tXzAUP4mEeUqkC+NC2Zgm/lJ5B1KPx7AyNqtRLsBLd
+ pIdJs6ng63WV1fyHYUWMYqZk9zB/tQ0b0wIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
};
- };
};
};
users = rec {
@@ -920,6 +914,10 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
inherit (makefu) mail pgp;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOXG6iwvm6zUVk+OE9ZviO+WNosAHSZw4ku0RxWbXSlSG0RfzvV4IfByF3Dw+4a8yZQmjwNkQalUURh2fEqhBLBI9XNEIL7qIu17zheguyXzpE3Smy4pbI+fjdsnfFrw+WE2n/IO8N6ojdH6sMmnWwfkFZYqqofWyLB3WUN9wy2b2z0w/jc56+HxxyTl3rD7CttTs9ak67HqIn3/pNeHoOM+JQ/te8t4ageIlPi8yJJpqZgww1RUWCgPPwZ9DP6gQjo85he76x0h9jvhnFd7m9N1aGdRDcK55QyoY/9x07R24GRutohAB/KDWSkDWQv5BW7M1LCawpJcF3DDslD1i7 makefu@gum";
};
+ makefu-bob = {
+ inherit (makefu) mail pgp;
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD";
+ };
ciko = {
mail = "wieczorek.stefan@googlemail.com";
};
diff --git a/krebs/3modules/monit.nix b/krebs/3modules/monit.nix
new file mode 100644
index 000000000..4d4066ae4
--- /dev/null
+++ b/krebs/3modules/monit.nix
@@ -0,0 +1,116 @@
+{ config, lib, pkgs, ... }:
+
+with builtins;
+with import <stockholm/lib>;
+
+let
+ cfg = config.krebs.monit;
+
+ out = {
+ options.krebs.monit = api;
+ config = mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "monit";
+ http = {
+ enable = mkEnableOption "monit http server";
+ port = mkOption {
+ type = types.int;
+ default = 9093;
+ };
+ user = mkOption {
+ type = types.str;
+ default = "krebs";
+ };
+ pass = mkOption {
+ type = types.str;
+ default = "bob";
+ };
+ };
+ user = mkOption {
+ type = types.user;
+ default = {
+ name = "monit";
+ };
+ };
+ group = mkOption {
+ type = types.group;
+ default = {
+ name = "monitor";
+ };
+ };
+ extraConfig = mkOption {
+ type = types.attrs;
+ default = {};
+ };
+ alarms = mkOption {
+ default = {};
+ type = with types; attrsOf (submodule {
+ options = {
+ test = mkOption {
+ type = path;
+ };
+ alarm = mkOption {
+ type = path;
+ };
+ interval = mkOption {
+ type = str;
+ default = "10";
+ };
+ };
+ });
+ };
+ };
+
+ imp = let
+ configFile = pkgs.writeText "monit.cfg" ''
+ ${optionalString cfg.http.enable ''
+ set httpd port ${toString cfg.http.port}
+ allow ${cfg.http.user}:${cfg.http.pass}
+ ''}
+ set daemon 10
+
+ ${concatStringsSep "\n" (mapAttrsToList (name: alarm: ''
+ check program ${name} with path "${alarm.test}"
+ every ${alarm.interval} cycles
+ if status != 0 then exec "${alarm.alarm}"
+ '') cfg.alarms)}
+ '';
+ in {
+ environment.etc = [
+ {
+ source = configFile;
+ target = "monit.conf";
+ mode = "0400";
+ uid = config.users.users.${cfg.user.name}.uid;
+ }
+ ];
+ users = {
+ groups.${cfg.group.name} = {
+ inherit (cfg.group) name gid;
+ };
+ users.${cfg.user.name} = {
+ inherit (cfg.user) home name uid;
+ createHome = true;
+ group = cfg.group.name;
+ };
+ };
+
+ systemd.services.monit = {
+ description = "monit";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+
+ restartIfChanged = true;
+
+ serviceConfig = {
+ Restart = "always";
+ User = cfg.user.name;
+ ExecStart = "${pkgs.monit}/bin/monit -I -c /etc/monit.conf";
+ # Monit should restart when the config changes
+ ExecStartPre = "${pkgs.coreutils}/bin/echo ${configFile}";
+ };
+ };
+ };
+in out
diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix
index 3231c0e23..d5d13cd1a 100644
--- a/krebs/3modules/nin/default.nix
+++ b/krebs/3modules/nin/default.nix
@@ -38,6 +38,8 @@ with import <stockholm/lib>;
aliases = [
"onondaga.retiolum"
"onondaga.r"
+ "cgit.onondaga.r"
+ "cgit.onondaga.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
diff --git a/krebs/5pkgs/buildbot/default.nix b/krebs/5pkgs/buildbot/default.nix
index 2e14b6b63..37eea5fd9 100644
--- a/krebs/5pkgs/buildbot/default.nix
+++ b/krebs/5pkgs/buildbot/default.nix
@@ -3,10 +3,10 @@
pythonPackages.buildPythonApplication (rec {
name = "${pname}-${version}";
pname = "buildbot";
- version = "0.9.1";
+ version = "0.9.4";
src = fetchurl {
url = "mirror://pypi/b/${pname}/${name}.tar.gz";
- sha256 = "1kk4dlkk4rznwid9xykq2lbzksvkcr4r5kmz9hgh5hswdzv8bwx9";
+ sha256 = "0wklrn4fszac9wi8zw3vbsznwyff6y57cz0i81zvh46skb6n3086";
};
doCheck = false;
buildInputs = with pythonPackages; [
@@ -22,6 +22,7 @@ pythonPackages.buildPythonApplication (rec {
pylint
astroid
pyflakes
+ pyjwt
];
propagatedBuildInputs = with pythonPackages; [
@@ -55,9 +56,6 @@ pythonPackages.buildPythonApplication (rec {
] ++ plugins;
- patchPhase = ''
- patch -p1 < ${./irc_messages.patch}
- '';
preInstall = ''
# writes out a file that can't be read properly
sed -i.bak -e '69,84d' buildbot/test/unit/test_www_config.py
diff --git a/krebs/5pkgs/buildbot/irc_messages.patch b/krebs/5pkgs/buildbot/irc_messages.patch
deleted file mode 100644
index ab8597dbd..000000000
--- a/krebs/5pkgs/buildbot/irc_messages.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-diff --git a/buildbot/reporters/words.py b/master/buildbot/reporters/words.py
-index a65147b..bf44118 100644
---- a/buildbot/reporters/words.py
-+++ b/buildbot/reporters/words.py
-@@ -550,14 +550,15 @@ class Contact(service.AsyncService):
-
- if self.useRevisions:
- revisions = yield self.getRevisionsForBuild(build)
-- r = "Hey! build %s containing revision(s) [%s] is complete: %s" % \
-+ r = "Build %s containing revision(s) [%s] is complete: %s" % \
- (builderName, ','.join(revisions), results[0])
- else:
-- r = "Hey! build %s #%d is complete: %s" % \
-+ r = "Build %s #%d is complete: %s" % \
- (builderName, buildNumber, results[0])
-
- r += ' [%s]' % maybeColorize(build['state_string'],
- results[1], self.useColors)
-+ r += " - %s" % self.master.status.getURLForBuild(builder['builderid'],buildNumber)
- self.send(r)
-
- # FIXME: where do we get the list of changes for a build ?
-@@ -622,14 +623,15 @@ class Contact(service.AsyncService):
- results = self.getResultsDescriptionAndColor(build['results'])
- if self.useRevisions:
- revisions = yield self.getRevisionsForBuild(build)
-- r = "Hey! build %s containing revision(s) [%s] is complete: %s" % \
-+ r = "Build %s containing revision(s) [%s] is complete: %s" % \
- (builder_name, ','.join(revisions), results[0])
- else:
-- r = "Hey! build %s #%d is complete: %s" % \
-+ r = "Build %s #%d is complete: %s" % \
- (builder_name, buildnum, results[0])
-
- r += ' [%s]' % maybeColorize(build['state_string'],
- results[1], self.useColors)
-+ r += " - %s" % self.master.status.getURLForBuild(builder['builderid'],buildNumber)
- self.send(r)
-
- # FIXME: where do we get the base_url? Then do we use the build Link to
diff --git a/krebs/5pkgs/buildbot/worker.nix b/krebs/5pkgs/buildbot/worker.nix
index c100de5d2..34e526858 100644
--- a/krebs/5pkgs/buildbot/worker.nix
+++ b/krebs/5pkgs/buildbot/worker.nix
@@ -2,12 +2,12 @@
pythonPackages.buildPythonApplication (rec {
name = "${pname}-${version}";
pname = "buildbot-worker";
- version = "0.9.1";
+ version = "0.9.4";
doCheck = false;
src = fetchurl {
url = "mirror://pypi/b/${pname}/${name}.tar.gz";
- sha256 = "00p9l1qz6mx12npjwsycp8f9a8f2har15ig79pfsg8z7a7yw93hx";
+ sha256 = "0rdrr8x7sn2nxl51p6h9ad42s3c28lb6sys84zrg0d7fm4zhv7hj";
};
buildInputs = with pythonPackages; [ setuptoolsTrial mock ];
diff --git a/krebs/5pkgs/zandronum-bin/default.nix b/krebs/5pkgs/zandronum-bin/default.nix
new file mode 100644
index 000000000..e97f46add
--- /dev/null
+++ b/krebs/5pkgs/zandronum-bin/default.nix
@@ -0,0 +1,83 @@
+{ stdenv
+, atk
+, bzip2
+, cairo
+, fetchurl
+, fluidsynth
+, fontconfig
+, freetype
+, gdk_pixbuf
+, glib
+, gtk2
+, libjpeg_turbo
+, mesa_glu
+, mesa_noglu
+, openssl
+, pango
+, SDL
+, zlib
+, makeWrapper
+}:
+
+stdenv.mkDerivation rec {
+ name = "zandronum-3.0";
+
+ src = fetchurl {
+ url = "http://zandronum.com/downloads/testing/3.0/ZandroDev3.0-170205-2117linux-x86_64.tar.bz2";
+ sha256 = "17vrzk0m5b17sp3sqcg57r7812ma97lp3qxn9hmd39fwl1z40fz3";
+ };
+
+ libPath = stdenv.lib.makeLibraryPath [
+ atk
+ bzip2
+ cairo
+ fluidsynth
+ fontconfig
+ freetype
+ gdk_pixbuf
+ glib
+ gtk2
+ libjpeg_turbo
+ mesa_glu
+ mesa_noglu
+ openssl
+ pango
+ SDL
+ stdenv.cc.cc
+ zlib
+ ];
+
+ nativeBuildInputs = [ makeWrapper ];
+
+ phases = [ "unpackPhase" "installPhase" ];
+
+ sourceRoot = ".";
+
+ installPhase = ''
+ mkdir -p $out/bin
+ mkdir -p $out/share/zandronum
+ cp *.so *.pk3 zandronum zandronum-server $out/share/zandronum
+
+ patchelf \
+ --set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) \
+ --set-rpath $libPath:$out/share/zandronum \
+ $out/share/zandronum/zandronum
+ patchelf \
+ --set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) \
+ --set-rpath $libPath \
+ $out/share/zandronum/zandronum-server
+
+ # If we don't set absolute argv0, zandronum.wad file is not f