diff options
| author | makefu <github@syntax-fehler.de> | 2023-06-03 15:50:01 +0200 |
|---|---|---|
| committer | makefu <github@syntax-fehler.de> | 2023-06-03 15:50:01 +0200 |
| commit | 15f4d5f29d3a4b662376f362d21e5b163bd7c5e1 (patch) | |
| tree | 77b0239c8899207b76fdef85090db7aa2b6e3eea /krebs | |
| parent | 563b55fa133a38aacff93747773f026b0681eece (diff) | |
| parent | 7c3b3400b71678617ac042b522c26e747b8312c2 (diff) | |
Merge remote-tracking branch 'lassul.us/master'
Diffstat (limited to 'krebs')
| -rw-r--r-- | krebs/2configs/reaktor2.nix | 50 | ||||
| -rw-r--r-- | krebs/2configs/syncthing.nix | 12 | ||||
| -rw-r--r-- | krebs/3modules/konsens.nix | 7 | ||||
| -rw-r--r-- | krebs/3modules/tinc.nix | 37 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/cunicu.nix | 22 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/htgen-paste/default.nix | 27 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/htgen-paste/src/htgen-paste | 68 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/kpaste/default.nix | 3 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/q-power_supply.nix | 3 | ||||
| -rw-r--r-- | krebs/nixpkgs-unstable.json | 8 | ||||
| -rw-r--r-- | krebs/nixpkgs.json | 8 |
11 files changed, 203 insertions, 42 deletions
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index 0a5031415..67c2dd4cd 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -81,7 +81,8 @@ let echo "$_from: $(report_error "$response")" exit 0 fi - printf '%s' "$text" | echo "$_from: $(cat)" + # value seems to be 512 - overhead + echo "$_from: $text" | fold -s -w 426 printf '%s' "$response" | jq -r '[.item.messages[1].sourceAttributions[].seeMoreUrl] | to_entries[] | "[\(.key + 1)]: \(.value)"' @@ -90,6 +91,52 @@ let }; }; + bing-img = { + pattern = "!bing-img (.*)$"; + activate = "match"; + arguments = [1]; + timeoutSec = 1337; + command = { + filename = pkgs.writeDash "bing-img" '' + set -efu + report_error() { + printf '%s' "$*" | + curl -Ss http://p.r --data-binary @- | + tail -1 | + echo "error $(cat)" + exit 0 + } + export PATH=${makeBinPath [ + pkgs.dash + pkgs.coreutils + pkgs.curl + pkgs.findutils + pkgs.jq + ]} + response=$(printf '%s' "$*" | + curl -SsG http://bing-gpt.r/api/images --data-urlencode 'prompt@-' + ) + if [ "$?" -ne 0 ]; then + report_error "$response" + else + if ! text=$( + printf '%s' "$response" | + jq -er '.[].url' + ); then + echo "$_from: $(report_error "$response")" + exit 0 + fi + echo "$text" | + xargs -I {} dash -c 'curl -Ss {} | + curl -Ss https://p.krebsco.de --data-binary @- | + tail -1' | + tr '\n' ' ' | + echo "$_from: $(cat)" + fi + ''; + }; + }; + confuse = { pattern = "!confuse (.*)$"; activate = "match"; @@ -362,6 +409,7 @@ let bedger-add bedger-balance bing + bing-img hooks.sed interrogate say diff --git a/krebs/2configs/syncthing.nix b/krebs/2configs/syncthing.nix index dac1863d5..d6d42ca11 100644 --- a/krebs/2configs/syncthing.nix +++ b/krebs/2configs/syncthing.nix @@ -1,17 +1,21 @@ -{ config, pkgs, ... }: with import <stockholm/lib>; let +{ options, config, pkgs, ... }: with import <stockholm/lib>; let mk_peers = mapAttrs (n: v: { id = v.syncthing.id; }); all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts; - used_peer_names = unique (flatten (mapAttrsToList (n: v: v.devices) config.services.syncthing.declarative.folders)); + used_peer_names = unique (filter isString (flatten (mapAttrsToList (n: v: v.devices) config.services.syncthing.folders))); used_peers = filterAttrs (n: v: elem n used_peer_names) all_peers; in { services.syncthing = { enable = true; configDir = "/var/lib/syncthing"; - devices = mk_peers used_peers; key = toString <secrets/syncthing.key>; cert = toString <secrets/syncthing.cert>; - }; + # workaround for infinite recursion on unstable, remove in 23.11 + } // (if builtins.hasAttr "settings" options.services.syncthing then + { settings.devices = mk_peers used_peers; } + else + { devices = mk_peers used_peers; } + ); boot.kernel.sysctl."fs.inotify.max_user_watches" = 524288; } diff --git a/krebs/3modules/konsens.nix b/krebs/3modules/konsens.nix index 439bcc7f4..81dbb33e1 100644 --- a/krebs/3modules/konsens.nix +++ b/krebs/3modules/konsens.nix @@ -60,12 +60,17 @@ let systemd.services = mapAttrs' (name: repo: nameValuePair "konsens-${name}" { after = [ "network.target" ]; - path = [ pkgs.git ]; + path = [ + pkgs.git + pkgs.openssh + ]; restartIfChanged = false; serviceConfig = { Type = "simple"; PermissionsStartOnly = true; ExecStart = pkgs.writeDash "konsens-${name}" '' + set -efu + git config --global --replace-all safe.directory * if ! test -e ${name}; then git clone ${repo.url} ${name} fi diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 52cdafe67..437f3b633 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -190,35 +190,16 @@ with import <stockholm/lib>; default = 3; }; - user = mkOption { - type = types.user; - default = { - name = tinc.config.netname; - home = "/var/lib/${tinc.config.user.name}"; - }; - defaultText = { - name = "‹netname›"; - home = "/var/lib/‹netname›"; - }; + username = mkOption { + type = types.username; + default = tinc.config.netname; + defaultText = literalExample "netname"; }; }; })); }; config = { - users.users = mapAttrs' (netname: cfg: - nameValuePair "${netname}" { - inherit (cfg.user) home name uid; - createHome = true; - isSystemUser = true; - group = netname; - } - ) config.krebs.tinc; - - users.groups = mapAttrs' (netname: cfg: - nameValuePair netname {} - ) config.krebs.tinc; - krebs.systemd.services = mapAttrs (netname: cfg: { restartIfCredentialsChange = true; }) config.krebs.tinc; @@ -238,11 +219,11 @@ with import <stockholm/lib>; ) "rsa_key.priv:${cfg.privkey}" ]; - ExecStartPre = pkgs.writers.writeDash "init-tinc-${netname}" '' + ExecStartPre = "+" + pkgs.writers.writeDash "init-tinc-${netname}" '' set -efu ${pkgs.coreutils}/bin/mkdir -p /etc/tinc ${pkgs.rsync}/bin/rsync -Lacv --delete \ - --chown ${cfg.user.name} \ + --chown ${cfg.username} \ --chmod u=rwX,g=rX \ --exclude='/*.priv' \ ${cfg.confDir}/ /etc/tinc/${netname}/ @@ -255,14 +236,16 @@ with import <stockholm/lib>; "$CREDENTIALS_DIRECTORY"/rsa_key.priv \ /etc/tinc/${netname}/ ''; - ExecStart = toString [ + ExecStart = "+" + toString [ "${cfg.tincPackage}/sbin/tincd" "-D" - "-U ${cfg.user.name}" + "-U ${cfg.username}" "-d 0" "-n ${netname}" ]; SyslogIdentifier = netname; + DynamicUser = true; + User = cfg.username; }; }) config.krebs.tinc; }; diff --git a/krebs/5pkgs/simple/cunicu.nix b/krebs/5pkgs/simple/cunicu.nix new file mode 100644 index 000000000..4375a760c --- /dev/null +++ b/krebs/5pkgs/simple/cunicu.nix @@ -0,0 +1,22 @@ +{ lib, pkgs }: + +pkgs.buildGo120Module rec { + pname = "cunicu"; + version = "g${lib.substring 0 7 src.rev}"; + + buildInputs = [ + pkgs.libpcap + ]; + + # XXX tries to access https://relay.cunicu.li + doCheck = false; + + src = pkgs.fetchFromGitHub { + owner = "stv0g"; + repo = "cunicu"; + rev = "3ed8109bef97a10a438e5658c41823b7f812db8e"; + hash = "sha256-FpOJ6/jmnbpufc+kgKwlLtFhOcc2CTe+FvqeV8WEGMc="; + }; + + vendorHash = "sha256-eAawhJK9K8/7FCQiYMI9XCPePYsCVF045Di7SpRZvL4="; +} diff --git a/krebs/5pkgs/simple/htgen-paste/default.nix b/krebs/5pkgs/simple/htgen-paste/default.nix new file mode 100644 index 000000000..48b72833e --- /dev/null +++ b/krebs/5pkgs/simple/htgen-paste/default.nix @@ -0,0 +1,27 @@ +{ pkgs, stockholm, stdenv }: +with stockholm.lib; + +stdenv.mkDerivation rec { + pname = "htgen-paste"; + version = "1.0.0"; + + src = ./src; + + buildPhase = '' + ( + exec > htgen-paste + echo PATH=${makeBinPath [ + pkgs.nix + pkgs.file + pkgs.coreutils + pkgs.findutils + ]} + echo STATEDIR=${shell.escape "\${STATEDIR-$HOME}"} + cat $src/htgen-paste + ) + ''; + + installPhase = '' + install -D htgen-paste $out/bin/htgen-paste + ''; +} diff --git a/krebs/5pkgs/simple/htgen-paste/src/htgen-paste b/krebs/5pkgs/simple/htgen-paste/src/htgen-paste new file mode 100644 index 000000000..bc806e870 --- /dev/null +++ b/krebs/5pkgs/simple/htgen-paste/src/htgen-paste @@ -0,0 +1,68 @@ +find_item() { + if test ${#1} -ge 7; then + set -- "$(find "$STATEDIR/items" -mindepth 1 -maxdepth 1 \ + -regex "$STATEDIR/items/$1[0-9A-Za-z]*$")" + if test -n "$1" && test $(echo "$1" | wc -l) = 1; then + echo "$1" + return 0 + fi + fi + return 1 +} + +abs_path=${Request_URI%%\?*} + +case "$Method $abs_path" in + "GET /"[0-9a-z]*) + if item=$(find_item ${abs_path#/}); then + content_type=$(cat "$item".content_type 2>/dev/null || file -ib "$item") + printf 'HTTP/1.1 200 OK\r\n' + printf 'Content-Type: %s\r\n' "$content_type" + printf 'Server: %s\r\n' "$Server" + printf 'Connection: close\r\n' + printf 'Content-Length: %d\r\n' $(wc -c < $item) + printf '\r\n' + cat $item + exit + fi + ;; + "POST /") + content=$(mktemp -t htgen.$$.content.XXXXXXXX) + trap "rm $content >&2" EXIT + + case ${req_expect-} in 100-continue) + printf 'HTTP/1.1 100 Continue\r\n\r\n' + esac + + head -c $req_content_length > $content + + sha256=$(sha256sum -b $content | cut -d\ -f1) + base32=$(nix-hash --to-base32 --type sha256 $sha256) + item=$STATEDIR/items/$base32 + ref=http://$req_host/$base32 + + if ! test -e $item; then + mkdir -v -p $STATEDIR/items >&2 + cp -v $content $item >&2 + fi + + if test -n ${reg_content_type-}; then + echo -n "$req_content_type" > "$item".content_type + fi + + base32short=$(echo $base32 | cut -b-7) + if item=$(find_item $base32short); then + ref=$(echo "$ref"; echo "http://$req_host/$base32short") + fi + + printf 'HTTP/1.1 200 OK\r\n' + printf 'Content-Type: text/plain; charset=UTF-8\r\n' + printf 'Server: %s\r\n' "$Server" + printf 'Connection: close\r\n' + printf 'Content-Length: %d\r\n' $(expr ${#ref} + 1) + printf '\r\n' + printf '%s\n' "$ref" + + exit + ;; +esac diff --git a/krebs/5pkgs/simple/kpaste/default.nix b/krebs/5pkgs/simple/kpaste/default.nix index 9820c931d..de2de4721 100644 --- a/krebs/5pkgs/simple/kpaste/default.nix +++ b/krebs/5pkgs/simple/kpaste/default.nix @@ -1,6 +1,7 @@ { curl, gnused, writeDashBin }: writeDashBin "kpaste" '' - ${curl}/bin/curl -sS http://p.r --data-binary @"''${1:--}" | + ${curl}/bin/curl -sS http://p.r --data-binary @"''${1:--}" \ + -H "Content-Type-Override: ''${KPASTE_CONTENT_TYPE-}" | ${gnused}/bin/sed '$ {p;s|http://p.r|https://p.krebsco.de|}' '' diff --git a/krebs/5pkgs/simple/q-power_supply.nix b/krebs/5pkgs/simple/q-power_supply.nix index 627e3f905..ef133bfbd 100644 --- a/krebs/5pkgs/simple/q-power_supply.nix +++ b/krebs/5pkgs/simple/q-power_supply.nix @@ -63,6 +63,7 @@ writeDashBin "q-power_supply" '' END { name = ENVIRON["POWER_SUPPLY_NAME"] + status = ENVIRON["POWER_SUPPLY_STATUS"] charge_unit = "Ah" charge_now = ENVIRON["POWER_SUPPLY_CHARGE_NOW"] / 10^6 @@ -132,6 +133,8 @@ writeDashBin "q-power_supply" '' out = out sprintf(" %s", print_hm(charge_now / current_now)) } + out = out " " status + print out } ' diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index bd1ab98c0..9b4622275 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "645bc49f34fa8eff95479f0345ff57e55b53437e", - "date": "2023-04-19T18:04:47+02:00", - "path": "/nix/store/jh86824939585dinrs1zlkh6cvz8l8l7-nixpkgs", - "sha256": "0kfndc7xdkm89yl0f27wdnwd6gdad3i49jx7gvaib1hz0ifpmxzv", + "rev": "7084250df3d7f9735087d3234407f3c1fc2400e3", + "date": "2023-05-22T13:19:02+02:00", + "path": "/nix/store/zgv3fzg2lywfqdrv4mghd62s9i6zxhrw-nixpkgs", + "sha256": "0nkg8h5ix0sbjqb0gdj5124nbg2gd1nmyl1p14cvlg77fs7afld6", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 7e478e9cf..d4d9cc743 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "fd901ef4bf93499374c5af385b2943f5801c0833", - "date": "2023-04-22T11:27:49+08:00", - "path": "/nix/store/gpfv5hbki6g1b63nqw7md5bjlcpzsz1w-nixpkgs", - "sha256": "1fd7xyfna0klfbv37qq1ms2j4gzjpy14a8vbnw1i8ix6fijkywjf", + "rev": "a17f99dfcb9643200b3884ca195c69ae41d7f059", + "date": "2023-05-23T18:09:00+02:00", + "path": "/nix/store/2n82i65gv1y54xj3dplkvhfyc8rs1j90-nixpkgs", + "sha256": "180ipicp351s99nvn9xvf5nzs5fzxhawfbykaijvaqj63siss13m", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, |