diff options
author | tv <tv@krebsco.de> | 2020-10-03 13:44:30 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2020-10-03 13:44:30 +0200 |
commit | d1e52425e0d5d79a33b11c92cc2afb498075d953 (patch) | |
tree | 29277982f014eaae680e006b6afc7fdb42e8d9b2 /krebs | |
parent | 654f64f05935a69607a540f2e8d15619cee9e15e (diff) | |
parent | 7e7499d86302d261c8f8404fb34f2ac091318d0e (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'krebs')
23 files changed, 256 insertions, 152 deletions
diff --git a/krebs/0tests/data/secrets/shack/telegram_bot.env b/krebs/0tests/data/secrets/shack/telegram_bot.env new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/krebs/0tests/data/secrets/shack/telegram_bot.env diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index c84887eaa..08a3392bd 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -18,6 +18,7 @@ <stockholm/krebs/2configs/shack/prometheus/server.nix> <stockholm/krebs/2configs/shack/prometheus/blackbox.nix> <stockholm/krebs/2configs/shack/prometheus/unifi.nix> + <stockholm/krebs/2configs/shack/prometheus/alertmanager-telegram.nix> <stockholm/krebs/2configs/shack/gitlab-runner.nix> ## Collect local statistics via collectd and send to collectd diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 029644ca6..0160f9ebb 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -27,6 +27,8 @@ in <stockholm/krebs/2configs/shack/muellshack.nix> # provide light control api <stockholm/krebs/2configs/shack/node-light.nix> + # light.shack web-ui + <stockholm/krebs/2configs/shack/light.shack.nix> # send mail if muell was not handled <stockholm/krebs/2configs/shack/muell_mail.nix> # send mail if muell was not handled @@ -34,6 +36,22 @@ in # powerraw usb serial to mqtt and raw socket <stockholm/krebs/2configs/shack/powerraw.nix> + { # do not log to /var/spool/log + services.nginx.appendHttpConfig = '' + map $request_method $loggable { + default 1; + GET 0; + } + log_format vhost '$host $remote_addr - $remote_user ' + '[$time_local] "$request" $status ' + '$body_bytes_sent "$http_referer" ' + '"$http_user_agent"'; + error_log stderr; + access_log syslog:server=unix:/dev/log vhost; + ''; + services.journald.rateLimitBurst = 10000; + } + # create samba share for anonymous usage with the laser and 3d printer pc <stockholm/krebs/2configs/shack/share.nix> diff --git a/krebs/2configs/go.nix b/krebs/2configs/go.nix index f4c1290c2..c39b08a8e 100644 --- a/krebs/2configs/go.nix +++ b/krebs/2configs/go.nix @@ -13,7 +13,7 @@ with import <stockholm/lib>; enable = true; virtualHosts.go = { locations."/".extraConfig = '' - proxy_set_header Host go; + proxy_set_header Host go.r; proxy_pass http://localhost:1337; ''; serverAliases = [ diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index 72eff176b..061dc9ab9 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -76,7 +76,7 @@ let }; } { - pattern = ''^([\w-]*):?\s+([+-][1-9][0-9]*)\s+(\S+)$''; + pattern = ''^([\H-]*):?\s+([+-][1-9][0-9]*)\s+(\S+)$''; activate = "match"; arguments = [1 2 3]; command = { diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix index 9bf90bca4..f47bca2db 100644 --- a/krebs/2configs/shack/glados/default.nix +++ b/krebs/2configs/shack/glados/default.nix @@ -3,6 +3,7 @@ let shackopen = import ./multi/shackopen.nix; wasser = import ./multi/wasser.nix; badair = import ./multi/schlechte_luft.nix; + rollos = import ./multi/rollos.nix; in { services.nginx.virtualHosts."hass.shack" = { serverAliases = [ "glados.shack" ]; @@ -62,13 +63,18 @@ in { ]; }; # https://www.home-assistant.io/components/influxdb/ - #influxdb = { - # database = "hass"; - # tags = { - # instance = "wolf"; - # source = "hass"; - # }; - #}; + influxdb = { + database = "glados"; + host = "influx.shack"; + component_config_glob = { + "sensor.*particulate_matter_2_5um_concentration".override_measurement = "2_5um particles"; + "sensor.*particulate_matter_10_0um_concentration".override_measurement ="10um particles"; + }; + tags = { + instance = "wolf"; + source = "glados"; + }; + }; esphome = {}; api = {}; mqtt = { @@ -93,8 +99,7 @@ in { }; }; switch = - wasser.switch - ++ (import ./switch/power.nix) + (import ./switch/power.nix) ; light = []; media_player = [ @@ -113,6 +118,7 @@ in { ++ (import ./sensors/mate.nix) ++ (import ./sensors/darksky.nix { inherit lib;}) ++ shackopen.sensor + ++ wasser.sensor ; air_quality = (import ./sensors/sensemap.nix ); @@ -147,6 +153,7 @@ in { automation = wasser.automation ++ badair.automation + ++ rollos.automation ++ (import ./automation/shack-startup.nix) ++ (import ./automation/party-time.nix) ++ (import ./automation/hass-restart.nix); diff --git a/krebs/2configs/shack/glados/multi/rollos.nix b/krebs/2configs/shack/glados/multi/rollos.nix index 1febad525..4e6494936 100644 --- a/krebs/2configs/shack/glados/multi/rollos.nix +++ b/krebs/2configs/shack/glados/multi/rollos.nix @@ -1,13 +1,56 @@ +# + let glados = import ../lib; + tempsensor = "sensor.dark_sky_temperature"; + all_covers = [ + "cover.crafting_rollo" + "cover.elab_rollo" + "cover.or2_rollo" + "cover.retroraum_rollo" + ]; in { - # LED - light = [ - ]; - sensor = [ - ]; automation = [ + { alias = "Rollos fahren Runter"; + trigger = [ + { + platform = "numeric_state"; + entity_id = tempsensor; + above = 25; + for = "00:30:00"; + } + ]; + condition = + [ + { + condition = "state"; + entity_id = "sun.sun"; + state = "above_horizon"; + } + ]; + action = + [ + { service = "cover.close_cover"; + entity_id = all_covers; + } + ]; + } + { alias = "Rollos fahren Hoch"; + trigger = [ + { + platform = "sun"; + event = "sunset"; + } + ]; + condition = [ ]; + action = + [ + { service = "cover.open_cover"; + entity_id = all_covers; + } + ]; + } ]; } diff --git a/krebs/2configs/shack/glados/multi/wasser.nix b/krebs/2configs/shack/glados/multi/wasser.nix index 6f3dc98ad..74ce736a6 100644 --- a/krebs/2configs/shack/glados/multi/wasser.nix +++ b/krebs/2configs/shack/glados/multi/wasser.nix @@ -2,13 +2,17 @@ # switch.crafting_giesskanne_relay let glados = import ../lib; - seconds = 10; + seconds = 20; wasser = "switch.crafting_giesskanne_relay"; in { - switch = [ - (glados.tasmota.plug { host = "Wasser"; topic = "plug";} ) - ]; + sensor = map ( entity_id: { + platform = "statistics"; + name = "Statistics for ${entity_id}"; + inherit entity_id; + max_age.minutes = "60"; + }) ["sensor.crafting_brotbox_soil_moisture"]; + automation = [ diff --git a/krebs/2configs/shack/influx.nix b/krebs/2configs/shack/influx.nix index 92cb24bf3..93d83a59b 100644 --- a/krebs/2configs/shack/influx.nix +++ b/krebs/2configs/shack/influx.nix @@ -8,6 +8,11 @@ in networking.firewall.allowedTCPPorts = [ port ]; # for legacy applications networking.firewall.allowedUDPPorts = [ collectd-port ]; services.nginx.virtualHosts."influx.shack" = { + # Disable constant GET request logging. + # $loggable map is defined in 1/wolf + extraConfig = '' + access_log syslog:server=unix:/dev/log combined if=$loggable; + ''; locations."/" = { proxyPass = "http://localhost:${toString port}/"; }; diff --git a/krebs/2configs/shack/light.shack.nix b/krebs/2configs/shack/light.shack.nix new file mode 100644 index 000000000..8e01cb1bf --- /dev/null +++ b/krebs/2configs/shack/light.shack.nix @@ -0,0 +1,12 @@ +{ config, pkgs, ... }: +let + light-shack-src = pkgs.fetchgit { + url = "https://git.shackspace.de/rz/standby.shack"; + rev = "e1b90a0a"; + sha256 = "07fmz63arc5rxa0a3778srwz0jflp4ad6xnwkkc56hwybby0bclh"; + }; + web-dir = "${light-shack-src}/client/www/"; +in +{ + services.nginx.virtualHosts."light.shack".locations."/".root = web-dir; +} diff --git a/krebs/2configs/shack/muell_mail.nix b/krebs/2configs/shack/muell_mail.nix index 409278954..481564719 100644 --- a/krebs/2configs/shack/muell_mail.nix +++ b/krebs/2configs/shack/muell_mail.nix @@ -4,8 +4,8 @@ let pkg = pkgs.callPackage ( pkgs.fetchgit { url = "https://git.shackspace.de/rz/muell_mail"; - rev = "57b67c95052d90044137b2c89007a371dc389afd"; - sha256 = "1grkzs6fxjnc2bv4kskj63d5sb4qxz6yyr85nj0da9hn7qkk4jkj"; + rev = "c3e43687879f95e01a82ef176fa15678543b2eb8"; + sha256 = "0hgchwam5ma96s2v6mx2jfkh833psadmisjbm3k3153rlxp46frx"; }) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; }; home = "/var/lib/muell_mail"; cfg = toString <secrets/shack/muell_mail.js>; diff --git a/krebs/2configs/shack/node-light.nix b/krebs/2configs/shack/node-light.nix index b471f2af5..4a981ea87 100644 --- a/krebs/2configs/shack/node-light.nix +++ b/krebs/2configs/shack/node-light.nix @@ -28,6 +28,9 @@ in { }; services.nginx.virtualHosts."openhab.shack" = { + extraConfig = '' + access_log syslog:server=unix:/dev/log combined if=$loggable; + ''; serverAliases = [ "lightapi.shack" ]; locations."/power/".proxyPass = "http://localhost:${port}/power/"; locations."/lounge/".proxyPass = "http://localhost:${port}/lounge/"; diff --git a/krebs/2configs/shack/prometheus/alert-rules.nix b/krebs/2configs/shack/prometheus/alert-rules.nix index 096c551ba..1c2d0b1ad 100644 --- a/krebs/2configs/shack/prometheus/alert-rules.nix +++ b/krebs/2configs/shack/prometheus/alert-rules.nix @@ -1,102 +1,42 @@ -{ lib }: -with lib; - +{ lib,... }: let - deviceFilter = ''device!="ramfs",device!="rpc_pipefs",device!="lxcfs",device!="nsfs",device!="borgfs"''; -in mapAttrsToList (name: opts: { - alert = name; - expr = opts.condition; - for = opts.time or "2m"; - labels = if (opts.page or true) then { severity = "page"; } else {}; - annotations = { - summary = opts.summary; - description = opts.description; - }; -}) { - node_down = { - condition = ''up{job="node"} == 0''; - summary = "{{$labels.alias}}: Node is down."; - description = "{{$labels.alias}} has been down for more than 2 minutes."; - }; - node_systemd_service_failed = { - condition = ''node_systemd_unit_state{state="failed"} == 1''; - summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start."; - description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}."; - }; - node_filesystem_full_80percent = { - condition = ''sort(node_filesystem_free_bytes{${deviceFilter}} < node_filesystem_size_bytes{${deviceFilter}} * 0.2) / 1024^3''; - time = "10m"; - summary = "{{$labels.alias}}: Filesystem is running out of space soon."; - description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 20% space left on its filesystem."; - }; - node_filesystem_full_in_7d = { - condition = ''predict_linear(node_filesystem_free_bytes{${deviceFilter}}[2d], 7*24*3600) <= 0''; - time = "1h"; - summary = "{{$labels.alias}}: Filesystem is running out of space in 7 days."; - description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 7 days"; - }; - node_filesystem_full_in_30d = { - condition = ''predict_linear(node_filesystem_free_bytes{${deviceFilter}}[30d], 30*24*3600) <= 0''; - time = "1h"; - summary = "{{$labels.alias}}: Filesystem is running out of space in 30 days."; - description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 30 days"; - }; - node_filedescriptors_full_in_3h = { - condition = ''predict_linear(node_filefd_allocated[3h], 3*3600) >= node_filefd_maximum''; - time = "20m"; - summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours."; - description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours"; - }; - node_filedescriptors_full_in_7d = { - condition = ''predict_linear(node_filefd_allocated[7d], 7*24*3600) >= node_filefd_maximum''; - time = "1h"; - summary = "{{$labels.alias}} is running out of available file descriptors in 7 days."; - description = "{{$labels.alias}} is running out of available file descriptors in approx. 7 days"; - }; - node_load15 = { - condition = ''node_load15 / on(alias) count(node_cpu_seconds_total{mode="system"}) by (alias) >= 1.0''; - time = "10m"; - summary = "{{$labels.alias}}: Running on high load: {{$value}}"; - description = "{{$labels.alias}} is running with load15 > 1 for at least 5 minutes: {{$value}}"; - }; - node_ram_using_90percent = { - condition = "node_memory_MemFree_bytes + node_memory_Buffers_bytes + node_memory_Cached_bytes < node_memory_MemTotal_bytes * 0.1"; - time = "1h"; - summary = "{{$labels.alias}}: Using lots of RAM."; - description = "{{$labels.alias}} is using at least 90% of its RAM for at least 1 hour."; - }; - node_swap_using_30percent = { - condition = "node_memory_SwapTotal_bytes - (node_memory_SwapFree_bytes + node_memory_SwapCached_bytes) > node_memory_SwapTotal_bytes * 0.3"; - time = "30m"; - summary = "{{$labels.alias}}: Using more than 30% of its swap."; - description = "{{$labels.alias}} is using 30% of its swap space for at least 30 minutes."; - }; - node_visible_confluence_space = { - condition = "node_visible_confluence_space != 0"; - summary = "crowd prometheus cann see the {{$labels.space_name}} confluence space!"; - description = "crowd user `prometheus` can see the `{{$labels.space_name}}` confluence space."; - }; - node_hwmon_temp = { - condition = "node_hwmon_temp_celsius > node_hwmon_temp_crit_celsius*0.9 OR node_hwmon_temp_celsius > node_hwmon_temp_max_celsius*0.95"; - time = "5m"; - summary = "{{$labels.alias}}: Sensor {{$labels.sensor}}/{{$labels.chip}} temp is high: {{$value}} "; - description = "{{$labels.alias}} reports hwmon sensor {{$labels.sensor}}/{{$labels.chip}} temperature value is nearly critical: {{$value}}"; - }; - node_conntrack_limit = { - condition = "node_nf_conntrack_entries_limit - node_nf_conntrack_entries < 1000"; - time = "5m"; - summary = "{{$labels.alias}}: Number of tracked connections high"; - description = "{{$labels.alias}} has only {{$value}} free slots for connection tracking available."; - }; - node_reboot = { - condition = "time() - node_boot_time_seconds < 300"; - summary = "{{$labels.alias}}: Reboot"; - description = "{{$labels.alias}} just rebooted."; - }; - node_uptime = { - condition = "time() - node_boot_time_seconds > 2592000"; - page = false; - summary = "{{$labels.alias}}: Uptime monster"; - description = "{{$labels.alias}} has been up for more than 30 days."; - }; + disk_free_threshold = "10"; # at least this much free disk percentage +in { + services.prometheus.rules = [(builtins.toJSON + { + groups = [ + { name = "shack-env"; + rules = [ + { + alert = "RootPartitionFull"; + for = "30m"; + expr = ''(node_filesystem_avail_bytes{alias="wolf.shack",mountpoint="/"} * 100) / node_filesystem_size_bytes{alias="wolf.shack",mountpoint="/"} < ${disk_free_threshold}''; + labels.severity = "warning"; + annotations.summary = "{{ $labels.alias }} root disk full"; + annotations.url = "http://grafana.shack/d/hb7fSE0Zz/shack-system-dashboard?orgId=1&var-job=node&var-hostname=All&var-node=wolf.shack:9100&var-device=All&var-maxmount=%2F&var-show_hostname=wolf"; + annotations.description = ''The root disk of {{ $labels.alias }} has {{ $value | printf "%.2f" }}% free disk space (Threshold at ${disk_free_threshold}%).A vast number of shackspace services will stop working. CI for deploying new configuration will also seize working. Log in to the system and run `nix-collect-garbage -d` and clean up the shack share folder in `/home/share` .If this does not help you can check `du -hs /var/ | sort -h`, run `docker system prune` or if you are really desperate run `du -hs / | sort -h` and go through the folders recursively until you've found something to delete''; + } + { + alert = "RootPartitionFull"; + for = "30m"; + expr = ''(node_filesystem_avail_bytes{alias="puyak.shack",mountpoint="/"} * 100) / node_filesystem_size_bytes{alias="puyak.shack",mountpoint="/"} < ${disk_free_threshold}''; + labels.severity = "warning"; + annotations.summary = "{{ $labels.alias }} root disk full"; + annotations.url = "http://grafana.shack/d/hb7fSE0Zz/shack-system-dashboard?orgId=1&var-job=node&var-hostname=All&var-node=wolf.shack:9100&var-device=All&var-maxmount=%2F&var-show_hostname=puyak"; + annotations.description = ''The root disk of {{ $labels.alias }} has {{ $value | printf "%.2f" }}% free disk space (Threshold at ${disk_free_threshold}%).Prometheus will not be able to create new alerts and CI for deploying new configuration will also seize working. Log in to the system and run `nix-collect-garbage -d` and if this does not help you can check `du -hs /var/ | sort -h`, run `docker system prune` or if you are really desperate run `du -hs / | sort -h` and go through the folders recursively until you've found something to delete''; + } + { + alert = "HostDown"; + expr = ''up{alias="wolf.shack"} == 0''; + for = "5m"; + labels.severity = "page"; + annotations.summary = "Instance {{ $labels.alias }} down for 5 minutes"; + annotations.url = "http://grafana.shack/d/hb7fSE0Zz/shack-system-dashboard?orgId=1&var-job=node&var-hostname=All&var-node=wolf.shack:9100&var-device=All&var-maxmount=%2F&var-show_hostname=wolf"; + annotations.description = ''Host {{ $labels.alias }} went down and has not been reconnected after 5 minutes. This is probably bad news, try to restart the host via naproxen ( http://naproxen.shack:8006 ). Wolf being down means that CI,glados automation, light management and a couple of other services will not work anymore.''; + } + ]; + } + ]; + } + )]; } diff --git a/krebs/2configs/shack/prometheus/alertmanager-telegram.nix b/krebs/2configs/shack/prometheus/alertmanager-telegram.nix new file mode 100644 index 000000000..8527001cb --- /dev/null +++ b/krebs/2configs/shack/prometheus/alertmanager-telegram.nix @@ -0,0 +1,17 @@ +{ pkgs, ...}: +{ + systemd.services.alertmanager-bot-telegram = { + wantedBy = [ "multi-user.target" ]; + after = [ "ip-up.target" ]; + serviceConfig = { + EnvironmentFile = toString <secrets/shack/telegram_bot.env>; + DynamicUser = true; + StateDirectory = "alertbot"; + ExecStart = ''${pkgs.alertmanager-bot-telegram}/bin/alertmanager-bot \ + --alertmanager.url=http://alert.prometheus.shack --log.level=info \ + --store=bolt --bolt.path=/var/lib/alertbot/bot.db \ + --listen.addr="0.0.0.0:16320" \ + --template.paths=${./templates}/shack.tmpl''; + }; + }; +} diff --git a/krebs/2configs/shack/prometheus/server.nix b/krebs/2configs/shack/prometheus/server.nix index c088a3b08..9e4b4d1a7 100644 --- a/krebs/2configs/shack/prometheus/server.nix +++ b/krebs/2configs/shack/prometheus/server.nix @@ -1,6 +1,9 @@ { pkgs, lib, config, ... }: # from https://gist.github.com/globin/02496fd10a96a36f092a8e7ea0e6c7dd { + imports = [ + ./alert-rules.nix + ]; networking = { firewall.allowedTCPPorts = [ 9090 # prometheus @@ -18,12 +21,6 @@ }; prometheus = { enable = true; - ruleFiles = lib.singleton (pkgs.writeText "prometheus-rules.yml" (builtins.toJSON { - groups = lib.singleton { - name = "mf-alerting-rules"; - rules = import ./alert-rules.nix { inherit lib; }; - }; - })); scrapeConfigs = [ { job_name = "node"; @@ -118,7 +115,10 @@ ]; alertmanager = { enable = true; - listenAddress = "0.0.0.0"; + listenAddress = "127.0.0.1"; + webExternalUrl = "http://alert.prometheus.shack"; + logLevel = "debug"; + configuration = { "global" = { "smtp_smarthost" = "smtp.example.com:587"; @@ -134,15 +134,10 @@ "receivers" = [ { "name" = "team-admins"; - "email_configs" = [ - { - "to" = "devnull@example.com"; - "send_resolved" = true; - } - ]; + "email_configs" = [ ]; "webhook_configs" = [ { - "url" = "https://example.com/prometheus-alerts"; + "url" = "http://localhost:16320"; "send_resolved" = true; } ]; diff --git a/krebs/2configs/shack/prometheus/templates/shack.tmpl b/krebs/2configs/shack/prometheus/templates/shack.tmpl new file mode 100644 index 000000000..9295f019f --- /dev/null +++ b/krebs/2configs/shack/prometheus/templates/shack.tmpl @@ -0,0 +1,25 @@ +{{ define "telegram.default" }} +{{range .Alerts -}} +{{ $severity := index .Labels "severity" }} +{{ $desc := "No Description" }} +{{ if eq .Status "firing" }} + {{ $desc = index .Annotations "description" }} + {{- if eq $severity "critical" -}} + <i><u><b>[CRITICAL]</b></u></i> + {{- else if eq $severity "warning" -}} + <u><b>[WARNING]</b></u> + {{- else -}} + <b>[{{ $severity }}]</b> + {{- end -}} +{{ else -}} + {{ $desc = "The issue has been resolved" }} + <del>[RESOLVED]</del> +{{- end }} {{ index .Labels "alertname"}}: {{ index .Annotations "summary"}} + +{{ $desc }} + +Alert Links: +* <a href="{{ index .Annotations "url"}}">Grafana</a> +* <a href="{{ .GeneratorURL }}">Source</a> +{{end -}} +{{end}} diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 782f8ac04..5a766664f 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -349,19 +349,20 @@ in { ip4.addr = "10.243.29.171"; aliases = [ "rock.r" ]; tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM - DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7 - HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh - mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf - Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M - Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD - 91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4 - fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv - 3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav - ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q - cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ== - -----END RSA PUBLIC KEY----- + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0uhNk3XXVxQcIVhD1Ime + 9PY3QBIcXvwDlOrd3oUwyWTvZpUeO7yzIXdouAe4s0ohPIVq7Cmruj4ZrOGUCKyB + oJpOziYSbL/IiCpXyOzWMLEwu0AoeFfbxig+5oZfwQ9epM2j902CgsUipJBLIg48 + BC9oOD+/iYEwsFPqQ/S0kETyQK5Ad+qv0lbU6/Kmify8Qplvpv/8DRdjsdLki1fU + a6MAEw12OtHe6IWtlitPjFMBykTP6kkSp/eg0G2KZFVuEulwHGf9QT/eT4fZTMCC + 2V5Vp4rIr/hawmj+h4NIxniBSQcPAAIGNwZVC4uYYV1nd4iaI/T04rDJwte5WKHf + EVxtlYt9RU1I/XdNRSj9gYyneVcVlDVos8Z93oUv1hIGZYFtNmGVna6lggOBPf/t + BZ1MT6FKA4QX9JI8bQoNs18s8ffzyb07psNbH6YhpCygnhf9C7NR/CeI8BtpzJza + 1Qk731Z6bk6xRFKMuY2tRKlNCqPHULj44oTHB3Ki2B/bMlkguqSChfFzKIRASYO1 + SASSgddexjkjKLslxcLWhIqYrZhuhYlFyoeoMI3qQsey/4X5PUmQDxxhTT80+qvE + thBNPg46joyLTq9E9ddf7t/0C6oD2DXY88N9bkztuK5dtYHmjajUbePuaTJtrKhI + 7MnLboZCEiSyvkVTTx0Yjf0CAwEAAQ== + -----END PUBLIC KEY----- ''; }; }; @@ -463,6 +464,7 @@ in { ip4.addr = "10.243.29.185"; aliases = [ "eva.r" + "prometheus.r" ]; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- diff --git a/krebs/3modules/hosts.nix b/krebs/3modules/hosts.nix index 159b54e34..ae0136303 100644 --- a/krebs/3modules/hosts.nix +++ b/krebs/3modules/hosts.nix @@ -48,7 +48,9 @@ in { hostNetAliases = host: mapAttrs (_: net: filter (x: x.name != null && x.value != []) [ { name = net.ip4.addr or null; value = net.aliases; } + { name = net.ip4.addr or null; value = (map (alias: "4.${alias}") net.aliases); } { name = net.ip6.addr or null; value = net.aliases; } + { name = net.ip6.addr or null; value = (map (alias: "6.${alias}") net.aliases); } ]) host.nets; # netAliases : { ${netname} : [addrAliases] } diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 2a75cc1bb..d2a945284 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -95,6 +95,7 @@ in { }; wiregrill = { via = internet; + ip4.addr = "10.244.1.103"; ip6.addr = w6 "1"; aliases = [ "prism.w" @@ -104,6 +105,7 @@ in { subnets = [ (krebs.genipv6 "wiregrill" "external" 0).subnetCIDR (krebs.genipv6 "wiregrill" "lass" 0).subnetCIDR + "10.244.1.0/24" ]; }; }; @@ -196,6 +198,7 @@ in { }; wiregrill = { ip6.addr = w6 "50da"; + ip4.addr = "10.244.1.4"; aliases = [ "shodan.w" ]; @@ -554,6 +557,7 @@ in { phone = { nets = { wiregrill = { + ip4.addr = "10.244.1.13"; ip6.addr = w6 "a"; aliases = [ "phone.w" diff --git a/krebs/3modules/newsbot-js.nix b/krebs/3modules/newsbot-js.nix index 00e346f8e..a3640caa5 100644 --- a/krebs/3modules/newsbot-js.nix +++ b/krebs/3modules/newsbot-js.nix @@ -48,7 +48,7 @@ let }; urlShortenerHost = mkOption { type = types.str; - default = "go"; + default = "go.r"; description = "what server to use for url shortening, host"; }; urlShortenerPort = mkOption { diff --git a/krebs/5pkgs/simple/alertmanager-bot-telegram/default.nix b/krebs/5pkgs/simple/alertmanager-bot-telegram/default.nix new file mode 100644 index 000000000..f0e221406 --- /dev/null +++ b/krebs/5pkgs/simple/alertmanager-bot-telegram/default.nix @@ -0,0 +1,26 @@ +{ lib, fetchFromGitHub, buildGoModule }: + +buildGoModule rec { + pname = "alertmanager-bot"; + version = "2020-07-13"; + + src = fetchFromGitHub { + owner = "metalmatze"; + repo = "alertmanager-bot"; + rev = "5efc0bbbf8023d4324e9da98562f064a714a7206"; + sha256 = "09cciml1j8x76jpm2v5v6h2q6j1fkhsz1kswslmx8wl4wk40xgp4"; + }; + + modSha256 = "0nlnxkpcna7g7qslyz5i1619paw4jkb1ma4fgpsgvgx1spwrjm8h"; + postInstall = '' + install -D ./default.tmpl $out/templates/default.tmpl + ''; + + meta = with lib; { + description = "Simple command-line snippet manager, written in Go"; + homepage = https://github.com/knqyf263/pet; + license = licenses.mit; + maintainers = with maintainers; [ kalbasit ]; + platforms = platforms.linux ++ platforms.darwin; + }; +} diff --git a/krebs/5pkgs/simple/flameshot-once/profile.nix b/krebs/5pkgs/simple/flameshot-once/profile.nix index 4427e5b23..5aed99597 100644 --- a/krebs/5pkgs/simple/flameshot-once/profile.nix +++ b/ |