summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2021-02-18 20:25:47 +0100
committertv <tv@krebsco.de>2021-02-18 20:25:47 +0100
commitf9bc618fada82326ed371b131eaed34d21626ae9 (patch)
treec48156ed3dc16594907c3744b14fcdafd2409206 /krebs
parent9365aff352d99b7506bafbef6682de7bfb00df27 (diff)
parent8b7477926d0b7c1ac3d92d07e6934f9e593ea9ff (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'krebs')
-rw-r--r--krebs/2configs/ircd.nix18
-rw-r--r--krebs/2configs/news.nix18
-rw-r--r--krebs/2configs/shack/glados/default.nix9
-rw-r--r--krebs/3modules/brockman.nix1
-rw-r--r--krebs/3modules/external/mic92.nix66
-rw-r--r--krebs/3modules/lass/default.nix52
-rw-r--r--krebs/3modules/makefu/default.nix9
-rw-r--r--krebs/5pkgs/haskell/brockman.nix26
-rw-r--r--krebs/5pkgs/haskell/brockman/default.nix26
-rw-r--r--krebs/5pkgs/simple/rss-bridge/default.nix6
-rw-r--r--krebs/nixpkgs-unstable.json8
-rw-r--r--krebs/nixpkgs.json8
12 files changed, 186 insertions, 61 deletions
diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix
index 789fc2f2f..0de07a027 100644
--- a/krebs/2configs/ircd.nix
+++ b/krebs/2configs/ircd.nix
@@ -5,6 +5,8 @@
6667 6669
];
+ systemd.services.charybdis.serviceConfig.LimitNOFILE = 16384;
+
krebs.charybdis = {
enable = true;
motd = ''
@@ -15,7 +17,7 @@
serverinfo {
name = "${config.krebs.build.host.name}.irc.r";
sid = "1as";
- description = "miep!";
+ description = "irc!";
network_name = "irc.r";
vhost = "0.0.0.0";
@@ -26,7 +28,7 @@
#ssl_dh_params = "etc/dh.pem";
#ssld_count = 1;
- default_max_clients = 100000;
+ default_max_clients = 2048;
#nicklen = 30;
};
@@ -38,12 +40,12 @@
*/
host = "0.0.0.0";
port = 6667;
- sslport = 6697;
+ #sslport = 6697;
/* Listen on IPv6 (if you used host= above). */
host = "::";
port = 6667;
- sslport = 6697;
+ #sslport = 6697;
};
class "users" {
@@ -53,9 +55,9 @@
number_per_ip_global = 4096;
cidr_ipv4_bitlen = 24;
cidr_ipv6_bitlen = 64;
- number_per_cidr = 65536;
- max_number = 100000;
- sendq = 10 megabyte;
+ number_per_cidr = 65535;
+ max_number = 65535;
+ sendq = 1000 megabyte;
};
privset "op" {
@@ -91,7 +93,7 @@
use_knock = yes;
knock_delay = 5 minutes;
knock_delay_channel = 1 minute;
- max_chans_per_user = 15;
+ max_chans_per_user = 150;
max_bans = 100;
max_bans_large = 500;
default_split_user_count = 0;
diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
index 3bf991433..ce4e83408 100644
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@@ -39,10 +39,12 @@
};
};
- krebs.reaktor2.news = {
+ krebs.reaktor2.news = let
+ name = "candyman";
+ in {
hostname = "localhost";
port = "6667";
- nick = "brockman-helper";
+ nick = name;
plugins = [
{
plugin = "register";
@@ -60,23 +62,23 @@
hooks.PRIVMSG = [
{
activate = "match";
- pattern = "^brockman-helper:\\s*(\\S*)(?:\\s+(.*\\S))?\\s*$";
+ pattern = "^${name}:\\s*(\\S*)(?:\\s+(.*\\S))?\\s*$";
command = 1;
arguments = [2];
commands = {
add-reddit.filename = pkgs.writeDash "add-reddit" ''
set -euf
if [ "$#" -ne 1 ]; then
- echo 'usage: brockman-helper: add-reddit $reddit_channel'
+ echo 'usage: ${name}: add-reddit $reddit_channel'
exit 1
fi
reddit_channel=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]')
- echo "brockman: add r_$reddit_channel http://rss.r/?action=display&bridge=Telegram&username=$reddit_channel&format=Mrss"
+ echo "brockman: add r_$reddit_channel http://rss.r/?action=display&bridge=Reddit&context=single&r=$reddit_channel&format=Atom"
'';
add-telegram.filename = pkgs.writeDash "add-telegram" ''
set -euf
if [ "$#" -ne 1 ]; then
- echo 'usage: brockman-helper: add-telegram $telegram_user'
+ echo 'usage: ${name}: add-telegram $telegram_user'
exit 1
fi
telegram_user=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]')
@@ -85,7 +87,7 @@
add-youtube.filename = pkgs.writeDash "add-youtube" ''
set -euf
if [ "$#" -ne 1 ]; then
- echo 'usage: brockman-helper: add-youtube $nick $channelid'
+ echo 'usage: ${name}: add-youtube $nick $channelid'
exit 1
fi
youtube_nick=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]')
@@ -95,7 +97,7 @@
search.filename = pkgs.writeDash "search" ''
set -euf
if [ "$#" -ne 1 ]; then
- echo 'usage: brockman-helper: search $searchterm'
+ echo 'usage: ${name}: search $searchterm'
exit 1
fi
searchterm=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]')
diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix
index d546564c5..53d6e6f4a 100644
--- a/krebs/2configs/shack/glados/default.nix
+++ b/krebs/2configs/shack/glados/default.nix
@@ -1,5 +1,11 @@
{ config, pkgs, lib, ... }:
let
+ unstable = import (pkgs.fetchFromGitHub {
+ owner = "nixos";
+ repo = "nixpkgs";
+ rev = (lib.importJSON ../../../nixpkgs-unstable.json).rev;
+ sha256 = (lib.importJSON ../../../nixpkgs-unstable.json).sha256;
+ }) {};
in {
services.nginx.virtualHosts."hass.shack" = {
serverAliases = [ "glados.shack" ];
@@ -40,6 +46,9 @@ in {
{
enable = true;
autoExtraComponents = true;
+ package = unstable.home-assistant.overrideAttrs (old: {
+ doInstallCheck = false;
+ });
config = {
homeassistant = {
name = "Glados";
diff --git a/krebs/3modules/brockman.nix b/krebs/3modules/brockman.nix
index 32aa3489b..9b2ed4a71 100644
--- a/krebs/3modules/brockman.nix
+++ b/krebs/3modules/brockman.nix
@@ -29,6 +29,7 @@ in {
PrivateTmp = true;
RuntimeDirectory = "brockman";
WorkingDirectory = "%t/brockman";
+ RestartSec = 5;
};
};
};
diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix
index 29d0b27fa..306ab34eb 100644
--- a/krebs/3modules/external/mic92.nix
+++ b/krebs/3modules/external/mic92.nix
@@ -97,6 +97,27 @@ in {
};
};
};
+ dimitriosxps = {
+ owner = config.krebs.users.mic92;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.29.189";
+ aliases = [
+ "dimitriosxps.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAz9aKIhzk8+ZNBQmU054yc1yTdMyaw1aqWXYyQZoCmFaBIlMvF8I0
+ dd+56cGjK8O7KkEhheDL/ijj9cCcxbqHSTktXz47ScyTaN63h13+MBUIUzDwSO4E
+ 9fRUUn3lbZenhGoON7hlaHb/qAR0yLxip0Tw77bcq4hvKleD74NnAJILPoP1KRDY
+ O5vs8C8wpdJUtnlsfkAa058wDI+7GNPb0cs0/pBQVR2GUGb1xqVJ5obO/lFKOJ/e
+ DKemnlg736cEaIF6v9M+w4VmL8mNudDy6RxA6/xIErP5Ru2aK5lH5UBHVCwdLLCy
+ 8y3It9Tgji3G9nOFbhaeKDjeIAJ8sG+WjQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
donna = {
owner = config.krebs.users.mic92;
nets = rec {
@@ -453,6 +474,51 @@ in {
};
};
};
+
+ redha = {
+ owner = config.krebs.users.mic92;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.29.188";
+ aliases = [
+ "redha.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAx7STxTTPMxXugweHpUGOeLUrrTSCt7j5l+fjNtArIygOGKEiAC5O
+ s0G4WHK2IcrNnv7pxS09S5mnXywi51aAL+G2fKzcU3YgLFuoUN4Kk5LohMvBynEE
+ a3kZK2/D+LMeFfpK2RWBPjLnulN29ke11Iot42TC6+NIMWiZh/Y2T0mKirUJQGsH
+ RV3zRlR7YfIOdR1AZ5S+qrmPF8hLb7O08TTXrHo8NQk5NAVUS89OYcn1pc9hnf/e
+ FK5qRrQFMRFB8KGV+n3+cx3XCM2q0ZPTNf06N+Usx6vTKLASa/4GaTcbBx+9Dndm
+ mFVWq9JjLa8e65tojzj8PhmgxqaNCf8aKwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+
+ grandalf = {
+ owner = config.krebs.users.mic92;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.29.187";
+ aliases = [
+ "grandalf.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAn1wLOI8DluJAKvscyImoyG0gjxyVC1/Ky8A63YO7INy0SYBg3wU7
+ XPSbix5VJZdADQ382LWg31ORYjnDg40c49gCGLfR6+awgd+Rb0sb4eAz07XENXJC
+ qc70oQrrXLi8HIfeckCsJHe514LJOMA3pU+muaMShOiSygoTiTlEH6RRrkC8HROL
+ 2/V7Hm2Sg7YS+MY8bI/x61MIagfkQKH2eFyqGG54Y80bIhm5SohMkiANu78GdngI
+ jb+EGlT/vq3+oGNFJ7Shy/VsR5GLDoZ5KCsT45DM87lOjGB7m+bOdizZQtWmJtC/
+ /btEPWJPAD9lIY2iGtPrmeMWDNTW9c0iCwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+
eva = {
owner = config.krebs.users.mic92;
nets = rec {
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index c5cf5cb15..6978c0b4e 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -125,7 +125,6 @@ in {
ip6.addr = r6 "1e1";
aliases = [
"uriel.r"
- "cgit.uriel.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -151,7 +150,6 @@ in {
ip6.addr = r6 "dea7";
aliases = [
"mors.r"
- "cgit.mors.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -185,7 +183,6 @@ in {
ip6.addr = r6 "50da";
aliases = [
"shodan.r"
- "cgit.shodan.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -220,7 +217,6 @@ in {
ip6.addr = r6 "1205";
aliases = [
"icarus.r"
- "cgit.icarus.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -254,7 +250,6 @@ in {
ip6.addr = r6 "daed";
aliases = [
"daedalus.r"
- "cgit.daedalus.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -286,7 +281,6 @@ in {
ip6.addr = r6 "5ce7";
aliases = [
"skynet.r"
- "cgit.skynet.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -688,11 +682,53 @@ in {
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3OpzRB3382d7c2apdHC+U/R0ZlaWxXZa3GFAj54ZhU ";
syncthing.id = "JAVJ6ON-WLCWOA3-YB7EHPX-VGIN4XF-635NIVZ-WZ4HN4M-QRMLT4N-5PL5MQN";
};
+
+ coaxmetal = {
+ cores = 16;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.17";
+ ip6.addr = r6 "17";
+ aliases = [
+ "coaxmetal.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwcuMl/W6DZ7UMK4RHrxA
+ xCc8CkqpUTYldPdB9KJmcH6OpbQqCcPxGOvRe42NdOfCyy11WjAjUMRGnzMyi4MK
+ gMEjcrl5CnQd9nF9f8Mom8cuSOVm1j46qY7Trl/MsEKsKHiYAHtLFpHz2+UI+HBU
+ WbSeDLLA8g79SZq/pqWHfp3YKzqP4p+dmi8j+aOZJWkGu9l+Q40qQrTJQCxYgEek
+ ODeBFCY3DGfJRn79IFGuhF1/jGiAwF3/1j2Rxlesazl6/Lyvmtioplsqn8J94z32
+ G5wyGpqn/BcXkJTlWtwb3Rrg6OOALJAqy2H5EoIVT26gwmvkEStMtvgLfAeYjL8F
+ G2bAtaeQGzwQZNuVJAMI9Qtb+PHw322Wz+P8U669C/HCdGCumMf+M7UDHP79kXOO
+ IFs1NvkU3z/iO/5bj41v8u0W8+b9NWe++dI8N8q0hWLPgnz5PI998xW06Dul7pAX
+ K1OMIMfTTGgAZHAF1Kdn1BSXezgwkutwzy5h8XkYclyHB2nPXkXIYmahi1XgWeAE
+ 7B4NmefbS6H8dLOU7yMEWuxmYl41UOybtyrsp1za5wtERpQgzl6EWfIXISEdx1Ly
+ bmb3SGtB85RyqqCe2O9DzVZCw7mXgN69R5efyEuq3HIIN9udLNrybPNNyD/OlAqo
+ l/xwDxiSCEsO6yY5lGc0MCMCAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ wiregrill = {
+ ip6.addr = w6 "17";
+ aliases = [
+ "coaxmetal.w"
+ ];
+ wireguard.pubkey = ''
+ lkjR14oOVKl03/0sUzOmddf28ps+v5qRxrbRY03Pg38=
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO9vAYuTv07c9bOjDJId3ShXJ1qIEuyrjkVYkJn9yMET ";
+ syncthing.id = "W5BJ4TL-GAQ46WS-ZB72HFS-XOURLBA-RNBVMYC-POFH4UA-CBORQID-BMIHNQZ";
+ };
+
};
users = rec {
- lass = lass-blue;
+ lass = lass-yubikey;
lass-yubikey = {
- mail = lass.mail;
+ mail = "lass@lassul.us";
pubkey = builtins.readFile ./ssh/yubikey.rsa;
pgp.pubkeys.default = builtins.readFile ./pgp/yubikey.pgp;
};
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 2cb70eec4..c8e1e0386 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -197,6 +197,15 @@ in {
wg.euer IN A ${nets.internet.ip4.addr}
wiki.euer IN A ${nets.internet.ip4.addr}
wikisearch IN A ${nets.internet.ip4.addr}
+
+ meet.euer IN A ${nets.internet.ip4.addr}
+ work.euer IN A ${nets.internet.ip4.addr}
+ admin.work.euer IN A ${nets.internet.ip4.addr}
+ push.work.euer IN A ${nets.internet.ip4.addr}
+ api.work.euer IN A ${nets.internet.ip4.addr}
+ maps.work.euer IN A ${nets.internet.ip4.addr}
+ play.work.euer IN A ${nets.internet.ip4.addr}
+ ul.work.euer IN A ${nets.internet.ip4.addr}
'';
};
cores = 8;
diff --git a/krebs/5pkgs/haskell/brockman.nix b/krebs/5pkgs/haskell/brockman.nix
deleted file mode 100644
index 5f1166a25..000000000
--- a/krebs/5pkgs/haskell/brockman.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ mkDerivation, aeson, aeson-pretty, base, bloomfilter, bytestring
-, case-insensitive, conduit, containers, directory, feed, filepath
-, hslogger, html-entity, http-client, irc-conduit, lens, network
-, optparse-applicative, random, safe, stdenv, text, time, timerep
-, wreq
-, fetchFromGitHub
-}:
-mkDerivation rec {
- pname = "brockman";
- version = "3.2.3";
- src = fetchFromGitHub {
- owner = "kmein";
- repo = "brockman";
- rev = version;
- sha256 = "1qbjbf0l1ikfzmvky4cnvv7nlcwi2in4afliifh618j0a4f7j427";
- };
- isLibrary = false;
- isExecutable = true;
- executableHaskellDepends = [
- aeson aeson-pretty base bloomfilter bytestring case-insensitive
- conduit containers directory feed filepath hslogger html-entity
- http-client irc-conduit lens network optparse-applicative random
- safe text time timerep wreq
- ];
- license = stdenv.lib.licenses.mit;
-}
diff --git a/krebs/5pkgs/haskell/brockman/default.nix b/krebs/5pkgs/haskell/brockman/default.nix
new file mode 100644
index 000000000..92051a025
--- /dev/null
+++ b/krebs/5pkgs/haskell/brockman/default.nix
@@ -0,0 +1,26 @@
+{ mkDerivation, aeson, aeson-pretty, base, bytestring
+, case-insensitive, conduit, containers, directory, feed, filepath
+, hashable, hslogger, html-entity, http-client, irc-conduit, lens
+, lrucache, lrucaching, network, optparse-applicative, random, safe
+, stdenv, text, time, timerep, wreq
+, fetchFromGitHub
+}:
+mkDerivation rec {
+ pname = "brockman";
+ version = "3.4.0";
+ src = fetchFromGitHub {
+ owner = "kmein";
+ repo = "brockman";
+ rev = version;
+ sha256 = "02nval6a9xcddj6znzxvcb8g6klzjydj1lb4ych64i9mr4a8jvic";
+ };
+ isLibrary = false;
+ isExecutable = true;
+ executableHaskellDepends = [
+ aeson aeson-pretty base bytestring case-insensitive conduit
+ containers directory feed filepath hashable hslogger html-entity
+ http-client irc-conduit lens lrucache lrucaching network
+ optparse-applicative random safe text time timerep wreq
+ ];
+ license = stdenv.lib.licenses.mit;
+}
diff --git a/krebs/5pkgs/simple/rss-bridge/default.nix b/krebs/5pkgs/simple/rss-bridge/default.nix
index 13ad9d69a..bbe5c1bdb 100644
--- a/krebs/5pkgs/simple/rss-bridge/default.nix
+++ b/krebs/5pkgs/simple/rss-bridge/default.nix
@@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "rss-bridge";
- version = "2020-11-10";
+ version = "unstable-2021-01-10";
src = fetchFromGitHub {
owner = "RSS-Bridge";
repo = "rss-bridge";
- rev = version;
- sha256 = "00cp61lqvhi7b7j0rglsqg3l7cg8s9b8vq098bgvg5dygyi44hyv";
+ rev = "98352845a14b9f2eb8925ad7a04a5f6cc6a5af06";
+ sha256 = "1nv1f6f17cn057k9mydd3a0bmj2xa5k410fdq7nhw5b7msyxy2qv";
};
patchPhase = ''
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index 321fafac6..57d30799b 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "f217c0ea7c148ddc0103347051555c7c252dcafb",
- "date": "2021-01-21T09:50:34+01:00",
- "path": "/nix/store/8srlzkkvbvlg4g585g9iyzd3ryiilm8a-nixpkgs",
- "sha256": "0cyksxg2lnzxd0pss09rmmk2c2axz0lf9wvgvfng59nwf8dpq2kf",
+ "rev": "8c8731330b53ba0061686f36f10f101e662a4717",
+ "date": "2021-02-08T20:46:59+01:00",
+ "path": "/nix/store/agilvsqqdsqx36wf4zkq5gnhnab47qpd-nixpkgs",
+ "sha256": "0ak4d254myq6cl3d7jkq6n0apxabvwjz62zdw9habnrqg8asl8gk",
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 97afb10f8..8670999e0 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "a058d005b3cbb370bf171ebce01839dd6ff52222",
- "date": "2021-01-23T17:41:51-05:00",
- "path": "/nix/store/6ps307ghgrp10q3mwgw4lq143pmz0h25-nixpkgs",
- "sha256": "154mpqw0ya31hzgz9hggg1rb26yx8d00rsj9l90ndsdldrssgvbb",
+ "rev": "2394284537b89471c87065b040d3dedd8b5907fe",
+ "date": "2021-02-10T23:24:22+01:00",
+ "path": "/nix/store/rqgraycidchn5wc5mki5sqj8bl5cpx78-nixpkgs",
+ "sha256": "1j7vp735is5d32mbrgavpxi3fbnsm6d99a01ap8gn30n5ysd14sl",
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false