summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2017-06-01 10:08:56 +0200
committermakefu <github@syntax-fehler.de>2017-06-01 10:08:56 +0200
commit772f84305d90380e0d221cf49ae3f1597d0d0510 (patch)
tree8d2241648396dc34fa96c8c68e12f832fbc7c308 /lass
parent90822f64e0bf247c5cca2f035077553cac5ceb79 (diff)
parent21d92086fe00c7369fde3951f92e9f73f4c05ee9 (diff)
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/iso.nix2
-rw-r--r--lass/1systems/mors.nix13
-rw-r--r--lass/1systems/prism.nix99
-rw-r--r--lass/2configs/baseX.nix2
-rw-r--r--lass/2configs/bepasty.nix2
-rw-r--r--lass/2configs/coders-irc.nix92
-rw-r--r--lass/2configs/default.nix9
-rw-r--r--lass/2configs/dns-stuff.nix31
-rw-r--r--lass/2configs/nixpkgs.nix2
-rw-r--r--lass/2configs/retiolum.nix8
-rw-r--r--lass/2configs/websites/domsen.nix5
-rw-r--r--lass/2configs/websites/fritz.nix2
-rw-r--r--lass/3modules/default.nix1
-rw-r--r--lass/3modules/hosts.nix2
-rw-r--r--lass/3modules/pyload.nix55
15 files changed, 200 insertions, 125 deletions
diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix
index 30fc674bc..eaeb1991f 100644
--- a/lass/1systems/iso.nix
+++ b/lass/1systems/iso.nix
@@ -16,7 +16,7 @@ with import <stockholm/lib>;
# /dev/pts is empty except for 1 file
# my life sucks
nixpkgs.config.packageOverrides = super: {
- irc-announce = super.callPackage <stockholm/krebs/5pkgs/irc-announce> {
+ irc-announce = super.callPackage <stockholm/krebs/5pkgs/simple/irc-announce> {
pkgs = pkgs // { coreutils = pkgs.concat "coreutils-hack" [
pkgs.coreutils
(pkgs.writeDashBin "tee" ''
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index c8d9465d5..dd3777c64 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -32,14 +32,11 @@ with import <stockholm/lib>;
{ predicate = "-p tcp --dport 11100"; target = "ACCEPT"; }
];
}
- #{
- # services.elasticsearch = {
- # enable = true;
- # plugins = [
- # # pkgs.elasticsearchPlugins.elasticsearch_kopf
- # ];
- # };
- #}
+ {
+ services.elasticsearch = {
+ enable = true;
+ };
+ }
{
#zalando project
services.postgresql = {
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 01cfe5414..02054a8e5 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -1,5 +1,4 @@
{ config, lib, pkgs, ... }:
-
with import <stockholm/lib>;
let
@@ -46,6 +45,7 @@ in {
../2configs/monitoring/monit-alarms.nix
../2configs/paste.nix
../2configs/syncthing.nix
+ ../2configs/coders-irc.nix
{
imports = [
../2configs/bepasty.nix
@@ -254,103 +254,6 @@ in {
];
}
{
- krebs.Reaktor.coders = {
- nickname = "Reaktor|lass";
- channels = [ "#coders" "#germany" ];
- extraEnviron = {
- REAKTOR_HOST = "irc.hackint.org";
- };
- plugins = with pkgs.ReaktorPlugins; let
-
- lambdabot = (import (pkgs.fetchFromGitHub {
- owner = "NixOS"; repo = "nixpkgs";
- rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
- sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
- }) {}).lambdabot;
-
- lambdabotflags = ''
- -XStandaloneDeriving -XGADTs -XFlexibleContexts \
- -XFlexibleInstances -XMultiParamTypeClasses \
- -XOverloadedStrings -XFunctionalDependencies \'';
- in [
- url-title
- (buildSimpleReaktorPlugin "lambdabot-pl" {
- pattern = "^@pl (?P<args>.*)$$";
- script = pkgs.writeDash "lambda-pl" ''
- exec ${lambdabot}/bin/lambdabot \
- ${indent lambdabotflags}
- -e "@pl $1"
- '';
- })
- (buildSimpleReaktorPlugin "lambdabot-type" {
- pattern = "^@type (?P<args>.*)$$";
- script = pkgs.writeDash "lambda-type" ''
- exec ${lambdabot}/bin/lambdabot \
- ${indent lambdabotflags}
- -e "@type $1"
- '';
- })
- (buildSimpleReaktorPlugin "lambdabot-let" {
- pattern = "^@let (?P<args>.*)$$";
- script = pkgs.writeDash "lambda-let" ''
- exec ${lambdabot}/bin/lambdabot \
- ${indent lambdabotflags}
- -e "@let $1"
- '';
- })
- (buildSimpleReaktorPlugin "lambdabot-run" {
- pattern = "^@run (?P<args>.*)$$";
- script = pkgs.writeDash "lambda-run" ''
- exec ${lambdabot}/bin/lambdabot \
- ${indent lambdabotflags}
- -e "@run $1"
- '';
- })
- (buildSimpleReaktorPlugin "lambdabot-kind" {
- pattern = "^@kind (?P<args>.*)$$";
- script = pkgs.writeDash "lambda-kind" ''
- exec ${lambdabot}/bin/lambdabot \
- ${indent lambdabotflags}
- -e "@kind $1"
- '';
- })
- (buildSimpleReaktorPlugin "lambdabot-kind" {
- pattern = "^@kind (?P<args>.*)$$";
- script = pkgs.writeDash "lambda-kind" ''
- exec ${lambdabot}/bin/lambdabot \
- ${indent lambdabotflags}
- -e "@kind $1"
- '';
- })
- (buildSimpleReaktorPlugin "random-unicorn-porn" {
- pattern = "^!rup$$";
- script = pkgs.writePython2 "rup" ''
- #!${pkgs.python2}/bin/python
- t1 = """
- _.
- ;=',_ ()
- 8===D~~ S" .--`||
- sS \__ ||
- __.' ( \-->||
- _=/ _./-\/ ||
- 8===D~~ ((\( /-' -'l ||
- ) |/ \\ (_))
- \\ \\
- '~ '~
- """
- print(t1)
- '';
- })
- (buildSimpleReaktorPlugin "ping" {
- pattern = "^!ping (?P<args>.*)$$";
- script = pkgs.writeDash "ping" ''
- exec /var/setuid-wrappers/ping -q -c1 "$1" 2>&1 | tail -1
- '';
- })
- ];
- };
- }
- {
krebs.Reaktor.prism = {
nickname = "Reaktor|lass";
channels = [ "#retiolum" ];
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 9c51effdc..3e2e325d8 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -10,6 +10,7 @@ in {
./copyq.nix
./xresources.nix
./livestream.nix
+ ./dns-stuff.nix
{
hardware.pulseaudio = {
enable = true;
@@ -33,6 +34,7 @@ in {
time.timeZone = "Europe/Berlin";
programs.ssh.startAgent = false;
+ services.openssh.forwardX11 = true;
services.printing = {
enable = true;
diff --git a/lass/2configs/bepasty.nix b/lass/2configs/bepasty.nix
index c2bc3f3cd..b2d40d4f3 100644
--- a/lass/2configs/bepasty.nix
+++ b/lass/2configs/bepasty.nix
@@ -35,7 +35,7 @@ in {
forceSSL = true;
enableACME = true;
};
- defaultPermissions = "read";
+ defaultPermissions = "read,create";
secretKey = secKey;
});
};
diff --git a/lass/2configs/coders-irc.nix b/lass/2configs/coders-irc.nix
new file mode 100644
index 000000000..61cc7cfe0
--- /dev/null
+++ b/lass/2configs/coders-irc.nix
@@ -0,0 +1,92 @@
+{ config, lib, pkgs, ... }:
+with import <stockholm/lib>;
+
+{
+ krebs.Reaktor.coders = {
+ nickname = "Reaktor|lass";
+ channels = [ "#coders" "#germany" ];
+ extraEnviron = {
+ REAKTOR_HOST = "irc.hackint.org";
+ };
+ plugins = with pkgs.ReaktorPlugins; let
+
+ lambdabot = (import (pkgs.fetchFromGitHub {
+ owner = "NixOS"; repo = "nixpkgs";
+ rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
+ sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
+ }) {}).lambdabot;
+
+ lambdabotflags = ''
+ -XStandaloneDeriving -XGADTs -XFlexibleContexts \
+ -XFlexibleInstances -XMultiParamTypeClasses \
+ -XOverloadedStrings -XFunctionalDependencies \'';
+ in [
+ url-title
+ (buildSimpleReaktorPlugin "lambdabot-pl" {
+ pattern = "^@pl (?P<args>.*)$$";
+ script = pkgs.writeDash "lambda-pl" ''
+ exec ${lambdabot}/bin/lambdabot \
+ ${indent lambdabotflags}
+ -e "@pl $1"
+ '';
+ })
+ (buildSimpleReaktorPlugin "lambdabot-type" {
+ pattern = "^@type (?P<args>.*)$$";
+ script = pkgs.writeDash "lambda-type" ''
+ exec ${lambdabot}/bin/lambdabot \
+ ${indent lambdabotflags}
+ -e "@type $1"
+ '';
+ })
+ (buildSimpleReaktorPlugin "lambdabot-let" {
+ pattern = "^@let (?P<args>.*)$$";
+ script = pkgs.writeDash "lambda-let" ''
+ exec ${lambdabot}/bin/lambdabot \
+ ${indent lambdabotflags}
+ -e "@let $1"
+ '';
+ })
+ (buildSimpleReaktorPlugin "lambdabot-run" {
+ pattern = "^@run (?P<args>.*)$$";
+ script = pkgs.writeDash "lambda-run" ''
+ exec ${lambdabot}/bin/lambdabot \
+ ${indent lambdabotflags}
+ -e "@run $1"
+ '';
+ })
+ (buildSimpleReaktorPlugin "lambdabot-kind" {
+ pattern = "^@kind (?P<args>.*)$$";
+ script = pkgs.writeDash "lambda-kind" ''
+ exec ${lambdabot}/bin/lambdabot \
+ ${indent lambdabotflags}
+ -e "@kind $1"
+ '';
+ })
+ (buildSimpleReaktorPlugin "random-unicorn-porn" {
+ pattern = "^!rup$$";
+ script = pkgs.writePython2 "rup" ''
+ #!${pkgs.python2}/bin/python
+ t1 = """
+ _.
+ ;=',_ ()
+ 8===D~~ S" .--`||
+ sS \__ ||
+ __.' ( \-->||
+ _=/ _./-\/ ||
+ 8===D~~ ((\( /-' -'l ||
+ ) |/ \\ (_))
+ \\ \\
+ '~ '~
+ """
+ print(t1)
+ '';
+ })
+ (buildSimpleReaktorPlugin "ping" {
+ pattern = "^!ping (?P<args>.*)$$";
+ script = pkgs.writeDash "ping" ''
+ exec /var/setuid-wrappers/ping -q -c1 "$1" 2>&1 | tail -1
+ '';
+ })
+ ];
+ };
+}
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index ffed5bb70..d7deb3165 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -63,15 +63,6 @@ with import <stockholm/lib>;
pkgs.pythonPackages.python
];
}
- {
- services.dnscrypt-proxy = {
- enable = true;
- resolverName = "cs-de";
- };
- networking.extraResolvconfConf = ''
- name_servers='127.0.0.1'
- '';
- }
];
networking.hostName = config.krebs.build.host.name;
diff --git a/lass/2configs/dns-stuff.nix b/lass/2configs/dns-stuff.nix
new file mode 100644
index 000000000..b52d3050b
--- /dev/null
+++ b/lass/2configs/dns-stuff.nix
@@ -0,0 +1,31 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+{
+ services.dnscrypt-proxy = {
+ enable = true;
+ localAddress = "127.1.0.1";
+ resolverName = "cs-de";
+ };
+ services.dnsmasq = {
+ enable = true;
+ extraConfig = ''
+ server=127.1.0.1
+ server=/dn42/172.23.75.6
+ #no-resolv
+ cache-size=1000
+ min-cache-ttl=3600
+ bind-dynamic
+ all-servers
+ dnssec
+ trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
+ address=/blog/127.0.0.1
+ address=/blog/::1
+ rebind-domain-ok=/onion/
+ server=/.onion/127.0.0.1#9053
+ port=53
+ '';
+ };
+ networking.extraResolvconfConf = ''
+ name_servers='127.0.0.1'
+ '';
+}
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index 49c44aa88..a3916a2ea 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://cgit.lassul.us/nixpkgs;
- ref = "2bb9c1c";
+ ref = "f8dfdd7";
};
}
diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix
index 7a7bf95be..e7779f53e 100644
--- a/lass/2configs/retiolum.nix
+++ b/lass/2configs/retiolum.nix
@@ -1,11 +1,10 @@
-{ ... }:
+{ pkgs, ... }:
{
krebs.iptables = {
tables = {
filter.INPUT.rules = [
- { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport tinc"; target = "ACCEPT"; }
{ predicate = "-p udp --dport tinc"; target = "ACCEPT"; }
];
@@ -13,6 +12,7 @@
};
krebs.tinc.retiolum = {
+ enableLegacy = true;
enable = true;
connectTo = [
"prism"
@@ -25,4 +25,8 @@
nixpkgs.config.packageOverrides = pkgs: {
tinc = pkgs.tinc_pre;
};
+
+ environment.systemPackages = [
+ pkgs.tinc
+ ];
}
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 581b37d91..b0d28d4da 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -25,9 +25,10 @@ in {
imports = [
./sqlBackup.nix
(servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
- (servePage [ "karlaskop.de" "www.karlaskop.de" ])
- (servePage [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ])
+ (servePage [ "karlaskop.de" ])
+ (servePage [ "makeup.apanowicz.de" ])
(servePage [ "pixelpocket.de" ])
+ (servePage [ "habsys.de" "habsys.eu" ])
(serveOwncloud [ "o.ubikmedia.de" ])
(serveWordpress [
"ubikmedia.de"
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
index 9bf7e4a9c..45927b102 100644
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@@ -40,8 +40,6 @@ in {
(serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ])
- (servePage [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ])
-
(serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ])
];
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index 73692446a..fd353e008 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -6,6 +6,7 @@ _:
./hosts.nix
./mysql-backup.nix
./news.nix
+ ./pyload.nix
./umts.nix
./usershadow.nix
./xresources.nix
diff --git a/lass/3modules/hosts.nix b/lass/3modules/hosts.nix
index 125819bb0..7e3af10be 100644
--- a/lass/3modules/hosts.nix
+++ b/lass/3modules/hosts.nix
@@ -6,7 +6,7 @@ with import <stockholm/lib>;
options.lass.hosts = mkOption {
type = types.attrsOf types.host;
default =
- filterAttrs (_: host: host.owner.name == "lass")
+ filterAttrs (_: host: host.owner.name == "lass" && host.managed)
config.krebs.hosts;
};
}
diff --git a/lass/3modules/pyload.nix b/lass/3modules/pyload.nix
new file mode 100644
index 000000000..6f29ffb17
--- /dev/null
+++ b/lass/3modules/pyload.nix
@@ -0,0 +1,55 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+
+let
+ cfg = config.lass.pyload;
+
+ out = {
+ options.lass.pyload = api;
+ config = lib.mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "pyload";
+ user = mkOption {
+ type = types.str;
+ default = "download";
+ };
+ };
+
+ imp = {
+
+ krebs.per-user.${cfg.user}.packages = [
+ pkgs.pyload
+ pkgs.spidermonkey
+ pkgs.tesseract
+ ];
+
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 9099"; target = "ACCEPT"; }
+ ];
+ systemd.services.pyload = {
+ description = "pyload";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+
+ path = with pkgs; [
+ pyload
+ spidermonkey
+ tesseract
+ dnsmasq
+ ];
+
+ restartIfChanged = true;
+
+ serviceConfig = {
+ Restart = "always";
+ ExecStart = "${pkgs.pyload}/bin/pyLoadCore";
+ User = cfg.user;
+ };
+ };
+
+ };
+
+in out