diff options
author | makefu <github@syntax-fehler.de> | 2017-06-01 10:08:56 +0200 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2017-06-01 10:08:56 +0200 |
commit | 772f84305d90380e0d221cf49ae3f1597d0d0510 (patch) | |
tree | 8d2241648396dc34fa96c8c68e12f832fbc7c308 /lass | |
parent | 90822f64e0bf247c5cca2f035077553cac5ceb79 (diff) | |
parent | 21d92086fe00c7369fde3951f92e9f73f4c05ee9 (diff) |
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'lass')
-rw-r--r-- | lass/1systems/iso.nix | 2 | ||||
-rw-r--r-- | lass/1systems/mors.nix | 13 | ||||
-rw-r--r-- | lass/1systems/prism.nix | 99 | ||||
-rw-r--r-- | lass/2configs/baseX.nix | 2 | ||||
-rw-r--r-- | lass/2configs/bepasty.nix | 2 | ||||
-rw-r--r-- | lass/2configs/coders-irc.nix | 92 | ||||
-rw-r--r-- | lass/2configs/default.nix | 9 | ||||
-rw-r--r-- | lass/2configs/dns-stuff.nix | 31 | ||||
-rw-r--r-- | lass/2configs/nixpkgs.nix | 2 | ||||
-rw-r--r-- | lass/2configs/retiolum.nix | 8 | ||||
-rw-r--r-- | lass/2configs/websites/domsen.nix | 5 | ||||
-rw-r--r-- | lass/2configs/websites/fritz.nix | 2 | ||||
-rw-r--r-- | lass/3modules/default.nix | 1 | ||||
-rw-r--r-- | lass/3modules/hosts.nix | 2 | ||||
-rw-r--r-- | lass/3modules/pyload.nix | 55 |
15 files changed, 200 insertions, 125 deletions
diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix index 30fc674bc..eaeb1991f 100644 --- a/lass/1systems/iso.nix +++ b/lass/1systems/iso.nix @@ -16,7 +16,7 @@ with import <stockholm/lib>; # /dev/pts is empty except for 1 file # my life sucks nixpkgs.config.packageOverrides = super: { - irc-announce = super.callPackage <stockholm/krebs/5pkgs/irc-announce> { + irc-announce = super.callPackage <stockholm/krebs/5pkgs/simple/irc-announce> { pkgs = pkgs // { coreutils = pkgs.concat "coreutils-hack" [ pkgs.coreutils (pkgs.writeDashBin "tee" '' diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index c8d9465d5..dd3777c64 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -32,14 +32,11 @@ with import <stockholm/lib>; { predicate = "-p tcp --dport 11100"; target = "ACCEPT"; } ]; } - #{ - # services.elasticsearch = { - # enable = true; - # plugins = [ - # # pkgs.elasticsearchPlugins.elasticsearch_kopf - # ]; - # }; - #} + { + services.elasticsearch = { + enable = true; + }; + } { #zalando project services.postgresql = { diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 01cfe5414..02054a8e5 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -1,5 +1,4 @@ { config, lib, pkgs, ... }: - with import <stockholm/lib>; let @@ -46,6 +45,7 @@ in { ../2configs/monitoring/monit-alarms.nix ../2configs/paste.nix ../2configs/syncthing.nix + ../2configs/coders-irc.nix { imports = [ ../2configs/bepasty.nix @@ -254,103 +254,6 @@ in { ]; } { - krebs.Reaktor.coders = { - nickname = "Reaktor|lass"; - channels = [ "#coders" "#germany" ]; - extraEnviron = { - REAKTOR_HOST = "irc.hackint.org"; - }; - plugins = with pkgs.ReaktorPlugins; let - - lambdabot = (import (pkgs.fetchFromGitHub { - owner = "NixOS"; repo = "nixpkgs"; - rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac"; - sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy"; - }) {}).lambdabot; - - lambdabotflags = '' - -XStandaloneDeriving -XGADTs -XFlexibleContexts \ - -XFlexibleInstances -XMultiParamTypeClasses \ - -XOverloadedStrings -XFunctionalDependencies \''; - in [ - url-title - (buildSimpleReaktorPlugin "lambdabot-pl" { - pattern = "^@pl (?P<args>.*)$$"; - script = pkgs.writeDash "lambda-pl" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@pl $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-type" { - pattern = "^@type (?P<args>.*)$$"; - script = pkgs.writeDash "lambda-type" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@type $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-let" { - pattern = "^@let (?P<args>.*)$$"; - script = pkgs.writeDash "lambda-let" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@let $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-run" { - pattern = "^@run (?P<args>.*)$$"; - script = pkgs.writeDash "lambda-run" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@run $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-kind" { - pattern = "^@kind (?P<args>.*)$$"; - script = pkgs.writeDash "lambda-kind" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@kind $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-kind" { - pattern = "^@kind (?P<args>.*)$$"; - script = pkgs.writeDash "lambda-kind" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@kind $1" - ''; - }) - (buildSimpleReaktorPlugin "random-unicorn-porn" { - pattern = "^!rup$$"; - script = pkgs.writePython2 "rup" '' - #!${pkgs.python2}/bin/python - t1 = """ - _. - ;=',_ () - 8===D~~ S" .--`|| - sS \__ || - __.' ( \-->|| - _=/ _./-\/ || - 8===D~~ ((\( /-' -'l || - ) |/ \\ (_)) - \\ \\ - '~ '~ - """ - print(t1) - ''; - }) - (buildSimpleReaktorPlugin "ping" { - pattern = "^!ping (?P<args>.*)$$"; - script = pkgs.writeDash "ping" '' - exec /var/setuid-wrappers/ping -q -c1 "$1" 2>&1 | tail -1 - ''; - }) - ]; - }; - } - { krebs.Reaktor.prism = { nickname = "Reaktor|lass"; channels = [ "#retiolum" ]; diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 9c51effdc..3e2e325d8 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -10,6 +10,7 @@ in { ./copyq.nix ./xresources.nix ./livestream.nix + ./dns-stuff.nix { hardware.pulseaudio = { enable = true; @@ -33,6 +34,7 @@ in { time.timeZone = "Europe/Berlin"; programs.ssh.startAgent = false; + services.openssh.forwardX11 = true; services.printing = { enable = true; diff --git a/lass/2configs/bepasty.nix b/lass/2configs/bepasty.nix index c2bc3f3cd..b2d40d4f3 100644 --- a/lass/2configs/bepasty.nix +++ b/lass/2configs/bepasty.nix @@ -35,7 +35,7 @@ in { forceSSL = true; enableACME = true; }; - defaultPermissions = "read"; + defaultPermissions = "read,create"; secretKey = secKey; }); }; diff --git a/lass/2configs/coders-irc.nix b/lass/2configs/coders-irc.nix new file mode 100644 index 000000000..61cc7cfe0 --- /dev/null +++ b/lass/2configs/coders-irc.nix @@ -0,0 +1,92 @@ +{ config, lib, pkgs, ... }: +with import <stockholm/lib>; + +{ + krebs.Reaktor.coders = { + nickname = "Reaktor|lass"; + channels = [ "#coders" "#germany" ]; + extraEnviron = { + REAKTOR_HOST = "irc.hackint.org"; + }; + plugins = with pkgs.ReaktorPlugins; let + + lambdabot = (import (pkgs.fetchFromGitHub { + owner = "NixOS"; repo = "nixpkgs"; + rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac"; + sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy"; + }) {}).lambdabot; + + lambdabotflags = '' + -XStandaloneDeriving -XGADTs -XFlexibleContexts \ + -XFlexibleInstances -XMultiParamTypeClasses \ + -XOverloadedStrings -XFunctionalDependencies \''; + in [ + url-title + (buildSimpleReaktorPlugin "lambdabot-pl" { + pattern = "^@pl (?P<args>.*)$$"; + script = pkgs.writeDash "lambda-pl" '' + exec ${lambdabot}/bin/lambdabot \ + ${indent lambdabotflags} + -e "@pl $1" + ''; + }) + (buildSimpleReaktorPlugin "lambdabot-type" { + pattern = "^@type (?P<args>.*)$$"; + script = pkgs.writeDash "lambda-type" '' + exec ${lambdabot}/bin/lambdabot \ + ${indent lambdabotflags} + -e "@type $1" + ''; + }) + (buildSimpleReaktorPlugin "lambdabot-let" { + pattern = "^@let (?P<args>.*)$$"; + script = pkgs.writeDash "lambda-let" '' + exec ${lambdabot}/bin/lambdabot \ + ${indent lambdabotflags} + -e "@let $1" + ''; + }) + (buildSimpleReaktorPlugin "lambdabot-run" { + pattern = "^@run (?P<args>.*)$$"; + script = pkgs.writeDash "lambda-run" '' + exec ${lambdabot}/bin/lambdabot \ + ${indent lambdabotflags} + -e "@run $1" + ''; + }) + (buildSimpleReaktorPlugin "lambdabot-kind" { + pattern = "^@kind (?P<args>.*)$$"; + script = pkgs.writeDash "lambda-kind" '' + exec ${lambdabot}/bin/lambdabot \ + ${indent lambdabotflags} + -e "@kind $1" + ''; + }) + (buildSimpleReaktorPlugin "random-unicorn-porn" { + pattern = "^!rup$$"; + script = pkgs.writePython2 "rup" '' + #!${pkgs.python2}/bin/python + t1 = """ + _. + ;=',_ () + 8===D~~ S" .--`|| + sS \__ || + __.' ( \-->|| + _=/ _./-\/ || + 8===D~~ ((\( /-' -'l || + ) |/ \\ (_)) + \\ \\ + '~ '~ + """ + print(t1) + ''; + }) + (buildSimpleReaktorPlugin "ping" { + pattern = "^!ping (?P<args>.*)$$"; + script = pkgs.writeDash "ping" '' + exec /var/setuid-wrappers/ping -q -c1 "$1" 2>&1 | tail -1 + ''; + }) + ]; + }; +} diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index ffed5bb70..d7deb3165 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -63,15 +63,6 @@ with import <stockholm/lib>; pkgs.pythonPackages.python ]; } - { - services.dnscrypt-proxy = { - enable = true; - resolverName = "cs-de"; - }; - networking.extraResolvconfConf = '' - name_servers='127.0.0.1' - ''; - } ]; networking.hostName = config.krebs.build.host.name; diff --git a/lass/2configs/dns-stuff.nix b/lass/2configs/dns-stuff.nix new file mode 100644 index 000000000..b52d3050b --- /dev/null +++ b/lass/2configs/dns-stuff.nix @@ -0,0 +1,31 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; +{ + services.dnscrypt-proxy = { + enable = true; + localAddress = "127.1.0.1"; + resolverName = "cs-de"; + }; + services.dnsmasq = { + enable = true; + extraConfig = '' + server=127.1.0.1 + server=/dn42/172.23.75.6 + #no-resolv + cache-size=1000 + min-cache-ttl=3600 + bind-dynamic + all-servers + dnssec + trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 + address=/blog/127.0.0.1 + address=/blog/::1 + rebind-domain-ok=/onion/ + server=/.onion/127.0.0.1#9053 + port=53 + ''; + }; + networking.extraResolvconfConf = '' + name_servers='127.0.0.1' + ''; +} diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 49c44aa88..a3916a2ea 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://cgit.lassul.us/nixpkgs; - ref = "2bb9c1c"; + ref = "f8dfdd7"; }; } diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index 7a7bf95be..e7779f53e 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -1,11 +1,10 @@ -{ ... }: +{ pkgs, ... }: { krebs.iptables = { tables = { filter.INPUT.rules = [ - { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; } { predicate = "-p udp --dport tinc"; target = "ACCEPT"; } ]; @@ -13,6 +12,7 @@ }; krebs.tinc.retiolum = { + enableLegacy = true; enable = true; connectTo = [ "prism" @@ -25,4 +25,8 @@ nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; + + environment.systemPackages = [ + pkgs.tinc + ]; } diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 581b37d91..b0d28d4da 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -25,9 +25,10 @@ in { imports = [ ./sqlBackup.nix (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) - (servePage [ "karlaskop.de" "www.karlaskop.de" ]) - (servePage [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ]) + (servePage [ "karlaskop.de" ]) + (servePage [ "makeup.apanowicz.de" ]) (servePage [ "pixelpocket.de" ]) + (servePage [ "habsys.de" "habsys.eu" ]) (serveOwncloud [ "o.ubikmedia.de" ]) (serveWordpress [ "ubikmedia.de" diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index 9bf7e4a9c..45927b102 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -40,8 +40,6 @@ in { (serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ]) - (servePage [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ]) - (serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ]) ]; diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 73692446a..fd353e008 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -6,6 +6,7 @@ _: ./hosts.nix ./mysql-backup.nix ./news.nix + ./pyload.nix ./umts.nix ./usershadow.nix ./xresources.nix diff --git a/lass/3modules/hosts.nix b/lass/3modules/hosts.nix index 125819bb0..7e3af10be 100644 --- a/lass/3modules/hosts.nix +++ b/lass/3modules/hosts.nix @@ -6,7 +6,7 @@ with import <stockholm/lib>; options.lass.hosts = mkOption { type = types.attrsOf types.host; default = - filterAttrs (_: host: host.owner.name == "lass") + filterAttrs (_: host: host.owner.name == "lass" && host.managed) config.krebs.hosts; }; } diff --git a/lass/3modules/pyload.nix b/lass/3modules/pyload.nix new file mode 100644 index 000000000..6f29ffb17 --- /dev/null +++ b/lass/3modules/pyload.nix @@ -0,0 +1,55 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; + +let + cfg = config.lass.pyload; + + out = { + options.lass.pyload = api; + config = lib.mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "pyload"; + user = mkOption { + type = types.str; + default = "download"; + }; + }; + + imp = { + + krebs.per-user.${cfg.user}.packages = [ + pkgs.pyload + pkgs.spidermonkey + pkgs.tesseract + ]; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 9099"; target = "ACCEPT"; } + ]; + systemd.services.pyload = { + description = "pyload"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + path = with pkgs; [ + pyload + spidermonkey + tesseract + dnsmasq + ]; + + restartIfChanged = true; + + serviceConfig = { + Restart = "always"; + ExecStart = "${pkgs.pyload}/bin/pyLoadCore"; + User = cfg.user; + }; + }; + + }; + +in out |