summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/2configs/exim-smarthost.nix50
-rw-r--r--krebs/3modules/default.nix144
-rw-r--r--krebs/3modules/dns.nix12
-rw-r--r--krebs/3modules/github-known-hosts.nix40
-rw-r--r--krebs/3modules/hosts.nix36
-rw-r--r--krebs/3modules/retiolum-hosts.nix28
-rw-r--r--krebs/5pkgs/haskell/blessings.nix4
-rw-r--r--lass/2configs/default.nix1
-rw-r--r--makefu/2configs/default.nix1
-rw-r--r--tv/5pkgs/simple/q/default.nix61
10 files changed, 207 insertions, 170 deletions
diff --git a/krebs/2configs/exim-smarthost.nix b/krebs/2configs/exim-smarthost.nix
new file mode 100644
index 000000000..5dc24f1de
--- /dev/null
+++ b/krebs/2configs/exim-smarthost.nix
@@ -0,0 +1,50 @@
+with import <stockholm/lib>;
+{ config, ... }: let
+
+ format = from: to: {
+ inherit from;
+ # TODO assert is-retiolum-mail-address to;
+ to = concatMapStringsSep "," (getAttr "mail") (toList to);
+ };
+
+in {
+ krebs.exim-smarthost.internet-aliases =
+ mapAttrsToList format (with config.krebs.users; let
+ brain-ml = [
+ lass
+ makefu
+ tv
+ ];
+ eloop-ml = spam-ml ++ [ ciko ];
+ spam-ml = [
+ lass
+ makefu
+ tv
+ ];
+ ciko.mail = "ciko@slash16.net";
+ in {
+ "anmeldung@eloop.org" = eloop-ml;
+ "brain@krebsco.de" = brain-ml;
+ "cfp@eloop.org" = eloop-ml;
+ "kontakt@eloop.org" = eloop-ml;
+ "root@eloop.org" = eloop-ml;
+ "youtube@eloop.org" = eloop-ml;
+ "eloop2016@krebsco.de" = eloop-ml;
+ "eloop2017@krebsco.de" = eloop-ml;
+ "postmaster@krebsco.de" = spam-ml; # RFC 822
+ "lass@krebsco.de" = lass;
+ "makefu@krebsco.de" = makefu;
+ "spam@krebsco.de" = spam-ml;
+ "tv@krebsco.de" = tv;
+ # XXX These are no internet aliases
+ # XXX exim-retiolum hosts should be able to relay to retiolum addresses
+ "lass@retiolum" = lass;
+ "makefu@retiolum" = makefu;
+ "spam@retiolum" = spam-ml;
+ "tv@retiolum" = tv;
+ "lass@r" = lass;
+ "makefu@r" = makefu;
+ "spam@r" = spam-ml;
+ "tv@r" = tv;
+ });
+}
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 2e7c61fb5..bb69bfad3 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -18,14 +18,17 @@ let
./charybdis.nix
./ci.nix
./current.nix
+ ./dns.nix
./exim.nix
./exim-retiolum.nix
./exim-smarthost.nix
./fetchWallpaper.nix
./github-hosts-sync.nix
+ ./github-known-hosts.nix
./git.nix
./go.nix
./hidden-ssh.nix
+ ./hosts.nix
./htgen.nix
./iana-etc.nix
./iptables.nix
@@ -41,6 +44,7 @@ let
./Reaktor.nix
./realwallpaper.nix
./retiolum-bootstrap.nix
+ ./retiolum-hosts.nix
./rtorrent.nix
./secret.nix
./setuid.nix
@@ -58,28 +62,10 @@ let
api = {
enable = mkEnableOption "krebs";
- dns = {
- providers = mkOption {
- type = with types; attrsOf str;
- };
- };
-
- hosts = mkOption {
- type = with types; attrsOf host;
- default = {};
- };
-
users = mkOption {
type = with types; attrsOf user;
};
- # XXX is there a better place to define search-domain?
- # TODO search-domains :: listOf hostname
- search-domain = mkOption {
- type = types.hostname;
- default = "r";
- };
-
sitemap = mkOption {
default = {};
type = types.attrsOf types.sitemap.entry;
@@ -125,6 +111,8 @@ let
w = "hosts";
};
+ krebs.dns.search-domain = mkDefault "r";
+
krebs.users = {
krebs = {
home = "/krebs";
@@ -137,93 +125,6 @@ let
};
};
- networking.extraHosts = let
- domains = attrNames (filterAttrs (_: eq "hosts") cfg.dns.providers);
- check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains;
- in concatStringsSep "\n" (flatten (
- mapAttrsToList (hostname: host:
- mapAttrsToList (netname: net:
- let
- aliases = longs ++ shorts;
- longs = filter check net.aliases;
- shorts = let s = ".${cfg.search-domain}"; in
- map (removeSuffix s) (filter (hasSuffix s) longs);
- in
- optionals
- (aliases != [])
- (map (addr: "${addr} ${toString aliases}") net.addrs)
- ) (filterAttrs (name: host: host.aliases != []) host.nets)
- ) cfg.hosts
- ));
-
- # TODO dedup with networking.extraHosts
- nixpkgs.config.packageOverrides = oldpkgs:
- let
- domains = attrNames (filterAttrs (_: eq "hosts") cfg.dns.providers);
- check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains;
- in
- {
- retiolum-hosts = oldpkgs.writeText "retiolum-hosts" ''
- ${concatStringsSep "\n" (flatten (
- map (host:
- let
- net = host.nets.retiolum;
- aliases = longs;
- longs = filter check net.aliases;
- in
- optionals
- (aliases != [])
- (map (addr: "${addr} ${toString aliases}") net.addrs)
- ) (filter (host: hasAttr "retiolum" host.nets)
- (attrValues cfg.hosts))))}
- '';
- };
-
- krebs.exim-smarthost.internet-aliases = let
- format = from: to: {
- inherit from;
- # TODO assert is-retiolum-mail-address to;
- to = concatMapStringsSep "," (getAttr "mail") (toList to);
- };
- in mapAttrsToList format (with config.krebs.users; let
- brain-ml = [
- lass
- makefu
- tv
- ];
- eloop-ml = spam-ml ++ [ ciko ];
- spam-ml = [
- lass
- makefu
- tv
- ];
- ciko.mail = "ciko@slash16.net";
- in {
- "anmeldung@eloop.org" = eloop-ml;
- "brain@krebsco.de" = brain-ml;
- "cfp@eloop.org" = eloop-ml;
- "kontakt@eloop.org" = eloop-ml;
- "root@eloop.org" = eloop-ml;
- "youtube@eloop.org" = eloop-ml;
- "eloop2016@krebsco.de" = eloop-ml;
- "eloop2017@krebsco.de" = eloop-ml;
- "postmaster@krebsco.de" = spam-ml; # RFC 822
- "lass@krebsco.de" = lass;
- "makefu@krebsco.de" = makefu;
- "spam@krebsco.de" = spam-ml;
- "tv@krebsco.de" = tv;
- # XXX These are no internet aliases
- # XXX exim-retiolum hosts should be able to relay to retiolum addresses
- "lass@retiolum" = lass;
- "makefu@retiolum" = makefu;
- "spam@retiolum" = spam-ml;
- "tv@retiolum" = tv;
- "lass@r" = lass;
- "makefu@r" = makefu;
- "spam@r" = spam-ml;
- "tv@r" = tv;
- });
-
services.openssh.hostKeys =
let inherit (config.krebs.build.host.ssh) privkey; in
mkIf (privkey != null) (mkForce [privkey]);
@@ -238,31 +139,6 @@ let
};
})
//
- {
- github = {
- hostNames = [
- "github.com"
- # List generated with
- # curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob
- "192.30.252.*"
- "192.30.253.*"
- "192.30.254.*"
- "192.30.255.*"
- "185.199.108.*"
- "185.199.109.*"
- "185.199.110.*"
- "185.199.111.*"
- "13.229.188.59"
- "13.250.177.223"
- "18.194.104.89"
- "18.195.85.27"
- "35.159.8.160"
- "52.74.223.119"
- ];
- publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
- };
- }
- //
mapAttrs
(name: host: {
hostNames =
@@ -272,8 +148,8 @@ let
let
longs = net.aliases;
shorts =
- map (removeSuffix ".${cfg.search-domain}")
- (filter (hasSuffix ".${cfg.search-domain}")
+ map (removeSuffix ".${cfg.dns.search-domain}")
+ (filter (hasSuffix ".${cfg.dns.search-domain}")
longs);
add-port = a:
if net.ssh.port != 22
@@ -297,8 +173,8 @@ let
(concatMap (host: attrValues host.nets)
(mapAttrsToList
(_: host: recursiveUpdate host
- (optionalAttrs (hasAttr config.krebs.search-domain host.nets) {
- nets."" = host.nets.${config.krebs.search-domain} // {
+ (optionalAttrs (hasAttr cfg.dns.search-domain host.nets) {
+ nets."" = host.nets.${cfg.dns.search-domain} // {
aliases = [host.name];
addrs = [];
};
diff --git a/krebs/3modules/dns.nix b/krebs/3modules/dns.nix
new file mode 100644
index 000000000..b7e2a2cbb
--- /dev/null
+++ b/krebs/3modules/dns.nix
@@ -0,0 +1,12 @@
+with import <stockholm/lib>;
+{
+ options = {
+ krebs.dns.providers = mkOption {
+ type = types.attrsOf types.str;
+ };
+
+ krebs.dns.search-domain = mkOption {
+ type = types.hostname;
+ };
+ };
+}
diff --git a/krebs/3modules/github-known-hosts.nix b/krebs/3modules/github-known-hosts.nix
new file mode 100644
index 000000000..def06f17a
--- /dev/null
+++ b/krebs/3modules/github-known-hosts.nix
@@ -0,0 +1,40 @@
+{
+ services.openssh.knownHosts.github = {
+ hostNames = [
+ "github.com"
+ # List generated with
+ # curl -sS https://api.github.com/meta | jq -r .git[] | nix-shell -p cidr2glob --run cidr2glob | jq -R .
+ "192.30.252.*"
+ "192.30.253.*"
+ "192.30.254.*"
+ "192.30.255.*"
+ "185.199.108.*"
+ "185.199.109.*"
+ "185.199.110.*"
+ "185.199.111.*"
+ "140.82.112.*"
+ "140.82.113.*"
+ "140.82.114.*"
+ "140.82.115.*"
+ "140.82.116.*"
+ "140.82.117.*"
+ "140.82.118.*"
+ "140.82.119.*"
+ "140.82.120.*"
+ "140.82.121.*"
+ "140.82.122.*"
+ "140.82.123.*"
+ "140.82.124.*"
+ "140.82.125.*"
+ "140.82.126.*"
+ "140.82.127.*"
+ "13.229.188.59"
+ "13.250.177.223"
+ "18.194.104.89"
+ "18.195.85.27"
+ "35.159.8.160"
+ "52.74.223.119"
+ ];
+ publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
+ };
+}
diff --git a/krebs/3modules/hosts.nix b/krebs/3modules/hosts.nix
new file mode 100644
index 000000000..a95557b3d
--- /dev/null
+++ b/krebs/3modules/hosts.nix
@@ -0,0 +1,36 @@
+with import <stockholm/lib>;
+{ config, ... }: let
+ # TODO dedup functions with ./retiolum-hosts.nix
+ check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains;
+ domains = attrNames (filterAttrs (_: eq "hosts") config.krebs.dns.providers);
+in {
+
+ options = {
+ krebs.hosts = mkOption {
+ default = {};
+ type = types.attrsOf types.host;
+ };
+ };
+
+ config = {
+ networking.extraHosts =
+ concatStringsSep
+ "\n"
+ (flatten
+ (mapAttrsToList
+ (hostname: host:
+ mapAttrsToList
+ (netname: net: let
+ aliases = longs ++ shorts;
+ longs = filter check net.aliases;
+ shorts = let s = ".${config.krebs.dns.search-domain}"; in
+ map (removeSuffix s) (filter (hasSuffix s) longs);
+ in
+ optionals
+ (aliases != [])
+ (map (addr: "${addr} ${toString aliases}") net.addrs))
+ (filterAttrs (name: host: host.aliases != []) host.nets))
+ config.krebs.hosts));
+ };
+
+}
diff --git a/krebs/3modules/retiolum-hosts.nix b/krebs/3modules/retiolum-hosts.nix
new file mode 100644
index 000000000..ddf85ead7
--- /dev/null
+++ b/krebs/3modules/retiolum-hosts.nix
@@ -0,0 +1,28 @@
+with import <stockholm/lib>;
+{ config, ... }: let
+ # TODO dedup functions with ./hosts.nix
+ check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains;
+ domains = attrNames (filterAttrs (_: eq "hosts") config.krebs.dns.providers);
+in {
+ nixpkgs.config.packageOverrides = super: {
+ retiolum-hosts =
+ super.writeText "retiolum-hosts" ''
+ ${
+ concatStringsSep
+ "\n"
+ (flatten
+ (map
+ (host: let
+ net = host.nets.retiolum;
+ aliases = longs;
+ longs = filter check net.aliases;
+ in
+ optionals
+ (aliases != [])
+ (map (addr: "${addr} ${toString aliases}") net.addrs))
+ (filter (host: hasAttr "retiolum" host.nets)
+ (attrValues config.krebs.hosts))))
+ }
+ '';
+ };
+}
diff --git a/krebs/5pkgs/haskell/blessings.nix b/krebs/5pkgs/haskell/blessings.nix
index 59c5b7984..19f8da19d 100644
--- a/krebs/5pkgs/haskell/blessings.nix
+++ b/krebs/5pkgs/haskell/blessings.nix
@@ -7,8 +7,8 @@ with import <stockholm/lib>;
sha256 = "1k908zap3694fcxdk4bb29s54b0lhdh557y10ybjskfwnym7szn1";
};
"18.09" = {
- version = "1.2.0";
- sha256 = "03hz43ixww0h4fwxqrlrlvmj3pxswhb50ijaapwjz8457il2r300";
+ version = "1.3.0";
+ sha256 = "1y9jhh9pchrr48zgfib2jip97x1fkm7qb1gnfx477rmmryjs500h";
};
}.${versions.majorMinor nixpkgsVersion};
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 62a42baf9..69e697a1d 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -72,7 +72,6 @@ with import <stockholm/lib>;
krebs = {
enable = true;
- search-domain = "r";
build.user = config.krebs.users.lass;
};
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index d66b492a4..177114a49 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -36,7 +36,6 @@ with import <stockholm/lib>;
enable = true;
dns.providers.lan = "hosts";
- search-domain = "r";
build.user = config.krebs.users.makefu;
};
diff --git a/tv/5pkgs/simple/q/default.nix b/tv/5pkgs/simple/q/default.nix
index cbcec1bae..7906b968f 100644
--- a/tv/5pkgs/simple/q/default.nix
+++ b/tv/5pkgs/simple/q/default.nix
@@ -14,7 +14,7 @@ let
assert n >= 1;
n * calwidth + (n - 1) * hspace;
- pad = ''{
+ pad = /* sh */ ''{
${pkgs.gnused}/bin/sed '
# rtrim
s/ *$//
@@ -31,7 +31,7 @@ let
s/^[ 1-9][0-9]/&/
'
}'';
- in ''
+ in /* sh */ ''
cols=$(${pkgs.ncurses}/bin/tput cols)
${pkgs.coreutils}/bin/paste \
<(if test $cols -ge ${toString (need_width 3)}; then
@@ -59,24 +59,24 @@ let
'
'';
- q-isodate = ''
+ q-isodate = /* sh */ ''
${pkgs.coreutils}/bin/date \
'+%Y-%m-%dT%H:%M:%S%:z'
'';
# Singapore's red is #ED2E38
- q-sgtdate = ''
+ q-sgtdate = /* sh */ ''
TZ=Asia/Singapore \
${pkgs.coreutils}/bin/date \
'+%Y-%m-%dT%H:%M:%S%:z'
'';
- q-utcdate = ''
+ q-utcdate = /* sh */ ''
${pkgs.coreutils}/bin/date -u \
'+%Y-%m-%dT%H:%M:%S%:z'
'';
- q-gitdir = ''
+ q-gitdir = /* sh */ ''
if test -d .git; then
#git status --porcelain
branch=$(
@@ -87,7 +87,7 @@ let
fi
'';
- q-intel_backlight = ''
+ q-intel_backlight = /* sh */ ''
cd /sys/class/backlight/intel_backlight
</dev/null exec ${pkgs.gawk}/bin/awk '
END {
@@ -227,11 +227,11 @@ let
done
'';
- q-virtualization = ''
+ q-virtualization = /* sh */ ''
echo "VT: $(${pkgs.systemd}/bin/systemd-detect-virt)"
'';
- q-wireless = ''
+ q-wireless = /* sh */ ''
for dev in $(
${pkgs.iw}/bin/iw dev \
| ${pkgs.gnused}/bin/sed -n 's/^\s*Interface\s\+\([0-9a-z]\+\)$/\1/p'
@@ -250,7 +250,7 @@ let
done
'';
- q-online = ''
+ q-online = /* sh */ ''
if ${pkgs.curl}/bin/curl -s google.com >/dev/null; then
echo 'online'
else
@@ -258,7 +258,7 @@ let
fi
'';
- q-thermal_zone = ''
+ q-thermal_zone = /* sh */ ''
for i in /sys/class/thermal/thermal_zone*; do
type=$(${pkgs.coreutils}/bin/cat $i/type)
temp=$(${pkgs.coreutils}/bin/cat $i/temp)
@@ -266,29 +266,26 @@ let
done
'';
- q-todo = ''
+ q-todo = /* sh */ ''
TODO_file=$PWD/TODO
if test -e "$TODO_file"; then
- ${pkgs.coreutils}/bin/cat "$TODO_file" \
- | ${pkgs.gawk}/bin/gawk -v now=$(${pkgs.coreutils}/bin/date +%s) '
- BEGIN { print "remind=0" }
- /^[0-9]/{
- x = $1
- gsub(".", "\\\\&", x)
- rest = substr($0, index($0, " "))
- rest = $0
- sub(" *", "", rest)
- gsub(".", "\\\\&", rest)
- print "test $(${pkgs.coreutils}/bin/date +%s -d"x") -lt "now" && \
- echo \"\x1b[38;5;208m\""rest esc "\"\x1b[m\" && \
- (( remind++ ))"
- }
- END { print "test $remind = 0 && echo \"nothing to remind\"" }
- ' \
- | {
- # bash needed for (( ... ))
- ${pkgs.bash}/bin/bash
- }
+ ${pkgs.jq}/bin/jq -Rrs <"$TODO_file" -f ${pkgs.writeJq "q-todo.jq" ''
+ split("\n") | map(
+ (match("^([0-9]+-\\d{2}-\\d{2})\\s+(.*)$").captures | map(.string))
+ as $captures |
+ ($captures[0] | strptime("%Y-%m-%d") | mktime) as $date |
+ $captures[1] as $text |
+
+ select(now >= $date) |
+
+ ($text | test("\\[URGENT]"; "i")) as $urgent |
+ (if $urgent then "38;5;196" else "38;5;208" end) as $sgr |
+ if $urgent then sub("\\s*\\[URGENT]\\s*"; " "; "i") else . end |
+
+ "\u001b[\($sgr)m\(.)\u001b[m"
+ ) |
+ if length == 0 then "nothing to remind" else .[] end
+ ''}
else
echo "$TODO_file: no such file or directory"
fi