diff options
-rw-r--r-- | krebs/2configs/exim-smarthost.nix | 50 | ||||
-rw-r--r-- | krebs/3modules/default.nix | 144 | ||||
-rw-r--r-- | krebs/3modules/dns.nix | 12 | ||||
-rw-r--r-- | krebs/3modules/github-known-hosts.nix | 40 | ||||
-rw-r--r-- | krebs/3modules/hosts.nix | 36 | ||||
-rw-r--r-- | krebs/3modules/retiolum-hosts.nix | 28 | ||||
-rw-r--r-- | krebs/5pkgs/haskell/blessings.nix | 4 | ||||
-rw-r--r-- | lass/2configs/default.nix | 1 | ||||
-rw-r--r-- | makefu/2configs/default.nix | 1 | ||||
-rw-r--r-- | tv/5pkgs/simple/q/default.nix | 61 |
10 files changed, 207 insertions, 170 deletions
diff --git a/krebs/2configs/exim-smarthost.nix b/krebs/2configs/exim-smarthost.nix new file mode 100644 index 000000000..5dc24f1de --- /dev/null +++ b/krebs/2configs/exim-smarthost.nix @@ -0,0 +1,50 @@ +with import <stockholm/lib>; +{ config, ... }: let + + format = from: to: { + inherit from; + # TODO assert is-retiolum-mail-address to; + to = concatMapStringsSep "," (getAttr "mail") (toList to); + }; + +in { + krebs.exim-smarthost.internet-aliases = + mapAttrsToList format (with config.krebs.users; let + brain-ml = [ + lass + makefu + tv + ]; + eloop-ml = spam-ml ++ [ ciko ]; + spam-ml = [ + lass + makefu + tv + ]; + ciko.mail = "ciko@slash16.net"; + in { + "anmeldung@eloop.org" = eloop-ml; + "brain@krebsco.de" = brain-ml; + "cfp@eloop.org" = eloop-ml; + "kontakt@eloop.org" = eloop-ml; + "root@eloop.org" = eloop-ml; + "youtube@eloop.org" = eloop-ml; + "eloop2016@krebsco.de" = eloop-ml; + "eloop2017@krebsco.de" = eloop-ml; + "postmaster@krebsco.de" = spam-ml; # RFC 822 + "lass@krebsco.de" = lass; + "makefu@krebsco.de" = makefu; + "spam@krebsco.de" = spam-ml; + "tv@krebsco.de" = tv; + # XXX These are no internet aliases + # XXX exim-retiolum hosts should be able to relay to retiolum addresses + "lass@retiolum" = lass; + "makefu@retiolum" = makefu; + "spam@retiolum" = spam-ml; + "tv@retiolum" = tv; + "lass@r" = lass; + "makefu@r" = makefu; + "spam@r" = spam-ml; + "tv@r" = tv; + }); +} diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 2e7c61fb5..bb69bfad3 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -18,14 +18,17 @@ let ./charybdis.nix ./ci.nix ./current.nix + ./dns.nix ./exim.nix ./exim-retiolum.nix ./exim-smarthost.nix ./fetchWallpaper.nix ./github-hosts-sync.nix + ./github-known-hosts.nix ./git.nix ./go.nix ./hidden-ssh.nix + ./hosts.nix ./htgen.nix ./iana-etc.nix ./iptables.nix @@ -41,6 +44,7 @@ let ./Reaktor.nix ./realwallpaper.nix ./retiolum-bootstrap.nix + ./retiolum-hosts.nix ./rtorrent.nix ./secret.nix ./setuid.nix @@ -58,28 +62,10 @@ let api = { enable = mkEnableOption "krebs"; - dns = { - providers = mkOption { - type = with types; attrsOf str; - }; - }; - - hosts = mkOption { - type = with types; attrsOf host; - default = {}; - }; - users = mkOption { type = with types; attrsOf user; }; - # XXX is there a better place to define search-domain? - # TODO search-domains :: listOf hostname - search-domain = mkOption { - type = types.hostname; - default = "r"; - }; - sitemap = mkOption { default = {}; type = types.attrsOf types.sitemap.entry; @@ -125,6 +111,8 @@ let w = "hosts"; }; + krebs.dns.search-domain = mkDefault "r"; + krebs.users = { krebs = { home = "/krebs"; @@ -137,93 +125,6 @@ let }; }; - networking.extraHosts = let - domains = attrNames (filterAttrs (_: eq "hosts") cfg.dns.providers); - check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains; - in concatStringsSep "\n" (flatten ( - mapAttrsToList (hostname: host: - mapAttrsToList (netname: net: - let - aliases = longs ++ shorts; - longs = filter check net.aliases; - shorts = let s = ".${cfg.search-domain}"; in - map (removeSuffix s) (filter (hasSuffix s) longs); - in - optionals - (aliases != []) - (map (addr: "${addr} ${toString aliases}") net.addrs) - ) (filterAttrs (name: host: host.aliases != []) host.nets) - ) cfg.hosts - )); - - # TODO dedup with networking.extraHosts - nixpkgs.config.packageOverrides = oldpkgs: - let - domains = attrNames (filterAttrs (_: eq "hosts") cfg.dns.providers); - check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains; - in - { - retiolum-hosts = oldpkgs.writeText "retiolum-hosts" '' - ${concatStringsSep "\n" (flatten ( - map (host: - let - net = host.nets.retiolum; - aliases = longs; - longs = filter check net.aliases; - in - optionals - (aliases != []) - (map (addr: "${addr} ${toString aliases}") net.addrs) - ) (filter (host: hasAttr "retiolum" host.nets) - (attrValues cfg.hosts))))} - ''; - }; - - krebs.exim-smarthost.internet-aliases = let - format = from: to: { - inherit from; - # TODO assert is-retiolum-mail-address to; - to = concatMapStringsSep "," (getAttr "mail") (toList to); - }; - in mapAttrsToList format (with config.krebs.users; let - brain-ml = [ - lass - makefu - tv - ]; - eloop-ml = spam-ml ++ [ ciko ]; - spam-ml = [ - lass - makefu - tv - ]; - ciko.mail = "ciko@slash16.net"; - in { - "anmeldung@eloop.org" = eloop-ml; - "brain@krebsco.de" = brain-ml; - "cfp@eloop.org" = eloop-ml; - "kontakt@eloop.org" = eloop-ml; - "root@eloop.org" = eloop-ml; - "youtube@eloop.org" = eloop-ml; - "eloop2016@krebsco.de" = eloop-ml; - "eloop2017@krebsco.de" = eloop-ml; - "postmaster@krebsco.de" = spam-ml; # RFC 822 - "lass@krebsco.de" = lass; - "makefu@krebsco.de" = makefu; - "spam@krebsco.de" = spam-ml; - "tv@krebsco.de" = tv; - # XXX These are no internet aliases - # XXX exim-retiolum hosts should be able to relay to retiolum addresses - "lass@retiolum" = lass; - "makefu@retiolum" = makefu; - "spam@retiolum" = spam-ml; - "tv@retiolum" = tv; - "lass@r" = lass; - "makefu@r" = makefu; - "spam@r" = spam-ml; - "tv@r" = tv; - }); - services.openssh.hostKeys = let inherit (config.krebs.build.host.ssh) privkey; in mkIf (privkey != null) (mkForce [privkey]); @@ -238,31 +139,6 @@ let }; }) // - { - github = { - hostNames = [ - "github.com" - # List generated with - # curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob - "192.30.252.*" - "192.30.253.*" - "192.30.254.*" - "192.30.255.*" - "185.199.108.*" - "185.199.109.*" - "185.199.110.*" - "185.199.111.*" - "13.229.188.59" - "13.250.177.223" - "18.194.104.89" - "18.195.85.27" - "35.159.8.160" - "52.74.223.119" - ]; - publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; - }; - } - // mapAttrs (name: host: { hostNames = @@ -272,8 +148,8 @@ let let longs = net.aliases; shorts = - map (removeSuffix ".${cfg.search-domain}") - (filter (hasSuffix ".${cfg.search-domain}") + map (removeSuffix ".${cfg.dns.search-domain}") + (filter (hasSuffix ".${cfg.dns.search-domain}") longs); add-port = a: if net.ssh.port != 22 @@ -297,8 +173,8 @@ let (concatMap (host: attrValues host.nets) (mapAttrsToList (_: host: recursiveUpdate host - (optionalAttrs (hasAttr config.krebs.search-domain host.nets) { - nets."" = host.nets.${config.krebs.search-domain} // { + (optionalAttrs (hasAttr cfg.dns.search-domain host.nets) { + nets."" = host.nets.${cfg.dns.search-domain} // { aliases = [host.name]; addrs = []; }; diff --git a/krebs/3modules/dns.nix b/krebs/3modules/dns.nix new file mode 100644 index 000000000..b7e2a2cbb --- /dev/null +++ b/krebs/3modules/dns.nix @@ -0,0 +1,12 @@ +with import <stockholm/lib>; +{ + options = { + krebs.dns.providers = mkOption { + type = types.attrsOf types.str; + }; + + krebs.dns.search-domain = mkOption { + type = types.hostname; + }; + }; +} diff --git a/krebs/3modules/github-known-hosts.nix b/krebs/3modules/github-known-hosts.nix new file mode 100644 index 000000000..def06f17a --- /dev/null +++ b/krebs/3modules/github-known-hosts.nix @@ -0,0 +1,40 @@ +{ + services.openssh.knownHosts.github = { + hostNames = [ + "github.com" + # List generated with + # curl -sS https://api.github.com/meta | jq -r .git[] | nix-shell -p cidr2glob --run cidr2glob | jq -R . + "192.30.252.*" + "192.30.253.*" + "192.30.254.*" + "192.30.255.*" + "185.199.108.*" + "185.199.109.*" + "185.199.110.*" + "185.199.111.*" + "140.82.112.*" + "140.82.113.*" + "140.82.114.*" + "140.82.115.*" + "140.82.116.*" + "140.82.117.*" + "140.82.118.*" + "140.82.119.*" + "140.82.120.*" + "140.82.121.*" + "140.82.122.*" + "140.82.123.*" + "140.82.124.*" + "140.82.125.*" + "140.82.126.*" + "140.82.127.*" + "13.229.188.59" + "13.250.177.223" + "18.194.104.89" + "18.195.85.27" + "35.159.8.160" + "52.74.223.119" + ]; + publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; + }; +} diff --git a/krebs/3modules/hosts.nix b/krebs/3modules/hosts.nix new file mode 100644 index 000000000..a95557b3d --- /dev/null +++ b/krebs/3modules/hosts.nix @@ -0,0 +1,36 @@ +with import <stockholm/lib>; +{ config, ... }: let + # TODO dedup functions with ./retiolum-hosts.nix + check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains; + domains = attrNames (filterAttrs (_: eq "hosts") config.krebs.dns.providers); +in { + + options = { + krebs.hosts = mkOption { + default = {}; + type = types.attrsOf types.host; + }; + }; + + config = { + networking.extraHosts = + concatStringsSep + "\n" + (flatten + (mapAttrsToList + (hostname: host: + mapAttrsToList + (netname: net: let + aliases = longs ++ shorts; + longs = filter check net.aliases; + shorts = let s = ".${config.krebs.dns.search-domain}"; in + map (removeSuffix s) (filter (hasSuffix s) longs); + in + optionals + (aliases != []) + (map (addr: "${addr} ${toString aliases}") net.addrs)) + (filterAttrs (name: host: host.aliases != []) host.nets)) + config.krebs.hosts)); + }; + +} diff --git a/krebs/3modules/retiolum-hosts.nix b/krebs/3modules/retiolum-hosts.nix new file mode 100644 index 000000000..ddf85ead7 --- /dev/null +++ b/krebs/3modules/retiolum-hosts.nix @@ -0,0 +1,28 @@ +with import <stockholm/lib>; +{ config, ... }: let + # TODO dedup functions with ./hosts.nix + check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains; + domains = attrNames (filterAttrs (_: eq "hosts") config.krebs.dns.providers); +in { + nixpkgs.config.packageOverrides = super: { + retiolum-hosts = + super.writeText "retiolum-hosts" '' + ${ + concatStringsSep + "\n" + (flatten + (map + (host: let + net = host.nets.retiolum; + aliases = longs; + longs = filter check net.aliases; + in + optionals + (aliases != []) + (map (addr: "${addr} ${toString aliases}") net.addrs)) + (filter (host: hasAttr "retiolum" host.nets) + (attrValues config.krebs.hosts)))) + } + ''; + }; +} diff --git a/krebs/5pkgs/haskell/blessings.nix b/krebs/5pkgs/haskell/blessings.nix index 59c5b7984..19f8da19d 100644 --- a/krebs/5pkgs/haskell/blessings.nix +++ b/krebs/5pkgs/haskell/blessings.nix @@ -7,8 +7,8 @@ with import <stockholm/lib>; sha256 = "1k908zap3694fcxdk4bb29s54b0lhdh557y10ybjskfwnym7szn1"; }; "18.09" = { - version = "1.2.0"; - sha256 = "03hz43ixww0h4fwxqrlrlvmj3pxswhb50ijaapwjz8457il2r300"; + version = "1.3.0"; + sha256 = "1y9jhh9pchrr48zgfib2jip97x1fkm7qb1gnfx477rmmryjs500h"; }; }.${versions.majorMinor nixpkgsVersion}; diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 62a42baf9..69e697a1d 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -72,7 +72,6 @@ with import <stockholm/lib>; krebs = { enable = true; - search-domain = "r"; build.user = config.krebs.users.lass; }; diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index d66b492a4..177114a49 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -36,7 +36,6 @@ with import <stockholm/lib>; enable = true; dns.providers.lan = "hosts"; - search-domain = "r"; build.user = config.krebs.users.makefu; }; diff --git a/tv/5pkgs/simple/q/default.nix b/tv/5pkgs/simple/q/default.nix index cbcec1bae..7906b968f 100644 --- a/tv/5pkgs/simple/q/default.nix +++ b/tv/5pkgs/simple/q/default.nix @@ -14,7 +14,7 @@ let assert n >= 1; n * calwidth + (n - 1) * hspace; - pad = ''{ + pad = /* sh */ ''{ ${pkgs.gnused}/bin/sed ' # rtrim s/ *$// @@ -31,7 +31,7 @@ let s/^[ 1-9][0-9]/[38;5;238;1m&[39;22m/ ' }''; - in '' + in /* sh */ '' cols=$(${pkgs.ncurses}/bin/tput cols) ${pkgs.coreutils}/bin/paste \ <(if test $cols -ge ${toString (need_width 3)}; then @@ -59,24 +59,24 @@ let ' ''; - q-isodate = '' + q-isodate = /* sh */ '' ${pkgs.coreutils}/bin/date \ '+[1m%Y-%m-%d[;30mT[;38;5;085m%H:%M[m:%S%:z' ''; # Singapore's red is #ED2E38 - q-sgtdate = '' + q-sgtdate = /* sh */ '' TZ=Asia/Singapore \ ${pkgs.coreutils}/bin/date \ '+[1m%Y-%m-%d[;30mT[;38;5;088m%H:%M[m:%S%:z' ''; - q-utcdate = '' + q-utcdate = /* sh */ '' ${pkgs.coreutils}/bin/date -u \ '+[1m%Y-%m-%d[;30mT[;38;5;065m%H:%M[m:%S%:z' ''; - q-gitdir = '' + q-gitdir = /* sh */ '' if test -d .git; then #git status --porcelain branch=$( @@ -87,7 +87,7 @@ let fi ''; - q-intel_backlight = '' + q-intel_backlight = /* sh */ '' cd /sys/class/backlight/intel_backlight </dev/null exec ${pkgs.gawk}/bin/awk ' END { @@ -227,11 +227,11 @@ let done ''; - q-virtualization = '' + q-virtualization = /* sh */ '' echo "VT: $(${pkgs.systemd}/bin/systemd-detect-virt)" ''; - q-wireless = '' + q-wireless = /* sh */ '' for dev in $( ${pkgs.iw}/bin/iw dev \ | ${pkgs.gnused}/bin/sed -n 's/^\s*Interface\s\+\([0-9a-z]\+\)$/\1/p' @@ -250,7 +250,7 @@ let done ''; - q-online = '' + q-online = /* sh */ '' if ${pkgs.curl}/bin/curl -s google.com >/dev/null; then echo '[32;1monline[m' else @@ -258,7 +258,7 @@ let fi ''; - q-thermal_zone = '' + q-thermal_zone = /* sh */ '' for i in /sys/class/thermal/thermal_zone*; do type=$(${pkgs.coreutils}/bin/cat $i/type) temp=$(${pkgs.coreutils}/bin/cat $i/temp) @@ -266,29 +266,26 @@ let done ''; - q-todo = '' + q-todo = /* sh */ '' TODO_file=$PWD/TODO if test -e "$TODO_file"; then - ${pkgs.coreutils}/bin/cat "$TODO_file" \ - | ${pkgs.gawk}/bin/gawk -v now=$(${pkgs.coreutils}/bin/date +%s) ' - BEGIN { print "remind=0" } - /^[0-9]/{ - x = $1 - gsub(".", "\\\\&", x) - rest = substr($0, index($0, " ")) - rest = $0 - sub(" *", "", rest) - gsub(".", "\\\\&", rest) - print "test $(${pkgs.coreutils}/bin/date +%s -d"x") -lt "now" && \ - echo \"\x1b[38;5;208m\""rest esc "\"\x1b[m\" && \ - (( remind++ ))" - } - END { print "test $remind = 0 && echo \"nothing to remind\"" } - ' \ - | { - # bash needed for (( ... )) - ${pkgs.bash}/bin/bash - } + ${pkgs.jq}/bin/jq -Rrs <"$TODO_file" -f ${pkgs.writeJq "q-todo.jq" '' + split("\n") | map( + (match("^([0-9]+-\\d{2}-\\d{2})\\s+(.*)$").captures | map(.string)) + as $captures | + ($captures[0] | strptime("%Y-%m-%d") | mktime) as $date | + $captures[1] as $text | + + select(now >= $date) | + + ($text | test("\\[URGENT]"; "i")) as $urgent | + (if $urgent then "38;5;196" else "38;5;208" end) as $sgr | + if $urgent then sub("\\s*\\[URGENT]\\s*"; " "; "i") else . end | + + "\u001b[\($sgr)m\(.)\u001b[m" + ) | + if length == 0 then "nothing to remind" else .[] end + ''} else echo "$TODO_file: no such file or directory" fi |