summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/2configs/syncthing.nix8
-rw-r--r--krebs/3modules/acl.nix55
-rw-r--r--krebs/3modules/ci.nix2
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/external/default.nix25
-rw-r--r--krebs/3modules/external/kmein.nix1
-rw-r--r--krebs/3modules/external/mic92.nix52
-rw-r--r--krebs/3modules/makefu/default.nix6
-rw-r--r--krebs/3modules/sync-containers.nix2
-rw-r--r--krebs/3modules/tinc.nix18
-rw-r--r--krebs/5pkgs/simple/krebsdance/default.nix157
-rw-r--r--krebs/5pkgs/simple/reaktor2-plugins.nix6
-rw-r--r--krebs/nixpkgs-unstable.json8
-rw-r--r--krebs/nixpkgs.json8
-rw-r--r--lass/1systems/mors/config.nix1
-rw-r--r--lass/1systems/prism/config.nix1
-rw-r--r--lass/2configs/fysiirc.nix42
-rw-r--r--lass/2configs/hass/default.nix13
-rw-r--r--lass/2configs/hass/zigbee.nix2
-rw-r--r--lass/2configs/murmur.nix6
-rw-r--r--lass/2configs/radio-news.nix52
-rw-r--r--lass/2configs/radio.nix60
-rw-r--r--lass/2configs/retiolum.nix8
-rw-r--r--lass/2configs/sync/decsync.nix2
-rw-r--r--lass/2configs/sync/sync.nix2
-rw-r--r--lass/2configs/sync/the_playlist.nix9
-rw-r--r--lass/2configs/sync/weechat.nix2
-rw-r--r--lib/types.nix4
-rw-r--r--makefu/0tests/data/secrets/syncthing.cert0
-rw-r--r--makefu/0tests/data/secrets/syncthing.key0
-rw-r--r--makefu/0tests/data/secrets/tonie.env2
-rw-r--r--makefu/0tests/data/secrets/wbobPassword.nix1
-rw-r--r--makefu/1systems/gum/config.nix10
-rw-r--r--makefu/2configs/sync/default.nix22
-rw-r--r--makefu/2configs/tinc/retiolum.nix10
35 files changed, 482 insertions, 116 deletions
diff --git a/krebs/2configs/syncthing.nix b/krebs/2configs/syncthing.nix
index 125e2aea4..dac1863d5 100644
--- a/krebs/2configs/syncthing.nix
+++ b/krebs/2configs/syncthing.nix
@@ -8,11 +8,9 @@ in {
services.syncthing = {
enable = true;
configDir = "/var/lib/syncthing";
- declarative = {
- devices = mk_peers used_peers;
- key = toString <secrets/syncthing.key>;
- cert = toString <secrets/syncthing.cert>;
- };
+ devices = mk_peers used_peers;
+ key = toString <secrets/syncthing.key>;
+ cert = toString <secrets/syncthing.cert>;
};
boot.kernel.sysctl."fs.inotify.max_user_watches" = 524288;
diff --git a/krebs/3modules/acl.nix b/krebs/3modules/acl.nix
new file mode 100644
index 000000000..9cdbb6cff
--- /dev/null
+++ b/krebs/3modules/acl.nix
@@ -0,0 +1,55 @@
+{ config, lib, pkgs, ... }: let
+ parents = dir:
+ if dir == "/" then
+ [ dir ]
+ else
+ [ dir ] ++ parents (builtins.dirOf dir)
+ ;
+in {
+ options.krebs.acl = lib.mkOption {
+ type = lib.types.attrsOf (lib.types.attrsOf (lib.types.submodule ({ config, ... }: {
+ options = {
+ rule = lib.mkOption {
+ type = lib.types.str;
+ default = config._module.args.name;
+ };
+ default = lib.mkOption {
+ type = lib.types.bool;
+ default = !config.parents;
+ };
+ recursive = lib.mkOption {
+ type = lib.types.bool;
+ default = !config.parents;
+ };
+ parents = lib.mkOption {
+ type = lib.types.bool;
+ default = false;
+ description = ''
+ apply ACL to every parent folder
+ '';
+ };
+ };
+ })));
+ default = {};
+ };
+ config = {
+ systemd.services = lib.mapAttrs' (path: rules: lib.nameValuePair "acl-${lib.replaceChars ["/"] ["_"] path}" {
+ wantedBy = [ "multi-user.target" ];
+ path = [
+ pkgs.acl
+ pkgs.coreutils
+ ];
+ serviceConfig = {
+ ExecStart = pkgs.writers.writeDash "acl" (lib.concatStrings (
+ lib.mapAttrsToList (_: rule: ''
+ setfacl -${lib.optionalString rule.recursive "R"}m ${rule.rule} ${path}
+ ${lib.optionalString rule.default "setfacl -${lib.optionalString rule.recursive "R"}dm ${rule.rule} ${path}"}
+ ${lib.optionalString rule.parents (lib.concatMapStringsSep "\n" (folder: "setfacl -m ${rule.rule} ${folder}") (parents path))}
+ '') rules
+ ));
+ RemainAfterExit = true;
+ Type = "simple";
+ };
+ }) config.krebs.acl;
+ };
+}
diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix
index 822dbab61..5efe41786 100644
--- a/krebs/3modules/ci.nix
+++ b/krebs/3modules/ci.nix
@@ -166,6 +166,8 @@ let
nick = "buildbot|${hostname}",
notify_events = [ 'started', 'finished', 'failure', 'success', 'exception', 'problem' ],
channels = [{"channel": "#xxx"}],
+ showBlameList = True,
+ authz={'force': True},
)
''];
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index e8f0d35e4..fc57d8188 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -6,6 +6,7 @@ let
out = {
imports = [
+ ./acl.nix
./airdcpp.nix
./announce-activation.nix
./apt-cacher-ng.nix
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index 1b51f0223..cc67c1a0a 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -563,6 +563,31 @@ in {
};
};
};
+ alsace = {
+ owner = config.krebs.users.xkey;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.73.31";
+ aliases = [ "alsace.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAn9mZHXfUcR1/oby6KB1Z8s1AAuie4l5G624r0UqbWu+4xowFIeZs
+ kv2dqd+yiqammAA9P207ooLbGBp+P6i4f5VMCemkCnv0sC1TJ+DNwYqWYcFRZE7I
+ j00fw/QI9d6L1c4CqZHJPQXEHG3v46qPuUow8FDJ6fjoBmy6biHjSd0XC7oHGqRh
+ GE5RolnqUiQhW0b4TkHJV4yUfVki+olxQtYd4xIHs1hcSqoMK898jsPX5cLgoCzR
+ NPZVyHf2BM0urPn4mu/th4ZDKpQtrqeI7h6yhnzJ0onhtValwHiA3/DcHcWmYvHC
+ vw6umyiCqFDx2kmzOnpkBWv65ugKUwDSZR8ibp3q7W9iPBiCPv0FtKXsQW9EngSS
+ asQWC8U6cB23nKuMYQrtD33fVwYn58FBIY6+avroc7XN5cPM/9VBHqyXSDZNAWtt
+ TwC/sXFWqT6AbTwLV6zY1TW4jiwKOh3KAVnHqQhUhNlEMk6EFOjR1CABSwUVXleR
+ 5whr1RbKAsrhqMprGKHndvxLXjbKSh6A0bVdOLOzSs7BME2Oi1OdHd6tqqYmcyuV
+ XQnFcOYKxF0RM83/V8rEgvVisIxXTGVrGw8Kse7PGFA1dGldptTC6kofLUxzADNw
+ bRnXtRk8VR0BBzTuPNDgUXL2XQLht6FwDKCA/En2vId98yc2uuDk468CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "lPvwNm2mfF+rX3noqt+80c7nlDCpC+98JPLWx2jJRLN";
+ };
+ };
+ };
papawhakaaro = {
owner = config.krebs.users.feliks;
nets = {
diff --git a/krebs/3modules/external/kmein.nix b/krebs/3modules/external/kmein.nix
index 9ef079090..1e4a68057 100644
--- a/krebs/3modules/external/kmein.nix
+++ b/krebs/3modules/external/kmein.nix
@@ -123,6 +123,7 @@ in
"zaatar.kmein.r"
"grocy.kmein.r"
"moodle.kmein.r"
+ "radio.kmein.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix
index 27a2beed6..db57b5944 100644
--- a/krebs/3modules/external/mic92.nix
+++ b/krebs/3modules/external/mic92.nix
@@ -95,7 +95,6 @@ in {
owner = config.krebs.users.mic92;
nets = {
retiolum = {
- ip4.addr = "10.243.29.189";
aliases = [
"dimitriosxps.r"
];
@@ -173,7 +172,12 @@ in {
};
retiolum = {
via = internet;
- aliases = [ "eve.r" "tts.r" ];
+ aliases = [
+ "eve.r"
+ "tts.r"
+ "flood.r"
+ "navidrome.r"
+ ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH
@@ -279,25 +283,6 @@ in {
'';
};
};
- philipsaendig = {
- owner = config.krebs.users.mic92;
- nets.retiolum = {
- ip4.addr = "10.243.29.193";
- aliases = [
- "philipsaendig.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAyWdCrXD0M9CIt0ZgVB6W5ozOvLDoxPmGzLBJUnAZV8f9oqfaIEIX
- 5TIaxozN3QMEgS0ChaOHTNFiQZjiiwJL/wPx1eFvKfDkkn7ayrRS/pP+bKhcDpKl
- 4tPejipee9T2ZhYg9tbk291CDBe1fHR5S2F8kPm8OuqwE2Fv9N8wldcsDLxHcTZl
- +wp4Oe/Wn5WLvZb3SUao17vKnNBLfMMCGC01yRfhZub41NkGYVWBjErsIVxQ+/rF
- Y7DdCekus+BQCKz+beEmtzG7d0Xwqwkif51HQ05CvwFNEtdUGodd8OrIO+gpIV6S
- oN+Q5zxsenLo6QRfsLD+nn7A7qbzd57kUwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
yasmin = {
owner = config.krebs.users.mic92;
nets.internet = {
@@ -306,7 +291,6 @@ in {
aliases = [ "yasmin.i" ];
};
nets.retiolum = {
- ip4.addr = "10.243.29.197";
aliases = [
"yasmin.r"
];
@@ -414,7 +398,6 @@ in {
};
retiolum = {
via = internet;
- ip4.addr = "10.243.29.195";
aliases = [ "bill.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -445,7 +428,6 @@ in {
};
retiolum = {
via = internet;
- ip4.addr = "10.243.29.173";
aliases = [ "nardole.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -470,7 +452,6 @@ in {
owner = config.krebs.users.mic92;
nets = {
retiolum = {
- ip4.addr = "10.243.29.171";
aliases = [
"rock.r"
];
@@ -736,7 +717,6 @@ in {
};
retiolum = {
via = internet;
- ip4.addr = "10.243.29.198";
aliases = [ "ryan.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -764,7 +744,6 @@ in {
};
retiolum = {
via = internet;
- ip4.addr = "10.243.29.199";
aliases = [ "graham.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -890,5 +869,24 @@ in {
};
};
};
+ hal9000 = {
+ owner = config.krebs.users.mic92;
+ nets = rec {
+ retiolum = {
+ aliases = [ "hal9000.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA5aunzoz6WIjeQgfibml6T+UNsXXcoglhCqRkun7WaSHE93SQcCil
+ CDoUoq2aeiGTZ189LgdSyeRL7qmBzgVExIT4NlhfBCkNbHB/sz6epBb9qx49hLh5
+ K/tJfUBYKRd06ymSXPK+cCiO0/gM8fjzI+3GMlYvcbZ+ow11zTRgX/QB2lE1G8cW
+ Obh/nS0af7G6wmovHsKEpry5AxoAPLLi5JaP4hlc/i0iCbebMqb+szF0KBAbmDg3
+ JQ4MYIyQOw9kk7hfqTNFEvJhpbV66id2+ZIHX6QAw7OHBpaY6ZWFd/w2BkJHeayb
+ 2jRnsJd0YgautgBGrBrjRWiVmn/f+lJ4XQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "krVYgJo5OFZkyUOgasH9dFve4OI3ewpt8IFhCPan7mB";
+ };
+ };
+ };
};
}
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 62316bfdb..f87802b45 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -102,6 +102,7 @@ in {
x = {
ci = true;
cores = 4;
+ syncthing.id = "OA36OF6-JEFCUJQ-OEYVTMH-DPCACQI-3AJRE5G-BFVMOUG-RPYJQE3-4ZCUWA5";
nets = {
retiolum.ip4.addr = "10.243.0.91";
wiregrill = {
@@ -121,7 +122,7 @@ in {
omo = rec {
ci = true;
cores = 2;
-
+ syncthing.id = "Y5OTK3S-JOJLAUU-KTBXKUW-M7S5UEQ-MMQPUK2-7CXO5V6-NOUDLKP-PRGAFAK";
nets = {
retiolum = {
ip4.addr = "10.243.0.89";
@@ -218,6 +219,9 @@ in {
retiolum = {
via = internet;
ip4.addr = "10.243.0.213";
+ # never connect via gum (he eats your packets!)
+ tinc.weight = 9001;
+
aliases = [
"gum.r"
"backup.makefu.r"
diff --git a/krebs/3modules/sync-containers.nix b/krebs/3modules/sync-containers.nix
index e47f9a3a7..e2caa0834 100644
--- a/krebs/3modules/sync-containers.nix
+++ b/krebs/3modules/sync-containers.nix
@@ -97,7 +97,7 @@ in {
${pkgs.coreutils}/bin/chmod a+x /var/lib/containers || :
'';
- services.syncthing.declarative.folders = (mapAttrs' (_: ctr: nameValuePair "${(paths ctr.name).${ctr.format}}" ({
+ services.syncthing.folders = (mapAttrs' (_: ctr: nameValuePair "${(paths ctr.name).${ctr.format}}" ({
devices = ctr.peers;
ignorePerms = false;
})) cfg.containers);
diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix
index 21ddde1c6..bc85aa0a6 100644
--- a/krebs/3modules/tinc.nix
+++ b/krebs/3modules/tinc.nix
@@ -26,7 +26,7 @@ with import <stockholm/lib>;
${tinc.config.extraConfig}
'';
"tinc-up" = pkgs.writeDash "${netname}-tinc-up" ''
- ${tinc.config.iproutePackage}/sbin/ip link set ${netname} up
+ ip link set ${netname} up
${tinc.config.tincUp}
'';
});
@@ -48,7 +48,7 @@ with import <stockholm/lib>;
};
extraConfig = mkOption {
- type = types.str;
+ type = types.lines;
default = "";
description = ''
Extra Configuration to be appended to tinc.conf
@@ -58,15 +58,14 @@ with import <stockholm/lib>;
type = types.str;
default = let
net = tinc.config.host.nets.${netname};
- iproute = tinc.config.iproutePackage;
in ''
${optionalString (net.ip4 != null) /* sh */ ''
- ${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${netname}
- ${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${netname}
+ ip -4 addr add ${net.ip4.addr} dev ${netname}
+ ip -4 route add ${net.ip4.prefix} dev ${netname}
''}
${optionalString (net.ip6 != null) /* sh */ ''
- ${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname}
- ${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname}
+ ip -6 addr add ${net.ip6.addr} dev ${netname}
+ ip -6 route add ${net.ip6.prefix} dev ${netname}
''}
${tinc.config.tincUpExtra}
'';
@@ -176,7 +175,7 @@ with import <stockholm/lib>;
connectTo = mkOption {
type = types.listOf types.str;
${if netname == "retiolum" then "default" else null} = [
- "gum"
+ "eve"
"ni"
"prism"
];
@@ -233,6 +232,7 @@ with import <stockholm/lib>;
cfg.iproutePackage
cfg.tincPackage
];
+ reloadIfChanged = true;
serviceConfig = {
Restart = "always";
LoadCredential = filter (x: x != "") [
@@ -260,7 +260,7 @@ with import <stockholm/lib>;
"-o PrivateKeyFile=\${CREDENTIALS_DIRECTORY}/rsa_key"
"--pidfile=/var/run/tinc.${netname}.pid"
];
- ExecReload = "${cfg.tincPackage}/sbin/tinc -n ${netname} reload";
+ ExecReload = "${cfg.tincPackage}/sbin/tinc -n ${netname} restart";
SyslogIdentifier = netname;
};
}) config.krebs.tinc;
diff --git a/krebs/5pkgs/simple/krebsdance/default.nix b/krebs/5pkgs/simple/krebsdance/default.nix
new file mode 100644
index 000000000..cdfe23ef2
--- /dev/null
+++ b/krebs/5pkgs/simple/krebsdance/default.nix
@@ -0,0 +1,157 @@
+{ writers }:
+writers.writePython3Bin "krebsdance" { flakeIgnore = [ "E501" ]; } ''
+ import argparse
+ import random
+ import itertools
+
+ claws = [
+ dict(
+ up="(\\/)",
+ down="(/\\)",
+ left="(\\\\)",
+ right="(//)",
+ ),
+ dict(
+ up="(V)",
+ down="(A)",
+ left=">)=",
+ right="=(<",
+ ),
+ dict(
+ up="(U)",
+ down="(n)",
+ left=")==",
+ right="==(",
+ ),
+ ]
+
+ eyes = [
+ "°",
+ "*",
+ "^",
+ "ö",
+ "o",
+ "O",
+ "X",
+ "x",
+ "U",
+ "u",
+ ]
+
+ bodies = [
+ dict(
+ left="(",
+ right=")",
+ ),
+ dict(
+ left="{",
+ right="}",
+ ),
+ dict(
+ left="[",
+ right="]",
+ ),
+ dict(
+ left="<",
+ right=">",
+ ),
+ dict(
+ left="|",
+ right="|",
+ ),
+ ]
+
+ mouths = [
+ ",,,,",
+ ",mm,",
+ "_mm_",
+ "-mm-",
+ ";;;;",
+ ";mm;",
+ ":mm:",
+ "::::",
+ ":ww:",
+ ":<>:",
+ ]
+
+
+ def all_krebses():
+ for mouth, body, eye, claw in itertools.product(mouths, bodies, eyes, claws):
+ yield f'{claw["up"]} {body["left"]}{eye}{mouth}{eye}{body["right"]} {claw["up"]}'
+
+
+ def escape_graph(text):
+ return text.replace("\\", "\\\\")
+
+
+ def krebs_graph() -> str:
+ return "\n".join(itertools.chain(
+ ["digraph {"],
+ [escape_graph(f'"{krebs}"->"{generate(seed=krebs)}"') for krebs in all_krebses()],
+ "}",
+ ))
+
+
+ def generate(*, seed: str, dancing: bool = False) -> str:
+ if seed:
+ random.seed(seed)
+ clawstyle = random.choice(claws)
+ body = random.choice(bodies)
+ eye = random.choice(eyes)
+ mouth = random.choice(mouths)
+ if dancing:
+ return "\n".join(
+ [
+ f'{clawstyle["down"]} {body["left"]}{eye}{mouth}{eye}{body["right"]}{clawstyle["up"]}',
+ f'{clawstyle["left"]}{body["left"]}{eye}{mouth}{eye}{body["right"]} {clawstyle["right"]}',
+ f'{clawstyle["right"]} {body["left"]}{eye}{mouth}{eye}{body["right"]} {clawstyle["left"]}',
+ f'{clawstyle["down"]}{body["left"]}{eye}{mouth}{eye}{body["right"]}{clawstyle["down"]}',
+ ]
+ )
+ else:
+ return f'{clawstyle["up"]} {body["left"]}{eye}{mouth}{eye}{body["right"]} {clawstyle["up"]}'
+
+
+ def fixpoints():
+ for krebs in all_krebses():
+ if generate(seed=krebs) == krebs:
+ yield krebs
+
+
+ def main():
+ parser = argparse.ArgumentParser()
+
+ parser.add_argument(
+ "seed",
+ nargs="?",
+ help="random seed to use for generating the krebs variant",
+ )
+
+ parser.add_argument(
+ "--dance",
+ "-d",
+ dest="dance",
+ help="if the krebs should dance",
+ default=False,
+ action="store_true",
+ )
+
+ parser.add_argument(
+ "--mode",
+ "-m",
+ dest="mode",
+ choices=["graphviz", "plain"],
+ default="plain",
+ )
+
+ args = parser.parse_args()
+
+ if args.mode == "plain":
+ print(generate(seed=args.seed, dancing=args.dance))
+ elif args.mode == "graphviz":
+ print(krebs_graph())
+
+
+ if __name__ == "__main__":
+ main()
+''
diff --git a/krebs/5pkgs/simple/reaktor2-plugins.nix b/krebs/5pkgs/simple/reaktor2-plugins.nix
index 54aaf246a..052e389a6 100644
--- a/krebs/5pkgs/simple/reaktor2-plugins.nix
+++ b/krebs/5pkgs/simple/reaktor2-plugins.nix
@@ -23,11 +23,7 @@ rec {
dance = {
filename = pkgs.writeDash "dance" ''
- echo "<(^.^<)"
- echo "<(^.^)>"
- echo "(>^.^)>"
- echo "(7^.^)7"
- echo "(>^.^<)"
+ ${pkgs.krebsdance}/bin/krebsdance --dance "$@";
'';
};
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index e8b6076a4..12afe0e9c 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "689b76bcf36055afdeb2e9852f5ecdd2bf483f87",
- "date": "2022-01-23T03:10:13+01:00",
- "path": "/nix/store/s6kxwpz8k02mg1wqsf06bsjygwi6xr6j-nixpkgs",
- "sha256": "08d38db4707jdm3gws82y6bynh6k8qal4s1cms9zqd9cdwcmylyj",
+ "rev": "60c52a73f1d5858020ac4f161cd5bf1c9650f8b8",
+ "date": "2022-02-07T23:59:33+00:00",
+ "path": "/nix/store/5w1yn77d2b44wq0w7b8cqqqfap2897n2-nixpkgs",
+ "sha256": "1xyi4xag084ikcbis3iixpvfsmlfm2s105j58770x7k24mkrif7n",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 001371820..22d465b27 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "604c44137d97b5111be1ca5c0d97f6e24fbc5c2c",
- "date": "2022-01-23T10:04:55-08:00",
- "path": "/nix/store/r22j0r232a5y02yhd1avaw27zqdbhx1x-nixpkgs",
- "sha256": "0gzhigyn8f7vps4a5vc1c8wbim59724s179a7d0h3gv6ss9avdj4",
+ "rev": "521e4d7d13b09bc0a21976b9d19abd197d4e3b1e",
+ "date": "2022-02-07T00:29:53+00:00",
+ "path": "/nix/store/pvmrsiy8k37nwg18g7230g5kasbsf132-nixpkgs",
+ "sha256": "156b4wnm6y6lg0gz09mp48rd0mhcdazr5s888c4lbhlpn3j8h042",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 4d042de22..dd479f267 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -26,6 +26,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/sync/sync.nix>
<stockholm/lass/2configs/sync/decsync.nix>
<stockholm/lass/2configs/sync/weechat.nix>
+ <stockholm/lass/2configs/sync/the_playlist.nix>
#<stockholm/lass/2configs/c-base.nix>
<stockholm/lass/2configs/br.nix>
<stockholm/lass/2configs/ableton.nix>
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index a082ea623..c62091428 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -114,6 +114,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/exim-smarthost.nix>
<stockholm/lass/2configs/privoxy-retiolum.nix>
<stockholm/lass/2configs/radio.nix>
+ <stockholm/lass/2configs/radio-news.nix>
<stockholm/lass/2configs/binary-cache/server.nix>
<stockholm/lass/2configs/iodined.nix>
<stockholm/lass/2configs/paste.nix>
diff --git a/lass/2configs/fysiirc.nix b/lass/2configs/fysiirc.nix
index d2aaa73c5..f3c1d5b7c 100644
--- a/lass/2configs/fysiirc.nix
+++ b/lass/2configs/fysiirc.nix
@@ -1,5 +1,33 @@
-{ config, lib, pkgs, ... }:
-{
+{ config, lib, pkgs, ... }: let
+
+ format-github-message = pkgs.writeDashBin "format-github-message" ''
+ set -xefu
+ export PATH=${lib.makeBinPath [
+ pkgs.jq
+ ]}
+ INPUT=$(jq -c .)
+ if $(echo "$INPUT" | jq 'has("issue") or has("pull_request")'); then
+ ${write_to_irc} "$(echo "$INPUT" | jq -r '
+ "\(.action): " +
+ "[\(.issue.title // .pull_request.title)] " +
+ "\(.comment.html_url // .issue.html_url // .pull_request.html_url) " +
+ "by \(.comment.user.login // .issue.user.login // .pull_request.user.login)"
+ ')"
+ fi
+ '';
+
+ write_to_irc = pkgs.writeDash "write_to_irc" ''
+ ${pkgs.curl}/bin/curl -fsSv http://localhost:44001 \
+ -H content-type:application/json \
+ -d "$(${pkgs.jq}/bin/jq -n \
+ --arg text "$1" '{
+ command:"PRIVMSG",
+ params:["#fysi",$text]
+ }'
+ )"
+ '';
+
+in {
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 44002"; target = "ACCEPT"; }
];
@@ -26,20 +54,14 @@
name = "reaktor2-fysiweb-github";
};
script = ''. ${pkgs.writeDash "github-irc" ''
+ set -efu
case "$Method $Request_URI" in
"POST /")
payload=$(head -c "$req_content_length" \
| sed 's/+/ /g;s/%\(..\)/\\x\1/g;' \
| xargs -0 echo -e \
)
- ${pkgs.curl}/bin/curl -fsSv http://localhost:44001/ \
- -H content-type:application/json \
- -d "$(echo "$payload" | ${pkgs.jq}/bin/jq \
- '{
- command:"PRIVMSG",
- params:["#fysi", "\(.action): \(.comment.html_url // .issue.html_url // .pull_request.html_url)"]
- }'
- )"
+ echo "$payload" | ${format-github-message}/bin/format-github-message
printf 'HTTP/1.1 200 OK\r\n'
printf 'Connection: close\r\n'
printf '\r\n'
diff --git a/lass/2configs/hass/default.nix b/lass/2configs/hass/default.nix
index 4ed0bfa5f..8f93e0cec 100644
--- a/lass/2configs/hass/default.nix
+++ b/lass/2configs/hass/default.nix
@@ -1,12 +1,6 @@
{ config, lib, pkgs, ... }:
with import ./lib.nix { inherit lib; };
let
- unstable = import (pkgs.fetchFromGitHub {
- owner = "nixos";
- repo = "nixpkgs";
- rev = (lib.importJSON ../../../krebs/nixpkgs-unstable.json).rev;
- sha256 = (lib.importJSON ../../../krebs/nixpkgs-unstable.json).sha256;
- }) {};
dwdwfsapi = pkgs.python3Packages.buildPythonPackage rec {
pname = "dwdwfsapi";
version = "1.0.3";
@@ -35,17 +29,14 @@ in {
{ predicate = "-i int0 -p tcp --dport 1883"; target = "ACCEPT"; } # mosquitto
{ predicate = "-i docker0 -p tcp --dport 1883"; target = "ACCEPT"; } # mosquitto
{ predicate = "-i int0 -p tcp --dport 8123"; target = "ACCEPT"; } # hass
- { predicate = "-i int0 -p tcp --dport 1337"; target = "ACCEPT"; } # hass
+ { predicate = "-i int0 -p tcp --dport 1337"; target = "ACCEPT"; } # zigbee2mqtt frontend
{ predicate = "-i retiolum -p tcp --dport 8123"; target = "ACCEPT"; } # hass
- { predicate = "-i retiolum -p tcp --dport 1337"; target = "ACCEPT"; } # hass frontend
+ { predicate = "-i retiolum -p