diff options
35 files changed, 482 insertions, 116 deletions
diff --git a/krebs/2configs/syncthing.nix b/krebs/2configs/syncthing.nix index 125e2aea4..dac1863d5 100644 --- a/krebs/2configs/syncthing.nix +++ b/krebs/2configs/syncthing.nix @@ -8,11 +8,9 @@ in { services.syncthing = { enable = true; configDir = "/var/lib/syncthing"; - declarative = { - devices = mk_peers used_peers; - key = toString <secrets/syncthing.key>; - cert = toString <secrets/syncthing.cert>; - }; + devices = mk_peers used_peers; + key = toString <secrets/syncthing.key>; + cert = toString <secrets/syncthing.cert>; }; boot.kernel.sysctl."fs.inotify.max_user_watches" = 524288; diff --git a/krebs/3modules/acl.nix b/krebs/3modules/acl.nix new file mode 100644 index 000000000..9cdbb6cff --- /dev/null +++ b/krebs/3modules/acl.nix @@ -0,0 +1,55 @@ +{ config, lib, pkgs, ... }: let + parents = dir: + if dir == "/" then + [ dir ] + else + [ dir ] ++ parents (builtins.dirOf dir) + ; +in { + options.krebs.acl = lib.mkOption { + type = lib.types.attrsOf (lib.types.attrsOf (lib.types.submodule ({ config, ... }: { + options = { + rule = lib.mkOption { + type = lib.types.str; + default = config._module.args.name; + }; + default = lib.mkOption { + type = lib.types.bool; + default = !config.parents; + }; + recursive = lib.mkOption { + type = lib.types.bool; + default = !config.parents; + }; + parents = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + apply ACL to every parent folder + ''; + }; + }; + }))); + default = {}; + }; + config = { + systemd.services = lib.mapAttrs' (path: rules: lib.nameValuePair "acl-${lib.replaceChars ["/"] ["_"] path}" { + wantedBy = [ "multi-user.target" ]; + path = [ + pkgs.acl + pkgs.coreutils + ]; + serviceConfig = { + ExecStart = pkgs.writers.writeDash "acl" (lib.concatStrings ( + lib.mapAttrsToList (_: rule: '' + setfacl -${lib.optionalString rule.recursive "R"}m ${rule.rule} ${path} + ${lib.optionalString rule.default "setfacl -${lib.optionalString rule.recursive "R"}dm ${rule.rule} ${path}"} + ${lib.optionalString rule.parents (lib.concatMapStringsSep "\n" (folder: "setfacl -m ${rule.rule} ${folder}") (parents path))} + '') rules + )); + RemainAfterExit = true; + Type = "simple"; + }; + }) config.krebs.acl; + }; +} diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index 822dbab61..5efe41786 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -166,6 +166,8 @@ let nick = "buildbot|${hostname}", notify_events = [ 'started', 'finished', 'failure', 'success', 'exception', 'problem' ], channels = [{"channel": "#xxx"}], + showBlameList = True, + authz={'force': True}, ) '']; diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index e8f0d35e4..fc57d8188 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -6,6 +6,7 @@ let out = { imports = [ + ./acl.nix ./airdcpp.nix ./announce-activation.nix ./apt-cacher-ng.nix diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 1b51f0223..cc67c1a0a 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -563,6 +563,31 @@ in { }; }; }; + alsace = { + owner = config.krebs.users.xkey; + nets = { + retiolum = { + ip4.addr = "10.243.73.31"; + aliases = [ "alsace.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAn9mZHXfUcR1/oby6KB1Z8s1AAuie4l5G624r0UqbWu+4xowFIeZs + kv2dqd+yiqammAA9P207ooLbGBp+P6i4f5VMCemkCnv0sC1TJ+DNwYqWYcFRZE7I + j00fw/QI9d6L1c4CqZHJPQXEHG3v46qPuUow8FDJ6fjoBmy6biHjSd0XC7oHGqRh + GE5RolnqUiQhW0b4TkHJV4yUfVki+olxQtYd4xIHs1hcSqoMK898jsPX5cLgoCzR + NPZVyHf2BM0urPn4mu/th4ZDKpQtrqeI7h6yhnzJ0onhtValwHiA3/DcHcWmYvHC + vw6umyiCqFDx2kmzOnpkBWv65ugKUwDSZR8ibp3q7W9iPBiCPv0FtKXsQW9EngSS + asQWC8U6cB23nKuMYQrtD33fVwYn58FBIY6+avroc7XN5cPM/9VBHqyXSDZNAWtt + TwC/sXFWqT6AbTwLV6zY1TW4jiwKOh3KAVnHqQhUhNlEMk6EFOjR1CABSwUVXleR + 5whr1RbKAsrhqMprGKHndvxLXjbKSh6A0bVdOLOzSs7BME2Oi1OdHd6tqqYmcyuV + XQnFcOYKxF0RM83/V8rEgvVisIxXTGVrGw8Kse7PGFA1dGldptTC6kofLUxzADNw + bRnXtRk8VR0BBzTuPNDgUXL2XQLht6FwDKCA/En2vId98yc2uuDk468CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "lPvwNm2mfF+rX3noqt+80c7nlDCpC+98JPLWx2jJRLN"; + }; + }; + }; papawhakaaro = { owner = config.krebs.users.feliks; nets = { diff --git a/krebs/3modules/external/kmein.nix b/krebs/3modules/external/kmein.nix index 9ef079090..1e4a68057 100644 --- a/krebs/3modules/external/kmein.nix +++ b/krebs/3modules/external/kmein.nix @@ -123,6 +123,7 @@ in "zaatar.kmein.r" "grocy.kmein.r" "moodle.kmein.r" + "radio.kmein.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 27a2beed6..db57b5944 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -95,7 +95,6 @@ in { owner = config.krebs.users.mic92; nets = { retiolum = { - ip4.addr = "10.243.29.189"; aliases = [ "dimitriosxps.r" ]; @@ -173,7 +172,12 @@ in { }; retiolum = { via = internet; - aliases = [ "eve.r" "tts.r" ]; + aliases = [ + "eve.r" + "tts.r" + "flood.r" + "navidrome.r" + ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH @@ -279,25 +283,6 @@ in { ''; }; }; - philipsaendig = { - owner = config.krebs.users.mic92; - nets.retiolum = { - ip4.addr = "10.243.29.193"; - aliases = [ - "philipsaendig.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAyWdCrXD0M9CIt0ZgVB6W5ozOvLDoxPmGzLBJUnAZV8f9oqfaIEIX - 5TIaxozN3QMEgS0ChaOHTNFiQZjiiwJL/wPx1eFvKfDkkn7ayrRS/pP+bKhcDpKl - 4tPejipee9T2ZhYg9tbk291CDBe1fHR5S2F8kPm8OuqwE2Fv9N8wldcsDLxHcTZl - +wp4Oe/Wn5WLvZb3SUao17vKnNBLfMMCGC01yRfhZub41NkGYVWBjErsIVxQ+/rF - Y7DdCekus+BQCKz+beEmtzG7d0Xwqwkif51HQ05CvwFNEtdUGodd8OrIO+gpIV6S - oN+Q5zxsenLo6QRfsLD+nn7A7qbzd57kUwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; yasmin = { owner = config.krebs.users.mic92; nets.internet = { @@ -306,7 +291,6 @@ in { aliases = [ "yasmin.i" ]; }; nets.retiolum = { - ip4.addr = "10.243.29.197"; aliases = [ "yasmin.r" ]; @@ -414,7 +398,6 @@ in { }; retiolum = { via = internet; - ip4.addr = "10.243.29.195"; aliases = [ "bill.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -445,7 +428,6 @@ in { }; retiolum = { via = internet; - ip4.addr = "10.243.29.173"; aliases = [ "nardole.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -470,7 +452,6 @@ in { owner = config.krebs.users.mic92; nets = { retiolum = { - ip4.addr = "10.243.29.171"; aliases = [ "rock.r" ]; @@ -736,7 +717,6 @@ in { }; retiolum = { via = internet; - ip4.addr = "10.243.29.198"; aliases = [ "ryan.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -764,7 +744,6 @@ in { }; retiolum = { via = internet; - ip4.addr = "10.243.29.199"; aliases = [ "graham.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -890,5 +869,24 @@ in { }; }; }; + hal9000 = { + owner = config.krebs.users.mic92; + nets = rec { + retiolum = { + aliases = [ "hal9000.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA5aunzoz6WIjeQgfibml6T+UNsXXcoglhCqRkun7WaSHE93SQcCil + CDoUoq2aeiGTZ189LgdSyeRL7qmBzgVExIT4NlhfBCkNbHB/sz6epBb9qx49hLh5 + K/tJfUBYKRd06ymSXPK+cCiO0/gM8fjzI+3GMlYvcbZ+ow11zTRgX/QB2lE1G8cW + Obh/nS0af7G6wmovHsKEpry5AxoAPLLi5JaP4hlc/i0iCbebMqb+szF0KBAbmDg3 + JQ4MYIyQOw9kk7hfqTNFEvJhpbV66id2+ZIHX6QAw7OHBpaY6ZWFd/w2BkJHeayb + 2jRnsJd0YgautgBGrBrjRWiVmn/f+lJ4XQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "krVYgJo5OFZkyUOgasH9dFve4OI3ewpt8IFhCPan7mB"; + }; + }; + }; }; } diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 62316bfdb..f87802b45 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -102,6 +102,7 @@ in { x = { ci = true; cores = 4; + syncthing.id = "OA36OF6-JEFCUJQ-OEYVTMH-DPCACQI-3AJRE5G-BFVMOUG-RPYJQE3-4ZCUWA5"; nets = { retiolum.ip4.addr = "10.243.0.91"; wiregrill = { @@ -121,7 +122,7 @@ in { omo = rec { ci = true; cores = 2; - + syncthing.id = "Y5OTK3S-JOJLAUU-KTBXKUW-M7S5UEQ-MMQPUK2-7CXO5V6-NOUDLKP-PRGAFAK"; nets = { retiolum = { ip4.addr = "10.243.0.89"; @@ -218,6 +219,9 @@ in { retiolum = { via = internet; ip4.addr = "10.243.0.213"; + # never connect via gum (he eats your packets!) + tinc.weight = 9001; + aliases = [ "gum.r" "backup.makefu.r" diff --git a/krebs/3modules/sync-containers.nix b/krebs/3modules/sync-containers.nix index e47f9a3a7..e2caa0834 100644 --- a/krebs/3modules/sync-containers.nix +++ b/krebs/3modules/sync-containers.nix @@ -97,7 +97,7 @@ in { ${pkgs.coreutils}/bin/chmod a+x /var/lib/containers || : ''; - services.syncthing.declarative.folders = (mapAttrs' (_: ctr: nameValuePair "${(paths ctr.name).${ctr.format}}" ({ + services.syncthing.folders = (mapAttrs' (_: ctr: nameValuePair "${(paths ctr.name).${ctr.format}}" ({ devices = ctr.peers; ignorePerms = false; })) cfg.containers); diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 21ddde1c6..bc85aa0a6 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -26,7 +26,7 @@ with import <stockholm/lib>; ${tinc.config.extraConfig} ''; "tinc-up" = pkgs.writeDash "${netname}-tinc-up" '' - ${tinc.config.iproutePackage}/sbin/ip link set ${netname} up + ip link set ${netname} up ${tinc.config.tincUp} ''; }); @@ -48,7 +48,7 @@ with import <stockholm/lib>; }; extraConfig = mkOption { - type = types.str; + type = types.lines; default = ""; description = '' Extra Configuration to be appended to tinc.conf @@ -58,15 +58,14 @@ with import <stockholm/lib>; type = types.str; default = let net = tinc.config.host.nets.${netname}; - iproute = tinc.config.iproutePackage; in '' ${optionalString (net.ip4 != null) /* sh */ '' - ${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${netname} - ${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${netname} + ip -4 addr add ${net.ip4.addr} dev ${netname} + ip -4 route add ${net.ip4.prefix} dev ${netname} ''} ${optionalString (net.ip6 != null) /* sh */ '' - ${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname} - ${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname} + ip -6 addr add ${net.ip6.addr} dev ${netname} + ip -6 route add ${net.ip6.prefix} dev ${netname} ''} ${tinc.config.tincUpExtra} ''; @@ -176,7 +175,7 @@ with import <stockholm/lib>; connectTo = mkOption { type = types.listOf types.str; ${if netname == "retiolum" then "default" else null} = [ - "gum" + "eve" "ni" "prism" ]; @@ -233,6 +232,7 @@ with import <stockholm/lib>; cfg.iproutePackage cfg.tincPackage ]; + reloadIfChanged = true; serviceConfig = { Restart = "always"; LoadCredential = filter (x: x != "") [ @@ -260,7 +260,7 @@ with import <stockholm/lib>; "-o PrivateKeyFile=\${CREDENTIALS_DIRECTORY}/rsa_key" "--pidfile=/var/run/tinc.${netname}.pid" ]; - ExecReload = "${cfg.tincPackage}/sbin/tinc -n ${netname} reload"; + ExecReload = "${cfg.tincPackage}/sbin/tinc -n ${netname} restart"; SyslogIdentifier = netname; }; }) config.krebs.tinc; diff --git a/krebs/5pkgs/simple/krebsdance/default.nix b/krebs/5pkgs/simple/krebsdance/default.nix new file mode 100644 index 000000000..cdfe23ef2 --- /dev/null +++ b/krebs/5pkgs/simple/krebsdance/default.nix @@ -0,0 +1,157 @@ +{ writers }: +writers.writePython3Bin "krebsdance" { flakeIgnore = [ "E501" ]; } '' + import argparse + import random + import itertools + + claws = [ + dict( + up="(\\/)", + down="(/\\)", + left="(\\\\)", + right="(//)", + ), + dict( + up="(V)", + down="(A)", + left=">)=", + right="=(<", + ), + dict( + up="(U)", + down="(n)", + left=")==", + right="==(", + ), + ] + + eyes = [ + "°", + "*", + "^", + "ö", + "o", + "O", + "X", + "x", + "U", + "u", + ] + + bodies = [ + dict( + left="(", + right=")", + ), + dict( + left="{", + right="}", + ), + dict( + left="[", + right="]", + ), + dict( + left="<", + right=">", + ), + dict( + left="|", + right="|", + ), + ] + + mouths = [ + ",,,,", + ",mm,", + "_mm_", + "-mm-", + ";;;;", + ";mm;", + ":mm:", + "::::", + ":ww:", + ":<>:", + ] + + + def all_krebses(): + for mouth, body, eye, claw in itertools.product(mouths, bodies, eyes, claws): + yield f'{claw["up"]} {body["left"]}{eye}{mouth}{eye}{body["right"]} {claw["up"]}' + + + def escape_graph(text): + return text.replace("\\", "\\\\") + + + def krebs_graph() -> str: + return "\n".join(itertools.chain( + ["digraph {"], + [escape_graph(f'"{krebs}"->"{generate(seed=krebs)}"') for krebs in all_krebses()], + "}", + )) + + + def generate(*, seed: str, dancing: bool = False) -> str: + if seed: + random.seed(seed) + clawstyle = random.choice(claws) + body = random.choice(bodies) + eye = random.choice(eyes) + mouth = random.choice(mouths) + if dancing: + return "\n".join( + [ + f'{clawstyle["down"]} {body["left"]}{eye}{mouth}{eye}{body["right"]}{clawstyle["up"]}', + f'{clawstyle["left"]}{body["left"]}{eye}{mouth}{eye}{body["right"]} {clawstyle["right"]}', + f'{clawstyle["right"]} {body["left"]}{eye}{mouth}{eye}{body["right"]} {clawstyle["left"]}', + f'{clawstyle["down"]}{body["left"]}{eye}{mouth}{eye}{body["right"]}{clawstyle["down"]}', + ] + ) + else: + return f'{clawstyle["up"]} {body["left"]}{eye}{mouth}{eye}{body["right"]} {clawstyle["up"]}' + + + def fixpoints(): + for krebs in all_krebses(): + if generate(seed=krebs) == krebs: + yield krebs + + + def main(): + parser = argparse.ArgumentParser() + + parser.add_argument( + "seed", + nargs="?", + help="random seed to use for generating the krebs variant", + ) + + parser.add_argument( + "--dance", + "-d", + dest="dance", + help="if the krebs should dance", + default=False, + action="store_true", + ) + + parser.add_argument( + "--mode", + "-m", + dest="mode", + choices=["graphviz", "plain"], + default="plain", + ) + + args = parser.parse_args() + + if args.mode == "plain": + print(generate(seed=args.seed, dancing=args.dance)) + elif args.mode == "graphviz": + print(krebs_graph()) + + + if __name__ == "__main__": + main() +'' diff --git a/krebs/5pkgs/simple/reaktor2-plugins.nix b/krebs/5pkgs/simple/reaktor2-plugins.nix index 54aaf246a..052e389a6 100644 --- a/krebs/5pkgs/simple/reaktor2-plugins.nix +++ b/krebs/5pkgs/simple/reaktor2-plugins.nix @@ -23,11 +23,7 @@ rec { dance = { filename = pkgs.writeDash "dance" '' - echo "<(^.^<)" - echo "<(^.^)>" - echo "(>^.^)>" - echo "(7^.^)7" - echo "(>^.^<)" + ${pkgs.krebsdance}/bin/krebsdance --dance "$@"; ''; }; diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index e8b6076a4..12afe0e9c 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "689b76bcf36055afdeb2e9852f5ecdd2bf483f87", - "date": "2022-01-23T03:10:13+01:00", - "path": "/nix/store/s6kxwpz8k02mg1wqsf06bsjygwi6xr6j-nixpkgs", - "sha256": "08d38db4707jdm3gws82y6bynh6k8qal4s1cms9zqd9cdwcmylyj", + "rev": "60c52a73f1d5858020ac4f161cd5bf1c9650f8b8", + "date": "2022-02-07T23:59:33+00:00", + "path": "/nix/store/5w1yn77d2b44wq0w7b8cqqqfap2897n2-nixpkgs", + "sha256": "1xyi4xag084ikcbis3iixpvfsmlfm2s105j58770x7k24mkrif7n", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 001371820..22d465b27 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "604c44137d97b5111be1ca5c0d97f6e24fbc5c2c", - "date": "2022-01-23T10:04:55-08:00", - "path": "/nix/store/r22j0r232a5y02yhd1avaw27zqdbhx1x-nixpkgs", - "sha256": "0gzhigyn8f7vps4a5vc1c8wbim59724s179a7d0h3gv6ss9avdj4", + "rev": "521e4d7d13b09bc0a21976b9d19abd197d4e3b1e", + "date": "2022-02-07T00:29:53+00:00", + "path": "/nix/store/pvmrsiy8k37nwg18g7230g5kasbsf132-nixpkgs", + "sha256": "156b4wnm6y6lg0gz09mp48rd0mhcdazr5s888c4lbhlpn3j8h042", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 4d042de22..dd479f267 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -26,6 +26,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/sync/sync.nix> <stockholm/lass/2configs/sync/decsync.nix> <stockholm/lass/2configs/sync/weechat.nix> + <stockholm/lass/2configs/sync/the_playlist.nix> #<stockholm/lass/2configs/c-base.nix> <stockholm/lass/2configs/br.nix> <stockholm/lass/2configs/ableton.nix> diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index a082ea623..c62091428 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -114,6 +114,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/exim-smarthost.nix> <stockholm/lass/2configs/privoxy-retiolum.nix> <stockholm/lass/2configs/radio.nix> + <stockholm/lass/2configs/radio-news.nix> <stockholm/lass/2configs/binary-cache/server.nix> <stockholm/lass/2configs/iodined.nix> <stockholm/lass/2configs/paste.nix> diff --git a/lass/2configs/fysiirc.nix b/lass/2configs/fysiirc.nix index d2aaa73c5..f3c1d5b7c 100644 --- a/lass/2configs/fysiirc.nix +++ b/lass/2configs/fysiirc.nix @@ -1,5 +1,33 @@ -{ config, lib, pkgs, ... }: -{ +{ config, lib, pkgs, ... }: let + + format-github-message = pkgs.writeDashBin "format-github-message" '' + set -xefu + export PATH=${lib.makeBinPath [ + pkgs.jq + ]} + INPUT=$(jq -c .) + if $(echo "$INPUT" | jq 'has("issue") or has("pull_request")'); then + ${write_to_irc} "$(echo "$INPUT" | jq -r ' + "\(.action): " + + "[\(.issue.title // .pull_request.title)] " + + "\(.comment.html_url // .issue.html_url // .pull_request.html_url) " + + "by \(.comment.user.login // .issue.user.login // .pull_request.user.login)" + ')" + fi + ''; + + write_to_irc = pkgs.writeDash "write_to_irc" '' + ${pkgs.curl}/bin/curl -fsSv http://localhost:44001 \ + -H content-type:application/json \ + -d "$(${pkgs.jq}/bin/jq -n \ + --arg text "$1" '{ + command:"PRIVMSG", + params:["#fysi",$text] + }' + )" + ''; + +in { krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 44002"; target = "ACCEPT"; } ]; @@ -26,20 +54,14 @@ name = "reaktor2-fysiweb-github"; }; script = ''. ${pkgs.writeDash "github-irc" '' + set -efu case "$Method $Request_URI" in "POST /") payload=$(head -c "$req_content_length" \ | sed 's/+/ /g;s/%\(..\)/\\x\1/g;' \ | xargs -0 echo -e \ ) - ${pkgs.curl}/bin/curl -fsSv http://localhost:44001/ \ - -H content-type:application/json \ - -d "$(echo "$payload" | ${pkgs.jq}/bin/jq \ - '{ - command:"PRIVMSG", - params:["#fysi", "\(.action): \(.comment.html_url // .issue.html_url // .pull_request.html_url)"] - }' - )" + echo "$payload" | ${format-github-message}/bin/format-github-message printf 'HTTP/1.1 200 OK\r\n' printf 'Connection: close\r\n' printf '\r\n' diff --git a/lass/2configs/hass/default.nix b/lass/2configs/hass/default.nix index 4ed0bfa5f..8f93e0cec 100644 --- a/lass/2configs/hass/default.nix +++ b/lass/2configs/hass/default.nix @@ -1,12 +1,6 @@ { config, lib, pkgs, ... }: with import ./lib.nix { inherit lib; }; let - unstable = import (pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs"; - rev = (lib.importJSON ../../../krebs/nixpkgs-unstable.json).rev; - sha256 = (lib.importJSON ../../../krebs/nixpkgs-unstable.json).sha256; - }) {}; dwdwfsapi = pkgs.python3Packages.buildPythonPackage rec { pname = "dwdwfsapi"; version = "1.0.3"; @@ -35,17 +29,14 @@ in { { predicate = "-i int0 -p tcp --dport 1883"; target = "ACCEPT"; } # mosquitto { predicate = "-i docker0 -p tcp --dport 1883"; target = "ACCEPT"; } # mosquitto { predicate = "-i int0 -p tcp --dport 8123"; target = "ACCEPT"; } # hass - { predicate = "-i int0 -p tcp --dport 1337"; target = "ACCEPT"; } # hass + { predicate = "-i int0 -p tcp --dport 1337"; target = "ACCEPT"; } # zigbee2mqtt frontend { predicate = "-i retiolum -p tcp --dport 8123"; target = "ACCEPT"; } # hass - { predicate = "-i retiolum -p tcp --dport 1337"; target = "ACCEPT"; } # hass frontend + { predicate = "-i retiolum -p |