diff options
-rw-r--r-- | krebs/1systems/hotdog/config.nix | 3 | ||||
-rw-r--r-- | krebs/2configs/mud.nix | 171 | ||||
-rw-r--r-- | krebs/3modules/ergo.nix | 53 | ||||
-rw-r--r-- | krebs/3modules/external/default.nix | 4 | ||||
-rw-r--r-- | krebs/3modules/external/mic92.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/external/ssh/kmein.pub | 3 | ||||
-rw-r--r-- | krebs/3modules/krebs/default.nix | 1 | ||||
-rw-r--r-- | krebs/5pkgs/simple/weechat-declarative/default.nix | 153 | ||||
-rw-r--r-- | krebs/nixpkgs-unstable.json | 8 | ||||
-rw-r--r-- | krebs/nixpkgs.json | 8 |
10 files changed, 389 insertions, 17 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 84eaeaa19..6a51bf45f 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -7,10 +7,11 @@ <stockholm/krebs/2configs/buildbot-stockholm.nix> <stockholm/krebs/2configs/binary-cache/nixos.nix> - <stockholm/krebs/2configs/ircd.nix> + <stockholm/krebs/2configs/ergo.nix> <stockholm/krebs/2configs/reaktor2.nix> <stockholm/krebs/2configs/wiki.nix> <stockholm/krebs/2configs/acme.nix> + <stockholm/krebs/2configs/mud.nix> ## shackie irc bot <stockholm/krebs/2configs/shack/reaktor.nix> diff --git a/krebs/2configs/mud.nix b/krebs/2configs/mud.nix new file mode 100644 index 000000000..d5e4c89c1 --- /dev/null +++ b/krebs/2configs/mud.nix @@ -0,0 +1,171 @@ +{ config, lib, pkgs, ... }: let + mud = pkgs.writers.writeDashBin "mud" '' + set -efux + MUD_NICKNAME=''${MUD_NICKNAME:-$(head -1 /dev/urandom | md5sum | cut -c -2)} + MUD_SERVER=''${MUD_SERVER:-127.0.0.1} + MUD_PORT=''${MUD_PORT:-8080} + + if $(${pkgs.netcat-openbsd}/bin/nc -z "$MUD_SERVER" "$MUD_PORT"); then + ${nvim}/bin/nvim \ + +"let g:instant_username = \"$MUD_NICKNAME\"" \ + +":InstantJoinSession $MUD_SERVER $MUD_PORT" \ + "$@" + else + ${nvim}/bin/nvim \ + +"let g:instant_username = \"$MUD_NICKNAME\"" \ + +":InstantStartServer $MUD_SERVER $MUD_PORT" \ + +":InstantStartSession $MUD_SERVER $MUD_PORT" \ + "$@" + fi + ''; + nvim = pkgs.neovim.override { + # vimAlias = true; + configure = { + customRC = vimrc; + packages.myPlugins = with pkgs.vimPlugins; { + start = [ + vim-surround # Shortcuts for setting () {} etc. + # coc-nvim coc-git coc-highlight coc-python coc-rls coc-vetur coc-vimtex coc-yaml coc-html coc-json # auto completion + vim-nix # nix highlight + fzf-vim # fuzzy finder through vim + nerdtree # file structure inside nvim + rainbow # Color parenthesis + customPlugins.hack-color + customPlugins.instant + ]; + opt = []; + }; + }; + }; + vimrc = /* vim */ '' + set nocompatible + + set autoindent + set backspace=indent,eol,start + set backup + set backupdir=$HOME/.cache/nvim/backup/ + set directory=$HOME/.cache/nvim/swap"// + set hlsearch + set incsearch + set mouse=a + set ruler + set pastetoggle=<INS> + set shortmess+=I + set showcmd + set showmatch + set ttimeoutlen=0 + set undodir=$HOME/.cache/nvim/undo + set undofile + set undolevels=1000000 + set undoreload=1000000 + set viminfo='20,<1000,s100,h,n$HOME/.cache/nvim/info + set visualbell + set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o + set wildmenu + set wildmode=longest,full + + set title + set titleold= + set titlestring=(vim)\ %t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername} + + set et ts=2 sts=2 sw=2 + + filetype plugin indent on + + set t_Co=256 + colorscheme hack + syntax on + + au Syntax * syn match Garbage containedin=ALL /\s\+$/ + \ | syn match TabStop containedin=ALL /\t\+/ + \ | syn keyword Todo containedin=ALL TODO + + au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile + + nmap <esc>q :buffer + nmap <M-q> :buffer + + cnoremap <C-A> <Home> + + noremap <C-c> :q<cr> + vnoremap < <gv + vnoremap > >gv + + nnoremap <f1> :tabp<cr> + nnoremap <f2> :tabn<cr> + inoremap <f1> <esc>:tabp<cr> + inoremap <f2> <esc>:tabn<cr> + ''; + customPlugins = { + instant = pkgs.vimUtils.buildVimPlugin { + name = "instant"; + src = pkgs.fetchFromGitHub { + owner = "jbyuki"; + repo = "instant.nvim"; + rev = "c02d72267b12130609b7ad39b76cf7f4a3bc9554"; + sha256 = "sha256-7Pr2Au/oGKp5kMXuLsQY4BK5Wny9L1EBdXtyS5EaZPI="; + }; + }; + hack-color = (rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "hack"; + in { + name = "vim-color-${name}-1.0.2"; + destination = "/colors/${name}.vim"; + text = /* vim */ '' + set background=dark + hi clear + if exists("syntax_on") + syntax clear + endif + + let colors_name = ${builtins.toJSON name} + + hi Normal ctermbg=016 + hi Comment ctermfg=255 + hi Constant ctermfg=229 + hi Identifier ctermfg=123 + hi Function ctermfg=041 + hi Statement ctermfg=167 + hi PreProc ctermfg=167 + hi Type ctermfg=046 + hi Delimiter ctermfg=251 + hi Special ctermfg=146 + + hi Garbage ctermbg=124 + hi TabStop ctermbg=020 + hi NBSP ctermbg=056 + hi NarrowNBSP ctermbg=097 + hi Todo ctermfg=174 ctermbg=NONE + + hi NixCode ctermfg=190 + hi NixData ctermfg=149 + hi NixQuote ctermfg=119 + + hi diffNewFile ctermfg=207 + hi diffFile ctermfg=207 + hi diffLine ctermfg=207 + hi diffSubname ctermfg=207 + hi diffAdded ctermfg=010 + hi diffRemoved ctermfg=009 + ''; + })); + }; +in { + users.users.mud = { + isNormalUser = true; + openssh.authorizedKeys.keys = with config.krebs.users; [ + lass.pubkey + makefu.pubkey + kmein.pubkey + tv.pubkey + ]; + packages = with pkgs; [ + tmux + (pkgs.writers.writeDashBin "instant_server" '' + find ${customPlugins.instant} + find ${customPlugins.instant.src} + '') + mud + ]; + }; +} diff --git a/krebs/3modules/ergo.nix b/krebs/3modules/ergo.nix index 0ce0345d8..3153e4cfc 100644 --- a/krebs/3modules/ergo.nix +++ b/krebs/3modules/ergo.nix @@ -6,6 +6,7 @@ type = (pkgs.formats.json {}).type; description = '' Ergo IRC daemon configuration file. + https://raw.githubusercontent.com/ergochat/ergo/master/default.yaml ''; default = { network = { @@ -34,19 +35,34 @@ }; }; datastore = { + autoupgrade = true; path = "/var/lib/ergo/ircd.db"; }; accounts = { authentication-enabled = true; registration = { enabled = true; - email-verification = { - enabled = false; + allow-before-connect = true; + throttling = { + enabled = true; + duration = "10m"; + max-attempts = 30; }; + bcrypt-cost = 4; + email-verification.enabled = false; + }; + multiclient = { + enabled = true; + allowed-by-default = true; + always-on = "opt-in"; + auto-away = "opt-in"; }; }; channels = { - default-modes = "+nt"; + default-modes = "+ntC"; + registration = { + enabled = true; + }; }; limits = { nicklen = 32; @@ -56,6 +72,31 @@ kicklen = 390; topiclen = 390; }; + history = { + enabled = true; + channel-length = 2048; + client-length = 256; + autoresize-window = "3d"; + autoreplay-on-join = 0; + chathistory-maxmessages = 100; + znc-maxmessages = 2048; + restrictions = { + expire-time = "1w"; + query-cutoff = "none"; + grace-period = "1h"; + }; + retention = { + allow-individual-delete = false; + enable-account-indexing = false; + }; + tagmsg-storage = { + default = false; + whitelist = [ + "+draft/react" + "+react" + ]; + }; + }; }; }; }; @@ -64,13 +105,17 @@ cfg = config.krebs.ergo; configFile = pkgs.writeJSON "ergo.conf" cfg.config; in lib.mkIf cfg.enable ({ + environment.etc."ergo.yaml".source = configFile; krebs.ergo.config = lib.mapAttrsRecursive (_: lib.mkDefault) options.krebs.ergo.config.default; systemd.services.ergo = { description = "Ergo IRC daemon"; wantedBy = [ "multi-user.target" ]; + reloadIfChanged = true; + restartTriggers = [ configFile ]; serviceConfig = { - ExecStart = "${pkgs.ergo}/bin/ergo run --conf ${configFile}"; + ExecStart = "${pkgs.ergo}/bin/ergo run --conf /etc/ergo.yaml"; + ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID"; DynamicUser = true; StateDirectory = "ergo"; }; diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 4a87c3501..4c4e53f2f 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -253,12 +253,12 @@ in { }; }; - pinpox-ahorn = { + ahorn = { owner = config.krebs.users.pinpox; nets = { retiolum = { ip4.addr = "10.243.100.100"; - aliases = [ "pinpox-ahorn.r" ]; + aliases = [ "ahorn.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEAyfCuWUYEqp4vEt+a6DRvFpIrBu+GlkpNs/mE4OHzATQLNnWooOXQ diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index b1e11b452..9a3c855f4 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -173,7 +173,7 @@ in { }; retiolum = { via = internet; - aliases = [ "eve.r" ]; + aliases = [ "eve.r" "tts.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH diff --git a/krebs/3modules/external/ssh/kmein.pub b/krebs/3modules/external/ssh/kmein.pub index 5711a2c1c..8eade3498 100644 --- a/krebs/3modules/external/ssh/kmein.pub +++ b/krebs/3modules/external/ssh/kmein.pub @@ -1 +1,2 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC19H0FhSNWcfBRPKzbTVSMJikIWZl0CoM8zCm+/3fdMgoaLRpeZWe/AfDK6b4qOjk/sez/J0JUFCGr+JbMwjsduoazsuQowu9L9DLP9Q5UkJje4BD7MHznaeu9/XfVng/MvyaEWArA/VUJeKQesHe76tR511/+n3+bdzlIh8Zw/3wfFxmg1OTNA99/vLkXrQzHDTuV/yj1pxykL4xFtN0OIssW1IKncJeKtkO/OHGT55ypz52Daj6bNKqvxiTuzeEhv5M+5ppyIPcRf1uj/7IaPKttCgZAntEqBTIR9MbyXFeAZVayzaFnLl2okeam5XreeZbj+Y1h2ZjxiIuWoab3MLndSekVfLtfa63gtcWIf8CIvZO2wJoH8v73y0U78JsfWVaTM09ZCfFlHHA/bWqZ6laAjW+mWLO/c77DcYkB3IBzaMVNfc6mfTcGFIC+biWeYpKgA0zC6rByUPbmbIoMueP9zqJwqUaM90Nwd6559inBB107/BK3Ktb3b+37mMCstetIPB9e4EFpGMjhmnL/G81jS53ACWLXJYzt7mKU/fEsiW93MtaB+Le46OEC18y/4G8F7p/nnH7i0kO74ukxbnc4PlpiM7iWT6ra2Cyy+nzEgdXCNXywIxr05TbCQDwX6/NY8k7Hokgdfyz+1Pq3sX0yCcWRPaoB26YF12KYFQ== kieran.meinhardt@gmail.com +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyTnGhFq0Q+vghNhrqNrAyY+CsN7nNz8bPfiwIwNpjk +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOiQEc8rTr7C7xVLYV7tQ99BDDBLrJsy5hslxtCEatkB diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 1b5d903cb..5e0e69924 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -92,6 +92,7 @@ in { h5ZUzfd1r1pTzQ0nYD5aRtlDd7zP7y5tUwIDAQAB -----END RSA PUBLIC KEY----- ''; + tinc.pubkey_ed25519 = "ugy/sGReVro3YzjDuroV/5hdeBdqD18no9dMhTy9DYL"; }; }; ssh.privkey.path = <secrets/ssh.id_ed25519>; diff --git a/krebs/5pkgs/simple/weechat-declarative/default.nix b/krebs/5pkgs/simple/weechat-declarative/default.nix new file mode 100644 index 000000000..e6ecfd631 --- /dev/null +++ b/krebs/5pkgs/simple/weechat-declarative/default.nix @@ -0,0 +1,153 @@ +{ pkgs, lib, ... }@args: + +let + # config cannot be declared in the input attribute set because that would + # cause callPackage to inject the wrong config. Instead, get it from ... + # via args. + config = args.config or {}; + + lib = args.lib // rec { + attrPaths = let + recurse = path: value: + if builtins.isAttrs value then + lib.mapAttrsToList (name: recurse (path ++ [ name ])) value + else [ (lib.nameValuePair path value) ]; + in attrs: lib.flatten (recurse [] attrs); + + attrPathsSep = sep: attrs: lib.listToAttrs (map (x: x // { name = lib.concatStringsSep sep x.name; }) (attrPaths attrs)); + + toWeechatValue = x: { + bool = builtins.toJSON x; + string = x; + list = lib.concatMapStringsSep "," toWeechatValue x; + int = toString x; + }.${builtins.typeOf x}; + + setCommand = name: value: "/set ${name} \"${toWeechatValue value}\""; + + filterAddreplace = name: filter: + "/filter addreplace ${name} ${filter.buffer} ${toWeechatValue filter.tags} ${filter.regex}"; + }; + + cfg = eval.config; + + eval = lib.evalModules { + modules = lib.singleton { + _file = toString ./weechat-declarative.nix; + imports = lib.singleton config; + options = { + scripts = lib.mkOption { + type = lib.types.listOf lib.types.package; + default = []; + description = '' + some stuff from pkgs.weechatScripts + ''; + }; + settings = lib.mkOption { + type = (pkgs.formats.json {}).type; + description = '' + your weechat config in nix-style syntax. + secrets can be defined with \''${my.secret.value} + ''; + default = {}; + example = { + irc.server_default.nicks = "rick_\\\${sec.data.foo}"; + irc.server_default.msg_part = "ciao kakao"; + irc.server_default.msg_quit = "tschö mit \\\${sec.data.foo}"; + irc.look.color_nicks_in_nicklist = true; + matrix.server.nibbana = { + address = "nibbana.jp"; + }; + irc.server.hackint = { + address = "irc.hackint.org/6697"; + ssl = true; + autoconnect = true; + autojoin = [ "#krebs" ]; + }; + weechat.bar.buflist.hidden = true; + irc.server.hackint.command = lib.concatStringsSep "\\;" [ + "/msg nickserv IDENTIFY \\\${sec.data.hackint_password}" + "/msg nickserv SET CLOAK ON" + ]; + filters.playlist_topic = { + buffer = "irc.*.#the_playlist"; + tags = [ "irc_topic" ]; + regex = "*"; + }; + relay = { + port.weechat = 9000; + network.password = "hunter2"; + }; + alias.cmd.mod = "quote omode $channel +o $nick"; + secure.test.passphrase_command = "echo lol1234123124"; + }; + }; + extraCommands = lib.mkOption { + type = lib.types.lines; + default = ""; + }; + files = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + default = {}; + example = lib.literalExpression '' + { + "sec.conf" = toString (pkgs.writeText "sec.conf" ''' + [crypt] + cipher = aes256 + hash_algo = sha256 + passphrase_command = "" + salt = on + + [data] + __passphrase__ = off + foo = "bar" + '''); + } + ''; + }; + }; + }; + }; + + weechat = pkgs.weechat.override { + configure = _: { + init = lib.optionalString (cfg.settings != {}) + (lib.concatStringsSep "\n" ( + lib.optionals + (cfg.settings.irc or {} != {}) + (lib.mapAttrsToList + (name: server: "/server add ${name} ${server.address}") + cfg.settings.irc.server) + ++ + lib.optionals + (cfg.settings.matrix or {} != {}) + (lib.mapAttrsToList + (name: server: "/matrix server add ${name} ${server.address}") + cfg.settings.matrix.server) + ++ + lib.mapAttrsToList lib.setCommand (lib.attrPathsSep "." cfg.settings) + ++ + lib.optionals + (cfg.settings.filters or {} != {}) + (lib.mapAttrsToList lib.filterAddreplace cfg.settings.filters) + ++ + lib.singleton cfg.extraCommands + )); + + scripts = cfg.scripts; + }; + }; + +in pkgs.writers.writeDashBin "weechat" '' + CONFDIR=''${XDG_CONFIG_HOME:-$HOME/.config}/weechat + ${pkgs.coreutils}/bin/mkdir -p "$CONFDIR" + ${lib.concatStringsSep "\n" + (lib.mapAttrsToList + (name: target: /* sh */ '' + ${pkgs.coreutils}/bin/ln -s ${lib.escapeShellArg target} "$CONFDIR"/${lib.escapeShellArg name} + '') + cfg.files + ) + } + exec ${weechat}/bin/weechat "$@" +'' diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index babaad004..cab3ab115 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "ac169ec6371f0d835542db654a65e0f2feb07838", - "date": "2021-12-26T18:43:05+01:00", - "path": "/nix/store/l1qmvpx4pj24ijsm44n64vw2fnl9dpc7-nixpkgs", - "sha256": "0bwjyz15sr5f7z0niwls9127hikp2b6fggisysk0cnk3l6fa8abh", + "rev": "59bfda72480496f32787cec8c557182738b1bd3f", + "date": "2021-12-31T15:09:52+01:00", + "path": "/nix/store/wy2iidg15nwgmn8xir8fbr1lfz1hqphb-nixpkgs", + "sha256": "18akd1chfvniq1q774rigfxgmxwi0wyjljpa1j9ls59szpzr316d", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 62d30d416..43f298973 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "d887ac7aee92e8fc54dde9060d60d927afae9d69", - "date": "2021-12-26T21:39:36-05:00", - "path": "/nix/store/6rczi6lazq369qw1hl4mhnx30pi74vjl-nixpkgs", - "sha256": "1bpgfv45b1yvrgpwdgc4fm4a6sav198yd41bsrvlmm3jn2wi6qx5", + "rev": "d1e59cfc49961e121583abe32e2f3db1550fbcff", + "date": "2022-01-01T22:20:39+08:00", + "path": "/nix/store/azrxsxpszjwgg75jk1pkzlzjcj0qnw8d-nixpkgs", + "sha256": "03ldf1dlxqf3g8qh9x5vp6vd9zvvr481fyjds111imll69y60wpm", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, |