summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/1systems/hotdog/config.nix3
-rw-r--r--krebs/2configs/mud.nix171
-rw-r--r--krebs/3modules/ergo.nix53
-rw-r--r--krebs/3modules/external/default.nix4
-rw-r--r--krebs/3modules/external/mic92.nix2
-rw-r--r--krebs/3modules/external/ssh/kmein.pub3
-rw-r--r--krebs/3modules/krebs/default.nix1
-rw-r--r--krebs/5pkgs/simple/weechat-declarative/default.nix153
-rw-r--r--krebs/nixpkgs-unstable.json8
-rw-r--r--krebs/nixpkgs.json8
10 files changed, 389 insertions, 17 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index 84eaeaa19..6a51bf45f 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -7,10 +7,11 @@
<stockholm/krebs/2configs/buildbot-stockholm.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix>
- <stockholm/krebs/2configs/ircd.nix>
+ <stockholm/krebs/2configs/ergo.nix>
<stockholm/krebs/2configs/reaktor2.nix>
<stockholm/krebs/2configs/wiki.nix>
<stockholm/krebs/2configs/acme.nix>
+ <stockholm/krebs/2configs/mud.nix>
## shackie irc bot
<stockholm/krebs/2configs/shack/reaktor.nix>
diff --git a/krebs/2configs/mud.nix b/krebs/2configs/mud.nix
new file mode 100644
index 000000000..d5e4c89c1
--- /dev/null
+++ b/krebs/2configs/mud.nix
@@ -0,0 +1,171 @@
+{ config, lib, pkgs, ... }: let
+ mud = pkgs.writers.writeDashBin "mud" ''
+ set -efux
+ MUD_NICKNAME=''${MUD_NICKNAME:-$(head -1 /dev/urandom | md5sum | cut -c -2)}
+ MUD_SERVER=''${MUD_SERVER:-127.0.0.1}
+ MUD_PORT=''${MUD_PORT:-8080}
+
+ if $(${pkgs.netcat-openbsd}/bin/nc -z "$MUD_SERVER" "$MUD_PORT"); then
+ ${nvim}/bin/nvim \
+ +"let g:instant_username = \"$MUD_NICKNAME\"" \
+ +":InstantJoinSession $MUD_SERVER $MUD_PORT" \
+ "$@"
+ else
+ ${nvim}/bin/nvim \
+ +"let g:instant_username = \"$MUD_NICKNAME\"" \
+ +":InstantStartServer $MUD_SERVER $MUD_PORT" \
+ +":InstantStartSession $MUD_SERVER $MUD_PORT" \
+ "$@"
+ fi
+ '';
+ nvim = pkgs.neovim.override {
+ # vimAlias = true;
+ configure = {
+ customRC = vimrc;
+ packages.myPlugins = with pkgs.vimPlugins; {
+ start = [
+ vim-surround # Shortcuts for setting () {} etc.
+ # coc-nvim coc-git coc-highlight coc-python coc-rls coc-vetur coc-vimtex coc-yaml coc-html coc-json # auto completion
+ vim-nix # nix highlight
+ fzf-vim # fuzzy finder through vim
+ nerdtree # file structure inside nvim
+ rainbow # Color parenthesis
+ customPlugins.hack-color
+ customPlugins.instant
+ ];
+ opt = [];
+ };
+ };
+ };
+ vimrc = /* vim */ ''
+ set nocompatible
+
+ set autoindent
+ set backspace=indent,eol,start
+ set backup
+ set backupdir=$HOME/.cache/nvim/backup/
+ set directory=$HOME/.cache/nvim/swap"//
+ set hlsearch
+ set incsearch
+ set mouse=a
+ set ruler
+ set pastetoggle=<INS>
+ set shortmess+=I
+ set showcmd
+ set showmatch
+ set ttimeoutlen=0
+ set undodir=$HOME/.cache/nvim/undo
+ set undofile
+ set undolevels=1000000
+ set undoreload=1000000
+ set viminfo='20,<1000,s100,h,n$HOME/.cache/nvim/info
+ set visualbell
+ set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
+ set wildmenu
+ set wildmode=longest,full
+
+ set title
+ set titleold=
+ set titlestring=(vim)\ %t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername}
+
+ set et ts=2 sts=2 sw=2
+
+ filetype plugin indent on
+
+ set t_Co=256
+ colorscheme hack
+ syntax on
+
+ au Syntax * syn match Garbage containedin=ALL /\s\+$/
+ \ | syn match TabStop containedin=ALL /\t\+/
+ \ | syn keyword Todo containedin=ALL TODO
+
+ au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
+
+ nmap <esc>q :buffer
+ nmap <M-q> :buffer
+
+ cnoremap <C-A> <Home>
+
+ noremap <C-c> :q<cr>
+ vnoremap < <gv
+ vnoremap > >gv
+
+ nnoremap <f1> :tabp<cr>
+ nnoremap <f2> :tabn<cr>
+ inoremap <f1> <esc>:tabp<cr>
+ inoremap <f2> <esc>:tabn<cr>
+ '';
+ customPlugins = {
+ instant = pkgs.vimUtils.buildVimPlugin {
+ name = "instant";
+ src = pkgs.fetchFromGitHub {
+ owner = "jbyuki";
+ repo = "instant.nvim";
+ rev = "c02d72267b12130609b7ad39b76cf7f4a3bc9554";
+ sha256 = "sha256-7Pr2Au/oGKp5kMXuLsQY4BK5Wny9L1EBdXtyS5EaZPI=";
+ };
+ };
+ hack-color = (rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
+ name = "hack";
+ in {
+ name = "vim-color-${name}-1.0.2";
+ destination = "/colors/${name}.vim";
+ text = /* vim */ ''
+ set background=dark
+ hi clear
+ if exists("syntax_on")
+ syntax clear
+ endif
+
+ let colors_name = ${builtins.toJSON name}
+
+ hi Normal ctermbg=016
+ hi Comment ctermfg=255
+ hi Constant ctermfg=229
+ hi Identifier ctermfg=123
+ hi Function ctermfg=041
+ hi Statement ctermfg=167
+ hi PreProc ctermfg=167
+ hi Type ctermfg=046
+ hi Delimiter ctermfg=251
+ hi Special ctermfg=146
+
+ hi Garbage ctermbg=124
+ hi TabStop ctermbg=020
+ hi NBSP ctermbg=056
+ hi NarrowNBSP ctermbg=097
+ hi Todo ctermfg=174 ctermbg=NONE
+
+ hi NixCode ctermfg=190
+ hi NixData ctermfg=149
+ hi NixQuote ctermfg=119
+
+ hi diffNewFile ctermfg=207
+ hi diffFile ctermfg=207
+ hi diffLine ctermfg=207
+ hi diffSubname ctermfg=207
+ hi diffAdded ctermfg=010
+ hi diffRemoved ctermfg=009
+ '';
+ }));
+ };
+in {
+ users.users.mud = {
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = with config.krebs.users; [
+ lass.pubkey
+ makefu.pubkey
+ kmein.pubkey
+ tv.pubkey
+ ];
+ packages = with pkgs; [
+ tmux
+ (pkgs.writers.writeDashBin "instant_server" ''
+ find ${customPlugins.instant}
+ find ${customPlugins.instant.src}
+ '')
+ mud
+ ];
+ };
+}
diff --git a/krebs/3modules/ergo.nix b/krebs/3modules/ergo.nix
index 0ce0345d8..3153e4cfc 100644
--- a/krebs/3modules/ergo.nix
+++ b/krebs/3modules/ergo.nix
@@ -6,6 +6,7 @@
type = (pkgs.formats.json {}).type;
description = ''
Ergo IRC daemon configuration file.
+ https://raw.githubusercontent.com/ergochat/ergo/master/default.yaml
'';
default = {
network = {
@@ -34,19 +35,34 @@
};
};
datastore = {
+ autoupgrade = true;
path = "/var/lib/ergo/ircd.db";
};
accounts = {
authentication-enabled = true;
registration = {
enabled = true;
- email-verification = {
- enabled = false;
+ allow-before-connect = true;
+ throttling = {
+ enabled = true;
+ duration = "10m";
+ max-attempts = 30;
};
+ bcrypt-cost = 4;
+ email-verification.enabled = false;
+ };
+ multiclient = {
+ enabled = true;
+ allowed-by-default = true;
+ always-on = "opt-in";
+ auto-away = "opt-in";
};
};
channels = {
- default-modes = "+nt";
+ default-modes = "+ntC";
+ registration = {
+ enabled = true;
+ };
};
limits = {
nicklen = 32;
@@ -56,6 +72,31 @@
kicklen = 390;
topiclen = 390;
};
+ history = {
+ enabled = true;
+ channel-length = 2048;
+ client-length = 256;
+ autoresize-window = "3d";
+ autoreplay-on-join = 0;
+ chathistory-maxmessages = 100;
+ znc-maxmessages = 2048;
+ restrictions = {
+ expire-time = "1w";
+ query-cutoff = "none";
+ grace-period = "1h";
+ };
+ retention = {
+ allow-individual-delete = false;
+ enable-account-indexing = false;
+ };
+ tagmsg-storage = {
+ default = false;
+ whitelist = [
+ "+draft/react"
+ "+react"
+ ];
+ };
+ };
};
};
};
@@ -64,13 +105,17 @@
cfg = config.krebs.ergo;
configFile = pkgs.writeJSON "ergo.conf" cfg.config;
in lib.mkIf cfg.enable ({
+ environment.etc."ergo.yaml".source = configFile;
krebs.ergo.config =
lib.mapAttrsRecursive (_: lib.mkDefault) options.krebs.ergo.config.default;
systemd.services.ergo = {
description = "Ergo IRC daemon";
wantedBy = [ "multi-user.target" ];
+ reloadIfChanged = true;
+ restartTriggers = [ configFile ];
serviceConfig = {
- ExecStart = "${pkgs.ergo}/bin/ergo run --conf ${configFile}";
+ ExecStart = "${pkgs.ergo}/bin/ergo run --conf /etc/ergo.yaml";
+ ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID";
DynamicUser = true;
StateDirectory = "ergo";
};
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index 4a87c3501..4c4e53f2f 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -253,12 +253,12 @@ in {
};
};
- pinpox-ahorn = {
+ ahorn = {
owner = config.krebs.users.pinpox;
nets = {
retiolum = {
ip4.addr = "10.243.100.100";
- aliases = [ "pinpox-ahorn.r" ];
+ aliases = [ "ahorn.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAyfCuWUYEqp4vEt+a6DRvFpIrBu+GlkpNs/mE4OHzATQLNnWooOXQ
diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix
index b1e11b452..9a3c855f4 100644
--- a/krebs/3modules/external/mic92.nix
+++ b/krebs/3modules/external/mic92.nix
@@ -173,7 +173,7 @@ in {
};
retiolum = {
via = internet;
- aliases = [ "eve.r" ];
+ aliases = [ "eve.r" "tts.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH
diff --git a/krebs/3modules/external/ssh/kmein.pub b/krebs/3modules/external/ssh/kmein.pub
index 5711a2c1c..8eade3498 100644
--- a/krebs/3modules/external/ssh/kmein.pub
+++ b/krebs/3modules/external/ssh/kmein.pub
@@ -1 +1,2 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC19H0FhSNWcfBRPKzbTVSMJikIWZl0CoM8zCm+/3fdMgoaLRpeZWe/AfDK6b4qOjk/sez/J0JUFCGr+JbMwjsduoazsuQowu9L9DLP9Q5UkJje4BD7MHznaeu9/XfVng/MvyaEWArA/VUJeKQesHe76tR511/+n3+bdzlIh8Zw/3wfFxmg1OTNA99/vLkXrQzHDTuV/yj1pxykL4xFtN0OIssW1IKncJeKtkO/OHGT55ypz52Daj6bNKqvxiTuzeEhv5M+5ppyIPcRf1uj/7IaPKttCgZAntEqBTIR9MbyXFeAZVayzaFnLl2okeam5XreeZbj+Y1h2ZjxiIuWoab3MLndSekVfLtfa63gtcWIf8CIvZO2wJoH8v73y0U78JsfWVaTM09ZCfFlHHA/bWqZ6laAjW+mWLO/c77DcYkB3IBzaMVNfc6mfTcGFIC+biWeYpKgA0zC6rByUPbmbIoMueP9zqJwqUaM90Nwd6559inBB107/BK3Ktb3b+37mMCstetIPB9e4EFpGMjhmnL/G81jS53ACWLXJYzt7mKU/fEsiW93MtaB+Le46OEC18y/4G8F7p/nnH7i0kO74ukxbnc4PlpiM7iWT6ra2Cyy+nzEgdXCNXywIxr05TbCQDwX6/NY8k7Hokgdfyz+1Pq3sX0yCcWRPaoB26YF12KYFQ== kieran.meinhardt@gmail.com
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyTnGhFq0Q+vghNhrqNrAyY+CsN7nNz8bPfiwIwNpjk
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOiQEc8rTr7C7xVLYV7tQ99BDDBLrJsy5hslxtCEatkB
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index 1b5d903cb..5e0e69924 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -92,6 +92,7 @@ in {
h5ZUzfd1r1pTzQ0nYD5aRtlDd7zP7y5tUwIDAQAB
-----END RSA PUBLIC KEY-----
'';
+ tinc.pubkey_ed25519 = "ugy/sGReVro3YzjDuroV/5hdeBdqD18no9dMhTy9DYL";
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
diff --git a/krebs/5pkgs/simple/weechat-declarative/default.nix b/krebs/5pkgs/simple/weechat-declarative/default.nix
new file mode 100644
index 000000000..e6ecfd631
--- /dev/null
+++ b/krebs/5pkgs/simple/weechat-declarative/default.nix
@@ -0,0 +1,153 @@
+{ pkgs, lib, ... }@args:
+
+let
+ # config cannot be declared in the input attribute set because that would
+ # cause callPackage to inject the wrong config. Instead, get it from ...
+ # via args.
+ config = args.config or {};
+
+ lib = args.lib // rec {
+ attrPaths = let
+ recurse = path: value:
+ if builtins.isAttrs value then
+ lib.mapAttrsToList (name: recurse (path ++ [ name ])) value
+ else [ (lib.nameValuePair path value) ];
+ in attrs: lib.flatten (recurse [] attrs);
+
+ attrPathsSep = sep: attrs: lib.listToAttrs (map (x: x // { name = lib.concatStringsSep sep x.name; }) (attrPaths attrs));
+
+ toWeechatValue = x: {
+ bool = builtins.toJSON x;
+ string = x;
+ list = lib.concatMapStringsSep "," toWeechatValue x;
+ int = toString x;
+ }.${builtins.typeOf x};
+
+ setCommand = name: value: "/set ${name} \"${toWeechatValue value}\"";
+
+ filterAddreplace = name: filter:
+ "/filter addreplace ${name} ${filter.buffer} ${toWeechatValue filter.tags} ${filter.regex}";
+ };
+
+ cfg = eval.config;
+
+ eval = lib.evalModules {
+ modules = lib.singleton {
+ _file = toString ./weechat-declarative.nix;
+ imports = lib.singleton config;
+ options = {
+ scripts = lib.mkOption {
+ type = lib.types.listOf lib.types.package;
+ default = [];
+ description = ''
+ some stuff from pkgs.weechatScripts
+ '';
+ };
+ settings = lib.mkOption {
+ type = (pkgs.formats.json {}).type;
+ description = ''
+ your weechat config in nix-style syntax.
+ secrets can be defined with \''${my.secret.value}
+ '';
+ default = {};
+ example = {
+ irc.server_default.nicks = "rick_\\\${sec.data.foo}";
+ irc.server_default.msg_part = "ciao kakao";
+ irc.server_default.msg_quit = "tschö mit \\\${sec.data.foo}";
+ irc.look.color_nicks_in_nicklist = true;
+ matrix.server.nibbana = {
+ address = "nibbana.jp";
+ };
+ irc.server.hackint = {
+ address = "irc.hackint.org/6697";
+ ssl = true;
+ autoconnect = true;
+ autojoin = [ "#krebs" ];
+ };
+ weechat.bar.buflist.hidden = true;
+ irc.server.hackint.command = lib.concatStringsSep "\\;" [
+ "/msg nickserv IDENTIFY \\\${sec.data.hackint_password}"
+ "/msg nickserv SET CLOAK ON"
+ ];
+ filters.playlist_topic = {
+ buffer = "irc.*.#the_playlist";
+ tags = [ "irc_topic" ];
+ regex = "*";
+ };
+ relay = {
+ port.weechat = 9000;
+ network.password = "hunter2";
+ };
+ alias.cmd.mod = "quote omode $channel +o $nick";
+ secure.test.passphrase_command = "echo lol1234123124";
+ };
+ };
+ extraCommands = lib.mkOption {
+ type = lib.types.lines;
+ default = "";
+ };
+ files = lib.mkOption {
+ type = lib.types.attrsOf lib.types.str;
+ default = {};
+ example = lib.literalExpression ''
+ {
+ "sec.conf" = toString (pkgs.writeText "sec.conf" '''
+ [crypt]
+ cipher = aes256
+ hash_algo = sha256
+ passphrase_command = ""
+ salt = on
+
+ [data]
+ __passphrase__ = off
+ foo = "bar"
+ ''');
+ }
+ '';
+ };
+ };
+ };
+ };
+
+ weechat = pkgs.weechat.override {
+ configure = _: {
+ init = lib.optionalString (cfg.settings != {})
+ (lib.concatStringsSep "\n" (
+ lib.optionals
+ (cfg.settings.irc or {} != {})
+ (lib.mapAttrsToList
+ (name: server: "/server add ${name} ${server.address}")
+ cfg.settings.irc.server)
+ ++
+ lib.optionals
+ (cfg.settings.matrix or {} != {})
+ (lib.mapAttrsToList
+ (name: server: "/matrix server add ${name} ${server.address}")
+ cfg.settings.matrix.server)
+ ++
+ lib.mapAttrsToList lib.setCommand (lib.attrPathsSep "." cfg.settings)
+ ++
+ lib.optionals
+ (cfg.settings.filters or {} != {})
+ (lib.mapAttrsToList lib.filterAddreplace cfg.settings.filters)
+ ++
+ lib.singleton cfg.extraCommands
+ ));
+
+ scripts = cfg.scripts;
+ };
+ };
+
+in pkgs.writers.writeDashBin "weechat" ''
+ CONFDIR=''${XDG_CONFIG_HOME:-$HOME/.config}/weechat
+ ${pkgs.coreutils}/bin/mkdir -p "$CONFDIR"
+ ${lib.concatStringsSep "\n"
+ (lib.mapAttrsToList
+ (name: target: /* sh */ ''
+ ${pkgs.coreutils}/bin/ln -s ${lib.escapeShellArg target} "$CONFDIR"/${lib.escapeShellArg name}
+ '')
+ cfg.files
+ )
+ }
+ exec ${weechat}/bin/weechat "$@"
+''
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index babaad004..cab3ab115 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "ac169ec6371f0d835542db654a65e0f2feb07838",
- "date": "2021-12-26T18:43:05+01:00",
- "path": "/nix/store/l1qmvpx4pj24ijsm44n64vw2fnl9dpc7-nixpkgs",
- "sha256": "0bwjyz15sr5f7z0niwls9127hikp2b6fggisysk0cnk3l6fa8abh",
+ "rev": "59bfda72480496f32787cec8c557182738b1bd3f",
+ "date": "2021-12-31T15:09:52+01:00",
+ "path": "/nix/store/wy2iidg15nwgmn8xir8fbr1lfz1hqphb-nixpkgs",
+ "sha256": "18akd1chfvniq1q774rigfxgmxwi0wyjljpa1j9ls59szpzr316d",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 62d30d416..43f298973 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "d887ac7aee92e8fc54dde9060d60d927afae9d69",
- "date": "2021-12-26T21:39:36-05:00",
- "path": "/nix/store/6rczi6lazq369qw1hl4mhnx30pi74vjl-nixpkgs",
- "sha256": "1bpgfv45b1yvrgpwdgc4fm4a6sav198yd41bsrvlmm3jn2wi6qx5",
+ "rev": "d1e59cfc49961e121583abe32e2f3db1550fbcff",
+ "date": "2022-01-01T22:20:39+08:00",
+ "path": "/nix/store/azrxsxpszjwgg75jk1pkzlzjcj0qnw8d-nixpkgs",
+ "sha256": "03ldf1dlxqf3g8qh9x5vp6vd9zvvr481fyjds111imll69y60wpm",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,