diff options
-rw-r--r-- | krebs/1systems/hotdog/config.nix | 2 | ||||
-rw-r--r-- | krebs/2configs/ergo.nix | 13 | ||||
-rw-r--r-- | krebs/2configs/ircd.nix | 149 | ||||
-rw-r--r-- | krebs/2configs/news.nix | 8 | ||||
-rw-r--r-- | krebs/3modules/ergo.nix | 15 | ||||
-rw-r--r-- | krebs/3modules/external/mic92.nix | 9 | ||||
-rw-r--r-- | krebs/5pkgs/haskell/brockman/default.nix | 4 | ||||
-rw-r--r-- | krebs/nixpkgs-unstable.json | 8 | ||||
-rw-r--r-- | krebs/nixpkgs.json | 8 | ||||
-rw-r--r-- | makefu/1systems/gum/config.nix | 8 | ||||
-rw-r--r-- | makefu/2configs/deployment/mediengewitter.de.nix | 22 | ||||
-rw-r--r-- | makefu/2configs/home/ham/light/tint_wohnzimmer.nix | 292 |
12 files changed, 391 insertions, 147 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 6a51bf45f..cf07d3b4d 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -7,7 +7,7 @@ <stockholm/krebs/2configs/buildbot-stockholm.nix> <stockholm/krebs/2configs/binary-cache/nixos.nix> - <stockholm/krebs/2configs/ergo.nix> + <stockholm/krebs/2configs/ircd.nix> <stockholm/krebs/2configs/reaktor2.nix> <stockholm/krebs/2configs/wiki.nix> <stockholm/krebs/2configs/acme.nix> diff --git a/krebs/2configs/ergo.nix b/krebs/2configs/ergo.nix deleted file mode 100644 index db0bc5748..000000000 --- a/krebs/2configs/ergo.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, pkgs, ... }: - -{ - networking.firewall.allowedTCPPorts = [ - 6667 - ]; - - krebs.ergo = { - enable = true; - }; -} - - diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index 904878731..c6c91e074 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -1,121 +1,44 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, ... }: { networking.firewall.allowedTCPPorts = [ - 6667 6669 + 6667 ]; - systemd.services.solanum.serviceConfig.LimitNOFILE = lib.mkForce 16384; - - services.solanum = { + krebs.ergo = { enable = true; - motd = '' - hello - ''; - config = '' - loadmodule "extensions/m_omode"; - serverinfo { - name = "${config.krebs.build.host.name}.irc.r"; - sid = "1as"; - description = "irc!"; - network_name = "irc.r"; - - vhost = "0.0.0.0"; - vhost6 = "::"; - - #ssl_private_key = "etc/ssl.key"; - #ssl_cert = "etc/ssl.cert"; - #ssl_dh_params = "etc/dh.pem"; - #ssld_count = 1; - - default_max_clients = 2048; - #nicklen = 30; - }; - - listen { - defer_accept = yes; - - /* If you want to listen on a specific IP only, specify host. - * host definitions apply only to the following port line. - */ - host = "0.0.0.0"; - port = 6667; - #sslport = 6697; - - /* Listen on IPv6 (if you used host= above). */ - host = "::"; - port = 6667; - #sslport = 6697; - }; - - class "users" { - ping_time = 2 minutes; - number_per_ident = 10; - number_per_ip = 4096; - number_per_ip_global = 4096; - cidr_ipv4_bitlen = 24; - cidr_ipv6_bitlen = 64; - number_per_cidr = 65535; - max_number = 65535; - sendq = 1000 megabyte; - }; - - privset "op" { - privs = oper:admin, oper:general; - }; - - operator "aids" { - user = "*@*"; - password = "balls"; - flags = ~encrypted; - snomask = "+s"; - privset = "op"; - }; - - exempt { - ip = "127.0.0.1"; - }; - - exempt { - ip = "10.243.0.0/16"; - }; - - auth { - user = "*@*"; - class = "users"; - flags = kline_exempt, exceed_limit, flood_exempt; - }; - - channel { - autochanmodes = "+t"; - use_invex = yes; - use_except = yes; - use_forward = yes; - use_knock = yes; - knock_delay = 5 minutes; - knock_delay_channel = 1 minute; - max_chans_per_user = 150; - max_bans = 100; - max_bans_large = 500; - default_split_user_count = 0; - default_split_server_count = 0; - no_create_on_split = no; - no_join_on_split = no; - burst_topicwho = yes; - kick_on_split_riding = no; - only_ascii_channels = no; - resv_forcepart = yes; - channel_target_change = yes; - disable_local_channels = no; - }; - - general { - #maybe we want ident someday? - default_floodcount = 10000; - disable_auth = yes; - throttle_duration = 1; - throttle_count = 10000; - }; - ''; + config = { + server.secure-nets = [ + "42::0/16" + "10.240.0.0/12" + ]; + oper-classes.server-admin = { + title = "admin"; + capabilities = [ + "kill" # disconnect user sessions + "ban" # ban IPs, CIDRs, and NUH masks ("d-line" and "k-line") + "nofakelag" # remove "fakelag" restrictions on rate of message sending + "relaymsg" # use RELAYMSG in any channel (see the 'relaymsg' config block) + "vhosts" # add and remove vhosts from users + "sajoin" # join arbitrary channels, including private channels + "samode" # modify arbitrary channel and user modes + "snomasks" # subscribe to arbitrary server notice masks + "roleplay" # use the (deprecated) roleplay commands in any channel + "rehash" # rehash the server, i.e. reload the config at runtime + "accreg" # modify arbitrary account registrations + "chanreg" # modify arbitrary channel registrations + "history" # modify or delete history messages + "defcon" # use the DEFCON command (restrict server capabilities) + "massmessage" # message all users on the server + ]; + }; + opers.aids = { + class = "server-admin"; + hidden = false; + password = "$2a$04$0AtVycWQJ07ymrDdKyAm2un3UVSVIzpzL3wsWbWb3PF95d1CZMcMO"; + }; + }; }; } + + diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index 84a39f95b..9ea4cbf8d 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -68,7 +68,13 @@ wantedBy = [ "multi-user.target" ]; }; - systemd.services.brockman.bindsTo = [ "solanum.service" ]; + krebs.ergo.openFilesLimit = 16384; + krebs.ergo.config = { + limits.nicklen = 100; + limits.identlen = 100; + history.enabled = false; + }; + systemd.services.brockman.bindsTo = [ "ergo.service" ]; systemd.services.brockman.serviceConfig.LimitNOFILE = 16384; systemd.services.brockman.environment.BROCKMAN_LOG_LEVEL = "DEBUG"; krebs.brockman = { diff --git a/krebs/3modules/ergo.nix b/krebs/3modules/ergo.nix index 3153e4cfc..50c5ab628 100644 --- a/krebs/3modules/ergo.nix +++ b/krebs/3modules/ergo.nix @@ -2,6 +2,13 @@ options = { krebs.ergo = { enable = lib.mkEnableOption "Ergo IRC daemon"; + openFilesLimit = lib.mkOption { + type = lib.types.int; + default = 1024; + description = '' + Maximum number of open files. Limits the clients and server connections. + ''; + }; config = lib.mkOption { type = (pkgs.formats.json {}).type; description = '' @@ -54,8 +61,8 @@ multiclient = { enabled = true; allowed-by-default = true; - always-on = "opt-in"; - auto-away = "opt-in"; + always-on = "opt-out"; + auto-away = "opt-out"; }; }; channels = { @@ -111,13 +118,15 @@ systemd.services.ergo = { description = "Ergo IRC daemon"; wantedBy = [ "multi-user.target" ]; - reloadIfChanged = true; + # reload currently not working as expected + # reloadIfChanged = true; restartTriggers = [ configFile ]; serviceConfig = { ExecStart = "${pkgs.ergo}/bin/ergo run --conf /etc/ergo.yaml"; ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID"; DynamicUser = true; StateDirectory = "ergo"; + LimitNOFILE = "${toString cfg.openFilesLimit}"; }; }; }); diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 349a6c343..cd11fb2c5 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -526,8 +526,10 @@ in { }; turingmachine = { owner = config.krebs.users.mic92; - nets = { + nets = rec { + internet.addrs = [ "turingmachine.thalheim.io" ]; retiolum = { + via = internet; aliases = [ "turingmachine.r" ]; @@ -678,7 +680,9 @@ in { jarvis = { owner = config.krebs.users.mic92; nets = rec { + internet.addrs = [ "jarvis.thalheim.io" ]; retiolum = { + via = internet; aliases = [ "jarvis.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -697,7 +701,9 @@ in { bernie = { owner = config.krebs.users.mic92; nets = rec { + internet.addrs = [ "bernie.thalheim.io" ]; retiolum = { + via = internet; aliases = [ "bernie.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -719,7 +725,6 @@ in { }; }; - ryan = { owner = config.krebs.users.mic92; nets = rec { diff --git a/krebs/5pkgs/haskell/brockman/default.nix b/krebs/5pkgs/haskell/brockman/default.nix index 01b7a0570..8a2311a2e 100644 --- a/krebs/5pkgs/haskell/brockman/default.nix +++ b/krebs/5pkgs/haskell/brockman/default.nix @@ -7,12 +7,12 @@ }: mkDerivation rec { pname = "brockman"; - version = "4.0.2"; + version = "4.0.3"; src = fetchFromGitHub { owner = "kmein"; repo = "brockman"; rev = version; - sha256 = "sha256-EKXKhGdIJRbRklD5zxJNGhOxqPzog4f9NMXo/c8iBGc="; + sha256 = "sha256-rjwroSG9ys0FV2JM70kzmCutMVpUTx8cQ+jQq8Hw1kw="; }; isLibrary = false; isExecutable = true; diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index cab3ab115..29b3178c8 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "59bfda72480496f32787cec8c557182738b1bd3f", - "date": "2021-12-31T15:09:52+01:00", - "path": "/nix/store/wy2iidg15nwgmn8xir8fbr1lfz1hqphb-nixpkgs", - "sha256": "18akd1chfvniq1q774rigfxgmxwi0wyjljpa1j9ls59szpzr316d", + "rev": "0ecf7d414811f831060cf55707c374d54fbb1dec", + "date": "2022-01-09T09:46:51+03:00", + "path": "/nix/store/msdcl0dhi6480vnsmv7vgpif42wj2al3-nixpkgs", + "sha256": "00xbm9lrivsj2w1jks2cnk5brbg5kvxjfj23kq0qyr8nvh57wln9", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 43f298973..f34cfa32b 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "d1e59cfc49961e121583abe32e2f3db1550fbcff", - "date": "2022-01-01T22:20:39+08:00", - "path": "/nix/store/azrxsxpszjwgg75jk1pkzlzjcj0qnw8d-nixpkgs", - "sha256": "03ldf1dlxqf3g8qh9x5vp6vd9zvvr481fyjds111imll69y60wpm", + "rev": "79c7b6a353e22f0eec342dead0bc69fb7ce846db", + "date": "2022-01-09T23:59:32-03:00", + "path": "/nix/store/41cc41pyszadfgkddrp6dv11wkkmq5ji-nixpkgs", + "sha256": "1ihlj5wrzx151zhyr0vbiwyvhhc4g9chbaz4dy2a2i2v9fwwhjl2", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 39c0554e0..dcb3dc1d4 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -49,7 +49,6 @@ in { # <stockholm/makefu/2configs/gui/xpra.nix> # networking - <stockholm/makefu/2configs/vpn/openvpn-server.nix> # <stockholm/makefu/2configs/vpn/vpnws/server.nix> #<stockholm/makefu/2configs/dnscrypt/server.nix> <stockholm/makefu/2configs/iodined.nix> @@ -63,7 +62,7 @@ in { ListenAddress = ${external-ip} 21031 ''; connectTo = [ - "prism" "ni" "enklave" "eve" "archprism" + "prism" "ni" "enklave" "eve" "dishfire" ]; }; networking.firewall = { @@ -117,7 +116,7 @@ in { ## network - <stockholm/makefu/2configs/vpn/openvpn-server.nix> + # <stockholm/makefu/2configs/vpn/openvpn-server.nix> # <stockholm/makefu/2configs/vpn/vpnws/server.nix> <stockholm/makefu/2configs/binary-cache/server.nix> { makefu.backup.server.repo = "/var/backup/borg"; } @@ -156,6 +155,7 @@ in { <stockholm/makefu/2configs/deployment/boot-euer.nix> <stockholm/makefu/2configs/deployment/gecloudpad> <stockholm/makefu/2configs/deployment/docker/archiveteam-warrior.nix> + <stockholm/makefu/2configs/deployment/mediengewitter.de.nix> <stockholm/makefu/2configs/bgt/etherpad.euer.krebsco.de.nix> # <stockholm/makefu/2configs/deployment/systemdultras-rss.nix> @@ -181,7 +181,7 @@ in { ## Temporary: # <stockholm/makefu/2configs/temp/rst-issue.nix> <stockholm/makefu/2configs/virtualisation/docker.nix> - <stockholm/makefu/2configs/virtualisation/libvirt.nix> + #<stockholm/makefu/2configs/virtualisation/libvirt.nix> # krebs infrastructure services # <stockholm/makefu/2configs/stats/server.nix> diff --git a/makefu/2configs/deployment/mediengewitter.de.nix b/makefu/2configs/deployment/mediengewitter.de.nix new file mode 100644 index 000000000..7c2073e8e --- /dev/null +++ b/makefu/2configs/deployment/mediengewitter.de.nix @@ -0,0 +1,22 @@ +{ config, lib, pkgs, ... }: +# more than just nginx config but not enough to become a module +let + domain = "over.voltage.nz"; +in { + + services.nginx = { + enable = lib.mkDefault true; + virtualHosts."mediengewitter.de" = { + enableACME = true; + forceSSL = true; + locations."/".return = "301 http://${domain}\$request_uri"; + #locations."/" = { + # proxyPass = "http://over.voltage.nz"; + #}; + #locations."/socket.io" = { + # proxyPass = "ws://over.voltage.nz"; + # proxyWebsockets = true; + #}; + }; + }; +} diff --git a/makefu/2configs/home/ham/light/tint_wohnzimmer.nix b/makefu/2configs/home/ham/light/tint_wohnzimmer.nix new file mode 100644 index 000000000..c9aeb850b --- /dev/null +++ b/makefu/2configs/home/ham/light/tint_wohnzimmer.nix @@ -0,0 +1,292 @@ +{ lib, ...}: +# cycle through scenes + +# cycle through color palettes +# {% set options = state_attr('select.wled_color_palette','options') -%} +# {% set selection = options.index(states('select.wled_color_palette')) -%} +# {% if false -%} +# {% if (selection + 1) >= options | length -%} +# {{ options[0] }} +# {% else -%} +# {{ options[selection + 1] }} +# {% endif %} +# {% elif true -%} +# {{ options[selection -1] }} +# {% endif -%} + +let + group_id_1 = 16388; + group_id_2 = 16389; + group_id_3 = 16390; + remote = "sensor.schlafzimmer_remote1_action"; + main_light_1 = "light.wled"; + default_scene_1 = "Solid"; + default_color_1 = "Default"; + main_color_select_1 = "select.wled_color_palette"; + light_group_1 = { entity_id = [ main_light_1 ];}; + + # contains only the actually changeable lights + light_group_2 = { entity_id = [ + "light.wohnzimmer_komode_osram" + "light.wohnzimmer_schrank_osram" + "light.wohnzimmer_fenster_lichterkette_licht" + ]; + }; + light_group_3 = { entity_id = [ "light.wohnzimmer_stehlampe_osram" ]; }; + + statecond = cond: { # cond must be a list + condition = "template"; + value_template = "{{ trigger.to_state.attributes.action in ( " + + (lib.concatMapStringsSep "," (x: "'${x}'") cond) + ") }}"; + }; +in { + services.home-assistant.config.automation = [ + { + alias = "Perform Actions with ${remote}"; + mode = "queued"; + max = 5; + max_exceeded = "silent"; + trigger = { + platform = "state"; + entity_id = remote; + }; + condition = { + condition = "and"; + conditions = [ + { + condition = "template"; + value_template = "{{ trigger.from_state.state != trigger.to_state.state }}"; + } + ( statecond [ "off" "on" "color_wheel" + "brightness_up_click" "brightness_down_click" + "color_temp" "color_temperature_move" + "brightness_step_down" "brightness_step_up" "brightness_down_hold" "brightness_down_release" "brightness_up_hold" "brightness_up_release" + "scene_3" "scene_1" "scene_2" # working sunset party + "scene_6" "scene_4" "scene_5" # night campfire romantic + ]) + ]; + }; + action = [ + { service = "system_log.write"; + data = { + level = "info"; + message = "Tint Button pressed: {{ trigger.to_state.state }} Group: {{ trigger.to_state.attributes.action_group }} Length {{ input_working_scene_1 | length }}"; + }; + } + { + choose = [ + { # light group 1 + conditions = { + condition = "template"; + value_template = "{{ trigger.to_state.attributes.action_group == ${toString group_id_1} }}"; + }; + sequence = [ + { + choose = [ + { + conditions = statecond [ "on" "off" ]; + sequence = { + service = "light.turn_{{ trigger.to_state.state }}"; + target = light_group_1; + }; + } + { + conditions = statecond [ "color_wheel" ]; + sequence = { + data.xy_color = [ + "{{ trigger.to_state.attributes.action_color.x | float }}" + "{{ trigger.to_state.attributes.action_color.y | float }}" + ]; + service = "light.turn_on"; + target = light_group_1; + }; + } + { + conditions = statecond [ "color_temp" ]; + sequence = { + data.color_temp = "{{ trigger.to_state.attributes.action_color_temperature | float }}"; + service = "light.turn_on"; + target = light_group_1; + }; + } + { + conditions = statecond [ "brightness_up_click" "brightness_down_click" ]; + sequence = [ + { + variables.factor = ''{% if trigger.to_state.state in ( "brightness_down_click") %} -12 {% else %} 12 {% endif %}''; + } + { + data.brightness_step_pct = "{{ factor | int }}"; + service = "light.turn_on"; + target = light_group_1; + } + ]; + } + { + conditions = statecond [ + "scene_3" # working => previous scene + "scene_1" # sunset => default scene (solid) + "scene_2" # party => next scene + + ]; + sequence = [ + { + data.effect = '' + {% set options = state_attr("${main_light_1}","effect_list") -%} + {% set selection = options.index(state_attr("${main_light_1}","effect")) -%} + {% if trigger.to_state.attributes.action == "scene_2" -%} + {% if (selection + 1) >= options | length -%} + {{ options[0] }} + {% else -%} + {{ options[selection + 1] }} + {% endif %} + {% elif trigger.to_state.attributes.action == "scene_1" -%} + ${default_scene_1} + {% elif trigger.to_state.attributes.action == "scene_3" -%} + {{ options[selection - 1] }} + {% endif -%} + ''; + service = "light.turn_on"; + target.entity_id = main_light_1; + } + ]; + } + { + conditions = statecond [ + "scene_6" # night => previous color + "scene_4" # campfire => default Color (Default) + "scene_5" # romance => next color + + ]; + sequence = [ + { + data.option = '' + {% set options = state_attr("${main_color_select_1}","options") -%} + {% set selection = options.index(states("${main_color_select_1}")) -%} + {% if trigger.to_state.attributes.action == "scene_5" -%} + {% if (selection + 1) >= options | length -%} + {{ options[0] }} + {% else -%} + {{ options[selection + 1] }} + {% endif %} + {% elif trigger.to_state.attributes.action == "scene_4" -%} + ${default_color_1} + {% elif trigger.to_state.attributes.action == "scene_6" -%} + {{ options[selection - 1] }} + {% endif -%} + ''; + service = "select.select_option"; + target.entity_id = main_color_select_1; + } + ]; + } + ]; + } + ]; + } + { # light group 2 + conditions = { + condition = "template"; + value_template = "{{ trigger.to_state.attributes.action_group == ${toString group_id_2} }}"; + }; + sequence = [ + { + choose = [ + { conditions = statecond [ "on" "off" ]; + sequence = { + service = "light.turn_{{ trigger.to_state.state }}"; + target = light_group_2; + }; + } + { + conditions = statecond [ "color_wheel" ]; + sequence = { + data.xy_color = [ + "{{ trigger.to_state.attributes.action_color.x | float }}" + "{{ trigger.to_state.attributes.action_color.y | float }}" + ]; + service = "light.turn_on"; + target = light_group_2; + }; + } + { + conditions = statecond [ "color_temp" ]; + sequence = { + data.color_temp = "{{ trigger.to_state.attributes.action_color_temperature | float }}"; + service = "light.turn_on"; + target = light_group_2; + }; + } + { + conditions = statecond [ "brightness_up_click" "brightness_down_click" ]; + sequence = [ + { + variables.factor = ''{% if trigger.to_state.state in ( "brightness_down_click") %} -12 {% else %} 12 {% endif %}''; + } + { + data.brightness_step_pct = "{{ factor | int }}"; + service = "light.turn_on"; + target = light_group_2; + } + ]; + } + ]; + } + ]; + } + { # light group 3 + conditions = { + condition = "template"; + value_template = "{{ trigger.to_state.attributes.action_group == ${toString group_id_3} }}"; + }; + sequence = [ + { + choose = [ + { conditions = statecond [ "on" "off" ]; + sequence = { + service = "light.turn_{{ trigger.to_state.state }}"; + target = light_group_3; + }; + } + { + conditions = statecond [ "color_wheel" ]; + sequence = { + data.xy_color = [ + "{{ trigger.to_state.attributes.action_color.x | float }}" + "{{ trigger.to_state.attributes.action_color.y | float }}" + ]; + service = "light.turn_on"; + target = light_group_3; + }; + } + { + conditions = statecond [ "color_temperature_move" ]; + sequence = { + data.color_temp = "{{ trigger.to_state.attributes.action_color_temperature | float }}"; + service = "light.turn_on"; + target = light_group_3; + }; + } + { + conditions = statecond [ "brightness_up_click" "brightness_down_click" ]; + sequence = [ + { + variables.factor = ''{% if trigger.to_state.state in ( "brightness_down_click") %} -12 {% else %} 12 {% endif %}''; + } + { + data.brightness_step_pct = "{{ factor | int }}"; + service = "light.turn_on"; + target = light_group_3; + } + ]; + } + ]; + } + ]; + } + ]; + } + ]; + } + ]; +} |