summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/1systems/hotdog/config.nix4
-rw-r--r--krebs/2configs/nscd-fix.nix24
-rw-r--r--krebs/2configs/reaktor-krebs.nix26
-rw-r--r--krebs/2configs/reaktor-retiolum.nix17
-rw-r--r--krebs/2configs/reaktor2.nix152
-rw-r--r--krebs/3modules/Reaktor.nix5
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/reaktor2.nix14
-rw-r--r--krebs/5pkgs/haskell/blessings.nix4
-rw-r--r--krebs/5pkgs/haskell/much.nix (renamed from krebs/5pkgs/simple/much/cabal.nix)9
-rw-r--r--krebs/5pkgs/haskell/reaktor2.nix24
-rw-r--r--krebs/5pkgs/simple/Reaktor/default.nix6
-rwxr-xr-x[-rw-r--r--]krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh2
-rwxr-xr-x[-rw-r--r--]krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh0
-rwxr-xr-x[-rw-r--r--]krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py2
-rwxr-xr-x[-rw-r--r--]krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh0
-rw-r--r--krebs/5pkgs/simple/much/default.nix3
-rw-r--r--krebs/5pkgs/simple/reaktor2-plugins.nix106
-rw-r--r--lass/1systems/prism/config.nix15
-rw-r--r--lass/1systems/prism/physical.nix14
-rw-r--r--lass/1systems/yellow/config.nix92
-rw-r--r--lass/2configs/baseX.nix2
-rw-r--r--lass/2configs/default.nix5
-rw-r--r--lass/2configs/exim-smarthost.nix1
-rw-r--r--lass/2configs/mail.nix2
-rw-r--r--lass/2configs/reaktor-coders.nix194
-rw-r--r--lass/2configs/websites/domsen.nix24
-rw-r--r--tv/2configs/mail-client.nix17
28 files changed, 530 insertions, 235 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index cf72e0d73..916073375 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -12,8 +12,8 @@
<stockholm/krebs/2configs/buildbot-stockholm.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/ircd.nix>
- <stockholm/krebs/2configs/reaktor-retiolum.nix>
- <stockholm/krebs/2configs/reaktor-krebs.nix>
+ <stockholm/krebs/2configs/nscd-fix.nix>
+ <stockholm/krebs/2configs/reaktor2.nix>
<stockholm/krebs/2configs/repo-sync.nix>
];
diff --git a/krebs/2configs/nscd-fix.nix b/krebs/2configs/nscd-fix.nix
new file mode 100644
index 000000000..8e5909e72
--- /dev/null
+++ b/krebs/2configs/nscd-fix.nix
@@ -0,0 +1,24 @@
+with import <stockholm/lib>;
+{ pkgs, ... }: let
+
+ enable = versionOlderThan "19.03";
+
+ versionOlderThan = v:
+ compareVersions
+ (versions.majorMinor version)
+ (versions.majorMinor v)
+ == -1;
+
+ warning = ''
+ Using custom services.nscd.config because
+ https://github.com/NixOS/nixpkgs/pull/50316
+ '';
+
+in
+ optionalAttrs enable (trace warning {
+ services.nscd.enable = mkForce true;
+ services.nscd.config = mkForce (readFile (pkgs.fetchurl {
+ url = https://raw.githubusercontent.com/arianvp/nixpkgs/1d5f4cb/nixos/modules/services/system/nscd.conf;
+ sha256 = "1jlddk38lyynjn51zx3xi1nc29ahajyh0qg48qbq6dqlsrn3wxqs";
+ }));
+ })
diff --git a/krebs/2configs/reaktor-krebs.nix b/krebs/2configs/reaktor-krebs.nix
deleted file mode 100644
index 862c9b991..000000000
--- a/krebs/2configs/reaktor-krebs.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-
-{
- krebs.Reaktor.krebs = {
- nickname = "Reaktor|krebs";
- channels = [
- "#krebs"
- "#nixos-wiki"
- ];
- extraEnviron = {
- REAKTOR_HOST = "irc.freenode.org";
- REAKTOR_NICKSERV_PASSWORD = "/var/lib/Reaktor/reaktor_nickserv_password";
- };
- plugins = with pkgs.ReaktorPlugins; [
- sed-plugin
- ] ++
- (attrValues (task "agenda"))
- ;
- };
- krebs.secret.files.nix-serve-key = {
- path = "/var/lib/Reaktor/reaktor_nickserv_password";
- owner.name = "Reaktor";
- source-path = toString <secrets> + "/reaktor_nickserv_password";
- };
-}
diff --git a/krebs/2configs/reaktor-retiolum.nix b/krebs/2configs/reaktor-retiolum.nix
deleted file mode 100644
index 69fc4b202..000000000
--- a/krebs/2configs/reaktor-retiolum.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-
-{
- krebs.Reaktor.retiolum = {
- nickname = "Reaktor|lass";
- channels = [ "#noise" "#xxx" ];
- extraEnviron = {
- REAKTOR_HOST = "irc.r";
- };
- plugins = with pkgs.ReaktorPlugins; [
- sed-plugin
- ] ++
- (attrValues (task "agenda"))
- ;
- };
-}
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix
new file mode 100644
index 000000000..ff6b539ba
--- /dev/null
+++ b/krebs/2configs/reaktor2.nix
@@ -0,0 +1,152 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }:
+
+let
+ #for shared state directory
+ stateDir = config.krebs.reaktor2.r.stateDir;
+
+ generators = pkgs.reaktor2-plugins.generators;
+ hooks = pkgs.reaktor2-plugins.hooks;
+ commands = pkgs.reaktor2-plugins.commands;
+
+ task = name: let
+ rcFile = builtins.toFile "taskrc" ''
+ confirmation=no
+ '';
+ in {
+ pattern = "^${name}-([a-z]+)(?::\\s*(.*))?";
+ activate = "match";
+ command = 1;
+ arguments = [2];
+ env.TASKDATA = "${stateDir}/${name}";
+ commands = {
+ add.filename = pkgs.writeDash "${name}-task-add" ''
+ ${pkgs.taskwarrior}/bin/task rc:${rcFile} add "$1"
+ '';
+ list.filename = pkgs.writeDash "${name}-task-list" ''
+ ${pkgs.taskwarrior}/bin/task rc:${rcFile} export \
+ | ${pkgs.jq}/bin/jq -r '
+ .[] | select(.id != 0) | "\(.id) \(.description)"
+ '
+ '';
+ delete.filename = pkgs.writeDash "${name}-task-delete" ''
+ ${pkgs.taskwarrior}/bin/task rc:${rcFile} delete "$1"
+ '';
+ done.filename = pkgs.writeDash "${name}-task-done" ''
+ ${pkgs.taskwarrior}/bin/task rc:${rcFile} done "$1"
+ '';
+ };
+ };
+
+ systemPlugin = {
+ plugin = "system";
+ config = {
+ workdir = stateDir;
+ hooks.JOIN = [
+ {
+ activate = "always";
+ command = {
+ filename =
+ "${pkgs.Reaktor.src}/reaktor/commands/tell-on_join";
+ env = {
+ PATH = makeBinPath [
+ pkgs.coreutils # XXX env, touch
+ pkgs.jq # XXX sed
+ pkgs.utillinux # XXX flock
+ ];
+ state_file = "${stateDir}/tell.json";
+ };
+ };
+ }
+ ];
+ hooks.PRIVMSG = [
+ {
+ pattern = "^bier bal(ance)*$";
+ activate = "match";
+ command = {
+ env = {
+ state_file = "${stateDir}/ledger";
+ };
+ filename = pkgs.writeDash "bier-balance" ''
+ ${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \
+ | ${pkgs.coreutils}/bin/tail +2 \
+ | ${pkgs.miller}/bin/mlr --icsv --opprint cat
+ '';
+ };
+ }
+ {
+ pattern = ''^(\S+)\s+([+-][1-9][0-9]*)\s+(\S+)$'';
+ activate = "match";
+ arguments = [1 2 3];
+ command = {
+ env = {
+ # TODO; get state as argument
+ state_file = "${stateDir}/ledger";
+ };
+ filename = pkgs.writeDash "ledger-add" ''
+ set -x
+ tonick=$1
+ amt=$2
+ unit=$3
+ printf '%s\n %s %d %s\n %s %d %s\n' "$(date -Id)" "$tonick" "$amt" "$unit" "$_from" "$(expr 0 - "''${amt#+}")" "$unit" >> $state_file
+ '';
+ };
+ }
+ hooks.sed
+ (generators.command_hook {
+ inherit (commands) hello random-emoji nixos-version stockholm-issue;
+ tell = {
+ filename =
+ "${pkgs.Reaktor.src}/reaktor/commands/tell-on_privmsg";
+ env = {
+ PATH = makeBinPath [
+ pkgs.coreutils # XXX date, env
+ pkgs.jq # XXX sed
+ pkgs.utillinux # XXX flock
+ ];
+ state_file = "${stateDir}/tell.txt";
+ };
+ };
+ })
+ (task "agenda")
+ ];
+ };
+ };
+
+in {
+
+ krebs.reaktor2 = {
+ freenode = {
+ hostname = "irc.freenode.org";
+ nick = "reaktor2|krebs";
+ plugins = [
+ {
+ plugin = "register";
+ config = {
+ channels = [
+ "#krebs"
+ ];
+ };
+ }
+ systemPlugin
+ ];
+ username = "reaktor2";
+ };
+ r = {
+ nick = "reaktor2|krebs";
+ plugins = [
+ {
+ plugin = "register";
+ config = {
+ channels = [
+ "#noise"
+ "#xxx"
+ ];
+ };
+ }
+ systemPlugin
+ ];
+ username = "reaktor2";
+ };
+ };
+}
diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix
index 669483f3c..308c6d41d 100644
--- a/krebs/3modules/Reaktor.nix
+++ b/krebs/3modules/Reaktor.nix
@@ -113,10 +113,11 @@ let
'';
in nameValuePair "Reaktor-${name}" {
path = with pkgs; [
- utillinux #flock for tell_on-join
git # for nag
+ jq # for tell
python # for caps
- ];
+ utillinux # flock for tell
+ ];
description = "Reaktor IRC Bot";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index bb69bfad3..9303a81fb 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -42,6 +42,7 @@ let
./per-user.nix
./power-action.nix
./Reaktor.nix
+ ./reaktor2.nix
./realwallpaper.nix
./retiolum-bootstrap.nix
./retiolum-hosts.nix
diff --git a/krebs/3modules/reaktor2.nix b/krebs/3modules/reaktor2.nix
index b667bcc92..e3e6ddf4f 100644
--- a/krebs/3modules/reaktor2.nix
+++ b/krebs/3modules/reaktor2.nix
@@ -25,7 +25,7 @@ with import <stockholm/lib>;
type = types.listOf types.attrs;
};
stateDir = mkOption {
- default = "/var/lib/${self.config.systemd-service-name}";
+ default = "/var/lib/${self.config.username}";
readOnly = true;
type = types.absolute-pathname;
};
@@ -33,6 +33,14 @@ with import <stockholm/lib>;
default = "reaktor2${optionalString (name != "default") "-${name}"}";
type = types.filename;
};
+ username = mkOption {
+ default = self.config.systemd-service-name;
+ type = types.username;
+ };
+ useTLS = mkOption {
+ default = self.config.port == "6697";
+ type = types.bool;
+ };
};
}));
};
@@ -43,10 +51,10 @@ with import <stockholm/lib>;
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
- User = cfg.systemd-service-name;
+ User = cfg.username;
Group = "reaktor2";
DynamicUser = true;
- StateDirectory = cfg.systemd-service-name;
+ StateDirectory = cfg.username;
ExecStart = let
configFile = pkgs.writeJSON configFileName configValue;
configFileName = "${cfg.systemd-service-name}.config.json";
diff --git a/krebs/5pkgs/haskell/blessings.nix b/krebs/5pkgs/haskell/blessings.nix
index 19f8da19d..97e4a717c 100644
--- a/krebs/5pkgs/haskell/blessings.nix
+++ b/krebs/5pkgs/haskell/blessings.nix
@@ -7,8 +7,8 @@ with import <stockholm/lib>;
sha256 = "1k908zap3694fcxdk4bb29s54b0lhdh557y10ybjskfwnym7szn1";
};
"18.09" = {
- version = "1.3.0";
- sha256 = "1y9jhh9pchrr48zgfib2jip97x1fkm7qb1gnfx477rmmryjs500h";
+ version = "2.1.0";
+ sha256 = "0wc8v48bb0bkvypc0j6imvnf8xc8572hykk9sgjhzf2w0ggqxv5d";
};
}.${versions.majorMinor nixpkgsVersion};
diff --git a/krebs/5pkgs/simple/much/cabal.nix b/krebs/5pkgs/haskell/much.nix
index 09bc7b5df..db168f8a1 100644
--- a/krebs/5pkgs/simple/much/cabal.nix
+++ b/krebs/5pkgs/haskell/much.nix
@@ -8,11 +8,12 @@
}:
mkDerivation {
pname = "much";
- version = "1.1.0";
+ version = "1.2.0";
src = fetchgit {
- url = "http://cgit.ni.krebsco.de/much";
- sha256 = "1325554zymr1dd0clj8c5ygl70c791csvs0hz33jcfr6b8wysdrl";
- rev = "dfec37d848e11c00d9b7f03295af1fc7b0e83ef5";
+ url = "https://cgit.krebsco.de/much";
+ sha256 = "0gfvppi8acylz0q7xh8dkm3dj676d4sc1m1gxwp663bkn4748873";
+ rev = "8fc4fbb5bb7781626da8f63cd8df8bb0f554cfe7";
+ fetchSubmodules = true;
};
isLibrary = false;
isExecutable = true;
diff --git a/krebs/5pkgs/haskell/reaktor2.nix b/krebs/5pkgs/haskell/reaktor2.nix
index 447738425..40c628802 100644
--- a/krebs/5pkgs/haskell/reaktor2.nix
+++ b/krebs/5pkgs/haskell/reaktor2.nix
@@ -1,23 +1,27 @@
-{ mkDerivation, aeson, attoparsec, base, blessings, bytestring
-, containers, fetchgit, filepath, network, network-simple
-, network-simple-tls, pcre-heavy, pcre-light, process, random
-, stdenv, text, time, transformers, unix, unordered-containers
+{ mkDerivation, aeson, async, attoparsec, base, blessings
+, bytestring, containers, data-default, fetchgit, filepath
+, hashable, lens, lens-aeson, network, network-simple
+, network-simple-tls, pcre-light, process, random, stdenv
+, string-conversions, stringsearch, text, time, transformers
+, unagi-chan, unix, unordered-containers, vector
}:
mkDerivation {
pname = "reaktor2";
- version = "0.0.0";
+ version = "0.2.1";
src = fetchgit {
url = "https://cgit.krebsco.de/reaktor2";
- sha256 = "1q2rb78mzpyd8wxfmlbfdz7zq5smsrrvb4n874ap1p8f2bmmp0am";
- rev = "ce276eee82ec0b8c4106beb4c51d6f9eb77335c4";
+ sha256 = "0wg76wlzfi893rl0lzhfs6bkpdcvwvgl6mpnz6w7r8f7znr4a9vr";
+ rev = "0e199f7a357a4c5973e5837ec67699cf224ca69c";
fetchSubmodules = true;
};
isLibrary = false;
isExecutable = true;
executableHaskellDepends = [
- aeson attoparsec base blessings bytestring containers filepath
- network network-simple network-simple-tls pcre-heavy pcre-light
- process random text time transformers unix unordered-containers
+ aeson async attoparsec base blessings bytestring containers
+ data-default filepath hashable lens lens-aeson network
+ network-simple network-simple-tls pcre-light process random
+ string-conversions stringsearch text time transformers unagi-chan
+ unix unordered-containers vector
];
license = stdenv.lib.licenses.mit;
}
diff --git a/krebs/5pkgs/simple/Reaktor/default.nix b/krebs/5pkgs/simple/Reaktor/default.nix
index 3ef9ffb7d..a88db6379 100644
--- a/krebs/5pkgs/simple/Reaktor/default.nix
+++ b/krebs/5pkgs/simple/Reaktor/default.nix
@@ -2,7 +2,7 @@
python3Packages.buildPythonPackage rec {
name = "Reaktor-${version}";
- version = "0.6.2";
+ version = "0.7.0";
doCheck = false;
@@ -13,8 +13,8 @@ python3Packages.buildPythonPackage rec {
src = fetchFromGitHub {
owner = "krebs";
repo = "Reaktor";
- rev = version;
- sha256 = "0h8pj0x9b5fnxddwrc0f63rxd3275v5phmjc0fv4kiwlzvbcxj6m";
+ rev = "v${version}";
+ sha256 = "12yy06vk0smjs0rmahrn2kd4bcdh1yjw1fz6rifw6nmgx889d9hj";
};
meta = {
homepage = http://krebsco.de/;
diff --git a/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh b/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh
index 386aa68b9..6f3dd4a3f 100644..100755
--- a/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh
+++ b/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh
@@ -1,5 +1,5 @@
#!/bin/sh
-curl http://emojicons.com/random -s | \
+curl -sS http://emojicons.com/random | \
grep data-text | \
sed -n 's/.*>\(.*\)<\/textarea>/\1/p' | \
head -n 1 | \
diff --git a/krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh b/krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh
index 5c47c6156..5c47c6156 100644..100755
--- a/krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh
+++ b/krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh
diff --git a/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py b/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py
index ecb03917b..4925b25bb 100644..100755
--- a/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py
+++ b/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py
@@ -46,7 +46,7 @@ if is_regex(line):
print('to many lines, skipped')
else:
if last.strip() != ret.strip():
- print("\x1b[1m{}\x1b[0m meant: {}".format(usr, ret.strip()))
+ print("\x02{}\x02 meant: {}".format(usr, ret.strip()))
if ret:
d[usr] = ret
diff --git a/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh b/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh
index d500b3cb3..d500b3cb3 100644..100755
--- a/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh
+++ b/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh
diff --git a/krebs/5pkgs/simple/much/default.nix b/krebs/5pkgs/simple/much/default.nix
deleted file mode 100644
index cf55eb537..000000000
--- a/krebs/5pkgs/simple/much/default.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-{ haskellPackages, ... }:
-
-haskellPackages.callPackage ./cabal.nix {}
diff --git a/krebs/5pkgs/simple/reaktor2-plugins.nix b/krebs/5pkgs/simple/reaktor2-plugins.nix
new file mode 100644
index 000000000..48464c0b6
--- /dev/null
+++ b/krebs/5pkgs/simple/reaktor2-plugins.nix
@@ -0,0 +1,106 @@
+with import <stockholm/lib>;
+{ lib, pkgs, ... }:
+
+rec {
+ generators = {
+ command_hook = commands: {
+ pattern =
+ "^\\s*([0-9A-Za-z._][0-9A-Za-z._-]*)(?:\\s+(.*\\S))?\\s*$";
+ command = 1;
+ arguments = [2];
+ commands = commands;
+ };
+ };
+
+ commands = {
+
+ hello = {
+ filename = "${pkgs.Reaktor.src}/reaktor/commands/hello";
+ };
+
+ random-emoji = {
+ filename = <stockholm/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh>;
+ env = {
+ PATH = makeBinPath (with pkgs; [ coreutils gnused gnugrep xmlstarlet wget ]);
+ };
+ };
+
+ nixos-version = {
+ filename = pkgs.writeDash "nixos-version" ''
+ . /etc/os-release
+ echo "$PRETTY_NAME"
+ '';
+ };
+
+ stockholm-issue = {
+ filename = <stockholm/krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh>;
+ env = {
+ PATH = makeBinPath (with pkgs; [ coreutils git gnused haskellPackages.lentil ]);
+ origin = "http://cgit.gum/stockholm";
+ state_dir = "/tmp/stockholm-issue";
+ };
+ };
+
+ };
+
+ hooks = {
+
+ sed = {
+ activate = "always";
+ pattern = "^(.*)$";
+ arguments = [1];
+ command = {
+ env = {
+ PATH = makeBinPath (with pkgs; [ gnused ]);
+ state_dir = "/tmp";
+ };
+ filename = pkgs.writeDash "sed-plugin" ''
+ set -efu
+ exec ${pkgs.python3}/bin/python \
+ ${<stockholm/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py>} "$@"
+ '';
+ };
+ };
+
+ shack-correct = {
+ activate = "match";
+ pattern = "^(.*Shack.*)$";
+ arguments = [1];
+ command.filename = <stockholm/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh>;
+ };
+
+
+ url-title = {
+ #pattern = "^.*(http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$";
+ pattern = "^.*(http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$";
+ activate = "match";
+ arguments = [1];
+ command = {
+ filename = pkgs.writePython3 "url-title" { deps = with pkgs.python3Packages; [ beautifulsoup4 lxml ]; } ''
+ import cgi
+ import sys
+ import urllib.request
+ from bs4 import BeautifulSoup
+
+ try:
+ req = urllib.request.Request(sys.argv[1])
+ req.add_header('user-agent', 'Reaktor-url-title')
+ resp = urllib.request.urlopen(req)
+ if resp.headers['content-type'].find('text/html') >= 0:
+ soup = BeautifulSoup(resp.read(16000), "lxml")
+ title = soup.find('title').string
+
+ if len(title.split('\n')) > 5:
+ title = '\n'.join(title.split('\n')[:5])
+
+ print(title[:450])
+ else:
+ cd_header = resp.headers['content-disposition']
+ print(cgi.parse_header(cd_header)[1]['filename'])
+ except: # noqa: E722
+ pass
+ '';
+ };
+ };
+ };
+}
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index df2778bef..23746d210 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -36,10 +36,10 @@ with import <stockholm/lib>;
# TODO write function for proxy_pass (ssl/nonssl)
krebs.iptables.tables.filter.FORWARD.rules = [
- { v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; }
+ { v6 = false; precedence = 1000; predicate = "-d 192.168.122.141"; target = "ACCEPT"; }
];
krebs.iptables.tables.nat.PREROUTING.rules = [
- { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; }
+ { v6 = false; precedence = 1000; predicate = "-d 95.216.1.130"; target = "DNAT --to-destination 192.168.122.141"; }
];
}
{
@@ -379,6 +379,7 @@ with import <stockholm/lib>;
name = "download";
home = "/var/download";
useDefaultShell = true;
+ uid = genid "download";
openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
lass-shodan.pubkey
@@ -420,6 +421,16 @@ with import <stockholm/lib>;
{ predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; }
];
}
+ {
+ nix.trustedUsers = [ "Mic92" ];
+ users.users.Mic92 = {
+ uid = genid_uint31 "Mic92";
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.Mic92.pubkey
+ ];
+ };
+ }
];
krebs.build.host = config.krebs.hosts.prism;
diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix
index a2b5efb29..9a84e9d63 100644
--- a/lass/1systems/prism/physical.nix
+++ b/lass/1systems/prism/physical.nix
@@ -63,9 +63,15 @@
defaultGateway = "95.216.1.129";
# Use google's public DNS server
nameservers = [ "8.8.8.8" ];
- interfaces.eth0 = {
- ipAddress = "95.216.1.150";
- prefixLength = 26;
- };
+ interfaces.eth0.ipv4.addresses = [
+ {
+ address = "95.216.1.150";
+ prefixLength = 26;
+ }
+ {
+ address = "95.216.1.130";
+ prefixLength = 26;
+ }
+ ];
};
}
diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
index 58fa564a1..9d8bcd7be 100644
--- a/lass/1systems/yellow/config.nix
+++ b/lass/1systems/yellow/config.nix
@@ -88,7 +88,7 @@ with import <stockholm/lib>;
client
dev tun
proto udp
- remote 82.102.16.229 1194
+ remote 89.249.65.83 1194
resolv-retry infinite
remote-random
nobind
@@ -103,13 +103,9 @@ with import <stockholm/lib>;
reneg-sec 0
comp-lzo no
- explicit-exit-notify 3
-
remote-cert-tls server
- #mute 10000
auth-user-pass ${toString <secrets/nordvpn.txt>}
-
verb 3
pull
fast-io
@@ -118,32 +114,33 @@ with import <stockholm/lib>;
<ca>
-----BEGIN CERTIFICATE-----
- MIIEyjCCA7KgAwIBAgIJANIxRSmgmjW6MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
- VQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQMA4GA1UEChMH
- Tm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUyMjkubm9yZHZw
- bi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEWEGNlcnRAbm9y
- ZHZwbi5jb20wHhcNMTcxMTIyMTQ1MTQ2WhcNMjcxMTIwMTQ1MTQ2WjCBnjELMAkG
- A1UEBhMCUEExCzAJBgNVBAgTAlBBMQ8wDQYDVQQHEwZQYW5hbWExEDAOBgNVBAoT
- B05vcmRWUE4xEDAOBgNVBAsTB05vcmRWUE4xGjAYBgNVBAMTEWRlMjI5Lm5vcmR2
- cG4uY29tMRAwDgYDVQQpEwdOb3JkVlBOMR8wHQYJKoZIhvcNAQkBFhBjZXJ0QG5v
- cmR2cG4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv++dfZlG
- UeFF2sGdXjbreygfo78Ujti6X2OiMDFnwgqrhELstumXl7WrFf5EzCYbVriNuUny
- mNCx3OxXxw49xvvg/KplX1CE3rKBNnzbeaxPmeyEeXe+NgA7rwOCbYPQJScFxK7X
- +D16ZShY25GyIG7hqFGML0Qz6gpZRGaHSd0Lc3wSgoLzGtsIg8hunhfi00dNqMBT
- ukCzgfIqbQUuqmOibsWnYvZoXoYKnbRL0Bj8IYvwvu4p2oBQpvM+JR4DC+rv52LI
- 583Q6g3LebQ4JuQf8jgxvEEV4UL1CsUBqN3mcRpVUKJS3ijXmzEX9MfpBRcp1rBA
- VsiE4Mrk7PXhkwIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFFIv1UuKN2NXaVjRNXDT
- Rs/+LT/9MIHTBgNVHSMEgcswgciAFFIv1UuKN2NXaVjRNXDTRs/+LT/9oYGkpIGh
- MIGeMQswCQYDVQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQ
- MA4GA1UEChMHTm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUy
- Mjkubm9yZHZwbi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEW
- EGNlcnRAbm9yZHZwbi5jb22CCQDSMUUpoJo1ujAMBgNVHRMEBTADAQH/MA0GCSqG
- SIb3DQEBCwUAA4IBAQBf1vr93OIkIFehXOCXYFmAYai8/lK7OQH0SRMYdUPvADjQ
- e5tSDK5At2Ew9YLz96pcDhzLqtbQsRqjuqWKWs7DBZ8ZiJg1nVIXxE+C3ezSyuVW
- //DdqMeUD80/FZD5kPS2yJJOWfuBBMnaN8Nxb0BaJi9AKFHnfg6Zxqa/FSUPXFwB
- wH+zeymL2Dib2+ngvCm9VP3LyfIdvodEJ372H7eG8os8allUnkUzpVyGxI4pN/IB
- KROBRPKb+Aa5FWeWgEUHIr+hNrEMvcWfSvZAkSh680GScQeJh5Xb4RGMCW08tb4p
- lrojzCvC7OcFeUNW7Ayiuukx8rx/F4+IZ1yJGff9
+ MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ
+ MA4GA1UEChMHTm9yZFZQTjEYMBYGA1UEAxMPTm9yZFZQTiBSb290IENBMB4XDTE2
+ MDEwMTAwMDAwMFoXDTM1MTIzMTIzNTk1OVowOTELMAkGA1UEBhMCUEExEDAOBgNV
+ BAoTB05vcmRWUE4xGDAWBgNVBAMTD05vcmRWUE4gUm9vdCBDQTCCAiIwDQYJKoZI
+ hvcNAQEBBQADggIPADCCAgoCggIBAMkr/BYhyo0F2upsIMXwC6QvkZps3NN2/eQF
+ kfQIS1gql0aejsKsEnmY0Kaon8uZCTXPsRH1gQNgg5D2gixdd1mJUvV3dE3y9FJr
+ XMoDkXdCGBodvKJyU6lcfEVF6/UxHcbBguZK9UtRHS9eJYm3rpL/5huQMCppX7kU
+ eQ8dpCwd3iKITqwd1ZudDqsWaU0vqzC2H55IyaZ/5/TnCk31Q1UP6BksbbuRcwOV
+ skEDsm6YoWDnn/IIzGOYnFJRzQH5jTz3j1QBvRIuQuBuvUkfhx1FEwhwZigrcxXu
+ MP+QgM54kezgziJUaZcOM2zF3lvrwMvXDMfNeIoJABv9ljw969xQ8czQCU5lMVmA
+ 37ltv5Ec9U5hZuwk/9QO1Z+d/r6Jx0mlurS8gnCAKJgwa3kyZw6e4FZ8mYL4vpRR
+ hPdvRTWCMJkeB4yBHyhxUmTRgJHm6YR3D6hcFAc9cQcTEl/I60tMdz33G6m0O42s
+ Qt/+AR3YCY/RusWVBJB/qNS94EtNtj8iaebCQW1jHAhvGmFILVR9lzD0EzWKHkvy
+ WEjmUVRgCDd6Ne3eFRNS73gdv/C3l5boYySeu4exkEYVxVRn8DhCxs0MnkMHWFK6
+ MyzXCCn+JnWFDYPfDKHvpff/kLDobtPBf+Lbch5wQy9quY27xaj0XwLyjOltpiST
+ LWae/Q4vAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqG
+ SIb3DQEBDQUAA4ICAQC9fUL2sZPxIN2mD32VeNySTgZlCEdVmlq471o/bDMP4B8g
+ nQesFRtXY2ZCjs50Jm73B2LViL9qlREmI6vE5IC8IsRBJSV4ce1WYxyXro5rmVg/
+ k6a10rlsbK/eg//GHoJxDdXDOokLUSnxt7gk3QKpX6eCdh67p0PuWm/7WUJQxH2S
+ DxsT9vB/iZriTIEe/ILoOQF0Aqp7AgNCcLcLAmbxXQkXYCCSB35Vp06u+eTWjG0/
+ pyS5V14stGtw+fA0DJp5ZJV4eqJ5LqxMlYvEZ/qKTEdoCeaXv2QEmN6dVqjDoTAo
+ k0t5u4YRXzEVCfXAC3ocplNdtCA72wjFJcSbfif4BSC8bDACTXtnPC7nD0VndZLp
+ +RiNLeiENhk0oTC+UVdSc+n2nJOzkCK0vYu0Ads4JGIB7g8IB3z2t9ICmsWrgnhd
+ NdcOe15BincrGA8avQ1cWXsfIKEjbrnEuEk9b5jel6NfHtPKoHc9mDpRdNPISeVa
+ wDBM1mJChneHt59Nh8Gah74+TM1jBsw4fhJPvoc7Atcg740JErb904mZfkIEmojC
+ VPhBHVQ9LHBAdM8qFI2kRK0IynOmAZhexlP/aT/kpEsEPyaZQlnBn3An1CRz8h0S
+ PApL8PytggYKeQmRhl499+6jLxcZ2IegLfqq41dzIjwHwTMplg+1pKIOVojpWA==
-----END CERTIFICATE-----
</ca>
key-direction 1
@@ -152,23 +149,24 @@ with import <stockholm/lib>;
# 2048 bit OpenVPN