summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/1systems/onebutton/config.nix44
-rw-r--r--krebs/1systems/onebutton/source.nix16
-rw-r--r--krebs/2configs/shack/worlddomination.nix72
-rw-r--r--krebs/3modules/krebs/default.nix31
-rw-r--r--krebs/3modules/makefu/default.nix1
-rw-r--r--krebs/5pkgs/simple/Reaktor/plugins.nix23
-rw-r--r--krebs/5pkgs/simple/ejabberd/default.nix27
-rw-r--r--krebs/5pkgs/simple/ejabberd/ejabberdctl.patch32
-rw-r--r--krebs/5pkgs/simple/generate-secrets/default.nix46
-rw-r--r--krebs/5pkgs/simple/kops.nix4
-rw-r--r--krebs/5pkgs/simple/pssh/default.nix36
-rw-r--r--krebs/5pkgs/simple/ucspi-tcp/chmod.patch15
-rw-r--r--krebs/5pkgs/simple/ucspi-tcp/default.nix86
-rw-r--r--krebs/5pkgs/simple/urlwatch/default.nix29
-rw-r--r--lass/1systems/mors/config.nix39
-rw-r--r--lass/1systems/prism/config.nix36
-rw-r--r--lass/2configs/monitoring/node-exporter.nix13
-rw-r--r--lass/2configs/monitoring/prometheus-server.nix179
-rw-r--r--lass/2configs/reaktor-coders.nix15
-rw-r--r--lass/2configs/syncthing.nix1
-rw-r--r--lass/2configs/websites/util.nix6
-rw-r--r--lass/3modules/default.nix1
-rw-r--r--lass/3modules/restic.nix119
-rw-r--r--lass/5pkgs/l-gen-secrets/default.nix (renamed from lass/5pkgs/generate-secrets/default.nix)6
-rw-r--r--makefu/1systems/gum/config.nix4
-rw-r--r--makefu/1systems/wbob/config.nix4
-rw-r--r--makefu/1systems/x/config.nix10
-rw-r--r--makefu/2configs/bluetooth-mpd.nix17
-rw-r--r--makefu/2configs/git/cgit-retiolum.nix1
-rw-r--r--makefu/2configs/gui/automatic-diskmount.nix44
-rw-r--r--makefu/2configs/hydra/stockholm.nix1
-rw-r--r--makefu/2configs/main-laptop.nix1
-rw-r--r--makefu/2configs/nginx/misa-felix-hochzeit.ml.nix17
-rw-r--r--makefu/2configs/remote-build/master.nix14
-rw-r--r--makefu/2configs/stats/arafetch.nix19
-rw-r--r--makefu/2configs/urlwatch/default.nix1
-rw-r--r--makefu/5pkgs/ampel/default.nix6
-rw-r--r--makefu/5pkgs/awesomecfg/full.cfg3
-rw-r--r--makefu/5pkgs/devpi/default.nix13
-rw-r--r--makefu/source.nix7
40 files changed, 749 insertions, 290 deletions
diff --git a/krebs/1systems/onebutton/config.nix b/krebs/1systems/onebutton/config.nix
new file mode 100644
index 000000000..c634d73ce
--- /dev/null
+++ b/krebs/1systems/onebutton/config.nix
@@ -0,0 +1,44 @@
+{ config, pkgs, lib, ... }:
+{
+ imports = [
+ <stockholm/krebs>
+ <stockholm/krebs/2configs>
+ { # minimal disk usage
+ environment.noXlibs = true;
+ nix.gc.automatic = true;
+ nix.gc.dates = "03:10";
+ programs.info.enable = false;
+ programs.man.enable = false;
+ services.journald.extraConfig = "SystemMaxUse=50M";
+ services.nixosManual.enable = false;
+ }
+ ];
+ krebs.build.host = config.krebs.hosts.onebutton;
+ # NixOS wants to enable GRUB by default
+ boot.loader.grub.enable = false;
+ # Enables the generation of /boot/extlinux/extlinux.conf
+ boot.loader.generic-extlinux-compatible.enable = true;
+
+ # !!! If your board is a Raspberry Pi 1, select this:
+ boot.kernelPackages = pkgs.linuxPackages_rpi;
+
+ nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ];
+ nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ];
+
+ # !!! Needed for the virtual console to work on the RPi 3, as the default of 16M doesn't seem to be enough.
+ # boot.kernelParams = ["cma=32M"];
+
+ fileSystems = {
+ "/boot" = {
+ device = "/dev/disk/by-label/NIXOS_BOOT";
+ fsType = "vfat";
+ };
+ "/" = {
+ device = "/dev/disk/by-label/NIXOS_SD";
+ fsType = "ext4";
+ };
+ };
+
+ swapDevices = [ { device = "/swapfile"; size = 1024; } ];
+ services.openssh.enable = true;
+}
diff --git a/krebs/1systems/onebutton/source.nix b/krebs/1systems/onebutton/source.nix
new file mode 100644
index 000000000..8f25881c9
--- /dev/null
+++ b/krebs/1systems/onebutton/source.nix
@@ -0,0 +1,16 @@
+with import <stockholm/lib>;
+let
+ pkgs = import <nixpkgs> {};
+ nixpkgs = pkgs.fetchFromGitHub {
+ owner = "nixos";
+ repo = "nixpkgs-channels";
+ rev = "6c064e6b"; # only binary cache for unstable arm6
+ sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd";
+ };
+in import <stockholm/krebs/source.nix> {
+ name = "onebutton";
+ override.nixpkgs = mkForce {
+ file = toString nixpkgs;
+ };
+
+}
diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix
index 828b6cd70..838c1958e 100644
--- a/krebs/2configs/shack/worlddomination.nix
+++ b/krebs/2configs/shack/worlddomination.nix
@@ -2,8 +2,56 @@
with import <stockholm/lib>;
let
+ pkg = pkgs.stdenv.mkDerivation {
+ name = "worlddomination-2018-04-21";
+ src = pkgs.fetchgit {
+ url = "https://github.com/shackspace/worlddomination/";
+ rev = "1b32403b9";
+ sha256 = "10x7aiil13k3x9wqy95mi1ys999d6fxg5sys3jwv7a1p930gkl1i";
+ };
+ buildInputs = [
+ (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
+ docopt
+ LinkHeader
+ aiocoap
+ grequests
+ paramiko
+ python
+ ]))
+ ];
+ installPhase = ''
+ install -m755 -D backend/push_led.py $out/bin/push-led
+ install -m755 -D backend/loop_single.py $out/bin/loop-single
+ # copy the provided file to the package
+ install -m755 -D backend/wd.lst $out/${wdpath}
+ '';
+ };
pythonPackages = pkgs.python3Packages;
# https://github.com/chrysn/aiocoap
+ grequests = pythonPackages.buildPythonPackage rec {
+ pname = "grequests";
+ version = "0.3.1";
+ name = "${pname}-${version}";
+
+ src = pkgs.fetchFromGitHub {
+ owner = "kennethreitz";
+ repo = "grequests";
+ rev = "d1e70eb";
+ sha256 = "0drfx4fx65k0g5sj0pw8z3q1s0sp7idn2yz8xfb45nd6v82i37hc";
+ };
+
+ doCheck = false;
+
+ propagatedBuildInputs = with pythonPackages; [ requests gevent ];
+
+ meta = with lib;{
+ description = "Asynchronous HTTP requests";
+ homepage = https://github.com/kennethreitz/grequests;
+ license = with licenses; [ bsd2 ];
+ maintainers = with maintainers; [ matejc ];
+ };
+ };
+
aiocoap = pythonPackages.buildPythonPackage {
name = "aiocoap-0.3";
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/9c/f6/d839e4b14258d76e74a39810829c13f8dd31de2bfe0915579b2a609d1bbe/aiocoap-0.3.tar.gz"; sha256 = "402d4151db6d8d0b1d66af5b6e10e0de1521decbf12140637e5b8d2aa9c5aef6"; };
@@ -25,30 +73,6 @@ let
description = "Parse and format link headers according to RFC 5988 \"Web Linking\"";
};
};
- pkg = pkgs.stdenv.mkDerivation {
- name = "worlddomination-2017-06-10";
- src = pkgs.fetchgit {
- url = "https://github.com/shackspace/worlddomination/";
- rev = "72fc9b5";
- sha256 = "05h500rswzypcxy4i22qc1vkc8izbzfqa9m86xg289hjxh133xyf";
- };
- buildInputs = [
- (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
- docopt
- LinkHeader
- aiocoap
- requests
- paramiko
- python
- ]))
- ];
- installPhase = ''
- install -m755 -D backend/push_led.py $out/bin/push-led
- install -m755 -D backend/loop_single.py $out/bin/loop-single
- # copy the provided file to the package
- install -m755 -D backend/wd.lst $out/${wdpath}
- '';
- };
wdpath = "/usr/worlddomination/wd.lst";
esphost = "10.42.24.7"; # esp8266
timeout = 10; # minutes
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index 1e626f0a0..a916c1873 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -91,6 +91,37 @@ in {
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICxFkBln23wUxt4RhIHE3GvdKeBpJbjn++6maupHqUHp";
};
+ onebutton = {
+ cores = 1;
+ owner = config.krebs.users.krebs;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.101";
+ ip6.addr = "42:0:0:0:0:0:0:101";
+ aliases = [
+ "onebutton.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA11w6votRExwE0ZEiQmPa
+ 9WGNsMfNAZEd14iHaHCZH7UPQEH+cH/T6isGPpaysindroMnqFe9mUf/cdYChb6N
+ aaFreApwGBQaJPUcdy4cfphrFpzmOClpOFuFbnV7ZvAk/wefBad3kUzsq/lK4HvB
+ 7nPKeOB9kljphLrkzuLL/h2yOenMpO2ZdvwxyWN8HKmUNgvpBQjIr+Hka6cgy7Gp
+ pBVFHfSnad/eHeEvq91O/bHxrAxzH5N5DVagPDpkbiWYGl+0XVGP/h0CApr15Ael
+ +j2pJYc0ZlaXIp4KmNRqbd/fLe52JLrWbnFX4rRuY/DhoMqK8kjECEZ7gLiNSpCC
+ KlnlJ2LXX9c+d79ubzl5yLAJ3d6T4IJqkbAWJDuCrj821M9ZDk/qZwerayhrrvkF
+ tMYkQoGSe8MvSOU0rTEoH5iSRwDC7M0XzUe4l8/yZLFyD4Prz/dq6coqANfk/tlE
+ DnH3vDu9lmFvYrLcd6yDWzFfI3mWDJoUa6AKKoScCOaCkRfIM4Aew0i73+h1nJLO
+ 59AAbZIkDYyWs53QniIG4EQteI9y/9j/628nPAVj68V5oIN76RDXfFHWDWq4DxmU
+ PpGVmoIKcKZmnl7RrDomRVpuGMdyQ+kCzIGH3XYe12v8Y5beHZBrd3OajgHZ/Tfp
+ jP873cT6h0hsGm9glgOYho8CAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcZg+iLaPZ0SpLM+nANxIjZC/RIsansjyutK0+gPhIe ";
+ };
puyak = {
ci = true;
owner = config.krebs.users.krebs;
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index e137da7ca..d7a750c6e 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -539,6 +539,7 @@ with import <stockholm/lib>;
dl.euer IN A ${nets.internet.ip4.addr}
boot.euer IN A ${nets.internet.ip4.addr}
wiki.euer IN A ${nets.internet.ip4.addr}
+ mon.euer IN A ${nets.internet.ip4.addr}
graph IN A ${nets.internet.ip4.addr}
ghook IN A ${nets.internet.ip4.addr}
dockerhub IN A ${nets.internet.ip4.addr}
diff --git a/krebs/5pkgs/simple/Reaktor/plugins.nix b/krebs/5pkgs/simple/Reaktor/plugins.nix
index bcfcbf76b..f3b771190 100644
--- a/krebs/5pkgs/simple/Reaktor/plugins.nix
+++ b/krebs/5pkgs/simple/Reaktor/plugins.nix
@@ -120,11 +120,24 @@ rec {
url-title = (buildSimpleReaktorPlugin "url-title" {
pattern = "^.*(?P<args>http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$$";
path = with pkgs; [ curl perl ];
- script = pkgs.writeDash "lambda-pl" ''
- if [ "$#" -gt 0 ]; then
- curl -SsL --max-time 5 "$1" |
- perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si'
- fi
+ script = pkgs.writePython3 [ "beautifulsoup4" "lxml" ] "url-title" ''
+ import sys
+ import urllib.request
+ from bs4 import BeautifulSoup
+
+ try:
+ soup = BeautifulSoup(urllib.request.urlopen(sys.argv[1]), "lxml")
+ title = soup.find('title').string
+
+ if title:
+ if len(title) > 512:
+ print('message to long, skipped')
+ elif len(title.split('\n')) > 5:
+ print('to many lines, skipped')
+ else:
+ print(title)
+ except: # noqa: E722
+ pass
'';
});
diff --git a/krebs/5pkgs/simple/ejabberd/default.nix b/krebs/5pkgs/simple/ejabberd/default.nix
index 2799241fa..9e4ed3df5 100644
--- a/krebs/5pkgs/simple/ejabberd/default.nix
+++ b/krebs/5pkgs/simple/ejabberd/default.nix
@@ -1,5 +1,6 @@
{ stdenv, writeScriptBin, lib, fetchurl, git, cacert
-, erlang, openssl, expat, libyaml, bash, gnused, gnugrep, coreutils, utillinux, procps
+, erlang, openssl, expat, libyaml, bash, gnused, gnugrep, coreutils, utillinux, procps, gd
+, flock
, withMysql ? false
, withPgsql ? false
, withSqlite ? false, sqlite
@@ -23,17 +24,17 @@ let
ctlpath = lib.makeBinPath [ bash gnused gnugrep coreutils utillinux procps ];
in stdenv.mkDerivation rec {
- version = "17.07";
+ version = "18.01";
name = "ejabberd-${version}";
src = fetchurl {
url = "http://www.process-one.net/downloads/ejabberd/${version}/${name}.tgz";
- sha256 = "1p8ppp2czjgnq8xnhyksd82npvvx99fwr0g3rrq1wvnwh2vgb8km";
+ sha256 = "01i2n8mlgw293jdf4172f9q8ca8m35vysjws791p7nynpfdb4cn6";
};
nativeBuildInputs = [ fakegit ];
- buildInputs = [ erlang openssl expat libyaml ]
+ buildInputs = [ erlang openssl expat libyaml gd ]
++ lib.optional withSqlite sqlite
++ lib.optional withPam pam
++ lib.optional withZlib zlib
@@ -50,7 +51,7 @@ in stdenv.mkDerivation rec {
configureFlags = [ "--enable-all" "--with-sqlite3=${sqlite.dev}" ];
- buildInputs = [ git erlang openssl expat libyaml sqlite pam zlib elixir ];
+ nativeBuildInputs = [ git erlang openssl expat libyaml sqlite pam zlib elixir ];
GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt";
@@ -74,7 +75,7 @@ in stdenv.mkDerivation rec {
outputHashMode = "recursive";
outputHashAlgo = "sha256";
- outputHash = "1q9yzccn4zf5i4hibq1r0i34q4986a93ph4792l1ph07aiisc8p7";
+ outputHash = "1v3h0c7kfifb6wsfxyv5j1wc7rlxbb7r0pgd4s340wiyxnllzzhk";
};
configureFlags =
@@ -92,6 +93,10 @@ in stdenv.mkDerivation rec {
enableParallelBuilding = true;
+ patches = [
+ ./ejabberdctl.patch
+ ];
+
preBuild = ''
cp -r $deps deps
chmod -R +w deps
@@ -101,18 +106,18 @@ in stdenv.mkDerivation rec {
postInstall = ''
sed -i \
-e '2iexport PATH=${ctlpath}:$PATH' \
- -e 's,\(^ *FLOCK=\).*,\1${utillinux}/bin/flock,' \
+ -e 's,\(^ *FLOCK=\).*,\1${flock}/bin/flock,' \
-e 's,\(^ *JOT=\).*,\1,' \
-e 's,\(^ *CONNLOCKDIR=\).*,\1/var/lock/ejabberdctl,' \
$out/sbin/ejabberdctl
'';
- meta = {
+ meta = with stdenv.lib; {
description = "Open-source XMPP application server written in Erlang";
- license = lib.licenses.gpl2;
+ license = licenses.gpl2;
homepage = http://www.ejabberd.im;
- platforms = lib.platforms.linux;
- maintainers = [ lib.maintainers.sander lib.maintainers.abbradar ];
+ platforms = platforms.linux;
+ maintainers = with maintainers; [ sander abbradar ];
broken = withElixir;
};
}
diff --git a/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch b/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch
new file mode 100644
index 000000000..f7c842b7b
--- /dev/null
+++ b/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch
@@ -0,0 +1,32 @@
+--- a/ejabberdctl.template 1970-01-01 01:00:01.000000000 +0100
++++ b/ejabberdctl.template 2018-04-24 23:06:54.127715441 +0200
+@@ -42,19 +42,18 @@
+ esac
+
+ # parse command line parameters
+-for arg; do
+- case $arg in
+- -n|--node) ERLANG_NODE_ARG=$2; shift;;
+- -s|--spool) SPOOL_DIR=$2; shift;;
+- -l|--logs) LOGS_DIR=$2; shift;;
+- -f|--config) EJABBERD_CONFIG_PATH=$2; shift;;
+- -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift;;
+- -d|--config-dir) ETC_DIR=$2; shift;;
+- -t|--no-timeout) NO_TIMEOUT="--no-timeout";;
+- --) :;;
++while test $# -gt 0; do
++ case $1 in
++ -n|--node) ERLANG_NODE_ARG=$2; shift 2;;
++ -s|--spool) SPOOL_DIR=$2; shift 2;;
++ -l|--logs) LOGS_DIR=$2; shift 2;;
++ -f|--config) EJABBERD_CONFIG_PATH=$2; shift 2;;
++ -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift 2;;
++ -d|--config-dir) ETC_DIR=$2; shift 2;;
++ -t|--no-timeout) NO_TIMEOUT="--no-timeout"; shift 1;;
++ # --) :;; what is this for?
+ *) break;;
+ esac
+- shift
+ done
+
+ # define ejabberd variables if not already defined from the command line
diff --git a/krebs/5pkgs/simple/generate-secrets/default.nix b/krebs/5pkgs/simple/generate-secrets/default.nix
new file mode 100644
index 000000000..a800ff543
--- /dev/null
+++ b/krebs/5pkgs/simple/generate-secrets/default.nix
@@ -0,0 +1,46 @@
+{ pkgs }:
+pkgs.writeDashBin "generate-secrets" ''
+ HOSTNAME="$1"
+ TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d)
+ PASSWORD=$(${pkgs.pwgen}/bin/pwgen 25 1)
+ HASHED_PASSWORD=$(echo $PASSWORD | ${pkgs.hashPassword}/bin/hashPassword -s) > /dev/null
+
+ ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null
+ ${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null
+ ${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null
+ cat <<EOF > $TMPDIR/hashedPasswords.nix
+ {
+ root = "$HASHED_PASSWORD";
+ }
+ EOF
+
+ cd $TMPDIR
+ for x in *; do
+ ${pkgs.coreutils}/bin/cat $x | ${pkgs.brain}/bin/brain insert -m krebs-secrets/$HOSTNAME/$x > /dev/null
+ done
+ echo $PASSWORD | ${pkgs.brain}/bin/brain insert -m hosts/$HOSTNAME/root > /dev/null
+
+ cat <<EOF
+ $HOSTNAME = {
+ cores = 1;
+ owner = config.krebs.users.krebs;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.changeme";
+ ip6.addr = "42:0:0:0:0:0:0:changeme";
+ aliases = [
+ "$HOSTNAME.r"
+ ];
+ tinc.pubkey = ${"''"}
+ $(cat $TMPDIR/retiolum.rsa_key.pub)
+ ${"''"};
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)";
+ };
+ EOF
+
+ rm -rf $TMPDIR
+''
+
diff --git a/krebs/5pkgs/simple/kops.nix b/krebs/5pkgs/simple/kops.nix
index a6c82f3ca..8db4b8ddd 100644
--- a/krebs/5pkgs/simple/kops.nix
+++ b/krebs/5pkgs/simple/kops.nix
@@ -2,6 +2,6 @@
fetchgit {
url = https://cgit.krebsco.de/kops;
- rev = "refs/tags/v1.0.0";
- sha256 = "0wg8d80sxa46z4i7ir79sci2hwmv3qskzqdg0si64p6vazy8vckb";
+ rev = "refs/tags/v1.1.0";
+ sha256 = "0k3zhv2830z4bljcdvf6ciwjihk2zzcn9y23p49c6sba5hbsd6jb";
}
diff --git a/krebs/5pkgs/simple/pssh/default.nix b/krebs/5pkgs/simple/pssh/default.nix
deleted file mode 100644
index 2676af0cf..000000000
--- a/krebs/5pkgs/simple/pssh/default.nix
+++ /dev/null
@@ -1,36 +0,0 @@
-{ writeDashBin }:
-
-writeDashBin "pssh" ''
- set -efu
- case ''${1-} in
-
- # TODO create plog with -o json | jq ... | map date
-
- # usage: pssh {-j,--journal} host...
- # Follow journal at each host.
- -j|--journal)
- shift
- "$0" journalctl -n0 -ocat --follow --all ::: "$@" \
- | while read line; do
- printf '%s %s\n' "$(date --rfc-3339=s)" "$line"
- done
- ;;
-
- -*)
- echo $0: unknown option: $1 >&2
- exit 1
- ;;
-
- # usage: pssh command [arg...] ::: host...
- # Run command at each host.
- *)
- exec parallel \
- --line-buffer \
- -j0 \
- --no-notice \
- --tagstring {} \
- ssh -T {} "$@"
- ;;
-
- esac
-''
diff --git a/krebs/5pkgs/simple/ucspi-tcp/chmod.patch b/krebs/5pkgs/simple/ucspi-tcp/chmod.patch
deleted file mode 100644
index dd6933208..000000000
--- a/krebs/5pkgs/simple/ucspi-tcp/chmod.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-diff --git a/hier.c b/hier.c
-index 5663ada..1d73b84 100644
---- a/hier.c
-+++ b/hier.c
-@@ -2,8 +2,8 @@
-
- void hier()
- {
-- h(auto_home,-1,-1,02755);
-- d(auto_home,"bin",-1,-1,02755);
-+ h(auto_home,-1,-1,0755);
-+ d(auto_home,"bin",-1,-1,0755);
-
- c(auto_home,"bin","tcpserver",-1,-1,0755);
- c(auto_home,"bin","tcprules",-1,-1,0755);
diff --git a/krebs/5pkgs/simple/ucspi-tcp/default.nix b/krebs/5pkgs/simple/ucspi-tcp/default.nix
deleted file mode 100644
index 3b043be06..000000000
--- a/krebs/5pkgs/simple/ucspi-tcp/default.nix
+++ /dev/null
@@ -1,86 +0,0 @@
-{ stdenv, fetchurl }:
-
-stdenv.mkDerivation rec {
- name = "ucspi-tcp-0.88";
-
- src = fetchurl {
- url = "http://cr.yp.to/ucspi-tcp/${name}.tar.gz";
- sha256 = "171yl9kfm8w7l17dfxild99mbf877a9k5zg8yysgb1j8nz51a1ja";
- };
-
- # Plain upstream tarball doesn't build, get patches from Debian
- patches = [
- (fetchurl {
- url = "http://ftp.de.debian.org/debian/pool/main/u/ucspi-tcp/ucspi-tcp_0.88-3.diff.gz";
- sha256 = "0mzmhz8hjkrs0khmkzs5i0s1kgmgaqz07h493bd5jj5fm5njxln6";
- })
- ./chmod.patch
- ];
-
- # Apply Debian patches
- postPatch = ''
- for fname in debian/diff/*.diff; do
- echo "Applying patch $fname"
- patch < "$fname"
- done
- '';
-
- # The build system is weird; 'make install' doesn't install anything, instead
- # it builds an executable called ./install (from C code) which installs
- # binaries to the directory given on line 1 in ./conf-home.
- #
- # Also, assume getgroups and setgroups work, instead of doing a build time
- # test that breaks on NixOS (I think because nixbld users lack CAP_SETGID
- # capability).
- preBuild = ''
- echo "$out" > conf-home
-
- echo "main() { return 0; }" > chkshsgr.c
- '';
-
- installPhase = ''
- mkdir -p "$out/bin"
- mkdir -p "$out/share/man/man1"
-
- # run the newly built installer
- ./install
-
- # Install Debian man pages (upstream has none)
- cp debian/ucspi-tcp-man/*.1 "$out/share/man/man1"
- '';
-
- meta = with stdenv.lib; {
- description = "Command-line tools for building TCP client-server applications";
- longDescription = ''
- tcpserver waits for incoming connections and, for each connection, runs a
- program of your choice. Your program receives environment variables
- showing the local and remote host names, IP addresses, and port numbers.
-
- tcpserver offers a concurrency limit to protect you from running out of
- processes and memory. When you are handling 40 (by default) simultaneous
- connections, tcpserver smoothly defers acceptance of new connections.
-
- tcpserver also provides TCP access control features, similar to
- tcp-wrappers/tcpd's hosts.allow but much faster. Its access control rules
- are compiled into a hashed format with cdb, so it can easily deal with
- thousands of different hosts.
-
- This package includes a recordio tool that monitors all the input and
- output of a server.
-
- tcpclient makes a TCP connection and runs a program of your choice. It
- sets up the same environment variables as tcpserver.
-
- This package includes several sample clients built on top of tcpclient:
- who@, date@, finger@, http@, tcpcat, and mconnect.
-
- tcpserver and tcpclient conform to UCSPI, the UNIX Client-Server Program
- Interface, using the TCP protocol. UCSPI tools are available for several
- different networks.
- '';
- homepage = http://cr.yp.to/ucspi-tcp.html;
- license = licenses.publicDomain;
- platforms = platforms.linux;
- maintainers = [ maintainers.bjornfor ];
- };
-}
diff --git a/krebs/5pkgs/simple/urlwatch/default.nix b/krebs/5pkgs/simple/urlwatch/default.nix
deleted file mode 100644
index 64f3ad1ac..000000000
--- a/krebs/5pkgs/simple/urlwatch/default.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{ stdenv, fetchFromGitHub, python3Packages }:
-
-python3Packages.buildPythonApplication rec {
- name = "urlwatch-${version}";
- version = "2.8";
-
- src = fetchFromGitHub {
- owner = "thp";
- repo = "urlwatch";
- rev = version;
- sha256 = "1nja7n6pc45azd3l1xyvav89855lvcgwabrvf34rps81dbl8cnl4";
- };
-
- propagatedBuildInputs = with python3Packages; [
- appdirs
- keyring
- minidb
- pycodestyle
- pyyaml
- requests
- ];
-
- meta = with stdenv.lib; {
- description = "A tool for monitoring webpages for updates";
- homepage = https://thp.io/2008/urlwatch/;
- license = licenses.bsd3;
- maintainers = with maintainers; [ tv ];
- };
-}
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index cd259d0fe..c59494e4d 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -141,6 +141,15 @@ with import <stockholm/lib>;
dnsutils
generate-secrets
+ (pkgs.writeDashBin "btc-coinbase" ''
+ ${pkgs.curl}/bin/curl -Ss 'https://api.coinbase.com/v2/prices/spot?currency=EUR' | ${pkgs.jq}/bin/jq '.data.amount'
+ '')
+ (pkgs.writeDashBin "btc-wex" ''
+ ${pkgs.curl}/bin/curl -Ss 'https://wex.nz/api/3/ticker/btc_eur' | ${pkgs.jq}/bin/jq '.btc_eur.avg'
+ '')
+ (pkgs.writeDashBin "btc-kraken" ''
+ ${pkgs.curl}/bin/curl -Ss 'https://api.kraken.com/0/public/Ticker?pair=BTCEUR' | ${pkgs.jq}/bin/jq '.result.XXBTZEUR.a[0]'
+ '')
];
#TODO: fix this shit
@@ -177,4 +186,34 @@ with import <stockholm/lib>;
programs.adb.enable = true;
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
virtualisation.docker.enable = true;
+
+ lass.restic = genAttrs [
+ "daedalus"
+ "icarus"
+ "littleT"
+ "prism"
+ "shodan"
+ "skynet"
+ ] (dest: {
+ dirs = [
+ "/home/lass/src"
+ "/home/lass/work"
+ "/home/lass/.gnupg"
+ "/home/lass/Maildir"
+ "/home/lass/stockholm"
+ "/home/lass/.password-store"
+ "/home/bitcoin"
+ "/home/bch"
+ ];
+ passwordFile = (toString <secrets>) + "/restic/${dest}";
+ repo = "sftp:backup@${dest}.r:/backups/mors";
+ #sshPrivateKey = config.krebs.build.host.ssh.privkey.path;
+ extraArguments = [
+ "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
+ ];
+ timerConfig = {
+ OnCalendar = "00:05";
+ RandomizedDelaySec = "5h";
+ };