diff options
51 files changed, 267 insertions, 192 deletions
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index 2ed0b08fb..233fe2fd7 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -61,7 +61,7 @@ let ]; hooks.PRIVMSG = [ { - pattern = "^bier bal(an(ce)?)?$"; + pattern = "^bier (ballern|bal(an(ce)?)?)$"; activate = "match"; command = { env = { @@ -90,6 +90,10 @@ let amt=$2 unit=$3 printf '%s\n %s %d %s\n %s %d %s\n' "$(date -Id)" "$tonick" "$amt" "$unit" "$_from" "$(expr 0 - "''${amt#+}")" "$unit" >> $state_file + ${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \ + | ${pkgs.coreutils}/bin/tail +2 \ + | ${pkgs.miller}/bin/mlr --icsv --opprint cat \ + | ${pkgs.gnugrep}/bin/grep "$_from" ''; }; } diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix index e7860338c..7c941a66a 100644 --- a/krebs/2configs/shack/glados/default.nix +++ b/krebs/2configs/shack/glados/default.nix @@ -46,7 +46,6 @@ in { services.home-assistant = { enable = true; - autoExtraComponents = true; package = unstable.home-assistant.overrideAttrs (old: { doInstallCheck = false; }); diff --git a/krebs/2configs/shack/prometheus/alert-rules.nix b/krebs/2configs/shack/prometheus/alert-rules.nix index 65e5d9005..5ba49ede6 100644 --- a/krebs/2configs/shack/prometheus/alert-rules.nix +++ b/krebs/2configs/shack/prometheus/alert-rules.nix @@ -8,7 +8,7 @@ in { { name = "shack-env"; rules = [ { - alert = "RootPartitionFull"; + alert = "Wolf RootPartitionFull"; for = "30m"; expr = ''(node_filesystem_avail_bytes{alias="wolf.shack",mountpoint="/"} * 100) / node_filesystem_size_bytes{alias="wolf.shack",mountpoint="/"} < ${disk_free_threshold}''; labels.severity = "warning"; @@ -24,7 +24,7 @@ in { 6. as a last resort the root disk can be expanded via `lvresize -L +10G /dev/pool/root && btrfs filesystem resize max /` ''; } { - alert = "RootPartitionFull"; + alert = "Puyak RootPartitionFull"; for = "30m"; expr = ''(node_filesystem_avail_bytes{alias="puyak.shack",mountpoint="/"} * 100) / node_filesystem_size_bytes{alias="puyak.shack",mountpoint="/"} < ${disk_free_threshold}''; labels.severity = "warning"; diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 03faef940..8ddd565d6 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -588,6 +588,31 @@ in { }; }; }; + aland = { + owner = config.krebs.users.xkey; + nets = { + retiolum = { + ip4.addr = "10.243.12.34"; + aliases = [ "aland.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAwR1e8/4Lx7gqSyFhA5WpfT4LsnXqYARR6y+gYAOSre6wMvBm/OBY + CKEYCCfqQD3naukID9FqleXaZdIxp6xxBIYZ1yi1Xn032MPP0S37oZAxJlXvlEaU + plG9ct6Zh6qTzpghP2UyYD4RxhLwvsRTycwLF93D+a1z1/CNNDLSoTS11BLtvhDb + DmxTVY/1hWJUiVR4KyRsYnJ3N1Heg/4R/Su4oFm+DatfFYdzhaNsk9q3YYIRdRcx + aHLF65ygVTjG/rUJp/OvkeU1G5rc0ldpd7zR8N8kkjgI1lmZe50mUGghKr1zexV+ + OkIjXGrwTk4RZk3kZO6PZu56rrsR8HZirfrtJWRy7UgAm3S/lZku7X4SN3+7pfL1 + ero6/XB4CHeQ9OpQemcR5o6AR0ncE0TApqeoLd1U710XmwM09ifawAO3jm9ER19X + TKFHeBzqsToPmternXnAKgg2NYyKStkavQu6JTl/uOXdfqfMc9TU6mzV8aBo7ZDa + aLdlg0phcFCcZT8zJGzA3des70AHWmQ7G49pBysnXk8p+1l3SPazGAlIWBCT6oZX + zUUauGEgsuTkDC+JijUm/1HrrMfiigHeBTZKPLqe/75MkumukXqTzd3zfUEcA5Vf + VgEnL2jNVFfocJtmhLQdkmnSiIQslRSOHMC94ZWa0ku0kHZ3XawwwY0CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "gOEzoUsuJyaGIjoZIyS9uZa+zLYfN6BEZrbCTeAWW7A"; + }; + }; + }; papawhakaaro = { owner = config.krebs.users.feliks; nets = { diff --git a/krebs/3modules/github-known-hosts.nix b/krebs/3modules/github-known-hosts.nix index 7bdf5bb7c..eec719f27 100644 --- a/krebs/3modules/github-known-hosts.nix +++ b/krebs/3modules/github-known-hosts.nix @@ -57,6 +57,7 @@ "20.201.28.151" "20.205.243.166" "102.133.202.242" + "20.248.137.48" "18.181.13.223" "54.238.117.237" "54.168.17.15" @@ -70,6 +71,7 @@ "20.201.28.152" "20.205.243.160" "102.133.202.246" + "20.248.137.50" ]; publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; }; diff --git a/krebs/3modules/iana-etc.nix b/krebs/3modules/iana-etc.nix index e8037128d..9ed5f29c5 100644 --- a/krebs/3modules/iana-etc.nix +++ b/krebs/3modules/iana-etc.nix @@ -34,7 +34,7 @@ with import <stockholm/lib>; '') (filter (proto: entry.${proto} != null) ["tcp" "udp"])} '') (attrValues config.krebs.iana-etc.services)} - cat ${pkgs.iana_etc}/etc/services + cat ${pkgs.iana-etc}/etc/services } | sort -b -k 2,2 -u > $out ''); diff --git a/krebs/5pkgs/haskell/reaktor2/default.nix b/krebs/5pkgs/haskell/reaktor2/default.nix index 9ff2bd883..7f89c0b1f 100644 --- a/krebs/5pkgs/haskell/reaktor2/default.nix +++ b/krebs/5pkgs/haskell/reaktor2/default.nix @@ -1,18 +1,18 @@ { mkDerivation, aeson, async, attoparsec, base, blessings -, bytestring, containers, data-default, fetchgit, filepath -, hashable, lens, lens-aeson, network, network-simple -, network-simple-tls, network-uri, pcre-light, process, random -, servant-server, lib, string-conversions, stringsearch, text -, time, transformers, unagi-chan, unix, unordered-containers -, vector, wai, warp +, bytestring, containers, data-default, filepath, hashable, lens +, lens-aeson, lib, network, network-simple, network-simple-tls +, network-uri, pcre-light, process, random, servant-server +, string-conversions, stringsearch, text, time, transformers +, unagi-chan, unix, unordered-containers, vector, wai, warp +, fetchgit }: -mkDerivation rec { +mkDerivation { pname = "reaktor2"; - version = "0.4.0a"; + version = "0.4.2"; src = fetchgit { - url = "https://cgit.lassul.us/reaktor2"; - sha256 = "sha256-x1i2TWcycYVFij6832xaBiQa1RQ1VmSfu5Qt1QrUtds="; - rev = "6d3eb6de5e770ee26874bb7449934f0c55bd1efa"; + url = "https://cgit.krebsco.de/reaktor2"; + hash = "sha256-JPQyy0hDSH5JqQGjwoO5BNsD4qk+GKP1VH+j4/2cqes"; + rev = "53a11f421fb18e8687fa06e5511cea8bd9defc36"; fetchSubmodules = true; }; isLibrary = false; diff --git a/krebs/5pkgs/override/default.nix b/krebs/5pkgs/override/default.nix index 1dd694b70..ae42bc1a3 100644 --- a/krebs/5pkgs/override/default.nix +++ b/krebs/5pkgs/override/default.nix @@ -17,21 +17,10 @@ self: super: { repo = "flameshot"; rev = "v${version}"; sha256 = "sha256-rZUiaS32C77tFJmEkw/9MGbVTVscb6LOCyWaWO5FyR4="; - }; - patches = old.patches or [] ++ { - "0.6.0" = [ - ./flameshot/flameshot_imgur_0.6.0.patch - ]; - "0.9.0" = [ - ./flameshot/flameshot_imgur_0.9.0.patch - ]; - "0.10.1" = [ - ./flameshot/flameshot_imgur_0.9.0.patch - ]; - "0.10.2" = [ - ./flameshot/flameshot_imgur_0.9.0.patch - ]; - }.${old.version} or []; + }; + patches = old.patches or [] ++ [ + ./flameshot/flameshot_imgur_0.10.2.patch + ]; }); # https://github.com/proot-me/PRoot/issues/106 diff --git a/krebs/5pkgs/override/flameshot/flameshot_imgur_0.9.0.patch b/krebs/5pkgs/override/flameshot/flameshot_imgur_0.10.2.patch index c4c0bf38a..c4c0bf38a 100644 --- a/krebs/5pkgs/override/flameshot/flameshot_imgur_0.9.0.patch +++ b/krebs/5pkgs/override/flameshot/flameshot_imgur_0.10.2.patch diff --git a/krebs/5pkgs/override/flameshot/flameshot_imgur_0.6.0.patch b/krebs/5pkgs/override/flameshot/flameshot_imgur_0.6.0.patch deleted file mode 100644 index 92023554a..000000000 --- a/krebs/5pkgs/override/flameshot/flameshot_imgur_0.6.0.patch +++ /dev/null @@ -1,34 +0,0 @@ ---- a/src/tools/imgur/imguruploader.cpp -+++ b/src/tools/imgur/imguruploader.cpp -@@ -40,6 +40,7 @@ - #include <QTimer> - #include <QJsonDocument> - #include <QJsonObject> -+#include <stdlib.h> - - ImgurUploader::ImgurUploader(const QPixmap &capture, QWidget *parent) : - QWidget(parent), m_pixmap(capture) -@@ -74,7 +75,10 @@ void ImgurUploader::handleReply(QNetworkReply *reply) { - QJsonObject json = response.object(); - QJsonObject data = json["data"].toObject(); - m_imageURL.setUrl(data["link"].toString()); -- m_deleteImageURL.setUrl(QString("https://imgur.com/delete/%1").arg( -+ char *deleteImageURLPattern = secure_getenv("IMGUR_DELETE_URL"); -+ if (deleteImageURLPattern == NULL) -+ deleteImageURLPattern = "https://imgur.com/delete/%1"; -+ m_deleteImageURL.setUrl(QString(deleteImageURLPattern).arg( - data["deletehash"].toString())); - onUploadOk(); - } else { -@@ -105,7 +109,10 @@ void ImgurUploader::upload() { - QString description = FileNameHandler().parsedPattern(); - urlQuery.addQueryItem("description", description); - -- QUrl url("https://api.imgur.com/3/image"); -+ char *createImageURLPattern = secure_getenv("IMGUR_CREATE_URL"); -+ if (createImageURLPattern == NULL) -+ createImageURLPattern = "https://api.imgur.com/3/image"; -+ QUrl url(createImageURLPattern); - url.setQuery(urlQuery); - QNetworkRequest request(url); - request.setHeader(QNetworkRequest::ContentTypeHeader, diff --git a/krebs/5pkgs/simple/cidr2glob.nix b/krebs/5pkgs/simple/cidr2glob.nix index 9b0b3f86b..47a75ea41 100644 --- a/krebs/5pkgs/simple/cidr2glob.nix +++ b/krebs/5pkgs/simple/cidr2glob.nix @@ -1,6 +1,7 @@ -{ python, writeScriptBin, ... }: +{ python3, writeScriptBin, ... }: let + python = python3; pythonEnv = python.withPackages (ps: [ ps.netaddr ]); in writeScriptBin "cidr2glob" '' @@ -25,6 +26,6 @@ in if __name__ == "__main__": for cidr in sys.stdin: for glob in cidr2glob(cidr): - print glob + print(glob) '' diff --git a/krebs/5pkgs/simple/veroroute.nix b/krebs/5pkgs/simple/veroroute.nix new file mode 100644 index 000000000..e40c98e75 --- /dev/null +++ b/krebs/5pkgs/simple/veroroute.nix @@ -0,0 +1,28 @@ +{ pkgs }: + +pkgs.stdenv.mkDerivation rec { + pname = "veroroute"; + version = "2.28"; + + src = pkgs.fetchurl { + url = "mirror://sourceforge/${pname}/${pname}-${version}.tar.gz"; + sha256 = "04dig0g4v1rz50mjj1k6jk99rqbg24hdx8kzrlwv0dlxm567lvc7"; + }; + + buildInputs = [ + pkgs.qt5.qtbase + ]; + nativeBuildInputs = [ + pkgs.qt5.wrapQtAppsHook + ]; + + buildPhase = '' + qmake Src/veroroute.pro + make + ''; + + installPhase = '' + sed -i 's;/usr;;g' veroroute-install.sh + pkgdir=$out bash ./veroroute-install.sh + ''; +} diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index b5f64ae2a..97294d16d 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "f2537a505d45c31fe5d9c27ea9829b6f4c4e6ac5", - "date": "2022-06-26T12:26:21+02:00", - "path": "/nix/store/d7wgj3chybniji4l6z73a0gh67hxym3b-nixpkgs", - "sha256": "1z28a3gqbv62sxahlssc5a722kh46f26f5ss3arbxpv7a1272vf1", + "rev": "af9e00071d0971eb292fd5abef334e66eda3cb69", + "date": "2022-08-15T16:41:53+02:00", + "path": "/nix/store/6dvbaqmjjxx2rlh6986y2mj05083xy33-nixpkgs", + "sha256": "1mdwy0419m5i9ss6s5frbhgzgyccbwycxm5nal40c8486bai0hwy", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index c9e1cd5e0..3f3290eff 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "cd90e773eae83ba7733d2377b6cdf84d45558780", - "date": "2022-06-26T19:49:46+02:00", - "path": "/nix/store/bmaf6x4yxcsvs5wp4rayvai4lw7g6snr-nixpkgs", - "sha256": "1b2wn1ncx9x4651vfcgyqrm93pd7ghnrgqjbkf6ckkpidah69m03", + "rev": "3d47bbaa26e7a771059d828eecf3bd8bf28a8b0f", + "date": "2022-08-15T18:36:06+02:00", + "path": "/nix/store/h05whycbmdvxzxp2zqzfm2rjbanr77q9-nixpkgs", + "sha256": "0xnk777bwrdw2zklnhs4sq6rgzb4gn002ybwlizj35g3vy5rppvs", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/lass/2configs/paste.nix b/lass/2configs/paste.nix index affc35307..cfd7f5576 100644 --- a/lass/2configs/paste.nix +++ b/lass/2configs/paste.nix @@ -61,6 +61,11 @@ with import <stockholm/lib>; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:${toString config.krebs.htgen.paste.port}; ''; + locations."/form".extraConfig = '' + client_max_body_size 4G; + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:${toString config.krebs.htgen.paste-form.port}; + ''; locations."/image".extraConfig = '' proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -86,6 +91,43 @@ with import <stockholm/lib>; ". ${pkgs.htgen}/examples/paste" ]; }; + + systemd.services.paste-gc = { + startAt = "daily"; + serviceConfig = { + ExecStart = '' + ${pkgs.findutils}/bin/find /var/lib/htgen-paste/items -type f -mtime '+30' -exec rm {} \; + ''; + User = "htgen-paste"; + }; + }; + + krebs.htgen.paste-form = { + port = 7770; + script = /* sh */ '' + export PATH=${makeBinPath [ + pkgs.curl + pkgs.gnused + ]}:$PATH + (. ${pkgs.writeScript "paste-form" '' + case "$Method" in + 'POST') + ref=$(head -c $req_content_length | sed '0,/^\r$/d;$d' | curl -fSs --data-binary @- https://p.krebsco.de | sed '1d;s/^http:/https:/') + + printf 'HTTP/1.1 200 OK\r\n' + printf 'Content-Type: text/plain; charset=UTF-8\r\n' + printf 'Server: %s\r\n' "$Server" + printf 'Connection: close\r\n' + printf 'Content-Length: %d\r\n' $(expr ''${#ref} + 1) + printf '\r\n' + printf '%s\n' "$ref" + + exit + ;; + esac + ''}) + ''; + }; krebs.htgen.imgur = { port = 7771; script = /* sh */ '' diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index e4208f1c1..6fa93e146 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -1,24 +1,24 @@ -with import <stockholm/lib>; self: super: let + lib = super.lib; # This callPackage will try to detect obsolete overrides. callPackage = path: args: let override = super.callPackage path args; - upstream = optionalAttrs (override ? "name") - (super.${(parseDrvName override.name).name} or {}); + upstream = lib.optionalAttrs (override ? "name") + (super.${(builtins.parseDrvName override.name).name} or {}); in if upstream ? "name" && override ? "name" && - compareVersions upstream.name override.name != -1 + builtins.compareVersions upstream.name override.name != -1 then - trace + builtins.trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override else override; subdirsOf = path: - mapAttrs (name: _: path + "/${name}") - (filterAttrs (_: eq "directory") (readDir path)); + lib.mapAttrs (name: _: path + "/${name}") + (lib.filterAttrs (_: x: x == "directory") (builtins.readDir path)); -in mapAttrs (_: flip callPackage {}) - (filterAttrs (_: dir: pathExists (dir + "/default.nix")) +in lib.mapAttrs (_: lib.flip callPackage {}) + (lib.filterAttrs (_: dir: lib.pathExists (dir + "/default.nix")) (subdirsOf ./.)) diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index a4aa0cbab..0377c336f 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -74,7 +74,7 @@ #} # { systemd.services.docker.wantedBy = lib.mkForce []; } - <stockholm/makefu/2configs/dict.nix> + # <stockholm/makefu/2configs/dict.nix> # <stockholm/makefu/2configs/legacy_only.nix> #<stockholm/makefu/3modules/netboot_server.nix> #{ diff --git a/makefu/1systems/x/x13/default.nix b/makefu/1systems/x/x13/default.nix index 7e9f4a6ac..d652229f9 100644 --- a/makefu/1systems/x/x13/default.nix +++ b/makefu/1systems/x/x13/default.nix @@ -8,7 +8,7 @@ <nixos-hardware/lenovo/thinkpad/l14/amd> # close enough # <stockholm/makefu/2configs/hw/tpm.nix> <stockholm/makefu/2configs/hw/ssd.nix> - <stockholm/makefu/2configs/hw/xmm7360.nix> + # <stockholm/makefu/2configs/hw/xmm7360.nix> ]; boot.zfs.requestEncryptionCredentials = true; networking.hostId = "f8b8e0a2"; diff --git a/makefu/2configs/editor/vim.nix b/makefu/2configs/editor/vim.nix index 07f80719d..b37f2409a 100644 --- a/makefu/2configs/editor/vim.nix +++ b/makefu/2configs/editor/vim.nix @@ -3,7 +3,7 @@ { environment.systemPackages = [ - ((pkgs.vim_configurable.override { python = pkgs.python3; }).customize { + ((pkgs.vim_configurable).customize { name = "vim"; vimrcConfig.customRC = builtins.readFile ./vimrc; vimrcConfig.packages.myVimPackage = with pkgs.vimPlugins; { start = [ diff --git a/makefu/2configs/gui/automatic-diskmount.nix b/makefu/2configs/gui/automatic-diskmount.nix index 19933111a..ad3774be8 100644 --- a/makefu/2configs/gui/automatic-diskmount.nix +++ b/makefu/2configs/gui/automatic-diskmount.nix @@ -12,7 +12,6 @@ with import <stockholm/lib>; #genid users.users.makefu.packages = with pkgs;[ gvfs pcmanfm lxmenu-data ]; - environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ]; ## allow users in group "storage" to mount disk # https://github.com/coldfix/udiskie/wiki/Permissions diff --git a/makefu/2configs/gui/base.nix b/makefu/2configs/gui/base.nix index 2ba7f125c..4ae816d5f 100644 --- a/makefu/2configs/gui/base.nix +++ b/makefu/2configs/gui/base.nix @@ -36,7 +36,7 @@ in user = mainUser; }; }; - environment.systemPackages = [ pkgs.gnome3.defaultIconTheme ]; + environment.systemPackages = [ pkgs.gnome.adwaita-icon-theme ]; # lid switch is handled via button presses services.logind.lidSwitch = lib.mkDefault "ignore"; makefu.awesome.enable = true; diff --git a/makefu/2configs/gui/wbob-kiosk.nix b/makefu/2configs/gui/wbob-kiosk.nix index 55df23640..c67aa7cfb 100644 --- a/makefu/2configs/gui/wbob-kiosk.nix +++ b/makefu/2configs/gui/wbob-kiosk.nix @@ -23,8 +23,8 @@ displayManager.defaultSession = "gnome"; desktopManager.gnome.enable = true; displayManager.sessionCommands = '' - ${pkgs.xlibs.xset}/bin/xset -display :0 s off -dpms - ${pkgs.xlibs.xrandr}/bin/xrandr --output HDMI2 --right-of HDMI1 + ${pkgs.xorg.xset}/bin/xset -display :0 s off -dpms + ${pkgs.xorg.xrandr}/bin/xrandr --output HDMI2 --right-of HDMI1 ''; # xrandrHeads = [ "H |