summaryrefslogtreecommitdiffstats
path: root/krebs/2configs
diff options
context:
space:
mode:
Diffstat (limited to 'krebs/2configs')
-rw-r--r--krebs/2configs/cal.nix33
-rw-r--r--krebs/2configs/default.nix6
-rw-r--r--krebs/2configs/exim-smarthost.nix9
-rw-r--r--krebs/2configs/ircd.nix4
-rw-r--r--krebs/2configs/mastodon-proxy.nix24
-rw-r--r--krebs/2configs/mastodon.nix46
-rw-r--r--krebs/2configs/matterbridge.nix10
-rw-r--r--krebs/2configs/news-host.nix3
-rw-r--r--krebs/2configs/news.nix4
-rw-r--r--krebs/2configs/reaktor2.nix139
-rw-r--r--krebs/2configs/security-workarounds.nix11
-rwxr-xr-xkrebs/2configs/shack/doorstatus.sh3
12 files changed, 237 insertions, 55 deletions
diff --git a/krebs/2configs/cal.nix b/krebs/2configs/cal.nix
new file mode 100644
index 000000000..90093e8eb
--- /dev/null
+++ b/krebs/2configs/cal.nix
@@ -0,0 +1,33 @@
+{ config, lib, pkgs, ... }:
+{
+ users.users.testing = {
+ uid = pkgs.stockholm.lib.genid_uint31 "testing";
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.xkey.pubkey
+ config.krebs.users.lass.pubkey
+ ];
+ packages = [
+ pkgs.calendar-cli
+ pkgs.tmux
+ ];
+ };
+
+ services.xandikos = {
+ enable = true;
+ extraOptions = [
+ "--autocreate"
+ "--defaults"
+ "--current-user-principal /krebs"
+ "--dump-dav-xml"
+ ];
+ };
+
+ services.nginx = {
+ enable = true;
+
+ virtualHosts = {
+ "calendar.r".locations."/".proxyPass = "http://localhost:${toString config.services.xandikos.port}/";
+ };
+ };
+}
diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix
index 38d770316..fffe128e6 100644
--- a/krebs/2configs/default.nix
+++ b/krebs/2configs/default.nix
@@ -27,9 +27,6 @@ with import <stockholm/lib>;
];
console.keyMap = "us";
- i18n = {
- defaultLocale = lib.mkForce "C";
- };
programs.ssh.startAgent = false;
@@ -60,4 +57,7 @@ with import <stockholm/lib>;
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "17.03";
+
+ # maybe fix Error: unsupported locales detected:
+ i18n.defaultLocale = mkDefault "C.UTF-8";
}
diff --git a/krebs/2configs/exim-smarthost.nix b/krebs/2configs/exim-smarthost.nix
index 82f8ec942..01597f49f 100644
--- a/krebs/2configs/exim-smarthost.nix
+++ b/krebs/2configs/exim-smarthost.nix
@@ -16,6 +16,14 @@ in {
tv
];
eloop-ml = spam-ml;
+ krebstel-ml = [
+ config.krebs.users."0x4A6F"
+ { mail = "krebstel-1rxz0mqa95nkmk298s1731ly0ii7vc36kkm36pnjj89hrq52pgn1@ni.r"; }
+ { mail = "krebstel-1difh7483axpiaq92ghi14r5cql822wbhixqb0nn3y3jkcj0b785@ni.r"; }
+ { mail = "lass@green.r"; }
+ tv
+ xkey
+ ];
spam-ml = [
lass
makefu
@@ -28,6 +36,7 @@ in {
"spam@eloop.org" = eloop-ml;
"youtube@eloop.org" = eloop-ml; # obsolete, use spam@eloop.org instead
"postmaster@krebsco.de" = spam-ml; # RFC 822
+ "krebstel@krebsco.de" = krebstel-ml;
"lass@krebsco.de" = lass;
"makefu@krebsco.de" = makefu;
"spam@krebsco.de" = spam-ml;
diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix
index c6c91e074..a802b8a25 100644
--- a/krebs/2configs/ircd.nix
+++ b/krebs/2configs/ircd.nix
@@ -5,9 +5,9 @@
6667
];
- krebs.ergo = {
+ services.ergochat = {
enable = true;
- config = {
+ settings = {
server.secure-nets = [
"42::0/16"
"10.240.0.0/12"
diff --git a/krebs/2configs/mastodon-proxy.nix b/krebs/2configs/mastodon-proxy.nix
new file mode 100644
index 000000000..4d359c3fe
--- /dev/null
+++ b/krebs/2configs/mastodon-proxy.nix
@@ -0,0 +1,24 @@
+{ config, lib, pkgs, ... }:
+{
+ services.nginx = {
+ enable = true;
+ virtualHosts."social.krebsco.de" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/" = {
+ # TODO use this in 22.11
+ # recommendedProxySettings = true;
+ proxyPass = "http://hotdog.r";
+ proxyWebsockets = true;
+ extraConfig = ''
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Forwarded-Server $host;
+ '';
+ };
+ };
+ };
+}
diff --git a/krebs/2configs/mastodon.nix b/krebs/2configs/mastodon.nix
new file mode 100644
index 000000000..145b383ed
--- /dev/null
+++ b/krebs/2configs/mastodon.nix
@@ -0,0 +1,46 @@
+{ config, lib, pkgs, ... }:
+{
+ services.postgresql = {
+ enable = true;
+ dataDir = "/var/state/postgresql/${config.services.postgresql.package.psqlSchema}";
+ package = pkgs.postgresql_11;
+ };
+ systemd.tmpfiles.rules = [
+ "d /var/state/postgresql 0700 postgres postgres -"
+ ];
+
+ services.mastodon = {
+ enable = true;
+ localDomain = "social.krebsco.de";
+ configureNginx = true;
+ trustedProxy = config.krebs.hosts.prism.nets.retiolum.ip6.addr;
+ smtp.createLocally = false;
+ smtp.fromAddress = "derp";
+ };
+
+ services.nginx.virtualHosts.${config.services.mastodon.localDomain} = {
+ forceSSL = lib.mkForce false;
+ enableACME = lib.mkForce false;
+ locations."@proxy".extraConfig = ''
+ proxy_redirect off;
+ proxy_pass_header Server;
+ proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+ '';
+ };
+
+ networking.firewall.allowedTCPPorts = [
+ 80
+ ];
+
+ environment.systemPackages = [
+ (pkgs.writers.writeDashBin "tootctl" ''
+ sudo -u mastodon /etc/profiles/per-user/mastodon/bin/mastodon-env /etc/profiles/per-user/mastodon/bin/tootctl "$@"
+ '')
+ (pkgs.writers.writeDashBin "create-mastodon-user" ''
+ set -efu
+ nick=$1
+ /run/current-system/sw/bin/tootctl accounts create "$nick" --email "$nick"@krebsco.de --confirmed
+ /run/current-system/sw/bin/tootctl accounts approve "$nick"
+ '')
+ ];
+}
diff --git a/krebs/2configs/matterbridge.nix b/krebs/2configs/matterbridge.nix
index a68aa292c..b96dea300 100644
--- a/krebs/2configs/matterbridge.nix
+++ b/krebs/2configs/matterbridge.nix
@@ -10,14 +10,10 @@
Charset = "utf-8";
};
telegram.krebs.Token = bridgeBotToken;
- irc = let
+ irc.hackint = {
+ Server = "irc.hackint.org:6697";
+ UseTLS = true;
Nick = "ponte";
- in {
- hackint = {
- Server = "irc.hackint.org:6697";
- UseTLS = true;
- inherit Nick;
- };
};
gateway = [
{
diff --git a/krebs/2configs/news-host.nix b/krebs/2configs/news-host.nix
index b7728986f..07674c86e 100644
--- a/krebs/2configs/news-host.nix
+++ b/krebs/2configs/news-host.nix
@@ -4,10 +4,7 @@
"shodan"
"mors"
"styx"
- "puyak"
];
- hostIp = "10.233.2.101";
- localIp = "10.233.2.102";
format = "plain";
};
}
diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
index 3649aeeea..d6c6371da 100644
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@@ -68,8 +68,8 @@
wantedBy = [ "multi-user.target" ];
};
- krebs.ergo.openFilesLimit = 16384;
- krebs.ergo.config = {
+ services.ergochat.openFilesLimit = 16384;
+ services.ergochat.settings = {
limits.nicklen = 100;
limits.identlen = 100;
history.enabled = false;
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix
index afaac9dae..13b59fa82 100644
--- a/krebs/2configs/reaktor2.nix
+++ b/krebs/2configs/reaktor2.nix
@@ -51,6 +51,77 @@ let
};
};
+ confuse = {
+ pattern = "^!confuse (.*)$";
+ activate = "match";
+ arguments = [1];
+ command = {
+ filename = pkgs.writeDash "confuse" ''
+ set -efux
+
+ export PATH=${makeBinPath [
+ pkgs.coreutils
+ pkgs.curl
+ pkgs.stable-generate
+ ]}
+ stable_url=$(stable-generate "$@")
+ paste_url=$(curl -Ss "$stable_url" |
+ curl -Ss http://p.r --data-binary @- |
+ tail -1
+ )
+ echo "$_from: $paste_url"
+ '';
+ };
+ };
+
+ confuse_hackint = {
+ pattern = "^!confuse (.*)$";
+ activate = "match";
+ arguments = [1];
+ command = {
+ filename = pkgs.writeDash "confuse" ''
+ set -efu
+ export PATH=${makeBinPath [
+ pkgs.coreutils
+ pkgs.curl
+ pkgs.stable-generate
+ ]}
+ case $_msgtarget in \#*)
+ stable_url=$(stable-generate "$@")
+ paste_url=$(curl -Ss "$stable_url" |
+ curl -Ss https://p.krebsco.de --data-binary @- |
+ tail -1
+ )
+ echo "$_from: $paste_url"
+ esac
+ '';
+ };
+ };
+
+ say = {
+ pattern = "^!say (.*)$";
+ activate = "match";
+ arguments = [1];
+ command = {
+ filename = pkgs.writeDash "say" ''
+ set -efu
+
+ export PATH=${makeBinPath [
+ pkgs.coreutils
+ pkgs.curl
+ pkgs.opusTools
+ ]}
+ paste_url=$(printf '%s' "$1" |
+ curl -fSsG http://tts.r/api/tts --data-urlencode 'text@-' |
+ opusenc - - |
+ curl -Ss https://p.krebsco.de --data-binary @- |
+ tail -1
+ )
+ echo "$_from: $paste_url"
+ '';
+ };
+ };
+
taskRcFile = builtins.toFile "taskrc" ''
confirmation=no
'';
@@ -112,7 +183,7 @@ let
}
'';
- systemPlugin = {
+ systemPlugin = { extra_privmsg_hooks ? [] }: {
plugin = "system";
config = {
workdir = stateDir;
@@ -185,8 +256,9 @@ let
};
}
{
- pattern = "18@p";
+ pattern = ''^18@p\s+(\S+)\s+(\d+)m$'';
activate = "match";
+ arguments = [1 2];
command = {
env = {
CACHE_DIR = "${stateDir}/krebsfood";
@@ -196,45 +268,36 @@ let
osm-restaurants-src = pkgs.fetchFromGitHub {
owner = "kmein";
repo = "scripts";
- rev = "66b2068d548d3418c81dd093bba3f80248c68196";
- sha256 = "059sp2lz54iwklswaxv9w703sbm2vv7p0ccig10gsqshriq6v58z";
+ rev = "dda381be26abff73a0cf364c6dfff6e1701f41ee";
+ sha256 = "sha256-J7jGWZeAULDA1EkO50qx+hjl+5IsUj389pUUMreKeNE=";
};
osm-restaurants = pkgs.callPackage "${osm-restaurants-src}/osm-restaurants" {};
in pkgs.writeDash "krebsfood" ''
set -efu
- ecke_lat=52.51252
- ecke_lon=13.41740
- ${osm-restaurants}/bin/osm-restaurants --radius 500 --latitude "$ecke_lat" --longitude "$ecke_lon" \
- | ${pkgs.jq}/bin/jq -r '"How about \(.tags.name) (https://www.openstreetmap.org/\(.type)/\(.id)), open \(.tags.opening_hours)?"'
- '
- '';
- };
- }
- {
- pattern = ''^([\H-]*?):?\s+([+-][1-9][0-9]*)\s+(\S+)$'';
- activate = "match";
- arguments = [1 2 3];
- command = {
- env = {
- # TODO; get state as argument
- state_file = "${stateDir}/ledger";
- };
- filename = pkgs.writeDash "ledger-add" ''
- set -x
- tonick=$1
- amt=$2
- unit=$3
- printf '%s\n %s %d %s\n %s %d %s\n' "$(date -Id)" "$tonick" "$amt" "$unit" "$_from" "$(expr 0 - "''${amt#+}")" "$unit" >> $state_file
- ${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \
- | ${pkgs.coreutils}/bin/tail +2 \
- | ${pkgs.miller}/bin/mlr --icsv --opprint cat \
- | ${pkgs.gnugrep}/bin/grep "$_from"
+ export PATH=${makeBinPath [
+ osm-restaurants
+ pkgs.coreutils
+ pkgs.curl
+ pkgs.jq
+ ]}
+ poi=$(curl -fsS http://c.r/poi.json | jq --arg name "$1" '.[$name]')
+ if [ "$poi" = null ]; then
+ latitude=52.51252
+ longitude=13.41740
+ else
+ latitude=$(echo "$poi" | jq -r .latitude)
+ longitude=$(echo "$poi" | jq -r .longitude)
+ fi
+
+ restaurant=$(osm-restaurants --radius "$2" --latitude "$latitude" --longitude "$longitude")
+ printf '%s' "$restaurant" | tail -1 | jq -r '"How about \(.tags.name) (https://www.openstreetmap.org/\(.type)/\(.id)), open \(.tags.opening_hours)?"'
'';
};
}
bedger-add
bedger-balance
hooks.sed
+ say
(generators.command_hook {
inherit (commands) dance random-emoji nixos-version;
tell = {
@@ -251,7 +314,7 @@ let
};
})
(task "agenda")
- ];
+ ] ++ extra_privmsg_hooks;
};
};
@@ -411,7 +474,11 @@ in {
];
};
}
- systemPlugin
+ (systemPlugin {
+ extra_privmsg_hooks = [
+ confuse_hackint
+ ];
+ })
];
username = "reaktor2";
port = "6697";
@@ -429,7 +496,11 @@ in {
];
};
}
- systemPlugin
+ (systemPlugin {
+ extra_privmsg_hooks = [
+ confuse
+ ];
+ })
];
username = "reaktor2";
};
diff --git a/krebs/2configs/security-workarounds.nix b/krebs/2configs/security-workarounds.nix
index 74a77a0ed..cb5d236ac 100644
--- a/krebs/2configs/security-workarounds.nix
+++ b/krebs/2configs/security-workarounds.nix
@@ -4,10 +4,15 @@
nixpkgs.overlays = [
(self: super: {
exim =
- super.exim.overrideAttrs (old: {
+ super.exim.overrideAttrs (old: let
+ key = if builtins.hasAttr "preBuild" old then
+ "preBuild"
+ else
+ "configurePhase";
+ in {
buildInputs = old.buildInputs ++ [ self.gnutls ];
- preBuild = /* sh */ ''
- ${old.preBuild}
+ ${key} = /* sh */ ''
+ ${old.${key}}
sed -Ei '
s:^USE_OPENSSL=.*:# &:
s:^# (USE_GNUTLS)=.*:\1=yes:
diff --git a/krebs/2configs/shack/doorstatus.sh b/krebs/2configs/shack/doorstatus.sh
index 46314cb9c..aa6c1c3d1 100755
--- a/krebs/2configs/shack/doorstatus.sh
+++ b/krebs/2configs/shack/doorstatus.sh
@@ -54,7 +54,8 @@ Herr makefu an Kasse 3 bitte, Kasse 3 bitte Herr makefu. Der API Computer ist ma
EOF
)
-state=$(curl -fSsk https://api.shackspace.de/v1/space | jq .doorState.open)
+payload=$(curl -fSsk https://api.shackspace.de/v1/space)
+state=$(printf '%s' "$payload" | jq .doorState.open)
prevstate=$(cat state ||:)
if test "$state" == "$(cat state)";then