diff options
Diffstat (limited to 'krebs/2configs')
-rw-r--r-- | krebs/2configs/cal.nix | 33 | ||||
-rw-r--r-- | krebs/2configs/default.nix | 6 | ||||
-rw-r--r-- | krebs/2configs/exim-smarthost.nix | 9 | ||||
-rw-r--r-- | krebs/2configs/ircd.nix | 4 | ||||
-rw-r--r-- | krebs/2configs/mastodon-proxy.nix | 24 | ||||
-rw-r--r-- | krebs/2configs/mastodon.nix | 46 | ||||
-rw-r--r-- | krebs/2configs/matterbridge.nix | 10 | ||||
-rw-r--r-- | krebs/2configs/news-host.nix | 3 | ||||
-rw-r--r-- | krebs/2configs/news.nix | 4 | ||||
-rw-r--r-- | krebs/2configs/reaktor2.nix | 139 | ||||
-rw-r--r-- | krebs/2configs/security-workarounds.nix | 11 | ||||
-rwxr-xr-x | krebs/2configs/shack/doorstatus.sh | 3 |
12 files changed, 237 insertions, 55 deletions
diff --git a/krebs/2configs/cal.nix b/krebs/2configs/cal.nix new file mode 100644 index 000000000..90093e8eb --- /dev/null +++ b/krebs/2configs/cal.nix @@ -0,0 +1,33 @@ +{ config, lib, pkgs, ... }: +{ + users.users.testing = { + uid = pkgs.stockholm.lib.genid_uint31 "testing"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.xkey.pubkey + config.krebs.users.lass.pubkey + ]; + packages = [ + pkgs.calendar-cli + pkgs.tmux + ]; + }; + + services.xandikos = { + enable = true; + extraOptions = [ + "--autocreate" + "--defaults" + "--current-user-principal /krebs" + "--dump-dav-xml" + ]; + }; + + services.nginx = { + enable = true; + + virtualHosts = { + "calendar.r".locations."/".proxyPass = "http://localhost:${toString config.services.xandikos.port}/"; + }; + }; +} diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix index 38d770316..fffe128e6 100644 --- a/krebs/2configs/default.nix +++ b/krebs/2configs/default.nix @@ -27,9 +27,6 @@ with import <stockholm/lib>; ]; console.keyMap = "us"; - i18n = { - defaultLocale = lib.mkForce "C"; - }; programs.ssh.startAgent = false; @@ -60,4 +57,7 @@ with import <stockholm/lib>; # The NixOS release to be compatible with for stateful data such as databases. system.stateVersion = "17.03"; + + # maybe fix Error: unsupported locales detected: + i18n.defaultLocale = mkDefault "C.UTF-8"; } diff --git a/krebs/2configs/exim-smarthost.nix b/krebs/2configs/exim-smarthost.nix index 82f8ec942..01597f49f 100644 --- a/krebs/2configs/exim-smarthost.nix +++ b/krebs/2configs/exim-smarthost.nix @@ -16,6 +16,14 @@ in { tv ]; eloop-ml = spam-ml; + krebstel-ml = [ + config.krebs.users."0x4A6F" + { mail = "krebstel-1rxz0mqa95nkmk298s1731ly0ii7vc36kkm36pnjj89hrq52pgn1@ni.r"; } + { mail = "krebstel-1difh7483axpiaq92ghi14r5cql822wbhixqb0nn3y3jkcj0b785@ni.r"; } + { mail = "lass@green.r"; } + tv + xkey + ]; spam-ml = [ lass makefu @@ -28,6 +36,7 @@ in { "spam@eloop.org" = eloop-ml; "youtube@eloop.org" = eloop-ml; # obsolete, use spam@eloop.org instead "postmaster@krebsco.de" = spam-ml; # RFC 822 + "krebstel@krebsco.de" = krebstel-ml; "lass@krebsco.de" = lass; "makefu@krebsco.de" = makefu; "spam@krebsco.de" = spam-ml; diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index c6c91e074..a802b8a25 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -5,9 +5,9 @@ 6667 ]; - krebs.ergo = { + services.ergochat = { enable = true; - config = { + settings = { server.secure-nets = [ "42::0/16" "10.240.0.0/12" diff --git a/krebs/2configs/mastodon-proxy.nix b/krebs/2configs/mastodon-proxy.nix new file mode 100644 index 000000000..4d359c3fe --- /dev/null +++ b/krebs/2configs/mastodon-proxy.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, ... }: +{ + services.nginx = { + enable = true; + virtualHosts."social.krebsco.de" = { + forceSSL = true; + enableACME = true; + locations."/" = { + # TODO use this in 22.11 + # recommendedProxySettings = true; + proxyPass = "http://hotdog.r"; + proxyWebsockets = true; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + ''; + }; + }; + }; +} diff --git a/krebs/2configs/mastodon.nix b/krebs/2configs/mastodon.nix new file mode 100644 index 000000000..145b383ed --- /dev/null +++ b/krebs/2configs/mastodon.nix @@ -0,0 +1,46 @@ +{ config, lib, pkgs, ... }: +{ + services.postgresql = { + enable = true; + dataDir = "/var/state/postgresql/${config.services.postgresql.package.psqlSchema}"; + package = pkgs.postgresql_11; + }; + systemd.tmpfiles.rules = [ + "d /var/state/postgresql 0700 postgres postgres -" + ]; + + services.mastodon = { + enable = true; + localDomain = "social.krebsco.de"; + configureNginx = true; + trustedProxy = config.krebs.hosts.prism.nets.retiolum.ip6.addr; + smtp.createLocally = false; + smtp.fromAddress = "derp"; + }; + + services.nginx.virtualHosts.${config.services.mastodon.localDomain} = { + forceSSL = lib.mkForce false; + enableACME = lib.mkForce false; + locations."@proxy".extraConfig = '' + proxy_redirect off; + proxy_pass_header Server; + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + ''; + }; + + networking.firewall.allowedTCPPorts = [ + 80 + ]; + + environment.systemPackages = [ + (pkgs.writers.writeDashBin "tootctl" '' + sudo -u mastodon /etc/profiles/per-user/mastodon/bin/mastodon-env /etc/profiles/per-user/mastodon/bin/tootctl "$@" + '') + (pkgs.writers.writeDashBin "create-mastodon-user" '' + set -efu + nick=$1 + /run/current-system/sw/bin/tootctl accounts create "$nick" --email "$nick"@krebsco.de --confirmed + /run/current-system/sw/bin/tootctl accounts approve "$nick" + '') + ]; +} diff --git a/krebs/2configs/matterbridge.nix b/krebs/2configs/matterbridge.nix index a68aa292c..b96dea300 100644 --- a/krebs/2configs/matterbridge.nix +++ b/krebs/2configs/matterbridge.nix @@ -10,14 +10,10 @@ Charset = "utf-8"; }; telegram.krebs.Token = bridgeBotToken; - irc = let + irc.hackint = { + Server = "irc.hackint.org:6697"; + UseTLS = true; Nick = "ponte"; - in { - hackint = { - Server = "irc.hackint.org:6697"; - UseTLS = true; - inherit Nick; - }; }; gateway = [ { diff --git a/krebs/2configs/news-host.nix b/krebs/2configs/news-host.nix index b7728986f..07674c86e 100644 --- a/krebs/2configs/news-host.nix +++ b/krebs/2configs/news-host.nix @@ -4,10 +4,7 @@ "shodan" "mors" "styx" - "puyak" ]; - hostIp = "10.233.2.101"; - localIp = "10.233.2.102"; format = "plain"; }; } diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index 3649aeeea..d6c6371da 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -68,8 +68,8 @@ wantedBy = [ "multi-user.target" ]; }; - krebs.ergo.openFilesLimit = 16384; - krebs.ergo.config = { + services.ergochat.openFilesLimit = 16384; + services.ergochat.settings = { limits.nicklen = 100; limits.identlen = 100; history.enabled = false; diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index afaac9dae..13b59fa82 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -51,6 +51,77 @@ let }; }; + confuse = { + pattern = "^!confuse (.*)$"; + activate = "match"; + arguments = [1]; + command = { + filename = pkgs.writeDash "confuse" '' + set -efux + + export PATH=${makeBinPath [ + pkgs.coreutils + pkgs.curl + pkgs.stable-generate + ]} + stable_url=$(stable-generate "$@") + paste_url=$(curl -Ss "$stable_url" | + curl -Ss http://p.r --data-binary @- | + tail -1 + ) + echo "$_from: $paste_url" + ''; + }; + }; + + confuse_hackint = { + pattern = "^!confuse (.*)$"; + activate = "match"; + arguments = [1]; + command = { + filename = pkgs.writeDash "confuse" '' + set -efu + export PATH=${makeBinPath [ + pkgs.coreutils + pkgs.curl + pkgs.stable-generate + ]} + case $_msgtarget in \#*) + stable_url=$(stable-generate "$@") + paste_url=$(curl -Ss "$stable_url" | + curl -Ss https://p.krebsco.de --data-binary @- | + tail -1 + ) + echo "$_from: $paste_url" + esac + ''; + }; + }; + + say = { + pattern = "^!say (.*)$"; + activate = "match"; + arguments = [1]; + command = { + filename = pkgs.writeDash "say" '' + set -efu + + export PATH=${makeBinPath [ + pkgs.coreutils + pkgs.curl + pkgs.opusTools + ]} + paste_url=$(printf '%s' "$1" | + curl -fSsG http://tts.r/api/tts --data-urlencode 'text@-' | + opusenc - - | + curl -Ss https://p.krebsco.de --data-binary @- | + tail -1 + ) + echo "$_from: $paste_url" + ''; + }; + }; + taskRcFile = builtins.toFile "taskrc" '' confirmation=no ''; @@ -112,7 +183,7 @@ let } ''; - systemPlugin = { + systemPlugin = { extra_privmsg_hooks ? [] }: { plugin = "system"; config = { workdir = stateDir; @@ -185,8 +256,9 @@ let }; } { - pattern = "18@p"; + pattern = ''^18@p\s+(\S+)\s+(\d+)m$''; activate = "match"; + arguments = [1 2]; command = { env = { CACHE_DIR = "${stateDir}/krebsfood"; @@ -196,45 +268,36 @@ let osm-restaurants-src = pkgs.fetchFromGitHub { owner = "kmein"; repo = "scripts"; - rev = "66b2068d548d3418c81dd093bba3f80248c68196"; - sha256 = "059sp2lz54iwklswaxv9w703sbm2vv7p0ccig10gsqshriq6v58z"; + rev = "dda381be26abff73a0cf364c6dfff6e1701f41ee"; + sha256 = "sha256-J7jGWZeAULDA1EkO50qx+hjl+5IsUj389pUUMreKeNE="; }; osm-restaurants = pkgs.callPackage "${osm-restaurants-src}/osm-restaurants" {}; in pkgs.writeDash "krebsfood" '' set -efu - ecke_lat=52.51252 - ecke_lon=13.41740 - ${osm-restaurants}/bin/osm-restaurants --radius 500 --latitude "$ecke_lat" --longitude "$ecke_lon" \ - | ${pkgs.jq}/bin/jq -r '"How about \(.tags.name) (https://www.openstreetmap.org/\(.type)/\(.id)), open \(.tags.opening_hours)?"' - ' - ''; - }; - } - { - pattern = ''^([\H-]*?):?\s+([+-][1-9][0-9]*)\s+(\S+)$''; - activate = "match"; - arguments = [1 2 3]; - command = { - env = { - # TODO; get state as argument - state_file = "${stateDir}/ledger"; - }; - filename = pkgs.writeDash "ledger-add" '' - set -x - tonick=$1 - amt=$2 - unit=$3 - printf '%s\n %s %d %s\n %s %d %s\n' "$(date -Id)" "$tonick" "$amt" "$unit" "$_from" "$(expr 0 - "''${amt#+}")" "$unit" >> $state_file - ${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \ - | ${pkgs.coreutils}/bin/tail +2 \ - | ${pkgs.miller}/bin/mlr --icsv --opprint cat \ - | ${pkgs.gnugrep}/bin/grep "$_from" + export PATH=${makeBinPath [ + osm-restaurants + pkgs.coreutils + pkgs.curl + pkgs.jq + ]} + poi=$(curl -fsS http://c.r/poi.json | jq --arg name "$1" '.[$name]') + if [ "$poi" = null ]; then + latitude=52.51252 + longitude=13.41740 + else + latitude=$(echo "$poi" | jq -r .latitude) + longitude=$(echo "$poi" | jq -r .longitude) + fi + + restaurant=$(osm-restaurants --radius "$2" --latitude "$latitude" --longitude "$longitude") + printf '%s' "$restaurant" | tail -1 | jq -r '"How about \(.tags.name) (https://www.openstreetmap.org/\(.type)/\(.id)), open \(.tags.opening_hours)?"' ''; }; } bedger-add bedger-balance hooks.sed + say (generators.command_hook { inherit (commands) dance random-emoji nixos-version; tell = { @@ -251,7 +314,7 @@ let }; }) (task "agenda") - ]; + ] ++ extra_privmsg_hooks; }; }; @@ -411,7 +474,11 @@ in { ]; }; } - systemPlugin + (systemPlugin { + extra_privmsg_hooks = [ + confuse_hackint + ]; + }) ]; username = "reaktor2"; port = "6697"; @@ -429,7 +496,11 @@ in { ]; }; } - systemPlugin + (systemPlugin { + extra_privmsg_hooks = [ + confuse + ]; + }) ]; username = "reaktor2"; }; diff --git a/krebs/2configs/security-workarounds.nix b/krebs/2configs/security-workarounds.nix index 74a77a0ed..cb5d236ac 100644 --- a/krebs/2configs/security-workarounds.nix +++ b/krebs/2configs/security-workarounds.nix @@ -4,10 +4,15 @@ nixpkgs.overlays = [ (self: super: { exim = - super.exim.overrideAttrs (old: { + super.exim.overrideAttrs (old: let + key = if builtins.hasAttr "preBuild" old then + "preBuild" + else + "configurePhase"; + in { buildInputs = old.buildInputs ++ [ self.gnutls ]; - preBuild = /* sh */ '' - ${old.preBuild} + ${key} = /* sh */ '' + ${old.${key}} sed -Ei ' s:^USE_OPENSSL=.*:# &: s:^# (USE_GNUTLS)=.*:\1=yes: diff --git a/krebs/2configs/shack/doorstatus.sh b/krebs/2configs/shack/doorstatus.sh index 46314cb9c..aa6c1c3d1 100755 --- a/krebs/2configs/shack/doorstatus.sh +++ b/krebs/2configs/shack/doorstatus.sh @@ -54,7 +54,8 @@ Herr makefu an Kasse 3 bitte, Kasse 3 bitte Herr makefu. Der API Computer ist ma EOF ) -state=$(curl -fSsk https://api.shackspace.de/v1/space | jq .doorState.open) +payload=$(curl -fSsk https://api.shackspace.de/v1/space) +state=$(printf '%s' "$payload" | jq .doorState.open) prevstate=$(cat state ||:) if test "$state" == "$(cat state)";then |