5 files changed, 84 insertions, 46 deletions

diff --git a/krebs/5pkgs/simple/generate-secrets/default.nix b/krebs/5pkgs/simple/generate-secrets/default.nix
index a800ff543..f9a7450f7 100644
--- a/krebs/5pkgs/simple/generate-secrets/default.nix
+++ b/krebs/5pkgs/simple/generate-secrets/default.nix
@@ -1,20 +1,21 @@
 { pkgs }:
-pkgs.writeDashBin "generate-secrets" ''
+pkgs.writers.writeDashBin "generate-secrets" ''
+  set -eu
   HOSTNAME="$1"
   TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d)
+  cd $TMPDIR
+
   PASSWORD=$(${pkgs.pwgen}/bin/pwgen 25 1)
   HASHED_PASSWORD=$(echo $PASSWORD | ${pkgs.hashPassword}/bin/hashPassword -s) > /dev/null
 
   ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null
-  ${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null
-  ${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null
+  ${pkgs.tinc_pre}/bin/tinc --config "$TMPDIR" generate-keys 4096 >/dev/null
   cat <<EOF > $TMPDIR/hashedPasswords.nix
   {
     root = "$HASHED_PASSWORD";
   }
   EOF
 
-  cd $TMPDIR
   for x in *; do
     ${pkgs.coreutils}/bin/cat $x | ${pkgs.brain}/bin/brain insert -m krebs-secrets/$HOSTNAME/$x > /dev/null
   done
@@ -31,9 +32,12 @@ pkgs.writeDashBin "generate-secrets" ''
           aliases = [
             "$HOSTNAME.r"
           ];
-          tinc.pubkey = ${"''"}
-  $(cat $TMPDIR/retiolum.rsa_key.pub)
-          ${"''"};
+          tinc = {
+            pubkey = ${"''"}
+  $(cat $TMPDIR/rsa_key.pub)
+            ${"''"};
+            pubkey_ed25519 = "$(cut -d ' ' -f 3 $TMPDIR/ed25519_key.pub)";
+          };
         };
       };
       ssh.privkey.path = <secrets/ssh.id_ed25519>;
diff --git a/krebs/5pkgs/simple/htgen-cyberlocker/src/htgen-cyberlocker b/krebs/5pkgs/simple/htgen-cyberlocker/src/htgen-cyberlocker
index 5ca0ddd3e..d04b4b1f0 100644
--- a/krebs/5pkgs/simple/htgen-cyberlocker/src/htgen-cyberlocker
+++ b/krebs/5pkgs/simple/htgen-cyberlocker/src/htgen-cyberlocker
@@ -5,6 +5,13 @@ emptyok_response() {(
   printf '\r\n'
 )}
 
+not_modifed_response() {(
+  printf "HTTP/1.1 304 Not Modified\r\n"
+  printf 'Connection: close\r\n'
+  printf 'Server: %s\r\n' "$Server"
+  printf '\r\n'
+)}
+
 delete_response() {
   jq -n -r \
   --arg server "$Server" \
@@ -74,8 +81,20 @@ case "$Method $path" in
   'GET /'*)
     item=$STATEDIR/items/$(echo "$path" | jq -rR @uri)
     if [ -e "$item" ]; then
-      file_response "$item"
-      exit
+      if [ -z ${req_if_modified_since+x} ]; then
+        file_response "$item"
+        exit
+      else
+        age_file=$(date +%s -r "$item")
+        age_header=$(date +%s --date="$req_if_modified_since")
+        if [ "$age_file" -lt "$age_header" ]; then
+          not_modifed_response
+          exit
+        else
+          file_response "$item"
+          exit
+        fi
+      fi
     fi
   ;;
   'DELETE /'*)
diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix
index 2fbc7ff86..832e47f26 100644
--- a/krebs/5pkgs/simple/realwallpaper/default.nix
+++ b/krebs/5pkgs/simple/realwallpaper/default.nix
@@ -122,7 +122,7 @@ pkgs.writers.writeDashBin "generate-wallpaper" ''
       'https://neo.sci.gsfc.nasa.gov/view.php?datasetId=MOD14A1_E_FIRE') &
 
     # regular fetches
-    fetch marker.json.tmp "$marker_url"
+    fetch marker.json.tmp "$marker_url" || :
     if [ -s marker.json.tmp ]; then
       mv marker.json.tmp marker.json
     fi
diff --git a/krebs/5pkgs/simple/untilport/default.nix b/krebs/5pkgs/simple/untilport/default.nix
index 61bcc2b89..2930fd1eb 100644
--- a/krebs/5pkgs/simple/untilport/default.nix
+++ b/krebs/5pkgs/simple/untilport/default.nix
@@ -13,6 +13,6 @@ pkgs.writeDashBin "untilport" ''
   if [ $# -ne 2 ]; then
     usage
   else
-    until ${pkgs.netcat-openbsd}/bin/nc -z "$@"; do sleep 1; done
+    until ${pkgs.libressl.nc}/bin/nc -z "$@"; do sleep 1; done
   fi
 ''
diff --git a/krebs/5pkgs/simple/weechat-declarative/default.nix b/krebs/5pkgs/simple/weechat-declarative/default.nix
index e6ecfd631..5f9c8635b 100644
--- a/krebs/5pkgs/simple/weechat-declarative/default.nix
+++ b/krebs/5pkgs/simple/weechat-declarative/default.nix
@@ -109,45 +109,60 @@ let
     };
   };
 
+  setFile = pkgs.writeText "weechat.set" (
+    lib.optionalString (cfg.settings != {})
+      (lib.concatStringsSep "\n" (
+        lib.optionals
+          (cfg.settings.irc or {} != {})
+          (lib.mapAttrsToList
+            (name: server: "/server add ${name} ${lib.toWeechatValue server.addresses}")
+            cfg.settings.irc.server)
+        ++
+        lib.optionals
+          (cfg.settings.matrix or {} != {})
+          (lib.mapAttrsToList
+            (name: server: "/matrix server add ${name} ${server.address}")
+            cfg.settings.matrix.server)
+        ++
+        lib.mapAttrsToList lib.setCommand (lib.attrPathsSep "." cfg.settings)
+        ++
+        lib.optionals
+          (cfg.settings.filters or {} != {})
+          (lib.mapAttrsToList lib.filterAddreplace cfg.settings.filters)
+        ++
+        lib.singleton cfg.extraCommands
+      ))
+  );
+
   weechat = pkgs.weechat.override {
     configure = _: {
-      init = lib.optionalString (cfg.settings != {})
-        (lib.concatStringsSep "\n" (
-          lib.optionals
-            (cfg.settings.irc or {} != {})
-            (lib.mapAttrsToList
-              (name: server: "/server add ${name} ${server.address}")
-              cfg.settings.irc.server)
-          ++
-          lib.optionals
-            (cfg.settings.matrix or {} != {})
-            (lib.mapAttrsToList
-              (name: server: "/matrix server add ${name} ${server.address}")
-              cfg.settings.matrix.server)
-          ++
-          lib.mapAttrsToList lib.setCommand (lib.attrPathsSep "." cfg.settings)
-          ++
-          lib.optionals
-            (cfg.settings.filters or {} != {})
-            (lib.mapAttrsToList lib.filterAddreplace cfg.settings.filters)
-          ++
-          lib.singleton cfg.extraCommands
-        ));
+      init = "/exec -oc cat ${setFile}";
 
       scripts = cfg.scripts;
     };
   };
 
-in pkgs.writers.writeDashBin "weechat" ''
-  CONFDIR=''${XDG_CONFIG_HOME:-$HOME/.config}/weechat
-  ${pkgs.coreutils}/bin/mkdir -p "$CONFDIR"
-  ${lib.concatStringsSep "\n"
-    (lib.mapAttrsToList
-      (name: target: /* sh */ ''
-        ${pkgs.coreutils}/bin/ln -s ${lib.escapeShellArg target} "$CONFDIR"/${lib.escapeShellArg name}
-      '')
-      cfg.files
-    )
-  }
-  exec ${weechat}/bin/weechat "$@"
-''
+  wrapper = pkgs.writers.writeDashBin "weechat" ''
+    CONFDIR=''${XDG_CONFIG_HOME:-$HOME/.config}/weechat
+    ${pkgs.coreutils}/bin/mkdir -p "$CONFDIR"
+    ${lib.concatStringsSep "\n"
+      (lib.mapAttrsToList
+        (name: target: /* sh */ ''
+          ${pkgs.coreutils}/bin/ln -s ${lib.escapeShellArg target} "$CONFDIR"/${lib.escapeShellArg name}
+        '')
+        cfg.files
+      )
+    }
+    exec ${weechat}/bin/weechat "$@"
+  '';
+
+in pkgs.symlinkJoin {
+  name = "weechat-configured";
+  paths = [
+    wrapper
+    pkgs.weechat
+  ];
+  postBuild = ''
+    ln -s ${setFile} $out/weechat.set
+  '';
+}