summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
Diffstat (limited to 'krebs')
-rw-r--r--krebs/1systems/puyak/config.nix15
-rw-r--r--krebs/1systems/puyak/net.nix23
-rw-r--r--krebs/2configs/go.nix3
-rw-r--r--krebs/2configs/hw/getty-for-esp.nix17
-rw-r--r--krebs/2configs/ircd.nix29
-rw-r--r--krebs/2configs/news-spam.nix164
-rw-r--r--krebs/2configs/news.nix51
-rw-r--r--krebs/2configs/shack/gitlab-runner.nix6
-rw-r--r--krebs/2configs/shack/glados/automation/hass-restart.nix39
-rw-r--r--krebs/2configs/shack/glados/automation/party-time.nix45
-rw-r--r--krebs/2configs/shack/glados/automation/shack-startup.nix165
-rw-r--r--krebs/2configs/shack/glados/default.nix65
-rw-r--r--krebs/2configs/shack/glados/multi/rollos.nix77
-rw-r--r--krebs/2configs/shack/glados/multi/schlechte_luft.nix181
-rw-r--r--krebs/2configs/shack/glados/multi/shackopen.nix45
-rw-r--r--krebs/2configs/shack/glados/multi/wasser.nix181
-rw-r--r--krebs/2configs/shack/glados/sensors/darksky.nix43
-rw-r--r--krebs/2configs/shack/glados/sensors/mate.nix20
-rw-r--r--krebs/2configs/shack/glados/sensors/power.nix5
-rw-r--r--krebs/2configs/shack/glados/sensors/sensemap.nix15
-rw-r--r--krebs/2configs/shack/glados/sensors/spaceapi.nix107
-rw-r--r--krebs/2configs/shack/glados/switch/power.nix42
-rw-r--r--krebs/2configs/shack/powerraw.nix13
-rw-r--r--krebs/2configs/shack/prometheus/alert-rules.nix7
-rw-r--r--krebs/2configs/shack/worlddomination.nix9
-rw-r--r--krebs/3modules/brockman.nix34
-rw-r--r--krebs/3modules/default.nix2
-rw-r--r--krebs/3modules/external/default.nix25
-rw-r--r--krebs/3modules/go.nix96
-rw-r--r--krebs/3modules/krebs/default.nix2
-rw-r--r--krebs/3modules/lass/default.nix2
-rw-r--r--krebs/3modules/makefu/default.nix2
-rw-r--r--krebs/3modules/newsbot-js.nix102
-rw-r--r--krebs/5pkgs/default.nix1
-rw-r--r--krebs/5pkgs/haskell/brockman.nix24
-rw-r--r--krebs/5pkgs/simple/go-shortener/default.nix56
-rw-r--r--krebs/5pkgs/simple/go-shortener/node-packages.nix88
-rw-r--r--krebs/5pkgs/simple/go-shortener/pkgs.json4
-rwxr-xr-xkrebs/5pkgs/simple/go-shortener/update.sh4
-rw-r--r--krebs/5pkgs/simple/newsbot-js/default.nix58
-rw-r--r--krebs/5pkgs/simple/newsbot-js/node-packages.nix777
-rw-r--r--krebs/5pkgs/simple/newsbot-js/pkgs.json7
-rwxr-xr-xkrebs/5pkgs/simple/newsbot-js/update.sh4
-rw-r--r--krebs/5pkgs/simple/rss-bridge/default.nix33
-rw-r--r--krebs/nixpkgs-unstable.json8
-rw-r--r--krebs/nixpkgs.json8
46 files changed, 849 insertions, 1855 deletions
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index 9ee61c6f8..19cf22280 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -1,12 +1,16 @@
{ config, pkgs, ... }:
-
{
imports = [
+ ./net.nix
<stockholm/krebs>
<stockholm/krebs/2configs>
<stockholm/krebs/2configs/secret-passwords.nix>
<stockholm/krebs/2configs/hw/x220.nix>
+ # see documentation in included getty-for-esp.nix:
+ # brain hosts/puyak/root
+ <stockholm/krebs/2configs/hw/getty-for-esp.nix>
+
## initrd unlocking
# (brain hosts/puyak/luks-ssd;echo) | ssh root@$(brain krebs-secrets/puyak/initrd/hostname) 'cat > /crypt-ramfs/passphrase'
@@ -20,8 +24,7 @@
#### NEWS ####
<stockholm/krebs/2configs/ircd.nix>
- #<stockholm/krebs/2configs/news.nix>
- #<stockholm/krebs/2configs/news-spam.nix>
+ <stockholm/krebs/2configs/news.nix>
### shackspace ###
@@ -118,7 +121,6 @@
krebs.build.host = config.krebs.hosts.puyak;
sound.enable = false;
-
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
@@ -163,10 +165,6 @@
services.logind.lidSwitchExternalPower = "ignore";
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="8c:70:5a:b2:84:58", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:07:b9:14", NAME="et0"
- '';
environment.systemPackages = [ pkgs.zsh ];
@@ -179,5 +177,4 @@
isNormalUser = true;
shell = "/run/current-system/sw/bin/zsh";
};
- networking.firewall.allowedTCPPorts = [ 5901 ];
}
diff --git a/krebs/1systems/puyak/net.nix b/krebs/1systems/puyak/net.nix
new file mode 100644
index 000000000..4cb8d247c
--- /dev/null
+++ b/krebs/1systems/puyak/net.nix
@@ -0,0 +1,23 @@
+let
+ ext-if = "enp0s25";
+ shack-ip = "10.42.22.184";
+ shack-gw = "10.42.20.1";
+in {
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="8c:70:5a:b2:84:58", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:07:b9:14", NAME="et0"
+ '';
+ networking = {
+ firewall.enable = false;
+ firewall.allowedTCPPorts = [ 8088 8086 8083 5901 ];
+ interfaces."${ext-if}".ipv4.addresses = [
+ {
+ address = shack-ip;
+ prefixLength = 20;
+ }
+ ];
+
+ defaultGateway = shack-gw;
+ nameservers = [ "10.42.0.100" "10.42.0.200" ];
+ };
+}
diff --git a/krebs/2configs/go.nix b/krebs/2configs/go.nix
index c39b08a8e..ce5db62d4 100644
--- a/krebs/2configs/go.nix
+++ b/krebs/2configs/go.nix
@@ -2,9 +2,6 @@
with import <stockholm/lib>;
{
- environment.systemPackages = [
- pkgs.go-shortener
- ];
krebs.go = {
enable = true;
};
diff --git a/krebs/2configs/hw/getty-for-esp.nix b/krebs/2configs/hw/getty-for-esp.nix
new file mode 100644
index 000000000..18c912353
--- /dev/null
+++ b/krebs/2configs/hw/getty-for-esp.nix
@@ -0,0 +1,17 @@
+{
+ # 1. Program an esp8266 devboard (esp8266+usb-ttl) with # https://github.com/jeelabs/esp-link
+ # tested vesion: esp-link v3.2.47-g9c6530d
+ # Pin Preset: esp-bridge
+ # tx-enable: false
+ # uart-pins: normal
+ # 2. connect directly with usb-cable to device, check that vendorID and ProductID match
+ # 3. nc <esp-link-ip> 23
+ # Info: for puyak the root pw is `brain hosts/puyak/root`
+ services.udev.extraRules = ''
+ SUBSYSTEM=="tty", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="7523", SYMLINK+="ilo", MODE="0660"
+ '';
+ systemd.services."serial-getty@ilo".enable = true;
+ systemd.services."serial-getty@ilo".wantedBy = [ "multi-user.target" ];
+ systemd.services."serial-getty@ilo".serviceConfig.Restart = "always";
+}
+
diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix
index 65972aacc..789fc2f2f 100644
--- a/krebs/2configs/ircd.nix
+++ b/krebs/2configs/ircd.nix
@@ -11,12 +11,12 @@
hello
'';
config = ''
+ loadmodule "extensions/m_omode";
serverinfo {
name = "${config.krebs.build.host.name}.irc.r";
sid = "1as";
description = "miep!";
network_name = "irc.r";
- hub = yes;
vhost = "0.0.0.0";
vhost6 = "::";
@@ -26,7 +26,7 @@
#ssl_dh_params = "etc/dh.pem";
#ssld_count = 1;
- default_max_clients = 10000;
+ default_max_clients = 100000;
#nicklen = 30;
};
@@ -43,19 +43,31 @@
/* Listen on IPv6 (if you used host= above). */
host = "::";
port = 6667;
- sslport = 9999;
+ sslport = 6697;
};
class "users" {
ping_time = 2 minutes;
number_per_ident = 10;
- number_per_ip = 2048;
+ number_per_ip = 4096;
number_per_ip_global = 4096;
cidr_ipv4_bitlen = 24;
cidr_ipv6_bitlen = 64;
number_per_cidr = 65536;
- max_number = 3000;
- sendq = 1 megabyte;
+ max_number = 100000;
+ sendq = 10 megabyte;
+ };
+
+ privset "op" {
+ privs = oper:admin;
+ };
+
+ operator "aids" {
+ user = "*@*";
+ password = "balls";
+ flags = ~encrypted;
+ snomask = "+s";
+ privset = "op";
};
exempt {
@@ -93,12 +105,13 @@
channel_target_change = yes;
disable_local_channels = no;
};
+
general {
#maybe we want ident someday?
- default_floodcount = 1000;
+ default_floodcount = 10000;
disable_auth = yes;
throttle_duration = 1;
- throttle_count = 1000;
+ throttle_count = 10000;
};
'';
};
diff --git a/krebs/2configs/news-spam.nix b/krebs/2configs/news-spam.nix
deleted file mode 100644
index a8c658858..000000000
--- a/krebs/2configs/news-spam.nix
+++ /dev/null
@@ -1,164 +0,0 @@
-{ pkgs, ... }:
-
-{
- krebs.newsbot-js.news-spam = {
- urlShortenerHost = "go.lassul.us";
- feeds = pkgs.writeText "feeds" ''
- _aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews
- _allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews
- _antirez|http://antirez.com/rss|#snews
- _archlinux|http://www.archlinux.org/feeds/news/|#snews
- _ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#snews
- _augustl|http://augustl.com/atom.xml|#snews
- _bbc|http://feeds.bbci.co.uk/news/rss.xml|#snews
- _bdt_aktuelle_themen|http://www.bundestag.de/blueprint/servlet/service/de/14154/asFeed/index.rss|#snews
- _bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#snews
- _bdt_plenarproto|http://www.bundestag.de/rss_feeds/plenarprotokolle.rss|#snews
- _bdt_pressemitteilungen|http://www.bundestag.de/blueprint/servlet/service/de/273112/asFeed/index.rss|#snews
- _bitcoinpakistan|https://bitcoinspakistan.com/feed/|#snews
- _cancer|http://feeds.feedburner.com/ncinewsreleases?format=xml|#snews
- _carta|http://feeds2.feedburner.com/carta-standard-rss|#snews
- _catholic_news|http://feeds.feedburner.com/catholicnewsagency/dailynews|#snews
- _cbc_busi|http://rss.cbc.ca/lineup/business.xml|#snews
- _cbc_offbeat|http://www.cbc.ca/cmlink/rss-offbeat|#snews
- _cbc_pol|http://rss.cbc.ca/lineup/politics.xml|#snews
- _cbc_tech|http://rss.cbc.ca/lineup/technology.xml|#snews
- _cbc_top|http://rss.cbc.ca/lineup/topstories.xml|#snews
- _ccc|http://www.ccc.de/rss/updates.rdf|#snews
- _chan_biz|http://boards.4chan.org/biz/index.rss|#snews
- _chan_g|http://boards.4chan.org/g/index.rss|#snews
- _chan_int|http://boards.4chan.org/int/index.rss|#snews
- _chan_sci|http://boards.4chan.org/sci/index.rss|#snews
- _chan_x|http://boards.4chan.org/x/index.rss|#snews
- _c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#snews
- _cryptogon|http://www.cryptogon.com/?feed=rss2|#snews
- _csm|http://rss.csmonitor.com/feeds/csm|#snews
- _csm_world|http://rss.csmonitor.com/feeds/world|#snews
- _danisch|http://www.danisch.de/blog/feed/|#snews
- _dod|http://www.defense.gov/news/afps2.xml|#snews
- _dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#snews
- _ecat|http://ecat.com/feed|#snews
- _eia_press|http://www.eia.gov/rss/press_rss.xml|#snews
- _eia_today|http://www.eia.gov/rss/todayinenergy.xml|#snews
- _embargowatch|https://embargowatch.wordpress.com/feed/|#snews
- _ethereum-comments|http://blog.ethereum.org/comments/feed|#snews
- _ethereum|http://blog.ethereum.org/feed|#snews
- _europa_ric|http://ec.europa.eu/research/infocentre/rss/infocentre-rss.xml|#snews
- _eu_survei|http://www.eurosurveillance.org/public/RSSFeed/RSS.aspx|#snews
- _exploitdb|http://www.exploit-db.com/rss.xml|#snews
- _fars|http://www.farsnews.com/rss.php|#snews #test
- _faz_feui|http://www.faz.net/rss/aktuell/feuilleton/|#snews
- _faz_politik|http://www.faz.net/rss/aktuell/politik/|#snews
- _faz_wirtschaft|http://www.faz.net/rss/aktuell/wirtschaft/|#snews
- _fbi|https://www.fbi.gov/news/rss.xml|#snews
- _fedreserve|http://www.federalreserve.gov/feeds/press_all.xml|#snews
- _fefe|http://blog.fefe.de/rss.xml|#snews
- _forbes|http://www.forbes.com/forbes/feed2/|#snews
- _forbes_realtime|http://www.forbes.com/real-time/feed2/|#snews
- _fox|http://feeds.foxnews.com/foxnews/latest|#snews
- _geheimorganisation|http://geheimorganisation.org/feed/|#snews
- _GerForPol|http://www.german-foreign-policy.com/de/news/rss-2.0|#snews
- _gmanet|http://www.gmanetwork.com/news/rss/news|#snews
- _golem|http://rss.golem.de/rss.php|#snews
- _google|http://news.google.com/?output=rss|#snews
- _greenpeace|http://feeds.feedburner.com/GreenpeaceNews|#snews
- _guardian_uk|http://feeds.theguardian.com/theguardian/uk-news/rss|#snews
- _gulli|http://ticker.gulli.com/rss/|#snews
- _hackernews|https://news.ycombinator.com/rss|#snews
- _handelsblatt|http://www.handelsblatt.com/contentexport/feed/schlagzeilen|#snews
- _heise|https://www.heise.de/newsticker/heise-atom.xml|#snews
- _hindu_business|http://www.thehindubusinessline.com/?service=rss|#snews
- _hindu|http://www.thehindu.com/?service=rss|#snews
- _ign|http://feeds.ign.com/ign/all|#snews
- _independent|http://www.independent.com/rss/headlines/|#snews
- _indymedia|https://de.indymedia.org/rss.xml|#snews
- _info_libera|http://www.informationliberation.com/rss.xml|#snews
- _klagen-gegen-rundfuckbeitrag|http://klagen-gegen-rundfunkbeitrag.blogspot.com/feeds/posts/default|#snews
- _korea_herald|http://www.koreaherald.com/rss_xml.php|#snews
- _linuxinsider|http://www.linuxinsider.com/perl/syndication/rssfull.pl|#snews
- _lisp|http://planet.lisp.org/rss20.xml|#snews
- _liveleak|http://www.liveleak.com/rss|#snews
- _lolmythesis|http://lolmythesis.com/rss|#snews
- _LtU|http://lambda-the-ultimate.org/rss.xml|#snews
- _lukepalmer|http://lukepalmer.wordpress.com/feed/|#snews
- _mit|http://web.mit.edu/newsoffice/rss-feeds.feed?type=rss|#snews
- _mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#snews
- _nds|http://www.nachdenkseiten.de/?feed=atom|#snews
- _netzpolitik|https://netzpolitik.org/feed/|#snews
- _newsbtc|http://newsbtc.com/feed/|#snews
- _nnewsg|http://www.net-news-global.net/rss/rssfeed.xml|#snews
- _npr_busi|http://www.npr.org/rss/rss.php?id=1006|#snews
- _npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#snews
- _npr_pol|http://www.npr.org/rss/rss.php?id=1012|#snews
- _npr_world|http://www.npr.org/rss/rss.php?id=1004|#snews
- _nsa|https://www.nsa.gov/rss.xml|#snews #bullerei
- _nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#snews
- _painload|https://github.com/krebs/painload/commits/master.atom|#snews
- _phys|http://phys.org/rss-feed/|#snews
- _piraten|https://www.piratenpartei.de/feed/|#snews
- _polizei_berlin|http://www.berlin.de/polizei/presse-fahndung/_rss_presse.xml|#snews
- _presse_polizei|http://www.presseportal.de/rss/polizei.rss2|#snews
- _presseportal|http://www.presseportal.de/rss/presseportal.rss2|#snews
- _prisonplanet|http://prisonplanet.com/feed.rss|#snews
- _rawstory|http://www.rawstory.com/rs/feed/|#snews
- _reddit_4chan|http://www.reddit.com/r/4chan/new/.rss|#snews
- _reddit_anticonsum|http://www.reddit.com/r/Anticonsumption/new/.rss|#snews
- _reddit_btc|http://www.reddit.com/r/Bitcoin/new/.rss|#snews
- _reddit_consp|http://reddit.com/r/conspiracy/.rss|#snews
- _reddit_haskell|http://www.reddit.com/r/haskell/.rss|#snews
- _reddit_nix|http://www.reddit.com/r/nixos/.rss|#snews
- _reddit_prog|http://www.reddit.com/r/programming/new/.rss|#snews
- _reddit_sci|http://www.reddit.com/r/science/.rss|#snews
- _reddit_tech|http://www.reddit.com/r/technology/.rss|#snews
- _reddit_tpp|http://www.reddit.com/r/twitchplayspokemon/.rss|#snews
- _reddit_world|http://www.reddit.com/r/worldnews/.rss|#snews
- _r-ethereum|http://www.reddit.com/r/ethereum/.rss|#snews
- _reuters|http://feeds.reuters.com/Reuters/worldNews|#snews
- _reuters-odd|http://feeds.reuters.com/reuters/oddlyEnoughNews?format=xml|#snews
- _rt|http://rt.com/rss/news/|#snews
- _schallurauch|http://feeds.feedburner.com/SchallUndRauch|#snews
- _sciencemag|http://news.sciencemag.org/rss/current.xml|#snews
- _scmp|http://www.scmp.com/rss/91/feed|#snews
- _sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#snews
- _shackspace|http://shackspace.de/atom.xml|#snews
- _shz_news|http://www.shz.de/nachrichten/newsticker/rss|#snews
- _sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#snews
- _sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#snews
- _sky_strange|http://feeds.skynews.com/feeds/rss/strange.xml|#snews
- _sky_tech|http://feeds.skynews.com/feeds/rss/technology.xml|#snews
- _sky_world|http://feeds.skynews.com/feeds/rss/world.xml|#snews
- _slashdot|http://rss.slashdot.org/Slashdot/slashdot|#snews
- _slate|http://feeds.slate.com/slate|#snews
- _spiegel_eil|http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss|#snews
- _spiegel_top|http://www.spiegel.de/schlagzeilen/tops/index.rss|#snews
- _standardmedia_ke|http://www.standardmedia.co.ke/rss/headlines.php|#snews
- _stern|http://www.stern.de/feed/standard/all/|#snews
- _stz|http://www.stuttgarter-zeitung.de/rss/topthemen.rss.feed|#snews
- _sz_politik|http://rss.sueddeutsche.de/rss/Politik|#snews
- _sz_wirtschaft|http://rss.sueddeutsche.de/rss/Wirtschaft|#snews
- _sz_wissen|http://rss.sueddeutsche.de/rss/Wissen|#snews
- _tagesschau|http://www.tagesschau.de/newsticker.rdf|#snews
- _taz|http://taz.de/Themen-des-Tages/!p15;rss/|#snews
- _telegraph|http://www.telegraph.co.uk/rss.xml|#snews
- _telepolis|http://www.heise.de/tp/rss/news-atom.xml|#snews
- _the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#snews
- _tigsource|http://www.tigsource.com/feed/|#snews
- _tinc|http://tinc-vpn.org/news/index.rss|#snews
- _torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#snews
- _torrentfreak|http://feeds.feedburner.com/Torrentfreak|#snews
- _torr_news|http://feed.torrentfreak.com/Torrentfreak/|#snews
- _travel_warnings|http://feeds.travel.state.gov/ca/travelwarnings-alerts|#snews
- _un_afr|http://www.un.org/apps/news/rss/rss_africa.asp|#snews
- _un_am|http://www.un.org/apps/news/rss/rss_americas.asp|#snews
- _un_eu|http://www.un.org/apps/news/rss/rss_europe.asp|#snews
- _un_me|http://www.un.org/apps/news/rss/rss_mideast.asp|#snews
- _un_pac|http://www.un.org/apps/news/rss/rss_asiapac.asp|#snews
- _un_top|http://www.un.org/apps/news/rss/rss_top.asp|#snews
- _us_math_society|http://www.ams.org/cgi-bin/content/news_items.cgi?rss=1|#snews
- _vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#snews
- _weechat|http://dev.weechat.org/feed/atom|#snews
- _xkcd|https://xkcd.com/rss.xml|#snews
- _zdnet|http://www.zdnet.com/news/rss.xml|#snews
- '';
- };
-}
diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
index 6c59f4d84..f40997f82 100644
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@@ -1,22 +1,39 @@
{ pkgs, ... }:
{
- krebs.newsbot-js.news = {
- feeds = pkgs.writeText "feeds" ''
- antirez|http://antirez.com/rss|#news
- archlinux|http://www.archlinux.org/feeds/news/|#news
- ethereum|http://blog.ethereum.org/feed|#news
- LtU|http://lambda-the-ultimate.org/rss.xml|#news
- mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#news
- painload|https://github.com/krebs/painload/commits/master.atom|#news
- reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news
- reddit_nix|http://www.reddit.com/r/nixos/.rss|#news
- shackspace|http://shackspace.de/atom.xml|#news
- tinc|http://tinc-vpn.org/news/index.rss|#news
- vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news
- weechat|http://dev.weechat.org/feed/atom|#news
- xkcd|https://xkcd.com/rss.xml|#news
- painload|https://github.com/krebs/painload/commits/master.atom|#news
- '';
+ services.rss-bridge = {
+ enable = true;
+ whitelist = [ "*" ];
+ };
+ services.nginx.virtualHosts = {
+ rss-bridge = {
+ serverAliases = [
+ "rss.r"
+ ];
+ };
+ "brockman.r" = {
+ locations."/".extraConfig = ''
+ root /var/lib/brockman;
+ index brockman.json;
+ '';
+ };
+ };
+ systemd.tmpfiles.rules = [
+ "d /var/lib/brockman 1750 brockman nginx -"
+ ];
+
+ systemd.services.brockman.environment.BROCKMAN_LOG_LEVEL = "DEBUG";
+ krebs.brockman = {
+ enable = true;
+ config = {
+ irc.host = "localhost";
+ channel = "#all";
+ shortener = "http://go.r";
+ controller = {
+ nick = "brockman";
+ channels = [ "#all" ];
+ };
+ bots = {};
+ };
};
}
diff --git a/krebs/2configs/shack/gitlab-runner.nix b/krebs/2configs/shack/gitlab-runner.nix
index ecb064579..d525e7987 100644
--- a/krebs/2configs/shack/gitlab-runner.nix
+++ b/krebs/2configs/shack/gitlab-runner.nix
@@ -1,5 +1,6 @@
{ pkgs,lib, ... }:
{
+ boot.kernel.sysctl."net.ipv4.ip_forward" = true;
services.gitlab-runner = {
enable = true;
services= {
@@ -17,6 +18,7 @@
"/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
];
dockerDisableCache = true;
+ # TODO: use the channel from <stockholm/krebs/nixpkgs.json>
preBuildScript = pkgs.writeScript "setup-container" ''
mkdir -p -m 0755 /nix/var/log/nix/drvs
mkdir -p -m 0755 /nix/var/nix/gcroots
@@ -28,9 +30,9 @@
mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
mkdir -p -m 0700 "$HOME/.nix-defexpr"
. ${pkgs.nix}/etc/profile.d/nix.sh
- ${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [ nix cacert git openssh ])}
- ${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixpkgs-unstable
+ ${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixos-20.09 nixpkgs
${pkgs.nix}/bin/nix-channel --update nixpkgs
+ ${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [ nix cacert git openssh ])}
'';
environmentVariables = {
ENV = "/etc/profile";
diff --git a/krebs/2configs/shack/glados/automation/hass-restart.nix b/krebs/2configs/shack/glados/automation/hass-restart.nix
index 1b380204d..5f61e19f1 100644
--- a/krebs/2configs/shack/glados/automation/hass-restart.nix
+++ b/krebs/2configs/shack/glados/automation/hass-restart.nix
@@ -1,21 +1,24 @@
# needs:
# light.fablab_led
-[
- { alias = "State on HA start-up";
- trigger = {
- platform = "homeassistant";
- event = "start";
- };
- # trigger good/bad air
- action = [
- { service = "light.turn_on";
- data = {
- entity_id = "light.fablab_led";
- effect = "Rainbow";
- color_name = "purple";
- };
- }
- ];
- }
-]
+{
+ services.home-assistant.config.automation =
+ [
+ { alias = "State on HA start-up";
+ trigger = {
+ platform = "homeassistant";
+ event = "start";
+ };
+ # trigger good/bad air
+ action = [
+ { service = "light.turn_on";
+ data = {
+ entity_id = "light.fablab_led";
+ effect = "Rainbow";
+ color_name = "purple";
+ };
+ }
+ ];
+ }
+ ];
+}
diff --git a/krebs/2configs/shack/glados/automation/party-time.nix b/krebs/2configs/shack/glados/automation/party-time.nix
index dfa42d05c..9e7fe24cd 100644
--- a/krebs/2configs/shack/glados/automation/party-time.nix
+++ b/krebs/2configs/shack/glados/automation/party-time.nix
@@ -6,24 +6,27 @@ let
disko_schalter = "switch.lounge_diskoschalter_relay";
player = "media_player.lounge";
in
-[
- { alias = "Party um 21 Uhr";
- trigger = {
- platform = "sun";
- event = "sunset";
- };
- action =
- ( glados.say.kiosk "Die Sonne geht unter. Und jetzt geht die Party im shack erst richtig los. Partybeleuchtung, aktiviert!" )
- ++
- [
- {
- service = "homeassistant.turn_on";
- entity_id = disko_schalter;
- }
- {
- service = "media_player.turn_on";
- data.entity_id = player;
- } # TODO: also start playlist if nothing is running?
- ];
- }
-]
+{
+ services.home-assistant.config.automation =
+ [
+ { alias = "Party um 21 Uhr";
+ trigger = {
+ platform = "sun";
+ event = "sunset";
+ };
+ action =
+ ( glados.say.kiosk "Die Sonne geht unter. Und jetzt geht die Party im shack erst richtig los. Partybeleuchtung, aktiviert!" )
+ ++
+ [
+ {
+ service = "homeassistant.turn_on";
+ entity_id = disko_schalter;
+ }
+ {
+ service = "media_player.turn_on";
+ data.entity_id = player;
+ } # TODO: also start playlist if nothing is running?
+ ];
+ }
+ ];
+}
diff --git a/krebs/2configs/shack/glados/automation/shack-startup.nix b/krebs/2configs/shack/glados/automation/shack-startup.nix
index ac7dd4f1e..471d817a2 100644
--- a/krebs/2configs/shack/glados/automation/shack-startup.nix
+++ b/krebs/2configs/shack/glados/automation/shack-startup.nix
@@ -13,85 +13,88 @@
let
glados = import ../lib;
in
-[
- {
- alias = "Bedanken bei Übernahme von Key";
- initial_state = true;
- trigger = {
- platform = "state";
- entity_id = "sensor.keyholder";
- };
- condition = {
- condition = "template";
- value_template = "{{ (trigger.from_state.state != 'No Keyholder') and (trigger.from_state.state != 'No Keyholder') }}";
- };
- action = glados.say.kiosk "Danke {{ trigger.to_state.state }} für das Übernehmen des Keys von {{ trigger.from_state.state }}";
- }
- {
- alias = "Keyholder Begrüßen wenn MPD hoch fährt";
- initial_state = true;
- trigger = {
- platform = "state";
- from = "unavailable";
- entity_id = "media_player.kiosk";
- };
- action = glados.say.kiosk (builtins.readFile ./announcement.j2);
- }
- {
- alias = "Start Music on portal lock on";
- trigger = {
- platform = "state";
- entity_id = "binary_sensor.portal_lock";
- to = "on";
- for.seconds = 30;
- };
- condition = {
- condition = "and";
- conditions =
- [
- { # only start if a keyholder opened the door and if the lounge mpd is currently not playing anything
- condition = "template";
- value_template = "{{ state('