diff options
Diffstat (limited to 'krebs')
| -rw-r--r-- | krebs/1systems/hotdog/config.nix | 3 | ||||
| -rw-r--r-- | krebs/1systems/puyak/config.nix | 3 | ||||
| -rw-r--r-- | krebs/3modules/announce-activation.nix | 5 | ||||
| -rw-r--r-- | krebs/3modules/hidden-ssh.nix | 33 | ||||
| -rw-r--r-- | krebs/3modules/lass/default.nix | 57 | ||||
| -rw-r--r-- | krebs/3modules/realwallpaper.nix | 1 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/git-hooks/default.nix | 3 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/irc-announce/default.nix | 9 | ||||
| -rw-r--r-- | krebs/nixpkgs-unstable.json | 8 | ||||
| -rw-r--r-- | krebs/nixpkgs.json | 8 |
10 files changed, 108 insertions, 22 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index a100e414d..9f1ac9134 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -10,6 +10,9 @@ <stockholm/krebs/2configs/ircd.nix> <stockholm/krebs/2configs/reaktor2.nix> <stockholm/krebs/2configs/wiki.nix> + + ## shackie irc bot + <stockholm/krebs/2configs/shack/reaktor.nix> ]; krebs.build.host = config.krebs.hosts.hotdog; diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 81a53af80..5ed946aca 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -115,9 +115,6 @@ ## Collect local statistics via collectd and send to collectd <stockholm/krebs/2configs/stats/shack-client.nix> <stockholm/krebs/2configs/stats/shack-debugging.nix> - - ## shackie irc bot - <stockholm/krebs/2configs/shack/reaktor.nix> ]; krebs.build.host = config.krebs.hosts.puyak; diff --git a/krebs/3modules/announce-activation.nix b/krebs/3modules/announce-activation.nix index 76eb4b136..a40ae8cef 100644 --- a/krebs/3modules/announce-activation.nix +++ b/krebs/3modules/announce-activation.nix @@ -9,6 +9,7 @@ with import <stockholm/lib>; ${shell.escape (toString cfg.irc.port)} \ ${shell.escape cfg.irc.nick} \ ${shell.escape cfg.irc.channel} \ + ${escapeShellArg cfg.irc.tls} \ "$message" ''; default-get-message = pkgs.writeDash "announce-activation-get-message" '' @@ -50,6 +51,10 @@ in { default = "irc.r"; type = types.hostname; }; + tls = mkOption { + default = false; + type = types.bool; + }; }; }; config = mkIf cfg.enable { diff --git a/krebs/3modules/hidden-ssh.nix b/krebs/3modules/hidden-ssh.nix index 1e56e62f9..acbe717d9 100644 --- a/krebs/3modules/hidden-ssh.nix +++ b/krebs/3modules/hidden-ssh.nix @@ -19,6 +19,14 @@ let type = types.str; default = "irc.hackint.org"; }; + port = mkOption { + type = types.int; + default = 6697; + }; + tls = mkOption { + type = types.bool; + default = true; + }; message = mkOption { type = types.str; default = "SSH Hidden Service at "; @@ -27,14 +35,17 @@ let imp = let torDirectory = "/var/lib/tor"; # from tor.nix - hiddenServiceDir = torDirectory + "/ssh-announce-service"; + hiddenServiceDir = torDirectory + "/onion/hidden-ssh"; in { services.tor = { enable = true; - extraConfig = '' - HiddenServiceDir ${hiddenServiceDir} - HiddenServicePort 22 127.0.0.1:22 - ''; + relay.onionServices.hidden-ssh = { + version = 3; + map = [{ + port = 22; + target.port = 22; + }]; + }; client.enable = true; }; systemd.services.hidden-ssh-announce = { @@ -50,10 +61,14 @@ let echo "still waiting for ${hiddenServiceDir}/hostname" sleep 1 done - ${pkgs.untilport}/bin/untilport ${cfg.server} 6667 && \ - ${pkgs.irc-announce}/bin/irc-announce \ - ${cfg.server} 6667 ${config.krebs.build.host.name}-ssh \ - \${cfg.channel} \ + ${pkgs.untilport}/bin/untilport ${escapeShellArg cfg.server} ${toString cfg.port} + + ${pkgs.irc-announce}/bin/irc-announce \ + ${escapeShellArg cfg.server} \ + ${toString cfg.port} \ + "${config.krebs.build.host.name}-ssh" \ + ${escapeShellArg cfg.channel} \ + ${escapeShellArg cfg.tls} \ "${cfg.message}$(cat ${hiddenServiceDir}/hostname)" ''; PrivateTmp = "true"; diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index b19e2e6fc..3419d806c 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -47,6 +47,7 @@ in { radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} jitsi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} streaming 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + mumble 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; }; nets = rec { @@ -783,6 +784,62 @@ in { }; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIn+o0uCBSot254kZKlNepVKFcwDPdr8s6+lQmYGM3Hd "; + syncthing.id = "TT4MBZS-YNDZUYO-Y6L4GOK-5IYUCXY-2RKFOSK-5SMZYSR-5QMOXSS-6DNJIAZ"; + }; + + lasspi = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.1.89"; + ip6.addr = r6 "189"; + aliases = [ + "lasspi.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3zUXIiw8/9okrGaxlAR1 + JvoXNxAzLj5wwE2B0A+9ppev7Vl52HJarNoM6+0RN4aZDGMhDWg8J5ZQSdGUNm5F + CIdxE1TwLXxzW5nd7BIb+MVsjtw0pxId7Gxq6Wgtx1QljUdsp8OVrJActqsmXYMl + oYEWdENHRONYTCyhs+Kd18MERyxQCqOXOnD170iaFuCcHiIa2nSOtlk+aIPNIE/P + Qsp7Q0RCRvqd5LszsI7bp3gZL9mgGquQEW+3ZxSaIYHGTdK/zI4PHYpEa7IvdJFS + BJjJj+PbilnSxy7iL826O8ckxBqA0rNS0EynCKCI0DoVimCeklk20vLagDyXiDyC + VW2774j1rF35eIowPTBVJNfquEptNDl9MLV3MC2P8gnCZp5x+7dEwpqsvecBQ7Z8 + +Ry9JZ/zlWi5qT86SrwKKqJqRhWHjZZSRzWdo4ypaNOy0cKHb2DcVfgn38Kf16xs + QM11XLCRE8VLIVl5UFgrF6q/0f8JP1BG8RO90NDsLwIW/EwKiJ9OGFtayvxkmgHP + zgmzgws8cn50762OPkp4OVzVexN77d9N8GU9QXAlsFyn2FJlO26DvFON4fHIf0bP + 6lqI1Up2jAy0eSl2txlxxKbKRlkIaebHulhxIxQ1djA+xPb/5cfasom9Qqwf6/Lc + 287nChBcbY+HlshTe0lZdrkCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + wiregrill = { + ip6.addr = w6 "189"; + aliases = [ + "lasspi.w" + ]; + wireguard.pubkey = '' + IIBAiG7jZEliQJJsNUQswLsB5FQFkAfq5IwyHAp71Vw= + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEjYOaTQE9OvvIaWWjO+3/uSy7rvnhnJA48rWYeB2DfB"; + }; + + domsen-pixel = { + nets = { + wiregrill = { + ip4.addr = "10.244.1.17"; + ip6.addr = w6 "d0"; + aliases = [ + "domsen-pixel.w" + ]; + wireguard.pubkey = "cGuBSB1DftIsanbxrSG/i4FiC+TmQrs+Z0uE6SPscHY="; + }; + }; + external = true; + ci = false; }; }; diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index 76f333963..1fa6012cf 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -51,6 +51,7 @@ let serviceConfig = { Type = "simple"; + Restart = "on-failure"; ExecStart = "${pkgs.realwallpaper}/bin/generate-wallpaper"; User = "realwallpaper"; }; diff --git a/krebs/5pkgs/simple/git-hooks/default.nix b/krebs/5pkgs/simple/git-hooks/default.nix index 0a2c84410..acf34ad69 100644 --- a/krebs/5pkgs/simple/git-hooks/default.nix +++ b/krebs/5pkgs/simple/git-hooks/default.nix @@ -12,6 +12,7 @@ with import <stockholm/lib>; , port ? 6667 , refs ? [] , server + , tls ? false , verbose ? false }: /* sh */ '' #! /bin/sh @@ -39,6 +40,7 @@ with import <stockholm/lib>; nick=${escapeShellArg nick} channel=${escapeShellArg channel} server=${escapeShellArg server} + tls=${escapeShellArg tls} port=${toString port} host=$nick @@ -114,6 +116,7 @@ with import <stockholm/lib>; "$port" \ "$nick" \ "$channel" \ + "$tls" \ "$message" fi ''; diff --git a/krebs/5pkgs/simple/irc-announce/default.nix b/krebs/5pkgs/simple/irc-announce/default.nix index 52cf12862..5797b3667 100644 --- a/krebs/5pkgs/simple/irc-announce/default.nix +++ b/krebs/5pkgs/simple/irc-announce/default.nix @@ -17,7 +17,8 @@ pkgs.writeDashBin "irc-announce" '' IRC_PORT=$2 IRC_NICK=$3_$$ IRC_CHANNEL=$4 - message=$5 + IRC_TLS=$5 + message=$6 export IRC_CHANNEL # for privmsg_cat @@ -34,6 +35,8 @@ pkgs.writeDashBin "irc-announce" '' # privmsg_cat transforms stdin to a privmsg privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; } + tls_flag() { if [ "$IRC_TLS" -eq 1 ]; then echo "-c"; fi } + # ircin is used to feed the output of netcat back to the "irc client" # so we can implement expect-like behavior with sed^_^ # XXX mkselfdestructingtmpfifo would be nice instead of this cruft @@ -51,6 +54,8 @@ pkgs.writeDashBin "irc-announce" '' echo2 "USER $LOGNAME 0 * :$LOGNAME@$(hostname)" echo2 "NICK $IRC_NICK" + awk 'match($0, /PING(.*)/, m) {print "PONG", m[1]; exit}' + # wait for MODE message sed -n '/^:[^ ]* MODE /q' @@ -67,5 +72,5 @@ pkgs.writeDashBin "irc-announce" '' echo2 'QUIT :Gone to have lunch' } < ircin \ - | nc "$IRC_SERVER" "$IRC_PORT" | tee -a ircin + | nc $(tls_flag) "$IRC_SERVER" "$IRC_PORT" | tee -a ircin '' diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index d0d3cd82d..6b5f8ec8f 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "8d8a28b47b7c41aeb4ad01a2bd8b7d26986c3512", - "date": "2021-08-29T22:49:37+08:00", - "path": "/nix/store/vg29bg0awqam80djwz68ym0awvasrw6i-nixpkgs", - "sha256": "1s29nc3ppsjdq8kgbh8pc26xislkv01yph58xv2vjklkvsmz5pzm", + "rev": "09cd65b33c5653d7d2954fef4b9f0e718c899743", + "date": "2021-09-08T11:21:07-05:00", + "path": "/nix/store/h4hgs0aiaszmgqcwwhw7q10vqgvgbimf-nixpkgs", + "sha256": "1h696xv2wdl1859jcr0bmv0m0rfsq4vpc1vc0hg3msfsdnz0aixl", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 92ce9aa90..72a603c7b 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "74d017edb6717ad76d38edc02ad3210d4ad66b96", - "date": "2021-08-27T16:58:49+02:00", - "path": "/nix/store/82jg1p0rlf7mkryjpdn0z6b95q4i9lnq-nixpkgs", - "sha256": "0wvz41izp4djzzr0a6x54hcm3xjr51nlj8vqghfgyrjpk8plyk4s", + "rev": "8b0b81dab17753ab344a44c04be90a61dc55badf", + "date": "2021-09-10T08:00:45-04:00", + "path": "/nix/store/rxlq7jb68cnhfnq15d2rbpf2qc65g0pr-nixpkgs", + "sha256": "0rj17jpjxjcibcd4qygpxbq79m4px6b35nqq9353pns8w7a984xx", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false |