diff options
Diffstat (limited to 'krebs')
38 files changed, 811 insertions, 1376 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index c0fa38284..a100e414d 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -1,7 +1,3 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - { config, lib, pkgs, ... }: { diff --git a/krebs/1systems/news/config.nix b/krebs/1systems/news/config.nix new file mode 100644 index 000000000..5c4b37aef --- /dev/null +++ b/krebs/1systems/news/config.nix @@ -0,0 +1,36 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + <stockholm/krebs> + <stockholm/krebs/2configs> + + <stockholm/krebs/2configs/ircd.nix> + <stockholm/krebs/2configs/go.nix> + + #### NEWS #### + <stockholm/krebs/2configs/ircd.nix> + <stockholm/krebs/2configs/news.nix> + ]; + + krebs.build.host = config.krebs.hosts.news; + + boot.isContainer = true; + networking.useDHCP = false; + krebs.bindfs = { + "/var/lib/htgen-go" = { + source = "/var/state/htgen-go"; + options = [ + "-m ${toString config.users.users.htgen-go.uid}" + ]; + clearTarget = true; + }; + "/var/lib/brockman" = { + source = "/var/state/brockman"; + options = [ + "-m ${toString config.users.users.brockman.uid}:${toString config.users.users.nginx.uid}" + ]; + clearTarget = true; + }; + }; +} diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 19cf22280..1e0687ba7 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -19,14 +19,6 @@ <stockholm/krebs/2configs/binary-cache/nixos.nix> <stockholm/krebs/2configs/binary-cache/prism.nix> - ### Krebs ### - <stockholm/krebs/2configs/go.nix> - - #### NEWS #### - <stockholm/krebs/2configs/ircd.nix> - <stockholm/krebs/2configs/news.nix> - - ### shackspace ### # handle the worlddomination map via coap <stockholm/krebs/2configs/shack/worlddomination.nix> diff --git a/krebs/2configs/go.nix b/krebs/2configs/go.nix index c39b08a8e..ce5db62d4 100644 --- a/krebs/2configs/go.nix +++ b/krebs/2configs/go.nix @@ -2,9 +2,6 @@ with import <stockholm/lib>; { - environment.systemPackages = [ - pkgs.go-shortener - ]; krebs.go = { enable = true; }; diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index 65972aacc..789fc2f2f 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -11,12 +11,12 @@ hello ''; config = '' + loadmodule "extensions/m_omode"; serverinfo { name = "${config.krebs.build.host.name}.irc.r"; sid = "1as"; description = "miep!"; network_name = "irc.r"; - hub = yes; vhost = "0.0.0.0"; vhost6 = "::"; @@ -26,7 +26,7 @@ #ssl_dh_params = "etc/dh.pem"; #ssld_count = 1; - default_max_clients = 10000; + default_max_clients = 100000; #nicklen = 30; }; @@ -43,19 +43,31 @@ /* Listen on IPv6 (if you used host= above). */ host = "::"; port = 6667; - sslport = 9999; + sslport = 6697; }; class "users" { ping_time = 2 minutes; number_per_ident = 10; - number_per_ip = 2048; + number_per_ip = 4096; number_per_ip_global = 4096; cidr_ipv4_bitlen = 24; cidr_ipv6_bitlen = 64; number_per_cidr = 65536; - max_number = 3000; - sendq = 1 megabyte; + max_number = 100000; + sendq = 10 megabyte; + }; + + privset "op" { + privs = oper:admin; + }; + + operator "aids" { + user = "*@*"; + password = "balls"; + flags = ~encrypted; + snomask = "+s"; + privset = "op"; }; exempt { @@ -93,12 +105,13 @@ channel_target_change = yes; disable_local_channels = no; }; + general { #maybe we want ident someday? - default_floodcount = 1000; + default_floodcount = 10000; disable_auth = yes; throttle_duration = 1; - throttle_count = 1000; + throttle_count = 10000; }; ''; }; diff --git a/krebs/2configs/news-host.nix b/krebs/2configs/news-host.nix new file mode 100644 index 000000000..82360a670 --- /dev/null +++ b/krebs/2configs/news-host.nix @@ -0,0 +1,12 @@ +{ + krebs.sync-containers.containers.news = { + peers = [ + "shodan" + "mors" + "styx" + ]; + hostIp = "10.233.2.101"; + localIp = "10.233.2.102"; + format = "plain"; + }; +} diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index 11c136f85..3bf991433 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -1,168 +1,112 @@ -{ pkgs, ... }: +{ config, pkgs, ... }: { + services.rss-bridge = { + enable = true; + whitelist = [ "*" ]; + }; + services.nginx.virtualHosts = { + rss-bridge = { + serverAliases = [ + "rss.r" + ]; + }; + "brockman.r" = { + serverAliases = [ + "news.r" + ]; + locations."/".extraConfig = '' + root /var/lib/brockman; + index brockman.json; + ''; + }; + }; + systemd.tmpfiles.rules = [ + "d /var/lib/brockman 1750 brockman nginx -" + ]; + krebs.brockman = { enable = true; config = { irc.host = "localhost"; + channel = "#all"; shortener = "http://go.r"; - bots = { - aje = { feed ="http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989"; channels = [ "#snews" ]; }; - allafrica = { feed ="http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf"; channels = [ "#snews" ]; }; - antirez = { feed ="http://antirez.com/rss"; channels = [ "#snews" "#news" ]; }; - archlinux = { feed ="http://www.archlinux.org/feeds/news/"; channels = [ "#snews" "#news" ]; }; - ars = { feed ="http://feeds.arstechnica.com/arstechnica/index?format=xml"; channels = [ "#snews" ]; }; - augustl = { feed ="http://augustl.com/atom.xml"; channels = [ "#snews" ]; }; - bbc = { feed ="http://feeds.bbci.co.uk/news/rss.xml"; channels = [ "#snews" ]; }; - bdt_aktuelle_themen = { feed ="http://www.bundestag.de/blueprint/servlet/service/de/14154/asFeed/index.rss"; channels = [ "#snews" ]; }; - bdt_drucksachen = { feed ="http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss"; channels = [ "#snews" ]; }; - bdt_plenarproto = { feed ="http://www.bundestag.de/rss_feeds/plenarprotokolle.rss"; channels = [ "#snews" ]; }; - bdt_pressemitteilungen = { feed ="http://www.bundestag.de/blueprint/servlet/service/de/273112/asFeed/index.rss"; channels = [ "#snews" ]; }; - bitcoinpakistan = { feed ="https://bitcoinspakistan.com/feed/"; channels = [ "#snews" ]; }; - cancer = { feed ="http://feeds.feedburner.com/ncinewsreleases?format=xml"; channels = [ "#snews" ]; }; - carta = { feed ="http://feeds2.feedburner.com/carta-standard-rss"; channels = [ "#snews" ]; }; - catholic_news = { feed ="http://feeds.feedburner.com/catholicnewsagency/dailynews"; channels = [ "#snews" ]; }; - cbc_busi = { feed ="http://rss.cbc.ca/lineup/business.xml"; channels = [ "#snews" ]; }; - cbc_offbeat = { feed ="http://www.cbc.ca/cmlink/rss-offbeat"; channels = [ "#snews" ]; }; - cbc_pol = { feed ="http://rss.cbc.ca/lineup/politics.xml"; channels = [ "#snews" ]; }; - cbc_tech = { feed ="http://rss.cbc.ca/lineup/technology.xml"; channels = [ "#snews" ]; }; - cbc_top = { feed ="http://rss.cbc.ca/lineup/topstories.xml"; channels = [ "#snews" ]; }; - ccc = { feed ="http://www.ccc.de/rss/updates.rdf"; channels = [ "#snews" ]; }; - chan_biz = { feed ="http://boards.4chan.org/biz/index.rss"; channels = [ "#snews" ]; }; - chan_g = { feed ="http://boards.4chan.org/g/index.rss"; channels = [ "#snews" ]; }; - chan_int = { feed ="http://boards.4chan.org/int/index.rss"; channels = [ "#snews" ]; }; - chan_sci = { feed ="http://boards.4chan.org/sci/index.rss"; channels = [ "#snews" ]; }; - chan_x = { feed ="http://boards.4chan.org/x/index.rss"; channels = [ "#snews" ]; }; - c = { feed ="http://www.tempolimit-lichtgeschwindigkeit.de/news.xml"; channels = [ "#snews" ]; }; - cryptogon = { feed ="http://www.cryptogon.com/?feed=rss2"; channels = [ "#snews" ]; }; - csm = { feed ="http://rss.csmonitor.com/feeds/csm"; channels = [ "#snews" ]; }; - csm_world = { feed ="http://rss.csmonitor.com/feeds/world"; channels = [ "#snews" ]; }; - danisch = { feed ="http://www.danisch.de/blog/feed/"; channels = [ "#snews" ]; }; - dod = { feed ="http://www.defense.gov/news/afps2.xml"; channels = [ "#snews" ]; }; - dwn = { feed ="http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/"; channels = [ "#snews" ]; }; - ecat = { feed ="http://ecat.com/feed"; channels = [ "#snews" ]; }; - eia_press = { feed ="http://www.eia.gov/rss/press_rss.xml"; channels = [ "#snews" ]; }; - eia_today = { feed ="http://www.eia.gov/rss/todayinenergy.xml"; channels = [ "#snews" ]; }; - embargowatch = { feed ="https://embargowatch.wordpress.com/feed/"; channels = [ "#snews" ]; }; - ethereum-comments = { feed ="http://blog.ethereum.org/comments/feed"; channels = [ "#snews" ]; }; - ethereum = { feed ="http://blog.ethereum.org/feed"; channels = [ "#snews" "#news" ]; }; - europa_ric = { feed ="http://ec.europa.eu/research/infocentre/rss/infocentre-rss.xml"; channels = [ "#snews" ]; }; - eu_survei = { feed ="http://www.eurosurveillance.org/public/RSSFeed/RSS.aspx"; channels = [ "#snews" ]; }; - exploitdb = { feed ="http://www.exploit-db.com/rss.xml"; channels = [ "#snews" ]; }; - fars = { feed ="http://www.farsnews.com/rss.php"; channels = [ "#snews #test" ]; }; - faz_feui = { feed ="http://www.faz.net/rss/aktuell/feuilleton/"; channels = [ "#snews" ]; }; - faz_politik = { feed ="http://www.faz.net/rss/aktuell/politik/"; channels = [ "#snews" ]; }; - faz_wirtschaft = { feed ="http://www.faz.net/rss/aktuell/wirtschaft/"; channels = [ "#snews" ]; }; - fbi = { feed ="https://www.fbi.gov/news/rss.xml"; channels = [ "#snews" ]; }; - fedreserve = { feed ="http://www.federalreserve.gov/feeds/press_all.xml"; channels = [ "#snews" ]; }; - fefe = { feed ="http://blog.fefe.de/rss.xml"; channels = [ "#snews" ]; }; - forbes = { feed ="http://www.forbes.com/forbes/feed2/"; channels = [ "#snews" ]; }; - forbes_realtime = { feed ="http://www.forbes.com/real-time/feed2/"; channels = [ "#snews" ]; }; - fox = { feed ="http://feeds.foxnews.com/foxnews/latest"; channels = [ "#snews" ]; }; - geheimorganisation = { feed ="http://geheimorganisation.org/feed/"; channels = [ "#snews" ]; }; - GerForPol = { feed ="http://www.german-foreign-policy.com/de/news/rss-2.0"; channels = [ "#snews" ]; }; - gmanet = { feed ="http://www.gmanetwork.com/news/rss/news"; channels = [ "#snews" ]; }; - golem = { feed ="http://rss.golem.de/rss.php"; channels = [ "#snews" ]; }; - google = { feed ="http://news.google.com/?output=rss"; channels = [ "#snews" ]; }; - greenpeace = { feed ="http://feeds.feedburner.com/GreenpeaceNews"; channels = [ "#snews" ]; }; - guardian_uk = { feed ="http://feeds.theguardian.com/theguardian/uk-news/rss"; channels = [ "#snews" ]; }; - gulli = { feed ="http://ticker.gulli.com/rss/"; channels = [ "#snews" ]; }; - hackernews = { feed ="https://news.ycombinator.com/rss"; channels = [ "#snews" ]; }; - handelsblatt = { feed ="http://www.handelsblatt.com/contentexport/feed/schlagzeilen"; channels = [ "#snews" ]; }; - heise = { feed ="https://www.heise.de/newsticker/heise-atom.xml"; channels = [ "#snews" ]; }; - hindu_business = { feed ="http://www.thehindubusinessline.com/?service=rss"; channels = [ "#snews" ]; }; - hindu = { feed ="http://www.thehindu.com/?service=rss"; channels = [ "#snews" ]; }; - ign = { feed ="http://feeds.ign.com/ign/all"; channels = [ "#snews" ]; }; - independent = { feed ="http://www.independent.com/rss/headlines/"; channels = [ "#snews" ]; }; - indymedia = { feed ="https://de.indymedia.org/rss.xml"; channels = [ "#snews" ]; }; - info_libera = { feed ="http://www.informationliberation.com/rss.xml"; channels = [ "#snews" ]; }; - klagen-gegen-rundfuckbeitrag = { feed ="http://klagen-gegen-rundfunkbeitrag.blogspot.com/feeds/posts/default"; channels = [ "#snews" ]; }; - korea_herald = { feed ="http://www.koreaherald.com/rss_xml.php"; channels = [ "#snews" ]; }; - linuxinsider = { feed ="http://www.linuxinsider.com/perl/syndication/rssfull.pl"; channels = [ "#snews" ]; }; - lisp = { feed ="http://planet.lisp.org/rss20.xml"; channels = [ "#snews" ]; }; - liveleak = { feed ="http://www.liveleak.com/rss"; channels = [ "#snews" ]; }; - lolmythesis = { feed ="http://lolmythesis.com/rss"; channels = [ "#snews" ]; }; - LtU = { feed ="http://lambda-the-ultimate.org/rss.xml"; channels = [ "#snews" "#news" ]; }; - lukepalmer = { feed ="http://lukepalmer.wordpress.com/feed/"; channels = [ "#snews" ]; }; - mit = { feed ="http://web.mit.edu/newsoffice/rss-feeds.feed?type=rss"; channels = [ "#snews" ]; }; - mongrel2_master = { feed ="https://github.com/zedshaw/mongrel2/commits/master.atom"; channels = [ "#snews" "#news" ]; }; - nds = { feed ="http://www.nachdenkseiten.de/?feed=atom"; channels = [ "#snews" ]; }; - netzpolitik = { feed ="https://netzpolitik.org/feed/"; channels = [ "#snews" ]; }; - newsbtc = { feed ="http://newsbtc.com/feed/"; channels = [ "#snews" ]; }; - nnewsg = { feed ="http://www.net-news-global.net/rss/rssfeed.xml"; channels = [ "#snews" ]; }; - npr_busi = { feed ="http://www.npr.org/rss/rss.php?id=1006"; channels = [ "#snews" ]; }; - npr_headlines = { feed ="http://www.npr.org/rss/rss.php?id=1001"; channels = [ "#snews" ]; }; - npr_pol = { feed ="http://www.npr.org/rss/rss.php?id=1012"; channels = [ "#snews" ]; }; - npr_world = { feed ="http://www.npr.org/rss/rss.php?id=1004"; channels = [ "#snews" ]; }; - nsa = { feed ="https://www.nsa.gov/rss.xml"; channels = [ "#snews #bullerei" ]; }; - nytimes = { feed ="http://rss.nytimes.com/services/xml/rss/nyt/World.xml"; channels = [ "#snews" ]; }; - painload = { feed ="https://github.com/krebs/painload/commits/master.atom"; channels = [ "#snews" "#news" ]; }; - phys = { feed ="http://phys.org/rss-feed/"; channels = [ "#snews" ]; }; - piraten = { feed ="https://www.piratenpartei.de/feed/"; channels = [ "#snews" ]; }; - polizei_berlin = { feed ="http://www.berlin.de/polizei/presse-fahndung/_rss_presse.xml"; channels = [ "#snews" ]; }; - presse_polizei = { feed ="http://www.presseportal.de/rss/polizei.rss2"; channels = [ "#snews" ]; }; - presseportal = { feed ="http://www.presseportal.de/rss/presseportal.rss2"; channels = [ "#snews" ]; }; - prisonplanet = { feed ="http://prisonplanet.com/feed.rss"; channels = [ "#snews" ]; }; - rawstory = { feed ="http://www.rawstory.com/rs/feed/"; channels = [ "#snews" ]; }; - reddit_4chan = { feed ="http://www.reddit.com/r/4chan/new/.rss"; channels = [ "#snews" ]; }; - reddit_anticonsum = { feed ="http://www.reddit.com/r/Anticonsumption/new/.rss"; channels = [ "#snews" ]; }; - reddit_btc = { feed ="http://www.reddit.com/r/Bitcoin/new/.rss"; channels = [ "#snews" ]; }; - reddit_consp = { feed ="http://reddit.com/r/conspiracy/.rss"; channels = [ "#snews" ]; }; - reddit_haskell = { feed ="http://www.reddit.com/r/haskell/.rss"; channels = [ "#snews" "#news" ]; }; - reddit_nix = { feed ="http://www.reddit.com/r/nixos/.rss"; channels = [ "#snews" "#news" ]; }; - reddit_prog = { feed ="http://www.reddit.com/r/programming/new/.rss"; channels = [ "#snews" ]; }; - reddit_sci = { feed ="http://www.reddit.com/r/science/.rss"; channels = [ "#snews" ]; }; - reddit_tech = { feed ="http://www.reddit.com/r/technology/.rss"; channels = [ "#snews" ]; }; - reddit_tpp = { feed ="http://www.reddit.com/r/twitchplayspokemon/.rss"; channels = [ "#snews" ]; }; - reddit_world = { feed ="http://www.reddit.com/r/worldnews/.rss"; channels = [ "#snews" ]; }; - r-ethereum = { feed ="http://www.reddit.com/r/ethereum/.rss"; channels = [ "#snews" ]; }; - reuters = { feed ="http://feeds.reuters.com/Reuters/worldNews"; channels = [ "#snews" ]; }; - reuters-odd = { feed ="http://feeds.reuters.com/reuters/oddlyEnoughNews?format=xml"; channels = [ "#snews" ]; }; - rt = { feed ="http://rt.com/rss/news/"; channels = [ "#snews" ]; }; - schallurauch = { feed ="http://feeds.feedburner.com/SchallUndRauch"; channels = [ "#snews" ]; }; - sciencemag = { feed ="http://news.sciencemag.org/rss/current.xml"; channels = [ "#snews" ]; }; - scmp = { feed ="http://www.scmp.com/rss/91/feed"; channels = [ "#snews" ]; }; - sec-db = { feed ="http://feeds.security-database.com/SecurityDatabaseToolsWatch"; channels = [ "#snews" ]; }; - shackspace = { feed ="http://shackspace.de/atom.xml"; channels = [ "#snews" "#news" ]; }; - shz_news = { feed ="http://www.shz.de/nachrichten/newsticker/rss"; channels = [ "#snews" ]; }; - sky_busi = { feed ="http://feeds.skynews.com/feeds/rss/business.xml"; channels = [ "#snews" ]; }; - sky_pol = { feed ="http://feeds.skynews.com/feeds/rss/politics.xml"; channels = [ "#snews" ]; }; - sky_strange = { feed ="http://feeds.skynews.com/feeds/rss/strange.xml"; channels = [ "#snews" ]; }; - sky_tech = { feed ="http://feeds.skynews.com/feeds/rss/technology.xml"; channels = [ "#snews" ]; }; - sky_world = { feed ="http://feeds.skynews.com/feeds/rss/world.xml"; channels = [ "#snews" ]; }; - slashdot = { feed ="http://rss.slashdot.org/Slashdot/slashdot"; channels = [ "#snews" ]; }; - slate = { feed ="http://feeds.slate.com/slate"; channels = [ "#snews" ]; }; - spiegel_eil = { feed ="http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss"; channels = [ "#snews" ]; }; - spiegel_top = { feed ="http://www.spiegel.de/schlagzeilen/tops/index.rss"; channels = [ "#snews" ]; }; - standardmedia_ke = { feed ="http://www.standardmedia.co.ke/rss/headlines.php"; channels = [ "#snews" ]; }; - stern = { feed ="http://www.stern.de/feed/standard/all/"; channels = [ "#snews" ]; }; - stz = { feed ="http://www.stuttgarter-zeitung.de/rss/topthemen.rss.feed"; channels = [ "#snews" ]; }; - sz_politik = { feed ="http://rss.sueddeutsche.de/rss/Politik"; channels = [ "#snews" ]; }; - sz_wirtschaft = { feed ="http://rss.sueddeutsche.de/rss/Wirtschaft"; channels = [ "#snews" ]; }; - sz_wissen = { feed ="http://rss.sueddeutsche.de/rss/Wissen"; channels = [ "#snews" ]; }; - tagesschau = { feed ="http://www.tagesschau.de/newsticker.rdf"; channels = [ "#snews" ]; }; - taz = { feed ="http://taz.de/Themen-des-Tages/!p15;rss/"; channels = [ "#snews" ]; }; - telegraph = { feed ="http://www.telegraph.co.uk/rss.xml"; channels = [ "#snews" ]; }; - telepolis = { feed ="http://www.heise.de/tp/rss/news-atom.xml"; channels = [ "#snews" ]; }; - the_insider = { feed ="http://www.theinsider.org/rss/news/headlines-xml.asp"; channels = [ "#snews" ]; }; - tigsource = { feed ="http://www.tigsource.com/feed/"; channels = [ "#snews" ]; }; - tinc = { feed ="http://tinc-vpn.org/news/index.rss"; channels = [ "#snews" "#news" ]; }; - torr_bits = { feed ="http://feeds.feedburner.com/TorrentfreakBits"; channels = [ "#snews" ]; }; - torrentfreak = { feed ="http://feeds.feedburner.com/Torrentfreak"; channels = [ "#snews" ]; }; - torr_news = { feed ="http://feed.torrentfreak.com/Torrentfreak/"; channels = [ "#snews" ]; }; - travel_warnings = { feed ="http://feeds.travel.state.gov/ca/travelwarnings-alerts"; channels = [ "#snews" ]; }; - un_afr = { feed ="http://www.un.org/apps/news/rss/rss_africa.asp"; channels = [ "#snews" ]; }; - un_am = { feed ="http://www.un.org/apps/news/rss/rss_americas.asp"; channels = [ "#snews" ]; }; - un_eu = { feed ="http://www.un.org/apps/news/rss/rss_europe.asp"; channels = [ "#snews" ]; }; - un_me = { feed ="http://www.un.org/apps/news/rss/rss_mideast.asp"; channels = [ "#snews" ]; }; - un_pac = { feed ="http://www.un.org/apps/news/rss/rss_asiapac.asp"; channels = [ "#snews" ]; }; - un_top = { feed ="http://www.un.org/apps/news/rss/rss_top.asp"; channels = [ "#snews" ]; }; - us_math_society = { feed ="http://www.ams.org/cgi-bin/content/news_items.cgi?rss=1"; channels = [ "#snews" ]; }; - vimperator = { feed ="https://sites.google.com/a/vimperator.org/www/blog/posts.xml"; channels = [ "#snews" "#news" ]; }; - weechat = { feed ="http://dev.weechat.org/feed/atom"; channels = [ "#snews" "#news" ]; }; - xkcd = { feed ="https://xkcd.com/rss.xml"; channels = [ "#snews" "#news" ]; }; - zdnet = { feed ="http://www.zdnet.com/news/rss.xml"; channels = [ "#snews" ]; }; + controller = { + nick = "brockman"; + channels = [ "#all" ]; }; + bots = {}; }; }; + + krebs.reaktor2.news = { + hostname = "localhost"; + port = "6667"; + nick = "brockman-helper"; + plugins = [ + { + plugin = "register"; + config = { + channels = [ + "#all" + "#aluhut" + "#news" + ]; + }; + } + { + plugin = "system"; + config = { + hooks.PRIVMSG = [ + { + activate = "match"; + pattern = "^brockman-helper:\\s*(\\S*)(?:\\s+(.*\\S))?\\s*$"; + command = 1; + arguments = [2]; + commands = { + add-reddit.filename = pkgs.writeDash "add-reddit" '' + set -euf + if [ "$#" -ne 1 ]; then + echo 'usage: brockman-helper: add-reddit $reddit_channel' + exit 1 + fi + reddit_channel=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]') + echo "brockman: add r_$reddit_channel http://rss.r/?action=display&bridge=Telegram&username=$reddit_channel&format=Mrss" + ''; + add-telegram.filename = pkgs.writeDash "add-telegram" '' + set -euf + if [ "$#" -ne 1 ]; then + echo 'usage: brockman-helper: add-telegram $telegram_user' + exit 1 + fi + telegram_user=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]') + echo "brockman: add t_$telegram_user http://rss.r/?action=display&bridge=Telegram&username=$telegram_user&format=Mrss" + ''; + add-youtube.filename = pkgs.writeDash "add-youtube" '' + set -euf + if [ "$#" -ne 1 ]; then + echo 'usage: brockman-helper: add-youtube $nick $channelid' + exit 1 + fi + youtube_nick=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]') + youtube_id=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][1]') + echo "brockman: add yt_$youtube_nick http://rss.r/?action=display&bridge=Youtube&context=By+channel+id&c=$youtube_id&duration_min=&duration_max=&format=Mrss" + ''; + search.filename = pkgs.writeDash "search" '' + set -euf + if [ "$#" -ne 1 ]; then + echo 'usage: brockman-helper: search $searchterm' + exit 1 + fi + searchterm=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]') + ${pkgs.curl}/bin/curl -Ss "https://feedsearch.dev/api/v1/search?url=$searchterm&info=true&favicon=false" | + ${pkgs.jq}/bin/jq '.[].url' + ''; + }; + } + ]; + }; + } + ]; + }; } diff --git a/krebs/2configs/syncthing.nix b/krebs/2configs/syncthing.nix new file mode 100644 index 000000000..31e33ad5e --- /dev/null +++ b/krebs/2configs/syncthing.nix @@ -0,0 +1,15 @@ +{ config, pkgs, ... }: with import <stockholm/lib>; let + mk_peers = mapAttrs (n: v: { id = v.syncthing.id; }); + + all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts; + used_peer_names = unique (flatten (mapAttrsToList (n: v: v.devices) config.services.syncthing.declarative.folders)); + used_peers = filterAttrs (n: v: elem n used_peer_names) all_peers; +in { + services.syncthing = { + enable = true; + configDir = "/var/lib/syncthing"; + declarative = { + devices = mk_peers used_peers; + }; + }; +} diff --git a/krebs/3modules/bindfs.nix b/krebs/3modules/bindfs.nix new file mode 100644 index 000000000..7e3730e86 --- /dev/null +++ b/krebs/3modules/bindfs.nix @@ -0,0 +1,61 @@ +with import <stockholm/lib>; +{ config, pkgs, ... }: +let + cfg = config.krebs.bindfs; +in { + options.krebs.bindfs = mkOption { + type = types.attrsOf (types.submodule ({ config, ... }: { + options = { + target = mkOption { + description = '' + destination where bindfs mounts to. + second positional argument to bindfs. + ''; + default = config._module.args.name; + type = types.absolute-pathname; + }; + source = mkOption { + description = '' + source folder where the mounted directory is originally. + first positional argument to bindfs. + ''; + type = types.absolute-pathname; + }; + options = mkOption { + description = '' + additional arguments to bindfs + ''; + type = types.listOf types.str; + default = []; + }; + clearTarget = mkOption { + description = '' + whether to clear the target folder before mounting + ''; + type = types.bool; + default = false; + }; + }; + })); + default = {}; + }; + + config = mkIf (cfg != {}) { + systemd.services = mapAttrs' (n: mount: let + name = replaceStrings [ "/" ] [ "_" ] n; + in nameValuePair "bindfs-${name}" { + wantedBy = [ "local-fs.target" ]; + path = [ pkgs.coreutils ]; + serviceConfig = { + ExecStartPre = pkgs.writeDash "bindfs-init-${name}" '' + ${optionalString mount.clearTarget '' + rm -rf '${mount.target}' + ''} + mkdir -p '${mount.source}' + mkdir -p '${mount.target}' + ''; + ExecStart = "${pkgs.bindfs}/bin/bindfs -f ${concatStringsSep " " mount.options} ${mount.source} ${mount.target}"; + }; + }) cfg; + }; +} diff --git a/krebs/3modules/brockman.nix b/krebs/3modules/brockman.nix index 21cc14202..32aa3489b 100644 --- a/krebs/3modules/brockman.nix +++ b/krebs/3modules/brockman.nix @@ -1,5 +1,5 @@ -{ pkgs, lib, config, ... }: -with lib; +{ pkgs, config, ... }: +with import <stockholm/lib>; let cfg = config.krebs.brockman; in { @@ -9,7 +9,12 @@ in { }; config = mkIf cfg.enable { - users.extraUsers.brockman.isNormalUser = false; + users.extraUsers.brockman = { + home = "/var/lib/brockman"; + createHome = true; + isNormalUser = false; + uid = genid_uint31 "brockman"; + }; systemd.services.brockman = { description = "RSS to IRC broadcaster"; diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 2a74adac3..e7d04ead8 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -11,6 +11,7 @@ let ./apt-cacher-ng.nix ./backup.nix ./bepasty-server.nix + ./bindfs.nix ./brockman.nix ./buildbot/master.nix ./buildbot/slave.nix @@ -37,7 +38,6 @@ let ./kapacitor.nix |