diff options
Diffstat (limited to 'makefu')
| -rw-r--r-- | makefu/0tests/data/secrets/mediawikibot-config.json | 1 | ||||
| -rw-r--r-- | makefu/1systems/gum/config.nix | 4 | ||||
| -rw-r--r-- | makefu/2configs/nix-community/mediawiki-matrix-bot.nix | 23 | ||||
| -rw-r--r-- | makefu/2configs/nix-community/supervision.nix | 82 | ||||
| -rw-r--r-- | makefu/2configs/tools/dev.nix | 1 | ||||
| -rw-r--r-- | makefu/5pkgs/chitubox/default.nix | 10 | ||||
| -rw-r--r-- | makefu/5pkgs/custom/mediawiki-matrix-bot/default.nix | 22 | ||||
| -rw-r--r-- | makefu/5pkgs/default.nix | 1 |
8 files changed, 138 insertions, 6 deletions
diff --git a/makefu/0tests/data/secrets/mediawikibot-config.json b/makefu/0tests/data/secrets/mediawikibot-config.json new file mode 100644 index 00000000..0967ef42 --- /dev/null +++ b/makefu/0tests/data/secrets/mediawikibot-config.json @@ -0,0 +1 @@ +{} diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 1cfa8e4a..2a1d39c0 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -23,6 +23,8 @@ in { } <stockholm/makefu/2configs/nur.nix> <stockholm/makefu/2configs/support-nixos.nix> + <stockholm/makefu/2configs/nix-community/mediawiki-matrix-bot.nix> + <stockholm/makefu/2configs/nix-community/supervision.nix> <stockholm/makefu/2configs/home-manager> <stockholm/makefu/2configs/home-manager/cli.nix> # <stockholm/makefu/2configs/stats/client.nix> @@ -182,7 +184,7 @@ in { <stockholm/makefu/2configs/virtualisation/libvirt.nix> # krebs infrastructure services - <stockholm/makefu/2configs/stats/server.nix> + # <stockholm/makefu/2configs/stats/server.nix> ]; makefu.dl-dir = "/var/download"; diff --git a/makefu/2configs/nix-community/mediawiki-matrix-bot.nix b/makefu/2configs/nix-community/mediawiki-matrix-bot.nix new file mode 100644 index 00000000..6dff6412 --- /dev/null +++ b/makefu/2configs/nix-community/mediawiki-matrix-bot.nix @@ -0,0 +1,23 @@ +{ pkgs, ... }: +let + seccfg = toString <secrets/mediawikibot-config.json>; + statecfg = "/var/lib/mediawiki-matrix-bot/config.json"; +in { + systemd.services.mediawiki-matrix-bot = { + description = "Mediawiki Matrix Bot"; + after = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Restart = "always"; + RestartSec = "60s"; + DynamicUser = true; + StateDirectory = "mediawiki-matrix-bot"; + PermissionsStartOnly = true; + ExecStartPre = pkgs.writeDash "mediawikibot-copy-config" '' + install -D -m644 ${seccfg} ${statecfg} + ''; + ExecStart = "${pkgs.mediawiki-matrix-bot}/bin/mediawiki-matrix-bot ${statecfg}"; + PrivateTmp = true; + }; + }; +} diff --git a/makefu/2configs/nix-community/supervision.nix b/makefu/2configs/nix-community/supervision.nix new file mode 100644 index 00000000..f648b9c1 --- /dev/null +++ b/makefu/2configs/nix-community/supervision.nix @@ -0,0 +1,82 @@ +{ config, lib, pkgs, ... }: +let + isVM = lib.any (mod: mod == "xen-blkfront" || mod == "virtio_console") config.boot.initrd.kernelModules; + port = "9273"; +in { + + networking.firewall.extraCommands = '' + iptables -A INPUT -i retiolum -p tcp --dport ${port} -j ACCEPT + ''; + + services.telegraf = { + enable = true; + extraConfig = { + agent.interval = "60s"; + inputs = { + prometheus.metric_version = 2; + kernel_vmstat = { }; + smart = lib.mkIf (!isVM) { + path = pkgs.writeShellScript "smartctl" '' + exec /run/wrappers/bin/sudo ${pkgs.smartmontools}/bin/smartctl "$@" + ''; + }; + system = { }; + mem = { }; + file = [{ + data_format = "influx"; + file_tag = "name"; + files = [ "/var/log/telegraf/*" ]; + }] ++ lib.optional (lib.any (fs: fs == "ext4") config.boot.supportedFilesystems) { + name_override = "ext4_errors"; + files = [ "/sys/fs/ext4/*/errors_count" ]; + data_format = "value"; + }; + exec = lib.optionalAttrs (lib.any (fs: fs == "zfs") config.boot.supportedFilesystems) { + ## Commands array + commands = [ + (pkgs.writeScript "zpool-health" '' + #!${pkgs.gawk}/bin/awk -f + BEGIN { + while ("${pkgs.zfs}/bin/zpool status" | getline) { + if ($1 ~ /pool:/) { printf "zpool_status,name=%s ", $2 } + if ($1 ~ /state:/) { printf " state=\"%s\",", $2 } + if ($1 ~ /errors:/) { + if (index($2, "No")) printf "errors=0i\n"; else printf "errors=%di\n", $2 + } + } + } + '') + ]; + data_format = "influx"; + }; + systemd_units = { }; + swap = { }; + disk.tagdrop = { + fstype = [ "tmpfs" "ramfs" "devtmpfs" "devfs" "iso9660" "overlay" "aufs" "squashfs" ]; + device = [ "rpc_pipefs" "lxcfs" "nsfs" "borgfs" ]; + }; + diskio = { }; + }; + outputs.prometheus_client = { + listen = ":${port}"; + metric_version = 2; + }; + }; + }; + + security.sudo.extraRules = lib.mkIf (!isVM) [{ + users = [ "telegraf" ]; + commands = [{ + command = "${pkgs.smartmontools}/bin/smartctl"; + options = [ "NOPASSWD" ]; + }]; + }]; + # avoid logging sudo use + security.sudo.configFile = '' + Defaults:telegraf !syslog,!pam_session + ''; + # create dummy file to avoid telegraf errors + systemd.tmpfiles.rules = [ + "f /var/log/telegraf/dummy 0444 root root - -" + ]; +} diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index ac6d91e8..36f86755 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -33,6 +33,7 @@ cac-api cac-panel krebszones + cyberlocker-tools ovh-zone gen-oath-safe cdrtools diff --git a/makefu/5pkgs/chitubox/default.nix b/makefu/5pkgs/chitubox/default.nix index bea33e64..d0596e70 100644 --- a/makefu/5pkgs/chitubox/default.nix +++ b/makefu/5pkgs/chitubox/default.nix @@ -4,26 +4,26 @@ , libpulseaudio , xlibs , gst_all_1 -, kerberos +, krb5 , alsaLib }: # via https://raw.githubusercontent.com/simon-the-sourcerer-ab/chitubox/main/default.nix stdenv.mkDerivation rec { pname = "chitubox"; - version = "1.8.1"; + version = "1.9.0"; src = builtins.fetchTarball { #url = "https://sac.chitubox.com/software/download.do?softwareId=17839&softwareVersionId=v${version}&fileName=CHITUBOX_V${version}.tar.gz"; url = "https://archive.org/download/chitubox-v-1.8.1.tar/CHITUBOX_V${version}.tar.gz"; - sha256 = "08fh8w7s5qvlx6bhdg24g81a7zprq7n8m27w2vdv0cd8j0wixbsx"; + sha256 = "1ywcizxdkwlhi8z3jshl3b6ha8iwibssxh8fk7s32h3z8vl8zcl7"; }; nativeBuildInputs = [ autoPatchelfHook ]; buildInputs = with xlibs; [ stdenv.cc.cc.lib libglvnd libgcrypt zlib glib fontconfig freetype libdrm - libxkbcommon libpulseaudio kerberos alsaLib + libxkbcommon libpulseaudio alsaLib xcbutilwm xcbutilimage xcbutilrenderutil xcbutilkeysyms - gst_all_1.gst-plugins-base gst_all_1.gstreamer + gst_all_1.gst-plugins-base gst_all_1.gstreamer krb5 ]; buildPhase = '' diff --git a/makefu/5pkgs/custom/mediawiki-matrix-bot/default.nix b/makefu/5pkgs/custom/mediawiki-matrix-bot/default.nix new file mode 100644 index 00000000..4a91a916 --- /dev/null +++ b/makefu/5pkgs/custom/mediawiki-matrix-bot/default.nix @@ -0,0 +1,22 @@ +{ buildPythonApplication, fetchFromGitHub, feedparser, matrix-nio, docopt, aiohttp, aiofiles, +mypy }: + +buildPythonApplication rec { + pname = "mediawiki-matrix-bot"; + version = "1.0.0"; + src = fetchFromGitHub { + owner = "nix-community"; + repo = "mediawiki-matrix-bot"; + rev = "v${version}"; + sha256 = "1923097j1xh34jmm0zhmvma614jcxaagj89c1fc1j2qyv14ybsvs"; + }; + propagatedBuildInputs = [ + feedparser matrix-nio docopt aiohttp aiofiles + ]; + nativeBuildInputs = [ + mypy + ]; + checkPhase = '' + mypy --strict mediawiki_matrix_bot + ''; +} diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 756734b6..2d54455e 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -41,6 +41,7 @@ in { inherit (callPackage ./devpi {}) devpi-web ; nodemcu-uploader = super.pkgs.callPackage ./nodemcu-uploader {}; liveproxy = super.pkgs.python3Packages.callPackage ./custom/liveproxy {}; + mediawiki-matrix-bot = super.pkgs.python3Packages.callPackage ./custom/mediawiki-matrix-bot {}; hydra-check = super.pkgs.python3Packages.callPackage ./custom/hydra-check {}; pwqgen-ger = super.pkgs.passwdqc-utils.override { wordset-file = super.pkgs.fetchurl { |