From ec93824f05c8f89e738831c2c059e934cbffafb8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 15 Jun 2019 00:53:35 +0200 Subject: external: add rilke.w --- krebs/3modules/external/default.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 080c259aa..beff63dfa 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -241,6 +241,13 @@ in { }; }; }; + rilke = { + owner = config.krebs.users.kmein; + nets.wiregrill = { + aliases = [ "rilke.w" ]; + wireguard.pubkey = "09yVPHL/ucvqc6V5n7vFQ2Oi1LBMdwQZDL+7jBwy+iQ="; + }; + }; rock = { owner = config.krebs.users.Mic92; nets = { @@ -493,4 +500,3 @@ in { }; }; } - -- cgit v1.2.3 From 3fa17455eff14e2f6c6bf4fef06c776a94014938 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 15 Jun 2019 12:20:18 +0200 Subject: nixpkgs: e2883c3 -> 1601f55 --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 340b926ce..d294ca6d1 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "e2883c31628ea0f3e00f899062327468a20d1aa1", - "date": "2019-05-27T17:09:30-04:00", - "sha256": "1xrpd8ykr8g3h4b33z69vngh6hfayi51jajbnfm6phhpwgd6mmld", + "rev": "1601f559e89ba71091faa26888711d4dd24c2d4d", + "date": "2019-06-14T16:14:30-04:00", + "sha256": "0iayyz9617mz6424spwbi9qvmcl8hiql42czxg8mi4ycq4p1k0dx", "fetchSubmodules": false } -- cgit v1.2.3 From ff283af7b255418e2ca75bc54dadaf354d3a4dd7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 15 Jun 2019 18:24:06 +0200 Subject: external: add wilde.r (kmein) --- krebs/3modules/external/default.nix | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index bdbfd1cb8..ac656f463 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -43,6 +43,31 @@ in { }; }; }; + wilde = { + owner = config.krebs.users.kmein; + nets = { + retiolum = { + ip4.addr = "10.243.2.4"; + aliases = [ "wilde.r" ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtz/MY5OSxJqrEMv6Iwjk + g/V58MATljj+2bmOuOuPui/AUYHEZX759lHW4MgLjYdNbZEoVq8UgkxNk0KPGlSg + 2lsJ7FneCU7jBSE2iLT1aHuNFFa56KzSThFUl6Nj6Vyg5ghSmDF2tikurtG2q+Ay + uxf5/yEhFUPc1ZxmvJDqVHMeW5RZkuKXH00C7yN+gdcPuuFEFq+OtHNkBVmaxu7L + a8Q6b/QbrwQJAR9FAcm5WSQIj2brv50qnD8pZrU4loVu8dseQIicWkRowC0bzjAo + IHZTbF/S+CK0u0/q395sWRQJISkD+WAZKz5qOGHc4djJHBR3PWgHWBnRdkYqlQYM + C9zA/n4I+Y2BEfTWtgkD2g0dDssNGP5dlgFScGmRclR9pJ/7dsIbIeo9C72c6q3q + sg0EIWggQ8xyWrUTXIMoDXt37htlTSnTgjGsuwRzjotAEMJmgynWRf3br3yYChrq + 10Exq8Lej+iOuKbdAXlwjKEk0qwN7JWft3OzVc2DMtKf7rcZQkBoLfWKzaCTQ4xo + 1Y7d4OlcjbgrkLwHltTaShyosm8kbttdeinyBG1xqQcK11pMO43GFj8om+uKrz57 + lQUVipu6H3WIVGnvLmr0e9MQfThpC1em/7Aq2exn1JNUHhCdEho/mK2x/doiiI+0 + QAD64zPmuo9wsHnSMR2oKs0CAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; dpdkm = { owner = config.krebs.users.Mic92; nets = rec { -- cgit v1.2.3 From 3dd3da513c7b28a44a12a86fc8d380f684088aad Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 19 Jun 2019 11:36:55 +0200 Subject: nixpkgs: 1601f55 -> f01ed7b --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index d294ca6d1..53340de9e 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "1601f559e89ba71091faa26888711d4dd24c2d4d", - "date": "2019-06-14T16:14:30-04:00", - "sha256": "0iayyz9617mz6424spwbi9qvmcl8hiql42czxg8mi4ycq4p1k0dx", + "rev": "f01ed7b38aaa1d5e52951ecf92d06b600eb9e3c8", + "date": "2019-06-18T11:50:10+02:00", + "sha256": "0pnnzss0pig7xh9x9jyyphrnir7smln71ig3h6asv2y3jl6xs9p6", "fetchSubmodules": false } -- cgit v1.2.3 From ad7800ecce810ff4b2e4b300509e628195444274 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 19 Jun 2019 15:22:37 +0200 Subject: nixpkgs: f01ed7b -> d77e3bd --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 53340de9e..4118a1dd6 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "f01ed7b38aaa1d5e52951ecf92d06b600eb9e3c8", - "date": "2019-06-18T11:50:10+02:00", - "sha256": "0pnnzss0pig7xh9x9jyyphrnir7smln71ig3h6asv2y3jl6xs9p6", + "rev": "d77e3bd661354ea775a8cacc97bb59ddde513c09", + "date": "2019-06-18T23:08:17+02:00", + "sha256": "1m82zs00n6nc0pkdpmd9amm013qxwksjfhzcm6gck3p469q7n866", "fetchSubmodules": false } -- cgit v1.2.3 From 153505206cba1896685bf1fd7252cffeae19e290 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 28 Apr 2019 14:35:10 +0200 Subject: krops: 1.11.1 -> 1.14.0 --- submodules/krops | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/submodules/krops b/submodules/krops index 5b8fb8dc0..ee41207df 160000 --- a/submodules/krops +++ b/submodules/krops @@ -1 +1 @@ -Subproject commit 5b8fb8dc0ee14672d7fd533bd98635b8725dbb29 +Subproject commit ee41207df1ce718e0b154ed8047384118a0133a4 -- cgit v1.2.3 From 43141c67fdafed29b1f6e40b9a77f4efb5302a07 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 21 Jun 2019 23:56:07 +0200 Subject: syncthing folders: add ignoreDelete option --- krebs/3modules/syncthing.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix index 897ba1e7f..3ec0fe09d 100644 --- a/krebs/3modules/syncthing.nix +++ b/krebs/3modules/syncthing.nix @@ -16,6 +16,7 @@ let rescanIntervalS = folder.rescanInterval; fsWatcherEnabled = folder.watch; fsWatcherDelayS = folder.watchDelay; + ignoreDelete = folder.ignoreDelete; ignorePerms = folder.ignorePerms; }) cfg.folders; @@ -120,6 +121,11 @@ in default = 10; }; + ignoreDelete = mkOption { + type = types.bool; + default = false; + }; + ignorePerms = mkOption { type = types.bool; default = true; -- cgit v1.2.3 From f76f819cd7ea3345d9e40778a83209a7adb831b7 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 22 Jun 2019 02:10:29 +0200 Subject: syncthing: alias config.services.syncthing --- krebs/3modules/syncthing.nix | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix index 3ec0fe09d..23d05b7d4 100644 --- a/krebs/3modules/syncthing.nix +++ b/krebs/3modules/syncthing.nix @@ -2,28 +2,29 @@ let - cfg = config.krebs.syncthing; + kcfg = config.krebs.syncthing; + scfg = config.services.syncthing; devices = mapAttrsToList (name: peer: { name = name; deviceID = peer.id; addresses = peer.addresses; - }) cfg.peers; + }) kcfg.peers; folders = mapAttrsToList ( _: folder: { inherit (folder) path id type; - devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers; + devices = map (peer: { deviceId = kcfg.peers.${peer}.id; }) folder.peers; rescanIntervalS = folder.rescanInterval; fsWatcherEnabled = folder.watch; fsWatcherDelayS = folder.watchDelay; ignoreDelete = folder.ignoreDelete; ignorePerms = folder.ignorePerms; - }) cfg.folders; + }) kcfg.folders; getApiKey = pkgs.writeDash "getAPIKey" '' ${pkgs.libxml2}/bin/xmllint \ --xpath 'string(configuration/gui/apikey)'\ - ${config.services.syncthing.dataDir}/config.xml + ${scfg.dataDir}/config.xml ''; updateConfig = pkgs.writeDash "merge-syncthing-config" '' @@ -136,19 +137,19 @@ in }; }; - config = (mkIf cfg.enable) { + config = mkIf kcfg.enable { - systemd.services.syncthing = mkIf (cfg.cert != null || cfg.key != null) { + systemd.services.syncthing = mkIf (kcfg.cert != null || kcfg.key != null) { preStart = '' - ${optionalString (cfg.cert != null) '' - cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem - chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/cert.pem - chmod 400 ${config.services.syncthing.dataDir}/cert.pem + ${optionalString (kcfg.cert != null) '' + cp ${toString kcfg.cert} ${scfg.dataDir}/cert.pem + chown ${scfg.user}:${scfg.group} ${scfg.dataDir}/cert.pem + chmod 400 ${scfg.dataDir}/cert.pem ''} - ${optionalString (cfg.key != null) '' - cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem - chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/key.pem - chmod 400 ${config.services.syncthing.dataDir}/key.pem + ${optionalString (kcfg.key != null) '' + cp ${toString kcfg.key} ${scfg.dataDir}/key.pem + chown ${scfg.user}:${scfg.group} ${scfg.dataDir}/key.pem + chmod 400 ${scfg.dataDir}/key.pem ''} ''; }; @@ -158,7 +159,7 @@ in wantedBy = [ "multi-user.target" ]; serviceConfig = { - User = config.services.syncthing.user; + User = scfg.user; RemainAfterExit = true; Type = "oneshot"; ExecStart = updateConfig; -- cgit v1.2.3 From f63aa737e6c8c693b67af930a8d7286ad60ce942 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 22 Jun 2019 01:36:50 +0200 Subject: syncthing: get GUI address from config --- krebs/3modules/syncthing.nix | 35 ++++++++++++++++++++++++++++------- 1 file changed, 28 insertions(+), 7 deletions(-) diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix index 23d05b7d4..f653f7fa5 100644 --- a/krebs/3modules/syncthing.nix +++ b/krebs/3modules/syncthing.nix @@ -29,15 +29,36 @@ let updateConfig = pkgs.writeDash "merge-syncthing-config" '' set -efu + + # XXX this assumes the GUI address to be "IPv4 address and port" + host=${shell.escape (elemAt (splitString ":" scfg.guiAddress) 0)} + port=${shell.escape (elemAt (splitString ":" scfg.guiAddress) 1)} + # wait for service to restart - ${pkgs.untilport}/bin/untilport localhost 8384 + ${pkgs.untilport}/bin/untilport "$host" "$port" + API_KEY=$(${getApiKey}) - CFG=$(${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config) - echo "$CFG" | ${pkgs.jq}/bin/jq -s '.[] * { - "devices": ${builtins.toJSON devices}, - "folders": ${builtins.toJSON folders} - }' | ${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config -d @- - ${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/restart -X POST + + _curl() { + ${pkgs.curl}/bin/curl \ + -Ss \ + -H "X-API-Key: $API_KEY" \ + "http://$host:$port/rest""$@" + } + + old_config=$(_curl /system/config) + patch=${shell.escape (toJSON { + inherit devices folders; + })} + new_config=$(${pkgs.jq}/bin/jq -en \ + --argjson old_config "$old_config" \ + --argjson patch "$patch" \ + ' + $old_config * $patch + ' + ) + echo $new_config | _curl /system/config -d @- + _curl /system/restart -X POST ''; in -- cgit v1.2.3 From 167176b41790541bd6a03f0ba1358b3d70a0531f Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 22 Jun 2019 12:43:32 +0200 Subject: exim-retiolum module: drop api and imp --- krebs/3modules/exim-retiolum.nix | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix index e08024977..bf37a1ef7 100644 --- a/krebs/3modules/exim-retiolum.nix +++ b/krebs/3modules/exim-retiolum.nix @@ -1,15 +1,8 @@ -{ config, pkgs, lib, ... }: - with import ; -let +{ config, pkgs, lib, ... }: let cfg = config.krebs.exim-retiolum; - - out = { - options.krebs.exim-retiolum = api; - config = lib.mkIf cfg.enable imp; - }; - - api = { +in { + options.krebs.exim-retiolum = { enable = mkEnableOption "krebs.exim-retiolum"; local_domains = mkOption { type = with types; listOf hostname; @@ -29,8 +22,7 @@ let ]; }; }; - - imp = { + config = lib.mkIf cfg.enable { krebs.exim = { enable = true; config = @@ -118,4 +110,4 @@ let ''; }; }; -in out +} -- cgit v1.2.3 From aca9d77a733b2e30c68d95eb804ee143d45aa60f Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 22 Jun 2019 12:52:36 +0200 Subject: tv vim nix: add nested exim --- tv/5pkgs/vim/nix.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/5pkgs/vim/nix.nix b/tv/5pkgs/vim/nix.nix index a58a45b2d..747ab0bc0 100644 --- a/tv/5pkgs/vim/nix.nix +++ b/tv/5pkgs/vim/nix.nix @@ -130,6 +130,7 @@ with import ; c = {}; cabal = {}; diff = {}; + exim = {}; haskell = {}; jq.extraStart = alts [ (writer "Jq") -- cgit v1.2.3 From 3d4d39eecc86b9b67c74ec3c9997099c3f243970 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 22 Jun 2019 12:55:16 +0200 Subject: exim modules: mark nested syntax --- krebs/3modules/exim-retiolum.nix | 2 +- krebs/3modules/exim-smarthost.nix | 6 +++--- krebs/3modules/exim.nix | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix index bf37a1ef7..dbd98d059 100644 --- a/krebs/3modules/exim-retiolum.nix +++ b/krebs/3modules/exim-retiolum.nix @@ -29,7 +29,7 @@ in { # This configuration makes only sense for retiolum-enabled hosts. # TODO modular configuration assert config.krebs.tinc.retiolum.enable; - '' + /* exim */ '' keep_environment = primary_hostname = ${cfg.primary_hostname} diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index 5f93ae937..e988fb563 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -121,7 +121,7 @@ let }; krebs.exim = { enable = true; - config = '' + config = /* exim */ '' keep_environment = primary_hostname = ${cfg.primary_hostname} @@ -233,7 +233,7 @@ let remote_smtp: driver = smtp - ${optionalString (cfg.dkim != []) (indent '' + ${optionalString (cfg.dkim != []) (indent /* exim */ '' dkim_canon = relaxed dkim_domain = $sender_address_domain dkim_private_key = ''${lookup{$sender_address_domain}lsearch{${lsearch.dkim_private_key}}} @@ -262,7 +262,7 @@ let begin rewrite begin authenticators - ${concatStringsSep "\n" (mapAttrsToList (name: text: '' + ${concatStringsSep "\n" (mapAttrsToList (name: text: /* exim */ '' ${name}: ${indent text} '') cfg.authenticators)} diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix index cfcbbc438..83d88cb0d 100644 --- a/krebs/3modules/exim.nix +++ b/krebs/3modules/exim.nix @@ -37,7 +37,7 @@ in { }; config = lib.mkIf cfg.enable { environment = { - etc."exim.conf".source = pkgs.writeEximConfig "exim.conf" '' + etc."exim.conf".source = pkgs.writeEximConfig "exim.conf" /* exim */ '' exim_user = ${cfg.user.name} exim_group = ${cfg.group.name} exim_path = /run/wrappers/bin/exim -- cgit v1.2.3 From bd12c487c31b448b87e37efbae74953df689e7f4 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 23 Jun 2019 21:06:48 +0200 Subject: exim-retiolum module: integrate rspamd --- krebs/3modules/exim-retiolum.nix | 47 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix index dbd98d059..854fdd70e 100644 --- a/krebs/3modules/exim-retiolum.nix +++ b/krebs/3modules/exim-retiolum.nix @@ -21,7 +21,32 @@ in { "*.r" ]; }; + rspamd = { + enable = mkEnableOption "krebs.exim-retiolum.rspamd" // { + default = false; + }; + local_networks = mkOption { + type = types.listOf types.cidr; + default = [ + config.krebs.build.host.nets.retiolum.ip4.prefix + config.krebs.build.host.nets.retiolum.ip6.prefix + ]; + }; + }; }; + imports = [ + { + config = lib.mkIf cfg.rspamd.enable { + services.rspamd.enable = true; + services.rspamd.locals."options.inc".text = '' + local_networks = ${toJSON cfg.rspamd.local_networks}; + ''; + users.users.${config.krebs.exim.user.name}.extraGroups = [ + config.services.rspamd.group + ]; + }; + } + ]; config = lib.mkIf cfg.enable { krebs.exim = { enable = true; @@ -36,6 +61,10 @@ in { domainlist local_domains = ${concatStringsSep ":" cfg.local_domains} domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains} + ${optionalString cfg.rspamd.enable /* exim */ '' + spamd_address = /run/rspamd/rspamd.sock variant=rspamd + ''} + acl_smtp_rcpt = acl_check_rcpt acl_smtp_data = acl_check_data @@ -64,6 +93,24 @@ in { acl_check_data: + ${optionalString cfg.rspamd.enable /* exim */ '' + accept condition = ''${if eq{$interface_port}{587}} + + warn remove_header = ${concatStringsSep " : " [ + "x-spam" + "x-spam-report" + "x-spam-score" + ]} + + warn + spam = nobody:true + + warn + condition = ''${if !eq{$spam_action}{no action}} + add_header = X-Spam: Yes + add_header = X-Spam-Report: $spam_report + add_header = X-Spam-Score: $spam_score + ''} accept -- cgit v1.2.3 From 3d639bcf8787c35f34d6e6add4a03f67a2435a52 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 23 Jun 2019 21:18:58 +0200 Subject: tv exim-retiolum: enable rspamd at nomic --- tv/2configs/exim-retiolum.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/2configs/exim-retiolum.nix b/tv/2configs/exim-retiolum.nix index 8b34b16cf..3d4ada46b 100644 --- a/tv/2configs/exim-retiolum.nix +++ b/tv/2configs/exim-retiolum.nix @@ -7,5 +7,6 @@ with import ; pkgs.eximlog ]; krebs.exim-retiolum.enable = true; + krebs.exim-retiolum.rspamd.enable = config.krebs.build.host.name == "nomic"; tv.iptables.input-retiolum-accept-tcp = singleton "smtp"; } -- cgit v1.2.3 From 8a48f8dd6802c3239d433d381228e86fc2781e29 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 24 Jun 2019 03:15:34 +0200 Subject: exim-retiolum module: replace UCL by "JSON" --- krebs/3modules/exim-retiolum.nix | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix index 854fdd70e..89a05c8fc 100644 --- a/krebs/3modules/exim-retiolum.nix +++ b/krebs/3modules/exim-retiolum.nix @@ -1,6 +1,15 @@ with import ; { config, pkgs, lib, ... }: let cfg = config.krebs.exim-retiolum; + + # Due to improvements to the JSON notation, braces around top-level objects + # are not necessary^Wsupported by rspamd's parser when including files: + # https://github.com/rspamd/rspamd/issues/2674 + toMostlyJSON = value: + assert typeOf value == "set"; + (s: substring 1 (stringLength s - 2) s) + (toJSON value); + in { options.krebs.exim-retiolum = { enable = mkEnableOption "krebs.exim-retiolum"; @@ -25,12 +34,16 @@ in { enable = mkEnableOption "krebs.exim-retiolum.rspamd" // { default = false; }; - local_networks = mkOption { - type = types.listOf types.cidr; - default = [ - config.krebs.build.host.nets.retiolum.ip4.prefix - config.krebs.build.host.nets.retiolum.ip6.prefix - ]; + locals = { + options = { + local_networks = mkOption { + type = types.listOf types.cidr; + default = [ + config.krebs.build.host.nets.retiolum.ip4.prefix + config.krebs.build.host.nets.retiolum.ip6.prefix + ]; + }; + }; }; }; }; @@ -38,9 +51,12 @@ in { { config = lib.mkIf cfg.rspamd.enable { services.rspamd.enable = true; - services.rspamd.locals."options.inc".text = '' - local_networks = ${toJSON cfg.rspamd.local_networks}; - ''; + services.rspamd.locals = + mapAttrs' + (name: value: nameValuePair "${name}.inc" { + text = toMostlyJSON value; + }) + cfg.rspamd.locals; users.users.${config.krebs.exim.user.name}.extraGroups = [ config.services.rspamd.group ]; -- cgit v1.2.3 From d343910e98736a94431fcac3da21274d2ecec449 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 24 Jun 2019 03:16:02 +0200 Subject: exim-retiolum module: optionalize rspamd log level --- krebs/3modules/exim-retiolum.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix index 89a05c8fc..118a8b2d5 100644 --- a/krebs/3modules/exim-retiolum.nix +++ b/krebs/3modules/exim-retiolum.nix @@ -35,6 +35,19 @@ in { default = false; }; locals = { + logging = { + level = mkOption { + type = types.enum [ + "error" + "warning" + "notice" + "info" + "debug" + "silent" + ]; + default = "notice"; + }; + }; options = { local_networks = mkOption { type = types.listOf types.cidr; -- cgit v1.2.3 From b951f7a50ba93cda19787540b8cb8008d64e6b82 Mon Sep 17 00:00:00 2001 From: zx9w Date: Tue, 25 Jun 2019 17:34:55 +0000 Subject: external: Added uppreisn to the VPN (Ilmu) --- krebs/3modules/external/default.nix | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index ac656f463..17fe941f4 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -411,6 +411,31 @@ in { }; }; }; + uppreisn = { + owner = config.krebs.users.ilmu; + nets = { + retiolum = { + ip4.addr = "10.243.42.313"; + aliases = [ "ilmu.r" ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAweAz7KtgYVuAfqP7Zoax + BrQ++qig30Aabnou5C62bYIf1Fn8Z9RbDROTmkGeF7No7mZ7wH0hNpRXo1N/sLNt + gr4bX7fXAvQ3NeeoMmM6VcC+pExnE4NMMnu0Dm3Z/WcQkCsJukkcvpC1gWkjPXea + gn3ODl2wbKMiRBhQDA2Ro0zDQ+gAIsgtS9fDA85Rb0AToLwifHHavz81SXF+9piv + qIl3rJZVBo1kOiolv5BCh4/O+R5boiFfPGAiqEcob0cTcmSCXaMqis8UNorlm08j + ytNG7kazeRQb9olJ/ovCA1b+6iAZ4251twuQkHfNdfC3VM32jbGq7skMyhX3qN/b + WoHHeBZR8eH5MpTTIODI+r4cLswAJqlCk816bGMmg6MuZutTlQCRTy1S/wXY/8ei + STAZ1IZH6dnwCJ9HXgMC6hcYuOs/KmvSdaa7F+yTEq83IAASewbRgn/YHsMksftI + d8db17rEOT5uC1jOGKF98d7e30MX5saTJZLB6XmNDsql/lFoooGzTz/L80JUYiJ0 + fQFADznZpA+NE+teOH9aXsucDQkX6BOPSO4XKXV86RIejHUSEx5WdaqGOUfmhFUo + 9hZhr0qiiKNlXlP8noM9n+hPNKNkOlctQcpnatgdU3uQMtITPyKSLMUDoQIJlSgq + lak5LCqzwU9qa9EQSU4nLZ0CAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; inspector = { owner = config.krebs.users.Mic92; nets = rec { -- cgit v1.2.3 From a60cb265359e5055e83d6d65a5f6fcd73fb9454b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 25 Jun 2019 20:42:11 +0200 Subject: uppreisn fixup --- krebs/3modules/external/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 17fe941f4..1f39f93cc 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -415,7 +415,7 @@ in { owner = config.krebs.users.ilmu; nets = { retiolum = { - ip4.addr = "10.243.42.313"; + ip4.addr = "10.243.42.13"; aliases = [ "ilmu.r" ]; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- -- cgit v1.2.3 From 0820daacaaf47d040307e62161e50204c783b6da Mon Sep 17 00:00:00 2001 From: zx9w Date: Tue, 25 Jun 2019 17:36:51 +0000 Subject: external: Put Matchbox and Inspector in alphabetic order --- krebs/3modules/external/default.nix | 106 ++++++++++++++++++------------------ 1 file changed, 53 insertions(+), 53 deletions(-) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 1f39f93cc..d734e38ad 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -229,6 +229,35 @@ in { }; }; }; + inspector = { + owner = config.krebs.users.Mic92; + nets = rec { + internet = { + ip4.addr = "141.76.44.154"; + aliases = [ "inspector.i" ]; + }; + retiolum = { + via = internet; + ip4.addr = "10.243.29.172"; + aliases = [ "inspector.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG + EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ + 7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF + m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw + WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd + eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03 + OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau + ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x + B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG + q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj + 7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; justraute = { owner = config.krebs.users.raute; # laptop nets = { @@ -241,6 +270,30 @@ in { }; }; }; + matchbox = { + owner = config.krebs.users.Mic92; + nets = { + retiolum = { + ip4.addr = "10.243.29.176"; + aliases = [ "matchbox.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAqwB9pzV889vpMp/am+T0sfm5qO/wAWS/tv0auYK3Zyx3ChxrQX2m + VrxO5a/bjR/g1fi/t2kJIV/6tsVSRHfzKuKHprE2KxeNOmwUuSjjiM4CboASMR+w + nra6U0Ldf5vBxtEj5bj384QxwxxVLhSw8NbE43FCM07swSvAT8Y/ZmGUd738674u + TNC6zM6zwLvN0dxCDLuD5bwUq7y73JNQTm2YXv1Hfw3T8XqJK/Xson2Atv2Y5ZbE + TA0RaH3PoEkhkVeJG/EuUIJhvmunS5bBjFSiOiUZ8oEOSjo9nHUMD0u+x1BZIg/1 + yy5B5iB4YSGPAtjMJhwD/LRIoI8msWpdVCCnA+FlKCKAsgC7JbJgcOUtK9eDFdbO + 4FyzdUJbK+4PDguraPGzIX7p+K3SY8bbyo3SSp5rEb+CEWtFf26oJm7eBhDBT6K4 + Ofmzp0GjFbS8qkqEGCQcfi4cAsXMVCn4AJ6CKs89y19pLZ42fUtWg7WgUZA7GWV/ + bPE2RSBMUkGb0ovgoe7Z7NXsL3AST8EQEy+3lAEyUrPFLiwoeGJZmfTDTy1VBFI4 + nCShp7V+MSmz4DnLK1HLksLVLmGyZmouGsLjYUnEa414EI6NJF3bfEO2ZRGaswyR + /vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; qubasa = { owner = config.krebs.users.qubasa; nets = { @@ -436,59 +489,6 @@ in { }; }; }; - inspector = { - owner = config.krebs.users.Mic92; - nets = rec { - internet = { - ip4.addr = "141.76.44.154"; - aliases = [ "inspector.i" ]; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.29.172"; - aliases = [ "inspector.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG - EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ - 7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF - m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw - WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd - eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03 - OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau - ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x - B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG - q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj - 7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - matchbox = { - owner = config.krebs.users.Mic92; - nets = { - retiolum = { - ip4.addr = "10.243.29.176"; - aliases = [ "matchbox.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAqwB9pzV889vpMp/am+T0sfm5qO/wAWS/tv0auYK3Zyx3ChxrQX2m - VrxO5a/bjR/g1fi/t2kJIV/6tsVSRHfzKuKHprE2KxeNOmwUuSjjiM4CboASMR+w - nra6U0Ldf5vBxtEj5bj384QxwxxVLhSw8NbE43FCM07swSvAT8Y/ZmGUd738674u - TNC6zM6zwLvN0dxCDLuD5bwUq7y73JNQTm2YXv1Hfw3T8XqJK/Xson2Atv2Y5ZbE - TA0RaH3PoEkhkVeJG/EuUIJhvmunS5bBjFSiOiUZ8oEOSjo9nHUMD0u+x1BZIg/1 - yy5B5iB4YSGPAtjMJhwD/LRIoI8msWpdVCCnA+FlKCKAsgC7JbJgcOUtK9eDFdbO - 4FyzdUJbK+4PDguraPGzIX7p+K3SY8bbyo3SSp5rEb+CEWtFf26oJm7eBhDBT6K4 - Ofmzp0GjFbS8qkqEGCQcfi4cAsXMVCn4AJ6CKs89y19pLZ42fUtWg7WgUZA7GWV/ - bPE2RSBMUkGb0ovgoe7Z7NXsL3AST8EQEy+3lAEyUrPFLiwoeGJZmfTDTy1VBFI4 - nCShp7V+MSmz4DnLK1HLksLVLmGyZmouGsLjYUnEa414EI6NJF3bfEO2ZRGaswyR - /vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; miaoski = { owner = config.krebs.users.miaoski; nets = { -- cgit v1.2.3 From f58c0e336659fc85f16dc0852dfd051e593ec2c5 Mon Sep 17 00:00:00 2001 From: zx9w Date: Tue, 25 Jun 2019 17:37:56 +0000 Subject: external: Added user ilmu, and email. --- krebs/3modules/external/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index d734e38ad..7e8b2e745 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -520,6 +520,9 @@ in { mail = "dickbutt@excogitation.de"; pubkey = ssh-for "exco"; }; + ilmu = { + mail = "ilmu@rishi.is"; + }; jan = { mail = "jan.heidbrink@posteo.de"; }; -- cgit v1.2.3 From 1d23dceb5d2c536790a00fcde30743b958f1018f Mon Sep 17 00:00:00 2001 From: name Date: Tue, 25 Jun 2019 20:46:28 +0200 Subject: external: Add pie --- krebs/3modules/external/default.nix | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 7e8b2e745..1720811d9 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -489,6 +489,31 @@ in { }; }; }; + unnamed = { + owner = config.krebs.users.pie_; + nets = { + retiolum = { + ip4.addr = "10.243.3.14"; + aliases = [ "unnamed.r" ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvGXVl+WV/bDxFAnYnAhZ + 2rHCU5dqtBvSg0sywV1j++lEuELBx4Zq14qyjDRGkkIGdgzCZBLK2cCgxPJ3MRFx + ZwiO3jPscTu3I7zju7ULO/LqGQG+Yf86estfGh394zFJ2rnFSwegeMNqCpOaurOH + GuYtNdjkxn/2wj00s+JEJjCNRMg8bkTMT3czuTr2k+6ICI8SgLZMDH7TjRfePHEW + X9/v4O3kMSZccT/wZWmezXuYlO7CJs7f4VV98z+sgubmIZz3uLfQFY8y9gmGp46y + 5n5QyD0iIqkLNGIldNnToVJPToRaW5OdNKtZFayU4pWZ296sEcJI0NWLYqy7yZfD + PG2FlCQmebUxMYk+iK0cYRLFzOgnr14uXihXxhuHYJ8R1VIbWuto1YFGUv5J/Jct + 3vgjwOlHwZKC9FTqnRjgp58QtnKneXGNZ446eKHUCmSRDKl8fc/m9ePHrISnGROY + gXMieAmOZtsQIxwRpBGCLjrr3sx8RRNY8ROycqPaQWp3upp61jAvvQW3SIvkp1+M + jGvfebJOSkEZurwGcWUar9w9t/oDfsV+R9Nm9n2IkdkNlnvXD1rcj7KqbFPtGf1a + MmB3AmwyIVv9Rk1Vpjkz4EtL4kPqiuhPrf1bHQhAdcwqwFGyo8HXsoMedb3Irhwm + OxwCRYLtEweku7HLhUVTnDkCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; miaoski = { owner = config.krebs.users.miaoski; nets = { @@ -555,5 +580,6 @@ in { }; filly = { }; + pie_ = {}; }; } -- cgit v1.2.3