From 77d17636b1e0e46b1c7712fa543be20c51946add Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 4 Jan 2022 21:31:21 +0100 Subject: tv bu: init --- krebs/3modules/tv/default.nix | 26 ++++++++++++++++++++++++++ tv/1systems/bu/config.nix | 40 ++++++++++++++++++++++++++++++++++++++++ tv/1systems/bu/disks.nix | 15 +++++++++++++++ 3 files changed, 81 insertions(+) create mode 100644 tv/1systems/bu/config.nix create mode 100644 tv/1systems/bu/disks.nix diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 8d48c2a4..4e40561c 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -82,6 +82,32 @@ in { ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsqDuhGJpjpqNv4QmjoOhcODObrPyY3GHLvtVkgXV0g root@au"; }; + bu = { + ci = true; + cores = 4; + nets = { + retiolum = { + ip4.addr = "10.243.13.36"; + aliases = [ + "bu.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAxjAvT1sfHPWExhWRoXG+NJbYUmf5q4yfpfBRvb232LC9sLn4Z2wb + hxKreR5/j9a/2hRIlCz4IwKftl5vroG9Vy4e7zZIz6QvN4TqED8dUjJ1ubhtj47l + jjHW4cHLUWsaqqu6TAuPH26qPSxm9VrD6rZIX9RmQ1bWIaonVB3Q+XnDfPlISw6M + gbQXz4tOsOnC+y/6C3VPUo0nqC+PuA/kyRq/ivVutKd0dTSY8LmCDNla6AEVD5dG + sIqPWX5h8fjqU7G3oOMvMsBrCkvRRB0F0dQzGo8EXwCDJxa+xOuk5n1GYJ2lqeM/ + st7KIxmLvO5AE7cUxdLlDj4EzVLSDoAqOwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "/MXEuv96HlrpHBto8KP2S6Ztiahhi3H7AevmbYS+xqE"; + }; + }; + secure = true; + ssh.privkey.path = config.krebs.secret.file "ssh.id_rsa"; + ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1Y13PvTn+9VjQbgy2ZmpAEFXyYaroYP/5nK9o7B8cidf01Sh39184mG8KN8VuEzCj7b37KnLH8qUDcsukvkxOVSoVHmXH+/Pgbmsxp4c9sxLQLHBfCazhT0S3Zs+BkR6LNQ8GOCS1qsgy05L6fMXoQgds3Zx/X4ZYjLnYVnJo8k+6aP4pU/rB6GFzGG9UrLDvSvk/PoswpEr7S6uFa4bF8JWD5VPkQTPTNwm1LWH4va+ABcw9KOgL2tsAk/jJlkLD4qgXowqgbwcpfe+QCukJb7uIQjRtOgxSAhHqT1nxjS6gROhGt0ojuwALaZaFPr9YtGlqxPhUzAXWKvvbVcr6kkR17HrtXZeLdFqwrUPlkIDFV6yLbYzQGKPFwxtpoJaH/irv6cgeXnHaa9XQJk+XJ5pE0X9uNljGr3B8LMKymdlvvBiWOOLpYsHg5aVOR+K7HvydLSuaah8hpCLjjVyIYIl/pIDL4F/FUSxcFBB4fgdXB77LXm5UizmI7+dqZaOQSm8qXbLZ8P+13ele2JyV1pmvJbLFlhCksDMOXx9jvSJQ6DOjPd+2vtABWh9XGo2Fiy+ekB9LTzlW+xON4FRZDoTPrPmhg40v+s7lySHx3miwCIJfNfLJpf0dxm3pQYWZPIra1RA9hbgstXBJ3+2VA5JEuVRt0SEygN5Kgk1Y5w== root@bu"; + }; hu = { nets = { retiolum = { diff --git a/tv/1systems/bu/config.nix b/tv/1systems/bu/config.nix new file mode 100644 index 00000000..69c5848f --- /dev/null +++ b/tv/1systems/bu/config.nix @@ -0,0 +1,40 @@ +{ config, pkgs, ... }: let + lib = import ../../../lib; +in { + + imports = [ + ./disks.nix + + + + + + + ]; + + environment.homeBinInPath = true; + + krebs.build.host = config.krebs.hosts.bu; + + networking.hostId = lib.mkDefault "00000000"; + + networking.wireless.enable = true; + networking.useDHCP = false; + networking.interfaces.enp0s25.useDHCP = true; + networking.interfaces.wlp3s0.useDHCP = true; + networking.interfaces.wwp0s29u1u4i6.useDHCP = true; + networking.wireless.interfaces = [ + "wlp3s0" + ]; + + programs.gnupg.agent.enable = true; + programs.gnupg.agent.pinentryFlavor = "gtk2"; + + services.earlyoom.enable = true; + services.earlyoom.freeMemThreshold = 5; + systemd.services.earlyoom.environment.EARLYOOM_ARGS = toString [ + "--prefer '(^|/)chromium$'" + ]; + + system.stateVersion = "21.11"; +} diff --git a/tv/1systems/bu/disks.nix b/tv/1systems/bu/disks.nix new file mode 100644 index 00000000..e634209f --- /dev/null +++ b/tv/1systems/bu/disks.nix @@ -0,0 +1,15 @@ +{ + boot.initrd.luks.devices.buda2.device = "/dev/sda2"; + fileSystems."/" = { + device = "buda2/root"; + fsType = "zfs"; + }; + fileSystems."/home" = { + device = "buda2/home"; + fsType = "zfs"; + }; + fileSystems."/boot" = { + device = "/dev/sda1"; + fsType = "vfat"; + }; +} -- cgit v1.2.3 From c4ff9f0d26e7fce7d83d076dda5445801cca6676 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 5 Jan 2022 01:40:14 +0100 Subject: tv bu: setup backups --- tv/1systems/bu/disks.nix | 4 ++++ tv/2configs/backup.nix | 24 ++++++++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/tv/1systems/bu/disks.nix b/tv/1systems/bu/disks.nix index e634209f..deabefa7 100644 --- a/tv/1systems/bu/disks.nix +++ b/tv/1systems/bu/disks.nix @@ -4,6 +4,10 @@ device = "buda2/root"; fsType = "zfs"; }; + fileSystems."/bku" = { + device = "buda2/bku"; + fsType = "zfs"; + }; fileSystems."/home" = { device = "buda2/home"; fsType = "zfs"; diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix index b8dec8da..a5e0cf4c 100644 --- a/tv/2configs/backup.nix +++ b/tv/2configs/backup.nix @@ -10,6 +10,24 @@ with import ; yearly = { format = "%Y"; }; }; }) { + bu-home-wu = { + method = "push"; + src = { host = config.krebs.hosts.bu; path = "/home"; }; + dst = { host = config.krebs.hosts.wu; path = "/bku/bu-home"; }; + startAt = "05:15"; + }; + bu-home-xu = { + method = "push"; + src = { host = config.krebs.hosts.bu; path = "/home"; }; + dst = { host = config.krebs.hosts.xu; path = "/bku/bu-home"; }; + startAt = "05:20"; + }; + bu-home-zu = { + method = "push"; + src = { host = config.krebs.hosts.bu; path = "/home"; }; + dst = { host = config.krebs.hosts.zu; path = "/bku/bu-home"; }; + startAt = "05:25"; + }; nomic-home-xu = { method = "push"; src = { host = config.krebs.hosts.nomic; path = "/home"; }; @@ -40,6 +58,12 @@ with import ; dst = { host = config.krebs.hosts.zu; path = "/bku/wu-home"; }; startAt = "05:20"; }; + xu-home-bu = { + method = "push"; + src = { host = config.krebs.hosts.xu; path = "/home"; }; + dst = { host = config.krebs.hosts.bu; path = "/bku/xu-home"; }; + startAt = "04:50"; + }; xu-home-nomic = { method = "push"; src = { host = config.krebs.hosts.xu; path = "/home"; }; -- cgit v1.2.3 From 63e76e4218339c87d8df5fd1712a5be0e17a33cd Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 5 Jan 2022 02:54:53 +0100 Subject: krebs.backup: use dedicated .backup-filter --- krebs/3modules/backup.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index c5cb1cae..4a88582a 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -157,7 +157,8 @@ let # of the deepest directory: # shellcheck disable=SC2174 ${local.rsync} >&2 \ - -aAXF --delete \ + -aAX --delete \ + --filter='dir-merge /.backup-filter' \ --rsh=${shell.escape ssh} \ --rsync-path=${shell.escape remote.rsync} \ --link-dest=${shell.escape plan.dst.path}/current \ @@ -191,7 +192,8 @@ let echo >&2 "create snapshot: $ns/$name" mkdir -m 0700 -p "$dst_path/$ns" rsync >&2 \ - -aAXF --delete \ + -aAX --delete \ + --filter='dir-merge /.backup-filter' \ --link-dest="$dst_path/current" \ "$dst_path/current/" \ "$dst_path/$ns/.partial.$name" -- cgit v1.2.3 From 4ebe149d3289cf4cc0dd789996e9f45d11e54386 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= Date: Wed, 5 Jan 2022 21:50:02 +0100 Subject: external: rip bvg.kmein.r --- krebs/3modules/external/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 66914797..4a1efe8f 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -321,7 +321,6 @@ in { "zaatar.r" "zaatar.kmein.r" "grocy.kmein.r" - "bvg.kmein.r" "moodle.kmein.r" ]; tinc.pubkey = '' -- cgit v1.2.3 From 13db0ce256ec67c6e21bd85a7d398ccdb180988f Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 6 Jan 2022 14:44:29 +0100 Subject: much: 1.3.0 -> 1.3.1 --- krebs/5pkgs/haskell/much.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/5pkgs/haskell/much.nix b/krebs/5pkgs/haskell/much.nix index f3aad2ee..5045465e 100644 --- a/krebs/5pkgs/haskell/much.nix +++ b/krebs/5pkgs/haskell/much.nix @@ -9,11 +9,11 @@ }: mkDerivation { pname = "much"; - version = "1.2.0"; + version = "1.3.1"; src = fetchgit { url = "https://cgit.krebsco.de/much"; - sha256 = "0rf27d7gki5hgivy49xi59ld0j6jw3v7nxi4w1gx6byj1xsarwwl"; - rev = "29749366052a8f6c05b314f1ff17201717855ad7"; + sha256 = "0gwyhqcvg9ywna8fhb9hnx97qh5inglj3l0pcwkgwcvm27mfpcqa"; + rev = "77357335a3a88a4b93f91a46ab939a1a9b192977"; fetchSubmodules = true; }; isLibrary = true; -- cgit v1.2.3 From d814ddd21239e323676afc4f9c780b340857a624 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 7 Jan 2022 20:52:58 +0100 Subject: mic92: add jarvis --- krebs/3modules/external/mic92.nix | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index f8c371b7..349a6c34 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -675,6 +675,25 @@ in { }; }; }; + jarvis = { + owner = config.krebs.users.mic92; + nets = rec { + retiolum = { + aliases = [ "jarvis.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA7PtJlYBpBr2TK5CAvAukkGvj+esC+sMPKd3mO9iDwdViBrqKdf+D + yEy8SI80Y02dpkL97NjvnzepKpyGQWpG1ZQflJLhCTj7oFyVpWd4XsbIuzYp5ES6 + r8qKWs2xcItc1pbW0ZmrCBzdWsC1B0VAHlYkiz+7vM6pCTvg6hNQugP4c1TRCtJC + Sr+n+EjTXN/NTaKl+f7eoHJGnT5liDO3/xZVxm8AuLnron1xPPDghXClVHfDj5mt + f66f+CLwZhq3BrZuptwXp7TerMfrNtPyTx96b+EyuLPjrYxKeKL/+Nbr3VmmiDIV + tsraNc+0a8OBpVsYh4MQLp55NYwqxAoetQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "RRkMnGSg+nMkz4L2iqmdFf2fIf4wIfcTM0TlTWLLNCE"; + }; + }; + }; bernie = { owner = config.krebs.users.mic92; nets = rec { -- cgit v1.2.3 From 16aad34f14755faa6657cbb8d8dbb95cacccee39 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 7 Jan 2022 20:59:37 +0100 Subject: git-hooks irc-announce: don't show merges --- krebs/5pkgs/simple/git-hooks/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/5pkgs/simple/git-hooks/default.nix b/krebs/5pkgs/simple/git-hooks/default.nix index 00a593be..c9dcc754 100644 --- a/krebs/5pkgs/simple/git-hooks/default.nix +++ b/krebs/5pkgs/simple/git-hooks/default.nix @@ -100,6 +100,7 @@ with stockholm.lib; add_message "$( git log \ --format="$(orange %h) %s $(gray '(%ar)')" \ + --no-merges \ --reverse \ $id2..$id -- cgit v1.2.3 From 545b424ecbd69df2b507f827b26ee6e38f1648c3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 9 Jan 2022 00:43:23 +0100 Subject: krebs: use ergo instead of solanum everywhere --- krebs/1systems/hotdog/config.nix | 2 +- krebs/2configs/ergo.nix | 13 ---- krebs/2configs/ircd.nix | 149 ++++++++++----------------------------- krebs/2configs/news.nix | 3 +- krebs/3modules/ergo.nix | 15 +++- 5 files changed, 51 insertions(+), 131 deletions(-) delete mode 100644 krebs/2configs/ergo.nix diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 6a51bf45..cf07d3b4 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -7,7 +7,7 @@ - + diff --git a/krebs/2configs/ergo.nix b/krebs/2configs/ergo.nix deleted file mode 100644 index db0bc574..00000000 --- a/krebs/2configs/ergo.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, pkgs, ... }: - -{ - networking.firewall.allowedTCPPorts = [ - 6667 - ]; - - krebs.ergo = { - enable = true; - }; -} - - diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index 90487873..c6c91e07 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -1,121 +1,44 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, ... }: { networking.firewall.allowedTCPPorts = [ - 6667 6669 + 6667 ]; - systemd.services.solanum.serviceConfig.LimitNOFILE = lib.mkForce 16384; - - services.solanum = { + krebs.ergo = { enable = true; - motd = '' - hello - ''; - config = '' - loadmodule "extensions/m_omode"; - serverinfo { - name = "${config.krebs.build.host.name}.irc.r"; - sid = "1as"; - description = "irc!"; - network_name = "irc.r"; - - vhost = "0.0.0.0"; - vhost6 = "::"; - - #ssl_private_key = "etc/ssl.key"; - #ssl_cert = "etc/ssl.cert"; - #ssl_dh_params = "etc/dh.pem"; - #ssld_count = 1; - - default_max_clients = 2048; - #nicklen = 30; - }; - - listen { - defer_accept = yes; - - /* If you want to listen on a specific IP only, specify host. - * host definitions apply only to the following port line. - */ - host = "0.0.0.0"; - port = 6667; - #sslport = 6697; - - /* Listen on IPv6 (if you used host= above). */ - host = "::"; - port = 6667; - #sslport = 6697; - }; - - class "users" { - ping_time = 2 minutes; - number_per_ident = 10; - number_per_ip = 4096; - number_per_ip_global = 4096; - cidr_ipv4_bitlen = 24; - cidr_ipv6_bitlen = 64; - number_per_cidr = 65535; - max_number = 65535; - sendq = 1000 megabyte; - }; - - privset "op" { - privs = oper:admin, oper:general; - }; - - operator "aids" { - user = "*@*"; - password = "balls"; - flags = ~encrypted; - snomask = "+s"; - privset = "op"; - }; - - exempt { - ip = "127.0.0.1"; - }; - - exempt { - ip = "10.243.0.0/16"; - }; - - auth { - user = "*@*"; - class = "users"; - flags = kline_exempt, exceed_limit, flood_exempt; - }; - - channel { - autochanmodes = "+t"; - use_invex = yes; - use_except = yes; - use_forward = yes; - use_knock = yes; - knock_delay = 5 minutes; - knock_delay_channel = 1 minute; - max_chans_per_user = 150; - max_bans = 100; - max_bans_large = 500; - default_split_user_count = 0; - default_split_server_count = 0; - no_create_on_split = no; - no_join_on_split = no; - burst_topicwho = yes; - kick_on_split_riding = no; - only_ascii_channels = no; - resv_forcepart = yes; - channel_target_change = yes; - disable_local_channels = no; - }; - - general { - #maybe we want ident someday? - default_floodcount = 10000; - disable_auth = yes; - throttle_duration = 1; - throttle_count = 10000; - }; - ''; + config = { + server.secure-nets = [ + "42::0/16" + "10.240.0.0/12" + ]; + oper-classes.server-admin = { + title = "admin"; + capabilities = [ + "kill" # disconnect user sessions + "ban" # ban IPs, CIDRs, and NUH masks ("d-line" and "k-line") + "nofakelag" # remove "fakelag" restrictions on rate of message sending + "relaymsg" # use RELAYMSG in any channel (see the 'relaymsg' config block) + "vhosts" # add and remove vhosts from users + "sajoin" # join arbitrary channels, including private channels + "samode" # modify arbitrary channel and user modes + "snomasks" # subscribe to arbitrary server notice masks + "roleplay" # use the (deprecated) roleplay commands in any channel + "rehash" # rehash the server, i.e. reload the config at runtime + "accreg" # modify arbitrary account registrations + "chanreg" # modify arbitrary channel registrations + "history" # modify or delete history messages + "defcon" # use the DEFCON command (restrict server capabilities) + "massmessage" # message all users on the server + ]; + }; + opers.aids = { + class = "server-admin"; + hidden = false; + password = "$2a$04$0AtVycWQJ07ymrDdKyAm2un3UVSVIzpzL3wsWbWb3PF95d1CZMcMO"; + }; + }; }; } + + diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index 84a39f95..639cadb3 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -68,7 +68,8 @@ wantedBy = [ "multi-user.target" ]; }; - systemd.services.brockman.bindsTo = [ "solanum.service" ]; + krebs.ergo.openFilesLimit = 16384; + systemd.services.brockman.bindsTo = [ "ergo.service" ]; systemd.services.brockman.serviceConfig.LimitNOFILE = 16384; systemd.services.brockman.environment.BROCKMAN_LOG_LEVEL = "DEBUG"; krebs.brockman = { diff --git a/krebs/3modules/ergo.nix b/krebs/3modules/ergo.nix index 3153e4cf..50c5ab62 100644 --- a/krebs/3modules/ergo.nix +++ b/krebs/3modules/ergo.nix @@ -2,6 +2,13 @@ options = { krebs.ergo = { enable = lib.mkEnableOption "Ergo IRC daemon"; + openFilesLimit = lib.mkOption { + type = lib.types.int; + default = 1024; + description = '' + Maximum number of open files. Limits the clients and server connections. + ''; + }; config = lib.mkOption { type = (pkgs.formats.json {}).type; description = '' @@ -54,8 +61,8 @@ multiclient = { enabled = true; allowed-by-default = true; - always-on = "opt-in"; - auto-away = "opt-in"; + always-on = "opt-out"; + auto-away = "opt-out"; }; }; channels = { @@ -111,13 +118,15 @@ systemd.services.ergo = { description = "Ergo IRC daemon"; wantedBy = [ "multi-user.target" ]; - reloadIfChanged = true; + # reload currently not working as expected + # reloadIfChanged = true; restartTriggers = [ configFile ]; serviceConfig = { ExecStart = "${pkgs.ergo}/bin/ergo run --conf /etc/ergo.yaml"; ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID"; DynamicUser = true; StateDirectory = "ergo"; + LimitNOFILE = "${toString cfg.openFilesLimit}"; }; }; }); -- cgit v1.2.3 From 3b8e4ecbb6ed69f592bbe0643d655e42d83f46c3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 9 Jan 2022 01:34:38 +0100 Subject: krebs news: increase ergo nicklen limit --- krebs/2configs/news.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index 639cadb3..a4384e00 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -69,6 +69,7 @@ }; krebs.ergo.openFilesLimit = 16384; + krebs.ergo.config.limits.nicklen = 100; systemd.services.brockman.bindsTo = [ "ergo.service" ]; systemd.services.brockman.serviceConfig.LimitNOFILE = 16384; systemd.services.brockman.environment.BROCKMAN_LOG_LEVEL = "DEBUG"; -- cgit v1.2.3 From 4f5f9c87f18065841a269dd96a5713c5c9d929c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 9 Jan 2022 12:49:26 +0100 Subject: jarvis: add dyndns --- krebs/3modules/external/mic92.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 349a6c34..6c8c65b9 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -678,7 +678,9 @@ in { jarvis = { owner = config.krebs.users.mic92; nets = rec { + internet.addrs = [ "jarvis.thalheim.io" ]; retiolum = { + via = internet; aliases = [ "jarvis.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- -- cgit v1.2.3 From 4d50adb1fd2f04cc33099d525c4e5890ea09273c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 9 Jan 2022 13:30:43 +0100 Subject: mic92: add dyndns endpoint for turingmachine/bernie --- krebs/3modules/external/mic92.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 6c8c65b9..cd11fb2c 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -526,8 +526,10 @@ in { }; turingmachine = { owner = config.krebs.users.mic92; - nets = { + nets = rec { + internet.addrs = [ "turingmachine.thalheim.io" ]; retiolum = { + via = internet; aliases = [ "turingmachine.r" ]; @@ -699,7 +701,9 @@ in { bernie = { owner = config.krebs.users.mic92; nets = rec { + internet.addrs = [ "bernie.thalheim.io" ]; retiolum = { + via = internet; aliases = [ "bernie.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -721,7 +725,6 @@ in { }; }; - ryan = { owner = config.krebs.users.mic92; nets = rec { -- cgit v1.2.3 From ecfc5df838f5c2de6096ea25617d298bc29127f9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 9 Jan 2022 18:02:37 +0100 Subject: news: disable history, raise identlen limit --- krebs/2configs/news.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index a4384e00..9ea4cbf8 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -69,7 +69,11 @@ }; krebs.ergo.openFilesLimit = 16384; - krebs.ergo.config.limits.nicklen = 100; + krebs.ergo.config = { + limits.nicklen = 100; + limits.identlen = 100; + history.enabled = false; + }; systemd.services.brockman.bindsTo = [ "ergo.service" ]; systemd.services.brockman.serviceConfig.LimitNOFILE = 16384; systemd.services.brockman.environment.BROCKMAN_LOG_LEVEL = "DEBUG"; -- cgit v1.2.3 From 42906bb7793312544fae6d485f1c9c9d426be014 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 9 Jan 2022 18:02:51 +0100 Subject: pkgs.brockman: 4.0.2 -> 4.0.3 --- krebs/5pkgs/haskell/brockman/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/haskell/brockman/default.nix b/krebs/5pkgs/haskell/brockman/default.nix index 01b7a057..8a2311a2 100644 --- a/krebs/5pkgs/haskell/brockman/default.nix +++ b/krebs/5pkgs/haskell/brockman/default.nix @@ -7,12 +7,12 @@ }: mkDerivation rec { pname = "brockman"; - version = "4.0.2"; + version = "4.0.3"; src = fetchFromGitHub { owner = "kmein"; repo = "brockman"; rev = version; - sha256 = "sha256-EKXKhGdIJRbRklD5zxJNGhOxqPzog4f9NMXo/c8iBGc="; + sha256 = "sha256-rjwroSG9ys0FV2JM70kzmCutMVpUTx8cQ+jQq8Hw1kw="; }; isLibrary = false; isExecutable = true; -- cgit v1.2.3 From 97ca7d4f356a12fa46d2deec15716beb027fcde5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 10 Jan 2022 19:39:29 +0100 Subject: nixpkgs: d1e59cf -> 79c7b6a --- krebs/nixpkgs.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 43f29897..f34cfa32 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "d1e59cfc49961e121583abe32e2f3db1550fbcff", - "date": "2022-01-01T22:20:39+08:00", - "path": "/nix/store/azrxsxpszjwgg75jk1pkzlzjcj0qnw8d-nixpkgs", - "sha256": "03ldf1dlxqf3g8qh9x5vp6vd9zvvr481fyjds111imll69y60wpm", + "rev": "79c7b6a353e22f0eec342dead0bc69fb7ce846db", + "date": "2022-01-09T23:59:32-03:00", + "path": "/nix/store/41cc41pyszadfgkddrp6dv11wkkmq5ji-nixpkgs", + "sha256": "1ihlj5wrzx151zhyr0vbiwyvhhc4g9chbaz4dy2a2i2v9fwwhjl2", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, -- cgit v1.2.3 From 17892c2fa0763f31a854d5b5b8fe87a2465ad70d Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 10 Jan 2022 19:39:44 +0100 Subject: nixpkgs-unstable: 59bfda7 -> 0ecf7d4 --- krebs/nixpkgs-unstable.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index cab3ab11..29b3178c 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "59bfda72480496f32787cec8c557182738b1bd3f", - "date": "2021-12-31T15:09:52+01:00", - "path": "/nix/store/wy2iidg15nwgmn8xir8fbr1lfz1hqphb-nixpkgs", - "sha256": "18akd1chfvniq1q774rigfxgmxwi0wyjljpa1j9ls59szpzr316d", + "rev": "0ecf7d414811f831060cf55707c374d54fbb1dec", + "date": "2022-01-09T09:46:51+03:00", + "path": "/nix/store/msdcl0dhi6480vnsmv7vgpif42wj2al3-nixpkgs", + "sha256": "00xbm9lrivsj2w1jks2cnk5brbg5kvxjfj23kq0qyr8nvh57wln9", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, -- cgit v1.2.3 From decef6d4788e12634991e196aa751c66e25dbe6f Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 11 Jan 2022 20:36:04 +0100 Subject: painload: c113487 -> a963b45 --- krebs/5pkgs/simple/painload/default.nix | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/krebs/5pkgs/simple/painload/default.nix b/krebs/5pkgs/simple/painload/default.nix index 3b1c83b4..e4cb1160 100644 --- a/krebs/5pkgs/simple/painload/default.nix +++ b/krebs/5pkgs/simple/painload/default.nix @@ -1,7 +1,9 @@ -{ fetchgit, ... }: +{ pkgs }: -fetchgit { - url = https://github.com/krebs/painload; - rev = "c113487f73713a03b1a139b22bb34b86234d0495"; - sha256 = "1irxklnmvm8wsa70ypjahkr8rfqq7357vcy8r0x1sfncs1hy6gr6"; +pkgs.fetchFromGitHub { + owner = "krebs"; + repo = "painload"; + rev = "a963b45d5a3921f19189575420cc7f8f946345b5"; + sha256 = "03q8rxpzy4l9nd4wv0107s0ck3dhfzkfy1rabf8srabkwl0c3vsc"; + fetchSubmodules = true; } -- cgit v1.2.3 From c76269e7084ce3c07956ea04654af7eed347d703 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 11 Jan 2022 20:57:11 +0100 Subject: K_belwagen: init at 1.0.0 --- krebs/5pkgs/simple/K_belwagen.nix | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 krebs/5pkgs/simple/K_belwagen.nix diff --git a/krebs/5pkgs/simple/K_belwagen.nix b/krebs/5pkgs/simple/K_belwagen.nix new file mode 100644 index 00000000..80d377b0 --- /dev/null +++ b/krebs/5pkgs/simple/K_belwagen.nix @@ -0,0 +1,38 @@ +{ lib, pkgs, stdenv }: + +stdenv.mkDerivation { + pname = "K_belwagen"; + version = "1.0"; + + src = pkgs.painload; + sourceRoot = "source/K_belwagen"; + + buildInputs = [ + pkgs.jack1 + pkgs.pkgconfig + ]; + + patchPhase = '' + sed -i ' + s@^cd@# &@ + s@^make@# &@ + s@^jackd@# &@ + s@^trap@# &@ + + s@^set.*@&\nPATH=${lib.makeBinPath [ + pkgs.bc + pkgs.coreutils + ]}; export PATH@ + + s@\./a\.out@'"$out"'/lib/a.out@ + ' alarm + ''; + + installPhase = '' + mkdir -p $out/lib + mkdir -p $out/bin + + cp alarm $out/bin + cp a.out $out/lib + ''; +} -- cgit v1.2.3 From db2158f35ede127bedbe465887b15f4d55ffacd4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Jan 2022 19:53:05 +0100 Subject: l prism.r: add ipv6 --- lass/1systems/prism/physical.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index 26ecd1cd..151cfbf4 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -79,9 +79,11 @@ boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" ]; boot.kernelParams = [ "net.ifnames=0" ]; + networking.dhcpcd.enable = false; networking = { hostId = "2283aaae"; defaultGateway = "95.216.1.129"; + defaultGateway6 = { address = "fe80::1"; interface = "eth0"; }; # Use google's public DNS server nameservers = [ "8.8.8.8" ]; interfaces.eth0.ipv4.addresses = [ @@ -94,5 +96,11 @@ prefixLength = 26; } ]; + interfaces.eth0.ipv6.addresses = [ + { + address = "2a01:4f9:2a:1e9::1"; + prefixLength = 64; + } + ]; }; } -- cgit v1.2.3 From 700e0a35dbdb6fb31d66616f273c60caeb27bd86 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Jan 2022 20:24:29 +0100 Subject: ergo: 2.8.0 -> 2.9.1 --- krebs/5pkgs/simple/ergo/default.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/krebs/5pkgs/simple/ergo/default.nix b/krebs/5pkgs/simple/ergo/default.nix index a057b09f..2c9223ee 100644 --- a/krebs/5pkgs/simple/ergo/default.nix +++ b/krebs/5pkgs/simple/ergo/default.nix @@ -1,14 +1,14 @@ -{ buildGo116Module , fetchFromGitHub, lib }: +{ buildGo117Module , fetchFromGitHub, lib }: -buildGo116Module rec { +buildGo117Module rec { pname = "ergo"; - version = "2.8.0"; + version = "2.9.1"; src = fetchFromGitHub { owner = "ergochat"; repo = "ergo"; rev = "v${version}"; - sha256 = "sha256-xKcSHNH1ksjH1IikqzDi88fOdHR5CHGs8ya4Fj65MbI="; + sha256 = "sha256-RxsmkTfHymferS/FRW0sLnstKfvGXkW6cEb/JbeS4lc="; }; vendorSha256 = null; @@ -17,7 +17,7 @@ buildGo116Module rec { description = "A modern IRC server (daemon/ircd) written in Go"; homepage = "https://github.com/ergochat/ergo"; license = lib.licenses.mit; - maintainers = [ lib.maintainers.tv ]; + maintainers = with lib.maintainers; [ lassulus tv ]; platforms = lib.platforms.linux; }; } -- cgit v1.2.3 From 3f3ae3fe5d5e070f7c1993d03dc7c735348dde10 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 13 Jan 2022 14:24:43 +0100 Subject: Revert "nixpkgs-unstable: 59bfda7 -> 0ecf7d4" This reverts commit 17892c2fa0763f31a854d5b5b8fe87a2465ad70d. --- krebs/nixpkgs-unstable.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 29b3178c..cab3ab11 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "0ecf7d414811f831060cf55707c374d54fbb1dec", - "date": "2022-01-09T09:46:51+03:00", - "path": "/nix/store/msdcl0dhi6480vnsmv7vgpif42wj2al3-nixpkgs", - "sha256": "00xbm9lrivsj2w1jks2cnk5brbg5kvxjfj23kq0qyr8nvh57wln9", + "rev": "59bfda72480496f32787cec8c557182738b1bd3f", + "date": "2021-12-31T15:09:52+01:00", + "path": "/nix/store/wy2iidg15nwgmn8xir8fbr1lfz1hqphb-nixpkgs", + "sha256": "18akd1chfvniq1q774rigfxgmxwi0wyjljpa1j9ls59szpzr316d", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, -- cgit v1.2.3 From 712ee76c04de0f4c2f04da5a17d9330fb1952324 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 15 Jan 2022 12:22:15 +0100 Subject: l yubikey: use scdaemon via pcscd --- lass/2configs/yubikey.nix | 39 +++++++++++++++++++++++++++++++++------ 1 file changed, 33 insertions(+), 6 deletions(-) diff --git a/lass/2configs/yubikey.nix b/lass/2configs/yubikey.nix index 9ab6b6cc..a53f5501 100644 --- a/lass/2configs/yubikey.nix +++ b/lass/2configs/yubikey.nix @@ -9,12 +9,39 @@ services.pcscd.enable = true; systemd.user.sockets.gpg-agent-ssh.wantedBy = [ "sockets.target" ]; - ##restart pcscd if yubikey is plugged in - #services.udev.extraRules = '' - # ACTION=="add", ATTRS{idVendor}=="04d9", ATTRS{idProduct}=="2013", RUN+="${pkgs.writeDash "restart_pcscd" '' - # ${pkgs.systemd}/bin/systemctl restart pcscd.service - # ''}" - #''; + services.pcscd.enable = true; + systemd.user.services.gpg-agent.serviceConfig.ExecStartPre = pkgs.writers.writeDash "init_gpg" '' + set -x + ${pkgs.coreutils}/bin/ln -sf ${pkgs.writeText "scdaemon.conf" '' + disable-ccid + pcsc-driver ${pkgs.pcsclite.out}/lib/libpcsclite.so.1 + card-timeout 1 + + # Always try to use yubikey as the first reader + # even when other smart card readers are connected + # Name of the reader can be found using the pcsc_scan command + # If you have problems with gpg not recognizing the Yubikey + # then make sure that the string here matches exacly pcsc_scan + # command output. Also check journalctl -f for errors. + reader-port Yubico YubiKey + ''} $HOME/.gnupg/scdaemon.conf + ''; + + security.polkit.extraConfig = '' + polkit.addRule(function(action, subject) { + if ( + ( + action.id == "org.debian.pcsc-lite.access_pcsc" || + action.id == "org.debian.pcsc-lite.access_card" + ) && subject.user == "lass" + ) { + return polkit.Result.YES; + } + }); + polkit.addRule(function(action, subject) { + polkit.log("user " + subject.user + " is attempting action " + action.id + " from PID " + subject.pid); + }); + ''; environment.shellInit = '' if [ "$UID" -eq 1337 ] && [ -z "$SSH_CONNECTION" ]; then -- cgit v1.2.3 From 346164ba1d8fcec0ee986bed91ee9b6b473292cb Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 15 Jan 2022 12:22:35 +0100 Subject: l yubikey: access remote builders via yubikey --- lass/2configs/yubikey.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/2configs/yubikey.nix b/lass/2configs/yubikey.nix index a53f5501..4ac21caa 100644 --- a/lass/2configs/yubikey.nix +++ b/lass/2configs/yubikey.nix @@ -55,6 +55,9 @@ fi ''; + # allow nix to acces remote builders via yubikey + systemd.services.nix-daemon.environment.SSH_AUTH_SOCK = "/run/user/1337/gnupg/S.gpg-agent.ssh"; + programs = { ssh.startAgent = false; gnupg.agent = { -- cgit v1.2.3 From c0040ec697c5933147ee8cb25e3e721cc58627c4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 15 Jan 2022 18:16:23 +0100 Subject: nixpkgs-unstable: 59bfda7 -> 5aaed40 --- krebs/nixpkgs-unstable.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index cab3ab11..69fae6b8 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "59bfda72480496f32787cec8c557182738b1bd3f", - "date": "2021-12-31T15:09:52+01:00", - "path": "/nix/store/wy2iidg15nwgmn8xir8fbr1lfz1hqphb-nixpkgs", - "sha256": "18akd1chfvniq1q774rigfxgmxwi0wyjljpa1j9ls59szpzr316d", + "rev": "5aaed40d22f0d9376330b6fa413223435ad6fee5", + "date": "2022-01-13T15:06:32-05:00", + "path": "/nix/store/kb5d8wykvipwcxsyxa4cq70q1hjp4zb4-nixpkgs", + "sha256": "0bs8sr92lzz7mdrlv143draq3j7l42dj69w3px1x31qcr3n5pgcv", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, -- cgit v1.2.3 From 8d67a33709db13fade3460cc01f385f5bcffd794 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 15 Jan 2022 20:14:50 +0100 Subject: l yubikey: remove duplicate definition --- lass/2configs/yubikey.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/yubikey.nix b/lass/2configs/yubikey.nix index 4ac21caa..d92b18f8 100644 --- a/lass/2configs/yubikey.nix +++ b/lass/2configs/yubikey.nix @@ -6,7 +6,6 @@ ]; services.udev.packages = with pkgs; [ yubikey-personalization ]; - services.pcscd.enable = true; systemd.user.sockets.gpg-agent-ssh.wantedBy = [ "sockets.target" ]; services.pcscd.enable = true; -- cgit v1.2.3 From b3818cc15528cfcf40aa9cd5899c708ec62a9590 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= Date: Tue, 11 Jan 2022 23:14:00 +0100 Subject: external: add rrm.r alias --- krebs/3modules/external/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 4a1efe8f..ffdd2172 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -153,6 +153,7 @@ in { "grafana.kmein.r" "names.kmein.r" "graph.r" + "rrm.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- -- cgit v1.2.3 From 138f9409fa8bdfefe9dc91b4d5405e42ac53da1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= Date: Tue, 18 Jan 2022 18:50:27 +0100 Subject: external: move kmein to separate file --- krebs/3modules/default.nix | 1 + krebs/3modules/external/default.nix | 132 ---------------------------------- krebs/3modules/external/kmein.nix | 138 ++++++++++++++++++++++++++++++++++++ 3 files changed, 139 insertions(+), 132 deletions(-) create mode 100644 krebs/3modules/external/kmein.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index f76d3c53..b58b5203 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -108,6 +108,7 @@ let { krebs = import ./makefu { inherit config; }; } { krebs = import ./external/palo.nix { inherit config; }; } { krebs = import ./external/mic92.nix { inherit config; }; } + { krebs = import ./external/kmein.nix { inherit config; }; } { krebs = import ./tv { inherit config; }; } { krebs.dns.providers = { diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index ffdd2172..576a408c 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -16,37 +16,7 @@ with import ; tinc-for = name: builtins.readFile (./tinc + "/${name}.pub"); in { - hosts = mapAttrs hostDefaults { - kabsa = { - owner = config.krebs.users.kmein; - nets = { - retiolum = { - ip4.addr = "10.243.2.4"; - aliases = [ - "kabsa.r" - "kabsa.kmein.r" - ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtz/MY5OSxJqrEMv6Iwjk - g/V58MATljj+2bmOuOuPui/AUYHEZX759lHW4MgLjYdNbZEoVq8UgkxNk0KPGlSg - 2lsJ7FneCU7jBSE2iLT1aHuNFFa56KzSThFUl6Nj6Vyg5ghSmDF2tikurtG2q+Ay - uxf5/yEhFUPc1ZxmvJDqVHMeW5RZkuKXH00C7yN+gdcPuuFEFq+OtHNkBVmaxu7L - a8Q6b/QbrwQJAR9FAcm5WSQIj2brv50qnD8pZrU4loVu8dseQIicWkRowC0bzjAo - IHZTbF/S+CK0u0/q395sWRQJISkD+WAZKz5qOGHc4djJHBR3PWgHWBnRdkYqlQYM - C9zA/n4I+Y2BEfTWtgkD2g0dDssNGP5dlgFScGmRclR9pJ/7dsIbIeo9C72c6q3q - sg0EIWggQ8xyWrUTXIMoDXt37htlTSnTgjGsuwRzjotAEMJmgynWRf3br3yYChrq - 10Exq8Lej+iOuKbdAXlwjKEk0qwN7JWft3OzVc2DMtKf7rcZQkBoLfWKzaCTQ4xo - 1Y7d4OlcjbgrkLwHltTaShyosm8kbttdeinyBG1xqQcK11pMO43GFj8om+uKrz57 - lQUVipu6H3WIVGnvLmr0e9MQfThpC1em/7Aq2exn1JNUHhCdEho/mK2x/doiiI+0 - QAD64zPmuo9wsHnSMR2oKs0CAwEAAQ== - -----END PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "KhOetVTVLtGxB22NmZhkTWC0Uhg8rXJv4ayZqchSgCN"; - }; - }; - }; helsinki = { owner = config.krebs.users.ajs124; nets = { @@ -142,66 +112,6 @@ in { }; }; }; - makanek = { - owner = config.krebs.users.kmein; - nets = { - retiolum = { - ip4.addr = "10.243.2.84"; - aliases = [ - "makanek.r" - "makanek.kmein.r" - "grafana.kmein.r" - "names.kmein.r" - "graph.r" - "rrm.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAwvtxCG7Vua6+WoStGrkL+H/g4BABidL2eikDBtbxWN+oGv2Bjrwb - VzXB8lMTCsu6M2wb3YTXXzAkc5oI4gE1sSOiCKyhYnQRrndc91KewquxTPfKL19u - JiRqax/E49IvWKARPRPXUhPfU/NNw1oIxhbcFkjwJmqDvh9SWhl5VZVynCE28ov5 - hjjhqNXZHOR8CQqPJeY8v38OAAwTWvJ6rhEQwp5dLBqmRAbvPXj7OOzCxKluDY2X - Dl4k6QAjI6NddJXsXHRYRNGiB0CP1UBC91NDtW2+HIjf1Q1Lip5agO4/SkkSUt39 - de7uYKrNcfyDUBb9Suconw0HvW+Dv4Ce5um+aa1RUrWIQdqBCOECbsXYKp66vAnK - Hidf2uznFseWxiyxz1ow8AvvSseABej5GuHI/56lywnFlnHEZLREUF/4PT+BZ0vE - uPRkzqeSNybsYYFieK8aany/RmJaoIsduGutgAiKBvkCCHru895n02xuLhZVkM2G - zfVjA2le+Gxr21/sVPrHfxResLUh4RA8fkS7erWMRF4a3IOpIS4yrM+p4pZTlTxO - Ya8buh4RgyE/0hp4QNpa4K7fvntriK+k6zHs7BcZcG2aMWP3O9/4DgjzBR3eslQV - oou23ajP11wyfrmZK0/PQGTpsU472Jj+06KtMAaH0zo4vAR8s2kV1ukCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "GiAe9EH3ss+K71lRlkGaOcg/MrV/zxNW5tDF0koEGvC"; - }; - }; - }; - manakish = { - owner = config.krebs.users.kmein; - nets = { - retiolum = { - ip4.addr = "10.243.2.85"; - aliases = [ - "manakish.r" - "manakish.kmein.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAtZcWwm1tTFoMcO0EOwNdSrZW9m2tSNWzwTGjlfuNFQKPnHiKdFFH - Hym72+WtaIZmffermGTfYdMoB/lWgOB0glqH9oSBFvrLVDgdQL2il589EXBd/1Qy - 7Ye5EVy2/xEA7iZGg3j0i+q1ic48tt6ePd4+QR0LmLEa8+Gz5X0Tp9TTf7gdv+lB - dVA6p7LJixKcBsC5W0jY5oTGUP0fM844AtWbpflmlz0JZNWrkJhCksOnfhUzeIsF - 1m9rCsyK+3jGMV6ZxhEbwaOt99Wlv0N0ouPePw+xLnnGTu0rJ/RKWceYnWnrHIyb - GgGIHnm9GbMd4mAfyp63emRYDMclSQSrddpDUL2GK8TCTttr6bZm4M/pFuXQGJsQ - EG0iaE8FM+nCrhmCRnX8dRWcNmHybd34UoVGCDJ6u+ksLIivqgWeY41CauqN0vQw - U4zqp6XMXRB6vlVcyLzdTASxVKaLJt+BuvHcyqz/YslJ97z4yoLE3d7s/9gZkM// - +FD970bsyvKpKRx72rNRCO9tQJNgPsaMiW5nuHUFw71XxX8o0w//5a0h5cdbiT64 - I4ISySa4ynmHI1/v0a937/sFS0IvRI1Va0Efh2VxasNIqpDmM3hA8auPDj0Js/4c - qVnWMbvqqYlY9l//HCNxUXIhi0vcOr2PoCxBtcP5pHY8nNphQrPjRrcCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "CjSqXJMvJevjqX9W9sqDpLTJs9DXfC04YNAFpYqS2iN"; - }; - }; - }; qubasa = { owner = config.krebs.users.qubasa; nets = { @@ -227,7 +137,6 @@ in { }; }; }; - keller = { owner = config.krebs.users.qubasa; nets = { @@ -280,13 +189,6 @@ in { }; }; - rilke = { - owner = config.krebs.users.kmein; - nets.wiregrill = { - aliases = [ "rilke.w" ]; - wireguard.pubkey = "09yVPHL/ucvqc6V5n7vFQ2Oi1LBMdwQZDL+7jBwy+iQ="; - }; - }; rtjure = { owner = config.krebs.users.rtjure; nets = { @@ -313,36 +215,6 @@ in { }; }; }; - zaatar = { - owner = config.krebs.users.kmein; - nets = { - retiolum = { - ip4.addr = "10.243.2.34"; - aliases = [ - "zaatar.r" - "zaatar.kmein.r" - "grocy.kmein.r" - "moodle.kmein.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAyEeesa4mDNAT2QT/PxfmildhqawinWTcUiF3V2wsfy3eXJCFySKM - pRKrLnOpkd2RoLWA88o0/hAfTdel/fXRjAx8TtKlh1n+UoRhYOGqLJKUZDVGImjJ - xTPGCC+g4b2cNCYU3RVdttSu8+zlfO6ktkySULKbVkJN3ocQmSCmWs2tP6hYvk2i - 5OB3Uxw+OwhtVO76dlby6Idmc8o++ZVm3snbYsgiR7RQf9vHZHR8lKr5fZ/ycq2Q - T+agY/cFLJ+jhfUi8LFtKKcqGLyKKrDywADQWTcIG+cjV33k6ftW678jvsEft6e6 - 2RgspZX5XciTbMPIPGMcH5NZPXi6youcUcqcqDtok7Y1Jj3N5dSmJno5ojyKolZp - PRt4bPx9WuerjzwL5gG9E6n6l24neX6Mq7RDyJfBYtpUvZblezXWUuoReGNczAvj - zZrAKXKnuCEgQ/du7pT8V6qHG5NjovIMm0VDxOJV5jBL4NUox3PGbW5g0vS/nxHc - xKWPq+4zoyA6MsL9sGCqIlSWEqNnSERX19GbJZNYjm1J+aGZ/fZ+MaDJGuCzlxn4 - yjLBuuXSkIrPxxtIV+Yh8Wy5qDNRN7XS1wNxUcmjQn0+7Ou/4W+cTWJ/+yZyC1DK - uYEZh8YBMJo0E4bR4s04SFA6uLIvLigPELxzb0jwZSKXRnQhay6zzZ0CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "GYg9UMw0rFWFS0Yr8HFe81HcGjQw0xbu9wqDWtQPDLH"; - }; - }; - }; sokrateslaptop = { owner = config.krebs.users.sokratess; nets = { @@ -740,10 +612,6 @@ in { jonge = { mail = "jacek.galowicz@gmail.com"; }; - kmein = { - mail = "kmein@posteo.de"; - pubkey = ssh-for "kmein"; - }; mic92 = { mail = "joerg@thalheim.io"; pubkey = ssh-for "mic92"; diff --git a/krebs/3modules/external/kmein.nix b/krebs/3modules/external/kmein.nix new file mode 100644 index 00000000..51bb183b --- /dev/null +++ b/krebs/3modules/external/kmein.nix @@ -0,0 +1,138 @@ +with import ; +{ config, ... }: +let + maybeEmpty = attrset: key: if (attrset?key) then attrset.${key} else []; + hostDefaults = hostName: host: flip recursiveUpdate host ({ + ci = false; + external = true; + monitoring = false; + owner = config.krebs.users.kmein; + } // optionalAttrs (host.nets?retiolum) { + nets.retiolum = { + ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + }; + } // optionalAttrs (host.nets?wiregrill) { + nets.wiregrill = { + ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; + }; + }); + ssh-for = name: builtins.readFile (./ssh + "/${name}.pub"); +in +{ + users.kmein = { + mail = "kmein@posteo.de"; + pubkey = ssh-for "kmein"; + }; + hosts = mapAttrs hostDefaults { + kabsa = { + nets.retiolum = { + aliases = [ "kabsa.r" "kabsa.kmein.r" ]; + ip4.addr = "10.243.2.4"; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtz/MY5OSxJqrEMv6Iwjk + g/V58MATljj+2bmOuOuPui/AUYHEZX759lHW4MgLjYdNbZEoVq8UgkxNk0KPGlSg + 2lsJ7FneCU7jBSE2iLT1aHuNFFa56KzSThFUl6Nj6Vyg5ghSmDF2tikurtG2q+Ay + uxf5/yEhFUPc1ZxmvJDqVHMeW5RZkuKXH00C7yN+gdcPuuFEFq+OtHNkBVmaxu7L + a8Q6b/QbrwQJAR9FAcm5WSQIj2brv50qnD8pZrU4loVu8dseQIicWkRowC0bzjAo + IHZTbF/S+CK0u0/q395sWRQJISkD+WAZKz5qOGHc4djJHBR3PWgHWBnRdkYqlQYM + C9zA/n4I+Y2BEfTWtgkD2g0dDssNGP5dlgFScGmRclR9pJ/7dsIbIeo9C72c6q3q + sg0EIWggQ8xyWrUTXIMoDXt37htlTSnTgjGsuwRzjotAEMJmgynWRf3br3yYChrq + 10Exq8Lej+iOuKbdAXlwjKEk0qwN7JWft3OzVc2DMtKf7rcZQkBoLfWKzaCTQ4xo + 1Y7d4OlcjbgrkLwHltTaShyosm8kbttdeinyBG1xqQcK11pMO43GFj8om+uKrz57 + lQUVipu6H3WIVGnvLmr0e9MQfThpC1em/7Aq2exn1JNUHhCdEho/mK2x/doiiI+0 + QAD64zPmuo9wsHnSMR2oKs0CAwEAAQ== + -----END PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "KhOetVTVLtGxB22NmZhkTWC0Uhg8rXJv4ayZqchSgCN"; + }; + }; + makanek = { + nets.retiolum = { + aliases = [ + "makanek.r" + "makanek.kmein.r" + "grafana.kmein.r" + "names.kmein.r" + "graph.r" + "rrm.r" + ]; + ip4.addr = "10.243.2.84"; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAwvtxCG7Vua6+WoStGrkL+H/g4BABidL2eikDBtbxWN+oGv2Bjrwb + VzXB8lMTCsu6M2wb3YTXXzAkc5oI4gE1sSOiCKyhYnQRrndc91KewquxTPfKL19u + JiRqax/E49IvWKARPRPXUhPfU/NNw1oIxhbcFkjwJmqDvh9SWhl5VZVynCE28ov5 + hjjhqNXZHOR8CQqPJeY8v38OAAwTWvJ6rhEQwp5dLBqmRAbvPXj7OOzCxKluDY2X + Dl4k6QAjI6NddJXsXHRYRNGiB0CP1UBC91NDtW2+HIjf1Q1Lip5agO4/SkkSUt39 + de7uYKrNcfyDUBb9Suconw0HvW+Dv4Ce5um+aa1RUrWIQdqBCOECbsXYKp66vAnK + Hidf2uznFseWxiyxz1ow8AvvSseABej5GuHI/56lywnFlnHEZLREUF/4PT+BZ0vE + uPRkzqeSNybsYYFieK8aany/RmJaoIsduGutgAiKBvkCCHru895n02xuLhZVkM2G + zfVjA2le+Gxr21/sVPrHfxResLUh4RA8fkS7erWMRF4a3IOpIS4yrM+p4pZTlTxO + Ya8buh4RgyE/0hp4QNpa4K7fvntriK+k6zHs7BcZcG2aMWP3O9/4DgjzBR3eslQV + oou23ajP11wyfrmZK0/PQGTpsU472Jj+06KtMAaH0zo4vAR8s2kV1ukCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "GiAe9EH3ss+K71lRlkGaOcg/MrV/zxNW5tDF0koEGvC"; + }; + }; + manakish = { + nets.retiolum = { + aliases = [ + "manakish.r" + "manakish.kmein.r" + ]; + ip4.addr = "10.243.2.85"; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAtZcWwm1tTFoMcO0EOwNdSrZW9m2tSNWzwTGjlfuNFQKPnHiKdFFH + Hym72+WtaIZmffermGTfYdMoB/lWgOB0glqH9oSBFvrLVDgdQL2il589EXBd/1Qy + 7Ye5EVy2/xEA7iZGg3j0i+q1ic48tt6ePd4+QR0LmLEa8+Gz5X0Tp9TTf7gdv+lB + dVA6p7LJixKcBsC5W0jY5oTGUP0fM844AtWbpflmlz0JZNWrkJhCksOnfhUzeIsF + 1m9rCsyK+3jGMV6ZxhEbwaOt99Wlv0N0ouPePw+xLnnGTu0rJ/RKWceYnWnrHIyb + GgGIHnm9GbMd4mAfyp63emRYDMclSQSrddpDUL2GK8TCTttr6bZm4M/pFuXQGJsQ + EG0iaE8FM+nCrhmCRnX8dRWcNmHybd34UoVGCDJ6u+ksLIivqgWeY41CauqN0vQw + U4zqp6XMXRB6vlVcyLzdTASxVKaLJt+BuvHcyqz/YslJ97z4yoLE3d7s/9gZkM// + +FD970bsyvKpKRx72rNRCO9tQJNgPsaMiW5nuHUFw71XxX8o0w//5a0h5cdbiT64 + I4ISySa4ynmHI1/v0a937/sFS0IvRI1Va0Efh2VxasNIqpDmM3hA8auPDj0Js/4c + qVnWMbvqqYlY9l//HCNxUXIhi0vcOr2PoCxBtcP5pHY8nNphQrPjRrcCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "CjSqXJMvJevjqX9W9sqDpLTJs9DXfC04YNAFpYqS2iN"; + }; + }; + g7power = { + nets.wiregrill = { + aliases = [ "phone.kmein.w" ]; + wireguard.pubkey = "09yVPHL/ucvqc6V5n7vFQ2Oi1LBMdwQZDL+7jBwy+iQ="; + }; + }; + zaatar = { + nets.retiolum = { + ip4.addr = "10.243.2.34"; + aliases = [ + "zaatar.r" + "zaatar.kmein.r" + "grocy.kmein.r" + "moodle.kmein.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAyEeesa4mDNAT2QT/PxfmildhqawinWTcUiF3V2wsfy3eXJCFySKM + pRKrLnOpkd2RoLWA88o0/hAfTdel/fXRjAx8TtKlh1n+UoRhYOGqLJKUZDVGImjJ + xTPGCC+g4b2cNCYU3RVdttSu8+zlfO6ktkySULKbVkJN3ocQmSCmWs2tP6hYvk2i + 5OB3Uxw+OwhtVO76dlby6Idmc8o++ZVm3snbYsgiR7RQf9vHZHR8lKr5fZ/ycq2Q + T+agY/cFLJ+jhfUi8LFtKKcqGLyKKrDywADQWTcIG+cjV33k6ftW678jvsEft6e6 + 2RgspZX5XciTbMPIPGMcH5NZPXi6youcUcqcqDtok7Y1Jj3N5dSmJno5ojyKolZp + PRt4bPx9WuerjzwL5gG9E6n6l24neX6Mq7RDyJfBYtpUvZblezXWUuoReGNczAvj + zZrAKXKnuCEgQ/du7pT8V6qHG5NjovIMm0VDxOJV5jBL4NUox3PGbW5g0vS/nxHc + xKWPq+4zoyA6MsL9sGCqIlSWEqNnSERX19GbJZNYjm1J+aGZ/fZ+MaDJGuCzlxn4 + yjLBuuXSkIrPxxtIV+Yh8Wy5qDNRN7XS1wNxUcmjQn0+7Ou/4W+cTWJ/+yZyC1DK + uYEZh8YBMJo0E4bR4s04SFA6uLIvLigPELxzb0jwZSKXRnQhay6zzZ0CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "GYg9UMw0rFWFS0Yr8HFe81HcGjQw0xbu9wqDWtQPDLH"; + }; + }; + }; +} -- cgit v1.2.3 From 3b7632b0869df134405493579f41c38d0ae1b148 Mon Sep 17 00:00:00 2001 From: Felix Date: Tue, 18 Jan 2022 21:48:34 +0100 Subject: external: add papawhakaaro.r --- krebs/3modules/external/default.nix | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 576a408c..1b51f022 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -563,6 +563,31 @@ in { }; }; }; + papawhakaaro = { + owner = config.krebs.users.feliks; + nets = { + retiolum = { + ip4.addr = "10.243.10.243"; + aliases = [ "papawhakaaro.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA4bd0lVUVlzFmM8TuH77C5VctcK4lkw02LbMVQDJ5U+Ww075nNahw + oRHqPgJRwfGW0Tgu/1s5czZ2tAFU3lXoOSBYldAspM3KRZ4DKQsFrL9B0oWarGsK + sUgsuOJprlX4mkfj/eBNINqTqf2kVIH+p43VENQ9ioKmc+qJKm4xfRONRLp871GV + 5jmIvRvQ6JP0RtNd2KpNLaeplzx8M61D9PBOAZkNYAUTpBs4LZBNJj4eFnXBugrz + GkBjmm3Rk7olz0uOZzbeTc6Slv2tgtN5FrQifdy4XIlsKcBTzMkYHEZstmldJgd9 + pGvfmem6uPcXrF+eDJzqUn0ArH7eOIS4F0+DzugJz4qX+ytvE4ag7r2Vx0Pa9TCY + hpn0lqwW+ly1clM0SKt59v1nQ4oRW4UIbAZaIgp4UJbb3IGSwbq7NuadvHpNICHi + 4pqQD+1sSEbGLAZ0bFjLIYFg9zzNjLeAxXpn49WHOEyRlq3h+SUQcG2EuVMI28DX + lILKSoOJsuQupURPubaxkiNEa5neYk9hZ8CWgwSG/VlyRLuNsVDVn2dBma43Mr10 + LHMkX2/a9t7ghokugvV2XMP9Es9A9TGFShM9UtFAlovdad+SQ8FBPNheDwIhjCJe + l5NIrMrmQIveq7QJ1szxYhqfl1ifU0c+YxeMkg3tvEuQV/tk/oki/aECAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "5G49yQPjkkoGZxM6CeDy87y6tB/abtelUAk55wJ4GpP"; + }; + }; + }; hydrogen = { owner = config.krebs.users.sandro; nets = rec { @@ -667,5 +692,8 @@ in { pie_ = {}; domsen = { }; + feliks = { + mail = "feliks@flipdot.org"; + }; }; } -- cgit v1.2.3 From 39d808829c185db7f3393a86b12cb04a8ba24050 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 24 Jan 2022 14:34:18 +0100 Subject: l xjails: switch from sudo to machinectl --- lass/3modules/xjail.nix | 32 +++++++++++++++----------------- 1 file changed, 15 insertions(+), 17 deletions(-) diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix index f94e7ebb..08a28b8e 100644 --- a/lass/3modules/xjail.nix +++ b/lass/3modules/xjail.nix @@ -41,10 +41,6 @@ with import ; type = types.path; default = pkgs.writeScript "echo_lol" "echo lol"; }; - vglrun = mkOption { - type = types.bool; - default = false; - }; wm = mkOption { #TODO find type type = types.str; @@ -122,21 +118,14 @@ with import ; ${pkgs.coreutils}/bin/kill $XEPHYR_PID ''; # TODO fix xephyr which doesn't honor resizes anymore - sudo_ = pkgs.writeDash "${cfg.name}-sudo" (if cfg.vglrun then '' - /var/run/wrappers/bin/sudo -u ${cfg.name} -i ${vglrun_} "$@" - '' else '' + sudo_ = pkgs.writeDash "${cfg.name}-sudo" '' #/var/run/wrappers/bin/sudo -u ${cfg.name} -i env DISPLAY=:${cfg.display} ${cfg.script} "$@" - /var/run/wrappers/bin/sudo -u ${cfg.name} -i ${cfg.script} "$@" - - ''); - vglrun_ = pkgs.writeDash "${cfg.name}-vglrun" '' - DISPLAY=:${cfg.display} ${pkgs.virtualgl}/bin/vglrun ${cfg.extraVglrunArgs} ${cfg.script} "$@" + ${pkgs.systemd}/bin/machinectl shell -E DISPLAY=:0 --uid=${cfg.name} .host ${cfg.script} "$@" ''; in nameValuePair name { existing = newOrExisting; xephyr = xephyr_; sudo = sudo_; - vglrun = vglrun_; } ) config.lass.xjail; in { @@ -161,10 +150,19 @@ with import ; } ) config.lass.xjail; - security.sudo.extraConfig = (concatStringsSep "\n" (mapAttrsToList (_: cfg: - # TODO allow just the right script with sudo - "${cfg.from} ALL=(${cfg.name}) NOPASSWD: ALL" - ) config.lass.xjail)); + security.polkit.extraConfig = (concatStringsSep "\n" (mapAttrsToList (_: cfg: '' + polkit.addRule(function(action, subject) { + if ( + subject.user == "${cfg.from}" && + action.id == "org.freedesktop.machine1.host-shell" && + action.lookup("user") == "${cfg.user}" && + action.lookup("program") == "${cfg.script}" && + true + ) { + return polkit.Result.YES; + } + }); + '') config.lass.xjail)); lass.xjail-bins = mapAttrs' (name: cfg: nameValuePair name (pkgs.writeScriptBin cfg.name '' -- cgit v1.2.3 From 77440ee9a7f040f735bce6e5c06ba15c62451742 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 24 Jan 2022 14:34:48 +0100 Subject: l pipewire: use systemWide mode --- lass/2configs/pipewire.nix | 51 +--------------------------------------------- 1 file changed, 1 insertion(+), 50 deletions(-) diff --git a/lass/2configs/pipewire.nix b/lass/2configs/pipewire.nix index c21ab5d9..24de0e9e 100644 --- a/lass/2configs/pipewire.nix +++ b/lass/2configs/pipewire.nix @@ -8,67 +8,18 @@ powerOnBoot = true; }; - # autostart with login - systemd.user.services.pipewire-pulse = { - wantedBy = [ "graphical-session.target" ]; - }; - environment.systemPackages = with pkgs; [ alsaUtils pulseaudioLight ponymix ]; - environment.variables.PULSE_SERVER = "localhost:4713"; services.pipewire = { enable = true; - socketActivation = false; + systemWide = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; jack.enable = true; - - # https://gitlab.freedesktop.org/pipewire/pipewire/-/wikis/Migrate-PulseAudio#module-native-protocol-tcp - config.pipewire-pulse = { - "context.properties" = { - "log.level" = 2; - }; - "context.modules" = [ - { - name = "libpipewire-module-rtkit"; - # args = { - # "nice.level" = -15; - # "rt.prio" = 88; - # "rt.time.soft" = 200000; - # "rt.time.hard" = 200000; - # }; - flags = [ "ifexists" "nofail" ]; - } - { name = "libpipewire-module-protocol-native"; } - { name = "libpipewire-module-client-node"; } - { name = "libpipewire-module-adapter"; } - { name = "libpipewire-module-metadata"; } - { - name = "libpipewire-module-protocol-pulse"; - args = { - "vm.overrides" = { - # "pulse.min.req" = "32/48000"; - # "pulse.default.req" = "32/48000"; - # "pulse.max.req" = "32/48000"; - "pulse.min.quantum" = "1024/48000"; - # "pulse.max.quantum" = "32/48000"; - }; - "server.address" = [ - "unix:native" - "tcp:4713" - ]; - }; - } - ]; - "stream.properties" = { - # "node.latency" = "32/48000"; - # "resample.quality" = 1; - }; - }; }; } -- cgit v1.2.3 From e422692ef62655ddb5dcd0e5b95d7e25ce898a7f Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 24 Jan 2022 14:36:22 +0100 Subject: go: fix urls with missing prefix --- krebs/3modules/go.nix | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/krebs/3modules/go.nix b/krebs/3modules/go.nix index fea25e03..80cd90e2 100644 --- a/krebs/3modules/go.nix +++ b/krebs/3modules/go.nix @@ -41,11 +41,17 @@ let fi ;; "POST /") - uri=$(head -c "$req_content_length" \ + uri_candidate=$(head -c "$req_content_length" \ | sed 's/+/ /g;s/%\(..\)/\\x\1/g;' \ | xargs -0 echo -e \ - | tee /tmp/tee.log \ - | ${pkgs.urix}/bin/urix \ + ) + + if $(echo "$uri_candidate" | grep -q '^uri=//.*'); then + # fix urls with missing https: in front + uri_candidate=$(echo "$uri_candidate" | sed 's,//,https://,g') + fi + + uri=$(echo "$uri_candidate" | ${pkgs.urix}/bin/urix \ | head -1 \ ) -- cgit v1.2.3 From 95f7f88185f0bb87d7d81aeab05d12ca47d64533 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 24 Jan 2022 14:36:47 +0100 Subject: l styx.r: use fixed tinc port because of NAT --- krebs/3modules/lass/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index c6924fde..25125157 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -681,7 +681,7 @@ in { aliases = [ "styx.r" ]; - tinc.port = 0; + tinc.port = 654; tinc = { pubkey = '' -----BEGIN PUBLIC KEY----- -- cgit v1.2.3 From baeaee5b081d80ee5c1bebd4a519ce0077da94bd Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 24 Jan 2022 14:56:23 +0100 Subject: nixpkgs: 79c7b6a -> 604c441 --- krebs/nixpkgs.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index f34cfa32..00137182 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "79c7b6a353e22f0eec342dead0bc69fb7ce846db", - "date": "2022-01-09T23:59:32-03:00", - "path": "/nix/store/41cc41pyszadfgkddrp6dv11wkkmq5ji-nixpkgs", - "sha256": "1ihlj5wrzx151zhyr0vbiwyvhhc4g9chbaz4dy2a2i2v9fwwhjl2", + "rev": "604c44137d97b5111be1ca5c0d97f6e24fbc5c2c", + "date": "2022-01-23T10:04:55-08:00", + "path": "/nix/store/r22j0r232a5y02yhd1avaw27zqdbhx1x-nixpkgs", + "sha256": "0gzhigyn8f7vps4a5vc1c8wbim59724s179a7d0h3gv6ss9avdj4", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, -- cgit v1.2.3 From 8f8600f5b70a00666fbb999cb27b451519ae5939 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 24 Jan 2022 14:56:43 +0100 Subject: nixpkgs-unstable: 5aaed40 -> 689b76b --- krebs/nixpkgs-unstable.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 69fae6b8..e8b6076a 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "5aaed40d22f0d9376330b6fa413223435ad6fee5", - "date": "2022-01-13T15:06:32-05:00", - "path": "/nix/store/kb5d8wykvipwcxsyxa4cq70q1hjp4zb4-nixpkgs", - "sha256": "0bs8sr92lzz7mdrlv143draq3j7l42dj69w3px1x31qcr3n5pgcv", + "rev": "689b76bcf36055afdeb2e9852f5ecdd2bf483f87", + "date": "2022-01-23T03:10:13+01:00", + "path": "/nix/store/s6kxwpz8k02mg1wqsf06bsjygwi6xr6j-nixpkgs", + "sha256": "08d38db4707jdm3gws82y6bynh6k8qal4s1cms9zqd9cdwcmylyj", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, -- cgit v1.2.3 From 1c519aa143be66dc41575b1e646ccfa2eb8ef4ce Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 24 Jan 2022 15:13:59 +0100 Subject: l: fix gnome-keyring alias --- lass/2configs/network-manager.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/network-manager.nix b/lass/2configs/network-manager.nix index b41cc7ac..3cdda198 100644 --- a/lass/2configs/network-manager.nix +++ b/lass/2configs/network-manager.nix @@ -14,7 +14,7 @@ users.users.mainUser = { extraGroups = [ "networkmanager" ]; packages = with pkgs; [ - gnome3.gnome_keyring + gnome3.gnome-keyring gnome3.dconf ]; }; -- cgit v1.2.3 From 62431bd8b934a83e476ac0c364362cd755c8242e Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 24 Jan 2022 15:23:51 +0100 Subject: l: use new dconf pkgname --- lass/2configs/baseX.nix | 2 +- lass/2configs/network-manager.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 124eef2c..59d1e018 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -65,7 +65,7 @@ in { gitAndTools.hub git-crypt git-preview - gnome3.dconf + dconf iodine libarchive lm_sensors diff --git a/lass/2configs/network-manager.nix b/lass/2configs/network-manager.nix index 3cdda198..0c59b959 100644 --- a/lass/2configs/network-manager.nix +++ b/lass/2configs/network-manager.nix @@ -15,7 +15,7 @@ extraGroups = [ "networkmanager" ]; packages = with pkgs; [ gnome3.gnome-keyring - gnome3.dconf + dconf ]; }; environment.systemPackages = [ -- cgit v1.2.3 From b846210a1cd5ae96ec46fc4026ec13f80307751e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= Date: Mon, 24 Jan 2022 16:03:45 +0100 Subject: external: one kmein per ssh key --- krebs/3modules/external/kmein.nix | 13 ++++++++++--- krebs/3modules/external/ssh/kmein.kabsa.pub | 1 + krebs/3modules/external/ssh/kmein.manakish.pub | 1 + krebs/3modules/external/ssh/kmein.