From 0a8b477ca5869bf3de0c10d466695e000aeb1ec1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= Date: Wed, 19 Oct 2022 09:16:30 +0200 Subject: reaktor2 krebsfood: support poi and radius --- krebs/2configs/reaktor2.nix | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index afaac9dae..0ea1ab2fa 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -185,8 +185,9 @@ let }; } { - pattern = "18@p"; + pattern = ''^18@p\s+(\S+)\s+(\d+)m$''; activate = "match"; + arguments = [1 2]; command = { env = { CACHE_DIR = "${stateDir}/krebsfood"; @@ -202,9 +203,16 @@ let osm-restaurants = pkgs.callPackage "${osm-restaurants-src}/osm-restaurants" {}; in pkgs.writeDash "krebsfood" '' set -efu - ecke_lat=52.51252 - ecke_lon=13.41740 - ${osm-restaurants}/bin/osm-restaurants --radius 500 --latitude "$ecke_lat" --longitude "$ecke_lon" \ + poi=$(curl -fsS http://c.r/poi.json | jq --arg name "$1" '.[$name]') + if [ "$poi" = null ]; then + latitude=52.51252 + longitude=13.41740 + else + latitude=$(echo "$poi" | jq -r .latitude) + longitude=$(echo "$poi" | jq -r .longitude) + fi + + ${osm-restaurants}/bin/osm-restaurants --radius "$2" --latitude "$latitude" --longitude "$longitude" \ | ${pkgs.jq}/bin/jq -r '"How about \(.tags.name) (https://www.openstreetmap.org/\(.type)/\(.id)), open \(.tags.opening_hours)?"' ' ''; -- cgit v1.2.3 From 88a92eb27fd46e62b111936d989aba50e797da63 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 1 Nov 2022 12:37:08 +0100 Subject: nixpkgs: 78a37aa -> 1b47226 --- krebs/nixpkgs.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 46e03bc6b..a06b47fb1 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "78a37aa630faa41944060a966607d4f1128ea94b", - "date": "2022-10-14T18:11:43+02:00", - "path": "/nix/store/zmi573bwzr6xg5v6d21gcf14qh9skxy6-nixpkgs", - "sha256": "1rq4m1g7apvcgjp21xjhm94acpw6wyiddd48vhcwgwvsiiircwff", + "rev": "1b4722674c315de0e191d0d79790b4eac51570a1", + "date": "2022-10-31T23:14:26+01:00", + "path": "/nix/store/byvkpdxd5pwixshrfrxgl0z2xc9y9hcs-nixpkgs", + "sha256": "0ykbqcfwx338m1jcln9pj629byxbyr448d88wsryp8sf6p611cv2", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, -- cgit v1.2.3 From 3ca98455ef20c6c4dc4a622e0a282d9e8e30589c Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 1 Nov 2022 12:40:36 +0100 Subject: l rxvt_unicode -> rxvt-unicode --- lass/2configs/IM.nix | 2 +- lass/2configs/baseX.nix | 2 +- lass/2configs/blue-host.nix | 2 +- lass/2configs/default.nix | 2 +- lass/2configs/xmonad.nix | 2 -- 5 files changed, 4 insertions(+), 6 deletions(-) diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix index 8567def02..8db2a05d6 100644 --- a/lass/2configs/IM.nix +++ b/lass/2configs/IM.nix @@ -24,7 +24,7 @@ in { restartIfChanged = false; path = [ - pkgs.rxvt_unicode.terminfo + pkgs.rxvt-unicode-unwrapped.terminfo ]; serviceConfig = { diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index e94cbbd2c..d3775ddbe 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -78,7 +78,7 @@ in { pavucontrol ponymix powertop - rxvt_unicode-with-plugins + rxvt-unicode sshvnc sxiv taskwarrior diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index 7aabf0931..532e55fe5 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -34,7 +34,7 @@ in { config = { ... }: { environment.systemPackages = [ pkgs.git - pkgs.rxvt_unicode.terminfo + pkgs.rxvt-unicode-unwrapped.terminfo ]; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index e8ac55988..49a04e9c2 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -98,7 +98,7 @@ with import ; jq #style - rxvt_unicode.terminfo + rxvt-unicode-unwrapped.terminfo #monitoring tools htop diff --git a/lass/2configs/xmonad.nix b/lass/2configs/xmonad.nix index 3b372189c..fd70f8b15 100644 --- a/lass/2configs/xmonad.nix +++ b/lass/2configs/xmonad.nix @@ -63,8 +63,6 @@ instance UrgencyHook LibNotifyUrgencyHook where safeSpawn "${pkgs.libnotify}/bin/notify-send" [show name, "workspace " ++ idx] myTerm :: FilePath --- myTerm = "${pkgs.rxvt_unicode-with-plugins}/bin/urxvtc -e /run/current-system/sw/bin/xonsh" --- myTerm = "${pkgs.rxvt_unicode-with-plugins}/bin/urxvtc" myTerm = "/run/current-system/sw/bin/alacritty" myFont :: String -- cgit v1.2.3 From eabd3fcd4baf6b5114c495c2f8a8f6cfc30ad9ae Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 1 Nov 2022 12:46:43 +0100 Subject: nixpkgs-unstable: 4428e23 -> d40fea9 --- krebs/nixpkgs-unstable.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 465a1a889..cd0c57f92 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "4428e23312933a196724da2df7ab78eb5e67a88e", - "date": "2022-10-14T02:36:00-05:00", - "path": "/nix/store/i516gwjhbmkgalw3zjfn8ahnvmb198hz-nixpkgs", - "sha256": "1rwr5p7pmi612mc5mwp7hk2l9hyiwrv8lf2cfzpjh5ya46wpw5jq", + "rev": "d40fea9aeb8840fea0d377baa4b38e39b9582458", + "date": "2022-10-31T16:44:53+01:00", + "path": "/nix/store/6z1f9z44ljsxvn0kzlpz03a5m7lbh096-nixpkgs", + "sha256": "1ikpccnyi0b7ql6jak4g3wl4876njybpvknfs6gin461xjp5fi24", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, -- cgit v1.2.3 From c60093ed87174c7d77c6fef124056732132522ce Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 1 Nov 2022 13:03:20 +0100 Subject: l: alsaUtils -> alsa-utils --- lass/2configs/pipewire.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/pipewire.nix b/lass/2configs/pipewire.nix index f6ccd48d4..ec5a67b6e 100644 --- a/lass/2configs/pipewire.nix +++ b/lass/2configs/pipewire.nix @@ -9,7 +9,7 @@ }; environment.systemPackages = with pkgs; [ - alsaUtils + alsa-utils pulseaudio ponymix ]; -- cgit v1.2.3 From 6435c2452b286131130f044e8d829b51f98d529c Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 1 Nov 2022 14:20:37 +0100 Subject: security-workarounds exim: make nixos-unstable compatible --- krebs/2configs/security-workarounds.nix | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/krebs/2configs/security-workarounds.nix b/krebs/2configs/security-workarounds.nix index 74a77a0ed..cb5d236ac 100644 --- a/krebs/2configs/security-workarounds.nix +++ b/krebs/2configs/security-workarounds.nix @@ -4,10 +4,15 @@ nixpkgs.overlays = [ (self: super: { exim = - super.exim.overrideAttrs (old: { + super.exim.overrideAttrs (old: let + key = if builtins.hasAttr "preBuild" old then + "preBuild" + else + "configurePhase"; + in { buildInputs = old.buildInputs ++ [ self.gnutls ]; - preBuild = /* sh */ '' - ${old.preBuild} + ${key} = /* sh */ '' + ${old.${key}} sed -Ei ' s:^USE_OPENSSL=.*:# &: s:^# (USE_GNUTLS)=.*:\1=yes: -- cgit v1.2.3 From 94e9faa655883ec567335187f2684c46fb451da6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 12 Oct 2022 13:32:16 +0200 Subject: drop dev1 server --- krebs/3modules/external/mic92.nix | 30 ------------------------------ 1 file changed, 30 deletions(-) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 58757b0b3..35e72ec2a 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -929,35 +929,5 @@ in { }; }; }; - - dev1 = { - owner = config.krebs.users.mic92; - nets = rec { - internet = { - ip4.addr = "65.108.192.175"; - ip6.addr = "2a01:4f9:1a:94a4::1"; - aliases = [ "dev1.i" ]; - }; - retiolum = { - aliases = [ "dev1.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAwx2l5llCtEdoTRT9UJKHqa/GTqd5f9mUWX/n3HKQHdeEVao6cH9J - LteQ2rJY+Gh2zt3FZYzRBykvArjGmu1qKKnouldFJis0DygUI1jZVbeeNKbA2lZx - 7+jCUIz4kgpA0ggJt/9Nb0xHMGPpgXSMADPHLKODT2FPxA4026pI6xLAZWY1o1SY - oypaIxaOUbqi9M+eR5KRCngUGHBOQm3rGtgw5wYxHsfJqHvqCmFIicxHVifpbzOf - Hf0hDvk6E54PijcrDUfDBkXrEoa1hFezCMnzv0h+1Y4qfueFtCtPbJdYKUo87X04 - PWT/P+x78VY9e7fJswi4bYflXmE6jVg/0gXPNpWNV1iBmbrFMJMduGNiuyBcSAxp - S1ubP/+5D2hgOLCuflLfnPOozPtvV6F/XYKatQGPmgo4d7+z7g4frFKv6Uu9ZMT0 - p2CN/bnVNAEErPbTVLyk8zX6J3ruCBQxucr3dsqyw7pk74tTQlFwH9BY8tWfRrAP - v7rDLHzv/1KA9GRDkbVPJmCkwIlPd9PcqSeHL9pnV9IkFr0UTVJE5qBLDSRW9XAb - QY6wVgsMocMeAxwrx6q+pdX/NAPbBzrmr0IB+DwYfMhZdGWoWEw+NV1wOsQjBzjw - SA63+XAgJ30QR5Z87d5g2Y7560+6oQavMPdt+5kfPTGa48UR7WwYyzsCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "nu1d0uwAE1Lg16SfXkCgGz2blir402mlucwJMfHivrJ"; - }; - }; - }; }; } -- cgit v1.2.3 From 015138925daaaccc57deec816ffe4534c0cdbe7e Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 1 Nov 2022 19:23:59 +0100 Subject: reaktor2: remove duplicate ledger-add fixes wrong merge c68da76ea1ffab8e012527383047bb3dc718b20f --- krebs/2configs/reaktor2.nix | 22 ---------------------- 1 file changed, 22 deletions(-) diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index afaac9dae..41cfd7735 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -210,28 +210,6 @@ let ''; }; } - { - pattern = ''^([\H-]*?):?\s+([+-][1-9][0-9]*)\s+(\S+)$''; - activate = "match"; - arguments = [1 2 3]; - command = { - env = { - # TODO; get state as argument - state_file = "${stateDir}/ledger"; - }; - filename = pkgs.writeDash "ledger-add" '' - set -x - tonick=$1 - amt=$2 - unit=$3 - printf '%s\n %s %d %s\n %s %d %s\n' "$(date -Id)" "$tonick" "$amt" "$unit" "$_from" "$(expr 0 - "''${amt#+}")" "$unit" >> $state_file - ${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \ - | ${pkgs.coreutils}/bin/tail +2 \ - | ${pkgs.miller}/bin/mlr --icsv --opprint cat \ - | ${pkgs.gnugrep}/bin/grep "$_from" - ''; - }; - } bedger-add bedger-balance hooks.sed -- cgit v1.2.3 From 2864eba28a74c96f0256764a75b344fcd6a03f29 Mon Sep 17 00:00:00 2001 From: lc4r Date: Sun, 6 Nov 2022 01:16:35 +0000 Subject: external: add verex --- krebs/3modules/external/default.nix | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 5cb40cfbb..62cbb78a8 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -769,6 +769,31 @@ in { }; }; }; + verex = { + owner = config.krebs.users.lc4r; + nets = { + retiolum = { + ip4.addr = "10.243.232.232"; + aliases = [ "verex.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA7RCGaxVcTK3cPIs5NkbDdKEg/ASLRyKN2tBklvs43fD2lq/t77YK + vtLkZhJokcxzDWNAyUZXgTsmVblYTzbyg+DFhygNwhMSI0vdrG5AoYhWa+eIe8mf + Hxi7TWNTbDx/p66kw2NFDlw6Wbs5enPlMzfZPZj+aI7Dx7GrZRz8TrsKAauSSBKc + Vtl7Aqs2FLk8suiMAOE4JD4Lt/pvR7YSISBo1N6/eBbFEosY1XqYkv+l9a0d948a + k3jfJYRllsBRQzUyseMewwgVEz8Ny+rwk2J4ukSogAlMXXkPD/pYQgdTZwbGWOyY + FMLgb7qULn60aUO6mE/mW9JP90/9cX3CD9McdEFRXV4oM0P9EUq49kN+vinD6JDm + bL9fP+yx3sdzl34dFWDRPwrzn13kTDlRbble8jATRcisxMT1zYiADuRwIx8AeKs7 + O4uc7r/hz8ANO3zksuPhkTUoObTvZyW4mXbac2p6DGv/2aC6jzMRFJsJbWQK1TSr + 9WjeAOknhSP9UGxQWz6AgHNjq04dR3lQk34xMfKfWxRAaMD+T6frWKz++Z07WpUo + OkPlz57jPZ7yeJGwwPM/CMcNNmA6YCqgE2kJo5rVQqlUb90nVRbuiQYYldl1YCIc + Z4X36TKEXPBTiiKf6rFL6dJ64vaVxmOPr3+jdvLSufa/L7uXq3g66ZECAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "9ifWNFwaXe6qLVTW0UrOl2jg7erwTUC7f50Th4Vv2iE"; + }; + }; + }; }; users = { @@ -849,5 +874,8 @@ in { feliks = { mail = "feliks@flipdot.org"; }; + lc4r = { + mail = "lc4r@riseup.net"; + }; }; } -- cgit v1.2.3 From be312a1b1e371da31e79fc3d15474ded5bc94c70 Mon Sep 17 00:00:00 2001 From: Alexander Gaus Date: Tue, 8 Nov 2022 22:04:39 +0100 Subject: external: add rtunreal user and hosts --- krebs/3modules/default.nix | 1 + krebs/3modules/external/rtunreal.nix | 51 ++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 krebs/3modules/external/rtunreal.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 01436d352..7af6b13d9 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -105,6 +105,7 @@ let { krebs = import ./external/kmein.nix { inherit config; }; } { krebs = import ./external/mic92.nix { inherit config; }; } { krebs = import ./external/palo.nix { inherit config; }; } + { krebs = import ./external/rtunreal.nix { inherit config; }; } { krebs = import ./jeschli { inherit config; }; } { krebs = import ./krebs { inherit config; }; } { krebs = import ./lass { inherit config; }; } diff --git a/krebs/3modules/external/rtunreal.nix b/krebs/3modules/external/rtunreal.nix new file mode 100644 index 000000000..8c0e0af2c --- /dev/null +++ b/krebs/3modules/external/rtunreal.nix @@ -0,0 +1,51 @@ +with import ; +{ config, ... }: +let + hostDefaults = hostName: host: flip recursiveUpdate host ({ + ci = false; + external = true; + monitoring = false; + owner = config.krebs.users.rtunreal; + } // optionalAttrs (host.nets?retiolum) { + nets.retiolum = { + ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + }; + } // optionalAttrs (host.nets?wiregrill) { + nets.wiregrill = { + ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; + }; + }); +in +{ + users = rec { + rtunreal = { + # Mail is temporary as it will change in the future and I + # don't want it to be semi permanent + # mail: krebscotemp(a)user-sites[point]de + }; + }; + hosts = mapAttrs hostDefaults { + rtspinner = { + nets.retiolum = { + aliases = [ "spinner.rtunreal.r" ]; + ip4.addr = "10.243.20.18"; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEApgnFW2hCP2Lf+CGMtzgiTyA9sphEKGzVtOTJy+LxZ/WchFU6QiU6 + Dl5ybz/Bor25dbwvQCRsQo42gPb+xyjsoHGu2q1NVazMQobePjt/8Qzfqw+Ydz3e + CC0Lq2J7A5HkzHAevvSHjWh52EfAfu9PGnsszDyWY/oKY+JkBd3wdnE4VsZIhUU6 + Zrmuq+JU53Wy4TAcd3JNStvTW3z7MK4BXxovTV3zSq9sg4a120dyrG/d/m35abvm + V20Qb9VPmG+861f7gBn45M1w9d4X+3Ev8zum60Lk9JDRETfnufbOsSWNFVk2nsc3 + wpCYd+7FMq5hBf75At/pQ32kbsMkAMpQDJlHwE/xmhxYU2mzlMLY6JW1gspOt00C + iny5qqmhMoZ3r1VmGuu1aA00V+My+dj5i+pvZiUQ9DG2eYoKM43Var2XsU6lURpL + UhozcYkb+ax9mqlaPjq2BSYLNzmqTJc3FJY6CcyZxIi4aB8EhDeebYD7wIX115tf + wwMIJB9FgmvwBhL2K48P5p8lmxU0sNidvv/Gnr3Fgf1p+jEo8BC9hDK3gigD0lqo + AGmRrjHQN7AjysTMTllDj8RSoO2LhOYTxVtcMsQnPJ9hfFrgnSpSZok64y0h+QJG + q2WZRBwRYORC7JfKNbE6drRtM6DXccMxOM0eQXoDvg3D5Xg4aqWy3ikCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "eHWJxlhbUQY0rT2PLqbqb9W4hf7zHh3+gEIRaGrxAdB"; + }; + }; + }; +} -- cgit v1.2.3 From 3a35c4c0594c04fb7fa2ec157e9a342e2ffd9fee Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 14 Nov 2022 22:57:52 +0100 Subject: l: init massulus.r --- krebs/3modules/lass/default.nix | 50 ++++++++++++++++++++++++++++++++++++----- 1 file changed, 44 insertions(+), 6 deletions(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 3e58fee1d..bb5b16135 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -1,12 +1,6 @@ with import ; { config, ... }: let - hostDefaults = hostName: host: flip recursiveUpdate host { - ci = true; - monitoring = true; - owner = config.krebs.users.lass; - }; - r6 = ip: (krebs.genipv6 "retiolum" "lass" ip).address; w6 = ip: (krebs.genipv6 "wiregrill" "lass" ip).address; @@ -592,6 +586,50 @@ in { syncthing.id = "CADHN7J-CWRCWTZ-3GZRLII-JBVZN4N-RGHDGDL-UTAJNYI-RZPHK55-7EYAWQM"; }; + massulus = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.0.113"; + ip6.addr = r6 "113"; + aliases = [ + "massulus.r" + ]; + tinc = { + pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApwYalnJ2E1e3WOttPCpt + ypNm2adUXS/pejcbF68oRvgv6NRMOKVkoFVEzdnCLYTkYkwcpGd+oRO91F+ekZrN + ndEoicuzHNyG6NTXfW3Sjj9Au/NoAVwOJxAztzXMBAsH5pi4PSiqIQZC4l6cyv2K + zUNm1LvW5Z5/W0J5XCUw3/B4Py7V/HjW9Yxe8MCaCVVP2kF5SwjmfQ+Yp+8csvU3 + F30xFjcTJjjWUPSkubgxtsfkrbbjzdMZhKldi3l9LhbYWD8O4bUTrTau/Emaaf6e + v5paVh9Kczwg7Ugk9Co3GL4tKOE2I7kRQV2Rg0M5NcRBUwfxkl6JTI2PmY0fNmYd + kdLQ1fKlFOrkyHuPBjZET1UniomlLpdycyyZii+YWLoQNj4JlFl8nAlPbqkiy8EF + LcHvB2VfdjjyBY25TtYPjFzFsEYKd8HQ7djs8rvJvmhu4tLDD6NaOqJPWMo7I7rW + EavQWZd+CELCJNN8eJhYWIGpnq+BI00FKayUAX+OSObYCHD1AikiiIaSjfDCrCJb + KVDj/uczOjxHk6TUVbepFA7C8EAxZ01sgHtUDkIfvcDMs4DGn88PmjPW+V/4MfKl + oqT7aVv6BYJdSK63rH3Iw+qTvdtzj+vcoO+HmRt2I2Be4ZPSeDrt+riaLycrVF00 + yFmvsQgi48/0ZSwaVGR8lFUCAwEAAQ== + -----END PUBLIC KEY----- + ''; + pubkey_ed25519 = "QwKNyv97Q2/fmPrVkgbGIhDTVW+uKu+F2enGCtZJgkM"; + port = 1655; + }; + }; + wiregrill = { + ip6.addr = w6 "113"; + aliases = [ + "massulus.w" + ]; + wireguard.pubkey = '' + 4wXpuDBEJS8J1bxS4paz/eZP1MuMfgHDCvOPn4TYtHQ= + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKH8lFXZ/d2NtqyrpslTGRNBR7FJZCJ6i3UPy0LDl9t7 "; + }; + phone = { nets = { wiregrill = { -- cgit v1.2.3 From 25a384254b15433dfeb67ec03ef7416b1baef5df Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 15 Nov 2022 00:02:44 +0100 Subject: l massulus.r: disable ci --- krebs/3modules/lass/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index bb5b16135..dd516428b 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -588,6 +588,7 @@ in { massulus = { cores = 1; + ci = false; nets = { retiolum = { ip4.addr = "10.243.0.113"; -- cgit v1.2.3 From 1db7318c3f4e8a50f07e45ae458ab8fcca6686cb Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 15 Nov 2022 15:48:15 +0100 Subject: lib.host: add consul option --- krebs/3modules/lass/default.nix | 7 +++++++ lib/types.nix | 8 ++++++++ 2 files changed, 15 insertions(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index dd516428b..ca0c757a3 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -10,6 +10,7 @@ in { }; hosts = mapAttrs (_: recursiveUpdate { owner = config.krebs.users.lass; + consul = true; ci = true; monitoring = true; }) { @@ -412,6 +413,7 @@ in { }; xerxes = { cores = 2; + consul = false; nets = rec { retiolum = { ip4.addr = "10.243.1.3"; @@ -632,6 +634,7 @@ in { }; phone = { + consul = false; nets = { wiregrill = { ip4.addr = "10.244.1.13"; @@ -647,6 +650,7 @@ in { syncthing.id = "PWKVXPB-JCNO6E4-KVIQ7CK-6FSOWHM-AWORMDU-HVVYLKW-44DQTYW-XZT7DQJ"; }; tablet = { + consul = false; nets = { wiregrill = { ip4.addr = "10.244.1.14"; @@ -661,6 +665,7 @@ in { ci = false; }; hilum = { + consul = false; cores = 1; nets = { retiolum = { @@ -836,6 +841,7 @@ in { }; lasspi = { + consul = false; cores = 1; nets = { retiolum = { @@ -879,6 +885,7 @@ in { }; domsen-pixel = { + consul = false; nets = { wiregrill = { ip4.addr = "10.244.1.17"; diff --git a/lib/types.nix b/lib/types.nix index f312b734b..0e0e093fb 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -58,6 +58,14 @@ rec { default = false; }; + consul = mkOption { + description = '' + Whether the host is a member of the global consul network + ''; + type = bool; + default = false; + }; + owner = mkOption { type = user; }; -- cgit v1.2.3 From c9e353d1aaa5d3331dc678a6181de8d96b5b1541 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 15 Nov 2022 15:03:29 +0100 Subject: l: add consul config --- lass/2configs/consul.nix | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 lass/2configs/consul.nix diff --git a/lass/2configs/consul.nix b/lass/2configs/consul.nix new file mode 100644 index 000000000..b8d925de5 --- /dev/null +++ b/lass/2configs/consul.nix @@ -0,0 +1,43 @@ +{ config, lib, pkgs, ... }: +{ + services.consul = { + enable = true; + # dropPrivileges = false; + webUi = true; + # interface.bind = "retiolum"; + extraConfig = { + bind_addr = config.krebs.build.host.nets.retiolum.ip4.addr; + bootstrap_expect = 3; + server = true; + # retry_join = config.services.consul.extraConfig.start_join; + retry_join = lib.mapAttrsToList (n: h: + lib.head h.nets.retiolum.aliases + ) (lib.filterAttrs (n: h: h.consul) config.krebs.hosts); + rejoin_after_leave = true; + + # try to fix random lock loss on leader reelection + retry_interval = "3s"; + performance = { + raft_multiplier = 8; + }; + }; + }; + + environment.etc."consul.d/testservice.json".text = builtins.toJSON { + service = { + name = "testing"; + }; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 8300"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 8301"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 8301"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 8302"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 8302"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 8400"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 8500"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 8600"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 8500"; target = "ACCEPT"; } + ]; +} -- cgit v1.2.3 From 3aae16c8476602f39163b4a786f95ebd8806c71b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 15 Nov 2022 15:27:17 +0100 Subject: l: init sync-containers3 --- lass/3modules/default.nix | 1 + lass/3modules/sync-containers3.nix | 226 +++++++++++++++++++++++++++++++++++++ 2 files changed, 227 insertions(+) create mode 100644 lass/3modules/sync-containers3.nix diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 3a0b1306c..42efa8cd6 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -15,5 +15,6 @@ _: ./xjail.nix ./autowifi.nix ./browsers.nix + ./sync-containers3.nix ]; } diff --git a/lass/3modules/sync-containers3.nix b/lass/3modules/sync-containers3.nix new file mode 100644 index 000000000..5b6fa37e1 --- /dev/null +++ b/lass/3modules/sync-containers3.nix @@ -0,0 +1,226 @@ +{ config, lib, pkgs, ... }: let + cfg = config.lass.sync-containers3; + slib = pkgs.stockholm.lib; +in { + options.lass.sync-containers3 = { + inContainer = { + enable = lib.mkEnableOption "container config for syncing"; + pubkey = lib.mkOption { + type = lib.types.str; # TODO ssh key + }; + }; + containers = lib.mkOption { + default = {}; + type = lib.types.attrsOf (lib.types.submodule ({ config, ... }: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = config._module.args.name; + }; + sshKey = lib.mkOption { + type = slib.types.absolute-pathname; + }; + luksKey = lib.mkOption { + type = slib.types.absolute-pathname; + default = config.sshKey; + }; + ephemeral = lib.mkOption { + type = lib.types.bool; + default = false; + }; + }; + })); + }; + }; + config = lib.mkMerge [ + (lib.mkIf (cfg.containers != {}) { + + containers = lib.mapAttrs' (n: ctr: lib.nameValuePair ctr.name { + config = { + environment.systemPackages = [ + pkgs.dhcpcd + pkgs.git + pkgs.jq + ]; + networking.useDHCP = lib.mkForce true; + systemd.services.autoswitch = { + environment = { + NIX_REMOTE = "daemon"; + }; + wantedBy = [ "multi-user.target" ]; + serviceConfig.ExecStart = pkgs.writers.writeDash "autoswitch" '' + set -efu + ln -frs /var/state/var_src /var/src + if test -e /var/src/nixos-config; then + /run/current-system/sw/bin/nixos-rebuild -I /var/src switch || : + fi + ''; + unitConfig.X-StopOnRemoval = false; + }; + }; + autoStart = false; + enableTun = true; + ephemeral = ctr.ephemeral; + privateNetwork = true; + hostBridge = "ctr0"; + bindMounts = { + "/etc/resolv.conf".hostPath = "/etc/resolv.conf"; + "/var/lib/self/disk" = { + hostPath = "/var/lib/sync-containers3/${ctr.name}/disk"; + isReadOnly = false; + }; + "/var/state" = { + hostPath = "/var/lib/sync-containers3/${ctr.name}/state"; + isReadOnly = false; + }; + }; + }) cfg.containers; + + systemd.services = lib.foldr lib.recursiveUpdate {} (lib.flatten (map (ctr: [ + { "${ctr.name}_syncer" = { + path = with pkgs; [ + coreutils + consul + rsync + openssh + systemd + ]; + startAt = "*:0/1"; + serviceConfig = { + User = "${ctr.name}_container"; + LoadCredential = [ + "ssh_key:${ctr.sshKey}" + ]; + ExecCondition = pkgs.writers.writeDash "${ctr.name}_checker" '' + set -efu + ! systemctl is-active --quiet container@${ctr.name}.service + ''; + ExecStart = pkgs.writers.writeDash "${ctr.name}_syncer" '' + set -efux + consul lock sync_${ctr.name} ${pkgs.writers.writeDash "${ctr.name}-sync" '' + set -efux + if ping -c 1 ${ctr.name}.r; then + touch "$HOME"/incomplete + rsync -a -e "ssh -i $CREDENTIALS_DIRECTORY/ssh_key" --inplace container_sync@${ctr.name}.r:disk "$HOME"/disk + rm "$HOME"/incomplete + fi + ''} + ''; + }; + }; } + { "${ctr.name}_scheduler" = { + wantedBy = [ "multi-user.target" ]; + path = with pkgs; [ + coreutils + consul + cryptsetup + mount + util-linux + systemd + retry + ]; + serviceConfig = let + containerDirectory = lib.removeSuffix "/%i" config.systemd.services."container@${ctr.name}".environment.root; + in { + Restart = "always"; + RestartSec = "5s"; + ExecStart = "${pkgs.consul}/bin/consul lock -verbose -monitor-retry 100 container_${ctr.name} ${pkgs.writers.writeBash "${ctr.name}-start" '' + set -efux + if test -e /var/lib/sync-containers3/${ctr.name}/incomplete; then + echo 'data is inconistent, start aborted' + exit 1 + fi + trap ${pkgs.writers.writeDash "stop-${ctr.name}" '' + set -efux + /run/current-system/sw/bin/nixos-container stop ${ctr.name} || : + umount /var/lib/sync-containers3/${ctr.name}/state || : + cryptsetup luksClose ${ctr.name} || : + ''} INT TERM EXIT + consul kv put containers/${ctr.name}/host ${config.networking.hostName} + cryptsetup luksOpen --key-file ${ctr.luksKey} /var/lib/sync-containers3/${ctr.name}/disk ${ctr.name} + mkdir -p /var/lib/sync-containers3/${ctr.name}/state + mount /dev/mapper/${ctr.name} /var/lib/sync-containers3/${ctr.name}/state + /run/current-system/sw/bin/nixos-container start ${ctr.name} + set +x + until /run/wrappers/bin/ping -q -c 1 ${ctr.name}.r > /dev/null; do sleep 5; done + while retry -t 5 -d 60 -- /run/wrappers/bin/ping -q -c 3 ${ctr.name}.r > /dev/null; do sleep 5; done + echo "lost tinc connection to container, shutting down" + ''}"; + }; + }; } + ]) (lib.attrValues cfg.containers))); + + systemd.timers = lib.mapAttrs' (n: ctr: lib.nameValuePair "${ctr.name}_syncer" { + timerConfig = { + RandomizedDelaySec = 100; + }; + }) cfg.containers; + + users.groups = lib.mapAttrs' (_: ctr: lib.nameValuePair "${ctr.name}_container" { + }) cfg.containers; + users.users = lib.mapAttrs' (_: ctr: lib.nameValuePair "${ctr.name}_container" ({ + group = "container_${ctr.name}"; + isNormalUser = true; + uid = slib.genid_uint31 "container_${ctr.name}"; + home = "/var/lib/sync-containers3/${ctr.name}"; + createHome = true; + homeMode = "705"; + })) cfg.containers; + + }) + (lib.mkIf (cfg.containers != {}) { + # networking + networking.networkmanager.unmanaged = [ "ctr0" ]; + networking.interfaces.dummy0.virtual = true; + networking.bridges.ctr0.interfaces = [ "dummy0" ]; + networking.interfaces.ctr0.ipv4.addresses = [{ + address = "10.233.0.1"; + prefixLength = 24; + }]; + systemd.services."dhcpd-ctr0" = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + Type = "forking"; + Restart = "always"; + DynamicUser = true; + StateDirectory = "dhcpd-ctr0"; + User = "dhcpd-ctr0"; + Group = "dhcpd-ctr0"; + AmbientCapabilities = [ + "CAP_NET_RAW" # to send ICMP messages + "CAP_NET_BIND_SERVICE" # to bind on DHCP port (67) + ]; + ExecStartPre = "${pkgs.coreutils}/bin/touch /var/lib/dhcpd-ctr0/dhcpd.leases"; + ExecStart = "${pkgs.dhcp}/bin/dhcpd -4 -lf /var/lib/dhcpd-ctr0/dhcpd.leases -cf ${pkgs.writeText "dhpd.conf" '' + default-lease-time 600; + max-lease-time 7200; + authoritative; + ddns-update-style interim; + log-facility local1; # see dhcpd.nix + + option subnet-mask 255.255.255.0; + option routers 10.233.0.1; + # option domain-name-servers 8.8.8.8; # TODO configure dns server + subnet 10.233.0.0 netmask 255.255.255.0 { + range 10.233.0.10 10.233.0.250; + } + ''} ctr0"; + }; + }; + }) + (lib.mkIf cfg.inContainer.enable { + users.groups.container_sync = {}; + users.users.container_sync = { + group = "container_sync"; + uid = slib.genid_uint31 "container_sync"; + isNormalUser = true; + home = "/var/lib/self"; + createHome = true; + openssh.authorizedKeys.keys = [ + cfg.inContainer.pubkey + ]; + }; + }) + ]; +} -- cgit v1.2.3 From 93c0c1c017a7ee48d1ad0eab0455a885b462f24e Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 15 Nov 2022 15:34:27 +0100 Subject: l: init pkgs.weechat-matrix --- lass/5pkgs/weechat-matrix/default.nix | 80 +++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 lass/5pkgs/weechat-matrix/default.nix diff --git a/lass/5pkgs/weechat-matrix/default.nix b/lass/5pkgs/weechat-matrix/default.nix new file mode 100644 index 000000000..40848caaa --- /dev/null +++ b/lass/5pkgs/weechat-matrix/default.nix @@ -0,0 +1,80 @@ +{ python3Packages +, lib +, fetchFromGitHub +}: + +with python3Packages; + +let + scriptPython = python.withPackages (ps: with ps; [ + aiohttp + requests + python_magic + ]); + + version = "lassulus-fork"; +in python3Packages.buildPythonPackage { + pname = "weechat-matrix"; + inherit version; + + src = fetchFromGitHub { + owner = "poljar"; + repo = "weechat-matrix"; + rev = version; + hash = "sha256-o4kgneszVLENG167nWnk2FxM+PsMzi+PSyMUMIktZcc="; + }; + # src = ./weechat-matrix; + + propagatedBuildInputs = [ + pyopenssl + webcolors + future + atomicwrites + attrs + Logbook + pygments + matrix-nio + aiohttp + requests + ]; + + passthru.scripts = [ "matrix.py" ]; + + dontBuild = true; + doCheck = false; + + format = "other"; + + installPhase = '' + mkdir -p $out/share $out/bin + cp main.py $out/share/matrix.py + + cp contrib/matrix_upload.py $out/bin/matrix_upload + cp contrib/matrix_decrypt.py $out/bin/matrix_decrypt + cp contrib/matrix_sso_helper.py $out/bin/matrix_sso_helper + substituteInPlace $out/bin/matrix_upload \ + --replace '/usr/bin/env -S python3' '${scriptPython}/bin/python' + substituteInPlace $out/bin/matrix_sso_helper \ + --replace '/usr/bin/env -S python3' '${scriptPython}/bin/python' + substituteInPlace $out/bin/matrix_decrypt \ + --replace '/usr/bin/env python3' '${scriptPython}/bin/python' + + mkdir -p $out/${python.sitePackages} + cp -r matrix $out/${python.sitePackages}/matrix + ''; + + dontPatchShebangs = true; + postFixup = '' + addToSearchPath program_PYTHONPATH $out/${python.sitePackages} + patchPythonScript $out/share/matrix.py + substituteInPlace $out/${python.sitePackages}/matrix/server.py --replace \"matrix_sso_helper\" \"$out/bin/matrix_sso_helper\" + ''; + + meta = with lib; { + description = "A Python plugin for Weechat that lets Weechat communicate over the Matrix protocol"; + homepage = "https://github.com/poljar/weechat-matrix"; + license = licenses.isc; + platforms = platforms.unix; + maintainers = with maintainers; [ tilpner emily ]; + }; +} -- cgit v1.2.3 From 3736bbf091a34ac9ab33b60d872a922080fd81f7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 15 Nov 2022 14:18:11 +0100 Subject: l green.r: add weechat auto mode --- lass/1systems/green/config.nix | 94 +++++++----------- lass/2configs/et-server.nix | 7 ++ lass/2configs/weechat.nix | 221 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 263 insertions(+), 59 deletions(-) create mode 100644 lass/2configs/et-server.nix create mode 100644 lass/2configs/weechat.nix diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix index 5cf7d9242..4fe7782e6 100644 --- a/lass/1systems/green/config.nix +++ b/lass/1systems/green/config.nix @@ -11,78 +11,47 @@ with import ; - + - + + + ]; krebs.build.host = config.krebs.hosts.green; - users.users.mainUser.openssh.authorizedKeys.keys = [ - config.krebs.users.lass-android.pubkey - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0rn3003CkJMk3jZrh/3MC6nVorHRymlFSI4x1brCKY" # weechat ssh tunnel - ]; - - krebs.bindfs = { - "/home/lass/.weechat" = { - source = "/var/state/lass_weechat"; - options = [ - "-M ${concatMapStringsSep ":" (u: toString config.users.users.${u}.uid) [ "syncthing" "mainUser" ]}" - "--create-for-user=${toString config.users.users.syncthing.uid}" - ]; - }; - "/home/lass/Maildir" = { - source = "/var/state/lass_mail"; - options = [ - "-M ${toString config.users.users.mainUser.uid}" - ]; - }; - "/var/lib/bitlbee" = { - source = "/var/state/bitlbee"; - options = [ - "-M ${toString config.users.users.bitlbee.uid}" - ]; - clearTarget = true; - }; - "/home/lass/.ssh" = { - source = "/var/state/lass_ssh"; - options = [ - "-M ${toString config.users.users.mainUser.uid}" - ]; - clearTarget = true; - }; - "/home/lass/.gnupg" = { - source = "/var/state/lass_gnupg"; - options = [ - "-M ${toString config.users.users.mainUser.uid}" - ]; - clearTarget = true; - }; - "/var/lib/git" = { - source = "/var/state/git"; - options = [ - "-M ${toString config.users.users.git.uid}" - ]; - clearTarget = true; - }; + lass.sync-containers3.inContainer = { + enable = true; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlUMf943qEQG64ob81p6dgoHq4jUjq7tSvmSdEOEU2y"; }; - systemd.services."bindfs-_home_lass_Maildir".serviceConfig.ExecStartPost = pkgs.writeDash "symlink-notmuch" '' - sleep 1 - mkdir -p /home/lass/notmuch - chown lass: /home/lass/notmuch - ln -sfTr /home/lass/notmuch /home/lass/Maildir/.notmuch + systemd.tmpfiles.rules = [ + "d /var/state/lass_mail 0700 lass users -" + "L+ /home/lass/Maildir - - - - ../../var/state/lass_mail" + "d /home/lass/notmuch 0700 lass users -" + "L+ /var/state/lass_mail/.notmuch - - - - /home/lass/notmuch" - mkdir -p /home/lass/notmuch/muchsync - chown lass: /home/lass/notmuch/muchsync - mkdir -p /home/lass/Maildir/.muchsync - ln -sfTr /home/lass/Maildir/.muchsync /home/lass/notmuch/muchsync/tmp - ''; + "d /var/state/lass_ssh 0700 lass users -" + "L+ /home/lass/.ssh - - - - ../../var/state/lass_ssh" + "d /var/state/lass_gpg 0700 lass users -" + "L+ /home/lass/.gnupg - - - - ../../var/state/lass_gpg" + "d /var/state/lass_sync 0700 lass users -" + "L+ /home/lass/sync - - - - ../../var/state/lass_sync" + + "d /var/state/git 0700 git nogroup -" + "L+ /var/lib/git - - - - ../../var/state/git" + ]; + + users.users.mainUser.openssh.authorizedKeys.keys = [ + config.krebs.users.lass-android.pubkey + config.krebs.users.lass-tablet.pubkey + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKgpZwye6yavIs3gUIYvSi70spDa0apL2yHR0ASW74z8" # weechat ssh tunnel + ]; krebs.iptables.tables.nat.PREROUTING.rules = [ { predicate = "-i eth0 -p tcp -m tcp --dport 22"; target = "ACCEPT"; precedence = 101; } @@ -93,4 +62,11 @@ with import ; HostKeyAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms +ssh-rsa ''; + + services.dovecot2 = { + enable = true; + mailLocation = "maildir:~/Maildir"; + }; + + networking.firewall.allowedTCPPorts = [ 143 ]; } diff --git a/lass/2configs/et-server.nix b/lass/2configs/et-server.nix new file mode 100644 index 000000000..19961fb84 --- /dev/null +++ b/lass/2configs/et-server.nix @@ -0,0 +1,7 @@ +{ config, lib, pkgs, ... }: +{ + services.eternal-terminal = { + enable = true; + }; + networking.firewall.allowedTCPPorts = [ config.services.eternal-terminal.port ]; +} diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix new file mode 100644 index 000000000..845a7e3b8 --- /dev/null +++ b/lass/2configs/weechat.nix @@ -0,0 +1,221 @@ +{ config, lib, pkgs, ... }: let + + weechat-configured = pkgs.weechat-declarative.override { + config = { + scripts = [ + pkgs.weechat-matrix + pkgs.weechatScripts.wee-slack + ]; + settings = { + irc.server_default.nicks = [ "lassulus" "hackulus" ]; + irc.server.bitlbee = { + addresses = "localhost/6666"; + command = "msg &bitlbee identify \${sec.data.bitlbee}"; + }; + irc.server.hackint = { + addresses = "irc.hackint.org/6697"; + autojoin = [ + "#c3-gsm" + "#panthermoderns" + "#36c3" + "#cccac" + "#nixos" + "#krebs" + "#c-base" + "#afra" + "#tvl" + "#eloop" + "#systemdultras" + "#rc3" + "#krebs-announce" + "#the_playlist" + "#germany" + "#hackint" + "#dezentrale" + "#hackerfleet \${sec.data.c3-gsm}" # TODO support channel passwords in a cooler way + ]; + ssl = true; + sasl_fail = "reconnect"; + sasl_username = "lassulus"; + sasl_password = "\${sec.data.hackint_sasl}"; + }; + irc.server.r = { + addresses = "irc.r"; + autojoin = [ + "#xxx" + "#autowifi" + "#brockman" + "#flix" + "#kollkoll" + "#noise" + "#mukke" + ]; + sasl_fail = "reconnect"; + sasl_username = "lassulus"; + sasl_password = "\${sec.data.r_sasl}"; + anti_flood_prio_high = 0; + anti_flood_prio_low = 0; + }; + irc.server.libera = { + addresses = "irc.libera.chat/6697"; + autojoin = [ + "#shackspace" + "#nixos" + "#krebs" + "#dezentrale" + "#tinc" + "#nixos-de" + "#fysi" + "#hillhacks" + "#nixos-rc3" + "#binaergewitter" + "#hackerfleet" + "#weechat" + ]; + ssl = true; + sasl_username = "lassulus"; + sasl_fail = "reconnect"; + sasl_password = "\${sec.data.libera_sasl}"; + }; + irc.server.news = { + addresses = "news.r"; + autojoin = [ + "#all" + "#aluhut" + "#querdenkos" + "#news" + "#drachengame" + ]; + anti_flood_prio_high = 0; + anti_flood_prio_low = 0; + }; + matrix.server.lassulus = { + address = "matrix.lassul.us"; + username = "lassulus"; + password = "\${sec.data.matrix_lassulus}"; + device_name = config.networking.hostName; + }; + matrix.server.nixos_dev = { + address = "matrix.nixos.dev"; + username = "@lassulus:nixos.dev"; + device_name = config.networking.hostName; + sso_helper_listening_port = 55123; + }; + plugins.var.python.go.short_name = true; + plugins.var.python.go.short_name_server = true; + plugins.var.python.go.fuzzy_search = true; + relay.network.password = "xxx"; # secret? + relay.port.weechat = 9998; + relay.weechat.commands = "*,!exec,!quit"; + weechat.look.buffer_time_format = "%m-%d_%H:%M:%S"; + weechat.look.item_time_format = "%m-%d_%H:%M:%S"; + irc.look.color_nicks_in_names = true; + irc.look.color_nicks_in_nicklist = true; + logger.file.mask = "$plugin.$name/%Y-%m-%d.weechatlog"; + logger.file.path = "/var/state/weechat_logs"; + logger.look.backlog = 1000; + weechat.notify.python.matrix.nixos_dev."!YLoVsCxScyQODoqIbb:hackint.org" = "none"; #c-base + weechat.notify.python.matrix.nixos_dev."!bohcSYPVoePqBDWlvE:hackint.org" = "none"; #krebs + weechat.notify.irc.news."#all" = "highlight"; + + # setting logger levels for channels is currently not possible declarativly + # because of already defined + logger.level.core.weechat = 0; + logger.level.irc = 3; + logger.level.python = 3; + weechat.bar.title.color_bg = 0; + weechat.bar.status.color_bg = 0; + alias.cmd.reload = "exec -oc cat /etc/weechat.set"; + script.scripts.download_enabled = true; + weechat.look.prefix_align = "left"; + weechat.look.prefix_align_max = 20; + irc.look.server_buffer = "independent"; + matrix.look.server_buffer = "independent"; + weechat.bar.buflist.size_max = 20; + weechat.color.chat_nick_colors = [ + 1 2 3 4 5 6 9 + 10 11 12 13 14 + 28 29 + 30 31 32 33 34 35 36 37 38 39 + 70 + 94 + 101 102 103 104 105 106 107 + 130 131 133 134 135 136 137 + 140 141 142 143 + 160 161 162 163 165 166 167 168 169 + 170 171 172 173 174 175 + 196 197 198 199 + 200 201 202 203 204 205 206 208 209 209 + 210 211 212 + ]; + }; + extraCommands = '' + /script upgrade + /script install go.py + /script install nickregain.pl + /script install autosort.py + /key bind meta-q /go + /key bind meta-t /bar toggle nicklist + /key bind meta-y /bar toggle buflist + /filter addreplace irc_smart * irc_smart_filter * + /filter addreplace playlist_topic irc.*.#the_playlist irc_topic * + /filter addreplace xxx_joinpart irc.r.#xxx irc_join,irc_part,irc_quit * + /set logger.level.irc.news 0 + /set logger.level.python.server.nixos_dev = 0; + /set logger.level.irc.hackint.#the_playlist = 0; + /connect bitlbee + /connect r + /connect news + /connect libera + /connect hackint + /matrix connect nixos_dev + /matrix connect lassulus + ''; + files."sec.conf" = toString (pkgs.writeText "sec.conf" '' + [crypt] + cipher = aes256 + hash_algo = sha256 + passphrase_command = "cat $CREDENTIALS_DIRECTORY/WEECHAT_PASSPHRASE" + salt = on + + [data] + __passphrase__ = on + hackint_sasl = "5CA242E92E7A09B180711B50C4AE2E65C42934EB4E584EC82BC1281D8C72CD411D590C16CC435687C0DA13759873CC" + libera_sasl = "9500B5AC3B29F9CAA273F1B89DC99550E038AF95C4B47442B1FB4CB9F0D6B86B26015988AD39E642CA9C4A78DED7F42D1F409B268C93E778" + r_sasl = "CB6FB1421ED5A9094CD2C05462DB1FA87C4A675628ABD9AEC9928A1A6F3F96C07D9F26472331BAF80B7B73270680EB1BBEFD" + c3-gsm = "C49DD845900CFDFA93EEBCE4F1ABF4A963EF6082B7DA6410FA701CC77A04BB6C201FCB864988C4F2B97ED7D44D5A28F162" + matrix.server.nixos_dev.access_token = "C40FE41B9B7B73553D51D8FCBD53871E940FE7FCCAB543E7F4720A924B8E1D58E2B1E1F460F5476C954A223F78CCB956337F6529159C0ECD7CB0384C13CB7170FF1270A577B1C4FF744D20FCF5C708259896F8D9" + bitlbee = "814ECAC59D9CF6E8340B566563E5D7E92AB92209B49C1EDE4CAAC32DD0DF1EC511D97C75E840C45D69BB9E3D03E79C" + matrix_lassulus = "0CA5C0F70A9F893881370F4A665B4CC40FBB1A41E53BC94916CD92B029103528611EC0B390116BE60FA79AE10F486E96E17B0824BE2DE1C97D87B88F5407330DAD70C044147533C36B09B7030CAD97" + ''); + }; + }; + +in { + users.users.mainUser.packages = [ + weechat-configured + ]; + environment.etc."weechat.set".source = "${weechat-configured}/weechat.set"; + systemd.tmpfiles.rules = [ + "d /var/state/weechat_logs 0700 lass users -" + "d /var/state/weechat 0700 lass users -" + "d /var/state/weechat_cfg 0700 lass users -" + "L+ /home/lass/.local/share/weechat - - - - ../../../../var/state/weechat" + "L+ /home/lass/.config/weechat - - - - ../../../../var/state/weechat_cfg" + ]; + + systemd.services.weechat = { + wantedBy = [ "multi-user.target" ]; + restartIfChanged = false; + serviceConfig = { + User = "lass"; + RemainAfterExit = true; + Type = "oneshot"; + LoadCredential = [ + "WEECHAT_PASSPHRASE:${toString }/weechat_passphrase" + ]; + ExecStart = "${pkgs.tmux}/bin/tmux -2 new-session -d -s IM ${weechat-configured}/bin/weechat"; + ExecStop = "${pkgs.tmux}/bin/tmux kill-session -t IM"; # TODO run save in weechat + }; + }; +} -- cgit v1.2.3 From 17fc13592935fc7c8119e24980ea3a83f9773043 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 17 Nov 2022 11:58:59 +0100 Subject: l sync-containers3: don't kill container on lock loss --- lass/3modules/sync-containers3.nix | 124 ++++++++++++++++++++++++++++++------- 1 file changed, 102 insertions(+), 22 deletions(-) diff --git a/lass/3modules/sync-containers3.nix b/lass/3modules/sync-containers3.nix index 5b6fa37e1..104b92b24 100644 --- a/lass/3modules/sync-containers3.nix +++ b/lass/3modules/sync-containers3.nix @@ -99,7 +99,7 @@ in { set -efux consul lock sync_${ctr.name} ${pkgs.writers.writeDash "${ctr.name}-sync" '' set -efux - if ping -c 1 ${ctr.name}.r; then + if /run/wrappers/bin/ping -c 1 ${ctr.name}.r; then touch "$HOME"/incomplete rsync -a -e "ssh -i $CREDENTIALS_DIRECTORY/ssh_key" --inplace container_sync@${ctr.name}.r:disk "$HOME"/disk rm "$HOME"/incomplete @@ -108,6 +108,54 @@ in { ''; }; }; } + { "${ctr.name}_watcher" = { + path = with pkgs; [ + coreutils + consul + cryptsetup + curl + mount + util-linux + jq + ]; + serviceConfig = { + ExecStart = pkgs.writers.writeDash "${ctr.name}_watcher" '' + set -efux + while sleep 5; do + # get the payload + # check if the host reacted recently + case $(curl -s -o /dev/null --retry 10 -w '%{http_code}' http://127.0.0.1:8500/v1/kv/containers/${ctr.name}) in + 404) + echo 'got 404 from kv, should kill the container' + break + ;; + 500) + echo 'got 500 from kv, will kill container' + break + ;; + 200) + # echo 'got 200 from kv, will check payload' + export payload=$(consul kv get containers/${ctr.name}) + if [ "$(jq -rn 'env.payload | fromjson.host')" = '${config.networking.hostName}' ]; then + # echo 'we are the host, continuing' + continue + else + echo 'we are not host, killing container' + break + fi + ;; + *) + echo 'unknown state, continuing' + continue + ;; + esac + done + /run/current-system/sw/bin/nixos-container stop ${ctr.name} || : + umount /var/lib/sync-containers3/${ctr.name}/state || : + cryptsetup luksClose ${ctr.name} || : + ''; + }; + }; } { "${ctr.name}_scheduler" = { wantedBy = [ "multi-user.target" ]; path = with pkgs; [ @@ -116,36 +164,68 @@ in { cryptsetup mount util-linux + curl systemd + jq retry + bc ]; - serviceConfig = let - containerDirectory = lib.removeSuffix "/%i" config.systemd.services."container@${ctr.name}".environment.root; - in { + serviceConfig = { Restart = "always"; - RestartSec = "5s"; - ExecStart = "${pkgs.consul}/bin/consul lock -verbose -monitor-retry 100 container_${ctr.name} ${pkgs.writers.writeBash "${ctr.name}-start" '' + RestartSec = "30s"; + ExecStart = pkgs.writers.writeDash "${ctr.name}_scheduler" '' set -efux + # get the payload + # check if the host reacted recently + case $(curl -s -o /dev/null --retry 10 -w '%{http_code}' http://127.0.0.1:8500/v1/kv/containers/${ctr.name}) in + 404) + # echo 'got 404 from kv, will create container' + ;; + 500) + # echo 'got 500 from kv, retrying again' + exit 0 + ;; + 200) + # echo 'got 200 from kv, will check payload' + export payload=$(consul kv get containers/${ctr.name}) + if [ "$(jq -rn 'env.payload | fromjson.host')" = '${config.networking.hostName}' ]; then + echo 'we are the host, starting container' + else + # echo 'we are not host, checking timestamp' + # if [ $(echo "$(date +%s) - $(jq -rn 'env.payload | fromjson.time') > 100" | bc) -eq 1 ]; then + if [ "$(jq -rn 'env.payload | fromjson.time | now - tonumber > 100')" = 'true' ]; then + echo 'last beacon is more than 100s ago, taking over' + else + # echo 'last beacon was recent. trying again' + exit 0 + fi + fi + ;; + *) + echo 'unknown state, bailing out' + exit 0 + ;; + esac if test -e /var/lib/sync-containers3/${ctr.name}/incomplete; then echo 'data is inconistent, start aborted' exit 1 fi - trap ${pkgs.writers.writeDash "stop-${ctr.name}" '' - set -efux - /run/current-system/sw/bin/nixos-container stop ${ctr.name} || : - umount /var/lib/sync-containers3/${ctr.name}/state || : - cryptsetup luksClose ${ctr.name} || : - ''} INT TERM EXIT - consul kv put containers/${ctr.name}/host ${config.networking.hostName} - cryptsetup luksOpen --key-file ${ctr.luksKey} /var/lib/sync-containers3/${ctr.name}/disk ${ctr.name} - mkdir -p /var/lib/sync-containers3/${ctr.name}/state - mount /dev/mapper/${ctr.name} /var/lib/sync-containers3/${ctr.name}/state - /run/current-system/sw/bin/nixos-container start ${ctr.name} - set +x - until /run/wrappers/bin/ping -q -c 1 ${ctr.name}.r > /dev/null; do sleep 5; done - while retry -t 5 -d 60 -- /run/wrappers/bin/ping -q -c 3 ${ctr.name}.r > /dev/null; do sleep 5; done - echo "lost tinc connection to container, shutting down" - ''}"; + consul kv put containers/${ctr.name} "$(jq -cn '{host: "${config.networking.hostName}", time: now}')" >/dev/null + consul lock -verbose -monitor-retry=100 -timeout 30s -name container_${ctr.name} container_${ctr.name} ${pkgs.writers.writeBash "${ctr.name}-start" '' + set -efu + cryptsetup luksOpen --key-file ${ctr.luksKey} /var/lib/sync-containers3/${ctr.name}/disk ${ctr.name} || : + mkdir -p /var/lib/sync-containers3/${ctr.name}/state + mountpoint /var/lib/sync-containers3/${ctr.name}/state || mount /dev/mapper/${ctr.name} /var/lib/sync-containers3/${ctr.name}/state + /run/current-system/sw/bin/nixos-container start ${ctr.name} + # wait for system to become reachable for the first time + retry -t 10 -d 10 -- /run/wrappers/bin/ping -q -c 1 ${ctr.name}.r > /dev/null + systemctl start ${ctr.name}_watcher.service + while systemctl is-active container@${ctr.name}.service >/devnull && /run/wrappers/bin/ping -q -c 3 ${ctr.name}.r >/dev/null; do + consul kv put containers/${ctr.name} "$(jq -cn '{host: "${config.networking.hostName}", time: now}')" >/dev/null + sleep 10 + done + ''} + ''; }; }; } ]) (lib.attrValues cfg.containers))); -- cgit v1.2.3 From 18adbab5ed2ba7f0bd0bc75e1e82d16ed33e7ab1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= Date: Wed, 19 Oct 2022 09:16:30 +0200 Subject: reaktor2 krebsfood: support poi and radius --- krebs/2configs/reaktor2.nix | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index 41cfd7735..3dc3ce0a9 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -185,8 +185,9 @@ let }; } { - pattern = "18@p"; + pattern = ''^18@p\s+(\S+)\s+(\d+)m$''; activate = "match"; + arguments = [1 2]; command = { env = { CACHE_DIR = "${stateDir}/krebsfood"; @@ -202,9 +203,16 @@ let osm-restaurants = pkgs.callPackage "${osm-restaurants-src}/osm-restaurants" {}; in pkgs.writeDash "krebsfood" '' set -efu - ecke_lat=52.51252 - ecke_lon=13.41740 - ${osm-restaurants}/bin/osm-restaurants --radius 500 --latitude "$ecke_lat" --longitude "$ecke_lon" \ + poi=$(curl -fsS http://c.r/poi.json | jq --arg name "$1" '.[$name]') + if [ "$poi" = null ]; then + latitude=52.51252 + longitude=13.41740 + else + latitude=$(echo "$poi" | jq -r .latitude) + longitude=$(echo "$poi" | jq -r .longitude) + fi + + ${osm-restaurants}/bin/osm-restaurants --radius "$2" --latitude "$latitude" --longitude "$longitude" \ | ${pkgs.jq}/bin/jq -r '"How about \(.tags.name) (https://www.openstreetmap.org/\(.type)/\(.id)), open \(.tags.opening_hours)?"' ' ''; -- cgit v1.2.3 From 9e2d1213b8aa0ea3d7b4dcd6d21a87d26bfca679 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 17 Nov 2022 12:58:43 +0100 Subject: l yellow.r: rotate endpoint, restart after timeout --- lass/1systems/yellow/config.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 554882bf3..309be4ec8 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -164,7 +164,7 @@ with import ; client dev tun proto udp - remote 196.240.57.43 1194 + remote 194.110.84.106 1194 resolv-retry infinite remote-random nobind @@ -174,7 +174,7 @@ with import ; persist-key persist-tun ping 15 - ping-restart 0 + ping-restart 15 ping-timer-rem reneg-sec 0 comp-lzo no -- cgit v1.2.3 From 417439de5c5a7e455f977a50276821bbfa3fa65b Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 17 Nov 2022 12:59:24 +0100 Subject: l yellow.r: use magnetico --- lass/1systems/yellow/config.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 309be4ec8..365ffdba5 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -154,6 +154,7 @@ with import ; tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } # nginx web dir { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } # transmission-web + { predicate = "-p tcp --dport 9092"; target = "ACCEPT"; } # magnetico webinterface { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } # transmission-traffic { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } # transmission-traffic { predicate = "-p tcp --dport 8096"; target = "ACCEPT"; } # jellyfin @@ -271,4 +272,10 @@ with import ; enable = true; group = "download"; }; + + services.magnetico = { + enable = true; + web.address = "0.0.0.0"; + web.port = 9092; + }; } -- cgit v1.2.3 From 3d87ba04777bd92fac8894af385ab5120c081408 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 17 Nov 2022 12:59:44 +0100 Subject: l yellow.r: inotifyTools -> inotify-tools --- lass/1systems/yellow/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 365ffdba5..f5071c4b7 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -251,7 +251,7 @@ with import ; path = [ pkgs.coreutils pkgs.findutils - pkgs.inotifyTools + pkgs.inotify-tools ]; serviceConfig = { Restart = "always"; -- cgit v1.2.3 From 42f6b8ce03f2591cd1cefb23b6c0cf4a0438defd Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 17 Nov 2022 21:46:50 +0100 Subject: nixpkgs: 1b47226 -> 6474d93 --- krebs/nixpkgs.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index a06b47fb1..f836f63f9 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "1b4722674c315de0e191d0d79790b4eac51570a1", - "date": "2022-10-31T23:14:26+01:00", - "path": "/nix/store/byvkpdxd5pwixshrfrxgl0z2xc9y9hcs-nixpkgs", - "sha256": "0ykbqcfwx338m1jcln9pj629byxbyr448d88wsryp8sf6p611cv2", + "rev": "6474d93e007e4d165bcf48e7f87de2175c93d10b", + "date": "2022-11-16T11:41:31+01:00", + "path": "/nix/store/z86f31carhz3sf78kn3lkyq748drgp63-nixpkgs", + "sha256": "00swm7hz3fjyzps75bjyqviw6dqg2cc126wc7lcc1rjkpdyk5iwg", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, -- cgit v1.2.3 From 8df09756e3c11cfa000445067749cf7de7d16e9f Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 17 Nov 2022 22:38:23 +0100 Subject: nixpkgs-unstable: d40fea9 -> b457130 --- krebs/nixpkgs-unstable.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index cd0c57f92..a5d67f2fc 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "d40fea9aeb8840fea0d377baa4b38e39b9582458", - "date": "2022-10-31T16:44:53+01:00", - "path": "/nix/store/6z1f9z44ljsxvn0kzlpz03a5m7lbh096-nixpkgs", - "sha256": "1ikpccnyi0b7ql6jak4g3wl4876njybpvknfs6gin461xjp5fi24", + "rev": "b457130e8a21608675ddf12c7d85227b22a27112", + "date": "2022-11-16T11:03:19+00:00", + "path": "/nix/store/jr123qfmrl53imi48naxh6zs486fqmz2-nixpkgs", + "sha256": "16cjrr3np3f428lxw8yk6n2dqi7mg08zf6h6gv75zpw865jz44df", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, -- cg