From 67d3a55df5dd7a96d21781a581c249a9e50caaec Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 22 Mar 2019 07:57:34 +0100 Subject: k: add syncthing module --- krebs/3modules/default.nix | 1 + krebs/3modules/syncthing.nix | 129 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 130 insertions(+) create mode 100644 krebs/3modules/syncthing.nix (limited to 'krebs') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 9c2f53cb..567c077e 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -48,6 +48,7 @@ let ./rtorrent.nix ./secret.nix ./setuid.nix + ./syncthing.nix ./tinc.nix ./tinc_graphs.nix ./urlwatch.nix diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix new file mode 100644 index 00000000..389da81d --- /dev/null +++ b/krebs/3modules/syncthing.nix @@ -0,0 +1,129 @@ +{ config, pkgs, ... }: with import ; + +let + + cfg = config.krebs.syncthing; + + devices = mapAttrsToList (name: peer: { + name = name; + deviceID = peer.id; + addresses = peer.addresses; + }) cfg.peers; + + folders = map (folder: { + inherit (folder) path type; + id = folder.path; + devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers; + rescanIntervalS = folder.rescanInterval; + }) cfg.folders; + + getApiKey = pkgs.writeDash "getAPIKey" '' + ${pkgs.libxml2}/bin/xmllint \ + --xpath 'string(configuration/gui/apikey)'\ + ${config.services.syncthing.dataDir}/config.xml + ''; + + updateConfig = pkgs.writeDash "merge-syncthing-config" '' + set -efu + API_KEY=$(${getApiKey}) + CFG=$(${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config) + echo "$CFG" | ${pkgs.jq}/bin/jq -s '.[] * { + "devices": ${builtins.toJSON devices}, + "folders": ${builtins.toJSON folders} + }' | ${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config -d @- + ${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/restart -X POST + ''; + +in + +{ + options.krebs.syncthing = { + + enable = mkEnableOption "syncthing-init"; + + id = mkOption { + type = types.str; + default = config.krebs.build.host.name; + }; + + cert = mkOption { + type = types.nullOr types.absolute-pathname; + default = null; + }; + + key = mkOption { + type = types.nullOr types.absolute-pathname; + default = null; + }; + + peers = mkOption { + default = {}; + type = types.attrsOf (types.submodule ({ + options = { + + # TODO make into addr + port submodule + addresses = mkOption { + type = types.listOf types.str; + default = []; + }; + + #TODO check + id = mkOption { + type = types.str; + }; + + }; + })); + }; + + folders = mkOption { + default = []; + type = types.listOf (types.submodule ({ + options = { + + path = mkOption { + type = types.absolute-pathname; + }; + + peers = mkOption { + type = types.listOf types.str; + default = []; + }; + + rescanInterval = mkOption { + type = types.int; + default = 60; + }; + + type = mkOption { + type = types.enum [ "sendreceive" "sendonly" "receiveonly" ]; + default = "sendreceive"; + }; + + }; + })); + }; + }; + + config = (mkIf cfg.enable) { + + systemd.services.syncthing = mkIf (cfg.cert != null || cfg.key != null) { + preStart = '' + ${optionalString (cfg.cert != null) "cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem"} + ${optionalString (cfg.key != null) "cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem"} + ''; + }; + + systemd.services.syncthing-init = { + after = [ "syncthing.service" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + User = config.services.syncthing.user; + RemainAfterExit = true; + Type = "oneshot"; + ExecStart = updateConfig; + }; + }; + }; +} -- cgit v1.2.3 From 90ab9c288e0baa6f2e7f7b2e7cdffd10bda89938 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 22 Mar 2019 08:01:03 +0100 Subject: l: add syncthing ids for mors, icarus & skynet --- krebs/3modules/lass/default.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 630c14f1..6849f081 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -204,6 +204,7 @@ in { secure = true; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD"; + syncthing.id = "ZPRS57K-YK32ROQ-7A6MRAV-VOYXQ3I-CQCXISZ-C5PCV2A-GSFLG3I-K7UGGAH"; }; shodan = { cores = 2; @@ -270,6 +271,7 @@ in { secure = true; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPgQIMYiyD4/Co+nlOQWEzCKssemOEXAY/lbIZZaMhj"; + syncthing.id = "7V75LMM-MIFCAIZ-TAWR3AI-OXONVZR-TEW4GBK-URKPPN4-PQFG653-LGHPDQ4"; }; daedalus = { cores = 2; @@ -328,6 +330,7 @@ in { secure = true; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/MmASvx3i09DY1xFVM5jOhZRZA8rMRqtf8bCIkC+t"; + syncthing.id = "KWGPAHH-H53Y2WL-SDAUVQE-7PMYRVP-6Q2INYB-FL535EO-HIE7425-ZCNP7A3"; }; littleT = { cores = 2; -- cgit v1.2.3 From e1f33f0b588cbdc28a91790ee372359678ae8dbe Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Mar 2019 14:18:03 +0100 Subject: l littleT: add wiregrill & syncthing --- krebs/3modules/lass/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 6849f081..eaba2d73 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -368,10 +368,18 @@ in { -----END RSA PUBLIC KEY----- ''; }; + wiregrill = { + ip6.addr = w6 "771e"; + aliases = [ + "littleT.w" + ]; + wireguard.pubkey = "VfSTPO1XGqLqujAGCov1yA0WxyRXJndZCW5XYkScNXg="; + }; }; secure = true; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX"; + syncthing.id = "PCDXICO-GMGWKSB-V6CYF3I-LQMZSGV-B7YBJXA-DVO7KXN-TFCSQXW-XY6WNQD"; }; red = { monitoring = false; -- cgit v1.2.3 From c3a1847b9826b9bd08bbf21d006ce7e5e3fe57e1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Mar 2019 16:02:07 +0100 Subject: l blue: add syncthing.id --- krebs/3modules/lass/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index eaba2d73..575ff3d6 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -485,6 +485,7 @@ in { }; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv"; + syncthing.id = "J2LMIPD-PBEPVKL-A3MN6NQ-KL6DZ4N-K4GGWZB-E2EPLFN-PDLVAOC-DCSZHAD"; }; phone = { nets = { -- cgit v1.2.3 From 84d0489583e2ee8a299d066e57e28f899c23c3d5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Mar 2019 16:03:20 +0100 Subject: l phone: add syncthing.id --- krebs/3modules/lass/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 575ff3d6..7352d36e 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -499,6 +499,7 @@ in { }; external = true; ci = false; + syncthing.id = "V6D4CKT-7POOIKX-KB6UM7R-3R774RB-DSZ26FE-MSW3VTO-6AIJCIA-ZHJXKA7"; }; morpheus = { cores = 1; -- cgit v1.2.3 From 0bb9321d1b979f64703c22fa6c25a46776da50af Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Mar 2019 16:04:01 +0100 Subject: syncthing folders: add watch & ignorePerms options --- krebs/3modules/syncthing.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix index 389da81d..485dd399 100644 --- a/krebs/3modules/syncthing.nix +++ b/krebs/3modules/syncthing.nix @@ -15,6 +15,9 @@ let id = folder.path; devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers; rescanIntervalS = folder.rescanInterval; + fsWatcherEnabled = folder.watch; + fsWatcherDelayS = folder.watchDelay; + ignorePerms = folder.ignorePerms; }) cfg.folders; getApiKey = pkgs.writeDash "getAPIKey" '' @@ -100,6 +103,21 @@ in default = "sendreceive"; }; + watch = mkOption { + type = types.bool; + default = true; + }; + + watchDelay = mkOption { + type = types.int; + default = 10; + }; + + ignorePerms = mkOption { + type = types.bool; + default = true; + }; + }; })); }; -- cgit v1.2.3 From 86150b31f20772c761dac2ce76862928bcc07537 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Mar 2019 16:04:22 +0100 Subject: syncthing: wait for service startup --- krebs/3modules/syncthing.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix index 485dd399..e7f95f7f 100644 --- a/krebs/3modules/syncthing.nix +++ b/krebs/3modules/syncthing.nix @@ -28,6 +28,8 @@ let updateConfig = pkgs.writeDash "merge-syncthing-config" '' set -efu + # wait for service to restart + ${pkgs.untilport}/bin/untilport localhost 8384 API_KEY=$(${getApiKey}) CFG=$(${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config) echo "$CFG" | ${pkgs.jq}/bin/jq -s '.[] * { -- cgit v1.2.3 From 67ca249e33e977a83b54b21ad7c717e3eaa38d84 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Mar 2019 16:04:50 +0100 Subject: syncthing: increase rescanInterval to track upstream --- krebs/3modules/syncthing.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix index e7f95f7f..3c60eec4 100644 --- a/krebs/3modules/syncthing.nix +++ b/krebs/3modules/syncthing.nix @@ -97,7 +97,7 @@ in rescanInterval = mkOption { type = types.int; - default = 60; + default = 3600; }; type = mkOption { -- cgit v1.2.3 From d40f20b711a71240d235a26b6c87156afc355612 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 29 Mar 2019 18:14:39 +0100 Subject: q-power_supply: init from tv's q --- krebs/5pkgs/simple/q-power_supply.nix | 126 ++++++++++++++++++++++++++++++++++ 1 file changed, 126 insertions(+) create mode 100644 krebs/5pkgs/simple/q-power_supply.nix (limited to 'krebs') diff --git a/krebs/5pkgs/simple/q-power_supply.nix b/krebs/5pkgs/simple/q-power_supply.nix new file mode 100644 index 00000000..87f90019 --- /dev/null +++ b/krebs/5pkgs/simple/q-power_supply.nix @@ -0,0 +1,126 @@ +{ gawk, gnused, writeDashBin }: + +writeDashBin "q-power_supply" '' + power_supply() {( + set -efu + uevent=$1 + eval "$(${gnused}/bin/sed -n ' + s/^\([A-Z_]\+=[0-9A-Za-z_-]*\)$/export \1/p + ' $uevent)" + case $POWER_SUPPLY_NAME in + AC) + exit # not battery + ;; + esac + exec = .42) t_col = "1;32" + else if (r >= 23) t_col = "1;33" + else if (r >= 11) t_col = "1;31" + else t_col = "5;1;31" + return sgr(t_col) strdup("■", t1) sgr(";30") strdup("■", t2) sgr() + } + + function sgr(p) { + return "\x1b[" p "m" + } + + function strdup(s,n,t) { + t = sprintf("%"n"s","") + gsub(/ /,s,t) + return t + } + + END { + name = ENVIRON["POWER_SUPPLY_NAME"] + + charge_unit = "Ah" + charge_now = ENVIRON["POWER_SUPPLY_CHARGE_NOW"] / 10^6 + charge_full = ENVIRON["POWER_SUPPLY_CHARGE_FULL"] / 10^6 + + current_unit = "A" + current_now = ENVIRON["POWER_SUPPLY_CURRENT_NOW"] / 10^6 + + energy_unit = "Wh" + energy_now = ENVIRON["POWER_SUPPLY_ENERGY_NOW"] / 10^6 + energy_full = ENVIRON["POWER_SUPPLY_ENERGY_FULL"] / 10^6 + + power_unit = "W" + power_now = ENVIRON["POWER_SUPPLY_POWER_NOW"] / 10^6 + + voltage_unit = "V" + voltage_now = ENVIRON["POWER_SUPPLY_VOLTAGE_NOW"] / 10^6 + voltage_min_design = ENVIRON["POWER_SUPPLY_VOLTAGE_MIN_DESIGN"] / 10^6 + + #printf "charge_now: %s\n", charge_now + #printf "charge_full: %s\n", charge_full + #printf "current_now: %s\n", current_now + #printf "energy_now: %s\n", energy_now + #printf "energy_full: %s\n", energy_full + #printf "energy_full: %s\n", ENVIRON["POWER_SUPPLY_ENERGY_FULL"] + #printf "energy_full: %s\n", ENVIRON["POWER_SUPPLY_ENERGY_FULL"] / 10^6 + #printf "power_now: %s\n", power_now + #printf "voltage_now: %s\n", voltage_now + + if (current_now == 0 && voltage_now != 0) { + current_now = power_now / voltage_now + } + if (power_now == 0) { + power_now = current_now * voltage_now + } + if (charge_now == 0 && voltage_min_design != 0) { + charge_now = energy_now / voltage_min_design + } + if (energy_now == 0) { + energy_now = charge_now * voltage_min_design + } + if (charge_full == 0 && voltage_min_design != 0) { + charge_full = energy_full / voltage_min_design + } + if (energy_full == 0) { + energy_full = charge_full * voltage_min_design + } + + if (charge_now == 0 || charge_full == 0) { + die("unknown charge") + } + + charge_ratio = charge_now / charge_full + + out = out name + out = out sprintf(" %s", print_bar(10, charge_ratio)) + out = out sprintf(" %d%", charge_ratio * 100) + out = out sprintf(" %.2f%s", charge_now, charge_unit) + if (current_now != 0) { + out = out sprintf("/%.1f%s", current_now, current_unit) + } + out = out sprintf(" %d%s", energy_full, energy_unit) + if (power_now != 0) { + out = out sprintf("/%.1f%s", power_now, power_unit) + } + if (current_now != 0) { + out = out sprintf(" %s", print_hm(charge_now / current_now)) + } + + print out + } + ' + )} + + for uevent in /sys/class/power_supply/*/uevent; do + power_supply "$uevent" || : + done +'' -- cgit v1.2.3 From 2b748822b18a41b6ff9beb6bafeb9753eebb2e56 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 17:47:31 +0200 Subject: nixpkgs: 8abca4b -> 2229509 --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'krebs') diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 28c98ceb..1ee21020 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "8abca4bc7b8b313c6e3073d074d623d1095c0dba", - "date": "2019-03-07T09:54:51+01:00", - "sha256": "1qhhlqkwzxwhq8ga4n7p4zg4nrhl79m6x4qd0pgaic6n4z5m82gr", + "rev": "222950952f15f6b1e9f036b80440b597f23e652d", + "date": "2019-04-05T10:07:50+02:00", + "sha256": "1hfchhy8vlc333sglabk1glkcnv4mrnarm9j4havqn7g5ri68vrd", "fetchSubmodules": false } -- cgit v1.2.3 From 1c014eb05c0022906629ee7fb9189cf6764ddc2f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 18:08:54 +0200 Subject: l prism.r: add syncthing.id --- krebs/3modules/lass/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 7352d36e..0b5eb93c 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -106,6 +106,7 @@ in { }; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; + syncthing.id = "QITFKYQ-VEPIPL2-AZIXHMD-BBT62ML-YHSB35A-BSUIBXS-QYMPFHW-M7XN2QU"; }; archprism = { cores = 1; -- cgit v1.2.3 From a8c958821dcc9912dddb6727a4ad74a4dbcbe02f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 18:10:02 +0200 Subject: l skynet.r: add wiregrill --- krebs/3modules/lass/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 0b5eb93c..9c18f8a7 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -327,6 +327,13 @@ in { -----END RSA PUBLIC KEY----- ''; }; + wiregrill = { + ip6.addr = w6 "5ce7"; + aliases = [ + "skynet.w" + ]; + wireguard.pubkey = "pt9a6nP+YPqxnSskcM9NqRmAmFzbO5bE7wzViFFonnU="; + }; }; secure = true; ssh.privkey.path = ; -- cgit v1.2.3 From e56e7fbe7103f4c570bf8e4cdee764b9ad0b5062 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 18:19:05 +0200 Subject: l phone.w: rotate all keys --- krebs/3modules/lass/default.nix | 4 ++-- krebs/3modules/lass/ssh/android.rsa | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 9c18f8a7..146d7a44 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -502,12 +502,12 @@ in { aliases = [ "phone.w" ]; - wireguard.pubkey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw="; + wireguard.pubkey = "MRicxap2VxPnzmXoOqqjQNGWJ54cQC8Tfy28+IXXsxM="; }; }; external = true; ci = false; - syncthing.id = "V6D4CKT-7POOIKX-KB6UM7R-3R774RB-DSZ26FE-MSW3VTO-6AIJCIA-ZHJXKA7"; + syncthing.id = "DUFMX7V-HNR6WXM-LZB5LJE-TM6QIOH-MTGHEUJ-QSD3XIY-YRFJLOR-G6Y3XQB"; }; morpheus = { cores = 1; diff --git a/krebs/3modules/lass/ssh/android.rsa b/krebs/3modules/lass/ssh/android.rsa index 3d35b76e..675ba8df 100644 --- a/krebs/3modules/lass/ssh/android.rsa +++ b/krebs/3modules/lass/ssh/android.rsa @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPH4c2zQCaCmus4T9GvaY1lrgVR9CKV3Fx1vRn1K1XB u0_a194@android +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPF7RHU4q6w1f3xWcfeAD6u23jDs2fd/H3IuxdT5G1ZL -- cgit v1.2.3 From 212e7f4b9843790e29fd990a17279dc96e181baf Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 18:21:18 +0200 Subject: syncthing: add id option --- krebs/3modules/syncthing.nix | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix index 3c60eec4..34879fd3 100644 --- a/krebs/3modules/syncthing.nix +++ b/krebs/3modules/syncthing.nix @@ -11,8 +11,7 @@ let }) cfg.peers; folders = map (folder: { - inherit (folder) path type; - id = folder.path; + inherit (folder) path id type; devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers; rescanIntervalS = folder.rescanInterval; fsWatcherEnabled = folder.watch; @@ -83,13 +82,18 @@ in folders = mkOption { default = []; - type = types.listOf (types.submodule ({ + type = types.listOf (types.submodule ({ config, ... }: { options = { path = mkOption { type = types.absolute-pathname; }; + id = mkOption { + type = types.str; + default = config.path; + }; + peers = mkOption { type = types.listOf types.str; default = []; -- cgit v1.2.3 From 44a48a8d3a4ce4732545a96828bf41ab6cf283da Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:35:34 +0200 Subject: l: add green.r --- krebs/3modules/lass/default.nix | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 146d7a44..a3b8cab3 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -495,6 +495,46 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv"; syncthing.id = "J2LMIPD-PBEPVKL-A3MN6NQ-KL6DZ4N-K4GGWZB-E2EPLFN-PDLVAOC-DCSZHAD"; }; + + green = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.0.66"; + ip6.addr = r6 "12ee"; + aliases = [ + "green.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwpgFxMxWQ0Cp3I82bLWk + uoDBjWqhM9Pgq6PJSpJjyNAgMkKJcQnWi0WpELaHISAVqjdPGUQSLiar++JN3YBx + ZQGFiucG0ijVJKAUbQQDYbc+RGK8MGO2v3Bv/6E56UKjxtT1zjjvkyXpSC7FN477 + n9IfsvIzH/RLcAP5VnHBYqZ467UR4rqi7T7yWjrEgr+VirY9Opp9LM9YozlbRrlI + hYshk5RET/EvOSwYlw/KJEMMmYHro74neZKIVKoXD3CSE66rncNmdFwD3ZXVxYn6 + m3Eob8ojWPW+CpAL2AurUyq4Igem9JVigZiyKGgaYsdkOWgkYLW2M0DXX+vCRcM6 + BvJgJn7s0PHkLvybEVveTolRWO+I/IG1LN8m0SvrVPXf5JYHB32nKYwVMLwi+BQ1 + pwo0USGByVRv2lWZfy3doKxow0ppilq4DwoT+iqVO4sK5YhPipBHSmCcaxlquHjy + 2k1eb0gYisp0LBjHlhTErXtt4RlrUqs/84RfgtIZYUowJfXbtEbyDmLIlESbY7qk + UlXIMXtY0sWpDivWwpdMj9kJdKlS09QTMeLYz4fFGXMksFmLijx8RKDOYfNWL7oA + udmEOHPzYzu/Ex8RfKJjD4GhWLDvDTcyXDG9vmuDNZGcPHANeg23sGhr5Hz37FRT + 3MVh92sFyMVYkJcL7SISk80CAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + wiregrill = { + ip6.addr = w6 "12ee"; + aliases = [ + "green.w" + ]; + wireguard.pubkey = "lOORkStNJ6iP5ffqjHa/kWOxilJIMW4E6BEtNvNhLGk="; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0wqzo7rMkyw6gqTGuUp8aUA0vtwj0HuuaTIkkOnA30 "; + syncthing.id = "CADHN7J-CWRCWTZ-3GZRLII-JBVZN4N-RGHDGDL-UTAJNYI-RZPHK55-7EYAWQM"; + }; + phone = { nets = { wiregrill = { -- cgit v1.2.3 From 64c8c06f02d6ea59484d94354a574b3a9f5810cd Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 6 Mar 2019 16:38:28 +0100 Subject: 18.09 -> 19.03 --- krebs/update-channel.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/update-channel.sh b/krebs/update-channel.sh index 7f24cd31..08354357 100755 --- a/krebs/update-channel.sh +++ b/krebs/update-channel.sh @@ -3,7 +3,7 @@ dir=$(dirname $0) oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ --url https://github.com/NixOS/nixpkgs-channels \ - --rev refs/heads/nixos-18.09' \ + --rev refs/heads/nixos-19.03' \ > $dir/nixpkgs.json newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev" -- cgit v1.2.3 From a1cf824e2f5d8bd751f6e625718eb59e345cb666 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 7 Mar 2019 13:14:41 +0100 Subject: blessings: add 19.03 compatibility --- krebs/5pkgs/haskell/blessings.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'krebs') diff --git a/krebs/5pkgs/haskell/blessings.nix b/krebs/5pkgs/haskell/blessings.nix index f730cc72..c35706eb 100644 --- a/krebs/5pkgs/haskell/blessings.nix +++ b/krebs/5pkgs/haskell/blessings.nix @@ -10,6 +10,10 @@ with import ; version = "2.2.0"; sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1"; }; + "19.03" = { + version = "2.2.0"; + sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1"; + }; }.${versions.majorMinor nixpkgsVersion}; in mkDerivation { -- cgit v1.2.3 From 9eb7244146b29d772a0fc173d02394d05a22dae6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 7 Mar 2019 13:23:23 +0100 Subject: email-header: add 19.03 compatibility --- krebs/5pkgs/haskell/email-header.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'krebs') diff --git a/krebs/5pkgs/haskell/email-header.nix b/krebs/5pkgs/haskell/email-header.nix index 4049168c..6689f1d2 100644 --- a/krebs/5pkgs/haskell/email-header.nix +++ b/krebs/5pkgs/haskell/email-header.nix @@ -15,6 +15,11 @@ with import ; rev = "refs/tags/v${cfg.version}"; sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x"; }; + "19.03" = { + version = "0.4.1-tv1"; + rev = "refs/tags/v${cfg.version}"; + sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x"; + }; }.${versions.majorMinor nixpkgsVersion}; in mkDerivation { -- cgit v1.2.3 From 7d7be871d84241aec9b820ed8e379bd3ca610d8e Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 8 Apr 2019 17:34:12 +0200 Subject: nixpkgs: 2229509 -> 67bc63f --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'krebs') diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 1ee21020..b5820868 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "222950952f15f6b1e9f036b80440b597f23e652d", - "date": "2019-04-05T10:07:50+02:00", - "sha256": "1hfchhy8vlc333sglabk1glkcnv4mrnarm9j4havqn7g5ri68vrd", + "rev": "67bc63f9a7ac1b4d1a7114c88ca1a4df03bfdb0e", + "date": "2019-04-06T21:36:45+02:00", + "sha256": "0jzy9kd81dz1v0by3h0znz3z6bmpll3ssza5i5f14j2q54ib145g", "fetchSubmodules": false } -- cgit v1.2.3 From ade34e2ccd55585c50d6cafd533c512755a048bc Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 8 Apr 2019 18:53:54 +0200 Subject: hotdog.r: don't set NIX_REMOTE --- krebs/1systems/hotdog/config.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'krebs') diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 91607337..f68c8ce5 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -21,5 +21,4 @@ boot.isContainer = true; networking.useDHCP = false; - environment.variables.NIX_REMOTE = "daemon"; } -- cgit v1.2.3 From 3fee51f7378a523a95e494d160b7562206cf714b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 9 Apr 2019 16:52:17 +0200 Subject: syncthing: fix permissions of keys --- krebs/3modules/syncthing.nix | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix index 34879fd3..bfbac1db 100644 --- a/krebs/3modules/syncthing.nix +++ b/krebs/3modules/syncthing.nix @@ -133,8 +133,16 @@ in systemd.services.syncthing = mkIf (cfg.cert != null || cfg.key != null) { preStart = '' - ${optionalString (cfg.cert != null) "cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem"} - ${optionalString (cfg.key != null) "cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem"} + ${optionalString (cfg.cert != null) '' + cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem + chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/cert.pem + chmod 400 ${config.services.syncthing.dataDir}/cert.pem + ''} + ${optionalString (cfg.key != null) '' + cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem + chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/key.pem + chmod 400 ${config.services.syncthing.dataDir}/key.pem + ''} ''; }; -- cgit v1.2.3 From 46c06dd997ba8857bef217845cb5c450410383fa Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 11 Apr 2019 15:17:54 +0200 Subject: nixpkgs: 67bc63f -> 5c52b25 --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'krebs') diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index b5820868..de6403bd 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "67bc63f9a7ac1b4d1a7114c88ca1a4df03bfdb0e", - "date": "2019-04-06T21:36:45+02:00", - "sha256": "0jzy9kd81dz1v0by3h0znz3z6bmpll3ssza5i5f14j2q54ib145g", + "rev": "5c52b25283a6cccca443ffb7a358de6fe14b4a81", + "date": "2019-04-09T21:48:56+02:00", + "sha256": "0fhbl6bgabhi1sw1lrs64i0hibmmppy1bh256lq8hxy3a2p1haip", "fetchSubmodules": false } -- cgit v1.2.3