From ba47b90d7326c262f3e3327781a16fd8400df062 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 29 Dec 2020 23:57:54 +0100 Subject: l prism.r: activate jitsi --- lass/1systems/prism/config.nix | 1 + lass/2configs/jitsi.nix | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 lass/2configs/jitsi.nix (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 1b63246c6..f63c6a05a 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -121,6 +121,7 @@ with import ; + { # quasi bepasty.nix imports = [ diff --git a/lass/2configs/jitsi.nix b/lass/2configs/jitsi.nix new file mode 100644 index 000000000..1435ccb5c --- /dev/null +++ b/lass/2configs/jitsi.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: +{ + + services.jitsi-meet = { + enable = true; + hostName = "jitsi.lassul.us"; + config = { + enableWelcomePage = true; + requireDisplayName = true; + }; + interfaceConfig = { + SHOW_JITSI_WATERMARK = false; + SHOW_WATERMARK_FOR_GUESTS = false; + }; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 4443"; target = "ACCEPT"; } + { predicate = "-p udp --dport 10000"; target = "ACCEPT"; } + ]; +} -- cgit v1.2.3 From e8de3384c8a5b1f1838ceb4feaea3d18f3305799 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 30 Dec 2020 17:58:04 +0100 Subject: l tv: add ssl via streaming.lassul.us --- lass/2configs/tv.nix | 128 +++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 124 insertions(+), 4 deletions(-) (limited to 'lass') diff --git a/lass/2configs/tv.nix b/lass/2configs/tv.nix index 8e208d5e5..0ca1b340f 100644 --- a/lass/2configs/tv.nix +++ b/lass/2configs/tv.nix @@ -32,7 +32,7 @@ nginxCfg = pkgs.writeText "nginx.conf" '' application/vnd.apple.mpegurl m3u8; video/mp2t ts; } - root /tmp; + root /var/lib/rtmp/tmp; add_header Cache-Control no-cache; # CORS setup @@ -106,6 +106,11 @@ nginxCfg = pkgs.writeText "nginx.conf" '' ''}; } + + location /records { + autoindex on; + root /var/lib/rtmp; + } } } @@ -120,21 +125,128 @@ nginxCfg = pkgs.writeText "nginx.conf" '' live on; hls on; - hls_path /tmp/hls; + hls_path /var/lib/rtmp/tmp/hls; + hls_fragment 1; + hls_playlist_length 10; dash on; - dash_path /tmp/dash; + dash_path /var/lib/rtmp/tmp/dash; } } } ''; in { + + services.nginx = { + enable = true; + virtualHosts."streaming.lassul.us" = { + enableACME = true; + addSSL = true; + locations."/hls".extraConfig = '' + # Serve HLS fragments + types { + application/vnd.apple.mpegurl m3u8; + video/mp2t ts; + } + root /var/lib/rtmp/tmp; + + # Allow CORS preflight requests + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Max-Age' 1728000; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + add_header 'Content-Length' 0; + return 204; + } + + if ($request_method != 'OPTIONS') { + add_header Cache-Control no-cache; + + # CORS setup + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Expose-Headers' 'Content-Length'; + } + ''; + locations."/dash".extraConfig = '' + # Serve DASH fragments + types { + application/dash+xml mpd; + video/mp4 mp4; + } + root /var/lib/rtmp/tmp; + + # Allow CORS preflight requests + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Max-Age' 1728000; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + add_header 'Content-Length' 0; + return 204; + } + if ($request_method != 'OPTIONS') { + add_header Cache-Control no-cache; + + # CORS setup + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Expose-Headers' 'Content-Length'; + } + ''; + locations."= /dash.all.min.js".extraConfig = '' + default_type "text/javascript"; + alias ${pkgs.fetchurl { + url = "http://cdn.dashjs.org/v3.2.0/dash.all.min.js"; + sha256 = "16f0b40gdqsnwqi01s5sz9f1q86dwzscgc3m701jd1sczygi481c"; + }}; + ''; + locations."= /player".extraConfig = '' + default_type "text/html"; + alias ${pkgs.writeText "player.html" '' + + + + + lassulus livestream + + +
+ + +
+ + + + + ''}; + ''; + locations."/records".extraConfig = '' + autoindex on; + root /var/lib/rtmp; + ''; + }; + }; + + fileSystems."/var/lib/rtmp/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = [ "nosuid" "nodev" "noatime" ]; + }; + users.users.rtmp = { - home = "/var/lib/rmtp"; + home = "/var/lib/rtmp"; uid = genid_uint31 "rtmp"; isNormalUser = true; createHome = true; + openssh.authorizedKeys.keys = with config.krebs.users; [ + mic92.pubkey + palo.pubkey + ]; }; systemd.services.nginx-rtmp = { @@ -149,6 +261,14 @@ in { }}/bin/nginx -c ${nginxCfg} -p /var/lib/rtmp ''; serviceConfig = { + ExecStartPre = pkgs.writers.writeDash "setup-rtmp" '' + mkdir -p /var/lib/rtmp/tmp/hls + mkdir -p /var/lib/rtmp/tmp/dash + chown rtmp:users /var/lib/rtmp/tmp/hls + chown rtmp:users /var/lib/rtmp/tmp/dash + chmod 755 /var/lib/rtmp/tmp/hls + chmod 755 /var/lib/rtmp/tmp/dash + ''; User = "rtmp"; }; }; -- cgit v1.2.3 From d6f3d8832d2dd876323d6d6d17dcec17987b47fe Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 2 Jan 2021 01:00:31 +0100 Subject: l: add bindfs module --- lass/3modules/bindfs.nix | 51 +++++++++++++++++++++++++++++++++++++++++++++++ lass/3modules/default.nix | 1 + 2 files changed, 52 insertions(+) create mode 100644 lass/3modules/bindfs.nix (limited to 'lass') diff --git a/lass/3modules/bindfs.nix b/lass/3modules/bindfs.nix new file mode 100644 index 000000000..5c8df8dc5 --- /dev/null +++ b/lass/3modules/bindfs.nix @@ -0,0 +1,51 @@ +with import ; +{ config, pkgs, ... }: +let + cfg = config.lass.bindfs; +in { + options.lass.bindfs = mkOption { + type = types.attrsOf (types.submodule ({ config, ... }: { + options = { + target = mkOption { + description = '' + destination where bindfs mounts to. + second positional argument to bindfs. + ''; + default = config._module.args.name; + type = types.absolute-pathname; + }; + source = mkOption { + description = '' + source folder where the mounted directory is originally. + first positional argument to bindfs. + ''; + type = types.absolute-pathname; + }; + options = mkOption { + description = '' + additional arguments to bindfs + ''; + type = types.listOf types.str; + default = []; + }; + }; + })); + default = {}; + }; + + config = mkIf (cfg != {}) { + systemd.services = mapAttrs' (n: mount: let + name = replaceStrings [ "/" ] [ "_" ] n; + in nameValuePair "bindfs-${name}" { + wantedBy = [ "local-fs.target" ]; + path = [ pkgs.coreutils ]; + serviceConfig = { + ExecStartPre = pkgs.writeDash "bindfs-init-${name}" '' + mkdir -p '${mount.source}' + mkdir -p '${mount.target}' + ''; + ExecStart = "${pkgs.bindfs}/bin/bindfs -f ${concatStringsSep " " mount.options} ${mount.source} ${mount.target}"; + }; + }) cfg; + }; +} diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index c3c73bdcb..5a1a12f89 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -1,6 +1,7 @@ _: { imports = [ + ./bindfs.nix ./dnsmasq.nix ./ejabberd ./folderPerms.nix -- cgit v1.2.3 From 1cbdacb2546adb640143b4ea9db2cac56cfc6f33 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 2 Jan 2021 01:00:55 +0100 Subject: l: add sync-containers module --- lass/3modules/default.nix | 1 + lass/3modules/sync-containers.nix | 165 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 166 insertions(+) create mode 100644 lass/3modules/sync-containers.nix (limited to 'lass') diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 5a1a12f89..8bee08caa 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -13,6 +13,7 @@ _: ./pyload.nix ./restic.nix ./screenlock.nix + ./sync-containers.nix ./usershadow.nix ./xjail.nix ./autowifi.nix diff --git a/lass/3modules/sync-containers.nix b/lass/3modules/sync-containers.nix new file mode 100644 index 000000000..990e32127 --- /dev/null +++ b/lass/3modules/sync-containers.nix @@ -0,0 +1,165 @@ +with import ; +{ config, pkgs, ... }: let + cfg = config.lass.sync-containers; + paths = cname: { + plain = "/var/lib/containers/${cname}/var/state"; + ecryptfs = "${cfg.dataLocation}/${cname}/ecryptfs"; + securefs = "${cfg.dataLocation}/${cname}/securefs"; + }; + start = cname: { + plain = '' + ''; + ecryptfs = '' + if ! mount | grep -q '${cfg.dataLocation}/${cname}/ecryptfs on /var/lib/containers/${cname}/var/state type ecryptfs'; then + if [ -e ${cfg.dataLocation}/${cname}/ecryptfs/.cfg.json ]; then + ${pkgs.ecrypt}/bin/ecrypt mount ${cfg.dataLocation}/${cname}/ecryptfs /var/lib/containers/${cname}/var/state + else + ${pkgs.ecrypt}/bin/ecrypt init ${cfg.dataLocation}/${cname}/ecryptfs /var/lib/containers/${cname}/var/state + fi + fi + ''; + securefs = '' + ## TODO init file systems if it does not exist + # ${pkgs.securefs}/bin/securefs create --format 3 ${cfg.dataLocation}/${cname}/securefs + if ! ${pkgs.mount}/bin/mount | grep -q '^securefs on /var/lib/containers/${cname}/var/state type fuse.securefs'; then + ${pkgs.securefs}/bin/securefs mount ${cfg.dataLocation}/${cname}/securefs /var/lib/containers/${cname}/var/state -b -o allow_other -o default_permissions + fi + ''; + }; + stop = cname: { + plain = '' + ''; + ecryptfs = '' + ${pkgs.ecrypt}/bin/ecrypt unmount ${cfg.dataLocation}/${cname}/ecryptfs /var/lib/containers/${cname}/var/state + ''; + securefs = '' + umount /var/lib/containers/${cname}/var/state + ''; + }; +in { + options.lass.sync-containers = { + dataLocation = mkOption { + description = '' + location where the encrypted sync-container lie around + ''; + default = "/var/lib/sync-containers"; + type = types.absolute-pathname; + }; + containers = mkOption { + type = types.attrsOf (types.submodule ({ config, ... }: { + options = { + name = mkOption { + description = '' + name of the container + ''; + default = config._module.args.name; + type = types.str; + }; + peers = mkOption { + description = '' + syncthing peers to share this container with + ''; + default = []; + type = types.listOf types.str; + }; + hostIp = mkOption { # TODO find this automatically + description = '' + hostAddress of the privateNetwork + ''; + example = "10.233.2.15"; + type = types.str; + }; + localIp = mkOption { # TODO find this automatically + description = '' + localAddress of the privateNetwork + ''; + example = "10.233.2.16"; + type = types.str; + }; + format = mkOption { + description = '' + file system encrption format of the container + ''; + type = types.enum [ "plain" "ecryptfs" "securefs" ]; + }; + }; + })); + default = {}; + }; + }; + + config = mkIf (cfg.containers != {}) { + programs.fuse.userAllowOther = true; + + services.syncthing.declarative.folders = (mapAttrs' (_: ctr: nameValuePair "${(paths ctr.name).${ctr.format}}" ({ + devices = ctr.peers; + ignorePerms = false; + })) cfg.containers); + + krebs.permown = (mapAttrs' (_: ctr: nameValuePair "${(paths ctr.name).${ctr.format}}" ({ + owner = "root"; + group = "syncthing"; + umask = "0007"; + })) cfg.containers); + + systemd.services = mapAttrs' (n: ctr: nameValuePair "containers@${ctr.name}" ({ + reloadIfChanged = mkForce false; + })) cfg.containers; + + containers = mapAttrs' (n: ctr: nameValuePair ctr.name ({ + config = { ... }: { + environment.systemPackages = [ + pkgs.git + ]; + system.activationScripts.fuse = { + text = '' + ${pkgs.coreutils}/bin/mknod /dev/fuse c 10 229 + ''; + deps = []; + }; + }; + allowedDevices = [ + { modifier = "rwm"; node = "/dev/fuse"; } + ]; + autoStart = false; + enableTun = true; + privateNetwork = true; + hostAddress = ctr.hostIp; + localAddress = ctr.localIp; + })) cfg.containers; + + environment.systemPackages = flatten (mapAttrsToList (n: ctr: [ + (pkgs.writeDashBin "start-${ctr.name}" '' + set -euf + set -x + + mkdir -p /var/lib/containers/${ctr.name}/var/state + + ${(start ctr.name).${ctr.format}} + + STATE=$(${pkgs.nixos-container}/bin/nixos-container status ${ctr.name}) + if [ "$STATE" = 'down' ]; then + ${pkgs.nixos-container}/bin/nixos-container start ${ctr.name} + fi + + ${pkgs.nixos-container}/bin/nixos-container run ${ctr.name} -- ${pkgs.writeDash "deploy-${ctr.name}" '' + set -x + + mkdir -p /var/state/var_src + ln -sfTr /var/state/var_src /var/src + touch /etc/NIXOS + ''} + + if [ -h /var/lib/containers/${ctr.name}/var/src/nixos-config ] && (! ping -c1 -q -w5 ${ctr.name}.r); then + ${pkgs.nixos-container}/bin/nixos-container run ${ctr.name} -- nixos-rebuild -I /var/src switch + fi + '') + (pkgs.writeDashBin "stop-${ctr.name}" '' + set -euf + + ${pkgs.nixos-container}/bin/nixos-container stop ${ctr.name} + ${(stop ctr.name).${ctr.format}} + '') + ]) cfg.containers); + }; +} -- cgit v1.2.3 From 480a2e15c0f764841d1f3a575352a1914b77e824 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 4 Jan 2021 12:16:14 +0100 Subject: l sync-containers: fix permissions --- lass/3modules/sync-containers.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'lass') diff --git a/lass/3modules/sync-containers.nix b/lass/3modules/sync-containers.nix index 990e32127..ca81458a9 100644 --- a/lass/3modules/sync-containers.nix +++ b/lass/3modules/sync-containers.nix @@ -97,9 +97,10 @@ in { })) cfg.containers); krebs.permown = (mapAttrs' (_: ctr: nameValuePair "${(paths ctr.name).${ctr.format}}" ({ - owner = "root"; - group = "syncthing"; - umask = "0007"; + file-mode = "u+rw"; + directory-mode = "u+rwx"; + owner = "syncthing"; + keepGoing = false; })) cfg.containers); systemd.services = mapAttrs' (n: ctr: nameValuePair "containers@${ctr.name}" ({ -- cgit v1.2.3 From d9d4257ed0d64a51f2426d32dbb424ec304a74c7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 4 Jan 2021 12:50:55 +0100 Subject: l: add green-host --- lass/2configs/green-host.nix | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 lass/2configs/green-host.nix (limited to 'lass') diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix new file mode 100644 index 000000000..1f17c78c8 --- /dev/null +++ b/lass/2configs/green-host.nix @@ -0,0 +1,19 @@ +{ config, pkgs, ... }: +{ + imports = [ + + + ]; + lass.sync-containers.containers.green = { + peers = [ + "icarus" + "shodan" + "skynet" + "mors" + "littleT" + ]; + hostIp = "10.233.2.15"; + localIp = "10.233.2.16"; + format = "ecryptfs"; + }; +} -- cgit v1.2.3 From 1a066ef070aae21f831ab070fbc383b693a435f1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 7 Jan 2021 15:23:35 +0100 Subject: l go: import shortener via htgen --- lass/2configs/go.nix | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) (limited to 'lass') diff --git a/lass/2configs/go.nix b/lass/2configs/go.nix index ecf89b298..b1c9ed81e 100644 --- a/lass/2configs/go.nix +++ b/lass/2configs/go.nix @@ -15,5 +15,67 @@ ]; }; }; + krebs.htgen.go = { + port = 3333; + script = ''. ${pkgs.writeDash "go" '' + find_item() { + if test ''${#1} -ge 7; then + set -- "$(find "$STATEDIR/items" -mindepth 1 -maxdepth 1 \ + -regex "$STATEDIR/items/$1[0-9A-Za-z]*$")" + if test -n "$1" && test $(echo "$1" | wc -l) = 1; then + echo "$1" + return 0 + fi + fi + return 1 + } + + STATEDIR=$HOME + mkdir -p $STATEDIR/items + + case "$Method $Request_URI" in + "GET /"*) + if item=$(find_item ''${Request_URI#/}); then + uri=$(cat "$item") + printf 'HTTP/1.1 302 Found\r\n' + printf 'Content-Type: text/plain\r\n' + printf 'Connection: closed\r\n' + printf 'Location: %s\r\n' "$uri" + printf '\r\n' + exit + fi + ;; + "POST /") #{ "uri": "http://nixos.org" } + uri=$(mktemp -t htgen.$$.content.XXXXXXXX) + trap "rm $uri >&2" EXIT + + head -c $req_content_length \ + | grep -Eo 'https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)' \ + > $uri + sha256=$(sha256sum -b $uri | cut -d\ -f1) + base32=$(${pkgs.nixStable}/bin/nix-hash --to-base32 --type sha256 $sha256) + item=$STATEDIR/items/$base32 + ref=http://$req_host/$base32 + + if ! test -e $item; then + mkdir -v -p $STATEDIR/items >&2 + cp -v $uri $item >&2 + fi + + base32short=$(echo $base32 | cut -b-7) + if item=$(find_item $base32short); then + ref=$(echo "http://$req_host/$base32short") + fi + + printf 'HTTP/1.1 200 OK\r\n' + printf 'Content-Type: text/plain; charset=UTF-8\r\n' + printf 'Connection: close\r\n' + printf '\r\n' + printf '%s\n' "$ref" + exit + ;; + esac + ''}''; + }; } -- cgit v1.2.3 From 7def09c525e85aaac87ea1dccbc914249af147b7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 7 Jan 2021 15:48:13 +0100 Subject: l go: quote everything, cleanup --- lass/2configs/go.nix | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) (limited to 'lass') diff --git a/lass/2configs/go.nix b/lass/2configs/go.nix index b1c9ed81e..7ff27a619 100644 --- a/lass/2configs/go.nix +++ b/lass/2configs/go.nix @@ -31,11 +31,11 @@ } STATEDIR=$HOME - mkdir -p $STATEDIR/items + mkdir -p "$STATEDIR/items" case "$Method $Request_URI" in "GET /"*) - if item=$(find_item ''${Request_URI#/}); then + if item=$(find_item "''${Request_URI#/}"); then uri=$(cat "$item") printf 'HTTP/1.1 302 Found\r\n' printf 'Content-Type: text/plain\r\n' @@ -45,26 +45,27 @@ exit fi ;; - "POST /") #{ "uri": "http://nixos.org" } + "POST /") uri=$(mktemp -t htgen.$$.content.XXXXXXXX) - trap "rm $uri >&2" EXIT + trap 'rm $uri >&2' EXIT - head -c $req_content_length \ + head -c "$req_content_length" \ | grep -Eo 'https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)' \ + | head -1 \ > $uri - sha256=$(sha256sum -b $uri | cut -d\ -f1) - base32=$(${pkgs.nixStable}/bin/nix-hash --to-base32 --type sha256 $sha256) - item=$STATEDIR/items/$base32 - ref=http://$req_host/$base32 + sha256=$(sha256sum -b "$uri" | cut -d\ -f1) + base32=$(${pkgs.nixStable}/bin/nix-hash --to-base32 --type sha256 "$sha256") + item="$STATEDIR/items/$base32" + ref="http://$req_host/$base32" - if ! test -e $item; then - mkdir -v -p $STATEDIR/items >&2 - cp -v $uri $item >&2 + if ! test -e "$item"; then + mkdir -v -p "$STATEDIR/items" >&2 + cp -v $uri "$item" >&2 fi - base32short=$(echo $base32 | cut -b-7) - if item=$(find_item $base32short); then - ref=$(echo "http://$req_host/$base32short") + base32short=$(echo "$base32" | cut -b-7) + if item=$(find_item "$base32short"); then + ref="http://$req_host/$base32short" fi printf 'HTTP/1.1 200 OK\r\n' -- cgit v1.2.3 From 1653101ed3f4f51408b2d264e8e4e1525d3d3730 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 8 Jan 2021 09:21:43 +0100 Subject: l go: remove redundant htgen definition --- lass/2configs/go.nix | 63 ---------------------------------------------------- 1 file changed, 63 deletions(-) (limited to 'lass') diff --git a/lass/2configs/go.nix b/lass/2configs/go.nix index 7ff27a619..ecf89b298 100644 --- a/lass/2configs/go.nix +++ b/lass/2configs/go.nix @@ -15,68 +15,5 @@ ]; }; }; - krebs.htgen.go = { - port = 3333; - script = ''. ${pkgs.writeDash "go" '' - find_item() { - if test ''${#1} -ge 7; then - set -- "$(find "$STATEDIR/items" -mindepth 1 -maxdepth 1 \ - -regex "$STATEDIR/items/$1[0-9A-Za-z]*$")" - if test -n "$1" && test $(echo "$1" | wc -l) = 1; then - echo "$1" - return 0 - fi - fi - return 1 - } - - STATEDIR=$HOME - mkdir -p "$STATEDIR/items" - - case "$Method $Request_URI" in - "GET /"*) - if item=$(find_item "''${Request_URI#/}"); then - uri=$(cat "$item") - printf 'HTTP/1.1 302 Found\r\n' - printf 'Content-Type: text/plain\r\n' - printf 'Connection: closed\r\n' - printf 'Location: %s\r\n' "$uri" - printf '\r\n' - exit - fi - ;; - "POST /") - uri=$(mktemp -t htgen.$$.content.XXXXXXXX) - trap 'rm $uri >&2' EXIT - - head -c "$req_content_length" \ - | grep -Eo 'https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)' \ - | head -1 \ - > $uri - sha256=$(sha256sum -b "$uri" | cut -d\ -f1) - base32=$(${pkgs.nixStable}/bin/nix-hash --to-base32 --type sha256 "$sha256") - item="$STATEDIR/items/$base32" - ref="http://$req_host/$base32" - - if ! test -e "$item"; then - mkdir -v -p "$STATEDIR/items" >&2 - cp -v $uri "$item" >&2 - fi - - base32short=$(echo "$base32" | cut -b-7) - if item=$(find_item "$base32short"); then - ref="http://$req_host/$base32short" - fi - - printf 'HTTP/1.1 200 OK\r\n' - printf 'Content-Type: text/plain; charset=UTF-8\r\n' - printf 'Connection: close\r\n' - printf '\r\n' - printf '%s\n' "$ref" - exit - ;; - esac - ''}''; - }; } -- cgit v1.2.3 From 2a32b7731496615e43a06ec1049f6716c49a1999 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 16 Jan 2021 22:33:58 +0100 Subject: l: move mail aliases to secrets --- lass/2configs/exim-smarthost.nix | 114 +--------------------------- lass/2configs/tests/dummy-secrets/mails.nix | 1 + 2 files changed, 3 insertions(+), 112 deletions(-) create mode 100644 lass/2configs/tests/dummy-secrets/mails.nix (limited to 'lass') diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 797864b15..b677fe455 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -1,120 +1,10 @@ { config, lib, pkgs, ... }: with import ; let to = concatStringsSep "," [ - "lass@blue.r" + "lass@green.r" ]; - mails = [ - "postmaster@lassul.us" - "lass@lassul.us" - "lassulus@lassul.us" - "test@lassul.us" - "outlook@lassul.us" - "steuer@aidsballs.de" - "lass@aidsballs.de" - "wordpress@ubikmedia.de" - "finanzamt@lassul.us" - "netzclub@lassul.us" - "nebenan@lassul.us" - "feed@lassul.us" - "art@lassul.us" - "irgendwas@lassul.us" - "polo@lassul.us" - "shack@lassul.us" - "nix@lassul.us" - "c-base@lassul.us" - "paypal@lassul.us" - "patreon@lassul.us" - "steam@lassul.us" - "securityfocus@lassul.us" - "radio@lassul.us" - "btce@lassul.us" - "raf@lassul.us" - "apple@lassul.us" - "coinbase@lassul.us" - "tomtop@lassul.us" - "aliexpress@lassul.us" - "business@lassul.us" - "payeer@lassul.us" - "github@lassul.us" - "bitwala@lassul.us" - "bitstamp@lassul.us" - "bitcoin.de@lassul.us" - "ableton@lassul.us" - "dhl@lassul.us" - "sipgate@lassul.us" - "coinexchange@lassul.us" - "verwaltung@lassul.us" - "gearbest@lassul.us" - "binance@lassul.us" - "bitfinex@lassul.us" - "alternate@lassul.us" - "redacted@lassul.us" - "mytaxi@lassul.us" - "pizza@lassul.us" - "robinhood@lassul.us" - "drivenow@lassul.us" - "aws@lassul.us" - "reddit@lassul.us" - "banggood@lassul.us" - "immoscout@lassul.us" - "gmail@lassul.us" - "amazon@lassul.us" - "humblebundle@lassul.us" - "meetup@lassul.us" - "gebfrei@lassul.us" - "github@lassul.us" - "ovh@lassul.us" - "hetzner@lassul.us" - "allygator@lassul.us" - "immoscout@lassul.us" - "elitedangerous@lassul.us" - "boardgamegeek@lassul.us" - "qwertee@lassul.us" - "zazzle@lassul.us" - "hackbeach@lassul.us" - "transferwise@lassul.us" - "cis@lassul.us" - "afra@lassul.us" - "ksp@lassul.us" - "ccc@lassul.us" - "neocron@lassul.us" - "osmocom@lassul.us" - "lesswrong@lassul.us" - "nordvpn@lassul.us" - "csv-direct@lassul.us" - "nintendo@lassul.us" - "overleaf@lassul.us" - "box@lassul.us" - "paloalto@lassul.us" - "subtitles@lassul.us" - "lobsters@lassul.us" - "fysitech@lassul.us" - "threema@lassul.us" - "ubisoft@lassul.us" - "kottezeller@lassul.us" - "pie@lassul.us" - "vebit@lassul.us" - "vcvrack@lassul.us" - "epic@lassul.us" - "microsoft@lassul.us" - "stickers@lassul.us" - "nextbike@lassul.us" - "mytello@lassul.us" - "camp@lassul.us" - "urlwatch@lassul.us" - "lidl@lassul.us" - "geizhals@lassul.us" - "auschein@lassul.us" - "tleech@lassul.us" - "durstexpress@lassul.us" - "acme@lassul.us" - "antstore@lassul.us" - "openweather@lassul.us" - "lobsters@lassul.us" - "rewe@lassul.us" - "spotify@lassul.us" - ]; + mails = import ; in { environment.systemPackages = [ pkgs.review-mail-queue ]; diff --git a/lass/2configs/tests/dummy-secrets/mails.nix b/lass/2configs/tests/dummy-secrets/mails.nix new file mode 100644 index 000000000..fe51488c7 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/mails.nix @@ -0,0 +1 @@ +[] -- cgit v1.2.3