From 468f294635523a39eaf1a6794571948066b63a1c Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 17 Feb 2016 17:23:19 +0100 Subject: tv im: init --- tv/2configs/im.nix | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 tv/2configs/im.nix (limited to 'tv/2configs') diff --git a/tv/2configs/im.nix b/tv/2configs/im.nix new file mode 100644 index 000000000..db1be7f0b --- /dev/null +++ b/tv/2configs/im.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, ... }: +with config.krebs.lib; +{ + environment.systemPackages = with pkgs; [ + (pkgs.writeDashBin "im" '' + export PATH=${makeSearchPath "bin" (with pkgs; [ + tmux + gnugrep + weechat + ])} + if tmux list-sessions -F\#S | grep -q '^im''$'; then + exec tmux attach -t im + else + exec tmux new -s im weechat + fi + '') + ]; + services.bitlbee = { + enable = true; + plugins = [ + pkgs.bitlbee-facebook + ]; + }; +} -- cgit v1.2.3 From d71a8863ac10f34bfe30f950f32bbf57427e2ca7 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 17 Feb 2016 17:30:39 +0100 Subject: tv krebs.backup.plans.nomic-home-xu: init --- tv/2configs/backup.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'tv/2configs') diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix index 641e2d586..decd8b286 100644 --- a/tv/2configs/backup.nix +++ b/tv/2configs/backup.nix @@ -2,6 +2,18 @@ with config.krebs.lib; { krebs.backup.plans = { + nomic-home-xu = { + method = "push"; + src = { host = config.krebs.hosts.nomic; path = "/home"; }; + dst = { host = config.krebs.hosts.xu; path = "/bku/nomic-home"; }; + startAt = "05:00"; + snapshots = { + daily = { format = "%Y-%m-%d"; retain = 7; }; + weekly = { format = "%YW%W"; retain = 4; }; + monthly = { format = "%Y-%m"; retain = 12; }; + yearly = { format = "%Y"; }; + }; + }; wu-home-xu = { method = "push"; src = { host = config.krebs.hosts.wu; path = "/home"; }; -- cgit v1.2.3 From 38cc636c8c1b8d95579ad9a980b29b494f383779 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 17 Feb 2016 22:28:02 +0100 Subject: tv sudo: !lecture --- tv/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'tv/2configs') diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index c4a2d6baa..13699a3d5 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -50,6 +50,7 @@ with config.krebs.lib; { security.sudo.extraConfig = '' Defaults mailto="${config.krebs.users.tv.mail}" + Defaults !lecture ''; time.timeZone = "Europe/Berlin"; } -- cgit v1.2.3 From f5d0b2a4020b3bd5150f9861fb27a7faaddbd0b9 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 17 Feb 2016 23:23:13 +0100 Subject: xu-qemu0: disable systemd-networkd-wait-online --- tv/2configs/xu-qemu0.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'tv/2configs') diff --git a/tv/2configs/xu-qemu0.nix b/tv/2configs/xu-qemu0.nix index 720a8acd8..2b67a8b84 100644 --- a/tv/2configs/xu-qemu0.nix +++ b/tv/2configs/xu-qemu0.nix @@ -27,6 +27,8 @@ with config.krebs.lib; networking.dhcpcd.denyInterfaces = [ "qemubr0" ]; systemd.network.enable = true; + systemd.services.systemd-networkd-wait-online.enable = false; + services.resolved.enable = mkForce false; boot.kernel.sysctl."net.ipv4.ip_forward" = 1; -- cgit v1.2.3 From 970eed274818cb49517fa5ef8b39a30d99302f1e Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 17 Feb 2016 23:35:25 +0100 Subject: tv man: init --- tv/2configs/man.nix | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 tv/2configs/man.nix (limited to 'tv/2configs') diff --git a/tv/2configs/man.nix b/tv/2configs/man.nix new file mode 100644 index 000000000..686e574fc --- /dev/null +++ b/tv/2configs/man.nix @@ -0,0 +1,7 @@ +{ config, lib, pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + manpages + posix_man_pages + ]; +} -- cgit v1.2.3 From f7d6e2043184401f7007b248fbe3af66b2752351 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 17 Feb 2016 23:35:43 +0100 Subject: tv man: inhibit warning break --- tv/2configs/man.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'tv/2configs') diff --git a/tv/2configs/man.nix b/tv/2configs/man.nix index 686e574fc..a84e60b73 100644 --- a/tv/2configs/man.nix +++ b/tv/2configs/man.nix @@ -1,5 +1,10 @@ { config, lib, pkgs, ... }: { + environment.etc."man.conf".source = pkgs.runCommand "man.conf" {} '' + ${pkgs.gnused}/bin/sed <${pkgs.man}/lib/man.conf >$out ' + s:^NROFF\t.*:& -Wbreak: + ' + ''; environment.systemPackages = with pkgs; [ manpages posix_man_pages -- cgit v1.2.3 From 7f1abe50ce0989d96c3d275a4d0481962848714f Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 18 Feb 2016 00:50:10 +0100 Subject: xu-qemu0 host: setup iptables --- tv/2configs/xu-qemu0.nix | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) (limited to 'tv/2configs') diff --git a/tv/2configs/xu-qemu0.nix b/tv/2configs/xu-qemu0.nix index 2b67a8b84..5be4899c8 100644 --- a/tv/2configs/xu-qemu0.nix +++ b/tv/2configs/xu-qemu0.nix @@ -15,17 +15,23 @@ in # # make [install] system=xu-qemu0 target_host=10.56.0.101 -# TODO iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT -# TODO iptables -A FORWARD -i qemubr0 -s 10.56.0.1/24 -m conntrack --ctstate NEW -j ACCEPT -# TODO iptables -A POSTROUTING -t nat -j MASQUERADE -# TODO iptables -A INPUT -i qemubr0 -p udp -m udp --dport bootps -j ACCEPT -# TODO iptables -A INPUT -i qemubr0 -p udp -m udp --dport domain -j ACCEPT - with config.krebs.lib; { networking.dhcpcd.denyInterfaces = [ "qemubr0" ]; + tv.iptables.extra = { + nat.POSTROUTING = ["-j MASQUERADE"]; + filter.FORWARD = [ + "-m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT" + "-i qemubr0 -s 10.56.0.1/24 -m conntrack --ctstate NEW -j ACCEPT" + ]; + filter.INPUT = [ + "-i qemubr0 -p udp -m udp --dport bootps -j ACCEPT" + "-i qemubr0 -p udp -m udp --dport domain -j ACCEPT" + ]; + }; + systemd.network.enable = true; systemd.services.systemd-networkd-wait-online.enable = false; -- cgit v1.2.3 From db6342f58c534bd2ce631fd81d6956cdd8fe4637 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 18 Feb 2016 02:55:46 +0100 Subject: tv: init backup plans xu-pull-cd-{ejabberd,home} --- tv/2configs/backup.nix | 38 ++++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 18 deletions(-) (limited to 'tv/2configs') diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix index decd8b286..b5512662f 100644 --- a/tv/2configs/backup.nix +++ b/tv/2configs/backup.nix @@ -2,41 +2,43 @@ with config.krebs.lib; { krebs.backup.plans = { + } // mapAttrs (_: recursiveUpdate { + snapshots = { + daily = { format = "%Y-%m-%d"; retain = 7; }; + weekly = { format = "%YW%W"; retain = 4; }; + monthly = { format = "%Y-%m"; retain = 12; }; + yearly = { format = "%Y"; }; + }; + }) { nomic-home-xu = { method = "push"; src = { host = config.krebs.hosts.nomic; path = "/home"; }; dst = { host = config.krebs.hosts.xu; path = "/bku/nomic-home"; }; startAt = "05:00"; - snapshots = { - daily = { format = "%Y-%m-%d"; retain = 7; }; - weekly = { format = "%YW%W"; retain = 4; }; - monthly = { format = "%Y-%m"; retain = 12; }; - yearly = { format = "%Y"; }; - }; }; wu-home-xu = { method = "push"; src = { host = config.krebs.hosts.wu; path = "/home"; }; dst = { host = config.krebs.hosts.xu; path = "/bku/wu-home"; }; startAt = "05:00"; - snapshots = { - daily = { format = "%Y-%m-%d"; retain = 7; }; - weekly = { format = "%YW%W"; retain = 4; }; - monthly = { format = "%Y-%m"; retain = 12; }; - yearly = { format = "%Y"; }; - }; }; xu-home-wu = { method = "push"; src = { host = config.krebs.hosts.xu; path = "/home"; }; dst = { host = config.krebs.hosts.wu; path = "/bku/xu-home"; }; startAt = "06:00"; - snapshots = { - daily = { format = "%Y-%m-%d"; retain = 7; }; - weekly = { format = "%YW%W"; retain = 4; }; - monthly = { format = "%Y-%m"; retain = 12; }; - yearly = { format = "%Y"; }; - }; + }; + xu-pull-cd-ejabberd = { + method = "pull"; + src = { host = config.krebs.hosts.cd; path = "/var/ejabberd"; }; + dst = { host = config.krebs.hosts.xu; path = "/bku/cd-ejabberd"; }; + startAt = "07:00"; + }; + xu-pull-cd-home = { + method = "pull"; + src = { host = config.krebs.hosts.cd; path = "/home"; }; + dst = { host = config.krebs.hosts.xu; path = "/bku/cd-home"; }; + startAt = "07:00"; }; } // mapAttrs (_: recursiveUpdate { snapshots = { -- cgit v1.2.3 From ffc47bf80d521635021b3f7a0122092708ebd2bf Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 18 Feb 2016 14:14:30 +0100 Subject: tv urlwatch: filter pypi/vncdotool/json through jq --- tv/2configs/urlwatch.nix | 41 ++++++++++++++++++++++++++++++++++++++--- 1 file changed, 38 insertions(+), 3 deletions(-) (limited to 'tv/2configs') diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix index 0106cddf7..51b53230b 100644 --- a/tv/2configs/urlwatch.nix +++ b/tv/2configs/urlwatch.nix @@ -1,5 +1,5 @@ -{ config, ... }: - +{ config, pkgs, ... }: +with config.krebs.lib; { krebs.urlwatch = { enable = true; @@ -52,8 +52,43 @@ # is derived from `configFile` in: https://raw.githubusercontent.com/NixOS/nixpkgs/master/nixos/modules/services/x11/xserver.nix - https://pypi.python.org/pypi/vncdotool + { + url = https://pypi.python.org/pypi/vncdotool/json; + filter = "system:${pkgs.jq}/bin/jq -r '.releases|keys[]'"; + } https://api.github.com/repos/kanaka/noVNC/tags ]; + hooksFile = toFile "hooks.py" '' + import subprocess + import urlwatch + + class CaseFilter(urlwatch.filters.FilterBase): + """Filter for piping data through an external process""" + + __kind__ = 'system' + + def filter(self, data, subfilter=None): + if subfilter is None: + raise ValueError('The system filter needs a command') + + proc = subprocess.Popen( + subfilter, + shell=True, + stdin=subprocess.PIPE, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + ) + + (stdout, stderr) = proc.communicate(data.encode()) + + if proc.returncode != 0: + raise RuntimeError( + "system filter returned non-zero exit status %d; stderr:\n" + % proc.returncode + + stderr.decode() + ) + + return stdout.decode() + ''; }; } -- cgit v1.2.3