From d410977305d210727856093291c851487efcf87a Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 18 Nov 2020 02:50:37 +0100 Subject: tv x220: use services.tlp.settings --- tv/2configs/hw/x220.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'tv/2configs') diff --git a/tv/2configs/hw/x220.nix b/tv/2configs/hw/x220.nix index 61b47553..aadfc669 100644 --- a/tv/2configs/hw/x220.nix +++ b/tv/2configs/hw/x220.nix @@ -48,9 +48,9 @@ }; services.tlp.enable = true; - services.tlp.extraConfig = '' - START_CHARGE_THRESH_BAT0=80 - ''; + services.tlp.settings = { + START_CHARGE_THRESH_BAT0 = 80; + }; nix = { buildCores = 2; -- cgit v1.2.3 From ad9b2a538e4adf2401565997351fb5c3539887ac Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 18 Nov 2020 03:11:28 +0100 Subject: tv config: enable nscd by default --- tv/2configs/default.nix | 3 --- 1 file changed, 3 deletions(-) (limited to 'tv/2configs') diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 87a5c2e1..07e7ff11 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -90,9 +90,6 @@ with import ; { services.cron.enable = false; - services.nscd.enable = - # Since 20.09 nscd doesn't cache anymore. - versionAtLeast (versions.majorMinor version) "20.09"; services.ntp.enable = false; services.timesyncd.enable = true; } -- cgit v1.2.3 From 5b455f5cca910198dfbb7b0fbd1b01acede64446 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 23 Nov 2020 15:52:51 +0100 Subject: tv elm-package-proxy: add rudimentary publish API --- tv/2configs/elm-packages-proxy.nix | 52 +++++++++++++++++++++++++++++++++++--- 1 file changed, 48 insertions(+), 4 deletions(-) (limited to 'tv/2configs') diff --git a/tv/2configs/elm-packages-proxy.nix b/tv/2configs/elm-packages-proxy.nix index 17a0d230..bc471a32 100644 --- a/tv/2configs/elm-packages-proxy.nix +++ b/tv/2configs/elm-packages-proxy.nix @@ -4,20 +4,43 @@ cfg.packageDir = "/var/lib/elm-packages"; cfg.port = 7782; + # TODO secret files + cfg.htpasswd = "/var/lib/certs/package.elm-lang.org/htpasswd"; + cfg.sslCertificate = "/var/lib/certs/package.elm-lang.org/fullchain.pem"; + cfg.sslCertificateKey = "/var/lib/certs/package.elm-lang.org/key.pem"; + + semverRegex = + "(?0|[1-9]\\d*)\\.(?0|[1-9]\\d*)\\.(?0|[1-9]\\d*)(?:-(?(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+(?[0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?"; + in { services.nginx.virtualHosts."package.elm-lang.org" = { addSSL = true; - # TODO secret files - sslCertificate = "/var/lib/certs/package.elm-lang.org/fullchain.pem"; - sslCertificateKey = "/var/lib/certs/package.elm-lang.org/key.pem"; + sslCertificate = cfg.sslCertificate; + sslCertificateKey = cfg.sslCertificateKey; locations."/all-packages/since/".extraConfig = '' proxy_pass http://127.0.0.1:${toString config.krebs.htgen.elm-packages-proxy.port}; proxy_pass_header Server; ''; - locations."~ ^/packages/(?[A-Za-z0-9-]+)/(?[A-Za-z0-9-]+)/(?(?0|[1-9]\\d*)\\.(?0|[1-9]\\d*)\\.(?0|[1-9]\\d*)(?:-(?(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+(?[0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?)/(?:zipball|elm.json|endpoint.json)\$".extraConfig = '' + locations."~ ^/packages/(?[A-Za-z0-9-]+)/(?[A-Za-z0-9-]+)/(?${semverRegex})\$".extraConfig = '' + auth_basic "Restricted Area"; + auth_basic_user_file ${cfg.htpasswd}; + + proxy_set_header X-Author $author; + proxy_set_header X-Package $pname; + proxy_set_header X-Version $version; + proxy_pass_header Server; + + if ($request_method != POST) { + return 405; + } + + proxy_pass http://127.0.0.1:${toString config.krebs.htgen.elm-packages-proxy.port}; + ''; + + locations."~ ^/packages/(?[A-Za-z0-9-]+)/(?[A-Za-z0-9-]+)/(?${semverRegex})/(?:zipball|elm.json|endpoint.json)\$".extraConfig = '' set $zipball "${cfg.packageDir}/$author/$pname/$version/zipball"; proxy_set_header X-Author $author; proxy_set_header X-Package $pname; @@ -119,6 +142,27 @@ in { ;; esac ;; + 'POST /packages/'*) + + author=$req_x_author + pname=$req_x_package + version=$req_x_version + + zipball=${cfg.packageDir}/$author/$pname/$version/zipball + + if test -e "$zipball"; then + string_response 409 Conflict \ + "package already exists: $author/$pname@$version" \ + text/plain + else + mkdir -p "$(dirname "$zipball")" + head -c $req_content_length > "$zipball" + string_response 200 OK \ + "package created: $author/$pname@$version" \ + text/plain + fi + exit + ;; 'POST /all-packages/since/'*) # TODO only show newest? -- cgit v1.2.3 From f9e11a96488d5404cab04244b044d7be371eb45e Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 23 Nov 2020 15:54:13 +0100 Subject: tv elm-package-proxy: list newest packages first --- tv/2configs/elm-packages-proxy.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'tv/2configs') diff --git a/tv/2configs/elm-packages-proxy.nix b/tv/2configs/elm-packages-proxy.nix index bc471a32..cc1e119c 100644 --- a/tv/2configs/elm-packages-proxy.nix +++ b/tv/2configs/elm-packages-proxy.nix @@ -165,7 +165,6 @@ in { ;; 'POST /all-packages/since/'*) - # TODO only show newest? my_packages=$( cd ${cfg.packageDir} find -mindepth 3 -maxdepth 3 | @@ -174,7 +173,9 @@ in { map( select(.!="") | sub("^\\./(?[^/]+)/(?[^/]+)/(?[^/]+)$";"\(.author)/\(.pname)@\(.version)") - ) + ) | + sort_by(split("@") | [.[0]]+(.[1]|split("."))) | + reverse ' ) -- cgit v1.2.3 From fe4d6d217f2e26dca3412b5d682ac830e2ec7141 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 23 Nov 2020 16:02:06 +0100 Subject: tv elm-package-proxy: log uploads --- tv/2configs/elm-packages-proxy.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'tv/2configs') diff --git a/tv/2configs/elm-packages-proxy.nix b/tv/2configs/elm-packages-proxy.nix index cc1e119c..7961bce3 100644 --- a/tv/2configs/elm-packages-proxy.nix +++ b/tv/2configs/elm-packages-proxy.nix @@ -28,6 +28,7 @@ in { auth_basic "Restricted Area"; auth_basic_user_file ${cfg.htpasswd}; + proxy_set_header X-User $remote_user; proxy_set_header X-Author $author; proxy_set_header X-Package $pname; proxy_set_header X-Version $version; @@ -146,6 +147,7 @@ in { author=$req_x_author pname=$req_x_package + user=$req_x_user version=$req_x_version zipball=${cfg.packageDir}/$author/$pname/$version/zipball @@ -155,6 +157,7 @@ in { "package already exists: $author/$pname@$version" \ text/plain else + echo "user $user is uploading package $pname@$version" >&2 mkdir -p "$(dirname "$zipball")" head -c $req_content_length > "$zipball" string_response 200 OK \ -- cgit v1.2.3 From ab1ba36b8fc8d6fa26ed5b0e4210daf33f56bcf9 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 24 Nov 2020 20:13:48 +0100 Subject: tv gitrepos: add mailaids --- tv/2configs/gitrepos.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'tv/2configs') diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index 59090c8e..991281ed 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -83,6 +83,9 @@ let { krops = { cgit.desc = "deployment tools"; }; + mailaids = { + cgit.desc = "Assortment of aids for working with electronic mail"; + }; much = {}; netcup = { cgit.desc = "netcup command line interface"; -- cgit v1.2.3 From 4d31a33a7241ca3aee36c8ae45f5b3992bc2555c Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 27 Nov 2020 10:55:21 +0100 Subject: tv elm-package-proxy: add POST /all-packages --- tv/2configs/elm-packages-proxy.nix | 63 ++++++++++++++++++++++++++++---------- 1 file changed, 47 insertions(+), 16 deletions(-) (limited to 'tv/2configs') diff --git a/tv/2configs/elm-packages-proxy.nix b/tv/2configs/elm-packages-proxy.nix index 7961bce3..b8bbcff4 100644 --- a/tv/2configs/elm-packages-proxy.nix +++ b/tv/2configs/elm-packages-proxy.nix @@ -19,6 +19,11 @@ in { sslCertificate = cfg.sslCertificate; sslCertificateKey = cfg.sslCertificateKey; + locations."/all-packages".extraConfig = '' + proxy_pass http://127.0.0.1:${toString config.krebs.htgen.elm-packages-proxy.port}; + proxy_pass_header Server; + ''; + locations."/all-packages/since/".extraConfig = '' proxy_pass http://127.0.0.1:${toString config.krebs.htgen.elm-packages-proxy.port}; proxy_pass_header Server; @@ -166,11 +171,47 @@ in { fi exit ;; + 'POST /all-packages') + + response=$(mktemp -t htgen.$$.elm-packages-proxy.all-packages.XXXXXXXX) + trap "rm $response >&2" EXIT + + { + # upstream packages + curl -fsS https://package.elm-lang.org"$Request_URI" + + # private packages + (cd ${cfg.packageDir}; find -mindepth 3 -maxdepth 3) | + jq -Rs ' + split("\n") | + map( + select(.!="") | + match("^\\./(?[^/]+)/(?[^/]+)/(?[^/]+)$").captures | + map({key:.name,value:.string}) | + from_entries + ) | + reduce .[] as $item ({}; + ($item|"\(.author)/\(.pname)") as $name | + . + { "\($name)": ((.[$name] // []) + [$item.version]) } + ) + ' + } | + jq -cs add > $response + + file_response 200 OK "$response" 'application/json; charset=UTF-8' + exit + ;; 'POST /all-packages/since/'*) - my_packages=$( - cd ${cfg.packageDir} - find -mindepth 3 -maxdepth 3 | + response=$(mktemp -t htgen.$$.elm-packages-proxy.all-packages.XXXXXXXX) + trap "rm $response >&2" EXIT + + { + # upstream packages + curl -fsS https://package.elm-lang.org"$Request_URI" + + # private packages + (cd ${cfg.packageDir}; find -mindepth 3 -maxdepth 3) | jq -Rs ' split("\n") | map( @@ -180,20 +221,10 @@ in { sort_by(split("@") | [.[0]]+(.[1]|split("."))) | reverse ' - ) - - new_upstream_packages=$( - curl -fsS https://package.elm-lang.org"$Request_URI" - ) - - response=$( - jq -n \ - --argjson my_packages "$my_packages" \ - --argjson new_upstream_packages "$new_upstream_packages" \ - '$new_upstream_packages + $my_packages' - ) + } | + jq -cs add > $response - string_response 200 OK "$response" 'application/json; charset=UTF-8' + file_response 200 OK "$response" 'application/json; charset=UTF-8' exit ;; esac -- cgit v1.2.3 From a054df1437fda82f5a8f85962cfea2b7a053cf74 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 27 Nov 2020 10:55:38 +0100 Subject: tv elm-package-proxy: don't append garbage on OK --- tv/2configs/elm-packages-proxy.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'tv/2configs') diff --git a/tv/2configs/elm-packages-proxy.nix b/tv/2configs/elm-packages-proxy.nix index b8bbcff4..5c2900e1 100644 --- a/tv/2configs/elm-packages-proxy.nix +++ b/tv/2configs/elm-packages-proxy.nix @@ -68,7 +68,7 @@ in { krebs.htgen.elm-packages-proxy = { port = cfg.port; - script = /* sh */ ''(. ${pkgs.writeDash "elm-packages-proxy.sh" '' + script = /* sh */ ''. ${pkgs.writeDash "elm-packages-proxy.sh" '' PATH=${lib.makeBinPath [ pkgs.coreutils pkgs.curl @@ -228,6 +228,6 @@ in { exit ;; esac - ''})''; + ''}''; }; } -- cgit v1.2.3 From f654a4ce8643d64706c56461ac3c389df71dc541 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 27 Nov 2020 11:27:42 +0100 Subject: tv elm-package-proxy: unzip -> p7zip --- tv/2configs/elm-packages-proxy.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'tv/2configs') diff --git a/tv/2configs/elm-packages-proxy.nix b/tv/2configs/elm-packages-proxy.nix index 5c2900e1..4a0491b0 100644 --- a/tv/2configs/elm-packages-proxy.nix +++ b/tv/2configs/elm-packages-proxy.nix @@ -75,7 +75,7 @@ in { pkgs.findutils pkgs.gnugrep pkgs.jq - pkgs.unzip + pkgs.p7zip ]} export PATH file_response() {( @@ -128,7 +128,7 @@ in { ;; elm.json) if ! test -f "$elmjson"; then - unzip -p "$zipball" \*/elm.json > "$elmjson" + 7z x -so "$zipball" \*/elm.json > "$elmjson" fi file_response 200 OK "$elmjson" 'application/json; charset=UTF-8' exit -- cgit v1.2.3 From dc23115abef2b02d7566cc2303abcb15c15dbcfb Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 27 Nov 2020 12:04:51 +0100 Subject: tv elm-package-proxy: log qualified package names --- tv/2configs/elm-packages-proxy.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tv/2configs') diff --git a/tv/2configs/elm-packages-proxy.nix b/tv/2configs/elm-packages-proxy.nix index 4a0491b0..67be0478 100644 --- a/tv/2configs/elm-packages-proxy.nix +++ b/tv/2configs/elm-packages-proxy.nix @@ -162,7 +162,7 @@ in { "package already exists: $author/$pname@$version" \ text/plain else - echo "user $user is uploading package $pname@$version" >&2 + echo "user $user is uploading package $author/$pname@$version" >&2 mkdir -p "$(dirname "$zipball")" head -c $req_content_length > "$zipball" string_response 200 OK \ -- cgit v1.2.3 From be9250c92277bec7672e6f23ced21820888ea065 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 28 Nov 2020 10:33:01 +0100 Subject: tv exim-smarthost: RIP destroy.dyn.shackspace.de --- tv/2configs/exim-smarthost.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'tv/2configs') diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix index 68fbcd15..4a0dcf61 100644 --- a/tv/2configs/exim-smarthost.nix +++ b/tv/2configs/exim-smarthost.nix @@ -26,7 +26,6 @@ with import ; { from = "postmaster@viljetic.de"; to = tv.mail; } # RFC 822 { from = "mirko@viljetic.de"; to = mv-ni.mail; } { from = "tomislav@viljetic.de"; to = tv.mail; } - { from = "tv@destroy.dyn.shackspace.de"; to = tv.mail; } { from = "tv@viljetic.de"; to = tv.mail; } { from = "tv@shackspace.de"; to = tv.mail; } ]; -- cgit v1.2.3 From 08e9db31d6b20cbef0a10414e135cb58b39f91e5 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 2 Dec 2020 00:43:07 +0100 Subject: tv elm-package-proxy: allow GET on /all-packages --- tv/2configs/elm-packages-proxy.nix | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) (limited to 'tv/2configs') diff --git a/tv/2configs/elm-packages-proxy.nix b/tv/2configs/elm-packages-proxy.nix index 67be0478..ecced3da 100644 --- a/tv/2configs/elm-packages-proxy.nix +++ b/tv/2configs/elm-packages-proxy.nix @@ -39,10 +39,6 @@ in { proxy_set_header X-Version $version; proxy_pass_header Server; - if ($request_method != POST) { - return 405; - } - proxy_pass http://127.0.0.1:${toString config.krebs.htgen.elm-packages-proxy.port}; ''; @@ -171,7 +167,7 @@ in { fi exit ;; - 'POST /all-packages') + 'GET /all-packages'|'POST /all-packages') response=$(mktemp -t htgen.$$.elm-packages-proxy.all-packages.XXXXXXXX) trap "rm $response >&2" EXIT @@ -201,7 +197,7 @@ in { file_response 200 OK "$response" 'application/json; charset=UTF-8' exit ;; - 'POST /all-packages/since/'*) + 'GET /all-packages/since/'*|'POST /all-packages/since/'*) response=$(mktemp -t htgen.$$.elm-packages-proxy.all-packages.XXXXXXXX) trap "rm $response >&2" EXIT -- cgit v1.2.3 From 0a5554cd488af0958bc9fb01abdcae3644cbdb0f Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 5 Dec 2020 12:38:30 +0100 Subject: tv elm-package-proxy: add \n to string reponse --- tv/2configs/elm-packages-proxy.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tv/2configs') diff --git a/tv/2configs/elm-packages-proxy.nix b/tv/2configs/elm-packages-proxy.nix index ecced3da..9493a40b 100644 --- a/tv/2configs/elm-packages-proxy.nix +++ b/tv/2configs/elm-packages-proxy.nix @@ -98,7 +98,7 @@ in { printf "HTTP/1.1 $status_code $status_reason\r\n" printf 'Connection: close\r\n' - printf 'Content-Length: %d\r\n' ''${#response_body} + printf 'Content-Length: %d\r\n' "$(expr ''${#response_body} + 1)" printf 'Content-Type: %s\r\n' "$content_type" printf 'Server: %s\r\n' "$Server" printf '\r\n' -- cgit v1.2.3 From 2a9d2a1738028c40204eab493840b5dad01ebdb0 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 5 Dec 2020 12:37:42 +0100 Subject: tv elm-package-proxy: allow replacing own packages --- tv/2configs/elm-packages-proxy.nix | 45 +++++++++++++++++++++++++++++--------- 1 file changed, 35 insertions(+), 10 deletions(-) (limited to 'tv/2configs') diff --git a/tv/2configs/elm-packages-proxy.nix b/tv/2configs/elm-packages-proxy.nix index 9493a40b..097d706c 100644 --- a/tv/2configs/elm-packages-proxy.nix +++ b/tv/2configs/elm-packages-proxy.nix @@ -66,6 +66,7 @@ in { port = cfg.port; script = /* sh */ ''. ${pkgs.writeDash "elm-packages-proxy.sh" '' PATH=${lib.makeBinPath [ + pkgs.attr pkgs.coreutils pkgs.curl pkgs.findutils @@ -151,20 +152,44 @@ in { user=$req_x_user version=$req_x_version + action=uploading + force=''${req_x_force-false} zipball=${cfg.packageDir}/$author/$pname/$version/zipball + elmjson=$HOME/cache/$author%2F$pname%2F$version%2Felm.json + endpointjson=$HOME/cache/$author%2F$pname%2F$version%2Fendpoint.json if test -e "$zipball"; then - string_response 409 Conflict \ - "package already exists: $author/$pname@$version" \ - text/plain - else - echo "user $user is uploading package $author/$pname@$version" >&2 - mkdir -p "$(dirname "$zipball")" - head -c $req_content_length > "$zipball" - string_response 200 OK \ - "package created: $author/$pname@$version" \ - text/plain + if test "$force" = true; then + zipball_owner=$(attr -q -g X-User "$zipball" || :) + if test "$zipball_owner" = "$req_x_user"; then + action=replacing + rm -f "$elmjson" + rm -f "$endpointjson" + else + string_response 403 Forbidden \ + "package already exists: $author/$pname@$version" \ + text/plain + exit + fi + else + string_response 409 Conflict \ + "package already exists: $author/$pname@$version" \ + text/plain + exit + fi fi + + echo "user $user is $action package $author/$pname@$version" >&2 + # TODO check package + mkdir -p "$(dirname "$zipball")" + head -c $req_content_length > "$zipball" + + attr -q -s X-User -V "$user" "$zipball" || : + + string_response 200 OK \ + "package created: $author/$pname@$version" \ + text/plain + exit ;; 'GET /all-packages'|'POST /all-packages') -- cgit v1.2.3