Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'ni/master'

Browse Source
This commit is contained in:
lassulus 2019-01-21 16:24:43 +01:00
commit 144e2c5571
13 changed files with 294 additions and 170 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
krebs/2configs/exim-smarthost.nix Normal file
View File

@ -0,0 +1,50 @@
with import <stockholm/lib>;
{ config, ... }: let
format = from: to: {
inherit from;
# TODO assert is-retiolum-mail-address to;
to = concatMapStringsSep "," (getAttr "mail") (toList to);
};
in {
krebs.exim-smarthost.internet-aliases =
mapAttrsToList format (with config.krebs.users; let
brain-ml = [
lass
makefu
tv
];
eloop-ml = spam-ml ++ [ ciko ];
spam-ml = [
lass
makefu
tv
];
ciko.mail = "ciko@slash16.net";
in {
"anmeldung@eloop.org" = eloop-ml;
"brain@krebsco.de" = brain-ml;
"cfp@eloop.org" = eloop-ml;
"kontakt@eloop.org" = eloop-ml;
"root@eloop.org" = eloop-ml;
"youtube@eloop.org" = eloop-ml;
"eloop2016@krebsco.de" = eloop-ml;
"eloop2017@krebsco.de" = eloop-ml;
"postmaster@krebsco.de" = spam-ml; # RFC 822
"lass@krebsco.de" = lass;
"makefu@krebsco.de" = makefu;
"spam@krebsco.de" = spam-ml;
"tv@krebsco.de" = tv;
# XXX These are no internet aliases
# XXX exim-retiolum hosts should be able to relay to retiolum addresses
"lass@retiolum" = lass;
"makefu@retiolum" = makefu;
"spam@retiolum" = spam-ml;
"tv@retiolum" = tv;
"lass@r" = lass;
"makefu@r" = makefu;
"spam@r" = spam-ml;
"tv@r" = tv;
});
}

144
krebs/3modules/default.nix
View File

@ -18,14 +18,17 @@ let
./charybdis.nix
./ci.nix
./current.nix
./dns.nix
./exim.nix
./exim-retiolum.nix
./exim-smarthost.nix
./fetchWallpaper.nix
./github-hosts-sync.nix
./github-known-hosts.nix
./git.nix
./go.nix
./hidden-ssh.nix
./hosts.nix
./htgen.nix
./iana-etc.nix
./iptables.nix
@ -41,6 +44,7 @@ let
./Reaktor.nix
./realwallpaper.nix
./retiolum-bootstrap.nix
./retiolum-hosts.nix
./rtorrent.nix
./secret.nix
./setuid.nix
@ -58,28 +62,10 @@ let
api = {
enable = mkEnableOption "krebs";
dns = {
providers = mkOption {
type = with types; attrsOf str;
};
};
hosts = mkOption {
type = with types; attrsOf host;
default = {};
};
users = mkOption {
type = with types; attrsOf user;
};
# XXX is there a better place to define search-domain?
# TODO search-domains :: listOf hostname
search-domain = mkOption {
type = types.hostname;
default = "r";
};
sitemap = mkOption {
default = {};
type = types.attrsOf types.sitemap.entry;
@ -125,6 +111,8 @@ let
w = "hosts";
};
krebs.dns.search-domain = mkDefault "r";
krebs.users = {
krebs = {
home = "/krebs";
@ -137,93 +125,6 @@ let
};
};
networking.extraHosts = let
domains = attrNames (filterAttrs (_: eq "hosts") cfg.dns.providers);
check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains;
in concatStringsSep "\n" (flatten (
mapAttrsToList (hostname: host:
mapAttrsToList (netname: net:
let
aliases = longs ++ shorts;
longs = filter check net.aliases;
shorts = let s = ".${cfg.search-domain}"; in
map (removeSuffix s) (filter (hasSuffix s) longs);
in
optionals
(aliases != [])
(map (addr: "${addr} ${toString aliases}") net.addrs)
) (filterAttrs (name: host: host.aliases != []) host.nets)
) cfg.hosts
));
# TODO dedup with networking.extraHosts
nixpkgs.config.packageOverrides = oldpkgs:
let
domains = attrNames (filterAttrs (_: eq "hosts") cfg.dns.providers);
check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains;
in
{
retiolum-hosts = oldpkgs.writeText "retiolum-hosts" ''
${concatStringsSep "\n" (flatten (
map (host:
let
net = host.nets.retiolum;
aliases = longs;
longs = filter check net.aliases;
in
optionals
(aliases != [])
(map (addr: "${addr} ${toString aliases}") net.addrs)
) (filter (host: hasAttr "retiolum" host.nets)
(attrValues cfg.hosts))))}
'';
};
krebs.exim-smarthost.internet-aliases = let
format = from: to: {
inherit from;
# TODO assert is-retiolum-mail-address to;
to = concatMapStringsSep "," (getAttr "mail") (toList to);
};
in mapAttrsToList format (with config.krebs.users; let
brain-ml = [
lass
makefu
tv
];
eloop-ml = spam-ml ++ [ ciko ];
spam-ml = [
lass
makefu
tv
];
ciko.mail = "ciko@slash16.net";
in {
"anmeldung@eloop.org" = eloop-ml;
"brain@krebsco.de" = brain-ml;
"cfp@eloop.org" = eloop-ml;
"kontakt@eloop.org" = eloop-ml;
"root@eloop.org" = eloop-ml;
"youtube@eloop.org" = eloop-ml;
"eloop2016@krebsco.de" = eloop-ml;
"eloop2017@krebsco.de" = eloop-ml;
"postmaster@krebsco.de" = spam-ml; # RFC 822
"lass@krebsco.de" = lass;
"makefu@krebsco.de" = makefu;
"spam@krebsco.de" = spam-ml;
"tv@krebsco.de" = tv;
# XXX These are no internet aliases
# XXX exim-retiolum hosts should be able to relay to retiolum addresses
"lass@retiolum" = lass;
"makefu@retiolum" = makefu;
"spam@retiolum" = spam-ml;
"tv@retiolum" = tv;
"lass@r" = lass;
"makefu@r" = makefu;
"spam@r" = spam-ml;
"tv@r" = tv;
});
services.openssh.hostKeys =
let inherit (config.krebs.build.host.ssh) privkey; in
mkIf (privkey != null) (mkForce [privkey]);
@ -238,31 +139,6 @@ let
};
})
//
{
github = {
hostNames = [
"github.com"
# List generated with
# curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob
"192.30.252.*"
"192.30.253.*"
"192.30.254.*"
"192.30.255.*"
"185.199.108.*"
"185.199.109.*"
"185.199.110.*"
"185.199.111.*"
"13.229.188.59"
"13.250.177.223"
"18.194.104.89"
"18.195.85.27"
"35.159.8.160"
"52.74.223.119"
];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
};
}
//
mapAttrs
(name: host: {
hostNames =
@ -272,8 +148,8 @@ let
let
longs = net.aliases;
shorts =
map (removeSuffix ".${cfg.search-domain}")
(filter (hasSuffix ".${cfg.search-domain}")
map (removeSuffix ".${cfg.dns.search-domain}")
(filter (hasSuffix ".${cfg.dns.search-domain}")
longs);
add-port = a:
if net.ssh.port != 22
@ -297,8 +173,8 @@ let
(concatMap (host: attrValues host.nets)
(mapAttrsToList
(_: host: recursiveUpdate host
(optionalAttrs (hasAttr config.krebs.search-domain host.nets) {
nets."" = host.nets.${config.krebs.search-domain} // {
(optionalAttrs (hasAttr cfg.dns.search-domain host.nets) {
nets."" = host.nets.${cfg.dns.search-domain} // {
aliases = [host.name];
addrs = [];
};

12
krebs/3modules/dns.nix Normal file
View File

@ -0,0 +1,12 @@
with import <stockholm/lib>;
{
options = {
krebs.dns.providers = mkOption {
type = types.attrsOf types.str;
};
krebs.dns.search-domain = mkOption {
type = types.hostname;
};
};
}

40
krebs/3modules/github-known-hosts.nix Normal file
View File

@ -0,0 +1,40 @@
{
services.openssh.knownHosts.github = {
hostNames = [
"github.com"
# List generated with
# curl -sS https://api.github.com/meta | jq -r .git[] | nix-shell -p cidr2glob --run cidr2glob | jq -R .
"192.30.252.*"
"192.30.253.*"
"192.30.254.*"
"192.30.255.*"
"185.199.108.*"
"185.199.109.*"
"185.199.110.*"
"185.199.111.*"
"140.82.112.*"
"140.82.113.*"
"140.82.114.*"
"140.82.115.*"
"140.82.116.*"
"140.82.117.*"
"140.82.118.*"
"140.82.119.*"
"140.82.120.*"
"140.82.121.*"
"140.82.122.*"
"140.82.123.*"
"140.82.124.*"
"140.82.125.*"
"140.82.126.*"
"140.82.127.*"
"13.229.188.59"
"13.250.177.223"
"18.194.104.89"
"18.195.85.27"
"35.159.8.160"
"52.74.223.119"
];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
};
}

35
krebs/3modules/hosts.nix Normal file
View File

@ -0,0 +1,35 @@
with import <stockholm/lib>;
{ config, ... }: let
# TODO dedup functions with ./retiolum-hosts.nix
check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains;
domains = attrNames (filterAttrs (_: eq "hosts") config.krebs.dns.providers);
in {
options = {
krebs.hosts = mkOption {
default = {};
type = types.attrsOf types.host;
};
};
config = {
networking.hosts =
filterAttrs
(_name: value: value != [])
(zipAttrsWith
(_: concatLists)
(concatMap
(host:
concatMap
(net: let
aliases = longs ++ shorts;
longs = filter check net.aliases;
shorts = let s = ".${config.krebs.dns.search-domain}"; in
map (removeSuffix s) (filter (hasSuffix s) longs);
in
map (addr: { ${addr} = aliases; }) net.addrs)
(attrValues host.nets))
(attrValues config.krebs.hosts)));
};
}

63
krebs/3modules/reaktor2.nix Normal file
View File

@ -0,0 +1,63 @@
with import <stockholm/lib>;
{ config, pkgs, ... }: {
options.krebs.reaktor2 = mkOption {
default = {};
type = types.attrsOf (types.submodule (self: let
name = self.config._module.args.name;
in {
options = {
nick = mkOption {
default = name;
# TODO types.irc.nickname
type = types.str;
};
hostname = mkOption {
default = "irc.r";
type = types.hostname;
};
port = mkOption {
default = "6667";
# TODO type = types.service-name
};
plugins = mkOption {
default = [];
type = types.listOf types.attrs;
};
stateDir = mkOption {
default = "/var/lib/${self.config.systemd-service-name}";
readOnly = true;
type = types.absolute-pathname;
};
systemd-service-name = mkOption {
default = "reaktor2${optionalString (name != "default") "-${name}"}";
type = types.filename;
};
};
}));
};
config = {
systemd.services = flip mapAttrs' config.krebs.reaktor2 (_: cfg:
nameValuePair cfg.systemd-service-name {
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = cfg.systemd-service-name;
Group = "reaktor2";
DynamicUser = true;
StateDirectory = cfg.systemd-service-name;
ExecStart = let
configFile = pkgs.writeJSON configFileName configValue;
configFileName = "${cfg.systemd-service-name}.config.json";
configValue = recursiveUpdate {
logTime = false;
} (removeAttrs cfg ["_module"]);
in "${pkgs.reaktor2}/bin/reaktor ${configFile}";
Restart = "always";
RestartSec = "30";
};
}
);
};
}

28
krebs/3modules/retiolum-hosts.nix Normal file
View File

@ -0,0 +1,28 @@
with import <stockholm/lib>;
{ config, ... }: let
# TODO dedup functions with ./hosts.nix
check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains;
domains = attrNames (filterAttrs (_: eq "hosts") config.krebs.dns.providers);
in {
nixpkgs.config.packageOverrides = super: {
retiolum-hosts =
super.writeText "retiolum-hosts" ''
${
concatStringsSep
"\n"
(flatten
(map
(host: let
net = host.nets.retiolum;
aliases = longs;
longs = filter check net.aliases;
in
optionals
(aliases != [])
(map (addr: "${addr} ${toString aliases}") net.addrs))
(filter (host: hasAttr "retiolum" host.nets)
(attrValues config.krebs.hosts))))
}
'';
};
}

2
krebs/5pkgs/default.nix
View File

@ -22,6 +22,8 @@ foldl' mergeAttrs {}
};
});
reaktor2 = self.haskellPackages.reaktor2;
ReaktorPlugins = self.callPackage ./simple/Reaktor/plugins.nix {};
# https://github.com/proot-me/PRoot/issues/106

4
krebs/5pkgs/haskell/blessings.nix
View File

@ -7,8 +7,8 @@ with import <stockholm/lib>;
sha256 = "1k908zap3694fcxdk4bb29s54b0lhdh557y10ybjskfwnym7szn1";
};
"18.09" = {
version = "1.2.0";
sha256 = "03hz43ixww0h4fwxqrlrlvmj3pxswhb50ijaapwjz8457il2r300";
version = "1.3.0";
sha256 = "1y9jhh9pchrr48zgfib2jip97x1fkm7qb1gnfx477rmmryjs500h";
};
}.${versions.majorMinor nixpkgsVersion};

23
krebs/5pkgs/haskell/reaktor2.nix Normal file
View File

@ -0,0 +1,23 @@
{ mkDerivation, aeson, attoparsec, base, blessings, bytestring
, containers, fetchgit, filepath, network, network-simple
, network-simple-tls, pcre-heavy, pcre-light, process, random
, stdenv, text, time, transformers, unix, unordered-containers
}:
mkDerivation {
pname = "reaktor2";
version = "0.0.0";
src = fetchgit {
url = "https://cgit.krebsco.de/reaktor2";
sha256 = "1q2rb78mzpyd8wxfmlbfdz7zq5smsrrvb4n874ap1p8f2bmmp0am";
rev = "ce276eee82ec0b8c4106beb4c51d6f9eb77335c4";
fetchSubmodules = true;
};
isLibrary = false;
isExecutable = true;
executableHaskellDepends = [
aeson attoparsec base blessings bytestring containers filepath
network network-simple network-simple-tls pcre-heavy pcre-light
process random text time transformers unix unordered-containers
];
license = stdenv.lib.licenses.mit;
}

1
lass/2configs/default.nix
View File

@ -72,7 +72,6 @@ with import <stockholm/lib>;
krebs = {
enable = true;
search-domain = "r";
build.user = config.krebs.users.lass;
};

1
makefu/2configs/default.nix
View File

@ -36,7 +36,6 @@ with import <stockholm/lib>;
enable = true;
dns.providers.lan = "hosts";
search-domain = "r";
build.user = config.krebs.users.makefu;
};

61
tv/5pkgs/simple/q/default.nix
View File

@ -14,7 +14,7 @@ let
assert n >= 1;
n * calwidth + (n - 1) * hspace;
pad = ''{
pad = /* sh */ ''{
${pkgs.gnused}/bin/sed '
# rtrim
s/ *$//
@ -31,7 +31,7 @@ let
s/^[ 1-9][0-9]/&/
'
}'';
in ''
in /* sh */ ''
cols=$(${pkgs.ncurses}/bin/tput cols)
${pkgs.coreutils}/bin/paste \
<(if test $cols -ge ${toString (need_width 3)}; then
@ -59,24 +59,24 @@ let
'
'';
q-isodate = ''
q-isodate = /* sh */ ''
${pkgs.coreutils}/bin/date \
'+%Y-%m-%dT%H:%M:%S%:z'
'';
# Singapore's red is #ED2E38
q-sgtdate = ''
q-sgtdate = /* sh */ ''
TZ=Asia/Singapore \
${pkgs.coreutils}/bin/date \
'+%Y-%m-%dT%H:%M:%S%:z'
'';
q-utcdate = ''
q-utcdate = /* sh */ ''
${pkgs.coreutils}/bin/date -u \
'+%Y-%m-%dT%H:%M:%S%:z'
'';
q-gitdir = ''
q-gitdir = /* sh */ ''
if test -d .git; then
#git status --porcelain
branch=$(
@ -87,7 +87,7 @@ let
fi
'';
q-intel_backlight = ''
q-intel_backlight = /* sh */ ''
cd /sys/class/backlight/intel_backlight
</dev/null exec ${pkgs.gawk}/bin/awk '
END {
@ -227,11 +227,11 @@ let
done
'';
q-virtualization = ''
q-virtualization = /* sh */ ''
echo "VT: $(${pkgs.systemd}/bin/systemd-detect-virt)"
'';
q-wireless = ''
q-wireless = /* sh */ ''
for dev in $(
${pkgs.iw}/bin/iw dev \
| ${pkgs.gnused}/bin/sed -n 's/^\s*Interface\s\+\([0-9a-z]\+\)$/\1/p'
@ -250,7 +250,7 @@ let
done
'';
q-online = ''
q-online = /* sh */ ''
if ${pkgs.curl}/bin/curl -s google.com >/dev/null; then
echo 'online'
else
@ -258,7 +258,7 @@ let
fi
'';
q-thermal_zone = ''
q-thermal_zone = /* sh */ ''
for i in /sys/class/thermal/thermal_zone*; do
type=$(${pkgs.coreutils}/bin/cat $i/type)
temp=$(${pkgs.coreutils}/bin/cat $i/temp)
@ -266,29 +266,26 @@ let
done
'';
q-todo = ''
q-todo = /* sh */ ''
TODO_file=$PWD/TODO
if test -e "$TODO_file"; then
${pkgs.coreutils}/bin/cat "$TODO_file" \
| ${pkgs.gawk}/bin/gawk -v now=$(${pkgs.coreutils}/bin/date +%s) '
BEGIN { print "remind=0" }
/^[0-9]/{
x = $1
gsub(".", "\\\\&", x)
rest = substr($0, index($0, " "))
rest = $0
sub(" *", "", rest)
gsub(".", "\\\\&", rest)
print "test $(${pkgs.coreutils}/bin/date +%s -d"x") -lt "now" && \
echo \"\x1b[38;5;208m\""rest esc "\"\x1b[m\" && \
(( remind++ ))"
}
END { print "test $remind = 0 && echo \"nothing to remind\"" }
' \
| {
# bash needed for (( ... ))
${pkgs.bash}/bin/bash
}
${pkgs.jq}/bin/jq -Rrs <"$TODO_file" -f ${pkgs.writeJq "q-todo.jq" ''
split("\n") | map(
(match("^([0-9]+-\\d{2}-\\d{2})\\s+(.*)$").captures | map(.string))
as $captures |
($captures[0] | strptime("%Y-%m-%d") | mktime) as $date |
$captures[1] as $text |
select(now >= $date) |
($text | test("\\[URGENT]"; "i")) as $urgent |
(if $urgent then "38;5;196" else "38;5;208" end) as $sgr |
if $urgent then sub("\\s*\\[URGENT]\\s*"; " "; "i") else . end |
"\u001b[\($sgr)m\(.)\u001b[m"
) |
if length == 0 then "nothing to remind" else .[] end
''}
else
echo "$TODO_file: no such file or directory"
fi