diff --git a/krebs/2configs/matterbridge.nix b/krebs/2configs/matterbridge.nix index a68aa292c..b96dea300 100644 --- a/krebs/2configs/matterbridge.nix +++ b/krebs/2configs/matterbridge.nix @@ -10,14 +10,10 @@ Charset = "utf-8"; }; telegram.krebs.Token = bridgeBotToken; - irc = let + irc.hackint = { + Server = "irc.hackint.org:6697"; + UseTLS = true; Nick = "ponte"; - in { - hackint = { - Server = "irc.hackint.org:6697"; - UseTLS = true; - inherit Nick; - }; }; gateway = [ { diff --git a/krebs/2configs/news-host.nix b/krebs/2configs/news-host.nix index b7728986f..07674c86e 100644 --- a/krebs/2configs/news-host.nix +++ b/krebs/2configs/news-host.nix @@ -4,10 +4,7 @@ "shodan" "mors" "styx" - "puyak" ]; - hostIp = "10.233.2.101"; - localIp = "10.233.2.102"; format = "plain"; }; } diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index 41cfd7735..3e88c0899 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -51,6 +51,29 @@ let }; }; + confuse = { + pattern = "^!confuse (.*)$"; + activate = "match"; + arguments = [1]; + command = { + filename = pkgs.writeDash "confuse" '' + set -efu + export PATH=${makeBinPath [ + pkgs.coreutils + pkgs.curl + pkgs.gnused + pkgs.stable-generate + ]} + stable_url=$(stable-generate "$@") + paste_url=$(curl -Ss "$stable_url" | + curl -Ss https://p.krebsco.de --data-binary @- | + tail -1 + ) + echo "$_from: $paste_url" + ''; + }; + }; + taskRcFile = builtins.toFile "taskrc" '' confirmation=no ''; @@ -185,8 +208,9 @@ let }; } { - pattern = "18@p"; + pattern = ''^18@p\s+(\S+)\s+(\d+)m$''; activate = "match"; + arguments = [1 2]; command = { env = { CACHE_DIR = "${stateDir}/krebsfood"; @@ -202,14 +226,27 @@ let osm-restaurants = pkgs.callPackage "${osm-restaurants-src}/osm-restaurants" {}; in pkgs.writeDash "krebsfood" '' set -efu - ecke_lat=52.51252 - ecke_lon=13.41740 - ${osm-restaurants}/bin/osm-restaurants --radius 500 --latitude "$ecke_lat" --longitude "$ecke_lon" \ - | ${pkgs.jq}/bin/jq -r '"How about \(.tags.name) (https://www.openstreetmap.org/\(.type)/\(.id)), open \(.tags.opening_hours)?"' - ' + export PATH=${makeBinPath [ + osm-restaurants + pkgs.coreutils + pkgs.curl + pkgs.jq + ]} + poi=$(curl -fsS http://c.r/poi.json | jq --arg name "$1" '.[$name]') + if [ "$poi" = null ]; then + latitude=52.51252 + longitude=13.41740 + else + latitude=$(echo "$poi" | jq -r .latitude) + longitude=$(echo "$poi" | jq -r .longitude) + fi + + osm-restaurants --radius "$2" --latitude "$latitude" --longitude "$longitude" \ + | jq -r '"How about \(.tags.name) (https://www.openstreetmap.org/\(.type)/\(.id)), open \(.tags.opening_hours)?"' ''; }; } + confuse bedger-add bedger-balance hooks.sed diff --git a/krebs/2configs/shack/doorstatus.sh b/krebs/2configs/shack/doorstatus.sh index 46314cb9c..aa6c1c3d1 100755 --- a/krebs/2configs/shack/doorstatus.sh +++ b/krebs/2configs/shack/doorstatus.sh @@ -54,7 +54,8 @@ Herr makefu an Kasse 3 bitte, Kasse 3 bitte Herr makefu. Der API Computer ist ma EOF ) -state=$(curl -fSsk https://api.shackspace.de/v1/space | jq .doorState.open) +payload=$(curl -fSsk https://api.shackspace.de/v1/space) +state=$(printf '%s' "$payload" | jq .doorState.open) prevstate=$(cat state ||:) if test "$state" == "$(cat state)";then diff --git a/krebs/3modules/ci/default.nix b/krebs/3modules/ci/default.nix index 0f85b27c0..022da5884 100644 --- a/krebs/3modules/ci/default.nix +++ b/krebs/3modules/ci/default.nix @@ -115,6 +115,7 @@ let build_name = stage, build_script = stages[stage], ), + timeout = 3600, command="${pkgs.writeDash "build.sh" '' set -xefu profile=${shell.escape profileRoot}/$build_name diff --git a/krebs/3modules/ergo.nix b/krebs/3modules/ergo.nix index 50c5ab628..d5f167e79 100644 --- a/krebs/3modules/ergo.nix +++ b/krebs/3modules/ergo.nix @@ -122,7 +122,7 @@ # reloadIfChanged = true; restartTriggers = [ configFile ]; serviceConfig = { - ExecStart = "${pkgs.ergo}/bin/ergo run --conf /etc/ergo.yaml"; + ExecStart = "${pkgs.ergochat}/bin/ergo run --conf /etc/ergo.yaml"; ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID"; DynamicUser = true; StateDirectory = "ergo"; diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 35e72ec2a..2a3604b25 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -929,5 +929,30 @@ in { }; }; }; + + ruby = { + owner = config.krebs.users.mic92; + nets = rec { + retiolum = { + aliases = [ "ruby.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAzqrguDMHqYyidLxbz3jsQS3JVNCy0HaN6wprT1Ge1Anf5E8KtuXh + M9IjYPShzzJ162rYaJdd2lBmc5o435j+0/Gg5pySILni9bILhuRr7TMWN0sjNbgr + x0JRbpMmpW5DOmQx1BSyA+LLNbyVVnCc1XI0P2EaRr1ZrRSU0bpE/7kJ//Zt7ATu + GfqJTuL2aqap12VMKAfjRByyXA9V7szJMRom2Ia3cWSXhie1E0OOvCNT+InKXx4c + QbEGX71noCgsNgxbD8AVSwMnNV15vdnbgwK/1QzA0Cep1uxFS05TXJZLZTjcGwG0 + Kp0kEjntq1rCqgdoUHIubNB17efU/oP6aSrdfvtgeYBjn0zSLHSUYdhf3JHd1Fvf + Ov2TwHxt/sm8d91UjhrkYwjf2nzSruAklYDnIDJiHgLFoT5WuOoVlnfUjRpQEw44 + kp8KXsd24Y0UT5XJO5cQA+kZ1vl2ktHbQGTqYuYDB2FKEnBR/JIwJzJfugcGiyRx + OukQ2/rjnS60JA2pHUEfoezIAMhYAF+EPgOgMcNSSRYUVBpPVKD26oGTrNn0AtnO + ALW1vqUDwxb0cpv877vN1VfqvLE8n8Zgtt7itdT0+vxNPxICvF6//LNYUeDoQ3pj + w+1ZSdYZsvIQ7tDcilnL0hU5/nfsSIbHV+ceuLde1xDt5c7Tnl4v/U0CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "TV9byzSblknvqdUjQCwjgLmA8qCB4Tnl/DSd2mbsZTJ"; + }; + }; + }; }; } diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 3e58fee1d..ca0c757a3 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -1,12 +1,6 @@ with import ; { config, ... }: let - hostDefaults = hostName: host: flip recursiveUpdate host { - ci = true; - monitoring = true; - owner = config.krebs.users.lass; - }; - r6 = ip: (krebs.genipv6 "retiolum" "lass" ip).address; w6 = ip: (krebs.genipv6 "wiregrill" "lass" ip).address; @@ -16,6 +10,7 @@ in { }; hosts = mapAttrs (_: recursiveUpdate { owner = config.krebs.users.lass; + consul = true; ci = true; monitoring = true; }) { @@ -418,6 +413,7 @@ in { }; xerxes = { cores = 2; + consul = false; nets = rec { retiolum = { ip4.addr = "10.243.1.3"; @@ -592,7 +588,53 @@ in { syncthing.id = "CADHN7J-CWRCWTZ-3GZRLII-JBVZN4N-RGHDGDL-UTAJNYI-RZPHK55-7EYAWQM"; }; + massulus = { + cores = 1; + ci = false; + nets = { + retiolum = { + ip4.addr = "10.243.0.113"; + ip6.addr = r6 "113"; + aliases = [ + "massulus.r" + ]; + tinc = { + pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApwYalnJ2E1e3WOttPCpt + ypNm2adUXS/pejcbF68oRvgv6NRMOKVkoFVEzdnCLYTkYkwcpGd+oRO91F+ekZrN + ndEoicuzHNyG6NTXfW3Sjj9Au/NoAVwOJxAztzXMBAsH5pi4PSiqIQZC4l6cyv2K + zUNm1LvW5Z5/W0J5XCUw3/B4Py7V/HjW9Yxe8MCaCVVP2kF5SwjmfQ+Yp+8csvU3 + F30xFjcTJjjWUPSkubgxtsfkrbbjzdMZhKldi3l9LhbYWD8O4bUTrTau/Emaaf6e + v5paVh9Kczwg7Ugk9Co3GL4tKOE2I7kRQV2Rg0M5NcRBUwfxkl6JTI2PmY0fNmYd + kdLQ1fKlFOrkyHuPBjZET1UniomlLpdycyyZii+YWLoQNj4JlFl8nAlPbqkiy8EF + LcHvB2VfdjjyBY25TtYPjFzFsEYKd8HQ7djs8rvJvmhu4tLDD6NaOqJPWMo7I7rW + EavQWZd+CELCJNN8eJhYWIGpnq+BI00FKayUAX+OSObYCHD1AikiiIaSjfDCrCJb + KVDj/uczOjxHk6TUVbepFA7C8EAxZ01sgHtUDkIfvcDMs4DGn88PmjPW+V/4MfKl + oqT7aVv6BYJdSK63rH3Iw+qTvdtzj+vcoO+HmRt2I2Be4ZPSeDrt+riaLycrVF00 + yFmvsQgi48/0ZSwaVGR8lFUCAwEAAQ== + -----END PUBLIC KEY----- + ''; + pubkey_ed25519 = "QwKNyv97Q2/fmPrVkgbGIhDTVW+uKu+F2enGCtZJgkM"; + port = 1655; + }; + }; + wiregrill = { + ip6.addr = w6 "113"; + aliases = [ + "massulus.w" + ]; + wireguard.pubkey = '' + 4wXpuDBEJS8J1bxS4paz/eZP1MuMfgHDCvOPn4TYtHQ= + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKH8lFXZ/d2NtqyrpslTGRNBR7FJZCJ6i3UPy0LDl9t7 "; + }; + phone = { + consul = false; nets = { wiregrill = { ip4.addr = "10.244.1.13"; @@ -608,6 +650,7 @@ in { syncthing.id = "PWKVXPB-JCNO6E4-KVIQ7CK-6FSOWHM-AWORMDU-HVVYLKW-44DQTYW-XZT7DQJ"; }; tablet = { + consul = false; nets = { wiregrill = { ip4.addr = "10.244.1.14"; @@ -622,6 +665,7 @@ in { ci = false; }; hilum = { + consul = false; cores = 1; nets = { retiolum = { @@ -797,6 +841,7 @@ in { }; lasspi = { + consul = false; cores = 1; nets = { retiolum = { @@ -840,6 +885,7 @@ in { }; domsen-pixel = { + consul = false; nets = { wiregrill = { ip4.addr = "10.244.1.17"; diff --git a/krebs/3modules/lass/pgp/yubikey.pgp b/krebs/3modules/lass/pgp/yubikey.pgp index d7b3c29c5..be1054048 100644 --- a/krebs/3modules/lass/pgp/yubikey.pgp +++ b/krebs/3modules/lass/pgp/yubikey.pgp @@ -58,52 +58,100 @@ D7u4ShvPtxqFf+mv/4eHYx2akBIIUQYAf5OYGnE3E0kqiuK4qHKgt1NI5z1mSd9D duWIuoRbBUrApTKsHgwtMxNrNVioGIE1dTRuu56drhwY2ZPyzVtSb7q/hRU/a3UZ 5S6EsrmDGIIlAHrgKfKfuerESE5VzN1Nn3QHpfjwX+gq51cosTqlRiu4oMesPk31 ZmPcuG6H/m7nGagX9+l00sDsqISqMG4lZCJAFa020OS/g6V3q6LCqggky6+4sQTG -5HB8jGba2tXMSQfBQEtDFve6agiRTw8z1V8s1gPCMmPhsLi5Ag0EXaJN1gEQANML -yxoeknGlTtkG640UP5ZkUEojwXxlni3v2dpWEaEJO9yqvkELCWum5pRz+iDzoDFS -lUPnP3YKVFkLbAlk56abIAQ6VK7wkOSHCw1F7LlCY830bRkgGJ8/b8us9KpET6Am -ei7OGYVtqNBUodEJi6XkH5q9RLQeVR+7ynt0LTAxO/mMFYc3nhccrhadubhh5rTd -e/UcxBL/zYx8tCBy2F4ep6Anx02HOauTwaqk4KLhB9IcdS8sJQHFY7iEVWNcovwF -8luGEGPJOdOPTMZz4jD4aWFqbT6ragWaG8tisLEe9UhET2LL3r/4DIgAJY4bwg5T -ZyK/1j+Nj1IyYkQ9A6YF96Y5XCi9DF0MYq9NytWNnMCT8F4QCCDRWhgql714/Er/ -qfwnT2M6m8P4OS1sAHv5vDDYXezB0WrJNstYvhtHhi4ctuolBuwOb7nyIBlZovhk -5/6IAFmoUprfGHOuttEcPTRDGv737cR1cYaz5QMuz2svNU3ivI/tYfIQwMAjv84A -ZN2wl63QkghYo/dm9a5Ex78CNwZD/z7HOE3zD+Rd0C9/hXLpVVhN0mKmDzgJHPUo -VDk//P3YgzM+dtUWWPJ1FfaTz2543V9MwVWUJQj0DIgl4noLHX3wkd/d4gYGAhlW -kBxkbQPJ4NT7EKBFk44fa6DVuGOGatBAxKQq1GftABEBAAGJAjwEGAEKACYCGwwW -IQTbzXV4RgabOS6pQB1mV76KjR7oBwUCX4l2DwUJBamPOQAKCRBmV76KjR7oB/Ds -D/96TGfHa6BW1v2kUyHUKmpdk62UhZz49nTsOu1JeMI2cDMLkKaPyeKLsRpzV2qc -OoG1dal7dgjtzKsWdz0HxrrbEs0rBJO4xOmg12Sv9fttTocTt2bQMe3d20Vihbi+ -NDEx2PeyncYulDd8PNfDkh8vWUJQoThqimXoVARwKNuH2oDytGceIp+BZLOH8HRz -0ESH9nCAGw3gVX6vQPtjbMgoIXHAnAJkIe2boyyUHu2ZmD6CGjxGSSICMzShcDvN -kcyPKG5BbOGRpbehaMcOOiGH0NsudUPOsyxQt90bP/U+WHPhvOTGk0PqGaOf8QDE -saGlChd3wVK+uCGl60szcxQsbgzlEQVUG3tTW4QGfzL3XK5bHvuGj03Vb45005Y4 -6UCUP4ZkEYDsw1Hrn5bkPOP/Pc8Sz1MQt+nw1U3QXbHLxLb8fB82B6oDMakHPgaw -73HxYwbaXDswBb6BVTc86RmXRH1+StObDiJp+h16EqdsSyp15tSM80GRf1KaNKxc -MA4N7/i7j9M/z2fKWT7vTAGdcg8vhZH0MDQ9vRmYsuQZtoNieZVXnyQ/ILAgPhiL -pdyPffQV0BpWKd68C8kEhoMP0D3h6Uj88ZOuapyOCvsrBvR7SQOVh+L+KMjh1Xgx -WvPJuoU4Jox4og85/Gz0Ui8EROYyHg5yqPqsBBmz6h8F7rkCDQRdok4KARAAyG97 -rjKhP8Uie1i/16SekDo+GkpodBmvhrZiZdwg75YxriHhgioe2AKKmQItOdZOY+mV -qMA63FmByDlPodHmQnrIAn/gr7p5V3lM+l0oVTI8maPO39iT7Nh6W/rv4ni8eMBk -L6P2cPPaTpcv76qWl/WcMiEflPNSAFaxyIapq04rafthcIILWmOBbQ+liMn9YT7a -6w3nF/Ig4Zxx7hoQE6/HrTC8HcENpCAceQQYAqIrlu8F5y1AQVWHjtyCPee1z/8l -PNnPg40lSbXozg5kQDP965Pge6XReUoUVVRcgeiSUfkHdYPIkh/tkFy1MtzTNize -buadqE41Ds6BD1maO5cpGc5iFnf+YY01vWIhwvgPMbAsUKrPOw/RyvYSwOrnWegh -pKuIRv+sBcDY0jJ799CHB2c8eiAYoTRm64rKyYS8RIilqTCmIHnpoSIq3n1wOlMV -X4sB4N4CfAZRAbI9LZfx1QEYn0dst9+mCDRJ/ALBxocKz0wRTpwU5nwP1Zz9TZVh -81wn1Ypj+mFb3aBggpwMLxbifmbsZmd1MwW9k3p2WTs8M1dLFM2ZNA9QmkgRSVFN -6GTTpAyDOs+ZSGYM7MisG9/EvFbNx2BPg6qZH7JeMnlOZXXOg8K5VcLkiGuL1brO -Hlg94Axha8ffMmqjsde6XOAgvSl5P9k47SWOcZkAEQEAAYkCPAQYAQoAJgIbIBYh -BNvNdXhGBps5LqlAHWZXvoqNHugHBQJfiXYPBQkFqY8FAAoJEGZXvoqNHugHuLUP -+gJ01mSEs3+0jriWqg7V+Q59rulMVrUdV2mjBtzz3gvF9PLiEnVEl7EgGdLpVIr/ -Wr9QIiUnS1NNrDz8oeDf54Q+OXtQOiczGClK+yWSm/CM02+HATFws66umAl4GQ4X -qAJwdSDDKIHCP1/0VqXNQUOWW0GCCGCAdn55u4pf+B1rmkA3cWhN51SvAriA/YcG -qmyJZgXO+qZOPWNHxNUdgq9lVEO132dhDzH1b9ufnvQMDxF2V681fQ7E3zWEJZZb -YLRB4jrSz8oxipGRGKgDLiR7lyQ/xRU161jSawblBTcIRXK9c4hv178xQWAInMjt -Hst4YCpvclG26ypZLCzvw6swfnXf3A6Q4A8pZQVvogWZ01dlgofwHm8qlYxT7wSq -eicOu3FkSHD8vNwkXnMLqxwkFr4BcSefzCiXulyMcb3h67ZfXAYAFGrrR581vGEt -Xy+xfXK5PqBX7CWEl3Vs2an9whEncZuv1I9iyXDUmGP7Y373JjqNtpS2GMMPA73k -nB7eI/zpVS5qoxUlqw35Pldvt+L4E3hvrvE7iZE3w4lB9WUyY1OnSRDU10l2rqWt -Ptyk3LE2ed5hz5I+gy8/RsXrAooMBXIGV/GJrhye45wf5F/XQqPulnj38sKhmrQC -QTubPgJwG/kTpNdrA3YukE3E7T5ejaGTT2n5nKat6bj7 -=h9fX +5HB8jGba2tXMSQfBQEtDFve6agiRTw8z1V8s1gPCMmPhsLiJBGwEGAEKACACGwIW +IQTbzXV4RgabOS6pQB1mV76KjR7oBwUCY1E8SAJAwXQgBBkBCgAdFiEEVAotn4qI +hqe83vdsfheGip18nM8FAl2iTZIACgkQfheGip18nM9DVxAAuqX7iztddbttkIfN +65R5XJPjz7NRg0AI8G+1qnkvF3c2ufNjL++BJSvlbi/2ov92S+0CPF08E4kDsHjA +/JM782D6lDfSZltW4YBBqkJZdtiPElcIqIhM6EX7fs3Ag/RjUVPb4tYkH20xcNhy +l+0RdBuSvR0+KOXXBfoNmsyQM4/hUKiWW3vGOZOBmYPNcvAQcMs+p4D5JHQcOyxg +tXyiXU/VxvUWI7cH6I7daRDTFR3L4zXoIrRwqEgxIqof2Zm4smoHDLfXxGQrcjj6 +eKkn/gt/T7qYxnhcG5guS2DwIay5c7xV1xuB7pDgM1On56heD21DI4vtXXnTkjo7 +/6hsw2e6TBcn295fEekvBupYVwazefBSlr2f3xxlDvd35D5tWZRVGspzxO15DcTa +TglOeNtRnYGRwHwE/tiJ0G0uwGfvaI0xeexuhnTfvEkpJ4SJ/iMl+FpOw7I35H7m +z8MrRNMjtR+Es8gzuw7hNErmbh0SLZvddoPnqt9kF8ayA1iz1X9KiBkkj3EbvI99 +jYjdDDm5lsxCZKLSX4r9Mp236K6DMGlifRN2AfdXziXhPABQkKE5m7kcn1gALn9M +cg5HgeXTdxan6QP35ygDtmNldJGEP+AWAZ4RwaFK8P3/oqQ/8XhnkwH5n2SPd8WQ +qnldvrtajUzUegvJUstLS5B1TFQJEGZXvoqNHugHrtcP+waicH+WhpbvPoHJW//U +c7IwcrsOpWNuh0gKV1+LvBV9dGzGZDlhwsncMeNzT8tnxDwhD1CiJ1uzO2H1m+yX +CeljVnYFlP0sl9IT/AiV8NNiuaIpOc5RjRY1yvOZ017/J7Hyhnaw0iap1vNDNOwH +t7tzB1PvM3p6an4Jh0AJZF5adReQTbi9Zw7MW2Yf0XHTT4rFX+Mn5gcuvsV9n39d +6U3k5G6Hf1bSROsXNVwOwF6VbO8NvBm6ehgNyRcGsino/f82HRwvnQPhJgEakZ1h +WWUUnakK14mRRMUns8CMNfFh+50ciK1Q8kAVgYLVA1H1NXM0+68YZMl5CiiaD3pM +17flwcWUdkIu3uWAvc3hSCNw6i9F4Kx1yD/ZdiT0vBapa3ehUXIo5g79NcFl9xnQ +fnYG+nnl2bLZSHP8b+LZsGivOEZuBHoR2ComeTqqJxeT8ZsEdtLcloaSaf2Em2xf +b9OfhGOC7hKfS4HAlLFbEydWuZuA8EpTXd6eqINCFbOb9BjpKvSCCLs5S3s7T4WE +FQB7yHXQQgB1EzYaJxFZstkiD8exu/hiWfwVLaho09QbtPmt2u1lvbxiSxtCdphi +hoKc6wjhD8F9YM5xxitcF7iAV7oEDZ/1JVkvi/1gWFgW0UmEKuy2KN/Eb/mr41NJ +bMauCCfjnCbAzoW6dhHpbO45uQINBF2iTdYBEADTC8saHpJxpU7ZBuuNFD+WZFBK +I8F8ZZ4t79naVhGhCTvcqr5BCwlrpuaUc/og86AxUpVD5z92ClRZC2wJZOemmyAE +OlSu8JDkhwsNRey5QmPN9G0ZIBifP2/LrPSqRE+gJnouzhmFbajQVKHRCYul5B+a +vUS0HlUfu8p7dC0wMTv5jBWHN54XHK4Wnbm4Yea03Xv1HMQS/82MfLQgctheHqeg +J8dNhzmrk8GqpOCi4QfSHHUvLCUBxWO4hFVjXKL8BfJbhhBjyTnTj0zGc+Iw+Glh +am0+q2oFmhvLYrCxHvVIRE9iy96/+AyIACWOG8IOU2civ9Y/jY9SMmJEPQOmBfem +OVwovQxdDGKvTcrVjZzAk/BeEAgg0VoYKpe9ePxK/6n8J09jOpvD+DktbAB7+bww +2F3swdFqyTbLWL4bR4YuHLbqJQbsDm+58iAZWaL4ZOf+iABZqFKa3xhzrrbRHD00 +Qxr+9+3EdXGGs+UDLs9rLzVN4ryP7WHyEMDAI7/OAGTdsJet0JIIWKP3ZvWuRMe/ +AjcGQ/8+xzhN8w/kXdAvf4Vy6VVYTdJipg84CRz1KFQ5P/z92IMzPnbVFljydRX2 +k89ueN1fTMFVlCUI9AyIJeJ6Cx198JHf3eIGBgIZVpAcZG0DyeDU+xCgRZOOH2ug +1bhjhmrQQMSkKtRn7QARAQABiQI8BBgBCgAmAhsMFiEE2811eEYGmzkuqUAdZle+ +io0e6AcFAl+Jdg8FCQWpjzkACgkQZle+io0e6Afw7A//ekxnx2ugVtb9pFMh1Cpq +XZOtlIWc+PZ07DrtSXjCNnAzC5Cmj8nii7Eac1dqnDqBtXWpe3YI7cyrFnc9B8a6 +2xLNKwSTuMTpoNdkr/X7bU6HE7dm0DHt3dtFYoW4vjQxMdj3sp3GLpQ3fDzXw5If +L1lCUKE4aopl6FQEcCjbh9qA8rRnHiKfgWSzh/B0c9BEh/ZwgBsN4FV+r0D7Y2zI +KCFxwJwCZCHtm6MslB7tmZg+gho8RkkiAjM0oXA7zZHMjyhuQWzhkaW3oWjHDjoh +h9DbLnVDzrMsULfdGz/1Plhz4bzkxpND6hmjn/EAxLGhpQoXd8FSvrghpetLM3MU +LG4M5REFVBt7U1uEBn8y91yuWx77ho9N1W+OdNOWOOlAlD+GZBGA7MNR65+W5Dzj +/z3PEs9TELfp8NVN0F2xy8S2/HwfNgeqAzGpBz4GsO9x8WMG2lw7MAW+gVU3POkZ +l0R9fkrTmw4iafodehKnbEsqdebUjPNBkX9SmjSsXDAODe/4u4/TP89nylk+70wB +nXIPL4WR9DA0Pb0ZmLLkGbaDYnmVV58kPyCwID4Yi6Xcj330FdAaVinevAvJBIaD +D9A94elI/PGTrmqcjgr7Kwb0e0kDlYfi/ijI4dV4MVrzybqFOCaMeKIPOfxs9FIv +BETmMh4Ocqj6rAQZs+ofBe6JAjYEGAEKACACGwwWIQTbzXV4RgabOS6pQB1mV76K +jR7oBwUCY1E8SAAKCRBmV76KjR7oBwM+D/0evufvIWftzdge63hol1k4LdZSiSD9 +bh+h8fb/Mm+2HIS8RweHr1+CS8CW/Om9MJoW0ZDsCmC0vU44/vLL3JzbP4+BDuVF +dky1XX/9Z73Fn/LpakITyXd6YJMsknzAA4ZEzhe4uModNSH5IU818I+/Vyvbe1nX +Hfg2FYva4zVn9E5Gd4vpHBF7D99dGg0vUINtux06WKfdsDB59MiZxCSWfqty+yTM +XWwh5fuFIxwjlkKVdrb45101MnUtzJDmxwPxjOpF+z2tJ0qIvs6Zu6FDEh7fcaJM +mKAPtVXKRxTYaS6j7fpNk5ACFgiHDb+0mI60fH0eiQSqp9Q7cyYbt1yiW2bKY4Pg +qDOtcLT+uIYYVmxBHTLx38gT3Gp83O7WqNZ9ouctIXAXHWwTNsKzMhwgaEmmPbkP +7VO8oZZ9hVphirmijgNO1Oz7Qqh5ORYwsGdvYtbPXD4ZUSpqFT5bTMHS5TKPHf70 +5alkwYuwYfLs4m2zYsKadQ+vq12ZX7Z6+DbjfzWAEhzqLP2Y8yGnFSBSmULsALnj +Zg3RN5sxJe3fhTze09Fm8OTopTLoDH5fR91VPhRLGHahvV1Sm/H4ZdtAXTPsHP20 +phAc8mK2DgEM0k7vDO5RtV4xTLjBopiciXIBL+TzCKGmDRX2+9nTyF3Kx9qjN52H +EFFJ1mTed/J7VrkCDQRdok4KARAAyG97rjKhP8Uie1i/16SekDo+GkpodBmvhrZi +Zdwg75YxriHhgioe2AKKmQItOdZOY+mVqMA63FmByDlPodHmQnrIAn/gr7p5V3lM ++l0oVTI8maPO39iT7Nh6W/rv4ni8eMBkL6P2cPPaTpcv76qWl/WcMiEflPNSAFax +yIapq04rafthcIILWmOBbQ+liMn9YT7a6w3nF/Ig4Zxx7hoQE6/HrTC8HcENpCAc +eQQYAqIrlu8F5y1AQVWHjtyCPee1z/8lPNnPg40lSbXozg5kQDP965Pge6XReUoU +VVRcgeiSUfkHdYPIkh/tkFy1MtzTNizebuadqE41Ds6BD1maO5cpGc5iFnf+YY01 +vWIhwvgPMbAsUKrPOw/RyvYSwOrnWeghpKuIRv+sBcDY0jJ799CHB2c8eiAYoTRm +64rKyYS8RIilqTCmIHnpoSIq3n1wOlMVX4sB4N4CfAZRAbI9LZfx1QEYn0dst9+m +CDRJ/ALBxocKz0wRTpwU5nwP1Zz9TZVh81wn1Ypj+mFb3aBggpwMLxbifmbsZmd1 +MwW9k3p2WTs8M1dLFM2ZNA9QmkgRSVFN6GTTpAyDOs+ZSGYM7MisG9/EvFbNx2BP +g6qZH7JeMnlOZXXOg8K5VcLkiGuL1brOHlg94Axha8ffMmqjsde6XOAgvSl5P9k4 +7SWOcZkAEQEAAYkCPAQYAQoAJgIbIBYhBNvNdXhGBps5LqlAHWZXvoqNHugHBQJf +iXYPBQkFqY8FAAoJEGZXvoqNHugHuLUP+gJ01mSEs3+0jriWqg7V+Q59rulMVrUd +V2mjBtzz3gvF9PLiEnVEl7EgGdLpVIr/Wr9QIiUnS1NNrDz8oeDf54Q+OXtQOicz +GClK+yWSm/CM02+HATFws66umAl4GQ4XqAJwdSDDKIHCP1/0VqXNQUOWW0GCCGCA +dn55u4pf+B1rmkA3cWhN51SvAriA/YcGqmyJZgXO+qZOPWNHxNUdgq9lVEO132dh +DzH1b9ufnvQMDxF2V681fQ7E3zWEJZZbYLRB4jrSz8oxipGRGKgDLiR7lyQ/xRU1 +61jSawblBTcIRXK9c4hv178xQWAInMjtHst4YCpvclG26ypZLCzvw6swfnXf3A6Q +4A8pZQVvogWZ01dlgofwHm8qlYxT7wSqeicOu3FkSHD8vNwkXnMLqxwkFr4BcSef +zCiXulyMcb3h67ZfXAYAFGrrR581vGEtXy+xfXK5PqBX7CWEl3Vs2an9whEncZuv +1I9iyXDUmGP7Y373JjqNtpS2GMMPA73knB7eI/zpVS5qoxUlqw35Pldvt+L4E3hv +rvE7iZE3w4lB9WUyY1OnSRDU10l2rqWtPtyk3LE2ed5hz5I+gy8/RsXrAooMBXIG +V/GJrhye45wf5F/XQqPulnj38sKhmrQCQTubPgJwG/kTpNdrA3YukE3E7T5ejaGT +T2n5nKat6bj7iQI2BBgBCgAgAhsgFiEE2811eEYGmzkuqUAdZle+io0e6AcFAmNR +PEgACgkQZle+io0e6AfQpg/+K0gD0WVyXYLOEM6jCvtz5/f9nDQnqj90ck9VfpuN +QG+cMSK/u3T4ya0k3UDWxEyRih0BzChOlmwnaupBwN7ZbYAzxM0sglwseSdAPpCE +s63RTnaAxpSWFocsUxtJngSoPnnmD1fVbWL3/j9j6jZkT4NB/l2ekDngMyRqt104 +BmabaLdz44X1VDgg0tXyACkZ8c/8ISBOoPSFg2n9FuCmhI9Atu6hjCFQZOA/youA +fXzeUxU3iFw5UhyNP084jZ9AK2xwp+rB3JzvzMdiqO3OBFemuiU4/ZKQKFg5a/n4 +UAZtO8V2DGe76o1N9uFUvQ41RSAXolPUOTXiZvP4GfiGIhJUXV96QaPHhKWybKlr +4MWG5PpwfuWnGoP8vXtLmz2TDRUfEBOQBzYRBRvXmzekq8nFQCM7dGofLLEchMRv +lYHab2fquGmXiY3LfzyQX+vS3FO9/m2POJcdXcQvSq4MXIzOEzXnJKw5HemfZ3ae +/AlTTfE4og/AYLwacECY6CZqUFOYtQeVx9hSXV97XnoKotde66D4RyFgzFbsIBM/ +bA5qyvdpKb60hqjpj/rhXjlnhH8KwAwOlaPVgI1cgnW8uJTElJEtqHPhuRkU6y9f +au4EZ+tsmaxJ0whuziG1/3LJ62AIM9ZpixDEj4GQYaRdkFrx/1IKiUOlw5GQC3y2 +zxs= +=MmP2 -----END PGP PUBLIC KEY BLOCK----- diff --git a/krebs/3modules/sync-containers.nix b/krebs/3modules/sync-containers.nix index e2caa0834..60ca993e6 100644 --- a/krebs/3modules/sync-containers.nix +++ b/krebs/3modules/sync-containers.nix @@ -5,27 +5,55 @@ with import ; plain = "/var/lib/containers/${cname}/var/state"; ecryptfs = "${cfg.dataLocation}/${cname}/ecryptfs"; securefs = "${cfg.dataLocation}/${cname}/securefs"; + luksfile = "${cfg.dataLocation}/${cname}/luksfile"; + }; + init = cname: { + plain = '' + echo 'no need for init' + ''; + ecryptfs = '' + ${pkgs.ecrypt}/bin/ecrypt init ${cfg.dataLocation}/${cname}/ecryptfs /var/lib/containers/${cname}/var/state + ''; + securefs = '' + ${pkgs.securefs}/bin/securefs create --format 3 ${cfg.dataLocation}/${cname}/securefs + ''; + luksfile = '' + ${pkgs.coreutils}/bin/truncate -s 10G '${(paths cname).luksfile}/fs.luks' + ${pkgs.cryptsetup}/bin/cryptsetup luksFormat '${(paths cname).luksfile}/fs.luks' + ${pkgs.cryptsetup}/bin/cryptsetup luksOpen '${(paths cname).luksfile}/fs.luks' 'luksfile-${cname}' + ${pkgs.xfsprogs}/bin/mkfs.xfs '/dev/mapper/luksfile-${cname}' + ''; }; start = cname: { plain = '' : ''; ecryptfs = '' - if ! mount | grep -q '${cfg.dataLocation}/${cname}/ecryptfs on /var/lib/containers/${cname}/var/state type ecryptfs'; then - if [ -e ${cfg.dataLocation}/${cname}/ecryptfs/.cfg.json ]; then + + if [ -e ${cfg.dataLocation}/${cname}/ecryptfs/.cfg.json ]; then + if ! mount | grep -q '${cfg.dataLocation}/${cname}/ecryptfs on /var/lib/containers/${cname}/var/state type ecryptfs'; then ${pkgs.ecrypt}/bin/ecrypt mount ${cfg.dataLocation}/${cname}/ecryptfs /var/lib/containers/${cname}/var/state - else - ${pkgs.ecrypt}/bin/ecrypt init ${cfg.dataLocation}/${cname}/ecryptfs /var/lib/containers/${cname}/var/state fi + else + echo 'please run init-${cname} first' + exit 1 fi ''; securefs = '' - ## TODO init file systems if it does not exist - # ${pkgs.securefs}/bin/securefs create --format 3 ${cfg.dataLocation}/${cname}/securefs + ## check if FS was initialized first if ! ${pkgs.mount}/bin/mount | grep -q '^securefs on /var/lib/containers/${cname}/var/state type fuse.securefs'; then ${pkgs.securefs}/bin/securefs mount ${cfg.dataLocation}/${cname}/securefs /var/lib/containers/${cname}/var/state -b -o allow_other -o default_permissions fi ''; + luksfile = '' + mkdir -p /var/lib/containers/${cname}/var/state + if ! test -e /dev/mapper/luksfile-${cname}; then + ${pkgs.cryptsetup}/bin/cryptsetup luksOpen '${(paths cname).luksfile}/fs.luks' 'luksfile-${cname}' + fi + if ! ${pkgs.mount}/bin/mount | grep -q '^/dev/mapper/luksfile-${cname} on /var/lib/containers/${cname}/var/state'; then + mount '/dev/mapper/luksfile-${cname}' '/var/lib/containers/${cname}/var/state' + fi + ''; }; stop = cname: { plain = '' @@ -37,12 +65,16 @@ with import ; securefs = '' umount /var/lib/containers/${cname}/var/state ''; + luksfile = '' + umount /var/lib/containers/${cname}/var/state + ${pkgs.cryptsetup}/bin/cryptsetup luksClose luksfile-${cname} + ''; }; in { options.krebs.sync-containers = { dataLocation = mkOption { description = '' - location where the encrypted sync-container lie around + location where the encrypted sync-containers lie around ''; default = "/var/lib/sync-containers"; type = types.absolute-pathname; @@ -64,25 +96,11 @@ in { default = []; type = types.listOf types.str; }; - hostIp = mkOption { # TODO find this automatically - description = '' - hostAddress of the privateNetwork - ''; - example = "10.233.2.15"; - type = types.str; - }; - localIp = mkOption { # TODO find this automatically - description = '' - localAddress of the privateNetwork - ''; - example = "10.233.2.16"; - type = types.str; - }; format = mkOption { description = '' file system encrption format of the container ''; - type = types.enum [ "plain" "ecryptfs" "securefs" ]; + type = types.enum [ "plain" "ecryptfs" "securefs" "luksfile" ]; }; }; })); @@ -102,12 +120,11 @@ in { ignorePerms = false; })) cfg.containers); - krebs.permown = (mapAttrs' (_: ctr: nameValuePair "${(paths ctr.name).${ctr.format}}" ({ - file-mode = "u+rw"; - directory-mode = "u+rwx"; - owner = "syncthing"; - keepGoing = false; - })) cfg.containers); + krebs.acl = mapAttrs' (_: ctr: nameValuePair "${(paths ctr.name).${ctr.format}}" { + "u:syncthing:rX".parents = true; + "u:syncthing:rwX" = {}; + }) cfg.containers; + systemd.services = mapAttrs' (n: ctr: nameValuePair "containers@${ctr.name}" ({ reloadIfChanged = mkForce false; @@ -116,8 +133,11 @@ in { containers = mapAttrs' (n: ctr: nameValuePair ctr.name ({ config = { ... }: { environment.systemPackages = [ + pkgs.dhcpcd pkgs.git + pkgs.jq ]; + networking.useDHCP = mkForce true; system.activationScripts.fuse = { text = '' ${pkgs.coreutils}/bin/mknod /dev/fuse c 10 229 @@ -131,11 +151,57 @@ in { autoStart = false; enableTun = true; privateNetwork = true; - hostAddress = ctr.hostIp; - localAddress = ctr.localIp; + hostBridge = "ctr0"; })) cfg.containers; - environment.systemPackages = flatten (mapAttrsToList (n: ctr: [ + networking.networkmanager.unmanaged = [ "ctr0" ]; + networking.bridges.ctr0.interfaces = []; + networking.interfaces.ctr0.ipv4.addresses = [{ + address = "10.233.0.1"; + prefixLength = 24; + }]; + # networking.nat = { + # enable = true; + # externalInterface = lib.mkDefault "et0"; + # internalInterfaces = [ "ctr0" ]; + # }; + services.dhcpd4 = { + enable = true; + interfaces = [ "ctr0" ]; + extraConfig = '' + option subnet-mask 255.255.255.0; + option routers 10.233.0.1; + # option domain-name-servers 8.8.8.8; # TODO configure dns server + subnet 10.233.0.0 netmask 255.255.255.0 { + range 10.233.0.10 10.233.0.250; + } + ''; + }; + + users.users.root.packages = flatten (mapAttrsToList (n: ctr: [ + (pkgs.writeDashBin "init-${ctr.name}" '' + set -euf + set -x + + mkdir -p /var/lib/containers/${ctr.name}/var/state + STATE=$(/run/current-system/sw/bin/nixos-container status ${ctr.name}) + if [ "$STATE" = 'up' ]; then + /run/current-system/sw/bin/nixos-container stop ${ctr.name} + fi + ${(init ctr.name).${ctr.format}} + ${(start ctr.name).${ctr.format}} + /run/current-system/sw/bin/nixos-container start ${ctr.name} + /run/current-system/sw/bin/nixos-container run ${ctr.name} -- ${pkgs.writeDash "deploy-${ctr.name}" '' + set -x + + mkdir -p /var/state/var_src + ln -sfTr /var/state/var_src /var/src + touch /etc/NIXOS + ''} + target_ip=$(/run/current-system/sw/bin/nixos-container run ${ctr.name} -- ip -j a s eth0 | jq -r '.[].addr_info[] | select(.family=="inet") | .local') + + echo "deploy to $target_ip" + '') (pkgs.writeDashBin "start-${ctr.name}" '' set -euf set -x @@ -144,12 +210,12 @@ in { ${(start ctr.name).${ctr.format}} - STATE=$(${pkgs.nixos-container}/bin/nixos-container status ${ctr.name}) + STATE=$(/run/current-system/sw/bin/nixos-container status ${ctr.name}) if [ "$STATE" = 'down' ]; then - ${pkgs.nixos-container}/bin/nixos-container start ${ctr.name} + /run/current-system/sw/bin/nixos-container start ${ctr.name} fi - ${pkgs.nixos-container}/bin/nixos-container run ${ctr.name} -- ${pkgs.writeDash "deploy-${ctr.name}" '' + /run/current-system/sw/bin/nixos-container run ${ctr.name} -- ${pkgs.writeDash "deploy-${ctr.name}" '' set -x mkdir -p /var/state/var_src @@ -158,15 +224,17 @@ in { ''} if [ -h /var/lib/containers/${ctr.name}/var/src/nixos-config ] && (! ping -c1 -q -w5 ${ctr.name}.r); then - ${pkgs.nixos-container}/bin/nixos-container run ${ctr.name} -- nixos-rebuild -I /var/src switch + /run/current-system/sw/bin/nixos-container run ${ctr.name} -- nixos-rebuild -I /var/src switch else + echo 'no nixos config, or target already online, bailing out' ${(stop ctr.name).${ctr.format}} + /run/current-system/sw/bin/nixos-container stop ${ctr.name} fi '') (pkgs.writeDashBin "stop-${ctr.name}" '' set -euf - ${pkgs.nixos-container}/bin/nixos-container stop ${ctr.name} + /run/current-system/sw/bin/nixos-container stop ${ctr.name} ${(stop ctr.name).${ctr.format}} '') ]) cfg.containers); diff --git a/krebs/5pkgs/simple/ergo/default.nix b/krebs/5pkgs/simple/ergo/default.nix deleted file mode 100644 index 2c9223eed..000000000 --- a/krebs/5pkgs/simple/ergo/default.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ buildGo117Module , fetchFromGitHub, lib }: - -buildGo117Module rec { - pname = "ergo"; - version = "2.9.1"; - - src = fetchFromGitHub { - owner = "ergochat"; - repo = "ergo"; - rev = "v${version}"; - sha256 = "sha256-RxsmkTfHymferS/FRW0sLnstKfvGXkW6cEb/JbeS4lc="; - }; - - vendorSha256 = null; - - meta = { - description = "A modern IRC server (daemon/ircd) written in Go"; - homepage = "https://github.com/ergochat/ergo"; - license = lib.licenses.mit; - maintainers = with lib.maintainers; [ lassulus tv ]; - platforms = lib.platforms.linux; - }; -} diff --git a/krebs/5pkgs/simple/hashPassword/default.nix b/krebs/5pkgs/simple/hashPassword/default.nix index 3c604be80..8d3ba2525 100644 --- a/krebs/5pkgs/simple/hashPassword/default.nix +++ b/krebs/5pkgs/simple/hashPassword/default.nix @@ -1,6 +1,6 @@ { lib, pkgs, ... }: -pkgs.writeDashBin "hashPassword" '' +pkgs.writers.writeDashBin "hashPassword" '' # usage: hashPassword [...] set -euf diff --git a/krebs/5pkgs/simple/nix-prefetch-github.nix b/krebs/5pkgs/simple/nix-prefetch-github.nix deleted file mode 100644 index 14096c33f..000000000 --- a/krebs/5pkgs/simple/nix-prefetch-github.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ curl, jq, nix, writeDashBin }: - -writeDashBin "nix-prefetch-github" '' - # usage: nix-prefetch-github OWNER REPO [REF] - set -efu - - owner=$1 - repo=$2 - ref=''${3-master} - - info_url=https://api.github.com/repos/$owner/$repo/commits/$ref - info=$(${curl}/bin/curl -fsS "$info_url") - rev=$(printf %s "$info" | ${jq}/bin/jq -r .sha) - - name=$owner-$repo-$ref - url=https://github.com/$owner/$repo/tarball/$rev - sha256=$(${nix}/bin/nix-prefetch-url --name "$name" --unpack "$url") - - export owner repo rev sha256 - ${jq}/bin/jq -n ' - env | { - owner, repo, rev, sha256 - } - ' -'' diff --git a/krebs/5pkgs/simple/stable-generate/default.nix b/krebs/5pkgs/simple/stable-generate/default.nix new file mode 100644 index 000000000..fac261613 --- /dev/null +++ b/krebs/5pkgs/simple/stable-generate/default.nix @@ -0,0 +1,64 @@ +{ pkgs, lib, ... }: + +pkgs.writers.writeDashBin "stable-generate" '' + set -efu + + export PATH=${lib.makeBinPath [ + pkgs.curl + pkgs.jq + ]} + + STABLE_URL=''${STABLE_URL:-http://stable-confusion.r} + + PAYLOAD=$(jq -cn --arg query "$*" '{fn_index: 51, data: [ + $query, + "", + "None", + "None", + 20, # sampling steps + "Euler a", # sampling method + false, # restore faces + false, + 1, + 1, + 7, + -1, + -1, + 0, + 0, + 0, + false, + 512, #probably resolution + 512, #probably resolution + false, + 0.7, + 0, + 0, + "None", + "", + false, + false, + false, + "", + "Seed", + "", + "Nothing", + "", + true, + false, + false, + null, + "", + ""], session_hash: "hello_this_is_dog"}') + + data=$(curl -Ssf "$STABLE_URL/run/predict/" \ + -X POST \ + --Header 'Content-Type: application/json' \ + --data "$PAYLOAD" + ) + export data + + filename=$(jq -rn 'env.data | fromjson.data[0][0].name') + + echo "$STABLE_URL/file=$filename" +'' diff --git a/krebs/5pkgs/simple/weechat-declarative/default.nix b/krebs/5pkgs/simple/weechat-declarative/default.nix index 5f9c8635b..93c73761c 100644 --- a/krebs/5pkgs/simple/weechat-declarative/default.nix +++ b/krebs/5pkgs/simple/weechat-declarative/default.nix @@ -33,7 +33,7 @@ let eval = lib.evalModules { modules = lib.singleton { - _file = toString ./weechat-declarative.nix; + _file = toString ./default.nix; imports = lib.singleton config; options = { scripts = lib.mkOption { @@ -148,7 +148,8 @@ let ${lib.concatStringsSep "\n" (lib.mapAttrsToList (name: target: /* sh */ '' - ${pkgs.coreutils}/bin/ln -s ${lib.escapeShellArg target} "$CONFDIR"/${lib.escapeShellArg name} + ${pkgs.coreutils}/bin/cp ${lib.escapeShellArg target} "$CONFDIR"/${lib.escapeShellArg name} + ${pkgs.coreutils}/bin/chmod +w "$CONFDIR"/${lib.escapeShellArg name} '') cfg.files ) diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index cd0c57f92..a5d67f2fc 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "d40fea9aeb8840fea0d377baa4b38e39b9582458", - "date": "2022-10-31T16:44:53+01:00", - "path": "/nix/store/6z1f9z44ljsxvn0kzlpz03a5m7lbh096-nixpkgs", - "sha256": "1ikpccnyi0b7ql6jak4g3wl4876njybpvknfs6gin461xjp5fi24", + "rev": "b457130e8a21608675ddf12c7d85227b22a27112", + "date": "2022-11-16T11:03:19+00:00", + "path": "/nix/store/jr123qfmrl53imi48naxh6zs486fqmz2-nixpkgs", + "sha256": "16cjrr3np3f428lxw8yk6n2dqi7mg08zf6h6gv75zpw865jz44df", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index a06b47fb1..f836f63f9 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "1b4722674c315de0e191d0d79790b4eac51570a1", - "date": "2022-10-31T23:14:26+01:00", - "path": "/nix/store/byvkpdxd5pwixshrfrxgl0z2xc9y9hcs-nixpkgs", - "sha256": "0ykbqcfwx338m1jcln9pj629byxbyr448d88wsryp8sf6p611cv2", + "rev": "6474d93e007e4d165bcf48e7f87de2175c93d10b", + "date": "2022-11-16T11:41:31+01:00", + "path": "/nix/store/z86f31carhz3sf78kn3lkyq748drgp63-nixpkgs", + "sha256": "00swm7hz3fjyzps75bjyqviw6dqg2cc126wc7lcc1rjkpdyk5iwg", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix index 5cf7d9242..4c98091f1 100644 --- a/lass/1systems/green/config.nix +++ b/lass/1systems/green/config.nix @@ -11,78 +11,50 @@ with import ; - + - + + + + + ]; krebs.build.host = config.krebs.hosts.green; - users.users.mainUser.openssh.authorizedKeys.keys = [ - config.krebs.users.lass-android.pubkey - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0rn3003CkJMk3jZrh/3MC6nVorHRymlFSI4x1brCKY" # weechat ssh tunnel - ]; - - krebs.bindfs = { - "/home/lass/.weechat" = { - source = "/var/state/lass_weechat"; - options = [ - "-M ${concatMapStringsSep ":" (u: toString config.users.users.${u}.uid) [ "syncthing" "mainUser" ]}" - "--create-for-user=${toString config.users.users.syncthing.uid}" - ]; - }; - "/home/lass/Maildir" = { - source = "/var/state/lass_mail"; - options = [ - "-M ${toString config.users.users.mainUser.uid}" - ]; - }; - "/var/lib/bitlbee" = { - source = "/var/state/bitlbee"; - options = [ - "-M ${toString config.users.users.bitlbee.uid}" - ]; - clearTarget = true; - }; - "/home/lass/.ssh" = { - source = "/var/state/lass_ssh"; - options = [ - "-M ${toString config.users.users.mainUser.uid}" - ]; - clearTarget = true; - }; - "/home/lass/.gnupg" = { - source = "/var/state/lass_gnupg"; - options = [ - "-M ${toString config.users.users.mainUser.uid}" - ]; - clearTarget = true; - }; - "/var/lib/git" = { - source = "/var/state/git"; - options = [ - "-M ${toString config.users.users.git.uid}" - ]; - clearTarget = true; - }; + lass.sync-containers3.inContainer = { + enable = true; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlUMf943qEQG64ob81p6dgoHq4jUjq7tSvmSdEOEU2y"; }; - systemd.services."bindfs-_home_lass_Maildir".serviceConfig.ExecStartPost = pkgs.writeDash "symlink-notmuch" '' - sleep 1 - mkdir -p /home/lass/notmuch - chown lass: /home/lass/notmuch - ln -sfTr /home/lass/notmuch /home/lass/Maildir/.notmuch + systemd.tmpfiles.rules = [ + "d /home/lass/.local/share 0700 lass users -" + "d /home/lass/.local 0700 lass users -" - mkdir -p /home/lass/notmuch/muchsync - chown lass: /home/lass/notmuch/muchsync - mkdir -p /home/lass/Maildir/.muchsync - ln -sfTr /home/lass/Maildir/.muchsync /home/lass/notmuch/muchsync/tmp - ''; + "d /var/state/lass_mail 0700 lass users -" + "L+ /home/lass/Maildir - - - - ../../var/state/lass_mail" + + "d /var/state/lass_ssh 0700 lass users -" + "L+ /home/lass/.ssh - - - - ../../var/state/lass_ssh" + "d /var/state/lass_gpg 0700 lass users -" + "L+ /home/lass/.gnupg - - - - ../../var/state/lass_gpg" + "d /var/state/lass_sync 0700 lass users -" + "L+ /home/lass/sync - - - - ../../var/state/lass_sync" + + "d /var/state/git 0700 git nogroup -" + "L+ /var/lib/git - - - - ../../var/state/git" + ]; + + users.users.mainUser.openssh.authorizedKeys.keys = [ + config.krebs.users.lass-android.pubkey + config.krebs.users.lass-tablet.pubkey + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKgpZwye6yavIs3gUIYvSi70spDa0apL2yHR0ASW74z8" # weechat ssh tunnel + ]; krebs.iptables.tables.nat.PREROUTING.rules = [ { predicate = "-i eth0 -p tcp -m tcp --dport 22"; target = "ACCEPT"; precedence = 101; } @@ -93,4 +65,11 @@ with import ; HostKeyAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms +ssh-rsa ''; + + services.dovecot2 = { + enable = true; + mailLocation = "maildir:~/Maildir"; + }; + + networking.firewall.allowedTCPPorts = [ 143 ]; } diff --git a/lass/1systems/green/physical.nix b/lass/1systems/green/physical.nix index b6aa3a894..8577daf34 100644 --- a/lass/1systems/green/physical.nix +++ b/lass/1systems/green/physical.nix @@ -3,5 +3,5 @@ ./config.nix ]; boot.isContainer = true; - networking.useDHCP = false; + networking.useDHCP = true; } diff --git a/lass/1systems/green/source.nix b/lass/1systems/green/source.nix index da137e064..4acdb0c26 100644 --- a/lass/1systems/green/source.nix +++ b/lass/1systems/green/source.nix @@ -1,4 +1,6 @@ -{ lib, pkgs, test, ... }: -if test then {} else { +{ lib, pkgs, test, ... }: let + npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json; +in if test then {} else { + nixpkgs.git.ref = lib.mkForce npkgs.rev; nixpkgs-unstable = lib.mkForce { file = "/var/empty"; }; } diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 5d6a440e0..ef538f339 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -1,6 +1,5 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: -with import ; { imports = [ @@ -17,11 +16,10 @@ with import ; - + - - - + + ]; diff --git a/lass/1systems/shodan/physical.nix b/lass/1systems/shodan/physical.nix index 55e91b0e4..f94edcf9b 100644 --- a/lass/1systems/shodan/physical.nix +++ b/lass/1systems/shodan/physical.nix @@ -11,7 +11,6 @@ loader.grub.device = "/dev/sda"; initrd.luks.devices.lusksroot.device = "/dev/sda2"; - initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; }; fileSystems = { @@ -28,11 +27,6 @@ fsType = "btrfs"; options = ["defaults" "noatime" "ssd" "compress=lzo"]; }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; "/bku" = { device = "/dev/pool/bku"; fsType = "btrfs"; diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 554882bf3..f5071c4b7 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -154,6 +154,7 @@ with import ; tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } # nginx web dir { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } # transmission-web + { predicate = "-p tcp --dport 9092"; target = "ACCEPT"; } # magnetico webinterface { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } # transmission-traffic { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } # transmission-traffic { predicate = "-p tcp --dport 8096"; target = "ACCEPT"; } # jellyfin @@ -164,7 +165,7 @@ with import ; client dev tun proto udp - remote 196.240.57.43 1194 + remote 194.110.84.106 1194 resolv-retry infinite remote-random nobind @@ -174,7 +175,7 @@ with import ; persist-key persist-tun ping 15 - ping-restart 0 + ping-restart 15 ping-timer-rem reneg-sec 0 comp-lzo no @@ -250,7 +251,7 @@ with import ; path = [ pkgs.coreutils pkgs.findutils - pkgs.inotifyTools + pkgs.inotify-tools ]; serviceConfig = { Restart = "always"; @@ -271,4 +272,10 @@ with import ; enable = true; group = "download"; }; + + services.magnetico = { + enable = true; + web.address = "0.0.0.0"; + web.port = 9092; + }; } diff --git a/lass/2configs/alacritty.nix b/lass/2configs/alacritty.nix index 903ddf6cc..e5e001a4c 100644 --- a/lass/2configs/alacritty.nix +++ b/lass/2configs/alacritty.nix @@ -1,21 +1,23 @@ { config, lib, pkgs, ... }: let alacritty-cfg = extrVals: builtins.toJSON ({ - font = { + font = let + family = "Iosevka"; + in { normal = { - family = "Inconsolata"; + family = family; style = "Regular"; }; bold = { - family = "Inconsolata"; + family = family; style = "Bold"; }; italic = { - family = "Inconsolata"; + family = family; style = "Italic"; }; bold_italic = { - family = "Inconsolata"; + family = family; style = "Bold Italic"; }; size = 8; @@ -44,6 +46,7 @@ name = "alacritty"; paths = [ (pkgs.writeDashBin "alacritty" '' + ${pkgs.alacritty}/bin/alacritty --config-file /var/theme/config/alacritty.yaml msg create-window "$@" || ${pkgs.alacritty}/bin/alacritty --config-file /var/theme/config/alacritty.yaml "$@" '') pkgs.alacritty diff --git a/lass/2configs/atuin-server.nix b/lass/2configs/atuin-server.nix new file mode 100644 index 000000000..ad959a311 --- /dev/null +++ b/lass/2configs/atuin-server.nix @@ -0,0 +1,38 @@ +{ config, lib, pkgs, ... }: +{ + services.postgresql = { + enable = true; + dataDir = "/var/state/postgresql/${config.services.postgresql.package.psqlSchema}"; + ensureDatabases = [ "atuin" ]; + ensureUsers = [{ + name = "atuin"; + ensurePermissions."DATABASE atuin" = "ALL PRIVILEGES"; + }]; + }; + systemd.tmpfiles.rules = [ + "d /var/state/postgresql 0700 postgres postgres -" + ]; + users.groups.atuin = {}; + users.users.atuin = { + uid = pkgs.stockholm.lib.genid_uint31 "atuin"; + isSystemUser = true; + group = "atuin"; + home = "/run/atuin"; + createHome = true; + }; + + systemd.services.atuin = { + wantedBy = [ "multi-user.target" ]; + environment = { + ATUIN_HOST = "0.0.0.0"; + ATUIN_PORT = "8888"; + ATUIN_OPEN_REGISTRATION = "true"; + ATUIN_DB_URI = "postgres:///atuin"; + }; + serviceConfig = { + User = "atuin"; + ExecStart = "${pkgs.atuin}/bin/atuin server start"; + }; + }; + networking.firewall.allowedTCPPorts = [ 8888 ]; +} diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index d3775ddbe..01c6c8aff 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -7,7 +7,6 @@ in { ./alacritty.nix ./mpv.nix ./power-action.nix - ./copyq.nix ./urxvt.nix ./xdg-open.nix ./yubikey.nix @@ -80,7 +79,10 @@ in { powertop rxvt-unicode sshvnc - sxiv + (pkgs.writers.writeDashBin "sxiv" '' + ${pkgs.nsxiv}/bin/nsxiv "$@" + '') + nsxiv taskwarrior termite transgui @@ -105,10 +107,56 @@ in { enableGhostscriptFonts = true; fonts = with pkgs; [ - hack-font xorg.fontschumachermisc - terminus_font_ttf inconsolata + noto-fonts + (iosevka.override { + # https://typeof.net/Iosevka/customizer + privateBuildPlan = { + family = "Iosevka"; + spacing = "term"; + serifs = "slab"; + no-ligation = true; + + variants.design = { + capital-i = "serifless"; + capital-j = "serifless"; + a = "double-storey-tailed"; + b = "toothless-corner"; + d = "toothless-corner-serifless"; + f = "flat-hook-tailed"; + g = "earless-corner"; + i = "hooky"; + j = "serifless"; + l = "tailed"; + + m = "earless-corner-double-arch"; + n = "earless-corner-straight"; + p = "earless-corner"; + q = "earless-corner"; + r = "earless-corner"; + u = "toothless-rounded"; + y = "cursive-flat-hook"; + + one = "no-base-long-top-serif"; + two = "straight-neck"; + three = "flat-top"; + four = "open"; + six = "open-contour"; + seven = "straight-serifless"; + eight = "two-circles"; + nine = "open-contour"; + tilde = "low"; + asterisk = "hex-low"; + number-sign = "upright"; + at = "short"; + dollar = "open"; + percent = "dots"; + question = "corner-flat-hooked"; + }; + }; + set = "kookiefonts"; + }) ]; }; @@ -174,4 +222,20 @@ in { ''; }; }; + + services.clipmenu.enable = true; + + # synchronize all the clipboards + systemd.user.services.autocutsel = { + enable = true; + wantedBy = [ "graphical-session.target" ]; + after = [ "graphical-session.target" ]; + serviceConfig = { + Type = "forking"; + ExecStart = pkgs.writers.writeDash "autocutsel" '' + ${pkgs.autocutsel}/bin/autocutsel -fork -selection PRIMARY + ${pkgs.autocutsel}/bin/autocutsel -fork -selection CLIPBOARD + ''; + }; + }; } diff --git a/lass/2configs/consul.nix b/lass/2configs/consul.nix new file mode 100644 index 000000000..b8d925de5 --- /dev/null +++ b/lass/2configs/consul.nix @@ -0,0 +1,43 @@ +{ config, lib, pkgs, ... }: +{ + services.consul = { + enable = true; + # dropPrivileges = false; + webUi = true; + # interface.bind = "retiolum"; + extraConfig = { + bind_addr = config.krebs.build.host.nets.retiolum.ip4.addr; + bootstrap_expect = 3; + server = true; + # retry_join = config.services.consul.extraConfig.start_join; + retry_join = lib.mapAttrsToList (n: h: + lib.head h.nets.retiolum.aliases + ) (lib.filterAttrs (n: h: h.consul) config.krebs.hosts); + rejoin_after_leave = true; + + # try to fix random lock loss on leader reelection + retry_interval = "3s"; + performance = { + raft_multiplier = 8; + }; + }; + }; + + environment.etc."consul.d/testservice.json".text = builtins.toJSON { + service = { + name = "testing"; + }; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 8300"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 8301"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 8301"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 8302"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 8302"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 8400"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 8500"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 8600"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 8500"; target = "ACCEPT"; } + ]; +} diff --git a/lass/2configs/et-server.nix b/lass/2configs/et-server.nix new file mode 100644 index 000000000..19961fb84 --- /dev/null +++ b/lass/2configs/et-server.nix @@ -0,0 +1,7 @@ +{ config, lib, pkgs, ... }: +{ + services.eternal-terminal = { + enable = true; + }; + networking.firewall.allowedTCPPorts = [ config.services.eternal-terminal.port ]; +} diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix index a83ed0544..1e41e8e02 100644 --- a/lass/2configs/green-host.nix +++ b/lass/2configs/green-host.nix @@ -2,32 +2,9 @@ { imports = [ - ]; - krebs.sync-containers.containers.green = { - peers = [ - "echelon" - "icarus" - "littleT" - "mors" - "shodan" - "skynet" - "styx" - ]; - hostIp = "10.233.2.15"; - localIp = "10.233.2.16"; - format = "ecryptfs"; - }; - services.borgbackup.jobs.sync-green = { - encryption.mode = "none"; - paths = "/var/lib/sync-containers/green/ecryptfs"; - repo = "/var/lib/sync-containers/green/backup"; - compression = "auto,lzma"; - startAt = "daily"; - prune.keep = { - daily = 7; - weekly = 4; - }; + lass.sync-containers3.containers.green = { + sshKey = "${toString }/green.sync.key"; }; } diff --git a/lass/2configs/red-host.nix b/lass/2configs/red-host.nix new file mode 100644 index 000000000..cbd9c097e --- /dev/null +++ b/lass/2configs/red-host.nix @@ -0,0 +1,167 @@ +{ config, lib, pkgs, ... }: +let + ctr.name = "red"; +in +{ + imports = [ + + ]; + + + lass.sync-containers3.containers.red = { + sshKey = "${toString }/containers/red/sync.key"; + ephemeral = true; + }; + + # containers.${ctr.name} = { + # config = { + # environment.systemPackages = [ + # pkgs.dhcpcd + # pkgs.git + # pkgs.jq + # ]; + # networking.useDHCP = lib.mkForce true; + # systemd.services.autoswitch = { + # environment = { + # NIX_REMOTE = "daemon"; + # }; + # wantedBy = [ "multi-user.target" ]; + # serviceConfig.ExecStart = pkgs.writers.writeDash "autoswitch" '' + # if test -e /var/src/nixos-config; then + # /run/current-system/sw/bin/nixos-rebuild -I /var/src switch || : + # fi + # ''; + # unitConfig.X-StopOnRemoval = false; + # }; + # }; + # autoStart = false; + # enableTun = true; + # privateNetwork = true; + # hostBridge = "ctr0"; + # bindMounts = { + # "/etc/resolv.conf".hostPath = "/etc/resolv.conf"; + # "/var/lib/self-state/disk-image" = { + # hostPath = "/var/lib/sync-containers3/${ctr.name}"; + # isReadOnly = true; + # }; + # }; + # }; + + # systemd.services."${ctr.name}_scheduler" = { + # wantedBy = [ "multi-user.target" ]; + # path = with pkgs; [ + # coreutils + # consul + # cryptsetup + # mount + # util-linux + # systemd + # untilport + # ]; + # serviceConfig = { + # Restart = "always"; + # RestartSec = "15s"; + # ExecStart = "${pkgs.consul}/bin/consul lock container_${ctr.name} ${pkgs.writers.writeDash "${ctr.name}-start" '' + # set -efux + # trap ${pkgs.writers.writeDash "stop-${ctr.name}" '' + # set -efux + # /run/current-system/sw/bin/nixos-container stop ${ctr.name} || : + # umount /var/lib/nixos-containers/${ctr.name}/var/state || : + # cryptsetup luksClose ${ctr.name} || : + # ''} INT TERM EXIT + # consul kv put containers/${ctr.name}/host ${config.networking.hostName} + # cryptsetup luksOpen --key-file /var/src/secrets/containers/${ctr.name}/luks /var/lib/sync-containers3/${ctr.name}/disk ${ctr.name} + # mkdir -p /var/lib/nixos-containers/${ctr.name}/var/state + # mount /dev/mapper/${ctr.name} /var/lib/nixos-containers/${ctr.name}/var/state + # ln -frs /var/lib/nixos-containers/${ctr.name}/var/state/var_src /var/lib/nixos-containers/${ctr.name}/var/src + # /run/current-system/sw/bin/nixos-container start ${ctr.name} + # set +x + # until /run/wrappers/bin/ping -q -c 1 ${ctr.name}.r > /dev/null; do sleep 5; done + # while /run/wrappers/bin/ping -q -c 1 ${ctr.name}.r > /dev/null; do sleep 5; done + # ''}"; + # }; + # }; + + # users.groups."container_${ctr.name}" = {}; + # users.users."container_${ctr.name}" = { + # group = "container_${ctr.name}"; + # isSystemUser = true; + # home = "/var/lib/sync-containers3/${ctr.name}"; + # createHome = true; + # homeMode = "705"; + # openssh.authorizedKeys.keys = [ + # config.krebs.users.lass.pubkey + # ]; + # }; + + # systemd.timers."${ctr.name}_syncer" = { + # timerConfig = { + # RandomizedDelaySec = 300; + # }; + # }; + # systemd.services."${ctr.name}_syncer" = { + # path = with pkgs; [ + # coreutils + # rsync + # openssh + # systemd + # ]; + # startAt = "*:0/1"; + # serviceConfig = { + # User = "container_${ctr.name}"; + # LoadCredential = [ + # "ssh_key:${toString }/containers/${ctr.name}/sync.key" + # ]; + # ExecCondition = pkgs.writers.writeDash "${ctr.name}_checker" '' + # set -efu + # ! systemctl is-active --quiet container@${ctr.name}.service + # ''; + # ExecStart = pkgs.writers.writeDash "${ctr.name}_syncer" '' + # set -efu + # rsync -a -e "ssh -i $CREDENTIALS_DIRECTORY/ssh_key" --inplace container_sync@${ctr.name}.r:disk-image/disk $HOME/disk + # ''; + # }; + # }; + + # # networking + # networking.networkmanager.unmanaged = [ "ctr0" ]; + # networking.interfaces.dummy0.virtual = true; + # networking.bridges.ctr0.interfaces = [ "dummy0" ]; + # networking.interfaces.ctr0.ipv4.addresses = [{ + # address = "10.233.0.1"; + # prefixLength = 24; + # }]; + # systemd.services."dhcpd-ctr0" = { + # wantedBy = [ "multi-user.target" ]; + # after = [ "network.target" ]; + # serviceConfig = { + # Type = "forking"; + # Restart = "always"; + # DynamicUser = true; + # StateDirectory = "dhcpd-ctr0"; + # User = "dhcpd-ctr0"; + # Group = "dhcpd-ctr0"; + # AmbientCapabilities = [ + # "CAP_NET_RAW" # to send ICMP messages + # "CAP_NET_BIND_SERVICE" # to bind on DHCP port (67) + # ]; + # ExecStartPre = "${pkgs.coreutils}/bin/touch /var/lib/dhcpd-ctr0/dhcpd.leases"; + # ExecStart = "${pkgs.dhcp}/bin/dhcpd -4 -lf /var/lib/dhcpd-ctr0/dhcpd.leases -cf ${pkgs.writeText "dhpd.conf" '' + # default-lease-time 600; + # max-lease-time 7200; + # authoritative; + # ddns-update-style interim; + # log-facility local1; # see dhcpd.nix + + # option subnet-mask 255.255.255.0; + # option routers 10.233.0.1; + # # option domain-name-servers 8.8.8.8; # TODO configure dns server + # subnet 10.233.0.0 netmask 255.255.255.0 { + # range 10.233.0.10 10.233.0.250; + # } + # ''} ctr0"; + # }; + # }; + +} + diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix new file mode 100644 index 000000000..845a7e3b8 --- /dev/null +++ b/lass/2configs/weechat.nix @@ -0,0 +1,221 @@ +{ config, lib, pkgs, ... }: let + + weechat-configured = pkgs.weechat-declarative.override { + config = { + scripts = [ + pkgs.weechat-matrix + pkgs.weechatScripts.wee-slack + ]; + settings = { + irc.server_default.nicks = [ "lassulus" "hackulus" ]; + irc.server.bitlbee = { + addresses = "localhost/6666"; + command = "msg &bitlbee identify \${sec.data.bitlbee}"; + }; + irc.server.hackint = { + addresses = "irc.hackint.org/6697"; + autojoin = [ + "#c3-gsm" + "#panthermoderns" + "#36c3" + "#cccac" + "#nixos" + "#krebs" + "#c-base" + "#afra" + "#tvl" + "#eloop" + "#systemdultras" + "#rc3" + "#krebs-announce" + "#the_playlist" + "#germany" + "#hackint" + "#dezentrale" + "#hackerfleet \${sec.data.c3-gsm}" # TODO support channel passwords in a cooler way + ]; + ssl = true; + sasl_fail = "reconnect"; + sasl_username = "lassulus"; + sasl_password = "\${sec.data.hackint_sasl}"; + }; + irc.server.r = { + addresses = "irc.r"; + autojoin = [ + "#xxx" + "#autowifi" + "#brockman" + "#flix" + "#kollkoll" + "#noise" + "#mukke" + ]; + sasl_fail = "reconnect"; + sasl_username = "lassulus"; + sasl_password = "\${sec.data.r_sasl}"; + anti_flood_prio_high = 0; + anti_flood_prio_low = 0; + }; + irc.server.libera = { + addresses = "irc.libera.chat/6697"; + autojoin = [ + "#shackspace" + "#nixos" + "#krebs" + "#dezentrale" + "#tinc" + "#nixos-de" + "#fysi" + "#hillhacks" + "#nixos-rc3" + "#binaergewitter" + "#hackerfleet" + "#weechat" + ]; + ssl = true; + sasl_username = "lassulus"; + sasl_fail = "reconnect"; + sasl_password = "\${sec.data.libera_sasl}"; + }; + irc.server.news = { + addresses = "news.r"; + autojoin = [ + "#all" + "#aluhut" + "#querdenkos" + "#news" + "#drachengame" + ]; + anti_flood_prio_high = 0; + anti_flood_prio_low = 0; + }; + matrix.server.lassulus = { + address = "matrix.lassul.us"; + username = "lassulus"; + password = "\${sec.data.matrix_lassulus}"; + device_name = config.networking.hostName; + }; + matrix.server.nixos_dev = { + address = "matrix.nixos.dev"; + username = "@lassulus:nixos.dev"; + device_name = config.networking.hostName; + sso_helper_listening_port = 55123; + }; + plugins.var.python.go.short_name = true; + plugins.var.python.go.short_name_server = true; + plugins.var.python.go.fuzzy_search = true; + relay.network.password = "xxx"; # secret? + relay.port.weechat = 9998; + relay.weechat.commands = "*,!exec,!quit"; + weechat.look.buffer_time_format = "%m-%d_%H:%M:%S"; + weechat.look.item_time_format = "%m-%d_%H:%M:%S"; + irc.look.color_nicks_in_names = true; + irc.look.color_nicks_in_nicklist = true; + logger.file.mask = "$plugin.$name/%Y-%m-%d.weechatlog"; + logger.file.path = "/var/state/weechat_logs"; + logger.look.backlog = 1000; + weechat.notify.python.matrix.nixos_dev."!YLoVsCxScyQODoqIbb:hackint.org" = "none"; #c-base + weechat.notify.python.matrix.nixos_dev."!bohcSYPVoePqBDWlvE:hackint.org" = "none"; #krebs + weechat.notify.irc.news."#all" = "highlight"; + + # setting logger levels for channels is currently not possible declarativly + # because of already defined + logger.level.core.weechat = 0; + logger.level.irc = 3; + logger.level.python = 3; + weechat.bar.title.color_bg = 0; + weechat.bar.status.color_bg = 0; + alias.cmd.reload = "exec -oc cat /etc/weechat.set"; + script.scripts.download_enabled = true; + weechat.look.prefix_align = "left"; + weechat.look.prefix_align_max = 20; + irc.look.server_buffer = "independent"; + matrix.look.server_buffer = "independent"; + weechat.bar.buflist.size_max = 20; + weechat.color.chat_nick_colors = [ + 1 2 3 4 5 6 9 + 10 11 12 13 14 + 28 29 + 30 31 32 33 34 35 36 37 38 39 + 70 + 94 + 101 102 103 104 105 106 107 + 130 131 133 134 135 136 137 + 140 141 142 143 + 160 161 162 163 165 166 167 168 169 + 170 171 172 173 174 175 + 196 197 198 199 + 200 201 202 203 204 205 206 208 209 209 + 210 211 212 + ]; + }; + extraCommands = '' + /script upgrade + /script install go.py + /script install nickregain.pl + /script install autosort.py + /key bind meta-q /go + /key bind meta-t /bar toggle nicklist + /key bind meta-y /bar toggle buflist + /filter addreplace irc_smart * irc_smart_filter * + /filter addreplace playlist_topic irc.*.#the_playlist irc_topic * + /filter addreplace xxx_joinpart irc.r.#xxx irc_join,irc_part,irc_quit * + /set logger.level.irc.news 0 + /set logger.level.python.server.nixos_dev = 0; + /set logger.level.irc.hackint.#the_playlist = 0; + /connect bitlbee + /connect r + /connect news + /connect libera + /connect hackint + /matrix connect nixos_dev + /matrix connect lassulus + ''; + files."sec.conf" = toString (pkgs.writeText "sec.conf" '' + [crypt] + cipher = aes256 + hash_algo = sha256 + passphrase_command = "cat $CREDENTIALS_DIRECTORY/WEECHAT_PASSPHRASE" + salt = on + + [data] + __passphrase__ = on + hackint_sasl = "5CA242E92E7A09B180711B50C4AE2E65C42934EB4E584EC82BC1281D8C72CD411D590C16CC435687C0DA13759873CC" + libera_sasl = "9500B5AC3B29F9CAA273F1B89DC99550E038AF95C4B47442B1FB4CB9F0D6B86B26015988AD39E642CA9C4A78DED7F42D1F409B268C93E778" + r_sasl = "CB6FB1421ED5A9094CD2C05462DB1FA87C4A675628ABD9AEC9928A1A6F3F96C07D9F26472331BAF80B7B73270680EB1BBEFD" + c3-gsm = "C49DD845900CFDFA93EEBCE4F1ABF4A963EF6082B7DA6410FA701CC77A04BB6C201FCB864988C4F2B97ED7D44D5A28F162" + matrix.server.nixos_dev.access_token = "C40FE41B9B7B73553D51D8FCBD53871E940FE7FCCAB543E7F4720A924B8E1D58E2B1E1F460F5476C954A223F78CCB956337F6529159C0ECD7CB0384C13CB7170FF1270A577B1C4FF744D20FCF5C708259896F8D9" + bitlbee = "814ECAC59D9CF6E8340B566563E5D7E92AB92209B49C1EDE4CAAC32DD0DF1EC511D97C75E840C45D69BB9E3D03E79C" + matrix_lassulus = "0CA5C0F70A9F893881370F4A665B4CC40FBB1A41E53BC94916CD92B029103528611EC0B390116BE60FA79AE10F486E96E17B0824BE2DE1C97D87B88F5407330DAD70C044147533C36B09B7030CAD97" + ''); + }; + }; + +in { + users.users.mainUser.packages = [ + weechat-configured + ]; + environment.etc."weechat.set".source = "${weechat-configured}/weechat.set"; + systemd.tmpfiles.rules = [ + "d /var/state/weechat_logs 0700 lass users -" + "d /var/state/weechat 0700 lass users -" + "d /var/state/weechat_cfg 0700 lass users -" + "L+ /home/lass/.local/share/weechat - - - - ../../../../var/state/weechat" + "L+ /home/lass/.config/weechat - - - - ../../../../var/state/weechat_cfg" + ]; + + systemd.services.weechat = { + wantedBy = [ "multi-user.target" ]; + restartIfChanged = false; + serviceConfig = { + User = "lass"; + RemainAfterExit = true; + Type = "oneshot"; + LoadCredential = [ + "WEECHAT_PASSPHRASE:${toString }/weechat_passphrase" + ]; + ExecStart = "${pkgs.tmux}/bin/tmux -2 new-session -d -s IM ${weechat-configured}/bin/weechat"; + ExecStop = "${pkgs.tmux}/bin/tmux kill-session -t IM"; # TODO run save in weechat + }; + }; +} diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index 6571461ca..a7b0c372c 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -1,6 +1,17 @@ { config, lib, pkgs, ... }: { - environment.systemPackages = [ pkgs.fzf ]; + environment.systemPackages = with pkgs; [ + atuin + direnv + fzf + ]; + environment.variables.ATUIN_CONFIG_DIR = toString (pkgs.writeTextDir "/config.toml" '' + auto_sync = true + update_check = false + sync_address = "http://green.r:8888" + sync_frequency = 0 + style = "compact" + ''); programs.zsh = { enable = true; shellInit = '' @@ -12,27 +23,9 @@ setopt autocd extendedglob bindkey -e - #history magic - bindkey "" up-line-or-local-history - bindkey "" down-line-or-local-history - up-line-or-local-history() { - zle set-local-history 1 - zle up-line-or-history - zle set-local-history 0 - } - zle -N up-line-or-local-history - down-line-or-local-history() { - zle set-local-history 1 - zle down-line-or-history - zle set-local-history 0 - } - zle -N down-line-or-local-history - - setopt SHARE_HISTORY - setopt HIST_IGNORE_ALL_DUPS - # setopt inc_append_history - bindkey '^R' history-incremental-search-backward + # # setopt inc_append_history + # bindkey '^R' history-incremental-search-backward #C-x C-e open line in editor autoload -z edit-command-line @@ -43,6 +36,13 @@ source ${pkgs.fzf}/share/fzf/completion.zsh source ${pkgs.fzf}/share/fzf/key-bindings.zsh + # atuin distributed shell history + export ATUIN_NOBIND="true" # disable all keybdinings of atuin + eval "$(atuin init zsh)" + bindkey '^r' _atuin_search_widget # bind ctrl+r to atuin + # use zsh only session history + fc -p + #completion magic autoload -Uz compinit compinit @@ -65,13 +65,11 @@ bindkey "[8~" end-of-line bindkey "Oc" emacs-forward-word bindkey "Od" emacs-backward-word + + # direnv integration + eval "$(${pkgs.direnv}/bin/direnv hook zsh)" ''; promptInit = '' - # TODO: figure out why we need to set this here - HISTSIZE=900001 - HISTFILESIZE=$HISTSIZE - SAVEHIST=$HISTSIZE - autoload -U promptinit promptinit diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 3a0b1306c..42efa8cd6 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -15,5 +15,6 @@ _: ./xjail.nix ./autowifi.nix ./browsers.nix + ./sync-containers3.nix ]; } diff --git a/lass/3modules/sync-containers3.nix b/lass/3modules/sync-containers3.nix new file mode 100644 index 000000000..1371d5233 --- /dev/null +++ b/lass/3modules/sync-containers3.nix @@ -0,0 +1,313 @@ +{ config, lib, pkgs, ... }: let + cfg = config.lass.sync-containers3; + slib = pkgs.stockholm.lib; +in { + options.lass.sync-containers3 = { + inContainer = { + enable = lib.mkEnableOption "container config for syncing"; + pubkey = lib.mkOption { + type = lib.types.str; # TODO ssh key + }; + }; + containers = lib.mkOption { + default = {}; + type = lib.types.attrsOf (lib.types.submodule ({ config, ... }: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = config._module.args.name; + }; + sshKey = lib.mkOption { + type = slib.types.absolute-pathname; + }; + luksKey = lib.mkOption { + type = slib.types.absolute-pathname; + default = config.sshKey; + }; + ephemeral = lib.mkOption { + type = lib.types.bool; + default = false; + }; + }; + })); + }; + }; + config = lib.mkMerge [ + (lib.mkIf (cfg.containers != {}) { + + containers = lib.mapAttrs' (n: ctr: lib.nameValuePair ctr.name { + config = { + environment.systemPackages = [ + pkgs.dhcpcd + pkgs.git + pkgs.jq + ]; + networking.useDHCP = lib.mkForce true; + systemd.services.autoswitch = { + environment = { + NIX_REMOTE = "daemon"; + }; + wantedBy = [ "multi-user.target" ]; + serviceConfig.ExecStart = pkgs.writers.writeDash "autoswitch" '' + set -efu + ln -frs /var/state/var_src /var/src + if test -e /var/src/nixos-config; then + /run/current-system/sw/bin/nixos-rebuild -I /var/src switch || : + fi + ''; + unitConfig.X-StopOnRemoval = false; + }; + }; + autoStart = false; + enableTun = true; + ephemeral = ctr.ephemeral; + privateNetwork = true; + hostBridge = "ctr0"; + bindMounts = { + "/etc/resolv.conf".hostPath = "/etc/resolv.conf"; + "/var/lib/self/disk" = { + hostPath = "/var/lib/sync-containers3/${ctr.name}/disk"; + isReadOnly = false; + }; + "/var/state" = { + hostPath = "/var/lib/sync-containers3/${ctr.name}/state"; + isReadOnly = false; + }; + }; + }) cfg.containers; + + systemd.services = lib.foldr lib.recursiveUpdate {} (lib.flatten (map (ctr: [ + { "${ctr.name}_syncer" = { + path = with pkgs; [ + coreutils + consul + rsync + openssh + systemd + ]; + startAt = "*:0/1"; + serviceConfig = { + User = "${ctr.name}_container"; + LoadCredential = [ + "ssh_key:${ctr.sshKey}" + ]; + ExecCondition = pkgs.writers.writeDash "${ctr.name}_checker" '' + set -efu + ! systemctl is-active --quiet container@${ctr.name}.service + ''; + ExecStart = pkgs.writers.writeDash "${ctr.name}_syncer" '' + set -efux + consul lock sync_${ctr.name} ${pkgs.writers.writeDash "${ctr.name}-sync" '' + set -efux + if /run/wrappers/bin/ping -c 1 ${ctr.name}.r; then + touch "$HOME"/incomplete + rsync -a -e "ssh -i $CREDENTIALS_DIRECTORY/ssh_key" --inplace container_sync@${ctr.name}.r:disk "$HOME"/disk + rm "$HOME"/incomplete + fi + ''} + ''; + }; + }; } + { "${ctr.name}_watcher" = { + path = with pkgs; [ + coreutils + consul + cryptsetup + curl + mount + util-linux + jq + retry + ]; + serviceConfig = { + ExecStart = pkgs.writers.writeDash "${ctr.name}_watcher" '' + set -efux + while sleep 5; do + # get the payload + # check if the host reacted recently + case $(curl -s -o /dev/null --retry 10 --retry-delay 10 -w '%{http_code}' http://127.0.0.1:8500/v1/kv/containers/${ctr.name}) in + 404) + echo 'got 404 from kv, should kill the container' + break + ;; + 500) + echo 'got 500 from kv, will kill container' + break + ;; + 200) + # echo 'got 200 from kv, will check payload' + export payload=$(consul kv get containers/${ctr.name}) + if [ "$(jq -rn 'env.payload | fromjson.host')" = '${config.networking.hostName}' ]; then + # echo 'we are the host, trying to reach container' + if $(retry -t 10 -d 10 -- /run/wrappers/bin/ping -q -c 1 ${ctr.name}.r > /dev/null); then + # echo 'container is reachable, continueing' + continue + else + # echo 'container seems dead, killing' + break + fi + else + echo 'we are not host, killing container' + break + fi + ;; + *) + echo 'unknown state, continuing' + continue + ;; + esac + done + /run/current-system/sw/bin/nixos-container stop ${ctr.name} || : + umount /var/lib/sync-containers3/${ctr.name}/state || : + cryptsetup luksClose ${ctr.name} || : + ''; + }; + }; } + { "${ctr.name}_scheduler" = { + wantedBy = [ "multi-user.target" ]; + path = with pkgs; [ + coreutils + consul + cryptsetup + mount + util-linux + curl + systemd + jq + retry + bc + ]; + serviceConfig = { + Restart = "always"; + RestartSec = "30s"; + ExecStart = pkgs.writers.writeDash "${ctr.name}_scheduler" '' + set -efux + # get the payload + # check if the host reacted recently + case $(curl -s -o /dev/null --retry 10 -w '%{http_code}' http://127.0.0.1:8500/v1/kv/containers/${ctr.name}) in + 404) + # echo 'got 404 from kv, will create container' + ;; + 500) + # echo 'got 500 from kv, retrying again' + exit 0 + ;; + 200) + # echo 'got 200 from kv, will check payload' + export payload=$(consul kv get containers/${ctr.name}) + if [ "$(jq -rn 'env.payload | fromjson.host')" = '${config.networking.hostName}' ]; then + echo 'we are the host, starting container' + else + # echo 'we are not host, checking timestamp' + # if [ $(echo "$(date +%s) - $(jq -rn 'env.payload | fromjson.time') > 100" | bc) -eq 1 ]; then + if [ "$(jq -rn 'env.payload | fromjson.time | now - tonumber > 100')" = 'true' ]; then + echo 'last beacon is more than 100s ago, taking over' + else + # echo 'last beacon was recent. trying again' + exit 0 + fi + fi + ;; + *) + echo 'unknown state, bailing out' + exit 0 + ;; + esac + if test -e /var/lib/sync-containers3/${ctr.name}/incomplete; then + echo 'data is inconistent, start aborted' + exit 1 + fi + consul kv put containers/${ctr.name} "$(jq -cn '{host: "${config.networking.hostName}", time: now}')" >/dev/null + consul lock -verbose -monitor-retry=100 -timeout 30s -name container_${ctr.name} container_${ctr.name} ${pkgs.writers.writeBash "${ctr.name}-start" '' + set -efu + cryptsetup luksOpen --key-file ${ctr.luksKey} /var/lib/sync-containers3/${ctr.name}/disk ${ctr.name} || : + mkdir -p /var/lib/sync-containers3/${ctr.name}/state + mountpoint /var/lib/sync-containers3/${ctr.name}/state || mount /dev/mapper/${ctr.name} /var/lib/sync-containers3/${ctr.name}/state + /run/current-system/sw/bin/nixos-container start ${ctr.name} + # wait for system to become reachable for the first time + retry -t 10 -d 10 -- /run/wrappers/bin/ping -q -c 1 ${ctr.name}.r > /dev/null + systemctl start ${ctr.name}_watcher.service + while systemctl is-active container@${ctr.name}.service >/devnull && /run/wrappers/bin/ping -q -c 3 ${ctr.name}.r >/dev/null; do + consul kv put containers/${ctr.name} "$(jq -cn '{host: "${config.networking.hostName}", time: now}')" >/dev/null + sleep 10 + done + ''} + ''; + }; + }; } + ]) (lib.attrValues cfg.containers))); + + systemd.timers = lib.mapAttrs' (n: ctr: lib.nameValuePair "${ctr.name}_syncer" { + timerConfig = { + RandomizedDelaySec = 100; + }; + }) cfg.containers; + + users.groups = lib.mapAttrs' (_: ctr: lib.nameValuePair "${ctr.name}_container" { + }) cfg.containers; + users.users = lib.mapAttrs' (_: ctr: lib.nameValuePair "${ctr.name}_container" ({ + group = "container_${ctr.name}"; + isNormalUser = true; + uid = slib.genid_uint31 "container_${ctr.name}"; + home = "/var/lib/sync-containers3/${ctr.name}"; + createHome = true; + homeMode = "705"; + })) cfg.containers; + + }) + (lib.mkIf (cfg.containers != {}) { + # networking + networking.networkmanager.unmanaged = [ "ctr0" ]; + networking.interfaces.dummy0.virtual = true; + networking.bridges.ctr0.interfaces = [ "dummy0" ]; + networking.interfaces.ctr0.ipv4.addresses = [{ + address = "10.233.0.1"; + prefixLength = 24; + }]; + systemd.services."dhcpd-ctr0" = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + Type = "forking"; + Restart = "always"; + DynamicUser = true; + StateDirectory = "dhcpd-ctr0"; + User = "dhcpd-ctr0"; + Group = "dhcpd-ctr0"; + AmbientCapabilities = [ + "CAP_NET_RAW" # to send ICMP messages + "CAP_NET_BIND_SERVICE" # to bind on DHCP port (67) + ]; + ExecStartPre = "${pkgs.coreutils}/bin/touch /var/lib/dhcpd-ctr0/dhcpd.leases"; + ExecStart = "${pkgs.dhcp}/bin/dhcpd -4 -lf /var/lib/dhcpd-ctr0/dhcpd.leases -cf ${pkgs.writeText "dhpd.conf" '' + default-lease-time 600; + max-lease-time 7200; + authoritative; + ddns-update-style interim; + log-facility local1; # see dhcpd.nix + + option subnet-mask 255.255.255.0; + option routers 10.233.0.1; + # option domain-name-servers 8.8.8.8; # TODO configure dns server + subnet 10.233.0.0 netmask 255.255.255.0 { + range 10.233.0.10 10.233.0.250; + } + ''} ctr0"; + }; + }; + }) + (lib.mkIf cfg.inContainer.enable { + users.groups.container_sync = {}; + users.users.container_sync = { + group = "container_sync"; + uid = slib.genid_uint31 "container_sync"; + isNormalUser = true; + home = "/var/lib/self"; + createHome = true; + openssh.authorizedKeys.keys = [ + cfg.inContainer.pubkey + ]; + }; + }) + ]; +} diff --git a/lass/5pkgs/weechat-matrix/default.nix b/lass/5pkgs/weechat-matrix/default.nix new file mode 100644 index 000000000..40848caaa --- /dev/null +++ b/lass/5pkgs/weechat-matrix/default.nix @@ -0,0 +1,80 @@ +{ python3Packages +, lib +, fetchFromGitHub +}: + +with python3Packages; + +let + scriptPython = python.withPackages (ps: with ps; [ + aiohttp + requests + python_magic + ]); + + version = "lassulus-fork"; +in python3Packages.buildPythonPackage { + pname = "weechat-matrix"; + inherit version; + + src = fetchFromGitHub { + owner = "poljar"; + repo = "weechat-matrix"; + rev = version; + hash = "sha256-o4kgneszVLENG167nWnk2FxM+PsMzi+PSyMUMIktZcc="; + }; + # src = ./weechat-matrix; + + propagatedBuildInputs = [ + pyopenssl + webcolors + future + atomicwrites + attrs + Logbook + pygments + matrix-nio + aiohttp + requests + ]; + + passthru.scripts = [ "matrix.py" ]; + + dontBuild = true; + doCheck = false; + + format = "other"; + + installPhase = '' + mkdir -p $out/share $out/bin + cp main.py $out/share/matrix.py + + cp contrib/matrix_upload.py $out/bin/matrix_upload + cp contrib/matrix_decrypt.py $out/bin/matrix_decrypt + cp contrib/matrix_sso_helper.py $out/bin/matrix_sso_helper + substituteInPlace $out/bin/matrix_upload \ + --replace '/usr/bin/env -S python3' '${scriptPython}/bin/python' + substituteInPlace $out/bin/matrix_sso_helper \ + --replace '/usr/bin/env -S python3' '${scriptPython}/bin/python' + substituteInPlace $out/bin/matrix_decrypt \ + --replace '/usr/bin/env python3' '${scriptPython}/bin/python' + + mkdir -p $out/${python.sitePackages} + cp -r matrix $out/${python.sitePackages}/matrix + ''; + + dontPatchShebangs = true; + postFixup = '' + addToSearchPath program_PYTHONPATH $out/${python.sitePackages} + patchPythonScript $out/share/matrix.py + substituteInPlace $out/${python.sitePackages}/matrix/server.py --replace \"matrix_sso_helper\" \"$out/bin/matrix_sso_helper\" + ''; + + meta = with lib; { + description = "A Python plugin for Weechat that lets Weechat communicate over the Matrix protocol"; + homepage = "https://github.com/poljar/weechat-matrix"; + license = licenses.isc; + platforms = platforms.unix; + maintainers = with maintainers; [ tilpner emily ]; + }; +} diff --git a/lib/types.nix b/lib/types.nix index f312b734b..0e0e093fb 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -58,6 +58,14 @@ rec { default = false; }; + consul = mkOption { + description = '' + Whether the host is a member of the global consul network + ''; + type = bool; + default = false; + }; + owner = mkOption { type = user; };