Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'lass/master'

Browse Source
This commit is contained in:
makefu 2022-01-03 00:47:24 +01:00
commit 2313e962e2
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
13 changed files with 414 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
krebs/1systems/hotdog/config.nix
View File

@ -7,10 +7,11 @@
<stockholm/krebs/2configs/buildbot-stockholm.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/ircd.nix>
<stockholm/krebs/2configs/ergo.nix>
<stockholm/krebs/2configs/reaktor2.nix>
<stockholm/krebs/2configs/wiki.nix>
<stockholm/krebs/2configs/acme.nix>
<stockholm/krebs/2configs/mud.nix>
## shackie irc bot
<stockholm/krebs/2configs/shack/reaktor.nix>

171
krebs/2configs/mud.nix Normal file
View File

@ -0,0 +1,171 @@
{ config, lib, pkgs, ... }: let
mud = pkgs.writers.writeDashBin "mud" ''
set -efux
MUD_NICKNAME=''${MUD_NICKNAME:-$(head -1 /dev/urandom | md5sum | cut -c -2)}
MUD_SERVER=''${MUD_SERVER:-127.0.0.1}
MUD_PORT=''${MUD_PORT:-8080}
if $(${pkgs.netcat-openbsd}/bin/nc -z "$MUD_SERVER" "$MUD_PORT"); then
${nvim}/bin/nvim \
+"let g:instant_username = \"$MUD_NICKNAME\"" \
+":InstantJoinSession $MUD_SERVER $MUD_PORT" \
"$@"
else
${nvim}/bin/nvim \
+"let g:instant_username = \"$MUD_NICKNAME\"" \
+":InstantStartServer $MUD_SERVER $MUD_PORT" \
+":InstantStartSession $MUD_SERVER $MUD_PORT" \
"$@"
fi
'';
nvim = pkgs.neovim.override {
# vimAlias = true;
configure = {
customRC = vimrc;
packages.myPlugins = with pkgs.vimPlugins; {
start = [
vim-surround # Shortcuts for setting () {} etc.
# coc-nvim coc-git coc-highlight coc-python coc-rls coc-vetur coc-vimtex coc-yaml coc-html coc-json # auto completion
vim-nix # nix highlight
fzf-vim # fuzzy finder through vim
nerdtree # file structure inside nvim
rainbow # Color parenthesis
customPlugins.hack-color
customPlugins.instant
];
opt = [];
};
};
};
vimrc = /* vim */ ''
set nocompatible
set autoindent
set backspace=indent,eol,start
set backup
set backupdir=$HOME/.cache/nvim/backup/
set directory=$HOME/.cache/nvim/swap"//
set hlsearch
set incsearch
set mouse=a
set ruler
set pastetoggle=<INS>
set shortmess+=I
set showcmd
set showmatch
set ttimeoutlen=0
set undodir=$HOME/.cache/nvim/undo
set undofile
set undolevels=1000000
set undoreload=1000000
set viminfo='20,<1000,s100,h,n$HOME/.cache/nvim/info
set visualbell
set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o
set wildmenu
set wildmode=longest,full
set title
set titleold=
set titlestring=(vim)\ %t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername}
set et ts=2 sts=2 sw=2
filetype plugin indent on
set t_Co=256
colorscheme hack
syntax on
au Syntax * syn match Garbage containedin=ALL /\s\+$/
\ | syn match TabStop containedin=ALL /\t\+/
\ | syn keyword Todo containedin=ALL TODO
au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
nmap <esc>q :buffer
nmap <M-q> :buffer
cnoremap <C-A> <Home>
noremap <C-c> :q<cr>
vnoremap < <gv
vnoremap > >gv
nnoremap <f1> :tabp<cr>
nnoremap <f2> :tabn<cr>
inoremap <f1> <esc>:tabp<cr>
inoremap <f2> <esc>:tabn<cr>
'';
customPlugins = {
instant = pkgs.vimUtils.buildVimPlugin {
name = "instant";
src = pkgs.fetchFromGitHub {
owner = "jbyuki";
repo = "instant.nvim";
rev = "c02d72267b12130609b7ad39b76cf7f4a3bc9554";
sha256 = "sha256-7Pr2Au/oGKp5kMXuLsQY4BK5Wny9L1EBdXtyS5EaZPI=";
};
};
hack-color = (rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
name = "hack";
in {
name = "vim-color-${name}-1.0.2";
destination = "/colors/${name}.vim";
text = /* vim */ ''
set background=dark
hi clear
if exists("syntax_on")
syntax clear
endif
let colors_name = ${builtins.toJSON name}
hi Normal ctermbg=016
hi Comment ctermfg=255
hi Constant ctermfg=229
hi Identifier ctermfg=123
hi Function ctermfg=041
hi Statement ctermfg=167
hi PreProc ctermfg=167
hi Type ctermfg=046
hi Delimiter ctermfg=251
hi Special ctermfg=146
hi Garbage ctermbg=124
hi TabStop ctermbg=020
hi NBSP ctermbg=056
hi NarrowNBSP ctermbg=097
hi Todo ctermfg=174 ctermbg=NONE
hi NixCode ctermfg=190
hi NixData ctermfg=149
hi NixQuote ctermfg=119
hi diffNewFile ctermfg=207
hi diffFile ctermfg=207
hi diffLine ctermfg=207
hi diffSubname ctermfg=207
hi diffAdded ctermfg=010
hi diffRemoved ctermfg=009
'';
}));
};
in {
users.users.mud = {
isNormalUser = true;
openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
makefu.pubkey
kmein.pubkey
tv.pubkey
];
packages = with pkgs; [
tmux
(pkgs.writers.writeDashBin "instant_server" ''
find ${customPlugins.instant}
find ${customPlugins.instant.src}
'')
mud
];
};
}

53
krebs/3modules/ergo.nix
View File

@ -6,6 +6,7 @@
type = (pkgs.formats.json {}).type;
description = ''
Ergo IRC daemon configuration file.
https://raw.githubusercontent.com/ergochat/ergo/master/default.yaml
'';
default = {
network = {
@ -34,19 +35,34 @@
};
};
datastore = {
autoupgrade = true;
path = "/var/lib/ergo/ircd.db";
};
accounts = {
authentication-enabled = true;
registration = {
enabled = true;
email-verification = {
enabled = false;
allow-before-connect = true;
throttling = {
enabled = true;
duration = "10m";
max-attempts = 30;
};
bcrypt-cost = 4;
email-verification.enabled = false;
};
multiclient = {
enabled = true;
allowed-by-default = true;
always-on = "opt-in";
auto-away = "opt-in";
};
};
channels = {
default-modes = "+nt";
default-modes = "+ntC";
registration = {
enabled = true;
};
};
limits = {
nicklen = 32;
@ -56,6 +72,31 @@
kicklen = 390;
topiclen = 390;
};
history = {
enabled = true;
channel-length = 2048;
client-length = 256;
autoresize-window = "3d";
autoreplay-on-join = 0;
chathistory-maxmessages = 100;
znc-maxmessages = 2048;
restrictions = {
expire-time = "1w";
query-cutoff = "none";
grace-period = "1h";
};
retention = {
allow-individual-delete = false;
enable-account-indexing = false;
};
tagmsg-storage = {
default = false;
whitelist = [
"+draft/react"
"+react"
];
};
};
};
};
};
@ -64,13 +105,17 @@
cfg = config.krebs.ergo;
configFile = pkgs.writeJSON "ergo.conf" cfg.config;
in lib.mkIf cfg.enable ({
environment.etc."ergo.yaml".source = configFile;
krebs.ergo.config =
lib.mapAttrsRecursive (_: lib.mkDefault) options.krebs.ergo.config.default;
systemd.services.ergo = {
description = "Ergo IRC daemon";
wantedBy = [ "multi-user.target" ];
reloadIfChanged = true;
restartTriggers = [ configFile ];
serviceConfig = {
ExecStart = "${pkgs.ergo}/bin/ergo run --conf ${configFile}";
ExecStart = "${pkgs.ergo}/bin/ergo run --conf /etc/ergo.yaml";
ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID";
DynamicUser = true;
StateDirectory = "ergo";
};

4
krebs/3modules/external/default.nix vendored
View File

@ -253,12 +253,12 @@ in {
};
};
pinpox-ahorn = {
ahorn = {
owner = config.krebs.users.pinpox;
nets = {
retiolum = {
ip4.addr = "10.243.100.100";
aliases = [ "pinpox-ahorn.r" ];
aliases = [ "ahorn.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAyfCuWUYEqp4vEt+a6DRvFpIrBu+GlkpNs/mE4OHzATQLNnWooOXQ

8
krebs/3modules/external/mic92.nix vendored
View File

@ -173,7 +173,7 @@ in {
};
retiolum = {
via = internet;
aliases = [ "eve.r" ];
aliases = [ "eve.r" "tts.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH
@ -300,6 +300,11 @@ in {
};
yasmin = {
owner = config.krebs.users.mic92;
nets.internet = {
ip4.addr = "131.159.102.7";
ip6.addr = "2a09:80c0:102::7";
aliases = [ "yasmin.i" ];
};
nets.retiolum = {
ip4.addr = "10.243.29.197";
aliases = [
@ -674,7 +679,6 @@ in {
owner = config.krebs.users.mic92;
nets = rec {
retiolum = {
ip4.addr = "10.243.29.169";
aliases = [ "bernie.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----

3
krebs/3modules/external/ssh/kmein.pub vendored
View File

@ -1 +1,2 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC19H0FhSNWcfBRPKzbTVSMJikIWZl0CoM8zCm+/3fdMgoaLRpeZWe/AfDK6b4qOjk/sez/J0JUFCGr+JbMwjsduoazsuQowu9L9DLP9Q5UkJje4BD7MHznaeu9/XfVng/MvyaEWArA/VUJeKQesHe76tR511/+n3+bdzlIh8Zw/3wfFxmg1OTNA99/vLkXrQzHDTuV/yj1pxykL4xFtN0OIssW1IKncJeKtkO/OHGT55ypz52Daj6bNKqvxiTuzeEhv5M+5ppyIPcRf1uj/7IaPKttCgZAntEqBTIR9MbyXFeAZVayzaFnLl2okeam5XreeZbj+Y1h2ZjxiIuWoab3MLndSekVfLtfa63gtcWIf8CIvZO2wJoH8v73y0U78JsfWVaTM09ZCfFlHHA/bWqZ6laAjW+mWLO/c77DcYkB3IBzaMVNfc6mfTcGFIC+biWeYpKgA0zC6rByUPbmbIoMueP9zqJwqUaM90Nwd6559inBB107/BK3Ktb3b+37mMCstetIPB9e4EFpGMjhmnL/G81jS53ACWLXJYzt7mKU/fEsiW93MtaB+Le46OEC18y/4G8F7p/nnH7i0kO74ukxbnc4PlpiM7iWT6ra2Cyy+nzEgdXCNXywIxr05TbCQDwX6/NY8k7Hokgdfyz+1Pq3sX0yCcWRPaoB26YF12KYFQ== kieran.meinhardt@gmail.com
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyTnGhFq0Q+vghNhrqNrAyY+CsN7nNz8bPfiwIwNpjk
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOiQEc8rTr7C7xVLYV7tQ99BDDBLrJsy5hslxtCEatkB

1
krebs/3modules/krebs/default.nix
View File

@ -92,6 +92,7 @@ in {
h5ZUzfd1r1pTzQ0nYD5aRtlDd7zP7y5tUwIDAQAB
-----END RSA PUBLIC KEY-----
'';
tinc.pubkey_ed25519 = "ugy/sGReVro3YzjDuroV/5hdeBdqD18no9dMhTy9DYL";
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;

22
krebs/3modules/systemd.nix
View File

@ -5,18 +5,18 @@
default = {};
type = lib.types.attrsOf (lib.types.submodule {
options = {
ifCredentialsChange = lib.mkOption {
default = "restart";
restartIfCredentialsChange = lib.mkOption {
# Enabling this by default only makes sense here as the user already
# bothered to write down krebs.systemd.services.* = {}. If this
# functionality gets upstreamed to systemd.services, restarting
# should be disabled by default.
default = true;
description = ''
Whether to reload or restart the service whenever any its
credentials change. Only credentials with an absolute path in
LoadCredential= are supported.
Whether to restart the service whenever any of its credentials
change. Only credentials with an absolute path in LoadCredential=
are supported.
'';
type = lib.types.enum [
"reload"
"restart"
null
];
type = lib.types.bool;
};
};
});
@ -40,7 +40,7 @@
lib.nameValuePair "trigger-${lib.systemd.encodeName serviceName}" {
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.systemd}/bin/systemctl ${cfg.ifCredentialsChange} ${lib.shell.escape serviceName}";
ExecStart = "${pkgs.systemd}/bin/systemctl restart ${lib.shell.escape serviceName}";
};
}
) config.krebs.systemd.services;

15
krebs/3modules/tinc.nix
View File

@ -222,12 +222,6 @@ with import <stockholm/lib>;
nameValuePair netname {}
) config.krebs.tinc;
environment.etc = mapAttrs' (netname: cfg:
nameValuePair "tinc/${netname}" {
source = cfg.confDir;
}
) config.krebs.tinc;
krebs.systemd.services = mapAttrs (netname: cfg: {
}) config.krebs.tinc;
@ -239,8 +233,6 @@ with import <stockholm/lib>;
cfg.iproutePackage
cfg.tincPackage
];
reloadIfChanged = true;
restartTriggers = [ cfg.confDir ];
serviceConfig = {
Restart = "always";
LoadCredential = filter (x: x != "") [
@ -249,6 +241,13 @@ with import <stockholm/lib>;
)
"rsa_key:${cfg.privkey}"
];
ExecStartPre = pkgs.writers.writeDash "init-tinc-${netname}" ''
${pkgs.coreutils}/bin/mkdir -p /etc/tinc
${pkgs.rsync}/bin/rsync -vaL --delete \
--chown ${cfg.user.name} \
--chmod u=rwX,g=rX \
${cfg.confDir}/ /etc/tinc/${netname}/
'';
ExecStart = toString [
"${cfg.tincPackage}/sbin/tincd"
"-D"

4
krebs/5pkgs/simple/ircaids/default.nix
View File

@ -2,12 +2,12 @@
stdenv.mkDerivation rec {
pname = "ircaids";
version = "1.2.0";
version = "1.3.0";
src = pkgs.fetchgit {
url = "https://cgit.krebsco.de/ircaids";
rev = "refs/tags/${version}";
sha256 = "049ln54llfrn99q0pzwlb7iaz4igd4f3n4rb6mpc9irsy32bv3qg";
sha256 = "128ryfl0prpc1789hhqw2mq16zy3jd82a24k6hkw7nj71hifzr3a";
};
buildPhase = null;

153
krebs/5pkgs/simple/weechat-declarative/default.nix Normal file
View File

@ -0,0 +1,153 @@
{ pkgs, lib, ... }@args:
let
# config cannot be declared in the input attribute set because that would
# cause callPackage to inject the wrong config. Instead, get it from ...
# via args.
config = args.config or {};
lib = args.lib // rec {
attrPaths = let
recurse = path: value:
if builtins.isAttrs value then
lib.mapAttrsToList (name: recurse (path ++ [ name ])) value
else [ (lib.nameValuePair path value) ];
in attrs: lib.flatten (recurse [] attrs);
attrPathsSep = sep: attrs: lib.listToAttrs (map (x: x // { name = lib.concatStringsSep sep x.name; }) (attrPaths attrs));
toWeechatValue = x: {
bool = builtins.toJSON x;
string = x;
list = lib.concatMapStringsSep "," toWeechatValue x;
int = toString x;
}.${builtins.typeOf x};
setCommand = name: value: "/set ${name} \"${toWeechatValue value}\"";
filterAddreplace = name: filter:
"/filter addreplace ${name} ${filter.buffer} ${toWeechatValue filter.tags} ${filter.regex}";
};
cfg = eval.config;
eval = lib.evalModules {
modules = lib.singleton {
_file = toString ./weechat-declarative.nix;
imports = lib.singleton config;
options = {
scripts = lib.mkOption {
type = lib.types.listOf lib.types.package;
default = [];
description = ''
some stuff from pkgs.weechatScripts
'';
};
settings = lib.mkOption {
type = (pkgs.formats.json {}).type;
description = ''
your weechat config in nix-style syntax.
secrets can be defined with \''${my.secret.value}
'';
default = {};
example = {
irc.server_default.nicks = "rick_\\\${sec.data.foo}";
irc.server_default.msg_part = "ciao kakao";
irc.server_default.msg_quit = "tschö mit \\\${sec.data.foo}";
irc.look.color_nicks_in_nicklist = true;
matrix.server.nibbana = {
address = "nibbana.jp";
};
irc.server.hackint = {
address = "irc.hackint.org/6697";
ssl = true;
autoconnect = true;
autojoin = [ "#krebs" ];
};
weechat.bar.buflist.hidden = true;
irc.server.hackint.command = lib.concatStringsSep "\\;" [
"/msg nickserv IDENTIFY \\\${sec.data.hackint_password}"
"/msg nickserv SET CLOAK ON"
];
filters.playlist_topic = {
buffer = "irc.*.#the_playlist";
tags = [ "irc_topic" ];
regex = "*";
};
relay = {
port.weechat = 9000;
network.password = "hunter2";
};
alias.cmd.mod = "quote omode $channel +o $nick";
secure.test.passphrase_command = "echo lol1234123124";
};
};
extraCommands = lib.mkOption {
type = lib.types.lines;
default = "";
};
files = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
default = {};
example = lib.literalExpression ''
{
"sec.conf" = toString (pkgs.writeText "sec.conf" '''
[crypt]
cipher = aes256
hash_algo = sha256
passphrase_command = ""
salt = on
[data]
__passphrase__ = off
foo = "bar"
''');
}
'';
};
};
};
};
weechat = pkgs.weechat.override {
configure = _: {
init = lib.optionalString (cfg.settings != {})
(lib.concatStringsSep "\n" (
lib.optionals
(cfg.settings.irc or {} != {})
(lib.mapAttrsToList
(name: server: "/server add ${name} ${server.address}")
cfg.settings.irc.server)
++
lib.optionals
(cfg.settings.matrix or {} != {})
(lib.mapAttrsToList
(name: server: "/matrix server add ${name} ${server.address}")
cfg.settings.matrix.server)
++
lib.mapAttrsToList lib.setCommand (lib.attrPathsSep "." cfg.settings)
++
lib.optionals
(cfg.settings.filters or {} != {})
(lib.mapAttrsToList lib.filterAddreplace cfg.settings.filters)
++
lib.singleton cfg.extraCommands
));
scripts = cfg.scripts;
};
};
in pkgs.writers.writeDashBin "weechat" ''
CONFDIR=''${XDG_CONFIG_HOME:-$HOME/.config}/weechat
${pkgs.coreutils}/bin/mkdir -p "$CONFDIR"
${lib.concatStringsSep "\n"
(lib.mapAttrsToList
(name: target: /* sh */ ''
${pkgs.coreutils}/bin/ln -s ${lib.escapeShellArg target} "$CONFDIR"/${lib.escapeShellArg name}
'')
cfg.files
)
}
exec ${weechat}/bin/weechat "$@"
''

8
krebs/nixpkgs-unstable.json
View File

@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
"rev": "ac169ec6371f0d835542db654a65e0f2feb07838",
"date": "2021-12-26T18:43:05+01:00",
"path": "/nix/store/l1qmvpx4pj24ijsm44n64vw2fnl9dpc7-nixpkgs",
"sha256": "0bwjyz15sr5f7z0niwls9127hikp2b6fggisysk0cnk3l6fa8abh",
"rev": "59bfda72480496f32787cec8c557182738b1bd3f",
"date": "2021-12-31T15:09:52+01:00",
"path": "/nix/store/wy2iidg15nwgmn8xir8fbr1lfz1hqphb-nixpkgs",
"sha256": "18akd1chfvniq1q774rigfxgmxwi0wyjljpa1j9ls59szpzr316d",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,

8
krebs/nixpkgs.json
View File

@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
"rev": "d887ac7aee92e8fc54dde9060d60d927afae9d69",
"date": "2021-12-26T21:39:36-05:00",
"path": "/nix/store/6rczi6lazq369qw1hl4mhnx30pi74vjl-nixpkgs",
"sha256": "1bpgfv45b1yvrgpwdgc4fm4a6sav198yd41bsrvlmm3jn2wi6qx5",
"rev": "d1e59cfc49961e121583abe32e2f3db1550fbcff",
"date": "2022-01-01T22:20:39+08:00",
"path": "/nix/store/azrxsxpszjwgg75jk1pkzlzjcj0qnw8d-nixpkgs",
"sha256": "03ldf1dlxqf3g8qh9x5vp6vd9zvvr481fyjds111imll69y60wpm",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,