diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 84eaeaa19..6a51bf45f 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -7,10 +7,11 @@ - + + ## shackie irc bot diff --git a/krebs/2configs/mud.nix b/krebs/2configs/mud.nix new file mode 100644 index 000000000..d5e4c89c1 --- /dev/null +++ b/krebs/2configs/mud.nix @@ -0,0 +1,171 @@ +{ config, lib, pkgs, ... }: let + mud = pkgs.writers.writeDashBin "mud" '' + set -efux + MUD_NICKNAME=''${MUD_NICKNAME:-$(head -1 /dev/urandom | md5sum | cut -c -2)} + MUD_SERVER=''${MUD_SERVER:-127.0.0.1} + MUD_PORT=''${MUD_PORT:-8080} + + if $(${pkgs.netcat-openbsd}/bin/nc -z "$MUD_SERVER" "$MUD_PORT"); then + ${nvim}/bin/nvim \ + +"let g:instant_username = \"$MUD_NICKNAME\"" \ + +":InstantJoinSession $MUD_SERVER $MUD_PORT" \ + "$@" + else + ${nvim}/bin/nvim \ + +"let g:instant_username = \"$MUD_NICKNAME\"" \ + +":InstantStartServer $MUD_SERVER $MUD_PORT" \ + +":InstantStartSession $MUD_SERVER $MUD_PORT" \ + "$@" + fi + ''; + nvim = pkgs.neovim.override { + # vimAlias = true; + configure = { + customRC = vimrc; + packages.myPlugins = with pkgs.vimPlugins; { + start = [ + vim-surround # Shortcuts for setting () {} etc. + # coc-nvim coc-git coc-highlight coc-python coc-rls coc-vetur coc-vimtex coc-yaml coc-html coc-json # auto completion + vim-nix # nix highlight + fzf-vim # fuzzy finder through vim + nerdtree # file structure inside nvim + rainbow # Color parenthesis + customPlugins.hack-color + customPlugins.instant + ]; + opt = []; + }; + }; + }; + vimrc = /* vim */ '' + set nocompatible + + set autoindent + set backspace=indent,eol,start + set backup + set backupdir=$HOME/.cache/nvim/backup/ + set directory=$HOME/.cache/nvim/swap"// + set hlsearch + set incsearch + set mouse=a + set ruler + set pastetoggle= + set shortmess+=I + set showcmd + set showmatch + set ttimeoutlen=0 + set undodir=$HOME/.cache/nvim/undo + set undofile + set undolevels=1000000 + set undoreload=1000000 + set viminfo='20,<1000,s100,h,n$HOME/.cache/nvim/info + set visualbell + set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o + set wildmenu + set wildmode=longest,full + + set title + set titleold= + set titlestring=(vim)\ %t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername} + + set et ts=2 sts=2 sw=2 + + filetype plugin indent on + + set t_Co=256 + colorscheme hack + syntax on + + au Syntax * syn match Garbage containedin=ALL /\s\+$/ + \ | syn match TabStop containedin=ALL /\t\+/ + \ | syn keyword Todo containedin=ALL TODO + + au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile + + nmap q :buffer + nmap :buffer + + cnoremap + + noremap :q + vnoremap < >gv + + nnoremap :tabp + nnoremap :tabn + inoremap :tabp + inoremap :tabn + ''; + customPlugins = { + instant = pkgs.vimUtils.buildVimPlugin { + name = "instant"; + src = pkgs.fetchFromGitHub { + owner = "jbyuki"; + repo = "instant.nvim"; + rev = "c02d72267b12130609b7ad39b76cf7f4a3bc9554"; + sha256 = "sha256-7Pr2Au/oGKp5kMXuLsQY4BK5Wny9L1EBdXtyS5EaZPI="; + }; + }; + hack-color = (rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let + name = "hack"; + in { + name = "vim-color-${name}-1.0.2"; + destination = "/colors/${name}.vim"; + text = /* vim */ '' + set background=dark + hi clear + if exists("syntax_on") + syntax clear + endif + + let colors_name = ${builtins.toJSON name} + + hi Normal ctermbg=016 + hi Comment ctermfg=255 + hi Constant ctermfg=229 + hi Identifier ctermfg=123 + hi Function ctermfg=041 + hi Statement ctermfg=167 + hi PreProc ctermfg=167 + hi Type ctermfg=046 + hi Delimiter ctermfg=251 + hi Special ctermfg=146 + + hi Garbage ctermbg=124 + hi TabStop ctermbg=020 + hi NBSP ctermbg=056 + hi NarrowNBSP ctermbg=097 + hi Todo ctermfg=174 ctermbg=NONE + + hi NixCode ctermfg=190 + hi NixData ctermfg=149 + hi NixQuote ctermfg=119 + + hi diffNewFile ctermfg=207 + hi diffFile ctermfg=207 + hi diffLine ctermfg=207 + hi diffSubname ctermfg=207 + hi diffAdded ctermfg=010 + hi diffRemoved ctermfg=009 + ''; + })); + }; +in { + users.users.mud = { + isNormalUser = true; + openssh.authorizedKeys.keys = with config.krebs.users; [ + lass.pubkey + makefu.pubkey + kmein.pubkey + tv.pubkey + ]; + packages = with pkgs; [ + tmux + (pkgs.writers.writeDashBin "instant_server" '' + find ${customPlugins.instant} + find ${customPlugins.instant.src} + '') + mud + ]; + }; +} diff --git a/krebs/3modules/ergo.nix b/krebs/3modules/ergo.nix index 0ce0345d8..3153e4cfc 100644 --- a/krebs/3modules/ergo.nix +++ b/krebs/3modules/ergo.nix @@ -6,6 +6,7 @@ type = (pkgs.formats.json {}).type; description = '' Ergo IRC daemon configuration file. + https://raw.githubusercontent.com/ergochat/ergo/master/default.yaml ''; default = { network = { @@ -34,19 +35,34 @@ }; }; datastore = { + autoupgrade = true; path = "/var/lib/ergo/ircd.db"; }; accounts = { authentication-enabled = true; registration = { enabled = true; - email-verification = { - enabled = false; + allow-before-connect = true; + throttling = { + enabled = true; + duration = "10m"; + max-attempts = 30; }; + bcrypt-cost = 4; + email-verification.enabled = false; + }; + multiclient = { + enabled = true; + allowed-by-default = true; + always-on = "opt-in"; + auto-away = "opt-in"; }; }; channels = { - default-modes = "+nt"; + default-modes = "+ntC"; + registration = { + enabled = true; + }; }; limits = { nicklen = 32; @@ -56,6 +72,31 @@ kicklen = 390; topiclen = 390; }; + history = { + enabled = true; + channel-length = 2048; + client-length = 256; + autoresize-window = "3d"; + autoreplay-on-join = 0; + chathistory-maxmessages = 100; + znc-maxmessages = 2048; + restrictions = { + expire-time = "1w"; + query-cutoff = "none"; + grace-period = "1h"; + }; + retention = { + allow-individual-delete = false; + enable-account-indexing = false; + }; + tagmsg-storage = { + default = false; + whitelist = [ + "+draft/react" + "+react" + ]; + }; + }; }; }; }; @@ -64,13 +105,17 @@ cfg = config.krebs.ergo; configFile = pkgs.writeJSON "ergo.conf" cfg.config; in lib.mkIf cfg.enable ({ + environment.etc."ergo.yaml".source = configFile; krebs.ergo.config = lib.mapAttrsRecursive (_: lib.mkDefault) options.krebs.ergo.config.default; systemd.services.ergo = { description = "Ergo IRC daemon"; wantedBy = [ "multi-user.target" ]; + reloadIfChanged = true; + restartTriggers = [ configFile ]; serviceConfig = { - ExecStart = "${pkgs.ergo}/bin/ergo run --conf ${configFile}"; + ExecStart = "${pkgs.ergo}/bin/ergo run --conf /etc/ergo.yaml"; + ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID"; DynamicUser = true; StateDirectory = "ergo"; }; diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 4a87c3501..4c4e53f2f 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -253,12 +253,12 @@ in { }; }; - pinpox-ahorn = { + ahorn = { owner = config.krebs.users.pinpox; nets = { retiolum = { ip4.addr = "10.243.100.100"; - aliases = [ "pinpox-ahorn.r" ]; + aliases = [ "ahorn.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEAyfCuWUYEqp4vEt+a6DRvFpIrBu+GlkpNs/mE4OHzATQLNnWooOXQ diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index b1e11b452..f8c371b7f 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -173,7 +173,7 @@ in { }; retiolum = { via = internet; - aliases = [ "eve.r" ]; + aliases = [ "eve.r" "tts.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH @@ -300,6 +300,11 @@ in { }; yasmin = { owner = config.krebs.users.mic92; + nets.internet = { + ip4.addr = "131.159.102.7"; + ip6.addr = "2a09:80c0:102::7"; + aliases = [ "yasmin.i" ]; + }; nets.retiolum = { ip4.addr = "10.243.29.197"; aliases = [ @@ -674,7 +679,6 @@ in { owner = config.krebs.users.mic92; nets = rec { retiolum = { - ip4.addr = "10.243.29.169"; aliases = [ "bernie.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/krebs/3modules/external/ssh/kmein.pub b/krebs/3modules/external/ssh/kmein.pub index 5711a2c1c..8eade3498 100644 --- a/krebs/3modules/external/ssh/kmein.pub +++ b/krebs/3modules/external/ssh/kmein.pub @@ -1 +1,2 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC19H0FhSNWcfBRPKzbTVSMJikIWZl0CoM8zCm+/3fdMgoaLRpeZWe/AfDK6b4qOjk/sez/J0JUFCGr+JbMwjsduoazsuQowu9L9DLP9Q5UkJje4BD7MHznaeu9/XfVng/MvyaEWArA/VUJeKQesHe76tR511/+n3+bdzlIh8Zw/3wfFxmg1OTNA99/vLkXrQzHDTuV/yj1pxykL4xFtN0OIssW1IKncJeKtkO/OHGT55ypz52Daj6bNKqvxiTuzeEhv5M+5ppyIPcRf1uj/7IaPKttCgZAntEqBTIR9MbyXFeAZVayzaFnLl2okeam5XreeZbj+Y1h2ZjxiIuWoab3MLndSekVfLtfa63gtcWIf8CIvZO2wJoH8v73y0U78JsfWVaTM09ZCfFlHHA/bWqZ6laAjW+mWLO/c77DcYkB3IBzaMVNfc6mfTcGFIC+biWeYpKgA0zC6rByUPbmbIoMueP9zqJwqUaM90Nwd6559inBB107/BK3Ktb3b+37mMCstetIPB9e4EFpGMjhmnL/G81jS53ACWLXJYzt7mKU/fEsiW93MtaB+Le46OEC18y/4G8F7p/nnH7i0kO74ukxbnc4PlpiM7iWT6ra2Cyy+nzEgdXCNXywIxr05TbCQDwX6/NY8k7Hokgdfyz+1Pq3sX0yCcWRPaoB26YF12KYFQ== kieran.meinhardt@gmail.com +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyTnGhFq0Q+vghNhrqNrAyY+CsN7nNz8bPfiwIwNpjk +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOiQEc8rTr7C7xVLYV7tQ99BDDBLrJsy5hslxtCEatkB diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 1b5d903cb..5e0e69924 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -92,6 +92,7 @@ in { h5ZUzfd1r1pTzQ0nYD5aRtlDd7zP7y5tUwIDAQAB -----END RSA PUBLIC KEY----- ''; + tinc.pubkey_ed25519 = "ugy/sGReVro3YzjDuroV/5hdeBdqD18no9dMhTy9DYL"; }; }; ssh.privkey.path = ; diff --git a/krebs/3modules/systemd.nix b/krebs/3modules/systemd.nix index 294f80a3c..194e8b24a 100644 --- a/krebs/3modules/systemd.nix +++ b/krebs/3modules/systemd.nix @@ -5,18 +5,18 @@ default = {}; type = lib.types.attrsOf (lib.types.submodule { options = { - ifCredentialsChange = lib.mkOption { - default = "restart"; + restartIfCredentialsChange = lib.mkOption { + # Enabling this by default only makes sense here as the user already + # bothered to write down krebs.systemd.services.* = {}. If this + # functionality gets upstreamed to systemd.services, restarting + # should be disabled by default. + default = true; description = '' - Whether to reload or restart the service whenever any its - credentials change. Only credentials with an absolute path in - LoadCredential= are supported. + Whether to restart the service whenever any of its credentials + change. Only credentials with an absolute path in LoadCredential= + are supported. ''; - type = lib.types.enum [ - "reload" - "restart" - null - ]; + type = lib.types.bool; }; }; }); @@ -40,7 +40,7 @@ lib.nameValuePair "trigger-${lib.systemd.encodeName serviceName}" { serviceConfig = { Type = "oneshot"; - ExecStart = "${pkgs.systemd}/bin/systemctl ${cfg.ifCredentialsChange} ${lib.shell.escape serviceName}"; + ExecStart = "${pkgs.systemd}/bin/systemctl restart ${lib.shell.escape serviceName}"; }; } ) config.krebs.systemd.services; diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index a18248351..21ddde1c6 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -222,12 +222,6 @@ with import ; nameValuePair netname {} ) config.krebs.tinc; - environment.etc = mapAttrs' (netname: cfg: - nameValuePair "tinc/${netname}" { - source = cfg.confDir; - } - ) config.krebs.tinc; - krebs.systemd.services = mapAttrs (netname: cfg: { }) config.krebs.tinc; @@ -239,8 +233,6 @@ with import ; cfg.iproutePackage cfg.tincPackage ]; - reloadIfChanged = true; - restartTriggers = [ cfg.confDir ]; serviceConfig = { Restart = "always"; LoadCredential = filter (x: x != "") [ @@ -249,6 +241,13 @@ with import ; ) "rsa_key:${cfg.privkey}" ]; + ExecStartPre = pkgs.writers.writeDash "init-tinc-${netname}" '' + ${pkgs.coreutils}/bin/mkdir -p /etc/tinc + ${pkgs.rsync}/bin/rsync -vaL --delete \ + --chown ${cfg.user.name} \ + --chmod u=rwX,g=rX \ + ${cfg.confDir}/ /etc/tinc/${netname}/ + ''; ExecStart = toString [ "${cfg.tincPackage}/sbin/tincd" "-D" diff --git a/krebs/5pkgs/simple/ircaids/default.nix b/krebs/5pkgs/simple/ircaids/default.nix index cffd4aa76..22281161d 100644 --- a/krebs/5pkgs/simple/ircaids/default.nix +++ b/krebs/5pkgs/simple/ircaids/default.nix @@ -2,12 +2,12 @@ stdenv.mkDerivation rec { pname = "ircaids"; - version = "1.2.0"; + version = "1.3.0"; src = pkgs.fetchgit { url = "https://cgit.krebsco.de/ircaids"; rev = "refs/tags/${version}"; - sha256 = "049ln54llfrn99q0pzwlb7iaz4igd4f3n4rb6mpc9irsy32bv3qg"; + sha256 = "128ryfl0prpc1789hhqw2mq16zy3jd82a24k6hkw7nj71hifzr3a"; }; buildPhase = null; diff --git a/krebs/5pkgs/simple/weechat-declarative/default.nix b/krebs/5pkgs/simple/weechat-declarative/default.nix new file mode 100644 index 000000000..e6ecfd631 --- /dev/null +++ b/krebs/5pkgs/simple/weechat-declarative/default.nix @@ -0,0 +1,153 @@ +{ pkgs, lib, ... }@args: + +let + # config cannot be declared in the input attribute set because that would + # cause callPackage to inject the wrong config. Instead, get it from ... + # via args. + config = args.config or {}; + + lib = args.lib // rec { + attrPaths = let + recurse = path: value: + if builtins.isAttrs value then + lib.mapAttrsToList (name: recurse (path ++ [ name ])) value + else [ (lib.nameValuePair path value) ]; + in attrs: lib.flatten (recurse [] attrs); + + attrPathsSep = sep: attrs: lib.listToAttrs (map (x: x // { name = lib.concatStringsSep sep x.name; }) (attrPaths attrs)); + + toWeechatValue = x: { + bool = builtins.toJSON x; + string = x; + list = lib.concatMapStringsSep "," toWeechatValue x; + int = toString x; + }.${builtins.typeOf x}; + + setCommand = name: value: "/set ${name} \"${toWeechatValue value}\""; + + filterAddreplace = name: filter: + "/filter addreplace ${name} ${filter.buffer} ${toWeechatValue filter.tags} ${filter.regex}"; + }; + + cfg = eval.config; + + eval = lib.evalModules { + modules = lib.singleton { + _file = toString ./weechat-declarative.nix; + imports = lib.singleton config; + options = { + scripts = lib.mkOption { + type = lib.types.listOf lib.types.package; + default = []; + description = '' + some stuff from pkgs.weechatScripts + ''; + }; + settings = lib.mkOption { + type = (pkgs.formats.json {}).type; + description = '' + your weechat config in nix-style syntax. + secrets can be defined with \''${my.secret.value} + ''; + default = {}; + example = { + irc.server_default.nicks = "rick_\\\${sec.data.foo}"; + irc.server_default.msg_part = "ciao kakao"; + irc.server_default.msg_quit = "tschö mit \\\${sec.data.foo}"; + irc.look.color_nicks_in_nicklist = true; + matrix.server.nibbana = { + address = "nibbana.jp"; + }; + irc.server.hackint = { + address = "irc.hackint.org/6697"; + ssl = true; + autoconnect = true; + autojoin = [ "#krebs" ]; + }; + weechat.bar.buflist.hidden = true; + irc.server.hackint.command = lib.concatStringsSep "\\;" [ + "/msg nickserv IDENTIFY \\\${sec.data.hackint_password}" + "/msg nickserv SET CLOAK ON" + ]; + filters.playlist_topic = { + buffer = "irc.*.#the_playlist"; + tags = [ "irc_topic" ]; + regex = "*"; + }; + relay = { + port.weechat = 9000; + network.password = "hunter2"; + }; + alias.cmd.mod = "quote omode $channel +o $nick"; + secure.test.passphrase_command = "echo lol1234123124"; + }; + }; + extraCommands = lib.mkOption { + type = lib.types.lines; + default = ""; + }; + files = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + default = {}; + example = lib.literalExpression '' + { + "sec.conf" = toString (pkgs.writeText "sec.conf" ''' + [crypt] + cipher = aes256 + hash_algo = sha256 + passphrase_command = "" + salt = on + + [data] + __passphrase__ = off + foo = "bar" + '''); + } + ''; + }; + }; + }; + }; + + weechat = pkgs.weechat.override { + configure = _: { + init = lib.optionalString (cfg.settings != {}) + (lib.concatStringsSep "\n" ( + lib.optionals + (cfg.settings.irc or {} != {}) + (lib.mapAttrsToList + (name: server: "/server add ${name} ${server.address}") + cfg.settings.irc.server) + ++ + lib.optionals + (cfg.settings.matrix or {} != {}) + (lib.mapAttrsToList + (name: server: "/matrix server add ${name} ${server.address}") + cfg.settings.matrix.server) + ++ + lib.mapAttrsToList lib.setCommand (lib.attrPathsSep "." cfg.settings) + ++ + lib.optionals + (cfg.settings.filters or {} != {}) + (lib.mapAttrsToList lib.filterAddreplace cfg.settings.filters) + ++ + lib.singleton cfg.extraCommands + )); + + scripts = cfg.scripts; + }; + }; + +in pkgs.writers.writeDashBin "weechat" '' + CONFDIR=''${XDG_CONFIG_HOME:-$HOME/.config}/weechat + ${pkgs.coreutils}/bin/mkdir -p "$CONFDIR" + ${lib.concatStringsSep "\n" + (lib.mapAttrsToList + (name: target: /* sh */ '' + ${pkgs.coreutils}/bin/ln -s ${lib.escapeShellArg target} "$CONFDIR"/${lib.escapeShellArg name} + '') + cfg.files + ) + } + exec ${weechat}/bin/weechat "$@" +'' diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index babaad004..cab3ab115 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "ac169ec6371f0d835542db654a65e0f2feb07838", - "date": "2021-12-26T18:43:05+01:00", - "path": "/nix/store/l1qmvpx4pj24ijsm44n64vw2fnl9dpc7-nixpkgs", - "sha256": "0bwjyz15sr5f7z0niwls9127hikp2b6fggisysk0cnk3l6fa8abh", + "rev": "59bfda72480496f32787cec8c557182738b1bd3f", + "date": "2021-12-31T15:09:52+01:00", + "path": "/nix/store/wy2iidg15nwgmn8xir8fbr1lfz1hqphb-nixpkgs", + "sha256": "18akd1chfvniq1q774rigfxgmxwi0wyjljpa1j9ls59szpzr316d", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 62d30d416..43f298973 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "d887ac7aee92e8fc54dde9060d60d927afae9d69", - "date": "2021-12-26T21:39:36-05:00", - "path": "/nix/store/6rczi6lazq369qw1hl4mhnx30pi74vjl-nixpkgs", - "sha256": "1bpgfv45b1yvrgpwdgc4fm4a6sav198yd41bsrvlmm3jn2wi6qx5", + "rev": "d1e59cfc49961e121583abe32e2f3db1550fbcff", + "date": "2022-01-01T22:20:39+08:00", + "path": "/nix/store/azrxsxpszjwgg75jk1pkzlzjcj0qnw8d-nixpkgs", + "sha256": "03ldf1dlxqf3g8qh9x5vp6vd9zvvr481fyjds111imll69y60wpm", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false,