From 0eee884f9a550d47f05cecb9ab19cb9a32a28f9c Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 12 Apr 2017 12:20:45 +0200 Subject: [PATCH 01/27] tv nixpkgs: 69d9061 -> 33bd699 --- tv/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 618dcdccb..d070273e1 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -14,7 +14,7 @@ with import ; stockholm.file = "/home/tv/stockholm"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "69d9061908162bd973fcf34d0fc6dc9d9f8cf9ed"; # nixos-17.03 + ref = "33bd699008c8cb3d92a379de99aa1c65e6b1f8d1"; # nixos-17.03 }; } // optionalAttrs host.secure { secrets-master.file = "/home/tv/secrets/master"; From b03b57e1679430ffaa4b721e96c499418301ad65 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 13 Apr 2017 02:57:11 +0200 Subject: [PATCH 02/27] krebs.search-domain: retiolum -> r --- krebs/3modules/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index d24cea1a2..a46b8af15 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -67,7 +67,7 @@ let # TODO search-domains :: listOf hostname search-domain = mkOption { type = types.hostname; - default = "retiolum"; + default = "r"; }; zone-head-config = mkOption { type = with types; attrsOf str; From 7baf4a4090583eaac4e369fffc91764e1990841e Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 13 Apr 2017 03:13:00 +0200 Subject: [PATCH 03/27] tv: normalize all ip6.addr --- krebs/3modules/tv/default.nix | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 48b110fac..2da38e08d 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -12,7 +12,7 @@ with import ; nets = { retiolum = { ip4.addr = "10.243.21.1"; - ip6.addr = "42:0:0:0:0:0:0:2101"; + ip6.addr = "42::2101"; aliases = [ "alnus.r" ]; @@ -53,7 +53,7 @@ with import ; retiolum = { via = config.krebs.hosts.caxi.nets.internet; ip4.addr = "10.243.113.226"; - ip6.addr = "42:4522:25f8:36bb:8ccb:0150:231a:2af6"; + ip6.addr = "42:4522:25f8:36bb:8ccb:150:231a:2af6"; aliases = [ "caxi.r" ]; @@ -94,7 +94,7 @@ with import ; retiolum = { via = config.krebs.hosts.cd.nets.internet; ip4.addr = "10.243.113.222"; - ip6.addr = "42:4522:25f8:36bb:8ccb:0150:231a:2af3"; + ip6.addr = "42:4522:25f8:36bb:8ccb:150:231a:2af3"; aliases = [ "cd.r" "cgit.cd.r" @@ -129,7 +129,7 @@ with import ; }; retiolum = { ip4.addr = "10.243.13.39"; - ip6.addr = "42:0:0:0:0:0:0:1339"; + ip6.addr = "42::1339"; aliases = [ "ju.r" ]; @@ -164,7 +164,7 @@ with import ; }; retiolum = { ip4.addr = "10.243.166.2"; - ip6.addr = "42:0b9d:6660:d07c:2bb7:4e91:1a01:2e7d"; + ip6.addr = "42:b9d:6660:d07c:2bb7:4e91:1a01:2e7d"; aliases = [ "kaepsele.r" ]; @@ -187,7 +187,7 @@ with import ; nets = { retiolum = { ip4.addr = "10.243.20.1"; - ip6.addr = "42:0:0:0:0:0:0:2001"; + ip6.addr = "42::2001"; aliases = [ "mu.r" ]; @@ -226,7 +226,7 @@ with import ; retiolum = { via = config.krebs.hosts.ni.nets.internet; ip4.addr = "10.243.113.223"; - ip6.addr = "42:4522:25f8:36bb:8ccb:0150:231a:2af4"; + ip6.addr = "42:4522:25f8:36bb:8ccb:150:231a:2af4"; aliases = [ "ni.r" "cgit.ni.r" @@ -260,7 +260,7 @@ with import ; }; retiolum = { ip4.addr = "10.243.0.110"; - ip6.addr = "42:02d5:733f:d6da:c0f5:2bb7:2b18:09ec"; + ip6.addr = "42:2d5:733f:d6da:c0f5:2bb7:2b18:9ec"; aliases = [ "nomic.r" "cgit.nomic.r" @@ -318,7 +318,7 @@ with import ; }; retiolum = { ip4.addr = "10.243.13.37"; - ip6.addr = "42:0:0:0:0:0:0:1337"; + ip6.addr = "42::1337"; aliases = [ "wu.r" "cgit.wu.r" @@ -355,7 +355,7 @@ with import ; }; retiolum = { ip4.addr = "10.243.13.38"; - ip6.addr = "42:0:0:0:0:0:0:1338"; + ip6.addr = "42::1338"; aliases = [ "xu.r" ]; @@ -387,7 +387,7 @@ with import ; }; retiolum = { ip4.addr = "10.243.13.40"; - ip6.addr = "42:0:0:0:0:0:0:1340"; + ip6.addr = "42::1340"; aliases = [ "zu.r" ]; From f93e1d466f9454dc5e10ac9903cefa281407db29 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 13 Apr 2017 11:12:55 +0200 Subject: [PATCH 04/27] lib: add normalize-ip6-addr --- lib/default.nix | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/lib/default.nix b/lib/default.nix index 7e61c9413..9399a0107 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -41,6 +41,52 @@ let indent = replaceChars ["\n"] ["\n "]; + # https://tools.ietf.org/html/rfc5952 + normalize-ip6-addr = + let + max-run-0 = + let + both = v: { off = v; pos = v; }; + gt = a: b: a.pos - a.off > b.pos - b.off; + + chkmax = ctx: { + cur = both (ctx.cur.pos + 1); + max = if gt ctx.cur ctx.max then ctx.cur else ctx.max; + }; + + incpos = ctx: recursiveUpdate ctx { + cur.pos = ctx.cur.pos + 1; + }; + + f = ctx: blk: (if blk == "0" then incpos else chkmax) ctx; + z = { cur = both 0; max = both 0; }; + in + blks: (chkmax (foldl' f z blks)).max; + + group-zeros = a: + let + blks = splitString ":" a; + max = max-run-0 blks; + lhs = take max.off blks; + rhs = drop max.pos blks; + in + if max.pos == 0 + then a + else "${concatStringsSep ":" lhs}::${concatStringsSep ":" rhs}"; + + drop-leading-zeros = + let + f = block: + let + res = match "0*(.+)" block; + in + if res == null + then block # empty block + else elemAt res 0; + in + a: concatStringsSep ":" (map f (splitString ":" a)); + in + a: toLower (group-zeros (drop-leading-zeros a)); }; in From 79bcfa03edcf7eaeb69515c99af7522f893665f4 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 13 Apr 2017 11:13:59 +0200 Subject: [PATCH 05/27] types.net: normalize IPv6 address --- lib/types.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/types.nix b/lib/types.nix index 8a3c76483..f511541bd 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -103,6 +103,7 @@ rec { options = { addr = mkOption { type = addr6; + apply = lib.normalize-ip6-addr; }; prefix = mkOption ({ type = str; # TODO routing prefix (CIDR) From 6e6a4203254c28a4b6d5fed46301a28e4225126c Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 13 Apr 2017 11:28:28 +0200 Subject: [PATCH 06/27] tv nixpkgs: 33bd699 -> 7ad99e9 --- tv/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index d070273e1..8125a27ee 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -14,7 +14,7 @@ with import ; stockholm.file = "/home/tv/stockholm"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "33bd699008c8cb3d92a379de99aa1c65e6b1f8d1"; # nixos-17.03 + ref = "7ad99e9fc8c1977f4d51ba8531386fce7276d300"; # nixos-17.03 }; } // optionalAttrs host.secure { secrets-master.file = "/home/tv/secrets/master"; From e832710a80ba5895bf6aa4cb996f79a7b7494038 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 13 Apr 2017 11:41:01 +0200 Subject: [PATCH 07/27] lass news: -wired_sci --- lass/2configs/newsbot-js.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix index 3c6c5dc88..d38af211f 100644 --- a/lass/2configs/newsbot-js.nix +++ b/lass/2configs/newsbot-js.nix @@ -163,7 +163,6 @@ let us_math_society|http://www.ams.org/cgi-bin/content/news_items.cgi?rss=1|#news vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news weechat|http://dev.weechat.org/feed/atom|#news - wired_sci|http://www.wired.com/category/science/feed/|#news wp_world|http://feeds.washingtonpost.com/rss/rss_blogpost|#news xkcd|https://xkcd.com/rss.xml|#news zdnet|http://www.zdnet.com/news/rss.xml|#news From a78603a6e92ca28300b90b1aff06a994392fee95 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 13 Apr 2017 15:18:47 +0200 Subject: [PATCH 08/27] htgen: 1.1 -> 1.2 --- krebs/5pkgs/htgen/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/htgen/default.nix b/krebs/5pkgs/htgen/default.nix index f9dfeb3d1..c6dc6e9ae 100644 --- a/krebs/5pkgs/htgen/default.nix +++ b/krebs/5pkgs/htgen/default.nix @@ -1,14 +1,14 @@ { bash, coreutils, gnused, stdenv, fetchgit, ucspi-tcp }: with import ; let - version = "1.1"; + version = "1.2"; in stdenv.mkDerivation { name = "htgen-${version}"; src = fetchgit { url = "http://cgit.krebsco.de/htgen"; rev = "refs/tags/v${version}"; - sha256 = "1zxj0fv9vdrqyl3x2hgq7a6xdlzpclf93akygysrzsqk9wjapp4z"; + sha256 = "0y7gi4r32dvc18a4nnkr74sbq4glqcmf1q6lfj8fpgj82lg16zc6"; }; installPhase = '' From 621758d990ec5c25d797ffb17f2bec4e27d54728 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 13 Apr 2017 15:25:04 +0200 Subject: [PATCH 09/27] l 1 prism: change nickname for #coders Reaktor --- lass/1systems/prism.nix | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index e5cbacfc8..8eecaa350 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -254,19 +254,20 @@ in { ]; } { - krebs.Reaktor.coders = let - lambdabot = (import (pkgs.fetchFromGitHub { - owner = "NixOS"; repo = "nixpkgs"; - rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac"; - sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy"; - }) {}).lambdabot; - in { - nickname = "reaktor-lass"; + krebs.Reaktor.coders = { + nickname = "Reaktor|lass"; channels = [ "#coders" ]; extraEnviron = { REAKTOR_HOST = "irc.hackint.org"; }; plugins = with pkgs.ReaktorPlugins; let + + lambdabot = (import (pkgs.fetchFromGitHub { + owner = "NixOS"; repo = "nixpkgs"; + rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac"; + sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy"; + }) {}).lambdabot; + lambdabotflags = '' -XStandaloneDeriving -XGADTs -XFlexibleContexts \ -XFlexibleInstances -XMultiParamTypeClasses \ From b033fd53af2bac56b4bd4b2882f64818dec9acb0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 13 Apr 2017 15:25:28 +0200 Subject: [PATCH 10/27] l 1 prism: add Reaktor for #retiolum --- lass/1systems/prism.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 8eecaa350..50b222338 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -350,6 +350,18 @@ in { ]; }; } + { + krebs.Reaktor.prism = { + nickname = "Reaktor|lass"; + channels = [ "#retiolum" ]; + extraEnviron = { + REAKTOR_HOST = "ni.r"; + }; + plugins = with pkgs.ReaktorPlugins; [ + sed-plugin + ]; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; From d65226176267098db98ad36d8c56cf14bea28587 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 13 Apr 2017 15:25:37 +0200 Subject: [PATCH 11/27] l 1 prism: update chat authorized_key --- lass/1systems/prism.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 50b222338..343c45561 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -158,7 +158,7 @@ in { } { users.users.chat.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCkmIvB8BekIE2W24+I0gnzkvkEoeulz/zQkDUVJK4oScbIvgTYmcHzQuHJyPueTm67bJCOcYaTwEDNhcR/ZvcyiCQ7Jwa5cLDTkCkcR9LQq8ry5jMNEanvTgrnBIEcwfS7jFpyFb/PRVG6hh2bPOfP+ksFplkq1BTzKt/UTaCBwVEZqi5XuFIlq/MqJg+FIjh+wyeNR5jHtqgAhVjR+YLVNXLgtVPE+dlSfbyRQHuA9FTkUj8BxxnTdwM5Sx33S61ddik1XvRn++IYqFl68fZhzyTME7t/Mvjdz8J7ew2bF2IbJrXt37yQCAOEEp9/RC5OloA7dd/5ZJjZxSzT2HnYROILsYr3S0WV4e+H2G66ZN0ftdUCYh1o5rtY7IrSes6yHsKYbpoij1IAkRkyt2XgEH5EZCk1Omx8AY3ekW1KFIEhz2DZEfnCEjPf4AGCYZ0uy4XEztxzTDkh25TVs/tym1+96qCJ1yAxwWZDbVhS/Z6aSBpsyeDRKcak8qoWVC2dEPdYuTUmwvmo3pmGn/a4UfOLNJTn0jSRjy3kSv1hYzosN4NSYZqEylFB0ABnlqoLpX3tmWtrkiKv19S+djVGxbaaYm3hjPJfds3qCWTJWPvxPPeCE8wGXVLYqOQxa5ZPYeoTwRof5YNSbj5RFYy9sDLTlHl+U4ASTHZM5S3akQ== JuiceSSH" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDjesiOnhpT9XgWZqw/64M5lVQg3q0k22BtMyCv+33sGX8VmfTyD11GuwSjNGf5WiswKLqFvYBQsHfDDtS3k0ZNTDncGw3Pbilm6QoCuHEyDPaQYin0P+JmkocrL/6QF5uhZVFnsXCH5wntwOa00VFGwpMgQYSfRlReRx42Pu9Jk+iJduZMRBbOMvJI68Z7iJ4DgW/1U9J4MQdCsk7QlFgUstQQfV1zk4VfVfXuxDP3hjx6Q05nDChjpmzJbFunzb7aiy/1/Sl0QhROTpvxrQLksg7yYLw4BRs9ptjehX45A2Sxi8WKOb/g5u3xJNy0X07rE+N+o5v2hS7wF0DLQdK5+4TGtO+Y+ABUCqqA+T1ynAjNBWvsgY5uD4PZjuPgCMSw0JBmIy/P0THi3v5/8Cohvfnspl7Jpf80qENMu3unvvE9EePzgSRZY1PvDjPQfkWy0yBX1yQMhHuVGke9QgaletitwuahRujml37waeUuOl8Rpz+2iV+6OIS4tfO368uLFHKWbobXTbTDXODBgxZ/IyvO7vxM2uDX/kIWaeYKrip3nSyWBYnixwrcS4vm6ZQcoejwp2KCfGQwIE4MnGYRlwcOEYjvyjLkZHDiZEivUQ0rThMYBzec8bQ08QW8oxF+NXkFKG3awt3f7TKTRkYqQcOMpFKmV24KDiwgwm0miQ== JuiceSSH" ]; } { From 108ede97f1e3997224fdf7b44fce38df846ab44a Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 13 Apr 2017 15:33:49 +0200 Subject: [PATCH 12/27] htgen: 1.2 -> 1.2.1 --- krebs/5pkgs/htgen/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/htgen/default.nix b/krebs/5pkgs/htgen/default.nix index c6dc6e9ae..52d7ded72 100644 --- a/krebs/5pkgs/htgen/default.nix +++ b/krebs/5pkgs/htgen/default.nix @@ -1,14 +1,14 @@ { bash, coreutils, gnused, stdenv, fetchgit, ucspi-tcp }: with import ; let - version = "1.2"; + version = "1.2.1"; in stdenv.mkDerivation { name = "htgen-${version}"; src = fetchgit { url = "http://cgit.krebsco.de/htgen"; rev = "refs/tags/v${version}"; - sha256 = "0y7gi4r32dvc18a4nnkr74sbq4glqcmf1q6lfj8fpgj82lg16zc6"; + sha256 = "0mh8n9hf4jmkcxwdw3rimwdlhslrnpsdg1cp2vq3h9j2jkrsq6ba"; }; installPhase = '' From 7c159da2eed0ba99094153dc16f5b9799bb0cc0b Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 13 Apr 2017 16:25:17 +0200 Subject: [PATCH 13/27] htgen: 1.2.1 -> 1.2.2 --- krebs/5pkgs/htgen/default.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/krebs/5pkgs/htgen/default.nix b/krebs/5pkgs/htgen/default.nix index 52d7ded72..0fca8bdf2 100644 --- a/krebs/5pkgs/htgen/default.nix +++ b/krebs/5pkgs/htgen/default.nix @@ -1,26 +1,26 @@ -{ bash, coreutils, gnused, stdenv, fetchgit, ucspi-tcp }: +{ coreutils, dash, fetchgit, gnused, stdenv, ucspi-tcp }: with import ; let - version = "1.2.1"; + version = "1.2.2"; in stdenv.mkDerivation { name = "htgen-${version}"; src = fetchgit { url = "http://cgit.krebsco.de/htgen"; rev = "refs/tags/v${version}"; - sha256 = "0mh8n9hf4jmkcxwdw3rimwdlhslrnpsdg1cp2vq3h9j2jkrsq6ba"; + sha256 = "0a8vn35vq6pxgk6d3d2cjp0vdxzq9nqf0zgkvnd6668v4cmdf91b"; }; installPhase = '' mkdir -p $out/bin { - echo '#! ${bash}/bin/bash' + echo '#! ${dash}/bin/dash' echo 'export PATH=${makeBinPath [ - ucspi-tcp coreutils gnused + ucspi-tcp ]}''${PATH+":$PATH"}' - cat htgen + sed 's:^Server=htgen$:&/${version}:' htgen } > $out/bin/htgen chmod +x $out/bin/htgen cp -r examples $out From b268e0ef9c7b471ae467e97c8e2e0b8f769124bc Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 14 Apr 2017 11:23:27 +0200 Subject: [PATCH 14/27] tv nixpkgs: 7ad99e9 -> 5acb454 --- tv/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 8125a27ee..cbbd5c439 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -14,7 +14,7 @@ with import ; stockholm.file = "/home/tv/stockholm"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "7ad99e9fc8c1977f4d51ba8531386fce7276d300"; # nixos-17.03 + ref = "5acb454e2ad3e3783e63b86a9a31e800d2507e66"; # nixos-17.03 }; } // optionalAttrs host.secure { secrets-master.file = "/home/tv/secrets/master"; From 48d37be5dea8c74c929bd23153361f3cf419f43e Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 14 Apr 2017 11:25:18 +0200 Subject: [PATCH 15/27] l 2 nixpkgs: a563923 -> 5acb454 --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 24437d040..5309c9551 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://cgit.lassul.us/nixpkgs; - ref = "a563923"; + ref = "5acb454"; }; } From a80cbaa6e962ea6dcdbf4c01f7e1188ac71c631f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 15 Apr 2017 17:13:40 +0200 Subject: [PATCH 16/27] realwallpaper: introduce marker_file --- krebs/3modules/realwallpaper.nix | 8 ++++---- krebs/5pkgs/realwallpaper/default.nix | 8 ++------ 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index f9eae8c92..1e7a9faae 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -32,9 +32,9 @@ let default = "http://xplanetclouds.com/free/local/clouds_2048.jpg"; }; - outFile = mkOption { + marker = mkOption { type = types.str; - default = "/tmp/wallpaper.png"; + default = "http://graphs.r/marker.json"; }; timerConfig = mkOption { @@ -43,7 +43,6 @@ let OnCalendar = "*:0/15"; }; }; - }; imp = { @@ -63,6 +62,7 @@ let imagemagick curl file + jq ]; environment = { @@ -70,7 +70,7 @@ let nightmap_url = cfg.nightmap; daymap_url = cfg.daymap; cloudmap_url = cfg.cloudmap; - out_file = cfg.outFile; + marker_url = cfg.marker; }; restartIfChanged = true; diff --git a/krebs/5pkgs/realwallpaper/default.nix b/krebs/5pkgs/realwallpaper/default.nix index 4fea977ec..dec2dada4 100644 --- a/krebs/5pkgs/realwallpaper/default.nix +++ b/krebs/5pkgs/realwallpaper/default.nix @@ -5,8 +5,8 @@ stdenv.mkDerivation { src = fetchgit { url = https://github.com/Lassulus/realwallpaper; - rev = "c2778c3c235fc32edc8115d533a0d0853ab101c5"; - sha256 = "0yhbjz19zk8sj5dsvccm6skkqq2vardn1yi70qmd5li7qvp17mvs"; + rev = "b8408cfb295b6ce5b965309b30358ca6c6409efd"; + sha256 = "0yyl8hhqshw9bx04xs8glvir3c0qzvfrwzmbvyg318mnz5xalcl0"; }; phases = [ @@ -15,10 +15,6 @@ stdenv.mkDerivation { ]; buildInputs = [ - xplanet - imagemagick - curl - file ]; installPhase = '' From 930971c9e2c3aa601f4cd87586b987c312607bc7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 15 Apr 2017 17:16:20 +0200 Subject: [PATCH 17/27] lass: update realwallpaper locations --- lass/1systems/prism.nix | 2 +- lass/2configs/realwallpaper.nix | 10 ++++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 343c45561..9c17c4433 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -194,7 +194,7 @@ in { ../2configs/realwallpaper.nix ]; services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = '' - alias /tmp/wallpaper.png; + alias /var/realwallpaper/realwallpaper.png; ''; } { diff --git a/lass/2configs/realwallpaper.nix b/lass/2configs/realwallpaper.nix index cf9795071..4794823ce 100644 --- a/lass/2configs/realwallpaper.nix +++ b/lass/2configs/realwallpaper.nix @@ -13,8 +13,14 @@ in { serverAliases = [ hostname ]; - locations."/wallpaper.png".extraConfig = '' - root /tmp/; + locations."/realwallpaper.png".extraConfig = '' + root /var/realwallpaper/; + ''; + locations."/realwallpaper-sat.png".extraConfig = '' + root /var/realwallpaper/; + ''; + locations."/realwallpaper-sat-krebs.png".extraConfig = '' + root /var/realwallpaper/; ''; }; From 64ac9ab74f1cb448da51880a0776848ddd7c63b3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 15 Apr 2017 18:19:15 +0200 Subject: [PATCH 18/27] l 2 realwallpaper: allow only from .r --- lass/2configs/realwallpaper.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lass/2configs/realwallpaper.nix b/lass/2configs/realwallpaper.nix index 4794823ce..9e26d677c 100644 --- a/lass/2configs/realwallpaper.nix +++ b/lass/2configs/realwallpaper.nix @@ -10,6 +10,11 @@ in { krebs.realwallpaper.enable = true; services.nginx.virtualHosts.wallpaper = { + extraConfig = '' + if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) { + return 403; + } + ''; serverAliases = [ hostname ]; From fbc29e63da7fca719dc20df13d31402a8d9c449b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 15 Apr 2017 18:19:45 +0200 Subject: [PATCH 19/27] l 2 realwallpaper: listen on .r --- lass/2configs/realwallpaper.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/realwallpaper.nix b/lass/2configs/realwallpaper.nix index 9e26d677c..116d66276 100644 --- a/lass/2configs/realwallpaper.nix +++ b/lass/2configs/realwallpaper.nix @@ -17,6 +17,7 @@ in { ''; serverAliases = [ hostname + "${hostname}.r" ]; locations."/realwallpaper.png".extraConfig = '' root /var/realwallpaper/; From 6dfee5d766d16bd90aaf846f591c7168563554cd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 15 Apr 2017 22:27:59 +0200 Subject: [PATCH 20/27] l 1 iso: enable hidden-ssh --- lass/1systems/iso.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix index 9dfbf7cb8..bee1c148f 100644 --- a/lass/1systems/iso.nix +++ b/lass/1systems/iso.nix @@ -148,5 +148,8 @@ with import ; }; }; } + { + krebs.hidden-ssh.enable = true; + } ]; } From 8f89bb5d3d5e8f2e2deb70a7029321d05c5d256f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Apr 2017 23:31:46 +0200 Subject: [PATCH 21/27] k 3 hidden-ssh: start after network-online.target --- krebs/3modules/hidden-ssh.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/hidden-ssh.nix b/krebs/3modules/hidden-ssh.nix index 2f75ded9b..3930dbf42 100644 --- a/krebs/3modules/hidden-ssh.nix +++ b/krebs/3modules/hidden-ssh.nix @@ -27,7 +27,7 @@ let }; systemd.services.hidden-ssh-announce = { description = "irc announce hidden ssh"; - after = [ "tor.service" ]; + after = [ "tor.service" "network-online.target" ]; wants = [ "tor.service" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { From 6187206a02ed9bc7b21fdfd9c32e0b57f6f23365 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Apr 2017 23:32:05 +0200 Subject: [PATCH 22/27] irc-announce: fix cat2 on live systems --- krebs/5pkgs/irc-announce/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/5pkgs/irc-announce/default.nix b/krebs/5pkgs/irc-announce/default.nix index e1f4919d5..6eb725b71 100644 --- a/krebs/5pkgs/irc-announce/default.nix +++ b/krebs/5pkgs/irc-announce/default.nix @@ -24,7 +24,7 @@ pkgs.writeDashBin "irc-announce" '' # echo2 and cat2 are used output to both, stdout and stderr # This is used to see what we send to the irc server. (debug output) echo2() { echo "$*"; echo "$*" >&2; } - cat2() { tee /dev/stderr; } + cat2() { awk '{print;print > "/dev/stderr"}'; } # privmsg_cat transforms stdin to a privmsg privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; } From 7ea694323bf791e6a2dae4897fefa0f09bc2a654 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Apr 2017 23:32:43 +0200 Subject: [PATCH 23/27] l 1 mors: disable ipfs --- lass/1systems/mors.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index c196b391a..8891d1829 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -76,10 +76,6 @@ with import ; { services.redis.enable = true; } - { - #ipfs-testing - services.ipfs.enable = true; - } { environment.systemPackages = [ pkgs.krebszones From faa8318d13a4b8932e9fd15ebae116d380ede497 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Apr 2017 23:33:54 +0200 Subject: [PATCH 24/27] l 1 iso: make sshd work --- lass/1systems/iso.nix | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix index bee1c148f..01d698c4c 100644 --- a/lass/1systems/iso.nix +++ b/lass/1systems/iso.nix @@ -15,7 +15,6 @@ with import ; krebs.enable = true; krebs.build.user = config.krebs.users.lass; krebs.build.host = config.krebs.hosts.iso; - krebs.build.source.nixos-config.symlink = "stockholm/lass/1systems/${config.krebs.buil.host.name}.nix"; } { nixpkgs.config.allowUnfree = true; @@ -122,18 +121,12 @@ with import ; { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } ]; }; + systemd.services.sshd.wantedBy = mkForce [ "multi-user.target" ]; } { krebs.iptables = { enable = true; tables = { - nat.PREROUTING.rules = [ - { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } - { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } - ]; - nat.OUTPUT.rules = [ - { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; } - ]; filter.INPUT.policy = "DROP"; filter.FORWARD.policy = "DROP"; filter.INPUT.rules = [ From 6e6a01957d86bffc0ee43978f80c449355365103 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Apr 2017 23:34:25 +0200 Subject: [PATCH 25/27] l 2: add sshn to pkgs --- lass/2configs/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 69f8a681e..b53efa75d 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -151,6 +151,10 @@ with import ; p7zip unzip unrar + + (pkgs.writeDashBin "sshn" '' + ${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@" + '') ]; programs.bash = { From b6b39b69ff8cf5aea15e9d31a23c58e9a2cd5ab1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Apr 2017 23:35:02 +0200 Subject: [PATCH 26/27] l 1 mors: enable tor --- lass/1systems/mors.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 8891d1829..d80665a6b 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -85,6 +85,12 @@ with import ; #ps vita stuff boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; } + { + services.tor = { + enable = true; + client.enable = true; + }; + } ]; krebs.build.host = config.krebs.hosts.mors; From 7a48255b5a88e548eaf36ecdebb66fac96a04602 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Apr 2017 23:35:25 +0200 Subject: [PATCH 27/27] l 2: add syncthing.nix --- lass/1systems/mors.nix | 1 + lass/1systems/prism.nix | 1 + lass/2configs/syncthing.nix | 12 ++++++++++++ 3 files changed, 14 insertions(+) create mode 100644 lass/2configs/syncthing.nix diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index d80665a6b..c8d9465d5 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -25,6 +25,7 @@ with import ; ../2configs/repo-sync.nix ../2configs/ircd.nix ../2configs/logf.nix + ../2configs/syncthing.nix { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 9c17c4433..41a909f16 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -46,6 +46,7 @@ in { ../2configs/monitoring/server.nix ../2configs/monitoring/monit-alarms.nix ../2configs/paste.nix + ../2configs/syncthing.nix { imports = [ ../2configs/bepasty.nix diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix new file mode 100644 index 000000000..cef43d1e6 --- /dev/null +++ b/lass/2configs/syncthing.nix @@ -0,0 +1,12 @@ +{ config, pkgs, ... }: +with import ; +{ + services.syncthing = { + enable = true; + useInotify = true; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 22000"; target = "ACCEPT";} + { predicate = "-p udp --dport 21027"; target = "ACCEPT";} + ]; +}