Merge remote-tracking branch 'lass/master'
This commit is contained in:
commit
57eceb7c05
@ -61,7 +61,7 @@ let
|
|||||||
];
|
];
|
||||||
hooks.PRIVMSG = [
|
hooks.PRIVMSG = [
|
||||||
{
|
{
|
||||||
pattern = "^bier bal(an(ce)?)?$";
|
pattern = "^bier (ballern|bal(an(ce)?)?)$";
|
||||||
activate = "match";
|
activate = "match";
|
||||||
command = {
|
command = {
|
||||||
env = {
|
env = {
|
||||||
@ -90,6 +90,10 @@ let
|
|||||||
amt=$2
|
amt=$2
|
||||||
unit=$3
|
unit=$3
|
||||||
printf '%s\n %s %d %s\n %s %d %s\n' "$(date -Id)" "$tonick" "$amt" "$unit" "$_from" "$(expr 0 - "''${amt#+}")" "$unit" >> $state_file
|
printf '%s\n %s %d %s\n %s %d %s\n' "$(date -Id)" "$tonick" "$amt" "$unit" "$_from" "$(expr 0 - "''${amt#+}")" "$unit" >> $state_file
|
||||||
|
${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \
|
||||||
|
| ${pkgs.coreutils}/bin/tail +2 \
|
||||||
|
| ${pkgs.miller}/bin/mlr --icsv --opprint cat \
|
||||||
|
| ${pkgs.gnugrep}/bin/grep "$_from"
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -138,41 +138,54 @@ let
|
|||||||
let inherit (config.krebs.build.host.ssh) privkey; in
|
let inherit (config.krebs.build.host.ssh) privkey; in
|
||||||
mkIf (privkey != null) [privkey];
|
mkIf (privkey != null) [privkey];
|
||||||
|
|
||||||
# TODO use imports for merging
|
|
||||||
services.openssh.knownHosts =
|
services.openssh.knownHosts =
|
||||||
(let inherit (config.krebs.build.host.ssh) pubkey; in
|
filterAttrs
|
||||||
optionalAttrs (pubkey != null) {
|
(knownHostName: knownHost:
|
||||||
localhost = {
|
knownHost.publicKey != null &&
|
||||||
hostNames = ["localhost" "127.0.0.1" "::1"];
|
knownHost.hostNames != []
|
||||||
publicKey = pubkey;
|
)
|
||||||
};
|
(mapAttrs
|
||||||
})
|
(hostName: host: {
|
||||||
//
|
hostNames =
|
||||||
mapAttrs
|
concatLists
|
||||||
(name: host: {
|
(mapAttrsToList
|
||||||
hostNames =
|
(netName: net:
|
||||||
concatLists
|
let
|
||||||
(mapAttrsToList
|
aliases =
|
||||||
(net-name: net:
|
concatLists [
|
||||||
let
|
shortAliases
|
||||||
longs = net.aliases;
|
net.aliases
|
||||||
shorts =
|
net.addrs
|
||||||
optionals
|
];
|
||||||
(cfg.dns.search-domain != null)
|
shortAliases =
|
||||||
(map (removeSuffix ".${cfg.dns.search-domain}")
|
optionals
|
||||||
(filter (hasSuffix ".${cfg.dns.search-domain}")
|
(cfg.dns.search-domain != null)
|
||||||
longs));
|
(map (removeSuffix ".${cfg.dns.search-domain}")
|
||||||
add-port = a:
|
(filter (hasSuffix ".${cfg.dns.search-domain}")
|
||||||
if net.ssh.port != 22
|
net.aliases));
|
||||||
then "[${a}]:${toString net.ssh.port}"
|
addPort = alias:
|
||||||
else a;
|
if net.ssh.port != 22
|
||||||
in
|
then "[${alias}]:${toString net.ssh.port}"
|
||||||
map add-port (shorts ++ longs ++ net.addrs))
|
else alias;
|
||||||
host.nets);
|
in
|
||||||
|
map addPort aliases
|
||||||
publicKey = host.ssh.pubkey;
|
)
|
||||||
})
|
host.nets);
|
||||||
(filterAttrs (_: host: host.ssh.pubkey != null) cfg.hosts);
|
publicKey = host.ssh.pubkey;
|
||||||
|
})
|
||||||
|
(foldl' mergeAttrs {} [
|
||||||
|
cfg.hosts
|
||||||
|
{
|
||||||
|
localhost = {
|
||||||
|
nets.local = {
|
||||||
|
addrs = [ "127.0.0.1" "::1" ];
|
||||||
|
aliases = [ "localhost" ];
|
||||||
|
ssh.port = 22;
|
||||||
|
};
|
||||||
|
ssh.pubkey = config.krebs.build.host.ssh.pubkey;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
]));
|
||||||
|
|
||||||
programs.ssh.extraConfig = concatMapStrings
|
programs.ssh.extraConfig = concatMapStrings
|
||||||
(net: ''
|
(net: ''
|
||||||
|
50
krebs/3modules/external/default.nix
vendored
50
krebs/3modules/external/default.nix
vendored
@ -588,6 +588,31 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
aland = {
|
||||||
|
owner = config.krebs.users.xkey;
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.12.34";
|
||||||
|
aliases = [ "aland.r" ];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIICCgKCAgEAwR1e8/4Lx7gqSyFhA5WpfT4LsnXqYARR6y+gYAOSre6wMvBm/OBY
|
||||||
|
CKEYCCfqQD3naukID9FqleXaZdIxp6xxBIYZ1yi1Xn032MPP0S37oZAxJlXvlEaU
|
||||||
|
plG9ct6Zh6qTzpghP2UyYD4RxhLwvsRTycwLF93D+a1z1/CNNDLSoTS11BLtvhDb
|
||||||
|
DmxTVY/1hWJUiVR4KyRsYnJ3N1Heg/4R/Su4oFm+DatfFYdzhaNsk9q3YYIRdRcx
|
||||||
|
aHLF65ygVTjG/rUJp/OvkeU1G5rc0ldpd7zR8N8kkjgI1lmZe50mUGghKr1zexV+
|
||||||
|
OkIjXGrwTk4RZk3kZO6PZu56rrsR8HZirfrtJWRy7UgAm3S/lZku7X4SN3+7pfL1
|
||||||
|
ero6/XB4CHeQ9OpQemcR5o6AR0ncE0TApqeoLd1U710XmwM09ifawAO3jm9ER19X
|
||||||
|
TKFHeBzqsToPmternXnAKgg2NYyKStkavQu6JTl/uOXdfqfMc9TU6mzV8aBo7ZDa
|
||||||
|
aLdlg0phcFCcZT8zJGzA3des70AHWmQ7G49pBysnXk8p+1l3SPazGAlIWBCT6oZX
|
||||||
|
zUUauGEgsuTkDC+JijUm/1HrrMfiigHeBTZKPLqe/75MkumukXqTzd3zfUEcA5Vf
|
||||||
|
VgEnL2jNVFfocJtmhLQdkmnSiIQslRSOHMC94ZWa0ku0kHZ3XawwwY0CAwEAAQ==
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
tinc.pubkey_ed25519 = "gOEzoUsuJyaGIjoZIyS9uZa+zLYfN6BEZrbCTeAWW7A";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
papawhakaaro = {
|
papawhakaaro = {
|
||||||
owner = config.krebs.users.feliks;
|
owner = config.krebs.users.feliks;
|
||||||
nets = {
|
nets = {
|
||||||
@ -613,6 +638,31 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
iti = {
|
||||||
|
owner = config.krebs.users.feliks;
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.10.244";
|
||||||
|
aliases = [ "iti.r" ];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIICCgKCAgEA5TXEmw3F3lCekITBPW8QYF1ciKHN8RSi47k1vW+jXb6gdWcVo5KL
|
||||||
|
Ithq3T2+jWJJQoOJEDl5Tvo9ilF0oE0AqSNnvfgS/t8xfFVEsNvHodbonXXku5cF
|
||||||
|
N7oFooAgQRXAUJpEQLtcfx9kJutSYgGeEvoRGZkWaqY6tzPL45U2WEna+MJ/P1Cd
|
||||||
|
57JMOLeJJEjZKtC/XqPOQ81KNcm161RKekHas5ZNK30QEVP9QsjTDoLesYwm1ywt
|
||||||
|
4LiHRHSSHd65pKXJvi1haEYw25BxIun7kY4IQHrfEuK3DNs0kyYJj2rKL4C9kHgT
|
||||||
|
hYd+fFl1i/X1BjPzo+ZY91ahLVX3UPpOsB8vC9Q7Ctm1Nkc/bCfKRUNbamkS0Bwf
|
||||||
|
tngak3heGvuek6Y7qWQUkvMkPLhZwZUXUz+DBXGWXabP5LL8Z/y3V+Qqj0snEsZ3
|
||||||
|
9iOF+eeDw2/9hBzRzBPGtwL1DREgd+1J/XlHLcjF4jzkMhweIXw2Yh0Jq7D5Nqf3
|
||||||
|
kPF9n/50zbQneSGEiKFeHm1ykag/KV0ebWHUOy1Gydbs7+RxT9GUiZofI6kyjJUI
|
||||||
|
g1w1ajkZYIIqhIvhMHudLay5h4kLkdGN9yuRNO/BG5sGk5MywZHyMploIX0ZRVui
|
||||||
|
+H3Sx2y268r/Fs6JcaddmzFwFqNmdRTRv/KBp91QGnjcaJDzQPKg/IsCAwEAAQ==
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
tinc.pubkey_ed25519 = "uG9D7hrWNx+9otDFlZ8Yi31L6xxC7dzGlqXBLkzJCwE";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
hydrogen = {
|
hydrogen = {
|
||||||
owner = config.krebs.users.sandro;
|
owner = config.krebs.users.sandro;
|
||||||
nets = rec {
|
nets = rec {
|
||||||
|
163
krebs/3modules/external/mic92.nix
vendored
163
krebs/3modules/external/mic92.nix
vendored
@ -10,66 +10,6 @@ with import <stockholm/lib>;
|
|||||||
});
|
});
|
||||||
in {
|
in {
|
||||||
hosts = mapAttrs hostDefaults {
|
hosts = mapAttrs hostDefaults {
|
||||||
amy = {
|
|
||||||
owner = config.krebs.users.mic92;
|
|
||||||
nets = rec {
|
|
||||||
internet = {
|
|
||||||
ip4.addr = "129.215.165.57";
|
|
||||||
ip6.addr = "2001:630:3c1:164:b62e:99ff:fe3e:d369";
|
|
||||||
aliases = [ "amy.i" ];
|
|
||||||
};
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.29.181";
|
|
||||||
aliases = [ "amy.r" ];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIICCgKCAgEAr3jQRA1+hLKYVgHJA2ax5W8J3GVMTnaGpYw9Q2xXXrX/jxLZ6Ia8
|
|
||||||
hBjIcCBDVL5Q3FnyrKB9NJeeIvCOKg8WG+8O0+wKcePKd0Vhbsx4Whog/6PWs6qh
|
|
||||||
q2sURs2tp1hjHks4kZo2WtiYD7Ue9HHdV6FlUO6yuBV0bW2RzHdLPCDSGxnQVkBM
|
|
||||||
tSwAvMCZwvVBiv4m6RyMXqmpdbAPBzgJcmJS0FY+zGxpiwsR/AdoVvnzYyFMCVpG
|
|
||||||
iFl5+k9OGhUJq72MwAXzjW5ZdCPrG+2Dd+QBhhtIMJGA2sJiJteT8vdvpTNCiHJ/
|
|
||||||
HnW7movliN2mW86qwo7QqB5v0c9f9TjfpOld7sS/4vE3zlGi/Stf6SQWaoXez/u3
|
|
||||||
/P9GzupcYgj76m8Z3j7BMHXCBw8iwP2pZpL9hnLdIyCcyLrzXDIzq4hlt60DPhSU
|
|
||||||
klTDBUA/cUdSJGcSn2N+WHLOTfI6qeBNKqcTk70OQsa69jAJeAtA+I9OprNYOXqb
|
|
||||||
MmQakNNlrTaNtGQxfQqEL+wqHlo8CVDGm3O9pQSNF309P4TLNU1EYm+ItScNiVCE
|
|
||||||
DKhcgvE6xHCwZnVyJN8MMy1CVyDmnHVYoaTEZ2cCvNi/hXIXgO9KWjSpAv5tP764
|
|
||||||
UkOE4dlDpEW6G1pNf84BERfRYGDj29A/Jk9LJC/6D09QJXNu18HR0sUCAwEAAQ==
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
tinc.pubkey_ed25519 = "6VktF9Fg9E0hCW5g+rwGnrPACPSx/8vkl+hPNaFYeND";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
clara = {
|
|
||||||
owner = config.krebs.users.mic92;
|
|
||||||
nets = rec {
|
|
||||||
internet = {
|
|
||||||
ip4.addr = "129.215.165.58";
|
|
||||||
ip6.addr = "2001:630:3c1:164:b62e:99ff:fe3d:70f2";
|
|
||||||
aliases = [ "clara.i" ];
|
|
||||||
};
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.29.182";
|
|
||||||
aliases = [ "clara.r" ];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIICCgKCAgEA07G1n2sA804nnjWQzq0Fi9i6kxJUo+jVJjtkm5unw3hjflAAd/3d
|
|
||||||
WN+01GdJCk/gr7DfU/Xr5KnR39Z3ADoT1tbUb+i5AJZ5/8VHUwWM8D8mQAam6LBf
|
|
||||||
UEeLxhVH8rG6lHaKwVi9oe4gPhgptUOzX/YIlJOMYDlYRxc7Wbj7YQOAKlPuTAjY
|
|
||||||
Z5bLswfkqTMO0cioJNwwMCNWSMJf3jbKi3eTQ36sf7TDMEneNGSBUpeSjGddoNT/
|
|
||||||
rrVIDDT8tGmtACKr+3Y0H+EA2K5IxdQKKfnPRR31RBWiTkEXBbaJzYO/ZV5/xlbN
|
|
||||||
wmblskwq9d9IwDY7qeMctci+ZUZ3epG8MUwYa4faOrgmmkQpa5B+6UOMzw/WDJEc
|
|
||||||
jTfvSzfPo4anoj8C+MOQYzRvYmp60YEZKomv2BQdBvpGIpUul8WAR2aV0K+wz66e
|
|
||||||
mUamljAXmLiPxgGKduX5VFVuXzYxeMiBBujQCLTjc+xTB2EdwihxNX1rkxz10BDc
|
|
||||||
WrgPV+/VVyThKhOvVCifWARHtT2VGcZazfQOW/y3ZmEPOYuc5ZvrSEiMeG3f64+v
|
|
||||||
UU8cQZ3yBLIhTtC+38pRlsdBQHt526q0j0rrnd30JXVAUdWBunP2UJ5QGtA8/mWn
|
|
||||||
cWSlvRf5sfbyrISz6+mLPM2qGHnCkKwORNxmv/1DY07O3Rn6hX0OY4ECAwEAAQ==
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
tinc.pubkey_ed25519 = "qnJmS6W7QSKG3mjW1kPnHGeVmKzhGkyP9xBLGwH5XvD";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
dimitrios = {
|
dimitrios = {
|
||||||
owner = config.krebs.users.mic92;
|
owner = config.krebs.users.mic92;
|
||||||
nets = {
|
nets = {
|
||||||
@ -111,37 +51,6 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
donna = {
|
|
||||||
owner = config.krebs.users.mic92;
|
|
||||||
nets = rec {
|
|
||||||
internet = {
|
|
||||||
ip4.addr = "129.215.165.54";
|
|
||||||
ip6.addr = "2001:630:3c1:164:30a2:6e7b:c58b:cafd";
|
|
||||||
aliases = [ "donna.i" ];
|
|
||||||
};
|
|
||||||
retiolum = {
|
|
||||||
via = internet;
|
|
||||||
ip4.addr = "10.243.29.180";
|
|
||||||
aliases = [ "donna.r" ];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIICCgKCAgEAnv5zVPwjHk5Q72D3tv2rlQkp7SOsZD7Wvz8l1yI/mWkxoriJ9MVa
|
|
||||||
x8RziSB3KF8sF1lRWIKmuynkgLI3w0X/YFs/fAvtayxk6Qf8DOl23Vd8Is0h/i3I
|
|
||||||
0fCmCEIHhHboKsREW6NxY7w5WAI2+SFNmGef1P7vzrAv7iLyPbo9nQ8wlrAmc+PJ
|
|
||||||
Ao3BOf4U7kP778fhsPA4dlGtF2v9CBhygeGVI/DQR8jcvzeiPd2Dr0k/JvrVMYtf
|
|
||||||
wJW4xUwZkIpws/yfI8b4VJOFl2X/Yw9712Z8Jvga0rR32OG4YbnggvuCMum1g94k
|
|
||||||
YwMjaSckv1XTalvPQuf1Od96XzwL2hjPFpEK3Tdl4AitMnArgj9HNzhcRL+eGonf
|
|
||||||
U24zk52OToHnoP3palNpodi7DziIBeXIaIMl7VMXku2ymbOUJsI6zeew+uZahJkv
|
|
||||||
QIWjxveQ8N40BoTc8Yg6pea1AId3l4f3brtwJbQOVbb3bVQ5VcrxM9Q/TBvyADYR
|
|
||||||
Knwszxw3uBw5Za1FMbwCPwd8/y/Ar19qGCx25xK0QnsyqZZT/cHsbBOTzh6BBWwI
|
|
||||||
IzbYu49VO/B1rktYzZ2l2ENQy6OILXWbvFjC8Pt8f1ZZQ4A21PyNA1AdyJ/rbVj7
|
|
||||||
awm3OnnvKSvMCXWnwHPFHjksb3qMx96Aep1cw3ZBx0sQQ41UWBoOsi8CAwEAAQ==
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
tinc.pubkey_ed25519 = "ikUmx5IC1dvfaHFhpZM9xotwF2LH6EkvpcPTRm6TjeD";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
herbert = {
|
herbert = {
|
||||||
owner = config.krebs.users.mic92;
|
owner = config.krebs.users.mic92;
|
||||||
nets = rec {
|
nets = rec {
|
||||||
@ -497,37 +406,6 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
rose = {
|
|
||||||
owner = config.krebs.users.mic92;
|
|
||||||
nets = rec {
|
|
||||||
internet = {
|
|
||||||
ip4.addr = "129.215.165.52";
|
|
||||||
ip6.addr = "2001:630:3c1:164:6d4:c4ff:fe04:4e4b";
|
|
||||||
aliases = [ "rose.i" ];
|
|
||||||
};
|
|
||||||
retiolum = {
|
|
||||||
via = internet;
|
|
||||||
ip4.addr = "10.243.29.178";
|
|
||||||
aliases = [ "rose.r" ];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIICCgKCAgEA0h88uEcgVFhggGh3xqHySt8T+oDdoSN8ve4ZPmMzrGCD4dnlWcUO
|
|
||||||
6uMiwE7XG667wvjB0J2RbCJ8n8/r6eQgp6sRfPzSQL/Mc74J+py+sOVOjjjL5wJX
|
|
||||||
btrYmASO3GKUSMhGmM0IiwHMIPrmUViaREDrweF3bUwK45d/ocqpBkc+nF27kksd
|
|
||||||
DMYjHMWRIkKuQaj592zo/kY1pAJ/yAvDPess0x1CLL6uDNbjTr2S/L7JHdzZs9Xq
|
|
||||||
1+SGdVtqD0sWgSBKA0PC/Mi+Divd4PC1SoSL7wZRWD0Y2DNgj3+xUc7hAWRCw2Gs
|
|
||||||
5wofK+qiwnyYAmeNYcyQfDLosKZF9hOM8U3UbxptkPLsOK3cfZoGoLQCuOryVDBe
|
|
||||||
6GfJkJ49WfuSSNWs3WPWL6/6zmVPeGR0TvoMt02VQ3cKTmeIkWyTIzSVoC7wYv5D
|
|
||||||
Dl8Xt3aFr9UFI2GxenesViyuDLi8cy2fOsM3r+gowXQtgEKoXc9W2vyPwIIlcWUJ
|
|
||||||
QrKVsyNlkKKL0YjsnGazaEvqdiE30/Iq7f7VBnXnWXRLnZhr85HbTdDQnpT4GcEv
|
|
||||||
W3jpl1y5zShr5Hz90QoYcUTsxg9uk/+yqKpwUySZ6Gh4q0bo5k7nkM9i8mCMfNGZ
|
|
||||||
0UU94QmwS9RoV4Mt4pSLYRcCs0mVeEjLuIfTFHkXc6LCjBWMn8ICfeMCAwEAAQ==
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
tinc.pubkey_ed25519 = "0O1LrgXAFOuei1NfU0vow+qUfim3htBOyCJvPrQFwHE";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
turingmachine = {
|
turingmachine = {
|
||||||
owner = config.krebs.users.mic92;
|
owner = config.krebs.users.mic92;
|
||||||
nets = rec {
|
nets = rec {
|
||||||
@ -661,26 +539,6 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
doctor = {
|
|
||||||
owner = config.krebs.users.mic92;
|
|
||||||
nets = rec {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.29.186";
|
|
||||||
aliases = [ "doctor.r" ];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIIBCgKCAQEAx0zdjPX9C0fBQR+8kdlsBTuMr4KxWhqw4ARqW02oSGKJxY+D57oO
|
|
||||||
ORVfjBhrvIiZJfXaY0M+/n+M4Bvt4r5ol3N1NxkT7vc0bAbz9Kk/0M8dlspNoSO9
|
|
||||||
WW+mITVfxg/DgzDegjj4TOrsWC1jBjo4PVrvA+PnxZC4VucnqZZ55JHWAk/mPtzs
|
|
||||||
PUc3mkn3e9pwwrJMQRy7qg9fbatljHCb/fJoDk6DiQP4ZRE/pCf4OYCx7huHibsd
|
|
||||||
EMp7y5QJySmKwJ/XsS6yiHeYXLFwWvfReja/IRFL4RiDSW+6ES4PTEXxoLVDpqgv
|
|
||||||
KF44qim4UBabCMTPVtZcU3Rr+ufBALKJCwIDAQAB
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
tinc.pubkey_ed25519 = "PmZ8i6lB0Ij/d8qjA0y3QI2rMAlrTZn1ES/hUSNNWMP";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
bernie = {
|
bernie = {
|
||||||
owner = config.krebs.users.mic92;
|
owner = config.krebs.users.mic92;
|
||||||
nets = rec {
|
nets = rec {
|
||||||
@ -1048,6 +906,27 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
blob64 = {
|
||||||
|
owner = config.krebs.users.mic92;
|
||||||
|
nets = rec {
|
||||||
|
retiolum = {
|
||||||
|
aliases = [ "blob64.r" ];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEAsl8LfS/l8zhkF9wqUTXndGZovIdIeZXeH/AZ3VopHn2yMn7HN3sy
|
||||||
|
sM+p0ypXgV02h8faWgQsKzbhZI1XNl8vK5jo0snb9wO0qTiIViSeVfcGJN3rMvsW
|
||||||
|
FmgcoVX7Juf3RD+oHbBc9CM7+vRbk6aIKyr3zRbGF1Ge9x/N2HSqjhYYKZ74JzJf
|
||||||
|
kTbN/t05gvzYcQCa6ueR1K+jysALC2SCbRNXMLDQtgMc9Jv+oPJfxxCxZUJR2/M6
|
||||||
|
E/+sfbJ+oOl/EviXzM/HH14sOeO1v1xbw0ih75BWAOC1zvrIPg/Cr3y+RmDsK53K
|
||||||
|
eWa+2bvT7quaBLsVh9N51RSORUlXKdd2lwIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
tinc.pubkey_ed25519 = "m6YO0REcHjSORwOJCUBLciavYTNewcbxdt2TJnGz9xE";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
hal9000 = {
|
hal9000 = {
|
||||||
owner = config.krebs.users.mic92;
|
owner = config.krebs.users.mic92;
|
||||||
nets = rec {
|
nets = rec {
|
||||||
|
@ -164,15 +164,26 @@ in {
|
|||||||
extraZones = {
|
extraZones = {
|
||||||
"krebsco.de" = ''
|
"krebsco.de" = ''
|
||||||
ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
|
ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
|
||||||
|
ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr}
|
||||||
cgit 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
|
cgit 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
|
||||||
|
cgit 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr}
|
||||||
cgit.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
|
cgit.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
|
||||||
|
cgit.ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr}
|
||||||
krebsco.de. 60 IN MX 5 ni
|
krebsco.de. 60 IN MX 5 ni
|
||||||
krebsco.de. 60 IN TXT v=spf1 mx -all
|
krebsco.de. 60 IN TXT v=spf1 mx -all
|
||||||
|
tv 300 IN NS ni
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
nets = {
|
nets = {
|
||||||
internet = {
|
internet = {
|
||||||
ip4.addr = "188.68.36.196";
|
ip4 = rec {
|
||||||
|
addr = "188.68.36.196";
|
||||||
|
prefix = "${addr}/32";
|
||||||
|
};
|
||||||
|
ip6 = rec {
|
||||||
|
addr = "2a03:4000:13:4c::1";
|
||||||
|
prefix = "${addr}/64";
|
||||||
|
};
|
||||||
aliases = [
|
aliases = [
|
||||||
"ni.i"
|
"ni.i"
|
||||||
"cgit.ni.i"
|
"cgit.ni.i"
|
||||||
|
@ -1,22 +1,103 @@
|
|||||||
with import <stockholm/lib>;
|
with import <stockholm/lib>;
|
||||||
{ config, ... }: {
|
{ config, pkgs, ... }: {
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
# Implements environment.etc."zones/<zone-name>"
|
environment.etc =
|
||||||
environment.etc = let
|
|
||||||
stripEmptyLines = s: (concatStringsSep "\n"
|
|
||||||
(remove "\n" (remove "" (splitString "\n" s)))) + "\n";
|
|
||||||
all-zones = foldAttrs (sum: current: sum + "\n" +current ) ""
|
|
||||||
([config.krebs.zone-head-config] ++ combined-hosts);
|
|
||||||
combined-hosts =
|
|
||||||
mapAttrsToList (name: getAttr "extraZones") config.krebs.hosts;
|
|
||||||
in
|
|
||||||
mapAttrs'
|
mapAttrs'
|
||||||
(name: value: {
|
(name: pkg: {
|
||||||
name = "zones/${name}";
|
name = "zones/${name}";
|
||||||
value.text = stripEmptyLines value;
|
value.source = pkg;
|
||||||
})
|
})
|
||||||
all-zones;
|
pkgs.krebs.zones;
|
||||||
|
|
||||||
|
nixpkgs.overlays = [
|
||||||
|
# Explicit zones generated from config.krebs.hosts.*.extraZones
|
||||||
|
(self: super: let
|
||||||
|
stripEmptyLines = s: (concatStringsSep "\n"
|
||||||
|
(remove "\n" (remove "" (splitString "\n" s)))) + "\n";
|
||||||
|
all-zones = foldAttrs (sum: current: sum + "\n" + current) ""
|
||||||
|
([config.krebs.zone-head-config] ++ combined-hosts);
|
||||||
|
combined-hosts =
|
||||||
|
mapAttrsToList (name: getAttr "extraZones") config.krebs.hosts;
|
||||||
|
in {
|
||||||
|
krebs = super.krebs or {} // {
|
||||||
|
zones = super.krebs.zones or {} //
|
||||||
|
mapAttrs'
|
||||||
|
(name: value: {
|
||||||
|
name = name;
|
||||||
|
value = self.writeText "${name}.zone" (stripEmptyLines value);
|
||||||
|
})
|
||||||
|
all-zones;
|
||||||
|
};
|
||||||
|
})
|
||||||
|
|
||||||
|
# Implicit zones generated from config.krebs.hosts.*.nets.*.ip{4,6}.addr
|
||||||
|
(self: super: let
|
||||||
|
# record : { name : str, type : enum [ "A" "AAAA" ], data : str }
|
||||||
|
|
||||||
|
# toRecord : record.name -> record.type -> record.data -> record
|
||||||
|
toRecord = name: type: data:
|
||||||
|
{ inherit name type data; };
|
||||||
|
|
||||||
|
# toRecords : str -> host -> [record]
|
||||||
|
toRecords = netname: host:
|
||||||
|
let
|
||||||
|
net = host.nets.${netname};
|
||||||
|
in
|
||||||
|
optionals
|
||||||
|
(hasAttr netname host.nets)
|
||||||
|
(filter
|
||||||
|
(x: x.data != null)
|
||||||
|
(concatLists [
|
||||||
|
(map
|
||||||
|
(name: toRecord name "A" (net.ip4.addr or null))
|
||||||
|
(concatMap
|
||||||
|
(name: [ "${name}." "4.${name}." ])
|
||||||
|
(net.aliases or [])))
|
||||||
|
(map
|
||||||
|
(name: toRecord name "AAAA" (net.ip6.addr or null))
|
||||||
|
(concatMap
|
||||||
|
(name: [ "${name}." "6.${name}." ])
|
||||||
|
(net.aliases or [])))
|
||||||
|
]));
|
||||||
|
|
||||||
|
# formatRecord : record -> str
|
||||||
|
formatRecord = { name, type, data }: "${name} IN ${type} ${data}";
|
||||||
|
|
||||||
|
# writeZone : attrs -> package
|
||||||
|
writeZone =
|
||||||
|
{ name ? "${domain}.zone"
|
||||||
|
, domain ? substring 0 1 netname
|
||||||
|
, nameservers ? [ "ni" ]
|
||||||
|
, netname
|
||||||
|
, hosts ? config.krebs.hosts
|
||||||
|
}:
|
||||||
|
self.writeText name /* bindzone */ ''
|
||||||
|
$TTL 60
|
||||||
|
@ IN SOA ns admin 1 3600 600 86400 60
|
||||||
|
@ IN NS ns
|
||||||
|
${concatMapStringsSep "\n"
|
||||||
|
(name: /* bindzone */ "ns IN CNAME ${name}")
|
||||||
|
nameservers
|
||||||
|
}
|
||||||
|
${concatMapStringsSep
|
||||||
|
"\n"
|
||||||
|
formatRecord
|
||||||
|
(concatMap
|
||||||
|
(toRecords netname)
|
||||||
|
(attrValues hosts))
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
in {
|
||||||
|
krebs = super.krebs or {} // {
|
||||||
|
zones = super.krebs.zones or {} // {
|
||||||
|
i = writeZone { netname = "internet"; };
|
||||||
|
r = writeZone { netname = "retiolum"; };
|
||||||
|
w = writeZone { netname = "wiregrill"; };
|
||||||
|
};
|
||||||
|
};
|
||||||
|
})
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -8,11 +8,13 @@ in
|
|||||||
haskell = super.haskell // {
|
haskell = super.haskell // {
|
||||||
packages = mapAttrs (name: value:
|
packages = mapAttrs (name: value:
|
||||||
if hasAttr "override" value
|
if hasAttr "override" value
|
||||||
then value.override { inherit overrides; }
|
then value.override (old: {
|
||||||
|
overrides = composeExtensions (old.overrides or (_: _: {})) overrides;
|
||||||
|
})
|
||||||
else value
|
else value
|
||||||
) super.haskell.packages;
|
) super.haskell.packages;
|
||||||
};
|
};
|
||||||
haskellPackages = super.haskellPackages.override {
|
haskellPackages = super.haskellPackages.override (old: {
|
||||||
inherit overrides;
|
overrides = composeExtensions (old.overrides or (_: _: {})) overrides;
|
||||||
};
|
});
|
||||||
}
|
}
|
||||||
|
@ -1,14 +1,14 @@
|
|||||||
{ mkDerivation, aeson, aeson-pretty, base, bytestring
|
{ mkDerivation, aeson, aeson-pretty, base, bytestring
|
||||||
, case-insensitive, fetchgit, lens, optparse-applicative
|
, case-insensitive, fetchgit, lens, lib, optparse-applicative
|
||||||
, purebred-email, lib, text, vector, word8
|
, purebred-email, text, vector, word8
|
||||||
}:
|
}:
|
||||||
mkDerivation {
|
mkDerivation {
|
||||||
pname = "mailaids";
|
pname = "mailaids";
|
||||||
version = "1.0.0";
|
version = "1.1.0";
|
||||||
src = fetchgit {
|
src = fetchgit {
|
||||||
url = "https://cgit.krebsco.de/mailaids";
|
url = "https://cgit.krebsco.de/mailaids";
|
||||||
sha256 = "15h0k82czm89gkwhp1rwdy77jz8dmb626qdz7c2narvz9j7169v5";
|
sha256 = "0mkq3b0j28h7ydg6aaqlqnvajb8nhdc9g7rmil2d4vl5fxxaqspv";
|
||||||
rev = "8f11927ea74d6adb332c884502ebd9c486837523";
|
rev = "a25fc32eceefc10a91ef77ff2763b3f1b9324aaf";
|
||||||
fetchSubmodules = true;
|
fetchSubmodules = true;
|
||||||
};
|
};
|
||||||
isLibrary = false;
|
isLibrary = false;
|
||||||
|
30
krebs/5pkgs/haskell/nix-serve-ng.nix
Normal file
30
krebs/5pkgs/haskell/nix-serve-ng.nix
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
{ mkDerivation, async, base, base16, base32, bytestring, charset
|
||||||
|
, fetchgit, http-client, http-types, lib, managed, megaparsec, mtl
|
||||||
|
, network, nix, optparse-applicative, tasty-bench, temporary, text
|
||||||
|
, turtle, vector, wai, wai-extra, warp, warp-tls
|
||||||
|
, boost
|
||||||
|
}:
|
||||||
|
mkDerivation {
|
||||||
|
pname = "nix-serve-ng";
|
||||||
|
version = "1.0.0";
|
||||||
|
src = fetchgit {
|
||||||
|
url = "https://github.com/aristanetworks/nix-serve-ng";
|
||||||
|
sha256 = "0mqp67z5mi8rsjahdh395n7ppf0b65k8rd3pvnl281g02rbr69y2";
|
||||||
|
rev = "433f70f4daae156b84853f5aaa11987aa5ce7277";
|
||||||
|
fetchSubmodules = true;
|
||||||
|
};
|
||||||
|
isLibrary = false;
|
||||||
|
isExecutable = true;
|
||||||
|
executableHaskellDepends = [
|
||||||
|
base base16 base32 bytestring charset http-types managed megaparsec
|
||||||
|
mtl network optparse-applicative vector wai wai-extra warp warp-tls
|
||||||
|
];
|
||||||
|
executablePkgconfigDepends = [ nix ];
|
||||||
|
executableSystemDepends = [ boost.dev ];
|
||||||
|
benchmarkHaskellDepends = [
|
||||||
|
async base bytestring http-client tasty-bench temporary text turtle
|
||||||
|
vector
|
||||||
|
];
|
||||||
|
description = "A drop-in replacement for nix-serve that's faster and more stable";
|
||||||
|
license = lib.licenses.bsd3;
|
||||||
|
}
|
@ -1,31 +1,27 @@
|
|||||||
{ mkDerivation, attoparsec, base, base64-bytestring, bytestring
|
{ mkDerivation, attoparsec, base, base64-bytestring, bytestring
|
||||||
, case-insensitive, concise, deepseq, fetchgit, hedgehog, lens, lib
|
, case-insensitive, concise, deepseq, fetchgit, hedgehog, lens, lib
|
||||||
, QuickCheck, quickcheck-instances, semigroupoids, semigroups
|
, QuickCheck, quickcheck-instances, random, semigroupoids
|
||||||
, stringsearch, tasty, tasty-golden, tasty-hedgehog, tasty-hunit
|
, stringsearch, tasty, tasty-golden, tasty-hedgehog, tasty-hunit
|
||||||
, tasty-quickcheck, text, time
|
, tasty-quickcheck, text, time
|
||||||
}:
|
}:
|
||||||
mkDerivation {
|
mkDerivation {
|
||||||
pname = "purebred-email";
|
pname = "purebred-email";
|
||||||
version = "0.4.3";
|
version = "0.5.1";
|
||||||
src = fetchgit {
|
src = fetchgit {
|
||||||
url = "https://github.com/purebred-mua/purebred-email";
|
url = "https://github.com/purebred-mua/purebred-email";
|
||||||
sha256 = "06xhccavrdzfsvg65mzdnp0a7b1ilk2rqpnyvkr171ir6mqdpb19";
|
sha256 = "0iilyy5dkbzbiazyyfjdz585c3x8b7c2piynmycm7krkc48993vw";
|
||||||
rev = "769b360643f699c0a8cd6f1c3a3de36cf0479834";
|
rev = "7ba346e10ad1521a923bc04a4ffeca479d8dd071";
|
||||||
fetchSubmodules = true;
|
fetchSubmodules = true;
|
||||||
};
|
};
|
||||||
patches = [
|
|
||||||
./untweak-mime-version-header.patch
|
|
||||||
];
|
|
||||||
isLibrary = true;
|
isLibrary = true;
|
||||||
isExecutable = true;
|
isExecutable = true;
|
||||||
libraryHaskellDepends = [
|
libraryHaskellDepends = [
|
||||||
attoparsec base base64-bytestring bytestring case-insensitive
|
attoparsec base base64-bytestring bytestring case-insensitive
|
||||||
concise deepseq lens semigroupoids semigroups stringsearch text
|
concise deepseq lens random semigroupoids stringsearch text time
|
||||||
time
|
|
||||||
];
|
];
|
||||||
testHaskellDepends = [
|
testHaskellDepends = [
|
||||||
attoparsec base bytestring case-insensitive hedgehog lens
|
attoparsec base bytestring case-insensitive hedgehog lens
|
||||||
QuickCheck quickcheck-instances semigroups tasty tasty-golden
|
QuickCheck quickcheck-instances random tasty tasty-golden
|
||||||
tasty-hedgehog tasty-hunit tasty-quickcheck text time
|
tasty-hedgehog tasty-hunit tasty-quickcheck text time
|
||||||
];
|
];
|
||||||
homepage = "https://github.com/purebred-mua/purebred-email";
|
homepage = "https://github.com/purebred-mua/purebred-email";
|
||||||
|
109
krebs/5pkgs/simple/certaids.nix
Normal file
109
krebs/5pkgs/simple/certaids.nix
Normal file
@ -0,0 +1,109 @@
|
|||||||
|
{ pkgs }:
|
||||||
|
|
||||||
|
pkgs.write "certaids" {
|
||||||
|
"/bin/cert2json".link = pkgs.writeDash "cert2json" ''
|
||||||
|
# usage: cert2json < CERT > JSON
|
||||||
|
set -efu
|
||||||
|
|
||||||
|
${pkgs.openssl}/bin/openssl crl2pkcs7 -nocrl -certfile /dev/stdin |
|
||||||
|
${pkgs.openssl}/bin/openssl pkcs7 -print_certs -text |
|
||||||
|
${pkgs.gawk}/bin/awk -F, -f ${pkgs.writeText "cert2json.awk" ''
|
||||||
|
function abort(msg) {
|
||||||
|
print(msg) > "/dev/stderr"
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
function toJSON(x, type, ret) {
|
||||||
|
type = typeof(x)
|
||||||
|
switch (type) {
|
||||||
|
case "array":
|
||||||
|
if (isArray(x)) return arrayToJSON(x)
|
||||||
|
if (isObject(x)) return objectToJSON(x)
|
||||||
|
abort("cannot render array to JSON", x)
|
||||||
|
case "number":
|
||||||
|
return numberToJSON(x)
|
||||||
|
case "string":
|
||||||
|
return stringToJSON(x)
|
||||||
|
case "strnum":
|
||||||
|
case "unassigned":
|
||||||
|
case "regexp":
|
||||||
|
case "untyped":
|
||||||
|
default:
|
||||||
|
abort("cannot render type: " type)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function isArray(x, i, k) {
|
||||||
|
i = 1
|
||||||
|
for (k in x) {
|
||||||
|
if (k != i++) return 0
|
||||||
|
i++
|
||||||
|
}
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
function isObject(x, k) {
|
||||||
|
for (k in x) {
|
||||||
|
if (typeof(k) != "string") return 0
|
||||||
|
}
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
function arrayToJSON(x, k, ret) {
|
||||||
|
ret = "["
|
||||||
|
for (k in x) {
|
||||||
|
ret=ret toJSON(x[k]) ","
|
||||||
|
}
|
||||||
|
sub(/,$/,"",ret)
|
||||||
|
ret=ret "]"
|
||||||
|
return ret
|
||||||
|
}
|
||||||
|
|
||||||
|
function objectToJSON(x, k,ret) {
|
||||||
|
ret = "{"
|
||||||
|
for (k in x) {
|
||||||
|
ret = ret toJSON(k) ":" toJSON(x[k]) ","
|
||||||
|
}
|
||||||
|
sub(/,$/, "", ret)
|
||||||
|
ret = ret "}"
|
||||||
|
return ret
|
||||||
|
}
|
||||||
|
|
||||||
|
function numberToJSON(x) {
|
||||||
|
return x
|
||||||
|
}
|
||||||
|
|
||||||
|
function stringToJSON(x) {
|
||||||
|
gsub(/\\/, "&&",x)
|
||||||
|
gsub(/\n/, "\\n", x)
|
||||||
|
return "\"" x "\""
|
||||||
|
}
|
||||||
|
|
||||||
|
$1 ~ /^ *(Subject|Issuer):/ {
|
||||||
|
sub(/^ */, "")
|
||||||
|
sub(/: */, ",")
|
||||||
|
key=tolower($1)
|
||||||
|
sub(/[^,]*,/, "")
|
||||||
|
|
||||||
|
# Normalize separators between relative distinguished names.
|
||||||
|
# [1]: RFC2253, 3. Parsing a String back to a Distinguished Name
|
||||||
|
# TODO support any distinguished name
|
||||||
|
gsub(/ *[;,] */, ",")
|
||||||
|
|
||||||
|
for(i = 0; i <= NF; i++) {
|
||||||
|
split($i, a, "=")
|
||||||
|
cache[key][a[1]] = a[2]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/BEGIN CERTIFICATE/,/END CERTIFICATE/{
|
||||||
|
cache["certificate"] = cache["certificate"] $0 "\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
/END CERTIFICATE/{
|
||||||
|
print toJSON(cache)
|
||||||
|
delete cache
|
||||||
|
}
|
||||||
|
''}
|
||||||
|
'';
|
||||||
|
}
|
@ -1,9 +1,9 @@
|
|||||||
{
|
{
|
||||||
"url": "https://github.com/NixOS/nixpkgs",
|
"url": "https://github.com/NixOS/nixpkgs",
|
||||||
"rev": "f034b5693a26625f56068af983ed7727a60b5f8b",
|
"rev": "c97e777ff06fcb8d37dcdf5e21e9eff1f34f0e90",
|
||||||
"date": "2022-08-24T10:06:14+02:00",
|
"date": "2022-09-11T12:47:08-03:00",
|
||||||
"path": "/nix/store/8rr2y7lwwm09a5cvr26a2yc019b13zxb-nixpkgs",
|
"path": "/nix/store/ixhh3xyag61ps64dgbclgkz80hgv36qv-nixpkgs",
|
||||||
"sha256": "05x3bjz1af4liwsgha3r85kqa60j22vldp8g0p7nr51zz6jjwqqq",
|
"sha256": "1h4g8hf7zi6an5j2lnwf7kbmmbrwp6hhqdf87gd14y24d43sp4x0",
|
||||||
"fetchLFS": false,
|
"fetchLFS": false,
|
||||||
"fetchSubmodules": false,
|
"fetchSubmodules": false,
|
||||||
"deepClone": false,
|
"deepClone": false,
|
||||||
|
@ -1,9 +1,9 @@
|
|||||||
{
|
{
|
||||||
"url": "https://github.com/NixOS/nixpkgs",
|
"url": "https://github.com/NixOS/nixpkgs",
|
||||||
"rev": "e732e1fdbf79bec59f7ade4a3675b091b4a9f6d6",
|
"rev": "bf014cad818ecd1b28e68c1e7138fb988f504fdc",
|
||||||
"date": "2022-07-19T15:32:15+02:00",
|
"date": "2022-09-12T09:29:23+02:00",
|
||||||
"path": "/nix/store/4dcxnk4xplx79xrwxg2m6pqh8b5k6ya0-nixpkgs",
|
"path": "/nix/store/cpp120bajfgdb8sb1nmm316pav16cjk4-nixpkgs",
|
||||||
"sha256": "1j73j17g852zfc75b7ll4avp30pnyvm37pgm66cz844phkv5ywfg",
|
"sha256": "0xdf1xclck8j8zxlnhkjgci4a4405rh9n6wx9c3vmk0dvb31lvi9",
|
||||||
"fetchLFS": false,
|
"fetchLFS": false,
|
||||||
"fetchSubmodules": false,
|
"fetchSubmodules": false,
|
||||||
"deepClone": false,
|
"deepClone": false,
|
||||||
|
@ -10,6 +10,7 @@ with import <stockholm/lib>;
|
|||||||
<stockholm/lass/2configs/git.nix>
|
<stockholm/lass/2configs/git.nix>
|
||||||
<stockholm/lass/2configs/exim-retiolum.nix>
|
<stockholm/lass/2configs/exim-retiolum.nix>
|
||||||
<stockholm/lass/2configs/baseX.nix>
|
<stockholm/lass/2configs/baseX.nix>
|
||||||
|
<stockholm/lass/2configs/pipewire.nix>
|
||||||
<stockholm/lass/2configs/browsers.nix>
|
<stockholm/lass/2configs/browsers.nix>
|
||||||
<stockholm/lass/2configs/programs.nix>
|
<stockholm/lass/2configs/programs.nix>
|
||||||
<stockholm/lass/2configs/fetchWallpaper.nix>
|
<stockholm/lass/2configs/fetchWallpaper.nix>
|
||||||
@ -21,6 +22,7 @@ with import <stockholm/lib>;
|
|||||||
#<stockholm/lass/2configs/prism-share.nix>
|
#<stockholm/lass/2configs/prism-share.nix>
|
||||||
<stockholm/lass/2configs/network-manager.nix>
|
<stockholm/lass/2configs/network-manager.nix>
|
||||||
<stockholm/lass/2configs/home-media.nix>
|
<stockholm/lass/2configs/home-media.nix>
|
||||||
|
<stockholm/lass/2configs/snapclient.nix>
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.icarus;
|
krebs.build.host = config.krebs.hosts.icarus;
|
||||||
|
@ -8,6 +8,7 @@ with import <stockholm/lib>;
|
|||||||
<stockholm/lass/2configs/mouse.nix>
|
<stockholm/lass/2configs/mouse.nix>
|
||||||
<stockholm/lass/2configs/retiolum.nix>
|
<stockholm/lass/2configs/retiolum.nix>
|
||||||
<stockholm/lass/2configs/baseX.nix>
|
<stockholm/lass/2configs/baseX.nix>
|
||||||
|
<stockholm/lass/2configs/pipewire.nix>
|
||||||
<stockholm/lass/2configs/exim-retiolum.nix>
|
<stockholm/lass/2configs/exim-retiolum.nix>
|
||||||
<stockholm/lass/2configs/browsers.nix>
|
<stockholm/lass/2configs/browsers.nix>
|
||||||
<stockholm/lass/2configs/programs.nix>
|
<stockholm/lass/2configs/programs.nix>
|
||||||
@ -21,6 +22,7 @@ with import <stockholm/lib>;
|
|||||||
<stockholm/lass/2configs/home-media.nix>
|
<stockholm/lass/2configs/home-media.nix>
|
||||||
<stockholm/lass/2configs/syncthing.nix>
|
<stockholm/lass/2configs/syncthing.nix>
|
||||||
<stockholm/lass/2configs/sync/sync.nix>
|
<stockholm/lass/2configs/sync/sync.nix>
|
||||||
|
<stockholm/lass/2configs/snapclient.nix>
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.shodan;
|
krebs.build.host = config.krebs.hosts.shodan;
|
||||||
|
@ -8,6 +8,7 @@ with import <stockholm/lib>;
|
|||||||
<stockholm/lass/2configs/mouse.nix>
|
<stockholm/lass/2configs/mouse.nix>
|
||||||
<stockholm/lass/2configs/retiolum.nix>
|
<stockholm/lass/2configs/retiolum.nix>
|
||||||
<stockholm/lass/2configs/baseX.nix>
|
<stockholm/lass/2configs/baseX.nix>
|
||||||
|
<stockholm/lass/2configs/pipewire.nix>
|
||||||
<stockholm/lass/2configs/exim-retiolum.nix>
|
<stockholm/lass/2configs/exim-retiolum.nix>
|
||||||
<stockholm/lass/2configs/browsers.nix>
|
<stockholm/lass/2configs/browsers.nix>
|
||||||
<stockholm/lass/2configs/programs.nix>
|
<stockholm/lass/2configs/programs.nix>
|
||||||
@ -23,6 +24,8 @@ with import <stockholm/lib>;
|
|||||||
<stockholm/lass/2configs/sync/sync.nix>
|
<stockholm/lass/2configs/sync/sync.nix>
|
||||||
# <stockholm/lass/2configs/idc.nix>
|
# <stockholm/lass/2configs/idc.nix>
|
||||||
<stockholm/lass/2configs/ppp/umts-stick.nix>
|
<stockholm/lass/2configs/ppp/umts-stick.nix>
|
||||||
|
<stockholm/lass/2configs/snapserver.nix>
|
||||||
|
<stockholm/lass/2configs/snapclient.nix>
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.styx;
|
krebs.build.host = config.krebs.hosts.styx;
|
||||||
|
@ -1,6 +1,8 @@
|
|||||||
{ config, lib, pkgs, stockholm, ...}:
|
{ config, lib, pkgs, ...}:
|
||||||
|
|
||||||
{
|
{
|
||||||
|
nixpkgs.config.packageOverrides = p: {
|
||||||
|
nix-serve = p.haskellPackages.nix-serve-ng;
|
||||||
|
};
|
||||||
# generate private key with:
|
# generate private key with:
|
||||||
# nix-store --generate-binary-cache-key my-secret-key my-public-key
|
# nix-store --generate-binary-cache-key my-secret-key my-public-key
|
||||||
services.nix-serve = {
|
services.nix-serve = {
|
||||||
|
@ -70,10 +70,10 @@ in {
|
|||||||
# steam-run
|
# steam-run
|
||||||
# scummvm
|
# scummvm
|
||||||
# dolphinEmu
|
# dolphinEmu
|
||||||
# doom1
|
doom1
|
||||||
# doom2
|
doom2
|
||||||
# protontricks
|
# protontricks
|
||||||
# vdoom1
|
vdoom1
|
||||||
# vdoom2
|
# vdoom2
|
||||||
# vdoomserver
|
# vdoomserver
|
||||||
retroarchBare
|
retroarchBare
|
||||||
|
@ -20,4 +20,15 @@ with import <stockholm/lib>;
|
|||||||
krebs.iptables.tables.filter.INPUT.rules = [
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
{ predicate = "-p tcp --dport 4713"; target = "ACCEPT"; } # pulseaudio
|
{ predicate = "-p tcp --dport 4713"; target = "ACCEPT"; } # pulseaudio
|
||||||
];
|
];
|
||||||
|
|
||||||
|
environment.systemPackages = [
|
||||||
|
(pkgs.writers.writeDashBin "snapmpv" ''
|
||||||
|
/run/current-system/sw/bin/mpv \
|
||||||
|
--audio-display=no --audio-channels=stereo \
|
||||||
|
--audio-samplerate=48000 --audio-format=s16 \
|
||||||
|
--ao-pcm-file=/run/snapserver/snapfifo --ao=pcm \
|
||||||
|
--audio-delay=-1 \
|
||||||
|
"$@"
|
||||||
|
'')
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
@ -61,6 +61,11 @@ with import <stockholm/lib>;
|
|||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
proxy_pass http://127.0.0.1:${toString config.krebs.htgen.paste.port};
|
proxy_pass http://127.0.0.1:${toString config.krebs.htgen.paste.port};
|
||||||
'';
|
'';
|
||||||
|
locations."/form".extraConfig = ''
|
||||||
|
client_max_body_size 4G;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_pass http://127.0.0.1:${toString config.krebs.htgen.paste-form.port};
|
||||||
|
'';
|
||||||
locations."/image".extraConfig = ''
|
locations."/image".extraConfig = ''
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
@ -86,6 +91,43 @@ with import <stockholm/lib>;
|
|||||||
". ${pkgs.htgen}/examples/paste"
|
". ${pkgs.htgen}/examples/paste"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.services.paste-gc = {
|
||||||
|
startAt = "daily";
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = ''
|
||||||
|
${pkgs.findutils}/bin/find /var/lib/htgen-paste/items -type f -mtime '+30' -exec rm {} \;
|
||||||
|
'';
|
||||||
|
User = "htgen-paste";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
krebs.htgen.paste-form = {
|
||||||
|
port = 7770;
|
||||||
|
script = /* sh */ ''
|
||||||
|
export PATH=${makeBinPath [
|
||||||
|
pkgs.curl
|
||||||
|
pkgs.gnused
|
||||||
|
]}:$PATH
|
||||||
|
(. ${pkgs.writeScript "paste-form" ''
|
||||||
|
case "$Method" in
|
||||||
|
'POST')
|
||||||
|
ref=$(head -c $req_content_length | sed '0,/^\r$/d;$d' | curl -fSs --data-binary @- https://p.krebsco.de | sed '1d;s/^http:/https:/')
|
||||||
|
|
||||||
|
printf 'HTTP/1.1 200 OK\r\n'
|
||||||
|
printf 'Content-Type: text/plain; charset=UTF-8\r\n'
|
||||||
|
printf 'Server: %s\r\n' "$Server"
|
||||||
|
printf 'Connection: close\r\n'
|
||||||
|
printf 'Content-Length: %d\r\n' $(expr ''${#ref} + 1)
|
||||||
|
printf '\r\n'
|
||||||
|
printf '%s\n' "$ref"
|
||||||
|
|
||||||
|
exit
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
''})
|
||||||
|
'';
|
||||||
|
};
|
||||||
krebs.htgen.imgur = {
|
krebs.htgen.imgur = {
|
||||||
port = 7771;
|
port = 7771;
|
||||||
script = /* sh */ ''
|
script = /* sh */ ''
|
||||||
|
12
lass/2configs/snapclient.nix
Normal file
12
lass/2configs/snapclient.nix
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
{
|
||||||
|
systemd.services.snapclient = {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
path = [ pkgs.snapcast ];
|
||||||
|
script = "snapclient -h 10.42.0.1";
|
||||||
|
serviceConfig = {
|
||||||
|
DynamicUser = true;
|
||||||
|
Group = "pipewire";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
13
lass/2configs/snapserver.nix
Normal file
13
lass/2configs/snapserver.nix
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
{
|
||||||
|
services.snapserver = {
|
||||||
|
enable = true;
|
||||||
|
openFirewall = true;
|
||||||
|
streams = {
|
||||||
|
pipewire = {
|
||||||
|
type = "pipe";
|
||||||
|
location = "/run/snapserver/snapfifo";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
@ -1 +1 @@
|
|||||||
Subproject commit 3aa04be96f19cc5f4866b2b36a351f88f6667bd2
|
Subproject commit 3ebbfc62615d4ba253a4dd96bac0f4b2128a2b6d
|
@ -69,13 +69,12 @@ with import <stockholm/lib>;
|
|||||||
enable = true;
|
enable = true;
|
||||||
twoFingerScroll = true;
|
twoFingerScroll = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
desktopManager.xfce.enable = true;
|
|
||||||
|
|
||||||
displayManager.lightdm.autoLogin.enable = true;
|
|
||||||
displayManager.lightdm.autoLogin.user = "dv";
|
|
||||||
displayManager.lightdm.enable = true;
|
|
||||||
};
|
};
|
||||||
|
services.xserver.desktopManager.plasma5.enable = true;
|
||||||
|
services.xserver.displayManager.autoLogin.enable = true;
|
||||||
|
services.xserver.displayManager.autoLogin.user = "dv";
|
||||||
|
|
||||||
|
system.stateVersion = "22.05";
|
||||||
|
|
||||||
users.users.dv = {
|
users.users.dv = {
|
||||||
inherit (config.krebs.users.dv) home uid;
|
inherit (config.krebs.users.dv) home uid;
|
||||||
|
@ -6,7 +6,7 @@ with import <stockholm/lib>;
|
|||||||
programs.bash = {
|
programs.bash = {
|
||||||
interactiveShellInit = /* sh */ ''
|
interactiveShellInit = /* sh */ ''
|
||||||
HISTCONTROL='erasedups:ignorespace'
|
HISTCONTROL='erasedups:ignorespace'
|
||||||
HISTSIZE=65536
|
HISTSIZE=900001
|
||||||
HISTFILESIZE=$HISTSIZE
|
HISTFILESIZE=$HISTSIZE
|
||||||
HISTTIMEFORMAT=
|
HISTTIMEFORMAT=
|
||||||
|
|
||||||
|
@ -3,24 +3,15 @@
|
|||||||
environment.etc."binary-cache.pubkey".text =
|
environment.etc."binary-cache.pubkey".text =
|
||||||
config.krebs.build.host.binary-cache.pubkey;
|
config.krebs.build.host.binary-cache.pubkey;
|
||||||
|
|
||||||
|
nixpkgs.overlays = [
|
||||||
|
(self: super: {
|
||||||
|
nix-serve = self.haskellPackages.nix-serve-ng;
|
||||||
|
})
|
||||||
|
];
|
||||||
|
|
||||||
services.nix-serve = {
|
services.nix-serve = {
|
||||||
enable = true;
|
enable = true;
|
||||||
secretKeyFile = config.krebs.secret.files.binary-cache-seckey.path;
|
secretKeyFile = toString <secrets> + "/nix-serve.key";
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.nix-serve = {
|
|
||||||
after = [
|
|
||||||
config.krebs.secret.files.binary-cache-seckey.service
|
|
||||||
];
|
|
||||||
partOf = [
|
|
||||||
config.krebs.secret.files.binary-cache-seckey.service
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
krebs.secret.files.binary-cache-seckey = {
|
|
||||||
path = "/run/secret/nix-serve.key";
|
|
||||||
owner.name = "nix-serve";
|
|
||||||
source-path = toString <secrets> + "/nix-serve.key";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
@ -28,6 +19,7 @@
|
|||||||
virtualHosts.nix-serve = {
|
virtualHosts.nix-serve = {
|
||||||
serverAliases = [
|
serverAliases = [
|
||||||
"cache.${config.krebs.build.host.name}.hkw"
|
"cache.${config.krebs.build.host.name}.hkw"
|
||||||
|
"cache.${config.krebs.build.host.name}.r"
|
||||||
];
|
];
|
||||||
locations."/".extraConfig = ''
|
locations."/".extraConfig = ''
|
||||||
proxy_pass http://localhost:${toString config.services.nix-serve.port};
|
proxy_pass http://localhost:${toString config.services.nix-serve.port};
|
||||||
|
@ -109,7 +109,6 @@ let {
|
|||||||
};
|
};
|
||||||
q = {};
|
q = {};
|
||||||
reaktor2 = {};
|
reaktor2 = {};
|
||||||
regfish = {};
|
|
||||||
stockholm = {
|
stockholm = {
|
||||||
cgit.desc = "NixOS configuration";
|
cgit.desc = "NixOS configuration";
|
||||||
};
|
};
|
||||||
@ -156,6 +155,7 @@ let {
|
|||||||
painload = {};
|
painload = {};
|
||||||
push = {};
|
push = {};
|
||||||
Reaktor = {};
|
Reaktor = {};
|
||||||
|
regfish = {};
|
||||||
with-tmpdir = {};
|
with-tmpdir = {};
|
||||||
get = {};
|
get = {};
|
||||||
load-env = {};
|
load-env = {};
|
||||||
|
@ -4,22 +4,19 @@ with import <stockholm/lib>;
|
|||||||
|
|
||||||
{
|
{
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
|
enableReload = true;
|
||||||
|
|
||||||
recommendedGzipSettings = true;
|
recommendedGzipSettings = true;
|
||||||
recommendedOptimisation = true;
|
recommendedOptimisation = true;
|
||||||
recommendedTlsSettings = true;
|
recommendedTlsSettings = true;
|
||||||
|
|
||||||
virtualHosts._http = {
|
virtualHosts.${toJSON ""} = {
|
||||||
default = true;
|
default = true;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
return 404;
|
error_page 400 =444 /;
|
||||||
'';
|
return 444;
|
||||||
};
|
|
||||||
|
|
||||||
virtualHosts.default = {
|
|
||||||
locations."= /etc/os-release".extraConfig = ''
|
|
||||||
default_type text/plain;
|
|
||||||
alias /etc/os-release;
|
|
||||||
'';
|
'';
|
||||||
|
rejectSSL = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
tv.iptables = {
|
tv.iptables = {
|
||||||
|
@ -71,7 +71,7 @@ in {
|
|||||||
export PATH=${lib.makeSearchPath "bin" [
|
export PATH=${lib.makeSearchPath "bin" [
|
||||||
pkgs.tmux
|
pkgs.tmux
|
||||||
pkgs.gnugrep
|
pkgs.gnugrep
|
||||||
pkgs.weechat
|
pkgs.weechat-tv
|
||||||
]}
|
]}
|
||||||
if tmux list-sessions -F\#S | grep -q '^im''$'; then
|
if tmux list-sessions -F\#S | grep -q '^im''$'; then
|
||||||
exec tmux attach -t im
|
exec tmux attach -t im
|
||||||
|
@ -10,11 +10,15 @@ in
|
|||||||
haskell = super.haskell // {
|
haskell = super.haskell // {
|
||||||
packages = mapAttrs (name: value:
|
packages = mapAttrs (name: value:
|
||||||
if hasAttr "override" value
|
if hasAttr "override" value
|
||||||
then value.override { inherit overrides; }
|
then value.override (old: {
|
||||||
|
overrides =
|
||||||
|
composeExtensions (old.overrides or (_: _: { })) overrides;
|
||||||
|
})
|
||||||
else value
|
else value
|
||||||
) super.haskell.packages;
|
) super.haskell.packages;
|
||||||
};
|
};
|
||||||
haskellPackages = super.haskellPackages.override {
|
haskellPackages = super.haskellPackages.override (old: {
|
||||||
inherit overrides;
|
overrides =
|
||||||
};
|
composeExtensions (old.overrides or (_: _: { })) overrides;
|
||||||
|
});
|
||||||
}
|
}
|
||||||
|
21
tv/5pkgs/override/jc.nix
Normal file
21
tv/5pkgs/override/jc.nix
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
self: super:
|
||||||
|
|
||||||
|
let
|
||||||
|
version = "1.21.0";
|
||||||
|
in
|
||||||
|
|
||||||
|
# Prevent downgrades.
|
||||||
|
assert self.lib.versionAtLeast version super.jc.version;
|
||||||
|
|
||||||
|
self.python3.pkgs.toPythonApplication
|
||||||
|
(self.python3.pkgs.jc.overrideAttrs
|
||||||
|
(oldAttrs: {
|
||||||
|
name = "jc-${version}";
|
||||||
|
version = version;
|
||||||
|
src = self.fetchFromGitHub {
|
||||||
|
owner = "kellyjonbrazil";
|
||||||
|
repo = "jc";
|
||||||
|
rev = "v${version}";
|
||||||
|
sha256 = "sha256-kS42WokR7ZIqIPi8LbX4tmtjn37tckea2ELbuqzTm2o";
|
||||||
|
};
|
||||||
|
}))
|
9
tv/5pkgs/simple/weechat-tv.nix
Normal file
9
tv/5pkgs/simple/weechat-tv.nix
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
{ lib, pkgs }:
|
||||||
|
|
||||||
|
pkgs.wrapWeechat pkgs.weechat-unwrapped {
|
||||||
|
configure = { availablePlugins, ... }: {
|
||||||
|
scripts = [
|
||||||
|
pkgs.weechatScripts.weechat-matrix
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user