From 478ccdaac7bcb6171919726317e809faa1aae8f0 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 15 Mar 2021 01:00:53 +0100 Subject: [PATCH 01/29] lib.haskell.substitutePkgs: init --- lib/default.nix | 1 + lib/haskell.nix | 51 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 lib/haskell.nix diff --git a/lib/default.nix b/lib/default.nix index 4190f8f5f..738e52186 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -5,6 +5,7 @@ let evalSource = import ./eval-source.nix; git = import ./git.nix { inherit lib; }; + haskell = import ./haskell.nix { inherit lib; }; krebs = import ./krebs lib; krops = import ../submodules/krops/lib; shell = import ./shell.nix { inherit lib; }; diff --git a/lib/haskell.nix b/lib/haskell.nix new file mode 100644 index 000000000..b1889caf0 --- /dev/null +++ b/lib/haskell.nix @@ -0,0 +1,51 @@ +{ lib }: + +with builtins; + +rec { + + # Derive a file by substituting + # "${pkgs.foo}/bin/foo" for each {-pkg-}"foo", and + # "${pkgs.bar}/bin/foo" for each {-pkg:bar-}"foo". + # If a package doesn't exist, a warning gets printed. + substitutePkgs = name: { callsite ? null, pkgs, path }: + pkgs.writeText name (substitutePkgs' { + inherit pkgs; + sourceDescription = + if callsite != null then + "${name} in ${toString callsite}" + else + "${name} from ${toString path}"; + text = readFile path; + }); + + substitutePkgs' = { pkgs, sourceDescription, text }: + let + f = s: + let + parse = match "(.*)([{]-pkg(:([^}]+))?-[}]\"([^\"]+)\")(.*)" s; + prefix = elemAt parse 0; + pname = if elemAt parse 3 != null then elemAt parse 3 else exename; + exename = elemAt parse 4; + suffix = elemAt parse 5; + pkg = pkgs.${pname} or null; + + substitute = + if pkg != null then + "${pkg}/bin/${exename}" + else + trace (toString [ + "lib.haskell.replacePkg:" + "warning:" + "while deriving ${sourceDescription}:" + "no substitute found for ${elemAt parse 1}" + ]) + exename; + in + if parse == null then + s + else + f (prefix + toJSON substitute + suffix); + in + f text; +} From 2251d5cb566224f7102fcf7e77c2c2c81088a0c5 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 14 Mar 2021 23:44:08 +0100 Subject: [PATCH 02/29] tv xmonad: replace Paths by {-pkg-} --- .../haskell/xmonad-tv/src/Helpers/Path.hs | 15 -------- tv/5pkgs/haskell/xmonad-tv/src/Paths.hs | 37 ------------------- tv/5pkgs/haskell/xmonad-tv/src/main.hs | 31 ++++++++-------- .../haskell/xmonad-tv/src/xmonad-tv.cabal | 2 - 4 files changed, 15 insertions(+), 70 deletions(-) delete mode 100644 tv/5pkgs/haskell/xmonad-tv/src/Helpers/Path.hs delete mode 100644 tv/5pkgs/haskell/xmonad-tv/src/Paths.hs diff --git a/tv/5pkgs/haskell/xmonad-tv/src/Helpers/Path.hs b/tv/5pkgs/haskell/xmonad-tv/src/Helpers/Path.hs deleted file mode 100644 index 1029d60be..000000000 --- a/tv/5pkgs/haskell/xmonad-tv/src/Helpers/Path.hs +++ /dev/null @@ -1,15 +0,0 @@ -module Helpers.Path where - -import qualified Data.List -import qualified System.Directory -import qualified System.IO.Unsafe - - -findExecutable :: String -> FilePath -findExecutable = - System.IO.Unsafe.unsafePerformIO . find - where - find name = - maybe failure id <$> System.Directory.findExecutable name - where - failure = error (Data.List.intercalate " " [name, "not found"]) diff --git a/tv/5pkgs/haskell/xmonad-tv/src/Paths.hs b/tv/5pkgs/haskell/xmonad-tv/src/Paths.hs deleted file mode 100644 index 2569b60c3..000000000 --- a/tv/5pkgs/haskell/xmonad-tv/src/Paths.hs +++ /dev/null @@ -1,37 +0,0 @@ -module Paths where - -import Helpers.Path - - -flameshot :: FilePath -flameshot = findExecutable "flameshot-once" - -otpmenu :: FilePath -otpmenu = findExecutable "otpmenu" - -pactl :: FilePath -pactl = findExecutable "pactl" - -passmenu :: FilePath -passmenu = findExecutable "passmenu" - -pavucontrol :: FilePath -pavucontrol = findExecutable "pavucontrol" - -slock :: FilePath -slock = findExecutable "slock" - -su :: FilePath -su = findExecutable "su" - -urxvtc :: FilePath -urxvtc = findExecutable "urxvtc" - -xcalib :: FilePath -xcalib = findExecutable "xcalib" - -xdpychvt :: FilePath -xdpychvt = findExecutable "xdpychvt" - -xterm :: FilePath -xterm = findExecutable "xterm" diff --git a/tv/5pkgs/haskell/xmonad-tv/src/main.hs b/tv/5pkgs/haskell/xmonad-tv/src/main.hs index 48127a594..e720981a7 100644 --- a/tv/5pkgs/haskell/xmonad-tv/src/main.hs +++ b/tv/5pkgs/haskell/xmonad-tv/src/main.hs @@ -34,7 +34,6 @@ import XMonad.Actions.PerWorkspaceKeys (chooseAction) import XMonad.Stockholm.Pager import XMonad.Stockholm.Shutdown -import qualified Paths import THEnv.JSON (getCompileEnvJSONExp) @@ -72,7 +71,7 @@ mainNoArgs = do launch $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ") $ def - { terminal = Paths.urxvtc + { terminal = {-pkg:rxvt_unicode-}"urxvtc" , modMask = mod4Mask , keys = myKeys , workspaces = workspaces0 @@ -122,14 +121,14 @@ displaySomeException = displayException forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X () forkFile path args env = - xfork (executeFile path False args env) >> return () + xfork (executeFile path True args env) >> return () spawnRootTerm :: X () spawnRootTerm = forkFile - Paths.urxvtc - ["-name", "root-urxvt", "-e", Paths.su, "-"] + {-pkg:rxvt_unicode-}"urxvtc" + ["-name", "root-urxvt", "-e", "/run/wrappers/bin/su", "-"] Nothing @@ -137,16 +136,16 @@ spawnTermAt :: String -> X () spawnTermAt ws = do env <- io getEnvironment let env' = ("XMONAD_SPAWN_WORKSPACE", ws) : env - forkFile Paths.urxvtc [] (Just env') + forkFile {-pkg:rxvt_unicode-}"urxvtc" [] (Just env') myKeys :: XConfig Layout -> Map (KeyMask, KeySym) (X ()) myKeys conf = Map.fromList $ - [ ((_4 , xK_Escape ), forkFile Paths.slock [] Nothing) + [ ((_4 , xK_Escape ), forkFile {-pkg-}"slock" [] Nothing) , ((_4S , xK_c ), kill) - , ((_4 , xK_o ), forkFile Paths.otpmenu [] Nothing) - , ((_4 , xK_p ), forkFile Paths.passmenu [] Nothing) + , ((_4 , xK_o ), forkFile {-pkg:fzmenu-}"otpmenu" [] Nothing) + , ((_4 , xK_p ), forkFile {-pkg:fzmenu-}"passmenu" [] Nothing) , ((_4 , xK_x ), chooseAction spawnTermAt) , ((_4C , xK_x ), spawnRootTerm) @@ -188,12 +187,12 @@ myKeys conf = Map.fromList $ , ((0, xF86XK_AudioMute), audioMute) , ((_4, xF86XK_AudioMute), pavucontrol []) - , ((_4, xK_Prior), forkFile Paths.xcalib ["-invert", "-alter"] Nothing) + , ((_4, xK_Prior), forkFile {-pkg-}"xcalib" ["-invert", "-alter"] Nothing) - , ((0, xK_Print), forkFile Paths.flameshot [] Nothing) + , ((0, xK_Print), forkFile {-pkg-}"flameshot" [] Nothing) - , ((_C, xF86XK_Forward), forkFile Paths.xdpychvt ["next"] Nothing) - , ((_C, xF86XK_Back), forkFile Paths.xdpychvt ["prev"] Nothing) + , ((_C, xF86XK_Forward), forkFile {-pkg:xdpytools-}"xdpychvt" ["next"] Nothing) + , ((_C, xF86XK_Back), forkFile {-pkg:xdpytools-}"xdpychvt" ["prev"] Nothing) ] where _4 = mod4Mask @@ -206,8 +205,8 @@ myKeys conf = Map.fromList $ _4CM = _4 .|. _C .|. _M _4SM = _4 .|. _S .|. _M - pactl args = forkFile Paths.pactl args Nothing - pavucontrol args = forkFile Paths.pavucontrol args Nothing + pactl args = forkFile {-pkg:pulseaudio-}"pactl" args Nothing + pavucontrol args = forkFile {-pkg-}"pavucontrol" args Nothing audioLowerVolume = pactl ["--", "set-sink-volume", "@DEFAULT_SINK@", "-5%"] audioRaiseVolume = pactl ["--", "set-sink-volume", "@DEFAULT_SINK@", "+5%"] @@ -222,7 +221,7 @@ myKeys conf = Map.fromList $ xdeny :: X () xdeny = forkFile - Paths.xterm + {-pkg-}"xterm" [ "-fn", myFont , "-geometry", "300x100" , "-name", "AlertFloat" diff --git a/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal b/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal index d07e2b159..f3bd2e0ab 100644 --- a/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal +++ b/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal @@ -23,8 +23,6 @@ executable xmonad xmonad-contrib, xmonad-stockholm other-modules: - Helpers.Path, - Paths, THEnv.JSON default-language: Haskell2010 ghc-options: -O2 -Wall -threaded From f956b05cf1fbafd022fe2f0199e9524cd6efbe85 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 15 Mar 2021 02:05:37 +0100 Subject: [PATCH 03/29] tv pulse: add au sink --- tv/2configs/pulse.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/tv/2configs/pulse.nix b/tv/2configs/pulse.nix index ea3970152..79c31e9ec 100644 --- a/tv/2configs/pulse.nix +++ b/tv/2configs/pulse.nix @@ -43,6 +43,21 @@ let "auth-anonymous=1" "socket=${runDir}/socket" ]} + ${lib.optionalString (config.krebs.build.host.name == "au") '' + load-module ${toString [ + "module-native-protocol-tcp" + "auth-ip-acl=127.0.0.1;10.23.1.0/24" + ]} + ''} + ${lib.optionalString (config.krebs.build.host.name != "au") '' + load-module ${toString [ + "module-tunnel-sink-new" + "server=au.hkw" + "sink_name=au" + "channels=2" + "rate=44100" + ]} + ''} ''; in From 4604f0735a5bf32be84bff1fa0e8a731c2846894 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 23 Mar 2021 21:34:42 +0100 Subject: [PATCH 04/29] nixpkgs: 36e15cd -> f8929dc --- krebs/nixpkgs.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 837782ff6..511ad997f 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "36e15cd6e7d55ba143caf3dc930467ace573d85c", - "date": "2021-03-16T08:18:29+01:00", - "path": "/nix/store/rsh8kmy9jiwdhsm390zw0mq1p256xzrk-nixpkgs", - "sha256": "15dwscz9s71n6hn1wml95il8hl8aza16jj9qwywps8bsdamgymfq", + "rev": "f8929dce13e729357f31d5b2950cbb097744bed7", + "date": "2021-03-22T08:08:59+01:00", + "path": "/nix/store/jyxnsbp9hf1fai4n2qqnqci6v7lhss5b-nixpkgs", + "sha256": "06ikqdb5038vkkyx4hi5lw4gksjjndjg7mz0spawnb1gpzhqkavs", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false From 8dca12ef863211e748e91b8278c5fc2b2fc617d4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 23 Mar 2021 21:35:19 +0100 Subject: [PATCH 05/29] nixpkgs-unstable: 266dc8c -> f5e8bdd --- krebs/nixpkgs-unstable.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index c0ffcf3e3..b030068a1 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "266dc8c3d052f549826ba246d06787a219533b8f", - "date": "2021-03-15T09:37:03+01:00", - "path": "/nix/store/dkim3k1b5bdga370xpw0r52w0ac5y3fn-nixpkgs", - "sha256": "09ydqx2lznixmw8z4cfz1j3k137mh8n3cdpygwqymknhfdjq7lg4", + "rev": "f5e8bdd07d1afaabf6b37afc5497b1e498b8046f", + "date": "2021-03-19T18:17:44+01:00", + "path": "/nix/store/c3kh19xrsg4h6siis2dlbn6wiqx45xwq-nixpkgs", + "sha256": "1fmwkb2wjfrpx8fis4x457vslam0x8vqlpfwqii6p9vm33dyxhzk", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false From 47053abcf002230ef029579637df747588b36eca Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 25 Mar 2021 19:24:13 +0100 Subject: [PATCH 06/29] nixpkgs: f8929dc -> d395190 --- krebs/nixpkgs.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 511ad997f..77b88160b 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "f8929dce13e729357f31d5b2950cbb097744bed7", - "date": "2021-03-22T08:08:59+01:00", - "path": "/nix/store/jyxnsbp9hf1fai4n2qqnqci6v7lhss5b-nixpkgs", - "sha256": "06ikqdb5038vkkyx4hi5lw4gksjjndjg7mz0spawnb1gpzhqkavs", + "rev": "d395190b24b27a65588f4539c423d9807ad8d4e7", + "date": "2021-03-24T17:35:36-06:00", + "path": "/nix/store/gdzjw6k680vcilvnpdhv93qxkzkl05qy-nixpkgs", + "sha256": "0r1kj8gf97z9ydh36vmgrar1q4l9ggaqiygxjvp8jmr1948y0nh2", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false From 0dd98b9bc1829a9b8ab3f49c08bdbd351d6394e8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 25 Mar 2021 19:25:08 +0100 Subject: [PATCH 07/29] nixpkgs-unstable: f5e8bdd -> d3f7e96 --- krebs/nixpkgs-unstable.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index b030068a1..03b6495cf 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "f5e8bdd07d1afaabf6b37afc5497b1e498b8046f", - "date": "2021-03-19T18:17:44+01:00", - "path": "/nix/store/c3kh19xrsg4h6siis2dlbn6wiqx45xwq-nixpkgs", - "sha256": "1fmwkb2wjfrpx8fis4x457vslam0x8vqlpfwqii6p9vm33dyxhzk", + "rev": "d3f7e969b9860fb80750147aeb56dab1c730e756", + "date": "2021-03-23T19:22:30+00:00", + "path": "/nix/store/a5rldwc8gmwd0j9x86xmwszrd8wcbad3-nixpkgs", + "sha256": "13z5lsgfgpw2wisglicy7krjrhypcc2y7krzxn54ybcninyiwhsn", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false From ef87e5e38876c3122f7b4ac95af8f57008eee777 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 26 Mar 2021 20:04:10 +0100 Subject: [PATCH 08/29] news: don't sync shortened links --- krebs/1systems/news/config.nix | 7 ------- 1 file changed, 7 deletions(-) diff --git a/krebs/1systems/news/config.nix b/krebs/1systems/news/config.nix index 5c4b37aef..79946dad7 100644 --- a/krebs/1systems/news/config.nix +++ b/krebs/1systems/news/config.nix @@ -18,13 +18,6 @@ boot.isContainer = true; networking.useDHCP = false; krebs.bindfs = { - "/var/lib/htgen-go" = { - source = "/var/state/htgen-go"; - options = [ - "-m ${toString config.users.users.htgen-go.uid}" - ]; - clearTarget = true; - }; "/var/lib/brockman" = { source = "/var/state/brockman"; options = [ From 0a6b7de9b8a7cb7265f5d024617e49c746cc3d98 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 26 Mar 2021 20:04:35 +0100 Subject: [PATCH 09/29] ircd: allow msg without join --- krebs/2configs/ircd.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index 0de07a027..3ef2e7d2b 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -87,6 +87,7 @@ }; channel { + autochanmodes = "+t"; use_invex = yes; use_except = yes; use_forward = yes; From 8a02c7858c9958fce1173801cb5839306a87eae2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 26 Mar 2021 20:06:56 +0100 Subject: [PATCH 10/29] news: add /api brockman --- krebs/2configs/news.nix | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index 410beb041..2da3e6fcc 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -15,6 +15,16 @@ serverAliases = [ "news.r" ]; + locations."/api".extraConfig = '' + proxy_pass http://127.0.0.1:7777/; + proxy_pass_header Server; + ''; + locations."= /graph.html".extraConfig = '' + alias ${pkgs.fetchurl { + url = "https://raw.githubusercontent.com/kmein/brockman/05d33c8caaaf6255752f9600981974bb58390851/tools/graph.html"; + sha256 = "0iw2vdzj6kzkix1c447ybmc953lns6z4ap6sr9pcib8bany4g43w"; + }}; + ''; locations."/".extraConfig = '' root /var/lib/brockman; index brockman.json; @@ -27,6 +37,7 @@ }; systemd.tmpfiles.rules = [ "d /var/lib/brockman 1750 brockman nginx -" + "d /run/irc-api 1750 brockman nginx -" ]; systemd.services.brockman-graph = { @@ -67,12 +78,28 @@ shortener = "http://go.r"; controller = { nick = "brockman"; - channels = [ "#all" ]; + extraChannels = [ "#all" ]; }; bots = {}; }; }; + krebs.reaktor2.api = { + hostname = "localhost"; + port = "6667"; + nick = "api"; + API.listen = "inet://127.0.0.1:7777"; + plugins = [ + { + plugin = "register"; + config = { + channels = [ + "#all" + ]; + }; + } + ]; + }; krebs.reaktor2.news = let name = "candyman"; in { From d97edee14c0db81f18ce901b4c63a863f7716887 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 26 Mar 2021 20:07:43 +0100 Subject: [PATCH 11/29] syncthing: configure key, cert & max_user_watches --- krebs/2configs/syncthing.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/krebs/2configs/syncthing.nix b/krebs/2configs/syncthing.nix index 31e33ad5e..125e2aea4 100644 --- a/krebs/2configs/syncthing.nix +++ b/krebs/2configs/syncthing.nix @@ -10,6 +10,10 @@ in { configDir = "/var/lib/syncthing"; declarative = { devices = mk_peers used_peers; + key = toString ; + cert = toString ; }; }; + + boot.kernel.sysctl."fs.inotify.max_user_watches" = 524288; } From 1f400a45b5b677eb1de12144ed0af1c23bee87c0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 26 Mar 2021 20:08:15 +0100 Subject: [PATCH 12/29] puyak.r: add syncthing id --- krebs/3modules/krebs/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 8c164cfe3..656ea772f 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -177,6 +177,7 @@ in { }; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpVwKv9mQGfcn5oFwuitq+b6Dz4jBG9sGhVoCYFw5RY"; + syncthing.id = "DK5CEE2-PNUXYCE-Q42H2HP-623GART-B7KS4VK-HU2RBGQ-EK6QPUP-HUL3PAR"; }; wolf = { ci = true; From bb7fded7458610db538f35af294fb8eb52a85486 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 26 Mar 2021 20:08:55 +0100 Subject: [PATCH 13/29] sync-containers: fix activationScript name --- krebs/3modules/sync-containers.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/sync-containers.nix b/krebs/3modules/sync-containers.nix index d31022d3a..fcfaf1dd0 100644 --- a/krebs/3modules/sync-containers.nix +++ b/krebs/3modules/sync-containers.nix @@ -93,7 +93,7 @@ in { config = mkIf (cfg.containers != {}) { programs.fuse.userAllowOther = true; # allow syncthing to enter /var/lib/containers - system.activationScripts.syncthing-home = '' + system.activationScripts.containers-enter = mkDefault '' ${pkgs.coreutils}/bin/chmod a+x /var/lib/containers ''; From 55c348834bdb548cc01959f27aeb1d9ac8fd5670 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 26 Mar 2021 20:10:37 +0100 Subject: [PATCH 14/29] news-host: sync also with puyak.r --- krebs/2configs/news-host.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/2configs/news-host.nix b/krebs/2configs/news-host.nix index 82360a670..b7728986f 100644 --- a/krebs/2configs/news-host.nix +++ b/krebs/2configs/news-host.nix @@ -4,6 +4,7 @@ "shodan" "mors" "styx" + "puyak" ]; hostIp = "10.233.2.101"; localIp = "10.233.2.102"; From 7bfa242064e8a36a0568143fb66f46cd401cc734 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 26 Mar 2021 20:11:21 +0100 Subject: [PATCH 15/29] container-networking: configure nat for containers --- krebs/2configs/container-networking.nix | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 krebs/2configs/container-networking.nix diff --git a/krebs/2configs/container-networking.nix b/krebs/2configs/container-networking.nix new file mode 100644 index 000000000..fa4488800 --- /dev/null +++ b/krebs/2configs/container-networking.nix @@ -0,0 +1,7 @@ +{ lib, ... }: +{ + networking.nat.enable = true; + networking.nat.internalInterfaces = ["ve-+"]; + networking.nat.externalInterface = lib.mkDefault "et0"; + networking.networkmanager.unmanaged = [ "interface-name:ve-*" ]; +} From 2ae7cb819e60e13f3184b153fcfba32c3f6bd69f Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 26 Mar 2021 20:11:51 +0100 Subject: [PATCH 16/29] puyak.r: add news.r as container --- krebs/1systems/puyak/config.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 1e0687ba7..2f122f6ff 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -19,6 +19,12 @@ + ## news host + + + + + ### shackspace ### # handle the worlddomination map via coap From f5a04ffc57a27113b26d20b8600169ba048e8cb0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 26 Mar 2021 20:12:08 +0100 Subject: [PATCH 17/29] puyak.r: enable firewall --- krebs/1systems/puyak/net.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/1systems/puyak/net.nix b/krebs/1systems/puyak/net.nix index 8dab11e16..c535e51aa 100644 --- a/krebs/1systems/puyak/net.nix +++ b/krebs/1systems/puyak/net.nix @@ -8,7 +8,7 @@ in { SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:07:b9:14", NAME="${ext-if}" ''; networking = { - firewall.enable = false; + firewall.enable = true; firewall.allowedTCPPorts = [ 8088 8086 8083 5901 ]; interfaces."${ext-if}".ipv4.addresses = [ { From 9af05495541b4f5fc3651195e8620cce7a0ab500 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 26 Mar 2021 20:41:01 +0100 Subject: [PATCH 18/29] l syncthing: remove duplicate definitions --- lass/2configs/syncthing.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix index 7801c758c..7b8850681 100644 --- a/lass/2configs/syncthing.nix +++ b/lass/2configs/syncthing.nix @@ -3,10 +3,6 @@ imports = [ ]; services.syncthing = { group = "syncthing"; - declarative = { - key = toString ; - cert = toString ; - }; }; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 22000"; target = "ACCEPT";} @@ -16,6 +12,4 @@ system.activationScripts.syncthing-home = mkDefault '' ${pkgs.coreutils}/bin/chmod a+x /home/lass ''; - - boot.kernel.sysctl."fs.inotify.max_user_watches" = 524288; } From c1bda245e733f191ce98fda5810954f7a784efb6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 26 Mar 2021 20:42:24 +0100 Subject: [PATCH 19/29] puyak.r: open 80 & 443 --- krebs/1systems/puyak/net.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/1systems/puyak/net.nix b/krebs/1systems/puyak/net.nix index c535e51aa..a46a24952 100644 --- a/krebs/1systems/puyak/net.nix +++ b/krebs/1systems/puyak/net.nix @@ -9,7 +9,7 @@ in { ''; networking = { firewall.enable = true; - firewall.allowedTCPPorts = [ 8088 8086 8083 5901 ]; + firewall.allowedTCPPorts = [ 80 443 8088 8086 8083 5901 ]; interfaces."${ext-if}".ipv4.addresses = [ { address = shack-ip; From 7081f38b0720cfa3f1aeb647f7ea187c4e23abdc Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 27 Mar 2021 18:17:46 +0100 Subject: [PATCH 20/29] l hass: remove redundant dwdfsapi --- lass/2configs/hass/default.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/lass/2configs/hass/default.nix b/lass/2configs/hass/default.nix index 7765db84e..be9c32809 100644 --- a/lass/2configs/hass/default.nix +++ b/lass/2configs/hass/default.nix @@ -43,11 +43,9 @@ in { services.home-assistant = { enable = true; - package = (unstable.home-assistant.overrideAttrs (old: { + package = unstable.home-assistant.overrideAttrs (old: { doInstallCheck = false; - })).override { - extraPackages = _: [ dwdwfsapi ]; - }; + }); configWritable = true; lovelaceConfigWritable = true; config = let From fb8be42554568646a6bf6fae3b077b7eec1a52e5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 30 Mar 2021 19:33:36 +0200 Subject: [PATCH 21/29] recht: init --- krebs/5pkgs/haskell/recht.nix | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 krebs/5pkgs/haskell/recht.nix diff --git a/krebs/5pkgs/haskell/recht.nix b/krebs/5pkgs/haskell/recht.nix new file mode 100644 index 000000000..c98000564 --- /dev/null +++ b/krebs/5pkgs/haskell/recht.nix @@ -0,0 +1,24 @@ +{ mkDerivation, async, base, blessings, data-default, directory +, filepath, optparse-generic, pandoc, random, regex-tdfa, safe +, scalpel, stdenv, text +, fetchFromGitHub +}: +mkDerivation rec { + pname = "recht"; + version = "0.1.0"; + src = fetchFromGitHub { + owner = "kmein"; + repo = "recht"; + rev = "e3ed36e969cca138e6fc8199b0234d4fe36b663d"; + sha256 = "1cbdahjrhcx9jwmkncal04ss6rb2bf1ikyfxwvy6ngazfmj1d9f2"; + + }; + isLibrary = false; + isExecutable = true; + executableHaskellDepends = [ + async base blessings data-default directory filepath + optparse-generic pandoc random regex-tdfa safe scalpel text + ]; + license = "unknown"; + hydraPlatforms = stdenv.lib.platforms.none; +} From ca40599161ccecb05d855ad63af6800584ee7b30 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 30 Mar 2021 19:56:09 +0200 Subject: [PATCH 22/29] init syncthing dummy-secrets --- krebs/0tests/data/secrets/syncthing.cert | 0 krebs/0tests/data/secrets/syncthing.key | 0 2 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 krebs/0tests/data/secrets/syncthing.cert create mode 100644 krebs/0tests/data/secrets/syncthing.key diff --git a/krebs/0tests/data/secrets/syncthing.cert b/krebs/0tests/data/secrets/syncthing.cert new file mode 100644 index 000000000..e69de29bb diff --git a/krebs/0tests/data/secrets/syncthing.key b/krebs/0tests/data/secrets/syncthing.key new file mode 100644 index 000000000..e69de29bb From f32b691c75807c3848727c2187605b81fedcc784 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 3 Apr 2021 15:16:58 +0200 Subject: [PATCH 23/29] nixpkgs: d395190 -> 42a03e4 --- krebs/nixpkgs.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 77b88160b..02e131955 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "d395190b24b27a65588f4539c423d9807ad8d4e7", - "date": "2021-03-24T17:35:36-06:00", - "path": "/nix/store/gdzjw6k680vcilvnpdhv93qxkzkl05qy-nixpkgs", - "sha256": "0r1kj8gf97z9ydh36vmgrar1q4l9ggaqiygxjvp8jmr1948y0nh2", + "rev": "42a03e4728fc05cb9f123057670e41967f628360", + "date": "2021-04-02T23:08:32+02:00", + "path": "/nix/store/d1vqa0kpa69zzcaj5kqgkmrxr3s7vli1-nixpkgs", + "sha256": "0wrn5nayxckj11z2qlvsya2lzssbccbk50llxmgdm0qb5y14shfk", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false From 55318e85773256a78f6ecc35c20fb8199435e205 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 3 Apr 2021 15:17:14 +0200 Subject: [PATCH 24/29] nixpkgs-unstable: d3f7e96 -> 04a2b26 --- krebs/nixpkgs-unstable.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 03b6495cf..25389ad9c 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "d3f7e969b9860fb80750147aeb56dab1c730e756", - "date": "2021-03-23T19:22:30+00:00", - "path": "/nix/store/a5rldwc8gmwd0j9x86xmwszrd8wcbad3-nixpkgs", - "sha256": "13z5lsgfgpw2wisglicy7krjrhypcc2y7krzxn54ybcninyiwhsn", + "rev": "04a2b269d8921505a2969fc9ec25c1f517f2b307", + "date": "2021-03-30T01:32:47-04:00", + "path": "/nix/store/wb6m2d6p3kadk6pbqdjq3ydswbvmb0lq-nixpkgs", + "sha256": "15hgx2i71pqgvzv56jwzfs8rkhjbm35wk1i6mxrqbq6wd0y10isv", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false From 2ab771bce9ddc58b9f363dc2dcd8ae9aaa2a5960 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 4 Apr 2021 10:05:19 +0200 Subject: [PATCH 25/29] recht: 0.1.0 -> 0.3.0 --- krebs/5pkgs/haskell/recht.nix | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/krebs/5pkgs/haskell/recht.nix b/krebs/5pkgs/haskell/recht.nix index c98000564..7d884a9fa 100644 --- a/krebs/5pkgs/haskell/recht.nix +++ b/krebs/5pkgs/haskell/recht.nix @@ -1,24 +1,25 @@ -{ mkDerivation, async, base, blessings, data-default, directory -, filepath, optparse-generic, pandoc, random, regex-tdfa, safe -, scalpel, stdenv, text +{ mkDerivation, ansi-terminal, async, base, binary, bytestring +, data-default, directory, filepath, megaparsec +, optparse-applicative, pandoc, random, safe, scalpel, stdenv, text +, time , fetchFromGitHub }: mkDerivation rec { pname = "recht"; - version = "0.1.0"; + version = "0.3.0"; src = fetchFromGitHub { owner = "kmein"; repo = "recht"; - rev = "e3ed36e969cca138e6fc8199b0234d4fe36b663d"; - sha256 = "1cbdahjrhcx9jwmkncal04ss6rb2bf1ikyfxwvy6ngazfmj1d9f2"; + rev = version; + sha256 = "07cyd06wbnzcp33v0nq8cxyggvqrnbni0v2g8cpxar6idn1wlz85"; }; isLibrary = false; isExecutable = true; executableHaskellDepends = [ - async base blessings data-default directory filepath - optparse-generic pandoc random regex-tdfa safe scalpel text + ansi-terminal async base binary bytestring data-default directory + filepath megaparsec optparse-applicative pandoc random safe scalpel + text time ]; - license = "unknown"; - hydraPlatforms = stdenv.lib.platforms.none; + license = stdenv.lib.licenses.mit; } From 0257e7ea4b6dc4ad8363cd29ef0fd1d4832c179d Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 14 Apr 2021 11:12:50 +0200 Subject: [PATCH 26/29] l: switch tinc port to 0 for non supernodes --- krebs/3modules/lass/default.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 6978c0b4e..3711a7759 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -68,6 +68,7 @@ in { "paste.r" "p.r" ]; + tinc.port = 655; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIIECgKCBAEAtpI0+jz2deUiH18T/+JcRshQi7lq8zlRvaXpvyuxJlYCz+o5cLje @@ -126,6 +127,7 @@ in { aliases = [ "uriel.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAzw0pvoEmqeqiZrzSOPH0IT99gr1rrvMZbvabXoU4MAiVgGoGrkmR @@ -151,6 +153,7 @@ in { aliases = [ "mors.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAsj1PCibKOfF68gmFQ+wwyfhUWpqKqpznrJX1dZ+daae7l7nBHvsE @@ -184,6 +187,7 @@ in { aliases = [ "shodan.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEA9bUSItw8rEu2Cm2+3IGHyRxopre9lqpFjZNG2QTnjXkZ97QlDesT @@ -218,6 +222,7 @@ in { aliases = [ "icarus.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAydCY+IWzF8DocCNzPiUM+xccbiDTWS/+r2le812+O4r+sUojXuzr @@ -251,6 +256,7 @@ in { aliases = [ "daedalus.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAzlIJfYIoQGXishIQGFNOcaVoeelqy7a731FJ+VfrqeR8WURQ6D+8 @@ -282,6 +288,7 @@ in { aliases = [ "skynet.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEArNpBoTs7MoaZq2edGJLYUjmoLa5ZtXhOFBHjS1KtQ3hMtWkcqpYX @@ -315,6 +322,7 @@ in { aliases = [ "littleT.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIIECgKCBAEA2nPi6ui8nJhEL3lFzDoPelFbEwFWqPnQa0uVxLAhf2WnmT/vximF @@ -364,6 +372,7 @@ in { aliases = [ "xerxes.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIIECgKCBAEArqEaK+m7WZe/9/Vbc+qx2TjkkRJ9lDgDMr1dvj98xb8/EveUME6U @@ -414,6 +423,7 @@ in { aliases = [ "red.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArAN/62V2MV18wsZ9VMTG @@ -444,6 +454,7 @@ in { aliases = [ "yellow.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6lHmzq8+04h3zivJmIbP @@ -481,6 +492,7 @@ in { aliases = [ "blue.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA28b+WMiQaWbwUPcJlacd @@ -520,6 +532,7 @@ in { aliases = [ "green.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwpgFxMxWQ0Cp3I82bLWk @@ -574,6 +587,7 @@ in { aliases = [ "morpheus.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEAptrlSKQKsBH2QMQxllZR94S/fXneajpJifRjXR5bi+7ME2ThdQXY @@ -611,6 +625,7 @@ in { aliases = [ "hilum.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAul1zLdJ76kIqVWjxT2bb @@ -651,6 +666,7 @@ in { aliases = [ "styx.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuMJFklzpbxoDGD8LQ3tn @@ -692,6 +708,7 @@ in { aliases = [ "coaxmetal.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwcuMl/W6DZ7UMK4RHrxA From 73adafe901a2809c58be0007bd6a5f2620242551 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 15 Apr 2021 09:32:47 +0200 Subject: [PATCH 27/29] nixpkgs: 42a03e4 -> dec334f --- krebs/nixpkgs.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 02e131955..44a5d0c37 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "42a03e4728fc05cb9f123057670e41967f628360", - "date": "2021-04-02T23:08:32+02:00", - "path": "/nix/store/d1vqa0kpa69zzcaj5kqgkmrxr3s7vli1-nixpkgs", - "sha256": "0wrn5nayxckj11z2qlvsya2lzssbccbk50llxmgdm0qb5y14shfk", + "rev": "dec334fa196a4aeedb1b60d8f7d61aa00d327499", + "date": "2021-04-14T01:54:42+02:00", + "path": "/nix/store/x1dkzxknsrf0060pz1vwa7ibmq7899wb-nixpkgs", + "sha256": "1sm1p2qliz11qw6va01knm0rikhpq2h4c70ci98vi4q26y4q9z72", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false From 38c46e3c08ea5de4191aa33c1c42af4d73816c6c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 17 Apr 2021 11:26:14 +0200 Subject: [PATCH 28/29] l: add searx via search.r --- krebs/3modules/lass/default.nix | 1 + lass/1systems/prism/config.nix | 1 + lass/2configs/searx.nix | 23 +++++++++++++++++++++ lass/2configs/tests/dummy-secrets/searx.key | 1 + 4 files changed, 26 insertions(+) create mode 100644 lass/2configs/searx.nix create mode 100644 lass/2configs/tests/dummy-secrets/searx.key diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 3711a7759..300ea2ccc 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -67,6 +67,7 @@ in { "cgit.prism.r" "paste.r" "p.r" + "search.r" ]; tinc.port = 655; tinc.pubkey = '' diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 6f61ea57e..25d688696 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -194,6 +194,7 @@ with import ; } + { services.taskserver = { enable = true; diff --git a/lass/2configs/searx.nix b/lass/2configs/searx.nix new file mode 100644 index 000000000..ed6586a26 --- /dev/null +++ b/lass/2configs/searx.nix @@ -0,0 +1,23 @@ +{ pkgs, ... }: +let + port = 8889; +in { + services.nginx.virtualHosts.search = { + serverAliases = [ "search.r" ]; + locations."/".extraConfig = '' + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:${builtins.toString port}; + ''; + }; + + services.searx = { + enable = true; + configFile = pkgs.writeText "searx.cfg" (builtins.toJSON { + use_default_settings = true; + server = { + port = port; + secret_key = builtins.readFile ; + }; + }); + }; +} diff --git a/lass/2configs/tests/dummy-secrets/searx.key b/lass/2configs/tests/dummy-secrets/searx.key new file mode 100644 index 000000000..bd88e01cd --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/searx.key @@ -0,0 +1 @@ +yolo From 6b12f7ec6ab25eb482c73d9c3e1b892b0531ff6d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Apr 2021 17:05:24 +0200 Subject: [PATCH 29/29] hotdog.r: use port 0 for tinc --- krebs/3modules/krebs/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 656ea772f..37b939358 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -77,6 +77,7 @@ in { "wiki.r" "wiki.hotdog.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAs9+Au3oj29C5ol/YnkG9GjfCH5z53wxjH2iy8UPike8C7GASZKqc