diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index cf72e0d73..916073375 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -12,8 +12,8 @@ - - + + ]; diff --git a/krebs/2configs/nscd-fix.nix b/krebs/2configs/nscd-fix.nix new file mode 100644 index 000000000..8e5909e72 --- /dev/null +++ b/krebs/2configs/nscd-fix.nix @@ -0,0 +1,24 @@ +with import ; +{ pkgs, ... }: let + + enable = versionOlderThan "19.03"; + + versionOlderThan = v: + compareVersions + (versions.majorMinor version) + (versions.majorMinor v) + == -1; + + warning = '' + Using custom services.nscd.config because + https://github.com/NixOS/nixpkgs/pull/50316 + ''; + +in + optionalAttrs enable (trace warning { + services.nscd.enable = mkForce true; + services.nscd.config = mkForce (readFile (pkgs.fetchurl { + url = https://raw.githubusercontent.com/arianvp/nixpkgs/1d5f4cb/nixos/modules/services/system/nscd.conf; + sha256 = "1jlddk38lyynjn51zx3xi1nc29ahajyh0qg48qbq6dqlsrn3wxqs"; + })); + }) diff --git a/krebs/2configs/reaktor-krebs.nix b/krebs/2configs/reaktor-krebs.nix deleted file mode 100644 index 862c9b991..000000000 --- a/krebs/2configs/reaktor-krebs.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, lib, pkgs, ... }: -with import ; - -{ - krebs.Reaktor.krebs = { - nickname = "Reaktor|krebs"; - channels = [ - "#krebs" - "#nixos-wiki" - ]; - extraEnviron = { - REAKTOR_HOST = "irc.freenode.org"; - REAKTOR_NICKSERV_PASSWORD = "/var/lib/Reaktor/reaktor_nickserv_password"; - }; - plugins = with pkgs.ReaktorPlugins; [ - sed-plugin - ] ++ - (attrValues (task "agenda")) - ; - }; - krebs.secret.files.nix-serve-key = { - path = "/var/lib/Reaktor/reaktor_nickserv_password"; - owner.name = "Reaktor"; - source-path = toString + "/reaktor_nickserv_password"; - }; -} diff --git a/krebs/2configs/reaktor-retiolum.nix b/krebs/2configs/reaktor-retiolum.nix deleted file mode 100644 index 69fc4b202..000000000 --- a/krebs/2configs/reaktor-retiolum.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, lib, pkgs, ... }: -with import ; - -{ - krebs.Reaktor.retiolum = { - nickname = "Reaktor|lass"; - channels = [ "#noise" "#xxx" ]; - extraEnviron = { - REAKTOR_HOST = "irc.r"; - }; - plugins = with pkgs.ReaktorPlugins; [ - sed-plugin - ] ++ - (attrValues (task "agenda")) - ; - }; -} diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix new file mode 100644 index 000000000..ff6b539ba --- /dev/null +++ b/krebs/2configs/reaktor2.nix @@ -0,0 +1,152 @@ +with import ; +{ config, pkgs, ... }: + +let + #for shared state directory + stateDir = config.krebs.reaktor2.r.stateDir; + + generators = pkgs.reaktor2-plugins.generators; + hooks = pkgs.reaktor2-plugins.hooks; + commands = pkgs.reaktor2-plugins.commands; + + task = name: let + rcFile = builtins.toFile "taskrc" '' + confirmation=no + ''; + in { + pattern = "^${name}-([a-z]+)(?::\\s*(.*))?"; + activate = "match"; + command = 1; + arguments = [2]; + env.TASKDATA = "${stateDir}/${name}"; + commands = { + add.filename = pkgs.writeDash "${name}-task-add" '' + ${pkgs.taskwarrior}/bin/task rc:${rcFile} add "$1" + ''; + list.filename = pkgs.writeDash "${name}-task-list" '' + ${pkgs.taskwarrior}/bin/task rc:${rcFile} export \ + | ${pkgs.jq}/bin/jq -r ' + .[] | select(.id != 0) | "\(.id) \(.description)" + ' + ''; + delete.filename = pkgs.writeDash "${name}-task-delete" '' + ${pkgs.taskwarrior}/bin/task rc:${rcFile} delete "$1" + ''; + done.filename = pkgs.writeDash "${name}-task-done" '' + ${pkgs.taskwarrior}/bin/task rc:${rcFile} done "$1" + ''; + }; + }; + + systemPlugin = { + plugin = "system"; + config = { + workdir = stateDir; + hooks.JOIN = [ + { + activate = "always"; + command = { + filename = + "${pkgs.Reaktor.src}/reaktor/commands/tell-on_join"; + env = { + PATH = makeBinPath [ + pkgs.coreutils # XXX env, touch + pkgs.jq # XXX sed + pkgs.utillinux # XXX flock + ]; + state_file = "${stateDir}/tell.json"; + }; + }; + } + ]; + hooks.PRIVMSG = [ + { + pattern = "^bier bal(ance)*$"; + activate = "match"; + command = { + env = { + state_file = "${stateDir}/ledger"; + }; + filename = pkgs.writeDash "bier-balance" '' + ${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \ + | ${pkgs.coreutils}/bin/tail +2 \ + | ${pkgs.miller}/bin/mlr --icsv --opprint cat + ''; + }; + } + { + pattern = ''^(\S+)\s+([+-][1-9][0-9]*)\s+(\S+)$''; + activate = "match"; + arguments = [1 2 3]; + command = { + env = { + # TODO; get state as argument + state_file = "${stateDir}/ledger"; + }; + filename = pkgs.writeDash "ledger-add" '' + set -x + tonick=$1 + amt=$2 + unit=$3 + printf '%s\n %s %d %s\n %s %d %s\n' "$(date -Id)" "$tonick" "$amt" "$unit" "$_from" "$(expr 0 - "''${amt#+}")" "$unit" >> $state_file + ''; + }; + } + hooks.sed + (generators.command_hook { + inherit (commands) hello random-emoji nixos-version stockholm-issue; + tell = { + filename = + "${pkgs.Reaktor.src}/reaktor/commands/tell-on_privmsg"; + env = { + PATH = makeBinPath [ + pkgs.coreutils # XXX date, env + pkgs.jq # XXX sed + pkgs.utillinux # XXX flock + ]; + state_file = "${stateDir}/tell.txt"; + }; + }; + }) + (task "agenda") + ]; + }; + }; + +in { + + krebs.reaktor2 = { + freenode = { + hostname = "irc.freenode.org"; + nick = "reaktor2|krebs"; + plugins = [ + { + plugin = "register"; + config = { + channels = [ + "#krebs" + ]; + }; + } + systemPlugin + ]; + username = "reaktor2"; + }; + r = { + nick = "reaktor2|krebs"; + plugins = [ + { + plugin = "register"; + config = { + channels = [ + "#noise" + "#xxx" + ]; + }; + } + systemPlugin + ]; + username = "reaktor2"; + }; + }; +} diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix index 669483f3c..308c6d41d 100644 --- a/krebs/3modules/Reaktor.nix +++ b/krebs/3modules/Reaktor.nix @@ -113,10 +113,11 @@ let ''; in nameValuePair "Reaktor-${name}" { path = with pkgs; [ - utillinux #flock for tell_on-join git # for nag + jq # for tell python # for caps - ]; + utillinux # flock for tell + ]; description = "Reaktor IRC Bot"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index bb69bfad3..9303a81fb 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -42,6 +42,7 @@ let ./per-user.nix ./power-action.nix ./Reaktor.nix + ./reaktor2.nix ./realwallpaper.nix ./retiolum-bootstrap.nix ./retiolum-hosts.nix diff --git a/krebs/3modules/reaktor2.nix b/krebs/3modules/reaktor2.nix index b667bcc92..e3e6ddf4f 100644 --- a/krebs/3modules/reaktor2.nix +++ b/krebs/3modules/reaktor2.nix @@ -25,7 +25,7 @@ with import ; type = types.listOf types.attrs; }; stateDir = mkOption { - default = "/var/lib/${self.config.systemd-service-name}"; + default = "/var/lib/${self.config.username}"; readOnly = true; type = types.absolute-pathname; }; @@ -33,6 +33,14 @@ with import ; default = "reaktor2${optionalString (name != "default") "-${name}"}"; type = types.filename; }; + username = mkOption { + default = self.config.systemd-service-name; + type = types.username; + }; + useTLS = mkOption { + default = self.config.port == "6697"; + type = types.bool; + }; }; })); }; @@ -43,10 +51,10 @@ with import ; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { - User = cfg.systemd-service-name; + User = cfg.username; Group = "reaktor2"; DynamicUser = true; - StateDirectory = cfg.systemd-service-name; + StateDirectory = cfg.username; ExecStart = let configFile = pkgs.writeJSON configFileName configValue; configFileName = "${cfg.systemd-service-name}.config.json"; diff --git a/krebs/5pkgs/haskell/blessings.nix b/krebs/5pkgs/haskell/blessings.nix index 19f8da19d..97e4a717c 100644 --- a/krebs/5pkgs/haskell/blessings.nix +++ b/krebs/5pkgs/haskell/blessings.nix @@ -7,8 +7,8 @@ with import ; sha256 = "1k908zap3694fcxdk4bb29s54b0lhdh557y10ybjskfwnym7szn1"; }; "18.09" = { - version = "1.3.0"; - sha256 = "1y9jhh9pchrr48zgfib2jip97x1fkm7qb1gnfx477rmmryjs500h"; + version = "2.1.0"; + sha256 = "0wc8v48bb0bkvypc0j6imvnf8xc8572hykk9sgjhzf2w0ggqxv5d"; }; }.${versions.majorMinor nixpkgsVersion}; diff --git a/krebs/5pkgs/simple/much/cabal.nix b/krebs/5pkgs/haskell/much.nix similarity index 80% rename from krebs/5pkgs/simple/much/cabal.nix rename to krebs/5pkgs/haskell/much.nix index 09bc7b5df..db168f8a1 100644 --- a/krebs/5pkgs/simple/much/cabal.nix +++ b/krebs/5pkgs/haskell/much.nix @@ -8,11 +8,12 @@ }: mkDerivation { pname = "much"; - version = "1.1.0"; + version = "1.2.0"; src = fetchgit { - url = "http://cgit.ni.krebsco.de/much"; - sha256 = "1325554zymr1dd0clj8c5ygl70c791csvs0hz33jcfr6b8wysdrl"; - rev = "dfec37d848e11c00d9b7f03295af1fc7b0e83ef5"; + url = "https://cgit.krebsco.de/much"; + sha256 = "0gfvppi8acylz0q7xh8dkm3dj676d4sc1m1gxwp663bkn4748873"; + rev = "8fc4fbb5bb7781626da8f63cd8df8bb0f554cfe7"; + fetchSubmodules = true; }; isLibrary = false; isExecutable = true; diff --git a/krebs/5pkgs/haskell/reaktor2.nix b/krebs/5pkgs/haskell/reaktor2.nix index 447738425..40c628802 100644 --- a/krebs/5pkgs/haskell/reaktor2.nix +++ b/krebs/5pkgs/haskell/reaktor2.nix @@ -1,23 +1,27 @@ -{ mkDerivation, aeson, attoparsec, base, blessings, bytestring -, containers, fetchgit, filepath, network, network-simple -, network-simple-tls, pcre-heavy, pcre-light, process, random -, stdenv, text, time, transformers, unix, unordered-containers +{ mkDerivation, aeson, async, attoparsec, base, blessings +, bytestring, containers, data-default, fetchgit, filepath +, hashable, lens, lens-aeson, network, network-simple +, network-simple-tls, pcre-light, process, random, stdenv +, string-conversions, stringsearch, text, time, transformers +, unagi-chan, unix, unordered-containers, vector }: mkDerivation { pname = "reaktor2"; - version = "0.0.0"; + version = "0.2.1"; src = fetchgit { url = "https://cgit.krebsco.de/reaktor2"; - sha256 = "1q2rb78mzpyd8wxfmlbfdz7zq5smsrrvb4n874ap1p8f2bmmp0am"; - rev = "ce276eee82ec0b8c4106beb4c51d6f9eb77335c4"; + sha256 = "0wg76wlzfi893rl0lzhfs6bkpdcvwvgl6mpnz6w7r8f7znr4a9vr"; + rev = "0e199f7a357a4c5973e5837ec67699cf224ca69c"; fetchSubmodules = true; }; isLibrary = false; isExecutable = true; executableHaskellDepends = [ - aeson attoparsec base blessings bytestring containers filepath - network network-simple network-simple-tls pcre-heavy pcre-light - process random text time transformers unix unordered-containers + aeson async attoparsec base blessings bytestring containers + data-default filepath hashable lens lens-aeson network + network-simple network-simple-tls pcre-light process random + string-conversions stringsearch text time transformers unagi-chan + unix unordered-containers vector ]; license = stdenv.lib.licenses.mit; } diff --git a/krebs/5pkgs/simple/Reaktor/default.nix b/krebs/5pkgs/simple/Reaktor/default.nix index 3ef9ffb7d..a88db6379 100644 --- a/krebs/5pkgs/simple/Reaktor/default.nix +++ b/krebs/5pkgs/simple/Reaktor/default.nix @@ -2,7 +2,7 @@ python3Packages.buildPythonPackage rec { name = "Reaktor-${version}"; - version = "0.6.2"; + version = "0.7.0"; doCheck = false; @@ -13,8 +13,8 @@ python3Packages.buildPythonPackage rec { src = fetchFromGitHub { owner = "krebs"; repo = "Reaktor"; - rev = version; - sha256 = "0h8pj0x9b5fnxddwrc0f63rxd3275v5phmjc0fv4kiwlzvbcxj6m"; + rev = "v${version}"; + sha256 = "12yy06vk0smjs0rmahrn2kd4bcdh1yjw1fz6rifw6nmgx889d9hj"; }; meta = { homepage = http://krebsco.de/; diff --git a/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh b/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh old mode 100644 new mode 100755 index 386aa68b9..6f3dd4a3f --- a/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh +++ b/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh @@ -1,5 +1,5 @@ #!/bin/sh -curl http://emojicons.com/random -s | \ +curl -sS http://emojicons.com/random | \ grep data-text | \ sed -n 's/.*>\(.*\)<\/textarea>/\1/p' | \ head -n 1 | \ diff --git a/krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh b/krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh old mode 100644 new mode 100755 diff --git a/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py b/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py old mode 100644 new mode 100755 index ecb03917b..4925b25bb --- a/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py +++ b/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py @@ -46,7 +46,7 @@ if is_regex(line): print('to many lines, skipped') else: if last.strip() != ret.strip(): - print("\x1b[1m{}\x1b[0m meant: {}".format(usr, ret.strip())) + print("\x02{}\x02 meant: {}".format(usr, ret.strip())) if ret: d[usr] = ret diff --git a/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh b/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh old mode 100644 new mode 100755 diff --git a/krebs/5pkgs/simple/much/default.nix b/krebs/5pkgs/simple/much/default.nix deleted file mode 100644 index cf55eb537..000000000 --- a/krebs/5pkgs/simple/much/default.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ haskellPackages, ... }: - -haskellPackages.callPackage ./cabal.nix {} diff --git a/krebs/5pkgs/simple/reaktor2-plugins.nix b/krebs/5pkgs/simple/reaktor2-plugins.nix new file mode 100644 index 000000000..48464c0b6 --- /dev/null +++ b/krebs/5pkgs/simple/reaktor2-plugins.nix @@ -0,0 +1,106 @@ +with import ; +{ lib, pkgs, ... }: + +rec { + generators = { + command_hook = commands: { + pattern = + "^\\s*([0-9A-Za-z._][0-9A-Za-z._-]*)(?:\\s+(.*\\S))?\\s*$"; + command = 1; + arguments = [2]; + commands = commands; + }; + }; + + commands = { + + hello = { + filename = "${pkgs.Reaktor.src}/reaktor/commands/hello"; + }; + + random-emoji = { + filename = ; + env = { + PATH = makeBinPath (with pkgs; [ coreutils gnused gnugrep xmlstarlet wget ]); + }; + }; + + nixos-version = { + filename = pkgs.writeDash "nixos-version" '' + . /etc/os-release + echo "$PRETTY_NAME" + ''; + }; + + stockholm-issue = { + filename = ; + env = { + PATH = makeBinPath (with pkgs; [ coreutils git gnused haskellPackages.lentil ]); + origin = "http://cgit.gum/stockholm"; + state_dir = "/tmp/stockholm-issue"; + }; + }; + + }; + + hooks = { + + sed = { + activate = "always"; + pattern = "^(.*)$"; + arguments = [1]; + command = { + env = { + PATH = makeBinPath (with pkgs; [ gnused ]); + state_dir = "/tmp"; + }; + filename = pkgs.writeDash "sed-plugin" '' + set -efu + exec ${pkgs.python3}/bin/python \ + ${} "$@" + ''; + }; + }; + + shack-correct = { + activate = "match"; + pattern = "^(.*Shack.*)$"; + arguments = [1]; + command.filename = ; + }; + + + url-title = { + #pattern = "^.*(http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$"; + pattern = "^.*(http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$"; + activate = "match"; + arguments = [1]; + command = { + filename = pkgs.writePython3 "url-title" { deps = with pkgs.python3Packages; [ beautifulsoup4 lxml ]; } '' + import cgi + import sys + import urllib.request + from bs4 import BeautifulSoup + + try: + req = urllib.request.Request(sys.argv[1]) + req.add_header('user-agent', 'Reaktor-url-title') + resp = urllib.request.urlopen(req) + if resp.headers['content-type'].find('text/html') >= 0: + soup = BeautifulSoup(resp.read(16000), "lxml") + title = soup.find('title').string + + if len(title.split('\n')) > 5: + title = '\n'.join(title.split('\n')[:5]) + + print(title[:450]) + else: + cd_header = resp.headers['content-disposition'] + print(cgi.parse_header(cd_header)[1]['filename']) + except: # noqa: E722 + pass + ''; + }; + }; + }; +} diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index df2778bef..23746d210 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -36,10 +36,10 @@ with import ; # TODO write function for proxy_pass (ssl/nonssl) krebs.iptables.tables.filter.FORWARD.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; } + { v6 = false; precedence = 1000; predicate = "-d 192.168.122.141"; target = "ACCEPT"; } ]; krebs.iptables.tables.nat.PREROUTING.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; } + { v6 = false; precedence = 1000; predicate = "-d 95.216.1.130"; target = "DNAT --to-destination 192.168.122.141"; } ]; } { @@ -379,6 +379,7 @@ with import ; name = "download"; home = "/var/download"; useDefaultShell = true; + uid = genid "download"; openssh.authorizedKeys.keys = with config.krebs.users; [ lass.pubkey lass-shodan.pubkey @@ -420,6 +421,16 @@ with import ; { predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; } ]; } + { + nix.trustedUsers = [ "Mic92" ]; + users.users.Mic92 = { + uid = genid_uint31 "Mic92"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.Mic92.pubkey + ]; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index a2b5efb29..9a84e9d63 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -63,9 +63,15 @@ defaultGateway = "95.216.1.129"; # Use google's public DNS server nameservers = [ "8.8.8.8" ]; - interfaces.eth0 = { - ipAddress = "95.216.1.150"; - prefixLength = 26; - }; + interfaces.eth0.ipv4.addresses = [ + { + address = "95.216.1.150"; + prefixLength = 26; + } + { + address = "95.216.1.130"; + prefixLength = 26; + } + ]; }; } diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 58fa564a1..9d8bcd7be 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -88,7 +88,7 @@ with import ; client dev tun proto udp - remote 82.102.16.229 1194 + remote 89.249.65.83 1194 resolv-retry infinite remote-random nobind @@ -103,13 +103,9 @@ with import ; reneg-sec 0 comp-lzo no - explicit-exit-notify 3 - remote-cert-tls server - #mute 10000 auth-user-pass ${toString } - verb 3 pull fast-io @@ -118,32 +114,33 @@ with import ; -----BEGIN CERTIFICATE----- - MIIEyjCCA7KgAwIBAgIJANIxRSmgmjW6MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD - VQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQMA4GA1UEChMH - Tm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUyMjkubm9yZHZw - bi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEWEGNlcnRAbm9y - ZHZwbi5jb20wHhcNMTcxMTIyMTQ1MTQ2WhcNMjcxMTIwMTQ1MTQ2WjCBnjELMAkG - A1UEBhMCUEExCzAJBgNVBAgTAlBBMQ8wDQYDVQQHEwZQYW5hbWExEDAOBgNVBAoT - B05vcmRWUE4xEDAOBgNVBAsTB05vcmRWUE4xGjAYBgNVBAMTEWRlMjI5Lm5vcmR2 - cG4uY29tMRAwDgYDVQQpEwdOb3JkVlBOMR8wHQYJKoZIhvcNAQkBFhBjZXJ0QG5v - cmR2cG4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv++dfZlG - UeFF2sGdXjbreygfo78Ujti6X2OiMDFnwgqrhELstumXl7WrFf5EzCYbVriNuUny - mNCx3OxXxw49xvvg/KplX1CE3rKBNnzbeaxPmeyEeXe+NgA7rwOCbYPQJScFxK7X - +D16ZShY25GyIG7hqFGML0Qz6gpZRGaHSd0Lc3wSgoLzGtsIg8hunhfi00dNqMBT - ukCzgfIqbQUuqmOibsWnYvZoXoYKnbRL0Bj8IYvwvu4p2oBQpvM+JR4DC+rv52LI - 583Q6g3LebQ4JuQf8jgxvEEV4UL1CsUBqN3mcRpVUKJS3ijXmzEX9MfpBRcp1rBA - VsiE4Mrk7PXhkwIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFFIv1UuKN2NXaVjRNXDT - Rs/+LT/9MIHTBgNVHSMEgcswgciAFFIv1UuKN2NXaVjRNXDTRs/+LT/9oYGkpIGh - MIGeMQswCQYDVQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQ - MA4GA1UEChMHTm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUy - Mjkubm9yZHZwbi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEW - EGNlcnRAbm9yZHZwbi5jb22CCQDSMUUpoJo1ujAMBgNVHRMEBTADAQH/MA0GCSqG - SIb3DQEBCwUAA4IBAQBf1vr93OIkIFehXOCXYFmAYai8/lK7OQH0SRMYdUPvADjQ - e5tSDK5At2Ew9YLz96pcDhzLqtbQsRqjuqWKWs7DBZ8ZiJg1nVIXxE+C3ezSyuVW - //DdqMeUD80/FZD5kPS2yJJOWfuBBMnaN8Nxb0BaJi9AKFHnfg6Zxqa/FSUPXFwB - wH+zeymL2Dib2+ngvCm9VP3LyfIdvodEJ372H7eG8os8allUnkUzpVyGxI4pN/IB - KROBRPKb+Aa5FWeWgEUHIr+hNrEMvcWfSvZAkSh680GScQeJh5Xb4RGMCW08tb4p - lrojzCvC7OcFeUNW7Ayiuukx8rx/F4+IZ1yJGff9 + MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ + MA4GA1UEChMHTm9yZFZQTjEYMBYGA1UEAxMPTm9yZFZQTiBSb290IENBMB4XDTE2 + MDEwMTAwMDAwMFoXDTM1MTIzMTIzNTk1OVowOTELMAkGA1UEBhMCUEExEDAOBgNV + BAoTB05vcmRWUE4xGDAWBgNVBAMTD05vcmRWUE4gUm9vdCBDQTCCAiIwDQYJKoZI + hvcNAQEBBQADggIPADCCAgoCggIBAMkr/BYhyo0F2upsIMXwC6QvkZps3NN2/eQF + kfQIS1gql0aejsKsEnmY0Kaon8uZCTXPsRH1gQNgg5D2gixdd1mJUvV3dE3y9FJr + XMoDkXdCGBodvKJyU6lcfEVF6/UxHcbBguZK9UtRHS9eJYm3rpL/5huQMCppX7kU + eQ8dpCwd3iKITqwd1ZudDqsWaU0vqzC2H55IyaZ/5/TnCk31Q1UP6BksbbuRcwOV + skEDsm6YoWDnn/IIzGOYnFJRzQH5jTz3j1QBvRIuQuBuvUkfhx1FEwhwZigrcxXu + MP+QgM54kezgziJUaZcOM2zF3lvrwMvXDMfNeIoJABv9ljw969xQ8czQCU5lMVmA + 37ltv5Ec9U5hZuwk/9QO1Z+d/r6Jx0mlurS8gnCAKJgwa3kyZw6e4FZ8mYL4vpRR + hPdvRTWCMJkeB4yBHyhxUmTRgJHm6YR3D6hcFAc9cQcTEl/I60tMdz33G6m0O42s + Qt/+AR3YCY/RusWVBJB/qNS94EtNtj8iaebCQW1jHAhvGmFILVR9lzD0EzWKHkvy + WEjmUVRgCDd6Ne3eFRNS73gdv/C3l5boYySeu4exkEYVxVRn8DhCxs0MnkMHWFK6 + MyzXCCn+JnWFDYPfDKHvpff/kLDobtPBf+Lbch5wQy9quY27xaj0XwLyjOltpiST + LWae/Q4vAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqG + SIb3DQEBDQUAA4ICAQC9fUL2sZPxIN2mD32VeNySTgZlCEdVmlq471o/bDMP4B8g + nQesFRtXY2ZCjs50Jm73B2LViL9qlREmI6vE5IC8IsRBJSV4ce1WYxyXro5rmVg/ + k6a10rlsbK/eg//GHoJxDdXDOokLUSnxt7gk3QKpX6eCdh67p0PuWm/7WUJQxH2S + DxsT9vB/iZriTIEe/ILoOQF0Aqp7AgNCcLcLAmbxXQkXYCCSB35Vp06u+eTWjG0/ + pyS5V14stGtw+fA0DJp5ZJV4eqJ5LqxMlYvEZ/qKTEdoCeaXv2QEmN6dVqjDoTAo + k0t5u4YRXzEVCfXAC3ocplNdtCA72wjFJcSbfif4BSC8bDACTXtnPC7nD0VndZLp + +RiNLeiENhk0oTC+UVdSc+n2nJOzkCK0vYu0Ads4JGIB7g8IB3z2t9ICmsWrgnhd + NdcOe15BincrGA8avQ1cWXsfIKEjbrnEuEk9b5jel6NfHtPKoHc9mDpRdNPISeVa + wDBM1mJChneHt59Nh8Gah74+TM1jBsw4fhJPvoc7Atcg740JErb904mZfkIEmojC + VPhBHVQ9LHBAdM8qFI2kRK0IynOmAZhexlP/aT/kpEsEPyaZQlnBn3An1CRz8h0S + PApL8PytggYKeQmRhl499+6jLxcZ2IegLfqq41dzIjwHwTMplg+1pKIOVojpWA== -----END CERTIFICATE----- key-direction 1 @@ -152,23 +149,24 @@ with import ; # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- - 49b2f54c6ee58d2d97331681bb577d55 - 054f56d92b743c31e80b684de0388702 - ad3bf51088cd88f3fac7eb0729f2263c - 51d82a6eb7e2ed4ae6dfa65b1ac764d0 - b9dedf1379c1b29b36396d64cb6fd6b2 - e61f869f9a13001dadc02db171f04c4d - c46d1132c1f31709e7b54a6eabae3ea8 - fbd2681363c185f4cb1be5aa42a27c31 - 21db7b2187fd11c1acf224a0d5a44466 - b4b5a3cc34ec0227fe40007e8b379654 - f1e8e2b63c6b46ee7ab6f1bd82f57837 - 92c209e8f25bc9ed493cb5c1d891ae72 - 7f54f4693c5b20f136ca23e639fd8ea0 - 865b4e22dd2af43e13e6b075f12427b2 - 08af9ffd09c56baa694165f57fe2697a - 3377fa34aebcba587c79941d83deaf45 + e685bdaf659a25a200e2b9e39e51ff03 + 0fc72cf1ce07232bd8b2be5e6c670143 + f51e937e670eee09d4f2ea5a6e4e6996 + 5db852c275351b86fc4ca892d78ae002 + d6f70d029bd79c4d1c26cf14e9588033 + cf639f8a74809f29f72b9d58f9b8f5fe + fc7938eade40e9fed6cb92184abb2cc1 + 0eb1a296df243b251df0643d53724cdb + 5a92a1d6cb817804c4a9319b57d53be5 + 80815bcfcb2df55018cc83fc43bc7ff8 + 2d51f9b88364776ee9d12fc85cc7ea5b + 9741c4f598c485316db066d52db4540e + 212e1518a9bd4828219e24b20d88f598 + a196c9de96012090e333519ae18d3509 + 9427e7b372d348d352dc4c85e18cd4b9 + 3f8a56ddb2e64eb67adfc9b337157ff4 -----END OpenVPN Static key V1----- + ''; } diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index b8a0a9f2a..1d2d1173d 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -74,7 +74,7 @@ in { nmap pavucontrol powertop - rxvt_unicode_with-plugins + rxvt_unicode-with-plugins sxiv taskwarrior termite diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 69e697a1d..2547e8bac 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -2,6 +2,7 @@ with import ; { config, pkgs, ... }: { imports = [ + ./binary-cache/client.nix ./gc.nix ./mc.nix @@ -81,9 +82,6 @@ with import ; services.timesyncd.enable = mkForce true; - #why is this on in the first place? - services.nscd.enable = false; - systemd.tmpfiles.rules = [ "d /tmp 1777 root root - -" ]; @@ -115,6 +113,7 @@ with import ; #network iptables iftop + tcpdump #stuff for dl aria2 diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index f487a9910..555295422 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -96,6 +96,7 @@ with import ; { from = "nordvpn@lassul.us"; to = lass.mail; } { from = "csv-direct@lassul.us"; to = lass.mail; } { from = "nintendo@lassul.us"; to = lass.mail; } + { from = "overleaf@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 3c19fe061..52d380b7c 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -225,7 +225,7 @@ in { msmtp mutt pkgs.notmuch - pkgs.much + pkgs.haskellPackages.much tag-new-mails tag-old-mails ]; diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix index 7cdcdf20c..44d9d6866 100644 --- a/lass/2configs/reaktor-coders.nix +++ b/lass/2configs/reaktor-coders.nix @@ -1,99 +1,107 @@ { config, lib, pkgs, ... }: with import ; -{ - krebs.Reaktor.coders = { - nickname = "Reaktor|lass"; - channels = [ "#coders" "#germany" "#panthermoderns" ]; - extraEnviron = { - REAKTOR_HOST = "irc.hackint.org"; - }; - plugins = with pkgs.ReaktorPlugins; let - - lambdabot = (import (pkgs.fetchFromGitHub { - owner = "NixOS"; repo = "nixpkgs"; - rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac"; - sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy"; - }) {}).lambdabot; - - lambdabotflags = '' - -XStandaloneDeriving -XGADTs -XFlexibleContexts \ - -XFlexibleInstances -XMultiParamTypeClasses \ - -XOverloadedStrings -XFunctionalDependencies \''; - in [ - sed-plugin - url-title - (buildSimpleReaktorPlugin "lambdabot-pl" { - pattern = "^@pl (?P.*)$$"; - script = pkgs.writeDash "lambda-pl" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@pl $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-type" { - pattern = "^@type (?P.*)$$"; - script = pkgs.writeDash "lambda-type" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@type $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-let" { - pattern = "^@let (?P.*)$$"; - script = pkgs.writeDash "lambda-let" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@let $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-run" { - pattern = "^@run (?P.*)$$"; - script = pkgs.writeDash "lambda-run" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@run $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-kind" { - pattern = "^@kind (?P.*)$$"; - script = pkgs.writeDash "lambda-kind" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@kind $1" - ''; - }) - (buildSimpleReaktorPlugin "ping" { - pattern = "^!ping (?P.*)$$"; - script = pkgs.writeDash "ping" '' - exec /run/wrappers/bin/ping -q -c1 "$1" 2>&1 | tail -1 - ''; - }) - (buildSimpleReaktorPlugin "google" { - pattern = "^!g (?P.*)$$"; - script = pkgs.writeDash "google" '' - exec ${pkgs.ddgr}/bin/ddgr -C -n1 --json "$@" | \ - ${pkgs.jq}/bin/jq '@text "\(.[0].abstract) \(.[0].url)"' - ''; - }) - (buildSimpleReaktorPlugin "blockchain" { - pattern = ".*[Bb]lockchain.*$$"; - script = pkgs.writeDash "blockchain" '' - exec echo 'DID SOMEBODY SAY BLOCKCHAIN? https://paste.krebsco.de/r99pMoQq/+inline' - ''; - }) - (buildSimpleReaktorPlugin "shrug" { - pattern = "^!shrug$"; - script = pkgs.writeDash "shrug" '' - exec echo '¯\_(ツ)_/¯' - ''; - }) - (buildSimpleReaktorPlugin "flip" { - pattern = "^!flip$"; - script = pkgs.writeDash "shrug" '' - exec echo '(╯°□°)╯ ┻━┻' - ''; - }) +let + hooks = pkgs.reaktor2-plugins.hooks; +in { + krebs.reaktor2.coders = { + hostname = "irc.hackint.org"; + port = "9999"; + useTLS = true; + nick = "reaktor2|lass"; + plugins = [ + { + plugin = "register"; + config = { + channels = [ + "#coders" + "#germany" + "#panthermoderns" + ]; + }; + } + { + plugin = "system"; + config = { + workdir = config.krebs.reaktor2.coders.stateDir; + hooks.PRIVMSG = [ + hooks.sed + hooks.url-title + { + activate = "match"; + pattern = ''@([^ ]+) (.*)$''; + command = 1; + arguments = [2]; + commands = let + lambdabot = (import (pkgs.fetchFromGitHub { + owner = "NixOS"; repo = "nixpkgs"; + rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac"; + sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy"; + }) {}).lambdabot; + lambdabotWrapper = pkgs.writeDash "lambdabot.wrapper" '' + exec ${lambdabot}/bin/lambdabot \ + -XStandaloneDeriving -XGADTs -XFlexibleContexts \ + -XFlexibleInstances -XMultiParamTypeClasses \ + -XOverloadedStrings -XFunctionalDependencies \ + -e "$@" + ''; + in { + pl = { + env.HOME = config.krebs.reaktor2.coders.stateDir; + filename = pkgs.writeDash "lambdabot-pl" '' + ${lambdabotWrapper} "@pl $1" + ''; + }; + type = { + env.HOME = config.krebs.reaktor2.coders.stateDir; + filename = pkgs.writeDash "lambdabot-type" '' + ${lambdabotWrapper} "@type $1" + ''; + }; + "let" = { + env.HOME = config.krebs.reaktor2.coders.stateDir; + filename = pkgs.writeDash "lambdabot-let" '' + ${lambdabotWrapper} "@let $1" + ''; + }; + run = { + env.HOME = config.krebs.reaktor2.coders.stateDir; + filename = pkgs.writeDash "lambdabot-run" '' + ${lambdabotWrapper} "@run $1" + ''; + }; + kind = { + env.HOME = config.krebs.reaktor2.coders.stateDir; + filename = pkgs.writeDash "lambdabot-kind" '' + ${lambdabotWrapper} "@kind $1" + ''; + }; + }; + } + { + activate = "match"; + pattern = ''!([^ ]+)(?:\s*(.*))?''; + command = 1; + arguments = [2]; + commands = { + ping.filename = pkgs.writeDash "ping" '' + exec /run/wrappers/bin/ping -q -c1 "$1" 2>&1 | tail -1 + ''; + google.filename = pkgs.writeDash "google" '' + exec ${pkgs.ddgr}/bin/ddgr -C -n1 --json "$@" | \ + ${pkgs.jq}/bin/jq '@text "\(.[0].abstract) \(.[0].url)"' + ''; + shrug.filename = pkgs.writeDash "shrug" '' + exec echo '¯\_(ツ)_/¯' + ''; + table.filename = pkgs.writeDash "table" '' + exec echo '(╯°□°)╯ ┻━┻' + ''; + }; + } + ]; + }; + } ]; }; } diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 223fc73ba..7fb248139 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -155,6 +155,13 @@ in { ssl_key = "/var/lib/acme/lassul.us/key.pem"; }; + users.users.UBIK-SFTP = { + uid = genid_uint31 "UBIK-SFTP"; + home = "/home/UBIK-SFTP"; + useDefaultShell = true; + createHome = true; + }; + users.users.xanf = { uid = genid_uint31 "xanf"; home = "/home/xanf"; @@ -227,5 +234,22 @@ in { createHome = true; }; + services.restic.backups.domsen = { + initialize = true; + extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr.duckdns.org -p 52222 -i ${toString + "/ssh.id_ed25519"} -s sftp'" ]; + repository = "sftp:efOVcMWSZ@wilhelmstr.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES"; + passwordFile = toString + "/domsen_backup_pw"; + paths = [ + "/srv/http" + "/home/domsen/Mail" + "/home/ms/Mail" + "/home/klabusterbeere/Mail" + "/home/jms/Mail" + "/home/bruno/Mail" + "/home/akayguen/Mail" + "/backups/sql_dumps" + ]; + }; + } diff --git a/tv/2configs/mail-client.nix b/tv/2configs/mail-client.nix index 8b6f8bbcd..0caf5264a 100644 --- a/tv/2configs/mail-client.nix +++ b/tv/2configs/mail-client.nix @@ -1,13 +1,10 @@ -{ pkgs, ... }: - -with pkgs; -{ +{ pkgs, ... }: { environment.systemPackages = [ - much - msmtp - notmuch - pythonPackages.alot - qprint - w3m + pkgs.haskellPackages.much + pkgs.msmtp + pkgs.notmuch + pkgs.pythonPackages.alot + pkgs.qprint + pkgs.w3m ]; }