From dbaf1d4c66d29332d9999902189b5ed413cdcf90 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 21 Nov 2021 20:12:21 +0100 Subject: [PATCH 01/14] krops: 1.26.1 -> 1.26.2 --- submodules/krops | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/submodules/krops b/submodules/krops index 05f0d3b5c..13ae434b1 160000 --- a/submodules/krops +++ b/submodules/krops @@ -1 +1 @@ -Subproject commit 05f0d3b5c1d38fbbd53142362a7821cc8bc1150a +Subproject commit 13ae434b140035e7e2664bd5a8ef4c475413b2e0 From 8f97f5e2e1fd5c6f73db0bc6546ad098c8b162fe Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 21 Nov 2021 20:39:28 +0100 Subject: [PATCH 02/14] krebs zone-head-config: fix style --- krebs/3modules/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 24b17487b..7b6639212 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -80,9 +80,9 @@ let description = '' The zone configuration head which is being used to create the zone files. The string for each key is pre-pended to the zone file. - ''; - # TODO: configure the default somewhere else, - # maybe use krebs.dns.providers + ''; + # TODO: configure the default somewhere else, + # maybe use krebs.dns.providers default = { # github.io -> 192.30.252.154 @@ -96,7 +96,7 @@ let IN A 185.199.110.153 IN A 185.199.111.153 ''; - }; + }; }; }; From e51e379342628dd3d01c15f91674e130466142a9 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 22 Nov 2021 15:10:22 +0100 Subject: [PATCH 03/14] tv: stop using pkgs.linuxPackages_latest Because otherwise all systems using zfs have to override boot.kernelPackages with a compatible version. --- tv/2configs/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 8e8d0a468..de298e162 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -1,8 +1,6 @@ with import ; { config, pkgs, ... }: { - boot.kernelPackages = mkDefault pkgs.linuxPackages_latest; - boot.tmpOnTmpfs = true; krebs.enable = true; From c95ee44d412e22866161de6521cea7808a3ea077 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 22 Nov 2021 15:44:14 +0100 Subject: [PATCH 04/14] tv wu: make network configuration explicit This silences warnings during deployment. --- tv/1systems/wu/config.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tv/1systems/wu/config.nix b/tv/1systems/wu/config.nix index f0ef6f9b0..bf250cefa 100644 --- a/tv/1systems/wu/config.nix +++ b/tv/1systems/wu/config.nix @@ -33,5 +33,11 @@ with import ; }; networking.wireless.enable = true; + networking.wireless.interfaces = [ + "wlp3s0" + ]; + networking.interfaces.enp4s0f2.useDHCP = true; + networking.interfaces.wlp3s0.useDHCP = true; + networking.useDHCP = false; } From cbab195e1fd119be75cf81469f46bd0cd8e901c1 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 23 Nov 2021 20:36:54 +0100 Subject: [PATCH 05/14] purebred-email: init at 0.4.3 --- .../5pkgs/haskell/purebred-email/default.nix | 31 +++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 krebs/5pkgs/haskell/purebred-email/default.nix diff --git a/krebs/5pkgs/haskell/purebred-email/default.nix b/krebs/5pkgs/haskell/purebred-email/default.nix new file mode 100644 index 000000000..f781e820e --- /dev/null +++ b/krebs/5pkgs/haskell/purebred-email/default.nix @@ -0,0 +1,31 @@ +{ mkDerivation, attoparsec, base, base64-bytestring, bytestring +, case-insensitive, concise, deepseq, fetchgit, hedgehog, lens, lib +, QuickCheck, quickcheck-instances, semigroupoids, semigroups +, stringsearch, tasty, tasty-golden, tasty-hedgehog, tasty-hunit +, tasty-quickcheck, text, time +}: +mkDerivation { + pname = "purebred-email"; + version = "0.4.3"; + src = fetchgit { + url = "https://github.com/purebred-mua/purebred-email"; + sha256 = "06xhccavrdzfsvg65mzdnp0a7b1ilk2rqpnyvkr171ir6mqdpb19"; + rev = "769b360643f699c0a8cd6f1c3a3de36cf0479834"; + fetchSubmodules = true; + }; + isLibrary = true; + isExecutable = true; + libraryHaskellDepends = [ + attoparsec base base64-bytestring bytestring case-insensitive + concise deepseq lens semigroupoids semigroups stringsearch text + time + ]; + testHaskellDepends = [ + attoparsec base bytestring case-insensitive hedgehog lens + QuickCheck quickcheck-instances semigroups tasty tasty-golden + tasty-hedgehog tasty-hunit tasty-quickcheck text time + ]; + homepage = "https://github.com/purebred-mua/purebred-email"; + description = "types and parser for email messages (including MIME)"; + license = lib.licenses.agpl3Plus; +} From 6cf266885df32090f4df528fb0a14e1676397566 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 23 Nov 2021 20:39:13 +0100 Subject: [PATCH 06/14] purebred-email: don't implicitly add MIME-Version --- .../5pkgs/haskell/purebred-email/default.nix | 3 + .../untweak-mime-version-header.patch | 65 +++++++++++++++++++ 2 files changed, 68 insertions(+) create mode 100644 krebs/5pkgs/haskell/purebred-email/untweak-mime-version-header.patch diff --git a/krebs/5pkgs/haskell/purebred-email/default.nix b/krebs/5pkgs/haskell/purebred-email/default.nix index f781e820e..ebf315388 100644 --- a/krebs/5pkgs/haskell/purebred-email/default.nix +++ b/krebs/5pkgs/haskell/purebred-email/default.nix @@ -13,6 +13,9 @@ mkDerivation { rev = "769b360643f699c0a8cd6f1c3a3de36cf0479834"; fetchSubmodules = true; }; + patches = [ + ./untweak-mime-version-header.patch + ]; isLibrary = true; isExecutable = true; libraryHaskellDepends = [ diff --git a/krebs/5pkgs/haskell/purebred-email/untweak-mime-version-header.patch b/krebs/5pkgs/haskell/purebred-email/untweak-mime-version-header.patch new file mode 100644 index 000000000..97baf7ac1 --- /dev/null +++ b/krebs/5pkgs/haskell/purebred-email/untweak-mime-version-header.patch @@ -0,0 +1,65 @@ +diff --git a/src/Data/MIME.hs b/src/Data/MIME.hs +index 19af53e..be8cbd4 100644 +--- a/src/Data/MIME.hs ++++ b/src/Data/MIME.hs +@@ -810,7 +810,6 @@ multipart takeTillEnd boundary = + -- | Sets the @MIME-Version: 1.0@ header. + -- + instance RenderMessage MIME where +- tweakHeaders = set (headers . at "MIME-Version") (Just "1.0") + buildBody h z = Just $ case z of + Part partbody -> Builder.byteString partbody + Encapsulated msg -> buildMessage msg +diff --git a/tests/Generator.hs b/tests/Generator.hs +index 9e1f166..23bd122 100644 +--- a/tests/Generator.hs ++++ b/tests/Generator.hs +@@ -64,7 +64,7 @@ exampleMailsParseSuccessfully = + textPlain7bit :: MIMEMessage + textPlain7bit = + let m = createTextPlainMessage "This is a simple mail." +- in over headers (\(Headers xs) -> Headers $ (CI.mk "Subject", "Hello there") : xs) m ++ in over headers (\(Headers xs) -> Headers $ (CI.mk "MIME-Version", "1.0") : (CI.mk "Subject", "Hello there") : xs) m + + multiPartMail :: MIMEMessage + multiPartMail = +@@ -72,13 +72,16 @@ multiPartMail = + to' = Single $ Mailbox Nothing (AddrSpec "bar" (DomainDotAtom $ pure "bar.com")) + subject = "Hello there" + p = createTextPlainMessage "This is a simple mail." ++ & set (headers . at "MIME-Version") (Just "1.0") + a = createAttachment + contentTypeApplicationOctetStream + (Just "foo.bin") + "fileContentsASDF" ++ & set (headers . at "MIME-Version") (Just "1.0") + now = UTCTime (ModifiedJulianDay 123) (secondsToDiffTime 123) + in createMultipartMixedMessage "asdf" (fromList [p, a]) +- & set (headers . at "From") (Just $ renderMailboxes [from']) ++ & set (headers . at "MIME-Version") (Just "1.0") ++ . set (headers . at "From") (Just $ renderMailboxes [from']) + . set (headers . at "To") (Just $ renderAddresses [to']) + . set (headers . at "Date") (Just $ renderRFC5422Date now) + . set (headers . at "Subject") (Just $ T.encodeUtf8 subject) +diff --git a/tests/Message.hs b/tests/Message.hs +index 6711519..3e40397 100644 +--- a/tests/Message.hs ++++ b/tests/Message.hs +@@ -29,7 +29,7 @@ import Data.Char (isPrint) + import Data.Foldable (fold) + import Data.List.NonEmpty (NonEmpty(..), intersperse) + +-import Control.Lens (set, view) ++import Control.Lens ((&), at, set, view) + import qualified Data.ByteString as B + import qualified Data.Text as T + +@@ -99,7 +99,7 @@ genMessage = Gen.choice [ genTextPlain, genMultipart, encapsulate <$> genMessage + prop_messageRoundTrip :: Property + prop_messageRoundTrip = property $ do + msg <- forAll genMessage +- parse (message mime) (renderMessage msg) === Right msg ++ parse (message mime) (renderMessage $ msg & set (headers . at "MIME-Version") (Just "1.0")) === Right msg + + prop_messageFromRoundTrip :: Property + prop_messageFromRoundTrip = property $ do From 2b774a4866ad4c0d961b4a6e637027a928bcf500 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 23 Nov 2021 20:02:59 +0100 Subject: [PATCH 07/14] mailaids: init from tv --- {tv => krebs}/5pkgs/haskell/mailaids.nix | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {tv => krebs}/5pkgs/haskell/mailaids.nix (100%) diff --git a/tv/5pkgs/haskell/mailaids.nix b/krebs/5pkgs/haskell/mailaids.nix similarity index 100% rename from tv/5pkgs/haskell/mailaids.nix rename to krebs/5pkgs/haskell/mailaids.nix From 09256b0e4f7ecc9259921839ef4a7a725785fb89 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 27 Nov 2021 15:57:02 +0100 Subject: [PATCH 08/14] tv gitrepos: add couchfs --- tv/2configs/gitrepos.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index 2b8457e40..6f4dedad6 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -65,6 +65,9 @@ let { public-repos = mapAttrs make-public-repo ({ } // mapAttrs (_: recursiveUpdate { cgit.section = "1. miscellaneous"; }) { + couchfs = { + cgit.desc = "filesystem (in userspace) on top of CouchDB"; + }; crx = { cgit.desc = "utilities for working with Chrome extensions"; }; From 678d25ee0535c6c195c130e0805436466d8a64bd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 27 Nov 2021 23:44:42 +0100 Subject: [PATCH 09/14] l yellow.r: transmission listen on ipv6 --- lass/1systems/yellow/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index dc3b4b566..554882bf3 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -21,7 +21,7 @@ with import ; download-dir = "/var/download/finished"; incomplete-dir = "/var/download/incoming"; incomplete-dir-enable = true; - rpc-bind-address = "0.0.0.0"; + rpc-bind-address = "::"; message-level = 1; umask = 18; rpc-whitelist-enabled = false; From ee59532c6067394eb4c509aca7f3bef0175b8668 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 27 Nov 2021 23:45:26 +0100 Subject: [PATCH 10/14] l prism.r: add internet ipv6 address --- krebs/3modules/lass/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 1f118b8b0..7b09ef07b 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -71,6 +71,7 @@ in { 60 IN NS ns16.ovh.net. 60 IN NS dns16.ovh.net. 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + 60 IN AAAA ${config.krebs.hosts.prism.nets.internet.ip6.addr} IN MX 5 lassul.us. 60 IN TXT v=spf1 mx a:lassul.us -all 60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" ) @@ -98,6 +99,10 @@ in { addr = "95.216.1.150"; prefix = "0.0.0.0/0"; }; + ip6 = { + addr = "2a01:4f9:2a:1e9::1"; + prefix = "2a01:4f9:2a:1e9::/64"; + }; aliases = [ "prism.i" "paste.i" From d71fe62fffe25f20fd5534fe22c7bd414b9f98db Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 27 Nov 2021 23:47:15 +0100 Subject: [PATCH 11/14] l prism.r: add jelly.r alias + proxy_pass --- krebs/3modules/lass/default.nix | 1 + lass/1systems/prism/config.nix | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 7b09ef07b..dfe7c5015 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -118,6 +118,7 @@ in { "cache.prism.r" "cgit.prism.r" "flix.r" + "jelly.r" "paste.r" "c.r" "p.r" diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 45f9ae00e..c92a239f9 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -284,6 +284,12 @@ with import ; localAddress = "10.233.2.14"; }; + services.nginx.virtualHosts."jelly.r" = { + locations."/".extraConfig = '' + proxy_pass http://10.233.2.14:8096/; + proxy_set_header Accept-Encoding ""; + ''; + }; services.nginx.virtualHosts."flix.r" = { locations."/".extraConfig = '' proxy_pass http://10.233.2.14:80/; From 8a0685d85940eb1f2e2cf595730b02cc73b0219e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 27 Nov 2021 23:48:41 +0100 Subject: [PATCH 12/14] l: init tablet.r --- krebs/3modules/lass/default.nix | 17 +++++++++++++++++ krebs/3modules/lass/ssh/tablet.ed25519 | 1 + 2 files changed, 18 insertions(+) create mode 100644 krebs/3modules/lass/ssh/tablet.ed25519 diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index dfe7c5015..280021347 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -575,6 +575,20 @@ in { ci = false; syncthing.id = "PWKVXPB-JCNO6E4-KVIQ7CK-6FSOWHM-AWORMDU-HVVYLKW-44DQTYW-XZT7DQJ"; }; + tablet = { + nets = { + wiregrill = { + ip4.addr = "10.244.1.14"; + ip6.addr = w6 "b"; + aliases = [ + "tablet.w" + ]; + wireguard.pubkey = "eIafsxYEFCqmWNFon6ZsYXeDrK4X1UJ9KD0zmNZjgEI="; + }; + }; + external = true; + ci = false; + }; hilum = { cores = 1; nets = { @@ -823,5 +837,8 @@ in { mail = "lassulus@gmail.com"; pubkey = builtins.readFile ./ssh/android.ed25519; }; + lass-tablet = { + pubkey = builtins.readFile ./ssh/tablet.ed25519; + }; }; } diff --git a/krebs/3modules/lass/ssh/tablet.ed25519 b/krebs/3modules/lass/ssh/tablet.ed25519 new file mode 100644 index 000000000..250be53f7 --- /dev/null +++ b/krebs/3modules/lass/ssh/tablet.ed25519 @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMaulRARjJt6gQ4q5DCj3ySAf4juHvVaIcXDRhWZ5mM u0_a234@localhost \ No newline at end of file From 14c210d35853c914d5e9cf3488b32f2aaae1d246 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 28 Nov 2021 00:12:00 +0100 Subject: [PATCH 13/14] limit journald size --- krebs/2configs/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix index 4c25bc963..369b750b7 100644 --- a/krebs/2configs/default.nix +++ b/krebs/2configs/default.nix @@ -45,6 +45,13 @@ with import ; services.cron.enable = false; services.ntp.enable = false; + # limit journald size + services.journald.extraConfig = '' + SystemMaxUse=1G + RuntimeMaxUse=128M + Storage=persistent + ''; + users.mutableUsers = false; users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users.jeschli-brauerei.pubkey From 948584f291627d35d6da2f41704fd19adc4dbdde Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= Date: Tue, 30 Nov 2021 22:00:34 +0100 Subject: [PATCH 14/14] external: kmein takes over graph.r --- krebs/3modules/external/default.nix | 1 + krebs/3modules/makefu/default.nix | 2 +- makefu/2configs/deployment/graphs.nix | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 28d58b525..7c896e90a 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -151,6 +151,7 @@ in { "makanek.kmein.r" "grafana.kmein.r" "names.kmein.r" + "graph.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 03431ce5f..7780863a3 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -221,7 +221,7 @@ in { "cgit.gum.r" "dcpp.gum.r" "dcpp.nextgum.r" - "graph.r" + "graph.makefu.r" "logs.makefu.r" "netdata.makefu.r" "nextgum.r" diff --git a/makefu/2configs/deployment/graphs.nix b/makefu/2configs/deployment/graphs.nix index e7dc54dd0..1f6deb1bf 100644 --- a/makefu/2configs/deployment/graphs.nix +++ b/makefu/2configs/deployment/graphs.nix @@ -18,7 +18,7 @@ in { } ''; serverAliases = [ - "graph.r" + "graph.makefu.r" "graph.${hn}" "graph.${hn}.r" ]; };