Merge remote-tracking branch 'cloudkrebs/master'
This commit is contained in:
commit
96f4248b65
@ -14,6 +14,7 @@ let
|
|||||||
./iptables.nix
|
./iptables.nix
|
||||||
./nginx.nix
|
./nginx.nix
|
||||||
./Reaktor.nix
|
./Reaktor.nix
|
||||||
|
./realwallpaper.nix
|
||||||
./retiolum.nix
|
./retiolum.nix
|
||||||
./urlwatch.nix
|
./urlwatch.nix
|
||||||
];
|
];
|
||||||
|
@ -34,9 +34,11 @@ with import ../../4lib { inherit lib; };
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK";
|
||||||
};
|
};
|
||||||
fastpoke = {
|
fastpoke = {
|
||||||
dc = "lass"; #dc = "cac";
|
dc = "lass";
|
||||||
nets = rec {
|
nets = rec {
|
||||||
internet = {
|
internet = {
|
||||||
addrs4 = ["193.22.164.36"];
|
addrs4 = ["193.22.164.36"];
|
||||||
@ -95,6 +97,8 @@ with import ../../4lib { inherit lib; };
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7oYx7Lbkc0wPYNp92LQF93DCtxsGzOkVD91FJQzVZl";
|
||||||
};
|
};
|
||||||
uriel = {
|
uriel = {
|
||||||
cores = 1;
|
cores = 1;
|
||||||
@ -119,6 +123,8 @@ with import ../../4lib { inherit lib; };
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBryIo/Waw8SWvlQ0+5I+Bd/dJgcMd6iPXtELS6gQXoc";
|
||||||
secure = true;
|
secure = true;
|
||||||
};
|
};
|
||||||
mors = {
|
mors = {
|
||||||
@ -145,6 +151,8 @@ with import ../../4lib { inherit lib; };
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
secure = true;
|
secure = true;
|
||||||
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD";
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
@ -8,12 +8,10 @@ let
|
|||||||
mkIf
|
mkIf
|
||||||
;
|
;
|
||||||
|
|
||||||
lpkgs = import ../5pkgs { inherit pkgs; };
|
cfg = config.krebs.realwallpaper;
|
||||||
|
|
||||||
cfg = config.lass.realwallpaper;
|
|
||||||
|
|
||||||
out = {
|
out = {
|
||||||
options.lass.realwallpaper = api;
|
options.krebs.realwallpaper = api;
|
||||||
config = mkIf cfg.enable imp;
|
config = mkIf cfg.enable imp;
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -57,13 +55,13 @@ let
|
|||||||
imp = {
|
imp = {
|
||||||
systemd.timers.realwallpaper = {
|
systemd.timers.realwallpaper = {
|
||||||
description = "real wallpaper generator timer";
|
description = "real wallpaper generator timer";
|
||||||
|
wantedBy = [ "timers.target" ];
|
||||||
|
|
||||||
timerConfig = cfg.timerConfig;
|
timerConfig = cfg.timerConfig;
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.realwallpaper = {
|
systemd.services.realwallpaper = {
|
||||||
description = "real wallpaper generator";
|
description = "real wallpaper generator";
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
|
|
||||||
path = with pkgs; [
|
path = with pkgs; [
|
||||||
@ -85,7 +83,7 @@ let
|
|||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
ExecStart = "${lpkgs.realwallpaper}/realwallpaper.sh";
|
ExecStart = "${pkgs.realwallpaper}/realwallpaper.sh";
|
||||||
User = "realwallpaper";
|
User = "realwallpaper";
|
||||||
};
|
};
|
||||||
};
|
};
|
@ -21,7 +21,9 @@ rec {
|
|||||||
nq = callPackage ./nq {};
|
nq = callPackage ./nq {};
|
||||||
posix-array = callPackage ./posix-array {};
|
posix-array = callPackage ./posix-array {};
|
||||||
pssh = callPackage ./pssh {};
|
pssh = callPackage ./pssh {};
|
||||||
|
passwdqc-utils = callPackage ./passwdqc-utils {};
|
||||||
Reaktor = callPackage ./Reaktor {};
|
Reaktor = callPackage ./Reaktor {};
|
||||||
|
realwallpaper = callPackage ./realwallpaper.nix {};
|
||||||
youtube-tools = callPackage ./youtube-tools {};
|
youtube-tools = callPackage ./youtube-tools {};
|
||||||
|
|
||||||
execve = name: { filename, argv, envp ? {}, destination ? "" }:
|
execve = name: { filename, argv, envp ? {}, destination ? "" }:
|
||||||
|
27
krebs/5pkgs/passwdqc-utils/default.nix
Normal file
27
krebs/5pkgs/passwdqc-utils/default.nix
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
{stdenv,pam,fetchurl,...}:
|
||||||
|
|
||||||
|
stdenv.mkDerivation rec {
|
||||||
|
name = "passwdqc-utils-${version}";
|
||||||
|
version = "1.3.0";
|
||||||
|
buildInputs = [ pam ];
|
||||||
|
src = fetchurl {
|
||||||
|
url = "http://www.openwall.com/passwdqc/passwdqc-${version}.tar.gz";
|
||||||
|
sha256 = "0l3zbrp4pvah0dz33m48aqlz9nx663cc1fqhnlwr0p853b10la93";
|
||||||
|
};
|
||||||
|
buildTargets = "utils";
|
||||||
|
installFlags= [ "BINDIR=$(out)/bin"
|
||||||
|
"CONFDIR=$(out)/etc"
|
||||||
|
"SHARED_LIBDIR=$(out)/lib"
|
||||||
|
"DEVEL_LIBDIR=$(out)/lib"
|
||||||
|
"SECUREDIR=$(out)/lib/security"
|
||||||
|
"INCLUDEDIR=$(out)/include"
|
||||||
|
"MANDIR=$(out)/man"];
|
||||||
|
installTargets = "install_lib install_utils";
|
||||||
|
|
||||||
|
meta = {
|
||||||
|
description = "passwdqc utils (pwqgen,pwqcheck) and library";
|
||||||
|
license = stdenv.lib.licenses.bsd3;
|
||||||
|
maintainers = [ stdenv.lib.maintainers.makefu ];
|
||||||
|
patforms = stdenv.lib.platforms.linux; # more installFlags must be set for Darwin,Solaris
|
||||||
|
};
|
||||||
|
}
|
@ -13,6 +13,10 @@ in {
|
|||||||
../2configs/retiolum.nix
|
../2configs/retiolum.nix
|
||||||
../2configs/realwallpaper-server.nix
|
../2configs/realwallpaper-server.nix
|
||||||
../2configs/privoxy-retiolum.nix
|
../2configs/privoxy-retiolum.nix
|
||||||
|
../2configs/git.nix
|
||||||
|
../2configs/redis.nix
|
||||||
|
../2configs/go.nix
|
||||||
|
../2configs/ircd.nix
|
||||||
{
|
{
|
||||||
networking.interfaces.enp2s1.ip4 = [
|
networking.interfaces.enp2s1.ip4 = [
|
||||||
{
|
{
|
||||||
@ -43,6 +47,6 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.hostName = "echelon";
|
networking.hostName = config.krebs.build.host.name;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -24,6 +24,7 @@
|
|||||||
../2configs/bitlbee.nix
|
../2configs/bitlbee.nix
|
||||||
../2configs/firefoxPatched.nix
|
../2configs/firefoxPatched.nix
|
||||||
../2configs/realwallpaper.nix
|
../2configs/realwallpaper.nix
|
||||||
|
../2configs/skype.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build = {
|
krebs.build = {
|
||||||
|
@ -28,14 +28,14 @@ in {
|
|||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
|
||||||
powertop
|
powertop
|
||||||
|
sxiv
|
||||||
|
much
|
||||||
|
|
||||||
#window manager stuff
|
#window manager stuff
|
||||||
haskellPackages.xmobar
|
haskellPackages.xmobar
|
||||||
haskellPackages.yeganesh
|
haskellPackages.yeganesh
|
||||||
dmenu2
|
dmenu2
|
||||||
xlibs.fontschumachermisc
|
xlibs.fontschumachermisc
|
||||||
|
|
||||||
sxiv
|
|
||||||
];
|
];
|
||||||
|
|
||||||
fonts.fonts = [
|
fonts.fonts = [
|
||||||
|
@ -31,6 +31,7 @@ let
|
|||||||
};
|
};
|
||||||
wai-middleware-time = {};
|
wai-middleware-time = {};
|
||||||
web-routes-wai-custom = {};
|
web-routes-wai-custom = {};
|
||||||
|
go = {};
|
||||||
};
|
};
|
||||||
|
|
||||||
restricted-repos = mapAttrs make-restricted-repo (
|
restricted-repos = mapAttrs make-restricted-repo (
|
||||||
@ -51,7 +52,7 @@ let
|
|||||||
nick = config.krebs.build.host.name;
|
nick = config.krebs.build.host.name;
|
||||||
channel = "#retiolum";
|
channel = "#retiolum";
|
||||||
server = "cd.retiolum";
|
server = "cd.retiolum";
|
||||||
verbose = config.krebs.build.host.name == "cloudkrebs";
|
verbose = config.krebs.build.host.name == "echelon";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
16
lass/2configs/go.nix
Normal file
16
lass/2configs/go.nix
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
../3modules/go.nix
|
||||||
|
];
|
||||||
|
environment.systemPackages = [
|
||||||
|
pkgs.go
|
||||||
|
];
|
||||||
|
lass.go = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
{ predicate = "-i retiolum -p tcp --dport 1337"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
}
|
@ -1,12 +1,15 @@
|
|||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
{ predicate = "-i retiolum -p tcp --dport 6667"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
config.services.charybdis = {
|
config.services.charybdis = {
|
||||||
enable = true;
|
enable = true;
|
||||||
config = ''
|
config = ''
|
||||||
serverinfo {
|
serverinfo {
|
||||||
name = "ire.irc.retiolum";
|
name = "${config.krebs.build.host.name}.irc.retiolum";
|
||||||
sid = "4z3";
|
sid = "1as";
|
||||||
description = "miep!";
|
description = "miep!";
|
||||||
network_name = "irc.retiolum";
|
network_name = "irc.retiolum";
|
||||||
network_desc = "Retiolum IRC Network";
|
network_desc = "Retiolum IRC Network";
|
||||||
|
@ -1,9 +1,5 @@
|
|||||||
{ config, ... }:
|
{ config, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
krebs.realwallpaper.enable = true;
|
||||||
../3modules/realwallpaper.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
lass.realwallpaper.enable = true;
|
|
||||||
}
|
}
|
||||||
|
8
lass/2configs/redis.nix
Normal file
8
lass/2configs/redis.nix
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
{ config, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
config.services.redis = {
|
||||||
|
enable = true;
|
||||||
|
bind = "127.0.0.1";
|
||||||
|
};
|
||||||
|
}
|
30
lass/2configs/skype.nix
Normal file
30
lass/2configs/skype.nix
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
mainUser = config.users.extraUsers.mainUser;
|
||||||
|
|
||||||
|
in {
|
||||||
|
imports = [
|
||||||
|
../3modules/per-user.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
users.extraUsers = {
|
||||||
|
skype = {
|
||||||
|
name = "skype";
|
||||||
|
uid = 2259819492; #genid skype
|
||||||
|
description = "user for running skype";
|
||||||
|
home = "/home/skype";
|
||||||
|
useDefaultShell = true;
|
||||||
|
extraGroups = [ "audio" "video" ];
|
||||||
|
createHome = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
lass.per-user.skype.packages = [
|
||||||
|
pkgs.skype
|
||||||
|
];
|
||||||
|
|
||||||
|
security.sudo.extraConfig = ''
|
||||||
|
${mainUser.name} ALL=(skype) NOPASSWD: ALL
|
||||||
|
'';
|
||||||
|
}
|
@ -3,6 +3,5 @@ _:
|
|||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./xresources.nix
|
./xresources.nix
|
||||||
./realwallpaper.nix
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
61
lass/3modules/go.nix
Normal file
61
lass/3modules/go.nix
Normal file
@ -0,0 +1,61 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with builtins;
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.lass.go;
|
||||||
|
|
||||||
|
out = {
|
||||||
|
options.lass.go = api;
|
||||||
|
config = mkIf cfg.enable imp;
|
||||||
|
};
|
||||||
|
|
||||||
|
api = {
|
||||||
|
enable = mkEnableOption "Enable go url shortener";
|
||||||
|
port = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "1337";
|
||||||
|
description = "on which port go should run on";
|
||||||
|
};
|
||||||
|
redisKeyPrefix = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "go:";
|
||||||
|
description = "change the Redis key prefix which defaults to `go:`";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
imp = {
|
||||||
|
users.extraUsers.go = {
|
||||||
|
name = "go";
|
||||||
|
uid = 42774411; #genid go
|
||||||
|
description = "go url shortener user";
|
||||||
|
home = "/var/lib/go";
|
||||||
|
createHome = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.go = {
|
||||||
|
description = "go url shortener";
|
||||||
|
after = [ "network.target" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
|
path = with pkgs; [
|
||||||
|
go
|
||||||
|
];
|
||||||
|
|
||||||
|
environment = {
|
||||||
|
PORT = cfg.port;
|
||||||
|
REDIS_KEY_PREFIX = cfg.redisKeyPrefix;
|
||||||
|
};
|
||||||
|
|
||||||
|
restartIfChanged = true;
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
User = "go";
|
||||||
|
Restart = "always";
|
||||||
|
ExecStart = "${pkgs.go}/bin/go";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
in out
|
@ -13,5 +13,5 @@ rec {
|
|||||||
ublock = callPackage ./firefoxPlugins/ublock.nix {};
|
ublock = callPackage ./firefoxPlugins/ublock.nix {};
|
||||||
vimperator = callPackage ./firefoxPlugins/vimperator.nix {};
|
vimperator = callPackage ./firefoxPlugins/vimperator.nix {};
|
||||||
};
|
};
|
||||||
realwallpaper = callPackage ./realwallpaper.nix {};
|
go = callPackage ./go/default.nix {};
|
||||||
}
|
}
|
||||||
|
59
lass/5pkgs/go/default.nix
Normal file
59
lass/5pkgs/go/default.nix
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodePackages, nodejs }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
np = nodePackages.override {
|
||||||
|
generated = ./packages.nix;
|
||||||
|
self = np;
|
||||||
|
};
|
||||||
|
|
||||||
|
node_env = buildEnv {
|
||||||
|
name = "node_env";
|
||||||
|
paths = [
|
||||||
|
np.redis
|
||||||
|
np."formidable"
|
||||||
|
];
|
||||||
|
pathsToLink = [ "/lib" ];
|
||||||
|
ignoreCollisions = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
in nodePackages.buildNodePackage {
|
||||||
|
name = "go";
|
||||||
|
|
||||||
|
src = fetchgit {
|
||||||
|
url = "http://cgit.echelon/go/";
|
||||||
|
rev = "05d02740e0adbb36cc461323647f0c1e7f493156";
|
||||||
|
sha256 = "6015c9a93317375ae8099c7ab982df0aa93a59ec2b48972e253887bb6ca0004f";
|
||||||
|
};
|
||||||
|
|
||||||
|
phases = [
|
||||||
|
"unpackPhase"
|
||||||
|
"installPhase"
|
||||||
|
];
|
||||||
|
|
||||||
|
deps = (filter (v: nixType v == "derivation") (attrValues np));
|
||||||
|
|
||||||
|
buildInputs = [
|
||||||
|
nodejs
|
||||||
|
nodePackages.redis
|
||||||
|
np.formidable
|
||||||
|
makeWrapper
|
||||||
|
];
|
||||||
|
|
||||||
|
installPhase = ''
|
||||||
|
mkdir -p $out/bin
|
||||||
|
|
||||||
|
cp index.js $out/
|
||||||
|
cat > $out/go << EOF
|
||||||
|
${nodejs}/bin/node $out/index.js
|
||||||
|
EOF
|
||||||
|
chmod +x $out/go
|
||||||
|
|
||||||
|
wrapProgram $out/go \
|
||||||
|
--prefix NODE_PATH : ${node_env}/lib/node_modules
|
||||||
|
|
||||||
|
ln -s $out/go /$out/bin/go
|
||||||
|
'';
|
||||||
|
|
||||||
|
}
|
44
lass/5pkgs/go/packages.nix
Normal file
44
lass/5pkgs/go/packages.nix
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
{ self, fetchurl, fetchgit ? null, lib }:
|
||||||
|
|
||||||
|
{
|
||||||
|
by-spec."formidable"."*" =
|
||||||
|
self.by-version."formidable"."1.0.17";
|
||||||
|
by-version."formidable"."1.0.17" = self.buildNodePackage {
|
||||||
|
name = "formidable-1.0.17";
|
||||||
|
version = "1.0.17";
|
||||||
|
bin = false;
|
||||||
|
src = fetchurl {
|
||||||
|
url = "http://registry.npmjs.org/formidable/-/formidable-1.0.17.tgz";
|
||||||
|
name = "formidable-1.0.17.tgz";
|
||||||
|
sha1 = "ef5491490f9433b705faa77249c99029ae348559";
|
||||||
|
};
|
||||||
|
deps = {
|
||||||
|
};
|
||||||
|
optionalDependencies = {
|
||||||
|
};
|
||||||
|
peerDependencies = [];
|
||||||
|
os = [ ];
|
||||||
|
cpu = [ ];
|
||||||
|
};
|
||||||
|
"formidable" = self.by-version."formidable"."1.0.17";
|
||||||
|
by-spec."redis"."*" =
|
||||||
|
self.by-version."redis"."2.1.0";
|
||||||
|
by-version."redis"."2.1.0" = self.buildNodePackage {
|
||||||
|
name = "redis-2.1.0";
|
||||||
|
version = "2.1.0";
|
||||||
|
bin = false;
|
||||||
|
src = fetchurl {
|
||||||
|
url = "http://registry.npmjs.org/redis/-/redis-2.1.0.tgz";
|
||||||
|
name = "redis-2.1.0.tgz";
|
||||||
|
sha1 = "38acb208f90750250f9451219b73ff08ae907f94";
|
||||||
|
};
|
||||||
|
deps = {
|
||||||
|
};
|
||||||
|
optionalDependencies = {
|
||||||
|
};
|
||||||
|
peerDependencies = [];
|
||||||
|
os = [ ];
|
||||||
|
cpu = [ ];
|
||||||
|
};
|
||||||
|
"redis" = self.by-version."redis"."2.1.0";
|
||||||
|
}
|
@ -23,7 +23,9 @@
|
|||||||
## \/ are only plugins, must enable Reaktor explicitly
|
## \/ are only plugins, must enable Reaktor explicitly
|
||||||
../2configs/Reaktor/stockholmLentil.nix
|
../2configs/Reaktor/stockholmLentil.nix
|
||||||
../2configs/Reaktor/simpleExtend.nix
|
../2configs/Reaktor/simpleExtend.nix
|
||||||
|
../2configs/Reaktor/random-emoji.nix
|
||||||
../2configs/Reaktor/titlebot.nix
|
../2configs/Reaktor/titlebot.nix
|
||||||
|
../2configs/Reaktor/shack-correct.nix
|
||||||
|
|
||||||
../2configs/exim-retiolum.nix
|
../2configs/exim-retiolum.nix
|
||||||
../2configs/urlwatch.nix
|
../2configs/urlwatch.nix
|
||||||
@ -34,7 +36,7 @@
|
|||||||
krebs.Reaktor.debug = true;
|
krebs.Reaktor.debug = true;
|
||||||
krebs.Reaktor.nickname = "Reaktor|bot";
|
krebs.Reaktor.nickname = "Reaktor|bot";
|
||||||
krebs.Reaktor.extraEnviron = {
|
krebs.Reaktor.extraEnviron = {
|
||||||
REAKTOR_CHANNELS = "#krebs,#binaergewitter";
|
REAKTOR_CHANNELS = "#krebs,#binaergewitter,#shackspace";
|
||||||
};
|
};
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.pnp;
|
krebs.build.host = config.krebs.hosts.pnp;
|
||||||
|
@ -42,7 +42,7 @@
|
|||||||
krebs.build.user = config.krebs.users.makefu;
|
krebs.build.user = config.krebs.users.makefu;
|
||||||
krebs.build.target = "root@pornocauster";
|
krebs.build.target = "root@pornocauster";
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs;[ get];
|
||||||
networking.firewall.allowedTCPPorts = [
|
networking.firewall.allowedTCPPorts = [
|
||||||
25
|
25
|
||||||
];
|
];
|
||||||
|
@ -32,8 +32,8 @@ in {
|
|||||||
makefu.tinc_graphs.enable = true;
|
makefu.tinc_graphs.enable = true;
|
||||||
makefu.tinc_graphs.krebsNginx = {
|
makefu.tinc_graphs.krebsNginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
hostnames_complete = [ "graphs.wry" "graphs.wry.retiolum" ];
|
# TODO: remove hard-coded hostname
|
||||||
# TODO: remove hard-coded path
|
hostnames_complete = [ "graphs.wry" ];
|
||||||
hostnames_anonymous = [ "graphs.krebsco.de" ];
|
hostnames_anonymous = [ "graphs.krebsco.de" ];
|
||||||
};
|
};
|
||||||
networking.firewall.allowedTCPPorts = [80];
|
networking.firewall.allowedTCPPorts = [80];
|
||||||
|
25
makefu/2configs/Reaktor/random-emoji.nix
Normal file
25
makefu/2configs/Reaktor/random-emoji.nix
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with pkgs;
|
||||||
|
let
|
||||||
|
rpkg = pkgs.substituteAll( {
|
||||||
|
name="random-emoji";
|
||||||
|
dir= "bin";
|
||||||
|
isExecutable=true;
|
||||||
|
src= ./random-emoji.sh;
|
||||||
|
});
|
||||||
|
rpkg-path = lib.makeSearchPath "bin" (with pkgs; [
|
||||||
|
coreutils
|
||||||
|
gnused
|
||||||
|
gnugrep
|
||||||
|
curl]);
|
||||||
|
in {
|
||||||
|
# TODO: make origin a variable, <- module is generic enough to handle different origins, not only stockholm
|
||||||
|
krebs.Reaktor.extraConfig = ''
|
||||||
|
public_commands.insert(0,{
|
||||||
|
'capname' : "emoji",
|
||||||
|
'pattern' : indirect_pattern.format("emoji"),
|
||||||
|
'argv' : ["${rpkg}/bin/random-emoji"],
|
||||||
|
'env' : { 'PATH':'${rpkg-path}' } })
|
||||||
|
'';
|
||||||
|
}
|
5
makefu/2configs/Reaktor/random-emoji.sh
Normal file
5
makefu/2configs/Reaktor/random-emoji.sh
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
curl http://emojicons.com/random -s | \
|
||||||
|
grep data-text | \
|
||||||
|
sed -n 's/.*>\(.*\)<\/textarea>/\1/p' | \
|
||||||
|
head -n 1
|
20
makefu/2configs/Reaktor/shack-correct.nix
Normal file
20
makefu/2configs/Reaktor/shack-correct.nix
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with pkgs;
|
||||||
|
let
|
||||||
|
script = pkgs.substituteAll ( {
|
||||||
|
name="shack-correct";
|
||||||
|
isExecutable=true;
|
||||||
|
dir = "";
|
||||||
|
src = ./shack-correct.sh;
|
||||||
|
});
|
||||||
|
in {
|
||||||
|
krebs.Reaktor.extraConfig = ''
|
||||||
|
public_commands.insert(0,{
|
||||||
|
'capname' : "shack-correct",
|
||||||
|
'pattern' : '^(?P<args>.*Shack.*)$$',
|
||||||
|
'argv' : ["${script}"],
|
||||||
|
'env' : { }})
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
|
6
makefu/2configs/Reaktor/shack-correct.sh
Normal file
6
makefu/2configs/Reaktor/shack-correct.sh
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
#! /bin/sh
|
||||||
|
set -eu
|
||||||
|
printf "Sie meinten wohl \""
|
||||||
|
echo -n $@ | sed 's/Shack/shack/g'
|
||||||
|
echo "\""
|
||||||
|
echo "${_from}--"
|
@ -29,6 +29,7 @@ let
|
|||||||
hooks = {
|
hooks = {
|
||||||
post-receive = git.irc-announce {
|
post-receive = git.irc-announce {
|
||||||
nick = config.networking.hostName;
|
nick = config.networking.hostName;
|
||||||
|
verbose = config.krebs.build.host.name == "pnp";
|
||||||
channel = "#retiolum";
|
channel = "#retiolum";
|
||||||
# TODO remove the hardcoded hostname
|
# TODO remove the hardcoded hostname
|
||||||
server = "cd.retiolum";
|
server = "cd.retiolum";
|
||||||
|
@ -24,21 +24,22 @@ let
|
|||||||
# configure krebs nginx to serve the new graphs
|
# configure krebs nginx to serve the new graphs
|
||||||
enable = mkEnableOption "tinc_graphs nginx";
|
enable = mkEnableOption "tinc_graphs nginx";
|
||||||
|
|
||||||
hostnames_complete = {
|
hostnames_complete = mkOption {
|
||||||
#TODO: this is not a secure way to serve these graphs,better listen to
|
#TODO: this is not a secure way to serve these graphs,better listen to
|
||||||
# the correct interface, krebs.nginx does not support this yet
|
# the correct interface, krebs.nginx does not support this yet
|
||||||
|
|
||||||
type = with types; listOf str;
|
type = with types; listOf str;
|
||||||
description = "hostname which serves complete graphs";
|
description = "hostname which serves complete graphs";
|
||||||
default = config.krebs.build.host.name;
|
default = [ "graphs.${config.krebs.build.host.name}" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
hostnames_anonymous = {
|
hostnames_anonymous = mkOption {
|
||||||
type = with types; listOf str;
|
type = with types; listOf str;
|
||||||
description = ''
|
description = ''
|
||||||
hostname which serves anonymous graphs
|
hostname which serves anonymous graphs
|
||||||
must be different from hostname_complete
|
must be different from hostname_complete
|
||||||
'';
|
'';
|
||||||
|
default = [ "anongraphs.${config.krebs.build.host.name}" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -63,29 +64,38 @@ let
|
|||||||
environment.systemPackages = [ pkgs.tinc_graphs];
|
environment.systemPackages = [ pkgs.tinc_graphs];
|
||||||
systemd.timers.tinc_graphs = {
|
systemd.timers.tinc_graphs = {
|
||||||
description = "Build Tinc Graphs via via timer";
|
description = "Build Tinc Graphs via via timer";
|
||||||
|
wantedBy = [ "timers.target"];
|
||||||
timerConfig = cfg.timerConfig;
|
timerConfig = cfg.timerConfig;
|
||||||
};
|
};
|
||||||
systemd.services.tinc_graphs = {
|
systemd.services.tinc_graphs = {
|
||||||
description = "Build Tinc Graphs";
|
description = "Build Tinc Graphs";
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
after = [ "network.target" ];
|
|
||||||
environment = {
|
environment = {
|
||||||
EXTERNAL_FOLDER = external_dir;
|
EXTERNAL_FOLDER = external_dir;
|
||||||
INTERNAL_FOLDER = internal_dir;
|
INTERNAL_FOLDER = internal_dir;
|
||||||
GEODB = cfg.geodbPath;
|
GEODB = cfg.geodbPath;
|
||||||
|
TINC_HOSTPATH=config.krebs.retiolum.hosts;
|
||||||
};
|
};
|
||||||
|
|
||||||
restartIfChanged = true;
|
restartIfChanged = true;
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
|
|
||||||
ExecStartPre = pkgs.writeScript "tinc_graphs-init" ''
|
ExecStartPre = pkgs.writeScript "tinc_graphs-init" ''
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
mkdir -p "${external_dir}" "${internal_dir}"
|
mkdir -p "${external_dir}" "${internal_dir}"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs";
|
ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs";
|
||||||
User = "root"; # tinc cannot be queried as user,
|
|
||||||
|
ExecStartPost = pkgs.writeScript "tinc_graphs-post" ''
|
||||||
|
#!/bin/sh
|
||||||
|
# TODO: this may break if workingDir is set to something stupid
|
||||||
|
# this is needed because homedir is created with 700
|
||||||
|
chmod 755 "${cfg.workingDir}"
|
||||||
|
'';
|
||||||
|
|
||||||
|
User = "root"; # tinc cannot be queried as user,
|
||||||
# seems to be a tinc-pre issue
|
# seems to be a tinc-pre issue
|
||||||
privateTmp = true;
|
privateTmp = true;
|
||||||
};
|
};
|
||||||
@ -93,7 +103,7 @@ let
|
|||||||
|
|
||||||
users.extraUsers.tinc_graphs = {
|
users.extraUsers.tinc_graphs = {
|
||||||
uid = 3925439960; #genid tinc_graphs
|
uid = 3925439960; #genid tinc_graphs
|
||||||
home = "/var/cache/tinc_graphs";
|
home = "/var/spool/tinc_graphs";
|
||||||
createHome = true;
|
createHome = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -102,15 +112,16 @@ let
|
|||||||
server-names = cfg.krebsNginx.hostnames_complete;
|
server-names = cfg.krebsNginx.hostnames_complete;
|
||||||
locations = [
|
locations = [
|
||||||
(nameValuePair "/" ''
|
(nameValuePair "/" ''
|
||||||
|
autoindex on;
|
||||||
root ${internal_dir};
|
root ${internal_dir};
|
||||||
'')
|
'')
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
tinc_graphs_anonymous = {
|
tinc_graphs_anonymous = {
|
||||||
server-names = cfg.krebsNginx.hostnames_anonymous;
|
server-names = cfg.krebsNginx.hostnames_anonymous;
|
||||||
#server-names = [ "dick" ];
|
|
||||||
locations = [
|
locations = [
|
||||||
(nameValuePair "/" ''
|
(nameValuePair "/" ''
|
||||||
|
autoindex on;
|
||||||
root ${external_dir};
|
root ${external_dir};
|
||||||
'')
|
'')
|
||||||
];
|
];
|
||||||
|
@ -2,14 +2,14 @@
|
|||||||
|
|
||||||
python3Packages.buildPythonPackage rec {
|
python3Packages.buildPythonPackage rec {
|
||||||
name = "tinc_graphs-${version}";
|
name = "tinc_graphs-${version}";
|
||||||
version = "0.2.9";
|
version = "0.2.12";
|
||||||
propagatedBuildInputs = with pkgs;[
|
propagatedBuildInputs = with pkgs;[
|
||||||
python3Packages.pygeoip
|
python3Packages.pygeoip
|
||||||
## ${geolite-legacy}/share/GeoIP/GeoIPCity.dat
|
## ${geolite-legacy}/share/GeoIP/GeoIPCity.dat
|
||||||
];
|
];
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://pypi.python.org/packages/source/t/tinc_graphs/tinc_graphs-${version}.tar.gz";
|
url = "https://pypi.python.org/packages/source/t/tinc_graphs/tinc_graphs-${version}.tar.gz";
|
||||||
sha256 = "0fm063qhjlb8g1xahwcqqrd2dxgd38wwi55rhl1k5chr7zajsqfz";
|
sha256 = "03jxvxahpcbpnz4668x32b629dwaaz5jcjkyaijm0zzpgcn4cbgp";
|
||||||
};
|
};
|
||||||
preFixup = with pkgs;''
|
preFixup = with pkgs;''
|
||||||
wrapProgram $out/bin/build-graphs --prefix PATH : "$out/bin"
|
wrapProgram $out/bin/build-graphs --prefix PATH : "$out/bin"
|
||||||
|
Loading…
Reference in New Issue
Block a user