diff --git a/0make/tv/cd.makefile b/0make/tv/cd.makefile deleted file mode 100644 index e021423f4..000000000 --- a/0make/tv/cd.makefile +++ /dev/null @@ -1,4 +0,0 @@ -deploy_host := root@cd-global -nixpkgs_url := https://github.com/NixOS/nixpkgs -nixpkgs_rev := 4c01e6d91993b6de128795f4fbdd25f6227fb870 -secrets_dir := /home/tv/secrets/cd diff --git a/0make/tv/mkdir.makefile b/0make/tv/mkdir.makefile deleted file mode 100644 index b10398a07..000000000 --- a/0make/tv/mkdir.makefile +++ /dev/null @@ -1,4 +0,0 @@ -deploy_host := root@mkdir -nixpkgs_url := https://github.com/NixOS/nixpkgs -nixpkgs_rev := 4c01e6d91993b6de128795f4fbdd25f6227fb870 -secrets_dir := /home/tv/secrets/mkdir diff --git a/0make/tv/nomic.makefile b/0make/tv/nomic.makefile deleted file mode 100644 index 9e0b8671b..000000000 --- a/0make/tv/nomic.makefile +++ /dev/null @@ -1,4 +0,0 @@ -deploy_host := root@nomic.gg23 -nixpkgs_url := https://github.com/NixOS/nixpkgs -nixpkgs_rev := 9d5508d85c33b8fb22d79dde6176792eac2c2696 -secrets_dir := /home/tv/secrets/nomic diff --git a/0make/tv/rmdir.makefile b/0make/tv/rmdir.makefile deleted file mode 100644 index 6075bd3d4..000000000 --- a/0make/tv/rmdir.makefile +++ /dev/null @@ -1,4 +0,0 @@ -deploy_host := root@rmdir -nixpkgs_url := https://github.com/NixOS/nixpkgs -nixpkgs_rev := 4c01e6d91993b6de128795f4fbdd25f6227fb870 -secrets_dir := /home/tv/secrets/rmdir diff --git a/0make/tv/wu.makefile b/0make/tv/wu.makefile deleted file mode 100644 index ef7e51194..000000000 --- a/0make/tv/wu.makefile +++ /dev/null @@ -1,4 +0,0 @@ -deploy_host := root@wu -nixpkgs_url := /home/tv/src/nixpkgs -nixpkgs_rev := 7725eb1d3ed85fc34edde3c3a7907ab234933a68 -secrets_dir := /home/tv/secrets/wu diff --git a/1systems/makefu/pnp.nix b/1systems/makefu/pnp.nix index 7e4ccf2c1..1019c4d70 100644 --- a/1systems/makefu/pnp.nix +++ b/1systems/makefu/pnp.nix @@ -11,7 +11,8 @@ ../../2configs/makefu/base.nix ../../2configs/makefu/cgit-retiolum.nix ]; - krebs.enable = true; + krebs.build.host = config.krebs.hosts.pnp; + boot.loader.grub.enable = true; boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/vda"; @@ -39,14 +40,8 @@ ]; }; - nix.maxJobs = 2; - networking.hostName = "pnp"; # Define your hostname. - # $ nix-env -qaP | grep wget environment.systemPackages = with pkgs; [ - wget - git - gnumake jq ]; } diff --git a/2configs/makefu/base.nix b/2configs/makefu/base.nix index 25b80930b..b052b13e4 100644 --- a/2configs/makefu/base.nix +++ b/2configs/makefu/base.nix @@ -3,6 +3,10 @@ with lib; { imports = [ ]; + krebs.enable = true; + krebs.search-domain = "retiolum"; + + networking.hostName = config.krebs.build.host.name; users.extraUsers = { root = { openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; @@ -37,6 +41,7 @@ with lib; environment.systemPackages = with pkgs; [ git vim + gnumake rxvt_unicode.terminfo ]; diff --git a/3modules/krebs/default.nix b/3modules/krebs/default.nix index c71b70ab4..e14830fb8 100644 --- a/3modules/krebs/default.nix +++ b/3modules/krebs/default.nix @@ -20,7 +20,7 @@ let enable = mkEnableOption "krebs"; build = mkOption { - type = types.submodule { + type = types.submodule ({ config, ... }: { options = { target = mkOption { type = with types; nullOr str; @@ -129,11 +129,19 @@ let type = types.user; }; }; - }; + }); # Define defaul value, so unset values of the submodule get reported. default = {}; }; + dns = { + providers = mkOption { + # TODO with types; tree dns.label dns.provider, so we can merge. + # Currently providers can only be merged if aliases occur just once. + type = with types; attrsOf unspecified; + }; + }; + hosts = mkOption { type = with types; attrsOf host; }; @@ -156,43 +164,31 @@ let { krebs = makefu-imp; } { krebs = tv-imp; } { + krebs.dns.providers = { + de.krebsco = "ovh"; + internet = "hosts"; + retiolum = "hosts"; + de.habsys = "hosts"; + de.pixelpocket = "hosts"; + de.karlaskop = "hosts"; + de.ubikmedia = "hosts"; + de.apanowicz = "hosts"; + }; + # XXX This overlaps with krebs.retiolum - networking.extraHosts = - let - # TODO move domain name providers to a dedicated module - # providers : tree label providername - providers = { - internet = "hosts"; - retiolum = "hosts"; - de.viljetic = "regfish"; - de.krebsco = "ovh"; - de.habsys = "hosts"; - de.pixelpocket = "hosts"; - de.karlaskop = "hosts"; - de.ubikmedia = "hosts"; - de.apanowicz = "hosts"; - }; - - # splitByProvider : [alias] -> listset providername alias - splitByProvider = foldl (acc: alias: listset-insert (providerOf alias) alias acc) {}; - - # providerOf : alias -> providername - providerOf = alias: - tree-get (splitString "." alias) providers; - in - concatStringsSep "\n" (flatten ( - # TODO deepMap ["hosts" "nets"] (hostname: host: netname: net: - mapAttrsToList (hostname: host: - mapAttrsToList (netname: net: - let - aliases = toString (unique (longs ++ shorts)); - longs = (splitByProvider net.aliases).hosts; - shorts = map (removeSuffix ".${cfg.search-domain}") longs; - in - map (addr: "${addr} ${aliases}") net.addrs - ) host.nets - ) config.krebs.hosts - )); + networking.extraHosts = concatStringsSep "\n" (flatten ( + mapAttrsToList (hostname: host: + mapAttrsToList (netname: net: + let + aliases = toString (unique (longs ++ shorts)); + providers = dns.split-by-provider net.aliases cfg.dns.providers; + longs = providers.hosts; + shorts = map (removeSuffix ".${cfg.search-domain}") longs; + in + map (addr: "${addr} ${aliases}") net.addrs + ) host.nets + ) cfg.hosts + )); } ]; @@ -330,6 +326,9 @@ let }; tv-imp = { + dns.providers = { + de.viljetic = "regfish"; + }; hosts = addNames { cd = { cores = 2; diff --git a/3modules/krebs/urlwatch.nix b/3modules/krebs/urlwatch.nix index 58de72fc6..39d9fec54 100644 --- a/3modules/krebs/urlwatch.nix +++ b/3modules/krebs/urlwatch.nix @@ -35,20 +35,22 @@ let }; mailto = mkOption { type = types.str; + default = config.krebs.build.user.mail; description = '' Content of the To: header of the generated mails. [AKA recipient :)] ''; }; onCalendar = mkOption { type = types.str; + default = "04:23"; description = '' Run urlwatch at this interval. The format is described in systemd.time(7), CALENDAR EVENTS. ''; - example = "04:23"; }; urls = mkOption { type = with types; listOf str; + default = []; description = "URL to watch."; example = [ https://nixos.org/channels/nixos-unstable/git-revision diff --git a/4lib/krebs/default.nix b/4lib/krebs/default.nix index 0c42a5de3..b67585335 100644 --- a/4lib/krebs/default.nix +++ b/4lib/krebs/default.nix @@ -12,22 +12,7 @@ builtins // lib // rec { types = import ./types.nix { inherit lib; }; - - # listset k v = set k [v] - - # listset-insert : k -> v -> listset k v -> listset k v - listset-insert = name: value: set: - set // { ${name} = set.${name} or [] ++ [value]; }; - - # tree k v = set k (either v (tree k v)) - - # tree-get : [k] -> tree k v -> v - tree-get = path: x: - let - y = x.${last path}; - in - if typeOf y != "set" - then y - else tree-get (init path) y; - + dns = import ./dns.nix { inherit lib; }; + listset = import ./listset.nix { inherit lib; }; + tree = import ./tree.nix { inherit lib; }; } diff --git a/4lib/krebs/dns.nix b/4lib/krebs/dns.nix new file mode 100644 index 000000000..b2cf3c24c --- /dev/null +++ b/4lib/krebs/dns.nix @@ -0,0 +1,31 @@ +{ lib, ... }: + +let + listset = import ./listset.nix { inherit lib; }; +in + +with builtins; +with lib; + +rec { + # label = string + + # TODO does it make sense to have alias = list label? + + # split-by-provider : + # [[label]] -> tree label provider -> listset provider alias + split-by-provider = as: providers: + foldl (m: a: listset.insert (provider-of a providers) a m) {} as; + + # provider-of : alias -> tree label provider -> provider + # Note that we cannot use tree.get here, because path can be longer + # than the tree depth. + provider-of = a: + let + go = path: tree: + if typeOf tree == "string" + then tree + else go (tail path) tree.${head path}; + in + go (reverseList (splitString "." a)); +} diff --git a/4lib/krebs/listset.nix b/4lib/krebs/listset.nix new file mode 100644 index 000000000..3aae22f20 --- /dev/null +++ b/4lib/krebs/listset.nix @@ -0,0 +1,11 @@ +{ lib, ... }: + +with lib; + +rec { + # listset k v = set k [v] + + # insert : k -> v -> listset k v -> listset k v + insert = name: value: set: + set // { ${name} = set.${name} or [] ++ [value]; }; +} diff --git a/4lib/krebs/tree.nix b/4lib/krebs/tree.nix new file mode 100644 index 000000000..1cd83b3f6 --- /dev/null +++ b/4lib/krebs/tree.nix @@ -0,0 +1,13 @@ +{ lib, ... }: + +with lib; + +rec { + # tree k v = set k (either v (tree k v)) + + # get : [k] -> tree k v -> v + get = path: tree: + if length path > 0 + then get (tail path) tree.${head path} # TODO check if elem exists + else tree; +} diff --git a/4lib/krebs/types.nix b/4lib/krebs/types.nix index 3d3d75a65..970ef2f8e 100644 --- a/4lib/krebs/types.nix +++ b/4lib/krebs/types.nix @@ -55,7 +55,7 @@ types // rec { type = listOf hostname; }; tinc = mkOption { - type = let net-config = config; in submodule ({ config, ... }: { + type = let net-config = config; in nullOr (submodule ({ config, ... }: { options = { config = mkOption { type = str; @@ -70,7 +70,8 @@ types // rec { type = str; }; }; - }); + })); + default = null; }; }; }); diff --git a/4lib/tv/default.nix b/4lib/tv/default.nix deleted file mode 100644 index 16888c214..000000000 --- a/4lib/tv/default.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ lib, pkgs, ... }: - -let - krebs = import ../../4lib/krebs { inherit lib; }; -in - -with krebs; - -krebs // rec { - - git = import ./git.nix { - lib = lib // { - inherit addNames; - }; - inherit pkgs; - }; - - # "7.4.335" -> "74" - majmin = with lib; x : concatStrings (take 2 (splitString "." x)); - - concat = xs : - if xs == [] - then "" - else head xs + concat (tail xs) - ; - - flip = f : x : y : f y x; - - # isSuffixOf :: String -> String -> Bool - isSuffixOf = - s : xs : - let - sn = stringLength s; - xsn = stringLength xs; - in - xsn >= sn && substring (xsn - sn) sn xs == s ; - - # setMap :: (String -> a -> b) -> Set String a -> [b] - #setMap = f: xs: map (k : f k (getAttr k xs)) (attrNames xs); - - # setToList :: Set k a -> [a] - #setToList = setMap (_: v: v); - - shell-escape = - let - isSafeChar = c: match "[-./0-9_a-zA-Z]" c != null; - in - stringAsChars (c: - if isSafeChar c then c - else if c == "\n" then "'\n'" - else "\\${c}"); -} diff --git a/2configs/tv/AO753.nix b/tv/configs/AO753.nix similarity index 95% rename from 2configs/tv/AO753.nix rename to tv/configs/AO753.nix index 70eae1786..c103ce2d7 100644 --- a/2configs/tv/AO753.nix +++ b/tv/configs/AO753.nix @@ -2,7 +2,7 @@ { imports = [ - ../../2configs/tv/smartd.nix + ../configs/smartd.nix ]; boot.loader.grub = { diff --git a/2configs/tv/CAC-CentOS-7-64bit.nix b/tv/configs/CAC-CentOS-7-64bit.nix similarity index 99% rename from 2configs/tv/CAC-CentOS-7-64bit.nix rename to tv/configs/CAC-CentOS-7-64bit.nix index 95c6e815c..168d1d97b 100644 --- a/2configs/tv/CAC-CentOS-7-64bit.nix +++ b/tv/configs/CAC-CentOS-7-64bit.nix @@ -33,7 +33,7 @@ _: # man:systemd-tmpfiles(8) # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE) # Main PID: 19272 (code=exited, status=1/FAILURE) - # + # # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'. # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring. # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring. diff --git a/2configs/tv/CAC-Developer-1.nix b/tv/configs/CAC-Developer-1.nix similarity index 100% rename from 2configs/tv/CAC-Developer-1.nix rename to tv/configs/CAC-Developer-1.nix diff --git a/2configs/tv/CAC-Developer-2.nix b/tv/configs/CAC-Developer-2.nix similarity index 100% rename from 2configs/tv/CAC-Developer-2.nix rename to tv/configs/CAC-Developer-2.nix diff --git a/2configs/tv/base.nix b/tv/configs/base.nix similarity index 100% rename from 2configs/tv/base.nix rename to tv/configs/base.nix diff --git a/2configs/tv/bash_completion.sh b/tv/configs/bash_completion.sh similarity index 100% rename from 2configs/tv/bash_completion.sh rename to tv/configs/bash_completion.sh diff --git a/2configs/tv/charybdis.nix b/tv/configs/charybdis.nix similarity index 97% rename from 2configs/tv/charybdis.nix rename to tv/configs/charybdis.nix index d78e162cb..977626d27 100644 --- a/2configs/tv/charybdis.nix +++ b/tv/configs/charybdis.nix @@ -1,5 +1,9 @@ { config, lib, pkgs, ... }: +let + tvpkgs = import ../pkgs { inherit pkgs; }; +in + with builtins; with lib; let @@ -59,7 +63,7 @@ let ExecStart = pkgs.writeScript "charybdis-service" '' #! /bin/sh set -euf - exec ${Zpkgs.charybdis}/bin/charybdis-ircd \ + exec ${tvpkgs.charybdis}/bin/charybdis-ircd \ -foreground \ -logfile /dev/stderr \ -configfile ${configFile} @@ -88,7 +92,7 @@ let * * See reference.conf for more information. */ - + /* Extensions */ #loadmodule "extensions/chm_operonly_compat.so"; #loadmodule "extensions/chm_quietunreg_compat.so"; @@ -111,17 +115,17 @@ let #loadmodule "extensions/sno_globaloper.so"; #loadmodule "extensions/sno_whois.so"; loadmodule "extensions/override.so"; - + /* * IP cloaking extensions: use ip_cloaking_4.0 * if you're linking 3.2 and later, otherwise use * ip_cloaking.so, for compatibility with older 3.x * releases. */ - + #loadmodule "extensions/ip_cloaking_4.0.so"; #loadmodule "extensions/ip_cloaking.so"; - + serverinfo { name = ${toJSON (head config.krebs.build.host.nets.retiolum.aliases)}; sid = "4z3"; @@ -129,23 +133,23 @@ let network_name = "irc.retiolum"; #network_desc = "Retiolum IRC Network"; hub = yes; - + /* On multi-homed hosts you may need the following. These define * the addresses we connect from to other servers. */ /* for IPv4 */ vhost = ${concatMapStringsSep ", " toJSON config.krebs.build.host.nets.retiolum.addrs4}; /* for IPv6 */ vhost6 = ${concatMapStringsSep ", " toJSON config.krebs.build.host.nets.retiolum.addrs6}; - + /* ssl_private_key: our ssl private key */ ssl_private_key = "/tmp/ssl.key"; - + /* ssl_cert: certificate for our ssl server */ ssl_cert = ${toJSON cfg.sslCert}; - + /* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */ ssl_dh_params = "/tmp/dh.pem"; - + /* ssld_count: number of ssld processes you want to start, if you * have a really busy server, using N-1 where N is the number of * cpu/cpu cores you have might be useful. A number greater than one @@ -153,20 +157,20 @@ let * two file descriptors per SSL connection. */ ssld_count = 1; - + /* default max clients: the default maximum number of clients * allowed to connect. This can be changed once ircd has started by * issuing: * /quote set maxclients */ default_max_clients = 1024; - + /* nicklen: enforced nickname length (for this server only; must not * be longer than the maximum length set while building). */ nicklen = 30; }; - + admin { name = "tv"; description = "peer"; @@ -184,11 +188,11 @@ let fname_operspylog = "/dev/stderr"; fname_ioerrorlog = "/dev/stderr"; }; - + /* class {} blocks MUST be specified before anything that uses them. That * means they must be defined before auth {} and before connect {}. */ - + class "krebs" { ping_time = 2 minutes; number_per_ident = 10; @@ -200,7 +204,7 @@ let max_number = 3000; sendq = 1 megabyte; }; - + class "users" { ping_time = 2 minutes; number_per_ident = 10; @@ -212,21 +216,21 @@ let max_number = 3000; sendq = 400 kbytes; }; - + class "opers" { ping_time = 5 minutes; number_per_ip = 10; max_number = 1000; sendq = 1 megabyte; }; - + class "server" { ping_time = 5 minutes; connectfreq = 5 minutes; max_number = 1; sendq = 4 megabytes; }; - + listen { /* defer_accept: wait for clients to send IRC handshake data before * accepting them. if you intend to use software which depends on the @@ -234,7 +238,7 @@ let * otherwise, you probably want to leave it on. */ defer_accept = yes; - + /* If you want to listen on a specific IP only, specify host. * host definitions apply only to the following port line. */ @@ -245,7 +249,7 @@ let port = 6667; sslport = 6697; }; - + /* auth {}: allow users to connect to the ircd (OLD I:) * auth {} blocks MUST be specified in order of precedence. The first one * that matches a user will be used. So place spoofs first, then specials, @@ -260,21 +264,21 @@ let */ user = "*@10.243.0.0/12"; user = "*@42::/16"; - + /* password: an optional password that is required to use this block. * By default this is not encrypted, specify the flag "encrypted" in * flags = ...; below if it is. */ #password = "letmein"; - + /* spoof: fake the users user@host to be be this. You may either * specify a host or a user@host to spoof to. This is free-form, * just do everyone a favour and dont abuse it. (OLD I: = flag) */ #spoof = "I.still.hate.packets"; - + /* Possible flags in auth: - * + * * encrypted | password is encrypted with mkpasswd * spoof_notice | give a notice when spoofing hosts * exceed_limit (old > flag) | allow user to exceed class user limits @@ -293,88 +297,88 @@ let * need_sasl | require SASL id for user in this class */ flags = kline_exempt, exceed_limit, flood_exempt; - + /* class: the class the user is placed in */ class = "krebs"; }; - + auth { user = "*@*"; class = "users"; }; - + /* privset {} blocks MUST be specified before anything that uses them. That * means they must be defined before operator {}. */ privset "local_op" { privs = oper:local_kill, oper:operwall; }; - + privset "server_bot" { extends = "local_op"; privs = oper:kline, oper:remoteban, snomask:nick_changes; }; - + privset "global_op" { extends = "local_op"; privs = oper:global_kill, oper:routing, oper:kline, oper:unkline, oper:xline, oper:resv, oper:mass_notice, oper:remoteban; }; - + privset "admin" { extends = "global_op"; privs = oper:admin, oper:die, oper:rehash, oper:spy, oper:override; }; - + privset "aids" { privs = oper:override, oper:rehash; }; - + operator "aids" { user = "*@10.243.*"; privset = "aids"; flags = ~encrypted; password = "balls"; }; - + operator "god" { /* name: the name of the oper must go above */ - + /* user: the user@host required for this operator. CIDR *is* * supported now. auth{} spoofs work here, other spoofs do not. * multiple user="" lines are supported. */ user = "*god@127.0.0.1"; - + /* password: the password required to oper. Unless ~encrypted is - * contained in flags = ...; this will need to be encrypted using + * contained in flags = ...; this will need to be encrypted using * mkpasswd, MD5 is supported */ password = "5"; - + /* rsa key: the public key for this oper when using Challenge. - * A password should not be defined when this is used, see + * A password should not be defined when this is used, see * doc/challenge.txt for more information. */ #rsa_public_key_file = "/usr/local/ircd/etc/oper.pub"; - + /* umodes: the specific umodes this oper gets when they oper. * If this is specified an oper will not be given oper_umodes * These are described above oper_only_umodes in general {}; */ #umodes = locops, servnotice, operwall, wallop; - + /* fingerprint: if specified, the oper's client certificate * fingerprint will be checked against the specified fingerprint * below. */ #fingerprint = "c77106576abf7f9f90cca0f63874a60f2e40a64b"; - + /* snomask: specific server notice mask on oper up. * If this is specified an oper will not be given oper_snomask. */ snomask = "+Zbfkrsuy"; - + /* flags: misc options for the operator. You may prefix an option * with ~ to disable it, e.g. ~encrypted. * @@ -386,30 +390,30 @@ let * need_ssl: must be using SSL/TLS to oper up */ flags = encrypted; - + /* privset: privileges set to grant */ privset = "admin"; }; - + service { name = "services.int"; }; - + cluster { name = "*"; flags = kline, tkline, unkline, xline, txline, unxline, resv, tresv, unresv; }; - + shared { oper = "*@*", "*"; flags = all, rehash; }; - + /* exempt {}: IPs that are exempt from Dlines and rejectcache. (OLD d:) */ exempt { ip = "127.0.0.1"; }; - + channel { use_invex = yes; use_except = yes; @@ -431,14 +435,14 @@ let channel_target_change = yes; disable_local_channels = no; }; - + serverhide { flatten_links = yes; links_delay = 5 minutes; hidden = no; disable_hidden = no; }; - + /* These are the blacklist settings. * You can have multiple combinations of host and rejection reasons. * They are used in pairs of one host/rejection reason. @@ -471,7 +475,7 @@ let host = "rbl.efnetrbl.org"; type = ipv4; reject_reason = "''${nick}, your IP (''${ip}) is listed in EFnet's RBL. For assistance, see http://efnetrbl.org/?i=''${ip}"; - + # host = "ircbl.ahbl.org"; # type = ipv4; # reject_reason = "''${nick}, your IP (''${ip}) is listed in ''${dnsbl-host} for having an open proxy. In order to protect ''${network-name} from abuse, we are not allowing connections with open proxies to connect."; @@ -485,43 +489,43 @@ let # type = ipv4, ipv6; # reject_reason = "''${nick}, your IP (''${ip}) is listed in ''${dnsbl-host} for some reason. In order to protect ''${network-name} from abuse, we are not allowing connections listed in ''${dnsbl-host} to connect"; }; - + alias "NickServ" { target = "NickServ"; }; - + alias "ChanServ" { target = "ChanServ"; }; - + alias "OperServ" { target = "OperServ"; }; - + alias "MemoServ" { target = "MemoServ"; }; - + alias "NS" { target = "NickServ"; }; - + alias "CS" { target = "ChanServ"; }; - + alias "OS" { target = "OperServ"; }; - + alias "MS" { target = "MemoServ"; }; - + general { hide_error_messages = opers; hide_spoof_ips = yes; - + /* * default_umodes: umodes to enable on connect. * If you have enabled the new ip_cloaking_4.0 module, and you want @@ -533,7 +537,7 @@ let * default_umodes = "+ih"; */ default_umodes = "+i"; - + default_operstring = "is an IRC Operator"; default_adminstring = "is a Server Administrator"; servicestring = "is a Network Service"; @@ -587,17 +591,15 @@ let max_ratelimit_tokens = 30; away_interval = 30; }; - + modules { path = "modules"; path = "modules/autoload"; }; - + exempt { ip = "10.243.0.0/16"; }; ''; - - Zpkgs = import ../../Zpkgs/tv { inherit pkgs; }; in out diff --git a/2configs/tv/consul-client.nix b/tv/configs/consul-client.nix similarity index 100% rename from 2configs/tv/consul-client.nix rename to tv/configs/consul-client.nix diff --git a/2configs/tv/consul-server.nix b/tv/configs/consul-server.nix similarity index 100% rename from 2configs/tv/consul-server.nix rename to tv/configs/consul-server.nix diff --git a/2configs/tv/cryptoroot.nix b/tv/configs/cryptoroot.nix similarity index 100% rename from 2configs/tv/cryptoroot.nix rename to tv/configs/cryptoroot.nix diff --git a/2configs/tv/exim-retiolum.nix b/tv/configs/exim-retiolum.nix similarity index 100% rename from 2configs/tv/exim-retiolum.nix rename to tv/configs/exim-retiolum.nix diff --git a/2configs/tv/exim-smarthost.nix b/tv/configs/exim-smarthost.nix similarity index 100% rename from 2configs/tv/exim-smarthost.nix rename to tv/configs/exim-smarthost.nix diff --git a/2configs/tv/git.nix b/tv/configs/git.nix similarity index 97% rename from 2configs/tv/git.nix rename to tv/configs/git.nix index 2c0cc6b14..01d29012c 100644 --- a/2configs/tv/git.nix +++ b/tv/configs/git.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import ../../4lib/tv { inherit lib pkgs; }; +with import ../lib { inherit lib pkgs; }; let out = { diff --git a/2configs/tv/mail-client.nix b/tv/configs/mail-client.nix similarity index 74% rename from 2configs/tv/mail-client.nix rename to tv/configs/mail-client.nix index 00f9a961a..035f296b9 100644 --- a/2configs/tv/mail-client.nix +++ b/tv/configs/mail-client.nix @@ -1,6 +1,6 @@ { pkgs, ... }: -with import ../../Zpkgs/tv { inherit pkgs; }; +with import ../pkgs { inherit pkgs; }; { environment.systemPackages = [ diff --git a/2configs/tv/smartd.nix b/tv/configs/smartd.nix similarity index 100% rename from 2configs/tv/smartd.nix rename to tv/configs/smartd.nix diff --git a/2configs/tv/synaptics.nix b/tv/configs/synaptics.nix similarity index 100% rename from 2configs/tv/synaptics.nix rename to tv/configs/synaptics.nix diff --git a/2configs/tv/urlwatch.nix b/tv/configs/urlwatch.nix similarity index 100% rename from 2configs/tv/urlwatch.nix rename to tv/configs/urlwatch.nix diff --git a/2configs/tv/urxvt.nix b/tv/configs/urxvt.nix similarity index 100% rename from 2configs/tv/urxvt.nix rename to tv/configs/urxvt.nix diff --git a/2configs/tv/w110er.nix b/tv/configs/w110er.nix similarity index 96% rename from 2configs/tv/w110er.nix rename to tv/configs/w110er.nix index 7ef0e6e9d..96ee8c75b 100644 --- a/2configs/tv/w110er.nix +++ b/tv/configs/w110er.nix @@ -2,7 +2,7 @@ { imports = [ - ../../2configs/tv/smartd.nix + ../configs/smartd.nix ]; boot.extraModprobeConfig = '' diff --git a/2configs/tv/xserver.nix b/tv/configs/xserver.nix similarity index 95% rename from 2configs/tv/xserver.nix rename to tv/configs/xserver.nix index 4a3de482a..ec94359ee 100644 --- a/2configs/tv/xserver.nix +++ b/tv/configs/xserver.nix @@ -2,7 +2,7 @@ { imports = [ - ../../2configs/tv/urxvt.nix # TODO via xserver + ../configs/urxvt.nix # TODO via xserver ]; services.xserver.enable = true; diff --git a/tv/lib/default.nix b/tv/lib/default.nix new file mode 100644 index 000000000..e0a295f17 --- /dev/null +++ b/tv/lib/default.nix @@ -0,0 +1,27 @@ +{ lib, pkgs, ... }: + +let + krebs = import ../../4lib/krebs { inherit lib; }; +in + +with krebs; + +krebs // rec { + + git = import ./git.nix { + lib = krebs; + inherit pkgs; + }; + + # "7.4.335" -> "74" + majmin = with lib; x : concatStrings (take 2 (splitString "." x)); + + shell-escape = + let + isSafeChar = c: match "[-./0-9_a-zA-Z]" c != null; + in + stringAsChars (c: + if isSafeChar c then c + else if c == "\n" then "'\n'" + else "\\${c}"); +} diff --git a/4lib/tv/git.nix b/tv/lib/git.nix similarity index 100% rename from 4lib/tv/git.nix rename to tv/lib/git.nix diff --git a/4lib/tv/modules.nix b/tv/lib/modules.nix similarity index 100% rename from 4lib/tv/modules.nix rename to tv/lib/modules.nix diff --git a/3modules/tv/consul.nix b/tv/modules/consul.nix similarity index 98% rename from 3modules/tv/consul.nix rename to tv/modules/consul.nix index 4e54c2ab0..83a430c2f 100644 --- a/3modules/tv/consul.nix +++ b/tv/modules/consul.nix @@ -5,7 +5,7 @@ # TODO consul-bootstrap HOST that actually does is # TODO tools to inspect state of a cluster in outage state -with import ../../4lib/tv { inherit lib pkgs; }; +with import ../lib { inherit lib pkgs; }; let cfg = config.tv.consul; diff --git a/3modules/tv/default.nix b/tv/modules/default.nix similarity index 100% rename from 3modules/tv/default.nix rename to tv/modules/default.nix diff --git a/3modules/tv/ejabberd.nix b/tv/modules/ejabberd.nix similarity index 100% rename from 3modules/tv/ejabberd.nix rename to tv/modules/ejabberd.nix diff --git a/3modules/tv/iptables.nix b/tv/modules/iptables.nix similarity index 99% rename from 3modules/tv/iptables.nix rename to tv/modules/iptables.nix index 173e5826d..cbf49f577 100644 --- a/3modules/tv/iptables.nix +++ b/tv/modules/iptables.nix @@ -36,9 +36,9 @@ let path = with pkgs; [ iptables ]; - + restartIfChanged = true; - + serviceConfig = { Type = "simple"; RemainAfterExit = true; diff --git a/Zpkgs/tv/charybdis/default.nix b/tv/pkgs/charybdis/default.nix similarity index 100% rename from Zpkgs/tv/charybdis/default.nix rename to tv/pkgs/charybdis/default.nix diff --git a/Zpkgs/tv/charybdis/remove-setenv.patch b/tv/pkgs/charybdis/remove-setenv.patch similarity index 99% rename from Zpkgs/tv/charybdis/remove-setenv.patch rename to tv/pkgs/charybdis/remove-setenv.patch index c53c1ff29..bbaf95e19 100644 --- a/Zpkgs/tv/charybdis/remove-setenv.patch +++ b/tv/pkgs/charybdis/remove-setenv.patch @@ -5,7 +5,7 @@ index 03dd907..3698e85 100644 @@ -82,7 +82,6 @@ start_bandb(void) const char *suffix = ""; #endif - + - rb_setenv("BANDB_DBPATH", PKGLOCALSTATEDIR "/ban.db", 1); if(bandb_path == NULL) { diff --git a/Zpkgs/tv/default.nix b/tv/pkgs/default.nix similarity index 100% rename from Zpkgs/tv/default.nix rename to tv/pkgs/default.nix diff --git a/Zpkgs/tv/lentil/1.patch b/tv/pkgs/lentil/1.patch similarity index 99% rename from Zpkgs/tv/lentil/1.patch rename to tv/pkgs/lentil/1.patch index 6e5a00c73..1ed9818c7 100644 --- a/Zpkgs/tv/lentil/1.patch +++ b/tv/pkgs/lentil/1.patch @@ -4,7 +4,7 @@ diff -rN -u old-lentil/src/Lentil/File.hs new-lentil/src/Lentil/File.hs @@ -13,10 +13,13 @@ import Lentil.Types import Lentil.Parse.Run - + +import System.Directory import System.FilePath import System.FilePath.Find @@ -12,12 +12,12 @@ diff -rN -u old-lentil/src/Lentil/File.hs new-lentil/src/Lentil/File.hs import Data.Monoid import Control.Applicative +import Control.Exception.Base - + import qualified Data.List as L - + @@ -36,7 +39,12 @@ -------------- - + findIssues :: [FilePath] -> [FilePath] -> IO [Issue] -findIssues is xs = find always (findClause is xs) "." >>= issueFinder +findIssues is xs = @@ -26,7 +26,7 @@ diff -rN -u old-lentil/src/Lentil/File.hs new-lentil/src/Lentil/File.hs + mapM (\i -> find always (findClause [i] xs) i) >>= + return . concat >>= + issueFinder - + -- fp to include, fp to exclude, clause findClause :: [FilePath] -> [FilePath] -> FindClause Bool @@ -47,6 +55,6 @@ @@ -36,4 +36,4 @@ diff -rN -u old-lentil/src/Lentil/File.hs new-lentil/src/Lentil/File.hs - fp2fc f = Any . L.isPrefixOf (combine "." f) <$> filePath + fp2fc f = Any . L.isPrefixOf f <$> filePath -- TODO: combine funziona su windows? [feature:intermediate] - + diff --git a/Zpkgs/tv/lentil/default.nix b/tv/pkgs/lentil/default.nix similarity index 100% rename from Zpkgs/tv/lentil/default.nix rename to tv/pkgs/lentil/default.nix diff --git a/Zpkgs/tv/lentil/syntaxes.patch b/tv/pkgs/lentil/syntaxes.patch similarity index 100% rename from Zpkgs/tv/lentil/syntaxes.patch rename to tv/pkgs/lentil/syntaxes.patch diff --git a/Zpkgs/tv/much.nix b/tv/pkgs/much.nix similarity index 100% rename from Zpkgs/tv/much.nix rename to tv/pkgs/much.nix diff --git a/Zpkgs/tv/viljetic-pages/default.nix b/tv/pkgs/viljetic-pages/default.nix similarity index 100% rename from Zpkgs/tv/viljetic-pages/default.nix rename to tv/pkgs/viljetic-pages/default.nix diff --git a/Zpkgs/tv/viljetic-pages/index.html b/tv/pkgs/viljetic-pages/index.html similarity index 100% rename from Zpkgs/tv/viljetic-pages/index.html rename to tv/pkgs/viljetic-pages/index.html diff --git a/Zpkgs/tv/viljetic-pages/logo.xpm b/tv/pkgs/viljetic-pages/logo.xpm similarity index 100% rename from Zpkgs/tv/viljetic-pages/logo.xpm rename to tv/pkgs/viljetic-pages/logo.xpm diff --git a/1systems/tv/cd.nix b/tv/systems/cd.nix similarity index 77% rename from 1systems/tv/cd.nix rename to tv/systems/cd.nix index 6913508b5..037248c49 100644 --- a/1systems/tv/cd.nix +++ b/tv/systems/cd.nix @@ -3,21 +3,37 @@ with lib; let - Zpkgs = import ../../Zpkgs/tv { inherit pkgs; }; + tvpkgs = import ../pkgs { inherit pkgs; }; in { krebs.build.host = config.krebs.hosts.cd; + krebs.build.user = config.krebs.users.tv; + + krebs.build.target = "root@cd.internet"; + + krebs.build.deps = { + nixpkgs = { + url = https://github.com/NixOS/nixpkgs; + rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870"; + }; + secrets = { + url = "/home/tv/secrets/${config.krebs.build.host.name}"; + }; + stockholm = { + url = toString ../..; + }; + }; imports = [ - ../../2configs/tv/CAC-Developer-2.nix - ../../2configs/tv/CAC-CentOS-7-64bit.nix - ../../2configs/tv/base.nix - ../../2configs/tv/consul-server.nix - ../../2configs/tv/exim-smarthost.nix - ../../2configs/tv/git.nix + ../configs/CAC-Developer-2.nix + ../configs/CAC-CentOS-7-64bit.nix + ../configs/base.nix + ../configs/consul-server.nix + ../configs/exim-smarthost.nix + ../configs/git.nix { - imports = [ ../../2configs/tv/charybdis.nix ]; + imports = [ ../configs/charybdis.nix ]; tv.charybdis = { enable = true; sslCert = ../../Zcerts/charybdis_cd.crt.pem; @@ -68,7 +84,7 @@ in server-names = singleton "viljetic.de"; # TODO directly set root (instead via location) locations = singleton (nameValuePair "/" '' - root ${Zpkgs.viljetic-pages}; + root ${tvpkgs.viljetic-pages}; ''); }; } diff --git a/1systems/tv/mkdir.nix b/tv/systems/mkdir.nix similarity index 64% rename from 1systems/tv/mkdir.nix rename to tv/systems/mkdir.nix index 7542ad0ce..f601ec838 100644 --- a/1systems/tv/mkdir.nix +++ b/tv/systems/mkdir.nix @@ -4,14 +4,30 @@ with lib; { krebs.build.host = config.krebs.hosts.mkdir; + krebs.build.user = config.krebs.users.tv; + + krebs.build.target = "root@mkdir.internet"; + + krebs.build.deps = { + nixpkgs = { + url = https://github.com/NixOS/nixpkgs; + rev = "9d5508d85c33b8fb22d79dde6176792eac2c2696"; + }; + secrets = { + url = "/home/tv/secrets/${config.krebs.build.host.name}"; + }; + stockholm = { + url = toString ../..; + }; + }; imports = [ - ../../2configs/tv/CAC-Developer-1.nix - ../../2configs/tv/CAC-CentOS-7-64bit.nix - ../../2configs/tv/base.nix - ../../2configs/tv/consul-server.nix - ../../2configs/tv/exim-smarthost.nix - ../../2configs/tv/git.nix + ../configs/CAC-Developer-1.nix + ../configs/CAC-CentOS-7-64bit.nix + ../configs/base.nix + ../configs/consul-server.nix + ../configs/exim-smarthost.nix + ../configs/git.nix { tv.iptables = { enable = true; diff --git a/1systems/tv/nomic.nix b/tv/systems/nomic.nix similarity index 78% rename from 1systems/tv/nomic.nix rename to tv/systems/nomic.nix index cd6e02596..c96fe3811 100644 --- a/1systems/tv/nomic.nix +++ b/tv/systems/nomic.nix @@ -4,13 +4,29 @@ with lib; { krebs.build.host = config.krebs.hosts.nomic; + krebs.build.user = config.krebs.users.tv; + + krebs.build.target = "root@nomic.gg23"; + + krebs.build.deps = { + nixpkgs = { + url = https://github.com/NixOS/nixpkgs; + rev = "9d5508d85c33b8fb22d79dde6176792eac2c2696"; + }; + secrets = { + url = "/home/tv/secrets/${config.krebs.build.host.name}"; + }; + stockholm = { + url = toString ../..; + }; + }; imports = [ - ../../2configs/tv/AO753.nix - ../../2configs/tv/base.nix - ../../2configs/tv/consul-server.nix - ../../2configs/tv/exim-retiolum.nix - ../../2configs/tv/git.nix + ../configs/AO753.nix + ../configs/base.nix + ../configs/consul-server.nix + ../configs/exim-retiolum.nix + ../configs/git.nix { tv.iptables = { enable = true; diff --git a/1systems/tv/rmdir.nix b/tv/systems/rmdir.nix similarity index 64% rename from 1systems/tv/rmdir.nix rename to tv/systems/rmdir.nix index 9233014ba..fa91516d9 100644 --- a/1systems/tv/rmdir.nix +++ b/tv/systems/rmdir.nix @@ -4,14 +4,30 @@ with lib; { krebs.build.host = config.krebs.hosts.rmdir; + krebs.build.user = config.krebs.users.tv; + + krebs.build.target = "root@rmdir.internet"; + + krebs.build.deps = { + nixpkgs = { + url = https://github.com/NixOS/nixpkgs; + rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870"; + }; + secrets = { + url = "/home/tv/secrets/${config.krebs.build.host.name}"; + }; + stockholm = { + url = toString ../..; + }; + }; imports = [ - ../../2configs/tv/CAC-Developer-1.nix - ../../2configs/tv/CAC-CentOS-7-64bit.nix - ../../2configs/tv/base.nix - ../../2configs/tv/consul-server.nix - ../../2configs/tv/exim-smarthost.nix - ../../2configs/tv/git.nix + ../configs/CAC-Developer-1.nix + ../configs/CAC-CentOS-7-64bit.nix + ../configs/base.nix + ../configs/consul-server.nix + ../configs/exim-smarthost.nix + ../configs/git.nix { tv.iptables = { enable = true; diff --git a/1systems/tv/wu.nix b/tv/systems/wu.nix similarity index 74% rename from 1systems/tv/wu.nix rename to tv/systems/wu.nix index 37264635b..7c52d9484 100644 --- a/1systems/tv/wu.nix +++ b/tv/systems/wu.nix @@ -3,22 +3,38 @@ with lib; let - Zpkgs = import ../../Zpkgs/tv { inherit pkgs; }; + tvpkgs = import ../pkgs { inherit pkgs; }; in { krebs.build.host = config.krebs.hosts.wu; + krebs.build.user = config.krebs.users.tv; + + krebs.build.target = "root@wu"; + + krebs.build.deps = { + nixpkgs = { + url = https://github.com/NixOS/nixpkgs; + rev = "9d5508d85c33b8fb22d79dde6176792eac2c2696"; + }; + secrets = { + url = "/home/tv/secrets/${config.krebs.build.host.name}"; + }; + stockholm = { + url = toString ../..; + }; + }; imports = [ - ../../2configs/tv/w110er.nix - ../../2configs/tv/base.nix - ../../2configs/tv/consul-client.nix - ../../2configs/tv/exim-retiolum.nix - ../../2configs/tv/git.nix - ../../2configs/tv/mail-client.nix - ../../2configs/tv/xserver.nix - ../../2configs/tv/synaptics.nix # TODO w110er if xserver is enabled - ../../2configs/tv/urlwatch.nix + ../configs/w110er.nix + ../configs/base.nix + ../configs/consul-client.nix + ../configs/exim-retiolum.nix + ../configs/git.nix + ../configs/mail-client.nix + ../configs/xserver.nix + ../configs/synaptics.nix # TODO w110er if xserver is enabled + ../configs/urlwatch.nix { environment.systemPackages = with pkgs; [ @@ -26,9 +42,28 @@ in git gnumake parallel - Zpkgs.genid - Zpkgs.hashPassword - Zpkgs.lentil + tvpkgs.genid + tvpkgs.hashPassword + tvpkgs.lentil + (pkgs.writeScriptBin "ff" '' + #! ${pkgs.bash}/bin/bash + exec sudo -u ff -i <