Merge remote-tracking branch 'prism/master'

This commit is contained in:
tv 2020-09-08 22:19:15 +02:00
commit f3aac671f8
27 changed files with 367 additions and 56 deletions

View File

@ -10,8 +10,12 @@ before_script:
- chmod 600 ~/.ssh/gitlab_deploy.key
- echo "$ssh_git_shackspace_serverkey" >> ~/.ssh/known_hosts
# import secret key for secrets
- which gpg
- which gpg2
- echo "$secrets_gpg_key" | gpg --import
deployment test:
tags:
- nix
stage: test
script:
- GIT_SSH_COMMAND="ssh -i ~/.ssh/gitlab_deploy.key" git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain
@ -21,6 +25,8 @@ deployment test:
- $(nix-build krebs/krops.nix --no-out-link --argstr name puyak --argstr target /tmp -A test)
nix-shell test:
stage: test
tags:
- nix
script:
- nix-shell --pure --command 'true' -p stdenv && echo success
- nix-shell --pure --command 'false' -p stdenv || echo success
@ -29,6 +35,9 @@ nix-shell test:
- gpg --version
- curl --version
wolf deployment:
tags:
- shacklan
- nix
stage: deploy
script:
- cp ~/.ssh/gitlab_deploy.key ~/.ssh/id_rsa
@ -44,6 +53,9 @@ wolf deployment:
- .gitmodules
puyak deployment:
stage: deploy
tags:
- shacklan
- nix
script:
- cp ~/.ssh/gitlab_deploy.key ~/.ssh/id_rsa
- git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain
@ -58,6 +70,8 @@ puyak deployment:
- .gitmodules
nur-packages makefu:
stage: deploy
tags:
- nix
script:
- git reset --hard origin/master
- git filter-branch -f --prune-empty --subdirectory-filter makefu/5pkgs HEAD

View File

@ -84,7 +84,7 @@
'';
users.users.joerg = {
openssh.authorizedKeys.keys = [ config.krebs.users.Mic92.pubkey ];
openssh.authorizedKeys.keys = [ config.krebs.users.mic92.pubkey ];
isNormalUser = true;
shell = "/run/current-system/sw/bin/zsh";
};

View File

@ -14,6 +14,8 @@ in
## registrationConfigurationFile contains:
# CI_SERVER_URL=<CI server URL>
# REGISTRATION_TOKEN=<registration secret>
# RUNNER_TAG_LIST=nix,shacklan
# RUNNER_NAME=stockholm-runner-$name
registrationConfigFile = <secrets/shackspace-gitlab-ci>;
#gracefulTermination = true;
};

View File

@ -2,7 +2,7 @@
# switch.crafting_giesskanne_relay
let
glados = import ../lib;
seconds = 5;
seconds = 10;
wasser = "switch.crafting_giesskanne_relay";
in
{

View File

@ -33,6 +33,10 @@
printing = bsd
printcap name = /dev/null
disable spoolss = yes
# for legacy systems
client min protocol = NT1
server min protocol = NT1
'';
};
}

View File

@ -1,9 +1,41 @@
{ config, ... }:
{ config, pkgs, ... }:
with import <stockholm/lib>;
let
setupGit = ''
export PATH=${makeBinPath [ pkgs.git ]}
export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.krebs.gollum.stateDir}/.ssh/id_ed25519'
repo='git@localhost:wiki'
cd ${config.krebs.gollum.stateDir}
if ! url=$(git config remote.origin.url); then
git remote add origin "$repo"
elif test "$url" != "$repo"; then
git remote set-url origin "$repo"
fi
'';
pushGollum = pkgs.writeDash "push_gollum" ''
${setupGit}
git fetch origin
git merge --ff-only origin/master
'';
pushCgit = pkgs.writeDash "push_cgit" ''
${setupGit}
git push origin master
'';
in
{
services.gollum = {
krebs.gollum = {
enable = true;
extraConfig = ''
Gollum::Hook.register(:post_commit, :hook_id) do |committer, sha1|
system('${pushCgit}')
end
'';
};
networking.firewall.allowedTCPPorts = [ 80 ];
services.nginx = {
enable = true;
@ -16,4 +48,51 @@
'';
};
};
krebs.git = {
enable = true;
cgit.settings = {
root-title = "krebs repos";
};
rules = with git; [
{
user = [
{
name = "gollum";
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMXbjDnQWg8EECsNRZZWezocMIiuENhCSQFcFUXcsOQ6";
}
] ++ (attrValues config.krebs.users);
repo = [ config.krebs.git.repos.wiki ];
perm = push ''refs/heads/master'' [ create merge ];
}
];
repos.wiki = {
public = true;
name = "wiki";
hooks = {
post-receive = ''
${pkgs.git-hooks.irc-announce {
channel = "#xxx";
refs = [
"refs/heads/master"
];
nick = config.networking.hostName;
server = "irc.r";
verbose = true;
}}
/run/wrappers/bin/sudo -S -u gollum ${pushGollum}
'';
};
};
};
krebs.secret.files.gollum = {
path = "${config.krebs.gollum.stateDir}/.ssh/id_ed25519";
owner = { name = "gollum"; };
source-path = "${<secrets/gollum.id_ed25519>}";
};
security.sudo.extraConfig = ''
git ALL=(gollum) NOPASSWD: ${pushGollum}
'';
}

View File

@ -27,6 +27,7 @@ let
./github-known-hosts.nix
./git.nix
./go.nix
./gollum.nix
./hidden-ssh.nix
./hosts.nix
./htgen.nix

View File

@ -465,9 +465,9 @@ in {
mail = "kieran.meinhardt@gmail.com";
pubkey = ssh-for "kmein";
};
Mic92 = {
mic92 = {
mail = "joerg@thalheim.io";
pubkey = ssh-for "Mic92";
pubkey = ssh-for "mic92";
};
qubasa = {
mail = "luis.nixos@gmail.com";

View File

@ -11,7 +11,7 @@ with import <stockholm/lib>;
in {
hosts = mapAttrs hostDefaults {
amy = {
owner = config.krebs.users.Mic92;
owner = config.krebs.users.mic92;
nets = rec {
internet = {
ip4.addr = "129.215.165.57";
@ -44,7 +44,7 @@ in {
};
};
clara = {
owner = config.krebs.users.Mic92;
owner = config.krebs.users.mic92;
nets = rec {
internet = {
ip4.addr = "129.215.165.58";
@ -77,7 +77,7 @@ in {
};
};
dimitrios = {
owner = config.krebs.users.Mic92;
owner = config.krebs.users.mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.183";
@ -98,7 +98,7 @@ in {
};
};
donna = {
owner = config.krebs.users.Mic92;
owner = config.krebs.users.mic92;
nets = rec {
internet = {
ip4.addr = "129.215.165.54";
@ -132,7 +132,7 @@ in {
};
};
dpdkm = {
owner = config.krebs.users.Mic92;
owner = config.krebs.users.mic92;
nets = rec {
retiolum = {
ip4.addr = "10.243.29.173";
@ -156,7 +156,7 @@ in {
};
};
herbert = {
owner = config.krebs.users.Mic92;
owner = config.krebs.users.mic92;
nets = rec {
retiolum = {
addrs = [
@ -179,7 +179,7 @@ in {
};
};
inspector = {
owner = config.krebs.users.Mic92;
owner = config.krebs.users.mic92;
nets = rec {
internet = {
ip4.addr = "141.76.44.154";
@ -208,7 +208,7 @@ in {
};
};
eddie = {
owner = config.krebs.users.Mic92;
owner = config.krebs.users.mic92;
nets = rec {
internet = {
# eddie.thalheim.io
@ -242,7 +242,7 @@ in {
};
};
eve = {
owner = config.krebs.users.Mic92;
owner = config.krebs.users.mic92;
nets = rec {
internet = {
# eve.thalheim.io
@ -273,13 +273,17 @@ in {
Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
# ohorn lan
tinc.subnets = [ "fd42:4492:6a6d:500:8526:2adf:7451:8bbb" ];
tinc.subnets = [
# ohorn lan
"fd42:4492:6a6d:500:8526:2adf:7451:8bbb"
# docker network
"42:0000:002b:1605:3::/80"
];
};
};
};
martha = {
owner = config.krebs.users.Mic92;
owner = config.krebs.users.mic92;
nets = rec {
internet = {
ip4.addr = "129.215.165.53";
@ -313,7 +317,7 @@ in {
};
};
matchbox = {
owner = config.krebs.users.Mic92;
owner = config.krebs.users.mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.176";
@ -339,7 +343,7 @@ in {
};
};
rock = {
owner = config.krebs.users.Mic92;
owner = config.krebs.users.mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.171";
@ -363,7 +367,7 @@ in {
};
};
rose = {
owner = config.krebs.users.Mic92;
owner = config.krebs.users.mic92;
nets = rec {
internet = {
ip4.addr = "129.215.165.52";
@ -397,7 +401,7 @@ in {
};
};
turingmachine = {
owner = config.krebs.users.Mic92;
owner = config.krebs.users.mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.168";
@ -425,7 +429,7 @@ in {
};
};
harsha = {
owner = config.krebs.users.Mic92;
owner = config.krebs.users.mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.184";
@ -446,22 +450,35 @@ in {
};
};
eva = {
owner = config.krebs.users.Mic92;
nets = {
owner = config.krebs.users.mic92;
nets = rec {
internet = {
# eva.thalheim.io
ip4.addr = "52.59.172.193";
ip6.addr = "2a05:d014:301:a601:ef0e:5434:d814:b8ed";
aliases = [ "eva.i" ];
};
retiolum = {
via = internet;
ip4.addr = "10.243.29.185";
aliases = [
"eva.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAqIc+ozq3hKHMe/X3v4j+6or8LMjEV7MtQ8/+n00xpG4NkI4G38Bv
3nmAcV7OhN6of0fr0psbBmym+2VxCZbpl8E3g1GWSKpAvlmP/9v4wDVdrADaTvXC
pzCxejtCwEhKLisnMwCMJCuUPbIsSBU+IQDPKP7NP0yY5VapgW3Xl3qXpnehCW1r
NBZjZASnhSXcJRLJayEDN6uBviYrnnfbrHOx4fPcjQPTHX5RYr3EbgGZQO9xki44
9dKT4EA95lupTqC3wzuQbaNpvIuVzmggiDY/NsBIVh0/2XjGnO54wtCEPudaLnWd
WNtc1wfVFB6gzgG1N7msOuFUReOIfyF/ywIDAQAB
-----END RSA PUBLIC KEY-----
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyHptaExEcSUjEJ+RH33h
uRK0Ttq8mJLDosWFYcoQkcL9S54aO9kF1gRJAKPBHoOt/IGeOxg2LNYWK6UjWfUy
LB9c42EQ1wWZ2jSJ0LJgYzjR9cp3dlo9aHSa//O6p6eLpXRo9QLf8+aIWhNW5+BG
sLIMR5b6Ngc2l8xQS+wvMmvTWJt3LyfQ6AKiKwCjeyrUFiuw0VWSn1I6n7H+CZBZ
f/UvSxLucy1e0rvbHoTITOflIAfA84iCHsHsZjVqrx1iyOMdPtY2sBPmWhtVemDo
duwzUpIuaJnWS7JOB4jsYWm672/KfzK7yAivqxD19OwqfZ3nNQ7sEDb3p4udw2Lf
0dqHwZ5Hoj21vs3XiXX/SHcSf5QLzpj1MWBkV3r1D8I8v3P5qUbLunCofp3d9GxE
N0gK06gqbLNonJvC/WD7lxeY32Rh1wYXbzbD/X6aWe/oD8WMIl312hH4cHQHOnVT
t76NISlYTPxwX5mfFsBm8t0GjnnWY2jLwaefk7N/CwoDaKhkhmw1oeAZMuRcDRvE
0ecpO4CZ6CcYERLxoYHgEAj3cMkSrQ8dT6XS4b9EO4hW4zCQ3RK9xDz71+uaihuB
6uuTTsn7s0PYBJDNdccOf1Qt8fqPPgzqUKqeUciHojYDDPTC5KQh5m2PBv4I4iIR
LnKOqNUX7UCqbdaE/tfFRG0CAwEAAQ==
-----END PUBLIC KEY-----
'';
};
};

112
krebs/3modules/gollum.nix Normal file
View File

@ -0,0 +1,112 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.krebs.gollum;
in
{
options.krebs.gollum = {
enable = mkOption {
type = types.bool;
default = false;
description = "Enable the Gollum service.";
};
address = mkOption {
type = types.str;
default = "0.0.0.0";
description = "IP address on which the web server will listen.";
};
port = mkOption {
type = types.int;
default = 4567;
description = "Port on which the web server will run.";
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = "Content of the configuration file";
};
mathjax = mkOption {
type = types.bool;
default = false;
description = "Enable support for math rendering using MathJax";
};
allowUploads = mkOption {
type = types.nullOr (types.enum [ "dir" "page" ]);
default = null;
description = "Enable uploads of external files";
};
emoji = mkOption {
type = types.bool;
default = false;
description = "Parse and interpret emoji tags";
};
branch = mkOption {
type = types.str;
default = "master";
example = "develop";
description = "Git branch to serve";
};
stateDir = mkOption {
type = types.path;
default = "/var/lib/gollum";
description = "Specifies the path of the repository directory. If it does not exist, Gollum will create it on startup.";
};
};
config = mkIf cfg.enable {
users.users.gollum = {
group = config.users.users.gollum.name;
description = "Gollum user";
home = cfg.stateDir;
createHome = false;
isSystemUser = true;
};
users.groups.gollum = { };
systemd.tmpfiles.rules = [
"d '${cfg.stateDir}' - ${config.users.users.gollum.name} ${config.users.groups.gollum.name} - -"
];
systemd.services.gollum = {
description = "Gollum wiki";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.git ];
preStart = ''
# This is safe to be run on an existing repo
git init ${cfg.stateDir}
'';
serviceConfig = {
User = config.users.users.gollum.name;
Group = config.users.groups.gollum.name;
ExecStart = ''
${pkgs.gollum}/bin/gollum \
--port ${toString cfg.port} \
--host ${cfg.address} \
--config ${pkgs.writeText "gollum-config.rb" cfg.extraConfig} \
--ref ${cfg.branch} \
${optionalString cfg.mathjax "--mathjax"} \
${optionalString cfg.emoji "--emoji"} \
${optionalString (cfg.allowUploads != null) "--allow-uploads ${cfg.allowUploads}"} \
${cfg.stateDir}
'';
};
};
};
}

View File

@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
"rev": "8e2b14aceb1d40c7e8b84c03a7c78955359872bb",
"date": "2020-08-05T09:17:35+01:00",
"sha256": "0zzjpd9smr7rxzrdf6raw9kbj42fbvafxb5bz36lcxgv290pgsm8",
"rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
"date": "2020-08-20T19:08:02+02:00",
"sha256": "1ak7jqx94fjhc68xh1lh35kh3w3ndbadprrb762qgvcfb8351x8v",
"fetchSubmodules": false
}

View File

@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
"rev": "e23e05452c67ce406debffa831290fb3abaabf0e",
"date": "2020-08-06T15:33:30+02:00",
"sha256": "10wlcm20bvak8cxjhfvmn0vm4n9da3zl19026h66zc1wfmcqgrkp",
"rev": "42674051d12540d4a996504990c6ea3619505953",
"date": "2020-09-06T21:21:08-04:00",
"sha256": "1hz1n1hghilgzk4zlya498xm5lvhsf0r5b49yii7q86h3616fhwy",
"fetchSubmodules": false
}

View File

@ -15,14 +15,6 @@ with import <stockholm/lib>;
krebs.build.host = config.krebs.hosts.blue;
environment.shellAliases = {
deploy = pkgs.writeDash "deploy" ''
set -eu
export SYSTEM="$1"
$(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
'';
};
networking.nameservers = [ "1.1.1.1" ];
services.restic.backups = genAttrs [

View File

@ -396,12 +396,12 @@ with import <stockholm/lib>;
];
}
{
nix.trustedUsers = [ "Mic92" ];
users.users.Mic92 = {
uid = genid_uint31 "Mic92";
nix.trustedUsers = [ "mic92" ];
users.users.mic92 = {
uid = genid_uint31 "mic92";
isNormalUser = true;
openssh.authorizedKeys.keys = [
config.krebs.users.Mic92.pubkey
config.krebs.users.mic92.pubkey
];
};
}

View File

@ -93,6 +93,7 @@ with import <stockholm/lib>;
environment.systemPackages = with pkgs; [
#stockholm
deploy
git
gnumake
jq

View File

@ -0,0 +1,6 @@
{ writers }:
writers.writeDashBin "deploy" ''
set -eu
export SYSTEM="$1"
$(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
''

View File

@ -0,0 +1,4 @@
{
MATRIX_TOKEN="a";
MATRIX_ID="b";
}

View File

@ -3,4 +3,8 @@
platform = "generic";
still_image_url = http://127.0.0.1:8123/local/lines.png ;
}
{ name = "XKCD";
platform = "generic";
still_image_url = http://127.0.0.1:8123/local/xkcd.png ;
}
]

View File

@ -6,21 +6,29 @@ let
in {
systemd.services.comic-updater = {
startAt = "daily";
description = "Send led change to message queue";
description = "update our comics";
after = [ "network-online.target" ] ++ (lib.optional config.services.mosquitto.enable "mosquitto.service");
path = with pkgs; [ wget xmlstarlet ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "hass";
WorkingDirectory = config.services.home-assistant.configDir;
ExecStart = pkgs.writeDash "update-poorly-drawn-lines" ''
ExecStart = pkgs.writeDash "update-comics" ''
set -euf
mkdir -p www/
cd www/
# poorly drawn lines
pic=$(wget -O- http://www.poorlydrawnlines.com/feed/ \
| xml sel -t -v '/rss/channel/item/content:encoded' \
| head -n 2 | sed -n 's/.*src="\([^"]\+\)".*/\1/p' )
wget "$pic" -nc && cp -v "$(basename "$pic")" lines.png
#pic=$(curl -L xkcd.com 2>/dev/null | grep imgs.xkcd.com | grep title | sed -n 's/.*src="\([^"]\+\)" .*/https:\1/p')
# xkcd
pic=$(wget -O- https://xkcd.com/rss.xml \
| xml sel -t -v '/rss/channel/item/description' \
| head -n 1 | sed -n 's/.*src="\([^"]\+\)".*/\1/p' )
wget "$pic" -nc && cp -v "$(basename "$pic")" xkcd.png
'';
PrivateTmp = true;
};

View File

@ -137,9 +137,9 @@ in {
++ frosch.binary_sensor
++ aramark.binary_sensor;
sensor =
# [{ platform = "version"; }] ++ # pyhaversion
(import ./sensor/pollen.nix)
sensor = []
++ [{ platform = "version"; }] # pyhaversion
++ (import ./sensor/pollen.nix)
++ (import ./sensor/espeasy.nix)
++ (import ./sensor/airquality.nix)
++ ((import ./sensor/outside.nix) {inherit lib;})
@ -238,6 +238,7 @@ in {
"camera.Autobahn_Singen"
"camera.puppies"
"camera.poorly_drawn_lines"
"camera.xkcd"
];
nachtlicht = [
"switch.nachtlicht_a"

View File

@ -19,6 +19,7 @@ let
cgit.desc = "Yet Another Check-Out System";
};
ebk-notify.cgit.desc = "Ebay Kleinanzeigen Notify";
kalauerbot.cgit.desc = "Kalauer König";
};
krebs-repos = mapAttrs make-krebs-repo {

View File

@ -5,5 +5,7 @@
hdl-dump
bin2iso
cue2pops
nx_game_info
hactool
];
}

View File

@ -7,6 +7,7 @@
vlc
mumble
mplayer
mpv
# quodlibet # exfalso
tinymediamanager

View File

@ -0,0 +1,30 @@
{ lib, stdenv, fetchFromGitHub
}:
stdenv.mkDerivation rec {
pname = "hactool";
name = "${pname}-${version}";
version = "1.4.0";
src = fetchFromGitHub {
owner = "SciresM";
repo = "hactool";
rev = version;
sha256 = "0305ngsnwm8npzgyhyifasi4l802xnfz19r0kbzzniirmcn4082d";
};
preBuild = ''
cp config.mk.template config.mk
'';
installPhase = ''
install -D hactool $out/bin/hactool
'';
buildInputs = [ ];
nativeBuildInputs = [ ];
meta = {
description = "tool to view information about, decrypt, and extract common file formats for the Nintendo Switch, especially Nintendo Content Archives";
homepage = https://github.com/SciresM/hactool;
license = stdenv.lib.licenses.isc;
platforms = stdenv.lib.platforms.linux;
maintainers = with stdenv.lib.maintainers; [ makefu ];
};
}

View File

@ -0,0 +1,32 @@
{ lib, stdenv, fetchurl , mono , unzip
}:
stdenv.mkDerivation rec {
pname = "NX_Game_Info";
name = "${pname}-${version}";
version = "0.7.1";
src = fetchurl {
url = "https://github.com/garoxas/NX_Game_Info/releases/download/v${version}/NX.Game.Info_${version}_cli.zip";
sha256 = "179hkgraydm5hg5fcs1xwh07cx7rbcfwklfak83f0sl1pbya542h";
};
sourceRoot = ".";
buildInputs = [ unzip ];
buildPhase = ":";
installPhase = ''
mkdir -p $out/{bin,lib}
cp * $out/lib/
cat > $out/bin/nxgameinfo_cli <<EOF
${mono}/bin/mono $out/lib/nxgameinfo_cli.exe "\$@"
EOF
chmod +x $out/bin/nxgameinfo_cli
'';
meta = {
description = "Tool to read information from Nintendo Switch game files";
homepage = https://github.com/garoxas/NX_Game_Info;
license = stdenv.lib.licenses.gpl3;
platforms = stdenv.lib.platforms.linux;
maintainers = with stdenv.lib.maintainers; [ makefu ];
};
}