From 93606315b99a2540c5859d93eb2377ae32fa6506 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 4 Aug 2020 21:25:09 +0200 Subject: [PATCH 01/22] shack/share: downgrade samba security --- krebs/2configs/shack/share.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/krebs/2configs/shack/share.nix b/krebs/2configs/shack/share.nix index 247b9ee7d..465d6ef69 100644 --- a/krebs/2configs/shack/share.nix +++ b/krebs/2configs/shack/share.nix @@ -33,6 +33,10 @@ printing = bsd printcap name = /dev/null disable spoolss = yes + + # for legacy systems + client min protocol = NT1 + server min protocol = NT1 ''; }; } From 57e21968fcef02ddbaf0d87a06358542232b4d90 Mon Sep 17 00:00:00 2001 From: Neos Date: Mon, 10 Aug 2020 20:16:12 +0200 Subject: [PATCH 02/22] =?UTF-8?q?Changed=20Gie=C3=9Fzeit=20to=2010=20secon?= =?UTF-8?q?ds?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- krebs/2configs/shack/glados/multi/wasser.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/2configs/shack/glados/multi/wasser.nix b/krebs/2configs/shack/glados/multi/wasser.nix index 0a7ffc41c..6f3dc98ad 100644 --- a/krebs/2configs/shack/glados/multi/wasser.nix +++ b/krebs/2configs/shack/glados/multi/wasser.nix @@ -2,7 +2,7 @@ # switch.crafting_giesskanne_relay let glados = import ../lib; - seconds = 5; + seconds = 10; wasser = "switch.crafting_giesskanne_relay"; in { From 5ccb8e08e82a171749e9f93fea38b2c4d55cd868 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 12 Aug 2020 12:23:01 +0200 Subject: [PATCH 03/22] ma bureautomation: fetch latest xkcd comic --- makefu/2configs/bureautomation/camera/comic.nix | 4 ++++ makefu/2configs/bureautomation/comic-updater.nix | 12 ++++++++++-- makefu/2configs/bureautomation/default.nix | 7 ++++--- 3 files changed, 18 insertions(+), 5 deletions(-) diff --git a/makefu/2configs/bureautomation/camera/comic.nix b/makefu/2configs/bureautomation/camera/comic.nix index a847b0add..a523d032e 100644 --- a/makefu/2configs/bureautomation/camera/comic.nix +++ b/makefu/2configs/bureautomation/camera/comic.nix @@ -3,4 +3,8 @@ platform = "generic"; still_image_url = http://127.0.0.1:8123/local/lines.png ; } + { name = "XKCD"; + platform = "generic"; + still_image_url = http://127.0.0.1:8123/local/xkcd.png ; + } ] diff --git a/makefu/2configs/bureautomation/comic-updater.nix b/makefu/2configs/bureautomation/comic-updater.nix index 5f26bc2c7..1e2440939 100644 --- a/makefu/2configs/bureautomation/comic-updater.nix +++ b/makefu/2configs/bureautomation/comic-updater.nix @@ -6,21 +6,29 @@ let in { systemd.services.comic-updater = { startAt = "daily"; - description = "Send led change to message queue"; + description = "update our comics"; after = [ "network-online.target" ] ++ (lib.optional config.services.mosquitto.enable "mosquitto.service"); path = with pkgs; [ wget xmlstarlet ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { User = "hass"; WorkingDirectory = config.services.home-assistant.configDir; - ExecStart = pkgs.writeDash "update-poorly-drawn-lines" '' + ExecStart = pkgs.writeDash "update-comics" '' set -euf mkdir -p www/ cd www/ + # poorly drawn lines pic=$(wget -O- http://www.poorlydrawnlines.com/feed/ \ | xml sel -t -v '/rss/channel/item/content:encoded' \ | head -n 2 | sed -n 's/.*src="\([^"]\+\)".*/\1/p' ) wget "$pic" -nc && cp -v "$(basename "$pic")" lines.png + + #pic=$(curl -L xkcd.com 2>/dev/null | grep imgs.xkcd.com | grep title | sed -n 's/.*src="\([^"]\+\)" .*/https:\1/p') + # xkcd + pic=$(wget -O- https://xkcd.com/rss.xml \ + | xml sel -t -v '/rss/channel/item/description' \ + | head -n 1 | sed -n 's/.*src="\([^"]\+\)".*/\1/p' ) + wget "$pic" -nc && cp -v "$(basename "$pic")" xkcd.png ''; PrivateTmp = true; }; diff --git a/makefu/2configs/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix index c115bcb6c..9b33595f4 100644 --- a/makefu/2configs/bureautomation/default.nix +++ b/makefu/2configs/bureautomation/default.nix @@ -137,9 +137,9 @@ in { ++ frosch.binary_sensor ++ aramark.binary_sensor; - sensor = - # [{ platform = "version"; }] ++ # pyhaversion - (import ./sensor/pollen.nix) + sensor = [] + ++ [{ platform = "version"; }] # pyhaversion + ++ (import ./sensor/pollen.nix) ++ (import ./sensor/espeasy.nix) ++ (import ./sensor/airquality.nix) ++ ((import ./sensor/outside.nix) {inherit lib;}) @@ -238,6 +238,7 @@ in { "camera.Autobahn_Singen" "camera.puppies" "camera.poorly_drawn_lines" + "camera.xkcd" ]; nachtlicht = [ "switch.nachtlicht_a" From 19cc72be381b5718af90418cff45635f94a2012a Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Aug 2020 19:14:52 +0200 Subject: [PATCH 04/22] wiki: announce changes in #xxx, serve with cgit --- krebs/0tests/data/secrets/gollum.id_ed25519 | 0 krebs/2configs/wiki.nix | 64 ++++++++++- krebs/3modules/default.nix | 1 + krebs/3modules/gollum.nix | 112 ++++++++++++++++++++ 4 files changed, 175 insertions(+), 2 deletions(-) create mode 100644 krebs/0tests/data/secrets/gollum.id_ed25519 create mode 100644 krebs/3modules/gollum.nix diff --git a/krebs/0tests/data/secrets/gollum.id_ed25519 b/krebs/0tests/data/secrets/gollum.id_ed25519 new file mode 100644 index 000000000..e69de29bb diff --git a/krebs/2configs/wiki.nix b/krebs/2configs/wiki.nix index 2350e711e..dc6de2efd 100644 --- a/krebs/2configs/wiki.nix +++ b/krebs/2configs/wiki.nix @@ -1,9 +1,26 @@ -{ config, ... }: +{ config, pkgs, ... }: +with import ; { - services.gollum = { + krebs.gollum = { enable = true; + extraConfig = '' + Gollum::Hook.register(:post_commit, :hook_id) do |committer, sha1| + system('${toString (pkgs.writers.writeDash "debuglol" '' + export PATH=${makeBinPath [ pkgs.git ]} + export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.krebs.gollum.stateDir}/.ssh/id_ed25519' + cd ${config.krebs.gollum.stateDir} + if ! url=$(git config remote.origin.url); then + git remote add origin git@localhost:gollum + elif test "$url" != 'git@localhost:gollum'; then + git remote set-url origin git@localhost:gollum + fi + git push origin master + '')}') + end + ''; }; + networking.firewall.allowedTCPPorts = [ 80 ]; services.nginx = { enable = true; @@ -16,4 +33,47 @@ ''; }; }; + + krebs.git = { + enable = true; + cgit.settings = { + root-title = "krebs repos"; + }; + rules = with git; [ + { + user = [ + { + name = "gollum"; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMXbjDnQWg8EECsNRZZWezocMIiuENhCSQFcFUXcsOQ6"; + } + config.krebs.users.lass-mors + ]; + repo = [ config.krebs.git.repos.gollum ]; + perm = push ''refs/*'' [ create merge ]; + } + ]; + repos.gollum = { + public = true; + name = "gollum"; + hooks = { + post-receive = pkgs.git-hooks.irc-announce { + channel = "#xxx"; + refs = [ + "refs/heads/master" + "refs/heads/newest" + "refs/tags/*" + ]; + nick = config.networking.hostName; + server = "irc.r"; + verbose = true; + }; + }; + }; + }; + + krebs.secret.files.gollum = { + path = "${config.krebs.gollum.stateDir}/.ssh/id_ed25519"; + owner = { name = "gollum"; }; + source-path = "${}"; + }; } diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index f3180722d..2772bf986 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -27,6 +27,7 @@ let ./github-known-hosts.nix ./git.nix ./go.nix + ./gollum.nix ./hidden-ssh.nix ./hosts.nix ./htgen.nix diff --git a/krebs/3modules/gollum.nix b/krebs/3modules/gollum.nix new file mode 100644 index 000000000..4b4e04d16 --- /dev/null +++ b/krebs/3modules/gollum.nix @@ -0,0 +1,112 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.krebs.gollum; +in + +{ + options.krebs.gollum = { + enable = mkOption { + type = types.bool; + default = false; + description = "Enable the Gollum service."; + }; + + address = mkOption { + type = types.str; + default = "0.0.0.0"; + description = "IP address on which the web server will listen."; + }; + + port = mkOption { + type = types.int; + default = 4567; + description = "Port on which the web server will run."; + }; + + extraConfig = mkOption { + type = types.lines; + default = ""; + description = "Content of the configuration file"; + }; + + mathjax = mkOption { + type = types.bool; + default = false; + description = "Enable support for math rendering using MathJax"; + }; + + allowUploads = mkOption { + type = types.nullOr (types.enum [ "dir" "page" ]); + default = null; + description = "Enable uploads of external files"; + }; + + emoji = mkOption { + type = types.bool; + default = false; + description = "Parse and interpret emoji tags"; + }; + + branch = mkOption { + type = types.str; + default = "master"; + example = "develop"; + description = "Git branch to serve"; + }; + + stateDir = mkOption { + type = types.path; + default = "/var/lib/gollum"; + description = "Specifies the path of the repository directory. If it does not exist, Gollum will create it on startup."; + }; + + }; + + config = mkIf cfg.enable { + + users.users.gollum = { + group = config.users.users.gollum.name; + description = "Gollum user"; + home = cfg.stateDir; + createHome = false; + isSystemUser = true; + }; + + users.groups.gollum = { }; + + systemd.tmpfiles.rules = [ + "d '${cfg.stateDir}' - ${config.users.users.gollum.name} ${config.users.groups.gollum.name} - -" + ]; + + systemd.services.gollum = { + description = "Gollum wiki"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.git ]; + + preStart = '' + # This is safe to be run on an existing repo + git init ${cfg.stateDir} + ''; + + serviceConfig = { + User = config.users.users.gollum.name; + Group = config.users.groups.gollum.name; + ExecStart = '' + ${pkgs.gollum}/bin/gollum \ + --port ${toString cfg.port} \ + --host ${cfg.address} \ + --config ${pkgs.writeText "gollum-config.rb" cfg.extraConfig} \ + --ref ${cfg.branch} \ + ${optionalString cfg.mathjax "--mathjax"} \ + ${optionalString cfg.emoji "--emoji"} \ + ${optionalString (cfg.allowUploads != null) "--allow-uploads ${cfg.allowUploads}"} \ + ${cfg.stateDir} + ''; + }; + }; + }; +} From 84da9293b05160f3a55b598de16e88b26c82520c Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 12 Aug 2020 20:45:32 +0200 Subject: [PATCH 05/22] gitlab-ci: debug gpg issue --- .gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4a7a4e605..cf8f6e8f4 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -10,6 +10,8 @@ before_script: - chmod 600 ~/.ssh/gitlab_deploy.key - echo "$ssh_git_shackspace_serverkey" >> ~/.ssh/known_hosts # import secret key for secrets + - which gpg + - which gpg2 - echo "$secrets_gpg_key" | gpg --import deployment test: stage: test From 514ba4d303e663529f347d5c3adbaece0f94361b Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Aug 2020 20:49:54 +0200 Subject: [PATCH 06/22] wiki: rename repo to wiki --- krebs/2configs/wiki.nix | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/krebs/2configs/wiki.nix b/krebs/2configs/wiki.nix index dc6de2efd..ad88d666b 100644 --- a/krebs/2configs/wiki.nix +++ b/krebs/2configs/wiki.nix @@ -6,14 +6,15 @@ with import ; enable = true; extraConfig = '' Gollum::Hook.register(:post_commit, :hook_id) do |committer, sha1| - system('${toString (pkgs.writers.writeDash "debuglol" '' + system('${toString (pkgs.writers.writeDash "push_cgit" '' export PATH=${makeBinPath [ pkgs.git ]} export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.krebs.gollum.stateDir}/.ssh/id_ed25519' + repo='git@localhost:wiki' cd ${config.krebs.gollum.stateDir} if ! url=$(git config remote.origin.url); then - git remote add origin git@localhost:gollum - elif test "$url" != 'git@localhost:gollum'; then - git remote set-url origin git@localhost:gollum + git remote add origin "$repo" + elif test "$url" != "$repo"; then + git remote set-url origin "$repo" fi git push origin master '')}') @@ -48,13 +49,13 @@ with import ; } config.krebs.users.lass-mors ]; - repo = [ config.krebs.git.repos.gollum ]; + repo = [ config.krebs.git.repos.wiki ]; perm = push ''refs/*'' [ create merge ]; } ]; - repos.gollum = { + repos.wiki = { public = true; - name = "gollum"; + name = "wiki"; hooks = { post-receive = pkgs.git-hooks.irc-announce { channel = "#xxx"; From b42fe392f34554315d8aff7c808f73a5eb25badc Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Aug 2020 21:38:32 +0200 Subject: [PATCH 07/22] l: add deploy to all systems --- lass/1systems/blue/config.nix | 8 -------- lass/2configs/default.nix | 1 + lass/5pkgs/deploy/default.nix | 6 ++++++ 3 files changed, 7 insertions(+), 8 deletions(-) create mode 100644 lass/5pkgs/deploy/default.nix diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index 14f4971f7..c46bb351e 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -15,14 +15,6 @@ with import ; krebs.build.host = config.krebs.hosts.blue; - environment.shellAliases = { - deploy = pkgs.writeDash "deploy" '' - set -eu - export SYSTEM="$1" - $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) - ''; - }; - networking.nameservers = [ "1.1.1.1" ]; services.restic.backups = genAttrs [ diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index b0d7ff23b..ae2754c96 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -93,6 +93,7 @@ with import ; environment.systemPackages = with pkgs; [ #stockholm + deploy git gnumake jq diff --git a/lass/5pkgs/deploy/default.nix b/lass/5pkgs/deploy/default.nix new file mode 100644 index 000000000..c07cf20d1 --- /dev/null +++ b/lass/5pkgs/deploy/default.nix @@ -0,0 +1,6 @@ +{ writers }: +writers.writeDashBin "deploy" '' + set -eu + export SYSTEM="$1" + $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) +'' From 03939b14e1d5820bee8c43d63b34c6e3e0e5eac4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Aug 2020 22:52:37 +0200 Subject: [PATCH 08/22] wiki: allow push to git --- krebs/2configs/wiki.nix | 70 ++++++++++++++++++++++++++--------------- 1 file changed, 44 insertions(+), 26 deletions(-) diff --git a/krebs/2configs/wiki.nix b/krebs/2configs/wiki.nix index ad88d666b..e4f05a6e6 100644 --- a/krebs/2configs/wiki.nix +++ b/krebs/2configs/wiki.nix @@ -1,23 +1,37 @@ { config, pkgs, ... }: with import ; +let + setupGit = '' + export PATH=${makeBinPath [ pkgs.git ]} + export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.krebs.gollum.stateDir}/.ssh/id_ed25519' + repo='git@localhost:wiki' + cd ${config.krebs.gollum.stateDir} + if ! url=$(git config remote.origin.url); then + git remote add origin "$repo" + elif test "$url" != "$repo"; then + git remote set-url origin "$repo" + fi + ''; + + pushGollum = pkgs.writeDash "push_gollum" '' + ${setupGit} + git fetch origin + git merge --ff-only origin/master + ''; + + pushCgit = pkgs.writeDash "push_cgit" '' + ${setupGit} + git push origin master + ''; + +in { krebs.gollum = { enable = true; extraConfig = '' Gollum::Hook.register(:post_commit, :hook_id) do |committer, sha1| - system('${toString (pkgs.writers.writeDash "push_cgit" '' - export PATH=${makeBinPath [ pkgs.git ]} - export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.krebs.gollum.stateDir}/.ssh/id_ed25519' - repo='git@localhost:wiki' - cd ${config.krebs.gollum.stateDir} - if ! url=$(git config remote.origin.url); then - git remote add origin "$repo" - elif test "$url" != "$repo"; then - git remote set-url origin "$repo" - fi - git push origin master - '')}') + system('${pushCgit}') end ''; }; @@ -47,27 +61,27 @@ with import ; name = "gollum"; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMXbjDnQWg8EECsNRZZWezocMIiuENhCSQFcFUXcsOQ6"; } - config.krebs.users.lass-mors - ]; + ] ++ (attrValues config.krebs.users); repo = [ config.krebs.git.repos.wiki ]; - perm = push ''refs/*'' [ create merge ]; + perm = push ''refs/heads/master'' [ create merge ]; } ]; repos.wiki = { public = true; name = "wiki"; hooks = { - post-receive = pkgs.git-hooks.irc-announce { - channel = "#xxx"; - refs = [ - "refs/heads/master" - "refs/heads/newest" - "refs/tags/*" - ]; - nick = config.networking.hostName; - server = "irc.r"; - verbose = true; - }; + post-receive = '' + ${pkgs.git-hooks.irc-announce { + channel = "#xxx"; + refs = [ + "refs/heads/master" + ]; + nick = config.networking.hostName; + server = "irc.r"; + verbose = true; + }} + /run/wrappers/bin/sudo -S -u gollum ${pushGollum} + ''; }; }; }; @@ -77,4 +91,8 @@ with import ; owner = { name = "gollum"; }; source-path = "${}"; }; + + security.sudo.extraConfig = '' + git ALL=(gollum) NOPASSWD: ${pushGollum} + ''; } From a7f67a851b9cc2988169b96b06a9befc89de4c1c Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 12 Aug 2020 23:10:48 +0200 Subject: [PATCH 09/22] gitlab-ci: run only on tags we have some rogue non-nix runners going around on gitlab-ci therefore we now tag the runners shacklan - inside the shack lan nix - has nix installed --- .gitlab-ci.yml | 12 ++++++++++++ krebs/2configs/shack/gitlab-runner.nix | 2 ++ 2 files changed, 14 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index cf8f6e8f4..76a304af8 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -14,6 +14,8 @@ before_script: - which gpg2 - echo "$secrets_gpg_key" | gpg --import deployment test: + tags: + - nix stage: test script: - GIT_SSH_COMMAND="ssh -i ~/.ssh/gitlab_deploy.key" git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain @@ -23,6 +25,8 @@ deployment test: - $(nix-build krebs/krops.nix --no-out-link --argstr name puyak --argstr target /tmp -A test) nix-shell test: stage: test + tags: + - nix script: - nix-shell --pure --command 'true' -p stdenv && echo success - nix-shell --pure --command 'false' -p stdenv || echo success @@ -31,6 +35,9 @@ nix-shell test: - gpg --version - curl --version wolf deployment: + tags: + - shacklan + - nix stage: deploy script: - cp ~/.ssh/gitlab_deploy.key ~/.ssh/id_rsa @@ -46,6 +53,9 @@ wolf deployment: - .gitmodules puyak deployment: stage: deploy + tags: + - shacklan + - nix script: - cp ~/.ssh/gitlab_deploy.key ~/.ssh/id_rsa - git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain @@ -60,6 +70,8 @@ puyak deployment: - .gitmodules nur-packages makefu: stage: deploy + tags: + - nix script: - git reset --hard origin/master - git filter-branch -f --prune-empty --subdirectory-filter makefu/5pkgs HEAD diff --git a/krebs/2configs/shack/gitlab-runner.nix b/krebs/2configs/shack/gitlab-runner.nix index 5f2ca02d9..bd391851a 100644 --- a/krebs/2configs/shack/gitlab-runner.nix +++ b/krebs/2configs/shack/gitlab-runner.nix @@ -14,6 +14,8 @@ in ## registrationConfigurationFile contains: # CI_SERVER_URL= # REGISTRATION_TOKEN= + # RUNNER_TAG_LIST=nix,shacklan + # RUNNER_NAME=stockholm-runner-$name registrationConfigFile = ; #gracefulTermination = true; }; From e296d69e1af19d93d95668686ab47e4420b9bd3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 12 Aug 2020 22:45:52 +0100 Subject: [PATCH 10/22] mic92: allocate retiolum subnet for tinc --- krebs/3modules/external/mic92.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index b8aaf9900..06ee2e7bb 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -273,8 +273,12 @@ in { Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ== -----END RSA PUBLIC KEY----- ''; - # ohorn lan - tinc.subnets = [ "fd42:4492:6a6d:500:8526:2adf:7451:8bbb" ]; + tinc.subnets = [ + # ohorn lan + "fd42:4492:6a6d:500:8526:2adf:7451:8bbb" + # same prefix as `config.krebs.hosts.eve.nets.retiolum.ip6.addr` + "42:0000:3c46:70c7::/80" + ]; }; }; }; From da272bc7c33961ffd29eb694cb3ccd1a776c3e93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 13 Aug 2020 08:05:03 +0100 Subject: [PATCH 11/22] mic92: use subnet that does not include my server --- krebs/3modules/external/mic92.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 06ee2e7bb..58e9e6be9 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -276,8 +276,8 @@ in { tinc.subnets = [ # ohorn lan "fd42:4492:6a6d:500:8526:2adf:7451:8bbb" - # same prefix as `config.krebs.hosts.eve.nets.retiolum.ip6.addr` - "42:0000:3c46:70c7::/80" + # docker network + "42:0000:002b:1605:3::/80" ]; }; }; From 568d45dde9b01f50a89b0b1320f0fa05fe415909 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 16 Aug 2020 21:47:33 +0200 Subject: [PATCH 12/22] ma pkgs.hactool: init at 1.4.0 --- .../data/secrets/bureautomation/citadel.nix | 4 +++ makefu/2configs/git/cgit-retiolum.nix | 1 + makefu/5pkgs/hactool/default.nix | 30 +++++++++++++++++++ 3 files changed, 35 insertions(+) create mode 100644 makefu/0tests/data/secrets/bureautomation/citadel.nix create mode 100644 makefu/5pkgs/hactool/default.nix diff --git a/makefu/0tests/data/secrets/bureautomation/citadel.nix b/makefu/0tests/data/secrets/bureautomation/citadel.nix new file mode 100644 index 000000000..b4433109c --- /dev/null +++ b/makefu/0tests/data/secrets/bureautomation/citadel.nix @@ -0,0 +1,4 @@ +{ + MATRIX_TOKEN="a"; + MATRIX_ID="b"; +} diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 639994674..3e3ef09a8 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -19,6 +19,7 @@ let cgit.desc = "Yet Another Check-Out System"; }; ebk-notify.cgit.desc = "Ebay Kleinanzeigen Notify"; + kalauerbot.cgit.desc = "Kalauer König"; }; krebs-repos = mapAttrs make-krebs-repo { diff --git a/makefu/5pkgs/hactool/default.nix b/makefu/5pkgs/hactool/default.nix new file mode 100644 index 000000000..fc6f17a9d --- /dev/null +++ b/makefu/5pkgs/hactool/default.nix @@ -0,0 +1,30 @@ +{ lib, stdenv, fetchFromGitHub +}: +stdenv.mkDerivation rec { + pname = "hactool"; + name = "${pname}-${version}"; + version = "1.4.0"; + + src = fetchFromGitHub { + owner = "SciresM"; + repo = "hactool"; + rev = version; + sha256 = "0305ngsnwm8npzgyhyifasi4l802xnfz19r0kbzzniirmcn4082d"; + }; + preBuild = '' + cp config.mk.template config.mk + ''; + installPhase = '' + install -D hactool $out/bin/hactool + ''; + buildInputs = [ ]; + nativeBuildInputs = [ ]; + + meta = { + description = "PulseAudio volumene meter"; + homepage = http://0pointer.de/lennart/projects/pavumeter; + license = stdenv.lib.licenses.gpl2; + platforms = stdenv.lib.platforms.linux; + maintainers = with stdenv.lib.maintainers; [ makefu ]; + }; +} From b663b01807d9137e6c83a47f737fc8aa33be2a80 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 16 Aug 2020 22:14:10 +0200 Subject: [PATCH 13/22] ma pkgs.nx_game_info: init at 0.7.1 --- makefu/5pkgs/nx_game_info/default.nix | 32 +++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 makefu/5pkgs/nx_game_info/default.nix diff --git a/makefu/5pkgs/nx_game_info/default.nix b/makefu/5pkgs/nx_game_info/default.nix new file mode 100644 index 000000000..89880d59c --- /dev/null +++ b/makefu/5pkgs/nx_game_info/default.nix @@ -0,0 +1,32 @@ +{ lib, stdenv, fetchurl , mono , unzip +}: +stdenv.mkDerivation rec { + pname = "NX_Game_Info"; + name = "${pname}-${version}"; + version = "0.7.1"; + + src = fetchurl { + url = "https://github.com/garoxas/NX_Game_Info/releases/download/v${version}/NX.Game.Info_${version}_cli.zip"; + sha256 = "179hkgraydm5hg5fcs1xwh07cx7rbcfwklfak83f0sl1pbya542h"; + }; + + sourceRoot = "."; + buildInputs = [ unzip ]; + buildPhase = ":"; + installPhase = '' + mkdir -p $out/{bin,lib} + cp * $out/lib/ + cat > $out/bin/nxgameinfo_cli < Date: Sun, 16 Aug 2020 22:15:43 +0200 Subject: [PATCH 14/22] ma pkgs.hactool: fix metadata --- makefu/5pkgs/hactool/default.nix | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/makefu/5pkgs/hactool/default.nix b/makefu/5pkgs/hactool/default.nix index fc6f17a9d..a4ebd9f77 100644 --- a/makefu/5pkgs/hactool/default.nix +++ b/makefu/5pkgs/hactool/default.nix @@ -1,5 +1,4 @@ -{ lib, stdenv, fetchFromGitHub -}: +{ lib, stdenv, fetchFromGitHub }: stdenv.mkDerivation rec { pname = "hactool"; name = "${pname}-${version}"; @@ -9,21 +8,21 @@ stdenv.mkDerivation rec { owner = "SciresM"; repo = "hactool"; rev = version; - sha256 = "0305ngsnwm8npzgyhyifasi4l802xnfz19r0kbzzniirmcn4082d"; + sha256 = "162zv7my79a5ssn6zwk1yh64jjwlzr9kiplbpyvj4ly79dpngwyn"; }; + preBuild = '' cp config.mk.template config.mk ''; + installPhase = '' install -D hactool $out/bin/hactool ''; - buildInputs = [ ]; - nativeBuildInputs = [ ]; meta = { - description = "PulseAudio volumene meter"; - homepage = http://0pointer.de/lennart/projects/pavumeter; - license = stdenv.lib.licenses.gpl2; + description = "tool to view information about, decrypt, and extract common file formats for the Nintendo Switch, especially Nintendo Content Archives"; + homepage = https://github.com/SciresM/hactool; + license = stdenv.lib.licenses.isc; platforms = stdenv.lib.platforms.linux; maintainers = with stdenv.lib.maintainers; [ makefu ]; }; From 05e3e79d2d320f5c5fa31cf36ca83a22639fd056 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 16 Aug 2020 22:17:09 +0200 Subject: [PATCH 15/22] ma tools: add newly packaged tools --- makefu/2configs/tools/consoles.nix | 2 ++ makefu/2configs/tools/media.nix | 1 + 2 files changed, 3 insertions(+) diff --git a/makefu/2configs/tools/consoles.nix b/makefu/2configs/tools/consoles.nix index 7090804d4..e54ff4ff5 100644 --- a/makefu/2configs/tools/consoles.nix +++ b/makefu/2configs/tools/consoles.nix @@ -5,5 +5,7 @@ hdl-dump bin2iso cue2pops + nx_game_info + hactool ]; } diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix index 21d302297..d66ea7760 100644 --- a/makefu/2configs/tools/media.nix +++ b/makefu/2configs/tools/media.nix @@ -7,6 +7,7 @@ vlc mumble mplayer + mpv # quodlibet # exfalso tinymediamanager From 1d78ac0d6a78048903cc159b82ec6b405b7e16ab Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 16 Aug 2020 22:42:51 +0200 Subject: [PATCH 16/22] pkgs.hactool: fix sha256sum --- makefu/5pkgs/hactool/default.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/makefu/5pkgs/hactool/default.nix b/makefu/5pkgs/hactool/default.nix index a4ebd9f77..0bdaeb4be 100644 --- a/makefu/5pkgs/hactool/default.nix +++ b/makefu/5pkgs/hactool/default.nix @@ -1,4 +1,5 @@ -{ lib, stdenv, fetchFromGitHub }: +{ lib, stdenv, fetchFromGitHub +}: stdenv.mkDerivation rec { pname = "hactool"; name = "${pname}-${version}"; @@ -8,16 +9,16 @@ stdenv.mkDerivation rec { owner = "SciresM"; repo = "hactool"; rev = version; - sha256 = "162zv7my79a5ssn6zwk1yh64jjwlzr9kiplbpyvj4ly79dpngwyn"; + sha256 = "0305ngsnwm8npzgyhyifasi4l802xnfz19r0kbzzniirmcn4082d"; }; - preBuild = '' cp config.mk.template config.mk ''; - installPhase = '' install -D hactool $out/bin/hactool ''; + buildInputs = [ ]; + nativeBuildInputs = [ ]; meta = { description = "tool to view information about, decrypt, and extract common file formats for the Nintendo Switch, especially Nintendo Content Archives"; From 040ec5de038f0614e441e2cda85255d3eb8d7f9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 19 Aug 2020 18:55:54 +0100 Subject: [PATCH 17/22] mic92: update eva public key --- krebs/3modules/external/mic92.nix | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 58e9e6be9..997614e8a 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -458,14 +458,20 @@ in { "eva.r" ]; tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAqIc+ozq3hKHMe/X3v4j+6or8LMjEV7MtQ8/+n00xpG4NkI4G38Bv - 3nmAcV7OhN6of0fr0psbBmym+2VxCZbpl8E3g1GWSKpAvlmP/9v4wDVdrADaTvXC - pzCxejtCwEhKLisnMwCMJCuUPbIsSBU+IQDPKP7NP0yY5VapgW3Xl3qXpnehCW1r - NBZjZASnhSXcJRLJayEDN6uBviYrnnfbrHOx4fPcjQPTHX5RYr3EbgGZQO9xki44 - 9dKT4EA95lupTqC3wzuQbaNpvIuVzmggiDY/NsBIVh0/2XjGnO54wtCEPudaLnWd - WNtc1wfVFB6gzgG1N7msOuFUReOIfyF/ywIDAQAB - -----END RSA PUBLIC KEY----- + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyHptaExEcSUjEJ+RH33h + uRK0Ttq8mJLDosWFYcoQkcL9S54aO9kF1gRJAKPBHoOt/IGeOxg2LNYWK6UjWfUy + LB9c42EQ1wWZ2jSJ0LJgYzjR9cp3dlo9aHSa//O6p6eLpXRo9QLf8+aIWhNW5+BG + sLIMR5b6Ngc2l8xQS+wvMmvTWJt3LyfQ6AKiKwCjeyrUFiuw0VWSn1I6n7H+CZBZ + f/UvSxLucy1e0rvbHoTITOflIAfA84iCHsHsZjVqrx1iyOMdPtY2sBPmWhtVemDo + duwzUpIuaJnWS7JOB4jsYWm672/KfzK7yAivqxD19OwqfZ3nNQ7sEDb3p4udw2Lf + 0dqHwZ5Hoj21vs3XiXX/SHcSf5QLzpj1MWBkV3r1D8I8v3P5qUbLunCofp3d9GxE + N0gK06gqbLNonJvC/WD7lxeY32Rh1wYXbzbD/X6aWe/oD8WMIl312hH4cHQHOnVT + t76NISlYTPxwX5mfFsBm8t0GjnnWY2jLwaefk7N/CwoDaKhkhmw1oeAZMuRcDRvE + 0ecpO4CZ6CcYERLxoYHgEAj3cMkSrQ8dT6XS4b9EO4hW4zCQ3RK9xDz71+uaihuB + 6uuTTsn7s0PYBJDNdccOf1Qt8fqPPgzqUKqeUciHojYDDPTC5KQh5m2PBv4I4iIR + LnKOqNUX7UCqbdaE/tfFRG0CAwEAAQ== + -----END PUBLIC KEY----- ''; }; }; From 56d529277f0e6b5677a2f444202accdf11e8f2fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 19 Aug 2020 19:45:25 +0100 Subject: [PATCH 18/22] eva: add public ip addresses --- krebs/3modules/external/mic92.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 997614e8a..edd5b48d9 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -451,8 +451,15 @@ in { }; eva = { owner = config.krebs.users.Mic92; - nets = { + nets = rec { + internet = { + # eva.thalheim.io + ip4.addr = "52.59.172.193"; + ip6.addr = "2a05:d014:301:a601:ef0e:5434:d814:b8ed"; + aliases = [ "eva.i" ]; + }; retiolum = { + via = internet; ip4.addr = "10.243.29.185"; aliases = [ "eva.r" From e3fdcdbadfababea9ae70e88846956ebc45e28a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 20 Aug 2020 21:16:50 +0100 Subject: [PATCH 19/22] mic92: lower-case user --- krebs/1systems/puyak/config.nix | 2 +- krebs/3modules/external/default.nix | 4 ++-- krebs/3modules/external/mic92.nix | 32 ++++++++++++++--------------- lass/1systems/prism/config.nix | 8 ++++---- 4 files changed, 23 insertions(+), 23 deletions(-) diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index a50d2eab4..c84887eaa 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -84,7 +84,7 @@ ''; users.users.joerg = { - openssh.authorizedKeys.keys = [ config.krebs.users.Mic92.pubkey ]; + openssh.authorizedKeys.keys = [ config.krebs.users.mic92.pubkey ]; isNormalUser = true; shell = "/run/current-system/sw/bin/zsh"; }; diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 082dfd80f..e1667cb68 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -465,9 +465,9 @@ in { mail = "kieran.meinhardt@gmail.com"; pubkey = ssh-for "kmein"; }; - Mic92 = { + mic92 = { mail = "joerg@thalheim.io"; - pubkey = ssh-for "Mic92"; + pubkey = ssh-for "mic92"; }; qubasa = { mail = "luis.nixos@gmail.com"; diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index edd5b48d9..782f8ac04 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -11,7 +11,7 @@ with import ; in { hosts = mapAttrs hostDefaults { amy = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { internet = { ip4.addr = "129.215.165.57"; @@ -44,7 +44,7 @@ in { }; }; clara = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { internet = { ip4.addr = "129.215.165.58"; @@ -77,7 +77,7 @@ in { }; }; dimitrios = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = { retiolum = { ip4.addr = "10.243.29.183"; @@ -98,7 +98,7 @@ in { }; }; donna = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { internet = { ip4.addr = "129.215.165.54"; @@ -132,7 +132,7 @@ in { }; }; dpdkm = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { retiolum = { ip4.addr = "10.243.29.173"; @@ -156,7 +156,7 @@ in { }; }; herbert = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { retiolum = { addrs = [ @@ -179,7 +179,7 @@ in { }; }; inspector = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { internet = { ip4.addr = "141.76.44.154"; @@ -208,7 +208,7 @@ in { }; }; eddie = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { internet = { # eddie.thalheim.io @@ -242,7 +242,7 @@ in { }; }; eve = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { internet = { # eve.thalheim.io @@ -283,7 +283,7 @@ in { }; }; martha = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { internet = { ip4.addr = "129.215.165.53"; @@ -317,7 +317,7 @@ in { }; }; matchbox = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = { retiolum = { ip4.addr = "10.243.29.176"; @@ -343,7 +343,7 @@ in { }; }; rock = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = { retiolum = { ip4.addr = "10.243.29.171"; @@ -367,7 +367,7 @@ in { }; }; rose = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { internet = { ip4.addr = "129.215.165.52"; @@ -401,7 +401,7 @@ in { }; }; turingmachine = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = { retiolum = { ip4.addr = "10.243.29.168"; @@ -429,7 +429,7 @@ in { }; }; harsha = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = { retiolum = { ip4.addr = "10.243.29.184"; @@ -450,7 +450,7 @@ in { }; }; eva = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { internet = { # eva.thalheim.io diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index f1f14e791..33ec21e72 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -396,12 +396,12 @@ with import ; ]; } { - nix.trustedUsers = [ "Mic92" ]; - users.users.Mic92 = { - uid = genid_uint31 "Mic92"; + nix.trustedUsers = [ "mic92" ]; + users.users.mic92 = { + uid = genid_uint31 "mic92"; isNormalUser = true; openssh.authorizedKeys.keys = [ - config.krebs.users.Mic92.pubkey + config.krebs.users.mic92.pubkey ]; }; } From d405f47fede42135735662b324c77ab82420baa7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 21 Aug 2020 13:50:46 +0200 Subject: [PATCH 20/22] Mic92 -> mic92 --- krebs/3modules/external/ssh/{Mic92.pub => mic92.pub} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename krebs/3modules/external/ssh/{Mic92.pub => mic92.pub} (100%) diff --git a/krebs/3modules/external/ssh/Mic92.pub b/krebs/3modules/external/ssh/mic92.pub similarity index 100% rename from krebs/3modules/external/ssh/Mic92.pub rename to krebs/3modules/external/ssh/mic92.pub From ba66d5c4b039207c0b5959b9dca84badd7c8c800 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 7 Sep 2020 19:54:04 +0200 Subject: [PATCH 21/22] nixpkgs: e23e054 -> 4267405 --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 04684a220..363d68583 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "e23e05452c67ce406debffa831290fb3abaabf0e", - "date": "2020-08-06T15:33:30+02:00", - "sha256": "10wlcm20bvak8cxjhfvmn0vm4n9da3zl19026h66zc1wfmcqgrkp", + "rev": "42674051d12540d4a996504990c6ea3619505953", + "date": "2020-09-06T21:21:08-04:00", + "sha256": "1hz1n1hghilgzk4zlya498xm5lvhsf0r5b49yii7q86h3616fhwy", "fetchSubmodules": false } From 549598bfd9cf6e94f8bb83ebbcc17400069f1198 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 7 Sep 2020 19:59:49 +0200 Subject: [PATCH 22/22] nixpkgs-unstable: 8e2b14a -> c59ea8b --- krebs/nixpkgs-unstable.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 1973a012a..35e74c3b1 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "8e2b14aceb1d40c7e8b84c03a7c78955359872bb", - "date": "2020-08-05T09:17:35+01:00", - "sha256": "0zzjpd9smr7rxzrdf6raw9kbj42fbvafxb5bz36lcxgv290pgsm8", + "rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38", + "date": "2020-08-20T19:08:02+02:00", + "sha256": "1ak7jqx94fjhc68xh1lh35kh3w3ndbadprrb762qgvcfb8351x8v", "fetchSubmodules": false }