Merge remote-tracking branch 'prism/master'

krebs/3modules/makefu/default.nix

@@ -782,6 +782,29 @@ with import <stockholm/lib>;
       };
     };
 
+    horisa = rec {
+      cores = 2;
+      nets = {
+        retiolum = {
+          ip4.addr = "10.243.226.213";
+          ip6.addr = "42:432e:2379:0cd2:8486:f3b5:335a:5d83";
+          aliases = [
+            "horisa.r"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIIBCgKCAQEA1hhBqCku98gimv0yXr6DFwE2HUemigyqX8o7IsPOW5XT/K8o+V40
+            Oxk3r0+c7IYREvug/raxoullf5TMJFzTzqzX4njgsiTs25V8D7hVT4jcRKTcXmBn
+            XpjtD+tIeDW1E6dIMMDbxKCyfd/qaeg83G7gPobeFYr4JNqQLXrnotlWMO9S13UT
+            +EgSP2pixv/dGIqX8WRg23YumO8jZKbso/sKKFMIEOJvnh/5EcWb24+q2sDRCitP
+            sWJ5j/9M1Naec/Zl27Ac2HyMWRk39F9Oo+iSbc47QvjKTEmn37P4bBg3hY9FSSFo
+            M90wG/NRbw1Voz6BgGlwOAoA+Ln0rVKqDQIDAQAB
+            -----END RSA PUBLIC KEY-----
+          '';
+        };
+      };
+    };
+
     tahoe = rec {
       cores = 1;
       nets = {
@@ -942,6 +965,10 @@ with import <stockholm/lib>;
     ciko = {
       mail = "wieczorek.stefan@googlemail.com";
     };
+    ulrich = {
+      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1sobyfvUu/G2Ms+T0cI4CSgtjCoO2qEYVK1jkqC2A9mLJfNoPsToLowfGszpOAM9S4Rtn+OJ+vPMvs2E4pkZmXcmJZFAKKPNadmzwqCQyskBdoyszkj7DXngX56ZQ+ZEf+vPp2tu/IN0CFNVUllUcWP2TD2ECH5qkBODBHLyGf4PvV35yGpuYNFhFSWkTxwXZ7d5eat2kmwTfryX91Z+M901t6MK0ADyUwBkbotwSn/B6xUEZzExlGhRziRlIM0MrmSMvUA1mcmMJWVfHbb5Sw8yVstUuaU98C3EzDPNlVTbu5al2sDk4+jjireMMMVHC0j8aj7DlhvcF2t7ZpAKy+HN/PFuV7+RgN3DmIMLwbSRfykH3ATVdBzoL0/XmGBRXht6M22igAMFt9o/oHtwWt2JYcNX5poS8kLcjPzGHcx7KOslZ7VZev4BTpFAZIeMYhlzsNCI88bxUqdFxIcofNIQMy4Ep4qJXlgMduQbYtPDRpclDe82yiblhz48+HF/j8+0ZBx4w3jb4XBtgeTfwM2nARsD7MRzokfMfbGf6cZ8AU0/h69ECdsy2KYCKzgFxV/SHN2fDk6SZWLHmxDZ8N02VqgXMTvkYHvDBiaNxM0/iNMKqYCfuxjQPSusBENSgwhUnBGgoGYZuz0r2oMdtzqrkC/VbDxi5gSKl+ZoaMQ== shackspace.de@myvdr.de";
+      mail = "shackspace.de@myvdr.de";
+    };
     exco = {
       mail = "dickbutt@excogitation.de";
       pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== dickbutt@excogitation.de";

krebs/3modules/tinc_graphs.nix

@@ -48,7 +48,7 @@ let
           external domainname to be used for anonymous graphs
           it will be used if you want to enable ACME
         '';
-        default = "graphs.krebsco.de";
+        default = "graph.krebsco.de";
       };
 
       complete = mkOption {

krebs/5pkgs/simple/brain/default.nix

@@ -0,0 +1,12 @@
+{ pass, writeOut, writeDash, ... }:
+
+writeOut "brain" {
+  "/bin/brain-pass".link = writeDash "brain-pass" ''
+    PASSWORD_STORE_DIR=$HOME/brain \
+    exec ${pass}/bin/pass $@
+  '';
+  "/bin/brain-passmenu".link = writeDash "brain-passmenu" ''
+    PASSWORD_STORE_DIR=$HOME/brain \
+    exec ${pass}/bin/passmenu $@
+  '';
+}

krebs/5pkgs/simple/krebszones/default.nix

@@ -1,25 +1,13 @@
-{ lib, pkgs,python3Packages,fetchurl, ... }:
+{ pkgs, ... }:
 
-# TODO: Prepare a diff of future and current
-## ovh-zone export krebsco.de --config ~/secrets/krebs/cfg.json |sed 's/[ ]\+/ /g' | sort current
-## sed 's/[ ]\+/ /g'/etc/zones/krebsco.de | sort > future
-## diff future.sorted current.sorted
-
-python3Packages.buildPythonPackage rec {
-  name = "krebszones-${version}";
-  version = "0.4.4";
-  propagatedBuildInputs = with pkgs.python3Packages;[
-    d2to1 # for setup to work
-    ovh
-    docopt
-  ];
-  src = fetchurl {
-    url = "https://pypi.python.org/packages/source/k/krebszones/krebszones-${version}.tar.gz";
-    sha256 = "1bzfc2b9468769j1yj93j12zdlccqbjiqfhql2larximh491sg4d";
-  };
-  meta = {
-    homepage = http://krebsco.de/;
-    description = "OVH Zone Upload";
-    license = lib.licenses.wtfpl;
-  };
-}
+pkgs.writeDashBin "krebszones" ''
+  set -efu
+  export OVH_ZONE_CONFIG=$HOME/.secrets/krebs/ovh-zone.conf
+  case $* in
+    import)
+      set -- import /etc/zones/krebsco.de krebsco.de
+      echo "+ krebszones $*" >&2
+      ;;
+  esac
+  exec ${pkgs.ovh-zone}/bin/ovh-zone "$@"
+''

krebs/5pkgs/simple/ovh-zone/default.nix

@@ -0,0 +1,25 @@
+{ lib, pkgs,python3Packages,fetchurl, ... }:
+
+# TODO: Prepare a diff of future and current
+## ovh-zone export krebsco.de --config ~/secrets/krebs/cfg.json |sed 's/[ ]\+/ /g' | sort current
+## sed 's/[ ]\+/ /g'/etc/zones/krebsco.de | sort > future
+## diff future.sorted current.sorted
+
+python3Packages.buildPythonPackage rec {
+  name = "ovh-zone-${version}";
+  version = "0.4.4";
+  propagatedBuildInputs = with pkgs.python3Packages;[
+    d2to1 # for setup to work
+    ovh
+    docopt
+  ];
+  src = fetchurl {
+    url = "https://pypi.python.org/packages/source/k/krebszones/krebszones-${version}.tar.gz";
+    sha256 = "1bzfc2b9468769j1yj93j12zdlccqbjiqfhql2larximh491sg4d";
+  };
+  meta = {
+    homepage = http://krebsco.de/;
+    description = "OVH Zone Upload";
+    license = lib.licenses.wtfpl;
+  };
+}

krebs/5pkgs/simple/urlencode/default.nix

@@ -0,0 +1,22 @@
+{ jq, gnused, writeBashBin, ... }:
+
+writeBashBin "urlencode" ''
+  set -efu
+
+  decode() {
+    printf %b "$(${gnused}/bin/sed 's/ /+/g; s/%/\\x/g')"
+  }
+
+  encode() {
+    ${jq}/bin/jq -Rr '@uri "\(.)"'
+  }
+
+  # shellcheck disable=SC2048
+  case $* in
+    -d) decode;;
+    "") encode;;
+    *)
+      echo "$0: error: your argument is invalid" >&2
+      exit 1
+  esac
+''

lass/1systems/mors.nix

@@ -21,7 +21,6 @@ with import <stockholm/lib>;
     ../2configs/fetchWallpaper.nix
     #../2configs/c-base.nix
     ../2configs/mail.nix
-    ../2configs/krebs-pass.nix
     ../2configs/repo-sync.nix
     ../2configs/ircd.nix
     ../2configs/logf.nix
@@ -76,7 +75,7 @@ with import <stockholm/lib>;
     }
     {
       environment.systemPackages = [
-        pkgs.krebszones
+        pkgs.ovh-zone
       ];
     }
     {

lass/2configs/buildbot-standalone.nix

@@ -178,11 +178,11 @@ in {
           "haskellPackages.scanner",
           "haskellPackages.xmonad-stockholm",
           "krebspaste",
-          "krebszones",
           "logf",
           "much",
           "newsbot-js",
           "noVNC",
+          "ovh-zone",
           "passwdqc-utils",
           "populate",
           "posix-array",

lass/2configs/krebs-pass.nix

@@ -1,21 +0,0 @@
-{ pkgs, ... }:
-
-let
-
-  #TODO: tab-completion
-  krebs-pass = pkgs.writeDashBin "krebs-pass" ''
-    PASSWORD_STORE_DIR=$HOME/.krebs-pass \
-    exec ${pkgs.pass}/bin/pass $@
-  '';
-
-  krebs-passmenu = pkgs.writeDashBin "krebs-passmenu" ''
-    PASSWORD_STORE_DIR=$HOME/.krebs-pass \
-    exec ${pkgs.pass}/bin/passmenu $@
-  '';
-
-in {
-  krebs.per-user.lass.packages = [
-    krebs-pass
-    krebs-passmenu
-  ];
-}

lass/2configs/nixpkgs.nix

@@ -3,6 +3,6 @@
 {
   krebs.build.source.nixpkgs.git = {
     url = https://cgit.lassul.us/nixpkgs;
-    ref = "f8dfdd7";
+    ref = "0a4db15";
   };
 }

makefu/1systems/wry.nix

@@ -22,8 +22,8 @@ in {
       # ../2configs/nginx/euer.test.nix
 
       # collectd
-      ../2configs/logging/central-stats-client.nix
-      ../2configs/logging/central-logging-client.nix
+      ../2configs/stats/client.nix
+      ../2configs/logging/client.nix
 
       ../2configs/tinc/retiolum.nix
       # ../2configs/torrent.nix

makefu/2configs/deployment/led-fader.nix

@@ -29,7 +29,7 @@ in {
     environment = {
       NIX_PATH = "/var/src";
     };
-    after = [ (lib.optional config.services.mosqitto.enable "mosquitto.service") ];
+    # after = [ (lib.optional config.services.mosqitto.enable "mosquitto.service") ];
     wantedBy = [ "multi-user.target"  ];
     serviceConfig = {
       # User = "nobody"; # need a user with permissions to run nix-shell

makefu/2configs/mail-client.nix

@@ -7,10 +7,11 @@ with import <stockholm/lib>;
     gnupg
     imapfilter
     msmtp
-    mutt
     notmuch
+    neomutt
     offlineimap
     openssl
     w3m
   ];
+
 }

makefu/2configs/tools/dev.nix

@@ -11,6 +11,6 @@
     esptool
     cac-api
     cac-panel
-    krebszones
+    ovh-zone
   ];
 }

makefu/5pkgs/studio-link/default.nix

@@ -0,0 +1,69 @@
+{ stdenv, fetchurl, buildFHSUserEnv, writeTextFile, alsaLib, atk, cairo, cups
+, dbus, expat, fontconfig, freetype, gcc, gdk_pixbuf, glib, gnome2, gtk2, nspr
+, nss, pango, systemd, xorg, utillinuxMinimal, unzip, openssl, zlib, libjack2 }:
+
+let
+  libPath = stdenv.lib.makeLibraryPath [
+    alsaLib
+    atk
+    cairo
+    cups
+    dbus
+    expat
+    fontconfig
+    freetype
+    gcc.cc
+    gdk_pixbuf
+    glib
+    gnome2.GConf
+    gtk2
+    nspr
+    nss
+    pango
+
+    openssl
+    zlib
+    libjack2
+
+    systemd
+    xorg.libX11
+    xorg.libXScrnSaver
+    xorg.libXcomposite
+    xorg.libXcursor
+    xorg.libXdamage
+    xorg.libXext
+    xorg.libXfixes
+    xorg.libXi
+    xorg.libXrandr
+    xorg.libXrender
+    xorg.libXtst
+  ];
+in
+stdenv.mkDerivation rec {
+  name = "studio-link-${version}";
+  version = "17.03.1-beta";
+  src = fetchurl {
+    url = "https://github.com/Studio-Link-v2/backend/releases/download/v${version}/studio-link-standalone-linux.zip";
+    sha256 = "1y21nymin7iy64hcffc8g37fv305b1nvmh944hkf7ipb06kcx6r9";
+  };
+  buildInputs = [ unzip ];
+  phases = ["unpackPhase" "installPhase" "fixupPhase"];
+  unpackPhase = ''
+    unzip $src
+  '';
+  installPhase = ''
+    mkdir -p $out/bin
+    cp studio-link-standalone $out/bin/studio-link
+    chmod +x $out/bin/studio-link
+  '';
+  postFixup = ''
+    patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) --set-rpath "${libPath}:\$ORIGIN" "$out/bin/studio-link"
+  '';
+
+  meta = with stdenv.lib; {
+    homepage = https://studio-link.com;
+    description = "Voip transfer";
+    platforms = platforms.linux;
+    maintainers = with maintainers; [ makefu ];
+  };
+}

shared/1systems/wolf.nix

@@ -7,7 +7,6 @@ in
     ../.
     <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
     ../2configs/collectd-base.nix
-    ../2configs/shack/share.nix
     ../2configs/central-stats-client.nix
     ../2configs/save-diskspace.nix
 
@@ -15,11 +14,14 @@ in
     ../2configs/graphite.nix
     ../2configs/repo-sync.nix
     ../2configs/shared-buildbot.nix
-    ../2configs/shack/drivedroid.nix
-    ../2configs/shack/nix-cacher.nix
 
+    ../2configs/shack/worlddomination.nix
+    ../2configs/shack/drivedroid.nix
+    # ../2configs/shack/nix-cacher.nix
     ../2configs/shack/mqtt_sub.nix
     ../2configs/shack/muell_caller.nix
+    ../2configs/shack/radioactive.nix
+    ../2configs/shack/share.nix
 
   ];
   # use your own binary cache, fallback use cache.nixos.org (which is used by
@@ -42,7 +44,6 @@ in
 
   nix = {
     binaryCaches = [
-      "http://localhost:3142/nixos"
       "http://cache.prism.r"
       "https://cache.nixos.org/"
     ];
@@ -90,6 +91,15 @@ in
   swapDevices = [
     { device = "/dev/disk/by-label/swap";  }
   ];
+  # fallout of ipv6calypse
+  networking.extraHosts = ''
+    hass.shack    10.42.2.191
+    heidi.shack   10.42.2.135
+  '';
+
+  users.extraUsers.root.openssh.authorizedKeys.keys = [
+    config.krebs.users.ulrich.pubkey
+  ];
 
   time.timeZone = "Europe/Berlin";
   sound.enable = false;

shared/2configs/graphite.nix

@@ -10,7 +10,7 @@ with import <stockholm/lib>;
   imports = [ ];
 
   services.graphite = {
-    web = {
+    api = {
       enable = true;
       listenAddress = "0.0.0.0";
     };
@@ -23,7 +23,15 @@ with import <stockholm/lib>;
         MAX_UPDATES_PER_SECOND = 1
         MAX_CREATES_PER_MINUTE = 50
         MAX_UPDATES_PER_SECOND_ONSHUTDOWN = 9001
+
+        LOG_CACHE_HITS = False
+        LOG_CACHE_QUEUE_SORTS = False
+        LOG_UPDATES = False
+        LOG_LISTENER_CONNECTIONS = False
+        LOG_CREATES = True
         '';
+      storageAggregation = ''
+      '';
       storageSchemas = ''
         [carbon]
         pattern = ^carbon\.
@@ -66,10 +74,20 @@ with import <stockholm/lib>;
         pattern = ^elchos\.
         retentions = 10s:14d,1m:90d,10m:5y
 
+        [icinga_default]
+        pattern = ^icinga
+        retentions = 10s:14d,5m:90d,10m:5y
+
+        [icinga_internals]
+        pattern = ^icinga.*\.(max_check_attempts|reachable|current_attempt|execution_time|latency|state|state_type)
+        retentions = 5m:7d
+
         [default]
         pattern = .*
         retentions = 60s:30d,300s:1y
         '';
     };
   };
+  systemd.services.carbonCache.serviceConfig.Restart="always";
+  systemd.services.graphiteApi.serviceConfig.Restart="always";
 }

shared/2configs/shack/bincache.nix

@@ -0,0 +1,6 @@
+{...}:
+{
+  nix.binaryCaches = [
+      "http://wolf.shack:3142/nixos"
+  ];
+}

shared/2configs/shack/mqtt_sub.nix

@@ -6,8 +6,8 @@ let
     name = "mqtt2graphite-2017-05-29";
     src = pkgs.fetchgit {
       url = "https://github.com/shackspace/mqtt2graphite/";
-      rev = "8c060e6";
-      sha256 = "06x7a1j6sfyvvdxg0366fcslhn478anqh4m5hljyf0z29knvz7pg";
+      rev = "117179d";
+      sha256 = "1334jbbzlqizyp7zcn4hdswhhrnkj1p4p435n5nph82lzffrsi44";
     };
     buildInputs = [
       (pkgs.python35.withPackages (pythonPackages: with pythonPackages; [

shared/2configs/shack/nix-cacher.nix

@@ -4,6 +4,9 @@ let
   cfg = config.krebs.apt-cacher-ng;
 in
 {
+  imports = [
+    ./bincache.nix
+  ];
   krebs.apt-cacher-ng = {
     enable = true;
     port = 3142;

shared/2configs/shack/radioactive.nix

@@ -0,0 +1,35 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+let
+  pkg = pkgs.stdenv.mkDerivation {
+    name = "radioactive-2017-06-01";
+    src = pkgs.fetchgit {
+      url = "https://github.com/makefu/nagios-radioactiveathome-plugins/";
+      rev = "955f614";
+      sha256 = "0ql6npl3n6shvij0ly6a52yjmf7dc31c5x29y927k9lvp8ygin20";
+    };
+    buildInputs = [
+      (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
+        docopt
+        requests2
+        python
+      ]))
+    ];
+    installPhase = ''
+      install -m755 -D add_many_points.py  $out/bin/radioactive-add-many
+    '';
+  };
+in {
+  systemd.services.radioactive = {
+    description = "radioactive";
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      User = "nobody"; # TODO separate user
+      ExecStart = "${pkg}/bin/radioactive-add-many loop 60";
+      Restart = "always";
+      PrivateTmp = true;
+      PermissionsStartOnly = true;
+    };
+  };
+}

shared/2configs/shack/worlddomination.nix

@@ -0,0 +1,67 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+let
+  pythonPackages = pkgs.python3Packages;
+  # https://github.com/chrysn/aiocoap
+  aiocoap = pythonPackages.buildPythonPackage {
+      name = "aiocoap-0.3";
+      src = pkgs.fetchurl { url = "https://pypi.python.org/packages/9c/f6/d839e4b14258d76e74a39810829c13f8dd31de2bfe0915579b2a609d1bbe/aiocoap-0.3.tar.gz"; sha256 = "402d4151db6d8d0b1d66af5b6e10e0de1521decbf12140637e5b8d2aa9c5aef6"; };
+      propagatedBuildInputs = [ ];
+      doCheck = false; # 2 errors, dunnolol
+      meta = with pkgs.stdenv.lib; {
+        homepage = "";
+        license = licenses.mit;
+        description = "Python CoAP library";
+      };
+    };
+  LinkHeader = pythonPackages.buildPythonPackage {
+    name = "LinkHeader-0.4.3";
+    src = pkgs.fetchurl { url = "https://pypi.python.org/packages/27/d4/eb1da743b2dc825e936ef1d9e04356b5701e3a9ea022c7aaffdf4f6b0594/LinkHeader-0.4.3.tar.gz"; sha256 = "7fbbc35c0ba3fbbc530571db7e1c886e7db3d718b29b345848ac9686f21b50c3"; };
+    propagatedBuildInputs = [ ];
+    meta = with pkgs.stdenv.lib; {
+      homepage = "";
+      license = licenses.bsdOriginal;
+      description = "Parse and format link headers according to RFC 5988 \"Web Linking\"";
+    };
+  };
+  pkg = pkgs.stdenv.mkDerivation {
+    name = "worlddomination-2017-06-10";
+    src = pkgs.fetchgit {
+      url = "https://github.com/shackspace/worlddomination/";
+      rev = "72fc9b5";
+      sha256 = "05h500rswzypcxy4i22qc1vkc8izbzfqa9m86xg289hjxh133xyf";
+    };
+    buildInputs = [
+      (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
+        docopt
+        LinkHeader
+        aiocoap
+        requests2
+        paramiko
+        python
+      ]))
+    ];
+    installPhase = ''
+      install -m755 -D backend/push_led.py  $out/bin/push-led
+      install -m755 -D backend/loop_single.py  $out/bin/loop-single
+      # copy the provided file to the package
+      install -m755 -D backend/wd.lst  $out/${wdpath}
+    '';
+  };
+  wdpath = "/usr/worlddomination/wd.lst";
+  esphost = "10.42.24.7"; # esp8266
+  timeout = 10; # minutes
+in {
+  systemd.services.worlddomination = {
+    description = "run worlddomination";
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      User = "nobody"; # TODO separate user
+      ExecStart = "${pkg}/bin/push-led ${esphost} ${pkg}/${wdpath} loop ${toString timeout}";
+      Restart = "always";
+      PrivateTmp = true;
+      PermissionsStartOnly = true;
+    };
+  };
+}

tv/2configs/default.nix

@@ -155,7 +155,7 @@ with import <stockholm/lib>;
       environment.systemPackages = [
         pkgs.get
         pkgs.krebspaste
-        pkgs.krebszones
+        pkgs.ovh-zone
         pkgs.nix-prefetch-scripts
         pkgs.push
       ];