diff options
Diffstat (limited to 'krebs')
114 files changed, 783 insertions, 1393 deletions
diff --git a/krebs/0tests/data/secrets/radicale.id_ed25519 b/krebs/0tests/data/secrets/radicale.id_ed25519 new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/krebs/0tests/data/secrets/radicale.id_ed25519 diff --git a/krebs/1systems/arcadeomat/config.nix b/krebs/1systems/arcadeomat/config.nix index cdeaae180..7439e687e 100644 --- a/krebs/1systems/arcadeomat/config.nix +++ b/krebs/1systems/arcadeomat/config.nix @@ -9,15 +9,15 @@ in { imports = [ ./hw.nix - <stockholm/krebs> - <stockholm/krebs/2configs> + ../../../krebs + ../../../krebs/2configs - #<stockholm/krebs/2configs/binary-cache/nixos.nix> - #<stockholm/krebs/2configs/binary-cache/prism.nix> + #../../../krebs/2configs/binary-cache/nixos.nix + #../../../krebs/2configs/binary-cache/prism.nix - <stockholm/krebs/2configs/shack/ssh-keys.nix> - <stockholm/krebs/2configs/save-diskspace.nix> - <stockholm/krebs/2configs/shack/prometheus/node.nix> + ../../../krebs/2configs/shack/ssh-keys.nix + ../../../krebs/2configs/save-diskspace.nix + ../../../krebs/2configs/shack/prometheus/node.nix ]; # use your own binary cache, fallback use cache.nixos.org (which is used by diff --git a/krebs/1systems/filebitch/config.nix b/krebs/1systems/filebitch/config.nix index e27d036c8..254306ecb 100644 --- a/krebs/1systems/filebitch/config.nix +++ b/krebs/1systems/filebitch/config.nix @@ -5,16 +5,16 @@ in { imports = [ ./hardware-configuration.nix - <stockholm/krebs> - <stockholm/krebs/2configs> - # <stockholm/krebs/2configs/secret-passwords.nix> + ../../../krebs + ../../../krebs/2configs + # ../../../krebs/2configs/secret-passwords.nix - # <stockholm/krebs/2configs/binary-cache/nixos.nix> - # <stockholm/krebs/2configs/binary-cache/prism.nix> - <stockholm/krebs/2configs/shack/ssh-keys.nix> - <stockholm/krebs/2configs/shack/prometheus/node.nix> + # ../../../krebs/2configs/binary-cache/nixos.nix + # ../../../krebs/2configs/binary-cache/prism.nix + ../../../krebs/2configs/shack/ssh-keys.nix + ../../../krebs/2configs/shack/prometheus/node.nix # provides access to /home/share for smbuser via smb - <stockholm/krebs/2configs/shack/share.nix> + ../../../krebs/2configs/shack/share.nix { fileSystems."/home/share" = { device = "/serve"; @@ -23,8 +23,8 @@ in } ## Collect local statistics via collectd and send to collectd - # <stockholm/krebs/2configs/stats/shack-client.nix> - # <stockholm/krebs/2configs/stats/shack-debugging.nix> + # ../../../krebs/2configs/stats/shack-client.nix + # ../../../krebs/2configs/stats/shack-debugging.nix ]; krebs.build.host = config.krebs.hosts.filebitch; @@ -35,12 +35,13 @@ in ''; networking = { firewall.enable = true; - interfaces.et0.ipv4.addresses = [ - { - address = shack-ip; - prefixLength = 20; - } - ]; + interfaces.et0.useDHCP = true; + #interfaces.et0.ipv4.addresses = [ + # { + # address = shack-ip; + # prefixLength = 20; + # } + #]; defaultGateway = "10.42.0.1"; nameservers = [ "10.42.0.100" "10.42.0.200" ]; diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 683556081..e5cfad564 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -2,23 +2,23 @@ { imports = [ - <stockholm/krebs> - <stockholm/krebs/2configs> + ../../../krebs + ../../../krebs/2configs - <stockholm/krebs/2configs/buildbot-stockholm.nix> - <stockholm/krebs/2configs/binary-cache/nixos.nix> - <stockholm/krebs/2configs/ircd.nix> - <stockholm/krebs/2configs/reaktor2.nix> - <stockholm/krebs/2configs/wiki.nix> - <stockholm/krebs/2configs/acme.nix> - <stockholm/krebs/2configs/mud.nix> - <stockholm/krebs/2configs/repo-sync.nix> + ../../../krebs/2configs/buildbot-stockholm.nix + ../../../krebs/2configs/binary-cache/nixos.nix + ../../../krebs/2configs/ircd.nix + ../../../krebs/2configs/reaktor2.nix + ../../../krebs/2configs/wiki.nix + ../../../krebs/2configs/acme.nix + ../../../krebs/2configs/mud.nix + ../../../krebs/2configs/repo-sync.nix - <stockholm/krebs/2configs/cal.nix> - <stockholm/krebs/2configs/mastodon.nix> + ../../../krebs/2configs/cal.nix + ../../../krebs/2configs/mastodon.nix - ## shackie irc bot - <stockholm/krebs/2configs/shack/reaktor.nix> + ## (shackie irc bot + ../../../krebs/2configs/shack/reaktor.nix ]; krebs.build.host = config.krebs.hosts.hotdog; diff --git a/krebs/1systems/news/config.nix b/krebs/1systems/news/config.nix index b27fc3737..b5a2b21ba 100644 --- a/krebs/1systems/news/config.nix +++ b/krebs/1systems/news/config.nix @@ -2,15 +2,15 @@ { imports = [ - <stockholm/krebs> - <stockholm/krebs/2configs> + ../../../krebs + ../../../krebs/2configs - <stockholm/krebs/2configs/ircd.nix> - <stockholm/krebs/2configs/go.nix> + ../../../krebs/2configs/ircd.nix + ../../../krebs/2configs/go.nix #### NEWS #### - <stockholm/krebs/2configs/ircd.nix> - <stockholm/krebs/2configs/news.nix> + ../../../krebs/2configs/ircd.nix + ../../../krebs/2configs/news.nix ]; krebs.build.host = config.krebs.hosts.news; diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 033cb94d1..931ebe70b 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -46,10 +46,8 @@ # light.shack web-ui <stockholm/krebs/2configs/shack/light.shack.nix> #light.shack - # powerraw usb serial to mqtt and raw socket - <stockholm/krebs/2configs/shack/powerraw.nix> # powerraw.shack standby.shack - # send power stats to s3 - <stockholm/krebs/2configs/shack/s3-power.nix> # powerraw.shack must be available + # fetch the u300 power stats + <stockholm/krebs/2configs/shack/power/u300-power.nix> { # do not log to /var/spool/log diff --git a/krebs/1systems/puyak/net.nix b/krebs/1systems/puyak/net.nix index a46a24952..59b22b380 100644 --- a/krebs/1systems/puyak/net.nix +++ b/krebs/1systems/puyak/net.nix @@ -7,6 +7,7 @@ in { SUBSYSTEM=="net", ATTR{address}=="8c:70:5a:b2:84:58", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:07:b9:14", NAME="${ext-if}" ''; + networking.wireless.enable = true; networking = { firewall.enable = true; firewall.allowedTCPPorts = [ 80 443 8088 8086 8083 5901 ]; diff --git a/krebs/2configs/backup.nix b/krebs/2configs/backup.nix index 7ee438784..83dbf66fb 100644 --- a/krebs/2configs/backup.nix +++ b/krebs/2configs/backup.nix @@ -1,5 +1,5 @@ { config, lib, ... }: -with import <stockholm/lib>; +with lib; { krebs.backup.plans = { } // mapAttrs (_: recursiveUpdate { diff --git a/krebs/2configs/buildbot-stockholm.nix b/krebs/2configs/buildbot-stockholm.nix index f0b6c324d..32452e010 100644 --- a/krebs/2configs/buildbot-stockholm.nix +++ b/krebs/2configs/buildbot-stockholm.nix @@ -1,5 +1,5 @@ -{ config, ... }: with import <stockholm/lib>; - +{ config, lib, ... }: +with import ../../lib/pure.nix { inherit lib; }; { networking.firewall.allowedTCPPorts = [ 80 ]; services.nginx = { diff --git a/krebs/2configs/cal.nix b/krebs/2configs/cal.nix index 15f0027b3..a1fe47b5d 100644 --- a/krebs/2configs/cal.nix +++ b/krebs/2configs/cal.nix @@ -1,4 +1,5 @@ { config, lib, pkgs, ... }: let + slib = import ../../lib/pure.nix { inherit lib; }; setupGit = '' export PATH=${lib.makeBinPath [ @@ -23,13 +24,13 @@ git add .gitignore ''; - pushCal = pkgs.writeDash "push_cal" '' + pushCal = pkgs.writers.writeDash "push_cal" '' ${setupGit} git fetch origin git merge --ff-only origin/master || : ''; - pushCgit = pkgs.writeDash "push_cgit" '' + pushCgit = pkgs.writers.writeDash "push_cgit" '' ${setupGit} git push origin master ''; @@ -73,7 +74,7 @@ in { cgit.settings = { root-title = "krebs repos"; }; - rules = with pkgs.stockholm.lib.git; [ + rules = with slib.git; [ { user = [ { diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix index eda03cc10..bd4f36cbe 100644 --- a/krebs/2configs/default.nix +++ b/krebs/2configs/default.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; { imports = [ ./backup.nix diff --git a/krebs/2configs/exim-smarthost.nix b/krebs/2configs/exim-smarthost.nix index 01597f49f..c2f6b4dc0 100644 --- a/krebs/2configs/exim-smarthost.nix +++ b/krebs/2configs/exim-smarthost.nix @@ -1,5 +1,6 @@ -with import <stockholm/lib>; -{ config, ... }: let +{ config, lib, ... }: +with import ../../lib/pure.nix { inherit lib; }; +let format = from: to: { inherit from; diff --git a/krebs/2configs/go.nix b/krebs/2configs/go.nix index ce5db62d4..ea3258b9c 100644 --- a/krebs/2configs/go.nix +++ b/krebs/2configs/go.nix @@ -1,6 +1,5 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; { krebs.go = { enable = true; diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix index bb273652d..980c2c9aa 100644 --- a/krebs/2configs/hw/x220.nix +++ b/krebs/2configs/hw/x220.nix @@ -1,6 +1,5 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; { networking.wireless.enable = lib.mkDefault true; diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index 45ff61baf..231c3d46c 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -1,5 +1,5 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: +with import ../../lib/pure.nix { inherit lib; }; let #for shared state directory @@ -22,7 +22,7 @@ let # TODO; get state as argument state_file = "${stateDir}/ledger"; }; - filename = pkgs.writeDash "bedger-add" '' + filename = pkgs.writers.writeDash "bedger-add" '' set -x tonick=$1 amt=$2 @@ -42,7 +42,7 @@ let env = { state_file = "${stateDir}/ledger"; }; - filename = pkgs.writeDash "bedger-balance" '' + filename = pkgs.writers.writeDash "bedger-balance" '' ${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \ | ${pkgs.coreutils}/bin/tail +2 \ | ${pkgs.miller}/bin/mlr --icsv --opprint cat \ @@ -57,7 +57,7 @@ let arguments = [1]; timeoutSec = 1337; command = { - filename = pkgs.writeDash "bing" '' + filename = pkgs.writers.writeDash "bing" '' set -efu report_error() { printf '%s' "$*" | @@ -97,7 +97,7 @@ let arguments = [1]; timeoutSec = 1337; command = { - filename = pkgs.writeDash "bing-img" '' + filename = pkgs.writers.writeDash "bing-img" '' set -efu report_error() { printf '%s' "$*" | @@ -142,7 +142,7 @@ let activate = "match"; arguments = [1]; command = { - filename = pkgs.writeDash "confuse" '' + filename = pkgs.writers.writeDash "confuse" '' set -efux export PATH=${makeBinPath [ @@ -164,7 +164,7 @@ let activate = "match"; arguments = [1]; command = { - filename = pkgs.writeDash "interrogate" '' + filename = pkgs.writers.writeDash "interrogate" '' set -efux export PATH=${makeBinPath [ @@ -181,7 +181,7 @@ let activate = "match"; arguments = [1]; command = { - filename = pkgs.writeDash "confuse" '' + filename = pkgs.writers.writeDash "confuse" '' set -efu export PATH=${makeBinPath [ pkgs.coreutils @@ -204,7 +204,7 @@ let activate = "match"; arguments = [1]; command = { - filename = pkgs.writeDash "say" '' + filename = pkgs.writers.writeDash "say" '' set -efu export PATH=${makeBinPath [ @@ -234,20 +234,20 @@ let arguments = [2]; env.TASKDATA = "${stateDir}/${name}"; commands = rec { - add.filename = pkgs.writeDash "${name}-task-add" '' + add.filename = pkgs.writers.writeDash "${name}-task-add" '' ${pkgs.taskwarrior}/bin/task rc:${taskRcFile} add "$1" ''; - list.filename = pkgs.writeDash "${name}-task-list" '' + list.filename = pkgs.writers.writeDash "${name}-task-list" '' ${pkgs.taskwarrior}/bin/task rc:${taskRcFile} export \ | ${pkgs.jq}/bin/jq -r ' .[] | select(.id != 0) | "\(.id) \(.description)" ' ''; - delete.filename = pkgs.writeDash "${name}-task-delete" '' + delete.filename = pkgs.writers.writeDash "${name}-task-delete" '' ${pkgs.taskwarrior}/bin/task rc:${taskRcFile} delete "$1" ''; del = delete; - done.filename = pkgs.writeDash "${name}-task-done" '' + done.filename = pkgs.writers.writeDash "${name}-task-done" '' ${pkgs.taskwarrior}/bin/task rc:${taskRcFile} done "$1" ''; }; @@ -293,8 +293,7 @@ let { activate = "always"; command = { - filename = - <stockholm/krebs/5pkgs/simple/Reaktor/scripts/tell-on_join.sh>; + filename = ../5pkgs/simple/Reaktor/scripts/tell-on_join.sh; env = { PATH = makeBinPath [ pkgs.coreutils # XXX env, touch @@ -311,7 +310,7 @@ let pattern = "^list-locations"; activate = "match"; command = { - filename = pkgs.writeDash "list-locations" '' + filename = pkgs.writers.writeDash "list-locations" '' export PATH=${makeBinPath [ pkgs.curl pkgs.jq @@ -328,7 +327,7 @@ let activate = "match"; arguments = [1 2 3]; command = { - filename = pkgs.writeDash "add-location" '' + filename = pkgs.writers.writeDash "add-location" '' export PATH=${makeBinPath [ pkgs.curl pkgs.jq @@ -345,7 +344,7 @@ let activate = "match"; arguments = [1]; command = { - filename = pkgs.writeDash "add-location" '' + filename = pkgs.writers.writeDash "add-location" '' export PATH=${makeBinPath [ pkgs.curl pkgs.jq @@ -374,7 +373,7 @@ let sha256 = "sha256-J7jGWZeAULDA1EkO50qx+hjl+5IsUj389pUUMreKeNE="; }; osm-restaurants = pkgs.callPackage "${osm-restaurants-src}/osm-restaurants" {}; - in pkgs.writeDash "krebsfood" '' + in pkgs.writers.writeDash "krebsfood" '' set -efu export PATH=${makeBinPath [ osm-restaurants @@ -417,8 +416,7 @@ let (generators.command_hook { inherit (commands) dance random-emoji nixos-version; tell = { - filename = - <stockholm/krebs/5pkgs/simple/Reaktor/scripts/tell-on_privmsg.sh>; + filename = ../5pkgs/simple/Reaktor/scripts/tell-on_privmsg.sh; env = { PATH = makeBinPath [ pkgs.coreutils # XXX date, env @@ -452,7 +450,7 @@ in { name = "reaktor2"; home = stateDir; }; - script = ''. ${pkgs.writeDash "agenda" '' + script = ''. ${pkgs.writers.writeDash "agenda" '' echo "$Method $Request_URI" >&2 case "$Method" in "GET") diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix index 9f129d81c..1b72924a6 100644 --- a/krebs/2configs/repo-sync.nix +++ b/krebs/2configs/repo-sync.nix @@ -1,6 +1,5 @@ { config, lib, pkgs, ... }: - -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; let konsens-user = { diff --git a/krebs/2configs/secret-passwords.nix b/krebs/2configs/secret-passwords.nix index 5d265eba6..0f0d068aa 100644 --- a/krebs/2configs/secret-passwords.nix +++ b/krebs/2configs/secret-passwords.nix @@ -1,4 +1,5 @@ -{ ... }: with import <stockholm/lib>; +{ lib, ... }: +with lib; { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) diff --git a/krebs/2configs/shack/drivedroid.nix b/krebs/2configs/shack/drivedroid.nix index 12e4a39c3..e00db8b8d 100644 --- a/krebs/2configs/shack/drivedroid.nix +++ b/krebs/2configs/shack/drivedroid.nix @@ -1,5 +1,5 @@ -{ config, pkgs, ... }: -with import <stockholm/lib>; +{ config, lib, pkgs, ... }: +with import ../../../lib/pure.nix { inherit lib; }; let root = "/var/srv/drivedroid"; in diff --git a/krebs/2configs/shack/glados/automation/ampel.nix b/krebs/2configs/shack/glados/automation/ampel.nix deleted file mode 100644 index 4be92a328..000000000 --- a/krebs/2configs/shack/glados/automation/ampel.nix +++ /dev/null @@ -1,23 +0,0 @@ -# needs: -# binary_sensor.lounge_ampel_status -# light.lounge_ampel_licht_rot - -let - glados = import ../lib; -in -{ - services.home-assistant.config.automation = - [ - { - alias = "Ampel Rotes Licht"; - initial_state = true; - trigger = { - platform = "state"; - entity_id = "binary_sensor.lounge_ampel_status"; - }; - action = { service = "light.turn_on"; - data.entity_id = "light.lounge_ampel_licht_rot"; - }; - } - ]; -} diff --git a/krebs/2configs/shack/glados/automation/announcement.j2 b/krebs/2configs/shack/glados/automation/announcement.j2 deleted file mode 100644 index 2ae5f1a46..000000000 --- a/krebs/2configs/shack/glados/automation/announcement.j2 +++ /dev/null @@ -1,28 +0,0 @@ -Willkommen werter Keyholder {{ states("sensor.keyholder") }} in deinem Lieblingshackerspace. - -Es ist {{states("sensor.fablab_feinstaub_temperature") | round(1) | replace('.',' Komma ')}} Grad {% if states("sensor.fablab_feinstaub_temperature")|float > 25 %}heiss{%elif states("sensor.fablab_feinstaub_temperature")|float > 15%}warm{%else%}kalt{%endif%} bei {% if states(" sensor.rz_feinstaub_humidity") | int <45 %}trockenen{% elif states(" sensor.rz_feinstaub_humidity") | int <65 %}angenehmen{%else%}feuchten{%endif%} {{states(" sensor.rz_feinstaub_humidity") | int }} Prozent Luftfeuchtigkeit. - -{% if (states("sensor.fullstand_mate_1")|int == 0) and - states("sensor.fullstand_mate_2")|int == 0 %}ES IST MAHTECALYPSE, BEIDE MAHTESCHÄCHTE SIND LEER! {%if states("sensor.fullstand_mate_cola")| int == 0%} UND SOGAR DIE COLA IST ALLE. Ihr seid sowas von am Arsch!{%else%}Zum Glück gibt es noch Cola, Phew!{%endif%} -{% elif (states("sensor.fullstand_mate_1")|int + states("sensor.fullstand_mate_2")|int) < 5 %} -Der Mahtestand im Automaten ist mit {{states("sensor.fullstand_mate_1")|int + states("sensor.fullstand_mate_2")|int }} verbleibenden Flaschen kritisch! -{% else %} -Im Automaten sind noch {{states("sensor.fullstand_mate_1")|int + states("sensor.fullstand_mate_2")|int }} Flaschen Mahte und {{states("sensor.fullstand_mate_cola")}} Flaschen Cola. -{%endif%} - -Die Wettervorhersage: {{states("sensor.dark_sky_hourly_summary")}} Aktuell {{states("sensor.dark_sky_summary")}} bei {{states("sensor.dark_sky_temperature") | round(1) | replace('.',' Komma ')}} Grad. -Der Stromverbrauch liegt bei {{ (( states("sensor.l1_power")|int + states("sensor.l2_power")|int + states("sensor.l3_power")|int ) / 1000 )| round(1) | replace('.',' Komma ')}} Kilowatt. - -Im Fablab ist die Feinstaubbelastung {% if states("sensor.fablab_particulate_matter_2_5um_concentration") | float > 50 %}hoch!{%elif states("sensor.fablab_particulate_matter_2_5um_concentration") | float > 25 %}mäßig.{% else %}gering.{%endif%} - -{% if is_state("binary_sensor.door_rzl",'on') and is_state("binary_sensor.door_entropia",'on') %} -Das Raumzeitlabor und Entropia haben geöffnet. -{% elif is_state("binary_sensor.door_rzl",'off') and is_state("binary_sensor.door_entropia",'off') %} -Das Raumzeitlabor und Entropia haben geschlossen. -{% elif is_state("binary_sensor.door_rzl",'on') and is_state("binary_sensor.door_entropia",'off') %} -Das Raumzeitlabor hat geöffnet und Entropia hat geschlossen. -{% elif is_state("binary_sensor.door_rzl",'off') and is_state("binary_sensor.door_entropia",'on') %} -Das Raumzeitlabor hat geschlossen und Entropia hat geöffnet. -{%endif%} - -Die Glados Hackerspace Automation wünscht dir und allen Anwesenden einen produktiven und angenehmen Aufenthalt! diff --git a/krebs/2configs/shack/glados/automation/hass-restart.nix b/krebs/2configs/shack/glados/automation/hass-restart.nix deleted file mode 100644 index 5f61e19f1..000000000 --- a/krebs/2configs/shack/glados/automation/hass-restart.nix +++ /dev/null @@ -1,24 +0,0 @@ -# needs: -# light.fablab_led -{ - services.home-assistant.config.automation = - [ - { alias = "State on HA start-up"; - trigger = { - platform = "homeassistant"; - event = "start"; - }; - # trigger good/bad air - action = [ - { service = "light.turn_on"; - data = { - entity_id = "light.fablab_led"; - effect = "Rainbow"; - color_name = "purple"; - }; - } - ]; - } - ]; -} - diff --git a/krebs/2configs/shack/glados/automation/party-time.nix b/krebs/2configs/shack/glados/automation/party-time.nix deleted file mode 100644 index 9e7fe24cd..000000000 --- a/krebs/2configs/shack/glados/automation/party-time.nix +++ /dev/null @@ -1,32 +0,0 @@ -# Needs: -# sun.sunset -# switch.lounge_diskoschalter_relay -let - glados = import ../lib; - disko_schalter = "switch.lounge_diskoschalter_relay"; - player = "media_player.lounge"; -in -{ - services.home-assistant.config.automation = - [ - { alias = "Party um 21 Uhr"; - trigger = { - platform = "sun"; - event = "sunset"; - }; - action = - ( glados.say.kiosk "Die Sonne geht unter. Und jetzt geht die Party im shack erst richtig los. Partybeleuchtung, aktiviert!" ) - ++ - [ - { - service = "homeassistant.turn_on"; - entity_id = disko_schalter; - } - { - service = "media_player.turn_on"; - data.entity_id = player; - } # TODO: also start playlist if nothing is running? - ]; - } - ]; -} diff --git a/krebs/2configs/shack/glados/automation/shack-startup.nix b/krebs/2configs/shack/glados/automation/shack-startup.nix deleted file mode 100644 index 471d817a2..000000000 --- a/krebs/2configs/shack/glados/automation/shack-startup.nix +++ /dev/null @@ -1,100 +0,0 @@ -# needs: -# binary_sensor.portal_lock -# sensor.keyholder -# media_player.lounge - -# additional state required on: -# mpd.shack: -# playlist "ansage" -# playlist "lassulus" -# lounge.kiosk.shack: -# playlist "ansage" - -let - glados = import ../lib; -in -{ - services.home-assistant.config.automation = - [ - { - alias = "Bedanken bei Übernahme von Key"; - initial_state = true; - trigger = { - platform = "state"; - entity_id = "sensor.keyholder"; - }; - condition = { - condition = "template"; - value_template = "{{ (trigger.from_state.state != 'No Keyholder') and (trigger.from_state.state != 'No Keyholder') }}"; - }; - action = glados.say.kiosk "Danke {{ trigger.to_state.state }} für das Übernehmen des Keys von {{ trigger.from_state.state }}"; - } - { - alias = "Keyholder Begrüßen wenn MPD hoch fährt"; - initial_state = true; - trigger = { - platform = "state"; - from = "unavailable"; - entity_id = "media_player.kiosk"; - }; - action = glados.say.kiosk (builtins.readFile ./announcement.j2); - } - { - alias = "Start Music on portal lock on"; - trigger = { - platform = "state"; - entity_id = "binary_sensor.portal_lock"; - to = "on"; - for.seconds = 30; - }; - condition = { - condition = "and"; - conditions = - [ - { # only start if a keyholder opened the door and if the lounge mpd is currently not playing anything - condition = "template"; - value_template = "{{ state('sensor.keyholder') != 'No Keyholder' }}"; - } - { - condition = "state"; - entity_id = "media_player.lounge"; - state = "idle"; - } - ]; - }; - action = [ - { - service = "media_player.volume_set"; - data = { - entity_id = "media_player.lounge"; - volume_level = 1.0; - }; - } - { - service = "media_player.play_media"; - data = { - entity_id = "media_player.lounge"; - media_content_type = "playlist"; - media_content_id = "ansage"; - }; - } - { delay.seconds = 8.5; } - { - service = "media_player.volume_set"; - data = { - entity_id = "media_player.lounge"; - volume_level = 0.6; - }; - } - { - service = "media_player.play_media"; - data = { - entity_id = "media_player.lounge"; - media_content_type = "playlist"; - media_content_id = "lassulus"; - }; - } - ]; - } - ]; -} diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix index 7c941a66a..236b5000d 100644 --- a/krebs/2configs/shack/glados/default.nix +++ b/krebs/2configs/shack/glados/default.nix @@ -1,12 +1,33 @@ { config, pkgs, lib, ... }: let - unstable = import (pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs"; - rev = (lib.importJSON ../../../nixpkgs-unstable.json).rev; - sha256 = (lib.importJSON ../../../nixpkgs-unstable.json).sha256; - }) {}; + kodi-host = "192.168.8.11"; + confdir = "/var/lib/homeassistant-docker"; in { + imports = [ + ]; + + # networking.firewall.allowedTCPPorts = [ 8123 ]; + virtualisation.oci-containers.containers.hass = { + image = "homeassistant/home-assistant:latest"; + environment = { + TZ = "Europe/Berlin"; + # TODO create unique users + PUID = toString config.users.users.news_container.uid; + PGID = toString config.users.groups.news_container.gid; + UMASK = "007"; + }; + extraOptions = ["--net=host" ]; + volumes = [ + "${confdir}:/config" + #"${confdir}/docker-run:/etc/services.d/home-assistant/run:" + ]; + }; + systemd.tmpfiles.rules = [ + #"f ${confdir}/docker-run 0770 kiosk kiosk - -" + # TODO: + "d ${confdir} 0770 news_container news_container - -" + ]; + services.nginx.virtualHosts."hass.shack" = { serverAliases = [ "glados.shack" ]; locations."/" = { @@ -23,127 +44,4 @@ in { ''; }; }; - imports = [ - ./multi/shackopen.nix - ./multi/wasser.nix - ./multi/schlechte_luft.nix - ./multi/rollos.nix - - ./switch/power.nix - - ./sensors/power.nix - ./sensors/mate.nix - ./sensors/darksky.nix - ./sensors/spaceapi.nix - ./sensors/sensemap.nix - - ./automation/shack-startup.nix - ./automation/party-time.nix - ./automation/hass-restart.nix - ./automation/ampel.nix - - ]; - services.home-assistant = - { - enable = true; - package = unstable.home-assistant.overrideAttrs (old: { - doInstallCheck = false; - }); - config = { - homeassistant = { - name = "Glados"; - time_zone = "Europe/Berlin"; - latitude = "48.8265"; - longitude = "9.0676"; - elevation = 303; - auth_providers = [ - { type = "homeassistant";} - { type = "trusted_networks"; - trusted_networks = [ - "127.0.0.1/32" - "10.42.0.0/16" - "::1/128" - "fd00::/8" - ]; - } - ]; - }; - # https://www.home-assistant.io/components/influxdb/ - influxdb = { - database = "glados"; - host = "influx.shack"; - component_config_glob = { - "sensor.*particulate_matter_2_5um_concentration".override_measurement = "2_5um particles"; - "sensor.*particulate_matter_10_0um_concentration".override_measurement ="10um particles"; - }; - tags = { - instance = "wolf"; - source = "glados"; - }; - }; - esphome = {}; - api = {}; - mqtt = { - broker = "localhost"; - port = 1883; - client_id = "home-assistant"; - keepalive = 60; - protocol = 3.1; - discovery = true; #enable esphome discovery - discovery_prefix = "homeassistant"; - birth_message = { - topic = "glados/hass/status/LWT"; - payload = "Online"; - qos = 1; - retain = true; - }; - will_message = { - topic = "glados/hass/status/LWT"; - payload = "Offline"; - qos = 1; - retain = true; - }; - }; - light = []; - media_player = [ - { platform = "mpd"; - name = "lounge"; - host = "lounge.mpd.shack"; - } - { platform = "mpd"; - name = "kiosk"; - #host = "lounge.kiosk.shack"; - host = "kiosk.shack"; - } - ]; - - camera = []; - frontend = { }; - config = { }; - sun = {}; - http = { - base_url = "http://hass.shack"; - use_x_forwarded_for = true; - trusted_proxies = [ "127.0.0.1" "::1" ]; - }; - #conversation = {}; - - history = {}; - logbook = {}; - #recorder = {}; - - logger.default = "info"; - - tts = [ - { platform = "google_translate"; - service_name = "say"; - language = "de"; - cache = true; - time_memory = 57600; - base_url = "http://hass.shack"; - } - ]; - device_tracker = []; - }; - }; } diff --git a/krebs/2configs/shack/glados/deps/gtts-token.nix b/krebs/2configs/shack/glados/deps/gtts-token.nix deleted file mode 100644 index 69640f03d..000000000 --- a/krebs/2configs/shack/glados/deps/gtts-token.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ lib -, buildPythonPackage -, fetchPypi -, requests -}: - -buildPythonPackage rec { - pname = "gtts-token"; - version = "1.1.3"; - - src = fetchPypi { - pname = "gTTS-token"; - inherit version; - sha256 = "9d6819a85b813f235397ef931ad4b680f03d843c9b2a9e74dd95175a4bc012c5"; - }; - - propagatedBuildInputs = [ - requests - ]; - - meta = with lib; { - description = "Calculates a token to run the Google Translate text to speech"; - homepage = https://github.com/boudewijn26/gTTS-token; - license = licenses.mit; - # maintainers = [ maintainers. ]; - }; -} diff --git a/krebs/2configs/shack/glados/deps/pyhaversion.nix b/krebs/2configs/shack/glados/deps/pyhaversion.nix deleted file mode 100644 index a75c6a976..000000000 --- a/krebs/2configs/shack/glados/deps/pyhaversion.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ lib -, buildPythonPackage -, fetchpatch -, fetchPypi -, aiohttp -, async-timeout -}: - -buildPythonPackage rec { - pname = "pyhaversion"; - version = "2.2.1"; - - src = fetchPypi { - inherit pname version; - sha256 = "72b65aa25d7b2dbb839a4d0218df2005c2335e93526035904d365bb668030b9f"; - }; - patches = [ - (fetchpatch { url = "https://github.com/makefu/pyhaversion/commit/f3bdc38970272cd345c2cfbde3037ea492ca27c4.patch"; - sha256 = - "1rhq4z7mdgnwhwpf5fmarnbc1ba3qysk1wqjdr0hvbzi8vmvbfcc";}) - ]; - doCheck = false; - propagatedBuildInputs = [ - aiohttp - async-timeout - ]; - - meta = with lib; { - description = ""; - homepage = https://github.com/ludeeus/pyhaversion; - # maintainers = [ maintainers. ]; - }; -} diff --git a/krebs/2configs/shack/glados/lib/default.nix b/krebs/2configs/shack/glados/lib/default.nix deleted file mode 100644 index 2cfac3daf..000000000 --- a/krebs/2configs/shack/glados/lib/default.nix +++ /dev/null @@ -1,66 +0,0 @@ -let - prefix = "glados"; -in -{ - - say = let - # returns a list of actions to be performed on an mpd to say something - tts = { message, entity }: - [ - { - service = "media_player.turn_on"; - data.entity_id = "media_player.${entity}"; - } - { service = "media_player.play_media"; - data = { - entity_id = "media_player.${entity}"; - media_content_type = "playlist"; - media_content_id = "ansage"; - }; - } - { - service = "media_player.turn_on"; - data.entity_id = "media_player.${entity}"; - } - { delay.seconds = 4.5; } - { service = "tts.say"; - entity_id = "media_player.${entity}"; - data_template = { - inherit message; - language = "de"; - }; - } - ]; - in - { - lounge = message: tts { - inherit message; - entity = "lounge"; - }; - herrenklo = message: tts { - inherit message; - entity = "herrenklo"; - }; - kiosk = message: tts { - inherit message; - entity = "kiosk"; - }; - }; - tasmota = - { - plug = {host, name ? host, topic ? host}: - { - platform = "mqtt"; - inherit name; - state_topic = "sonoff/stat/${topic}/POWER1"; - command_topic = "sonoff/cmnd/${topic}/POWER1"; - availability_topic = "sonoff/tele/${topic}/LWT"; - payload_on= "ON"; - payload_off= "OFF"; - payload_available= "Online"; - payload_not_available= "Offline"; - retain = false; - qos = 1; - }; - }; -} diff --git a/krebs/2configs/shack/glados/multi/rollos.nix b/krebs/2configs/shack/glados/multi/rollos.nix deleted file mode 100644 index 29525ad82..000000000 --- a/krebs/2configs/shack/glados/multi/rollos.nix +++ /dev/null @@ -1,59 +0,0 @@ -# - -let - glados = import ../lib; - tempsensor = "sensor.dark_sky_temperature"; - all_covers = [ - "cover.crafting_rollo" - "cover.elab_rollo" - "cover.or2_rollo" - "cover.retroraum_rollo" - ]; -in -{ - services.home-assistant.config = - { - automation = - [ - { alias = "Rollos fahren Runter"; - trigger = [ - { - platform = "numeric_state"; - entity_id = tempsensor; - above = 25; - for = "00:30:00"; - } - ]; - condition = - [ - { - condition = "state"; - entity_id = "sun.sun"; - state = "above_horizon"; - } - ]; - action = - [ - { service = "cover.close_cover"; - entity_id = all_covers; - } - ]; - } - { alias = "Rollos fahren Hoch"; - trigger = [ - { - platform = "sun"; - event = "sunset"; - } - ]; - condition = [ ]; - action = - [ - { service = "cover.open_cover"; - entity_id = all_covers; - } - ]; - } - ]; - }; -} diff --git a/krebs/2configs/shack/glados/multi/schlechte_luft.nix b/krebs/2configs/shack/glados/multi/schlechte_luft.nix deleted file mode 100644 index c1890361b..000000000 --- a/krebs/2configs/shack/glados/multi/schlechte_luft.nix +++ /dev/null @@ -1,109 +0,0 @@ -let - glados = import ../lib; - feinstaub_sensor = "sensor.fablab_particulate_matter_2_5um_concentration"; - ledring = "light.fablab_led_ring"; -in -{ - services.home-assistant.config = - { - automation = - [ - { alias = "Gute Luft Fablab"; - trigger = [ - { - platform = "numeric_state"; - entity_id = feinstaub_sensor; - below = 3; - } - ]; - action = - [ - { service = "light.turn_on"; - data = { - entity_id = ledring; - effect = "Twinkle"; - color_name = "green"; - }; - } - ]; - } - { alias = "mäßige Luft Fablab"; - trigger = [ - { - platform = "numeric_state"; - above = 3; - below = 10; - entity_id = feinstaub_sensor; - } - ]; - action = - [ - { service = "light.turn_on"; - data = { - entity_id = ledring; - effect = "Twinkle"; - color_name = "yellow"; - }; - } - ]; - } - { alias = "schlechte Luft Fablab"; - trigger = [ - { - platform = "numeric_state"; - above = 10; - entity_id = feinstaub_sensor; - } - ]; - action = - [ - { service = "light.turn_on"; - data = { - entity_id = ledring; - effect = "Fireworks"; - color_name = "red"; - }; - } - ]; - } - { alias = "Luft Sensor nicht verfügbar"; - trigger = [ - { - platform = "state"; - to = "unavailable"; - entity_id = feinstaub_sensor; - } - ]; - action = - [ - { service = "light.turn_on"; - data = { - entity_id = ledring; - effect = "Rainbow"; - color_name = "blue"; - }; - } - ]; - } - { alias = "Fablab Licht Reboot"; - trigger = [ - { - platform = "state"; - from = "unavailable"; - entity_id = ledring; - } - ]; - action = - [ - { service = "light.turn_on"; - data = { - entity_id = ledring; - effect = "Rainbow"; - color_name = "orange"; - }; - } - ]; - } - ]; - }; -} diff --git a/krebs/2configs/shack/glados/multi/shackopen.nix b/krebs/2configs/shack/glados/multi/shackopen.nix deleted file mode 100644 index d9be9adfa..000000000 --- a/krebs/2configs/shack/glados/multi/shackopen.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - services.home-assistant.config = - { - binary_sensor = [ - { platform = "mqtt"; - name = "Portal Lock"; - device_class = "door"; - state_topic = "portal/gateway/status"; - availability_topic = "portal/gateway/lwt"; - payload_on = "open"; - payload_off = "closed"; - payload_available = "online"; - payload_not_available = "offline"; - } - ]; - sensor = [ - { platform = "mqtt"; - name = "Keyholder"; - state_topic = "portal/gateway/keyholder"; - availability_topic = "portal/gateway/lwt"; - payload_available = "online"; - payload_not_available = "offline"; - } - ]; - }; -} diff --git a/krebs/2configs/shack/glados/multi/wasser.nix b/krebs/2configs/shack/glados/multi/wasser.nix deleted file mode 100644 index 9ca5e4500..000000000 --- a/krebs/2configs/shack/glados/multi/wasser.nix +++ /dev/null @@ -1,113 +0,0 @@ -# uses: -# switch.crafting_giesskanne_relay -let - glados = import ../lib; - seconds = 20; - wasser = "switch.crafting_giesskanne_relay"; - brotbox = { - minutes = 10; - pump = "switch.crafting_brotbox_pumpe"; - sensor = "sensor.statistics_for_sensor_crafting_brotbox_soil_moisture"; - }; -in -{ - services.home-assistant.config = - { - sensor = map ( entity_id: { - platform = "statistics"; - name = "Statistics for ${entity_id}"; - inherit entity_id; - max_age.minutes = "60"; - sampling_size = 1000; - }) ["sensor.crafting_brotbox_soil_moisture"]; - - - automation = - [ - ### Brotbox ##### - #{ alias = "Brotbox: water for ${toString brotbox.minutes} minutes every hour"; - # trigger = - # { # Trigger once every hour at :42 - # platform = "time_pattern"; - # minutes = 42; - # }; - # condition = { - # condition = "numeric_state"; - # entity_id = brotbox.sensor; - # value_template = "{{ state_attr('${brotbox.sensor}', 'median') }}"; - # below = 75; - # }; - # action = - # [ - # { - # service = "homeassistant.turn_on"; - # entity_id = brotbox.pump; - # } - # { delay.minutes = brotbox.minutes; } - # { - # service = "homeassistant.turn_off"; - # entity_id = brotbox.pump ; - # } - # ]; - #} - { alias = "Brotbox: Always turn off water after ${toString (brotbox.minutes * 2)} minutes"; - trigger = - { - platform = "state"; - entity_id = brotbox.pump; - to = "on"; - for.minutes = brotbox.minutes*2; - }; - action = - { - service = "homeassistant.turn_off"; - entity_id = brotbox.pump; - }; - } - - ##### Kaffeemaschine - { alias = "Water the plant for ${toString seconds} seconds"; - trigger = [ - { # trigger at 20:00 no matter what - # TODO: retry or run only if switch.wasser is available - platform = "time"; - at = "20:00:00"; - } - ]; - action = - [ - { - service = "homeassistant.turn_on"; - entity_id = [ - wasser - ]; - } - { delay.seconds = seconds; } - { - service = "homeassistant.turn_off"; - entity_id = [ - wasser - ]; - } - ]; - } - { alias = "Always turn off water after ${toString (seconds * 2)}seconds"; - trigger = [ - { - platform = "state"; - entity_id = wasser; - to = "on"; - for.seconds = seconds*2; - } - ]; - action = - [ - { - service = "homeassistant.turn_off"; - entity_id = [ wasser ]; - } - ]; - } - ]; - }; -} diff --git a/krebs/2configs/shack/glados/sensors/darksky.nix b/krebs/2configs/shack/glados/sensors/darksky.nix deleted file mode 100644 index 12b33804c..000000000 --- a/krebs/2configs/shack/glados/sensors/darksky.nix +++ /dev/null @@ -1,24 +0,0 @@ -{lib,...}: -{ - services.home-assistant.config.sensor = - [ - { platform = "darksky"; - api_key = lib.removeSuffix "\n" - (builtins.readFile <secrets/hass/darksky.apikey>); - language = "de"; - monitored_conditions = [ - "summary" "icon" - "nearest_storm_distance" "precip_probability" - "precip_intensity" - "temperature" # "temperature_high" "temperature_low" - "apparent_temperature" - "hourly_summary" # next 24 hours text - "humidity" - "pressure" - "uv_index" - ]; - units = "si" ; - scan_interval = "00:15:00"; - } - ]; -} diff --git a/krebs/2configs/shack/glados/sensors/mate.nix b/krebs/2configs/shack/glados/sensors/mate.nix deleted file mode 100644 index 751856668..000000000 --- a/krebs/2configs/shack/glados/sensors/mate.nix +++ /dev/null @@ -1,20 +0,0 @@ -let - fuellstand = name: id: { - platform = "rest"; - resource = "https://ora5.tutschonwieder.net/ords/lick_prod/v1/get/fuellstand/1/${toString id}"; - method = "GET"; - name = "Füllstand ${name}"; - value_template = "{{ value_json.fuellstand }}"; - }; -in -{ - services.home-assistant.config.sensor = - [ - (fuellstand "Wasser" 1) - (fuellstand "Mate Cola" 2) - (fuellstand "Apfelschorle" 3) - (fuellstand "Zitronensprudel" 4) - (fuellstand "Mate 1" 26) - (fuellstand "Mate 2" 27) - ]; -} diff --git a/krebs/2configs/shack/glados/sensors/power.nix b/krebs/2configs/shack/glados/sensors/power.nix deleted file mode 100644 index d9b5c7c65..000000000 --- a/krebs/2configs/shack/glados/sensors/power.nix +++ /dev/null @@ -1,29 +0,0 @@ -let - power_x = name: phase: - { platform = "mqtt"; - name = "${phase} ${name}"; - state_topic = "/power/total/${phase}/${name}"; - availability_topic = "/power/lwt"; - payload_available = "Online"; - payload_not_available = "Offline"; - }; - power_consumed = - { platform = "mqtt"; - name = "Power Consumed"; - device_class = "power"; - state_topic = "/power/total/consumed"; - availability_topic = "/power/lwt"; - payload_available = "Online"; - payload_not_available = "Offline"; - }; - power_volt = power_x "Voltage"; - power_watt = (power_x "Power") ; - power_curr = power_x "Current"; -in -{ - services.home-assistant.config.sensor = - (map power_volt [ "L1" "L2" "L3" ]) -++ (map (x: ((power_watt x) // { device_class = "power"; })) [ "L1" "L2" "L3" ]) -++ (map power_curr [ "L1" "L2" "L3" ]) -++ [ power_consumed ]; -} diff --git a/krebs/2configs/shack/glados/sensors/sensemap.nix b/krebs/2configs/shack/glados/sensors/sensemap.nix deleted file mode 100644 index c261a28e1..000000000 --- a/krebs/2configs/shack/glados/sensors/sensemap.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - services.home-assistant.config.air_quality = - [ - { - platform = "opensensemap"; - station_id = "56a0de932cb6e1e41040a68b"; - } - ]; -} diff --git a/krebs/2configs/shack/glados/sensors/spaceapi.nix b/krebs/2configs/shack/glados/sensors/spaceapi.nix deleted file mode 100644 index ea20ad29d..000000000 --- a/krebs/2configs/shack/glados/sensors/spaceapi.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ - services.home-assistant.config.binary_sensor = - [ - { - platform = "rest"; - resource = "https://spaceapi.afra-berlin.de/v1/status.json"; - method = "GET"; - name = "Door AFRA Berlin"; - device_class = "door"; - value_template = "{{ value_json.open }}"; - } - { - platform = "rest"; - resource = "http://club.entropia.de/spaceapi"; - method = "GET"; - name = "Door Entropia"; - device_class = "door"; - value_template = "{{ value_json.open }}"; - } - { - platform = "rest"; - resource = "http://www.c-base.org/status.json"; - method = "GET"; - name = "Door C-Base Berlin"; - device_class = "door"; - value_template = "{{ value_json.open }}"; - } - { - platform = "rest"; - resource = "https://status.raumzeitlabor.de/api/full.json"; - method = "GET"; - name = "Door RZL"; - device_class = "door"; - value_template = "{{ value_json.status }}"; - } - { - platform = "rest"; - resource = "https://datenobservatorium.de/"; - method = "GET"; - name = "Door Datenobservatorium"; - device_class = "door"; - value_template = "false"; - scan_interval = 2592000; - } - { - platform = "rest"; - resource = "https://infuanfu.de/"; - method = "GET"; - name = "Door Infuanfu"; - device_class = "door"; - value_template = "false"; - scan_interval = 2592000; - } - ]; -} diff --git a/krebs/2configs/shack/glados/sensors/unifi.nix b/krebs/2configs/shack/glados/sensors/unifi.nix deleted file mode 100644 index f64e3feb6..000000000 --- a/krebs/2configs/shack/glados/sensors/unifi.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - controllers = { - host = "unifi.shack"; - site = "shackspace"; - }; -} diff --git a/krebs/2configs/shack/glados/switch/power.nix b/krebs/2configs/shack/glados/switch/power.nix deleted file mode 100644 index 9ec115faa..000000000 --- a/krebs/2configs/shack/glados/switch/power.nix +++ /dev/null @@ -1,44 +0,0 @@ -# 1 - haupt -# 2 - dusche -# 3 - warmwasser -# 4 - or -# 5 - kueche -let - nodelight = type: ident: name: { - platform = "mqtt"; - name = "${type} ${name}"; - command_topic = "${type}/${toString ident}/command"; - state_topic = "${type}/${toString ident}/state"; - payload_on = "on"; - payload_off = "off"; - }; - power = nodelight "power"; - light = ident: name: { icon = "mdi:lightbulb";} // nodelight "light" ident name; -in -{ - services.home-assistant.config.switch = - [ - # These commands we see with a shutdown: - # power/143/state on - # power/142/state on - # power/141/state on - # power/142/state off - # power/141/state off - # power/10/state off - # power/main/state off - - (power "10" "Hauptschalter") - (power 1 "Dusche") # ??? - (power 2 "Warmwasser") # ??? - (power 3 "Optionsräume") # ??? - (power 4 "Küche") # ??? - (light 1 "Decke Lounge 1") - (light 2 "Decke Lounge 2") - (light 3 "Decke Lounge 3") - (light 4 "Decke Lounge 4") - (light 5 "Decke Lounge 5") - (light 6 "Decke Lounge 6") - (light 7 "Decke Lounge 7") - (light 8 "Decke Lounge 8") - ]; -} diff --git a/krebs/2configs/shack/grafana.nix b/krebs/2configs/shack/grafana.nix index adf0a4bc3..f42f1c4af 100644 --- a/krebs/2configs/shack/grafana.nix +++ b/krebs/2configs/shack/grafana.nix @@ -4,7 +4,18 @@ in { networking.firewall.allowedTCPPorts = [ port ]; # legacy services.nginx.virtualHosts."grafana.shack" = { - locations."/".proxyPass = "http://localhost:${toString port}"; + locations."/" = { + proxyPass = "http://localhost:${toString port}"; + extraConfig ='' + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + ''; + + }; }; services.grafana = { enable = true; diff --git a/krebs/2configs/shack/influx.nix b/krebs/2configs/shack/influx.nix index 6d090323d..efc88f51d 100644 --- a/krebs/2configs/shack/influx.nix +++ b/krebs/2configs/shack/influx.nix @@ -15,6 +15,16 @@ in ''; locations."/" = { proxyPass = "http://localhost:${toString port}/"; + extraConfig = '' + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + proxy_buffering off; + ''; }; }; nixpkgs.overlays = [ diff --git a/krebs/2configs/shack/mqtt_sub.nix b/krebs/2configs/shack/mqtt_sub.nix index af2bc1e66..45065cfc8 100644 --- a/krebs/2configs/shack/mqtt_sub.nix +++ b/krebs/2configs/shack/mqtt_sub.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with import ../../../lib/pure.nix { inherit lib; }; let pkg = pkgs.stdenv.mkDerivation { name = "mqtt2graphite-2017-05-29"; diff --git a/krebs/2configs/shack/muell_caller.nix b/krebs/2configs/shack/muell_caller.nix index 33f6b8c89..f3007dd1d 100644 --- a/krebs/2configs/shack/muell_caller.nix +++ b/krebs/2configs/shack/muell_caller.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with import ../../../lib/pure.nix { inherit lib; }; let pkg = pkgs.stdenv.mkDerivation { name = "muell_caller-2017-06-01"; diff --git a/krebs/2configs/shack/nix-cacher.nix b/krebs/2configs/shack/nix-cacher.nix index 8feeca9af..131525a3e 100644 --- a/krebs/2configs/shack/nix-cacher.nix +++ b/krebs/2configs/shack/nix-cacher.nix @@ -1,5 +1,5 @@ { config, pkgs, ... }: -with import <stockholm/lib>; +with import ../../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.apt-cacher-ng; in diff --git a/krebs/2configs/shack/power/u300-power.nix b/krebs/2configs/shack/power/u300-power.nix new file mode 100644 index 000000000..66e54169a --- /dev/null +++ b/krebs/2configs/shack/power/u300-power.nix @@ -0,0 +1,29 @@ +{ pkgs, ... }: +let + src = pkgs.fetchFromGitHub { + repo = "shackstrom"; + owner = "samularity"; + rev = "adfbdc7d12000fbc9fd9367c8ef0a53b7d0a9fad"; + hash = "sha256-77vSX2+1XXaBVgLka+tSEK/XYZASEk9iq+uEuO1aOUQ="; + }; + pkg = pkgs.writers.writePython3 "test_python3" { + libraries = [ pkgs.python3Packages.requests pkgs.python3Packages.paho-mqtt ]; + } (builtins.readFile "${src}/shackstrom.py"); +in +{ + systemd.services = { + u300-power = { + enable = true; + environment = { + DATA_URL = "http://10.42.20.255/csv.html"; + BROKER = "mqtt.shack"; + }; + serviceConfig = { + Restart = "always"; + ExecStart = pkg; + RestartSec = "15s"; + }; + wantedBy = [ "multi-user.target" ]; + }; + }; +} diff --git a/krebs/2configs/shack/prometheus/alert-rules.nix b/krebs/2configs/shack/prometheus/alert-rules.nix index 5ba49ede6..4cefdc3e5 100644 --- a/krebs/2configs/shack/prometheus/alert-rules.nix +++ b/krebs/2configs/shack/prometheus/alert-rules.nix @@ -1,6 +1,6 @@ { lib,... }: let - disk_free_threshold = "10"; # at least this much free disk percentage + disk_free_threshold = "5"; # at least this much free disk percentage in { services.prometheus.rules = [(builtins.toJSON { @@ -8,22 +8,6 @@ in { { name = "shack-env"; rules = [ { - alert = "Wolf RootPartitionFull"; - for = "30m"; - expr = ''(node_filesystem_avail_bytes{alias="wolf.shack",mountpoint="/"} * 100) / node_filesystem_size_bytes{alias="wolf.shack",mountpoint="/"} < ${disk_free_threshold}''; - labels.severity = "warning"; - annotations.summary = "{{ $labels.alias }} root disk full"; - annotations.url = "http://grafana.shack/d/hb7fSE0Zz/shack-system-dashboard?orgId=1&var-job=node&var-hostname=All&var-node=wolf.shack:9100&var-device=All&var-maxmount=%2F&var-show_hostname=wolf"; - annotations.description = ''The root disk of {{ $labels.alias }} has {{ $value | printf "%.2f" }}% free disk space (Threshold at ${disk_free_threshold}%). CI for deploying new configuration will seize working. Log in to the system and try to clean up the obsolete files on the machine. There are a couple of things you can do: -1. `nix-collect-garbage -d` -2. clean up the shack share folder in `/home/share` -3. check `du -hs /var/ | sort -h`. -4. run `docker system prune` -5. `find /var/lib/containers/news/var/lib/htgen-go/items -mtime +7 -delete;` to clean up the link shortener data -5. If you are really desperate run `du -hs / | sort -h` and go through the folders recursively until you've found something to delete -6. as a last resort the root disk can be expanded via `lvresize -L +10G /dev/pool/root && btrfs filesystem resize max /` ''; - } - { alert = "Puyak RootPartitionFull"; for = "30m"; expr = ''(node_filesystem_avail_bytes{alias="puyak.shack",mountpoint="/"} * 100) / node_filesystem_size_bytes{alias="puyak.shack",mountpoint="/"} < ${disk_free_threshold}''; @@ -32,9 +16,8 @@ in { annotations.url = "http://grafana.shack/d/hb7fSE0Zz/shack-system-dashboard?orgId=1&var-job=node&var-hostname=All&var-node=wolf.shack:9100&var-device=All&var-maxmount=%2F&var-show_hostname=puyak"; annotations.description = ''The root disk of {{ $labels.alias }} has {{ $value | printf "%.2f" }}% free disk space (Threshold at ${disk_free_threshold}%).Prometheus will not be able to create new alerts and CI for deploying new configuration will also seize working. Log in to the system and run `nix-collect-garbage -d` and if this does not help you can check `du -hs /var/ | sort -h`, run `docker system prune` or if you are really desperate run `du -hs / | sort -h` and go through the folders recursively until you've found something to delete''; } - # wolf.shack is not worth supervising anymore { - alert = "HostDown"; + alert = "Infra01 down"; expr = ''up{alias="infra01.shack"} == 0''; for = "5m"; labels.severity = "page"; diff --git a/krebs/2configs/shack/prometheus/irc-alerts.py b/krebs/2configs/shack/prometheus/irc-alerts.py new file mode 100644 index 000000000..005a2013b --- /dev/null +++ b/krebs/2configs/shack/prometheus/irc-alerts.py @@ -0,0 +1,207 @@ +import base64 +import cgi +import json +import os +import re +import socket +import ssl +import sys +from http.server import BaseHTTPRequestHandler +from typing import List, Optional, Tuple +from urllib.parse import urlparse + +DEBUG = os.environ.get("DEBUG") is not None + + +def _irc_send( + server: str, + nick: str, + channel: str, + sasl_password: Optional[str] = None, + server_password: Optional[str] = None, + tls: bool = True, + port: int = 6697, + messages: List[str] = [], +) -> None: + if not messages: + return + + sock = socket.socket() + if tls: + sock = ssl.wrap_socket( + sock, cert_reqs=ssl.CERT_NONE, ssl_version=ssl.PROTOCOL_TLSv1_2 + ) + + def _send(command: str) -> int: + if DEBUG: + print(command) + return sock.send((f"{command}\r\n").encode()) + + def _pong(ping: str): + if ping.startswith("PING"): + sock.send(ping.replace("PING", "PONG").encode("ascii")) + + recv_file = sock.makefile(mode="r") + + print(f"connect {server}:{port}") + sock.connect((server, port)) + if server_password: + _send(f"PASS {server_password}") + _send(f"USER {nick} 0 * :{nick}") + _send(f"NICK {nick}") + for line in recv_file.readline(): + if re.match(r"^:[^ ]* (MODE|221|376|422) ", line): + break + else: + _pong(line) + + if sasl_password: + _send("CAP REQ :sasl") + _send("AUTHENTICATE PLAIN") + auth = base64.encodebytes(f"{nick}\0{nick}\0{sasl_password}".encode("utf-8")) + _send(f"AUTHENTICATE {auth.decode('ascii')}") + _send("CAP END") + _send(f"JOIN :{channel}") + + for m in messages: + _send(f"PRIVMSG {channel} :{m}") + + _send("INFO") + for line in recv_file: + if DEBUG: + print(line, end="") + # Assume INFO reply means we are done + if "End of /INFO" in line: + break + else: + _pong(line) + + sock.send(b"QUIT") + print("disconnect") + sock.close() + + +def irc_send( + url: str, notifications: List[str], password: Optional[str] = None +) -> None: + parsed = urlparse(f"{url}") + username = parsed.username or "prometheus" + server = parsed.hostname or "chat.freenode.net" + if parsed.fragment != "": + channel = f"#{parsed.fragment}" + else: + channel = "#krebs-announce" + port = parsed.port or 6697 + if not password: + password = parsed.password + if len(notifications) == 0: + return + _irc_send( + server=server, + nick=username, + sasl_password=password, + channel=channel, + port=port, + messages=notifications, + tls=parsed.scheme == "irc+tls", + ) + + +class PrometheusWebHook(BaseHTTPRequestHandler): + def __init__( + self, + irc_url: str, + conn: socket.socket, + addr: Tuple[str, int], + password: Optional[str] = None, + ) -> None: + self.irc_url = irc_url + self.password = password + self.rfile = conn.makefile("rb") + self.wfile = conn.makefile("wb") + self.client_address = addr + self.handle() + + # for testing + def do_GET(self) -> None: + if DEBUG: + print("GET: Request Received") + self.send_response(200) + self.send_header("Content-type", "text/plain") + self.end_headers() + self.wfile.write(b"ok") + + def do_POST(self) -> None: + if DEBUG: + print("POST: Request Received") + content_type, _ = cgi.parse_header(self.headers.get("content-type")) + + # refuse to receive non-json content + if content_type != "application/json": + if DEBUG: + print(f"POST: wrong content type {content_type}") + self.send_response(400) + self.end_headers() + return + + length = int(self.headers.get("content-length")) + payload = json.loads(self.rfile.read(length)) + messages = [] + for alert in payload["alerts"]: + description = alert["annotations"]["description"] + messages.append(f"{alert['status']}: {description}") + irc_send(self.irc_url, messages, password=self.password) + + self.do_GET() + + +def systemd_socket_response() -> None: + irc_url = os.environ.get("IRC_URL", None) + if irc_url is None: + print( + "IRC_URL environment variable not set: i.e. IRC_URL=irc+tls://mic92-prometheus@chat.freenode.net/#krebs-announce", + file=sys.stderr, + ) + sys.exit(1) + + password = None + irc_password_file = os.environ.get("IRC_PASSWORD_FILE", None) + if irc_password_file: + with open(irc_password_file) as f: + password = f.read() + + msgs = sys.argv[1:] + + if msgs != []: + irc_send(irc_url, msgs, password=password) + return + + nfds = os.environ.get("LISTEN_FDS", None) + if nfds is None: + print( + "LISTEN_FDS not set. Run me with systemd(TM) socket activation?", + file=sys.stderr, + ) + sys.exit(1) + fds = range(3, 3 + int(nfds)) + + for fd in fds: + sock = socket.fromfd(fd, socket.AF_INET, socket.SOCK_STREAM) + sock.settimeout(0) + + try: + while True: + PrometheusWebHook(irc_url, *sock.accept(), password=password) + except BlockingIOError: + # no more connections + pass + + +if __name__ == "__main__": + if DEBUG: + print("Starting in DEBUG mode") + if len(sys.argv) == 3: + print(f"{sys.argv[1]} {sys.argv[2]}") + irc_send(sys.argv[1], [sys.argv[2]]) + else: + systemd_socket_response() diff --git a/krebs/2configs/shack/prometheus/irc-hooks.nix b/krebs/2configs/shack/prometheus/irc-hooks.nix new file mode 100644 index 000000000..07bb2423b --- /dev/null +++ b/krebs/2configs/shack/prometheus/irc-hooks.nix @@ -0,0 +1,59 @@ +{ config +, lib +, pkgs +, ... +}: +let + irc-alerts = pkgs.writers.writePython3 "irc-alerts" { + flakeIgnore = [ "E501" ]; + } (builtins.readFile ./irc-alerts.py); + endpoints = { + binaergewitter = { + url = "irc+tls://puyak-alerts@irc.libera.chat:6697/#binaergewitter-alerts"; + port = 9223; + }; + }; +in +{ + systemd.sockets = + lib.mapAttrs' + (name: opts: + lib.nameValuePair "irc-alerts-${name}" { + description = "Receive http hook and send irc message for ${name}"; + wantedBy = [ "sockets.target" ]; + listenStreams = [ "[::]:${builtins.toString opts.port}" ]; + }) endpoints; + + systemd.services = + lib.mapAttrs' + (name: opts: + let + serviceName = "irc-alerts-${name}"; + hasPassword = opts.passwordFile or null != null; + in + lib.nameValuePair serviceName { + description = "Receive http hook and send irc message for ${name}"; + requires = [ "irc-alerts-${name}.socket" ]; + serviceConfig = + { + Environment = + [ + "IRC_URL=${opts.url}" + "DEBUG=y" + ] + ++ lib.optional hasPassword "IRC_PASSWORD_FILE=/run/${serviceName}/password"; + DynamicUser = true; + User = serviceName; + ExecStart = irc-alerts; + } + // lib.optionalAttrs hasPassword { + PermissionsStartOnly = true; + ExecStartPre = + "${pkgs.coreutils}/bin/install -m400 " + + "-o ${serviceName} -g ${serviceName} " + + "${config.sops.secrets.prometheus-irc-password.path} " + + "/run/${serviceName}/password"; + RuntimeDirectory = serviceName; + }; + }) endpoints; +} diff --git a/krebs/2configs/shack/prometheus/server.nix b/krebs/2configs/shack/prometheus/server.nix index 9e4b4d1a7..7a5532027 100644 --- a/krebs/2configs/shack/prometheus/server.nix +++ b/krebs/2configs/shack/prometheus/server.nix @@ -3,6 +3,7 @@ { imports = [ ./alert-rules.nix + ./irc-hooks.nix ]; networking = { firewall.allowedTCPPorts = [ @@ -129,11 +130,11 @@ "group_wait" = "30s"; "group_interval" = "2m"; "repeat_interval" = "4h"; - "receiver" = "team-admins"; + "receiver" = "shack-admins"; }; "receivers" = [ { - "name" = "team-admins"; + "name" = "shack-admins"; "email_configs" = [ ]; "webhook_configs" = [ { diff --git a/krebs/2configs/shack/radioactive.nix b/krebs/2configs/shack/radioactive.nix index 286a73aae..e24121038 100644 --- a/krebs/2configs/shack/radioactive.nix +++ b/krebs/2configs/shack/radioactive.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with import ../../../lib/pure.nix { inherit lib; }; let pkg = pkgs.stdenv.mkDerivation { name = "radioactive-2017-06-01"; diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix index e339d3174..b7a8f18df 100644 --- a/krebs/2configs/shack/worlddomination.nix +++ b/krebs/2configs/shack/worlddomination.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with import ../../../lib/pure.nix { inherit lib; }; let pkg = pkgs.stdenv.mkDerivation { name = "worlddomination-2020-12-01"; diff --git a/krebs/2configs/stats/shack-debugging.nix b/krebs/2configs/stats/shack-debugging.nix index b5a0cf05e..79730adad 100644 --- a/krebs/2configs/stats/shack-debugging.nix +++ b/krebs/2configs/stats/shack-debugging.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: # TODO: krebs.collectd.plugins -with import <stockholm/lib>; +with import ../../../lib/pure.nix { inherit lib; }; let connect-time-cfg = with pkgs; writeText "collectd-connect-time.conf" '' LoadPlugin python diff --git a/krebs/2configs/syncthing.nix b/krebs/2configs/syncthing.nix index d6d42ca11..59178516c 100644 --- a/krebs/2configs/syncthing.nix +++ b/krebs/2configs/syncthing.nix @@ -1,4 +1,6 @@ -{ options, config, pkgs, ... }: with import <stockholm/lib>; let +{ config, lib, options, pkgs, ... }: +with import ../../lib/pure.nix { inherit lib; }; +let mk_peers = mapAttrs (n: v: { id = v.syncthing.id; }); all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts; diff --git a/krebs/2configs/wiki.nix b/krebs/2configs/wiki.nix index 40d946f7d..a227ceb4a 100644 --- a/krebs/2configs/wiki.nix +++ b/krebs/2configs/wiki.nix @@ -1,5 +1,5 @@ -{ config, pkgs, ... }: -with import <stockholm/lib>; +{ config, lib, pkgs, ... }: +with import ../../lib/pure.nix { inherit lib; }; let setupGit = '' @@ -14,13 +14,13 @@ let fi ''; - pushGollum = pkgs.writeDash "push_gollum" '' + pushGollum = pkgs.writers.writeDash "push_gollum" '' ${setupGit} git fetch origin git merge --ff-only origin/master ''; - pushCgit = pkgs.writeDash "push_cgit" '' + pushCgit = pkgs.writers.writeDash "push_cgit" '' ${setupGit} git push origin master ''; diff --git a/krebs/3modules/airdcpp.nix b/krebs/3modules/airdcpp.nix index 259f613cc..acd007cb8 100644 --- a/krebs/3modules/airdcpp.nix +++ b/krebs/3modules/airdcpp.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; #genid +with lib; let + slib = import ../../lib/pure.nix { inherit lib; }; cfg = config.krebs.airdcpp; out = { @@ -265,14 +266,14 @@ let }; users = lib.mkIf (cfg.user == "airdcpp") { users.airdcpp = { - uid = genid "airdcpp"; + uid = slib.genid "airdcpp"; home = cfg.stateDir; createHome = true; isSystemUser = true; group = "airdcpp"; inherit (cfg) extraGroups; }; - groups.airdcpp.gid = genid "airdcpp"; + groups.airdcpp.gid = slib.genid "airdcpp"; }; }; in diff --git a/krebs/3modules/announce-activation.nix b/krebs/3modules/announce-activation.nix index a40ae8cef..fa0f1530c 100644 --- a/krebs/3modules/announce-activation.nix +++ b/krebs/3modules/announce-activation.nix @@ -1,20 +1,21 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: let +{ config, pkgs, lib, ... }: +let + slib = import ../../lib/pure.nix { inherit lib; }; cfg = config.krebs.announce-activation; announce-activation = pkgs.writeDash "announce-activation" '' set -efu message=$(${cfg.get-message}) exec ${pkgs.irc-announce}/bin/irc-announce \ - ${shell.escape cfg.irc.server} \ - ${shell.escape (toString cfg.irc.port)} \ - ${shell.escape cfg.irc.nick} \ - ${shell.escape cfg.irc.channel} \ - ${escapeShellArg cfg.irc.tls} \ + ${slib.shell.escape cfg.irc.server} \ + ${slib.shell.escape (toString cfg.irc.port)} \ + ${slib.shell.escape cfg.irc.nick} \ + ${slib.shell.escape cfg.irc.channel} \ + ${lib.escapeShellArg cfg.irc.tls} \ "$message" ''; default-get-message = pkgs.writeDash "announce-activation-get-message" '' set -efu - PATH=${makeBinPath [ + PATH=${lib.makeBinPath [ pkgs.coreutils pkgs.gawk pkgs.gnused @@ -28,37 +29,37 @@ with import <stockholm/lib>; ''; in { options.krebs.announce-activation = { - enable = mkEnableOption "announce-activation"; - get-message = mkOption { + enable = lib.mkEnableOption "announce-activation"; + get-message = lib.mkOption { default = default-get-message; - type = types.package; + type = lib.types.package; }; irc = { # TODO rename channel to target? - channel = mkOption { + channel = lib.mkOption { default = "#xxx"; - type = types.str; # TODO types.irc-channel + type = lib.types.str; # TODO types.irc-channel }; - nick = mkOption { + nick = lib.mkOption { default = config.krebs.build.host.name; - type = types.label; + type = slib.types.label; }; - port = mkOption { + port = lib.mkOption { default = 6667; - type = types.int; + type = lib.types.int; }; - server = mkOption { + server = lib.mkOption { default = "irc.r"; - type = types.hostname; + type = slib.types.hostname; }; - tls = mkOption { + tls = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; }; }; }; - config = mkIf cfg.enable { - system.activationScripts.announce-activation = stringAfter [ "etc" ] '' + config = lib.mkIf cfg.enable { + system.activationScripts.announce-activation = lib.stringAfter [ "etc" ] '' ${announce-activation} ''; }; diff --git a/krebs/3modules/apt-cacher-ng.nix b/krebs/3modules/apt-cacher-ng.nix index f3c8ff0cd..0efe9ed43 100644 --- a/krebs/3modules/apt-cacher-ng.nix +++ b/krebs/3modules/apt-cacher-ng.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: -with import <stockholm/lib>; +with lib; let acng-config = pkgs.writeTextFile { name = "acng-configuration"; diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index c1d4d7211..900be5139 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -1,5 +1,5 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; let out = { options.krebs.backup = api; diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index c374aa9af..33c825a80 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with lib; let gunicorn = pkgs.python3Packages.gunicorn; bepasty = pkgs.bepasty; diff --git a/krebs/3modules/bindfs.nix b/krebs/3modules/bindfs.nix index 7e3730e86..60736710f 100644 --- a/krebs/3modules/bindfs.nix +++ b/krebs/3modules/bindfs.nix @@ -1,5 +1,5 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: +with lib; let cfg = config.krebs.bindfs; in { diff --git a/krebs/3modules/brockman.nix b/krebs/3modules/brockman.nix index 8427ca50b..3f0dd0861 100644 --- a/krebs/3modules/brockman.nix +++ b/krebs/3modules/brockman.nix @@ -1,6 +1,7 @@ -{ pkgs, config, ... }: -with import <stockholm/lib>; +{ pkgs, config, lib, ... }: +with lib; let + slib = import ../../lib/pure.nix { inherit lib; }; cfg = config.krebs.brockman; in { options.krebs.brockman = { @@ -14,7 +15,7 @@ in { group = "brockman"; createHome = true; isSystemUser = true; - uid = genid_uint31 "brockman"; + uid = slib.genid_uint31 "brockman"; }; users.groups.brockman = {}; diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix index 5f961617f..bf20cb099 100644 --- a/krebs/3modules/build.nix +++ b/krebs/3modules/build.nix @@ -1,6 +1,6 @@ -{ config, ... }: +{ config, lib, pkgs, ... }: -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; { options.krebs.build = { diff --git a/krebs/3modules/ci/default.nix b/krebs/3modules/ci/default.nix index 022da5884..5035a11a8 100644 --- a/krebs/3modules/ci/default.nix +++ b/krebs/3modules/ci/default.nix @@ -1,6 +1,5 @@ { config, lib, pkgs, ... }: - -with import <stockholm/lib>; +with import ../../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.ci; @@ -25,7 +24,7 @@ let }; hostname = config.networking.hostName; - getJobs = pkgs.writeDash "get_jobs" '' + getJobs = pkgs.writers.writeDash "get_jobs" '' set -efu ${pkgs.nix}/bin/nix-build --no-out-link --quiet --show-trace -Q ./ci.nix >&2 json="$(${pkgs.nix}/bin/nix-instantiate --quiet -Q --eval --strict --json ./ci.nix)" @@ -116,7 +115,7 @@ let build_script = stages[stage], ), timeout = 3600, - command="${pkgs.writeDash "build.sh" '' + command="${pkgs.writers.writeDash "build.sh" '' set -xefu profile=${shell.escape profileRoot}/$build_name result=$("$build_script") diff --git a/krebs/3modules/current.nix b/krebs/3modules/current.nix index e97e53479..5c32203fd 100644 --- a/krebs/3modules/current.nix +++ b/krebs/3modules/current.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: -with import <stockholm/lib>; +with lib; let cfg = config.krebs.current; diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 6d763afed..28ce09941 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -1,170 +1,62 @@ { config, lib, ... }: - -with import <stockholm/lib>; -let - cfg = config.krebs; - - out = { - imports = [ - ../../kartei - ../../submodules/disko/module.nix - ./acl.nix - ./airdcpp.nix - ./announce-activation.nix - ./apt-cacher-ng.nix - ./backup.nix - ./bepasty-server.nix - ./bindfs.nix - ./brockman.nix - ./build.nix - ./cachecache.nix - ./ci - ./current.nix - ./dns.nix - ./exim-retiolum.nix - ./exim-smarthost.nix - ./exim.nix - ./fetchWallpaper.nix - ./git.nix - ./github - ./go.nix - ./hidden-ssh.nix - ./hosts.nix - ./htgen.nix - ./iana-etc.nix - ./iptables.nix - ./kapacitor.nix - ./konsens.nix - ./krebs-pages.nix - ./monit.nix - ./nixpkgs.nix - ./on-failure.nix - ./os-release.nix - ./per-user.nix - ./permown.nix - ./power-action.nix - ./reaktor2.nix - ./realwallpaper.nix - ./repo-sync.nix - ./retiolum-bootstrap.nix - ./secret.nix - ./setuid.nix - ./shadow.nix - ./sitemap.nix - ./ssl.nix - ./sync-containers.nix - ./sync-containers3.nix - ./systemd.nix - ./tinc.nix - ./tinc_graphs.nix - ./upstream - ./urlwatch.nix - ./users.nix - ./xresources.nix - ./zones.nix - ]; - options.krebs = api; - config = lib.mkIf cfg.enable imp; - }; - - api = { - enable = mkEnableOption "krebs"; - - zone-head-config = mkOption { - type = with types; attrsOf str; - description = '' - The zone configuration head which is being used to create the - zone files. The string for each key is pre-pended to the zone file. - ''; - # TODO: configure the default somewhere else, - # maybe use krebs.dns.providers - default = { - - # github.io -> 192.30.252.154 - "krebsco.de" = '' - $TTL 86400 - @ IN SOA dns19.ovh.net. tech.ovh.net. (2015052000 86400 3600 3600000 86400) - IN NS ns19.ovh.net. - IN NS dns19.ovh.net. - ''; - }; - }; - }; - - imp = lib.mkMerge [ - { - services.openssh.hostKeys = - let inherit (config.krebs.build.host.ssh) privkey; in - mkIf (privkey != null) [privkey]; - - services.openssh.knownHosts = - filterAttrs - (knownHostName: knownHost: - knownHost.publicKey != null && - knownHost.hostNames != [] - ) - (mapAttrs - (hostName: host: { - hostNames = - concatLists - (mapAttrsToList - (netName: net: - let - aliases = - concatLists [ - shortAliases - net.aliases - net.addrs - ]; - shortAliases = - optionals - (cfg.dns.search-domain != null) - (map (removeSuffix ".${cfg.dns.search-domain}") - (filter (hasSuffix ".${cfg.dns.search-domain}") - net.aliases)); - addPort = alias: - if net.ssh.port != 22 - then "[${alias}]:${toString net.ssh.port}" - else alias; - in - map addPort aliases - ) - host.nets); - publicKey = host.ssh.pubkey; - }) - (foldl' mergeAttrs {} [ - cfg.hosts - { - localhost = { - nets.local = { - addrs = [ "127.0.0.1" "::1" ]; - aliases = [ "localhost" ]; - ssh.port = 22; - }; - ssh.pubkey = config.krebs.build.host.ssh.pubkey; - }; - } - ])); - - programs.ssh.extraConfig = concatMapStrings - (net: '' - Host ${toString (net.aliases ++ net.addrs)} - Port ${toString net.ssh.port} - '') - (filter - (net: net.ssh.port != 22) - (concatMap (host: attrValues host.nets) - (mapAttrsToList - (_: host: recursiveUpdate host - (optionalAttrs (cfg.dns.search-domain != null && - hasAttr cfg.dns.search-domain host.nets) { - nets."" = host.nets.${cfg.dns.search-domain} // { - aliases = [host.name]; - addrs = []; - }; - })) - config.krebs.hosts))); - } +{ + imports = [ + ../../kartei + ./acl.nix + ./airdcpp.nix + ./announce-activation.nix + ./apt-cacher-ng.nix + ./backup.nix + ./bepasty-server.nix + ./bindfs.nix + ./brockman.nix + ./build.nix + ./cachecache.nix + ./ci + ./current.nix + ./dns.nix + ./exim-retiolum.nix + ./exim-smarthost.nix + ./exim.nix + ./fetchWallpaper.nix + ./git.nix + ./github + ./go.nix + ./hidden-ssh.nix + ./hosts.nix + ./htgen.nix + ./iana-etc.nix + ./iptables.nix + ./kapacitor.nix + ./konsens.nix + ./krebs.nix + ./krebs-pages.nix + ./monit.nix + ./nixpkgs.nix + ./on-failure.nix + ./os-release.nix + ./per-user.nix + ./permown.nix + ./power-action.nix + ./reaktor2.nix + ./realwallpaper.nix + ./repo-sync.nix + ./retiolum-bootstrap.nix + ./secret.nix + ./setuid.nix + ./shadow.nix + ./ssh.nix + ./sitemap.nix + ./ssl.nix + ./sync-containers.nix + ./sync-containers3.nix + ./systemd.nix + ./tinc.nix + ./tinc_graphs.nix + ./upstream + ./urlwatch.nix + ./users.nix + ./xresources.nix + ./zones.nix ]; - -in out +} diff --git a/krebs/3modules/dns.nix b/krebs/3modules/dns.nix index 8a74d3067..a268b931c 100644 --- a/krebs/3modules/dns.nix +++ b/krebs/3modules/dns.nix @@ -1,5 +1,5 @@ -with import <stockholm/lib>; -{ config, ... }: { +{ config, lib, pkgs, ... }: +with import ../../lib/pure.nix { inherit lib; }; { options = { krebs.dns.providers = mkOption { type = types.attrsOf types.str; @@ -8,7 +8,7 @@ with import <stockholm/lib>; type = types.nullOr types.hostname; }; }; - config = mkIf config.krebs.enable { + config = lib.mkIf config.krebs.enable { krebs.dns.providers = { "krebsco.de" = "zones"; shack = "hosts"; diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix index a16661c9f..f78f1746c 100644 --- a/krebs/3modules/exim-retiolum.nix +++ b/krebs/3modules/exim-retiolum.nix @@ -1,5 +1,5 @@ -with import <stockholm/lib>; -{ config, pkgs, lib, ... }: let +{ config, pkgs, lib, ... }: +with import ../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.exim-retiolum; # Due to improvements to the JSON notation, braces around top-level objects diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index 62f15027a..7b3dace6a 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.exim-smarthost; diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix index 0f0aa67f0..917a8e5a4 100644 --- a/krebs/3modules/exim.nix +++ b/krebs/3modules/exim.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: with import <stockholm/lib>; let +{ config, lib, pkgs, ... }: with import ../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.exim; in { options.krebs.exim = { diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index dc0133a63..79187adfa 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.fetchWallpaper; diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 02c673e43..1ec216f62 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -6,14 +6,14 @@ # TODO when authorized_keys changes, then restart ssh # (or kill already connected users somehow) -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.git; out = { options.krebs.git = api; - config = with lib; mkIf cfg.enable (mkMerge [ - (mkIf cfg.cgit.enable cgit-imp) + config = with lib; lib.mkIf cfg.enable (mkMerge [ + (lib.mkIf cfg.cgit.enable cgit-imp) git-imp ]); }; @@ -446,7 +446,7 @@ let ]; locations."/".extraConfig = '' include ${pkgs.nginx}/conf/fastcgi_params; - fastcgi_param SCRIPT_FILENAME ${pkgs.writeDash "cgit-wrapper" '' + fastcgi_param SCRIPT_FILENAME ${pkgs.writers.writeDash "cgit-wrapper" '' set -efu exec 3>&1 ${pkgs.cgit}/cgit/cgit.cgi "$@" 2>&1 >&3 3>&- \ diff --git a/krebs/3modules/github/hosts-sync.nix b/krebs/3modules/github/hosts-sync.nix index 71eed6c69..6f9aee0ce 100644 --- a/krebs/3modules/github/hosts-sync.nix +++ b/krebs/3modules/github/hosts-sync.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with lib; let cfg = config.krebs.github-hosts-sync; diff --git a/krebs/3modules/go.nix b/krebs/3modules/go.nix index 80cd90e27..9dc8fe6d2 100644 --- a/krebs/3modules/go.nix +++ b/krebs/3modules/go.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with lib; let cfg = config.krebs.go; diff --git a/krebs/3modules/hidden-ssh.nix b/krebs/3modules/hidden-ssh.nix index acbe717d9..9ee4409e6 100644 --- a/krebs/3modules/hidden-ssh.nix +++ b/krebs/3modules/hidden-ssh.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with lib; let cfg = config.krebs.hidden-ssh; diff --git a/krebs/3modules/hosts.nix b/krebs/3modules/hosts.nix index bd1bb1652..2333d0a8d 100644 --- a/krebs/3modules/hosts.nix +++ b/krebs/3modules/hosts.nix @@ -1,17 +1,19 @@ -with import <stockholm/lib>; -{ config, ... }: let +{ config, lib, pkgs, ... }: +with lib; let check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains; - domains = attrNames (filterAttrs (_: eq "hosts") config.krebs.dns.providers); + domains = attrNames (filterAttrs (_: slib.eq "hosts") config.krebs.dns.providers); + # we need this import because we have infinite recursion otherwise + slib = import ../../lib/pure.nix { inherit lib; }; in { options = { krebs.hosts = mkOption { default = {}; - type = types.attrsOf types.host; + type = types.attrsOf slib.types.host; }; }; - config = mkIf config.krebs.enable { + config = lib.mkIf config.krebs.enable { networking.hosts = filterAttrs (_name: value: value != []) @@ -91,7 +93,7 @@ in { (concatLists (attrValues netAliases)); } // - genAttrs' (attrNames netAliases) (netname: rec { + slib.genAttrs' (attrNames netAliases) (netname: rec { name = "krebs-hosts-${netname}"; value = writeHosts name netAliases.${netname}; }); diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix index b760ea671..334a83cb3 100644 --- a/krebs/3modules/htgen.nix +++ b/krebs/3modules/htgen.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; let optionalAttr = name: value: if name != null then diff --git a/krebs/3modules/iana-etc.nix b/krebs/3modules/iana-etc.nix index 9ed5f29c5..3195f71d9 100644 --- a/krebs/3modules/iana-etc.nix +++ b/krebs/3modules/iana-etc.nix @@ -1,5 +1,5 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: { +{ config, pkgs, lib, ... }: +with lib; { options.krebs.iana-etc.services = mkOption { default = {}; diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix index 052dad9c6..c1c5b68c8 100644 --- a/krebs/3modules/iptables.nix +++ b/krebs/3modules/iptables.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with lib; let inherit (pkgs) writeText; diff --git a/krebs/3modules/kapacitor.nix b/krebs/3modules/kapacitor.nix index 2ec67c73d..89d2e2c14 100644 --- a/krebs/3modules/kapacitor.nix +++ b/krebs/3modules/kapacitor.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: with builtins; -with import <stockholm/lib>; +with lib; let cfg = config.krebs.kapacitor; diff --git a/krebs/3modules/konsens.nix b/krebs/3modules/konsens.nix index 81dbb33e1..0463de53f 100644 --- a/krebs/3modules/konsens.nix +++ b/krebs/3modules/konsens.nix @@ -1,6 +1,5 @@ { config, lib, pkgs, ... }: - -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.konsens; @@ -68,7 +67,7 @@ let serviceConfig = { Type = "simple"; PermissionsStartOnly = true; - ExecStart = pkgs.writeDash "konsens-${name}" '' + ExecStart = pkgs.writers.writeDash "konsens-${name}" '' set -efu git config --global --replace-all safe.directory * if ! test -e ${name}; then diff --git a/krebs/3modules/krebs-pages.nix b/krebs/3modules/krebs-pages.nix index 6dd046a8b..face9e3a0 100644 --- a/krebs/3modules/krebs-pages.nix +++ b/krebs/3modules/krebs-pages.nix @@ -1,6 +1,5 @@ -{ config, modulesPath, pkgs, ... }: let +{ config, modulesPath, pkgs, lib, ... }: let cfg = config.krebs.pages; - lib = import ../../lib; extraTypes.nginx-vhost = lib.types.submodule ( lib.recursiveUpdate (import (modulesPath + "/services/web-servers/nginx/vhost-options.nix") @@ -11,7 +10,7 @@ in { options.krebs.pages = { enable = lib.mkEnableOption "krebs-pages"; domain = lib.mkOption { - type = lib.types.hostname; + type = pkgs.stockholm.lib.types.hostname; default = "krebsco.de"; }; nginx = lib.mkOption { diff --git a/krebs/3modules/krebs.nix b/krebs/3modules/krebs.nix new file mode 100644 index 000000000..ce63135ec --- /dev/null +++ b/krebs/3modules/krebs.nix @@ -0,0 +1,8 @@ +{ config, lib, ... }: +with lib; +let + cfg = config.krebs; +in { + options.krebs.enable = mkEnableOption "krebs"; + config = lib.mkIf config.krebs.enable {}; +} diff --git a/krebs/3modules/monit.nix b/krebs/3modules/monit.nix index cc4a1b208..717316224 100644 --- a/krebs/3modules/monit.nix +++ b/krebs/3modules/monit.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: with builtins; -with import <stockholm/lib>; +with lib; let cfg = config.krebs.monit; diff --git a/krebs/3modules/nixpkgs.nix b/krebs/3modules/nixpkgs.nix index 796ee537e..e560df51d 100644 --- a/krebs/3modules/nixpkgs.nix +++ b/krebs/3modules/nixpkgs.nix @@ -1,5 +1,5 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with lib; let cfg = config.krebs.nixpkgs; diff --git a/krebs/3modules/on-failure.nix b/krebs/3modules/on-failure.nix index 4da303dec..11d2b4194 100644 --- a/krebs/3modules/on-failure.nix +++ b/krebs/3modules/on-failure.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: with import <stockholm/lib>; let +{ config, lib, pkgs, ... }: with import ../../lib/pure.nix { inherit lib; }; let out = { options.krebs.on-failure = api; config = lib.mkIf cfg.enable imp; diff --git a/krebs/3modules/os-release.nix b/krebs/3modules/os-release.nix index 5fbfe6614..bfd352825 100644 --- a/krebs/3modules/os-release.nix +++ b/krebs/3modules/os-release.nix @@ -1,5 +1,5 @@ -{ config, ... }: -with import <stockholm/lib>; +{ config, lib, ... }: +with lib; let nixos-version-id = if (hasAttr "nixos" config.system) then "${config.system.nixos.version}" else "${config.system.nixosVersion}"; @@ -9,7 +9,7 @@ let nixos-pretty-name = "NixOS ${nixos-version}"; stockholm-version-id = let - eval = tryEval (removeSuffix "\n" (readFile <stockholm-version>)); + eval = builtins.tryEval (removeSuffix "\n" (readFile <stockholm-version>)); in if eval.success then eval.value else "unknown"; diff --git a/krebs/3modules/per-user.nix b/krebs/3modules/per-user.nix index 5beb859aa..c0368ee85 100644 --- a/krebs/3modules/per-user.nix +++ b/krebs/3modules/per-user.nix @@ -1,5 +1,5 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: let +{ config, pkgs, lib, ... }: +with lib; let cfg = config.krebs.per-user; in { options.krebs.per-user = mkOption { diff --git a/krebs/3modules/permown.nix b/krebs/3modules/permown.nix index a4dd40386..3ebbc44fe 100644 --- a/krebs/3modules/permown.nix +++ b/krebs/3modules/permown.nix @@ -1,5 +1,5 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: { +{ config, pkgs, lib, ... }: +with lib; { options.krebs.permown = mkOption { default = {}; diff --git a/krebs/3modules/reaktor2.nix b/krebs/3modules/reaktor2.nix index 26aac5d5a..978e0c9c0 100644 --- a/krebs/3modules/reaktor2.nix +++ b/krebs/3modules/reaktor2.nix @@ -1,5 +1,5 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: { +{ config, pkgs, lib, ... }: +with import ../../lib/pure.nix { inherit lib; }; { options.krebs.reaktor2 = mkOption { default = {}; diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index f2b34e8c4..a65a22b29 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.realwallpaper; diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix index 5b8a53be8..a6de3f3f6 100644 --- a/krebs/3modules/repo-sync.nix +++ b/krebs/3modules/repo-sync.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.repo-sync; diff --git a/krebs/3modules/retiolum-bootstrap.nix b/krebs/3modules/retiolum-bootstrap.nix index faa3dd714..c9ea8a619 100644 --- a/krebs/3modules/retiolum-bootstrap.nix +++ b/krebs/3modules/retiolum-bootstrap.nix @@ -1,5 +1,5 @@ -{ config, pkgs, ... }: -with import <stockholm/lib>; +{ config, pkgs, lib, ... }: +with lib; let cfg = config.krebs.retiolum-bootstrap; in diff --git a/krebs/3modules/secret.nix b/krebs/3modules/secret.nix index 0c5e1cdcd..90c2f6a6d 100644 --- a/krebs/3modules/secret.nix +++ b/krebs/3modules/secret.nix @@ -1,5 +1,5 @@ -with import <stockholm/lib>; -{ config, lib, pkgs, ... }: let +{ config, lib, pkgs, ... }: +with import ../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.secret; in { options.krebs.secret = { @@ -12,7 +12,7 @@ in { readOnly = true; }; files = mkOption { - type = with types; attrsOf secret-file; + type = with pkgs.stockholm.lib.types; attrsOf secret-file; default = {}; }; }; diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix index e186478eb..53fed0e36 100644 --- a/krebs/3modules/setuid.nix +++ b/krebs/3modules/setuid.nix @@ -1,5 +1,6 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: let +{ config, pkgs, lib, ... }: +with import ../../lib/pure.nix { inherit lib; }; +let out = { options.krebs.setuid = api; diff --git a/krebs/3modules/shadow.nix b/krebs/3modules/shadow.nix index f056cfd8e..281b446bb 100644 --- a/krebs/3modules/shadow.nix +++ b/krebs/3modules/shadow.nix @@ -1,5 +1,6 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: let +{ config, pkgs, lib, ... }: +with lib; +let cfg = config.krebs.shadow; @@ -47,7 +48,7 @@ in { default = cfg.overridesFile != null; }; overridesFile = mkOption { - apply = x: if typeOf x == "path" then toString x else x; + apply = x: if builtins.typeOf x == "path" then toString x else x; default = null; description = '' Path to a file containing additional shadow entries, used for adding diff --git a/krebs/3modules/sitemap.nix b/krebs/3modules/sitemap.nix index ec2179db1..906d556be 100644 --- a/krebs/3modules/sitemap.nix +++ b/krebs/3modules/sitemap.nix @@ -1,6 +1,5 @@ -let - lib = import ../../lib; -in { +{ lib, ... }: +{ options.krebs.sitemap = lib.mkOption { type = with lib.types; attrsOf sitemap.entry; default = {}; diff --git a/krebs/3modules/ssh.nix b/krebs/3modules/ssh.nix new file mode 100644 index 000000000..58f3a3c10 --- /dev/null +++ b/krebs/3modules/ssh.nix @@ -0,0 +1,109 @@ +{ config, lib, ... }: +with lib; +let + cfg = config.krebs; + + out = { + options.krebs = api; + config = lib.mkIf cfg.enable imp; + }; + + api = { + zone-head-config = mkOption { + type = with types; attrsOf str; + description = '' + The zone configuration head which is being used to create the + zone files. The string for each key is pre-pended to the zone file. + ''; + # TODO: configure the default somewhere else, + # maybe use krebs.dns.providers + default = { + + # github.io -> 192.30.252.154 + "krebsco.de" = '' + $TTL 86400 + @ IN SOA dns19.ovh.net. tech.ovh.net. (2015052000 86400 3600 3600000 86400) + IN NS ns19.ovh.net. + IN NS dns19.ovh.net. + ''; + }; + }; + }; + + imp = lib.mkMerge [ + { + services.openssh.hostKeys = + let inherit (config.krebs.build.host.ssh) privkey; in + mkIf (privkey != null) [privkey]; + + services.openssh.knownHosts = + filterAttrs + (knownHostName: knownHost: + knownHost.publicKey != null && + knownHost.hostNames != [] + ) + (mapAttrs + (hostName: host: { + hostNames = + concatLists + (mapAttrsToList + (netName: net: + let + aliases = + concatLists [ + shortAliases + net.aliases + net.addrs + ]; + shortAliases = + optionals + (cfg.dns.search-domain != null) + (map (removeSuffix ".${cfg.dns.search-domain}") + (filter (hasSuffix ".${cfg.dns.search-domain}") + net.aliases)); + addPort = alias: + if net.ssh.port != 22 + then "[${alias}]:${toString net.ssh.port}" + else alias; + in + map addPort aliases + ) + host.nets); + publicKey = host.ssh.pubkey; + }) + (foldl' mergeAttrs {} [ + cfg.hosts + { + localhost = { + nets.local = { + addrs = [ "127.0.0.1" "::1" ]; + aliases = [ "localhost" ]; + ssh.port = 22; + }; + ssh.pubkey = config.krebs.build.host.ssh.pubkey; + }; + } + ])); + + programs.ssh.extraConfig = concatMapStrings + (net: '' + Host ${toString (net.aliases ++ net.addrs)} + Port ${toString net.ssh.port} + '') + (filter + (net: net.ssh.port != 22) + (concatMap (host: attrValues host.nets) + (mapAttrsToList + (_: host: recursiveUpdate host + (optionalAttrs (cfg.dns.search-domain != null && + hasAttr cfg.dns.search-domain host.nets) { + nets."" = host.nets.${cfg.dns.search-domain} // { + aliases = [host.name]; + addrs = []; + }; + })) + config.krebs.hosts))); + } + ]; + +in out diff --git a/krebs/3modules/sync-containers.nix b/krebs/3modules/sync-containers.nix index 60ca993e6..fe64657dc 100644 --- a/krebs/3modules/sync-containers.nix +++ b/krebs/3modules/sync-containers.nix @@ -1,5 +1,6 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: let +{ config, pkgs, lib, ... }: +with lib; +let cfg = config.krebs.sync-containers; paths = cname: { plain = "/var/lib/containers/${cname}/var/state"; diff --git a/krebs/3modules/sync-containers3.nix b/krebs/3modules/sync-containers3.nix index ed147b30e..c88dd5919 100644 --- a/krebs/3modules/sync-containers3.nix +++ b/krebs/3modules/sync-containers3.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: let cfg = config.krebs.sync-containers3; - slib = pkgs.stockholm.lib; + slib = import ../../lib/pure.nix { inherit lib; }; in { options.krebs.sync-containers3 = { inContainer = { diff --git a/krebs/3modules/systemd.nix b/krebs/3modules/systemd.nix index 3e524d3b5..754b25675 100644 --- a/krebs/3modules/systemd.nix +++ b/krebs/3modules/systemd.nix @@ -1,5 +1,6 @@ -{ config, pkgs, ... }: let { - lib = import ../../lib; +{ config, pkgs, lib, ... }: let { + + slib = import ../../lib/pure.nix { inherit lib; }; body.options.krebs.systemd.services = lib.mkOption { default = {}; @@ -13,14 +14,14 @@ lib.sort lib.lessThan (lib.filter - lib.types.absolute-pathname.check + slib.types.absolute-pathname.check (map - (lib.compose [ lib.maybeHead (lib.match "[^:]*:(.*)") ]) + (slib.compose [ slib.maybeHead (builtins.match "[^:]*:(.*)") ]) (lib.toList cfg.serviceConfig.LoadCredential))); readOnly = true; }; credentialUnitName = lib.mkOption { - default = "trigger-${lib.systemd.encodeName serviceName}"; + default = "trigger-${slib.systemd.encodeName serviceName}"; readOnly = true; }; restartIfCredentialsChange = lib.mkOption { @@ -54,7 +55,7 @@ pkgs.systemd ]} - cache=/var/lib/credentials/${lib.shell.escape serviceName}.sha1sum + cache=/var/lib/credentials/${slib.shell.escape serviceName}.sha1sum tmpfile=$(mktemp -t "$(basename "$cache")".XXXXXXXX) trap 'rm -f "$tmpfile"' EXIT @@ -64,7 +65,7 @@ fi mv "$tmpfile" "$cache" - systemctl restart ${lib.shell.escape serviceName} + systemctl restart ${slib.shell.escape serviceName} ''; }; }; diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 437f3b633..2f9efad46 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -1,5 +1,5 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: { +{ config, pkgs, lib, ... }: +with import ../../lib/pure.nix { inherit lib; }; { options.krebs.tinc = mkOption { default = {}; description = '' diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index 733db69ca..dd132a2de 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.tinc_graphs; internal_dir = "${cfg.workingDir}/internal"; diff --git a/krebs/3modules/upstream/default.nix b/krebs/3modules/upstream/default.nix index ce7bd1644..91de6beeb 100644 --- a/krebs/3modules/upstream/default.nix +++ b/krebs/3modules/upstream/default.nix @@ -1,4 +1,5 @@ -with import <stockholm/lib>; +{ pkgs, lib, ... }: +with lib; { imports = @@ -6,5 +7,5 @@ with import <stockholm/lib>; (name: ./. + "/${name}") (filter (name: name != "default.nix" && !hasPrefix "." name) - (attrNames (readDir ./.))); + (attrNames (builtins.readDir ./.))); } diff --git a/krebs/3modules/upstream/desktop-managers/coma.nix b/krebs/3modules/upstream/desktop-managers/coma.nix index 95db7fb5c..e12f4b981 100644 --- a/krebs/3modules/upstream/desktop-managers/coma.nix +++ b/krebs/3modules/upstream/desktop-managers/coma.nix @@ -1,5 +1,6 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: { +{ config, pkgs, lib, ... }: +with lib; +{ options = { services.xserver.desktopManager.coma = { enable = mkEnableOption "sleep as a desktop manager"; diff --git a/krebs/3modules/upstream/desktop-managers/none.nix b/krebs/3modules/upstream/desktop-managers/none.nix index 892def985..77f7ad513 100644 --- a/krebs/3modules/upstream/desktop-managers/none.nix +++ b/krebs/3modules/upstream/desktop-managers/none.nix @@ -1,9 +1,9 @@ +{ lib, ... }: # Replace upstream none desktop-manager by a real none, that doesn't pull in # any dependencies. -with import <stockholm/lib>; { - disabledModules = singleton "services/x11/desktop-managers/none.nix"; - config.services.xserver.desktopManager.session = singleton { + disabledModules = lib.singleton "services/x11/desktop-managers/none.nix"; + config.services.xserver.desktopManager.session = lib.singleton { name = "none"; bgSupport = true; start = ""; diff --git a/krebs/3modules/upstream/window-managers/default.nix b/krebs/3modules/upstream/window-managers/default.nix index eecadca7e..cdd82076d 100644 --- a/krebs/3modules/upstream/window-managers/default.nix +++ b/krebs/3modules/upstream/window-managers/default.nix @@ -13,8 +13,8 @@ imports = [ ./xmonad.nix ]; nixpkgs.overlays = [(self: super: { writers = super.writers // { - writeHaskellBin = name: spec: with import <stockholm/lib>; - super.writers.writeHaskellBin name (removeAttrs spec ["ghcArgs"]); + writeHaskellBin = name: spec: + super.writers.writeHaskellBin name (builtins.removeAttrs spec ["ghcArgs"]); }; })]; } diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix index 113f6e65d..b811b6fa6 100644 --- a/krebs/3modules/urlwatch.nix +++ b/krebs/3modules/urlwatch.nix @@ -4,7 +4,7 @@ # TODO inform about unused caches # cache = url: "${cfg.dataDir}/.urlwatch/cache/${hashString "sha1" url}" -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.urlwatch; diff --git a/krebs/3modules/users.nix b/krebs/3modules/users.nix index c1ad4b44b..614e6ab42 100644 --- a/krebs/3modules/users.nix +++ b/krebs/3modules/users.nix @@ -1,8 +1,8 @@ -{ config, ... }: let - lib = import ../../lib; +{ config, lib, pkgs, ... }: let + slib = import ../../lib/pure.nix { inherit lib; }; in { options.krebs.users = lib.mkOption { - type = with lib.types; attrsOf user; + type = lib.types.attrsOf slib.types.user; }; config = lib.mkIf config.krebs.enable { krebs.users = { diff --git a/krebs/3modules/zones.nix b/krebs/3modules/zones.nix index 51ced6f95..7771d3b51 100644 --- a/krebs/3modules/zones.nix +++ b/krebs/3modules/zones.nix @@ -1,5 +1,5 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: { +{ config, pkgs, lib, ... }: +with lib; { config = { environment.etc = diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index f9ed6439c..866796a4e 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -1,8 +1,11 @@ -let - stockholm.lib = import ../../lib; +self: super: let + stockholm = { + lib = import ../../lib/pure.nix { lib = super.lib; }; + outPath = toString ../.; + }; in with stockholm.lib; -self: super: + fix (foldl' (flip extends) (self: super) ( [ (self: super: { inherit stockholm; }) diff --git a/krebs/5pkgs/simple/reaktor2-plugins.nix b/krebs/5pkgs/simple/reaktor2-plugins.nix index 052e389a6..651062b0a 100644 --- a/krebs/5pkgs/simple/reaktor2-plugins.nix +++ b/krebs/5pkgs/simple/reaktor2-plugins.nix @@ -1,5 +1,5 @@ { lib, pkgs, stockholm, ... }: -with stockholm.lib; +with (builtins.trace (lib.attrNames stockholm) stockholm).lib; rec { generators = { @@ -15,27 +15,27 @@ rec { commands = { random-emoji = { - filename = <stockholm/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh>; + filename = stockholm.outPath + "/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh"; env = { PATH = makeBinPath (with pkgs; [ coreutils gnused gnugrep xmlstarlet wget ]); }; }; dance = { - filename = pkgs.writeDash "dance" '' + filename = pkgs.writers.writeDash "dance" '' ${pkgs.krebsdance}/bin/krebsdance --dance "$@"; ''; }; nixos-version = { - filename = pkgs.writeDash "nixos-version" '' + filename = pkgs.writers.writeDash "nixos-version" '' . /etc/os-release echo "$PRETTY_NAME" ''; }; stockholm-issue = { - filename = <stockholm/krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh>; + filename = stockholm.outPath + "/krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh"; env = { PATH = makeBinPath (with pkgs; [ coreutils git gnused haskellPackages.lentil ]); origin = "http://cgit.gum/stockholm"; @@ -56,10 +56,10 @@ rec { PATH = makeBinPath (with pkgs; [ gnused ]); state_dir = "/tmp"; }; - filename = pkgs.writeDash "sed-plugin" '' + filename = pkgs.writers.writeDash "sed-plugin" '' set -efu exec ${pkgs.python3}/bin/python \ - ${<stockholm/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py>} "$@" + ${stockholm.outPath + "/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py"} "$@" ''; }; }; @@ -68,7 +68,7 @@ rec { activate = "match"; pattern = "^(.*Shack.*)$"; arguments = [1]; - command.filename = <stockholm/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh>; + command.filename = stockholm.outPath + "/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh"; }; diff --git a/krebs/default.nix b/krebs/default.nix index 577cc269e..8cfdae484 100644 --- a/krebs/default.nix +++ b/krebs/default.nix @@ -1,4 +1,4 @@ -{ +args: { imports = [ ./3modules @@ -6,7 +6,7 @@ nixpkgs = { overlays = [ - (import ../submodules/nix-writers/pkgs) + (import ((args.nix-writers or ../submodules/nix-writers) + "/pkgs")) (import ./5pkgs) ]; }; diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index a30dffd71..83131c2b8 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "4729ffac6fd12e26e5a8de002781ffc49b0e94b7", - "date": "2023-06-05T20:59:20-06:00", - "path": "/nix/store/6r3d9mpbl3px7y8y6wcwsg60bvish21w-nixpkgs", - "sha256": "0gha78rczp5gbl6v39i2bm11kmi974akgqkj3hck5s2ri6abprsr", + "rev": "645ff62e09d294a30de823cb568e9c6d68e92606", + "date": "2023-07-01T19:09:17+02:00", + "path": "/nix/store/s5zy1prlscbr2iz6h9fj5la3973isaxw-nixpkgs", + "sha256": "02hpby5ln7p5kix9518hn0ady4q3i41z5ycamvwsarv3gvlzbsb4", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 5435dd9bd..aed82e9f3 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "d83945caa7624015f11b152bf5c6c4363ffe9f7c", - "date": "2023-06-06T09:06:53+02:00", - "path": "/nix/store/vzqz4lhcfjg5npn2fm7w3qpm7h0i5baz-nixpkgs", - "sha256": "0l4axff9lqc6qq1dkm1dgdp2zv7165a42d9l2zmf4njnhm91f5w5", + "rev": "0de86059128947b2438995450f2c2ca08cc783d5", + "date": "2023-07-01T05:19:59+03:00", + "path": "/nix/store/fwazy7k5nlavyj4637jnsqabdzdiad90-nixpkgs", + "sha256": "0m3aqg2xx5705v4yglal1ksknqnj3cbdyzcyw1dvz6qqvn9ng7i5", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/krebs/update-nixpkgs.sh b/krebs/update-nixpkgs.sh index 97c069d86..465548f44 100755 --- a/krebs/update-nixpkgs.sh +++ b/krebs/update-nixpkgs.sh @@ -3,7 +3,7 @@ dir=$(dirname $0) oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ --url https://github.com/NixOS/nixpkgs \ - --rev refs/heads/nixos-22.11' \ + --rev refs/heads/nixos-23.05' \ > $dir/nixpkgs.json newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev" |