l green.r: add weechat auto mode

This commit is contained in:
lassulus 2022-11-15 14:18:11 +01:00
parent 93c0c1c017
commit 3736bbf091
3 changed files with 263 additions and 59 deletions

View file

@ -11,78 +11,47 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/syncthing.nix> <stockholm/lass/2configs/syncthing.nix>
<stockholm/lass/2configs/sync/sync.nix> <stockholm/lass/2configs/sync/sync.nix>
<stockholm/lass/2configs/sync/decsync.nix> <stockholm/lass/2configs/sync/decsync.nix>
<stockholm/lass/2configs/sync/weechat.nix>
<stockholm/lass/2configs/weechat.nix>
<stockholm/lass/2configs/bitlbee.nix> <stockholm/lass/2configs/bitlbee.nix>
<stockholm/lass/2configs/IM.nix>
<stockholm/lass/2configs/muchsync.nix> <stockholm/lass/2configs/muchsync.nix>
<stockholm/lass/2configs/pass.nix> <stockholm/lass/2configs/pass.nix>
<stockholm/lass/2configs/git-brain.nix> <stockholm/lass/2configs/git-brain.nix>
<stockholm/lass/2configs/et-server.nix>
<stockholm/lass/2configs/consul.nix>
]; ];
krebs.build.host = config.krebs.hosts.green; krebs.build.host = config.krebs.hosts.green;
users.users.mainUser.openssh.authorizedKeys.keys = [ lass.sync-containers3.inContainer = {
config.krebs.users.lass-android.pubkey enable = true;
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0rn3003CkJMk3jZrh/3MC6nVorHRymlFSI4x1brCKY" # weechat ssh tunnel pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlUMf943qEQG64ob81p6dgoHq4jUjq7tSvmSdEOEU2y";
];
krebs.bindfs = {
"/home/lass/.weechat" = {
source = "/var/state/lass_weechat";
options = [
"-M ${concatMapStringsSep ":" (u: toString config.users.users.${u}.uid) [ "syncthing" "mainUser" ]}"
"--create-for-user=${toString config.users.users.syncthing.uid}"
];
};
"/home/lass/Maildir" = {
source = "/var/state/lass_mail";
options = [
"-M ${toString config.users.users.mainUser.uid}"
];
};
"/var/lib/bitlbee" = {
source = "/var/state/bitlbee";
options = [
"-M ${toString config.users.users.bitlbee.uid}"
];
clearTarget = true;
};
"/home/lass/.ssh" = {
source = "/var/state/lass_ssh";
options = [
"-M ${toString config.users.users.mainUser.uid}"
];
clearTarget = true;
};
"/home/lass/.gnupg" = {
source = "/var/state/lass_gnupg";
options = [
"-M ${toString config.users.users.mainUser.uid}"
];
clearTarget = true;
};
"/var/lib/git" = {
source = "/var/state/git";
options = [
"-M ${toString config.users.users.git.uid}"
];
clearTarget = true;
};
}; };
systemd.services."bindfs-_home_lass_Maildir".serviceConfig.ExecStartPost = pkgs.writeDash "symlink-notmuch" '' systemd.tmpfiles.rules = [
sleep 1 "d /var/state/lass_mail 0700 lass users -"
mkdir -p /home/lass/notmuch "L+ /home/lass/Maildir - - - - ../../var/state/lass_mail"
chown lass: /home/lass/notmuch "d /home/lass/notmuch 0700 lass users -"
ln -sfTr /home/lass/notmuch /home/lass/Maildir/.notmuch "L+ /var/state/lass_mail/.notmuch - - - - /home/lass/notmuch"
mkdir -p /home/lass/notmuch/muchsync "d /var/state/lass_ssh 0700 lass users -"
chown lass: /home/lass/notmuch/muchsync "L+ /home/lass/.ssh - - - - ../../var/state/lass_ssh"
mkdir -p /home/lass/Maildir/.muchsync "d /var/state/lass_gpg 0700 lass users -"
ln -sfTr /home/lass/Maildir/.muchsync /home/lass/notmuch/muchsync/tmp "L+ /home/lass/.gnupg - - - - ../../var/state/lass_gpg"
''; "d /var/state/lass_sync 0700 lass users -"
"L+ /home/lass/sync - - - - ../../var/state/lass_sync"
"d /var/state/git 0700 git nogroup -"
"L+ /var/lib/git - - - - ../../var/state/git"
];
users.users.mainUser.openssh.authorizedKeys.keys = [
config.krebs.users.lass-android.pubkey
config.krebs.users.lass-tablet.pubkey
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKgpZwye6yavIs3gUIYvSi70spDa0apL2yHR0ASW74z8" # weechat ssh tunnel
];
krebs.iptables.tables.nat.PREROUTING.rules = [ krebs.iptables.tables.nat.PREROUTING.rules = [
{ predicate = "-i eth0 -p tcp -m tcp --dport 22"; target = "ACCEPT"; precedence = 101; } { predicate = "-i eth0 -p tcp -m tcp --dport 22"; target = "ACCEPT"; precedence = 101; }
@ -93,4 +62,11 @@ with import <stockholm/lib>;
HostKeyAlgorithms +ssh-rsa HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms +ssh-rsa
''; '';
services.dovecot2 = {
enable = true;
mailLocation = "maildir:~/Maildir";
};
networking.firewall.allowedTCPPorts = [ 143 ];
} }

View file

@ -0,0 +1,7 @@
{ config, lib, pkgs, ... }:
{
services.eternal-terminal = {
enable = true;
};
networking.firewall.allowedTCPPorts = [ config.services.eternal-terminal.port ];
}

221
lass/2configs/weechat.nix Normal file
View file

@ -0,0 +1,221 @@
{ config, lib, pkgs, ... }: let
weechat-configured = pkgs.weechat-declarative.override {
config = {
scripts = [
pkgs.weechat-matrix
pkgs.weechatScripts.wee-slack
];
settings = {
irc.server_default.nicks = [ "lassulus" "hackulus" ];
irc.server.bitlbee = {
addresses = "localhost/6666";
command = "msg &bitlbee identify \${sec.data.bitlbee}";
};
irc.server.hackint = {
addresses = "irc.hackint.org/6697";
autojoin = [
"#c3-gsm"
"#panthermoderns"
"#36c3"
"#cccac"
"#nixos"
"#krebs"
"#c-base"
"#afra"
"#tvl"
"#eloop"
"#systemdultras"
"#rc3"
"#krebs-announce"
"#the_playlist"
"#germany"
"#hackint"
"#dezentrale"
"#hackerfleet \${sec.data.c3-gsm}" # TODO support channel passwords in a cooler way
];
ssl = true;
sasl_fail = "reconnect";
sasl_username = "lassulus";
sasl_password = "\${sec.data.hackint_sasl}";
};
irc.server.r = {
addresses = "irc.r";
autojoin = [
"#xxx"
"#autowifi"
"#brockman"
"#flix"
"#kollkoll"
"#noise"
"#mukke"
];
sasl_fail = "reconnect";
sasl_username = "lassulus";
sasl_password = "\${sec.data.r_sasl}";
anti_flood_prio_high = 0;
anti_flood_prio_low = 0;
};
irc.server.libera = {
addresses = "irc.libera.chat/6697";
autojoin = [
"#shackspace"
"#nixos"
"#krebs"
"#dezentrale"
"#tinc"
"#nixos-de"
"#fysi"
"#hillhacks"
"#nixos-rc3"
"#binaergewitter"
"#hackerfleet"
"#weechat"
];
ssl = true;
sasl_username = "lassulus";
sasl_fail = "reconnect";
sasl_password = "\${sec.data.libera_sasl}";
};
irc.server.news = {
addresses = "news.r";
autojoin = [
"#all"
"#aluhut"
"#querdenkos"
"#news"
"#drachengame"
];
anti_flood_prio_high = 0;
anti_flood_prio_low = 0;
};
matrix.server.lassulus = {
address = "matrix.lassul.us";
username = "lassulus";
password = "\${sec.data.matrix_lassulus}";
device_name = config.networking.hostName;
};
matrix.server.nixos_dev = {
address = "matrix.nixos.dev";
username = "@lassulus:nixos.dev";
device_name = config.networking.hostName;
sso_helper_listening_port = 55123;
};
plugins.var.python.go.short_name = true;
plugins.var.python.go.short_name_server = true;
plugins.var.python.go.fuzzy_search = true;
relay.network.password = "xxx"; # secret?
relay.port.weechat = 9998;
relay.weechat.commands = "*,!exec,!quit";
weechat.look.buffer_time_format = "%m-%d_%H:%M:%S";
weechat.look.item_time_format = "%m-%d_%H:%M:%S";
irc.look.color_nicks_in_names = true;
irc.look.color_nicks_in_nicklist = true;
logger.file.mask = "$plugin.$name/%Y-%m-%d.weechatlog";
logger.file.path = "/var/state/weechat_logs";
logger.look.backlog = 1000;
weechat.notify.python.matrix.nixos_dev."!YLoVsCxScyQODoqIbb:hackint.org" = "none"; #c-base
weechat.notify.python.matrix.nixos_dev."!bohcSYPVoePqBDWlvE:hackint.org" = "none"; #krebs
weechat.notify.irc.news."#all" = "highlight";
# setting logger levels for channels is currently not possible declarativly
# because of already defined
logger.level.core.weechat = 0;
logger.level.irc = 3;
logger.level.python = 3;
weechat.bar.title.color_bg = 0;
weechat.bar.status.color_bg = 0;
alias.cmd.reload = "exec -oc cat /etc/weechat.set";
script.scripts.download_enabled = true;
weechat.look.prefix_align = "left";
weechat.look.prefix_align_max = 20;
irc.look.server_buffer = "independent";
matrix.look.server_buffer = "independent";
weechat.bar.buflist.size_max = 20;
weechat.color.chat_nick_colors = [
1 2 3 4 5 6 9
10 11 12 13 14
28 29
30 31 32 33 34 35 36 37 38 39
70
94
101 102 103 104 105 106 107
130 131 133 134 135 136 137
140 141 142 143
160 161 162 163 165 166 167 168 169
170 171 172 173 174 175
196 197 198 199
200 201 202 203 204 205 206 208 209 209
210 211 212
];
};
extraCommands = ''
/script upgrade
/script install go.py
/script install nickregain.pl
/script install autosort.py
/key bind meta-q /go
/key bind meta-t /bar toggle nicklist
/key bind meta-y /bar toggle buflist
/filter addreplace irc_smart * irc_smart_filter *
/filter addreplace playlist_topic irc.*.#the_playlist irc_topic *
/filter addreplace xxx_joinpart irc.r.#xxx irc_join,irc_part,irc_quit *
/set logger.level.irc.news 0
/set logger.level.python.server.nixos_dev = 0;
/set logger.level.irc.hackint.#the_playlist = 0;
/connect bitlbee
/connect r
/connect news
/connect libera
/connect hackint
/matrix connect nixos_dev
/matrix connect lassulus
'';
files."sec.conf" = toString (pkgs.writeText "sec.conf" ''
[crypt]
cipher = aes256
hash_algo = sha256
passphrase_command = "cat $CREDENTIALS_DIRECTORY/WEECHAT_PASSPHRASE"
salt = on
[data]
__passphrase__ = on
hackint_sasl = "5CA242E92E7A09B180711B50C4AE2E65C42934EB4E584EC82BC1281D8C72CD411D590C16CC435687C0DA13759873CC"
libera_sasl = "9500B5AC3B29F9CAA273F1B89DC99550E038AF95C4B47442B1FB4CB9F0D6B86B26015988AD39E642CA9C4A78DED7F42D1F409B268C93E778"
r_sasl = "CB6FB1421ED5A9094CD2C05462DB1FA87C4A675628ABD9AEC9928A1A6F3F96C07D9F26472331BAF80B7B73270680EB1BBEFD"
c3-gsm = "C49DD845900CFDFA93EEBCE4F1ABF4A963EF6082B7DA6410FA701CC77A04BB6C201FCB864988C4F2B97ED7D44D5A28F162"
matrix.server.nixos_dev.access_token = "C40FE41B9B7B73553D51D8FCBD53871E940FE7FCCAB543E7F4720A924B8E1D58E2B1E1F460F5476C954A223F78CCB956337F6529159C0ECD7CB0384C13CB7170FF1270A577B1C4FF744D20FCF5C708259896F8D9"
bitlbee = "814ECAC59D9CF6E8340B566563E5D7E92AB92209B49C1EDE4CAAC32DD0DF1EC511D97C75E840C45D69BB9E3D03E79C"
matrix_lassulus = "0CA5C0F70A9F893881370F4A665B4CC40FBB1A41E53BC94916CD92B029103528611EC0B390116BE60FA79AE10F486E96E17B0824BE2DE1C97D87B88F5407330DAD70C044147533C36B09B7030CAD97"
'');
};
};
in {
users.users.mainUser.packages = [
weechat-configured
];
environment.etc."weechat.set".source = "${weechat-configured}/weechat.set";
systemd.tmpfiles.rules = [
"d /var/state/weechat_logs 0700 lass users -"
"d /var/state/weechat 0700 lass users -"
"d /var/state/weechat_cfg 0700 lass users -"
"L+ /home/lass/.local/share/weechat - - - - ../../../../var/state/weechat"
"L+ /home/lass/.config/weechat - - - - ../../../../var/state/weechat_cfg"
];
systemd.services.weechat = {
wantedBy = [ "multi-user.target" ];
restartIfChanged = false;
serviceConfig = {
User = "lass";
RemainAfterExit = true;
Type = "oneshot";
LoadCredential = [
"WEECHAT_PASSPHRASE:${toString <secrets>}/weechat_passphrase"
];
ExecStart = "${pkgs.tmux}/bin/tmux -2 new-session -d -s IM ${weechat-configured}/bin/weechat";
ExecStop = "${pkgs.tmux}/bin/tmux kill-session -t IM"; # TODO run save in weechat
};
};
}