Merge remote-tracking branch 'lassul.us/master'

This commit is contained in:
makefu 2023-04-23 16:26:01 +02:00
commit 60fb7a1aa1
No known key found for this signature in database
GPG key ID: 36F7711F3FC0F225
21 changed files with 220 additions and 119 deletions

View file

@ -1,12 +1,16 @@
with import ../../lib;
{ config, ... }: let
hostDefaults = hostName: host: flip recursiveUpdate host ({
owner = config.krebs.users.feliks;
ci = false;
external = true;
monitoring = false;
} // optionalAttrs (host.nets?retiolum) {
nets.retiolum.ip6.addr =
(krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
} // optionalAttrs (host.nets?wiregrill) {
nets.wiregrill.ip6.addr =
(krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
});
in {
users.feliks = {
@ -14,11 +18,10 @@ in {
};
hosts = mapAttrs hostDefaults {
papawhakaaro = {
owner = config.krebs.users.feliks;
nets = {
retiolum = {
ip4.addr = "10.243.10.243";
aliases = [ "papawhakaaro.r" ];
aliases = [ "papawhakaaro.r" "tp.feliks.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA4bd0lVUVlzFmM8TuH77C5VctcK4lkw02LbMVQDJ5U+Ww075nNahw
@ -39,11 +42,10 @@ in {
};
};
iti = {
owner = config.krebs.users.feliks;
nets = {
retiolum = {
ip4.addr = "10.243.10.244";
aliases = [ "iti.r" ];
aliases = [ "iti.r" "ltd.feliks.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA5TXEmw3F3lCekITBPW8QYF1ciKHN8RSi47k1vW+jXb6gdWcVo5KL
@ -64,11 +66,10 @@ in {
};
};
tumaukainga = {
owner = config.krebs.users.feliks;
nets = {
retiolum = {
ip4.addr = "10.243.10.245";
aliases = [ "tumaukainga.r" ];
aliases = [ "tumaukainga.r" "hs.feliks.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAj1q28QzUlag0i+2ZEpZyQEbrtuODj6pCCt2IX1Uz1B83outO2l/n
@ -88,5 +89,12 @@ in {
};
};
};
ahuatangata = {
nets.wiregrill = {
ip4.addr = "10.244.10.246";
aliases = [ "ahuatangata" "ndrd.feliks.r" ];
wireguard.pubkey = "QPDGBEYJ1znqUdjy6JWZJ+cqPMcU67dHlOX5beTM6TA=";
};
};
};
}

View file

@ -90,6 +90,7 @@ in {
"tts.r"
"flood.r"
"warez.r"
"bing-gpt.r"
"navidrome.r"
];
tinc.pubkey = ''
@ -788,7 +789,7 @@ in {
aliases = [
"jack.r"
"stable-confusion.r"
"llama.r"
"vicuna.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@ -910,6 +911,33 @@ in {
};
};
donna = {
owner = config.krebs.users.mic92;
nets = rec {
internet = {
# clara.dse.in.tum.de
ip4.addr = "131.159.38.222";
ip6.addr = "2a09:80c0:38::222";
aliases = [ "donna.i" ];
};
retiolum = {
via = internet;
aliases = [ "donna.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAs34lPq8SnVdzMdPkWQMfeM061Yh95wqqGOdGODiyoWdsP0ErRH3/
HjgmB7luMl7MdL3ZKIpZe/IR2OSAL+6HBE/JPIapO2e1DFFEg42AI58lgjrR0yEr
Q59ZeGu+V95l+jC08IUoS9K6SVTkDCVe2b4Akf5oMtHAAG+ELtzh2zrPH6lkrXYd
LvzIWcrmqu1AnmmUiHT1JleCDfSn2m/ev+LcY109lN7LCFA5VL12/EP2FhM3ELHq
j2gAdvD1LAKq4var2MnR0MnKg0k1vMGSgwK+hj0AoLNiYivo8bxoRBNbUb94o4jQ
8xfbYyAFxpxdi/bFDmT1UjkouJ1Y8I8GJwIDAQAB
-----END RSA PUBLIC KEY-----
'';
tinc.pubkey_ed25519 = "8XlFDxQoGq6Fr40PTDyF8GUwP2+YSDp8By0vlKn1OlO";
};
};
};
clara = {
owner = config.krebs.users.mic92;
nets = rec {

View file

@ -74,5 +74,12 @@ in
tinc.pubkey_ed25519 = "YJE4KD9PhDjxucDAGrbec5Yqqf3A8/VU0J0NV8EPXuN";
};
};
rtgraphene = {
nets.wiregrill = {
aliases = [ "graphene.rtunreal.w" ];
ip4.addr = "10.244.20.20";
wireguard.pubkey = "IZ7tnD5ZVqO886hFzk6k92R70p1J6jYvyIEAWUccehU=";
};
};
};
}

13
kartei/trust-gpg.sh Executable file
View file

@ -0,0 +1,13 @@
#!/bin/sh
# usage: $0
set -eu
WD=$(dirname "$(realpath "$0")")
PUBKEYS=
for key in "$WD"/kmein/kmein.gpg "$WD"/lass/pgp/* "$WD"/makefu/pgp/* "$WD"/tv/pgp/*; do
echo "$key" >&2
keyid=$(gpg --with-colons --fingerprint --import-options show-only --import "$key" | grep fpr | cut -d : -f 10 | head -1)
gpg --import "$key" >&2
printf '5\ny\n' | gpg --command-fd 0 --expert --edit-key "$keyid" trust >&2
PUBKEYS="${PUBKEYS}${keyid}\n"
done
printf "$PUBKEYS"

View file

@ -17,11 +17,11 @@
nets = {
internet = {
ip4 = rec {
addr = "188.68.36.196";
addr = "185.162.251.237";
prefix = "${addr}/32";
};
ip6 = rec {
addr = "2a03:4000:13:4c::1";
addr = "2a03:4000:1a:cf::1";
prefix = "${addr}/64";
};
aliases = [

32
kartei/ynnel/default.nix Normal file
View file

@ -0,0 +1,32 @@
{ config, ... }:
let
lib = import ../../lib;
in
{
users.ynnel = {
mail = "retiolum@lenny.ninja";
};
hosts.mokemoke = {
owner = config.krebs.users.ynnel;
nets.retiolum = {
aliases = [ "mokemoke.ynnel.r" ];
ip6.addr = (lib.krebs.genipv6 "retiolum" "ynnel" { hostName = "mokemoke"; }).address;
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA7rS560SZEPcSekW30dRF6ZTHOnb8WvuVgt3BFLRWhTgV5DqLqFa8
fxT2TJci8ogYZtlnSCNKEhxup3wlIrAPLLzu5jL6hx4okfmyARGQqeUn9kD+jmGL
9N9wjGXDp/CVyMIb5mcK2l0mvElvs7ae700GScq+2ASsFTHC/w2w2KoeDtt/UED9
Cjy+kxP7SuzksigIuuA8gncf9FmfRgG31XGctX1H6hUywtq05oVRd5qMHeiI/l4v
jHJSadtlR1FuExMT9l7nRZ98yOLKWhDUym4qmi/3zsnDl38f9gcqlp040McUqfZl
6mclphcthOv6xp7nCbEd58djBU1hrPHJJrk5qL0CGcTwaTBzZFvrV4lklfBFPhVv
dwiagzZDsTvQfXe7UJTSHOKhw+i7a7ok2n+IFhyd+GnQYeOvaBropjYgYDHbZ/u7
d6E1xUVjANLtt2oOYfaH/LlERgucEcQY2qRyMBQXYTwp+d3ThTc+Vs0Lbo08rvFN
y76KXPsH8ptVVFK4DclK0GxI64JpnSmG/BHcU114K7LPNONQBSvE8UyZlMVkuZfc
qwBzyM70tKPoWmoxjBkQcXsK6JgclXohZ0jbMhRV5K4oDocAhEuUtOC5qG4IZo+R
BWc0bxueCaOQFqB6UKcZLgCj6ZhXHpqTSk/8MBevxrbH44I+4oYwQOkCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
tinc.pubkey_ed25519 = "um4yKCJkkBX9pISAa78SttNSqyEPhpCDGfL6FJA0wzK";
};
};
}

View file

@ -12,6 +12,7 @@
<stockholm/krebs/2configs/wiki.nix>
<stockholm/krebs/2configs/acme.nix>
<stockholm/krebs/2configs/mud.nix>
<stockholm/krebs/2configs/repo-sync.nix>
<stockholm/krebs/2configs/cal.nix>
<stockholm/krebs/2configs/mastodon.nix>

View file

@ -38,6 +38,8 @@
hidden = false;
password = "$2a$04$0AtVycWQJ07ymrDdKyAm2un3UVSVIzpzL3wsWbWb3PF95d1CZMcMO";
};
server.max-line-length = 1024;
server.lookup-hostnames = true;
};
};
}

View file

@ -51,6 +51,45 @@ let
};
};
bing = {
pattern = "!bing (.*)$";
activate = "match";
arguments = [1];
timeoutSec = 1337;
command = {
filename = pkgs.writeDash "bing" ''
set -efu
report_error() {
printf '%s' "$*" |
curl -Ss http://p.r --data-binary @- |
tail -1 |
echo "error $(cat)"
exit 0
}
export PATH=${makeBinPath [
pkgs.coreutils
pkgs.curl
pkgs.jq
]}
response=$(printf '%s' "$*" |
curl -SsG http://bing-gpt.r/api/chat --data-urlencode 'prompt@-'
)
if [ "$?" -ne 0 ]; then
report_error "$response"
else
if ! text=$(printf '%s' "$response" | jq -er '.item.messages[1].text'); then
echo "$_from: $(report_error "$response")"
exit 0
fi
printf '%s' "$text" | echo "$_from: $(cat)"
printf '%s' "$response" |
jq -r '[.item.messages[1].sourceAttributions[].seeMoreUrl] | to_entries[] | "[\(.key + 1)]: \(.value)"'
fi
'';
};
};
confuse = {
pattern = "!confuse (.*)$";
activate = "match";
@ -322,6 +361,7 @@ let
}
bedger-add
bedger-balance
bing
hooks.sed
interrogate
say

View file

@ -22,7 +22,6 @@ let
post-receive = pkgs.git-hooks.irc-announce {
channel = "#xxx";
refs = [
"refs/heads/master"
"refs/heads/newest"
"refs/tags/*"
];
@ -37,7 +36,6 @@ let
{
user = with config.krebs.users; [
config.krebs.users."${config.networking.hostName}-repo-sync"
jeschli
lass
makefu
tv
@ -50,7 +48,7 @@ let
konsens-user
];
repo = [ repo ];
perm = push ''refs/heads/master'' [ create merge ];
perm = push "refs/heads/common" [ create merge ];
}
{
user = attrValues config.krebs.users;
@ -61,31 +59,18 @@ let
repos."${name}" = repo;
};
sync-retiolum = {
sync-repo = {
name,
remotes,
desc ? "mirror for ${name}",
section ? "mirror"
}:
{
krebs.repo-sync.repos.${name} = {
branches = {
lassulus = {
origin.url = "http://cgit.lassul.us/${name}";
mirror.url = "${mirror}${name}";
};
makefu = {
origin.url = "http://cgit.gum/${name}";
mirror.url = "${mirror}${name}";
};
nin = {
origin.url = "http://cgit.onondaga.r/${name}";
mirror.url = "${mirror}${name}";
};
tv = {
origin.url = "http://cgit.ni.r/${name}";
mirror.url = "${mirror}${name}";
};
};
branches = (lib.mapAttrs' (user: url: lib.nameValuePair user {
origin.url = url;
mirror.url = "${mirror}${name}";
}) remotes);
latest = {
url = "${mirror}${name}";
ref = "heads/newest";
@ -94,24 +79,6 @@ let
krebs.git = defineRepo { inherit name desc section; };
};
sync-remote = {
name,
url,
desc ? "mirror for ${name}",
section ? "mirror"
}:
{
krebs.repo-sync.repos.${name} = {
branches = {
remote = {
origin.url = url;
mirror.url = "${mirror}${name}";
};
};
};
krebs.git = defineRepo { inherit name desc section; };
};
in {
krebs.git = {
enable = true;
@ -126,7 +93,6 @@ in {
krebs.konsens = {
enable = true;
repos = {
krops = { branchesToCheck = [ "lassulus" "tv" ]; };
stockholm = {};
};
};
@ -137,52 +103,20 @@ in {
};
imports = [
(sync-retiolum { name = "the_playlist"; desc = "Good Music collection + tools"; section = "art"; })
(sync-retiolum { name = "stockholm"; desc = "take all computers hostage, they love it"; section = "configuration"; })
(sync-retiolum { name = "cholerab"; desc = "krebs thesauron & enterprise-patterns"; section = "documentation"; })
(sync-retiolum { name = "buildbot-classic"; desc = "fork of buildbot"; section = "software"; })
(sync-retiolum { name = "disko"; desc = "take a description of your disk layout and produce a format script"; section = "software"; })
(sync-retiolum { name = "news"; desc = "take a rss feed and a timeout and print it to stdout"; section = "software"; })
(sync-retiolum { name = "krops"; desc = "krebs ops"; section = "software"; })
(sync-retiolum { name = "go"; desc = "url shortener"; section = "software"; })
(sync-retiolum { name = "much"; desc = "curses email client"; section = "software"; })
(sync-retiolum { name = "newsbot-js"; desc = "irc rss/atom bot"; section = "software"; })
(sync-retiolum { name = "nix-writers"; desc = "high level writers for nix"; section = "software"; })
(sync-retiolum { name = "cac-api"; desc = "CloudAtCost API command line interface"; section = "miscellaneous"; })
(sync-retiolum { name = "dic"; desc = "dict.leo.org command line interface"; section = "miscellaneous"; })
(sync-retiolum { name = "get"; section = "miscellaneous"; })
(sync-retiolum { name = "hstool"; desc = "Haskell Development Environment ^_^"; section = "miscellaneous"; })
(sync-retiolum { name = "htgen"; desc = "toy HTTP server"; section = "miscellaneous"; })
(sync-retiolum { name = "kirk"; desc = "IRC tools"; section = "miscellaneous"; })
(sync-retiolum { name = "load-env"; section = "miscellaneous"; })
(sync-retiolum { name = "loldns"; desc = "toy DNS server"; section = "miscellaneous"; })
(sync-retiolum { name = "netcup"; desc = "netcup command line interface"; section = "miscellaneous"; })
(sync-retiolum { name = "populate"; desc = "source code installer"; section = "miscellaneous"; })
(sync-retiolum { name = "q"; section = "miscellaneous"; })
(sync-retiolum { name = "regfish"; section = "miscellaneous"; })
(sync-retiolum { name = "soundcloud"; desc = "SoundCloud command line interface"; section = "miscellaneous"; })
(sync-retiolum { name = "blessings"; section = "Haskell libraries"; })
(sync-retiolum { name = "mime"; section = "Haskell libraries"; })
(sync-retiolum { name = "quipper"; section = "Haskell libraries"; })
(sync-retiolum { name = "scanner"; section = "Haskell libraries"; })
(sync-retiolum { name = "wai-middleware-time"; section = "Haskell libraries"; })
(sync-retiolum { name = "web-routes-wai-custom"; section = "Haskell libraries"; })
(sync-retiolum { name = "xintmap"; section = "Haskell libraries"; })
(sync-retiolum { name = "xmonad-stockholm"; desc = "krebs xmonad modules"; section = "Haskell libraries"; })
(sync-remote { name = "array"; url = "https://github.com/makefu/array"; })
(sync-remote { name = "email-header"; url = "https://github.com/4z3/email-header"; })
(sync-remote { name = "mycube-flask"; url = "https://github.com/makefu/mycube-flask"; })
(sync-remote { name = "reaktor-titlebot"; url = "https://github.com/makefu/reaktor-titlebot"; })
(sync-remote { name = "repo-sync"; url = "https://github.com/makefu/repo-sync"; })
(sync-remote { name = "skytraq-datalogger"; url = "https://github.com/makefu/skytraq-datalogger"; })
(sync-remote { name = "realwallpaper"; url = "https://github.com/lassulus/realwallpaper"; })
(sync-remote { name = "painload"; url = "https://github.com/krebs/painload"; })
(sync-remote { name = "nixos-wiki"; url = "https://github.com/Mic92/nixos-wiki.wiki.git"; })
(sync-repo {
name = "stockholm";
desc = "take all computers hostage, they love it";
section = "configuration";
remotes = {
makefu = "http://cgit.gum.r/stockholm";
tv = "http://cgit.ni.r/stockholm";
lassulus = "http://cgit.orange.r/stockholm";
};
})
({ krebs.git = defineRepo {
name = "krops";
desc = "deployment tools";
section = "deployment";
};})
];
}

View file

@ -39,10 +39,13 @@ let
};
imp = {
users.groups.konsens.gid = genid "konsens";
users.users.konsens = rec {
name = "konsens";
group = "konsens";
uid = genid name;
home = "/var/lib/konsens";
isSystemUser = true;
createHome = true;
};

View file

@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
"rev": "19cf008bb18e47b6e3b4e16e32a9a4bdd4b45f7e",
"date": "2023-03-21T23:16:58+01:00",
"path": "/nix/store/rg3f6v4f7mba0kqnhiarj7yg6066cc5v-nixpkgs",
"sha256": "0myq7fnykna5qazbk6hdgahy148yd7f5l8nrxhzllj67y86a5sxw",
"rev": "645bc49f34fa8eff95479f0345ff57e55b53437e",
"date": "2023-04-19T18:04:47+02:00",
"path": "/nix/store/jh86824939585dinrs1zlkh6cvz8l8l7-nixpkgs",
"sha256": "0kfndc7xdkm89yl0f27wdnwd6gdad3i49jx7gvaib1hz0ifpmxzv",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,

View file

@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
"rev": "e2c97799da5f5cd87adfa5017fba971771e123ef",
"date": "2023-03-20T14:29:52+01:00",
"path": "/nix/store/vxca9w313d1bzw9dx4yaw8c0vrqjxa0p-nixpkgs",
"sha256": "0qff1r8k0m19z1ppzb8gk5xrnlvabjdl3pqwpc3y5bm15qxzk25s",
"rev": "fd901ef4bf93499374c5af385b2943f5801c0833",
"date": "2023-04-22T11:27:49+08:00",
"path": "/nix/store/gpfv5hbki6g1b63nqw7md5bjlcpzsz1w-nixpkgs",
"sha256": "1fd7xyfna0klfbv37qq1ms2j4gzjpy14a8vbnw1i8ix6fijkywjf",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,

View file

@ -87,7 +87,6 @@
# textsize
services.xserver.dpi = 200;
hardware.video.hidpi.enable = lib.mkDefault true;
# corectrl
programs.corectrl = {

View file

@ -4,6 +4,7 @@
imports = [
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/gsm-wiki.nix>
# sync-containers
<stockholm/lass/2configs/consul.nix>

View file

@ -127,6 +127,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/exim-smarthost.nix>
<stockholm/lass/2configs/privoxy-retiolum.nix>
<stockholm/lass/2configs/binary-cache/server.nix>
<stockholm/lass/2configs/binary-cache/proxy.nix>
<stockholm/lass/2configs/iodined.nix>
<stockholm/lass/2configs/paste.nix>
<stockholm/lass/2configs/syncthing.nix>

View file

@ -4,6 +4,7 @@
nix = {
binaryCaches = [
"http://cache.prism.r"
"http://cache.neoprism.r"
"https://cache.nixos.org/"
];
binaryCachePublicKeys = [

View file

@ -0,0 +1,13 @@
{ config, lib, pkgs, ...}:
{
services.nginx = {
enable = true;
virtualHosts."cache.krebsco.de" = {
enableACME = true;
forceSSL = true;
locations."/".extraConfig = ''
proxy_pass http://cache.neoprism.r/;
'';
};
};
}

View file

@ -14,7 +14,7 @@
services.nginx = {
enable = true;
virtualHosts.nix-serve = {
serverAliases = [ "cache.prism.r" ];
serverAliases = [ "cache.${config.networking.hostName}.r" ];
locations."/".extraConfig = ''
proxy_pass http://localhost:${toString config.services.nix-serve.port};
'';
@ -26,14 +26,6 @@
''};
'';
};
virtualHosts."cache.krebsco.de" = {
forceSSL = true;
serverAliases = [ "cache.lassul.us" ];
enableACME = true;
locations."/".extraConfig = ''
proxy_pass http://localhost:${toString config.services.nix-serve.port};
'';
};
};
}

View file

@ -0,0 +1,26 @@
{ config, lib, pkgs, ... }:
{
services.nginx.virtualHosts."docs.c3gsm.de" = {
forceSSL = true;
enableACME = true;
locations."/".extraConfig = ''
auth_basic "Restricted Content";
auth_basic_user_file ${pkgs.writeText "flix-user-pass" ''
c3gsm:$apr1$q9OrPI4C$7AY4EIp3J2Xc4eLMbPGE21
''};
root /srv/http/docs.c3gsm.de;
'';
};
users.users.c3gsm-docs = {
isNormalUser = true;
home = "/srv/http/docs.c3gsm.de";
createHome = true;
homeMode = "750";
useDefaultShell = true;
group = "nginx";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAlW1fvCrVXhVH/z76fXBWYR/qyecYTE9VOOkFLJ6OwG user@osmocom-dev"
];
};
}

View file

@ -80,26 +80,26 @@ in {
};
systemd.services.mumble-reminder-nixos = {
description = "weekly reminder for nixos mumble";
startAt = "Thu *-*-* 17:00:00 Europe/Berlin";
startAt = "Wed *-*-* 19:00:00 Europe/Berlin";
serviceConfig = {
ExecStart = pkgs.writers.writeDash "mumble_reminder" ''
animals='
${animals}
'
${write_to_irc "#nixos"} "Es ist Donnerstag meine $(echo "$animals" | grep -v '^$' | shuf -n1 )!"
${write_to_irc "#nixos"} "Es ist Mittwoch meine $(echo "$animals" | grep -v '^$' | shuf -n1 )!"
${write_to_irc "#nixos"} "kommt auf mumble://lassul.us"
'';
};
};
systemd.services.mumble-reminder-krebs = {
description = "weekly reminder for nixos mumble";
startAt = "Thu *-*-* 19:00:00 Europe/Berlin";
startAt = "Wed *-*-* 19:00:00 Europe/Berlin";
serviceConfig = {
ExecStart = pkgs.writers.writeDash "mumble_reminder" ''
animals='
${animals}
'
${write_to_irc "#krebs"} "Es ist Donnerstag meine $(echo "$animals" | grep -v '^$' | shuf -n1 )!"
${write_to_irc "#krebs"} "Es ist Mittwoch meine $(echo "$animals" | grep -v '^$' | shuf -n1 )!"
${write_to_irc "#krebs"} "$(cat /var/lib/reaktor2-mumble-reminder/users | ${pkgs.findutils}/bin/xargs echo) : mumble?"
'';
};