From 478ccdaac7bcb6171919726317e809faa1aae8f0 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 15 Mar 2021 01:00:53 +0100
Subject: [PATCH 01/29] lib.haskell.substitutePkgs: init
---
lib/default.nix | 1 +
lib/haskell.nix | 51 +++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 52 insertions(+)
create mode 100644 lib/haskell.nix
diff --git a/lib/default.nix b/lib/default.nix
index 4190f8f5f..738e52186 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -5,6 +5,7 @@ let
evalSource = import ./eval-source.nix;
git = import ./git.nix { inherit lib; };
+ haskell = import ./haskell.nix { inherit lib; };
krebs = import ./krebs lib;
krops = import ../submodules/krops/lib;
shell = import ./shell.nix { inherit lib; };
diff --git a/lib/haskell.nix b/lib/haskell.nix
new file mode 100644
index 000000000..b1889caf0
--- /dev/null
+++ b/lib/haskell.nix
@@ -0,0 +1,51 @@
+{ lib }:
+
+with builtins;
+
+rec {
+
+ # Derive a file by substituting
+ # "${pkgs.foo}/bin/foo" for each {-pkg-}"foo", and
+ # "${pkgs.bar}/bin/foo" for each {-pkg:bar-}"foo".
+ # If a package doesn't exist, a warning gets printed.
+ substitutePkgs = name: { callsite ? null, pkgs, path }:
+ pkgs.writeText name (substitutePkgs' {
+ inherit pkgs;
+ sourceDescription =
+ if callsite != null then
+ "${name} in ${toString callsite}"
+ else
+ "${name} from ${toString path}";
+ text = readFile path;
+ });
+
+ substitutePkgs' = { pkgs, sourceDescription, text }:
+ let
+ f = s:
+ let
+ parse = match "(.*)([{]-pkg(:([^}]+))?-[}]\"([^\"]+)\")(.*)" s;
+ prefix = elemAt parse 0;
+ pname = if elemAt parse 3 != null then elemAt parse 3 else exename;
+ exename = elemAt parse 4;
+ suffix = elemAt parse 5;
+ pkg = pkgs.${pname} or null;
+
+ substitute =
+ if pkg != null then
+ "${pkg}/bin/${exename}"
+ else
+ trace (toString [
+ "lib.haskell.replacePkg:"
+ "warning:"
+ "while deriving ${sourceDescription}:"
+ "no substitute found for ${elemAt parse 1}"
+ ])
+ exename;
+ in
+ if parse == null then
+ s
+ else
+ f (prefix + toJSON substitute + suffix);
+ in
+ f text;
+}
From 2251d5cb566224f7102fcf7e77c2c2c81088a0c5 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 14 Mar 2021 23:44:08 +0100
Subject: [PATCH 02/29] tv xmonad: replace Paths by {-pkg-}
---
.../haskell/xmonad-tv/src/Helpers/Path.hs | 15 --------
tv/5pkgs/haskell/xmonad-tv/src/Paths.hs | 37 -------------------
tv/5pkgs/haskell/xmonad-tv/src/main.hs | 31 ++++++++--------
.../haskell/xmonad-tv/src/xmonad-tv.cabal | 2 -
4 files changed, 15 insertions(+), 70 deletions(-)
delete mode 100644 tv/5pkgs/haskell/xmonad-tv/src/Helpers/Path.hs
delete mode 100644 tv/5pkgs/haskell/xmonad-tv/src/Paths.hs
diff --git a/tv/5pkgs/haskell/xmonad-tv/src/Helpers/Path.hs b/tv/5pkgs/haskell/xmonad-tv/src/Helpers/Path.hs
deleted file mode 100644
index 1029d60be..000000000
--- a/tv/5pkgs/haskell/xmonad-tv/src/Helpers/Path.hs
+++ /dev/null
@@ -1,15 +0,0 @@
-module Helpers.Path where
-
-import qualified Data.List
-import qualified System.Directory
-import qualified System.IO.Unsafe
-
-
-findExecutable :: String -> FilePath
-findExecutable =
- System.IO.Unsafe.unsafePerformIO . find
- where
- find name =
- maybe failure id <$> System.Directory.findExecutable name
- where
- failure = error (Data.List.intercalate " " [name, "not found"])
diff --git a/tv/5pkgs/haskell/xmonad-tv/src/Paths.hs b/tv/5pkgs/haskell/xmonad-tv/src/Paths.hs
deleted file mode 100644
index 2569b60c3..000000000
--- a/tv/5pkgs/haskell/xmonad-tv/src/Paths.hs
+++ /dev/null
@@ -1,37 +0,0 @@
-module Paths where
-
-import Helpers.Path
-
-
-flameshot :: FilePath
-flameshot = findExecutable "flameshot-once"
-
-otpmenu :: FilePath
-otpmenu = findExecutable "otpmenu"
-
-pactl :: FilePath
-pactl = findExecutable "pactl"
-
-passmenu :: FilePath
-passmenu = findExecutable "passmenu"
-
-pavucontrol :: FilePath
-pavucontrol = findExecutable "pavucontrol"
-
-slock :: FilePath
-slock = findExecutable "slock"
-
-su :: FilePath
-su = findExecutable "su"
-
-urxvtc :: FilePath
-urxvtc = findExecutable "urxvtc"
-
-xcalib :: FilePath
-xcalib = findExecutable "xcalib"
-
-xdpychvt :: FilePath
-xdpychvt = findExecutable "xdpychvt"
-
-xterm :: FilePath
-xterm = findExecutable "xterm"
diff --git a/tv/5pkgs/haskell/xmonad-tv/src/main.hs b/tv/5pkgs/haskell/xmonad-tv/src/main.hs
index 48127a594..e720981a7 100644
--- a/tv/5pkgs/haskell/xmonad-tv/src/main.hs
+++ b/tv/5pkgs/haskell/xmonad-tv/src/main.hs
@@ -34,7 +34,6 @@ import XMonad.Actions.PerWorkspaceKeys (chooseAction)
import XMonad.Stockholm.Pager
import XMonad.Stockholm.Shutdown
-import qualified Paths
import THEnv.JSON (getCompileEnvJSONExp)
@@ -72,7 +71,7 @@ mainNoArgs = do
launch
$ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
$ def
- { terminal = Paths.urxvtc
+ { terminal = {-pkg:rxvt_unicode-}"urxvtc"
, modMask = mod4Mask
, keys = myKeys
, workspaces = workspaces0
@@ -122,14 +121,14 @@ displaySomeException = displayException
forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X ()
forkFile path args env =
- xfork (executeFile path False args env) >> return ()
+ xfork (executeFile path True args env) >> return ()
spawnRootTerm :: X ()
spawnRootTerm =
forkFile
- Paths.urxvtc
- ["-name", "root-urxvt", "-e", Paths.su, "-"]
+ {-pkg:rxvt_unicode-}"urxvtc"
+ ["-name", "root-urxvt", "-e", "/run/wrappers/bin/su", "-"]
Nothing
@@ -137,16 +136,16 @@ spawnTermAt :: String -> X ()
spawnTermAt ws = do
env <- io getEnvironment
let env' = ("XMONAD_SPAWN_WORKSPACE", ws) : env
- forkFile Paths.urxvtc [] (Just env')
+ forkFile {-pkg:rxvt_unicode-}"urxvtc" [] (Just env')
myKeys :: XConfig Layout -> Map (KeyMask, KeySym) (X ())
myKeys conf = Map.fromList $
- [ ((_4 , xK_Escape ), forkFile Paths.slock [] Nothing)
+ [ ((_4 , xK_Escape ), forkFile {-pkg-}"slock" [] Nothing)
, ((_4S , xK_c ), kill)
- , ((_4 , xK_o ), forkFile Paths.otpmenu [] Nothing)
- , ((_4 , xK_p ), forkFile Paths.passmenu [] Nothing)
+ , ((_4 , xK_o ), forkFile {-pkg:fzmenu-}"otpmenu" [] Nothing)
+ , ((_4 , xK_p ), forkFile {-pkg:fzmenu-}"passmenu" [] Nothing)
, ((_4 , xK_x ), chooseAction spawnTermAt)
, ((_4C , xK_x ), spawnRootTerm)
@@ -188,12 +187,12 @@ myKeys conf = Map.fromList $
, ((0, xF86XK_AudioMute), audioMute)
, ((_4, xF86XK_AudioMute), pavucontrol [])
- , ((_4, xK_Prior), forkFile Paths.xcalib ["-invert", "-alter"] Nothing)
+ , ((_4, xK_Prior), forkFile {-pkg-}"xcalib" ["-invert", "-alter"] Nothing)
- , ((0, xK_Print), forkFile Paths.flameshot [] Nothing)
+ , ((0, xK_Print), forkFile {-pkg-}"flameshot" [] Nothing)
- , ((_C, xF86XK_Forward), forkFile Paths.xdpychvt ["next"] Nothing)
- , ((_C, xF86XK_Back), forkFile Paths.xdpychvt ["prev"] Nothing)
+ , ((_C, xF86XK_Forward), forkFile {-pkg:xdpytools-}"xdpychvt" ["next"] Nothing)
+ , ((_C, xF86XK_Back), forkFile {-pkg:xdpytools-}"xdpychvt" ["prev"] Nothing)
]
where
_4 = mod4Mask
@@ -206,8 +205,8 @@ myKeys conf = Map.fromList $
_4CM = _4 .|. _C .|. _M
_4SM = _4 .|. _S .|. _M
- pactl args = forkFile Paths.pactl args Nothing
- pavucontrol args = forkFile Paths.pavucontrol args Nothing
+ pactl args = forkFile {-pkg:pulseaudio-}"pactl" args Nothing
+ pavucontrol args = forkFile {-pkg-}"pavucontrol" args Nothing
audioLowerVolume = pactl ["--", "set-sink-volume", "@DEFAULT_SINK@", "-5%"]
audioRaiseVolume = pactl ["--", "set-sink-volume", "@DEFAULT_SINK@", "+5%"]
@@ -222,7 +221,7 @@ myKeys conf = Map.fromList $
xdeny :: X ()
xdeny =
forkFile
- Paths.xterm
+ {-pkg-}"xterm"
[ "-fn", myFont
, "-geometry", "300x100"
, "-name", "AlertFloat"
diff --git a/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal b/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal
index d07e2b159..f3bd2e0ab 100644
--- a/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal
+++ b/tv/5pkgs/haskell/xmonad-tv/src/xmonad-tv.cabal
@@ -23,8 +23,6 @@ executable xmonad
xmonad-contrib,
xmonad-stockholm
other-modules:
- Helpers.Path,
- Paths,
THEnv.JSON
default-language: Haskell2010
ghc-options: -O2 -Wall -threaded
From f956b05cf1fbafd022fe2f0199e9524cd6efbe85 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 15 Mar 2021 02:05:37 +0100
Subject: [PATCH 03/29] tv pulse: add au sink
---
tv/2configs/pulse.nix | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/tv/2configs/pulse.nix b/tv/2configs/pulse.nix
index ea3970152..79c31e9ec 100644
--- a/tv/2configs/pulse.nix
+++ b/tv/2configs/pulse.nix
@@ -43,6 +43,21 @@ let
"auth-anonymous=1"
"socket=${runDir}/socket"
]}
+ ${lib.optionalString (config.krebs.build.host.name == "au") ''
+ load-module ${toString [
+ "module-native-protocol-tcp"
+ "auth-ip-acl=127.0.0.1;10.23.1.0/24"
+ ]}
+ ''}
+ ${lib.optionalString (config.krebs.build.host.name != "au") ''
+ load-module ${toString [
+ "module-tunnel-sink-new"
+ "server=au.hkw"
+ "sink_name=au"
+ "channels=2"
+ "rate=44100"
+ ]}
+ ''}
'';
in
From 4604f0735a5bf32be84bff1fa0e8a731c2846894 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 23 Mar 2021 21:34:42 +0100
Subject: [PATCH 04/29] nixpkgs: 36e15cd -> f8929dc
---
krebs/nixpkgs.json | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 837782ff6..511ad997f 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "36e15cd6e7d55ba143caf3dc930467ace573d85c",
- "date": "2021-03-16T08:18:29+01:00",
- "path": "/nix/store/rsh8kmy9jiwdhsm390zw0mq1p256xzrk-nixpkgs",
- "sha256": "15dwscz9s71n6hn1wml95il8hl8aza16jj9qwywps8bsdamgymfq",
+ "rev": "f8929dce13e729357f31d5b2950cbb097744bed7",
+ "date": "2021-03-22T08:08:59+01:00",
+ "path": "/nix/store/jyxnsbp9hf1fai4n2qqnqci6v7lhss5b-nixpkgs",
+ "sha256": "06ikqdb5038vkkyx4hi5lw4gksjjndjg7mz0spawnb1gpzhqkavs",
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false
From 8dca12ef863211e748e91b8278c5fc2b2fc617d4 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 23 Mar 2021 21:35:19 +0100
Subject: [PATCH 05/29] nixpkgs-unstable: 266dc8c -> f5e8bdd
---
krebs/nixpkgs-unstable.json | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index c0ffcf3e3..b030068a1 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "266dc8c3d052f549826ba246d06787a219533b8f",
- "date": "2021-03-15T09:37:03+01:00",
- "path": "/nix/store/dkim3k1b5bdga370xpw0r52w0ac5y3fn-nixpkgs",
- "sha256": "09ydqx2lznixmw8z4cfz1j3k137mh8n3cdpygwqymknhfdjq7lg4",
+ "rev": "f5e8bdd07d1afaabf6b37afc5497b1e498b8046f",
+ "date": "2021-03-19T18:17:44+01:00",
+ "path": "/nix/store/c3kh19xrsg4h6siis2dlbn6wiqx45xwq-nixpkgs",
+ "sha256": "1fmwkb2wjfrpx8fis4x457vslam0x8vqlpfwqii6p9vm33dyxhzk",
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false
From 47053abcf002230ef029579637df747588b36eca Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 25 Mar 2021 19:24:13 +0100
Subject: [PATCH 06/29] nixpkgs: f8929dc -> d395190
---
krebs/nixpkgs.json | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 511ad997f..77b88160b 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "f8929dce13e729357f31d5b2950cbb097744bed7",
- "date": "2021-03-22T08:08:59+01:00",
- "path": "/nix/store/jyxnsbp9hf1fai4n2qqnqci6v7lhss5b-nixpkgs",
- "sha256": "06ikqdb5038vkkyx4hi5lw4gksjjndjg7mz0spawnb1gpzhqkavs",
+ "rev": "d395190b24b27a65588f4539c423d9807ad8d4e7",
+ "date": "2021-03-24T17:35:36-06:00",
+ "path": "/nix/store/gdzjw6k680vcilvnpdhv93qxkzkl05qy-nixpkgs",
+ "sha256": "0r1kj8gf97z9ydh36vmgrar1q4l9ggaqiygxjvp8jmr1948y0nh2",
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false
From 0dd98b9bc1829a9b8ab3f49c08bdbd351d6394e8 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 25 Mar 2021 19:25:08 +0100
Subject: [PATCH 07/29] nixpkgs-unstable: f5e8bdd -> d3f7e96
---
krebs/nixpkgs-unstable.json | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index b030068a1..03b6495cf 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "f5e8bdd07d1afaabf6b37afc5497b1e498b8046f",
- "date": "2021-03-19T18:17:44+01:00",
- "path": "/nix/store/c3kh19xrsg4h6siis2dlbn6wiqx45xwq-nixpkgs",
- "sha256": "1fmwkb2wjfrpx8fis4x457vslam0x8vqlpfwqii6p9vm33dyxhzk",
+ "rev": "d3f7e969b9860fb80750147aeb56dab1c730e756",
+ "date": "2021-03-23T19:22:30+00:00",
+ "path": "/nix/store/a5rldwc8gmwd0j9x86xmwszrd8wcbad3-nixpkgs",
+ "sha256": "13z5lsgfgpw2wisglicy7krjrhypcc2y7krzxn54ybcninyiwhsn",
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false
From ef87e5e38876c3122f7b4ac95af8f57008eee777 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 26 Mar 2021 20:04:10 +0100
Subject: [PATCH 08/29] news: don't sync shortened links
---
krebs/1systems/news/config.nix | 7 -------
1 file changed, 7 deletions(-)
diff --git a/krebs/1systems/news/config.nix b/krebs/1systems/news/config.nix
index 5c4b37aef..79946dad7 100644
--- a/krebs/1systems/news/config.nix
+++ b/krebs/1systems/news/config.nix
@@ -18,13 +18,6 @@
boot.isContainer = true;
networking.useDHCP = false;
krebs.bindfs = {
- "/var/lib/htgen-go" = {
- source = "/var/state/htgen-go";
- options = [
- "-m ${toString config.users.users.htgen-go.uid}"
- ];
- clearTarget = true;
- };
"/var/lib/brockman" = {
source = "/var/state/brockman";
options = [
From 0a6b7de9b8a7cb7265f5d024617e49c746cc3d98 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 26 Mar 2021 20:04:35 +0100
Subject: [PATCH 09/29] ircd: allow msg without join
---
krebs/2configs/ircd.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix
index 0de07a027..3ef2e7d2b 100644
--- a/krebs/2configs/ircd.nix
+++ b/krebs/2configs/ircd.nix
@@ -87,6 +87,7 @@
};
channel {
+ autochanmodes = "+t";
use_invex = yes;
use_except = yes;
use_forward = yes;
From 8a02c7858c9958fce1173801cb5839306a87eae2 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 26 Mar 2021 20:06:56 +0100
Subject: [PATCH 10/29] news: add /api brockman
---
krebs/2configs/news.nix | 29 ++++++++++++++++++++++++++++-
1 file changed, 28 insertions(+), 1 deletion(-)
diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
index 410beb041..2da3e6fcc 100644
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@@ -15,6 +15,16 @@
serverAliases = [
"news.r"
];
+ locations."/api".extraConfig = ''
+ proxy_pass http://127.0.0.1:7777/;
+ proxy_pass_header Server;
+ '';
+ locations."= /graph.html".extraConfig = ''
+ alias ${pkgs.fetchurl {
+ url = "https://raw.githubusercontent.com/kmein/brockman/05d33c8caaaf6255752f9600981974bb58390851/tools/graph.html";
+ sha256 = "0iw2vdzj6kzkix1c447ybmc953lns6z4ap6sr9pcib8bany4g43w";
+ }};
+ '';
locations."/".extraConfig = ''
root /var/lib/brockman;
index brockman.json;
@@ -27,6 +37,7 @@
};
systemd.tmpfiles.rules = [
"d /var/lib/brockman 1750 brockman nginx -"
+ "d /run/irc-api 1750 brockman nginx -"
];
systemd.services.brockman-graph = {
@@ -67,12 +78,28 @@
shortener = "http://go.r";
controller = {
nick = "brockman";
- channels = [ "#all" ];
+ extraChannels = [ "#all" ];
};
bots = {};
};
};
+ krebs.reaktor2.api = {
+ hostname = "localhost";
+ port = "6667";
+ nick = "api";
+ API.listen = "inet://127.0.0.1:7777";
+ plugins = [
+ {
+ plugin = "register";
+ config = {
+ channels = [
+ "#all"
+ ];
+ };
+ }
+ ];
+ };
krebs.reaktor2.news = let
name = "candyman";
in {
From d97edee14c0db81f18ce901b4c63a863f7716887 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 26 Mar 2021 20:07:43 +0100
Subject: [PATCH 11/29] syncthing: configure key, cert & max_user_watches
---
krebs/2configs/syncthing.nix | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/krebs/2configs/syncthing.nix b/krebs/2configs/syncthing.nix
index 31e33ad5e..125e2aea4 100644
--- a/krebs/2configs/syncthing.nix
+++ b/krebs/2configs/syncthing.nix
@@ -10,6 +10,10 @@ in {
configDir = "/var/lib/syncthing";
declarative = {
devices = mk_peers used_peers;
+ key = toString <secrets/syncthing.key>;
+ cert = toString <secrets/syncthing.cert>;
};
};
+
+ boot.kernel.sysctl."fs.inotify.max_user_watches" = 524288;
}
From 1f400a45b5b677eb1de12144ed0af1c23bee87c0 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 26 Mar 2021 20:08:15 +0100
Subject: [PATCH 12/29] puyak.r: add syncthing id
---
krebs/3modules/krebs/default.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index 8c164cfe3..656ea772f 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -177,6 +177,7 @@ in {
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpVwKv9mQGfcn5oFwuitq+b6Dz4jBG9sGhVoCYFw5RY";
+ syncthing.id = "DK5CEE2-PNUXYCE-Q42H2HP-623GART-B7KS4VK-HU2RBGQ-EK6QPUP-HUL3PAR";
};
wolf = {
ci = true;
From bb7fded7458610db538f35af294fb8eb52a85486 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 26 Mar 2021 20:08:55 +0100
Subject: [PATCH 13/29] sync-containers: fix activationScript name
---
krebs/3modules/sync-containers.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/3modules/sync-containers.nix b/krebs/3modules/sync-containers.nix
index d31022d3a..fcfaf1dd0 100644
--- a/krebs/3modules/sync-containers.nix
+++ b/krebs/3modules/sync-containers.nix
@@ -93,7 +93,7 @@ in {
config = mkIf (cfg.containers != {}) {
programs.fuse.userAllowOther = true;
# allow syncthing to enter /var/lib/containers
- system.activationScripts.syncthing-home = ''
+ system.activationScripts.containers-enter = mkDefault ''
${pkgs.coreutils}/bin/chmod a+x /var/lib/containers
'';
From 55c348834bdb548cc01959f27aeb1d9ac8fd5670 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 26 Mar 2021 20:10:37 +0100
Subject: [PATCH 14/29] news-host: sync also with puyak.r
---
krebs/2configs/news-host.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/krebs/2configs/news-host.nix b/krebs/2configs/news-host.nix
index 82360a670..b7728986f 100644
--- a/krebs/2configs/news-host.nix
+++ b/krebs/2configs/news-host.nix
@@ -4,6 +4,7 @@
"shodan"
"mors"
"styx"
+ "puyak"
];
hostIp = "10.233.2.101";
localIp = "10.233.2.102";
From 7bfa242064e8a36a0568143fb66f46cd401cc734 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 26 Mar 2021 20:11:21 +0100
Subject: [PATCH 15/29] container-networking: configure nat for containers
---
krebs/2configs/container-networking.nix | 7 +++++++
1 file changed, 7 insertions(+)
create mode 100644 krebs/2configs/container-networking.nix
diff --git a/krebs/2configs/container-networking.nix b/krebs/2configs/container-networking.nix
new file mode 100644
index 000000000..fa4488800
--- /dev/null
+++ b/krebs/2configs/container-networking.nix
@@ -0,0 +1,7 @@
+{ lib, ... }:
+{
+ networking.nat.enable = true;
+ networking.nat.internalInterfaces = ["ve-+"];
+ networking.nat.externalInterface = lib.mkDefault "et0";
+ networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
+}
From 2ae7cb819e60e13f3184b153fcfba32c3f6bd69f Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 26 Mar 2021 20:11:51 +0100
Subject: [PATCH 16/29] puyak.r: add news.r as container
---
krebs/1systems/puyak/config.nix | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index 1e0687ba7..2f122f6ff 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -19,6 +19,12 @@
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/binary-cache/prism.nix>
+ ## news host
+
+ <stockholm/krebs/2configs/container-networking.nix>
+ <stockholm/krebs/2configs/syncthing.nix>
+ <stockholm/krebs/2configs/news-host.nix>
+
### shackspace ###
# handle the worlddomination map via coap
<stockholm/krebs/2configs/shack/worlddomination.nix>
From f5a04ffc57a27113b26d20b8600169ba048e8cb0 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 26 Mar 2021 20:12:08 +0100
Subject: [PATCH 17/29] puyak.r: enable firewall
---
krebs/1systems/puyak/net.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/1systems/puyak/net.nix b/krebs/1systems/puyak/net.nix
index 8dab11e16..c535e51aa 100644
--- a/krebs/1systems/puyak/net.nix
+++ b/krebs/1systems/puyak/net.nix
@@ -8,7 +8,7 @@ in {
SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:07:b9:14", NAME="${ext-if}"
'';
networking = {
- firewall.enable = false;
+ firewall.enable = true;
firewall.allowedTCPPorts = [ 8088 8086 8083 5901 ];
interfaces."${ext-if}".ipv4.addresses = [
{
From 9af05495541b4f5fc3651195e8620cce7a0ab500 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 26 Mar 2021 20:41:01 +0100
Subject: [PATCH 18/29] l syncthing: remove duplicate definitions
---
lass/2configs/syncthing.nix | 6 ------
1 file changed, 6 deletions(-)
diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix
index 7801c758c..7b8850681 100644
--- a/lass/2configs/syncthing.nix
+++ b/lass/2configs/syncthing.nix
@@ -3,10 +3,6 @@
imports = [ <stockholm/krebs/2configs/syncthing.nix> ];
services.syncthing = {
group = "syncthing";
- declarative = {
- key = toString <secrets/syncthing.key>;
- cert = toString <secrets/syncthing.cert>;
- };
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 22000"; target = "ACCEPT";}
@@ -16,6 +12,4 @@
system.activationScripts.syncthing-home = mkDefault ''
${pkgs.coreutils}/bin/chmod a+x /home/lass
'';
-
- boot.kernel.sysctl."fs.inotify.max_user_watches" = 524288;
}
From c1bda245e733f191ce98fda5810954f7a784efb6 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 26 Mar 2021 20:42:24 +0100
Subject: [PATCH 19/29] puyak.r: open 80 & 443
---
krebs/1systems/puyak/net.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/1systems/puyak/net.nix b/krebs/1systems/puyak/net.nix
index c535e51aa..a46a24952 100644
--- a/krebs/1systems/puyak/net.nix
+++ b/krebs/1systems/puyak/net.nix
@@ -9,7 +9,7 @@ in {
'';
networking = {
firewall.enable = true;
- firewall.allowedTCPPorts = [ 8088 8086 8083 5901 ];
+ firewall.allowedTCPPorts = [ 80 443 8088 8086 8083 5901 ];
interfaces."${ext-if}".ipv4.addresses = [
{
address = shack-ip;
From 7081f38b0720cfa3f1aeb647f7ea187c4e23abdc Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 27 Mar 2021 18:17:46 +0100
Subject: [PATCH 20/29] l hass: remove redundant dwdfsapi
---
lass/2configs/hass/default.nix | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/lass/2configs/hass/default.nix b/lass/2configs/hass/default.nix
index 7765db84e..be9c32809 100644
--- a/lass/2configs/hass/default.nix
+++ b/lass/2configs/hass/default.nix
@@ -43,11 +43,9 @@ in {
services.home-assistant = {
enable = true;
- package = (unstable.home-assistant.overrideAttrs (old: {
+ package = unstable.home-assistant.overrideAttrs (old: {
doInstallCheck = false;
- })).override {
- extraPackages = _: [ dwdwfsapi ];
- };
+ });
configWritable = true;
lovelaceConfigWritable = true;
config = let
From fb8be42554568646a6bf6fae3b077b7eec1a52e5 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 30 Mar 2021 19:33:36 +0200
Subject: [PATCH 21/29] recht: init
---
krebs/5pkgs/haskell/recht.nix | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
create mode 100644 krebs/5pkgs/haskell/recht.nix
diff --git a/krebs/5pkgs/haskell/recht.nix b/krebs/5pkgs/haskell/recht.nix
new file mode 100644
index 000000000..c98000564
--- /dev/null
+++ b/krebs/5pkgs/haskell/recht.nix
@@ -0,0 +1,24 @@
+{ mkDerivation, async, base, blessings, data-default, directory
+, filepath, optparse-generic, pandoc, random, regex-tdfa, safe
+, scalpel, stdenv, text
+, fetchFromGitHub
+}:
+mkDerivation rec {
+ pname = "recht";
+ version = "0.1.0";
+ src = fetchFromGitHub {
+ owner = "kmein";
+ repo = "recht";
+ rev = "e3ed36e969cca138e6fc8199b0234d4fe36b663d";
+ sha256 = "1cbdahjrhcx9jwmkncal04ss6rb2bf1ikyfxwvy6ngazfmj1d9f2";
+
+ };
+ isLibrary = false;
+ isExecutable = true;
+ executableHaskellDepends = [
+ async base blessings data-default directory filepath
+ optparse-generic pandoc random regex-tdfa safe scalpel text
+ ];
+ license = "unknown";
+ hydraPlatforms = stdenv.lib.platforms.none;
+}
From ca40599161ccecb05d855ad63af6800584ee7b30 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 30 Mar 2021 19:56:09 +0200
Subject: [PATCH 22/29] init syncthing dummy-secrets
---
krebs/0tests/data/secrets/syncthing.cert | 0
krebs/0tests/data/secrets/syncthing.key | 0
2 files changed, 0 insertions(+), 0 deletions(-)
create mode 100644 krebs/0tests/data/secrets/syncthing.cert
create mode 100644 krebs/0tests/data/secrets/syncthing.key
diff --git a/krebs/0tests/data/secrets/syncthing.cert b/krebs/0tests/data/secrets/syncthing.cert
new file mode 100644
index 000000000..e69de29bb
diff --git a/krebs/0tests/data/secrets/syncthing.key b/krebs/0tests/data/secrets/syncthing.key
new file mode 100644
index 000000000..e69de29bb
From f32b691c75807c3848727c2187605b81fedcc784 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 3 Apr 2021 15:16:58 +0200
Subject: [PATCH 23/29] nixpkgs: d395190 -> 42a03e4
---
krebs/nixpkgs.json | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 77b88160b..02e131955 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "d395190b24b27a65588f4539c423d9807ad8d4e7",
- "date": "2021-03-24T17:35:36-06:00",
- "path": "/nix/store/gdzjw6k680vcilvnpdhv93qxkzkl05qy-nixpkgs",
- "sha256": "0r1kj8gf97z9ydh36vmgrar1q4l9ggaqiygxjvp8jmr1948y0nh2",
+ "rev": "42a03e4728fc05cb9f123057670e41967f628360",
+ "date": "2021-04-02T23:08:32+02:00",
+ "path": "/nix/store/d1vqa0kpa69zzcaj5kqgkmrxr3s7vli1-nixpkgs",
+ "sha256": "0wrn5nayxckj11z2qlvsya2lzssbccbk50llxmgdm0qb5y14shfk",
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false
From 55318e85773256a78f6ecc35c20fb8199435e205 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 3 Apr 2021 15:17:14 +0200
Subject: [PATCH 24/29] nixpkgs-unstable: d3f7e96 -> 04a2b26
---
krebs/nixpkgs-unstable.json | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index 03b6495cf..25389ad9c 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "d3f7e969b9860fb80750147aeb56dab1c730e756",
- "date": "2021-03-23T19:22:30+00:00",
- "path": "/nix/store/a5rldwc8gmwd0j9x86xmwszrd8wcbad3-nixpkgs",
- "sha256": "13z5lsgfgpw2wisglicy7krjrhypcc2y7krzxn54ybcninyiwhsn",
+ "rev": "04a2b269d8921505a2969fc9ec25c1f517f2b307",
+ "date": "2021-03-30T01:32:47-04:00",
+ "path": "/nix/store/wb6m2d6p3kadk6pbqdjq3ydswbvmb0lq-nixpkgs",
+ "sha256": "15hgx2i71pqgvzv56jwzfs8rkhjbm35wk1i6mxrqbq6wd0y10isv",
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false
From 2ab771bce9ddc58b9f363dc2dcd8ae9aaa2a5960 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 4 Apr 2021 10:05:19 +0200
Subject: [PATCH 25/29] recht: 0.1.0 -> 0.3.0
---
krebs/5pkgs/haskell/recht.nix | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/krebs/5pkgs/haskell/recht.nix b/krebs/5pkgs/haskell/recht.nix
index c98000564..7d884a9fa 100644
--- a/krebs/5pkgs/haskell/recht.nix
+++ b/krebs/5pkgs/haskell/recht.nix
@@ -1,24 +1,25 @@
-{ mkDerivation, async, base, blessings, data-default, directory
-, filepath, optparse-generic, pandoc, random, regex-tdfa, safe
-, scalpel, stdenv, text
+{ mkDerivation, ansi-terminal, async, base, binary, bytestring
+, data-default, directory, filepath, megaparsec
+, optparse-applicative, pandoc, random, safe, scalpel, stdenv, text
+, time
, fetchFromGitHub
}:
mkDerivation rec {
pname = "recht";
- version = "0.1.0";
+ version = "0.3.0";
src = fetchFromGitHub {
owner = "kmein";
repo = "recht";
- rev = "e3ed36e969cca138e6fc8199b0234d4fe36b663d";
- sha256 = "1cbdahjrhcx9jwmkncal04ss6rb2bf1ikyfxwvy6ngazfmj1d9f2";
+ rev = version;
+ sha256 = "07cyd06wbnzcp33v0nq8cxyggvqrnbni0v2g8cpxar6idn1wlz85";
};
isLibrary = false;
isExecutable = true;
executableHaskellDepends = [
- async base blessings data-default directory filepath
- optparse-generic pandoc random regex-tdfa safe scalpel text
+ ansi-terminal async base binary bytestring data-default directory
+ filepath megaparsec optparse-applicative pandoc random safe scalpel
+ text time
];
- license = "unknown";
- hydraPlatforms = stdenv.lib.platforms.none;
+ license = stdenv.lib.licenses.mit;
}
From 0257e7ea4b6dc4ad8363cd29ef0fd1d4832c179d Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 14 Apr 2021 11:12:50 +0200
Subject: [PATCH 26/29] l: switch tinc port to 0 for non supernodes
---
krebs/3modules/lass/default.nix | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 6978c0b4e..3711a7759 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -68,6 +68,7 @@ in {
"paste.r"
"p.r"
];
+ tinc.port = 655;
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIECgKCBAEAtpI0+jz2deUiH18T/+JcRshQi7lq8zlRvaXpvyuxJlYCz+o5cLje
@@ -126,6 +127,7 @@ in {
aliases = [
"uriel.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAzw0pvoEmqeqiZrzSOPH0IT99gr1rrvMZbvabXoU4MAiVgGoGrkmR
@@ -151,6 +153,7 @@ in {
aliases = [
"mors.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAsj1PCibKOfF68gmFQ+wwyfhUWpqKqpznrJX1dZ+daae7l7nBHvsE
@@ -184,6 +187,7 @@ in {
aliases = [
"shodan.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA9bUSItw8rEu2Cm2+3IGHyRxopre9lqpFjZNG2QTnjXkZ97QlDesT
@@ -218,6 +222,7 @@ in {
aliases = [
"icarus.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAydCY+IWzF8DocCNzPiUM+xccbiDTWS/+r2le812+O4r+sUojXuzr
@@ -251,6 +256,7 @@ in {
aliases = [
"daedalus.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAzlIJfYIoQGXishIQGFNOcaVoeelqy7a731FJ+VfrqeR8WURQ6D+8
@@ -282,6 +288,7 @@ in {
aliases = [
"skynet.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEArNpBoTs7MoaZq2edGJLYUjmoLa5ZtXhOFBHjS1KtQ3hMtWkcqpYX
@@ -315,6 +322,7 @@ in {
aliases = [
"littleT.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIECgKCBAEA2nPi6ui8nJhEL3lFzDoPelFbEwFWqPnQa0uVxLAhf2WnmT/vximF
@@ -364,6 +372,7 @@ in {
aliases = [
"xerxes.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIECgKCBAEArqEaK+m7WZe/9/Vbc+qx2TjkkRJ9lDgDMr1dvj98xb8/EveUME6U
@@ -414,6 +423,7 @@ in {
aliases = [
"red.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArAN/62V2MV18wsZ9VMTG
@@ -444,6 +454,7 @@ in {
aliases = [
"yellow.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6lHmzq8+04h3zivJmIbP
@@ -481,6 +492,7 @@ in {
aliases = [
"blue.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA28b+WMiQaWbwUPcJlacd
@@ -520,6 +532,7 @@ in {
aliases = [
"green.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwpgFxMxWQ0Cp3I82bLWk
@@ -574,6 +587,7 @@ in {
aliases = [
"morpheus.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAptrlSKQKsBH2QMQxllZR94S/fXneajpJifRjXR5bi+7ME2ThdQXY
@@ -611,6 +625,7 @@ in {
aliases = [
"hilum.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAul1zLdJ76kIqVWjxT2bb
@@ -651,6 +666,7 @@ in {
aliases = [
"styx.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuMJFklzpbxoDGD8LQ3tn
@@ -692,6 +708,7 @@ in {
aliases = [
"coaxmetal.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwcuMl/W6DZ7UMK4RHrxA
From 73adafe901a2809c58be0007bd6a5f2620242551 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 15 Apr 2021 09:32:47 +0200
Subject: [PATCH 27/29] nixpkgs: 42a03e4 -> dec334f
---
krebs/nixpkgs.json | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 02e131955..44a5d0c37 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "42a03e4728fc05cb9f123057670e41967f628360",
- "date": "2021-04-02T23:08:32+02:00",
- "path": "/nix/store/d1vqa0kpa69zzcaj5kqgkmrxr3s7vli1-nixpkgs",
- "sha256": "0wrn5nayxckj11z2qlvsya2lzssbccbk50llxmgdm0qb5y14shfk",
+ "rev": "dec334fa196a4aeedb1b60d8f7d61aa00d327499",
+ "date": "2021-04-14T01:54:42+02:00",
+ "path": "/nix/store/x1dkzxknsrf0060pz1vwa7ibmq7899wb-nixpkgs",
+ "sha256": "1sm1p2qliz11qw6va01knm0rikhpq2h4c70ci98vi4q26y4q9z72",
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false
From 38c46e3c08ea5de4191aa33c1c42af4d73816c6c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 17 Apr 2021 11:26:14 +0200
Subject: [PATCH 28/29] l: add searx via search.r
---
krebs/3modules/lass/default.nix | 1 +
lass/1systems/prism/config.nix | 1 +
lass/2configs/searx.nix | 23 +++++++++++++++++++++
lass/2configs/tests/dummy-secrets/searx.key | 1 +
4 files changed, 26 insertions(+)
create mode 100644 lass/2configs/searx.nix
create mode 100644 lass/2configs/tests/dummy-secrets/searx.key
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 3711a7759..300ea2ccc 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -67,6 +67,7 @@ in {
"cgit.prism.r"
"paste.r"
"p.r"
+ "search.r"
];
tinc.port = 655;
tinc.pubkey = ''
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 6f61ea57e..25d688696 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -194,6 +194,7 @@ with import <stockholm/lib>;
}
<stockholm/lass/2configs/minecraft.nix>
<stockholm/lass/2configs/codimd.nix>
+ <stockholm/lass/2configs/searx.nix>
{
services.taskserver = {
enable = true;
diff --git a/lass/2configs/searx.nix b/lass/2configs/searx.nix
new file mode 100644
index 000000000..ed6586a26
--- /dev/null
+++ b/lass/2configs/searx.nix
@@ -0,0 +1,23 @@
+{ pkgs, ... }:
+let
+ port = 8889;
+in {
+ services.nginx.virtualHosts.search = {
+ serverAliases = [ "search.r" ];
+ locations."/".extraConfig = ''
+ proxy_set_header Host $host;
+ proxy_pass http://127.0.0.1:${builtins.toString port};
+ '';
+ };
+
+ services.searx = {
+ enable = true;
+ configFile = pkgs.writeText "searx.cfg" (builtins.toJSON {
+ use_default_settings = true;
+ server = {
+ port = port;
+ secret_key = builtins.readFile <secrets/searx.key>;
+ };
+ });
+ };
+}
diff --git a/lass/2configs/tests/dummy-secrets/searx.key b/lass/2configs/tests/dummy-secrets/searx.key
new file mode 100644
index 000000000..bd88e01cd
--- /dev/null
+++ b/lass/2configs/tests/dummy-secrets/searx.key
@@ -0,0 +1 @@
+yolo
From 6b12f7ec6ab25eb482c73d9c3e1b892b0531ff6d Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 18 Apr 2021 17:05:24 +0200
Subject: [PATCH 29/29] hotdog.r: use port 0 for tinc
---
krebs/3modules/krebs/default.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index 656ea772f..37b939358 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -77,6 +77,7 @@ in {
"wiki.r"
"wiki.hotdog.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAs9+Au3oj29C5ol/YnkG9GjfCH5z53wxjH2iy8UPike8C7GASZKqc