makefu/stockholm
1
0
Fork 0
Code Issues Pull requests Actions1 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'lass/master'

Browse source
This commit is contained in:
makefu 2019-01-28 08:32:05 +01:00
parent 0c25e97905 56a0b3f002
commit 7bc36518d1
No known key found for this signature in database
GPG key ID: 36F7711F3FC0F225
28 changed files with 530 additions and 235 deletions

4
krebs/1systems/hotdog/config.nix
View file

@ -12,8 +12,8 @@
<stockholm/krebs/2configs/buildbot-stockholm.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/ircd.nix>
<stockholm/krebs/2configs/reaktor-retiolum.nix>
<stockholm/krebs/2configs/reaktor-krebs.nix>
<stockholm/krebs/2configs/nscd-fix.nix>
<stockholm/krebs/2configs/reaktor2.nix>
<stockholm/krebs/2configs/repo-sync.nix>
];

24
krebs/2configs/nscd-fix.nix Normal file
View file

@ -0,0 +1,24 @@
with import <stockholm/lib>;
{ pkgs, ... }: let
enable = versionOlderThan "19.03";
versionOlderThan = v:
compareVersions
(versions.majorMinor version)
(versions.majorMinor v)
== -1;
warning = ''
Using custom services.nscd.config because
https://github.com/NixOS/nixpkgs/pull/50316
'';
in
optionalAttrs enable (trace warning {
services.nscd.enable = mkForce true;
services.nscd.config = mkForce (readFile (pkgs.fetchurl {
url = https://raw.githubusercontent.com/arianvp/nixpkgs/1d5f4cb/nixos/modules/services/system/nscd.conf;
sha256 = "1jlddk38lyynjn51zx3xi1nc29ahajyh0qg48qbq6dqlsrn3wxqs";
}));
})

26
krebs/2configs/reaktor-krebs.nix
View file

@ -1,26 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
krebs.Reaktor.krebs = {
nickname = "Reaktor|krebs";
channels = [
"#krebs"
"#nixos-wiki"
];
extraEnviron = {
REAKTOR_HOST = "irc.freenode.org";
REAKTOR_NICKSERV_PASSWORD = "/var/lib/Reaktor/reaktor_nickserv_password";
};
plugins = with pkgs.ReaktorPlugins; [
sed-plugin
] ++
(attrValues (task "agenda"))
;
};
krebs.secret.files.nix-serve-key = {
path = "/var/lib/Reaktor/reaktor_nickserv_password";
owner.name = "Reaktor";
source-path = toString <secrets> + "/reaktor_nickserv_password";
};
}

17
krebs/2configs/reaktor-retiolum.nix
View file

@ -1,17 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
krebs.Reaktor.retiolum = {
nickname = "Reaktor|lass";
channels = [ "#noise" "#xxx" ];
extraEnviron = {
REAKTOR_HOST = "irc.r";
};
plugins = with pkgs.ReaktorPlugins; [
sed-plugin
] ++
(attrValues (task "agenda"))
;
};
}

152
krebs/2configs/reaktor2.nix Normal file
View file

@ -0,0 +1,152 @@
with import <stockholm/lib>;
{ config, pkgs, ... }:
let
#for shared state directory
stateDir = config.krebs.reaktor2.r.stateDir;
generators = pkgs.reaktor2-plugins.generators;
hooks = pkgs.reaktor2-plugins.hooks;
commands = pkgs.reaktor2-plugins.commands;
task = name: let
rcFile = builtins.toFile "taskrc" ''
confirmation=no
'';
in {
pattern = "^${name}-([a-z]+)(?::\\s*(.*))?";
activate = "match";
command = 1;
arguments = [2];
env.TASKDATA = "${stateDir}/${name}";
commands = {
add.filename = pkgs.writeDash "${name}-task-add" ''
${pkgs.taskwarrior}/bin/task rc:${rcFile} add "$1"
'';
list.filename = pkgs.writeDash "${name}-task-list" ''
${pkgs.taskwarrior}/bin/task rc:${rcFile} export \
| ${pkgs.jq}/bin/jq -r '
.[] | select(.id != 0) | "\(.id) \(.description)"
'
'';
delete.filename = pkgs.writeDash "${name}-task-delete" ''
${pkgs.taskwarrior}/bin/task rc:${rcFile} delete "$1"
'';
done.filename = pkgs.writeDash "${name}-task-done" ''
${pkgs.taskwarrior}/bin/task rc:${rcFile} done "$1"
'';
};
};
systemPlugin = {
plugin = "system";
config = {
workdir = stateDir;
hooks.JOIN = [
{
activate = "always";
command = {
filename =
"${pkgs.Reaktor.src}/reaktor/commands/tell-on_join";
env = {
PATH = makeBinPath [
pkgs.coreutils # XXX env, touch
pkgs.jq # XXX sed
pkgs.utillinux # XXX flock
];
state_file = "${stateDir}/tell.json";
};
};
}
];
hooks.PRIVMSG = [
{
pattern = "^bier bal(ance)*$";
activate = "match";
command = {
env = {
state_file = "${stateDir}/ledger";
};
filename = pkgs.writeDash "bier-balance" ''
${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \
| ${pkgs.coreutils}/bin/tail +2 \
| ${pkgs.miller}/bin/mlr --icsv --opprint cat
'';
};
}
{
pattern = ''^(\S+)\s+([+-][1-9][0-9]*)\s+(\S+)$'';
activate = "match";
arguments = [1 2 3];
command = {
env = {
# TODO; get state as argument
state_file = "${stateDir}/ledger";
};
filename = pkgs.writeDash "ledger-add" ''
set -x
tonick=$1
amt=$2
unit=$3
printf '%s\n %s %d %s\n %s %d %s\n' "$(date -Id)" "$tonick" "$amt" "$unit" "$_from" "$(expr 0 - "''${amt#+}")" "$unit" >> $state_file
'';
};
}
hooks.sed
(generators.command_hook {
inherit (commands) hello random-emoji nixos-version stockholm-issue;
tell = {
filename =
"${pkgs.Reaktor.src}/reaktor/commands/tell-on_privmsg";
env = {
PATH = makeBinPath [
pkgs.coreutils # XXX date, env
pkgs.jq # XXX sed
pkgs.utillinux # XXX flock
];
state_file = "${stateDir}/tell.txt";
};
};
})
(task "agenda")
];
};
};
in {
krebs.reaktor2 = {
freenode = {
hostname = "irc.freenode.org";
nick = "reaktor2|krebs";
plugins = [
{
plugin = "register";
config = {
channels = [
"#krebs"
];
};
}
systemPlugin
];
username = "reaktor2";
};
r = {
nick = "reaktor2|krebs";
plugins = [
{
plugin = "register";
config = {
channels = [
"#noise"
"#xxx"
];
};
}
systemPlugin
];
username = "reaktor2";
};
};
}

5
krebs/3modules/Reaktor.nix
View file

@ -113,10 +113,11 @@ let
'';
in nameValuePair "Reaktor-${name}" {
path = with pkgs; [
utillinux #flock for tell_on-join
git # for nag
jq # for tell
python # for caps
];
utillinux # flock for tell
];
description = "Reaktor IRC Bot";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];

1
krebs/3modules/default.nix
View file

@ -42,6 +42,7 @@ let
./per-user.nix
./power-action.nix
./Reaktor.nix
./reaktor2.nix
./realwallpaper.nix
./retiolum-bootstrap.nix
./retiolum-hosts.nix

14
krebs/3modules/reaktor2.nix
View file

@ -25,7 +25,7 @@ with import <stockholm/lib>;
type = types.listOf types.attrs;
};
stateDir = mkOption {
default = "/var/lib/${self.config.systemd-service-name}";
default = "/var/lib/${self.config.username}";
readOnly = true;
type = types.absolute-pathname;
};
@ -33,6 +33,14 @@ with import <stockholm/lib>;
default = "reaktor2${optionalString (name != "default") "-${name}"}";
type = types.filename;
};
username = mkOption {
default = self.config.systemd-service-name;
type = types.username;
};
useTLS = mkOption {
default = self.config.port == "6697";
type = types.bool;
};
};
}));
};
@ -43,10 +51,10 @@ with import <stockholm/lib>;
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = cfg.systemd-service-name;
User = cfg.username;
Group = "reaktor2";
DynamicUser = true;
StateDirectory = cfg.systemd-service-name;
StateDirectory = cfg.username;
ExecStart = let
configFile = pkgs.writeJSON configFileName configValue;
configFileName = "${cfg.systemd-service-name}.config.json";

4
krebs/5pkgs/haskell/blessings.nix
View file

@ -7,8 +7,8 @@ with import <stockholm/lib>;
sha256 = "1k908zap3694fcxdk4bb29s54b0lhdh557y10ybjskfwnym7szn1";
};
"18.09" = {
version = "1.3.0";
sha256 = "1y9jhh9pchrr48zgfib2jip97x1fkm7qb1gnfx477rmmryjs500h";
version = "2.1.0";
sha256 = "0wc8v48bb0bkvypc0j6imvnf8xc8572hykk9sgjhzf2w0ggqxv5d";
};
}.${versions.majorMinor nixpkgsVersion};

9
krebs/5pkgs/simple/much/cabal.nix → krebs/5pkgs/haskell/much.nix
View file

@ -8,11 +8,12 @@
}:
mkDerivation {
pname = "much";
version = "1.1.0";
version = "1.2.0";
src = fetchgit {
url = "http://cgit.ni.krebsco.de/much";
sha256 = "1325554zymr1dd0clj8c5ygl70c791csvs0hz33jcfr6b8wysdrl";
rev = "dfec37d848e11c00d9b7f03295af1fc7b0e83ef5";
url = "https://cgit.krebsco.de/much";
sha256 = "0gfvppi8acylz0q7xh8dkm3dj676d4sc1m1gxwp663bkn4748873";
rev = "8fc4fbb5bb7781626da8f63cd8df8bb0f554cfe7";
fetchSubmodules = true;
};
isLibrary = false;
isExecutable = true;

24
krebs/5pkgs/haskell/reaktor2.nix
View file

@ -1,23 +1,27 @@
{ mkDerivation, aeson, attoparsec, base, blessings, bytestring
, containers, fetchgit, filepath, network, network-simple
, network-simple-tls, pcre-heavy, pcre-light, process, random
, stdenv, text, time, transformers, unix, unordered-containers
{ mkDerivation, aeson, async, attoparsec, base, blessings
, bytestring, containers, data-default, fetchgit, filepath
, hashable, lens, lens-aeson, network, network-simple
, network-simple-tls, pcre-light, process, random, stdenv
, string-conversions, stringsearch, text, time, transformers
, unagi-chan, unix, unordered-containers, vector
}:
mkDerivation {
pname = "reaktor2";
version = "0.0.0";
version = "0.2.1";
src = fetchgit {
url = "https://cgit.krebsco.de/reaktor2";
sha256 = "1q2rb78mzpyd8wxfmlbfdz7zq5smsrrvb4n874ap1p8f2bmmp0am";
rev = "ce276eee82ec0b8c4106beb4c51d6f9eb77335c4";
sha256 = "0wg76wlzfi893rl0lzhfs6bkpdcvwvgl6mpnz6w7r8f7znr4a9vr";
rev = "0e199f7a357a4c5973e5837ec67699cf224ca69c";
fetchSubmodules = true;
};
isLibrary = false;
isExecutable = true;
executableHaskellDepends = [
aeson attoparsec base blessings bytestring containers filepath
network network-simple network-simple-tls pcre-heavy pcre-light
process random text time transformers unix unordered-containers
aeson async attoparsec base blessings bytestring containers
data-default filepath hashable lens lens-aeson network
network-simple network-simple-tls pcre-light process random
string-conversions stringsearch text time transformers unagi-chan
unix unordered-containers vector
];
license = stdenv.lib.licenses.mit;
}

6
krebs/5pkgs/simple/Reaktor/default.nix
View file

@ -2,7 +2,7 @@
python3Packages.buildPythonPackage rec {
name = "Reaktor-${version}";
version = "0.6.2";
version = "0.7.0";
doCheck = false;
@ -13,8 +13,8 @@ python3Packages.buildPythonPackage rec {
src = fetchFromGitHub {
owner = "krebs";
repo = "Reaktor";
rev = version;
sha256 = "0h8pj0x9b5fnxddwrc0f63rxd3275v5phmjc0fv4kiwlzvbcxj6m";
rev = "v${version}";
sha256 = "12yy06vk0smjs0rmahrn2kd4bcdh1yjw1fz6rifw6nmgx889d9hj";
};
meta = {
homepage = http://krebsco.de/;

2
krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh Normal file → Executable file
View file

@ -1,5 +1,5 @@
#!/bin/sh
curl http://emojicons.com/random -s | \
curl -sS http://emojicons.com/random | \
grep data-text | \
sed -n 's/.*>\(.*\)<\/textarea>/\1/p' | \
head -n 1 | \

0
krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh Normal file → Executable file
View file

2
krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py Normal file → Executable file
View file

@ -46,7 +46,7 @@ if is_regex(line):
print('to many lines, skipped')
else:
if last.strip() != ret.strip():
print("\x1b[1m{}\x1b[0m meant: {}".format(usr, ret.strip()))
print("\x02{}\x02 meant: {}".format(usr, ret.strip()))
if ret:
d[usr] = ret

0
krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh Normal file → Executable file
View file

3
krebs/5pkgs/simple/much/default.nix
View file

@ -1,3 +0,0 @@
{ haskellPackages, ... }:
haskellPackages.callPackage ./cabal.nix {}

106
krebs/5pkgs/simple/reaktor2-plugins.nix Normal file
View file

@ -0,0 +1,106 @@
with import <stockholm/lib>;
{ lib, pkgs, ... }:
rec {
generators = {
command_hook = commands: {
pattern =
"^\\s*([0-9A-Za-z._][0-9A-Za-z._-]*)(?:\\s+(.*\\S))?\\s*$";
command = 1;
arguments = [2];
commands = commands;
};
};
commands = {
hello = {
filename = "${pkgs.Reaktor.src}/reaktor/commands/hello";
};
random-emoji = {
filename = <stockholm/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh>;
env = {
PATH = makeBinPath (with pkgs; [ coreutils gnused gnugrep xmlstarlet wget ]);
};
};
nixos-version = {
filename = pkgs.writeDash "nixos-version" ''
. /etc/os-release
echo "$PRETTY_NAME"
'';
};
stockholm-issue = {
filename = <stockholm/krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh>;
env = {
PATH = makeBinPath (with pkgs; [ coreutils git gnused haskellPackages.lentil ]);
origin = "http://cgit.gum/stockholm";
state_dir = "/tmp/stockholm-issue";
};
};
};
hooks = {
sed = {
activate = "always";
pattern = "^(.*)$";
arguments = [1];
command = {
env = {
PATH = makeBinPath (with pkgs; [ gnused ]);
state_dir = "/tmp";
};
filename = pkgs.writeDash "sed-plugin" ''
set -efu
exec ${pkgs.python3}/bin/python \
${<stockholm/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py>} "$@"
'';
};
};
shack-correct = {
activate = "match";
pattern = "^(.*Shack.*)$";
arguments = [1];
command.filename = <stockholm/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh>;
};
url-title = {
#pattern = "^.*(http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$";
pattern = "^.*(http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$";
activate = "match";
arguments = [1];
command = {
filename = pkgs.writePython3 "url-title" { deps = with pkgs.python3Packages; [ beautifulsoup4 lxml ]; } ''
import cgi
import sys
import urllib.request
from bs4 import BeautifulSoup
try:
req = urllib.request.Request(sys.argv[1])
req.add_header('user-agent', 'Reaktor-url-title')
resp = urllib.request.urlopen(req)
if resp.headers['content-type'].find('text/html') >= 0:
soup = BeautifulSoup(resp.read(16000), "lxml")
title = soup.find('title').string
if len(title.split('\n')) > 5:
title = '\n'.join(title.split('\n')[:5])
print(title[:450])
else:
cd_header = resp.headers['content-disposition']
print(cgi.parse_header(cd_header)[1]['filename'])
except: # noqa: E722
pass
'';
};
};
};
}

15
lass/1systems/prism/config.nix
View file

@ -36,10 +36,10 @@ with import <stockholm/lib>;
# TODO write function for proxy_pass (ssl/nonssl)
krebs.iptables.tables.filter.FORWARD.rules = [
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; }
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.141"; target = "ACCEPT"; }
];
krebs.iptables.tables.nat.PREROUTING.rules = [
{ v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; }
{ v6 = false; precedence = 1000; predicate = "-d 95.216.1.130"; target = "DNAT --to-destination 192.168.122.141"; }
];
}
{
@ -379,6 +379,7 @@ with import <stockholm/lib>;
name = "download";
home = "/var/download";
useDefaultShell = true;
uid = genid "download";
openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
lass-shodan.pubkey
@ -420,6 +421,16 @@ with import <stockholm/lib>;
{ predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; }
];
}
{
nix.trustedUsers = [ "Mic92" ];
users.users.Mic92 = {
uid = genid_uint31 "Mic92";
isNormalUser = true;
openssh.authorizedKeys.keys = [
config.krebs.users.Mic92.pubkey
];
};
}
];
krebs.build.host = config.krebs.hosts.prism;

14
lass/1systems/prism/physical.nix
View file

@ -63,9 +63,15 @@
defaultGateway = "95.216.1.129";
# Use google's public DNS server
nameservers = [ "8.8.8.8" ];
interfaces.eth0 = {
ipAddress = "95.216.1.150";
prefixLength = 26;
};
interfaces.eth0.ipv4.addresses = [
{
address = "95.216.1.150";
prefixLength = 26;
}
{
address = "95.216.1.130";
prefixLength = 26;
}
];
};
}

92
lass/1systems/yellow/config.nix
View file

@ -88,7 +88,7 @@ with import <stockholm/lib>;
client
dev tun
proto udp
remote 82.102.16.229 1194
remote 89.249.65.83 1194
resolv-retry infinite
remote-random
nobind
@ -103,13 +103,9 @@ with import <stockholm/lib>;
reneg-sec 0
comp-lzo no
explicit-exit-notify 3
remote-cert-tls server
#mute 10000
auth-user-pass ${toString <secrets/nordvpn.txt>}
verb 3
pull
fast-io
@ -118,32 +114,33 @@ with import <stockholm/lib>;
<ca>
-----BEGIN CERTIFICATE-----
MIIEyjCCA7KgAwIBAgIJANIxRSmgmjW6MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
VQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQMA4GA1UEChMH
Tm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUyMjkubm9yZHZw
bi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEWEGNlcnRAbm9y
ZHZwbi5jb20wHhcNMTcxMTIyMTQ1MTQ2WhcNMjcxMTIwMTQ1MTQ2WjCBnjELMAkG
A1UEBhMCUEExCzAJBgNVBAgTAlBBMQ8wDQYDVQQHEwZQYW5hbWExEDAOBgNVBAoT
B05vcmRWUE4xEDAOBgNVBAsTB05vcmRWUE4xGjAYBgNVBAMTEWRlMjI5Lm5vcmR2
cG4uY29tMRAwDgYDVQQpEwdOb3JkVlBOMR8wHQYJKoZIhvcNAQkBFhBjZXJ0QG5v
cmR2cG4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv++dfZlG
UeFF2sGdXjbreygfo78Ujti6X2OiMDFnwgqrhELstumXl7WrFf5EzCYbVriNuUny
mNCx3OxXxw49xvvg/KplX1CE3rKBNnzbeaxPmeyEeXe+NgA7rwOCbYPQJScFxK7X
+D16ZShY25GyIG7hqFGML0Qz6gpZRGaHSd0Lc3wSgoLzGtsIg8hunhfi00dNqMBT
ukCzgfIqbQUuqmOibsWnYvZoXoYKnbRL0Bj8IYvwvu4p2oBQpvM+JR4DC+rv52LI
583Q6g3LebQ4JuQf8jgxvEEV4UL1CsUBqN3mcRpVUKJS3ijXmzEX9MfpBRcp1rBA
VsiE4Mrk7PXhkwIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFFIv1UuKN2NXaVjRNXDT
Rs/+LT/9MIHTBgNVHSMEgcswgciAFFIv1UuKN2NXaVjRNXDTRs/+LT/9oYGkpIGh
MIGeMQswCQYDVQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQ
MA4GA1UEChMHTm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUy
Mjkubm9yZHZwbi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEW
EGNlcnRAbm9yZHZwbi5jb22CCQDSMUUpoJo1ujAMBgNVHRMEBTADAQH/MA0GCSqG
SIb3DQEBCwUAA4IBAQBf1vr93OIkIFehXOCXYFmAYai8/lK7OQH0SRMYdUPvADjQ
e5tSDK5At2Ew9YLz96pcDhzLqtbQsRqjuqWKWs7DBZ8ZiJg1nVIXxE+C3ezSyuVW
//DdqMeUD80/FZD5kPS2yJJOWfuBBMnaN8Nxb0BaJi9AKFHnfg6Zxqa/FSUPXFwB
wH+zeymL2Dib2+ngvCm9VP3LyfIdvodEJ372H7eG8os8allUnkUzpVyGxI4pN/IB
KROBRPKb+Aa5FWeWgEUHIr+hNrEMvcWfSvZAkSh680GScQeJh5Xb4RGMCW08tb4p
lrojzCvC7OcFeUNW7Ayiuukx8rx/F4+IZ1yJGff9
MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ
MA4GA1UEChMHTm9yZFZQTjEYMBYGA1UEAxMPTm9yZFZQTiBSb290IENBMB4XDTE2
MDEwMTAwMDAwMFoXDTM1MTIzMTIzNTk1OVowOTELMAkGA1UEBhMCUEExEDAOBgNV
BAoTB05vcmRWUE4xGDAWBgNVBAMTD05vcmRWUE4gUm9vdCBDQTCCAiIwDQYJKoZI
hvcNAQEBBQADggIPADCCAgoCggIBAMkr/BYhyo0F2upsIMXwC6QvkZps3NN2/eQF
kfQIS1gql0aejsKsEnmY0Kaon8uZCTXPsRH1gQNgg5D2gixdd1mJUvV3dE3y9FJr
XMoDkXdCGBodvKJyU6lcfEVF6/UxHcbBguZK9UtRHS9eJYm3rpL/5huQMCppX7kU
eQ8dpCwd3iKITqwd1ZudDqsWaU0vqzC2H55IyaZ/5/TnCk31Q1UP6BksbbuRcwOV
skEDsm6YoWDnn/IIzGOYnFJRzQH5jTz3j1QBvRIuQuBuvUkfhx1FEwhwZigrcxXu
MP+QgM54kezgziJUaZcOM2zF3lvrwMvXDMfNeIoJABv9ljw969xQ8czQCU5lMVmA
37ltv5Ec9U5hZuwk/9QO1Z+d/r6Jx0mlurS8gnCAKJgwa3kyZw6e4FZ8mYL4vpRR
hPdvRTWCMJkeB4yBHyhxUmTRgJHm6YR3D6hcFAc9cQcTEl/I60tMdz33G6m0O42s
Qt/+AR3YCY/RusWVBJB/qNS94EtNtj8iaebCQW1jHAhvGmFILVR9lzD0EzWKHkvy
WEjmUVRgCDd6Ne3eFRNS73gdv/C3l5boYySeu4exkEYVxVRn8DhCxs0MnkMHWFK6
MyzXCCn+JnWFDYPfDKHvpff/kLDobtPBf+Lbch5wQy9quY27xaj0XwLyjOltpiST
LWae/Q4vAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqG
SIb3DQEBDQUAA4ICAQC9fUL2sZPxIN2mD32VeNySTgZlCEdVmlq471o/bDMP4B8g
nQesFRtXY2ZCjs50Jm73B2LViL9qlREmI6vE5IC8IsRBJSV4ce1WYxyXro5rmVg/
k6a10rlsbK/eg//GHoJxDdXDOokLUSnxt7gk3QKpX6eCdh67p0PuWm/7WUJQxH2S
DxsT9vB/iZriTIEe/ILoOQF0Aqp7AgNCcLcLAmbxXQkXYCCSB35Vp06u+eTWjG0/
pyS5V14stGtw+fA0DJp5ZJV4eqJ5LqxMlYvEZ/qKTEdoCeaXv2QEmN6dVqjDoTAo
k0t5u4YRXzEVCfXAC3ocplNdtCA72wjFJcSbfif4BSC8bDACTXtnPC7nD0VndZLp
+RiNLeiENhk0oTC+UVdSc+n2nJOzkCK0vYu0Ads4JGIB7g8IB3z2t9ICmsWrgnhd
NdcOe15BincrGA8avQ1cWXsfIKEjbrnEuEk9b5jel6NfHtPKoHc9mDpRdNPISeVa
wDBM1mJChneHt59Nh8Gah74+TM1jBsw4fhJPvoc7Atcg740JErb904mZfkIEmojC
VPhBHVQ9LHBAdM8qFI2kRK0IynOmAZhexlP/aT/kpEsEPyaZQlnBn3An1CRz8h0S
PApL8PytggYKeQmRhl499+6jLxcZ2IegLfqq41dzIjwHwTMplg+1pKIOVojpWA==
-----END CERTIFICATE-----
</ca>
key-direction 1
@ -152,23 +149,24 @@ with import <stockholm/lib>;
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
49b2f54c6ee58d2d97331681bb577d55
054f56d92b743c31e80b684de0388702
ad3bf51088cd88f3fac7eb0729f2263c
51d82a6eb7e2ed4ae6dfa65b1ac764d0
b9dedf1379c1b29b36396d64cb6fd6b2
e61f869f9a13001dadc02db171f04c4d
c46d1132c1f31709e7b54a6eabae3ea8
fbd2681363c185f4cb1be5aa42a27c31
21db7b2187fd11c1acf224a0d5a44466
b4b5a3cc34ec0227fe40007e8b379654
f1e8e2b63c6b46ee7ab6f1bd82f57837
92c209e8f25bc9ed493cb5c1d891ae72
7f54f4693c5b20f136ca23e639fd8ea0
865b4e22dd2af43e13e6b075f12427b2
08af9ffd09c56baa694165f57fe2697a
3377fa34aebcba587c79941d83deaf45
e685bdaf659a25a200e2b9e39e51ff03
0fc72cf1ce07232bd8b2be5e6c670143
f51e937e670eee09d4f2ea5a6e4e6996
5db852c275351b86fc4ca892d78ae002
d6f70d029bd79c4d1c26cf14e9588033
cf639f8a74809f29f72b9d58f9b8f5fe
fc7938eade40e9fed6cb92184abb2cc1
0eb1a296df243b251df0643d53724cdb
5a92a1d6cb817804c4a9319b57d53be5
80815bcfcb2df55018cc83fc43bc7ff8
2d51f9b88364776ee9d12fc85cc7ea5b
9741c4f598c485316db066d52db4540e
212e1518a9bd4828219e24b20d88f598
a196c9de96012090e333519ae18d3509
9427e7b372d348d352dc4c85e18cd4b9
3f8a56ddb2e64eb67adfc9b337157ff4
-----END OpenVPN Static key V1-----
</tls-auth>
'';
}

2
lass/2configs/baseX.nix
View file

@ -74,7 +74,7 @@ in {
nmap
pavucontrol
powertop
rxvt_unicode_with-plugins
rxvt_unicode-with-plugins
sxiv
taskwarrior
termite

5
lass/2configs/default.nix
View file

@ -2,6 +2,7 @@ with import <stockholm/lib>;
{ config, pkgs, ... }:
{
imports = [
<stockholm/krebs/2configs/nscd-fix.nix>
./binary-cache/client.nix
./gc.nix
./mc.nix
@ -81,9 +82,6 @@ with import <stockholm/lib>;
services.timesyncd.enable = mkForce true;
#why is this on in the first place?
services.nscd.enable = false;
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -"
];
@ -115,6 +113,7 @@ with import <stockholm/lib>;
#network
iptables
iftop
tcpdump
#stuff for dl
aria2

1
lass/2configs/exim-smarthost.nix
View file

@ -96,6 +96,7 @@ with import <stockholm/lib>;
{ from = "nordvpn@lassul.us"; to = lass.mail; }
{ from = "csv-direct@lassul.us"; to = lass.mail; }
{ from = "nintendo@lassul.us"; to = lass.mail; }
{ from = "overleaf@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }

2
lass/2configs/mail.nix
View file

@ -225,7 +225,7 @@ in {
msmtp
mutt
pkgs.notmuch
pkgs.much
pkgs.haskellPackages.much
tag-new-mails
tag-old-mails
];

194
lass/2configs/reaktor-coders.nix
View file

@ -1,99 +1,107 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
krebs.Reaktor.coders = {
nickname = "Reaktor|lass";
channels = [ "#coders" "#germany" "#panthermoderns" ];
extraEnviron = {
REAKTOR_HOST = "irc.hackint.org";
};
plugins = with pkgs.ReaktorPlugins; let
lambdabot = (import (pkgs.fetchFromGitHub {
owner = "NixOS"; repo = "nixpkgs";
rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
}) {}).lambdabot;
lambdabotflags = ''
-XStandaloneDeriving -XGADTs -XFlexibleContexts \
-XFlexibleInstances -XMultiParamTypeClasses \
-XOverloadedStrings -XFunctionalDependencies \'';
in [
sed-plugin
url-title
(buildSimpleReaktorPlugin "lambdabot-pl" {
pattern = "^@pl (?P<args>.*)$$";
script = pkgs.writeDash "lambda-pl" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@pl $1"
'';
})
(buildSimpleReaktorPlugin "lambdabot-type" {
pattern = "^@type (?P<args>.*)$$";
script = pkgs.writeDash "lambda-type" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@type $1"
'';
})
(buildSimpleReaktorPlugin "lambdabot-let" {
pattern = "^@let (?P<args>.*)$$";
script = pkgs.writeDash "lambda-let" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@let $1"
'';
})
(buildSimpleReaktorPlugin "lambdabot-run" {
pattern = "^@run (?P<args>.*)$$";
script = pkgs.writeDash "lambda-run" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@run $1"
'';
})
(buildSimpleReaktorPlugin "lambdabot-kind" {
pattern = "^@kind (?P<args>.*)$$";
script = pkgs.writeDash "lambda-kind" ''
exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@kind $1"
'';
})
(buildSimpleReaktorPlugin "ping" {
pattern = "^!ping (?P<args>.*)$$";
script = pkgs.writeDash "ping" ''
exec /run/wrappers/bin/ping -q -c1 "$1" 2>&1 | tail -1
'';
})
(buildSimpleReaktorPlugin "google" {
pattern = "^!g (?P<args>.*)$$";
script = pkgs.writeDash "google" ''
exec ${pkgs.ddgr}/bin/ddgr -C -n1 --json "$@" | \
${pkgs.jq}/bin/jq '@text "\(.[0].abstract) \(.[0].url)"'
'';
})
(buildSimpleReaktorPlugin "blockchain" {
pattern = ".*[Bb]lockchain.*$$";
script = pkgs.writeDash "blockchain" ''
exec echo 'DID SOMEBODY SAY BLOCKCHAIN? https://paste.krebsco.de/r99pMoQq/+inline'
'';
})
(buildSimpleReaktorPlugin "shrug" {
pattern = "^!shrug$";
script = pkgs.writeDash "shrug" ''
exec echo '¯\_()_/¯'
'';
})
(buildSimpleReaktorPlugin "flip" {
pattern = "^!flip$";
script = pkgs.writeDash "shrug" ''
exec echo '(°° '
'';
})
let
hooks = pkgs.reaktor2-plugins.hooks;
in {
krebs.reaktor2.coders = {
hostname = "irc.hackint.org";
port = "9999";
useTLS = true;
nick = "reaktor2|lass";
plugins = [
{
plugin = "register";
config = {
channels = [
"#coders"
"#germany"
"#panthermoderns"
];
};
}
{
plugin = "system";
config = {
workdir = config.krebs.reaktor2.coders.stateDir;
hooks.PRIVMSG = [
hooks.sed
hooks.url-title
{
activate = "match";
pattern = ''@([^ ]+) (.*)$'';
command = 1;
arguments = [2];
commands = let
lambdabot = (import (pkgs.fetchFromGitHub {
owner = "NixOS"; repo = "nixpkgs";
rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
}) {}).lambdabot;
lambdabotWrapper = pkgs.writeDash "lambdabot.wrapper" ''
exec ${lambdabot}/bin/lambdabot \
-XStandaloneDeriving -XGADTs -XFlexibleContexts \
-XFlexibleInstances -XMultiParamTypeClasses \
-XOverloadedStrings -XFunctionalDependencies \
-e "$@"
'';
in {
pl = {
env.HOME = config.krebs.reaktor2.coders.stateDir;
filename = pkgs.writeDash "lambdabot-pl" ''
${lambdabotWrapper} "@pl $1"
'';
};
type = {
env.HOME = config.krebs.reaktor2.coders.stateDir;
filename = pkgs.writeDash "lambdabot-type" ''
${lambdabotWrapper} "@type $1"
'';
};
"let" = {
env.HOME = config.krebs.reaktor2.coders.stateDir;
filename = pkgs.writeDash "lambdabot-let" ''
${lambdabotWrapper} "@let $1"
'';
};
run = {
env.HOME = config.krebs.reaktor2.coders.stateDir;
filename = pkgs.writeDash "lambdabot-run" ''
${lambdabotWrapper} "@run $1"
'';
};
kind = {
env.HOME = config.krebs.reaktor2.coders.stateDir;
filename = pkgs.writeDash "lambdabot-kind" ''
${lambdabotWrapper} "@kind $1"
'';
};
};
}
{
activate = "match";
pattern = ''!([^ ]+)(?:\s*(.*))?'';
command = 1;
arguments = [2];
commands = {
ping.filename = pkgs.writeDash "ping" ''
exec /run/wrappers/bin/ping -q -c1 "$1" 2>&1 | tail -1
'';
google.filename = pkgs.writeDash "google" ''
exec ${pkgs.ddgr}/bin/ddgr -C -n1 --json "$@" | \
${pkgs.jq}/bin/jq '@text "\(.[0].abstract) \(.[0].url)"'
'';
shrug.filename = pkgs.writeDash "shrug" ''
exec echo '¯\_()_/¯'
'';
table.filename = pkgs.writeDash "table" ''
exec echo '(°° '
'';
};
}
];
};
}
];
};
}

24
lass/2configs/websites/domsen.nix
View file

@ -155,6 +155,13 @@ in {
ssl_key = "/var/lib/acme/lassul.us/key.pem";
};
users.users.UBIK-SFTP = {
uid = genid_uint31 "UBIK-SFTP";
home = "/home/UBIK-SFTP";
useDefaultShell = true;
createHome = true;
};
users.users.xanf = {
uid = genid_uint31 "xanf";
home = "/home/xanf";
@ -227,5 +234,22 @@ in {
createHome = true;
};
services.restic.backups.domsen = {
initialize = true;
extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr.duckdns.org -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ];
repository = "sftp:efOVcMWSZ@wilhelmstr.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES";
passwordFile = toString <secrets> + "/domsen_backup_pw";
paths = [
"/srv/http"
"/home/domsen/Mail"
"/home/ms/Mail"
"/home/klabusterbeere/Mail"
"/home/jms/Mail"
"/home/bruno/Mail"
"/home/akayguen/Mail"
"/backups/sql_dumps"
];
};
}

17
tv/2configs/mail-client.nix
View file

@ -1,13 +1,10 @@
{ pkgs, ... }:
with pkgs;
{
{ pkgs, ... }: {
environment.systemPackages = [
much
msmtp
notmuch
pythonPackages.alot
qprint
w3m
pkgs.haskellPackages.much
pkgs.msmtp
pkgs.notmuch
pkgs.pythonPackages.alot
pkgs.qprint
pkgs.w3m
];
}