makefu/stockholm
1
0
Fork 0
Code Issues Pull requests Actions 1 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'prism/master'

Browse source
This commit is contained in:
tv 2021-01-18 15:24:18 +01:00
parent 7b7ebd8708 2a32b77314
commit ff6f5ef5e1
72 changed files with 1683 additions and 2220 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
krebs/1systems/puyak/config.nix
View file

@ -1,12 +1,16 @@
{ config, pkgs, ... }:
{
imports = [
./net.nix
<stockholm/krebs>
<stockholm/krebs/2configs>
<stockholm/krebs/2configs/secret-passwords.nix>
<stockholm/krebs/2configs/hw/x220.nix>
# see documentation in included getty-for-esp.nix:
# brain hosts/puyak/root
<stockholm/krebs/2configs/hw/getty-for-esp.nix>
## initrd unlocking
# (brain hosts/puyak/luks-ssd;echo) | ssh root@$(brain krebs-secrets/puyak/initrd/hostname) 'cat > /crypt-ramfs/passphrase'
@ -20,8 +24,7 @@
#### NEWS ####
<stockholm/krebs/2configs/ircd.nix>
#<stockholm/krebs/2configs/news.nix>
#<stockholm/krebs/2configs/news-spam.nix>
<stockholm/krebs/2configs/news.nix>
### shackspace ###
@ -118,7 +121,6 @@
krebs.build.host = config.krebs.hosts.puyak;
sound.enable = false;
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
@ -163,10 +165,6 @@
services.logind.lidSwitchExternalPower = "ignore";
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="8c:70:5a:b2:84:58", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:07:b9:14", NAME="et0"
'';
environment.systemPackages = [ pkgs.zsh ];
@ -179,5 +177,4 @@
isNormalUser = true;
shell = "/run/current-system/sw/bin/zsh";
};
networking.firewall.allowedTCPPorts = [ 5901 ];
}

23
krebs/1systems/puyak/net.nix Normal file
View file

@ -0,0 +1,23 @@
let
ext-if = "enp0s25";
shack-ip = "10.42.22.184";
shack-gw = "10.42.20.1";
in {
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="8c:70:5a:b2:84:58", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:07:b9:14", NAME="et0"
'';
networking = {
firewall.enable = false;
firewall.allowedTCPPorts = [ 8088 8086 8083 5901 ];
interfaces."${ext-if}".ipv4.addresses = [
{
address = shack-ip;
prefixLength = 20;
}
];
defaultGateway = shack-gw;
nameservers = [ "10.42.0.100" "10.42.0.200" ];
};
}

3
krebs/2configs/go.nix
View file

@ -2,9 +2,6 @@
with import <stockholm/lib>;
{
environment.systemPackages = [
pkgs.go-shortener
];
krebs.go = {
enable = true;
};

17
krebs/2configs/hw/getty-for-esp.nix Normal file
View file

@ -0,0 +1,17 @@
{
# 1. Program an esp8266 devboard (esp8266+usb-ttl) with # https://github.com/jeelabs/esp-link
# tested vesion: esp-link v3.2.47-g9c6530d
# Pin Preset: esp-bridge
# tx-enable: false
# uart-pins: normal
# 2. connect directly with usb-cable to device, check that vendorID and ProductID match
# 3. nc <esp-link-ip> 23
# Info: for puyak the root pw is `brain hosts/puyak/root`
services.udev.extraRules = ''
SUBSYSTEM=="tty", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="7523", SYMLINK+="ilo", MODE="0660"
'';
systemd.services."serial-getty@ilo".enable = true;
systemd.services."serial-getty@ilo".wantedBy = [ "multi-user.target" ];
systemd.services."serial-getty@ilo".serviceConfig.Restart = "always";
}

29
krebs/2configs/ircd.nix
View file

@ -11,12 +11,12 @@
hello
'';
config = ''
loadmodule "extensions/m_omode";
serverinfo {
name = "${config.krebs.build.host.name}.irc.r";
sid = "1as";
description = "miep!";
network_name = "irc.r";
hub = yes;
vhost = "0.0.0.0";
vhost6 = "::";
@ -26,7 +26,7 @@
#ssl_dh_params = "etc/dh.pem";
#ssld_count = 1;
default_max_clients = 10000;
default_max_clients = 100000;
#nicklen = 30;
};
@ -43,19 +43,31 @@
/* Listen on IPv6 (if you used host= above). */
host = "::";
port = 6667;
sslport = 9999;
sslport = 6697;
};
class "users" {
ping_time = 2 minutes;
number_per_ident = 10;
number_per_ip = 2048;
number_per_ip = 4096;
number_per_ip_global = 4096;
cidr_ipv4_bitlen = 24;
cidr_ipv6_bitlen = 64;
number_per_cidr = 65536;
max_number = 3000;
sendq = 1 megabyte;
max_number = 100000;
sendq = 10 megabyte;
};
privset "op" {
privs = oper:admin;
};
operator "aids" {
user = "*@*";
password = "balls";
flags = ~encrypted;
snomask = "+s";
privset = "op";
};
exempt {
@ -93,12 +105,13 @@
channel_target_change = yes;
disable_local_channels = no;
};
general {
#maybe we want ident someday?
default_floodcount = 1000;
default_floodcount = 10000;
disable_auth = yes;
throttle_duration = 1;
throttle_count = 1000;
throttle_count = 10000;
};
'';
};

164
krebs/2configs/news-spam.nix
View file

@ -1,164 +0,0 @@
{ pkgs, ... }:
{
krebs.newsbot-js.news-spam = {
urlShortenerHost = "go.lassul.us";
feeds = pkgs.writeText "feeds" ''
_aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews
_allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews
_antirez|http://antirez.com/rss|#snews
_archlinux|http://www.archlinux.org/feeds/news/|#snews
_ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#snews
_augustl|http://augustl.com/atom.xml|#snews
_bbc|http://feeds.bbci.co.uk/news/rss.xml|#snews
_bdt_aktuelle_themen|http://www.bundestag.de/blueprint/servlet/service/de/14154/asFeed/index.rss|#snews
_bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#snews
_bdt_plenarproto|http://www.bundestag.de/rss_feeds/plenarprotokolle.rss|#snews
_bdt_pressemitteilungen|http://www.bundestag.de/blueprint/servlet/service/de/273112/asFeed/index.rss|#snews
_bitcoinpakistan|https://bitcoinspakistan.com/feed/|#snews
_cancer|http://feeds.feedburner.com/ncinewsreleases?format=xml|#snews
_carta|http://feeds2.feedburner.com/carta-standard-rss|#snews
_catholic_news|http://feeds.feedburner.com/catholicnewsagency/dailynews|#snews
_cbc_busi|http://rss.cbc.ca/lineup/business.xml|#snews
_cbc_offbeat|http://www.cbc.ca/cmlink/rss-offbeat|#snews
_cbc_pol|http://rss.cbc.ca/lineup/politics.xml|#snews
_cbc_tech|http://rss.cbc.ca/lineup/technology.xml|#snews
_cbc_top|http://rss.cbc.ca/lineup/topstories.xml|#snews
_ccc|http://www.ccc.de/rss/updates.rdf|#snews
_chan_biz|http://boards.4chan.org/biz/index.rss|#snews
_chan_g|http://boards.4chan.org/g/index.rss|#snews
_chan_int|http://boards.4chan.org/int/index.rss|#snews
_chan_sci|http://boards.4chan.org/sci/index.rss|#snews
_chan_x|http://boards.4chan.org/x/index.rss|#snews
_c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#snews
_cryptogon|http://www.cryptogon.com/?feed=rss2|#snews
_csm|http://rss.csmonitor.com/feeds/csm|#snews
_csm_world|http://rss.csmonitor.com/feeds/world|#snews
_danisch|http://www.danisch.de/blog/feed/|#snews
_dod|http://www.defense.gov/news/afps2.xml|#snews
_dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#snews
_ecat|http://ecat.com/feed|#snews
_eia_press|http://www.eia.gov/rss/press_rss.xml|#snews
_eia_today|http://www.eia.gov/rss/todayinenergy.xml|#snews
_embargowatch|https://embargowatch.wordpress.com/feed/|#snews
_ethereum-comments|http://blog.ethereum.org/comments/feed|#snews
_ethereum|http://blog.ethereum.org/feed|#snews
_europa_ric|http://ec.europa.eu/research/infocentre/rss/infocentre-rss.xml|#snews
_eu_survei|http://www.eurosurveillance.org/public/RSSFeed/RSS.aspx|#snews
_exploitdb|http://www.exploit-db.com/rss.xml|#snews
_fars|http://www.farsnews.com/rss.php|#snews #test
_faz_feui|http://www.faz.net/rss/aktuell/feuilleton/|#snews
_faz_politik|http://www.faz.net/rss/aktuell/politik/|#snews
_faz_wirtschaft|http://www.faz.net/rss/aktuell/wirtschaft/|#snews
_fbi|https://www.fbi.gov/news/rss.xml|#snews
_fedreserve|http://www.federalreserve.gov/feeds/press_all.xml|#snews
_fefe|http://blog.fefe.de/rss.xml|#snews
_forbes|http://www.forbes.com/forbes/feed2/|#snews
_forbes_realtime|http://www.forbes.com/real-time/feed2/|#snews
_fox|http://feeds.foxnews.com/foxnews/latest|#snews
_geheimorganisation|http://geheimorganisation.org/feed/|#snews
_GerForPol|http://www.german-foreign-policy.com/de/news/rss-2.0|#snews
_gmanet|http://www.gmanetwork.com/news/rss/news|#snews
_golem|http://rss.golem.de/rss.php|#snews
_google|http://news.google.com/?output=rss|#snews
_greenpeace|http://feeds.feedburner.com/GreenpeaceNews|#snews
_guardian_uk|http://feeds.theguardian.com/theguardian/uk-news/rss|#snews
_gulli|http://ticker.gulli.com/rss/|#snews
_hackernews|https://news.ycombinator.com/rss|#snews
_handelsblatt|http://www.handelsblatt.com/contentexport/feed/schlagzeilen|#snews
_heise|https://www.heise.de/newsticker/heise-atom.xml|#snews
_hindu_business|http://www.thehindubusinessline.com/?service=rss|#snews
_hindu|http://www.thehindu.com/?service=rss|#snews
_ign|http://feeds.ign.com/ign/all|#snews
_independent|http://www.independent.com/rss/headlines/|#snews
_indymedia|https://de.indymedia.org/rss.xml|#snews
_info_libera|http://www.informationliberation.com/rss.xml|#snews
_klagen-gegen-rundfuckbeitrag|http://klagen-gegen-rundfunkbeitrag.blogspot.com/feeds/posts/default|#snews
_korea_herald|http://www.koreaherald.com/rss_xml.php|#snews
_linuxinsider|http://www.linuxinsider.com/perl/syndication/rssfull.pl|#snews
_lisp|http://planet.lisp.org/rss20.xml|#snews
_liveleak|http://www.liveleak.com/rss|#snews
_lolmythesis|http://lolmythesis.com/rss|#snews
_LtU|http://lambda-the-ultimate.org/rss.xml|#snews
_lukepalmer|http://lukepalmer.wordpress.com/feed/|#snews
_mit|http://web.mit.edu/newsoffice/rss-feeds.feed?type=rss|#snews
_mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#snews
_nds|http://www.nachdenkseiten.de/?feed=atom|#snews
_netzpolitik|https://netzpolitik.org/feed/|#snews
_newsbtc|http://newsbtc.com/feed/|#snews
_nnewsg|http://www.net-news-global.net/rss/rssfeed.xml|#snews
_npr_busi|http://www.npr.org/rss/rss.php?id=1006|#snews
_npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#snews
_npr_pol|http://www.npr.org/rss/rss.php?id=1012|#snews
_npr_world|http://www.npr.org/rss/rss.php?id=1004|#snews
_nsa|https://www.nsa.gov/rss.xml|#snews #bullerei
_nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#snews
_painload|https://github.com/krebs/painload/commits/master.atom|#snews
_phys|http://phys.org/rss-feed/|#snews
_piraten|https://www.piratenpartei.de/feed/|#snews
_polizei_berlin|http://www.berlin.de/polizei/presse-fahndung/_rss_presse.xml|#snews
_presse_polizei|http://www.presseportal.de/rss/polizei.rss2|#snews
_presseportal|http://www.presseportal.de/rss/presseportal.rss2|#snews
_prisonplanet|http://prisonplanet.com/feed.rss|#snews
_rawstory|http://www.rawstory.com/rs/feed/|#snews
_reddit_4chan|http://www.reddit.com/r/4chan/new/.rss|#snews
_reddit_anticonsum|http://www.reddit.com/r/Anticonsumption/new/.rss|#snews
_reddit_btc|http://www.reddit.com/r/Bitcoin/new/.rss|#snews
_reddit_consp|http://reddit.com/r/conspiracy/.rss|#snews
_reddit_haskell|http://www.reddit.com/r/haskell/.rss|#snews
_reddit_nix|http://www.reddit.com/r/nixos/.rss|#snews
_reddit_prog|http://www.reddit.com/r/programming/new/.rss|#snews
_reddit_sci|http://www.reddit.com/r/science/.rss|#snews
_reddit_tech|http://www.reddit.com/r/technology/.rss|#snews
_reddit_tpp|http://www.reddit.com/r/twitchplayspokemon/.rss|#snews
_reddit_world|http://www.reddit.com/r/worldnews/.rss|#snews
_r-ethereum|http://www.reddit.com/r/ethereum/.rss|#snews
_reuters|http://feeds.reuters.com/Reuters/worldNews|#snews
_reuters-odd|http://feeds.reuters.com/reuters/oddlyEnoughNews?format=xml|#snews
_rt|http://rt.com/rss/news/|#snews
_schallurauch|http://feeds.feedburner.com/SchallUndRauch|#snews
_sciencemag|http://news.sciencemag.org/rss/current.xml|#snews
_scmp|http://www.scmp.com/rss/91/feed|#snews
_sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#snews
_shackspace|http://shackspace.de/atom.xml|#snews
_shz_news|http://www.shz.de/nachrichten/newsticker/rss|#snews
_sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#snews
_sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#snews
_sky_strange|http://feeds.skynews.com/feeds/rss/strange.xml|#snews
_sky_tech|http://feeds.skynews.com/feeds/rss/technology.xml|#snews
_sky_world|http://feeds.skynews.com/feeds/rss/world.xml|#snews
_slashdot|http://rss.slashdot.org/Slashdot/slashdot|#snews
_slate|http://feeds.slate.com/slate|#snews
_spiegel_eil|http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss|#snews
_spiegel_top|http://www.spiegel.de/schlagzeilen/tops/index.rss|#snews
_standardmedia_ke|http://www.standardmedia.co.ke/rss/headlines.php|#snews
_stern|http://www.stern.de/feed/standard/all/|#snews
_stz|http://www.stuttgarter-zeitung.de/rss/topthemen.rss.feed|#snews
_sz_politik|http://rss.sueddeutsche.de/rss/Politik|#snews
_sz_wirtschaft|http://rss.sueddeutsche.de/rss/Wirtschaft|#snews
_sz_wissen|http://rss.sueddeutsche.de/rss/Wissen|#snews
_tagesschau|http://www.tagesschau.de/newsticker.rdf|#snews
_taz|http://taz.de/Themen-des-Tages/!p15;rss/|#snews
_telegraph|http://www.telegraph.co.uk/rss.xml|#snews
_telepolis|http://www.heise.de/tp/rss/news-atom.xml|#snews
_the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#snews
_tigsource|http://www.tigsource.com/feed/|#snews
_tinc|http://tinc-vpn.org/news/index.rss|#snews
_torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#snews
_torrentfreak|http://feeds.feedburner.com/Torrentfreak|#snews
_torr_news|http://feed.torrentfreak.com/Torrentfreak/|#snews
_travel_warnings|http://feeds.travel.state.gov/ca/travelwarnings-alerts|#snews
_un_afr|http://www.un.org/apps/news/rss/rss_africa.asp|#snews
_un_am|http://www.un.org/apps/news/rss/rss_americas.asp|#snews
_un_eu|http://www.un.org/apps/news/rss/rss_europe.asp|#snews
_un_me|http://www.un.org/apps/news/rss/rss_mideast.asp|#snews
_un_pac|http://www.un.org/apps/news/rss/rss_asiapac.asp|#snews
_un_top|http://www.un.org/apps/news/rss/rss_top.asp|#snews
_us_math_society|http://www.ams.org/cgi-bin/content/news_items.cgi?rss=1|#snews
_vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#snews
_weechat|http://dev.weechat.org/feed/atom|#snews
_xkcd|https://xkcd.com/rss.xml|#snews
_zdnet|http://www.zdnet.com/news/rss.xml|#snews
'';
};
}

51
krebs/2configs/news.nix
View file

@ -1,22 +1,39 @@
{ pkgs, ... }:
{
krebs.newsbot-js.news = {
feeds = pkgs.writeText "feeds" ''
antirez|http://antirez.com/rss|#news
archlinux|http://www.archlinux.org/feeds/news/|#news
ethereum|http://blog.ethereum.org/feed|#news
LtU|http://lambda-the-ultimate.org/rss.xml|#news
mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#news
painload|https://github.com/krebs/painload/commits/master.atom|#news
reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news
reddit_nix|http://www.reddit.com/r/nixos/.rss|#news
shackspace|http://shackspace.de/atom.xml|#news
tinc|http://tinc-vpn.org/news/index.rss|#news
vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news
weechat|http://dev.weechat.org/feed/atom|#news
xkcd|https://xkcd.com/rss.xml|#news
painload|https://github.com/krebs/painload/commits/master.atom|#news
'';
services.rss-bridge = {
enable = true;
whitelist = [ "*" ];
};
services.nginx.virtualHosts = {
rss-bridge = {
serverAliases = [
"rss.r"
];
};
"brockman.r" = {
locations."/".extraConfig = ''
root /var/lib/brockman;
index brockman.json;
'';
};
};
systemd.tmpfiles.rules = [
"d /var/lib/brockman 1750 brockman nginx -"
];
systemd.services.brockman.environment.BROCKMAN_LOG_LEVEL = "DEBUG";
krebs.brockman = {
enable = true;
config = {
irc.host = "localhost";
channel = "#all";
shortener = "http://go.r";
controller = {
nick = "brockman";
channels = [ "#all" ];
};
bots = {};
};
};
}

6
krebs/2configs/shack/gitlab-runner.nix
View file

@ -1,5 +1,6 @@
{ pkgs,lib, ... }:
{
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
services.gitlab-runner = {
enable = true;
services= {
@ -17,6 +18,7 @@
"/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
];
dockerDisableCache = true;
# TODO: use the channel from <stockholm/krebs/nixpkgs.json>
preBuildScript = pkgs.writeScript "setup-container" ''
mkdir -p -m 0755 /nix/var/log/nix/drvs
mkdir -p -m 0755 /nix/var/nix/gcroots
@ -28,9 +30,9 @@
mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
mkdir -p -m 0700 "$HOME/.nix-defexpr"
. ${pkgs.nix}/etc/profile.d/nix.sh
${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [ nix cacert git openssh ])}
${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixpkgs-unstable
${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixos-20.09 nixpkgs
${pkgs.nix}/bin/nix-channel --update nixpkgs
${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [ nix cacert git openssh ])}
'';
environmentVariables = {
ENV = "/etc/profile";

39
krebs/2configs/shack/glados/automation/hass-restart.nix
View file

@ -1,21 +1,24 @@
# needs:
# light.fablab_led
[
{ alias = "State on HA start-up";
trigger = {
platform = "homeassistant";
event = "start";
};
# trigger good/bad air
action = [
{ service = "light.turn_on";
data = {
entity_id = "light.fablab_led";
effect = "Rainbow";
color_name = "purple";
};
}
];
}
]
{
services.home-assistant.config.automation =
[
{ alias = "State on HA start-up";
trigger = {
platform = "homeassistant";
event = "start";
};
# trigger good/bad air
action = [
{ service = "light.turn_on";
data = {
entity_id = "light.fablab_led";
effect = "Rainbow";
color_name = "purple";
};
}
];
}
];
}

45
krebs/2configs/shack/glados/automation/party-time.nix
View file

@ -6,24 +6,27 @@ let
disko_schalter = "switch.lounge_diskoschalter_relay";
player = "media_player.lounge";
in
[
{ alias = "Party um 21 Uhr";
trigger = {
platform = "sun";
event = "sunset";
};
action =
( glados.say.kiosk "Die Sonne geht unter. Und jetzt geht die Party im shack erst richtig los. Partybeleuchtung, aktiviert!" )
++
[
{
service = "homeassistant.turn_on";
entity_id = disko_schalter;
}
{
service = "media_player.turn_on";
data.entity_id = player;
} # TODO: also start playlist if nothing is running?
];
}
]
{
services.home-assistant.config.automation =
[
{ alias = "Party um 21 Uhr";
trigger = {
platform = "sun";
event = "sunset";
};
action =
( glados.say.kiosk "Die Sonne geht unter. Und jetzt geht die Party im shack erst richtig los. Partybeleuchtung, aktiviert!" )
++
[
{
service = "homeassistant.turn_on";
entity_id = disko_schalter;
}
{
service = "media_player.turn_on";
data.entity_id = player;
} # TODO: also start playlist if nothing is running?
];
}
];
}

165
krebs/2configs/shack/glados/automation/shack-startup.nix
View file

@ -13,85 +13,88 @@
let
glados = import ../lib;
in
[
{
alias = "Bedanken bei Übernahme von Key";
initial_state = true;
trigger = {
platform = "state";
entity_id = "sensor.keyholder";
};
condition = {
condition = "template";
value_template = "{{ (trigger.from_state.state != 'No Keyholder') and (trigger.from_state.state != 'No Keyholder') }}";
};
action = glados.say.kiosk "Danke {{ trigger.to_state.state }} für das Übernehmen des Keys von {{ trigger.from_state.state }}";
}
{
alias = "Keyholder Begrüßen wenn MPD hoch fährt";
initial_state = true;
trigger = {
platform = "state";
from = "unavailable";
entity_id = "media_player.kiosk";
};
action = glados.say.kiosk (builtins.readFile ./announcement.j2);
}
{
alias = "Start Music on portal lock on";
trigger = {
platform = "state";
entity_id = "binary_sensor.portal_lock";
to = "on";
for.seconds = 30;
};
condition = {
condition = "and";
conditions =
[
{ # only start if a keyholder opened the door and if the lounge mpd is currently not playing anything
condition = "template";
value_template = "{{ state('sensor.keyholder') != 'No Keyholder' }}";
}
{
condition = "state";
entity_id = "media_player.lounge";
state = "idle";
}
];
};
action = [
{
service = "media_player.volume_set";
data = {
{
services.home-assistant.config.automation =
[
{
alias = "Bedanken bei Übernahme von Key";
initial_state = true;
trigger = {
platform = "state";
entity_id = "sensor.keyholder";
};
condition = {
condition = "template";
value_template = "{{ (trigger.from_state.state != 'No Keyholder') and (trigger.from_state.state != 'No Keyholder') }}";
};
action = glados.say.kiosk "Danke {{ trigger.to_state.state }} für das Übernehmen des Keys von {{ trigger.from_state.state }}";
}
{
alias = "Keyholder Begrüßen wenn MPD hoch fährt";
initial_state = true;
trigger = {
platform = "state";
from = "unavailable";
entity_id = "media_player.kiosk";
};
action = glados.say.kiosk (builtins.readFile ./announcement.j2);
}
{
alias = "Start Music on portal lock on";
trigger = {
platform = "state";
entity_id = "binary_sensor.portal_lock";
to = "on";
for.seconds = 30;
};
condition = {
condition = "and";
conditions =
[
{ # only start if a keyholder opened the door and if the lounge mpd is currently not playing anything
condition = "template";
value_template = "{{ state('sensor.keyholder') != 'No Keyholder' }}";
}
{
condition = "state";
entity_id = "media_player.lounge";
volume_level = 1.0;
};
}
{
service = "media_player.play_media";
data = {
entity_id = "media_player.lounge";
media_content_type = "playlist";
media_content_id = "ansage";
};
}
{ delay.seconds = 8.5; }
{
service = "media_player.volume_set";
data = {
entity_id = "media_player.lounge";
volume_level = 0.6;
};
}
{
service = "media_player.play_media";
data = {
entity_id = "media_player.lounge";
media_content_type = "playlist";
media_content_id = "lassulus";
};
}
];
}
]
state = "idle";
}
];
};
action = [
{
service = "media_player.volume_set";
data = {
entity_id = "media_player.lounge";
volume_level = 1.0;
};
}
{
service = "media_player.play_media";
data = {
entity_id = "media_player.lounge";
media_content_type = "playlist";
media_content_id = "ansage";
};
}
{ delay.seconds = 8.5; }
{
service = "media_player.volume_set";
data = {
entity_id = "media_player.lounge";
volume_level = 0.6;
};
}
{
service = "media_player.play_media";
data = {
entity_id = "media_player.lounge";
media_content_type = "playlist";
media_content_id = "lassulus";
};
}
];
}
];
}

65
krebs/2configs/shack/glados/default.nix
View file

@ -1,9 +1,5 @@
{ config, pkgs, lib, ... }:
let
shackopen = import ./multi/shackopen.nix;
wasser = import ./multi/wasser.nix;
badair = import ./multi/schlechte_luft.nix;
rollos = import ./multi/rollos.nix;
in {
services.nginx.virtualHosts."hass.shack" = {
serverAliases = [ "glados.shack" ];
@ -21,14 +17,28 @@ in {
'';
};
};
imports = [
./multi/shackopen.nix
./multi/wasser.nix
./multi/schlechte_luft.nix
./multi/rollos.nix
./switch/power.nix
./sensors/power.nix
./sensors/mate.nix
./sensors/darksky.nix
./sensors/spaceapi.nix
./sensors/sensemap.nix
./automation/shack-startup.nix
./automation/party-time.nix
./automation/hass-restart.nix
];
services.home-assistant =
{
enable = true;
package = pkgs.home-assistant.override {
extraPackages = ps: with ps; [
python-forecastio jsonrpc-async jsonrpc-websocket mpd2 pkgs.picotts
];
};
autoExtraComponents = true;
config = {
homeassistant = {
@ -85,9 +95,6 @@ in {
retain = true;
};
};
switch =
(import ./switch/power.nix)
;
light = [];
media_player = [
{ platform = "mpd";
@ -100,34 +107,23 @@ in {
}
];
sensor =
(import ./sensors/power.nix)
++ (import ./sensors/mate.nix)
++ (import ./sensors/darksky.nix { inherit lib;})
++ shackopen.sensor
++ wasser.sensor
;
air_quality = (import ./sensors/sensemap.nix );
binary_sensor =
shackopen.binary_sensor
++ (import ./sensors/spaceapi.nix)
;
camera = [];
frontend = { };
config = { };
sun = {};
http = {
base_url = "http://hass.shack";
use_x_forwarded_for = true;
trusted_proxies = "127.0.0.1";
};
#conversation = {};
# history = {};
#logbook = {};
logger.default = "info";
history = {};
logbook = {};
#recorder = {};
logger.default = "info";
tts = [
{ platform = "google_translate";
service_name = "say";
@ -136,15 +132,6 @@ in {
time_memory = 57600;
}
];
sun = {};
automation = wasser.automation
++ badair.automation
++ rollos.automation
++ (import ./automation/shack-startup.nix)
++ (import ./automation/party-time.nix)
++ (import ./automation/hass-restart.nix);
device_tracker = [];
};
};

77
krebs/2configs/shack/glados/multi/rollos.nix
View file

@ -11,46 +11,49 @@ let
];
in
{
automation =
[
{ alias = "Rollos fahren Runter";
trigger = [
{
platform = "numeric_state";
entity_id = tempsensor;
above = 25;
for = "00:30:00";
}
];
condition =
[
services.home-assistant.config =
{
automation =
[
{ alias = "Rollos fahren Runter";
trigger = [
{
condition = "state";
entity_id = "sun.sun";
state = "above_horizon";
}
];
action =
[
{ service = "cover.close_cover";
entity_id = all_covers;
platform = "numeric_state";
entity_id = tempsensor;
above = 25;
for = "00:30:00";
}
];
}
{ alias = "Rollos fahren Hoch";
trigger = [
{
platform = "sun";
event = "sunset";
}
];
condition = [ ];
action =
[
{ service = "cover.open_cover";
entity_id = all_covers;
condition =
[
{
condition = "state";
entity_id = "sun.sun";
state = "above_horizon";
}
];
action =
[
{ service = "cover.close_cover";
entity_id = all_covers;
}
];
}
{ alias = "Rollos fahren Hoch";
trigger = [
{
platform = "sun";
event = "sunset";
}
];
}
];
condition = [ ];
action =
[
{ service = "cover.open_cover";
entity_id = all_covers;
}
];
}
];
};
}

181
krebs/2configs/shack/glados/multi/schlechte_luft.nix
View file

@ -4,103 +4,106 @@ let
ledring = "light.fablab_led_ring";
in
{
automation =
[
{ alias = "Gute Luft Fablab";
trigger = [
{
platform = "numeric_state";
entity_id = feinstaub_sensor;
below = 3;
}
];
action =
[
{ service = "light.turn_on";
data = {
entity_id = ledring;
effect = "Twinkle";
color_name = "green";
};
services.home-assistant.config =
{
automation =
[
{ alias = "Gute Luft Fablab";
trigger = [
{
platform = "numeric_state";
entity_id = feinstaub_sensor;
below = 3;
}
];
}
{ alias = "mäßige Luft Fablab";
trigger = [
{
platform = "numeric_state";
above = 3;
below = 10;
entity_id = feinstaub_sensor;
}
];
action =
[
{ service = "light.turn_on";
data = {
entity_id = ledring;
effect = "Twinkle";
color_name = "yellow";
};
action =
[
{ service = "light.turn_on";
data = {
entity_id = ledring;
effect = "Twinkle";
color_name = "green";
};
}
];
}
{ alias = "mäßige Luft Fablab";
trigger = [
{
platform = "numeric_state";
above = 3;
below = 10;
entity_id = feinstaub_sensor;
}
];
}
{ alias = "schlechte Luft Fablab";
trigger = [
{
platform = "numeric_state";
above = 10;
entity_id = feinstaub_sensor;
}
];
action =
[
{ service = "light.turn_on";
data = {
entity_id = ledring;
effect = "Fireworks";
color_name = "red";
};
action =
[
{ service = "light.turn_on";
data = {
entity_id = ledring;
effect = "Twinkle";
color_name = "yellow";
};
}
];
}
{ alias = "schlechte Luft Fablab";
trigger = [
{
platform = "numeric_state";
above = 10;
entity_id = feinstaub_sensor;
}
];
}
{ alias = "Luft Sensor nicht verfügbar";
trigger = [
{
platform = "state";
to = "unavailable";
entity_id = feinstaub_sensor;
}
];
action =
[
{ service = "light.turn_on";
data = {
entity_id = ledring;
effect = "Rainbow";
color_name = "blue";
};
action =
[
{ service = "light.turn_on";
data = {
entity_id = ledring;
effect = "Fireworks";
color_name = "red";
};
}
];
}
{ alias = "Luft Sensor nicht verfügbar";
trigger = [
{
platform = "state";
to = "unavailable";
entity_id = feinstaub_sensor;
}
];
}
{ alias = "Fablab Licht Reboot";
trigger = [
{
platform = "state";
from = "unavailable";
entity_id = ledring;
}
];
action =
[
{ service = "light.turn_on";
data = {
entity_id = ledring;
effect = "Rainbow";
color_name = "orange";
};
action =
[
{ service = "light.turn_on";
data = {
entity_id = ledring;
effect = "Rainbow";
color_name = "blue";
};
}
];
}
{ alias = "Fablab Licht Reboot";
trigger = [
{
platform = "state";
from = "unavailable";
entity_id = ledring;
}
];
}
];
action =
[
{ service = "light.turn_on";
data = {
entity_id = ledring;
effect = "Rainbow";
color_name = "orange";
};
}
];
}
];
};
}

45
krebs/2configs/shack/glados/multi/shackopen.nix
View file

@ -1,23 +1,26 @@
{
binary_sensor = [
{ platform = "mqtt";
name = "Portal Lock";
device_class = "door";
state_topic = "portal/gateway/status";
availability_topic = "portal/gateway/lwt";
payload_on = "open";
payload_off = "closed";
payload_available = "online";
payload_not_available = "offline";
}
];
sensor = [
{ platform = "mqtt";
name = "Keyholder";
state_topic = "portal/gateway/keyholder";
availability_topic = "portal/gateway/lwt";
payload_available = "online";
payload_not_available = "offline";
}
];
services.home-assistant.config =
{
binary_sensor = [
{ platform = "mqtt";
name = "Portal Lock";
device_class = "door";
state_topic = "portal/gateway/status";
availability_topic = "portal/gateway/lwt";
payload_on = "open";
payload_off = "closed";
payload_available = "online";
payload_not_available = "offline";
}
];
sensor = [
{ platform = "mqtt";
name = "Keyholder";
state_topic = "portal/gateway/keyholder";
availability_topic = "portal/gateway/lwt";
payload_available = "online";
payload_not_available = "offline";
}
];
};
}

181
krebs/2configs/shack/glados/multi/wasser.nix
View file

@ -11,100 +11,103 @@ let
};
in
{
sensor = map ( entity_id: {
platform = "statistics";
name = "Statistics for ${entity_id}";
inherit entity_id;
max_age.minutes = "60";
sampling_size = 1000;
}) ["sensor.crafting_brotbox_soil_moisture"];
services.home-assistant.config =
{
sensor = map ( entity_id: {
platform = "statistics";
name = "Statistics for ${entity_id}";
inherit entity_id;
max_age.minutes = "60";
sampling_size = 1000;
}) ["sensor.crafting_brotbox_soil_moisture"];
automation =
[
### Brotbox #####
#{ alias = "Brotbox: water for ${toString brotbox.minutes} minutes every hour";
# trigger =
# { # Trigger once every hour at :42
# platform = "time_pattern";
# minutes = 42;
# };
# condition = {
# condition = "numeric_state";
# entity_id = brotbox.sensor;
# value_template = "{{ state_attr('${brotbox.sensor}', 'median') }}";
# below = 75;
# };
# action =
# [
# {
# service = "homeassistant.turn_on";
# entity_id = brotbox.pump;
# }
# { delay.minutes = brotbox.minutes; }
# {
# service = "homeassistant.turn_off";
# entity_id = brotbox.pump ;
# }
# ];
#}
{ alias = "Brotbox: Always turn off water after ${toString (brotbox.minutes * 2)} minutes";
trigger =
{
platform = "state";
entity_id = brotbox.pump;
to = "on";
for.minutes = brotbox.minutes*2;
};
action =
{
service = "homeassistant.turn_off";
entity_id = brotbox.pump;
};
}
##### Kaffeemaschine
{ alias = "Water the plant for ${toString seconds} seconds";
trigger = [
{ # trigger at 20:00 no matter what
# TODO: retry or run only if switch.wasser is available
platform = "time";
at = "20:00:00";
}
];
action =
[
{
service = "homeassistant.turn_on";
entity_id = [
wasser
];
}
{ delay.seconds = seconds; }
{
service = "homeassistant.turn_off";
entity_id = [
wasser
];
}
];
}
{ alias = "Always turn off water after ${toString (seconds * 2)}seconds";
trigger = [
automation =
[
### Brotbox #####
#{ alias = "Brotbox: water for ${toString brotbox.minutes} minutes every hour";
# trigger =
# { # Trigger once every hour at :42
# platform = "time_pattern";
# minutes = 42;
# };
# condition = {
# condition = "numeric_state";
# entity_id = brotbox.sensor;
# value_template = "{{ state_attr('${brotbox.sensor}', 'median') }}";
# below = 75;
# };
# action =
# [
# {
# service = "homeassistant.turn_on";
# entity_id = brotbox.pump;
# }
# { delay.minutes = brotbox.minutes; }
# {
# service = "homeassistant.turn_off";
# entity_id = brotbox.pump ;
# }
# ];
#}
{ alias = "Brotbox: Always turn off water after ${toString (brotbox.minutes * 2)} minutes";
trigger =
{
platform = "state";
entity_id = wasser;
entity_id = brotbox.pump;
to = "on";
for.seconds = seconds*2;
}
];
action =
[
for.minutes = brotbox.minutes*2;
};
action =
{
service = "homeassistant.turn_off";
entity_id = [ wasser ];
}
];
}
];
entity_id = brotbox.pump;
};
}
##### Kaffeemaschine
{ alias = "Water the plant for ${toString seconds} seconds";
trigger = [
{ # trigger at 20:00 no matter what
# TODO: retry or run only if switch.wasser is available
platform = "time";
at = "20:00:00";
}
];
action =
[
{
service = "homeassistant.turn_on";
entity_id = [
wasser
];
}
{ delay.seconds = seconds; }
{
service = "homeassistant.turn_off";
entity_id = [
wasser
];
}
];
}
{ alias = "Always turn off water after ${toString (seconds * 2)}seconds";
trigger = [
{
platform = "state";
entity_id = wasser;
to = "on";
for.seconds = seconds*2;
}
];
action =
[
{
service = "homeassistant.turn_off";
entity_id = [ wasser ];
}
];
}
];
};
}

43
krebs/2configs/shack/glados/sensors/darksky.nix
View file

@ -1,21 +1,24 @@
{lib,...}:
[
{ platform = "darksky";
api_key = lib.removeSuffix "\n"
(builtins.readFile <secrets/hass/darksky.apikey>);
language = "de";
monitored_conditions = [
"summary" "icon"
"nearest_storm_distance" "precip_probability"
"precip_intensity"
"temperature" # "temperature_high" "temperature_low"
"apparent_temperature"
"hourly_summary" # next 24 hours text
"humidity"
"pressure"
"uv_index"
];
units = "si" ;
scan_interval = "00:15:00";
}
]
{
services.home-assistant.config.sensor =
[
{ platform = "darksky";
api_key = lib.removeSuffix "\n"
(builtins.readFile <secrets/hass/darksky.apikey>);
language = "de";
monitored_conditions = [
"summary" "icon"
"nearest_storm_distance" "precip_probability"
"precip_intensity"
"temperature" # "temperature_high" "temperature_low"
"apparent_temperature"
"hourly_summary" # next 24 hours text
"humidity"
"pressure"
"uv_index"
];
units = "si" ;
scan_interval = "00:15:00";
}
];
}

20
krebs/2configs/shack/glados/sensors/mate.nix
View file

@ -6,11 +6,15 @@ let
name = "Füllstand ${name}";
value_template = "{{ value_json.fuellstand }}";
};
in [
(fuellstand "Wasser" 1)
(fuellstand "Mate Cola" 2)
(fuellstand "Apfelschorle" 3)
(fuellstand "Zitronensprudel" 4)
(fuellstand "Mate 1" 26)
(fuellstand "Mate 2" 27)
]
in
{
services.home-assistant.config.sensor =
[
(fuellstand "Wasser" 1)
(fuellstand "Mate Cola" 2)
(fuellstand "Apfelschorle" 3)
(fuellstand "Zitronensprudel" 4)
(fuellstand "Mate 1" 26)
(fuellstand "Mate 2" 27)
];
}

5
krebs/2configs/shack/glados/sensors/power.nix
View file

@ -20,7 +20,10 @@ let
power_watt = (power_x "Power") ;
power_curr = power_x "Current";
in
{
services.home-assistant.config.sensor =
(map power_volt [ "L1" "L2" "L3" ])
++ (map (x: ((power_watt x) // { device_class = "power"; })) [ "L1" "L2" "L3" ])
++ (map power_curr [ "L1" "L2" "L3" ])
++ [ power_consumed ]
++ [ power_consumed ];
}

15
krebs/2configs/shack/glados/sensors/sensemap.nix
View file

@ -1,6 +1,9 @@
[
{
platform = "opensensemap";
station_id = "56a0de932cb6e1e41040a68b";
}
]
{
services.home-assistant.config.air_quality =
[
{
platform = "opensensemap";
station_id = "56a0de932cb6e1e41040a68b";
}
];
}

107
krebs/2configs/shack/glados/sensors/spaceapi.nix
View file

@ -1,52 +1,55 @@
[
{
platform = "rest";
resource = "https://spaceapi.afra-berlin.de/v1/status.json";
method = "GET";
name = "Door AFRA Berlin";
device_class = "door";
value_template = "{{ value_json.open }}";
}
{
platform = "rest";
resource = "http://club.entropia.de/spaceapi";
method = "GET";
name = "Door Entropia";
device_class = "door";
value_template = "{{ value_json.open }}";
}
{
platform = "rest";
resource = "http://www.c-base.org/status.json";
method = "GET";
name = "Door C-Base Berlin";
device_class = "door";
value_template = "{{ value_json.open }}";
}
{
platform = "rest";
resource = "https://status.raumzeitlabor.de/api/full.json";
method = "GET";
name = "Door RZL";
device_class = "door";
value_template = "{{ value_json.status }}";
}
{
platform = "rest";
resource = "https://datenobservatorium.de/";
method = "GET";
name = "Door Datenobservatorium";
device_class = "door";
value_template = "false";
scan_interval = 2592000;
}
{
platform = "rest";
resource = "https://infuanfu.de/";
method = "GET";
name = "Door Infuanfu";
device_class = "door";
value_template = "false";
scan_interval = 2592000;
}
]
{
services.home-assistant.config.binary_sensor =
[
{
platform = "rest";
resource = "https://spaceapi.afra-berlin.de/v1/status.json";
method = "GET";
name = "Door AFRA Berlin";
device_class = "door";
value_template = "{{ value_json.open }}";
}
{
platform = "rest";
resource = "http://club.entropia.de/spaceapi";
method = "GET";
name = "Door Entropia";
device_class = "door";
value_template = "{{ value_json.open }}";
}
{
platform = "rest";
resource = "http://www.c-base.org/status.json";
method = "GET";
name = "Door C-Base Berlin";
device_class = "door";
value_template = "{{ value_json.open }}";
}
{
platform = "rest";
resource = "https://status.raumzeitlabor.de/api/full.json";
method = "GET";
name = "Door RZL";
device_class = "door";
value_template = "{{ value_json.status }}";
}
{
platform = "rest";
resource = "https://datenobservatorium.de/";
method = "GET";
name = "Door Datenobservatorium";
device_class = "door";
value_template = "false";
scan_interval = 2592000;
}
{
platform = "rest";
resource = "https://infuanfu.de/";
method = "GET";
name = "Door Infuanfu";
device_class = "door";
value_template = "false";
scan_interval = 2592000;
}
];
}

42
krebs/2configs/shack/glados/switch/power.nix
View file

@ -15,18 +15,30 @@ let
power = nodelight "power";
light = ident: name: { icon = "mdi:lightbulb";} // nodelight "light" ident name;
in
[
(power 1 "Hauptschalter")
(power 2 "Dusche")
(power 3 "Warmwasser")
(power 4 "Optionsräume")
(power 5 "Küche")
(light 1 "Decke Lounge 1")
(light 2 "Decke Lounge 2")
(light 3 "Decke Lounge 3")
(light 4 "Decke Lounge 4")
(light 5 "Decke Lounge 5")
(light 6 "Decke Lounge 6")
(light 7 "Decke Lounge 7")
(light 8 "Decke Lounge 8")
]
{
services.home-assistant.config.switch =
[
# These commands we see with a shutdown:
# power/143/state on
# power/142/state on
# power/141/state on
# power/142/state off
# power/141/state off
# power/10/state off
# power/main/state off
(power "10" "Hauptschalter")
(power 1 "Dusche") # ???
(power 2 "Warmwasser") # ???
(power 3 "Optionsräume") # ???
(power 4 "Küche") # ???
(light 1 "Decke Lounge 1")
(light 2 "Decke Lounge 2")
(light 3 "Decke Lounge 3")
(light 4 "Decke Lounge 4")
(light 5 "Decke Lounge 5")
(light 6 "Decke Lounge 6")
(light 7 "Decke Lounge 7")
(light 8 "Decke Lounge 8")
];
}

13
krebs/2configs/shack/powerraw.nix
View file

@ -8,20 +8,25 @@ let
pkg = pkgs.python3.pkgs.callPackage (
pkgs.fetchgit {
url = "https://git.shackspace.de/rz/powermeter.git";
rev = "96609f0d632e0732afa768ddd7b3f8841ca37c1b";
sha256 = "sha256:0wfpm3ik5r081qv2crmpjwylgg2v8ximq347qh0fzq1rwv0dqbnn";
rev = "438b08f";
sha256 = "0c5czmrwlw985b7ia6077mfrvbf2fq51iajb481pgqbywgxqis5m";
}) {};
in {
# receive response from light.shack / standby.shack
networking.firewall.allowedUDPPorts = [ 11111 ];
users.users.powermeter.extraGroups = [ "dialout" ];
# we make sure that usb-ttl has the correct permissions
# creates /dev/powerraw
services.udev.extraRules = ''
SUBSYSTEM=="tty", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6001", SYMLINK+="powerraw", MODE="0660", GROUP="dialout"
'';
systemd.services.powermeter-serial2mqtt = {
description = "powerraw Serial -> mqtt";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "powermeter";
ExecStart = "${pkg}/bin/powermeter-serial2mqtt";
ExecStart = "${pkg}/bin/powermeter-serial2mqtt /dev/powerraw";
PrivateTmp = true;
Restart = "always";
RestartSec = "15";
@ -67,7 +72,7 @@ in {
};
sensor = "total";
types = [ "Voltage" "Current" "Power" ];
phases = [ 1 2 3 ];
phases = [ "1" "2" "3" ];
in
[ (genTopic "Power consumed" "/power/${sensor}/consumed" { inherit sensor; }) ] ++
(lib.flatten (map (type: (map (phase: (genTopic "Power" "/power/${sensor}/L${toString phase}/${type}" { inherit sensor phase type; }) ) phases)) types));

7
krebs/2configs/shack/prometheus/alert-rules.nix
View file

@ -14,7 +14,7 @@ in {
labels.severity = "warning";
annotations.summary = "{{ $labels.alias }} root disk full";
annotations.url = "http://grafana.shack/d/hb7fSE0Zz/shack-system-dashboard?orgId=1&var-job=node&var-hostname=All&var-node=wolf.shack:9100&var-device=All&var-maxmount=%2F&var-show_hostname=wolf";
annotations.description = ''The root disk of {{ $labels.alias }} has {{ $value | printf "%.2f" }}% free disk space (Threshold at ${disk_free_threshold}%).A vast number of shackspace services will stop working. CI for deploying new configuration will also seize working. Log in to the system and run `nix-collect-garbage -d` and clean up the shack share folder in `/home/share` .If this does not help you can check `du -hs /var/ | sort -h`, run `docker system prune` or if you are really desperate run `du -hs / | sort -h` and go through the folders recursively until you've found something to delete'';
annotations.description = ''The root disk of {{ $labels.alias }} has {{ $value | printf "%.2f" }}% free disk space (Threshold at ${disk_free_threshold}%). CI for deploying new configuration will seize working. Log in to the system and run `nix-collect-garbage -d` and clean up the shack share folder in `/home/share` .If this does not help you can check `du -hs /var/ | sort -h`, run `docker system prune` or if you are really desperate run `du -hs / | sort -h` and go through the folders recursively until you've found something to delete'';
}
{
alert = "RootPartitionFull";
@ -25,14 +25,15 @@ in {
annotations.url = "http://grafana.shack/d/hb7fSE0Zz/shack-system-dashboard?orgId=1&var-job=node&var-hostname=All&var-node=wolf.shack:9100&var-device=All&var-maxmount=%2F&var-show_hostname=puyak";
annotations.description = ''The root disk of {{ $labels.alias }} has {{ $value | printf "%.2f" }}% free disk space (Threshold at ${disk_free_threshold}%).Prometheus will not be able to create new alerts and CI for deploying new configuration will also seize working. Log in to the system and run `nix-collect-garbage -d` and if this does not help you can check `du -hs /var/ | sort -h`, run `docker system prune` or if you are really desperate run `du -hs / | sort -h` and go through the folders recursively until you've found something to delete'';
}
# wolf.shack is not worth supervising anymore
{
alert = "HostDown";
expr = ''up{alias="wolf.shack"} == 0'';
expr = ''up{alias="infra01.shack"} == 0'';
for = "5m";
labels.severity = "page";
annotations.summary = "Instance {{ $labels.alias }} down for 5 minutes";
annotations.url = "http://grafana.shack/d/hb7fSE0Zz/shack-system-dashboard?orgId=1&var-job=node&var-hostname=All&var-node=wolf.shack:9100&var-device=All&var-maxmount=%2F&var-show_hostname=wolf";
annotations.description = ''Host {{ $labels.alias }} went down and has not been reconnected after 5 minutes. This is probably bad news, try to restart the host via naproxen ( http://naproxen.shack:8006 ). Wolf being down means that CI,glados automation, light management and a couple of other services will not work anymore.'';
annotations.description = ''Host {{ $labels.alias }} went down and has not been reconnected after 5 minutes. This is probably bad news, as the machine runs one of the DNS servers and the power broadcast proxy which is used to be able to turn off the light via puyak as well as the shutdown listener.'';
}
];
}

9
krebs/2configs/shack/worlddomination.nix
View file

@ -3,11 +3,11 @@
with import <stockholm/lib>;
let
pkg = pkgs.stdenv.mkDerivation {
name = "worlddomination-2018-04-21";
name = "worlddomination-2020-12-01";
src = pkgs.fetchgit {
url = "https://github.com/shackspace/worlddomination/";
rev = "1b32403b9";
sha256 = "10x7aiil13k3x9wqy95mi1ys999d6fxg5sys3jwv7a1p930gkl1i";
url = "https://git.shackspace.de/rz/worlddomination.git";
rev = "c7aedcde7cd1fcb870b5356a6125e1a384b0776c";
sha256 = "0y6haz5apwa33lz64l7b2x78wrrckbw39j4wzyd1hfk46478xi2y";
};
buildInputs = [
(pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
@ -17,6 +17,7 @@ let
grequests
paramiko
python
setuptools
]))
];
installPhase = ''

34
krebs/3modules/brockman.nix Normal file
View file

@ -0,0 +1,34 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.krebs.brockman;
in {
options.krebs.brockman = {
enable = mkEnableOption "brockman";
config = mkOption { type = types.attrs; }; # TODO make real config here
};
config = mkIf cfg.enable {
users.extraUsers.brockman = {
home = "/var/lib/brockman";
createHome = true;
isNormalUser = false;
};
systemd.services.brockman = {
description = "RSS to IRC broadcaster";
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
serviceConfig = {
Restart = "always";
ExecStart = ''
${pkgs.brockman}/bin/brockman ${pkgs.writeText "brockman.json" (builtins.toJSON cfg.config)}
'';
User = config.users.extraUsers.brockman.name;
PrivateTmp = true;
RuntimeDirectory = "brockman";
WorkingDirectory = "%t/brockman";
};
};
};
}

2
krebs/3modules/default.nix
View file

@ -11,6 +11,7 @@ let
./apt-cacher-ng.nix
./backup.nix
./bepasty-server.nix
./brockman.nix
./buildbot/master.nix
./buildbot/slave.nix
./build.nix
@ -36,7 +37,6 @@ let
./kapacitor.nix
./konsens.nix
./monit.nix
./newsbot-js.nix
./nixpkgs.nix
./on-failure.nix
./os-release.nix

25
krebs/3modules/external/default.nix vendored
View file

@ -579,6 +579,31 @@ in {
};
};
};
karakalpakstan = {
owner = config.krebs.users.xkey;
nets = {
retiolum = {
ip4.addr = "10.243.161.1";
aliases = [ "karakalpakstan.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA45kRCvWIaVteKQiz31AOjkEwHwOns/6SGXYzL5IswoEOT/i/8Ihl
l+ydTMTE28zs1nQp8MUBEdsJF02U8aEjPCyyMtZflZ+uaUAeJ0zAWTcb4AwdSjp+
RKApp+LmVNDyx3W6rIgK7WYLfKhge4nRAlnshpekzaS2j7ccKhZMBIqyntYDJb6K
lE4poAgemMlE0apFV54d3ohWCZurfJ/K6BpsX7h+uwqFPOHi+pD7D/e2dHhSLXtS
0cuFseQwqDF+xd5MAmApHO8w/BEdKWeU19TZmzkC5TlIO1HcknMq4Y8QkzCc5PXb
5WeEdi1CyIGePldFv91LoHepsMV3nrIF7n6ZmdTuxj5GH0A0Zg0z4hrWJuXk64JM
bTpe/rDXWOG0IK0HN4z14ySD8yafLTV4gvH9Mg6jUqyqGfLpIK+o/N7ZavOeVKq5
3Hf9c246v1vhHjnbat5GyY79PmimEvxR51mOItpRoyJYfdSa3KrvUki0MboCiYAU
GKBmEw2BR3eybnejHqvAFov30MkmkOTz3mV/UPKELqhGCQf6UJAKG0GoxGpK3m8k
epNSAKUpj8B7+JM3Ybgl+CoAm/+qu7Ojp5j4Onn0kgB2yXryHJaNOdgraCXI2yzt
/n/eHElmKWoMCXhkV/mee1Cl2Y74XKivM6ov3lLvIDRxdXl46PvBFVkCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
};
users = {
ajs124 = {

96
krebs/3modules/go.nix
View file

@ -13,52 +13,78 @@ let
api = {
enable = mkEnableOption "Enable go url shortener";
port = mkOption {
type = types.str;
default = "1337";
type = types.int;
default = 1337;
description = "on which port go should run on";
};
redisKeyPrefix = mkOption {
type = types.str;
default = "go:";
description = "change the Redis key prefix which defaults to `go:`";
};
};
imp = {
services.redis = {
enable = mkDefault true;
bind = mkDefault "127.0.0.1";
};
krebs.htgen.go = {
port = cfg.port;
script = ''. ${pkgs.writeDash "go" ''
find_item() {
if test ''${#1} -ge 7; then
set -- "$(find "$STATEDIR/items" -mindepth 1 -maxdepth 1 \
-regex "$STATEDIR/items/$1[0-9A-Za-z]*$")"
if test -n "$1" && test $(echo "$1" | wc -l) = 1; then
echo "$1"
return 0
fi
fi
return 1
}
users.extraUsers.go = rec {
name = "go";
uid = genid name;
description = "go url shortener user";
home = "/var/lib/go";
createHome = true;
};
STATEDIR=$HOME
mkdir -p "$STATEDIR/items"
systemd.services.go = {
description = "go url shortener";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
case "$Method $Request_URI" in
"GET /"*)
if item=$(find_item "''${Request_URI#/}"); then
uri=$(cat "$item")
printf 'HTTP/1.1 302 Found\r\n'
printf 'Content-Type: text/plain\r\n'
printf 'Connection: closed\r\n'
printf 'Location: %s\r\n' "$uri"
printf '\r\n'
exit
fi
;;
"POST /")
uri=$(mktemp -t htgen.$$.content.XXXXXXXX)
trap 'rm $uri >&2' EXIT
path = with pkgs; [
go-shortener
];
head -c "$req_content_length" \
| sed 's/+/ /g;s/%\(..\)/\\x\1/g;' \
| xargs -0 echo -e \
| tee /tmp/tee.log \
| ${pkgs.urix}/bin/urix \
| head -1 \
> "$uri"
sha256=$(sha256sum -b "$uri" | cut -d\ -f1)
base32=$(${pkgs.nixStable}/bin/nix-hash --to-base32 --type sha256 "$sha256")
item="$STATEDIR/items/$base32"
ref="http://$req_host/$base32"
environment = {
PORT = cfg.port;
REDIS_KEY_PREFIX = cfg.redisKeyPrefix;
};
if ! test -e "$item"; then
mkdir -v -p "$STATEDIR/items" >&2
cp -v "$uri" "$item" >&2
fi
restartIfChanged = true;
base32short=$(echo "$base32" | cut -b-7)
if item=$(find_item "$base32short"); then
ref="http://$req_host/$base32short"
fi
serviceConfig = {
User = "go";
Restart = "always";
ExecStart = "${pkgs.go-shortener}/bin/go";
};
printf 'HTTP/1.1 200 OK\r\n'
printf 'Content-Type: text/plain; charset=UTF-8\r\n'
printf 'Connection: close\r\n'
printf '\r\n'
printf '%s\n' "$ref"
exit
;;
esac
''}'';
};
};

2
krebs/3modules/krebs/default.nix
View file

@ -128,9 +128,11 @@ in {
ip4.addr = "10.243.77.2";
aliases = [
"puyak.r"
"brockman.r"
"build.puyak.r"
"cgit.puyak.r"
"go.r"
"rss.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----

2
krebs/3modules/lass/default.nix
View file

@ -44,6 +44,7 @@ in {
matrix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
streaming 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
'';
};
nets = rec {
@ -604,6 +605,7 @@ in {
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXS60mmNWMdMRvaPxGn91Cm/hm7zY8xn5rkI4n2KG/f ";
syncthing.id = "JS4RFIL-MJP2SMJ-EOQXCPQ-MC3NB4V-BQ77GN5-LPKGLWY-GHDP732-G22OJQQ";
};
hilum = {
cores = 1;

2
krebs/3modules/makefu/default.nix
View file

@ -243,6 +243,8 @@ in {
"wiki.makefu.r"
"warrior.gum.r"
"sick.makefu.r"
"dl.gum.r"
"dl.makefu.r"
];
};
};

102
krebs/3modules/newsbot-js.nix
View file

@ -1,102 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
cfg = config.krebs.newsbot-js;
enable = cfg != {};
out = {
options.krebs.newsbot-js = api;
config = mkIf enable imp;
};
api = mkOption {
type = types.attrsOf (types.submodule ({ config, ... }: {
options = {
enable = mkEnableOption "Enable krebs newsbot" // { default = true; };
channel = mkOption {
type = types.str;
default = "#${config._module.args.name}";
description = "post the news in this channel";
};
feeds = mkOption {
type = types.path;
description = ''
file with feeds to post
format:
$nick|$feedURI
'';
};
ircServer = mkOption {
type = types.str;
default = "localhost";
description = "to which server the bot should connect";
};
masterNick = mkOption {
type = types.str;
default = config._module.args.name;
description = "nickname of the master bot";
};
package = mkOption {
type = types.package;
default = pkgs.newsbot-js;
description = "newsbot package to use";
};
urlShortenerHost = mkOption {
type = types.str;
default = "go.r";
description = "what server to use for url shortening, host";
};
urlShortenerPort = mkOption {
type = types.str;
default = "80";
description = "what server to use for url shortening, port";
};
};
}));
default = {};
};
imp = {
users.extraUsers.newsbot-js = {
name = "newsbot-js";
uid = genid "newsbot-js";
description = "newsbot-js user";
home = "/var/empty";
};
systemd.services = mapAttrs' (name: newsbot:
nameValuePair "newsbot-${name}" {
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = with pkgs; [
newsbot-js
];
environment = {
irc_server = newsbot.ircServer;
master_nick = newsbot.masterNick;
news_channel = newsbot.channel;
feeds_file = newsbot.feeds;
url_shortener_host = newsbot.urlShortenerHost;
url_shortener_port = newsbot.urlShortenerPort;
};
restartIfChanged = true;
serviceConfig = {
User = "newsbot-js";
Restart = "always";
ExecStart = "${newsbot.package}/bin/newsbot";
WatchdogSec = "86400";
};
}
) cfg;
};
in out

1
krebs/5pkgs/default.nix
View file

@ -13,6 +13,7 @@ foldl' mergeAttrs {}
//
{
brockman = self.haskellPackages.brockman;
reaktor2 = self.haskellPackages.reaktor2;
ReaktorPlugins = self.callPackage ./simple/Reaktor/plugins.nix {};

24
krebs/5pkgs/haskell/brockman.nix Normal file
View file

@ -0,0 +1,24 @@
{ mkDerivation, aeson, aeson-pretty, base, bloomfilter, bytestring
, conduit, containers, directory, feed, filepath, hslogger
, html-entity, http-client, irc-conduit, lens, network
, optparse-applicative, random, safe, stdenv, text, wreq
, fetchFromGitHub
}:
mkDerivation rec {
pname = "brockman";
version = "3.0.0";
src = fetchFromGitHub {
owner = "kmein";
repo = "brockman";
rev = version;
sha256 = "08yla9q2mjd7znpasfwsdqzc3dp2vcvg53x9p4vlx4g7jr3dw3yp";
};
isLibrary = false;
isExecutable = true;
executableHaskellDepends = [
aeson aeson-pretty base bloomfilter bytestring conduit containers
directory feed filepath hslogger html-entity http-client
irc-conduit lens network optparse-applicative random safe text wreq
];
license = stdenv.lib.licenses.mit;
}

56
krebs/5pkgs/simple/go-shortener/default.nix
View file

@ -1,56 +0,0 @@
{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodejs-12_x, pkgs }:
with lib;
let
nodeEnv = import <nixpkgs/pkgs/development/node-packages/node-env.nix> {
inherit (pkgs) stdenv python2 utillinux runCommand writeTextFile;
nodejs = nodejs-12_x;
libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null;
};
node_env = pkgs.buildEnv {
name = "go-node_env";
paths = attrValues (import ./node-packages.nix {
inherit (pkgs) fetchurl fetchgit;
inherit nodeEnv;
});
};
in stdenv.mkDerivation {
packageName = "go";
name = "go-shortener";
version = "0.0.0";
src = fetchgit {
url = "http://cgit.lassul.us/go/";
rev = "05d02740e0adbb36cc461323647f0c1e7f493156";
sha256 = "6015c9a93317375ae8099c7ab982df0aa93a59ec2b48972e253887bb6ca0004f";
};
phases = [
"unpackPhase"
"installPhase"
];
buildInputs = [
nodejs-12_x
makeWrapper
];
installPhase = ''
mkdir -p $out/bin
cp index.js $out/
cat > $out/go << EOF
${nodejs-12_x}/bin/node $out/index.js
EOF
chmod +x $out/go
wrapProgram $out/go \
--prefix NODE_PATH : ${node_env}/lib/node_modules
ln -s $out/go /$out/bin/go
'';
}

88
krebs/5pkgs/simple/go-shortener/node-packages.nix
View file

@ -1,88 +0,0 @@
# This file has been generated by node2nix 1.7.0. Do not edit!
{nodeEnv, fetchurl, fetchgit, globalBuildInputs ? []}:
let
sources = {
"denque-1.4.1" = {
name = "denque";
packageName = "denque";
version = "1.4.1";
src = fetchurl {
url = "https://registry.npmjs.org/denque/-/denque-1.4.1.tgz";
sha512 = "OfzPuSZKGcgr96rf1oODnfjqBFmr1DVoc/TrItj3Ohe0Ah1C5WX5Baquw/9U9KovnQ88EqmJbD66rKYUQYN1tQ==";
};
};
"redis-commands-1.5.0" = {
name = "redis-commands";
packageName = "redis-commands";
version = "1.5.0";
src = fetchurl {
url = "https://registry.npmjs.org/redis-commands/-/redis-commands-1.5.0.tgz";
sha512 = "6KxamqpZ468MeQC3bkWmCB1fp56XL64D4Kf0zJSwDZbVLLm7KFkoIcHrgRvQ+sk8dnhySs7+yBg94yIkAK7aJg==";
};
};
"redis-errors-1.2.0" = {
name = "redis-errors";
packageName = "redis-errors";
version = "1.2.0";
src = fetchurl {
url = "https://registry.npmjs.org/redis-errors/-/redis-errors-1.2.0.tgz";
sha1 = "eb62d2adb15e4eaf4610c04afe1529384250abad";
};
};
"redis-parser-3.0.0" = {
name = "redis-parser";
packageName = "redis-parser";
version = "3.0.0";
src = fetchurl {
url = "https://registry.npmjs.org/redis-parser/-/redis-parser-3.0.0.tgz";
sha1 = "b66d828cdcafe6b4b8a428a7def4c6bcac31c8b4";
};
};
};
in
{
formidable = nodeEnv.buildNodePackage {
name = "formidable";
packageName = "formidable";
version = "1.2.2";
src = fetchurl {
url = "https://registry.npmjs.org/formidable/-/formidable-1.2.2.tgz";
sha512 = "V8gLm+41I/8kguQ4/o1D3RIHRmhYFG4pnNyonvua+40rqcEmT4+V71yaZ3B457xbbgCsCfjSPi65u/W6vK1U5Q==";
};
buildInputs = globalBuildInputs;
meta = {
description = "A node.js module for parsing form data, especially file uploads.";
homepage = https://github.com/node-formidable/formidable;
license = "MIT";
};
production = true;
bypassCache = true;
reconstructLock = true;
};
redis = nodeEnv.buildNodePackage {
name = "redis";
packageName = "redis";
version = "3.0.2";
src = fetchurl {
url = "https://registry.npmjs.org/redis/-/redis-3.0.2.tgz";
sha512 = "PNhLCrjU6vKVuMOyFu7oSP296mwBkcE6lrAjruBYG5LgdSqtRBoVQIylrMyVZD/lkF24RSNNatzvYag6HRBHjQ==";
};
dependencies = [
sources."denque-1.4.1"
sources."redis-commands-1.5.0"
sources."redis-errors-1.2.0"
sources."redis-parser-3.0.0"
];
buildInputs = globalBuildInputs;
meta = {
description = "A high performance Redis client.";
homepage = https://github.com/NodeRedis/node-redis;
license = "MIT";
};
production = true;
bypassCache = true;
reconstructLock = true;
};
}

4
krebs/5pkgs/simple/go-shortener/pkgs.json
View file

@ -1,4 +0,0 @@
[
"formidable",
"redis"
]

4
krebs/5pkgs/simple/go-shortener/update.sh
View file

@ -1,4 +0,0 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash -p nodePackages_10_x.node2nix
node2nix -10 -i pkgs.json -c combine.nix
rm node-env.nix combine.nix

58
krebs/5pkgs/simple/newsbot-js/default.nix
View file

@ -1,58 +0,0 @@
{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodejs, pkgs, icu }:
with lib;
let
nodeEnv = import <nixpkgs/pkgs/development/node-packages/node-env.nix> {
inherit (pkgs) stdenv python2 utillinux runCommand writeTextFile;
nodejs = nodejs;
libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null;
};
node_env = pkgs.buildEnv {
name = "go-node_env";
paths = attrValues (import ./node-packages.nix {
inherit (pkgs) fetchurl fetchgit;
inherit nodeEnv;
globalBuildInputs = [
icu.dev
];
});
};
in stdenv.mkDerivation {
name = "newsbot-js";
src = fetchgit {
url = "http://cgit.prism/newsbot-js/";
rev = "09e01639be4ea9691cf5b33f7d9057b68ac98079";
sha256 = "28ffbed66c2efcd194c47823c7d5d5533c80852fc0cf9d9d4ee609c71d50c142";
};
phases = [
"unpackPhase"
"installPhase"
];
buildInputs = [
nodejs
makeWrapper
];
installPhase = ''
mkdir -p $out/bin
cp newsbot.js $out/
cat > $out/newsbot << EOF
${nodejs}/bin/node $out/newsbot.js
EOF
chmod +x $out/newsbot
wrapProgram $out/newsbot \
--prefix NODE_PATH : ${node_env}/lib/node_modules
ln -s $out/newsbot /$out/bin/newsbot
'';
}

777
krebs/5pkgs/simple/newsbot-js/node-packages.nix
View file

@ -1,777 +0,0 @@
# This file has been generated by node2nix 1.7.0. Do not edit!
{nodeEnv, fetchurl, fetchgit, globalBuildInputs ? []}:
let
sources = {
"addressparser-1.0.1" = {
name = "addressparser";
packageName = "addressparser";
version = "1.0.1";
src = fetchurl {
url = "https://registry.npmjs.org/addressparser/-/addressparser-1.0.1.tgz";
sha1 = "47afbe1a2a9262191db6838e4fd1d39b40821746";
};
};
"ajv-6.10.2" = {
name = "ajv";
packageName = "ajv";
version = "6.10.2";
src = fetchurl {
url = "https://registry.npmjs.org/ajv/-/ajv-6.10.2.tgz";
sha512 = "TXtUUEYHuaTEbLZWIKUr5pmBuhDLy+8KYtPYdcV8qC+pOZL+NKqYwvWSRrVXHn+ZmRRAu8vJTAznH7Oag6RVRw==";
};
};
"array-indexofobject-0.0.1" = {
name = "array-indexofobject";
packageName = "array-indexofobject";
version = "0.0.1";
src = fetchurl {
url = "https://registry.npmjs.org/array-indexofobject/-/array-indexofobject-0.0.1.tgz";
sha1 = "aaa128e62c9b3c358094568c219ff64fe489d42a";
};
};
"asn1-0.2.4" = {
name = "asn1";
packageName = "asn1";
version = "0.2.4";
src = fetchurl {
url = "https://registry.npmjs.org/asn1/-/asn1-0.2.4.tgz";
sha512 = "jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg==";
};
};
"assert-plus-1.0.0" = {
name = "assert-plus";
packageName = "assert-plus";
version = "1.0.0";
src = fetchurl {
url = "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz";
sha1 = "f12e0f3c5d77b0b1cdd9146942e4e96c1e4dd525";
};
};
"asynckit-0.4.0" = {
name = "asynckit";
packageName = "asynckit";
version = "0.4.0";
src = fetchurl {
url = "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz";
sha1 = "c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79";
};
};
"aws-sign2-0.7.0" = {
name = "aws-sign2";
packageName = "aws-sign2";
version = "0.7.0";
src = fetchurl {
url = "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.7.0.tgz";
sha1 = "b46e890934a9591f2d2f6f86d7e6a9f1b3fe76a8";
};
};
"aws4-1.8.0" = {
name = "aws4";
packageName = "aws4";
version = "1.8.0";
src = fetchurl {
url = "https://registry.npmjs.org/aws4/-/aws4-1.8.0.tgz";
sha512 = "ReZxvNHIOv88FlT7rxcXIIC0fPt4KZqZbOlivyWtXLt8ESx84zd3kMC6iK5jVeS2qt+g7ftS7ye4fi06X5rtRQ==";
};
};
"bcrypt-pbkdf-1.0.2" = {
name = "bcrypt-pbkdf";
packageName = "bcrypt-pbkdf";
version = "1.0.2";
src = fetchurl {
url = "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz";
sha1 = "a4301d389b6a43f9b67ff3ca11a3f6637e360e9e";
};
};
"caseless-0.12.0" = {
name = "caseless";
packageName = "caseless";
version = "0.12.0";
src = fetchurl {
url = "https://registry.npmjs.org/caseless/-/caseless-0.12.0.tgz";
sha1 = "1b681c21ff84033c826543090689420d187151dc";
};
};
"combined-stream-1.0.8" = {
name = "combined-stream";
packageName = "combined-stream";
version = "1.0.8";
src = fetchurl {
url = "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz";
sha512 = "FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==";
};
};
"core-util-is-1.0.2" = {
name = "core-util-is";
packageName = "core-util-is";
version = "1.0.2";
src = fetchurl {
url = "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz";
sha1 = "b5fd54220aa2bc5ab57aab7140c940754503c1a7";
};
};
"dashdash-1.14.1" = {
name = "dashdash";
packageName = "dashdash";
version = "1.14.1";
src = fetchurl {
url = "https://registry.npmjs.org/dashdash/-/dashdash-1.14.1.tgz";
sha1 = "853cfa0f7cbe2fed5de20326b8dd581035f6e2f0";
};
};
"delayed-stream-1.0.0" = {
name = "delayed-stream";
packageName = "delayed-stream";
version = "1.0.0";
src = fetchurl {
url = "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz";
sha1 = "df3ae199acadfb7d440aaae0b29e2272b24ec619";
};
};
"ecc-jsbn-0.1.2" = {
name = "ecc-jsbn";
packageName = "ecc-jsbn";
version = "0.1.2";
src = fetchurl {
url = "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz";
sha1 = "3a83a904e54353287874c564b7549386849a98c9";
};
};
"extend-3.0.2" = {
name = "extend";
packageName = "extend";
version = "3.0.2";
src = fetchurl {
url = "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz";
sha512 = "fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==";
};
};
"extsprintf-1.3.0" = {
name = "extsprintf";
packageName = "extsprintf";
version = "1.3.0";
src = fetchurl {
url = "https://registry.npmjs.org/extsprintf/-/extsprintf-1.3.0.tgz";
sha1 = "96918440e3041a7a414f8c52e3c574eb3c3e1e05";
};
};
"fast-deep-equal-2.0.1" = {
name = "fast-deep-equal";
packageName = "fast-deep-equal";
version = "2.0.1";
src = fetchurl {
url = "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-2.0.1.tgz";
sha1 = "7b05218ddf9667bf7f370bf7fdb2cb15fdd0aa49";
};
};
"fast-json-stable-stringify-2.0.0" = {
name = "fast-json-stable-stringify";
packageName = "fast-json-stable-stringify";
version = "2.0.0";
src = fetchurl {
url = "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.0.0.tgz";
sha1 = "d5142c0caee6b1189f87d3a76111064f86c8bbf2";
};
};
"forever-agent-0.6.1" = {
name = "forever-agent";
packageName = "forever-agent";
version = "0.6.1";
src = fetchurl {
url = "https://registry.npmjs.org/forever-agent/-/forever-agent-0.6.1.tgz";
sha1 = "fbc71f0c41adeb37f96c577ad1ed42d8fdacca91";
};
};
"form-data-2.3.3" = {
name = "form-data";
packageName = "form-data";
version = "2.3.3";
src = fetchurl {
url = "https://registry.npmjs.org/form-data/-/form-data-2.3.3.tgz";
sha512 = "1lLKB2Mu3aGP1Q/2eCOx0fNbRMe7XdwktwOruhfqqd0rIJWwN4Dh+E3hrPSlDCXnSR7UtZ1N38rVXm+6+MEhJQ==";
};
};
"getpass-0.1.7" = {
name = "getpass";
packageName = "getpass";
version = "0.1.7";
src = fetchurl {
url = "https://registry.npmjs.org/getpass/-/getpass-0.1.7.tgz";
sha1 = "5eff8e3e684d569ae4cb2b1282604e8ba62149fa";
};
};
"har-schema-2.0.0" = {
name = "har-schema";
packageName = "har-schema";
version = "2.0.0";
src = fetchurl {
url = "https://registry.npmjs.org/har-schema/-/har-schema-2.0.0.tgz";
sha1 = "a94c2224ebcac04782a0d9035521f24735b7ec92";
};
};
"har-validator-5.1.3" = {
name = "har-validator";
packageName = "har-validator";
version = "5.1.3";
src = fetchurl {
url = "https://registry.npmjs.org/har-validator/-/har-validator-5.1.3.tgz";
sha512 = "sNvOCzEQNr/qrvJgc3UG/kD4QtlHycrzwS+6mfTrrSq97BvaYcPZZI1ZSqGSPR73Cxn4LKTD4PttRwfU7jWq5g==";
};
};
"http-signature-1.2.0" = {
name = "http-signature";
packageName = "http-signature";
version = "1.2.0";
src = fetchurl {
url = "https://registry.npmjs.org/http-signature/-/http-signature-1.2.0.tgz";
sha1 = "9aecd925114772f3d95b65a60abb8f7c18fbace1";
};
};
"iconv-2.2.3" = {
name = "iconv";
packageName = "iconv";
version = "2.2.3";
src = fetchurl {
url = "https://registry.npmjs.org/iconv/-/iconv-2.2.3.tgz";
sha1 = "e084d60eeb7d73da7f0a9c096e4c8abe090bfaed";
};
};
"inherits-2.0.4" = {
name = "inherits";
packageName = "inherits";
version = "2.0.4";
src = fetchurl {
url = "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz";
sha512 = "k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==";
};
};
"irc-colors-1.5.0" = {
name = "irc-colors";
packageName = "irc-colors";
version = "1.5.0";
src = fetchurl {
url = "https://registry.npmjs.org/irc-colors/-/irc-colors-1.5.0.tgz";
sha512 = "HtszKchBQTcqw1DC09uD7i7vvMayHGM1OCo6AHt5pkgZEyo99ClhHTMJdf+Ezc9ovuNNxcH89QfyclGthjZJOw==";
};
};
"is-typedarray-1.0.0" = {
name = "is-typedarray";
packageName = "is-typedarray";
version = "1.0.0";
src = fetchurl {
url = "https://registry.npmjs.org/is-typedarray/-/is-typedarray-1.0.0.tgz";
sha1 = "e479c80858df0c1b11ddda6940f96011fcda4a9a";
};
};
"isarray-1.0.0" = {
name = "isarray";
packageName = "isarray";
version = "1.0.0";
src = fetchurl {
url = "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz";
sha1 = "bb935d48582cba168c06834957a54a3e07124f11";
};
};
"isstream-0.1.2" = {
name = "isstream";
packageName = "isstream";
version = "0.1.2";
src = fetchurl {
url = "https://registry.npmjs.org/isstream/-/isstream-0.1.2.tgz";
sha1 = "47e63f7af55afa6f92e1500e690eb8b8529c099a";
};
};
"jsbn-0.1.1" = {
name = "jsbn";
packageName = "jsbn";
version = "0.1.1";
src = fetchurl {
url = "https://registry.npmjs.org/jsbn/-/jsbn-0.1.1.tgz";
sha1 = "a5e654c2e5a2deb5f201d96cefbca80c0ef2f513";
};
};
"json-schema-0.2.3" = {
name = "json-schema";
packageName = "json-schema";
version = "0.2.3";
src = fetchurl {
url = "https://registry.npmjs.org/json-schema/-/json-schema-0.2.3.tgz";
sha1 = "b480c892e59a2f05954ce727bd3f2a4e882f9e13";
};
};
"json-schema-traverse-0.4.1" = {
name = "json-schema-traverse";
packageName = "json-schema-traverse";
version = "0.4.1";
src = fetchurl {
url = "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz";
sha512 = "xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==";
};
};
"json-stringify-safe-5.0.1" = {
name = "json-stringify-safe";
packageName = "json-stringify-safe";
version = "5.0.1";
src = fetchurl {
url = "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz";
sha1 = "1296a2d58fd45f19a0f6ce01d65701e2c735b6eb";
};
};
"jsprim-1.4.1" = {
name = "jsprim";
packageName = "jsprim";
version = "1.4.1";
src = fetchurl {
url = "https://registry.npmjs.org/jsprim/-/jsprim-1.4.1.tgz";
sha1 = "313e66bc1e5cc06e438bc1b7499c2e5c56acb6a2";
};
};
"lodash.assign-4.2.0" = {
name = "lodash.assign";
packageName = "lodash.assign";
version = "4.2.0";
src = fetchurl {
url = "https://registry.npmjs.org/lodash.assign/-/lodash.assign-4.2.0.tgz";
sha1 = "0d99f3ccd7a6d261d19bdaeb9245005d285808e7";
};
};
"lodash.get-4.4.2" = {
name = "lodash.get";
packageName = "lodash.get";
version = "4.4.2";
src = fetchurl {
url = "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz";
sha1 = "2d177f652fa31e939b4438d5341499dfa3825e99";
};
};
"lodash.has-4.5.2" = {
name = "lodash.has";
packageName = "lodash.has";
version = "4.5.2";
src = fetchurl {
url = "https://registry.npmjs.org/lodash.has/-/lodash.has-4.5.2.tgz";
sha1 = "d19f4dc1095058cccbe2b0cdf4ee0fe4aa37c862";
};
};
"lodash.uniq-4.5.0" = {
name = "lodash.uniq";
packageName = "lodash.uniq";
version = "4.5.0";
src = fetchurl {
url = "https://registry.npmjs.org/lodash.uniq/-/lodash.uniq-4.5.0.tgz";
sha1 = "d0225373aeb652adc1bc82e4945339a842754773";
};
};
"mime-db-1.42.0" = {
name = "mime-db";
packageName = "mime-db";
version = "1.42.0";
src = fetchurl {
url = "https://registry.npmjs.org/mime-db/-/mime-db-1.42.0.tgz";
sha512 = "UbfJCR4UAVRNgMpfImz05smAXK7+c+ZntjaA26ANtkXLlOe947Aag5zdIcKQULAiF9Cq4WxBi9jUs5zkA84bYQ==";
};
};
"mime-types-2.1.25" = {
name = "mime-types";
packageName = "mime-types";
version = "2.1.25";
src = fetchurl {
url = "https://registry.npmjs.org/mime-types/-/mime-types-2.1.25.tgz";
sha512 = "5KhStqB5xpTAeGqKBAMgwaYMnQik7teQN4IAzC7npDv6kzeU6prfkR67bc87J1kWMPGkoaZSq1npmexMgkmEVg==";
};
};
"mri-1.1.4" = {
name = "mri";
packageName = "mri";
version = "1.1.4";
src = fetchurl {
url = "https://registry.npmjs.org/mri/-/mri-1.1.4.tgz";
sha512 = "6y7IjGPm8AzlvoUrwAaw1tLnUBudaS3752vcd8JtrpGGQn+rXIe63LFVHm/YMwtqAuh+LJPCFdlLYPWM1nYn6w==";
};
};
"nan-2.14.0" = {
name = "nan";
packageName = "nan";
version = "2.14.0";
src = fetchurl {
url = "https://registry.npmjs.org/nan/-/nan-2.14.0.tgz";
sha512 = "INOFj37C7k3AfaNTtX8RhsTw7qRy7eLET14cROi9+5HAVbbHuIWUHEauBv5qT4Av2tWasiTY1Jw6puUNqRJXQg==";
};
};
"node-icu-charset-detector-0.2.0" = {
name = "node-icu-charset-detector";
packageName = "node-icu-charset-detector";
version = "0.2.0";
src = fetchurl {
url = "https://registry.npmjs.org/node-icu-charset-detector/-/node-icu-charset-detector-0.2.0.tgz";
sha1 = "c2320da374ddcb671fc54cb4a0e041e156ffd639";
};
};
"oauth-sign-0.9.0" = {
name = "oauth-sign";
packageName = "oauth-sign";
version = "0.9.0";
src = fetchurl {
url = "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.9.0.tgz";
sha512 = "fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ==";
};
};
"performance-now-2.1.0" = {
name = "performance-now";
packageName = "performance-now";
version = "2.1.0";
src = fetchurl {
url = "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz";
sha1 = "6309f4e0e5fa913ec1c69307ae364b4b377c9e7b";
};
};
"process-nextick-args-2.0.1" = {
name = "process-nextick-args";
packageName = "process-nextick-args";
version = "2.0.1";
src = fetchurl {
url = "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz";
sha512 = "3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==";
};
};
"psl-1.4.0" = {
name = "psl";
packageName = "psl";
version = "1.4.0";
src = fetchurl {
url = "https://registry.npmjs.org/psl/-/psl-1.4.0.tgz";
sha512 = "HZzqCGPecFLyoRj5HLfuDSKYTJkAfB5thKBIkRHtGjWwY7p1dAyveIbXIq4tO0KYfDF2tHqPUgY9SDnGm00uFw==";
};
};
"punycode-1.4.1" = {
name = "punycode";
packageName = "punycode";
version = "1.4.1";
src = fetchurl {
url = "https://registry.npmjs.org/punycode/-/punycode-1.4.1.tgz";
sha1 = "c0d5a63b2718800ad8e1eb0fa5269c84dd41845e";
};
};
"punycode-2.1.1" = {
name = "punycode";
packageName = "punycode";
version = "2.1.1";
src = fetchurl {
url = "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz";
sha512 = "XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==";
};
};
"qs-6.5.2" = {
name = "qs";
packageName = "qs";
version = "6.5.2";
src = fetchurl {
url = "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz";
sha512 = "N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA==";
};
};
"readable-stream-2.3.6" = {
name = "readable-stream";
packageName = "readable-stream";
version = "2.3.6";
src = fetchurl {
url = "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz";
sha512 = "tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==";
};
};
"safe-buffer-5.1.2" = {
name = "safe-buffer";
packageName = "safe-buffer";
version = "5.1.2";
src = fetchurl {
url = "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz";
sha512 = "Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==";
};
};
"safe-buffer-5.2.0" = {
name = "safe-buffer";
packageName = "safe-buffer";
version = "5.2.0";
src = fetchurl {
url = "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.0.tgz";
sha512 = "fZEwUGbVl7kouZs1jCdMLdt95hdIv0ZeHg6L7qPeciMZhZ+/gdesW4wgTARkrFWEpspjEATAzUGPG8N2jJiwbg==";
};
};
"safer-buffer-2.1.2" = {
name = "safer-buffer";
packageName = "safer-buffer";
version = "2.1.2";
src = fetchurl {
url = "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz";
sha512 = "YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==";
};
};
"sax-1.2.4" = {
name = "sax";
packageName = "sax";
version = "1.2.4";
src = fetchurl {
url = "https://registry.npmjs.org/sax/-/sax-1.2.4.tgz";
sha512 = "NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw==";
};
};
"sshpk-1.16.1" = {
name = "sshpk";
packageName = "sshpk";
version = "1.16.1";
src = fetchurl {
url = "https://registry.npmjs.org/sshpk/-/sshpk-1.16.1.tgz";
sha512 = "HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg==";
};
};
"string_decoder-1.1.1" = {
name = "string_decoder";
packageName = "string_decoder";
version = "1.1.1";
src = fetchurl {
url = "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz";
sha512 = "n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==";
};
};
"tough-cookie-2.4.3" = {
name = "tough-cookie";
packageName = "tough-cookie";
version = "2.4.3";
src = fetchurl {
url = "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.4.3.tgz";
sha512 = "Q5srk/4vDM54WJsJio3XNn6K2sCG+CQ8G5Wz6bZhRZoAe/+TxjWB/GlFAnYEbkYVlON9FMk/fE3h2RLpPXo4lQ==";
};
};
"tunnel-agent-0.6.0" = {
name = "tunnel-agent";
packageName = "tunnel-agent";
version = "0.6.0";
src = fetchurl {
url = "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz";
sha1 = "27a5dea06b36b04a0a9966774b290868f0fc40fd";
};
};
"tweetnacl-0.14.5" = {
name = "tweetnacl";
packageName = "tweetnacl";
version = "0.14.5";
src = fetchurl {
url = "https://registry.npmjs.org/tweetnacl/-/tweetnacl-0.14.5.tgz";
sha1 = "5ae68177f192d4456269d108afa93ff8743f4f64";
};
};
"uri-js-4.2.2" = {
name = "uri-js";
packageName = "uri-js";
version = "4.2.2";
src = fetchurl {
url = "https://registry.npmjs.org/uri-js/-/uri-js-4.2.2.tgz";
sha512 = "KY9Frmirql91X2Qgjry0Wd4Y+YTdrdZheS8TFwvkbLWf/G5KNJDCh6pKL5OZctEW4+0Baa5idK2ZQuELRwPznQ==";
};
};
"util-deprecate-1.0.2" = {
name = "util-deprecate";
packageName = "util-deprecate";
version = "1.0.2";
src = fetchurl {
url = "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz";
sha1 = "450d4dc9fa70de732762fbd2d4a28981419a0ccf";
};
};
"uuid-3.3.3" = {
name = "uuid";
packageName = "uuid";
version = "3.3.3";
src = fetchurl {
url = "https://registry.npmjs.org/uuid/-/uuid-3.3.3.tgz";
sha512 = "pW0No1RGHgzlpHJO1nsVrHKpOEIxkGg1xB+v0ZmdNH5OAeAwzAVrCnI2/6Mtx+Uys6iaylxa+D3g4j63IKKjSQ==";
};
};
"verror-1.10.0" = {
name = "verror";
packageName = "verror";
version = "1.10.0";
src = fetchurl {
url = "https://registry.npmjs.org/verror/-/verror-1.10.0.tgz";
sha1 = "3a105ca17053af55d6e270c1f8288682e18da400";
};
};
};
in
{
feedparser = nodeEnv.buildNodePackage {
name = "feedparser";
packageName = "feedparser";
version = "2.2.9";
src = fetchurl {
url = "https://registry.npmjs.org/feedparser/-/feedparser-2.2.9.tgz";
sha1 = "9138197dafdae05fcadde0036beeaf6066c2c5e9";
};
dependencies = [
sources."addressparser-1.0.1"
sources."array-indexofobject-0.0.1"
sources."core-util-is-1.0.2"
sources."inherits-2.0.4"
sources."isarray-1.0.0"
sources."lodash.assign-4.2.0"
sources."lodash.get-4.4.2"
sources."lodash.has-4.5.2"
sources."lodash.uniq-4.5.0"
sources."mri-1.1.4"
sources."process-nextick-args-2.0.1"
sources."readable-stream-2.3.6"
sources."safe-buffer-5.1.2"
sources."sax-1.2.4"
sources."string_decoder-1.1.1"
sources."util-deprecate-1.0.2"
];
buildInputs = globalBuildInputs;
meta = {
description = "Robust RSS Atom and RDF feed parsing using sax js";
homepage = http://github.com/danmactough/node-feedparser;
license = "MIT";
};
production = true;
bypassCache = true;
reconstructLock = true;
};
form-data = nodeEnv.buildNodePackage {
name = "form-data";
packageName = "form-data";
version = "3.0.0";
src = fetchurl {
url = "https://registry.npmjs.org/form-data/-/form-data-3.0.0.tgz";
sha512 = "CKMFDglpbMi6PyN+brwB9Q/GOw0eAnsrEZDgcsH5Krhz5Od/haKHAX0NmQfha2zPPz0JpWzA7GJHGSnvCRLWsg==";
};
dependencies = [
sources."asynckit-0.4.0"
sources."combined-stream-1.0.8"
sources."delayed-stream-1.0.0"
sources."mime-db-1.42.0"
sources."mime-types-2.1.25"
];
buildInputs = globalBuildInputs;
meta = {
description = "A library to create readable \"multipart/form-data\" streams. Can be used to submit forms and file uploads to other web applications.";
homepage = "https://github.com/form-data/form-data#readme";
license = "MIT";
};
production = true;
bypassCache = true;
reconstructLock = true;
};
irc = nodeEnv.buildNodePackage {
name = "irc";
packageName = "irc";
version = "0.5.2";
src = fetchurl {
url = "https://registry.npmjs.org/irc/-/irc-0.5.2.tgz";
sha1 = "3714f4768365a96d0b2f776bc91166beb2464bbc";
};
dependencies = [
sources."iconv-2.2.3"
sources."irc-colors-1.5.0"
sources."nan-2.14.0"
sources."node-icu-charset-detector-0.2.0"
];
buildInputs = globalBuildInputs;
meta = {
description = "An IRC client library for node";
homepage = "https://github.com/martynsmith/node-irc#readme";
license = "GPL-3.0";
};
production = true;
bypassCache = true;
reconstructLock = true;
};
request = nodeEnv.buildNodePackage {
name = "request";
packageName = "request";
version = "2.88.0";
src = fetchurl {
url = "https://registry.npmjs.org/request/-/request-2.88.0.tgz";
sha512 = "NAqBSrijGLZdM0WZNsInLJpkJokL72XYjUpnB0iwsRgxh7dB6COrHnTBNwN0E+lHDAJzu7kLAkDeY08z2/A0hg==";
};
dependencies = [
sources."ajv-6.10.2"
sources."asn1-0.2.4"
sources."assert-plus-1.0.0"
sources."asynckit-0.4.0"
sources."aws-sign2-0.7.0"
sources."aws4-1.8.0"
sources."bcrypt-pbkdf-1.0.2"
sources."caseless-0.12.0"
sources."combined-stream-1.0.8"
sources."core-util-is-1.0.2"
sources."dashdash-1.14.1"
sources."delayed-stream-1.0.0"
sources."ecc-jsbn-0.1.2"
sources."extend-3.0.2"
sources."extsprintf-1.3.0"
sources."fast-deep-equal-2.0.1"
sources."fast-json-stable-stringify-2.0.0"
sources."forever-agent-0.6.1"
sources."form-data-2.3.3"
sources."getpass-0.1.7"
sources."har-schema-2.0.0"
sources."har-validator-5.1.3"
sources."http-signature-1.2.0"
sources."is-typedarray-1.0.0"
sources."isstream-0.1.2"
sources."jsbn-0.1.1"
sources."json-schema-0.2.3"
sources."json-schema-traverse-0.4.1"
sources."json-stringify-safe-5.0.1"
sources."jsprim-1.4.1"
sources."mime-db-1.42.0"
sources."mime-types-2.1.25"
sources."oauth-sign-0.9.0"
sources."performance-now-2.1.0"
sources."psl-1.4.0"
sources."punycode-2.1.1"
sources."qs-6.5.2"
sources."safe-buffer-5.2.0"
sources."safer-buffer-2.1.2"
sources."sshpk-1.16.1"
(sources."tough-cookie-2.4.3" // {
dependencies = [
sources."punycode-1.4.1"
];
})
sources."tunnel-agent-0.6.0"
sources."tweetnacl-0.14.5"
sources."uri-js-4.2.2"
sources."uuid-3.3.3"
sources."verror-1.10.0"
];
buildInputs = globalBuildInputs;
meta = {
description = "Simplified HTTP request client.";
homepage = "https://github.com/request/request#readme";
license = "Apache-2.0";
};
production = true;
bypassCache = true;
reconstructLock = true;
};
shell-quote = nodeEnv.buildNodePackage {
name = "shell-quote";
packageName = "shell-quote";
version = "1.7.2";
src = fetchurl {
url = "https://registry.npmjs.org/shell-quote/-/shell-quote-1.7.2.tgz";
sha512 = "mRz/m/JVscCrkMyPqHc/bczi3OQHkLTqXHEFu0zDhK/qfv3UcOA4SVmRCLmos4bhjr9ekVQubj/R7waKapmiQg==";
};
buildInputs = globalBuildInputs;
meta = {
description = "quote and parse shell commands";
homepage = https://github.com/substack/node-shell-quote;
license = "MIT";
};
production = true;
bypassCache = true;
reconstructLock = true;
};
}

7
krebs/5pkgs/simple/newsbot-js/pkgs.json
View file

@ -1,7 +0,0 @@
[
"feedparser",
"form-data",
"irc",
"request",
"shell-quote"
]

4
krebs/5pkgs/simple/newsbot-js/update.sh
View file

@ -1,4 +0,0 @@
#! /usr/bin/env nix-shell
#! nix-shell -i bash -p nodePackages.node2nix
node2nix -12 -i pkgs.json -c combine.nix
rm node-env.nix combine.nix

33
krebs/5pkgs/simple/rss-bridge/default.nix Normal file
View file

@ -0,0 +1,33 @@
{ config, lib, pkgs, fetchFromGitHub, stdenv, ... }:
stdenv.mkDerivation rec {
pname = "rss-bridge";
version = "2020-11-10";
src = fetchFromGitHub {
owner = "RSS-Bridge";
repo = "rss-bridge";
rev = version;
sha256 = "00cp61lqvhi7b7j0rglsqg3l7cg8s9b8vq098bgvg5dygyi44hyv";
};
patchPhase = ''
substituteInPlace lib/rssbridge.php \
--replace "define('PATH_CACHE', PATH_ROOT . 'cache/');" "define('PATH_CACHE', getenv('RSSBRIDGE_DATA') . '/cache/');" \
--replace "define('FILE_CONFIG', PATH_ROOT . 'config.ini.php');" "define('FILE_CONFIG', getenv('RSSBRIDGE_DATA') . '/config.ini.php');" \
--replace "define('WHITELIST', PATH_ROOT . 'whitelist.txt');" "define('WHITELIST', getenv('RSSBRIDGE_DATA') . '/whitelist.txt');"
'';
installPhase = ''
mkdir $out/
cp -R ./* $out
'';
meta = with lib; {
description = "The RSS feed for websites missing it";
homepage = "https://github.com/RSS-Bridge/rss-bridge";
license = licenses.unlicense;
maintainers = with maintainers; [ dawidsowa ];
platforms = platforms.all;
};
}

8
krebs/nixpkgs-unstable.json
View file

@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
"rev": "e9158eca70ae59e73fae23be5d13d3fa0cfc78b4",
"date": "2020-12-09T15:09:49+01:00",
"path": "/nix/store/cx4wf6pi1l2p01sz7png891m65kinfz3-nixpkgs",
"sha256": "0cnmvnvin9ixzl98fmlm3g17l6w95gifqfb3rfxs55c0wj2ddy53",
"rev": "f211631c1cb3e94828c7650b5d12c1e5a89e0e16",
"date": "2021-01-07T19:50:35+02:00",
"path": "/nix/store/2zymxp9iq6xvxy5wjc411iws2kk3c8z4-nixpkgs",
"sha256": "0r085j42991qcbzx4l0hnwlsxw016y4b7r821s4qxvqnvwr9lxar",
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false

8
krebs/nixpkgs.json
View file

@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
"rev": "3d2d8f281a27d466fa54b469b5993f7dde198375",
"date": "2020-12-20T14:17:36+01:00",
"path": "/nix/store/mqn37480fj6x9xbq3igz4haw3m2lc7fm-nixpkgs",
"sha256": "1hfis53xyzy6hfdivlwkwdy7irbhk7c500a4lf7x43cfkijx5ks1",
"rev": "0cfd08f4881bbfdaa57e68835b923d4290588d98",
"date": "2021-01-08T17:43:56+01:00",
"path": "/nix/store/c3rhsa326ylk4hm146nmfrfmxcpqflyb-nixpkgs",
"sha256": "1srd9p37jmrsxgvrxvlibmscphz5p42244285yc5piacvrz1rdcc",
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false

1
lass/1systems/prism/config.nix
View file

@ -121,6 +121,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/reaktor-coders.nix>
<stockholm/lass/2configs/ciko.nix>
<stockholm/lass/2configs/container-networking.nix>
<stockholm/lass/2configs/jitsi.nix>
{ # quasi bepasty.nix
imports = [
<stockholm/lass/2configs/bepasty.nix>

114
lass/2configs/exim-smarthost.nix
View file

@ -1,120 +1,10 @@
{ config, lib, pkgs, ... }: with import <stockholm/lib>; let
to = concatStringsSep "," [
"lass@blue.r"
"lass@green.r"
];
mails = [
"postmaster@lassul.us"
"lass@lassul.us"
"lassulus@lassul.us"
"test@lassul.us"
"outlook@lassul.us"
"steuer@aidsballs.de"
"lass@aidsballs.de"
"wordpress@ubikmedia.de"
"finanzamt@lassul.us"
"netzclub@lassul.us"
"nebenan@lassul.us"
"feed@lassul.us"
"art@lassul.us"
"irgendwas@lassul.us"
"polo@lassul.us"
"shack@lassul.us"
"nix@lassul.us"
"c-base@lassul.us"
"paypal@lassul.us"
"patreon@lassul.us"
"steam@lassul.us"
"securityfocus@lassul.us"
"radio@lassul.us"
"btce@lassul.us"
"raf@lassul.us"
"apple@lassul.us"
"coinbase@lassul.us"
"tomtop@lassul.us"
"aliexpress@lassul.us"
"business@lassul.us"
"payeer@lassul.us"
"github@lassul.us"
"bitwala@lassul.us"
"bitstamp@lassul.us"
"bitcoin.de@lassul.us"
"ableton@lassul.us"
"dhl@lassul.us"
"sipgate@lassul.us"
"coinexchange@lassul.us"
"verwaltung@lassul.us"
"gearbest@lassul.us"
"binance@lassul.us"
"bitfinex@lassul.us"
"alternate@lassul.us"
"redacted@lassul.us"
"mytaxi@lassul.us"
"pizza@lassul.us"
"robinhood@lassul.us"
"drivenow@lassul.us"
"aws@lassul.us"
"reddit@lassul.us"
"banggood@lassul.us"
"immoscout@lassul.us"
"gmail@lassul.us"
"amazon@lassul.us"
"humblebundle@lassul.us"
"meetup@lassul.us"
"gebfrei@lassul.us"
"github@lassul.us"
"ovh@lassul.us"
"hetzner@lassul.us"
"allygator@lassul.us"
"immoscout@lassul.us"
"elitedangerous@lassul.us"
"boardgamegeek@lassul.us"
"qwertee@lassul.us"
"zazzle@lassul.us"
"hackbeach@lassul.us"
"transferwise@lassul.us"
"cis@lassul.us"
"afra@lassul.us"
"ksp@lassul.us"
"ccc@lassul.us"
"neocron@lassul.us"
"osmocom@lassul.us"
"lesswrong@lassul.us"
"nordvpn@lassul.us"
"csv-direct@lassul.us"
"nintendo@lassul.us"
"overleaf@lassul.us"
"box@lassul.us"
"paloalto@lassul.us"
"subtitles@lassul.us"
"lobsters@lassul.us"
"fysitech@lassul.us"
"threema@lassul.us"
"ubisoft@lassul.us"
"kottezeller@lassul.us"
"pie@lassul.us"
"vebit@lassul.us"
"vcvrack@lassul.us"
"epic@lassul.us"
"microsoft@lassul.us"
"stickers@lassul.us"
"nextbike@lassul.us"
"mytello@lassul.us"
"camp@lassul.us"
"urlwatch@lassul.us"
"lidl@lassul.us"
"geizhals@lassul.us"
"auschein@lassul.us"
"tleech@lassul.us"
"durstexpress@lassul.us"
"acme@lassul.us"
"antstore@lassul.us"
"openweather@lassul.us"
"lobsters@lassul.us"
"rewe@lassul.us"
"spotify@lassul.us"
];
mails = import <secrets/mails.nix>;
in {
environment.systemPackages = [ pkgs.review-mail-queue ];

19
lass/2configs/green-host.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, pkgs, ... }:
{
imports = [
<stockholm/lass/2configs/container-networking.nix>
<stockholm/lass/2configs/syncthing.nix>
];
lass.sync-containers.containers.green = {
peers = [
"icarus"
"shodan"
"skynet"
"mors"
"littleT"
];
hostIp = "10.233.2.15";
localIp = "10.233.2.16";
format = "ecryptfs";
};
}

21
lass/2configs/jitsi.nix Normal file
View file

@ -0,0 +1,21 @@
{ config, lib, pkgs, ... }:
{
services.jitsi-meet = {
enable = true;
hostName = "jitsi.lassul.us";
config = {
enableWelcomePage = true;
requireDisplayName = true;
};
interfaceConfig = {
SHOW_JITSI_WATERMARK = false;
SHOW_WATERMARK_FOR_GUESTS = false;
};
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 4443"; target = "ACCEPT"; }
{ predicate = "-p udp --dport 10000"; target = "ACCEPT"; }
];
}

1
lass/2configs/tests/dummy-secrets/mails.nix Normal file
View file

@ -0,0 +1 @@
[]

128
lass/2configs/tv.nix
View file

@ -32,7 +32,7 @@ nginxCfg = pkgs.writeText "nginx.conf" ''
application/vnd.apple.mpegurl m3u8;
video/mp2t ts;
}
root /tmp;
root /var/lib/rtmp/tmp;
add_header Cache-Control no-cache;
# CORS setup
@ -106,6 +106,11 @@ nginxCfg = pkgs.writeText "nginx.conf" ''
</html>
''};
}
location /records {
autoindex on;
root /var/lib/rtmp;
}
}
}
@ -120,21 +125,128 @@ nginxCfg = pkgs.writeText "nginx.conf" ''
live on;
hls on;
hls_path /tmp/hls;
hls_path /var/lib/rtmp/tmp/hls;
hls_fragment 1;
hls_playlist_length 10;
dash on;
dash_path /tmp/dash;
dash_path /var/lib/rtmp/tmp/dash;
}
}
}
'';
in {
services.nginx = {
enable = true;
virtualHosts."streaming.lassul.us" = {
enableACME = true;
addSSL = true;
locations."/hls".extraConfig = ''
# Serve HLS fragments
types {
application/vnd.apple.mpegurl m3u8;
video/mp2t ts;
}
root /var/lib/rtmp/tmp;
# Allow CORS preflight requests
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method != 'OPTIONS') {
add_header Cache-Control no-cache;
# CORS setup
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Expose-Headers' 'Content-Length';
}
'';
locations."/dash".extraConfig = ''
# Serve DASH fragments
types {
application/dash+xml mpd;
video/mp4 mp4;
}
root /var/lib/rtmp/tmp;
# Allow CORS preflight requests
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method != 'OPTIONS') {
add_header Cache-Control no-cache;
# CORS setup
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Expose-Headers' 'Content-Length';
}
'';
locations."= /dash.all.min.js".extraConfig = ''
default_type "text/javascript";
alias ${pkgs.fetchurl {
url = "http://cdn.dashjs.org/v3.2.0/dash.all.min.js";
sha256 = "16f0b40gdqsnwqi01s5sz9f1q86dwzscgc3m701jd1sczygi481c";
}};
'';
locations."= /player".extraConfig = ''
default_type "text/html";
alias ${pkgs.writeText "player.html" ''
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>lassulus livestream</title>
</head>
<body>
<div>
<video id="player" controls></video>
</video>
</div>
<script src="/dash.all.min.js"></script>
<script>
(function(){
var url = "/dash/nixos.mpd";
var player = dashjs.MediaPlayer().create();
player.initialize(document.querySelector("#player"), url, true);
})();
</script>
</body>
</html>
''};
'';
locations."/records".extraConfig = ''
autoindex on;
root /var/lib/rtmp;
'';
};
};
fileSystems."/var/lib/rtmp/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = [ "nosuid" "nodev" "noatime" ];
};
users.users.rtmp = {
home = "/var/lib/rmtp";
home = "/var/lib/rtmp";
uid = genid_uint31 "rtmp";
isNormalUser = true;
createHome = true;
openssh.authorizedKeys.keys = with config.krebs.users; [
mic92.pubkey
palo.pubkey
];
};
systemd.services.nginx-rtmp = {
@ -149,6 +261,14 @@ in {
}}/bin/nginx -c ${nginxCfg} -p /var/lib/rtmp
'';
serviceConfig = {
ExecStartPre = pkgs.writers.writeDash "setup-rtmp" ''
mkdir -p /var/lib/rtmp/tmp/hls
mkdir -p /var/lib/rtmp/tmp/dash
chown rtmp:users /var/lib/rtmp/tmp/hls
chown rtmp:users /var/lib/rtmp/tmp/dash
chmod 755 /var/lib/rtmp/tmp/hls
chmod 755 /var/lib/rtmp/tmp/dash
'';
User = "rtmp";
};
};

51
lass/3modules/bindfs.nix Normal file
View file

@ -0,0 +1,51 @@
with import <stockholm/lib>;
{ config, pkgs, ... }:
let
cfg = config.lass.bindfs;
in {
options.lass.bindfs = mkOption {
type = types.attrsOf (types.submodule ({ config, ... }: {
options = {
target = mkOption {
description = ''
destination where bindfs mounts to.
second positional argument to bindfs.
'';
default = config._module.args.name;
type = types.absolute-pathname;
};
source = mkOption {
description = ''
source folder where the mounted directory is originally.
first positional argument to bindfs.
'';
type = types.absolute-pathname;
};
options = mkOption {
description = ''
additional arguments to bindfs
'';
type = types.listOf types.str;
default = [];
};
};
}));
default = {};
};
config = mkIf (cfg != {}) {
systemd.services = mapAttrs' (n: mount: let
name = replaceStrings [ "/" ] [ "_" ] n;
in nameValuePair "bindfs-${name}" {
wantedBy = [ "local-fs.target" ];
path = [ pkgs.coreutils ];
serviceConfig = {
ExecStartPre = pkgs.writeDash "bindfs-init-${name}" ''
mkdir -p '${mount.source}'
mkdir -p '${mount.target}'
'';
ExecStart = "${pkgs.bindfs}/bin/bindfs -f ${concatStringsSep " " mount.options} ${mount.source} ${mount.target}";
};
}) cfg;
};
}

2
lass/3modules/default.nix
View file

@ -1,6 +1,7 @@
_:
{
imports = [
./bindfs.nix
./dnsmasq.nix
./ejabberd
./folderPerms.nix
@ -12,6 +13,7 @@ _:
./pyload.nix
./restic.nix
./screenlock.nix
./sync-containers.nix
./usershadow.nix
./xjail.nix
./autowifi.nix

166
lass/3modules/sync-containers.nix Normal file
View file

@ -0,0 +1,166 @@
with import <stockholm/lib>;
{ config, pkgs, ... }: let
cfg = config.lass.sync-containers;
paths = cname: {
plain = "/var/lib/containers/${cname}/var/state";
ecryptfs = "${cfg.dataLocation}/${cname}/ecryptfs";
securefs = "${cfg.dataLocation}/${cname}/securefs";
};
start = cname: {
plain = ''
'';
ecryptfs = ''
if ! mount | grep -q '${cfg.dataLocation}/${cname}/ecryptfs on /var/lib/containers/${cname}/var/state type ecryptfs'; then
if [ -e ${cfg.dataLocation}/${cname}/ecryptfs/.cfg.json ]; then
${pkgs.ecrypt}/bin/ecrypt mount ${cfg.dataLocation}/${cname}/ecryptfs /var/lib/containers/${cname}/var/state
else
${pkgs.ecrypt}/bin/ecrypt init ${cfg.dataLocation}/${cname}/ecryptfs /var/lib/containers/${cname}/var/state
fi
fi
'';
securefs = ''
## TODO init file systems if it does not exist
# ${pkgs.securefs}/bin/securefs create --format 3 ${cfg.dataLocation}/${cname}/securefs
if ! ${pkgs.mount}/bin/mount | grep -q '^securefs on /var/lib/containers/${cname}/var/state type fuse.securefs'; then
${pkgs.securefs}/bin/securefs mount ${cfg.dataLocation}/${cname}/securefs /var/lib/containers/${cname}/var/state -b -o allow_other -o default_permissions
fi
'';
};
stop = cname: {
plain = ''
'';
ecryptfs = ''
${pkgs.ecrypt}/bin/ecrypt unmount ${cfg.dataLocation}/${cname}/ecryptfs /var/lib/containers/${cname}/var/state
'';
securefs = ''
umount /var/lib/containers/${cname}/var/state
'';
};
in {
options.lass.sync-containers = {
dataLocation = mkOption {
description = ''
location where the encrypted sync-container lie around
'';
default = "/var/lib/sync-containers";
type = types.absolute-pathname;
};
containers = mkOption {
type = types.attrsOf (types.submodule ({ config, ... }: {
options = {
name = mkOption {
description = ''
name of the container
'';
default = config._module.args.name;
type = types.str;
};
peers = mkOption {
description = ''
syncthing peers to share this container with
'';
default = [];
type = types.listOf types.str;
};
hostIp = mkOption { # TODO find this automatically
description = ''
hostAddress of the privateNetwork
'';
example = "10.233.2.15";
type = types.str;
};
localIp = mkOption { # TODO find this automatically
description = ''
localAddress of the privateNetwork
'';
example = "10.233.2.16";
type = types.str;
};
format = mkOption {
description = ''
file system encrption format of the container
'';
type = types.enum [ "plain" "ecryptfs" "securefs" ];
};
};
}));
default = {};
};
};
config = mkIf (cfg.containers != {}) {
programs.fuse.userAllowOther = true;
services.syncthing.declarative.folders = (mapAttrs' (_: ctr: nameValuePair "${(paths ctr.name).${ctr.format}}" ({
devices = ctr.peers;
ignorePerms = false;
})) cfg.containers);
krebs.permown = (mapAttrs' (_: ctr: nameValuePair "${(paths ctr.name).${ctr.format}}" ({
file-mode = "u+rw";
directory-mode = "u+rwx";
owner = "syncthing";
keepGoing = false;
})) cfg.containers);
systemd.services = mapAttrs' (n: ctr: nameValuePair "containers@${ctr.name}" ({
reloadIfChanged = mkForce false;
})) cfg.containers;
containers = mapAttrs' (n: ctr: nameValuePair ctr.name ({
config = { ... }: {
environment.systemPackages = [
pkgs.git
];
system.activationScripts.fuse = {
text = ''
${pkgs.coreutils}/bin/mknod /dev/fuse c 10 229
'';
deps = [];
};
};
allowedDevices = [
{ modifier = "rwm"; node = "/dev/fuse"; }
];
autoStart = false;
enableTun = true;
privateNetwork = true;
hostAddress = ctr.hostIp;
localAddress = ctr.localIp;
})) cfg.containers;
environment.systemPackages = flatten (mapAttrsToList (n: ctr: [
(pkgs.writeDashBin "start-${ctr.name}" ''
set -euf
set -x
mkdir -p /var/lib/containers/${ctr.name}/var/state
${(start ctr.name).${ctr.format}}
STATE=$(${pkgs.nixos-container}/bin/nixos-container status ${ctr.name})
if [ "$STATE" = 'down' ]; then
${pkgs.nixos-container}/bin/nixos-container start ${ctr.name}
fi
${pkgs.nixos-container}/bin/nixos-container run ${ctr.name} -- ${pkgs.writeDash "deploy-${ctr.name}" ''
set -x
mkdir -p /var/state/var_src
ln -sfTr /var/state/var_src /var/src
touch /etc/NIXOS
''}
if [ -h /var/lib/containers/${ctr.name}/var/src/nixos-config ] && (! ping -c1 -q -w5 ${ctr.name}.r); then
${pkgs.nixos-container}/bin/nixos-container run ${ctr.name} -- nixos-rebuild -I /var/src switch
fi
'')
(pkgs.writeDashBin "stop-${ctr.name}" ''
set -euf
${pkgs.nixos-container}/bin/nixos-container stop ${ctr.name}
${(stop ctr.name).${ctr.format}}
'')
]) cfg.containers);
};
}

2
makefu/0tests/data/secrets/dl.gum-auth.nix Normal file
View file

@ -0,0 +1,2 @@
{
}

1
makefu/2configs/dcpp/hub.nix
View file

@ -41,7 +41,6 @@ in {
};
systemd.services = {
redis.serviceConfig.LimitNOFILE=10032;
ddclient-nsupdate-uhub = {
wantedBy = [ "multi-user.target" ];
after = [ "ip-up.target" ];

266
makefu/2configs/deployment/owncloud.nix
View file

@ -1,216 +1,80 @@
{ lib, pkgs, config, ... }:
with lib;
# imperative in config.php:
# #local memcache:
# 'memcache.local' => '\\OC\\Memcache\\APCu',
# #local locking:
# 'memcache.locking' => '\\OC\\Memcache\\Redis',
# 'redis' =>
# array (
# 'host' => 'localhost',
# 'port' => 6379,
# ),
# services.redis.enable = true;
# to enable caching with redis first start up everything, then run:
# nextcloud-occ config:system:set redis 'host' --value 'localhost' --type string
# nextcloud-occ config:system:set redis 'port' --value 6379 --type integer
# nextcloud-occ config:system:set memcache.local --value '\OC\Memcache\Redis' --type string
# nextcloud-occ config:system:set memcache.locking --value '\OC\Memcache\Redis' --type string
# services.memcached.enable = true;
# to enable caching with memcached run:
# nextcloud-occ config:system:set memcached_servers 0 0 --value 127.0.0.1 --type string
# nextcloud-occ config:system:set memcached_servers 0 1 --value 11211 --type integer
# nextcloud-occ config:system:set memcache.local --value '\OC\Memcache\APCu' --type string
# nextcloud-occ config:system:set memcache.distributed --value '\OC\Memcache\Memcached' --type string
let
phpPackage = let
base = pkgs.php74;
in
base.buildEnv {
extensions = { enabled, all }: with all;
enabled ++ [
apcu redis memcached imagick
];
};
adminpw = "/run/secret/nextcloud-admin-pw";
dbpw = "/run/secret/nextcloud-db-pw";
in {
# TODO: copy-paste from lass/2/websites/util.nix
nextcloud = pkgs.nextcloud20;
serveCloud = domains:
let
domain = head domains;
root = "/var/www/${domain}/";
socket = "/var/run/${domain}-phpfpm.sock";
in {
system.activationScripts."prepare-nextcloud-${domain}" = ''
if test ! -e ${root} ;then
echo "copying latest ${nextcloud.name} release to ${root}"
mkdir -p $(dirname "${root}")
cp -r ${nextcloud} "${root}"
chown -R nginx:nginx "${root}"
chmod 770 "${root}"
fi
'';
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
serverAliases = domains;
extraConfig = ''
krebs.secret.files.nextcloud-db-pw = {
path = dbpw;
owner.name = "nextcloud";
source-path = toString <secrets> + "/nextcloud-db-pw";
};
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
krebs.secret.files.nextcloud-admin-pw = {
path = adminpw;
owner.name = "nextcloud";
source-path = toString <secrets> + "/nextcloud-admin-pw";
};
# Path to the root of your installation
root ${root};
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
fastcgi_read_timeout 120;
services.nginx.virtualHosts."o.euer.krebsco.de" = {
forceSSL = true;
enableACME = true;
};
state = [ "${config.services.nextcloud.home}/config" ];
services.nextcloud = {
enable = true;
package = pkgs.nextcloud20;
hostName = "o.euer.krebsco.de";
# Use HTTPS for links
https = true;
# Auto-update Nextcloud Apps
autoUpdateApps.enable = true;
# Set what time makes sense for you
autoUpdateApps.startAt = "05:00:00";
# Disable gzip to avoid the removal of the ETag header
gzip off;
caching.redis = true;
# caching.memcached = true;
config = {
# Further forces Nextcloud to use HTTPS
overwriteProtocol = "https";
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
rewrite ^/.well-known/carddav /remote.php/carddav/ permanent;
rewrite ^/.well-known/caldav /remote.php/caldav/ permanent;
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
'';
locations."/robots.txt".extraConfig = ''
allow all;
log_not_found off;
access_log off;
'';
locations."~ ^/(build|tests|config|lib|3rdparty|templates|data)/".extraConfig = ''
deny all;
'';
locations."~ ^/(?:autotest|occ|issue|indie|db_|console)".extraConfig = ''
deny all;
'';
locations."/".extraConfig = ''
rewrite ^/remote/(.*) /remote.php last;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ =404;
'';
locations."~ \.php(?:$|/)".extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include ${pkgs.nginx}/conf/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
fastcgi_pass unix:${config.services.phpfpm.pools.${domain}.socket};
fastcgi_intercept_errors on;
'';
# Adding the cache control header for js and css files
# Make sure it is BELOW the location ~ \.php(?:$|/) block
locations."~* \.(?:css|js)$".extraConfig = ''
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
'';
# Optional: Don't log access to other assets
locations."~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$".extraConfig = ''
access_log off;
'';
};
services.phpfpm.pools."${domain}" = {
user = "nginx";
group = "nginx";
phpPackage = phpPackage;
settings = {
"listen.owner" = "nginx";
"pm" = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 2;
"pm.max_spare_servers" = 5;
"php_admin_value[error_log]" = "stderr";
"php_admin_flag[log_errors]" = "on";
"catch_workers_output" = true;
};
phpEnv."PATH" = lib.makeBinPath [ phpPackage ];
};
services.phpfpm.phpOptions = ''
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
opcache.file_cache = .opcache
zend_extension=${phpPackage}/lib/php/extensions/opcache.so
display_errors = on
display_startup_errors = on
always_populate_raw_post_data = -1
error_reporting = E_ALL | E_STRICT
html_errors = On
date.timezone = "Europe/Berlin"
extension=${phpPackage}/lib/php/extensions/memcached.so
extension=${phpPackage}/lib/php/extensions/redis.so
extension=${phpPackage}/lib/php/extensions/apcu.so
'';
systemd.services."nextcloud-cron-${domain}" = {
serviceConfig = {
User = "nginx";
ExecStart = "${phpPackage}/bin/php -f ${root}/cron.php";
};
startAt = "*:0/15";
};
# Nextcloud PostegreSQL database configuration, recommended over using SQLite
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
dbname = "nextcloud";
dbpassFile = dbpw;
adminpassFile = adminpw;
adminuser = "admin";
};
in {
imports = [
( serveCloud [ "o.euer.krebsco.de" ] )
];
networking.firewall.allowedTCPPorts = [ 80 443 ];
};
services.redis.enable = true;
systemd.services.redis.serviceConfig.LimitNOFILE=65536;
services.postgresql = {
enable = true;
# Ensure the database, user, and permissions always exist
ensureDatabases = [ "nextcloud" ];
ensureUsers = [ { name = "nextcloud"; ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; } ];
};
#services.mysql = {
# enable = false;
# package = pkgs.mariadb;
# rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
# initialDatabases = [
# # Or use writeText instead of literalExample?
# #{ name = "nextcloud"; schema = literalExample "./nextcloud.sql"; }
# {
# name = "nextcloud";
# schema = pkgs.writeText "nextcloud.sql"
# ''
# create user if not exists 'nextcloud'@'localhost' identified by 'password';
# grant all privileges on nextcloud.* to 'nextcloud'@'localhost' identified by 'password';
# '';
# }
# ];
#};
# dataDir is only defined after mysql is enabled
#krebs.secret.files.mysql_rootPassword = {
# path = "${config.services.mysql.dataDir}/mysql_rootPassword";
# owner.name = "root";
# source-path = toString <secrets> + "/mysql_rootPassword";
#};
systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
}

102
makefu/2configs/ham/automation/giesskanne.nix Normal file
View file

@ -0,0 +1,102 @@
# uses:
# switch.crafting_giesskanne_relay
let
cam = {
name = "chilicam";
camera = "camera.espcam_02";
light = "light.espcam_02_light";
seconds = 60; # default shutoff to protect the LED from burning out
};
seconds = 6;
pump = "switch.arbeitszimmer_giesskanne_relay";
# sensor = "sensor.statistics_for_sensor_crafting_brotbox_soil_moisture";
in
{
services.home-assistant.config =
{
#sensor = map ( entity_id: {
# platform = "statistics";
# name = "Statistics for ${entity_id}";
# inherit entity_id;
# max_age.minutes = "60";
# sampling_size = 1000;
# }) [ "sensor.crafting_brotbox_soil_moisture" ];
automation =
[
##### brotbox
{ alias = "Water the plant for ${toString seconds} seconds";
trigger = [
{ # trigger at 23:15 no matter what
# TODO: retry or run only if switch.wasser is available
platform = "time";
at = "23:15:00";
}
];
action =
[
{ # take a snapshot before watering
service = "homeassistant.turn_on";
entity_id = [ cam.light ];
}
{ # TODO: we could also create a recording with camera.record
service = "camera.snapshot";
data = {
entity_id = cam.camera;
# TODO: create /var/lib/hass/cam/ - now being done manually
filename = "/var/lib/hass/cam/${cam.name}_{{ now().strftime('%Y%m%d-%H%M%S') }}.jpg";
};
}
{ # now turn on the pumping services
# i do not start hte pump and light before the snapshot because i do
# not know how long it takes (do not want to water the plants for too long)
service = "homeassistant.turn_on";
entity_id = [ pump ];
}
{ delay.seconds = seconds; }
{
service = "homeassistant.turn_off";
entity_id = [ pump cam.light ];
}
];
}
{ alias = "Always turn off the light after ${toString (cam.seconds)}s";
trigger = [
{
platform = "state";
entity_id = cam.light;
to = "on";
for.seconds = cam.seconds;
}
];
action =
[
{
service = "homeassistant.turn_off";
entity_id = [ pump cam.light ];
}
];
}
{ alias = "Always turn off water after ${toString (seconds * 2)}s";
trigger = [
{
platform = "state";
entity_id = pump;
to = "on";
for.seconds = seconds*2;
}
];
action =
[
{
service = "homeassistant.turn_off";
entity_id = [ pump cam.light ];
}
];
}
];
};
}

44
makefu/2configs/ham/automation/light_buttons.nix Normal file
View file

@ -0,0 +1,44 @@
# light.wohnzimmerbeleuchtung
# light.wohnzimmer_deko
# light.arbeitszimmerbeleuchtung
# light.arbeitszimmer_deko
# light.schlafzimmerbeleuchtung
let
toggle = light: btn:
{
alias = "Toggle Light ${light} via ${btn}";
trigger = {
platform = "state";
entity_id = "sensor.${btn}_click";
to = "single";
};
action = {
service = "light.toggle";
data.entity_id = light;
data.transition = 0;
};
};
turn_off_all = btn:
{
alias = "Turn of all lights via ${btn} double click";
trigger = {
platform = "state";
entity_id = "sensor.${btn}_click";
to = "double";
};
action = {
service = "light.turn_off";
entity_id = "all";
};
};
in {
services.home-assistant.config.automation = [
(toggle "light.arbeitszimmerbeleuchtung" "arbeitszimmer_btn1")
(toggle "light.schlafzimmerbeleuchtung" "schlafzimmer_btn2")
(toggle "light.wohnzimmerbeleuchtung" "wohnzimmer_btn3")
(turn_off_all "arbeitszimmer_btn1")
(turn_off_all "schlafzimmer_btn2")
(turn_off_all "wohnzimmer_btn3")
];
}

44
makefu/2configs/ham/automation/urlaub.nix Normal file
View file

@ -0,0 +1,44 @@
# uses:
# light.wohnzimmer_schrank_osram
# light.wohnzimmer_fernseher_led_strip
# "all" lights
let
schranklicht = "light.wohnzimmer_schrank_osram";
fernsehlicht = "light.wohnzimmer_fernseher_led_strip";
final_off = "01:00";
turn_on = entity_id: at:
{ alias = "Turn on ${entity_id} at ${at}";
trigger = [
{ platform = "time"; inherit at; }
];
action =
[
{ service = "light.turn_on"; inherit entity_id; }
];
};
in
{
services.home-assistant.config =
{
automation =
[
(turn_on schranklicht "17:30")
(turn_on fernsehlicht "19:00")
{ alias = "Always turn off the urlaub lights at ${final_off}";
trigger = [
{ platform = "time"; at = final_off; }
];
action =
[
{
service = "light.turn_off";
entity_id = [ schranklicht fernsehlicht ];
}
];
}
];
};
}

61
makefu/2configs/ham/automation/wohnzimmer_rf_fernbedienung.nix Normal file
View file

@ -0,0 +1,61 @@
# This module maps the RF433 Remote Control to zigbee and wifi lights
let
rf_turn_off = code: light:
{
alias = "Turn off ${light} via rf code ${code}";
trigger = {
platform = "event";
event_type = "esphome.rf_code_received";
event_data.code = code;
};
action = {
service = "light.turn_off";
data.entity_id = light;
};
};
rf_turn_on = code: light:
{
alias = "Turn on ${light} via rf code ${code}";
trigger = {
platform = "event";
event_type = "esphome.rf_code_received";
event_data.code = code;
};
action = {
service = "light.turn_on";
data.entity_id = light;
};
};
rf_toggle = code: light:
{
alias = "Toggle ${light} via rf code ${code}";
trigger = {
platform = "event";
event_type = "esphome.rf_code_received";
event_data.code = code;
};
action = {
service = "light.toggle";
data.entity_id = light;
};
};
in
{
services.home-assistant.config.automation = [
(rf_toggle "400551" "light.wohnzimmer_fernseher_led_strip") # A
(rf_toggle "401151" "light.wohnzimmer_stehlampe_osram") # B
(rf_toggle "401451" "light.wohnzimmer_komode_osram") # C
(rf_toggle "401511" "light.wohnzimmer_schrank_osram") # D
# OFF Lane
(rf_turn_off "400554" "all") # A
(rf_toggle "401154" "light.wohnzimmer_fenster_lichterkette_licht") # B
(rf_toggle "401454" "light.wohnzimmer_fernsehwand_led") # C
# (rf_toggle "401514" "") # D
];
# "400554" # A OFF
# "401154" # B OFF
# "401454" # C OFF
# "401514" # D OFF
}

10
makefu/2configs/ham/default.nix
View file

@ -17,7 +17,7 @@ in {
# ./multi/flurlicht.nix
./multi/kurzzeitwecker.nix
./multi/the_playlist.nix
./multi/fliegen-couter.nix
# ./multi/fliegen-couter.nix
./device_tracker/openwrt.nix
@ -26,8 +26,14 @@ in {
./calendar/nextcloud.nix
./automation/firetv_restart.nix
./automation/light_buttons.nix
./automation/wohnzimmer_rf_fernbedienung.nix
./automation/giesskanne.nix
./automation/urlaub.nix
./light/groups.nix
./light/arbeitszimmer.nix
./light/schlafzimmer.nix
./light/wohnzimmer.nix
];
services.home-assistant = {

24
makefu/2configs/ham/light/arbeitszimmer.nix Normal file
View file

@ -0,0 +1,24 @@
let
arbeitszimmer_deko = [
"light.led_wand"
"light.box_led_status"
"light.arbeitszimmer_led1_led_strip" # LED-Kreis in cube
];
arbeitszimmerbeleuchtung = [
"light.arbeitszimmer_schrank_dimmer"
"light.arbeitszimmer_kerze" # arbeitszimmer_kerze
];
in {
services.home-assistant.config.light = [
{
platform = "group";
name = "Arbeitszimmerbeleuchtung";
entities = arbeitszimmerbeleuchtung;
}
{
platform = "group";
name = "Arbeitszimmer Deko";
entities = arbeitszimmer_deko;
}
];
}

41
makefu/2configs/ham/light/groups.nix
View file

@ -1,41 +0,0 @@
let
arbeitszimmer_licht = [
"light.led_wand"
"light.arbeitszimmer_led1_led_strip" # LED-Kreis in cube
"light.arbeitszimmer_flur_osram_light"
"light.arbeitszimmer_schrank_dimmer_light"
"light.arbeitszimmer_schrank_osram_light"
];
wohnzimmer_licht = [
"light.wohnzimmer_fernseher_led_strip" # led um fernseher
"light.wohnzimmer_komode_osram_light"
"light.wohnzimmer_schrank_osram_light"
"light.wohnzimmer_stehlampe_osram_light"
];
schlafzimmer_licht = [
"schlafzimmer_komode_osram_light"
];
in {
services.home-assistant.config.light = [
{
platform = "group";
name = "Arbeitszimmer Lichter";
entities = arbeitszimmer_licht;
}
{
platform = "group";
name = "Wohnzimmer Lichter";
entities = wohnzimmer_licht;
}
{
platform = "group";
name = "Schlafzimmer Lichter";
entities = schlafzimmer_licht;
}
{
platform = "group";
name = "Alle Lichter";
entities = arbeitszimmer_licht ++ wohnzimmer_licht ++ schlafzimmer_licht;
}
];
}

14
makefu/2configs/ham/light/schlafzimmer.nix Normal file
View file

@ -0,0 +1,14 @@
let
schlafzimmer_licht = [
"light.schlafzimmer_komode_osram"
# "light.schlafzimmer_schrank_osram"
];
in {
services.home-assistant.config.light = [
{
platform = "group";
name = "Schlafzimmerbeleuchtung";
entities = schlafzimmer_licht;
}
];
}

24
makefu/2configs/ham/light/wohnzimmer.nix Normal file
View file

@ -0,0 +1,24 @@
let
wohnzimmerbeleuchtung = [
"light.wohnzimmer_komode_osram_light"
"light.wohnzimmer_schrank_osram_light"
];
wohnzimmer_deko = [
"light.wohnzimmer_fernseher_led_strip" # led um fernseher
"light.wohnzimmer_lichterkette_led_strip" # led um fernsehwand
"light.kinderzimmer_lichterkette_licht" # led um fenster
];
in {
services.home-assistant.config.light = [
{
platform = "group";
name = "Wohnzimmerbeleuchtung";
entities = wohnzimmerbeleuchtung;
}
{
platform = "group";
name = "Wohnzimmer Deko";
entities = wohnzimmer_deko;
}
];
}

3
makefu/2configs/home-manager/zsh.nix
View file

@ -52,6 +52,7 @@
xo = "mimeopen";
nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml";
};
# navi package does not come with the navi.plugin.zsh anymore so we use .src
initExtra = ''
bindkey -e
# shift-tab
@ -69,7 +70,7 @@
zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/"
# navi
source ${pkgs.navi}/share/navi/shell/navi.plugin.zsh
. ${pkgs.navi.src}/shell/navi.plugin.zsh
# ctrl-x ctrl-e
autoload -U compinit && compinit
autoload -U edit-command-line

9
makefu/2configs/nginx/dl.euer.krebsco.de.nix
View file

@ -1,9 +1,8 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
services.nginx = {
enable = mkDefault true;
enable = lib.mkDefault true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts."dl.euer.krebsco.de" = {
@ -13,5 +12,11 @@ with import <stockholm/lib>;
enableACME = true;
basicAuth = import <secrets/dl.euer.krebsco.de-auth.nix>;
};
virtualHosts."dl.gum.r" = {
serverAliases = [ "dl.gum" "dl.makefu.r" "dl.makefu" ];
root = config.makefu.dl-dir;
extraConfig = "autoindex on;";
basicAuth = import <secrets/dl.gum-auth.nix>;
};
};
}

25
makefu/2configs/share/anon-sftp.nix Normal file
View file

@ -0,0 +1,25 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
services.openssh = {
allowSFTP = true;
sftpFlags = [ "-l VERBOSE" ];
extraConfig = ''
Match User anonymous
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
PasswordAuthentication no
'';
};
users.users.anonymous = {
uid = genid "anonymous";
useDefaultShell = false;
password = "anonymous";
home = "/media/anon";
createHome = true;
};
}

24
makefu/2configs/systemdultras/ircbot.nix Normal file
View file

@ -0,0 +1,24 @@
{
krebs.brockman = {
enable = true;
config = {
irc = {
host = "irc.freenode.net";
port = 6667;
};
bots = {
r-systemdultras-rss = {
feed = "https://www.reddit.com/r/systemdultras/.rss";
delay = 136;
channels = [ "#systemdultras" ];
};
r-systemd-rss = {
feed = "https://www.reddit.com/r/systemd/.rss";
delay = 172;
channels = [ "#systemdultras" ];
};
};
};
};
}

2
makefu/5pkgs/awesomecfg/default.nix
View file

@ -6,7 +6,7 @@
, blueman
, clipit
, flameshot
, chapter-marker
, chapter-marker ? false
, modkey ? "Mod4"
, locker? "${pkgs.xlock}/bin/xlock -mode blank"
, ... }: