12 files changed, 237 insertions, 55 deletions

diff --git a/krebs/2configs/cal.nix b/krebs/2configs/cal.nix
new file mode 100644
index 000000000..90093e8eb
--- /dev/null
+++ b/krebs/2configs/cal.nix
@@ -0,0 +1,33 @@
+{ config, lib, pkgs, ... }:
+{
+  users.users.testing = {
+    uid = pkgs.stockholm.lib.genid_uint31 "testing";
+    isNormalUser = true;
+    openssh.authorizedKeys.keys = [
+      config.krebs.users.xkey.pubkey
+      config.krebs.users.lass.pubkey
+    ];
+    packages = [
+      pkgs.calendar-cli
+      pkgs.tmux
+    ];
+  };
+
+  services.xandikos = {
+    enable = true;
+    extraOptions = [
+      "--autocreate"
+      "--defaults"
+      "--current-user-principal /krebs"
+      "--dump-dav-xml"
+    ];
+  };
+
+  services.nginx = {
+    enable = true;
+
+    virtualHosts = {
+      "calendar.r".locations."/".proxyPass = "http://localhost:${toString config.services.xandikos.port}/";
+    };
+  };
+}
diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix
index 38d770316..fffe128e6 100644
--- a/krebs/2configs/default.nix
+++ b/krebs/2configs/default.nix
@@ -27,9 +27,6 @@ with import <stockholm/lib>;
   ];
 
   console.keyMap = "us";
-  i18n = {
-    defaultLocale = lib.mkForce "C";
-  };
 
   programs.ssh.startAgent = false;
 
@@ -60,4 +57,7 @@ with import <stockholm/lib>;
 
   # The NixOS release to be compatible with for stateful data such as databases.
   system.stateVersion = "17.03";
+
+  # maybe fix Error: unsupported locales detected:
+  i18n.defaultLocale = mkDefault "C.UTF-8";
 }
diff --git a/krebs/2configs/exim-smarthost.nix b/krebs/2configs/exim-smarthost.nix
index 82f8ec942..01597f49f 100644
--- a/krebs/2configs/exim-smarthost.nix
+++ b/krebs/2configs/exim-smarthost.nix
@@ -16,6 +16,14 @@ in {
         tv
       ];
       eloop-ml = spam-ml;
+      krebstel-ml = [
+        config.krebs.users."0x4A6F"
+        { mail = "krebstel-1rxz0mqa95nkmk298s1731ly0ii7vc36kkm36pnjj89hrq52pgn1@ni.r"; }
+        { mail = "krebstel-1difh7483axpiaq92ghi14r5cql822wbhixqb0nn3y3jkcj0b785@ni.r"; }
+        { mail = "lass@green.r"; }
+        tv
+        xkey
+      ];
       spam-ml = [
         lass
         makefu
@@ -28,6 +36,7 @@ in {
       "spam@eloop.org" = eloop-ml;
       "youtube@eloop.org" = eloop-ml; # obsolete, use spam@eloop.org instead
       "postmaster@krebsco.de" = spam-ml; # RFC 822
+      "krebstel@krebsco.de" = krebstel-ml;
       "lass@krebsco.de" = lass;
       "makefu@krebsco.de" = makefu;
       "spam@krebsco.de" = spam-ml;
diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix
index c6c91e074..a802b8a25 100644
--- a/krebs/2configs/ircd.nix
+++ b/krebs/2configs/ircd.nix
@@ -5,9 +5,9 @@
     6667
   ];
 
-  krebs.ergo = {
+  services.ergochat = {
     enable = true;
-    config = {
+    settings = {
       server.secure-nets = [
         "42::0/16"
         "10.240.0.0/12"
diff --git a/krebs/2configs/mastodon-proxy.nix b/krebs/2configs/mastodon-proxy.nix
new file mode 100644
index 000000000..4d359c3fe
--- /dev/null
+++ b/krebs/2configs/mastodon-proxy.nix
@@ -0,0 +1,24 @@
+{ config, lib, pkgs, ... }:
+{
+  services.nginx = {
+    enable = true;
+    virtualHosts."social.krebsco.de" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        # TODO use this in 22.11
+        # recommendedProxySettings = true;
+        proxyPass = "http://hotdog.r";
+        proxyWebsockets = true;
+        extraConfig = ''
+          proxy_set_header        Host $host;
+          proxy_set_header        X-Real-IP $remote_addr;
+          proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header        X-Forwarded-Proto $scheme;
+          proxy_set_header        X-Forwarded-Host $host;
+          proxy_set_header        X-Forwarded-Server $host;
+        '';
+      };
+    };
+  };
+}
diff --git a/krebs/2configs/mastodon.nix b/krebs/2configs/mastodon.nix
new file mode 100644
index 000000000..145b383ed
--- /dev/null
+++ b/krebs/2configs/mastodon.nix
@@ -0,0 +1,46 @@
+{ config, lib, pkgs, ... }:
+{
+  services.postgresql = {
+    enable = true;
+    dataDir = "/var/state/postgresql/${config.services.postgresql.package.psqlSchema}";
+    package = pkgs.postgresql_11;
+  };
+  systemd.tmpfiles.rules = [
+    "d /var/state/postgresql 0700 postgres postgres -"
+  ];
+
+  services.mastodon = {
+    enable = true;
+    localDomain = "social.krebsco.de";
+    configureNginx = true;
+    trustedProxy = config.krebs.hosts.prism.nets.retiolum.ip6.addr;
+    smtp.createLocally = false;
+    smtp.fromAddress = "derp";
+  };
+
+  services.nginx.virtualHosts.${config.services.mastodon.localDomain} = {
+    forceSSL = lib.mkForce false;
+    enableACME = lib.mkForce false;
+    locations."@proxy".extraConfig = ''
+      proxy_redirect off;
+      proxy_pass_header Server;
+      proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+    '';
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    80
+  ];
+
+  environment.systemPackages = [
+    (pkgs.writers.writeDashBin "tootctl" ''
+      sudo -u mastodon /etc/profiles/per-user/mastodon/bin/mastodon-env /etc/profiles/per-user/mastodon/bin/tootctl "$@"
+    '')
+    (pkgs.writers.writeDashBin "create-mastodon-user" ''
+      set -efu
+      nick=$1
+      /run/current-system/sw/bin/tootctl accounts create "$nick" --email "$nick"@krebsco.de --confirmed
+      /run/current-system/sw/bin/tootctl accounts approve "$nick"
+    '')
+  ];
+}
diff --git a/krebs/2configs/matterbridge.nix b/krebs/2configs/matterbridge.nix
index a68aa292c..b96dea300 100644
--- a/krebs/2configs/matterbridge.nix
+++ b/krebs/2configs/matterbridge.nix
@@ -10,14 +10,10 @@
           Charset = "utf-8";
         };
         telegram.krebs.Token = bridgeBotToken;
-        irc = let
+        irc.hackint = {
+          Server = "irc.hackint.org:6697";
+          UseTLS = true;
           Nick = "ponte";
-        in {
-          hackint = {
-            Server = "irc.hackint.org:6697";
-            UseTLS = true;
-            inherit Nick;
-          };
         };
         gateway = [
           {
diff --git a/krebs/2configs/news-host.nix b/krebs/2configs/news-host.nix
index b7728986f..07674c86e 100644
--- a/krebs/2configs/news-host.nix
+++ b/krebs/2configs/news-host.nix
@@ -4,10 +4,7 @@
       "shodan"
       "mors"
       "styx"
-      "puyak"
     ];
-    hostIp = "10.233.2.101";
-    localIp = "10.233.2.102";
     format = "plain";
   };
 }
diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
index 3649aeeea..d6c6371da 100644
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@@ -68,8 +68,8 @@
     wantedBy = [ "multi-user.target" ];
   };
 
-  krebs.ergo.openFilesLimit = 16384;
-  krebs.ergo.config = {
+  services.ergochat.openFilesLimit = 16384;
+  services.ergochat.settings = {
     limits.nicklen = 100;
     limits.identlen = 100;
     history.enabled = false;
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix
index afaac9dae..13b59fa82 100644
--- a/krebs/2configs/reaktor2.nix
+++ b/krebs/2configs/reaktor2.nix
@@ -51,6 +51,77 @@ let
     };
   };
 
+  confuse = {
+    pattern = "^!confuse (.*)$";
+    activate = "match";
+    arguments = [1];
+    command = {
+      filename = pkgs.writeDash "confuse" ''
+        set -efux
+
+        export PATH=${makeBinPath [
+          pkgs.coreutils
+          pkgs.curl
+          pkgs.stable-generate
+        ]}
+        stable_url=$(stable-generate "$@")
+        paste_url=$(curl -Ss "$stable_url" |
+          curl -Ss http://p.r --data-binary @- |
+          tail -1
+        )
+        echo "$_from: $paste_url"
+      '';
+    };
+  };
+
+  confuse_hackint = {
+    pattern = "^!confuse (.*)$";
+    activate = "match";
+    arguments = [1];
+    command = {
+      filename = pkgs.writeDash "confuse" ''
+        set -efu
+        export PATH=${makeBinPath [
+          pkgs.coreutils
+          pkgs.curl
+          pkgs.stable-generate
+        ]}
+        case $_msgtarget in \#*)
+          stable_url=$(stable-generate "$@")
+          paste_url=$(curl -Ss "$stable_url" |
+            curl -Ss https://p.krebsco.de --data-binary @- |
+            tail -1
+          )
+          echo "$_from: $paste_url"
+        esac
+      '';
+    };
+  };
+
+  say = {
+    pattern = "^!say (.*)$";
+    activate = "match";
+    arguments = [1];
+    command = {
+      filename = pkgs.writeDash "say" ''
+        set -efu
+
+        export PATH=${makeBinPath [
+          pkgs.coreutils
+          pkgs.curl
+          pkgs.opusTools
+        ]}
+        paste_url=$(printf '%s' "$1" |
+          curl -fSsG http://tts.r/api/tts --data-urlencode 'text@-' |
+          opusenc - - |
+          curl -Ss https://p.krebsco.de --data-binary @- |
+          tail -1
+        )
+        echo "$_from: $paste_url"
+      '';
+    };
+  };
+
   taskRcFile = builtins.toFile "taskrc" ''
     confirmation=no
   '';
@@ -112,7 +183,7 @@ let
     }
   '';
 
-  systemPlugin = {
+  systemPlugin = { extra_privmsg_hooks ? [] }: {
     plugin = "system";
     config = {
       workdir = stateDir;
@@ -185,8 +256,9 @@ let
           };
         }
         {
-          pattern = "18@p";
+          pattern = ''^18@p\s+(\S+)\s+(\d+)m$'';
           activate = "match";
+          arguments = [1 2];
           command = {
             env = {
               CACHE_DIR = "${stateDir}/krebsfood";
@@ -196,45 +268,36 @@ let
               osm-restaurants-src = pkgs.fetchFromGitHub {
                 owner = "kmein";
                 repo = "scripts";
-                rev = "66b2068d548d3418c81dd093bba3f80248c68196";
-                sha256 = "059sp2lz54iwklswaxv9w703sbm2vv7p0ccig10gsqshriq6v58z";
+                rev = "dda381be26abff73a0cf364c6dfff6e1701f41ee";
+                sha256 = "sha256-J7jGWZeAULDA1EkO50qx+hjl+5IsUj389pUUMreKeNE=";
               };
               osm-restaurants = pkgs.callPackage "${osm-restaurants-src}/osm-restaurants" {};
             in pkgs.writeDash "krebsfood" ''
               set -efu
-              ecke_lat=52.51252
-              ecke_lon=13.41740
-              ${osm-restaurants}/bin/osm-restaurants --radius 500 --latitude "$ecke_lat" --longitude "$ecke_lon" \
-                | ${pkgs.jq}/bin/jq -r '"How about \(.tags.name) (https://www.openstreetmap.org/\(.type)/\(.id)), open \(.tags.opening_hours)?"'
-                '
-            '';
-          };
-        }
-        {
-          pattern = ''^([\H-]*?):?\s+([+-][1-9][0-9]*)\s+(\S+)$'';
-          activate = "match";
-          arguments = [1 2 3];
-          command = {
-            env = {
-              # TODO; get state as argument
-              state_file = "${stateDir}/ledger";
-            };
-            filename = pkgs.writeDash "ledger-add" ''
-              set -x
-              tonick=$1
-              amt=$2
-              unit=$3
-              printf '%s\n  %s  %d %s\n  %s  %d %s\n' "$(date -Id)" "$tonick" "$amt" "$unit" "$_from" "$(expr 0 - "''${amt#+}")" "$unit" >> $state_file
-              ${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \
-                | ${pkgs.coreutils}/bin/tail +2 \
-                | ${pkgs.miller}/bin/mlr --icsv --opprint cat \
-                | ${pkgs.gnugrep}/bin/grep "$_from"
+              export PATH=${makeBinPath [
+                osm-restaurants
+                pkgs.coreutils
+                pkgs.curl
+                pkgs.jq
+              ]}
+              poi=$(curl -fsS http://c.r/poi.json | jq --arg name "$1" '.[$name]')
+              if [ "$poi" = null ]; then
+                latitude=52.51252
+                longitude=13.41740
+              else
+                latitude=$(echo "$poi" | jq -r .latitude)
+                longitude=$(echo "$poi" | jq -r .longitude)
+              fi
+
+              restaurant=$(osm-restaurants --radius "$2" --latitude "$latitude" --longitude "$longitude")
+              printf '%s' "$restaurant" | tail -1 | jq -r '"How about \(.tags.name) (https://www.openstreetmap.org/\(.type)/\(.id)), open \(.tags.opening_hours)?"'
             '';
           };
         }
         bedger-add
         bedger-balance
         hooks.sed
+        say
         (generators.command_hook {
           inherit (commands) dance random-emoji nixos-version;
           tell = {
@@ -251,7 +314,7 @@ let
           };
         })
         (task "agenda")
-      ];
+      ] ++ extra_privmsg_hooks;
     };
   };
 
@@ -411,7 +474,11 @@ in {
             ];
           };
         }
-        systemPlugin
+        (systemPlugin {
+          extra_privmsg_hooks = [
+            confuse_hackint
+          ];
+        })
       ];
       username = "reaktor2";
       port = "6697";
@@ -429,7 +496,11 @@ in {
             ];
           };
         }
-        systemPlugin
+        (systemPlugin {
+          extra_privmsg_hooks = [
+            confuse
+          ];
+        })
       ];
       username = "reaktor2";
     };
diff --git a/krebs/2configs/security-workarounds.nix b/krebs/2configs/security-workarounds.nix
index 74a77a0ed..cb5d236ac 100644
--- a/krebs/2configs/security-workarounds.nix
+++ b/krebs/2configs/security-workarounds.nix
@@ -4,10 +4,15 @@
   nixpkgs.overlays = [
     (self: super: {
       exim =
-        super.exim.overrideAttrs (old: {
+        super.exim.overrideAttrs (old: let
+          key = if builtins.hasAttr "preBuild" old then
+            "preBuild"
+          else
+            "configurePhase";
+        in {
           buildInputs = old.buildInputs ++ [ self.gnutls ];
-          preBuild = /* sh */ ''
-            ${old.preBuild}
+          ${key} = /* sh */ ''
+            ${old.${key}}
             sed -Ei '
               s:^USE_OPENSSL=.*:# &:
               s:^# (USE_GNUTLS)=.*:\1=yes:
diff --git a/krebs/2configs/shack/doorstatus.sh b/krebs/2configs/shack/doorstatus.sh
index 46314cb9c..aa6c1c3d1 100755
--- a/krebs/2configs/shack/doorstatus.sh
+++ b/krebs/2configs/shack/doorstatus.sh
@@ -54,7 +54,8 @@ Herr makefu an Kasse 3 bitte, Kasse 3 bitte Herr makefu. Der API Computer ist ma
 EOF
 )
 
-state=$(curl -fSsk https://api.shackspace.de/v1/space | jq  .doorState.open)
+payload=$(curl -fSsk https://api.shackspace.de/v1/space)
+state=$(printf '%s' "$payload" | jq  .doorState.open)
 prevstate=$(cat state ||:)
 
 if test "$state" == "$(cat state)";then