From 0501b46d1358e24ba077c020b2c8dcbb011f101a Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 27 Jan 2022 20:54:46 +0100
Subject: l prism.r: add ssl for murmur

---
 lass/2configs/murmur.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lass/2configs/murmur.nix b/lass/2configs/murmur.nix
index 7cc4051a8..42670dfbb 100644
--- a/lass/2configs/murmur.nix
+++ b/lass/2configs/murmur.nix
@@ -2,10 +2,16 @@
 {
   services.murmur = {
     enable = true;
+    allowHtml = false;
     bandwidth = 10000000;
     registerName = "lassul.us";
     autobanTime = 30;
+    sslCert = "/var/lib/acme/lassul.us/cert.pem";
+    sslKey = "/var/lib/acme/lassul.us/key.pem";
   };
+  users.groups.lasscert.members = [
+    "murmur"
+  ];
   krebs.iptables.tables.filter.INPUT.rules = [
     { predicate = "-p tcp --dport 64738"; target = "ACCEPT";}
     { predicate = "-p udp --dport 64738"; target = "ACCEPT";}
-- 
cgit v1.2.3


From 8f603a3f218bf35285a50c03f257902eca3efa61 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 28 Jan 2022 11:05:19 +0100
Subject: syncthing: remove declarative namespace

---
 krebs/2configs/syncthing.nix   | 8 +++-----
 lass/2configs/sync/decsync.nix | 2 +-
 lass/2configs/sync/sync.nix    | 2 +-
 lass/2configs/sync/weechat.nix | 2 +-
 4 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/krebs/2configs/syncthing.nix b/krebs/2configs/syncthing.nix
index 125e2aea4..dac1863d5 100644
--- a/krebs/2configs/syncthing.nix
+++ b/krebs/2configs/syncthing.nix
@@ -8,11 +8,9 @@ in {
   services.syncthing = {
     enable = true;
     configDir = "/var/lib/syncthing";
-    declarative = {
-      devices = mk_peers used_peers;
-      key = toString <secrets/syncthing.key>;
-      cert = toString <secrets/syncthing.cert>;
-    };
+    devices = mk_peers used_peers;
+    key = toString <secrets/syncthing.key>;
+    cert = toString <secrets/syncthing.cert>;
   };
 
   boot.kernel.sysctl."fs.inotify.max_user_watches" = 524288;
diff --git a/lass/2configs/sync/decsync.nix b/lass/2configs/sync/decsync.nix
index 9caefdd2d..a38cff8d6 100644
--- a/lass/2configs/sync/decsync.nix
+++ b/lass/2configs/sync/decsync.nix
@@ -1,5 +1,5 @@
 {
-  services.syncthing.declarative.folders.decsync = {
+  services.syncthing.folders.decsync = {
     path = "/home/lass/decsync";
     devices = [ "mors" "blue" "green" "phone" ];
   };
diff --git a/lass/2configs/sync/sync.nix b/lass/2configs/sync/sync.nix
index 7c0f2e030..a0927c199 100644
--- a/lass/2configs/sync/sync.nix
+++ b/lass/2configs/sync/sync.nix
@@ -1,5 +1,5 @@
 {
-  services.syncthing.declarative.folders."/home/lass/sync" = {
+  services.syncthing.folders."/home/lass/sync" = {
     devices = [ "mors" "icarus" "xerxes" "shodan" "green" "blue" "coaxmetal" ];
   };
   krebs.permown."/home/lass/sync" = {
diff --git a/lass/2configs/sync/weechat.nix b/lass/2configs/sync/weechat.nix
index 7970f3081..eb6b0aa16 100644
--- a/lass/2configs/sync/weechat.nix
+++ b/lass/2configs/sync/weechat.nix
@@ -1,5 +1,5 @@
 {
-  services.syncthing.declarative.folders."/home/lass/.weechat".devices = [ "green" "mors" ];
+  services.syncthing.folders."/home/lass/.weechat".devices = [ "green" "mors" ];
   krebs.permown."/home/lass/.weechat" = {
     owner = "lass";
     group = "syncthing";
-- 
cgit v1.2.3


From a9077cd1ff39feca11e820c233e4370a33d0350d Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 28 Jan 2022 14:18:38 +0100
Subject: l hass: use new zigbee settings

---
 lass/2configs/hass/zigbee.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lass/2configs/hass/zigbee.nix b/lass/2configs/hass/zigbee.nix
index 789a7fb92..8fc02263b 100644
--- a/lass/2configs/hass/zigbee.nix
+++ b/lass/2configs/hass/zigbee.nix
@@ -15,7 +15,7 @@ in {
   services.zigbee2mqtt = {
     enable = true;
     package = unstable-pkgs.zigbee2mqtt;
-    config = {
+    settings = {
       homeassistant = true;
       frontend.port = 1337;
       experimental.new_api = true;
-- 
cgit v1.2.3


From 5e3141c9e958e2b2f48d4245ca0a894f9eaaf714 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 28 Jan 2022 16:15:30 +0100
Subject: l fysiirc: send only handled events

---
 lass/2configs/fysiirc.nix | 42 ++++++++++++++++++++++++++++++++----------
 1 file changed, 32 insertions(+), 10 deletions(-)

diff --git a/lass/2configs/fysiirc.nix b/lass/2configs/fysiirc.nix
index d2aaa73c5..f3c1d5b7c 100644
--- a/lass/2configs/fysiirc.nix
+++ b/lass/2configs/fysiirc.nix
@@ -1,5 +1,33 @@
-{ config, lib, pkgs, ... }:
-{
+{ config, lib, pkgs, ... }: let
+
+  format-github-message = pkgs.writeDashBin "format-github-message" ''
+    set -xefu
+    export PATH=${lib.makeBinPath [
+      pkgs.jq
+    ]}
+    INPUT=$(jq -c .)
+    if $(echo "$INPUT" | jq 'has("issue") or has("pull_request")'); then
+      ${write_to_irc} "$(echo "$INPUT" | jq -r '
+        "\(.action): " +
+        "[\(.issue.title // .pull_request.title)] " +
+        "\(.comment.html_url // .issue.html_url // .pull_request.html_url) " +
+        "by \(.comment.user.login // .issue.user.login // .pull_request.user.login)"
+      ')"
+    fi
+  '';
+
+  write_to_irc = pkgs.writeDash "write_to_irc" ''
+    ${pkgs.curl}/bin/curl -fsSv http://localhost:44001 \
+      -H content-type:application/json \
+      -d "$(${pkgs.jq}/bin/jq -n \
+        --arg text "$1" '{
+          command:"PRIVMSG",
+          params:["#fysi",$text]
+        }'
+      )"
+  '';
+
+in {
   krebs.iptables.tables.filter.INPUT.rules = [
     { predicate = "-p tcp --dport 44002"; target = "ACCEPT"; }
   ];
@@ -26,20 +54,14 @@
       name = "reaktor2-fysiweb-github";
     };
     script = ''. ${pkgs.writeDash "github-irc" ''
+      set -efu
       case "$Method $Request_URI" in
         "POST /")
           payload=$(head -c "$req_content_length" \
             | sed 's/+/ /g;s/%\(..\)/\\x\1/g;' \
             | xargs -0 echo -e \
           )
-          ${pkgs.curl}/bin/curl -fsSv http://localhost:44001/ \
-           -H content-type:application/json \
-           -d "$(echo "$payload" | ${pkgs.jq}/bin/jq \
-             '{
-               command:"PRIVMSG",
-               params:["#fysi", "\(.action): \(.comment.html_url // .issue.html_url // .pull_request.html_url)"]
-             }'
-           )"
+          echo "$payload" | ${format-github-message}/bin/format-github-message
           printf 'HTTP/1.1 200 OK\r\n'
           printf 'Connection: close\r\n'
           printf '\r\n'
-- 
cgit v1.2.3

[cgit] Unable to lock slot /tmp/cgit/55200000.lock: No such file or directory (2)