summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2020-09-08 22:19:15 +0200
committertv <tv@krebsco.de>2020-09-08 22:19:15 +0200
commitf3aac671f823063f225096984ff8644190cf9b91 (patch)
treec33c4e9d8da1ba419541950f110f4b4dfbf8155b
parent6fbbf7e6170f6a1ba42c5dcecd11ca67c6bc5afd (diff)
parent549598bfd9cf6e94f8bb83ebbcc17400069f1198 (diff)
Merge remote-tracking branch 'prism/master'
-rw-r--r--.gitlab-ci.yml14
-rw-r--r--krebs/0tests/data/secrets/gollum.id_ed255190
-rw-r--r--krebs/1systems/puyak/config.nix2
-rw-r--r--krebs/2configs/shack/gitlab-runner.nix2
-rw-r--r--krebs/2configs/shack/glados/multi/wasser.nix2
-rw-r--r--krebs/2configs/shack/share.nix4
-rw-r--r--krebs/2configs/wiki.nix83
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/external/default.nix4
-rw-r--r--krebs/3modules/external/mic92.nix71
-rw-r--r--krebs/3modules/external/ssh/mic92.pub (renamed from krebs/3modules/external/ssh/Mic92.pub)0
-rw-r--r--krebs/3modules/gollum.nix112
-rw-r--r--krebs/nixpkgs-unstable.json6
-rw-r--r--krebs/nixpkgs.json6
-rw-r--r--lass/1systems/blue/config.nix8
-rw-r--r--lass/1systems/prism/config.nix8
-rw-r--r--lass/2configs/default.nix1
-rw-r--r--lass/5pkgs/deploy/default.nix6
-rw-r--r--makefu/0tests/data/secrets/bureautomation/citadel.nix4
-rw-r--r--makefu/2configs/bureautomation/camera/comic.nix4
-rw-r--r--makefu/2configs/bureautomation/comic-updater.nix12
-rw-r--r--makefu/2configs/bureautomation/default.nix7
-rw-r--r--makefu/2configs/git/cgit-retiolum.nix1
-rw-r--r--makefu/2configs/tools/consoles.nix2
-rw-r--r--makefu/2configs/tools/media.nix1
-rw-r--r--makefu/5pkgs/hactool/default.nix30
-rw-r--r--makefu/5pkgs/nx_game_info/default.nix32
27 files changed, 367 insertions, 56 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 4a7a4e605..76a304af8 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -10,8 +10,12 @@ before_script:
- chmod 600 ~/.ssh/gitlab_deploy.key
- echo "$ssh_git_shackspace_serverkey" >> ~/.ssh/known_hosts
# import secret key for secrets
+ - which gpg
+ - which gpg2
- echo "$secrets_gpg_key" | gpg --import
deployment test:
+ tags:
+ - nix
stage: test
script:
- GIT_SSH_COMMAND="ssh -i ~/.ssh/gitlab_deploy.key" git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain
@@ -21,6 +25,8 @@ deployment test:
- $(nix-build krebs/krops.nix --no-out-link --argstr name puyak --argstr target /tmp -A test)
nix-shell test:
stage: test
+ tags:
+ - nix
script:
- nix-shell --pure --command 'true' -p stdenv && echo success
- nix-shell --pure --command 'false' -p stdenv || echo success
@@ -29,6 +35,9 @@ nix-shell test:
- gpg --version
- curl --version
wolf deployment:
+ tags:
+ - shacklan
+ - nix
stage: deploy
script:
- cp ~/.ssh/gitlab_deploy.key ~/.ssh/id_rsa
@@ -44,6 +53,9 @@ wolf deployment:
- .gitmodules
puyak deployment:
stage: deploy
+ tags:
+ - shacklan
+ - nix
script:
- cp ~/.ssh/gitlab_deploy.key ~/.ssh/id_rsa
- git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain
@@ -58,6 +70,8 @@ puyak deployment:
- .gitmodules
nur-packages makefu:
stage: deploy
+ tags:
+ - nix
script:
- git reset --hard origin/master
- git filter-branch -f --prune-empty --subdirectory-filter makefu/5pkgs HEAD
diff --git a/krebs/0tests/data/secrets/gollum.id_ed25519 b/krebs/0tests/data/secrets/gollum.id_ed25519
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/krebs/0tests/data/secrets/gollum.id_ed25519
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index a50d2eab4..c84887eaa 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -84,7 +84,7 @@
'';
users.users.joerg = {
- openssh.authorizedKeys.keys = [ config.krebs.users.Mic92.pubkey ];
+ openssh.authorizedKeys.keys = [ config.krebs.users.mic92.pubkey ];
isNormalUser = true;
shell = "/run/current-system/sw/bin/zsh";
};
diff --git a/krebs/2configs/shack/gitlab-runner.nix b/krebs/2configs/shack/gitlab-runner.nix
index 5f2ca02d9..bd391851a 100644
--- a/krebs/2configs/shack/gitlab-runner.nix
+++ b/krebs/2configs/shack/gitlab-runner.nix
@@ -14,6 +14,8 @@ in
## registrationConfigurationFile contains:
# CI_SERVER_URL=<CI server URL>
# REGISTRATION_TOKEN=<registration secret>
+ # RUNNER_TAG_LIST=nix,shacklan
+ # RUNNER_NAME=stockholm-runner-$name
registrationConfigFile = <secrets/shackspace-gitlab-ci>;
#gracefulTermination = true;
};
diff --git a/krebs/2configs/shack/glados/multi/wasser.nix b/krebs/2configs/shack/glados/multi/wasser.nix
index 0a7ffc41c..6f3dc98ad 100644
--- a/krebs/2configs/shack/glados/multi/wasser.nix
+++ b/krebs/2configs/shack/glados/multi/wasser.nix
@@ -2,7 +2,7 @@
# switch.crafting_giesskanne_relay
let
glados = import ../lib;
- seconds = 5;
+ seconds = 10;
wasser = "switch.crafting_giesskanne_relay";
in
{
diff --git a/krebs/2configs/shack/share.nix b/krebs/2configs/shack/share.nix
index 247b9ee7d..465d6ef69 100644
--- a/krebs/2configs/shack/share.nix
+++ b/krebs/2configs/shack/share.nix
@@ -33,6 +33,10 @@
printing = bsd
printcap name = /dev/null
disable spoolss = yes
+
+ # for legacy systems
+ client min protocol = NT1
+ server min protocol = NT1
'';
};
}
diff --git a/krebs/2configs/wiki.nix b/krebs/2configs/wiki.nix
index 2350e711e..e4f05a6e6 100644
--- a/krebs/2configs/wiki.nix
+++ b/krebs/2configs/wiki.nix
@@ -1,9 +1,41 @@
-{ config, ... }:
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+let
+ setupGit = ''
+ export PATH=${makeBinPath [ pkgs.git ]}
+ export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.krebs.gollum.stateDir}/.ssh/id_ed25519'
+ repo='git@localhost:wiki'
+ cd ${config.krebs.gollum.stateDir}
+ if ! url=$(git config remote.origin.url); then
+ git remote add origin "$repo"
+ elif test "$url" != "$repo"; then
+ git remote set-url origin "$repo"
+ fi
+ '';
+
+ pushGollum = pkgs.writeDash "push_gollum" ''
+ ${setupGit}
+ git fetch origin
+ git merge --ff-only origin/master
+ '';
+
+ pushCgit = pkgs.writeDash "push_cgit" ''
+ ${setupGit}
+ git push origin master
+ '';
+
+in
{
- services.gollum = {
+ krebs.gollum = {
enable = true;
+ extraConfig = ''
+ Gollum::Hook.register(:post_commit, :hook_id) do |committer, sha1|
+ system('${pushCgit}')
+ end
+ '';
};
+
networking.firewall.allowedTCPPorts = [ 80 ];
services.nginx = {
enable = true;
@@ -16,4 +48,51 @@
'';
};
};
+
+ krebs.git = {
+ enable = true;
+ cgit.settings = {
+ root-title = "krebs repos";
+ };
+ rules = with git; [
+ {
+ user = [
+ {
+ name = "gollum";
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMXbjDnQWg8EECsNRZZWezocMIiuENhCSQFcFUXcsOQ6";
+ }
+ ] ++ (attrValues config.krebs.users);
+ repo = [ config.krebs.git.repos.wiki ];
+ perm = push ''refs/heads/master'' [ create merge ];
+ }
+ ];
+ repos.wiki = {
+ public = true;
+ name = "wiki";
+ hooks = {
+ post-receive = ''
+ ${pkgs.git-hooks.irc-announce {
+ channel = "#xxx";
+ refs = [
+ "refs/heads/master"
+ ];
+ nick = config.networking.hostName;
+ server = "irc.r";
+ verbose = true;
+ }}
+ /run/wrappers/bin/sudo -S -u gollum ${pushGollum}
+ '';
+ };
+ };
+ };
+
+ krebs.secret.files.gollum = {
+ path = "${config.krebs.gollum.stateDir}/.ssh/id_ed25519";
+ owner = { name = "gollum"; };
+ source-path = "${<secrets/gollum.id_ed25519>}";
+ };
+
+ security.sudo.extraConfig = ''
+ git ALL=(gollum) NOPASSWD: ${pushGollum}
+ '';
}
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 9e4146ff2..bd6bab376 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -27,6 +27,7 @@ let
./github-known-hosts.nix
./git.nix
./go.nix
+ ./gollum.nix
./hidden-ssh.nix
./hosts.nix
./htgen.nix
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index 082dfd80f..e1667cb68 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -465,9 +465,9 @@ in {
mail = "kieran.meinhardt@gmail.com";
pubkey = ssh-for "kmein";
};
- Mic92 = {
+ mic92 = {
mail = "joerg@thalheim.io";
- pubkey = ssh-for "Mic92";
+ pubkey = ssh-for "mic92";
};
qubasa = {
mail = "luis.nixos@gmail.com";
diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix
index b8aaf9900..782f8ac04 100644
--- a/krebs/3modules/external/mic92.nix
+++ b/krebs/3modules/external/mic92.nix
@@ -11,7 +11,7 @@ with import <stockholm/lib>;
in {
hosts = mapAttrs hostDefaults {
amy = {
- owner = config.krebs.users.Mic92;
+ owner = config.krebs.users.mic92;
nets = rec {
internet = {
ip4.addr = "129.215.165.57";
@@ -44,7 +44,7 @@ in {
};
};
clara = {
- owner = config.krebs.users.Mic92;
+ owner = config.krebs.users.mic92;
nets = rec {
internet = {
ip4.addr = "129.215.165.58";
@@ -77,7 +77,7 @@ in {
};
};
dimitrios = {
- owner = config.krebs.users.Mic92;
+ owner = config.krebs.users.mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.183";
@@ -98,7 +98,7 @@ in {
};
};
donna = {
- owner = config.krebs.users.Mic92;
+ owner = config.krebs.users.mic92;
nets = rec {
internet = {
ip4.addr = "129.215.165.54";
@@ -132,7 +132,7 @@ in {
};
};
dpdkm = {
- owner = config.krebs.users.Mic92;
+ owner = config.krebs.users.mic92;
nets = rec {
retiolum = {
ip4.addr = "10.243.29.173";
@@ -156,7 +156,7 @@ in {
};
};
herbert = {
- owner = config.krebs.users.Mic92;
+ owner = config.krebs.users.mic92;
nets = rec {
retiolum = {
addrs = [
@@ -179,7 +179,7 @@ in {
};
};
inspector = {
- owner = config.krebs.users.Mic92;
+ owner = config.krebs.users.mic92;
nets = rec {
internet = {
ip4.addr = "141.76.44.154";
@@ -208,7 +208,7 @@ in {
};
};
eddie = {
- owner = config.krebs.users.Mic92;
+ owner = config.krebs.users.mic92;
nets = rec {
internet = {
# eddie.thalheim.io
@@ -242,7 +242,7 @@ in {
};
};
eve = {
- owner = config.krebs.users.Mic92;
+ owner = config.krebs.users.mic92;
nets = rec {
internet = {
# eve.thalheim.io
@@ -273,13 +273,17 @@ in {
Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
- # ohorn lan
- tinc.subnets = [ "fd42:4492:6a6d:500:8526:2adf:7451:8bbb" ];
+ tinc.subnets = [
+ # ohorn lan
+ "fd42:4492:6a6d:500:8526:2adf:7451:8bbb"
+ # docker network
+ "42:0000:002b:1605:3::/80"
+ ];
};
};
};
martha = {
- owner = config.krebs.users.Mic92;
+ owner = config.krebs.users.mic92;
nets = rec {
internet = {
ip4.addr = "129.215.165.53";
@@ -313,7 +317,7 @@ in {
};
};
matchbox = {
- owner = config.krebs.users.Mic92;
+ owner = config.krebs.users.mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.176";
@@ -339,7 +343,7 @@ in {
};
};
rock = {
- owner = config.krebs.users.Mic92;
+ owner = config.krebs.users.mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.171";
@@ -363,7 +367,7 @@ in {
};
};
rose = {
- owner = config.krebs.users.Mic92;
+ owner = config.krebs.users.mic92;
nets = rec {
internet = {
ip4.addr = "129.215.165.52";
@@ -397,7 +401,7 @@ in {
};
};
turingmachine = {
- owner = config.krebs.users.Mic92;
+ owner = config.krebs.users.mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.168";
@@ -425,7 +429,7 @@ in {
};
};
harsha = {
- owner = config.krebs.users.Mic92;
+ owner = config.krebs.users.mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.184";
@@ -446,22 +450,35 @@ in {
};
};
eva = {
- owner = config.krebs.users.Mic92;
- nets = {
+ owner = config.krebs.users.mic92;
+ nets = rec {
+ internet = {
+ # eva.thalheim.io
+ ip4.addr = "52.59.172.193";
+ ip6.addr = "2a05:d014:301:a601:ef0e:5434:d814:b8ed";
+ aliases = [ "eva.i" ];
+ };
retiolum = {
+ via = internet;
ip4.addr = "10.243.29.185";
aliases = [
"eva.r"
];
tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAqIc+ozq3hKHMe/X3v4j+6or8LMjEV7MtQ8/+n00xpG4NkI4G38Bv
- 3nmAcV7OhN6of0fr0psbBmym+2VxCZbpl8E3g1GWSKpAvlmP/9v4wDVdrADaTvXC
- pzCxejtCwEhKLisnMwCMJCuUPbIsSBU+IQDPKP7NP0yY5VapgW3Xl3qXpnehCW1r
- NBZjZASnhSXcJRLJayEDN6uBviYrnnfbrHOx4fPcjQPTHX5RYr3EbgGZQO9xki44
- 9dKT4EA95lupTqC3wzuQbaNpvIuVzmggiDY/NsBIVh0/2XjGnO54wtCEPudaLnWd
- WNtc1wfVFB6gzgG1N7msOuFUReOIfyF/ywIDAQAB
- -----END RSA PUBLIC KEY-----
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyHptaExEcSUjEJ+RH33h
+ uRK0Ttq8mJLDosWFYcoQkcL9S54aO9kF1gRJAKPBHoOt/IGeOxg2LNYWK6UjWfUy
+ LB9c42EQ1wWZ2jSJ0LJgYzjR9cp3dlo9aHSa//O6p6eLpXRo9QLf8+aIWhNW5+BG
+ sLIMR5b6Ngc2l8xQS+wvMmvTWJt3LyfQ6AKiKwCjeyrUFiuw0VWSn1I6n7H+CZBZ
+ f/UvSxLucy1e0rvbHoTITOflIAfA84iCHsHsZjVqrx1iyOMdPtY2sBPmWhtVemDo
+ duwzUpIuaJnWS7JOB4jsYWm672/KfzK7yAivqxD19OwqfZ3nNQ7sEDb3p4udw2Lf
+ 0dqHwZ5Hoj21vs3XiXX/SHcSf5QLzpj1MWBkV3r1D8I8v3P5qUbLunCofp3d9GxE
+ N0gK06gqbLNonJvC/WD7lxeY32Rh1wYXbzbD/X6aWe/oD8WMIl312hH4cHQHOnVT
+ t76NISlYTPxwX5mfFsBm8t0GjnnWY2jLwaefk7N/CwoDaKhkhmw1oeAZMuRcDRvE
+ 0ecpO4CZ6CcYERLxoYHgEAj3cMkSrQ8dT6XS4b9EO4hW4zCQ3RK9xDz71+uaihuB
+ 6uuTTsn7s0PYBJDNdccOf1Qt8fqPPgzqUKqeUciHojYDDPTC5KQh5m2PBv4I4iIR
+ LnKOqNUX7UCqbdaE/tfFRG0CAwEAAQ==
+ -----END PUBLIC KEY-----
'';
};
};
diff --git a/krebs/3modules/external/ssh/Mic92.pub b/krebs/3modules/external/ssh/mic92.pub
index 600709c78..600709c78 100644
--- a/krebs/3modules/external/ssh/Mic92.pub
+++ b/krebs/3modules/external/ssh/mic92.pub
diff --git a/krebs/3modules/gollum.nix b/krebs/3modules/gollum.nix
new file mode 100644
index 000000000..4b4e04d16
--- /dev/null
+++ b/krebs/3modules/gollum.nix
@@ -0,0 +1,112 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.krebs.gollum;
+in
+
+{
+ options.krebs.gollum = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ description = "Enable the Gollum service.";
+ };
+
+ address = mkOption {
+ type = types.str;
+ default = "0.0.0.0";
+ description = "IP address on which the web server will listen.";
+ };
+
+ port = mkOption {
+ type = types.int;
+ default = 4567;
+ description = "Port on which the web server will run.";
+ };
+
+ extraConfig = mkOption {
+ type = types.lines;
+ default = "";
+ description = "Content of the configuration file";
+ };
+
+ mathjax = mkOption {
+ type = types.bool;
+ default = false;
+ description = "Enable support for math rendering using MathJax";
+ };
+
+ allowUploads = mkOption {
+ type = types.nullOr (types.enum [ "dir" "page" ]);
+ default = null;
+ description = "Enable uploads of external files";
+ };
+
+ emoji = mkOption {
+ type = types.bool;
+ default = false;
+ description = "Parse and interpret emoji tags";
+ };
+
+ branch = mkOption {
+ type = types.str;
+ default = "master";
+ example = "develop";
+ description = "Git branch to serve";
+ };
+
+ stateDir = mkOption {
+ type = types.path;
+ default = "/var/lib/gollum";
+ description = "Specifies the path of the repository directory. If it does not exist, Gollum will create it on startup.";
+ };
+
+ };
+
+ config = mkIf cfg.enable {
+
+ users.users.gollum = {
+ group = config.users.users.gollum.name;
+ description = "Gollum user";
+ home = cfg.stateDir;
+ createHome = false;
+ isSystemUser = true;
+ };
+
+ users.groups.gollum = { };
+
+ systemd.tmpfiles.rules = [
+ "d '${cfg.stateDir}' - ${config.users.users.gollum.name} ${config.users.groups.gollum.name} - -"
+ ];
+
+ systemd.services.gollum = {
+ description = "Gollum wiki";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ path = [ pkgs.git ];
+
+ preStart = ''
+ # This is safe to be run on an existing repo
+ git init ${cfg.stateDir}
+ '';
+
+ serviceConfig = {
+ User = config.users.users.gollum.name;
+ Group = config.users.groups.gollum.name;
+ ExecStart = ''
+ ${pkgs.gollum}/bin/gollum \
+ --port ${toString cfg.port} \
+ --host ${cfg.address} \
+ --config ${pkgs.writeText "gollum-config.rb" cfg.extraConfig} \
+ --ref ${cfg.branch} \
+ ${optionalString cfg.mathjax "--mathjax"} \
+ ${optionalString cfg.emoji "--emoji"} \
+ ${optionalString (cfg.allowUploads != null) "--allow-uploads ${cfg.allowUploads}"} \
+ ${cfg.stateDir}
+ '';
+ };
+ };
+ };
+}
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index 1973a012a..35e74c3b1 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "8e2b14aceb1d40c7e8b84c03a7c78955359872bb",
- "date": "2020-08-05T09:17:35+01:00",
- "sha256": "0zzjpd9smr7rxzrdf6raw9kbj42fbvafxb5bz36lcxgv290pgsm8",
+ "rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
+ "date": "2020-08-20T19:08:02+02:00",
+ "sha256": "1ak7jqx94fjhc68xh1lh35kh3w3ndbadprrb762qgvcfb8351x8v",
"fetchSubmodules": false
}
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 04684a220..363d68583 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "e23e05452c67ce406debffa831290fb3abaabf0e",
- "date": "2020-08-06T15:33:30+02:00",
- "sha256": "10wlcm20bvak8cxjhfvmn0vm4n9da3zl19026h66zc1wfmcqgrkp",
+ "rev": "42674051d12540d4a996504990c6ea3619505953",
+ "date": "2020-09-06T21:21:08-04:00",
+ "sha256": "1hz1n1hghilgzk4zlya498xm5lvhsf0r5b49yii7q86h3616fhwy",
"fetchSubmodules": false
}
diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix
index 14f4971f7..c46bb351e 100644
--- a/lass/1systems/blue/config.nix
+++ b/lass/1systems/blue/config.nix
@@ -15,14 +15,6 @@ with import <stockholm/lib>;
krebs.build.host = config.krebs.hosts.blue;
- environment.shellAliases = {
- deploy = pkgs.writeDash "deploy" ''
- set -eu
- export SYSTEM="$1"
- $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
- '';
- };
-
networking.nameservers = [ "1.1.1.1" ];
services.restic.backups = genAttrs [
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index f1f14e791..33ec21e72 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -396,12 +396,12 @@ with import <stockholm/lib>;
];
}
{
- nix.trustedUsers = [ "Mic92" ];
- users.users.Mic92 = {
- uid = genid_uint31 "Mic92";
+ nix.trustedUsers = [ "mic92" ];
+ users.users.mic92 = {
+ uid = genid_uint31 "mic92";
isNormalUser = true;
openssh.authorizedKeys.keys = [
- config.krebs.users.Mic92.pubkey
+ config.krebs.users.mic92.pubkey
];
};
}
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index b0d7ff23b..ae2754c96 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -93,6 +93,7 @@ with import <stockholm/lib>;
environment.systemPackages = with pkgs; [
#stockholm
+ deploy
git
gnumake
jq
diff --git a/lass/5pkgs/deploy/default.nix b/lass/5pkgs/deploy/default.nix
new file mode 100644
index 000000000..c07cf20d1
--- /dev/null
+++ b/lass/5pkgs/deploy/default.nix
@@ -0,0 +1,6 @@
+{ writers }:
+writers.writeDashBin "deploy" ''
+ set -eu
+ export SYSTEM="$1"
+ $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
+''
diff --git a/makefu/0tests/data/secrets/bureautomation/citadel.nix b/makefu/0tests/data/secrets/bureautomation/citadel.nix
new file mode 100644
index 000000000..b4433109c
--- /dev/null
+++ b/makefu/0tests/data/secrets/bureautomation/citadel.nix
@@ -0,0 +1,4 @@
+{
+ MATRIX_TOKEN="a";
+ MATRIX_ID="b";
+}
diff --git a/makefu/2configs/bureautomation/camera/comic.nix b/makefu/2configs/bureautomation/camera/comic.nix
index a847b0add..a523d032e 100644
--- a/makefu/2configs/bureautomation/camera/comic.nix
+++ b/makefu/2configs/bureautomation/camera/comic.nix
@@ -3,4 +3,8 @@
platform = "generic";
still_image_url = http://127.0.0.1:8123/local/lines.png ;
}
+ { name = "XKCD";
+ platform = "generic";
+ still_image_url = http://127.0.0.1:8123/local/xkcd.png ;
+ }
]
diff --git a/makefu/2configs/bureautomation/comic-updater.nix b/makefu/2configs/bureautomation/comic-updater.nix
index 5f26bc2c7..1e2440939 100644
--- a/makefu/2configs/bureautomation/comic-updater.nix
+++ b/makefu/2configs/bureautomation/comic-updater.nix
@@ -6,21 +6,29 @@ let
in {
systemd.services.comic-updater = {
startAt = "daily";
- description = "Send led change to message queue";
+ description = "update our comics";
after = [ "network-online.target" ] ++ (lib.optional config.services.mosquitto.enable "mosquitto.service");
path = with pkgs; [ wget xmlstarlet ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "hass";
WorkingDirectory = config.services.home-assistant.configDir;
- ExecStart = pkgs.writeDash "update-poorly-drawn-lines" ''
+ ExecStart = pkgs.writeDash "update-comics" ''
set -euf
mkdir -p www/
cd www/
+ # poorly drawn lines
pic=$(wget -O- http://www.poorlydrawnlines.com/feed/ \
| xml sel -t -v '/rss/channel/item/content:encoded' \
| head -n 2 | sed -n 's/.*src="\([^"]\+\)".*/\1/p' )
wget "$pic" -nc && cp -v "$(basename "$pic")" lines.png
+
+ #pic=$(curl -L xkcd.com 2>/dev/null | grep imgs.xkcd.com | grep title | sed -n 's/.*src="\([^"]\+\)" .*/https:\1/p')
+ # xkcd
+ pic=$(wget -O- https://xkcd.com/rss.xml \
+ | xml sel -t -v '/rss/channel/item/description' \
+ | head -n 1 | sed -n 's/.*src="\([^"]\+\)".*/\1/p' )
+ wget "$pic" -nc && cp -v "$(basename "$pic")" xkcd.png
'';
PrivateTmp = true;
};
diff --git a/makefu/2configs/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix
index c115bcb6c..9b33595f4 100644
--- a/makefu/2configs/bureautomation/default.nix
+++ b/makefu/2configs/bureautomation/default.nix
@@ -137,9 +137,9 @@ in {
++ frosch.binary_sensor
++ aramark.binary_sensor;
- sensor =
- # [{ platform = "version"; }] ++ # pyhaversion
- (import ./sensor/pollen.nix)
+ sensor = []
+ ++ [{ platform = "version"; }] # pyhaversion
+ ++ (import ./sensor/pollen.nix)
++ (import ./sensor/espeasy.nix)
++ (import ./sensor/airquality.nix)
++ ((import ./sensor/outside.nix) {inherit lib;})
@@ -238,6 +238,7 @@ in {
"camera.Autobahn_Singen"
"camera.puppies"
"camera.poorly_drawn_lines"
+ "camera.xkcd"
];
nachtlicht = [
"switch.nachtlicht_a"
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index 639994674..3e3ef09a8 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -19,6 +19,7 @@ let
cgit.desc = "Yet Another Check-Out System";
};
ebk-notify.cgit.desc = "Ebay Kleinanzeigen Notify";
+ kalauerbot.cgit.desc = "Kalauer König";
};
krebs-repos = mapAttrs make-krebs-repo {
diff --git a/makefu/2configs/tools/consoles.nix b/makefu/2configs/tools/consoles.nix
index 7090804d4..e54ff4ff5 100644
--- a/makefu/2configs/tools/consoles.nix
+++ b/makefu/2configs/tools/consoles.nix
@@ -5,5 +5,7 @@
hdl-dump
bin2iso
cue2pops
+ nx_game_info
+ hactool
];
}
diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix
index 21d302297..d66ea7760 100644
--- a/makefu/2configs/tools/media.nix
+++ b/