summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@shackspace.de>2015-10-09 14:48:58 +0200
committertv <tv@shackspace.de>2015-10-09 14:48:58 +0200
commit96f4248b65ff1539eded24572ae1805b27c53d50 (patch)
tree31ff450cc4a5166306c62f99fdd2d1caf3219ecb
parent694c79a5bc05014604fa2467f965b370102ff78f (diff)
parent4072a32f89b9cc1c1e7c3583ac5b9ce5dcb004af (diff)
Merge remote-tracking branch 'cloudkrebs/master'
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/lass/default.nix10
-rw-r--r--krebs/3modules/realwallpaper.nix (renamed from lass/3modules/realwallpaper.nix)10
-rw-r--r--krebs/5pkgs/default.nix2
-rw-r--r--krebs/5pkgs/passwdqc-utils/default.nix27
-rw-r--r--krebs/5pkgs/realwallpaper.nix (renamed from lass/5pkgs/realwallpaper.nix)0
-rw-r--r--lass/1systems/echelon.nix6
-rw-r--r--lass/1systems/mors.nix1
-rw-r--r--lass/2configs/desktop-base.nix4
-rw-r--r--lass/2configs/git.nix3
-rw-r--r--lass/2configs/go.nix16
-rw-r--r--lass/2configs/ircd.nix7
-rw-r--r--lass/2configs/realwallpaper.nix6
-rw-r--r--lass/2configs/redis.nix8
-rw-r--r--lass/2configs/skype.nix30
-rw-r--r--lass/3modules/default.nix1
-rw-r--r--lass/3modules/go.nix61
-rw-r--r--lass/5pkgs/default.nix2
-rw-r--r--lass/5pkgs/go/default.nix59
-rw-r--r--lass/5pkgs/go/packages.nix44
-rw-r--r--makefu/1systems/pnp.nix4
-rw-r--r--makefu/1systems/pornocauster.nix2
-rw-r--r--makefu/1systems/wry.nix4
-rw-r--r--makefu/2configs/Reaktor/random-emoji.nix25
-rw-r--r--makefu/2configs/Reaktor/random-emoji.sh5
-rw-r--r--makefu/2configs/Reaktor/shack-correct.nix20
-rw-r--r--makefu/2configs/Reaktor/shack-correct.sh6
-rw-r--r--makefu/2configs/git/cgit-retiolum.nix1
-rw-r--r--makefu/3modules/tinc_graphs.nix29
-rw-r--r--makefu/5pkgs/tinc_graphs/default.nix4
30 files changed, 363 insertions, 35 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 69613d4c3..ea1894709 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -14,6 +14,7 @@ let
./iptables.nix
./nginx.nix
./Reaktor.nix
+ ./realwallpaper.nix
./retiolum.nix
./urlwatch.nix
];
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index aa071270c..9dbc597ed 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -34,9 +34,11 @@ with import ../../4lib { inherit lib; };
'';
};
};
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK";
};
fastpoke = {
- dc = "lass"; #dc = "cac";
+ dc = "lass";
nets = rec {
internet = {
addrs4 = ["193.22.164.36"];
@@ -95,6 +97,8 @@ with import ../../4lib { inherit lib; };
'';
};
};
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7oYx7Lbkc0wPYNp92LQF93DCtxsGzOkVD91FJQzVZl";
};
uriel = {
cores = 1;
@@ -119,6 +123,8 @@ with import ../../4lib { inherit lib; };
'';
};
};
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBryIo/Waw8SWvlQ0+5I+Bd/dJgcMd6iPXtELS6gQXoc";
secure = true;
};
mors = {
@@ -145,6 +151,8 @@ with import ../../4lib { inherit lib; };
};
};
secure = true;
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD";
};
};
diff --git a/lass/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix
index 85dd35233..7e02538f5 100644
--- a/lass/3modules/realwallpaper.nix
+++ b/krebs/3modules/realwallpaper.nix
@@ -8,12 +8,10 @@ let
mkIf
;
- lpkgs = import ../5pkgs { inherit pkgs; };
-
- cfg = config.lass.realwallpaper;
+ cfg = config.krebs.realwallpaper;
out = {
- options.lass.realwallpaper = api;
+ options.krebs.realwallpaper = api;
config = mkIf cfg.enable imp;
};
@@ -57,13 +55,13 @@ let
imp = {
systemd.timers.realwallpaper = {
description = "real wallpaper generator timer";
+ wantedBy = [ "timers.target" ];
timerConfig = cfg.timerConfig;
};
systemd.services.realwallpaper = {
description = "real wallpaper generator";
- wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
path = with pkgs; [
@@ -85,7 +83,7 @@ let
serviceConfig = {
Type = "simple";
- ExecStart = "${lpkgs.realwallpaper}/realwallpaper.sh";
+ ExecStart = "${pkgs.realwallpaper}/realwallpaper.sh";
User = "realwallpaper";
};
};
diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix
index 47e9341cc..c48c3dee8 100644
--- a/krebs/5pkgs/default.nix
+++ b/krebs/5pkgs/default.nix
@@ -21,7 +21,9 @@ rec {
nq = callPackage ./nq {};
posix-array = callPackage ./posix-array {};
pssh = callPackage ./pssh {};
+ passwdqc-utils = callPackage ./passwdqc-utils {};
Reaktor = callPackage ./Reaktor {};
+ realwallpaper = callPackage ./realwallpaper.nix {};
youtube-tools = callPackage ./youtube-tools {};
execve = name: { filename, argv, envp ? {}, destination ? "" }:
diff --git a/krebs/5pkgs/passwdqc-utils/default.nix b/krebs/5pkgs/passwdqc-utils/default.nix
new file mode 100644
index 000000000..0299715ba
--- /dev/null
+++ b/krebs/5pkgs/passwdqc-utils/default.nix
@@ -0,0 +1,27 @@
+{stdenv,pam,fetchurl,...}:
+
+stdenv.mkDerivation rec {
+ name = "passwdqc-utils-${version}";
+ version = "1.3.0";
+ buildInputs = [ pam ];
+ src = fetchurl {
+ url = "http://www.openwall.com/passwdqc/passwdqc-${version}.tar.gz";
+ sha256 = "0l3zbrp4pvah0dz33m48aqlz9nx663cc1fqhnlwr0p853b10la93";
+ };
+ buildTargets = "utils";
+ installFlags= [ "BINDIR=$(out)/bin"
+ "CONFDIR=$(out)/etc"
+ "SHARED_LIBDIR=$(out)/lib"
+ "DEVEL_LIBDIR=$(out)/lib"
+ "SECUREDIR=$(out)/lib/security"
+ "INCLUDEDIR=$(out)/include"
+ "MANDIR=$(out)/man"];
+ installTargets = "install_lib install_utils";
+
+ meta = {
+ description = "passwdqc utils (pwqgen,pwqcheck) and library";
+ license = stdenv.lib.licenses.bsd3;
+ maintainers = [ stdenv.lib.maintainers.makefu ];
+ patforms = stdenv.lib.platforms.linux; # more installFlags must be set for Darwin,Solaris
+ };
+}
diff --git a/lass/5pkgs/realwallpaper.nix b/krebs/5pkgs/realwallpaper.nix
index 4fea977ec..4fea977ec 100644
--- a/lass/5pkgs/realwallpaper.nix
+++ b/krebs/5pkgs/realwallpaper.nix
diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix
index 45f7ebd70..1320e0782 100644
--- a/lass/1systems/echelon.nix
+++ b/lass/1systems/echelon.nix
@@ -13,6 +13,10 @@ in {
../2configs/retiolum.nix
../2configs/realwallpaper-server.nix
../2configs/privoxy-retiolum.nix
+ ../2configs/git.nix
+ ../2configs/redis.nix
+ ../2configs/go.nix
+ ../2configs/ircd.nix
{
networking.interfaces.enp2s1.ip4 = [
{
@@ -43,6 +47,6 @@ in {
};
};
- networking.hostName = "echelon";
+ networking.hostName = config.krebs.build.host.name;
}
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 5cc03501f..c0c33828b 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -24,6 +24,7 @@
../2configs/bitlbee.nix
../2configs/firefoxPatched.nix
../2configs/realwallpaper.nix
+ ../2configs/skype.nix
];
krebs.build = {
diff --git a/lass/2configs/desktop-base.nix b/lass/2configs/desktop-base.nix
index ed84edefa..4e693997d 100644
--- a/lass/2configs/desktop-base.nix
+++ b/lass/2configs/desktop-base.nix
@@ -28,14 +28,14 @@ in {
environment.systemPackages = with pkgs; [
powertop
+ sxiv
+ much
#window manager stuff
haskellPackages.xmobar
haskellPackages.yeganesh
dmenu2
xlibs.fontschumachermisc
-
- sxiv
];
fonts.fonts = [
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 78e6f0baa..d63705ab6 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -31,6 +31,7 @@ let
};
wai-middleware-time = {};
web-routes-wai-custom = {};
+ go = {};
};
restricted-repos = mapAttrs make-restricted-repo (
@@ -51,7 +52,7 @@ let
nick = config.krebs.build.host.name;
channel = "#retiolum";
server = "cd.retiolum";
- verbose = config.krebs.build.host.name == "cloudkrebs";
+ verbose = config.krebs.build.host.name == "echelon";
};
};
};
diff --git a/lass/2configs/go.nix b/lass/2configs/go.nix
new file mode 100644
index 000000000..30d3e6ae5
--- /dev/null
+++ b/lass/2configs/go.nix
@@ -0,0 +1,16 @@
+{ config, pkgs, ... }:
+
+{
+ imports = [
+ ../3modules/go.nix
+ ];
+ environment.systemPackages = [
+ pkgs.go
+ ];
+ lass.go = {
+ enable = true;
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-i retiolum -p tcp --dport 1337"; target = "ACCEPT"; }
+ ];
+}
diff --git a/lass/2configs/ircd.nix b/lass/2configs/ircd.nix
index f71b769fd..de96ad9d6 100644
--- a/lass/2configs/ircd.nix
+++ b/lass/2configs/ircd.nix
@@ -1,12 +1,15 @@
{ config, pkgs, ... }:
{
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-i retiolum -p tcp --dport 6667"; target = "ACCEPT"; }
+ ];
config.services.charybdis = {
enable = true;
config = ''
serverinfo {
- name = "ire.irc.retiolum";
- sid = "4z3";
+ name = "${config.krebs.build.host.name}.irc.retiolum";
+ sid = "1as";
description = "miep!";
network_name = "irc.retiolum";
network_desc = "Retiolum IRC Network";
diff --git a/lass/2configs/realwallpaper.nix b/lass/2configs/realwallpaper.nix
index f1c8861e1..c69cb1660 100644
--- a/lass/2configs/realwallpaper.nix
+++ b/lass/2configs/realwallpaper.nix
@@ -1,9 +1,5 @@
{ config, ... }:
{
- imports = [
- ../3modules/realwallpaper.nix
- ];
-
- lass.realwallpaper.enable = true;
+ krebs.realwallpaper.enable = true;
}
diff --git a/lass/2configs/redis.nix b/lass/2configs/redis.nix
new file mode 100644
index 000000000..8dd8df5c3
--- /dev/null
+++ b/lass/2configs/redis.nix
@@ -0,0 +1,8 @@
+{ config, ... }:
+
+{
+ config.services.redis = {
+ enable = true;
+ bind = "127.0.0.1";
+ };
+}
diff --git a/lass/2configs/skype.nix b/lass/2configs/skype.nix
new file mode 100644
index 000000000..7e4618a7b
--- /dev/null
+++ b/lass/2configs/skype.nix
@@ -0,0 +1,30 @@
+{ config, pkgs, ... }:
+
+let
+ mainUser = config.users.extraUsers.mainUser;
+
+in {
+ imports = [
+ ../3modules/per-user.nix
+ ];
+
+ users.extraUsers = {
+ skype = {
+ name = "skype";
+ uid = 2259819492; #genid skype
+ description = "user for running skype";
+ home = "/home/skype";
+ useDefaultShell = true;
+ extraGroups = [ "audio" "video" ];
+ createHome = true;
+ };
+ };
+
+ lass.per-user.skype.packages = [
+ pkgs.skype
+ ];
+
+ security.sudo.extraConfig = ''
+ ${mainUser.name} ALL=(skype) NOPASSWD: ALL
+ '';
+}
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index 9b6211278..9de987bf3 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -3,6 +3,5 @@ _:
{
imports = [
./xresources.nix
- ./realwallpaper.nix
];
}
diff --git a/lass/3modules/go.nix b/lass/3modules/go.nix
new file mode 100644
index 000000000..aa900f118
--- /dev/null
+++ b/lass/3modules/go.nix
@@ -0,0 +1,61 @@
+{ config, lib, pkgs, ... }:
+
+with builtins;
+with lib;
+
+let
+ cfg = config.lass.go;
+
+ out = {
+ options.lass.go = api;
+ config = mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "Enable go url shortener";
+ port = mkOption {
+ type = types.str;
+ default = "1337";
+ description = "on which port go should run on";
+ };
+ redisKeyPrefix = mkOption {
+ type = types.str;
+ default = "go:";
+ description = "change the Redis key prefix which defaults to `go:`";
+ };
+ };
+
+ imp = {
+ users.extraUsers.go = {
+ name = "go";
+ uid = 42774411; #genid go
+ description = "go url shortener user";
+ home = "/var/lib/go";
+ createHome = true;
+ };
+
+ systemd.services.go = {
+ description = "go url shortener";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+
+ path = with pkgs; [
+ go
+ ];
+
+ environment = {
+ PORT = cfg.port;
+ REDIS_KEY_PREFIX = cfg.redisKeyPrefix;
+ };
+
+ restartIfChanged = true;
+
+ serviceConfig = {
+ User = "go";
+ Restart = "always";
+ ExecStart = "${pkgs.go}/bin/go";
+ };
+ };
+ };
+
+in out
diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix
index 6954c6a2c..e3e49e37e 100644
--- a/lass/5pkgs/default.nix
+++ b/lass/5pkgs/default.nix
@@ -13,5 +13,5 @@ rec {
ublock = callPackage ./firefoxPlugins/ublock.nix {};
vimperator = callPackage ./firefoxPlugins/vimperator.nix {};
};
- realwallpaper = callPackage ./realwallpaper.nix {};
+ go = callPackage ./go/default.nix {};
}
diff --git a/lass/5pkgs/go/default.nix b/lass/5pkgs/go/default.nix
new file mode 100644
index 000000000..3b4468d18
--- /dev/null
+++ b/lass/5pkgs/go/default.nix
@@ -0,0 +1,59 @@
+{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodePackages, nodejs }:
+
+with lib;
+
+let
+ np = nodePackages.override {
+ generated = ./packages.nix;
+ self = np;
+ };
+
+ node_env = buildEnv {
+ name = "node_env";
+ paths = [
+ np.redis
+ np."formidable"
+ ];
+ pathsToLink = [ "/lib" ];
+ ignoreCollisions = true;
+ };
+
+in nodePackages.buildNodePackage {
+ name = "go";
+
+ src = fetchgit {
+ url = "http://cgit.echelon/go/";
+ rev = "05d02740e0adbb36cc461323647f0c1e7f493156";
+ sha256 = "6015c9a93317375ae8099c7ab982df0aa93a59ec2b48972e253887bb6ca0004f";
+ };
+
+ phases = [
+ "unpackPhase"
+ "installPhase"
+ ];
+
+ deps = (filter (v: nixType v == "derivation") (attrValues np));
+
+ buildInputs = [
+ nodejs
+ nodePackages.redis
+ np.formidable
+ makeWrapper
+ ];
+
+ installPhase = ''
+ mkdir -p $out/bin
+
+ cp index.js $out/
+ cat > $out/go << EOF
+ ${nodejs}/bin/node $out/index.js
+ EOF
+ chmod +x $out/go
+
+ wrapProgram $out/go \
+ --prefix NODE_PATH : ${node_env}/lib/node_modules
+
+ ln -s $out/go /$out/bin/go
+ '';
+
+}
diff --git a/lass/5pkgs/go/packages.nix b/lass/5pkgs/go/packages.nix
new file mode 100644
index 000000000..9acfd7658
--- /dev/null
+++ b/lass/5pkgs/go/packages.nix
@@ -0,0 +1,44 @@
+{ self, fetchurl, fetchgit ? null, lib }:
+
+{
+ by-spec."formidable"."*" =
+ self.by-version."formidable"."1.0.17";
+ by-version."formidable"."1.0.17" = self.buildNodePackage {
+ name = "formidable-1.0.17";
+ version = "1.0.17";
+ bin = false;
+ src = fetchurl {
+ url = "http://registry.npmjs.org/formidable/-/formidable-1.0.17.tgz";
+ name = "formidable-1.0.17.tgz";
+ sha1 = "ef5491490f9433b705faa77249c99029ae348559";
+ };
+ deps = {
+ };
+ optionalDependencies = {
+ };
+ peerDependencies = [];
+ os = [ ];
+ cpu = [ ];
+ };
+ "formidable" = self.by-version."formidable"."1.0.17";
+ by-spec."redis"."*" =
+ self.by-version."redis"."2.1.0";
+ by-version."redis"."2.1.0" = self.buildNodePackage {
+ name = "redis-2.1.0";
+ version = "2.1.0";
+ bin = false;
+ src = fetchurl {
+ url = "http://registry.npmjs.org/redis/-/redis-2.1.0.tgz";
+ name = "redis-2.1.0.tgz";
+ sha1 = "38acb208f90750250f9451219b73ff08ae907f94";
+ };
+ deps = {
+ };
+ optionalDependencies = {
+ };
+ peerDependencies = [];
+ os = [ ];
+ cpu = [ ];
+ };
+ "redis" = self.by-version."redis"."2.1.0";
+}
diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix
index 7698ea14d..e7ceca60d 100644
--- a/makefu/1systems/pnp.nix
+++ b/makefu/1systems/pnp.nix
@@ -23,7 +23,9 @@
## \/ are only plugins, must enable Reaktor explicitly
../2configs/Reaktor/stockholmLentil.nix
../2configs/Reaktor/simpleExtend.nix
+ ../2configs/Reaktor/random-emoji.nix
../2configs/Reaktor/titlebot.nix
+ ../2configs/Reaktor/shack-correct.nix
../2configs/exim-retiolum.nix
../2configs/urlwatch.nix
@@ -34,7 +36,7 @@
krebs.Reaktor.debug = true;
krebs.Reaktor.nickname = "Reaktor|bot";
krebs.Reaktor.extraEnviron = {
- REAKTOR_CHANNELS = "#krebs,#binaergewitter";
+ REAKTOR_CHANNELS = "#krebs,#binaergewitter,#shackspace";
};
krebs.build.host = config.krebs.hosts.pnp;
diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix
index d43f89a03..d208e5112 100644
--- a/makefu/1systems/pornocauster.nix
+++ b/makefu/1systems/pornocauster.nix
@@ -42,7 +42,7 @@
krebs.build.user = config.krebs.users.makefu;
krebs.build.target = "root@pornocauster";
-
+ environment.systemPackages = with pkgs;[ get];
networking.firewall.allowedTCPPorts = [
25
];
diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
index 9368f1ae5..819a208ac 100644
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@@ -32,8 +32,8 @@ in {
makefu.tinc_graphs.enable = true;
makefu.tinc_graphs.krebsNginx = {
enable = true;
- hostnames_complete = [ "graphs.wry" "graphs.wry.retiolum" ];
- # TODO: remove hard-coded path
+ # TODO: remove hard-coded hostname
+ hostnames_complete = [ "graphs.wry" ];
hostnames_anonymous = [ "graphs.krebsco.de" ];
};
networking.firewall.allowedTCPPorts = [80];
diff --git a/makefu/2configs/Reaktor/random-emoji.nix b/makefu/2configs/Reaktor/random-emoji.nix
new file mode 100644
index 000000000..b2d99b36b
--- /dev/null
+++ b/makefu/2configs/Reaktor/random-emoji.nix
@@ -0,0 +1,25 @@
+{ config, lib, pkgs, ... }:
+
+with pkgs;
+let
+ rpkg = pkgs.substituteAll( {
+ name="random-emoji";
+ dir= "bin";
+ isExecutable=true;
+ src= ./random-emoji.sh;
+ });
+ rpkg-path = lib.makeSearchPath "bin" (with pkgs; [
+ coreutils
+ gnused
+ gnugrep
+ curl]);
+in {
+ # TODO: make origin a variable, <- module is generic enough to handle different origins, not only stockholm
+ krebs.Reaktor.extraConfig = ''
+ public_commands.insert(0,{
+ 'capname' : "emoji",
+ 'pattern' : indirect_pattern.format("emoji"),
+ 'argv' : ["${rpkg}/bin/random-emoji"],
+ 'env' : { 'PATH':'${rpkg-path}' } })
+ '';
+}
diff --git a/makefu/2configs/Reaktor/random-emoji.sh b/makefu/2configs/Reaktor/random-emoji.sh
new file mode 100644
index 000000000..913d615be
--- /dev/null
+++ b/makefu/2configs/Reaktor/random-emoji.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+curl http://emojicons.com/random -s | \
+ grep data-text | \
+ sed -n 's/.*>\(.*\)<\/textarea>/\1/p' | \
+ head -n 1
diff --git a/makefu/2configs/Reaktor/shack-correct.nix b/makefu/2configs/Reaktor/shack-correct.nix
new file mode 100644
index 000000000..8f30807f1
--- /dev/null
+++ b/makefu/2configs/Reaktor/shack-correct.nix
@@ -0,0 +1,20 @@
+{ config, lib, pkgs, ... }:
+
+with pkgs;
+let
+ script = pkgs.substituteAll ( {
+ name="shack-correct";
+ isExecutable=true;
+ dir = "";
+ src = ./shack-correct.sh;
+ });
+in {
+ krebs.Reaktor.extraConfig = ''
+ public_commands.insert(0,{
+ 'capname' : "shack-correct",
+ 'pattern' : '^(?P<args>.*Shack.*)$$',
+ 'argv' : ["${script}"],
+ 'env' : { }})
+ '';
+}
+
diff --git a/makefu/2configs/Reaktor/shack-correct.sh b/makefu/2configs/Reaktor/shack-correct.sh
new file mode 100644
index 000000000..3b4d04f80
--- /dev/null
+++ b/makefu/2configs/Reaktor/shack-correct.sh
@@ -0,0 +1,6 @@
+#! /bin/sh
+set -eu
+printf "Sie meinten wohl \""
+echo -n $@ | sed 's/Shack/shack/g'
+echo "\""
+echo "${_from}--"
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index 40b51e601..1277a014e 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -29,6 +29,7 @@ let
hooks = {
post-receive = git.irc-announce {
nick = config.networking.hostName;
+ verbose = config.krebs.build.host.name == "pnp";
channel = "#retiolum";
# TODO remove the hardcoded hostname
server = "cd.retiolum";
diff --git a/makefu/3modules/tinc_graphs.nix b/makefu/3modules/tinc_graphs.nix
index 10f1b23a0..62d607527 100644
--- a/makefu/3modules/tinc_graphs.nix
+++ b/makefu/3modules/tinc_graphs.nix
@@ -24,21 +24,22 @@ let
# configure krebs nginx to serve the new graphs
enable = mkEnableOption "tinc_graphs nginx";
- hostnames_complete = {
+ hostnames_complete = mkOption {
#TODO: this is not a secure way to serve these graphs,better listen to
# the correct interface, krebs.nginx does not support this yet
type = with types; listOf str;
description = "hostname which serves complete graphs";
- default = config.krebs.build.host.name;
+ default = [ "graphs.${config.krebs.build.host.name}" ];
};
- hostnames_anonymous = {
+ hostnames_anonymous = mkOption {
type = with types; listOf str;
description = ''
hostname which serves anonymous graphs
must be different from hostname_complete
'';
+ default = [ "anongraphs.${config.krebs.build.host.name}" ];
};
};
@@ -63,29 +64,38 @@ let
environment.systemPackages = [ pkgs.tinc_graphs];
systemd.timers.tinc_graphs = {
description = "Build Tinc Graphs via via timer";
-
+ wantedBy = [ "timers.target"];
timerConfig = cfg.timerConfig;
};
systemd.services.tinc_graphs = {
description = "Build Tinc Graphs";
- wantedBy = [ "multi-user.target" ];
- after = [ "network.target" ];
environment = {
EXTERNAL_FOLDER = external_dir;
INTERNAL_FOLDER = internal_dir;
GEODB = cfg.geodbPath;
+ TINC_HOSTPATH=config.krebs.retiolum.hosts;
};
restartIfChanged = true;
serviceConfig = {
Type = "simple";
+
ExecStartPre = pkgs.writeScript "tinc_graphs-init" ''
#!/bin/sh
mkdir -p "${external_dir}" "${internal_dir}"
'';
+
ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs";
- User = "root"; # tinc cannot be queried as user,
+
+ ExecStartPost = pkgs.writeScript "tinc_graphs-post" ''
+ #!/bin/sh
+ # TODO: this may break if workingDir is set to something stupid
+ # this is needed because homedir is created with 700
+ chmod 755 "${cfg.workingDir}"
+ '';
+
+ User = "root"; # tinc cannot be queried as user,
# seems to be a tinc-pre issue
privateTmp = true;
};
@@ -93,7 +103,7 @@ let
users.extraUsers.tinc_graphs = {
uid = 3925439960; #genid tinc_graphs
- home = "/var/cache/tinc_graphs";
+ home = "/var/spool/tinc_graphs";
createHome = true;
};
@@ -102,15 +112,16 @@ let
server-names = cfg.krebsNginx.hostnames_complete;
locations = [
(nameValuePair "/" ''
+ autoindex on;
root ${internal_dir};
'')
];
};
tinc_graphs_anonymous = {
server-names = cfg.krebsNginx.hostnames_anonymous;
- #server-names = [ "dick" ];
locations = [
(nameValuePair "/" ''
+ autoindex on;
root ${external_dir};
'')
];