diff options
| author | tv <tv@krebsco.de> | 2025-10-23 14:58:43 +0200 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2025-10-23 14:58:43 +0200 |
| commit | 9ffa98a93b88ca24a1cf1995b9559cec5b66d74a (patch) | |
| tree | 4b5a6450d1574fad132cf7e9fade84ce1f3ec9e2 | |
| parent | fac37c6eda435dd421983dc1ad80257d39805aa7 (diff) | |
| parent | 4832701fadccdf5faceb96cecf274b9d57f3196b (diff) | |
Merge remote-tracking branch 'krebs/master'
| -rw-r--r-- | flake.lock | 30 | ||||
| -rw-r--r-- | flake.nix | 4 | ||||
| -rw-r--r-- | kartei/0x4A6F/default.nix | 26 | ||||
| -rw-r--r-- | kartei/makefu/default.nix | 8 | ||||
| -rw-r--r-- | kartei/makefu/ssh/susanne.pub | 1 | ||||
| -rw-r--r-- | krebs/1systems/puyak/config.nix | 5 | ||||
| -rw-r--r-- | krebs/2configs/mastodon.nix | 28 | ||||
| -rw-r--r-- | krebs/2configs/shack/share.nix | 28 | ||||
| -rw-r--r-- | krebs/2configs/shack/ssh-keys.nix | 1 | ||||
| -rw-r--r-- | krebs/2configs/shack/worlddomination.nix | 40 | ||||
| -rw-r--r-- | krebs/3modules/brockman.nix | 3 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/repo-sync/default.nix | 2 | ||||
| -rw-r--r-- | makefu/vacation-note.md | 4 |
13 files changed, 101 insertions, 79 deletions
diff --git a/flake.lock b/flake.lock index 2d9489825..1f99b2828 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1737857314, - "narHash": "sha256-T9THCbnlj4CkKbTP+lisA5PUMoTXE7uh4FyDQzui+dc=", + "lastModified": 1751515480, + "narHash": "sha256-vCYcc/b8WizF6vnjuRVxSiU8hy9L3vOTWDVKpWM7xRE=", "owner": "Mic92", "repo": "buildbot-nix", - "rev": "c077f430f3717d41bb303d031398058665315166", + "rev": "47ad4c7afb169df6f9d48d0df3d7e2f71d9ddd8f", "type": "github" }, "original": { @@ -31,11 +31,11 @@ ] }, "locked": { - "lastModified": 1736143030, - "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", + "lastModified": 1751413152, + "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", + "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", "type": "github" }, "original": { @@ -56,11 +56,11 @@ ] }, "locked": { - "lastModified": 1736917206, - "narHash": "sha256-JTBWmyGf8K1Rwb+gviHIUzRJk/sITtT+72HXFkTZUjo=", + "lastModified": 1748000383, + "narHash": "sha256-EaAJhwfJGBncgIV/0NlJviid2DP93cTMc9h0q6P6xXk=", "owner": "hercules-ci", "repo": "hercules-ci-effects", - "rev": "afd0a42e8c61ebb56899315ee4084a8b2e4ff425", + "rev": "231726642197817d20310b9d39dd4afb9e899489", "type": "github" }, "original": { @@ -87,11 +87,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1737885589, - "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=", + "lastModified": 1751792365, + "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8", + "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb", "type": "github" }, "original": { @@ -116,11 +116,11 @@ ] }, "locked": { - "lastModified": 1737483750, - "narHash": "sha256-5An1wq5U8sNycOBBg3nsDDgpwBmR9liOpDGlhliA6Xo=", + "lastModified": 1750931469, + "narHash": "sha256-0IEdQB1nS+uViQw4k3VGUXntjkDp7aAlqcxdewb/hAc=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "f2cc121df15418d028a59c9737d38e3a90fbaf8f", + "rev": "ac8e6f32e11e9c7f153823abc3ab007f2a65d3e1", "type": "github" }, "original": { @@ -42,6 +42,10 @@ users = self.nixosConfigurations.hotdog.config.krebs.users; }; overlays.default = import ./krebs/5pkgs/default.nix; + packages = let + packageNames = self.lib.attrNames (self.lib.mapNixDir (x: null) ./krebs/5pkgs/simple); + appliedOverlay = (system: self.overlays.default {} (self.inputs.nixpkgs.legacyPackages.${system} // { lib = self.lib; })); + in nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ] (system: self.lib.getAttrs packageNames (appliedOverlay system)); lib = import (self.outPath + "/lib/pure.nix") { lib = nixpkgs.lib; }; }; } diff --git a/kartei/0x4A6F/default.nix b/kartei/0x4A6F/default.nix index eb3d08e8d..4e96c300c 100644 --- a/kartei/0x4A6F/default.nix +++ b/kartei/0x4A6F/default.nix @@ -199,5 +199,31 @@ in { }; }; }; + cyclida = { + owner = config.krebs.users."0x4A6F"; + nets = { + retiolum = { + aliases = [ "cyclida.crustacea.r" ]; + ip4.addr = "10.243.42.70"; + ip6.addr = "42:0:4a6f::4270"; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxprJNvjDsxHHHisZARf/UELuoiebeY1HfAJmOeDRZ8Jf931zG+DW + tXLsTKlN96Wc2HL+Y3bx366/NfF5bN6/PmNou1HAJgyFEhUHmFfx+8oYlCNSnJUA + vxHHSeB3rE1fmeW+Nr+fjCrb1mMIgY/HgbN7heOx7DDzZk22INtsEXo1tMM2Dfbc + 83IgcFsfFHjb6HUNMHjMl12wpVzm7vwFby/i4Pyk7dpIcqLGis4YDA+GuSbFRFxA + YlE7VkKCGF8zDmNB4iaSD/k1gPi0oJ4DBJ4pe6l/TDOpZ9ROVvBhYwZVoHM55XVL + 9UV2Q+AQwZVqoVtcD9BI3WYbuDAFVI1IA8K85m0/g/5ML+d8oezYu9CXmjtUyG02 + YkHiytMyk8kYxrBr7qBOvy/XegLiF6zf1cVLDTkgTZCDhvIJRBlae6xocWAtlygB + /ngMyKcizrCtZnDGc4lx0DMrkP2lrGTv9ur8NCesqxZZth+XqdecTiQyLHALhp3j + mmLWMkFLgpE5BlZPkUb7LrZu4Y6fH7ARWjlPUAXnBnBrsYKwNLa7RHDrXWaMf2ph + beUgQqFqA20aGq7Bpj8Io7AukDNOb1/JjgtncPmlVRn+0lMDU3YWBrI8g99S+k7R + O62hZbOeZODEHxWAF5Dok5F0rT62alAfsd9zPUJxGmmYi0knVPiA2WUCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "yl5m9xZe+8C0jnpd3YOyWdgRkJqo5sv6JQajAEskrTP"; + }; + }; + }; }; } diff --git a/kartei/makefu/default.nix b/kartei/makefu/default.nix index 2baf6ef5a..9df79afbf 100644 --- a/kartei/makefu/default.nix +++ b/kartei/makefu/default.nix @@ -205,11 +205,13 @@ in { gum = rec { extraZones = { "krebsco.de" = '' + abook.euer IN A ${nets.internet.ip4.addr} admin.work.euer IN A ${nets.internet.ip4.addr} api.work.euer IN A ${nets.internet.ip4.addr} atuin.euer IN A ${nets.internet.ip4.addr} board.euer IN A ${nets.internet.ip4.addr} bookmark.euer IN A ${nets.internet.ip4.addr} + book.euer IN A ${nets.internet.ip4.addr} boot IN A ${nets.internet.ip4.addr} boot.euer IN A ${nets.internet.ip4.addr} build.euer IN A ${nets.internet.ip4.addr} @@ -241,12 +243,14 @@ in { play.work.euer IN A ${nets.internet.ip4.addr} push.work.euer IN A ${nets.internet.ip4.addr} rss.euer IN A ${nets.internet.ip4.addr} + mdrss.euer IN A ${nets.internet.ip4.addr} share.euer IN A ${nets.internet.ip4.addr} ul.work.euer IN A ${nets.internet.ip4.addr} wg.euer IN A ${nets.internet.ip4.addr} wiki.euer IN A ${nets.internet.ip4.addr} wikisearch IN A ${nets.internet.ip4.addr} work.euer IN A ${nets.internet.ip4.addr} + shop.euer IN A ${nets.internet.ip4.addr} mediengewitter IN CNAME over.dose.io. nixos.unstable IN CNAME krebscode.github.io. @@ -371,6 +375,10 @@ in { pgp.pubkeys.default = builtins.readFile ./pgp/default.asc; pgp.pubkeys.brain = builtins.readFile ./pgp/brain.asc; }; + susanne = { + mail = "susanne@shackspace.de"; + pubkey = pub-for "susanne"; + }; makefu-omo = { inherit (makefu) mail pgp; pubkey = pub-for "makefu.omo"; diff --git a/kartei/makefu/ssh/susanne.pub b/kartei/makefu/ssh/susanne.pub new file mode 100644 index 000000000..c8ab55661 --- /dev/null +++ b/kartei/makefu/ssh/susanne.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDIm3+udjYo+7nv+Rb4GJJarQJh+ATrLdkUuIaQOst7oS1Qb5PjAYCooOuJDQdZwVKHrqm3DF5XVcn6KxA6s7RxHvjIZfhSZUBg4nxF7Md+ZReHNm84AnL6yYHRCwuuZUQ008mipJklZuaYHMIprF0sfHWvPGxjElYJQaLudP1ZcdaRvSusEpOQ6Phlbln4w+3CezbL1BgsYnZtaQzb6LISYLco/eZ5DS/uLZeSYgzhX1KorO8YtGpaE6XvuruqTuQFcT62HKJ8XT4wwp43ZdqKECY/ee7A4MFlvCl7E3TWDRbhxsh8pdL2q+4SGEWrAtDMHxjxrXMoBXlinZ35OjtV3QnCDIFm1p6p84n9OCnu2wjD1J2/CtntKwV82fI2W7kUDHndsOYiHF4v9jBcnYQaOyeWRljtWc02YVHfxIoP7toqSE7gXGDdb1Kwj6l8dGS3qGAmnRTu7tUeJOD0fgd/OUrO8M/fgUaAcU3dnn5nYNSbTMsD6eIsX6tyhKYSv7c= susi@noether diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 542106d5f..0c361cc42 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -11,7 +11,7 @@ # brain hosts/puyak/root ../../2configs/hw/getty-for-esp.nix - ../../2configs/buildbot/worker.nix + # ../../2configs/buildbot/worker.nix ## initrd unlocking # (brain hosts/puyak/luks-ssd;echo) | ssh root@$(brain krebs-secrets/puyak/initrd/hostname) 'cat /crypt-ramfs/passphrase' @@ -67,7 +67,7 @@ } # create samba share for anonymous usage with the laser and 3d printer pc - ../../2configs/shack/share.nix + # ../../2configs/shack/share.nix # mobile.lounge.mpd.shack ../../2configs/shack/mobile.mpd.nix @@ -159,7 +159,6 @@ services.logind.lidSwitchExternalPower = "ignore"; - environment.systemPackages = [ pkgs.zsh ]; system.activationScripts."disengage fancontrol" = '' diff --git a/krebs/2configs/mastodon.nix b/krebs/2configs/mastodon.nix index b81c229b6..3c7205167 100644 --- a/krebs/2configs/mastodon.nix +++ b/krebs/2configs/mastodon.nix @@ -1,4 +1,14 @@ { config, lib, pkgs, ... }: +let + mastodon-clear-cache = pkgs.writers.writeDashBin "mastodon-clear-cache" '' + /run/current-system/sw/bin/mastodon-tootctl media remove --prune-profiles --days=14 --concurrency=30 + /run/current-system/sw/bin/mastodon-tootctl media remove-orphans + /run/current-system/sw/bin/mastodon-tootctl preview_cards remove --days=14 + /run/current-system/sw/bin/mastodon-tootctl accounts prune + /run/current-system/sw/bin/mastodon-tootctl statuses remove --days 4 + /run/current-system/sw/bin/mastodon-tootctl media remove --days 4 + ''; +in { services.postgresql = { enable = true; @@ -25,12 +35,20 @@ 443 ]; + systemd.services.mastodon-clear-cache = { + description = "Mastodon Clear Cache"; + wantedBy = [ "timers.target" ]; + startAt = "daily"; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${mastodon-clear-cache}/bin/mastodon-clear-cache"; + User = "mastodon"; + WorkingDirectory = "/var/lib/mastodon"; + }; + }; + environment.systemPackages = [ - (pkgs.writers.writeDashBin "clear-mastodon-cache" '' - mastodon-tootctl media remove --prune-profiles --days=14 --concurrency=30 - mastodon-tootctl media remove-orphans - mastodon-tootctl preview_cards remove --days=14 - '') + mastodon-clear-cache (pkgs.writers.writeDashBin "create-mastodon-user" '' set -efu nick=$1 diff --git a/krebs/2configs/shack/share.nix b/krebs/2configs/shack/share.nix index bc483e8d0..0ba22af78 100644 --- a/krebs/2configs/shack/share.nix +++ b/krebs/2configs/shack/share.nix @@ -26,21 +26,17 @@ "guest ok" = "yes"; }; }; - extraConfig = '' - guest account = smbguest - map to guest = bad user - # disable printing - load printers = no - printing = bsd - printcap name = /dev/null - disable spoolss = yes - - # for legacy systems - client min protocol = NT1 - server min protocol = NT1 - workgroup = WORKGROUP - server string = ${config.networking.hostName} - netbios name = ${config.networking.hostName} - ''; + settings.global = { + "guest account" = "smbguest"; + "map to guest" = "bad user"; + # disable printing + "load printers" = "no"; + "printing" = "bsd"; + "printcap name" = "/dev/null"; + "disable spoolss" = "yes"; + "workgroup" = "WORKGROUP"; + "server string" = config.networking.hostName; + "netbios name" = config.networking.hostName; + }; }; } diff --git a/krebs/2configs/shack/ssh-keys.nix b/krebs/2configs/shack/ssh-keys.nix index 80957f3a5..183a81f99 100644 --- a/krebs/2configs/shack/ssh-keys.nix +++ b/krebs/2configs/shack/ssh-keys.nix @@ -2,6 +2,7 @@ { users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users."0x4A6F".pubkey + config.krebs.users.susanne.pubkey config.krebs.users.hase.pubkey config.krebs.users.neos.pubkey config.krebs.users.raute.pubkey diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix index b7a8f18df..66a4095db 100644 --- a/krebs/2configs/shack/worlddomination.nix +++ b/krebs/2configs/shack/worlddomination.nix @@ -7,11 +7,11 @@ let src = pkgs.fetchFromGitHub { owner = "shackspace"; repo = "worlddomination"; - rev = "c7aedcde7cd1fcb870b5356a6125e1a384b0776c"; - sha256 = "0y6haz5apwa33lz64l7b2x78wrrckbw39j4wzyd1hfk46478xi2y"; + rev = "934387c3525e819e6b5981c417a7561d70b8b61a"; + sha256 = "sha256-AbRqxxY6hYNg4qkk/akuw4f+wJh4nx1hfEA4Lp5B+1E="; }; buildInputs = [ - (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ + (pkgs.python310.withPackages (pythonPackages: with pythonPackages; [ docopt LinkHeader aiocoap @@ -30,41 +30,7 @@ let }; pythonPackages = pkgs.python3Packages; # https://github.com/chrysn/aiocoap - grequests = pythonPackages.buildPythonPackage rec { - pname = "grequests"; - version = "0.3.1"; - name = "${pname}-${version}"; - src = pkgs.fetchFromGitHub { - owner = "kennethreitz"; - repo = "grequests"; - rev = "d1e70eb"; - sha256 = "0drfx4fx65k0g5sj0pw8z3q1s0sp7idn2yz8xfb45nd6v82i37hc"; - }; - - doCheck = false; - - propagatedBuildInputs = with pythonPackages; [ requests gevent ]; - - meta = with lib;{ - description = "Asynchronous HTTP requests"; - homepage = https://github.com/kennethreitz/grequests; - license = with licenses; [ bsd2 ]; - maintainers = with maintainers; [ matejc ]; - }; - }; - - aiocoap = pythonPackages.buildPythonPackage { - name = "aiocoap-0.3"; - src = pkgs.fetchurl { url = "https://pypi.python.org/packages/9c/f6/d839e4b14258d76e74a39810829c13f8dd31de2bfe0915579b2a609d1bbe/aiocoap-0.3.tar.gz"; sha256 = "402d4151db6d8d0b1d66af5b6e10e0de1521decbf12140637e5b8d2aa9c5aef6"; }; - propagatedBuildInputs = [ ]; - doCheck = false; # 2 errors, dunnolol - meta = with pkgs.lib; { - homepage = ""; - license = licenses.mit; - description = "Python CoAP library"; - }; - }; LinkHeader = pythonPackages.buildPythonPackage { name = "LinkHeader-0.4.3"; src = pkgs.fetchurl { url = "https://files.pythonhosted.org/packages/27/d4/eb1da743b2dc825e936ef1d9e04356b5701e3a9ea022c7aaffdf4f6b0594/LinkHeader-0.4.3.tar.gz"; sha256 = "7fbbc35c0ba3fbbc530571db7e1c886e7db3d718b29b345848ac9686f21b50c3"; }; diff --git a/krebs/3modules/brockman.nix b/krebs/3modules/brockman.nix index 3f0dd0861..a3acf83cf 100644 --- a/krebs/3modules/brockman.nix +++ b/krebs/3modules/brockman.nix @@ -6,6 +6,7 @@ let in { options.krebs.brockman = { enable = mkEnableOption "brockman"; + package = mkPackageOption pkgs "brockman" { }; config = mkOption { type = types.attrs; }; # TODO make real config here }; @@ -26,7 +27,7 @@ in { serviceConfig = { Restart = "always"; ExecStart = '' - ${pkgs.brockman}/bin/brockman ${pkgs.writeText "brockman.json" (builtins.toJSON cfg.config)} + ${cfg.package}/bin/brockman ${pkgs.writeText "brockman.json" (builtins.toJSON cfg.config)} ''; User = config.users.extraUsers.brockman.name; PrivateTmp = true; diff --git a/krebs/5pkgs/simple/repo-sync/default.nix b/krebs/5pkgs/simple/repo-sync/default.nix index 66f220ba6..5dc5ecb98 100644 --- a/krebs/5pkgs/simple/repo-sync/default.nix +++ b/krebs/5pkgs/simple/repo-sync/default.nix @@ -3,6 +3,8 @@ with python3Packages; buildPythonPackage rec { name = "repo-sync-${version}"; version = "0.2.7"; + pyproject = true; + build-system = [ python3Packages.setuptools ]; propagatedBuildInputs = [ docopt GitPython diff --git a/makefu/vacation-note.md b/makefu/vacation-note.md index 3cdc190b2..7bd5c3234 100644 --- a/makefu/vacation-note.md +++ b/makefu/vacation-note.md @@ -2,8 +2,8 @@ From 2015-07-28 until 2023-07-28 here lived the configuration of makefu. # New Location All configutation can now be found at [Github: makefu/nixos-config]( -https://github.com/makefu/nixos-config ) or [cgit: nixos-config]( -https://cgit.euer.krebsco.de/nixos-config ) respectively. +https://github.com/makefu/nixos-config ) and [forgejo: nixos-config]( +https://cgit.euer.krebsco.de/makefu/nixos-config ) respectively. # Background With nix flakes it became possible to finally split the configuration up |