diff options
Diffstat (limited to 'krebs')
37 files changed, 312 insertions, 483 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index a100e414d..9f1ac9134 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -10,6 +10,9 @@ <stockholm/krebs/2configs/ircd.nix> <stockholm/krebs/2configs/reaktor2.nix> <stockholm/krebs/2configs/wiki.nix> + + ## shackie irc bot + <stockholm/krebs/2configs/shack/reaktor.nix> ]; krebs.build.host = config.krebs.hosts.hotdog; diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 2f122f6ff..5ed946aca 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -109,7 +109,7 @@ <stockholm/krebs/2configs/shack/prometheus/node.nix> <stockholm/krebs/2configs/shack/prometheus/server.nix> <stockholm/krebs/2configs/shack/prometheus/blackbox.nix> - <stockholm/krebs/2configs/shack/prometheus/unifi.nix> + #<stockholm/krebs/2configs/shack/prometheus/unifi.nix> <stockholm/krebs/2configs/shack/prometheus/alertmanager-telegram.nix> ## Collect local statistics via collectd and send to collectd @@ -124,7 +124,6 @@ loader.efi.canTouchEfiVariables = true; initrd.luks.devices.luksroot.device = "/dev/sda3"; - initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; kernelModules = [ "kvm-intel" ]; diff --git a/krebs/1systems/test-all-krebs-modules/config.nix b/krebs/1systems/test-all-krebs-modules/config.nix index 2e1b5c1ad..8495a3ded 100644 --- a/krebs/1systems/test-all-krebs-modules/config.nix +++ b/krebs/1systems/test-all-krebs-modules/config.nix @@ -10,7 +10,6 @@ in { enable = true; build.user = config.krebs.users.krebs; build.host = config.krebs.hosts.test-all-krebs-modules; - Reaktor.test = {}; apt-cacher-ng.enable = true; backup.enable = true; bepasty.enable = true; diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index 4a33c33ec..cbf3e7889 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -47,7 +47,7 @@ let activate = "always"; command = { filename = - "${pkgs.Reaktor.src}/reaktor/commands/tell-on_join"; + <stockholm/krebs/5pkgs/simple/Reaktor/scripts/tell-on_join.sh>; env = { PATH = makeBinPath [ pkgs.coreutils # XXX env, touch @@ -95,10 +95,10 @@ let } hooks.sed (generators.command_hook { - inherit (commands) hello random-emoji nixos-version; + inherit (commands) random-emoji nixos-version; tell = { filename = - "${pkgs.Reaktor.src}/reaktor/commands/tell-on_privmsg"; + <stockholm/krebs/5pkgs/simple/Reaktor/scripts/tell-on_privmsg.sh>; env = { PATH = makeBinPath [ pkgs.coreutils # XXX date, env @@ -223,9 +223,13 @@ in { spanDate.title = new Date(entryDate).toString(); spanDate.appendChild(document.createTextNode(entryDate)); + const link = document.createElement("a"); + link.href = "http://wiki.r/agenda/" + encodeURIComponent(agendaItem.description.replaceAll("/", "\u29F8")); + link.appendChild(document.createTextNode(agendaItem.description)); + const dd = document.createElement("dd"); dd.className = "description"; - dd.appendChild(document.createTextNode(agendaItem.description)); + dd.appendChild(link); dd.appendChild(document.createTextNode(" ")); dd.appendChild(spanDate); diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix index 392e6bed3..e2be477fd 100644 --- a/krebs/2configs/repo-sync.nix +++ b/krebs/2configs/repo-sync.nix @@ -183,7 +183,6 @@ in { (sync-remote { name = "skytraq-datalogger"; url = "https://github.com/makefu/skytraq-datalogger"; }) (sync-remote { name = "realwallpaper"; url = "https://github.com/lassulus/realwallpaper"; }) (sync-remote { name = "painload"; url = "https://github.com/krebs/painload"; }) - (sync-remote { name = "Reaktor"; url = "https://github.com/krebs/Reaktor"; }) (sync-remote { name = "nixos-wiki"; url = "https://github.com/Mic92/nixos-wiki.wiki.git"; }) ]; } diff --git a/krebs/2configs/shack/doorstatus.sh b/krebs/2configs/shack/doorstatus.sh new file mode 100755 index 000000000..11e710cfd --- /dev/null +++ b/krebs/2configs/shack/doorstatus.sh @@ -0,0 +1,74 @@ +#!/bin/sh +# needs in path: +# curl jq +# creates and manages $PWD/state +set -euf + +send_reaktor(){ + # usage: send_reaktor "text" + echo "send_reaktor: $1" + curl -fsS http://localhost:7777 \ + -H content-type:application/json \ + -d "$(jq -n \ + --arg text "$1" '{ + command:"PRIVMSG", + params:["#shackspace",$text] + }' + )" +} + +open=$(shuf -n1 <<EOF +happy hacking, shack ist offen +Heureka, der shack ist offen +Die Türe ist offen, der shack will bespielt werden +Frohlocket, der shack ist offen +shack is love, shack is life, shack is offen +Bin da, wer noch? shack hat geöffnet! +shack hat geöffnet: Arbeiten Sie sicher, arbeiten Sie klug! +Bin ich schon drin? Ich bin schon drin.. das war ja einfach. Also im shack. +Uuuuund es setzt sich in Bewegung, wir öffnen den shack, los, los! Ja da guckt ihr, jetzt gehts looos! +EOF +) + +close=$(shuf -n1 <<EOF +Hacking vorbei, shack ist zu! +Tja, shack ist zu +Shackie-closie +Der Sandmann kommt, alle shackies sind zu haus und die Tür ist zu +shack hat Stromsparmodus aktiviert +Tür ist zu, shackspace ist jetzt koronakonform +Oh nein, eine Tür, sie ist verschlossen! Also, die vom shack +Ihr kennt das ja: Abschalten. Der shack ist zu. +EOF +) +error=$(shuf -n1 <<EOF +Hase, api ist kaputt! Bitte reparieren +API liefert kein sinnvolles Ergebnis, keine Ahnung ob shack offen oder zu ist +shack api defekt :( +Hubel Hubel, jemand könnte mal die shack api reparieren +API sagt derp +Siehste das? API? Da soll ich jetzt nen Request drauf machen? Jetzt werd ich aber langsam n bisschen wild hier langsam! +Der API ist ein bisschen ein Otto geworden, ischwör der will mich flaxen +ich möchte den geschäftsführer sprechen, das API geht nicht mehr! +Herr makefu an Kasse 3 bitte, Kasse 3 bitte Herr makefu. Der API Computer ist mal wieder ausgefallen +EOF +) + +state=$(curl https://api.shackspace.de/v1/space | jq .doorState.open) +prevstate=$(cat state ||:) + +if test "$state" == "$(cat state)";then + #echo "current and last state is the same ($state), doing nothing" + : +else + echo "API state and last state differ ( '$state' != '$prevstate')" + if test "$state" == "true";then + send_reaktor "$open" + elif test "$state" == "false";then + send_reaktor "$close" + else + send_reaktor "$error" + fi + echo "updating state" + printf "%s" "$state" > state +fi diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix index 53d6e6f4a..51c2ad94f 100644 --- a/krebs/2configs/shack/glados/default.nix +++ b/krebs/2configs/shack/glados/default.nix @@ -112,7 +112,8 @@ in { } { platform = "mpd"; name = "kiosk"; - host = "lounge.kiosk.shack"; + #host = "lounge.kiosk.shack"; + host = "kiosk.shack"; } ]; @@ -123,7 +124,7 @@ in { http = { base_url = "http://hass.shack"; use_x_forwarded_for = true; - trusted_proxies = "127.0.0.1"; + trusted_proxies = [ "127.0.0.1" "::1" ]; }; #conversation = {}; @@ -139,6 +140,7 @@ in { language = "de"; cache = true; time_memory = 57600; + base_url = "http://hass.shack"; } ]; device_tracker = []; diff --git a/krebs/2configs/shack/light.shack.nix b/krebs/2configs/shack/light.shack.nix index 8e01cb1bf..715339a69 100644 --- a/krebs/2configs/shack/light.shack.nix +++ b/krebs/2configs/shack/light.shack.nix @@ -1,7 +1,9 @@ { config, pkgs, ... }: let - light-shack-src = pkgs.fetchgit { - url = "https://git.shackspace.de/rz/standby.shack"; + light-shack-src = + pkgs.fetchFromGitHub { + owner = "shackspace"; + repo = "standby.shack"; rev = "e1b90a0a"; sha256 = "07fmz63arc5rxa0a3778srwz0jflp4ad6xnwkkc56hwybby0bclh"; }; diff --git a/krebs/2configs/shack/muell_mail.nix b/krebs/2configs/shack/muell_mail.nix index 951450200..9308c7b13 100644 --- a/krebs/2configs/shack/muell_mail.nix +++ b/krebs/2configs/shack/muell_mail.nix @@ -2,8 +2,9 @@ let pkg = pkgs.callPackage ( - pkgs.fetchgit { - url = "https://git.shackspace.de/rz/muell_mail"; + pkgs.fetchFromGitHub { + owner = "shackspace"; + repo = "muell_mail"; rev = "c3e43687879f95e01a82ef176fa15678543b2eb8"; sha256 = "0hgchwam5ma96s2v6mx2jfkh833psadmisjbm3k3153rlxp46frx"; }) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; }; diff --git a/krebs/2configs/shack/muellshack.nix b/krebs/2configs/shack/muellshack.nix index b032b4299..cabe72b40 100644 --- a/krebs/2configs/shack/muellshack.nix +++ b/krebs/2configs/shack/muellshack.nix @@ -2,8 +2,9 @@ let pkg = pkgs.callPackage ( - pkgs.fetchgit { - url = "https://git.shackspace.de/rz/muellshack"; + pkgs.fetchFromGitHub { + owner = "shackspace"; + repo = "muellshack"; rev = "dc80cf1edaa3d86ec2bebae8596ad1d4c4e3650a"; sha256 = "1yipr66zhrg5m20pf3rzvgvvl78an6ddkq6zc45rxb2r0i7ipkyh"; diff --git a/krebs/2configs/shack/node-light.nix b/krebs/2configs/shack/node-light.nix index 2e69d5aaa..7a648d4ee 100644 --- a/krebs/2configs/shack/node-light.nix +++ b/krebs/2configs/shack/node-light.nix @@ -2,8 +2,9 @@ let pkg = pkgs.callPackage ( - pkgs.fetchgit { - url = "https://git.shackspace.de/rz/node-light.git"; + pkgs.fetchFromGitHub { + owner = "shackspace"; + repo = "node-light"; rev = "90a9347b73af3a9960bd992e6293b357226ef6a0"; sha256 = "1av9w3w8aknlra25jw6gqxzbb01i9kdlfziy29lwz7mnryjayvwk"; }) { }; diff --git a/krebs/2configs/shack/powerraw.nix b/krebs/2configs/shack/powerraw.nix index 43c743587..64e1911cf 100644 --- a/krebs/2configs/shack/powerraw.nix +++ b/krebs/2configs/shack/powerraw.nix @@ -6,14 +6,16 @@ let influx-url = "http://influx.shack:8086"; pkg = pkgs.python3.pkgs.callPackage ( - pkgs.fetchgit { - url = "https://git.shackspace.de/rz/powermeter.git"; + pkgs.fetchFromGitHub { + owner = "shackspace"; + repo = "powermeter"; rev = "438b08f"; sha256 = "0c5czmrwlw985b7ia6077mfrvbf2fq51iajb481pgqbywgxqis5m"; }) {}; in { # receive response from light.shack / standby.shack networking.firewall.allowedUDPPorts = [ 11111 ]; + networking.firewall.allowedTCPPorts = [ 11111 ]; users.users.powermeter = { extraGroups = [ "dialout" ]; isSystemUser = true; diff --git a/krebs/2configs/shack/reaktor.nix b/krebs/2configs/shack/reaktor.nix new file mode 100644 index 000000000..a31c7a687 --- /dev/null +++ b/krebs/2configs/shack/reaktor.nix @@ -0,0 +1,30 @@ +{ config, lib, pkgs, ... }: +{ + krebs.reaktor2.shackie = { + hostname = "irc.libera.chat"; + port = "6697"; + nick = "shackie"; + API.listen = "inet://127.0.0.1:7777"; + plugins = [ + { + plugin = "register"; + config = { + channels = [ + "#shackspace" + ]; + }; + } + ]; + }; + systemd.services.announce_doorstatus = { + startAt = "*:0/1"; + path = with pkgs; [ curl jq ]; + script = builtins.readFile ./doorstatus.sh; + serviceConfig = { + DynamicUser = true; + StateDirectory = "doorstatus"; + WorkingDirectory = "/var/lib/doorstatus"; + PrivateTmp = true; + }; + }; +} diff --git a/krebs/2configs/shack/s3-power.nix b/krebs/2configs/shack/s3-power.nix index 0ce8a8786..bed98d860 100644 --- a/krebs/2configs/shack/s3-power.nix +++ b/krebs/2configs/shack/s3-power.nix @@ -2,8 +2,9 @@ let pkg = pkgs.callPackage ( - pkgs.fetchgit { - url = "https://git.shackspace.de/rz/s3-power"; + pkgs.fetchFromGitHub { + owner = "shackspace"; + repo = "s3-power"; rev = "0687ab64"; sha256 = "1m8h4bwykv24bbgr5v51mam4wsbp5424xcrawhs4izv563jjf130"; }) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; }; diff --git a/krebs/2configs/shack/shackDNS.nix b/krebs/2configs/shack/shackDNS.nix index c9cdfd24b..00f79abc4 100644 --- a/krebs/2configs/shack/shackDNS.nix +++ b/krebs/2configs/shack/shackDNS.nix @@ -1,9 +1,10 @@ { config, lib, pkgs, ... }: let - pkg = - pkgs.fetchgit { - url = "https://git.shackspace.de/rz/shackdns"; + pkg = + pkgs.fetchFromGitHub { + owner = "shackspace"; + repo = "shackdns"; rev = "e55cc906c734b398683f9607b93f1ad6435d8575"; sha256 = "1hkwhf3hqb4fz06b1ckh7sl0zcyi4da5fgdlksian8lxyd19n8sq"; }; diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix index 4bdb095f1..e339d3174 100644 --- a/krebs/2configs/shack/worlddomination.nix +++ b/krebs/2configs/shack/worlddomination.nix @@ -4,8 +4,9 @@ with import <stockholm/lib>; let pkg = pkgs.stdenv.mkDerivation { name = "worlddomination-2020-12-01"; - src = pkgs.fetchgit { - url = "https://git.shackspace.de/rz/worlddomination.git"; + src = pkgs.fetchFromGitHub { + owner = "shackspace"; + repo = "worlddomination"; rev = "c7aedcde7cd1fcb870b5356a6125e1a384b0776c"; sha256 = "0y6haz5apwa33lz64l7b2x78wrrckbw39j4wzyd1hfk46478xi2y"; }; diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix deleted file mode 100644 index 2a035d7be..000000000 --- a/krebs/3modules/Reaktor.nix +++ /dev/null @@ -1,155 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let - - cfg = config.krebs.Reaktor; - homedir = "/var/lib/Reaktor"; - - out = { - options.krebs.Reaktor = api; - config = mkIf (cfg != {}) imp; - }; - - api = mkOption { - default = {}; - type = with types; attrsOf (submodule ({ options = { - - nickname = mkOption { - default = config.krebs.build.host.name + "|r"; - type = types.str; - description = '' - The nick name of the irc bot. - Defaults to {hostname}|r - ''; - }; - - overrideConfig = mkOption { - default = null; - type = types.nullOr types.str; - description = '' - configuration to be used instead of default ones. - Reaktor default cfg can be retrieved via `reaktor get-config` - ''; - }; - - plugins = mkOption { - default = [pkgs.ReaktorPlugins.nixos-version]; - }; - - workdir = mkOption { - default = "/var/lib/Reaktor"; - type = types.path; - description = '' - path to be used as workdir (home dir is still /var/lib/Reaktor) - ''; - }; - - extraConfig = mkOption { - default = ""; - type = types.str; - description = '' - configuration appended to the default or overridden configuration - ''; - }; - - extraEnviron = mkOption { - default = {}; - type = types.attrsOf types.str; - description = '' - Environment to be provided to the service, can be: - REAKTOR_HOST - REAKTOR_PORT - REAKTOR_STATEDIR - - debug and nickname can be set separately via the Reaktor api - ''; - }; - - channels = mkOption { - default = [ "#krebs" ]; - type = types.listOf types.str; - description = '' - Channels the Reaktor should connect to at startup. - ''; - }; - - debug = mkOption { - default = false; - description = '' - Reaktor debug output - ''; - }; - };})); - }; - - imp = { - # TODO get user per configured bot - # TODO get home from api - # for reaktor get-config - users.extraUsers = singleton rec { - name = "Reaktor"; - uid = genid name; - description = "Reaktor user"; - home = homedir; - createHome = true; - }; - - #users.extraGroups = singleton { - # name = "Reaktor"; - # gid = config.ids.gids.Reaktor; - #}; - - systemd.services = mapAttrs' (name: botcfg: - let - ReaktorConfig = pkgs.writeText "config.py" '' - ${if (isString botcfg.overrideConfig ) then '' - # Overriden Config - ${botcfg.overrideConfig} - '' else ""} - ## Extra Config - ${concatStringsSep "\n" (map (plug: plug.config) botcfg.plugins)} - ${botcfg.extraConfig} - ''; - in nameValuePair "Reaktor-${name}" { - path = with pkgs; [ - git # for nag - jq # for tell - python # for caps - utillinux # flock for tell - ]; - description = "Reaktor IRC Bot"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - environment = { - GIT_SSL_CAINFO = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - PYTHONPATH = "${pkgs.Reaktor}/lib/python3.6/site-packages"; - REAKTOR_NICKNAME = botcfg.nickname; - REAKTOR_DEBUG = (if botcfg.debug then "True" else "False"); - REAKTOR_CHANNELS = lib.concatStringsSep "," botcfg.channels; - state_dir = botcfg.workdir; - - } // botcfg.extraEnviron; - serviceConfig= { - ExecStartPre = pkgs.writeScript "Reaktor-init" '' - #! /bin/sh - ${if (isString botcfg.overrideConfig) then - ''cp ${ReaktorConfig} /tmp/reaktor-${name}-config.py'' - else - ''(${pkgs.Reaktor}/bin/reaktor get-config;cat "${ReaktorConfig}" ) > /tmp/reaktor-${name}-config.py'' - } - mkdir -p ${botcfg.workdir} - ''; - ExecStart = "${pkgs.Reaktor}/bin/reaktor run /tmp/reaktor-${name}-config.py"; - PrivateTmp = "true"; - User = "Reaktor"; - Restart = "always"; - RestartSec= "30" ; - }; - } - ) cfg; - - }; - -in -out diff --git a/krebs/3modules/announce-activation.nix b/krebs/3modules/announce-activation.nix index 76eb4b136..a40ae8cef 100644 --- a/krebs/3modules/announce-activation.nix +++ b/krebs/3modules/announce-activation.nix @@ -9,6 +9,7 @@ with import <stockholm/lib>; ${shell.escape (toString cfg.irc.port)} \ ${shell.escape cfg.irc.nick} \ ${shell.escape cfg.irc.channel} \ + ${escapeShellArg cfg.irc.tls} \ "$message" ''; default-get-message = pkgs.writeDash "announce-activation-get-message" '' @@ -50,6 +51,10 @@ in { default = "irc.r"; type = types.hostname; }; + tls = mkOption { + default = false; + type = types.bool; + }; }; }; config = mkIf cfg.enable { diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 30ca82b97..149995a23 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -43,7 +43,6 @@ let ./permown.nix ./per-user.nix ./power-action.nix - ./Reaktor.nix ./reaktor2.nix ./realwallpaper.nix ./retiolum-bootstrap.nix diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 75be58326..eff2967e0 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -18,42 +18,14 @@ with import <stockholm/lib>; in { hosts = mapAttrs hostDefaults { - toum = { - owner = config.krebs.users.kmein; - nets = { - retiolum = { - ip4.addr = "10.243.2.3"; - aliases = [ - "toum.r" - "toum.kmein.r" - ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2tRtskPP6391+ZX9xzsx - CUotXuqYucYmnUbrRSIlxASVqTmAf3nDOE5EDBBcTdSwnb02JcJW4Zh7+BGgMxjF - GxDPs6ETI28mHK+6rp8TOkMnyDb5mtSGVZPvKJU9fFOt6aAX1J1BzTfwtHtVQq7K - WBzdpeKXlw4dIQ6K6SGmPIPpEh9pE1Xb+GuVljCXKxGJFbW40dmh2ZdadO7umBDu - vRk08jT9/BUnUP6KrZlvyePnG38z6srMrVU+XAHu5D2qZ9y+QIp3kw7Y5JUrNXc7 - 9q9P9TYx15GiIz2mSJKcLVmkLRebsaqdV7dBibPbfdGE+NB+F1FYPGDdW4cnonon - DzzjGm/FDfOCXEnSkYGQDBWpfd/8AWum1xGJxJCPNBJElGE2o5jDWo4Y1b9gHP0M - vARm8AOK8R1pQ7BP+pNMO0gGw2NDrtWiWpTeZ7SqXmZAZ/Gmyen9X+/fowcbTyDH - b9joIuMQeOtxbUV2JprZIdit9NBFSZq/7Re/GBUwjGBm3LabIXFNGKZovx/f9lf8 - r5tVs4SPauiKzZS0K1Gz1NSq+3OXaY5EwVrBUXptYqRT7uyhVloOPRUsqRFeB0Fn - Y5xOpDJ0UiJxgFbdH5Vb81D/VjNO9Q4nZib8wSEuLrYLHGoceQPX4+Ov9IdhIL4B - BMTCaF+VCWC5PCLr0e61KqMCAwEAAQ== - -----END PUBLIC KEY----- - ''; - }; - }; - }; - wilde = { + kabsa = { owner = config.krebs.users.kmein; nets = { retiolum = { ip4.addr = "10.243.2.4"; aliases = [ - "wilde.r" - "wilde.kmein.r" + "kabsa.r" + "kabsa.kmein.r" ]; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- @@ -99,34 +71,6 @@ in { }; }; }; - homeros = { - owner = config.krebs.users.kmein; - nets = { - retiolum = { - ip4.addr = "10.243.2.1"; - aliases = [ - "homeros.r" - "homeros.kmein.r" - ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICC |