shelvacu/nix-stuff
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

formatters for everything

Browse Source
This commit is contained in:
Shelvacu
2025-02-21 16:10:34 -08:00
committed by Shelvacu on fw
parent 4d42ac55e2
commit 09a4b06a9e
72 changed files with 954 additions and 1097 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
common/assertions.nix
View File

@@ -13,7 +13,10 @@ let
withAsserts =
x:
if fatalAssertions != [ ] then
throw "\nFailed assertions:\n${lib.concatStringsSep "\n" (map (x: "- ${x}") fatalAssertions)}"
throw ''
Failed assertions:
${lib.concatStringsSep "\n" (map (x: "- ${x}") fatalAssertions)}''
else
lib.showWarnings triggeredWarnings x;

4
common/defaultPackages.nix
View File

@@ -84,8 +84,6 @@ lib.mkMerge [
gnutls
progress
])
++ [
(config.vacu.units.finalPackage)
];
++ [ config.vacu.units.finalPackage ];
}
]

6
common/ffmpeg.nix
View File

@@ -1,8 +1,4 @@
{
pkgs,
lib,
...
}:
{ pkgs, lib, ... }:
{
vacu.packages.ffmpeg-allvrything = {
enable = lib.mkDefault false;

12
common/git.nix
View File

@@ -34,13 +34,9 @@ in
acc
// (
if builtins.isList value then
{
ordered = acc.ordered ++ value;
}
{ ordered = acc.ordered ++ value; }
else
{
unordered = acc.unordered ++ [ x ];
}
{ unordered = acc.unordered ++ [ x ]; }
)
)
{
@@ -98,9 +94,7 @@ in
programs.git.enable = lib.mkIf cfg.enable false;
})
(lib.optionalAttrs (vacuModuleType == "nixos" || vacuModuleType == "nix-on-droid") {
environment = lib.mkIf (cfg.enable && cfg.config != [ ]) {
etc.gitconfig.text = cfg.configText;
};
environment = lib.mkIf (cfg.enable && cfg.config != [ ]) { etc.gitconfig.text = cfg.configText; };
})
];
}

4
common/hpn.nix
View File

@@ -7,7 +7,5 @@
}:
lib.optionalAttrs (vacuModuleType == "nixos") {
options.vacu.ssh-hpn.enable = lib.mkEnableOption "openssh hpn";
config = lib.mkIf config.vacu.ssh-hpn.enable {
programs.ssh.package = pkgs.openssh_hpn;
};
config = lib.mkIf config.vacu.ssh-hpn.enable { programs.ssh.package = pkgs.openssh_hpn; };
}

4
common/lib/default.nix
View File

@@ -6,9 +6,7 @@
./strings.nix
];
options.vacu.vaculib = lib.mkOption {
type = lib.types.anything;
};
options.vacu.vaculib = lib.mkOption { type = lib.types.anything; };
config._module.args.vaculib = config.vacu.vaculib;

6
common/lib/makeWrapper.nix
View File

@@ -1,8 +1,4 @@
{
pkgs,
lib,
...
}:
{ pkgs, lib, ... }:
let
inherit (lib)
optionals

4
common/lib/outputOf.nix
View File

@@ -43,7 +43,5 @@ let
if removeNewline then noNewline else res;
in
{
config.vacu.vaculib = {
inherit runCommandBare outputOf;
};
config.vacu.vaculib = { inherit runCommandBare outputOf; };
}

11
common/lib/strings.nix
View File

@@ -1,6 +1,4 @@
{
...
}:
{ ... }:
let
inherit (builtins) stringLength substring;
# aka startsWith but hopefully clear from the name what order the arguments go
@@ -20,10 +18,5 @@ let
(sl >= suffixl) && (substring (sl - suffixl - 1) - 1 s) == suffix;
in
{
config.vacu.vaculib = {
inherit
isPrefixOf
isSuffixOf
;
};
config.vacu.vaculib = { inherit isPrefixOf isSuffixOf; };
}

6
common/lix.nix
View File

@@ -1,8 +1,4 @@
{
inputs,
vacuModuleType,
...
}:
{ inputs, vacuModuleType, ... }:
if vacuModuleType == "nixos" then
{
# imports = [ inputs.lix-module.nixosModules.default ];

16
common/nix-command-extensions/nix.sh
View File

@@ -5,6 +5,8 @@ declare -A cache_to_url
cache_to_url["foo"]="https://example.com/some-nix-cache"
declare -a caches_to_use=("foo")
declare nixCmd="foo"
# replaceme END
declare -a preArgs
@@ -12,12 +14,12 @@ declare -a passThruArgs
cache_name=""
function valid_cache_name() {
cache_name="$1"
if [[ "$cache_name" == -* ]]; then
if [[ $cache_name == -* ]]; then
echo "invalid cache name" >&2
exit 1
fi
}
while [[ -n "$1" ]]; do
while [[ -n $1 ]]; do
arg="$1"
shift
case "$arg" in
@@ -25,7 +27,7 @@ while [[ -n "$1" ]]; do
cache_name="$1"
shift
valid_cache_name "$cache_name"
caches_to_use=("${caches_to_use[@]/$cache_name}")
caches_to_use=("${caches_to_use[@]/$cache_name/}")
;;
"--with-cache")
cache_name="$1"
@@ -40,7 +42,7 @@ while [[ -n "$1" ]]; do
caches_to_use=("$cache_name")
;;
"--on-trip")
if [[ "$HOSTNAME" == "triple-dezert" ]]; then
if [[ $HOSTNAME == "triple-dezert" ]]; then
echo "Warn: skipping --on-trip: already on trip" >&2
else
passThruArgs+=("--builders" "ssh://trip x86_64-linux,aarch64-linux" "--max-jobs" "0" "--option" "builders-use-substitutes" "true")
@@ -48,7 +50,7 @@ while [[ -n "$1" ]]; do
;;
"--")
passThruArgs+=("$arg" "$@")
break;
break
;;
*)
passThruArgs+=("$arg")
@@ -62,6 +64,8 @@ for c in "${caches_to_use[@]}"; do
substituters+=("$url")
done
preArgs+=("--option" "substituters" "$(echo "${substituters[@]}")")
substituters_together="${substituters[*]}"
preArgs+=("--option" "substituters" "$substituters_together")
exec "$nixCmd" "${preArgs[@]}" "${passThruArgs[@]}"

4
common/package-set.nix
View File

@@ -36,9 +36,7 @@ let
if builtins.isString val then
{
name = val;
value = {
inherit enable;
};
value = { inherit enable; };
}
else
{

8
common/shell/default.nix
View File

@@ -48,9 +48,7 @@ in
type = types.lines;
readOnly = true;
};
vacu.shell.wrappedBash = mkOption {
readOnly = true;
};
vacu.shell.wrappedBash = mkOption { readOnly = true; };
vacu.shell.idempotentShellLines = mkOption {
type = types.lines;
default = "";
@@ -59,9 +57,7 @@ in
type = types.enum (builtins.attrNames vaculib.shellColors);
default = "white";
};
vacu.shell.functions = mkOption {
type = types.attrsOf types.str;
};
vacu.shell.functions = mkOption { type = types.attrsOf types.str; };
};
config.vacu = {
vaculib = {

16
common/shell/ps1.nix
View File

@@ -12,8 +12,8 @@ let
# TODO: reset_without_clear doesn't fully work
# thanks colin https://git.uninsane.org/colin/nix-files/src/commit/7f5b2628016c8ca1beec417766157c7676a9c5e5/hosts/common/programs/zsh/starship.nix#L24
set = opt: ''\e[?${opt}h'';
clear = opt: ''\e[?${opt}l'';
set = opt: "\\e[?${opt}h";
clear = opt: "\\e[?${opt}l";
reset_without_clear = builtins.concatStringsSep "" [
# reset terminal mode (in case the previous command screwed with it)
# 'l' = turn option of, 'h' = turn option on.
@@ -49,19 +49,19 @@ let
];
# https://man.archlinux.org/man/bash.1#PROMPTING
# \[ and \] begins and ends "a sequence of non-printing characters"
set_color = colornum: ''\[\e[1;${toString colornum}m\]'';
set_inverted_color = colornum: ''\[\e[1;37;${toString (colornum + 10)}m\]'';
reset_color = ''\[\e[0m\]'';
set_color = colornum: "\\[\\e[1;${toString colornum}m\\]";
set_inverted_color = colornum: "\\[\\e[1;37;${toString (colornum + 10)}m\\]";
reset_color = "\\[\\e[0m\\]";
colornum = colors.${cfg.color};
root_text = root: lib.optionalString root "ROOT@";
final = root: if root then (set_inverted_color colors.red) + "!!" else "$";
hostName = if vacuModuleType == "plain" then ''\h'' else config.vacu.shortHostName;
hostName = if vacuModuleType == "plain" then "\\h" else config.vacu.shortHostName;
default_ps1 =
root:
''\n''
"\\n"
# + ''\[${reset_without_clear}\]''
+ (set_color colornum)
+ ''${root_text root}${hostName}:\w''
+ "${root_text root}${hostName}:\\w"
+ (final root)
+ reset_color
+ " ";

6
common/ssh.nix
View File

@@ -1,8 +1,4 @@
{
lib,
config,
...
}:
{ lib, config, ... }:
let
inherit (lib)
mkOption

10
common/units-impl.nix
View File

@@ -15,11 +15,11 @@ let
disallowedMiddle = "-" + disallowedAnywhere;
disallowedAtEnd = "23456789_,." + disallowedAnywhere;
disallowedAtBegin = "-01" + disallowedAtEnd;
anyExcept = chars: ''[^${lib.escapeRegex chars}]'';
anyExcept = chars: "[^${lib.escapeRegex chars}]";
singleChar = anyExcept disallowedAtBegin;
multiChar = ''${anyExcept disallowedAtBegin}${anyExcept disallowedMiddle}*${anyExcept disallowedAtEnd}'';
numberSuffix = regex: ''${regex}_[0-9\.,]+'';
fullRegex = ''${singleChar}|${multiChar}|${numberSuffix singleChar}|${numberSuffix multiChar}'';
multiChar = "${anyExcept disallowedAtBegin}${anyExcept disallowedMiddle}*${anyExcept disallowedAtEnd}";
numberSuffix = regex: "${regex}_[0-9\\.,]+";
fullRegex = "${singleChar}|${multiChar}|${numberSuffix singleChar}|${numberSuffix multiChar}";
in
fullRegex;
unitsAttrsType = types.addCheck (types.attrsOf types.str) (
@@ -119,7 +119,7 @@ in
}
{
vacu.units.lines = lib.concatStringsSep "\n" (
lib.mapAttrsToList (name: value: "+${name}\t${value}") config.vacu.units.extraUnits
lib.mapAttrsToList (name: value: "+${name} ${value}") config.vacu.units.extraUnits
);
}
];

4
common/verify-system/default.nix
View File

@@ -9,9 +9,7 @@ let
cfg = config.vacu.verifySystem;
in
{
imports = [
./nixos.nix
];
imports = [ ./nixos.nix ];
options.vacu.verifySystem = {
enable = (mkEnableOption "verify system is what is expected") // {
default = false;

6
compute-deck/default.nix
View File

@@ -1,8 +1,4 @@
{
pkgs,
inputs,
...
}:
{ pkgs, inputs, ... }:
{
imports = [

2
deterministic-certs.nix
View File

@@ -12,7 +12,7 @@ let
keyValToConfigLines = (
key: value:
if (builtins.isString value) || (builtins.isPath value) then
"${key} = \"${value}\""
''${key} = "${value}"''
else if builtins.isInt value then
"${key} = ${builtins.toString value}"
else if builtins.isList value then

10
dns/for.miras.pet.nix
View File

@@ -1,8 +1,4 @@
{
lib,
config,
...
}:
{ lib, config, ... }:
let
inherit (lib) singleton;
inherit (config.vacu) dnsData;
@@ -11,9 +7,7 @@ in
vacu.dns."for.miras.pet" =
{ ... }:
{
imports = [
dnsData.modules.cloudns
];
imports = [ dnsData.modules.cloudns ];
subdomains = {
"git".A = singleton dnsData.tripPublicV4;
"auth".A = singleton dnsData.tripPublicV4;

6
dns/jean-luc.org.nix
View File

@@ -1,8 +1,4 @@
{
lib,
config,
...
}:
{ lib, config, ... }:
let
inherit (lib) singleton;
inherit (config.vacu) dnsData;

10
dns/pwrhs.win.nix
View File

@@ -1,8 +1,4 @@
{
lib,
config,
...
}:
{ lib, config, ... }:
let
inherit (lib) singleton;
inherit (config.vacu) dnsData;
@@ -11,9 +7,7 @@ in
vacu.dns."pwrhs.win" =
{ ... }:
{
imports = [
dnsData.modules.cloudns
];
imports = [ dnsData.modules.cloudns ];
A = singleton dnsData.tripPublicV4;
subdomains.habitat.A = singleton dnsData.tripPublicV4;
subdomains._acme-challenge.CNAME = singleton "73697955-1c51-48ba-ba1e-b3398850f59f.auwwth.dis8.net.";

6
dns/shelvacu.miras.pet.nix
View File

@@ -1,8 +1,4 @@
{
lib,
config,
...
}:
{ lib, config, ... }:
let
inherit (lib) singleton;
inherit (config.vacu) dnsData;

4
flake.nix
View File

@@ -451,9 +451,7 @@
sopsConfig = plain.config.vacu.sopsConfigFile;
sourceTree = plain.config.vacu.sourceTree;
units = plain.config.vacu.units.finalPackage;
update-git-keys = pkgs-stable.callPackage ./scripts/update-git-keys.nix {
inherit (plain) config;
};
update-git-keys = pkgs-stable.callPackage ./scripts/update-git-keys.nix { inherit (plain) config; };
vnopnCA = pkgs-stable.writeText "vnopnCA.cert" plain.config.vacu.vnopnCA;
wrappedSops = plain.config.vacu.wrappedSops;
z3 = pkgs-unstable.callPackage ./packages/z3 { };

6
fw/default.nix
View File

@@ -1,8 +1,4 @@
{
inputs,
pkgs,
...
}:
{ inputs, pkgs, ... }:
{
imports = [
inputs.nixos-hardware.nixosModules.framework-16-7040-amd

5
fw/orca-slicer.nix
View File

@@ -1,7 +1,4 @@
{
pkgs,
...
}:
{ pkgs, ... }:
{
vacu.packages.orca-slicer = {
enable = true;

5
fw/radicle.nix
View File

@@ -1,7 +1,4 @@
{
config,
...
}:
{ config, ... }:
{
sops.secrets.radicle-key = {
sopsFile = ../secrets/radicle-private.key;

5
fw/zfs.nix
View File

@@ -1,7 +1,4 @@
{
pkgs,
...
}:
{ pkgs, ... }:
{
boot.zfs.extraPools = [ "fw" ];
# config.boot.zfs.package.latestCompatibleLinuxPackages is fucked, if there are multiple compatible linuxes of the same version, it picks effectively an arbitrary one

4
installer.nix
View File

@@ -5,9 +5,7 @@
...
}:
{
imports = [
"${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
];
imports = [ "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix" ];
# this is an installer image, created anew every time. There's no state we need to worry about messing up
system.stateVersion = config.system.nixos.version;
isoImage.isoBaseName = "nixos-shel-installer";

13
liam/mail.nix
View File

@@ -73,7 +73,9 @@ in
enableSubmission = false;
enableSubmissions = true;
mapFiles.header_checks = pkgs.writeText "header-checks" (
"/./ INFO checker headers\n"
''
/./ INFO checker headers
''
+ (mapLines (
d: "/^(from|x-original-from|return-path|mail-?from):.*@${lib.escape [ "." ] d}\\s*>?\\s*$/ REJECT"
) domains)
@@ -89,11 +91,16 @@ in
mapLines (d: "@${d} relayservice") relayable_domains
);
mapFiles.sender_relay = pkgs.writeText "sender-relay" (
"@shelvacu.com ${relayhosts.allDomains} ${relayhosts.shelvacuAlt} \n"
''
@shelvacu.com ${relayhosts.allDomains} ${relayhosts.shelvacuAlt}
''
+ (mapLines (d: "@${d} ${relayhosts.allDomains}") relayable_domains)
);
mapFiles.extra_login_maps = pkgs.writeText "extra-login-maps" (
"robot@vacu.store vacustore\n" + config.services.postfix.virtual
''
robot@vacu.store vacustore
''
+ config.services.postfix.virtual
);
# verbatim appended to main.cf

21
liam/sieve.nix
View File

@@ -69,22 +69,13 @@ let
folder_name;
is_match = regex: s: (match regex s) != null;
is_not_match = regex: s: !(is_match regex s);
is_quoteable = s: (is_match "[ -~]*" s) && (is_not_match (''\$'' + ''\{'') s);
is_quoteable = s: (is_match "[ -~]*" s) && (is_not_match ("\\$" + "\\{") s);
sieve_quote_string_bare =
s:
assert is_quoteable s;
replaceStrings
[
"\""
"\\"
]
[
"\\\""
"\\\\"
]
s;
sieve_quote_string = s: "\"" + (sieve_quote_string_bare s) + "\"";
interp = ident: "$" + ''{${ident}}'';
replaceStrings [ ''"'' "\\" ] [ ''\"'' "\\\\" ] s;
sieve_quote_string = s: ''"'' + (sieve_quote_string_bare s) + ''"'';
interp = ident: "$" + "{${ident}}";
dest = "envelope_to";
dest_domain = "envelope_to_domain";
set_envelope = ''
@@ -135,7 +126,9 @@ let
'';
set_var_from_environment =
item: var:
"# set_var_from_environment\n"
''
# set_var_from_environment
''
+ set_from {
condition = ''environment :matches ${sieve_quote_string item} "*"'';
inherit var;

4
lp0/default.nix
View File

@@ -1,8 +1,6 @@
{ config, pkgs, ... }:
{
imports = [
./hardware-config.nix
];
imports = [ ./hardware-config.nix ];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;

9
nix-on-droid/default.nix
View File

@@ -1,12 +1,7 @@
{
lib,
...
}:
{ lib, ... }:
{
imports = [
./flake-registry.nix
];
imports = [ ./flake-registry.nix ];
vacu.shell.color = "white";
vacu.systemKind = "server";

5
packages/haproxy-lua-http.nix
View File

@@ -1,7 +1,4 @@
{
fetchFromGitHub,
stdenv,
}:
{ fetchFromGitHub, stdenv }:
let
deriv =
(stdenv.mkDerivation {

9
packages/snmp-mibs-downloader.nix
View File

@@ -86,14 +86,7 @@ stdenv.mkDerivation (
PATH=${
lib.escapeShellArg (
lib.concatStringsSep ":" (
lib.flip map [
coreutils
gzip
gnutar
unzip
wget
gnupatch
] (p: "${p}/bin")
lib.flip map [ coreutils gzip gnutar unzip wget gnupatch ] (p: "${p}/bin")
)
)
}

27
scripts/dns/default.nix
View File

@@ -5,33 +5,12 @@
...
}:
let
pythEscape =
x:
builtins.replaceStrings
[
''"''
"\n"
''\''
]
[
''\"''
''\n''
''\\''
]
x;
pythonScript =
builtins.replaceStrings
[
"@sops@"
"@dns_secrets_file@"
"@data@"
]
(map pythEscape [
pythEscape = x: builtins.replaceStrings [ ''"'' "\n" "\\" ] [ ''\"'' "\\n" "\\\\" ] x;
pythonScript = builtins.replaceStrings [ "@sops@" "@dns_secrets_file@" "@data@" ] (map pythEscape [
(lib.getExe config.vacu.wrappedSops)
(builtins.toString ../../secrets/misc/cloudns.json)
(builtins.toJSON config.vacu.dns)
])
(builtins.readFile ./script.py);
]) (builtins.readFile ./script.py);
in
pkgs.writers.writePython3Bin "dns-update" {
libraries = with pkgs.python3Packages; [

53
scripts/dns/script.py
View File

@@ -24,23 +24,30 @@ AUTH_PASSWORD = secrets["auth_password"]
BASE_URL = "https://api.cloudns.net"
def req(path:str, **kwargs):
def req(path: str, **kwargs):
auth_params = {
"auth-id": AUTH_ID,
"auth-password": AUTH_PASSWORD,
}
params = { k.replace("_","-"): v for k, v in kwargs.items() }
params = {k.replace("_", "-"): v for k, v in kwargs.items()}
return httpx.get(BASE_URL + path, params={**auth_params, **params}).json()
def textify(z:dns.zone.Zone) -> str:
for node in z.nodes.values():
node.rdatasets.sort(key = lambda rrd: (rrd.rdclass, rrd.rdtype, rrd.covers, rrd.ttl))
return z.to_text(sorted = True, relativize = True, nl = "\n", want_comments = False, want_origin = True)
def set_soa_serial(zone:dns.zone.Zone, serial:int):
soa = zone.find_rdataset(zone.origin, 'SOA')
def textify(z: dns.zone.Zone) -> str:
for node in z.nodes.values():
node.rdatasets.sort(
key=lambda rrd: (rrd.rdclass, rrd.rdtype, rrd.covers, rrd.ttl)
)
return z.to_text(
sorted=True, relativize=True, nl="\n", want_comments=False, want_origin=True
)
def set_soa_serial(zone: dns.zone.Zone, serial: int):
soa = zone.find_rdataset(zone.origin, "SOA")
old_soa = soa[0]
new_soa = dns.rdtypes.ANY.SOA.SOA(
@@ -52,21 +59,22 @@ def set_soa_serial(zone:dns.zone.Zone, serial:int):
old_soa.refresh,
old_soa.retry,
old_soa.expire,
old_soa.minimum
old_soa.minimum,
)
soa.clear()
soa.add(new_soa)
def display_and_maybe_update(origin: str, update: bool) -> bool:
desired_zone = dns.zone.from_text(DATA[origin], origin = origin)
desired_zone = dns.zone.from_text(DATA[origin], origin=origin)
res = req("/dns/records-export.json", domain_name = origin)
res = req("/dns/records-export.json", domain_name=origin)
current_zone_str = res["zone"]
current_zone = dns.zone.from_text(current_zone_str, origin = origin)
current_zone = dns.zone.from_text(current_zone_str, origin=origin)
assert(desired_zone.rdclass == current_zone.rdclass)
assert(desired_zone.origin == current_zone.origin)
assert desired_zone.rdclass == current_zone.rdclass
assert desired_zone.origin == current_zone.origin
# cloudns makes its own serial, we can't change it.
# set desired serial to match current serial
@@ -90,14 +98,21 @@ def display_and_maybe_update(origin: str, update: bool) -> bool:
return True
user_input = input("Do you want to continue? (y/n): ").strip().lower()
if user_input != 'y':
if user_input != "y":
print("Abort.")
sys.exit(1)
res = req("/dns/records-import.json", domain_name = origin, format = "bind", content = desired_text, delete_existing_records = 1)
res = req(
"/dns/records-import.json",
domain_name=origin,
format="bind",
content=desired_text,
delete_existing_records=1,
)
pp(res)
return True
parser = argparse.ArgumentParser()
parser.add_argument("--domain")
parser.add_argument("--all-domains", action="store_true")
@@ -107,13 +122,13 @@ args = parser.parse_args()
all_domains = bool(args.all_domains)
update = bool(args.update)
assert((args.domain is not None) != all_domains)
assert (args.domain is not None) != all_domains
if all_domains:
assert(args.domain is None)
assert args.domain is None
domains = DATA.keys()
else:
assert(args.domain is not None)
assert args.domain is not None
domains = [args.domain]
found_any_difference = False

4
tests/liam.nix
View File

@@ -38,7 +38,9 @@ let
"vacustore"
]
))
+ "\nbackup:::::::";
+ ''
backup:::::::'';
dkim_key = ''
-----BEGIN PRIVATE KEY-----
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANn62hMdcFw4znAB

122
tests/mailtest.py
View File

@@ -9,30 +9,43 @@ import requests
from typing import NamedTuple
parser = argparse.ArgumentParser()
parser.add_argument('host', type = str)
parser.add_argument('--mailfrom', default = 'foo@example.com')
parser.add_argument('--rcptto', default = 'awesome@vacu.store')
parser.add_argument('--subject', default = 'Some test message')
parser.add_argument('--header', action = 'append', default = [])
parser.add_argument('--submission', default = False, action='store_true')
parser.add_argument('--smtp-starttls', default = None, action='store_true')
parser.add_argument('--imap-insecure', default = False, action = 'store_true')
parser.add_argument('--imap-move-to')
parser.add_argument('--imap-dir', default = None)
parser.add_argument('--username')
parser.add_argument('--password')
parser.add_argument('--expect-refused',
dest = 'expect',
action = 'store_const',
const = 'refused',
default = 'received'
parser.add_argument("host", type=str)
parser.add_argument("--mailfrom", default="foo@example.com")
parser.add_argument("--rcptto", default="awesome@vacu.store")
parser.add_argument("--subject", default="Some test message")
parser.add_argument("--header", action="append", default=[])
parser.add_argument("--submission", default=False, action="store_true")
parser.add_argument("--smtp-starttls", default=None, action="store_true")
parser.add_argument("--imap-insecure", default=False, action="store_true")
parser.add_argument("--imap-move-to")
parser.add_argument("--imap-dir", default=None)
parser.add_argument("--username")
parser.add_argument("--password")
parser.add_argument(
"--expect-refused",
dest="expect",
action="store_const",
const="refused",
default="received",
)
parser.add_argument('--expect-flag', action = 'append', default = [])
parser.add_argument('--expect-sent', dest = 'expect', action = 'store_const', const = 'sent')
parser.add_argument('--expect-imap-error', dest = 'expect', action = 'store_const', const = 'imap_error')
parser.add_argument('--expect-mailpit-received', dest = 'expect', action = 'store_const', const = 'mailpit_received')
parser.add_argument('--expect-mailpit-not-received', dest = 'expect', action = 'store_const', const = 'mailpit_not_received')
parser.add_argument('--mailpit-url')
parser.add_argument("--expect-flag", action="append", default=[])
parser.add_argument("--expect-sent", dest="expect", action="store_const", const="sent")
parser.add_argument(
"--expect-imap-error", dest="expect", action="store_const", const="imap_error"
)
parser.add_argument(
"--expect-mailpit-received",
dest="expect",
action="store_const",
const="mailpit_received",
)
parser.add_argument(
"--expect-mailpit-not-received",
dest="expect",
action="store_const",
const="mailpit_not_received",
)
parser.add_argument("--mailpit-url")
args = parser.parse_args()
@@ -49,7 +62,9 @@ password = args.password
if password is None:
password = username
if (username is None or password is None) and (args.submission or args.expect == 'received'):
if (username is None or password is None) and (
args.submission or args.expect == "received"
):
assert False, "Bad args"
if args.expect.startswith("mailpit_") and args.mailpit_url is None:
@@ -57,21 +72,23 @@ if args.expect.startswith("mailpit_") and args.mailpit_url is None:
msg_magic = str(uuid.uuid4())
def mk_ctx():
ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
return ctx
try:
smtp = None
if args.submission:
smtp = smtplib.SMTP_SSL(args.host, port=465, context = mk_ctx())
smtp = smtplib.SMTP_SSL(args.host, port=465, context=mk_ctx())
else:
smtp = smtplib.SMTP(args.host, port=25)
smtp.ehlo()
if args.smtp_starttls:
smtp.starttls(context = mk_ctx())
smtp.starttls(context=mk_ctx())
smtp.ehlo()
if args.submission:
smtp.login(username, password)
@@ -79,11 +96,13 @@ try:
smtp.sendmail(args.mailfrom, args.rcptto, f"{headers}\n\n{msg_magic}")
smtp.close()
except smtplib.SMTPRecipientsRefused:
assert args.expect == 'refused', "Server rejected message as recipients refused"
assert args.expect == "refused", "Server rejected message as recipients refused"
except smtplib.SMTPSenderRefused:
assert args.expect == 'refused', "Server rejected message as recipients refused"
assert args.expect == "refused", "Server rejected message as recipients refused"
else:
assert (not args.expect == 'refused'), "Server was supposed to reject this message, but it didn't"
assert (
not args.expect == "refused"
), "Server was supposed to reject this message, but it didn't"
if args.mailpit_url is not None:
time.sleep(3)
@@ -93,25 +112,32 @@ if args.mailpit_url is not None:
if msg_magic in message_data["Snippet"]:
found_message = True
break
if args.expect == 'mailpit_received':
if args.expect == "mailpit_received":
assert found_message, "Message not received by mailpit server"
else:
assert not found_message, "Message was received by the mailpit server when it wasn't supposed to be"
assert (
not found_message
), "Message was received by the mailpit server when it wasn't supposed to be"
MessageInFolder = NamedTuple('MessageInFolder', [('message', imap_tools.message.MailMessage), ('folder', str)])
MessageInFolder = NamedTuple(
"MessageInFolder", [("message", imap_tools.message.MailMessage), ("folder", str)]
)
if args.expect == 'received' or args.expect == 'imap_error':
if args.expect == "received" or args.expect == "imap_error":
time.sleep(5)
print(f"looking for {msg_magic}")
try:
def connection() -> imap_tools.MailBox:
return imap_tools.MailBox(args.host, ssl_context = mk_ctx()).login(username, password)
return imap_tools.MailBox(args.host, ssl_context=mk_ctx()).login(
username, password
)
def find_messages(mailbox: imap_tools.MailBox) -> list[MessageInFolder]:
matching_messages = []
directories = []
for d in mailbox.folder.list():
if '\\Noselect' not in d.flags:
if "\\Noselect" not in d.flags:
directories.append(d.name)
# print(f"directories is {directories!r}")
for imap_dir in directories:
@@ -128,7 +154,7 @@ if args.expect == 'received' or args.expect == 'imap_error':
print(f"flags: {msg.flags!r}")
print(f"{msg_str}")
if msg_magic == msg.text.strip():
in_folder = MessageInFolder(message = msg, folder = imap_dir)
in_folder = MessageInFolder(message=msg, folder=imap_dir)
matching_messages.append(in_folder)
return matching_messages
@@ -146,20 +172,30 @@ if args.expect == 'received' or args.expect == 'imap_error':
print(f"done moving, res {res!r}")
with connection() as mailbox:
matching_messages = find_messages(mailbox)
if args.expect == 'received':
if args.expect == "received":
# print(f"{matching_messages!r}")
assert len(matching_messages) > 0, "Could not find the message in the mailbox"
assert len(matching_messages) == 1, f"Multiple messages matching message magic {msg_magic}"
assert (
len(matching_messages) > 0
), "Could not find the message in the mailbox"
assert (
len(matching_messages) == 1
), f"Multiple messages matching message magic {msg_magic}"
matching_mif = matching_messages[0]
if args.imap_dir is not None:
expected_dir = args.imap_dir
actual_dir = matching_mif.folder
assert expected_dir == actual_dir, f"Expected to find message in {expected_dir}, found it in {actual_dir} instead"
assert (
expected_dir == actual_dir
), f"Expected to find message in {expected_dir}, found it in {actual_dir} instead"
matching_message = matching_mif.message
for expected_flag in args.expect_flag:
assert expected_flag in matching_message.flags, f"Flag {expected_flag} not found, message flags: {matching_message.flags!r}"
assert (
expected_flag in matching_message.flags
), f"Flag {expected_flag} not found, message flags: {matching_message.flags!r}"
except imaplib.IMAP4.error as e:
assert args.expect == 'imap_error', f"IMAP error: {e}"
assert args.expect == "imap_error", f"IMAP error: {e}"
else:
assert not args.expect == 'imap_error', "Expected an IMAP error, but didn't get one"
assert (
not args.expect == "imap_error"
), "Expected an IMAP error, but didn't get one"

1
tliam
View File

@@ -26,4 +26,3 @@ if "${prefix[@]}" nix run "${flake_path}#checks.x86_64-linux.liam.driver" -- "$@
else
fail "liam-vm failed with exit code $?"
fi

4
toptop/hardware-configuration.nix
View File

@@ -7,9 +7,7 @@
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [
"ahci"

38
treefmt.nix
View File

@@ -1,5 +1,41 @@
{ ... }:
let
shellFiles = [
"*.sh"
"dcd"
"dliam"
"dmmm"
"dnod"
"dtrip"
"sops"
"tliam"
];
in
{
projectRootFile = "flake.nix";
programs.nixfmt-rfc-style.enable = true;
programs.nixfmt.enable = true;
programs.nixfmt.strict = true;
programs.shellcheck.enable = true;
programs.shellcheck.includes = shellFiles;
programs.shfmt.enable = true;
programs.shfmt.includes = shellFiles;
programs.deno.enable = true;
programs.stylua.enable = true;
programs.black.enable = true;
settings.excludes = [
"*.pdf"
"*.patch"
"*.units"
".gitignore"
"flake.lock"
"mmm/firmware/all_firmware.tar.gz"
"mmm/firmware/kernelcache.release.mac13g"
"secrets/radicle-private.key"
"tests/test_key"
"tests/test_key.pub"
];
}

16
triple-dezert/database.nix
View File

@@ -44,11 +44,7 @@ in
let
outer_config = config;
in
{
name,
config,
...
}:
{ name, config, ... }:
{
options = {
name = mkOption {
@@ -115,9 +111,15 @@ in
};
systemd.services.postgresql.postStart =
"\n#START stuff from database.nix\n"
''
#START stuff from database.nix
''
+ (mapLines (d: ''$PSQL -tAc 'ALTER DATABASE "${d.name}" OWNER TO "${d.user}";' '') databases)
+ "\n#END stuff from database.nix\n";
+ ''
#END stuff from database.nix
'';
systemd.services.postgresql.serviceConfig.ReadWritePaths = "/var/postgres";
};
}

6
triple-dezert/disko.nix
View File

@@ -1,8 +1,4 @@
{
inputs,
lib,
...
}:
{ inputs, lib, ... }:
let
megaHardDrives = [
"ata-ST22000NM001E-3HM103_ZX201FM0"

4
triple-dezert/docker.nix
View File

@@ -1,6 +1,4 @@
{
...
}:
{ ... }:
{
virtualisation.docker = {
enable = true;

8
triple-dezert/gallerygrab.nix
View File

@@ -9,9 +9,7 @@ in
isSystemUser = true;
group = "gallerygrab";
};
users.groups.gallerygrab = {
inherit gid;
};
users.groups.gallerygrab = { inherit gid; };
systemd.tmpfiles.settings.vacu-container-gallerygrab = {
"/trip/ffuts/archive/gallerygrab".d = {
@@ -63,9 +61,7 @@ in
group = "gallerygrab";
home = "/var/gallerygrab";
};
users.groups.gallerygrab = {
inherit gid;
};
users.groups.gallerygrab = { inherit gid; };
};
};
}

17
triple-dezert/proxied/haproxy-config.nix
View File

@@ -6,18 +6,7 @@
}:
let
enableKeylog = false;
cleanName =
name:
lib.replaceStrings
[
"-"
" "
]
[
"_"
"_"
]
name;
cleanName = name: lib.replaceStrings [ "-" " " ] [ "_" "_" ] name;
aclName = config: "host_" + (cleanName config.name);
backendName = config: "backend_" + (cleanName config.name);
concatMap =
@@ -92,10 +81,10 @@ in
http-request return string "Shelvacu is awesome" content-type text/plain if { path / } { var(req.host) -m str "shelvacu.com" }
http-request return string "Jean-luc is awesome" content-type text/plain if { path / } { var(req.host) -m str "jean-luc.org" }
${mapLines (c: " " + ''http-request allow if ${aclName c}'') proxied}
${mapLines (c: " " + "http-request allow if ${aclName c}") proxied}
http-request return status 404 string "not found" content-type text/plain
${mapLines (c: " " + ''use_backend ${backendName c} if ${aclName c}'') proxied}
${mapLines (c: " " + "use_backend ${backendName c} if ${aclName c}") proxied}
${concatMap "\n\n" (c: ''
backend ${backendName c}

10
triple-dezert/proxied/options.nix
View File

@@ -2,9 +2,9 @@
let
inherit (lib) mkOption types;
outerConfig = config;
ip4Segment = ''[0-9]{1,3}'';
ip4Segment = "[0-9]{1,3}";
ip4Address = types.addCheck (types.strMatching (
lib.concatStringsSep ''\.'' [
lib.concatStringsSep "\\." [
ip4Segment
ip4Segment
ip4Segment
@@ -12,7 +12,7 @@ let
]
)) (s: lib.all (p: (lib.toInt p) < 255) (lib.splitString "." s));
# Note: This accepts plenty of strings that aren't valid ipv6 addresses, this is just to catch when you accidentally put an ipv4 or something else in
ip6Address = types.strMatching ''([a-fA-F0-9]{4}::?){1,7}[a-fA-F0-9]{4}'';
ip6Address = types.strMatching "([a-fA-F0-9]{4}::?){1,7}[a-fA-F0-9]{4}";
ipAddress = types.either ip4Address ip6Address;
in
{
@@ -41,9 +41,7 @@ in
port = mkOption { type = types.port; };
ipAddress = mkOption {
type = ipAddress;
};
ipAddress = mkOption { type = ipAddress; };
domain = mkOption { type = types.str; };

4
triple-dezert/proxied/services/default.nix
View File

@@ -1,6 +1,4 @@
{
...
}:
{ ... }:
{
imports = [
./habitat-fwd.nix

4
triple-dezert/proxied/services/dufs.nix
View File

@@ -1,6 +1,4 @@
{
...
}:
{ ... }:
{
vacu.proxiedServices.dufs = {
domain = "dav.shelvacu.com";

6
triple-dezert/proxied/services/firefly.nix
View File

@@ -34,11 +34,7 @@ in
};
config =
{
lib,
config,
...
}:
{ lib, config, ... }:
let
common_settings = {
APP_ENV = "production";

6
triple-dezert/proxied/services/jl-stats.nix
View File

@@ -1,8 +1,4 @@
{
config,
inputs,
...
}:
{ config, inputs, ... }:
let
name = "jl-stats";
contain = config.containers.${name};

5
triple-dezert/proxied/services/jobs.nix
View File

@@ -18,10 +18,7 @@
restartIfChanged = true;
config =
{
lib,
...
}:
{ lib, ... }:
{
system.stateVersion = "24.11";

5
triple-dezert/proxied/services/kanidm.nix
View File

@@ -1,7 +1,4 @@
{
config,
...
}:
{ config, ... }:
let
webListenPort = 8443;
webListenIP = "127.4.20.165";

10
triple-dezert/proxied/services/keycloak.nix
View File

@@ -1,7 +1,4 @@
{
config,
...
}:
{ config, ... }:
let
contain = config.containers.keycloak;
settings = contain.config.services.keycloak.settings;
@@ -26,10 +23,7 @@ in
restartIfChanged = true;
config =
{
pkgs,
...
}:
{ pkgs, ... }:
{
system.stateVersion = "23.11";
networking.firewall.enable = false;

5
triple-dezert/proxied/services/llm.nix
View File

@@ -1,7 +1,4 @@
{
config,
...
}:
{ config, ... }:
let
contain = config.containers.llm;
in

4
triple-dezert/proxied/services/mira/default.nix
View File

@@ -1,6 +1,4 @@
{
...
}:
{ ... }:
{
imports = [
./mira-auth.nix

10
triple-dezert/proxied/services/mira/mira-auth.nix
View File

@@ -1,6 +1,4 @@
{
...
}:
{ ... }:
let
port = 8443;
domain = "auth.for.miras.pet";
@@ -24,11 +22,7 @@ in
restartIfChanged = true;
config =
{
pkgs,
lib,
...
}:
{ pkgs, lib, ... }:
let
certtool = "${pkgs.gnutls.bin}/bin/certtool";
template_text = ''

84
triple-dezert/proxied/services/mira/mira-chat.nix
View File

@@ -1,8 +1,4 @@
{
lib,
pkgs,
...
}:
{ lib, pkgs, ... }:
let
domain = "chat.for.miras.pet";
port = 3169;
@@ -74,9 +70,7 @@ in
"POSTGRES_USER" = "zulip";
};
environmentFiles = [ (secrets_folder + "/postgres-secrets") ];
volumes = [
"mira-chat_postgresql-14:/var/lib/postgresql/data:rw"
];
volumes = [ "mira-chat_postgresql-14:/var/lib/postgresql/data:rw" ];
log-driver = "journald";
extraOptions = [
"--network-alias=database"
@@ -98,12 +92,8 @@ in
"docker-network-mira-chat_default.service"
"docker-volume-mira-chat_postgresql-14.service"
];
partOf = [
"docker-compose-mira-chat-root.target"
];
wantedBy = [
"docker-compose-mira-chat-root.target"
];
partOf = [ "docker-compose-mira-chat-root.target" ];
wantedBy = [ "docker-compose-mira-chat-root.target" ];
};
virtualisation.oci-containers.containers."mira-chat-memcached" = {
image = "memcached:alpine";
@@ -115,11 +105,7 @@ in
cmd = [
"sh"
"-euc"
"echo 'mech_list: plain' > \"$SASL_CONF_PATH\"
echo \"zulip@$HOSTNAME:$MEMCACHED_PASSWORD\" > \"$MEMCACHED_SASL_PWDB\"
echo \"zulip@localhost:$MEMCACHED_PASSWORD\" >> \"$MEMCACHED_SASL_PWDB\"
exec memcached -S
"
"echo 'mech_list: plain' > \"$SASL_CONF_PATH\"\n echo \"zulip@$HOSTNAME:$MEMCACHED_PASSWORD\" > \"$MEMCACHED_SASL_PWDB\"\n echo \"zulip@localhost:$MEMCACHED_PASSWORD\" >> \"$MEMCACHED_SASL_PWDB\"\n exec memcached -S\n "
];
log-driver = "journald";
extraOptions = [
@@ -134,18 +120,10 @@ in
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-mira-chat_default.service"
];
requires = [
"docker-network-mira-chat_default.service"
];
partOf = [
"docker-compose-mira-chat-root.target"
];
wantedBy = [
"docker-compose-mira-chat-root.target"
];
after = [ "docker-network-mira-chat_default.service" ];
requires = [ "docker-network-mira-chat_default.service" ];
partOf = [ "docker-compose-mira-chat-root.target" ];
wantedBy = [ "docker-compose-mira-chat-root.target" ];
};
virtualisation.oci-containers.containers."mira-chat-rabbitmq" = {
image = "rabbitmq:3.12.14";
@@ -153,9 +131,7 @@ in
"RABBITMQ_DEFAULT_USER" = "zulip";
};
environmentFiles = [ (secrets_folder + "/rabbitmq-secrets") ];
volumes = [
"mira-chat_rabbitmq:/var/lib/rabbitmq:rw"
];
volumes = [ "mira-chat_rabbitmq:/var/lib/rabbitmq:rw" ];
log-driver = "journald";
extraOptions = [
"--network-alias=rabbitmq"
@@ -177,25 +153,17 @@ in
"docker-network-mira-chat_default.service"
"docker-volume-mira-chat_rabbitmq.service"
];
partOf = [
"docker-compose-mira-chat-root.target"
];
wantedBy = [
"docker-compose-mira-chat-root.target"
];
partOf = [ "docker-compose-mira-chat-root.target" ];
wantedBy = [ "docker-compose-mira-chat-root.target" ];
};
virtualisation.oci-containers.containers."mira-chat-redis" = {
image = "redis:alpine";
environmentFiles = [ (secrets_folder + "/redis-secrets") ];
volumes = [
"mira-chat_redis:/data:rw"
];
volumes = [ "mira-chat_redis:/data:rw" ];
cmd = [
"sh"
"-euc"
"echo \"requirepass '$REDIS_PASSWORD'\" > /etc/redis.conf
exec redis-server /etc/redis.conf
"
"echo \"requirepass '$REDIS_PASSWORD'\" > /etc/redis.conf\n exec redis-server /etc/redis.conf\n "
];
log-driver = "journald";
extraOptions = [
@@ -218,12 +186,8 @@ in
"docker-network-mira-chat_default.service"
"docker-volume-mira-chat_redis.service"
];
partOf = [
"docker-compose-mira-chat-root.target"
];
wantedBy = [
"docker-compose-mira-chat-root.target"
];
partOf = [ "docker-compose-mira-chat-root.target" ];
wantedBy = [ "docker-compose-mira-chat-root.target" ];
};
virtualisation.oci-containers.containers."mira-chat-zulip" = {
image = "zulip/docker-zulip:9.4-0";
@@ -262,12 +226,8 @@ in
'';
};
environmentFiles = [ (secrets_folder + "/zulip-secrets") ];
volumes = [
"mira-chat_zulip:/data:rw"
];
ports = [
"${toString port}:80/tcp"
];
volumes = [ "mira-chat_zulip:/data:rw" ];
ports = [ "${toString port}:80/tcp" ];
log-driver = "journald";
extraOptions = [
"--network-alias=zulip"
@@ -289,12 +249,8 @@ in
"docker-network-mira-chat_default.service"
"docker-volume-mira-chat_zulip.service"
];
partOf = [
"docker-compose-mira-chat-root.target"
];
wantedBy = [
"docker-compose-mira-chat-root.target"
];
partOf = [ "docker-compose-mira-chat-root.target" ];
wantedBy = [ "docker-compose-mira-chat-root.target" ];
};
# Networks

5
triple-dezert/proxied/services/mira/mira-git.nix
View File

@@ -1,7 +1,4 @@
{
config,
...
}:
{ config, ... }:
let
container = config.containers.mira-git;
domain = "git.for.miras.pet";

5
triple-dezert/proxied/services/mira/mira-link-auth-git.nix
View File

@@ -1,7 +1,4 @@
{
config,
...
}:
{ config, ... }:
let
oauth_name = "forgejo";
git_container = config.containers.mira-git;

9
triple-dezert/proxied/services/radicle.nix
View File

@@ -1,6 +1,4 @@
{
...
}:
{ ... }:
let
nodePort = 6794;
in
@@ -30,10 +28,7 @@ in
];
config =
{
lib,
...
}:
{ lib, ... }:
{
system.stateVersion = "24.11";

4
triple-dezert/proxied/services/static-stuff.nix
View File

@@ -1,6 +1,4 @@
{
...
}:
{ ... }:
let
proxiedCommon = {
fromContainer = "static-stuff";

4
triple-dezert/yt-archiver.nix
View File

@@ -40,9 +40,7 @@
networking.useHostResolvConf = lib.mkForce false;
services.resolved.enable = true;
environment.systemPackages = [
pkgs.yt-dlp
];
environment.systemPackages = [ pkgs.yt-dlp ];
};
};
}

35
wifi/add.py
View File

@@ -4,58 +4,65 @@ import json
import argparse
from pathlib import Path
DATA_PATH = Path('@dataFn@')
DATA_PATH = Path("@dataFn@")
DATA = json.loads(DATA_PATH.read_text())
SOPS_BIN = DATA["sopsBin"]
EMPTY_CONST = object()
class EnumAction(argparse._StoreConstAction):
def __init__(self,
def __init__(
self,
option_strings,
dest,
const=EMPTY_CONST,
default=False,
required=False,
help=None):
help=None,
):
if const is EMPTY_CONST:
#copying logic in _get_optional_kwargs
# copying logic in _get_optional_kwargs
long_option_strings = []
for option_string in option_strings:
# strings starting with two prefix characters are long options
if len(option_string) > 1 and option_string[1] in '-':
if len(option_string) > 1 and option_string[1] in "-":
long_option_strings.append(option_string)
if long_option_strings:
const_option_string = long_option_strings[0]
else:
const_option_string = option_strings[0]
const = const_option_string.lstrip('-')
const = const.replace('-', '_')
const = const_option_string.lstrip("-")
const = const.replace("-", "_")
super(EnumAction, self).__init__(
option_strings=option_strings,
dest=dest,
const=const,
required=required,
help=help,
default=default)
default=default,
)
parser = argparse.ArgumentParser(
prog='Shel Wifi Manager',
prog="Shel Wifi Manager",
)
parser.add_argument('--add', action=EnumAction, dest='action')
parser.add_argument('--edit', action=EnumAction, dest='action')
parser.add_argument('ssid')
parser.add_argument("--add", action=EnumAction, dest="action")
parser.add_argument("--edit", action=EnumAction, dest="action")
parser.add_argument("ssid")
args = parser.parse_args()
def die(msg:str):
def die(msg: str):
sys.stderr.write(msg + "\n")
sys.exit(1)
if args.action is None:
die("specify an action")
wifi_data =
wifi_data = "TODO"

6
wifi/common.nix
View File

@@ -1,8 +1,4 @@
{
lib,
pkgs,
...
}:
{ lib, pkgs, ... }:
let
sopsFile = ../secrets/misc/wifi.json;
in