chore: update secrets

feat: replace urlwatch by panoptikon
feat(i3): fix slock
2026-03-28 23:31:07 +01:00 · 2023-03-24 19:04:21 +01:00 · 2023-03-24 19:02:27 +01:00 · 2023-03-24 17:04:34 +01:00 · 2023-03-24 17:00:51 +01:00
9 changed files with 234 additions and 225 deletions
--- a/configs/i3.nix
+++ b/configs/i3.nix
@@ -99,14 +99,19 @@ in {
    '';
  };

-  home-manager.users.me.xsession.windowManager.i3 = {
+  home-manager.users.me.xsession.windowManager.i3 = let
+    modifier = "Mod4";
+  in {
    enable = true;
+    extraConfig = ''
+      bindsym --release ${modifier}+Shift+w exec /run/wrappers/bin/slock
+    '';
    config = rec {
      fonts = {
        names = ["Sans"];
        size = 10.0;
      };
-      modifier = "Mod4";
+      inherit modifier;
      window = {
        titlebar = false;
        border = 1;
@@ -216,9 +221,6 @@ in {
        "k" = "resize shrink height 10 px or 5 ppt";
        "l" = "resize grow width 10 px or 5 ppt";
      };
-      extraConfig = ''
-        bindsym --release ${modifier}+Shift+w exec /run/wrappers/bin/slock
-      '';
      keybindings = {
        "${modifier}+Shift+h" = "move left 25 px";
        "${modifier}+Shift+j" = "move down 25 px";
--- a/flake.nix
+++ b/flake.nix
@@ -41,8 +41,7 @@
    flake-utils,
    stockholm,
    ...
-  }: let
-  in
+  }:
    {
      apps = nixinate.nixinate.x86_64-linux self;

@@ -50,6 +49,7 @@
        moodle-dl = import modules/moodle-dl.nix;
        networkmanager-declarative = import modules/networkmanager-declarative.nix;
        passport = import modules/passport.nix;
+        panoptikon = import modules/panoptikon.nix;
        system-dependent = import modules/system-dependent.nix;
        telegram-bot = import modules/telegram-bot.nix;
        traadfri = import modules/traadfri.nix;
@@ -75,7 +75,9 @@
            systems/ful/configuration.nix
            agenix.nixosModules.default
            inputs.self.nixosModules.passport
+            inputs.self.nixosModules.panoptikon
            retiolum.nixosModules.retiolum
+            nur.nixosModules.nur
          ];
        };
        zaatar = nixpkgs.lib.nixosSystem rec {
--- a/modules/panoptikon.nix
+++ b/modules/panoptikon.nix
@@ -0,0 +1,102 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  options.services.panoptikon = {
+    enable = lib.mkEnableOption "Generic command output / website watcher";
+    watchers = lib.mkOption {
+      type = lib.types.attrsOf (lib.types.submodule (watcher: {
+        options = {
+          script = lib.mkOption {
+            type = lib.types.path;
+            description = ''
+              A script whose stdout is to be watched.
+            '';
+            example = ''
+              pkgs.writers.writeDash "github-meta" '''
+                ''${pkgs.curl}/bin/curl -sSL https://api.github.com/meta | ''${pkgs.jq}/bin/jq
+              '''
+            '';
+          };
+          frequency = lib.mkOption {
+            type = lib.types.str;
+            description = ''
+              How often to run the script. See systemd.time(7) for more information about the format.
+            '';
+            example = "*:0/3";
+            default = "daily";
+          };
+          reporters = lib.mkOption {
+            type = lib.types.listOf lib.types.path;
+            description = ''
+              A list of scripts that take the diff (if any) via stdin and report it (e.g. to IRC, Telegram or Prometheus). The name of the watcher will be in the $PANOPTIKON_WATCHER environment variable.
+            '';
+            example = ''
+              [
+                (pkgs.writers.writeDash "telegram-reporter" '''
+                  ''${pkgs.curl}/bin/curl -X POST https://api.telegram.org/bot''${TOKEN}/sendMessage \
+                    -d chat_id=123456 \
+                    -d text="$(cat)"
+                ''')
+                (pkgs.writers.writeDash "notify" '''
+                  ''${pkgs.libnotify}/bin/notify-send "$PANOPTIKON_WATCHER has changed."
+                ''')
+              ]
+            '';
+          };
+        };
+        config = {};
+      }));
+    };
+  };
+
+  config = let
+    cfg = config.services.panoptikon;
+  in
+    lib.mkIf cfg.enable {
+      users.extraUsers.panoptikon = {
+        isSystemUser = true;
+        createHome = true;
+        home = "/var/lib/panoptikon";
+        group = "panoptikon";
+      };
+
+      users.extraGroups.panoptikon = {};
+
+      systemd.services = lib.attrsets.mapAttrs' (watcherName: watcherOptions:
+        lib.nameValuePair "panoptikon-${watcherName}" {
+          enable = true;
+          startAt = watcherOptions.frequency;
+          serviceConfig = {
+            Type = "oneshot";
+            User = "panoptikon";
+            Group = "panoptikon";
+            WorkingDirectory = "/var/lib/panoptikon";
+          };
+          environment.PANOPTIKON_WATCHER = watcherName;
+          wants = ["network-online.target"];
+          script = ''
+            set -efux
+
+            ${pkgs.git}/bin/git init --quiet
+            ${pkgs.git}/bin/git config user.email "panoptikon@${config.networking.hostName}"
+            ${pkgs.git}/bin/git config user.name Panoptikon
+
+            ${watcherOptions.script} > ${watcherName}
+            ${pkgs.git}/bin/git add ${watcherName}
+            ${pkgs.git}/bin/git commit --message "$(${pkgs.coreutils}/bin/date -Is)" || :
+
+            if [ -n "$(${pkgs.git}/bin/git diff HEAD^ -- ${watcherName})" ]; then
+              ${lib.strings.concatMapStringsSep "\n" (reporter: ''
+                ${pkgs.git}/bin/git diff HEAD^ -- ${watcherName} | ${reporter}
+              '')
+              watcherOptions.reporters}
+              :
+            fi
+          '';
+        })
+      cfg.watchers;
+    };
+}
--- a/packages/urlwatch-insecure.patch
+++ b/packages/urlwatch-insecure.patch
@@ -1,12 +0,0 @@
-diff --git a/lib/urlwatch/storage.py b/lib/urlwatch/storage.py
-index 3f6160f..03979f0 100644
--- a/lib/urlwatch/storage.py
-+++ b/lib/urlwatch/storage.py
-@@ -292,7 +292,6 @@ class UrlsBaseFileStorage(BaseTextualFileStorage, metaclass=ABCMeta):
-         shelljob_errors = self.shelljob_security_checks()
-         if shelljob_errors and any(is_shell_job(job) for job in jobs):
-             print(('Removing shell jobs, because %s' % (' and '.join(shelljob_errors),)))
-            jobs = [job for job in jobs if not is_shell_job(job)]
- 
-         return jobs
- 
--- a/2
+++ b/2
--- a/systems/ful/configuration.nix
+++ b/systems/ful/configuration.nix
@@ -10,6 +10,7 @@ in {
    ./hardware-configuration.nix
    ./matomo.nix
    ./radio.nix
+    ./panoptikon.nix
    ../../configs/monitoring.nix
    ../../configs/tor.nix
    ../../configs/save-space.nix
--- a/systems/ful/panoptikon.nix
+++ b/systems/ful/panoptikon.nix
@@ -0,0 +1,119 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  kpaste = pkgs.writers.writeDash "kpaste" ''
+    ${pkgs.curl}/bin/curl -sS -sS http://p.r --data-binary @"''${1:--}" | ${pkgs.gnused}/bin/sed '$ {p;s|http://p.r|https://p.krebsco.de|}'
+  '';
+
+  url = address:
+    pkgs.writers.writeDash "watch-url" ''
+      ${pkgs.w3m}/bin/w3m -dump ${lib.escapeShellArg address}
+    '';
+
+  urlJSON = address:
+    pkgs.writers.writeDash "watch-url-json" ''
+      ${pkgs.curl}/bin/curl -sSL ${lib.escapeShellArg address} | ${pkgs.jq}/bin/jq
+    '';
+
+  urlSelector = selector: address:
+    pkgs.writers.writeDash "watch-url-selector" ''
+      ${pkgs.curl}/bin/curl -sSL ${lib.escapeShellArg address} \
+        | ${pkgs.htmlq}/bin/htmlq ${lib.escapeShellArg selector} \
+        | ${pkgs.python3Packages.html2text}/bin/html2text
+    '';
+
+  reporters.irc-xxx = pkgs.writers.writeDash "irc-xxx" ''
+    ${kpaste} \
+    | ${pkgs.gnused}/bin/sed -n '2s/^/change detected: /p' \
+    | ${config.nur.repos.mic92.ircsink}/bin/ircsink \
+      --nick "$PANOPTIKON_WATCHER"-watcher \
+      --server irc.r \
+      --target '#xxx'
+  '';
+
+  reporters.irc-kmein = pkgs.writers.writeDash "irc-xxx" ''
+    ${kpaste} \
+    | ${pkgs.gnused}/bin/sed -n "3s/^/$PANOPTIKON_WATCHER: /p" \
+    | ${config.nur.repos.mic92.ircsink}/bin/ircsink \
+      --nick panoptikon-kmein \
+      --server irc.r \
+      --target 'kmein'
+  '';
+in {
+  services.panoptikon = {
+    enable = true;
+    watchers = {
+      "github-meta" = {
+        script = urlJSON "https://api.github.com/meta";
+        reporters = [reporters.irc-xxx];
+      };
+      lammla = {
+        script = url "http://lammla.info/index.php?reihe=30";
+        reporters = [reporters.irc-kmein];
+      };
+      kratylos = {
+        script = url "https://kratylos.reichert-online.org/current_issue/KRATYLOS";
+        reporters = [reporters.irc-kmein];
+      };
+      zeno-free = {
+        script = urlSelector ".zenoCOMain" "http://www.zeno.org/Lesesaal/M/E-Books";
+        reporters = [reporters.irc-kmein];
+      };
+      carolinawelslau = {
+        script = urlSelector "#main" "https://carolinawelslau.de/";
+        reporters = [reporters.irc-kmein];
+      };
+      lisalittmann = {
+        script = urlSelector "#main" "https://lisalittmann.de/";
+        reporters = [reporters.irc-kmein];
+      };
+      lisalittmann-archive = {
+        script = urlSelector "#main" "https://lisalittmann.de/archive/";
+        reporters = [reporters.irc-kmein];
+      };
+      lisalittmann-projects = {
+        script = urlSelector "#main" "https://lisalittmann.de/projects/";
+        reporters = [reporters.irc-kmein];
+      };
+      tatort = {
+        script = urlSelector ".linklist" "https://www.daserste.de/unterhaltung/krimi/tatort/sendung/index.html";
+        reporters = [reporters.irc-kmein];
+      };
+      warpgrid-idiomarium = {
+        script = urlSelector "#site-content" "https://warpgrid.de/idiomarium/";
+        reporters = [reporters.irc-kmein];
+      };
+      warpgrid-futurism = {
+        script = urlSelector "#site-content" "https://warpgrid.de/futurism/";
+        reporters = [reporters.irc-kmein];
+      };
+      warpgrid-imagiary = {
+        script = urlSelector "#site-content" "https://warpgrid.de/imagiary/";
+        reporters = [reporters.irc-kmein];
+      };
+      warpgrid-alchemy = {
+        script = urlSelector "#site-content" "https://warpgrid.de/alchemy/";
+        reporters = [reporters.irc-kmein];
+      };
+      indogermanische-forschungen = {
+        script = urlSelector "#latestIssue" "https://www.degruyter.com/journal/key/INDO/html";
+        reporters = [reporters.irc-kmein];
+      };
+      ig-neuigkeiten = {
+        script = urlSelector "[itemprop=articleBody]" "https://www.indogermanistik.org/aktuelles/neuigkeiten.html";
+        reporters = [reporters.irc-kmein];
+      };
+      ig-tagungen = {
+        script = urlSelector "[itemprop=articleBody]" "https://www.indogermanistik.org/aktuelles/tagungen-der-ig.html";
+        reporters = [reporters.irc-kmein];
+      };
+      fxght-or-flxght = {
+        script = urlJSON "https://api.tellonym.me/profiles/name/fxght.or.flxght?limit=20";
+        reporters = [reporters.irc-kmein];
+      };
+    };
+  };
+}
--- a/systems/makanek/configuration.nix
+++ b/systems/makanek/configuration.nix
@@ -19,7 +19,6 @@ in {
    ./retiolum-map.nix
    ./tarot.nix
    ./tt-rss.nix
-    ./urlwatch.nix
    ./weechat.nix
    ../../configs/monitoring.nix
    ../../configs/nix.nix
--- a/systems/makanek/urlwatch.nix
+++ b/systems/makanek/urlwatch.nix
@@ -1,204 +0,0 @@
-{
-  pkgs,
-  config,
-  lib,
-  ...
-}: let
-  inherit (import ../../lib) kieran;
-
-  urlwatchDir = "/var/lib/urlwatch";
-
-  urlsFile = pkgs.writeText "urls" (builtins.concatStringsSep "\n---\n" (map builtins.toJSON urls));
-
-  tokensFile = config.age.secrets.urlwatch-tokens.path;
-
-  urls = [
-    {
-      name = "Corona-Verordnung";
-      url = "https://www.berlin.de/corona/massnahmen/verordnung/";
-      filter = [{css = "[role=main]";} "html2text" "strip"];
-    }
-    {
-      name = "HU Semester";
-      url = "https://agnes.hu-berlin.de/lupo/rds?state=change&type=6&moduleParameter=semesterSelect&nextdir=change&next=SearchSelect.vm&subdir=applications&targettype=7&targetstate=change&getglobal=semester";
-      filter = [{css = "fieldset";} "html2text" "strip"];
-    }
-    {
-      name = "Lammla 2021";
-      url = "http://lammla.info/index.php?reihe=30";
-      filter = ["html2text" "strip"];
-    }
-    {
-      name = "Kratylos";
-      url = "https://kratylos.reichert-online.org/current_issue/KRATYLOS";
-      filter = [{element-by-id = "content";} "html2text" "strip"];
-    }
-    {
-      name = "Zeno Free E-Books";
-      url = "http://www.zeno.org/Lesesaal/M/E-Books";
-      filter = [{element-by-class = "zenoCOMain";} "html2text" "strip"];
-    }
-    {
-      name = "Carolina Welslau";
-      url = "https://carolinawelslau.de/";
-      filter = [{element-by-id = "main";} "html2text" "strip"];
-    }
-    {
-      name = "Lisa Littmann";
-      url = "https://lisalittmann.de/";
-      filter = [{element-by-id = "main";} "html2text" "strip"];
-    }
-    {
-      name = "Tatort: Fälle";
-      url = "https://www.daserste.de/unterhaltung/krimi/tatort/sendung/index.html";
-      filter = [{element-by-class = "linklist";} "html2text" "strip"];
-    }
-    {
-      name = "Lisa Littmann: Projects";
-      url = "https://lisalittmann.de/projects/";
-      filter = [{element-by-id = "main";} "html2text" "strip"];
-    }
-    {
-      name = "Lisa Littmann: Archive";
-      url = "https://lisalittmann.de/archive/";
-      filter = [{element-by-id = "main";} "html2text" "strip"];
-    }
-    {
-      name = "WarpGrid: Idiomarium";
-      url = "https://warpgrid.de/idiomarium/";
-      filter = [{element-by-id = "site-content";} "html2text" "strip"];
-    }
-    {
-      name = "WarpGrid: Futurism";
-      url = "https://warpgrid.de/futurism/";
-      filter = [{element-by-id = "site-content";} "html2text" "strip"];
-    }
-    {
-      name = "WarpGrid: Imagiary";
-      url = "https://warpgrid.de/imagiary/";
-      filter = [{element-by-id = "site-content";} "html2text" "strip"];
-    }
-    {
-      name = "WarpGrid: Cook";
-      url = "https://warpgrid.de/alchemy/";
-      filter = [{element-by-id = "site-content";} "html2text" "strip"];
-    }
-    {
-      name = "Indogermanische Forschungen";
-      url = "https://www.degruyter.com/journal/key/INDO/html";
-      filter = [{element-by-id = "latestIssue";} "html2text" "strip"];
-    }
-    {
-      name = "IG Neuigkeiten";
-      url = "https://www.indogermanistik.org/aktuelles/neuigkeiten.html";
-      filter = [{css = "[itemprop=articleBody]";} "html2text" "strip"];
-    }
-    {
-      name = "IG Tagungen";
-      url = "https://www.indogermanistik.org/tagungen/tagungen-der-ig.html";
-      filter = [{css = "[itemprop=articleBody]";} "html2text" "strip"];
-    }
-    {
-      name = "Christian-Metz-Blamage";
-      url = "https://www.deutschlandfunk.de/meine-nacht-schlaeft-nicht-pflanze-mich-nicht-in-dein-herz.700.de.html?dram:article_id=486475";
-      filter = [{element-by-class = "dlf-articledetail";} "html2text" "strip"];
-    }
-    {
-      name = "Ist der Congress schon abgesagt?";
-      url = "https://ist-der-congress-schon-abgesagt.de/";
-    }
-    {
-      name = "fxght.or.flxght";
-      url = "https://api.tellonym.me/profiles/name/fxght.or.flxght?limit=20";
-      headers.tellonym-client = "web:0.52.0";
-      filter = [
-        {
-          shellpipe = ''
-            ${pkgs.jq}/bin/jq '.answers | map({
-              question: .tell,
-              answer: .answer,
-              date: .createdAt,
-              media: .media | map(.url)
-            })'
-          '';
-        }
-      ];
-    }
-  ];
-
-  configFile = (pkgs.formats.json {}).generate "urlwatch.json" {
-    display = {
-      error = true;
-      new = true;
-      unchanged = false;
-    };
-    report = {
-      email = {
-        enabled = true;
-        from = "2210@cock.li";
-        html = false;
-        method = "smtp";
-        smtp = {
-          host = "mail.cock.li";
-          port = 587;
-          starttls = true;
-          auth = true;
-        };
-        subject = "{count} changes: {jobs}";
-        to = kieran.email;
-      };
-      telegram = {
-        enabled = true;
-        chat_id = "-1001504043752";
-      };
-      html.diff = "unified";
-      stdout = {
-        color = true;
-        enabled = true;
-      };
-      text.footer = false;
-    };
-  };
-  urlwatch = pkgs.urlwatch.overrideAttrs (attrs: {
-    patches = [../../packages/urlwatch-insecure.patch];
-  });
-in {
-  users.extraUsers.urlwatch = {
-    home = urlwatchDir;
-    createHome = true;
-    isSystemUser = true;
-    group = "urlwatch";
-  };
-
-  age.secrets.urlwatch-tokens.file = ../../secrets/urlwatch-tokens.json.age;
-
-  users.groups.urlwatch = {};
-
-  systemd.services.urlwatch = {
-    enable = true;
-    startAt = "12:00";
-    script = ''
-      ${urlwatch}/bin/urlwatch \
-        --config=<(
-          ${pkgs.jq}/bin/jq -s '.[0] * .[1]' ${toString configFile} ${toString tokensFile}
-        ) \
-        --urls=${lib.escapeShellArg urlsFile}
-    '';
-    serviceConfig = {
-      User = config.users.extraUsers.urlwatch.name;
-      Group = config.users.groups.urlwatch.name;
-      WorkingDirectory = config.users.extraUsers.urlwatch.home;
-      PermissionsStartOnly = "true";
-      PrivateTmp = "true";
-      SyslogIdentifier = "urlwatch";
-      Type = "oneshot";
-    };
-  };
-
-  niveum.passport.services = [
-    {
-      description = "keeps me up-to-date on sites that have no RSS feed (shame be upon them!).";
-      title = "urlwatch";
-    }
-  ];
-}
Author	SHA1	Message	Date
Kierán Meinhardt	246b4e1cec	chore: update secrets	2023-03-24 19:04:21 +01:00
Kierán Meinhardt	29985fffc2	feat: replace urlwatch by panoptikon	2023-03-24 19:02:27 +01:00
Kierán Meinhardt	85036b55a5	feat(i3): fix slock	2023-03-24 17:04:34 +01:00
Kierán Meinhardt	15c7e5a35a	feat: panoptikon urlwatcher	2023-03-24 17:00:51 +01:00