From 5cbf9158084fe5f7d7e0fa3ee95c6dab66469231 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Tue, 12 Sep 2023 11:09:32 +0200
Subject: [PATCH] nixify some more bots

---
 flake.lock                                    | 63 ++++++++++++-------
 flake.nix                                     |  6 ++
 hosts/falkenstein-1/modules/mail/default.nix  | 59 +++++++++++++++++
 .../falkenstein-1/modules/pfersel/default.nix | 14 ++---
 secrets/falkenstein-1.yaml                    |  6 +-
 shared/zsh.nix                                |  4 +-
 users/rouven/modules/accounts/default.nix     |  7 +--
 7 files changed, 120 insertions(+), 39 deletions(-)

diff --git a/flake.lock b/flake.lock
index 1f79272..27db943 100644
--- a/flake.lock
+++ b/flake.lock
@@ -88,11 +88,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1686747123,
-        "narHash": "sha256-XUQK9kwHpTeilHoad7L4LjMCCyY13Oq383CoFADecRE=",
+        "lastModified": 1694158470,
+        "narHash": "sha256-yWx9eBDHt6WR3gr65+J85KreHdMypty/P6yM35tIYYM=",
         "owner": "serokell",
         "repo": "deploy-rs",
-        "rev": "724463b5a94daa810abfc64a4f87faef4e00f984",
+        "rev": "d0cfc042eba92eb206611c9e8784d41a2c053bab",
         "type": "github"
       },
       "original": {
@@ -236,11 +236,11 @@
         "rust-overlay": "rust-overlay"
       },
       "locked": {
-        "lastModified": 1693915360,
-        "narHash": "sha256-jYvS4GTZ2xLvC5VOWshjMHEaK17qZhlIpV+291GPjdM=",
+        "lastModified": 1694479651,
+        "narHash": "sha256-X8G8vOZXLnPZ6ktH+Q2CueS3IZS1twotcZy2A2h7fgs=",
         "owner": "helix-editor",
         "repo": "helix",
-        "rev": "65c3cca3cc0d0956f4ce8d40ce9e72ba5c9c8e87",
+        "rev": "ccabfee3811bdcc8372beaae777a98fd36e2657e",
         "type": "github"
       },
       "original": {
@@ -255,11 +255,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1693895999,
-        "narHash": "sha256-yN1XVFltQxiwle833KCqWkZNfBuRLWkXyEnOD+ljoYY=",
+        "lastModified": 1694469544,
+        "narHash": "sha256-eqZng5dZnAUyb7xXyFk5z871GY/++KVv3Gyld5mVh20=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "3c0e381fef63e4fbc6c3292c9e9cbcf479c01794",
+        "rev": "5171f5ef654425e09d9c2100f856d887da595437",
         "type": "github"
       },
       "original": {
@@ -356,11 +356,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1693711723,
-        "narHash": "sha256-5QmlVzskLciJ0QzYmZ6ULvKA7bP6pgV9wwrLBB0V3j0=",
+        "lastModified": 1694430658,
+        "narHash": "sha256-8+OZ98kD63e/GaOiJimXHR/VYiTYwr25jTYGEHHOfq4=",
         "owner": "Mic92",
         "repo": "nix-index-database",
-        "rev": "aca56a79afb82208af2b39d8459dd29c10989135",
+        "rev": "9a5c4996d0918a151269600dfdf6ad3b3748f6a4",
         "type": "github"
       },
       "original": {
@@ -371,11 +371,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1693718952,
-        "narHash": "sha256-+nGdJlgTk0MPN7NygopipmyylVuAVi7OItIwTlwtGnw=",
+        "lastModified": 1694432324,
+        "narHash": "sha256-bo3Gv6Cp40vAXDBPi2XiDejzp/kyz65wZg4AnEWxAcY=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "793de77d9f83418b428e8ba70d1e42c6507d0d35",
+        "rev": "ca41b8a227dd235b1b308217f116c7e6e84ad779",
         "type": "github"
       },
       "original": {
@@ -448,11 +448,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1693663421,
-        "narHash": "sha256-ImMIlWE/idjcZAfxKK8sQA7A1Gi/O58u5/CJA+mxvl8=",
+        "lastModified": 1694183432,
+        "narHash": "sha256-YyPGNapgZNNj51ylQMw9lAgvxtM2ai1HZVUu3GS8Fng=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "e56990880811a451abd32515698c712788be5720",
+        "rev": "db9208ab987cdeeedf78ad9b4cf3c55f5ebd269b",
         "type": "github"
       },
       "original": {
@@ -461,6 +461,26 @@
         "type": "indirect"
       }
     },
+    "pfersel": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1694162494,
+        "narHash": "sha256-VbgzfheTTfu7FiPfO7RhFkNmyivpsvQIzK+Rb4Y2DmM=",
+        "owner": "therealr5",
+        "repo": "pfersel",
+        "rev": "08726054ecda287311618178d0d98de097d4c4b8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "therealr5",
+        "repo": "pfersel",
+        "type": "github"
+      }
+    },
     "pre-commit-hooks-nix": {
       "inputs": {
         "flake-compat": [
@@ -523,6 +543,7 @@
         "nix-index-database": "nix-index-database",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs_2",
+        "pfersel": "pfersel",
         "purge": "purge",
         "sops-nix": "sops-nix",
         "trucksimulatorbot": "trucksimulatorbot"
@@ -586,11 +607,11 @@
         "nixpkgs-stable": "nixpkgs-stable_2"
       },
       "locked": {
-        "lastModified": 1693898833,
-        "narHash": "sha256-OIrMAGNYNeLs6IvBynxcXub7aSW3GEUvWNsb7zx6zuU=",
+        "lastModified": 1694495315,
+        "narHash": "sha256-sZEYXs9T1NVHZSSbMqBEtEm2PGa7dEDcx0ttQkArORc=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "faf21ac162173c2deb54e5fdeed002a9bd6e8623",
+        "rev": "ea208e55f8742fdcc0986b256bdfa8986f5e4415",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index ad5f9fd..859f3cb 100644
--- a/flake.nix
+++ b/flake.nix
@@ -37,6 +37,10 @@
       url = "github:therealr5/TruckSimulatorBot";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    pfersel = {
+      url = "github:therealr5/pfersel";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
 
     lanzaboote = {
       url = "github:nix-community/lanzaboote/v0.3.0";
@@ -58,6 +62,7 @@
     , lanzaboote
     , purge
     , trucksimulatorbot
+    , pfersel
     , helix
     , ...
     }@attrs: {
@@ -123,6 +128,7 @@
             sops-nix.nixosModules.sops
             purge.nixosModules.default
             trucksimulatorbot.nixosModules.default
+            pfersel.nixosModules.default
           ];
         };
         vm = nixpkgs.lib.nixosSystem {
diff --git a/hosts/falkenstein-1/modules/mail/default.nix b/hosts/falkenstein-1/modules/mail/default.nix
index 0c245bf..a84640b 100644
--- a/hosts/falkenstein-1/modules/mail/default.nix
+++ b/hosts/falkenstein-1/modules/mail/default.nix
@@ -212,6 +212,55 @@ in
       enable = true;
       postfix.enable = true;
       locals = {
+        "neural.conf".text = ''
+          servers = "127.0.0.1:6379";
+          enabled = true
+          
+          rules {
+            "LONG" {
+              train {
+                max_trains = 5000;
+                max_usages = 200;
+                max_iterations = 25;
+                learning_rate = 0.01,
+              }
+              symbol_spam = "NEURAL_SPAM_LONG";
+              symbol_ham = "NEURAL_HAM_LONG";
+              ann_expire = 100d;
+            }
+            "SHORT" {
+              train {
+                max_trains = 100;
+                max_usages = 2;
+                max_iterations = 25;
+                learning_rate = 0.01,
+              }
+              symbol_spam = "NEURAL_SPAM_SHORT";
+              symbol_ham = "NEURAL_HAM_SHORT";
+              ann_expire = 1d;
+            }
+          }
+        '';
+        "neural_group.conf".text = ''
+          symbols = {
+            "NEURAL_SPAM_LONG" {
+              weight = 1.0; # sample weight
+              description = "Neural network spam (long)";
+            }
+            "NEURAL_HAM_LONG" {
+              weight = -1.0; # sample weight
+              description = "Neural network ham (long)";
+            }
+            "NEURAL_SPAM_SHORT" {
+              weight = 1.0; # sample weight
+              description = "Neural network spam (short)";
+            }
+            "NEURAL_HAM_SHORT" {
+              weight = -0.5; # sample weight
+              description = "Neural network ham (short)";
+            }
+          }
+        '';
         "worker-controller.inc".text = ''
           password = "$2$g1jh7t5cxschj11set5wksd656ixd5ie$cgwrj53hfb87xndqbh5r3ow9qfi1ejii8dxok1ihbnhamccn1rxy";
         '';
@@ -219,6 +268,16 @@ in
           read_servers = "127.0.0.1";
           write_servers = "127.0.0.1";
         '';
+        "dmarc.conf".text = ''
+          reporting {
+            # Required attributes
+            enabled = true; # Enable reports in general
+            email = 'reports@rfive.de'; # Source of DMARC reports
+            domain = 'rfive.de'; # Domain to serve
+            org_name = 'rfive.de'; # Organisation
+            from_name = 'DMARC Aggregate Report';
+          }
+        '';
       };
     };
     redis = {
diff --git a/hosts/falkenstein-1/modules/pfersel/default.nix b/hosts/falkenstein-1/modules/pfersel/default.nix
index 04c1874..ed013c2 100644
--- a/hosts/falkenstein-1/modules/pfersel/default.nix
+++ b/hosts/falkenstein-1/modules/pfersel/default.nix
@@ -1,12 +1,10 @@
-{ ... }:
+{ config, ... }:
 {
-  # currently quite ugly and stateful. #todo nixify
-  systemd.services.pfersel = {
-    after = [ "network-online.target" ];
-    wantedBy = [ "multi-user.target" ];
-    serviceConfig = {
-      WorkingDirectory = "/root/Pfersel";
-      ExecStart = "/root/Pfersel/venv/bin/python3 bot.py";
+  sops.secrets."pfersel/token".owner = "pfersel";
+  services.pfersel = {
+    enable = true;
+    discord = {
+      tokenFile = config.sops.secrets."pfersel/token".path;
     };
   };
 }
diff --git a/secrets/falkenstein-1.yaml b/secrets/falkenstein-1.yaml
index de37d04..998c3c5 100644
--- a/secrets/falkenstein-1.yaml
+++ b/secrets/falkenstein-1.yaml
@@ -1,5 +1,7 @@
 purge:
     token: ENC[AES256_GCM,data:mCK0xAgF4Q8DOTPVRg/O5L8kpDItNj8U0ikoKOOZC3Dv50Yt/nqvq4j4fM0CQ836pxCutir6FkTKbS5xS5XqKoSzu8E/0Q==,iv:JDqyeG+g3RAHmMD4uxS6eyQYYI50X6Bwutp+/v2ngq8=,tag:JkqLWoSwwghNUCD2+I6Njg==,type:str]
+pfersel:
+    token: ENC[AES256_GCM,data:MFxzpT6sqzhDpZya4/eI77LbHXekzfTQWZrjd/aot2MzRXicaCUabEUqnR40QnW9HujOTW0+A+9Be5mDX6OqVDt2ioKVxg==,iv:UTTWL7uSVgpkLnXTkvojC/fotkDISdyBrGDiegXqMuQ=,tag:+8+Th/M9U9mJX6i2YCPBbg==,type:str]
 wireguard:
     dorm:
         private: ENC[AES256_GCM,data:3DMW+sZ1qEcfithXj8/7CUbKotJ2Ld23Fa6cf9ijLRvJPk5+VZOt8j5AIVY=,iv:pY/uAkkUOyFqEmWqoP8qC418VtbbX/Ws7BMuyGbvlXE=,tag:/u2akzXjchYlKR59Skk4aA==,type:str]
@@ -22,8 +24,8 @@ sops:
             NGlZbU8rcWJRbGE5OEFHdUNqZ2xUS2sK/r7qJHfTP0REcM2PYM95XT0onnCYXzam
             20BgfynX3PJE2QVcgl8rr7ssuKxESi+tY/1VB0l8Tryxe6hr/p5IVg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-07-30T17:37:40Z"
-    mac: ENC[AES256_GCM,data:ZoYr+oUDweb5o01qbYVT2b4DITDtfAtsiJBOP1XCU+YZeEOLzMQzCGdcI7X+ho1M6u2sWT5WX0e1SwWBkuxOqs7vF6SeyDKFSmZpSx6Cg6KJDqxFJf2Jy7Ll0X5DkE7m+r1tQjggsVTNKTLMEVXONsZVIzGa0If3kuFVAzSlv9Y=,iv:0XxrIIjL71tNy5PEoxQ62MPJ4QmryMljUX20/LYV7C4=,tag:pD109s/GgbxZmprBpIooNQ==,type:str]
+    lastmodified: "2023-09-08T08:32:30Z"
+    mac: ENC[AES256_GCM,data:TaU+dHkgaaI/YD15CL/n2drdYRxQ1OlfqwaZrNmCOHCiSgDoAxx90HuRBE2z1v6y0TlQQ/An6/ZwS7qpd99awlBlYEj1M63R20VGqRpsKBk+5W2ISjRWrwTZlFrHllR78PJf4cpxfDRl+RGeODTSHTmuA1D3p06EbdO+xABw0nk=,iv:O4syFBWTciV8YCFmaweihyvhwz7EKw58AyGtbsOJb0Y=,tag:eKbW8Ey3Ux6LHMMwhUk8VQ==,type:str]
     pgp:
         - created_at: "2023-04-12T15:47:07Z"
           enc: |-
diff --git a/shared/zsh.nix b/shared/zsh.nix
index cae42a7..42f9e12 100644
--- a/shared/zsh.nix
+++ b/shared/zsh.nix
@@ -4,7 +4,7 @@
   environment.systemPackages = with pkgs; [
     # fzf
     bat
-    exa
+    eza
     duf
     trash-cli
     nix-output-monitor
@@ -18,7 +18,7 @@
     enable = true;
     shellAliases = {
       rm = "trash";
-      ls = "exa --icons";
+      ls = "eza --icons";
       l = "ls -l";
       ll = "ls -la";
       la = "ls -a";
diff --git a/users/rouven/modules/accounts/default.nix b/users/rouven/modules/accounts/default.nix
index 39fd8a1..75ed75f 100644
--- a/users/rouven/modules/accounts/default.nix
+++ b/users/rouven/modules/accounts/default.nix
@@ -234,11 +234,6 @@ in
             farPattern = "Drafts";
             extraConfig.Create = "near";
           };
-          channels.spamtrain = {
-            nearPattern = "Spamtrain";
-            farPattern = "Spamtrain";
-            extraConfig.Create = "near";
-          };
         };
         extraConfig = {
           account = {
@@ -252,7 +247,7 @@ in
         {
           enable = true;
           mailboxName = "  iFSR";
-          extraMailboxes = lib.lists.forEach [ c.admin c.sent c.spamtrain c.trash c.junk c.drafts ] (x: x.nearPattern);
+          extraMailboxes = lib.lists.forEach [ c.admin c.sent c.trash c.junk c.drafts ] (x: x.nearPattern);
         };
     };
     "gmail" = rec {