summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2021-02-18 20:25:47 +0100
committertv <tv@krebsco.de>2021-02-18 20:25:47 +0100
commitf9bc618fada82326ed371b131eaed34d21626ae9 (patch)
treec48156ed3dc16594907c3744b14fcdafd2409206
parent9365aff352d99b7506bafbef6682de7bfb00df27 (diff)
parent8b7477926d0b7c1ac3d92d07e6934f9e593ea9ff (diff)
Merge remote-tracking branch 'prism/master'
Diffstat
-rw-r--r--krebs/2configs/ircd.nix18
-rw-r--r--krebs/2configs/news.nix18
-rw-r--r--krebs/2configs/shack/glados/default.nix9
-rw-r--r--krebs/3modules/brockman.nix1
-rw-r--r--krebs/3modules/external/mic92.nix66
-rw-r--r--krebs/3modules/lass/default.nix52
-rw-r--r--krebs/3modules/makefu/default.nix9
-rw-r--r--krebs/5pkgs/haskell/brockman.nix26
-rw-r--r--krebs/5pkgs/haskell/brockman/default.nix26
-rw-r--r--krebs/5pkgs/simple/rss-bridge/default.nix6
-rw-r--r--krebs/nixpkgs-unstable.json8
-rw-r--r--krebs/nixpkgs.json8
-rw-r--r--lass/1systems/coaxmetal/config.nix53
-rw-r--r--lass/1systems/coaxmetal/physical.nix52
-rw-r--r--lass/1systems/yellow/config.nix14
-rw-r--r--lass/2configs/hass/default.nix158
-rw-r--r--lass/5pkgs/custom/xmonad-lass/default.nix8
-rw-r--r--lass/5pkgs/tdlib-purple/default.nix4
-rw-r--r--makefu/1systems/gum/config.nix30
-rw-r--r--makefu/1systems/gum/hardware-config.nix2
-rw-r--r--makefu/1systems/x/config.nix92
-rw-r--r--makefu/1systems/x/x13/default.nix52
-rw-r--r--makefu/1systems/x/x13/input.nix13
-rw-r--r--makefu/1systems/x/x13/toggle_brightness8
-rw-r--r--makefu/1systems/x/x13/zfs.nix32
-rw-r--r--makefu/1systems/x/x230/default.nix19
-rw-r--r--makefu/2configs/bureautomation/office-radio/default.nix6
-rw-r--r--makefu/2configs/bureautomation/office-radio/mpd.nix58
-rw-r--r--makefu/2configs/bureautomation/office-radio/mpdconfig.nix6
-rw-r--r--makefu/2configs/bureautomation/office-radio/webserver.nix40
-rw-r--r--makefu/2configs/deployment/mycube.connector.one.nix9
-rw-r--r--makefu/2configs/deployment/newsbot.nix18
-rw-r--r--makefu/2configs/deployment/wiki-irc-bot/default.nix19
-rw-r--r--makefu/2configs/deployment/wiki-irc-bot/wiki-output.patch45
-rw-r--r--makefu/2configs/ham/automation/giesskanne.nix2
-rw-r--r--makefu/2configs/ham/automation/moodlight.nix41
-rw-r--r--makefu/2configs/ham/automation/wohnzimmer_rf_fernbedienung.nix82
-rw-r--r--makefu/2configs/home-manager/zsh.nix33
-rw-r--r--makefu/2configs/hw/droidcam.nix4
-rw-r--r--makefu/2configs/share/omo.nix6
-rw-r--r--makefu/2configs/tools/mobility.nix2
-rw-r--r--makefu/2configs/workadventure/default.nix6
-rw-r--r--makefu/2configs/workadventure/jitsi.nix59
-rw-r--r--makefu/2configs/workadventure/workadventure.nix161
-rw-r--r--makefu/5pkgs/kalauerbot/default.nix4
-rw-r--r--makefu/5pkgs/office-radio/default.nix23
46 files changed, 1132 insertions, 276 deletions
diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix
index 789fc2f2f..0de07a027 100644
--- a/krebs/2configs/ircd.nix
+++ b/krebs/2configs/ircd.nix
@@ -5,6 +5,8 @@
6667 6669
];
+ systemd.services.charybdis.serviceConfig.LimitNOFILE = 16384;
+
krebs.charybdis = {
enable = true;
motd = ''
@@ -15,7 +17,7 @@
serverinfo {
name = "${config.krebs.build.host.name}.irc.r";
sid = "1as";
- description = "miep!";
+ description = "irc!";
network_name = "irc.r";
vhost = "0.0.0.0";
@@ -26,7 +28,7 @@
#ssl_dh_params = "etc/dh.pem";
#ssld_count = 1;
- default_max_clients = 100000;
+ default_max_clients = 2048;
#nicklen = 30;
};
@@ -38,12 +40,12 @@
*/
host = "0.0.0.0";
port = 6667;
- sslport = 6697;
+ #sslport = 6697;
/* Listen on IPv6 (if you used host= above). */
host = "::";
port = 6667;
- sslport = 6697;
+ #sslport = 6697;
};
class "users" {
@@ -53,9 +55,9 @@
number_per_ip_global = 4096;
cidr_ipv4_bitlen = 24;
cidr_ipv6_bitlen = 64;
- number_per_cidr = 65536;
- max_number = 100000;
- sendq = 10 megabyte;
+ number_per_cidr = 65535;
+ max_number = 65535;
+ sendq = 1000 megabyte;
};
privset "op" {
@@ -91,7 +93,7 @@
use_knock = yes;
knock_delay = 5 minutes;
knock_delay_channel = 1 minute;
- max_chans_per_user = 15;
+ max_chans_per_user = 150;
max_bans = 100;
max_bans_large = 500;
default_split_user_count = 0;
diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
index 3bf991433..ce4e83408 100644
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@@ -39,10 +39,12 @@
};
};
- krebs.reaktor2.news = {
+ krebs.reaktor2.news = let
+ name = "candyman";
+ in {
hostname = "localhost";
port = "6667";
- nick = "brockman-helper";
+ nick = name;
plugins = [
{
plugin = "register";
@@ -60,23 +62,23 @@
hooks.PRIVMSG = [
{
activate = "match";
- pattern = "^brockman-helper:\\s*(\\S*)(?:\\s+(.*\\S))?\\s*$";
+ pattern = "^${name}:\\s*(\\S*)(?:\\s+(.*\\S))?\\s*$";
command = 1;
arguments = [2];
commands = {
add-reddit.filename = pkgs.writeDash "add-reddit" ''
set -euf
if [ "$#" -ne 1 ]; then
- echo 'usage: brockman-helper: add-reddit $reddit_channel'
+ echo 'usage: ${name}: add-reddit $reddit_channel'
exit 1
fi
reddit_channel=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]')
- echo "brockman: add r_$reddit_channel http://rss.r/?action=display&bridge=Telegram&username=$reddit_channel&format=Mrss"
+ echo "brockman: add r_$reddit_channel http://rss.r/?action=display&bridge=Reddit&context=single&r=$reddit_channel&format=Atom"
'';
add-telegram.filename = pkgs.writeDash "add-telegram" ''
set -euf
if [ "$#" -ne 1 ]; then
- echo 'usage: brockman-helper: add-telegram $telegram_user'
+ echo 'usage: ${name}: add-telegram $telegram_user'
exit 1
fi
telegram_user=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]')
@@ -85,7 +87,7 @@
add-youtube.filename = pkgs.writeDash "add-youtube" ''
set -euf
if [ "$#" -ne 1 ]; then
- echo 'usage: brockman-helper: add-youtube $nick $channelid'
+ echo 'usage: ${name}: add-youtube $nick $channelid'
exit 1
fi
youtube_nick=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]')
@@ -95,7 +97,7 @@
search.filename = pkgs.writeDash "search" ''
set -euf
if [ "$#" -ne 1 ]; then
- echo 'usage: brockman-helper: search $searchterm'
+ echo 'usage: ${name}: search $searchterm'
exit 1
fi
searchterm=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]')
diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix
index d546564c5..53d6e6f4a 100644
--- a/krebs/2configs/shack/glados/default.nix
+++ b/krebs/2configs/shack/glados/default.nix
@@ -1,5 +1,11 @@
{ config, pkgs, lib, ... }:
let
+ unstable = import (pkgs.fetchFromGitHub {
+ owner = "nixos";
+ repo = "nixpkgs";
+ rev = (lib.importJSON ../../../nixpkgs-unstable.json).rev;
+ sha256 = (lib.importJSON ../../../nixpkgs-unstable.json).sha256;
+ }) {};
in {
services.nginx.virtualHosts."hass.shack" = {
serverAliases = [ "glados.shack" ];
@@ -40,6 +46,9 @@ in {
{
enable = true;
autoExtraComponents = true;
+ package = unstable.home-assistant.overrideAttrs (old: {
+ doInstallCheck = false;
+ });
config = {
homeassistant = {
name = "Glados";
diff --git a/krebs/3modules/brockman.nix b/krebs/3modules/brockman.nix
index 32aa3489b..9b2ed4a71 100644
--- a/krebs/3modules/brockman.nix
+++ b/krebs/3modules/brockman.nix
@@ -29,6 +29,7 @@ in {
PrivateTmp = true;
RuntimeDirectory = "brockman";
WorkingDirectory = "%t/brockman";
+ RestartSec = 5;
};
};
};
diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix
index 29d0b27fa..306ab34eb 100644
--- a/krebs/3modules/external/mic92.nix
+++ b/krebs/3modules/external/mic92.nix
@@ -97,6 +97,27 @@ in {
};
};
};
+ dimitriosxps = {
+ owner = config.krebs.users.mic92;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.29.189";
+ aliases = [
+ "dimitriosxps.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAz9aKIhzk8+ZNBQmU054yc1yTdMyaw1aqWXYyQZoCmFaBIlMvF8I0
+ dd+56cGjK8O7KkEhheDL/ijj9cCcxbqHSTktXz47ScyTaN63h13+MBUIUzDwSO4E
+ 9fRUUn3lbZenhGoON7hlaHb/qAR0yLxip0Tw77bcq4hvKleD74NnAJILPoP1KRDY
+ O5vs8C8wpdJUtnlsfkAa058wDI+7GNPb0cs0/pBQVR2GUGb1xqVJ5obO/lFKOJ/e
+ DKemnlg736cEaIF6v9M+w4VmL8mNudDy6RxA6/xIErP5Ru2aK5lH5UBHVCwdLLCy
+ 8y3It9Tgji3G9nOFbhaeKDjeIAJ8sG+WjQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
donna = {
owner = config.krebs.users.mic92;
nets = rec {
@@ -453,6 +474,51 @@ in {
};
};
};
+
+ redha = {
+ owner = config.krebs.users.mic92;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.29.188";
+ aliases = [
+ "redha.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAx7STxTTPMxXugweHpUGOeLUrrTSCt7j5l+fjNtArIygOGKEiAC5O
+ s0G4WHK2IcrNnv7pxS09S5mnXywi51aAL+G2fKzcU3YgLFuoUN4Kk5LohMvBynEE
+ a3kZK2/D+LMeFfpK2RWBPjLnulN29ke11Iot42TC6+NIMWiZh/Y2T0mKirUJQGsH
+ RV3zRlR7YfIOdR1AZ5S+qrmPF8hLb7O08TTXrHo8NQk5NAVUS89OYcn1pc9hnf/e
+ FK5qRrQFMRFB8KGV+n3+cx3XCM2q0ZPTNf06N+Usx6vTKLASa/4GaTcbBx+9Dndm
+ mFVWq9JjLa8e65tojzj8PhmgxqaNCf8aKwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+
+ grandalf = {
+ owner = config.krebs.users.mic92;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.29.187";
+ aliases = [
+ "grandalf.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAn1wLOI8DluJAKvscyImoyG0gjxyVC1/Ky8A63YO7INy0SYBg3wU7
+ XPSbix5VJZdADQ382LWg31ORYjnDg40c49gCGLfR6+awgd+Rb0sb4eAz07XENXJC
+ qc70oQrrXLi8HIfeckCsJHe514LJOMA3pU+muaMShOiSygoTiTlEH6RRrkC8HROL
+ 2/V7Hm2Sg7YS+MY8bI/x61MIagfkQKH2eFyqGG54Y80bIhm5SohMkiANu78GdngI
+ jb+EGlT/vq3+oGNFJ7Shy/VsR5GLDoZ5KCsT45DM87lOjGB7m+bOdizZQtWmJtC/
+ /btEPWJPAD9lIY2iGtPrmeMWDNTW9c0iCwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+
eva = {
owner = config.krebs.users.mic92;
nets = rec {
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index c5cf5cb15..6978c0b4e 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -125,7 +125,6 @@ in {
ip6.addr = r6 "1e1";
aliases = [
"uriel.r"
- "cgit.uriel.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -151,7 +150,6 @@ in {
ip6.addr = r6 "dea7";
aliases = [
"mors.r"
- "cgit.mors.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -185,7 +183,6 @@ in {
ip6.addr = r6 "50da";
aliases = [
"shodan.r"
- "cgit.shodan.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -220,7 +217,6 @@ in {
ip6.addr = r6 "1205";
aliases = [
"icarus.r"
- "cgit.icarus.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -254,7 +250,6 @@ in {
ip6.addr = r6 "daed";
aliases = [
"daedalus.r"
- "cgit.daedalus.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -286,7 +281,6 @@ in {
ip6.addr = r6 "5ce7";
aliases = [
"skynet.r"
- "cgit.skynet.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -688,11 +682,53 @@ in {
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3OpzRB3382d7c2apdHC+U/R0ZlaWxXZa3GFAj54ZhU ";
syncthing.id = "JAVJ6ON-WLCWOA3-YB7EHPX-VGIN4XF-635NIVZ-WZ4HN4M-QRMLT4N-5PL5MQN";
};
+
+ coaxmetal = {
+ cores = 16;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.17";
+ ip6.addr = r6 "17";
+ aliases = [
+ "coaxmetal.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwcuMl/W6DZ7UMK4RHrxA
+ xCc8CkqpUTYldPdB9KJmcH6OpbQqCcPxGOvRe42NdOfCyy11WjAjUMRGnzMyi4MK
+ gMEjcrl5CnQd9nF9f8Mom8cuSOVm1j46qY7Trl/MsEKsKHiYAHtLFpHz2+UI+HBU
+ WbSeDLLA8g79SZq/pqWHfp3YKzqP4p+dmi8j+aOZJWkGu9l+Q40qQrTJQCxYgEek
+ ODeBFCY3DGfJRn79IFGuhF1/jGiAwF3/1j2Rxlesazl6/Lyvmtioplsqn8J94z32
+ G5wyGpqn/BcXkJTlWtwb3Rrg6OOALJAqy2H5EoIVT26gwmvkEStMtvgLfAeYjL8F
+ G2bAtaeQGzwQZNuVJAMI9Qtb+PHw322Wz+P8U669C/HCdGCumMf+M7UDHP79kXOO
+ IFs1NvkU3z/iO/5bj41v8u0W8+b9NWe++dI8N8q0hWLPgnz5PI998xW06Dul7pAX
+ K1OMIMfTTGgAZHAF1Kdn1BSXezgwkutwzy5h8XkYclyHB2nPXkXIYmahi1XgWeAE
+ 7B4NmefbS6H8dLOU7yMEWuxmYl41UOybtyrsp1za5wtERpQgzl6EWfIXISEdx1Ly
+ bmb3SGtB85RyqqCe2O9DzVZCw7mXgN69R5efyEuq3HIIN9udLNrybPNNyD/OlAqo
+ l/xwDxiSCEsO6yY5lGc0MCMCAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ wiregrill = {
+ ip6.addr = w6 "17";
+ aliases = [
+ "coaxmetal.w"
+ ];
+ wireguard.pubkey = ''
+ lkjR14oOVKl03/0sUzOmddf28ps+v5qRxrbRY03Pg38=
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO9vAYuTv07c9bOjDJId3ShXJ1qIEuyrjkVYkJn9yMET ";
+ syncthing.id = "W5BJ4TL-GAQ46WS-ZB72HFS-XOURLBA-RNBVMYC-POFH4UA-CBORQID-BMIHNQZ";
+ };
+
};
users = rec {
- lass = lass-blue;
+ lass = lass-yubikey;
lass-yubikey = {
- mail = lass.mail;
+ mail = "lass@lassul.us";
pubkey = builtins.readFile ./ssh/yubikey.rsa;
pgp.pubkeys.default = builtins.readFile ./pgp/yubikey.pgp;
};
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 2cb70eec4..c8e1e0386 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -197,6 +197,15 @@ in {
wg.euer IN A ${nets.internet.ip4.addr}
wiki.euer IN A ${nets.internet.ip4.addr}
wikisearch IN A ${nets.internet.ip4.addr}
+
+ meet.euer IN A ${nets.internet.ip4.addr}
+ work.euer IN A ${nets.internet.ip4.addr}
+ admin.work.euer IN A ${nets.internet.ip4.addr}
+ push.work.euer IN A ${nets.internet.ip4.addr}
+ api.work.euer IN A ${nets.internet.ip4.addr}
+ maps.work.euer IN A ${nets.internet.ip4.addr}
+ play.work.euer IN A ${nets.internet.ip4.addr}
+ ul.work.euer IN A ${nets.internet.ip4.addr}
'';
};
cores = 8;
diff --git a/krebs/5pkgs/haskell/brockman.nix b/krebs/5pkgs/haskell/brockman.nix
deleted file mode 100644
index 5f1166a25..000000000
--- a/krebs/5pkgs/haskell/brockman.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ mkDerivation, aeson, aeson-pretty, base, bloomfilter, bytestring
-, case-insensitive, conduit, containers, directory, feed, filepath
-, hslogger, html-entity, http-client, irc-conduit, lens, network
-, optparse-applicative, random, safe, stdenv, text, time, timerep
-, wreq
-, fetchFromGitHub
-}:
-mkDerivation rec {
- pname = "brockman";
- version = "3.2.3";
- src = fetchFromGitHub {
- owner = "kmein";
- repo = "brockman";
- rev = version;
- sha256 = "1qbjbf0l1ikfzmvky4cnvv7nlcwi2in4afliifh618j0a4f7j427";
- };
- isLibrary = false;
- isExecutable = true;
- executableHaskellDepends = [
- aeson aeson-pretty base bloomfilter bytestring case-insensitive
- conduit containers directory feed filepath hslogger html-entity
- http-client irc-conduit lens network optparse-applicative random
- safe text time timerep wreq
- ];
- license = stdenv.lib.licenses.mit;
-}
diff --git a/krebs/5pkgs/haskell/brockman/default.nix b/krebs/5pkgs/haskell/brockman/default.nix
new file mode 100644
index 000000000..92051a025
--- /dev/null
+++ b/krebs/5pkgs/haskell/brockman/default.nix
@@ -0,0 +1,26 @@
+{ mkDerivation, aeson, aeson-pretty, base, bytestring
+, case-insensitive, conduit, containers, directory, feed, filepath
+, hashable, hslogger, html-entity, http-client, irc-conduit, lens
+, lrucache, lrucaching, network, optparse-applicative, random, safe
+, stdenv, text, time, timerep, wreq
+, fetchFromGitHub
+}:
+mkDerivation rec {
+ pname = "brockman";
+ version = "3.4.0";
+ src = fetchFromGitHub {
+ owner = "kmein";
+ repo = "brockman";
+ rev = version;
+ sha256 = "02nval6a9xcddj6znzxvcb8g6klzjydj1lb4ych64i9mr4a8jvic";
+ };
+ isLibrary = false;
+ isExecutable = true;
+ executableHaskellDepends = [
+ aeson aeson-pretty base bytestring case-insensitive conduit
+ containers directory feed filepath hashable hslogger html-entity
+ http-client irc-conduit lens lrucache lrucaching network
+ optparse-applicative random safe text time timerep wreq
+ ];
+ license = stdenv.lib.licenses.mit;
+}
diff --git a/krebs/5pkgs/simple/rss-bridge/default.nix b/krebs/5pkgs/simple/rss-bridge/default.nix
index 13ad9d69a..bbe5c1bdb 100644
--- a/krebs/5pkgs/simple/rss-bridge/default.nix
+++ b/krebs/5pkgs/simple/rss-bridge/default.nix
@@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "rss-bridge";
- version = "2020-11-10";
+ version = "unstable-2021-01-10";
src = fetchFromGitHub {
owner = "RSS-Bridge";
repo = "rss-bridge";
- rev = version;
- sha256 = "00cp61lqvhi7b7j0rglsqg3l7cg8s9b8vq098bgvg5dygyi44hyv";
+ rev = "98352845a14b9f2eb8925ad7a04a5f6cc6a5af06";
+ sha256 = "1nv1f6f17cn057k9mydd3a0bmj2xa5k410fdq7nhw5b7msyxy2qv";
};
patchPhase = ''
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index 321fafac6..57d30799b 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "f217c0ea7c148ddc0103347051555c7c252dcafb",
- "date": "2021-01-21T09:50:34+01:00",
- "path": "/nix/store/8srlzkkvbvlg4g585g9iyzd3ryiilm8a-nixpkgs",
- "sha256": "0cyksxg2lnzxd0pss09rmmk2c2axz0lf9wvgvfng59nwf8dpq2kf",
+ "rev": "8c8731330b53ba0061686f36f10f101e662a4717",
+ "date": "2021-02-08T20:46:59+01:00",
+ "path": "/nix/store/agilvsqqdsqx36wf4zkq5gnhnab47qpd-nixpkgs",
+ "sha256": "0ak4d254myq6cl3d7jkq6n0apxabvwjz62zdw9habnrqg8asl8gk",
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 97afb10f8..8670999e0 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "a058d005b3cbb370bf171ebce01839dd6ff52222",
- "date": "2021-01-23T17:41:51-05:00",
- "path": "/nix/store/6ps307ghgrp10q3mwgw4lq143pmz0h25-nixpkgs",
- "sha256": "154mpqw0ya31hzgz9hggg1rb26yx8d00rsj9l90ndsdldrssgvbb",
+ "rev": "2394284537b89471c87065b040d3dedd8b5907fe",
+ "date": "2021-02-10T23:24:22+01:00",
+ "path": "/nix/store/rqgraycidchn5wc5mki5sqj8bl5cpx78-nixpkgs",
+ "sha256": "1j7vp735is5d32mbrgavpxi3fbnsm6d99a01ap8gn30n5ysd14sl",
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false
diff --git a/lass/1systems/coaxmetal/config.nix b/lass/1systems/coaxmetal/config.nix
new file mode 100644
index 000000000..3e0b1674a
--- /dev/null
+++ b/lass/1systems/coaxmetal/config.nix
@@ -0,0 +1,53 @@
+{ config, lib, pkgs, ... }:
+
+{
+ imports = [
+ <stockholm/lass>
+
+ <stockholm/lass/2configs/retiolum.nix>
+ <stockholm/lass/2configs/exim-retiolum.nix>
+ <stockholm/lass/2configs/baseX.nix>
+ <stockholm/lass/2configs/browsers.nix>
+ <stockholm/lass/2configs/programs.nix>
+ <stockholm/lass/2configs/network-manager.nix>
+ <stockholm/lass/2configs/syncthing.nix>
+ <stockholm/lass/2configs/sync/sync.nix>
+ <stockholm/lass/2configs/games.nix>
+ <stockholm/lass/2configs/steam.nix>
+ <stockholm/lass/2configs/wine.nix>
+ <stockholm/lass/2configs/fetchWallpaper.nix>
+ <stockholm/lass/2configs/nfs-dl.nix>
+ <stockholm/lass/2configs/pass.nix>
+ <stockholm/lass/2configs/mail.nix>
+ <stockholm/lass/2configs/bitcoin.nix>
+ ];
+
+ krebs.build.host = config.krebs.hosts.coaxmetal;
+
+ environment.shellAliases = {
+ deploy = pkgs.writeDash "deploy" ''
+ set -eu
+ export SYSTEM="$1"
+ $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
+ '';
+ usb-tether-on = pkgs.writeDash "usb-tether-on" ''
+ adb shell su -c service call connectivity 33 i32 1 s16 text
+ '';
+ usb-tether-off = pkgs.writeDash "usb-tether-off" ''
+ adb shell su -c service call connectivity 33 i32 0 s16 text
+ '';
+ };
+
+ programs.adb.enable = true;
+
+ hardware.bluetooth = {
+ enable = true;
+ powerOnBoot = true;
+ # config.General.Disable = "Headset";
+ extraConfig = ''
+ [General]
+ Disable = Headset
+ '';
+ };
+ hardware.pulseaudio.package = pkgs.pulseaudioFull;
+}
diff --git a/lass/1systems/coaxmetal/physical.nix b/lass/1systems/coaxmetal/physical.nix
new file mode 100644
index 000000000..c94740c54
--- /dev/null
+++ b/lass/1systems/coaxmetal/physical.nix
@@ -0,0 +1,52 @@
+{ config, lib, pkgs, modulesPath, ... }:
+{
+ imports = [
+ ./config.nix
+ (modulesPath + "/installer/scan/not-detected.nix")
+ ];
+
+ networking.hostId = "e0c335ea";
+ boot.zfs.requestEncryptionCredentials = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+ boot.loader.grub = {
+ enable = true;
+ # device = "/dev/disk/by-id/nvme-WDC_PC_SN730_SDBQNTY-1T00-1001_205349800040";
+ device = "nodev";
+ efiSupport = true;
+ # efiInstallAsRemovable = true;
+ };
+
+ services.xserver.videoDrivers = [
+ "amdgpu"
+ ];
+
+ hardware.opengl.extraPackages = [ pkgs.amdvlk ];
+ # is required for amd graphics support ( xorg wont boot otherwise )
+ boot.kernelPackages = pkgs.linuxPackages_latest;
+ environment.variables.VK_ICD_FILENAMES =
+ "/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json";
+
+ boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+ boot.kernelModules = [ "kvm-amd" ];
+
+ fileSystems."/" = {
+ device = "zpool/root/root";
+ fsType = "zfs";
+ };
+
+ fileSystems."/home" = {
+ device = "zpool/root/home";
+ fsType = "zfs";
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-uuid/50A7-1889";
+ fsType = "vfat";
+ };
+
+ services.logind.lidSwitch = "ignore";
+ services.logind.lidSwitchDocked = "ignore";
+ boot.extraModprobeConfig = ''
+ options psmouse proto=imps
+ '';
+}
diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
index 1afad003c..178a5adf1 100644
--- a/lass/1systems/yellow/config.nix
+++ b/lass/1systems/yellow/config.nix
@@ -152,10 +152,11 @@ with import <stockholm/lib>;
krebs.iptables = {
enable = true;
tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; }
- { predicate = "-p udp --dport 51413"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } # nginx web dir
+ { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } # transmission-web
+ { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } # transmission-traffic
+ { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } # transmission-traffic
+ { predicate = "-p tcp --dport 8096"; target = "ACCEPT"; } # jellyfin
];
};
@@ -265,4 +266,9 @@ with import <stockholm/lib>;
'';
};
};
+
+ services.jellyfin = {
+ enable = true;
+ group = "download";
+ };
}
diff --git a/lass/2configs/hass/default.nix b/lass/2configs/hass/default.nix
index 3cd6e0ebf..7765db84e 100644
--- a/lass/2configs/hass/default.nix
+++ b/lass/2configs/hass/default.nix
@@ -1,7 +1,29 @@
{ config, lib, pkgs, ... }:
with import ./lib.nix { inherit lib; };
+let
+ unstable = import (pkgs.fetchFromGitHub {
+ owner = "nixos";
+ repo = "nixpkgs";
+ rev = (lib.importJSON ../../../krebs/nixpkgs-unstable.json).rev;
+ sha256 = (lib.importJSON ../../../krebs/nixpkgs-unstable.json).sha256;
+ }) {};
+ dwdwfsapi = pkgs.python3Packages.buildPythonPackage rec {
+ pname = "dwdwfsapi";
+ version = "1.0.3";
-{
+ src = pkgs.python3Packages.fetchPypi {
+ inherit pname version;
+ sha256 = "0fcv79xiq0qr4kivhd68iqpgrsjc7djxqs2h543pyr0sdgb5nz9x";
+ };
+
+ buildInputs = with pkgs.python3Packages; [
+ requests ciso8601
+ ];
+
+ # LC_ALL = "en_US.UTF-8";
+ };
+
+in {
imports = [
./zigbee.nix
./rooms/bett.nix
@@ -21,78 +43,80 @@ with import ./lib.nix { inherit lib; };
services.home-assistant = {
enable = true;
- package = pkgs.home-assistant.override {
- # extraComponents = [ "hue" ];
+ package = (unstable.home-assistant.overrideAttrs (old: {
+ doInstallCheck = false;
+ })).override {
+ extraPackages = _: [ dwdwfsapi ];
};
configWritable = true;
lovelaceConfigWritable = true;
- };
-
- services.home-assistant.config = let
- tasmota_s20 = name: topic: {
- platform = "mqtt";
- inherit name;
- state_topic = "stat/${topic}/POWER";
- command_topic = "cmnd/${topic}/POWER";
- payload_on = "ON";
- payload_off = "OFF";
- };
- in {
- homeassistant = {
- name = "Home";
- time_zone = "Europe/Berlin";
- latitude = "52.46187";
- longitude = "13.41489";
- elevation = 90;
- unit_system = "metric";
- customize = friendly_names;
- };
- config = {};
- sun.elevation = 66;
- shopping_list = {};
- discovery = {};
- frontend = {};
- mqtt = {
- broker = "localhost";
- port = 1883;
- client_id = "home-assistant";
- username = "gg23";
- password = "gg23-mqtt";
- keepalive = 60;
- protocol = 3.1;
-
- discovery = true;
- birth_message = {
- topic = "/hass/status";
- payload = "online";
+ config = let
+ tasmota_s20 = name: topic: {
+ platform = "mqtt";
+ inherit name;
+ state_topic = "stat/${topic}/POWER";
+ command_topic = "cmnd/${topic}/POWER";
+ payload_on = "ON";
+ payload_off = "OFF";
+ };
+ in {
+ homeassistant = {
+ name = "Home";
+ time_zone = "Europe/Berlin";
+ latitude = "52.46187";
+ longitude = "13.41489";
+ elevation = 90;
+ unit_system = "metric";
+ customize = friendly_names;
};
- will_message = {
- topic = "/hass/status";
- payload = "offline";
+ config = {};
+ sun.elevation = 66;
+ shopping_list = {};
+ discovery = {};
+ frontend = {};
+ http = {};
+ mqtt = {
+ broker = "localhost";
+ port = 1883;
+ client_id = "home-assistant";
+ username = "gg23";
+ password = "gg23-mqtt";
+ keepalive = 60;
+ protocol = 3.1;
+
+ discovery = true;
+ birth_message = {
+ topic = "/hass/status";
+ payload = "online";
+ };
+ will_message = {
+ topic = "/hass/status";
+ payload = "offline";
+ };
};
+ sensor = [
+ {
+ platform = "dwd_weather_warnings";
+ region_name = "Berlin";
+ }
+ ];
+ switch = [
+ (tasmota_s20 "TV" "tv")
+ (tasmota_s20 "Drucker Strom" "drucker")
+ (tasmota_s20 "Waschmaschine" "wasch")
+ (tasmota_s20 "Stereo Anlage" "stereo")
+ ];
+ mobile_app = {};
+ weather = [
+ {
+ platform = "openweathermap";
+ api_key = "xxx"; # TODO put into secrets
+ }
+ ];
+ system_health = {};
+ history = {};
+ shopping_list = {};
};
- sensor = [
- {
- platform = "dwd_weather_warnings";
- region_name = "Berlin";
- }
- ];
- switch = [
- (tasmota_s20 "TV" "tv")
- (tasmota_s20 "Drucker Strom" "drucker")
- (tasmota_s20 "Waschmaschine" "wasch")
- (tasmota_s20 "Stereo Anlage" "stereo")
- ];
- mobile_app = {};
- weather = [
- {
- platform = "openweathermap";
- api_key = "xxx"; # TODO put into secrets
- }
- ];
- system_health = {};
- history = {};
- shopping_list = {};
};
services.mosquitto = {
diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix
index 5a741353d..3b45552b3 100644
--- a/lass/5pkgs/custom/xmonad-lass/default.nix
+++ b/lass/5pkgs/custom/xmonad-lass/default.nix
@@ -35,6 +35,7 @@ import XMonad.Hooks.ManageHelpers (doCenterFloat, doRectFloat, (-?>))
import XMonad.Hooks.Place (placeHook, smart)
import XMonad.Hooks.UrgencyHook (focusUrgent)
import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..))
+import XMonad.Layout.BoringWindows (boringWindows, focusDown, focusUp)
import XMonad.Layout.FixedColumn (FixedColumn(..))
import XMonad.Layout.Grid (Grid(..))
import XMonad.Layout.Minimize (minimize)
@@ -93,7 +94,7 @@ main' = do
myLayoutHook = defLayout
where
- defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile ||| Grid)
+ defLayout = minimize . boringWindows $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile ||| Grid)
floatHooks = composeAll
[ className =? "Pinentry" --> doCenterFloat
@@ -123,6 +124,11 @@ myKeyMap =
, ("<XF86Launch1>", gridselectWorkspace gridConfig W.view)
, ("M4-C-k", spawn "${pkgs.xorg.xkill}/bin/xkill")
+ , ("M4-<Tab>", focusDown)
+ , ("M4-S-<Tab>", focusUp)
+ , ("M4-j", focusDown)
+ , ("M4-k", focusUp)
+
, ("M4-a", focusUrgent)
, ("M4-S-r", renameWorkspace myXPConfig)
, ("M4-S-a", addWorkspacePrompt myXPConfig)
diff --git a/lass/5pkgs/tdlib-purple/default.nix b/lass/5pkgs/tdlib-purple/default.nix
index 445839a4b..54841588e 100644
--- a/lass/5pkgs/tdlib-purple/default.nix
+++ b/lass/5pkgs/tdlib-purple/default.nix
@@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "tdlib-purple";
- version = "0.7.6";
+ version = "0.7.8";
src = fetchFromGitHub {
owner = "ars3niy";
repo = pname;
rev = "v${version}";
- sha256 = "1inamfzbrz0sy4y431jgwjfg6lz14a7c71khrg02481raxchhzzf";
+ sha256 = "17g54mcxsidcx37l6m4p8i06ln1hvq3347dhdl9xkkn7pqpwvv1c";
};
cmakeFlags = [
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index f65c6672b..2fd99122a 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -65,7 +65,7 @@ in {
};
networking.firewall = {
allowedTCPPorts =
- [
+ [
53
655
21031
@@ -83,6 +83,9 @@ in {
# <stockholm/makefu/2configs/exim-retiolum.nix>
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
+ ### systemdUltras ###
+ <stockholm/makefu/2configs/systemdultras/ircbot.nix>
+
###### Shack #####
# <stockholm/makefu/2configs/shack/events-publisher>
# <stockholm/makefu/2configs/shack/gitlab-runner>
@@ -98,7 +101,7 @@ in {
{ krebs.exim.enable = mkDefault true; }
# sharing
- <stockholm/makefu/2configs/share/gum.nix>
+ <stockholm/makefu/2configs/share/gum.nix> # samba sahre
<stockholm/makefu/2configs/torrent.nix>
<stockholm/makefu/2configs/sickbeard>
@@ -145,7 +148,10 @@ in {
<stockholm/makefu/2configs/deployment/gecloudpad>
<stockholm/makefu/2configs/deployment/docker/archiveteam-warrior.nix>
<stockholm/makefu/2configs/deployment/docker/etherpad.euer.krebsco.de.nix>
+ # <stockholm/makefu/2configs/deployment/systemdultras-rss.nix>
+
<stockholm/makefu/2configs/shiori.nix>
+ <stockholm/makefu/2configs/workadventure>
<stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix>
<stockholm/makefu/2configs/bgt/hidden_service.nix>
@@ -177,12 +183,19 @@ in {
{ bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; }
{ path = (toString <secrets/ssh_host_ed25519_key>); type = "ed25519"; } ];
###### stable
-
- services.nginx.virtualHosts."cgit.euer.krebsco.de" = {
- forceSSL = true;
- enableACME = true;
- locations."/".proxyPass = "http://localhost/";
- locations."/".extraConfig = ''proxy_set_header Host cgit;'';
+ security.acme.certs."cgit.euer.krebsco.de" = {
+ email = "letsencrypt@syntax-fehler.de";
+ webroot = "/var/lib/acme/acme-challenge";
+ group = "nginx";
+ };
+ services.nginx.virtualHosts."cgit" = {
+ serverAliases = [ "cgit.euer.krebsco.de" ];
+ addSSL = true;
+ sslCertificate = "/var/lib/acme/cgit.euer.krebsco.de/fullchain.pem";
+ sslCertificateKey = "/var/lib/acme/cgit.euer.krebsco.de/key.pem";
+ locations."/.well-known/acme-challenge".extraConfig = ''
+ root /var/lib/acme/acme-challenge;
+ '';
};
krebs.build.host = config.krebs.hosts.gum;
@@ -190,6 +203,7 @@ in {
# Network
networking = {
firewall = {
+ allowedTCPPorts = [ 80 443 ];
allowPing = true;
logRefusedConnections = false;
};
diff --git a/makefu/1systems/gum/hardware-config.nix b/makefu/1systems/gum/hardware-config.nix
index 2d7efe9cf..1881329ce 100644
--- a/makefu/1systems/gum/hardware-config.nix
+++ b/makefu/1systems/gum/hardware-config.nix
@@ -69,7 +69,7 @@ in {
fsType = "ext4";
options = [ "nofail" ];
};
- fileSystems."/var/www/o.euer.krebsco.de" = {
+ fileSystems."/var/lib/nextcloud/data" = {
device = "/dev/nixos/nextcloud";
fsType = "ext4";
options = [ "nofail" ];
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index 4781af357..6c0388e59 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -4,7 +4,30 @@
{ config, pkgs, lib, ... }:
{
imports =
- [ # base
+ [
+ # hardware-dependent
+ # device
+
+
+ ./x13
+ # ./x230
+
+ # Common Hardware Components
+
+ # <stockholm/makefu/2configs/hw/mceusb.nix>
+ # <stockholm/makefu/2configs/hw/rtl8812au.nix>
+ <stockholm/makefu/2configs/hw/network-manager.nix>
+ # <stockholm/makefu/2configs/hw/stk1160.nix>
+ # <stockholm/makefu/2configs/hw/irtoy.nix>
+ # <stockholm/makefu/2configs/hw/malduino_elite.nix>
+ <stockholm/makefu/2configs/hw/switch.nix>
+ # <stockholm/makefu/2configs/hw/rad1o.nix>
+ <stockholm/makefu/2configs/hw/cc2531.nix>
+ <stockholm/makefu/2configs/hw/droidcam.nix>
+ <stockholm/makefu/2configs/hw/smartcard.nix>
+ <stockholm/makefu/2configs/hw/upower.nix>
+
+ # base
<stockholm/makefu>
<stockholm/makefu/2configs/nur.nix>
<stockholm/makefu/2configs/home-manager>
@@ -19,8 +42,37 @@
<stockholm/makefu/2configs/editor/neovim>
<stockholm/makefu/2configs/tools/all.nix>
{ programs.adb.enable = true; }
+ {
+ services.openssh.hostKeys = [
+ { bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa";}
+ ];
+ }
- { systemd.services.docker.wantedBy = lib.mkForce []; }
+ #{
+ # users.users.makefu.packages = with pkgs;[ mpc_cli ncmpcpp ];
+ # services.ympd.enable = true;
+ # services.mpd = {
+ # enable = true;
+ # extraConfig = ''
+ # log_level "default"
+ # auto_update "yes"
+
+ # audio_output {
+ # type "httpd"
+ # name "lassulus radio"
+ # encoder "vorbis" # optional
+ # port "8000"
+ # quality "5.0" # do not define if bitrate is defined
+ # # bitrate "128" # do not define if quality is defined
+ # format "44100:16:2"
+ # always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped.
+ # tags "yes" # httpd supports sending tags to listening streams.
+ # }
+ # '';
+ # };
+ #}
+
+ # { systemd.services.docker.wantedBy = lib.mkForce []; }
<stockholm/makefu/2configs/dict.nix>
# <stockholm/makefu/2configs/legacy_only.nix>
#<stockholm/makefu/3modules/netboot_server.nix>
@@ -59,10 +111,13 @@
# <stockholm/makefu/2configs/deployment/hound>
# <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
# <stockholm/makefu/2configs/deployment/bureautomation/hass.nix>
+ <stockholm/makefu/2configs/bureautomation/office-radio>
# Krebs
<stockholm/makefu/2configs/tinc/retiolum.nix>
- # <stockholm/makefu/2configs/share/gum-client.nix>
+ # <stockholm/makefu/2configs/share/anon-ftp.nix>
+ # <stockholm/makefu/2configs/share/anon-sftp.nix>
+ <stockholm/makefu/2configs/share/gum-client.nix>
# <stockholm/makefu/2configs/share/temp-share-samba.nix>
@@ -75,7 +130,7 @@
# Virtualization
# <stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
- <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
+ # <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
#{
# networking.firewall.allowedTCPPorts = [ 8080 ];
# networking.nat = {
@@ -96,26 +151,10 @@
<stockholm/makefu/2configs/binary-cache/gum.nix>
<stockholm/makefu/2configs/binary-cache/lass.nix>
- # Hardware
- <stockholm/makefu/2configs/hw/tp-x230.nix> # + bluetooth
- # <stockholm/makefu/2configs/hw/mceusb.nix>
- <stockholm/makefu/2configs/hw/tpm.nix>
- # <stockholm/makefu/2configs/hw/rtl8812au.nix>
- <stockholm/makefu/2configs/hw/network-manager.nix>
- # <stockholm/makefu/2configs/hw/stk1160.nix>
- # <stockholm/makefu/2configs/hw/irtoy.nix>
- # <stockholm/makefu/2configs/hw/malduino_elite.nix>
- <stockholm/makefu/2configs/hw/switch.nix>
- # <stockholm/makefu/2configs/hw/rad1o.nix>
- <stockholm/makefu/2configs/hw/cc2531.nix>
- <stockholm/makefu/2configs/hw/smartcard.nix>
- <stockholm/makefu/2configs/hw/upower.nix>
- # Filesystem
- <stockholm/makefu/2configs/fs/sda-crypto-root-home.nix>
# Security
- <stockholm/makefu/2configs/sshd-totp.nix>
+ # <stockholm/makefu/2configs/sshd-totp.nix>
# temporary
# { services.redis.enable = true; }
@@ -149,7 +188,6 @@
}
];
- makefu.server.primary-itf = "wlp3s0";
nixpkgs.config.allowUnfree = true;
nixpkgs.config.oraclejdk.accept_license = true;
@@ -158,19 +196,13 @@
# configure pulseAudio to provide a HDMI sink as well
networking.firewall.enable = true;
- networking.firewall.allowedUDPPorts = [ 665 26061 ];
- networking.firewall.trustedInterfaces = [ "vboxnet0" ];
+ networking.firewall.allowedUDPPorts = [ 665 26061 1514 ];
+ networking.firewall.trustedInterfaces = [ "vboxnet0" "enp0s25" ];
krebs.build.host = config.krebs.hosts.x;
krebs.tinc.retiolum.connectTo = [ "omo" "prism" "nextgum" "wbob" ];
- # hard dependency because otherwise the device will not be unlocked
- boot.initrd.luks.devices.luksroot =
- {
- device = "/dev/sda2";
- allowDiscards = true;
- };
environment.systemPackages = [ pkgs.passwdqc-utils ];
diff --git a/makefu/1systems/x/x13/default.nix b/makefu/1systems/x/x13/default.nix
new file mode 100644
index 000000000..b0400232e
--- /dev/null
+++ b/makefu/1systems/x/x13/default.nix
@@ -0,0 +1,52 @@
+{ pkgs, lib, ... }:
+# new zfs deployment
+{
+ imports = [
+ ./zfs.nix
+ ./input.nix
+ <stockholm/makefu/2configs/hw/bluetooth.nix>
+ <nixos-hardware/lenovo/thinkpad/l14/amd> # close enough
+ # <stockholm/makefu/2configs/hw/tpm.nix>
+ <stockholm/makefu/2configs/hw/ssd.nix>
+ ];
+ boot.zfs.requestEncryptionCredentials = true;
+ networking.hostId = "f8b8e0a2";
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ # services.xserver.enable = lib.mkForce false;
+
+ services.xserver.videoDrivers = [
+ "amdgpu"
+ ];
+ hardware.opengl.extraPackages = [ pkgs.amdvlk ];
+ # is required for amd graphics support ( xorg wont boot otherwise )
+ boot.kernelPackages = pkgs.linuxPackages_latest;
+ environment.variables.VK_ICD_FILENAMES =
+ "/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json";
+
+
+ programs.light.enable = true;
+ services.actkbd = {
+ enable = true;
+ bindings = [
+ { keys = [ 225 ]; events = [ "key" ]; command = "${pkgs.light}/bin/light -A 10"; }
+ { keys = [ 224 ]; events = [ "key" ]; command = "${pkgs.light}/bin/light -U 10"; }
+ { keys = [ 227 ]; events = [ "key" ]; command = builtins.toString (
+ pkgs.writers.writeDash "toggle_lcdshadow" ''
+ proc=/proc/acpi/ibm/lcdshadow
+ status=$(${pkgs.gawk}/bin/awk '/status:/{print $2}' "$proc")
+ if [ "$status" -eq 0 ];then
+ echo 1 > "$proc"
+ else
+ echo 0 > "$proc"
+ fi
+ '');
+ }
+ ];
+ };
+
+ users.groups.video = {};
+ users.users.makefu.extraGroups = [ "video" ];
+}
+
diff --git a/makefu/1systems/x/x13/input.nix b/makefu/1systems/x/x13/input.nix
new file mode 100644
index 000000000..68b855d8e
--- /dev/null
+++ b/makefu/1systems/x/x13/input.nix
@@ -0,0 +1,13 @@
+{
+ # current issues:
+ # 1. for pressing insert hold shift+fn+Fin
+
+ # scroll by holding middle mouse
+ services.xserver.displayManager.sessionCommands =''
+ xinput set-int-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation" 8 1
+ xinput set-int-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation Button" 8 2
+ xinput set-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation Axes" 6 7 4 5
+ # configure timeout of pressing and holding middle button
+ # xinput set-int-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation Timeout" 8 200
+ '';
+}
diff --git a/makefu/1systems/x/x13/toggle_brightness b/makefu/1systems/x/x13/toggle_brightness
new file mode 100644
index 000000000..dc1436cb6
--- /dev/null
+++ b/makefu/1systems/x/x13/toggle_brightness
@@ -0,0 +1,8 @@
+#!/bin/sh
+proc=/proc/acpi/ibm/lcdshadow
+status=$(awk '/status:/{print $2}' "$proc")
+if [ "$status" -eq 0 ];then
+ echo 1 > "$proc"
+else
+ echo 0 > "$proc"
+fi
diff --git a/makefu/1systems/x/x13/zfs.nix b/makefu/1systems/x/x13/zfs.nix
new file mode 100644
index 000000000..adfebbf96
--- /dev/null
+++ b/makefu/1systems/x/x13/zfs.nix
@@ -0,0 +1,32 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports =
+ [ (modulesPath + "/installer/scan/not-detected.nix")
+ ];
+
+ boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "rtsx_pci_sdmmc" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ "kvm-amd" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "zroot/root/nixos";
+ fsType = "zfs";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/20BF-2755";
+ fsType = "vfat";
+ };
+
+ fileSystems."/home" =
+ { device = "zroot/root/home";
+ fsType = "zfs";
+ };
+
+ swapDevices = [ ];
+}
diff --git a/makefu/1systems/x/x230/default.nix b/makefu/1systems/x/x230/default.nix
new file mode 100644
index 000000000..c2a635ca7
--- /dev/null
+++ b/makefu/1systems/x/x230/default.nix
@@ -0,0 +1,19 @@
+{
+ imports = [
+ <stockholm/makefu/2configs/hw/tp-x230.nix> # + bluetooth
+ <stockholm/makefu/2configs/fs/sda-crypto-root-home.nix>
+
+ <stockholm/makefu/2configs/hw/tpm.nix>
+ <stockholm/makefu/2configs/hw/ssd.nix>
+
+ # hard dependency because otherwise the device will not be unlocked
+ {
+ boot.initrd.luks.devices.luksroot =
+ {
+ device = "/dev/sda2";
+ allowDiscards = true;
+ };
+ }
+ { makefu.server.primary-itf = "wlp3s0"; }
+ ];
+}
diff --git a/makefu/2configs/bureautomation/office-radio/default.nix b/makefu/2configs/bureautomation/office-radio/default.nix
new file mode 100644
index 000000000..d1c0f4730
--- /dev/null
+++ b/makefu/2configs/bureautomation/office-radio/default.nix
@@ -0,0 +1,6 @@
+{
+ imports = [
+ ./mpd.nix
+ ./webserver.nix
+ ];
+}
diff --git a/makefu/2configs/bureautomation/office-radio/mpd.nix b/makefu/2configs/bureautomation/office-radio/mpd.nix
new file mode 100644
index 000000000..4fc31fff9
--- /dev/null
+++ b/makefu/2configs/bureautomation/office-radio/mpd.nix
@@ -0,0 +1,58 @@
+{ config, lib, pkgs, ... }:
+
+let
+ mpds = import ./mpdconfig.nix;
+ systemd_mpd = name: value: let
+ path = "/var/lib/mpd-${name}";
+ num = lib.strings.fixedWidthNumber 2 value;
+ mpdconf = pkgs.writeText "mpd-config-${name}" ''
+ music_directory "${path}/music"
+ playlist_directory "${path}/playlists"
+ db_file "${path}/tag_cache"
+ state_file "${path}/state"
+ sticker_file "${path}/sticker.sql"
+
+ bind_to_address "127.0.0.1"
+ port "66${num}"
+ log_level "default"
+ auto_update "yes"
+ audio_output {
+ type "httpd"
+ name "Office Radio ${num} - ${name}"
+ encoder "vorbis" # optional
+ port "280${num}"
+ quality "5.0" # do not define if bitrate is defined
+ # bitrate "128" # do not define if quality is defined
+ format "44100:16:2"
+ always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped.
+ tags "yes" # httpd supports sending tags to listening streams.
+ }
+ '';
+in {
+ after = [ "network.target" ];
+ description = "Office Radio MPD ${toString value} - ${name}";
+ wantedBy = ["multi-user.target"];
+ serviceConfig = {
+ #User = "mpd";
+ DynamicUser = true;
+ ExecStart = "${pkgs.mpd}/bin/mpd --no-daemon ${mpdconf}";
+ LimitRTPRIO = 50;
+ LimitRTTIME = "infinity";
+ ProtectSystem = true;
+ NoNewPrivileges = true;
+ ProtectKernelTunables = true;
+ ProtectControlGroups = true;
+ ProtectKernelModules = true;
+ RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK";
+ RestrictNamespaces = true;
+ Restart = "always";
+ StateDirectory = [ "mpd-${name}" ];
+ };
+ };
+in
+ {
+ systemd.services = lib.attrsets.mapAttrs' (name: value:
+ lib.attrsets.nameValuePair
+ ("office-radio-" +name) (systemd_mpd name value))
+ mpds;
+ }
diff --git a/makefu/2configs/bureautomation/office-radio/mpdconfig.nix b/makefu/2configs/bureautomation/office-radio/mpdconfig.nix
new file mode 100644
index 000000000..b48ceb629
--- /dev/null
+++ b/makefu/2configs/bureautomation/office-radio/mpdconfig.nix
@@ -0,0 +1,6 @@
+{
+ "cybertisch1" = 0;
+ "cybertisch2" = 1;
+ "cyberklo" = 2;
+ "baellebad" = 3;
+}
diff --git a/makefu/2configs/bureautomation/office-radio/webserver.nix b/makefu/2configs/bureautomation/office-radio/webserver.nix
new file mode 100644
index 000000000..e2fc6d9e8
--- /dev/null
+++ b/makefu/2configs/bureautomation/office-radio/webserver.nix
@@ -0,0 +1,40 @@
+{ pkgs, ... }:
+let
+ mpds = import ./mpdconfig.nix;
+ pkg = pkgs.office-radio;
+in {
+ systemd.services.office-radio-appsrv = {
+ after = [ "network.target" ];
+ description = "Office Radio Appserver";
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ ExecStart = "${pkg}/bin/office-radio";
+ DynamicUser = true;
+ ProtectSystem = true;
+ NoNewPrivileges = true;
+ ProtectKernelTunables = true;
+ ProtectControlGroups = true;
+ ProtectKernelModules = true;
+ RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK";
+ RestrictNamespaces = true;
+ Restart = "always";
+ };
+ };
+ systemd.services.office-radio-stopper = {
+ after = [ "network.target" ];
+ description = "Office Radio Script to stop idle streams";
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ ExecStart = "${pkg}/bin/stop-idle-streams";
+ DynamicUser = true;
+ ProtectSystem = true;
+ NoNewPrivileges = true;
+ ProtectKernelTunables = true;
+ ProtectControlGroups = true;
+ ProtectKernelModules = true;
+ RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK";
+ RestrictNamespaces = true;
+ Restart = "always";
+ };
+ };
+}
diff --git a/makefu/2configs/deployment/mycube.connector.one.nix b/makefu/2configs/deployment/mycube.connector.one.nix
index 379176f78..aa9ff514c 100644
--- a/makefu/2configs/deployment/mycube.connector.one.nix
+++ b/makefu/2configs/deployment/mycube.connector.one.nix
@@ -1,15 +1,12 @@
{ config, lib, pkgs, ... }:
# more than just nginx config but not enough to become a module
-with import <stockholm/lib>;
let
hostname = config.krebs.build.host.name;
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
wsgi-sock = "${config.services.uwsgi.runDir}/uwsgi.sock";
in {
- services.redis = {
- enable = true;
- };
- systemd.services.redis.serviceConfig.LimitNOFILE=10032;
+ services.redis = { enable = true; };
+ systemd.services.redis.serviceConfig.LimitNOFILE=65536;
services.uwsgi = {
enable = true;
@@ -28,7 +25,7 @@ in {
};
services.nginx = {
- enable = mkDefault true;
+ enable = lib.mkDefault true;
virtualHosts."mybox.connector.one" = {
locations = {
"/".extraConfig = ''
diff --git a/makefu/2configs/deployment/newsbot.nix b/makefu/2configs/deployment/newsbot.nix
deleted file mode 100644
index 748803447..000000000
--- a/makefu/2configs/deployment/newsbot.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{ config, pkgs, ... }:
-
-let
- newsfile = pkgs.writeText "feeds" ''
- nixoswiki-bot|https://github.com/Mic92/nixos-wiki/wiki.atom|#krebs
- '';
-in {
- environment.systemPackages = [
- pkgs.newsbot-js
- ];
- krebs.newsbot-js = {
- enable = true;
- ircServer = "chat.freenode.net";
- feeds = newsfile;
- urlShortenerHost = "go";
- urlShortenerPort = "80";
- };
-}
diff --git a/makefu/2configs/deployment/wiki-irc-bot/default.nix b/makefu/2configs/deployment/wiki-irc-bot/default.nix
deleted file mode 100644
index 12686efba..000000000
--- a/makefu/2configs/deployment/wiki-irc-bot/default.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ config, pkgs, ... }:
-
-let
- pkg = pkgs.lib.overrideDerivation pkgs.newsbot-js (original: {
- patches = [ ./wiki-output.patch ];
- });
- newsfile = pkgs.writeText "feeds" ''
- nixoswiki-bot|https://nixos.wiki/api.php?days=7&limit=50&hidecategorization=1&action=feedrecentchanges&feedformat=rss|#krebs
- '';
-in {
- krebs.newsbot-js = {
- enable = true;
- package = pkg;
- ircServer = "chat.freenode.net";
- feeds = newsfile;
- urlShortenerHost = "go";
- urlShortenerPort = "80";
- };
-}
diff --git a/makefu/2configs/deployment/wiki-irc-bot/wiki-output.patch b/makefu/2configs/deployment/wiki-irc-bot/wiki-output.patch
deleted file mode 100644
index 6e1e27853..000000000
--- a/makefu/2configs/deployment/wiki-irc-bot/wiki-output.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-diff --git a/newsbot.js b/newsbot.js
-index 42d0666..a284011 100644
---- a/newsbot.js
-+++ b/newsbot.js
-@@ -92,8 +92,9 @@ function create_feedbot (nick, uri, channels) {
- }
-
- function broadcast_new_item (item) {
-+ console.log('Broadcasting item ',item.link)
- return getShortLink(item.link, function (error, shortlink) {
-- return broadcast(item.title + ' ' + shortlink)
-+ return broadcast('"'+ item.title + '" edited by ' + item.author + ' ' + shortlink)
- })
- }
-
-@@ -152,15 +153,18 @@ function create_feedbot (nick, uri, channels) {
-
- if (client.lastItems) {
- items.forEach(function (item) {
-- if (!client.lastItems.hasOwnProperty(item.title)) {
-+
-+ if (!client.lastItems.hasOwnProperty(item.guid)) {
- broadcast_new_item(item)
-+ }else {
-+ console.log("Item already seen:",item.guid)
- }
- })
- }
-
- client.lastItems = {}
- items.forEach(function (item) {
-- client.lastItems[item.title] = true
-+ client.lastItems[item.guid] = true
- })
-
- return continue_loop()
-@@ -199,6 +203,8 @@ function run_command (methodname, params, callback) {
- }
-
- function getShortLink (link, callback) {
-+ callback(null,link)
-+ return
- var form = new FormData()
- try {
- form.append('uri', link)
diff --git a/makefu/2configs/ham/automation/giesskanne.nix b/makefu/2configs/ham/automation/giesskanne.nix
index d89ea595b..4b0fb61dd 100644
--- a/makefu/2configs/ham/automation/giesskanne.nix
+++ b/makefu/2configs/ham/automation/giesskanne.nix
@@ -7,7 +7,7 @@ let
light = "light.espcam_02_light";
seconds = 60; # default shutoff to protect the LED from burning out
};
- seconds = 6;
+ seconds = 60;
pump = "switch.arbeitszimmer_giesskanne_relay";
# sensor = "sensor.statistics_for_sensor_crafting_brotbox_soil_moisture";
in
diff --git a/makefu/2configs/ham/automation/moodlight.nix b/makefu/2configs/ham/automation/moodlight.nix
new file mode 100644
index 000000000..df229f16b
--- /dev/null
+++ b/makefu/2configs/ham/automation/moodlight.nix
@@ -0,0 +1,41 @@
+# uses:
+
+let
+ wohnzimmer = "light.wohnzimmer_fenster_lichterkette_licht";
+ arbeitszimmer = "light.box_led_status";
+ final_off = "01:00";
+
+ turn_on = entity_id: at:
+ { alias = "Turn on ${entity_id} at ${at}";
+ trigger = [
+ { platform = "time"; inherit at; }
+ ];
+ action =
+ [
+ { service = "light.turn_on"; inherit entity_id; }
+ ];
+ };
+in
+{
+ services.home-assistant.config =
+ {
+ automation =
+ [
+ (turn_on wohnzimmer "17:30")
+ (turn_on arbeitszimmer "9:00")
+
+ { alias = "Always turn off the lights at ${final_off}";
+ trigger = [
+ { platform = "time"; at = final_off; }
+ ];
+ action =
+ [
+ {
+ service = "light.turn_off";
+ entity_id = [ wohnzimmer arbeitszimmer];
+ }
+ ];
+ }
+ ];
+ };
+}
diff --git a/makefu/2configs/ham/automation/wohnzimmer_rf_fernbedienung.nix b/makefu/2configs/ham/automation/wohnzimmer_rf_fernbedienung.nix
index f06094662..4303cdfa5 100644
--- a/makefu/2configs/ham/automation/wohnzimmer_rf_fernbedienung.nix
+++ b/makefu/2configs/ham/automation/wohnzimmer_rf_fernbedienung.nix
@@ -26,6 +26,81 @@ let
data.entity_id = light;
};
};
+ rf_state = code: light: halfbright:
+ let
+ maxbright = 255;
+ transition = 0.2; # seconds
+ in
+ # this function implements a simple state machine based on the state and brightness of the light (light must support brightness
+ {
+ alias = "Cycle through states of ${light} via rf code ${code}";
+ trigger = {
+ platform = "event";
+ event_type = "esphome.rf_code_received";
+ event_data.code = code;
+ };
+ action = {
+ choose = [
+ {
+ # state 0: off to half
+ conditions = {
+ condition = "template";
+ value_template = ''{{ states("${light}") == "off" }}'';
+ };
+ sequence = [
+ {
+ service = "light.turn_on";
+ data = {
+ entity_id = light;
+ brightness = halfbright;
+ };
+ }
+ ];
+ }
+ {
+ # state 1: half to full
+ conditions = {
+ condition = "template";
+ value_template = ''{{ states('${light}') == 'on' and ( ${toString (halfbright - 1)} <= state_attr("${light}","brightness") <= ${toString (halfbright + 1)})}}'';
+ };
+ sequence = [
+ {
+ service = "light.turn_on";
+ data = {
+ entity_id = light;
+ brightness = maxbright;
+ };
+ }
+ ];
+ }
+ {
+ # state 2: full to off
+ conditions = {
+ condition = "template";
+ # TODO: it seems like the devices respond with brightness-1 , maybe off-by-one somewhere?
+ value_template = ''{{ states("${light}") == "on" and state_attr("${light}","brightness") >= ${toString (maxbright - 1)}}}'';
+ };
+ sequence = [
+ {
+ service = "light.turn_off";
+ data = {
+ entity_id = light;
+ };
+ }
+ ];
+ }
+ ];
+ # default: on to off
+ # this works because state 0 checks for "state == off"
+ default = [{
+ service = "light.turn_off";
+ data = {
+ entity_id = light;
+ };
+ }];
+ };
+ }
+;
rf_toggle = code: light:
{
alias = "Toggle ${light} via rf code ${code}";
@@ -39,14 +114,13 @@ let
data.entity_id = light;
};
};
-
in
{
services.home-assistant.config.automation = [
(rf_toggle "400551" "light.wohnzimmer_fernseher_led_strip") # A
- (rf_toggle "401151" "light.wohnzimmer_stehlampe_osram") # B
- (rf_toggle "401451" "light.wohnzimmer_komode_osram") # C
- (rf_toggle "401511" "light.wohnzimmer_schrank_osram") # D
+ (rf_state "401151" "light.wohnzimmer_stehlampe_osram" 128) # B
+ (rf_state "401451" "light.wohnzimmer_komode_osram" 128) # C
+ (rf_state "401511" "light.wohnzimmer_schrank_osram" 128) # D
# OFF Lane
(rf_turn_off "400554" "all") # A
diff --git a/makefu/2configs/home-manager/zsh.nix b/makefu/2configs/home-manager/zsh.nix
index 8d6c1f2f0..cf6f1d334 100644
--- a/makefu/2configs/home-manager/zsh.nix
+++ b/makefu/2configs/home-manager/zsh.nix
@@ -8,11 +8,10 @@
};
};
imports = [
- { #direnv
+ {
home-manager.users.makefu.home.packages = [
(pkgs.writers.writeDashBin "privatefox" "exec firefox -P Privatefox")
- pkgs.direnv pkgs.nur.repos.kalbasit.nixify ];
- # home-manager.users.makefu.home.file.".direnvrc".text = '''';
+ ];
}
{ # bat
home-manager.users.makefu.home.packages = [ pkgs.bat ];
@@ -24,8 +23,34 @@
};
}
];
- environment.pathsToLink = [ "/share/zsh" ];
+ environment.pathsToLink = [
+ "/share/zsh"
+ ];
+
+ nix.extraOptions = ''
+ keep-outputs = true
+ keep-derivations = true
+ '';
+
home-manager.users.makefu = {
+
+ programs.direnv.enable = true;
+ programs.direnv.enableNixDirenvIntegration = true;
+ programs.direnv.enableZshIntegration = true;
+ home.packages = [ (pkgs.writeDashBin "nixify" ''
+test ! -e shell.nix && cat > shell.nix <<EOF
+{ pkgs ? import <nixpkgs> {}}:
+
+pkgs.mkShell {
+ nativeBuildInputs = [ pkgs.hello ];
+}
+EOF
+echo "use nix" >> .envrc
+direnv allow
+'')
+ ];
+ #home.packages = [ pkgs.direnv pkgs.nix-direnv ];
+
programs.fzf.enable = false; # alt-c
programs.zsh = {
enable = true;
diff --git a/makefu/2configs/hw/droidcam.nix b/makefu/2configs/hw/droidcam.nix
index c638123bb..adc0aa379 100644
--- a/makefu/2configs/hw/droidcam.nix
+++ b/makefu/2configs/hw/droidcam.nix
@@ -1,7 +1,9 @@
-{ pkgs, config, ... }:
+{ pkgs, config, ... }:
{
boot.extraModprobeConfig = "options v4l2loopback_dc width=640 height=480";
boot.extraModulePackages = [
(pkgs.callPackage ../../5pkgs/v4l2loopback-dc { kernel = config.boot.kernelPackages.kernel; })
];
+ boot.initrd.availableKernelModules = [ "v4l2loopback-dc" ];
+ users.users.makefu.packages = [ pkgs.droidcam ];
}
diff --git a/makefu/2configs/share/omo.nix b/makefu/2configs/share/omo.nix
index 1a488e69c..d9e22ad71 100644
--- a/makefu/2configs/share/omo.nix
+++ b/makefu/2configs/share/omo.nix
@@ -60,6 +60,12 @@ in {
browseable = "yes";
"guest ok" = "yes";
};
+ photos = {
+ path = "/media/cryptX/photos";
+ "read only" = "yes";
+ browseable = "yes";
+ "guest ok" = "yes";
+ };
crypX-games = {
path = "/media/cryptX/games";
"read only" = "yes";
diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix
index 0cf218d46..98bc748dd 100644
--- a/makefu/2configs/tools/mobility.nix
+++ b/makefu/2configs/tools/mobility.nix
@@ -5,12 +5,10 @@
mosh
sshfs
rclone
- exfat
(pkgs.callPackage ./secrets.nix {})
opensc pcsctools libu2f-host
];
- boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
boot.supportedFilesystems = [ "exfat" ];
}
diff --git a/makefu/2configs/workadventure/default.nix b/makefu/2configs/workadventure/default.nix
new file mode 100644
index 000000000..3c68fca8d
--- /dev/null
+++ b/makefu/2configs/workadventure/default.nix
@@ -0,0 +1,6 @@
+{
+ imports = [
+ ./jitsi.nix
+ ./workadventure.nix
+ ];
+}
diff --git a/makefu/2configs/workadventure/jitsi.nix b/makefu/2configs/workadventure/jitsi.nix
new file mode 100644
index 000000000..d5c590746
--- /dev/null
+++ b/makefu/2configs/workadventure/jitsi.nix
@@ -0,0 +1,59 @@
+{
+ # + +
+ # | |
+ # | |
+ # v v
+ # 80, 443 TCP 443 TCP, 10000 UDP
+ # +--------------+ +---------------------+
+ # | nginx | 5222, 5347 TCP | |
+ # | jitsi-meet |<-------------------+| jitsi-videobridge |
+ # | prosody | | | |
+ # | jicofo | | +---------------------+
+ # +--------------+ |
+ # | +---------------------+
+ # | | |
+ # +----------+| jitsi-videobridge |
+ # | | |
+ # | +---------------------+
+ # |
+ # | +---------------------+
+ # | | |
+ # +----------+| jitsi-videobridge |
+ # | |
+ # +---------------------+
+
+ # This is a one server setup
+ services.jitsi-meet = {
+ enable = true;
+ hostName = "meet.euer.krebsco.de";
+
+ # JItsi COnference FOcus is a server side focus component used in Jitsi Meet conferences.
+ # https://github.com/jitsi/jicofo
+ jicofo.enable = true;
+
+ # Whether to enable nginx virtual host that will serve the javascript application and act as a proxy for the XMPP server.
+ # Further nginx configuration can be done by adapting services.nginx.virtualHosts.<hostName>. When this is enabled, ACME
+ # will be used to retrieve a TLS certificate by default. To disable this, set the
+ # services.nginx.virtualHosts.<hostName>.enableACME to false and if appropriate do the same for
+ # services.nginx.virtualHosts.<hostName>.forceSSL.
+ nginx.enable = true;
+
+ # https://github.com/jitsi/jitsi-meet/blob/master/config.js
+ config = {
+ enableWelcomePage = true;
+ defaultLang = "en";
+ };
+
+ # https://github.com/jitsi/jitsi-meet/blob/master/interface_config.js
+ interfaceConfig = {
+ SHOW_JITSI_WATERMARK = false;
+ SHOW_WATERMARK_FOR_GUESTS = false;
+ };
+ };
+
+ networking.firewall = {
+ allowedTCPPorts = [ 80 443 ];
+ allowedUDPPorts = [ 10000 ];
+ };
+
+}
diff --git a/makefu/2configs/workadventure/workadventure.nix b/makefu/2configs/workadventure/workadventure.nix
new file mode 100644
index 000000000..2b7eca250
--- /dev/null
+++ b/makefu/2configs/workadventure/workadventure.nix
@@ -0,0 +1,161 @@
+{ config, pkgs, lib, ... }:
+let
+ # If your Jitsi environment has authentication set up,
+ # you MUST set JITSI_PRIVATE_MODE to "true" and
+ # you MUST pass a SECRET_JITSI_KEY to generate the JWT secret
+ jitsiPrivateMode = "false";
+
+ secretJitsiKey = "";
+
+ jitsiISS = "";
+
+ workadventureSecretKey = "";
+
+ jitsiURL = "meet.euer.krebsco.de";
+
+ domain = "work.euer.krebsco.de";
+ # domain will redirect to this map. (not play.${domain})
+ defaultMap = "npeguin.github.io/office-map/map.json";
+
+ apiURL = "api.${domain}";
+ apiPort = 9002;
+
+ frontURL = "play.${domain}";
+ frontPort = 9004;
+
+ pusherURL = "push.${domain}";
+ pusherPort = 9005;
+
+ uploaderURL = "ul.${domain}";
+ uploaderPort = 9006;
+
+ frontImage = "thecodingmachine/workadventure-front:develop";
+ pusherImage = "thecodingmachine/workadventure-pusher:develop";
+ apiImage = "thecodingmachine/workadventure-back:develop";
+ uploaderImage = "thecodingmachine/workadventure-uploader:develop";
+
+in {
+
+ networking.firewall = {
+ allowedTCPPorts = [ 80 443 ];
+ allowedUDPPorts = [ 80 443 ];
+ };
+
+ services.nginx.enable = true;
+ services.nginx.recommendedProxySettings = true;
+
+ systemd.services.workadventure-network = {
+ enable = true;
+ wantedBy = [ "multi-user.target" ];
+ script = ''
+ ${pkgs.docker}/bin/docker network create --driver bridge workadventure ||:
+ '';
+ after = [ "docker" ];
+ before = [
+ "docker-workadventure-back.service"
+ "docker-workadventure-pusher.service"
+ "docker-workadventure-uploader.service"
+ "docker-workadventure-website.service"
+ ];
+ };
+
+ virtualisation.oci-containers.backend = "docker";
+
+ services.nginx.virtualHosts."${domain}" = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/" = {
+ return = "301 $scheme://play.${domain}/_/global/${defaultMap}";
+ };
+ };
+
+ virtualisation.oci-containers.containers.workadventure-front = {
+ image = frontImage;
+ environment = {
+ API_URL = pusherURL;
+ JITSI_PRIVATE_MODE = jitsiPrivateMode;
+ JITSI_URL = jitsiURL;
+ SECRET_JITSI_KEY = secretJitsiKey;
+ UPLOADER_URL = uploaderURL;
+ };
+ ports = [ "127.0.0.1:${toString frontPort}:80" ];
+ extraOptions = [ "--network=workadventure" ];
+ };
+ services.nginx.virtualHosts."${frontURL}" = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/" = { proxyPass = "http://127.0.0.1:${toString frontPort}"; };
+ };
+
+ virtualisation.oci-containers.containers.workadventure-pusher = {
+ image = pusherImage;
+ environment = {
+ API_URL = "workadventure-back:50051";
+ JITSI_ISS = jitsiISS;
+ JITSI_URL = jitsiURL;
+ SECRET_KEY = workadventureSecretKey;
+ };
+ ports = [ "127.0.0.1:${toString pusherPort}:8080" ];
+ extraOptions = [ "--network=workadventure" ];
+ };
+ services.nginx.virtualHosts."${pusherURL}" = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/" = {
+ proxyPass = "http://127.0.0.1:${toString pusherPort}";
+ proxyWebsockets = true;
+ };
+ locations."/room" = {
+ proxyPass = "http://127.0.0.1:${toString pusherPort}";
+ proxyWebsockets = true;
+ };
+ };
+
+ virtualisation.oci-containers.containers.workadventure-back = {
+ image = apiImage;
+ environment = {
+ #DEBUG = "*";
+ JITSI_ISS = jitsiISS;
+ JITSI_URL = jitsiURL;
+ SECRET_KEY = workadventureSecretKey;
+ };
+ ports = [ "127.0.0.1:${toString apiPort}:8080" "50051" ];
+ extraOptions = [ "--network=workadventure" ];
+ };
+ services.nginx.virtualHosts."${apiURL}" = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/" = { proxyPass = "http://127.0.0.1:${toString apiPort}"; };
+ };
+
+ virtualisation.oci-containers.containers.workadventure-uploader = {
+ image = uploaderImage;
+ ports = [ "127.0.0.1:${toString uploaderPort}:8080" ];
+ extraOptions = [ "--network=workadventure" ];
+ };
+ services.nginx.virtualHosts."${uploaderURL}" = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/" = {
+ proxyPass = "http://127.0.0.1:${toString uploaderPort}";
+ proxyWebsockets = true;
+ };
+ };
+
+ systemd.services.docker-workadventure-front.serviceConfig = {
+ StandardOutput = lib.mkForce "journal";
+ StandardError = lib.mkForce "journal";
+ };
+ systemd.services.docker-workadventure-uploader.serviceConfig = {
+ StandardOutput = lib.mkForce "journal";
+ StandardError = lib.mkForce "journal";
+ };
+ systemd.services.docker-workadventure-pusher.serviceConfig = {
+ StandardOutput = lib.mkForce "journal";
+ StandardError = lib.mkForce "journal";
+ };
+ systemd.services.docker-workadventure-back.serviceConfig = {
+ StandardOutput = lib.mkForce "journal";
+ StandardError = lib.mkForce "journal";
+ };
+}
diff --git a/makefu/5pkgs/kalauerbot/default.nix b/makefu/5pkgs/kalauerbot/default.nix
index ee90fdeec..b78b2fcd6 100644
--- a/makefu/5pkgs/kalauerbot/default.nix
+++ b/makefu/5pkgs/kalauerbot/default.nix
@@ -1,11 +1,11 @@
{ stdenv, python3, fetchgit }:
python3.pkgs.buildPythonPackage rec {
name = "kalauerbot";
-rev = "08d98aa";
+rev = "2a1e868";
src = fetchgit {
url = "http://cgit.euer.krebsco.de/kalauerbot";
inherit rev;
- sha256 = "017hh61smgq4zsxd10brgwmykwgwabgllxjs31xayvs1hnqmkv2v";
+ sha256 = "1vymz3dnpgcxwfgbnrpc0plcdmihxcq7xsvpap755c5jvzvb8a1k";
};
propagatedBuildInputs = with python3.pkgs;[
(callPackage ./python-matrixbot.nix {
diff --git a/makefu/5pkgs/office-radio/default.nix b/makefu/5pkgs/office-radio/default.nix
new file mode 100644
index 000000000..2eacb9e23
--- /dev/null
+++ b/makefu/5pkgs/office-radio/default.nix
@@ -0,0 +1,23 @@
+{ lib, pkgs, fetchFromGitHub, ... }:
+
+with pkgs.python3Packages;buildPythonPackage rec {
+ name = "office-radio-${version}";
+ version = "0.2.3.4";
+ propagatedBuildInputs = [
+ flask
+ psutil
+ mpd2
+ requests
+ ];
+ src = fetchFromGitHub {
+ owner = "makefu";
+ repo = "office-radio";
+ rev = "601c650";
+ sha256 = "06zf0sjm4zlnbjlmiajbz1klhz1maj1ww5vah2abcvk1vx0p0hn7";
+ };
+ meta = {
+ homepage = https://github.com/makefu/office-radio;
+ description = "manage virtual office radio";
+ license = lib.licenses.asl20;
+ };
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-25 07:22:09 +0000
[cgit] Unable to lock slot /tmp/cgit/62000000.lock: No such file or directory (2)