diff options
| author | makefu <github@syntax-fehler.de> | 2023-07-28 22:24:15 +0200 |
|---|---|---|
| committer | makefu <github@syntax-fehler.de> | 2023-07-28 22:24:15 +0200 |
| commit | 060a8f28fa1fc648bdf66afb31a5d1efac868837 (patch) | |
| tree | 2b354eacc7897365ee45244fe7a51720e0d0333f /makefu/2configs | |
| parent | cbfcc890e3b76d942b927809bf981a5fa7289e6a (diff) | |
makefu: move out to own repo, add vacation-note
Diffstat (limited to 'makefu/2configs')
399 files changed, 0 insertions, 16775 deletions
diff --git a/makefu/2configs/Reaktor/bgt.nix b/makefu/2configs/Reaktor/bgt.nix deleted file mode 100644 index 42325bcd6..000000000 --- a/makefu/2configs/Reaktor/bgt.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ pkgs, ... }: -{ - krebs.Reaktor.reaktor-bgt = { - nickname = "Reaktor|bgt"; - workdir = "/var/lib/Reaktor/bgt"; - channels = [ "#binaergewitter" ]; - plugins = with pkgs.ReaktorPlugins; - [ titlebot - # stockholm-issue - nixos-version - # shack-correct - # sed-plugin - random-emoji ]; - }; -} diff --git a/makefu/2configs/audio/realtime-audio.nix b/makefu/2configs/audio/realtime-audio.nix deleted file mode 100644 index 8c392dbb6..000000000 --- a/makefu/2configs/audio/realtime-audio.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, pkgs, ... }: -let - user = config.makefu.gui.user; -in -{ - imports = [ - <musnix> - ]; - musnix.enable = true; - musnix.kernel.optimize = true; - musnix.kernel.realtime = true; - musnix.kernel.packages = pkgs.linuxPackages_latest_rt; - - users.users."${user}".extraGroups = [ "audio" ]; -} diff --git a/makefu/2configs/audio/respeaker.nix b/makefu/2configs/audio/respeaker.nix deleted file mode 100644 index 0aaef5dac..000000000 --- a/makefu/2configs/audio/respeaker.nix +++ /dev/null @@ -1,122 +0,0 @@ -{ config, lib, pkgs, ... }: -let - seeed-voicecard = (pkgs.callPackage ../../5pkgs/seeed-voicecard { kernel = config.boot.kernelPackages.kernel; }); -in -{ - hardware.raspberry-pi."4".i2c1.enable = true; - hardware.raspberry-pi."4".audio.enable = true; - hardware.raspberry-pi."4".apply-overlays-dtmerge.enable = true; - hardware.deviceTree.filter = lib.mkForce "bcm2711-rpi-4-b.dtb"; - - security.rtkit.enable = true; - - environment.systemPackages = with pkgs; [ - alsaUtils - i2c-tools - ponymix - ]; - - sound.enable = true; - hardware.pulseaudio.enable = lib.mkForce false; - services.pipewire = { - enable = true; - systemWide = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - }; - - services.pipewire.config.pipewire-pulse = { - "pulse.properties"."server.address" = [ "unix:native" "tcp:4713" ]; - }; - - sound.extraConfig = '' - pcm.!default { - type asym - playback.pcm "playback" - capture.pcm "ac108" - } - - pcm.ac108 { - type plug - slave.pcm "hw:seeed4micvoicec" - } - '' ; - - - boot.extraModulePackages = [ - seeed-voicecard - ]; - boot.initrd.kernelModules = [ - "snd-soc-seeed-voicecard" - "snd-soc-ac108" - "i2c-dev" - #"i2c-bcm2708" - #"snd-soc-wm8960" - ]; - - boot.loader.raspberryPi.firmwareConfig = [ - "dtparam=i2c_arm=on" - "dtparam=i2s=on" - "dtparam=spi=on" - "dtparam=i2c1=on" - # dtoverlay=seeeed-8mic-voicecard not required because we use hardware.deviceTree - ]; - hardware.deviceTree = { - enable = true; - overlays = [ - { name = "respeaker-4mic"; dtsFile = "${seeed-voicecard}/lib/dts/seeed-4mic-voicecard-overlay.dts";} - { name = "spi"; dtsText = '' - /dts-v1/; - /plugin/; - - / { - compatible = "raspberrypi"; - fragment@0 { - target = <&spi>; - __overlay__ { - cs-gpios = <&gpio 8 1>, <&gpio 7 1>; - status = "okay"; - pinctrl-names = "default"; - pinctrl-0 = <&spi0_pins &spi0_cs_pins>; - #address-cells = <1>; - #size-cells = <0>; - spidev@0 { - reg = <0>; // CE0 - spi-max-frequency = <500000>; - compatible = "spidev"; - }; - - spidev@1 { - reg = <1>; // CE1 - spi-max-frequency = <500000>; - compatible = "spidev"; - }; - }; - }; - fragment@1 { - target = <&alt0>; - __overlay__ { - // Drop GPIO 7, SPI 8-11 - brcm,pins = <4 5>; - }; - }; - - fragment@2 { - target = <&gpio>; - __overlay__ { - spi0_pins: spi0_pins { - brcm,pins = <9 10 11>; - brcm,function = <4>; // alt0 - }; - spi0_cs_pins: spi0_cs_pins { - brcm,pins = <8 7>; - brcm,function = <1>; // out - }; - }; - }; - }; - '';} - ]; - }; -} diff --git a/makefu/2configs/avahi.nix b/makefu/2configs/avahi.nix deleted file mode 100644 index 59f59fd80..000000000 --- a/makefu/2configs/avahi.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ pkgs, ...}: -{ - services.avahi = { - enable = true; - wideArea = false; - }; - environment.systemPackages = [ pkgs.avahi ]; -} diff --git a/makefu/2configs/backup/server.nix b/makefu/2configs/backup/server.nix deleted file mode 100644 index 26e53b8c3..000000000 --- a/makefu/2configs/backup/server.nix +++ /dev/null @@ -1,19 +0,0 @@ -{lib,config, ... }: -let - hosts = lib.mapAttrsToList (f: _: lib.removeSuffix ".pub" f) (builtins.readDir ./ssh ); -in { - # TODO: for all enabled machines - options = { - makefu.backup.server.repo = lib.mkOption { - type = lib.types.str; - default = "/var/lib/borgbackup"; - }; - }; - config = { - services.borgbackup.repos = lib.genAttrs hosts (host: { - authorizedKeys = [ (builtins.readFile (./ssh + "/${host}.pub") ) ]; - path = "${config.makefu.backup.server.repo}/${host}"; - user = "borg-${host}"; - }) ; - }; -} diff --git a/makefu/2configs/backup/ssh/gum.pub b/makefu/2configs/backup/ssh/gum.pub deleted file mode 100644 index 52d56d956..000000000 --- a/makefu/2configs/backup/ssh/gum.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUZcfi2SXxCo1if0oU3x9qPK8/O5FmiXy2HFZyTp/P1 makefu@x diff --git a/makefu/2configs/backup/ssh/latte.pub b/makefu/2configs/backup/ssh/latte.pub deleted file mode 100644 index 52d56d956..000000000 --- a/makefu/2configs/backup/ssh/latte.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUZcfi2SXxCo1if0oU3x9qPK8/O5FmiXy2HFZyTp/P1 makefu@x diff --git a/makefu/2configs/backup/ssh/nextgum.pub b/makefu/2configs/backup/ssh/nextgum.pub deleted file mode 100644 index 52d56d956..000000000 --- a/makefu/2configs/backup/ssh/nextgum.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUZcfi2SXxCo1if0oU3x9qPK8/O5FmiXy2HFZyTp/P1 makefu@x diff --git a/makefu/2configs/backup/ssh/omo.pub b/makefu/2configs/backup/ssh/omo.pub deleted file mode 100644 index 053b4da87..000000000 --- a/makefu/2configs/backup/ssh/omo.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAtA3XzpjByYQ9uSHQr0dkNUyi6nROjwv1S2IQtUu4pi makefu@x diff --git a/makefu/2configs/backup/ssh/wbob.pub b/makefu/2configs/backup/ssh/wbob.pub deleted file mode 100644 index 52d56d956..000000000 --- a/makefu/2configs/backup/ssh/wbob.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUZcfi2SXxCo1if0oU3x9qPK8/O5FmiXy2HFZyTp/P1 makefu@x diff --git a/makefu/2configs/backup/ssh/x.pub b/makefu/2configs/backup/ssh/x.pub deleted file mode 100644 index fe894df33..000000000 --- a/makefu/2configs/backup/ssh/x.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRfhUv9twYbO7tUe2r2LOXEMNxW14GO3Q0RTkUWeMxw makefu@x diff --git a/makefu/2configs/backup/state.nix b/makefu/2configs/backup/state.nix deleted file mode 100644 index 1143708bf..000000000 --- a/makefu/2configs/backup/state.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, ... }: -# back up all state -let - sec = toString <secrets>; - sshkey = sec + "/borg.priv"; - phrase = sec + "/borg.pw"; -in -{ - services.borgbackup.jobs.state = { - repo = "borg-${config.krebs.build.host.name}@backup.makefu.r:."; - paths = config.state; - encryption = { - mode = "repokey"; - passCommand = "cat ${phrase}"; - }; - environment.BORG_RSH = "ssh -i ${sshkey}"; - prune.keep = - { daily = 7; - weekly = 4; - monthly = -1; # Keep at least one archive for each month - }; - compression = "auto,lzma"; - startAt = "daily"; - }; -} diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix deleted file mode 100644 index f63dbefd8..000000000 --- a/makefu/2configs/bepasty-dual.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ config, lib, pkgs, ... }: - -# 1systems should configure itself: -# krebs.bepasty.servers.internal.nginx.listen = [ "80" ] -# krebs.bepasty.servers.external.nginx.listen = [ "80" "443 ssl" ] -# 80 is redirected to 443 ssl - -# secrets used: -# wildcard.krebsco.de.crt -# wildcard.krebsco.de.key -# bepasty-secret.nix <- contains single string - -with import <stockholm/lib>; -let - sec = toString <secrets>; - # secKey is nothing worth protecting on a local machine - secKey = "${secrets}/bepasty-secret"; - acmepath = "/var/lib/acme/"; - acmechall = acmepath + "/challenges/"; - ext-dom = "paste.krebsco.de" ; -in { - - services.nginx.enable = mkDefault true; - krebs.bepasty = { - enable = true; - serveNginx= true; - - servers = { - "paste.r" = { - nginx = { - serverAliases = [ - "paste.${config.krebs.build.host.name}" - "paste.r" - ]; - extraConfig = '' - if ( $server_addr = "${external-ip}" ) { - return 403; - } - ''; - }; - defaultPermissions = "admin,list,create,read,delete"; - secretKeyFile = secKey; - }; - - "${ext-dom}" = { - nginx = { - forceSSL = true; - enableACME = true; - }; - defaultPermissions = "read"; - secretKeyFile = secKey; - }; - }; - }; -} diff --git a/makefu/2configs/bgt/auphonic.pub b/makefu/2configs/bgt/auphonic.pub deleted file mode 100644 index 37b8e0599..000000000 --- a/makefu/2configs/bgt/auphonic.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDvP50lgtHhlC3LKzC1/4yzJNxkZFDSIBvEfavNfchNKJUEBPo82oVtfFgJR5XfjI7c2U9dHl+0q4qMl+9ZiZWr2YgDpAr78kpur4gjWKrnBa2eT9GIfXB3Tm1+OpI2HoeOHUKEK1gKqqe9tJfS+CLb7DLCjulW8zdLiiH6KmvyaH78hGjZv+bpx7H4rItAinl8vGe+ceRIk4tZbmkyhphXbQZa3Ov+imiJXIr7fmX3tkOhUp4YwrVlUK8J0MEa1Kf7ZYWRqvGnKYFQ73LwLPz7UIOZ93zPF4d0R7xqvdEEhIx+u1/gToQZSMUczbVqg3dixr3yeBhFA/6h0lTA61mx diff --git a/makefu/2configs/bgt/backup.nix b/makefu/2configs/bgt/backup.nix deleted file mode 100644 index dc3260266..000000000 --- a/makefu/2configs/bgt/backup.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - # Manual steps: - # 1. ssh-copy-id root ssh-key to the remotes you want to back up - # 2. run `rsnapshot hourly` manually as root to check if everything works - - services.rsnapshot = { - enable = true; - cronIntervals = { - daily = "50 21 * * *"; - hourly = "0 */4 * * *"; - }; - extraConfig = '' -retain hourly 5 -retain daily 365 -snapshot_root /var/backup/bgt -backup root@binaergewitter.jit.computer:/opt/isso jit -backup root@binaergewitter.jit.computer:/etc/systemd/system/isso.service jit -backup root@binaergewitter.jit.computer:/etc/nginx/conf.d/isso.conf jit - ''; - }; -} diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix deleted file mode 100644 index 31da31a71..000000000 --- a/makefu/2configs/bgt/download.binaergewitter.de.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let - ident = (builtins.readFile ./auphonic.pub); - bgtaccess = "/var/spool/nginx/logs/binaergewitter.access.log"; - bgterror = "/var/spool/nginx/logs/binaergewitter.error.log"; - - # TODO: only when the data is stored somewhere else - wwwdir = "/var/www/binaergewitter"; - storedir = "/media/cloud/www/binaergewitter"; -in { - fileSystems."${wwwdir}" = { - device = storedir; - options = [ "bind" ]; - }; - - services.openssh = { - allowSFTP = true; - sftpFlags = [ "-l VERBOSE" ]; - extraConfig = '' - HostkeyAlgorithms +ssh-rsa - - Match User auphonic - ForceCommand internal-sftp - AllowTcpForwarding no - X11Forwarding no - PasswordAuthentication no - PubkeyAcceptedAlgorithms +ssh-rsa - - ''; - }; - - users.users.auphonic = { - uid = genid "auphonic"; - group = "nginx"; - # for storedir - extraGroups = [ "download" ]; - useDefaultShell = true; - isSystemUser = true; - openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ]; - }; - - services.logrotate = { - enable = true; - settings.bgt = { - files = [ bgtaccess bgterror ]; - rotate = 5; - frequency = "weekly"; - create = "600 nginx nginx"; - postrotate = "${pkgs.systemd}/bin/systemctl reload nginx"; - }; - }; - - # 20.09 unharden nginx to write logs - systemd.services.nginx.serviceConfig.ReadWritePaths = [ - "/var/spool/nginx/logs/" - ]; - security.acme.certs."download.binaergewitter.de" = { - dnsProvider = "cloudflare"; - credentialsFile = toString <secrets/lego-binaergewitter>; - webroot = lib.mkForce null; - }; - - services.nginx = { - appendHttpConfig = '' - types { - audio/ogg oga ogg opus; - } - ''; - enable = lib.mkDefault true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - virtualHosts."download.binaergewitter.de" = { - addSSL = true; - enableACME = true; - serverAliases = [ "dl2.binaergewitter.de" ]; - root = "/var/www/binaergewitter"; - extraConfig = '' - access_log ${bgtaccess} combined; - error_log ${bgterror} error; - autoindex on; - ''; - }; - }; -} diff --git a/makefu/2configs/bgt/etherpad.euer.krebsco.de.nix b/makefu/2configs/bgt/etherpad.euer.krebsco.de.nix deleted file mode 100644 index ff180e307..000000000 --- a/makefu/2configs/bgt/etherpad.euer.krebsco.de.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ lib, ... }: -let - port = 19201; -in { - #services.nginx.virtualHosts."euer.krebsco.de".serverAliases = [ "etherpad.euer.krebsco.de" ]; - services.nginx.virtualHosts."etherpad.euer.krebsco.de" = { - # useACMEHost = "euer.krebsco.de"; - extraConfig = '' - ssl_session_timeout 30m; - ''; - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "http://127.0.0.1:${toString port}"; - # from https://github.com/ether/etherpad-lite/wiki/How-to-put-Etherpad-Lite-behind-a-reverse-Proxy - locations."/".extraConfig = '' - - proxy_buffering off; # be careful, this line doesn't override any proxy_buffering on set in a conf.d/file.conf - proxy_set_header Host $host; - proxy_pass_header Server; - - # Note you might want to pass these headers etc too. - proxy_set_header X-Real-IP $remote_addr; # https://nginx.org/en/docs/http/ngx_http_proxy_module.html - proxy_set_header X-Forwarded-For $remote_addr; # EP logs to show the actual remote IP - proxy_set_header X-Forwarded-Proto $scheme; # for EP to set secure cookie flag when https is used - proxy_http_version 1.1; # recommended with keepalive connections - - # WebSocket proxying - from https://nginx.org/en/docs/http/websocket.html - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 1799s; - ''; - }; - state = [ "/var/lib/docker/volumes/etherpad_data/_data/" ]; - virtualisation.oci-containers.containers."etherpad-lite" = { - #image = "makefoo/bgt-etherpad:2021-04-16.3"; # --build-arg ETHERPAD_PLUGINS="ep_markdown" - image = "etherpad/etherpad:1.8.14"; - - ports = [ "127.0.0.1:${toString port}:9001" ]; - volumes = [ - "/var/src/secrets/etherpad/apikey:/opt/etherpad-lite/APIKEY.txt" - "etherpad_data:/opt/etherpad-lite/var" # persistent dirtydb - ]; - # for postgres - #DB_TYPE=postgres - #DB_HOST=db.local - #DB_PORT=4321 - #DB_NAME=etherpad - #DB_USER=dbusername - #DB_PASS=mypassword - environment = { - # ADMIN_PASSWORD = "auf jeden fall nicht das echte admin passwort"; - # LOGLEVEL = "DEBUG"; - - SUPPRESS_ERRORS_IN_PAD_TEXT = "true"; - TRUST_PROXY = "true"; - TITLE = "Binärgewitter Etherpad"; - SKIN_NAME = "no-skin"; - DEFAULT_PAD_TEXT = builtins.readFile ./template.md; - PAD_OPTIONS_USE_MONOSPACE_FONT = "true"; - PAD_OPTIONS_USER_NAME = "true"; - PAD_OPTIONS_USER_COLOR = "true"; - PAD_OPTIONS_CHAT_AND_USERS = "true"; - PAD_OPTIONS_LANG = "en-US"; - }; - }; -} diff --git a/makefu/2configs/bgt/hidden_service.nix b/makefu/2configs/bgt/hidden_service.nix deleted file mode 100644 index 56d319e39..000000000 --- a/makefu/2configs/bgt/hidden_service.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ pkgs, lib, ... }: - -with lib; -let - name = "bgt_cyberwar_hidden_service"; - sec = (toString <secrets>) + "/"; - secdir = sec + name; - srvdir = "/var/lib/tor/onion/"; - basedir = srvdir + name; - hn = builtins.readFile (secdir + "/hostname"); -in -{ - systemd.services.prepare-hidden-service = { - wantedBy = [ "local-fs.target" ]; - before = [ "tor.service" ]; - serviceConfig = { - ExecStart = pkgs.writeScript "prepare-euer-blog-service" '' - #!/bin/sh - set -euf - if ! test -d "${basedir}" ;then - mkdir -p "${srvdir}" - cp -r "${secdir}" "${srvdir}" - chown -R tor:tor "${srvdir}" - chmod -R 700 "${basedir}" - else - echo "not overwriting ${basedir}" - fi - ''; - Type = "oneshot"; - RemainAfterExit = "yes"; - TimeoutSec = "0"; - }; - }; - services.nginx.virtualHosts."${hn}".locations."/" = { - proxyPass = "https://blog.binaergewitter.de"; - extraConfig = '' - proxy_set_header Host blog.binaergewitter.de; - proxy_ssl_server_name on; - ''; - }; - services.tor = { - enable = true; - hiddenServices."${name}".map = [ - { port = 80; } - # { port = 443; toHost = "blog.binaergewitter.de"; } - ]; - }; -} diff --git a/makefu/2configs/bgt/social-to-irc.nix b/makefu/2configs/bgt/social-to-irc.nix deleted file mode 100644 index 9d9640a9f..000000000 --- a/makefu/2configs/bgt/social-to-irc.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ pkgs, ... }: -{ - systemd.services.brockman.environment."BROCKMAN_LOG_LEVEL" = "DEBUG"; - krebs.brockman = { - enable = true; - config = { - channel = "#binaergewitter"; - notifyErrors = false; - irc = { - host = "irc.libera.chat"; - port = 6667; - }; - #controller = { - # nick = "brockman-systemdultras"; - # channels = []; - #}; - bots = { - bgt-mastodon-rss = { - feed = "https://jit.social/users/binaergewitter.rss"; - #extraChannels = [ "#binaergewitter" ]; - delay = 180; - }; - bgt-blog-rss = { - feed = "https://blog.binaergewitter.de/rss.xml"; - #extraChannels = [ "#binaergewitter" ]; - delay = 180; - }; - bgt-twitter = { - feed = "http://rss.makefu.r/?action=display&bridge=Twitter&context=By+username&u=binaergewitter&format=Atom"; - #extraChannels = [ "#binaergewitter" ]; - delay = 280; - }; - }; - }; - - }; -} diff --git a/makefu/2configs/bgt/template.md b/makefu/2configs/bgt/template.md deleted file mode 100644 index be21d7c0c..000000000 --- a/makefu/2configs/bgt/template.md +++ /dev/null @@ -1,43 +0,0 @@ -# <SENDUNGSNUMMER> - -0. Sendung twittern und mastodieren (eine Woche + eine Stunde vorher) von Ingo/l33tname (wichtig) -1. `eine` Person anrufen (den Host): - - markus madmas@studio.link - - Felix1 makefu@studio.link - - L33tFelix l33tname@studio.link - - Ingo ingo@studio.link -2. Jitis an machen https://meet.ffmuc.net/bgt-aktuell (mittel) -3. studio-link aufnehmen drücken (wichtig) -4. audiocity starten, 48000Hz einstellen, Audio-Device checken und aufnehmen drücken (wichtig) -4. alternative parecord: - `$ pacmd list-sources | grep -e device.string -e 'name:' # keins der "monitor" devices` - `$ parecord --channels=1 -d alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo bgt.wav` -5. darkice starten (wichtig) -6. Ingo daran erinnern, dass er die Überschriften richtig aussprechen muss -7. klatschen -8. Hallihallo und Herzlich Willkommen - -## Vorschläge -### Backlog von Picks und Lesefoo aus der letzten Woche - ---- - -## Blast from the Past - -## Toter der Woche - -## Untoter der Woche - -## AI der Woche - -## News - -## Themen - -## Mimimi der Woche - -## Lesefoo - -## Picks - -## Ende diff --git a/makefu/2configs/binary-cache/gum.nix b/makefu/2configs/binary-cache/gum.nix deleted file mode 100644 index fc6e26fe0..000000000 --- a/makefu/2configs/binary-cache/gum.nix +++ /dev/null @@ -1,13 +0,0 @@ - -{ config, ... }: - -{ - nix.settings = { - substituters = [ - "https://cache.euer.krebsco.de/" - ]; - trusted-public-keys = [ - "gum:iIXIFlCAotib+MgI3V/i3HMlFXiVYOT/jfP0y54Zuvg=" - ]; - }; -} diff --git a/makefu/2configs/binary-cache/lass.nix b/makefu/2configs/binary-cache/lass.nix deleted file mode 100644 index 7d7549d8d..000000000 --- a/makefu/2configs/binary-cache/lass.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, ... }: - -{ - nix.settings = { - substituters = [ - "https://cache.krebsco.de" - ]; - trusted-public-keys = [ - "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" - "cache.prism-2:YwmCm3/s/D+SxrPKN/ETjlpw/219pNUbpnluatp6FKI=" - ]; - }; -} diff --git a/makefu/2configs/binary-cache/nixos.nix b/makefu/2configs/binary-cache/nixos.nix deleted file mode 100644 index 299130059..000000000 --- a/makefu/2configs/binary-cache/nixos.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, ... }: - -{ - nix.settings = { - substituters = [ - "https://cache.nixos.org/" - ]; - trusted-public-keys = [ - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - ]; - }; -} diff --git a/makefu/2configs/binary-cache/server.nix b/makefu/2configs/binary-cache/server.nix deleted file mode 100644 index c1ae16e29..000000000 --- a/makefu/2configs/binary-cache/server.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ config, lib, pkgs, ...}: - -{ - # generate private key with: - # nix-store --generate-binary-cache-key gum nix-serve.key nix-serve.pub - services.nix-serve = { - enable = true; - port = 5001; - secretKeyFile = toString <secrets> + "/nix-serve.key"; - }; - - services.nginx = { - enable = true; - virtualHosts."cache.euer.krebsco.de" = { - forceSSL = true; - enableACME = true; - serverAliases = [ # "cache.gum.r" - "cache.gum.krebsco.de" - ]; - locations."/".proxyPass= "http://localhost:${toString config.services.nix-serve.port}"; - }; - }; -} - diff --git a/makefu/2configs/bitlbee.nix b/makefu/2configs/bitlbee.nix deleted file mode 100644 index ede6225ea..000000000 --- a/makefu/2configs/bitlbee.nix +++ /dev/null @@ -1,10 +0,0 @@ -{pkgs, ... }: -{ - services.bitlbee = { - enable = true; - # libpurple_plugins = [ pkgs.telegram-purple pkgs.pidgin-skypeweb]; - plugins = [ pkgs.bitlbee-mastodon ]; - }; - users.users.makefu.packages = with pkgs; [ weechat tmux ]; - state = [ "/var/lib/bitlbee" ]; -} diff --git a/makefu/2configs/bitwarden.nix b/makefu/2configs/bitwarden.nix deleted file mode 100644 index d57badd1c..000000000 --- a/makefu/2configs/bitwarden.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ pkgs, ... }: -let - port = 8812; -in { - services.vaultwarden = { - enable = true; - dbBackend = "postgresql"; - config.signups_allowed = false; - config.rocketPort = port; - config.domain = "https://bw.euer.krebsco.de"; - #config.databaseUrl = "postgresql://bitwardenuser:${dbPassword}@localhost/bitwarden"; - config.databaseUrl = "postgresql:///bitwarden"; - config.websocket_enabled = true; - }; - - systemd.services.vaultwarden.after = [ "postgresql.service" ]; - - services.postgresql = { - enable = true; - ensureDatabases = [ "bitwarden" ]; - ensureUsers = [ - { name = "bitwarden_rs"; ensurePermissions."DATABASE bitwarden" = "ALL PRIVILEGES"; } - { name = "vaultwarden"; ensurePermissions."DATABASE bitwarden" = "ALL PRIVILEGES"; } - ]; - }; - services.postgresqlBackup = { - enable = true; - databases = [ "bitwarden" ]; - }; - systemd.services.postgresqlBackup-bitwarden.serviceConfig.SupplementaryGroups = [ "download" ]; - - - services.nginx.virtualHosts."bw.euer.krebsco.de" ={ - forceSSL = true; - enableACME = true; - - locations."/" = { - proxyPass = "http://localhost:8812"; - proxyWebsockets = true; - }; - locations."/notifications/hub" = { - proxyPass = "http://localhost:3012"; - proxyWebsockets = true; - }; - locations."/notifications/hub/negotiate" = { - proxyPass = "http://localhost:8812"; - proxyWebsockets = true; - }; - }; -} diff --git a/makefu/2configs/bluetooth-mpd.nix b/makefu/2configs/bluetooth-mpd.nix deleted file mode 100644 index e007b6072..000000000 --- a/makefu/2configs/bluetooth-mpd.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ pkgs, config, lib, ... }: - -let - cfg = config.makefu.mpd; -in { - options.makefu.mpd.musicDirectory = lib.mkOption { - description = "music Directory"; - default = "/data/music"; - type = lib.types.str; - }; - config = { - services.mpd = { - enable = true; - inherit (cfg) musicDirectory; - network.listenAddress = "0.0.0.0"; - extraConfig = '' - audio_output { - type "pulse" - name "Local MPD" - server "127.0.0.1" - } - ''; - }; - # open because of truestedInterfaces - # networking.firewall.allowedTCPPorts = [ 6600 4713 ]; - services.samba.shares.music = { - path = cfg.musicDirectory; - "read only" = "no"; - browseable = "yes"; - "guest ok" = "yes"; - }; - - sound.enable = true; - hardware.pulseaudio = { - enable = true; - package = pkgs.pulseaudioFull; - # systemWide = true; - support32Bit = true; - zeroconf.discovery.enable = true; - zeroconf.publish.enable = true; - tcp = { - enable = true; - # PULSE_SERVER=192.168.1.11 pavucontrol - anonymousClients.allowAll = true; - anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.0.0/16" ]; - }; - configFile = pkgs.writeText "default.pa" '' - load-module module-udev-detect - load-module module-bluetooth-policy - load-module module-bluetooth-discover - load-module module-native-protocol-unix auth-anonymous=1 - load-module module-always-sink - load-module module-console-kit - load-module module-systemd-login - load-module module-intended-roles - load-module module-position-event-sounds - load-module module-filter-heuristics - load-module module-filter-apply - load-module module-switch-on-connect - load-module module-equalizer-sink - load-module module-dbus-protocol - #load-module module-bluez5-device - #load-module module-bluez5-discover - ''; - }; - # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio - hardware.bluetooth.enable = true; - # environment.etc."bluetooth/audio.conf".text = '' - # [General] - # Enable = Source,Sink,Media,Socket - # ''; - }; -} diff --git a/makefu/2configs/bureautomation/automation/bureau-shutdown.nix b/makefu/2configs/bureautomation/automation/bureau-shutdown.nix deleted file mode 100644 index f4c10adc8..000000000 --- a/makefu/2configs/bureautomation/automation/bureau-shutdown.nix +++ /dev/null @@ -1,87 +0,0 @@ -{ - services.home-assistant.config.automation = - [ - { alias = "Turn on Fernseher on group home"; - trigger = { - platform = "state"; - entity_id = "group.team"; - from = "not_home"; - to = "home"; - for.seconds = 30; - }; - action = [ - { - service = "homeassistant.turn_on"; - entity_id = [ - "switch.fernseher" - "switch.feuer" - ]; - } - { - service = "media_player.kodi_call_method"; - data = { - entity_id = "media_player.kodi"; - method = "Player.Open"; - item.partymode = "music"; - }; - } - { - service = "notify.telegrambot"; - data = { - title = "Bureau Startup"; - message = "Das Büro wurde eröffnet"; - }; - } - ]; - } - { alias = "Turn off Fernseher after last in group left"; - trigger = [ - { # trigger when movement was detected at the time - platform = "state"; - entity_id = "group.team"; - from = "home"; - to = "not_home"; - } - { # trigger at 18:00 no matter what - # to avoid 'everybody left before 18:00:00' - platform = "time"; - at = "18:00:00"; - } - ]; - action = [ - { - service = "homeassistant.turn_off"; - entity_id = [ - "switch.fernseher" - "switch.feuer" - "light.status_felix" - "light.status_daniel" - ]; - } - { - service = "notify.telegrambot"; - data_template = { - title = "Bureau Shutdown"; - message = "All devices are turned off due to {{ trigger.platform }}"; - }; - } - ]; - condition = - { condition = "and"; - conditions = [ - { - condition = "time"; - before = "06:30:00"; #only turn off between 6:30 and 18:00 - after = "18:00:00"; - # weekday = [ "mon" "tue" "wed" "thu" "fri" ]; - } - { # if anybody is still there - condition = "state"; - entity_id = "group.team"; - state = "not_home"; - } - ]; - }; - } - ]; -} diff --git a/makefu/2configs/bureautomation/automation/daily-news.nix b/makefu/2configs/bureautomation/automation/daily-news.nix deleted file mode 100644 index 2bafe4795..000000000 --- a/makefu/2configs/bureautomation/automation/daily-news.nix +++ /dev/null @@ -1,20 +0,0 @@ -[ - { - alias = "Daily news for Felix"; - trigger = { - platform = "time"; - at = "07:35:00"; - }; - action = - [ - { - service = "notify.telegrambot"; - data_template = { - title = "Daily News"; - # TODO - message = ""; - }; - } - ]; - } -] diff --git a/makefu/2configs/bureautomation/automation/hass-restart.nix b/makefu/2configs/bureautomation/automation/hass-restart.nix deleted file mode 100644 index 3b3ce0599..000000000 --- a/makefu/2configs/bureautomation/automation/hass-restart.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - services.home-assistant.config.automation = - [ - { alias = "State on HA start-up"; - trigger = { - platform = "homeassistant"; - event = "start"; - }; - action = [ - # Startup State - { service = "mqtt.publish"; - data = { - topic = "/bam/sonoffs/cmnd/state"; - payload = ""; - }; - } - # Firmware Version - { service = "mqtt.publish"; - data = { - topic = "/bam/sonoffs/cmnd/status"; - payload = "2"; - }; - } - # Will trigger restart of all devices! - #{ service = "mqtt.publish"; - # data = { - # topic = "sonoffs/cmnd/SetOption59"; # configure sending state on power change - # payload = "1"; - # }; - #} - ]; - } - ]; -} diff --git a/makefu/2configs/bureautomation/automation/nachtlicht.nix b/makefu/2configs/bureautomation/automation/nachtlicht.nix deleted file mode 100644 index ade89418d..000000000 --- a/makefu/2configs/bureautomation/automation/nachtlicht.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ - services.home-assistant.config.automation = - [ - # TODO: trigger if it is before dusk and somebody arives but nachtlichter are - # off from last day - # TODO: do not have nachtlicht turned on at night - { - alias = "Turn on Nachtlicht at dusk"; # when it gets dim - trigger = - { platform = "numeric_state"; - entity_id = "sun.sun"; - value_template = "{{ state.attributes.elevation }}"; - below = 10; - - }; - action = - { service = "homeassistant.turn_on"; - entity_id = [ "group.nachtlicht" ]; - }; - } - { - alias = "Turn off Nachtlicht at dawn"; - trigger = - { platform = "sun"; - event = "sunrise"; - offset = "01:30:00"; # on dawn - }; - # TODO: when somebody is still in the buero - # condition = - #{ - #}; - action = - { service = "homeassistant.turn_off"; - entity_id = [ "group.nachtlicht" ]; - }; - } - ]; -} diff --git a/makefu/2configs/bureautomation/automation/philosophische-tuer.nix b/makefu/2configs/bureautomation/automation/philosophische-tuer.nix deleted file mode 100644 index 9586d9a46..000000000 --- a/makefu/2configs/bureautomation/automation/philosophische-tuer.nix +++ /dev/null @@ -1,100 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - short_threshold = 30; #seconds - long_threshold = 30; #minutes - sensor = "binary_sensor.buerotuer_contact"; - - # get the list of all - name = "tueraudio"; - prefix = "http://localhost:8123/local/${name}"; - audiodir = "${config.services.home-assistant.configDir}/www/${name}"; - recordrepo = pkgs.fetchFromGitHub { - owner = "makefu"; - repo = "philosophische_tuer"; - rev = "607eff7"; - sha256 = "1qlyqmc65yfb42q4fzd92vinx4i191w431skmcp7xjncb45lfp8j"; - }; - samples = user: lib.mapAttrsToList - (file: _: ''"${prefix}/${user}/${file}"'') - (builtins.readDir (toString ( recordrepo+ "/recordings/${user}"))); - random_tuerspruch = ''{{['' + (lib.concatStringsSep "," ( - (samples "Felix") ++ (samples "Sofia") ++ (samples "Markus") - )) + ''] | random}}''; # TODO read from derivation -in -{ - systemd.services.copy-philosophische-tuersounds = { - description = "copy philosophische tuer"; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "oneshot"; - ExecStart = pkgs.writeDash "update-samples" '' - rm -rf "${audiodir}" - cp -vr "${recordrepo}/recordings" "${audiodir}" - ''; - }; - }; - services.home-assistant.config = { - media_extractor = { }; - script."philosophische_tuer" = { - alias = "Durchsage der philosophischen Tür"; - sequence = [ - { service = "media_player.play_media"; - data = { - entity_id = "media_player.mpd"; - media_content_type = "playlist"; - media_content_id = "ansage"; - }; - } - { delay.seconds = 5; } - { service = "media_extractor.play_media"; - entity_id = "media_player.mpd"; - data_template = { - media_content_id = random_tuerspruch; - media_content_type = "MUSIC"; - }; - } - ]; - }; - automation = - [ - { - alias = "Tür offen seit ${toString short_threshold} sekunden"; - trigger = - { platform = "state"; - entity_id = sensor; - to = "on"; - for.seconds = 60; - }; - action = [ - { service = "homeassistant.turn_on"; - entity_id = "script.philosophische_tuer"; - } - ]; - } - { - alias = "Tür offen seit ${toString long_threshold} minuten"; - trigger = - { platform = "state"; - entity_id = sensor; - to = "on"; - for.minutes = long_threshold; - }; - - action = [ - { service = "homeassistant.turn_on"; - entity_id = "script.philosophische_tuer" ; - } - { service = "tts.google_say"; - entity_id = "media_player.mpd"; - data_template = { - message = "BEEP BOOP - Die Tür ist schon seit ${toString long_threshold} Minuten offen! Student Nummer {{ range(1,500) | random }}, bitte schliesse die Tür"; - language = "de"; - }; - } - ]; - } - ]; - }; - -} diff --git a/makefu/2configs/bureautomation/automation/quotes.nix b/makefu/2configs/bureautomation/automation/quotes.nix deleted file mode 100644 index c4625ae30..000000000 --- a/makefu/2configs/bureautomation/automation/quotes.nix +++ /dev/null @@ -1,4 +0,0 @@ -# heiss -Lieber Freund, was für ein Sommer! Ich denke Sie mir im Zimmer sitzend, mehr Omelette als Mensch. -Sommer ist die Zeit, in der es zu heiß ist, um das zu tun, wozu es im Winter zu kalt war. - diff --git a/makefu/2configs/bureautomation/automation/schlechteluft.nix b/makefu/2configs/bureautomation/automation/schlechteluft.nix deleted file mode 100644 index ea1d44515..000000000 --- a/makefu/2configs/bureautomation/automation/schlechteluft.nix +++ /dev/null @@ -1,75 +0,0 @@ -let - long_threshold = 30; -in -{ - services.home-assistant.config.automation = - [ - { - alias = "Bad Air Alarm 60 seconds"; - trigger = - { platform = "numeric_state"; - entity_id = "sensor.air_quality"; - above = 1523; - for.seconds = 60; - }; - condition = { - condition = "and"; - conditions = [ - { condition = "state"; - entity_id = "group.team"; - state = "home"; - } - { condition = "time"; - after = "06:00:00"; - before = "20:00:00"; - } - ]; - }; - - action = [ - { service = "homeassistant.turn_on"; - entity_id = [ - "script.schlechteluft" - ]; - } - ]; - } - { - alias = "Bad Air Alarm ${toString long_threshold} Minutes"; - trigger = - { platform = "numeric_state"; - entity_id = "sensor.air_quality"; - above = 1523; - for.minutes = long_threshold; - }; - condition = { - condition = "and"; - conditions = [ - { condition = "state"; - entity_id = "group.team"; - state = "home"; - } - { condition = "time"; - after = "06:00:00"; - before = "20:00:00"; - } - ]; - }; - - action = [ - { service = "homeassistant.turn_on"; - entity_id = [ - "script.schlechteluft" - ]; - } - { service = "tts.google_say"; - entity_id = "media_player.mpd"; - data_template = { - message = "BEEP BEEP - Die luft ist schon ${toString long_threshold} Minuten schlecht! Student Nummer {{ range(1,500) | random }}, öffne ein Fenster."; - language = "de"; - }; - } - ]; - } - ]; -} diff --git a/makefu/2configs/bureautomation/binary_sensor/buttons.nix b/makefu/2configs/bureautomation/binary_sensor/buttons.nix deleted file mode 100644 index 20590a6b3..000000000 --- a/makefu/2configs/bureautomation/binary_sensor/buttons.nix +++ /dev/null @@ -1,20 +0,0 @@ -let - tasmota_button = name: topic: - # detects a pushbutton press from tasmota - { platform = "mqtt"; - inherit name; - state_topic = "/bam/${topic}/cmnd/POWER"; - availability_topic = "/bam/${topic}/tele/LWT"; - payload_on = "ON"; - payload_off = "OFF"; - payload_available= "Online"; - payload_not_available= "Offline"; - # expire_after = "5"; #expire after 5 seconds - qos = 1; - }; -in { - services.home-assistant.config.binary_sensor = - [ - (tasmota_button "RedButton" "redbutton") - ]; -} diff --git a/makefu/2configs/bureautomation/binary_sensor/motion.nix b/makefu/2configs/bureautomation/binary_sensor/motion.nix deleted file mode 100644 index 0c5a808e0..000000000 --- a/makefu/2configs/bureautomation/binary_sensor/motion.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - services.home-assistant.config.binary_sensor = - [ - { platform = "mqtt"; - device_class = "motion"; - name = "Motion"; - state_topic = "/bam/easy2/movement/Switch"; - payload_on = "1"; - payload_off = "0"; - availability_topic = "/bam/easy2/tele/LWT"; - payload_available = "Online"; - payload_not_available = "Offline"; - } - ]; -} diff --git a/makefu/2configs/bureautomation/brother-ql-web.nix b/makefu/2configs/bureautomation/brother-ql-web.nix deleted file mode 100644 index 26887db03..000000000 --- a/makefu/2configs/bureautomation/brother-ql-web.nix +++ /dev/null @@ -1,23 +0,0 @@ - {pkgs, ... }: - let - pkg = pkgs.brother_ql_web; - in { - systemd.services.brother-ql-web = { - after = [ "network.target" ]; - description = "Brother QL Web Interface"; - wantedBy = [ "multi-user.target" ]; - environment = { - FLASK_PRINTER = "usb://0x04f9:0x209b/000F1Z401759"; - FLASK_MODEL = "QL-800"; - #FLASK_SERVER_PORT = "8013"; - #FLASK_LABEL_DEFAULT_SIZE = "d24"; - #FLASK_LABEL_DEFAULT_QR_SIZE = "7"; - }; - serviceConfig = { - ExecStart = "${pkg}/bin/brother_ql_web"; - DynamicUser = true; - SupplementaryGroups = "lp"; - Restart = "always"; - }; - }; -} diff --git a/makefu/2configs/bureautomation/camera/comic.nix b/makefu/2configs/bureautomation/camera/comic.nix deleted file mode 100644 index ae24760e3..000000000 --- a/makefu/2configs/bureautomation/camera/comic.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - services.home-assistant.config.camera = - [ - { name = "Poorly Drawn Lines"; - platform = "generic"; - still_image_url = http://127.0.0.1:8123/local/lines.png ; - } - { name = "XKCD"; - platform = "generic"; - still_image_url = http://127.0.0.1:8123/local/xkcd.png ; - } - ]; -} diff --git a/makefu/2configs/bureautomation/camera/stuttgart.nix b/makefu/2configs/bureautomation/camera/stuttgart.nix deleted file mode 100644 index 0badcb285..000000000 --- a/makefu/2configs/bureautomation/camera/stuttgart.nix +++ /dev/null @@ -1,30 +0,0 @@ - -let - cam = name: still_image_url: - { - inherit name still_image_url; - platform = "generic"; - }; -in -{ - services.home-assistant.config.camera = - [ - ( cam "Max-Eyth-See" https://www.wav-stuttgart.de/webcam/_/webcam1.jpg ) - ( cam "Wilhelma" http://webcam.wilhelma.de/webcam02/webcam02.jpg ) - ( cam "Marktplatz" https://webcam.stuttgart.de/wcam007/current.jpg ) - ( cam "Schoch Areal" https://webcam.stuttgart.de/wcam004/current.jpg ) - ( cam "Leuze" https://webcam.stuttgart.de/wcam005/current.jpg ) - ( cam "Straße Wilhelma" https://webcam.stuttgart.de/wcam006/current.jpg ) - ( cam "Fernsehturm 1" http://webcam.fernsehturmstuttgart.com/current.jpg ) - ( cam "Fernsehturm 2" http://webcam.fernsehturmstuttgart.com/current2.jpg ) - ( cam "Feuerbach Lemberg" http://www.regio7.de/handy/current.jpg ) - ( cam "Flughafen Stuttgart 1" http://webcam.flughafen-stuttgart.de/Flughafen_Stuttgart_Webcam2.jpg ) - ( cam "Flughafen Stuttgart 2" http://webcam.flughafen-stuttgart.de/Flughafen_Stuttgart_Webcam5.jpg ) - ( cam "Flughafen Stuttgart 3" http://webcam.flughafen-stuttgart.de/Flughafen_Stuttgart_Webcam7.jpg ) - ( cam "S21 1" http://webcam-bahnprojekt-stuttgart-ulm.de/S21-Turm-03/s21-turm03.jpg ) - ( cam "S21 2" http://webcam-bahnprojekt-stuttgart-ulm.de/S21-Turm-02/s21-turm-02.jpg ) - ( cam "S21 3" http://webcam-bahnprojekt-stuttgart-ulm.de/S21-Turm-01/s21-turm-01.jpg ) - ( cam "S21 4" http://webcam-bahnprojekt-stuttgart-ulm.de/S21-Jaegerstrasse-Nordkopf/s21-jaegerstrassse-nordkopf.jpg ) - ( cam "S21 5" http://webcam-bahnprojekt-stuttgart-ulm.de/S21-Bahndirektion-Nord/S21-Bundesbahndirektion-Nord.jpg ) - ]; -} diff --git a/makefu/2configs/bureautomation/camera/verkehrskamera.nix b/makefu/2configs/bureautomation/camera/verkehrskamera.nix deleted file mode 100644 index f09dc9423..000000000 --- a/makefu/2configs/bureautomation/camera/verkehrskamera.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - services.home-assistant.config.camera = - [ - { name = "Baumarkt"; - platform = "generic"; - still_image_url = http://t4915209254324-p80-c0-h6jv2afnujcoftrcstsafb45kdrqv4buy.webdirect.mdex.de/oneshotimage ;# baumarkt - } - { name = "Autobahn Heilbronn"; - platform = "generic"; - still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K10 ; - } - { name = "Autobahn Singen"; - platform = "generic"; - still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K11 ; - } - ]; -} diff --git a/makefu/2configs/bureautomation/comic-updater.nix b/makefu/2configs/bureautomation/comic-updater.nix deleted file mode 100644 index 5804d66d2..000000000 --- a/makefu/2configs/bureautomation/comic-updater.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, lib, pkgs, buildPythonPackage, ... }: - -let - mq = "192.168.8.11"; - pkg = pkgs.ampel; -in { - systemd.services.comic-updater = { - startAt = "daily"; - description = "update our comics"; - after = [ "network-online.target" ] ++ (lib.optional config.services.mosquitto.enable "mosquitto.service"); - path = with pkgs; [ wget xmlstarlet ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - # User = "hass"; - #WorkingDirectory = config.services.home-assistant.configDir; - WorkingDirectory = "/var/lib/homeassistant-docker"; - ExecStart = pkgs.writeDash "update-comics" '' - set -euf - mkdir -p www/ - cd www/ - # poorly drawn lines - pic=$(wget -O- http://www.poorlydrawnlines.com/feed/ \ - | xml sel -t -v '/rss/channel/item/content:encoded' \ - | head -n 2 | sed -n 's/.*src="\([^"]\+\)".*/\1/p' ) - wget "$pic" -nc && cp -v "$(basename "$pic")" lines.png - - #pic=$(curl -L xkcd.com 2>/dev/null | grep imgs.xkcd.com | grep title | sed -n 's/.*src="\([^"]\+\)" .*/https:\1/p') - # xkcd - pic=$(wget -O- https://xkcd.com/rss.xml \ - | xml sel -t -v '/rss/channel/item/description' \ - | head -n 1 | sed -n 's/.*src="\([^"]\+\)".*/\1/p' ) - wget "$pic" -nc && cp -v "$(basename "$pic")" xkcd.png - ''; - PrivateTmp = true; - }; - }; -} diff --git a/makefu/2configs/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix deleted file mode 100644 index cd162ba3b..000000000 --- a/makefu/2configs/bureautomation/default.nix +++ /dev/null @@ -1,203 +0,0 @@ -{ config, pkgs, lib, ... }: -let - kodi-host = "192.168.8.11"; - unstable = import <nixpkgs-unstable> {}; - confdir = "/var/lib/homeassistant-docker"; -in { - imports = [ - ./ota.nix - ./comic-updater.nix - # ./puppy-proxy.nix - - ./zigbee2mqtt - ./rhasspy.nix - - # hass config - ## complex configs - # ./multi/daily-standup.nix - #./multi/aramark.nix - #./multi/matrix.nix - #./multi/frosch.nix - #./multi/mittagessen.nix - #./multi/10h_timers.nix - - #./switch/tasmota_switch.nix - #./switch/rfbridge.nix - - #./light/statuslight.nix - #./light/buzzer.nix - - #./script/multi_blink.nix - - #./binary_sensor/buttons.nix - #./binary_sensor/motion.nix - - ## ./sensor/pollen.nix requires dwd_pollen - #./sensor/espeasy.nix - #./sensor/airquality.nix - #./sensor/outside.nix - #./sensor/tasmota_firmware.nix - - #./camera/verkehrskamera.nix - #./camera/comic.nix - #./camera/stuttgart.nix - #./automation/bureau-shutdown.nix - #./automation/nachtlicht.nix - #./automation/schlechteluft.nix - #./automation/philosophische-tuer.nix - #./automation/hass-restart.nix - #./device_tracker/openwrt.nix - #./person/team.nix - ]; - - networking.firewall.allowedTCPPorts = [ 8123 ]; - state = [ "/var/lib/hass/known_devices.yaml" ]; - virtualisation.oci-containers.containers.hass = { - image = "homeassistant/home-assistant:latest"; - #user = "${toString config.users.users.kiosk.uid}:${toString config.users.groups.kiosk.gid}"; - #user = "${toString config.users.users.kiosk.uid}:root"; - environment = { - TZ = "Europe/Berlin"; - PUID = toString config.users.users.kiosk.uid; - PGID = toString config.users.groups.kiosk.gid; - UMASK = "007"; - }; - extraOptions = ["--net=host" ]; - volumes = [ - "${confdir}:/config" - "/data/music:/config/media" - #"${confdir}/docker-run:/etc/services.d/home-assistant/run:" - ]; - }; - systemd.tmpfiles.rules = [ - #"f ${confdir}/docker-run 0770 kiosk kiosk - -" - "d ${confdir} 0770 kiosk kiosk - -" - ]; - #services.home-assistant = { - # enable = true; - # package = (unstable.home-assistant.overrideAttrs (old: { - # doInstallCheck = false; - # })).override { - # extraPackages = p: [ - # # TODO: put somewhere else - # (p.callPackage <stockholm/makefu/2configs/home/ham/deps/dwdwfsapi.nix> {}) - # # (p.callPackage <stockholm/makefu/2configs/home/ham/deps/pykodi.nix> {}) - # p.APScheduler ]; - # }; - # autoExtraComponents = true; - # config = { - # config = {}; - # discovery = {}; - # homeassistant = { - # name = "Bureautomation"; - # time_zone = "Europe/Berlin"; - # latitude = "48.8265"; - # longitude = "9.0676"; - # elevation = 303; - # auth_providers = [ - # { type = "homeassistant";} - # { type = "legacy_api_password"; - # api_password = "sistemas"; - # } - # { type = "trusted_networks"; - # trusted_networks = [ - # "127.0.0.1/32" - # "192.168.8.0/24" - # "::1/128" - # "fd00::/8" - # ]; - # # allow_bypass_login = true; - # } - # ]; - # }; - # # https://www.home-assistant.io/components/influxdb/ - # influxdb = { - # database = "hass"; - # tags = { - # instance = "wbob"; - # source = "hass"; - # }; - # }; - # mqtt = { - # discovery = true; - # discovery_prefix = "homeassistant"; - # broker = "localhost"; - # port = 1883; - # client_id = "home-assistant"; - # keepalive = 60; - # protocol = 3.1; - # birth_message = { - # topic = "/bam/hass/tele/LWT"; - # payload = "Online"; - # qos = 1; - # retain = true; - # }; - # will_message = { - # topic = "/bam/hass/tele/LWT"; - # payload = "Offline"; - # qos = 1; - # retain = true; - # }; - # }; - # notify = [ - # { - # platform = "kodi"; - # name = "wbob-kodi"; - # host = kodi-host; - # } - # #{ - # # platform = "telegram"; - # # name = "telegrambot"; - # # chat_id = builtins.elemAt - # # (builtins.fromJSON (builtins.readFile - # # <secrets/hass/telegram-bot.json>)).allowed_chat_ids 0; - # #} - # ]; - # media_player = [ - # { platform = "kodi"; - # host = kodi-host; - # } - # { platform = "mpd"; - # host = "127.0.0.1"; - # } - # ]; - - # # sensor = [{ platform = "version"; }]; # pyhaversion - - - - # frontend = { }; - # http = { - # # TODO: https://github.com/home-assistant/home-assistant/issues/16149 - # # base_url = "http://192.168.8.11:8123"; - # }; - # conversation = {}; - # history = {}; - # logbook = {}; - # tts = [ - # { platform = "google_translate"; - # language = "de"; - # time_memory = 57600; - # service_name = "google_say"; - # } - # { platform = "voicerss"; - # api_key = builtins.readFile <secrets/hass/voicerss.apikey>; - # language = "de-de"; - # } - # #{ platform = "picotts"; - # # language = "de-DE"; - # #} - # ]; - # recorder = {}; - # sun = {}; - # #telegram_bot = [ - # # (builtins.fromJSON - # # (builtins.readFile <secrets/hass/telegram-bot.json>)) - # #]; - # # only for automation - # # feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ]; - # # we don't use imports because the expressions do not merge in - # # home-assistant - # }; - #}; -} diff --git a/makefu/2configs/bureautomation/deps/aresponses.nix b/makefu/2configs/bureautomation/deps/aresponses.nix deleted file mode 100644 index 9e64d2f65..000000000 --- a/makefu/2configs/bureautomation/deps/aresponses.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ lib -, buildPythonPackage -, fetchPypi -# propagatedBuildInputs -, aiohttp -# buildInputs -, pytest -, pytest-asyncio -}: - -buildPythonPackage rec { - pname = "aresponses"; - version = "1.1.1"; - - src = fetchPypi { - inherit pname version; - sha256 = "d1d6ef52b9a97142d106688cf9b112602ef3dc66f6368de8f91f47241d8cfc9c"; - }; - - propagatedBuildInputs = [ - aiohttp - ]; - - buildInputs = [ - pytest - pytest-asyncio - ]; - - # tests only distributed via git repository, not pypi - doCheck = false; - - meta = with lib; { - description = "Asyncio testing server"; - homepage = "https://github.com/circleup/aresponses"; - license = licenses.mit; - maintainers = [ maintainers.makefu ]; - }; -} diff --git a/makefu/2configs/bureautomation/deps/openwrt-luci-rpc.nix b/makefu/2configs/bureautomation/deps/openwrt-luci-rpc.nix deleted file mode 100644 index 4eceeb146..000000000 --- a/makefu/2configs/bureautomation/deps/openwrt-luci-rpc.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ lib -, buildPythonPackage -, fetchPypi -, click -, requests -, packaging -}: - -buildPythonPackage rec { - pname = "openwrt-luci-rpc"; - version = "1.1.2"; - - src = fetchPypi { - inherit pname version; - sha256 = "174a1f6c0bb2a2ed76e5299d14e2be05c612e8bcd4c15b9a9aedee1ef8e18b90"; - }; - - patchPhase = '' - sed -i -e "s/requests==2.21.0/requests/" -e "s/packaging==19.1/packaging/" setup.py - ''; - - propagatedBuildInputs = [ - click - requests - packaging - ]; - - meta = with lib; { - description = "Module for interacting with OpenWrt Luci RPC interface"; - homepage = https://github.com/fbradyirl/openwrt-luci-rpc; - license = licenses.asl20; - maintainers = [ maintainers.makefu ]; - }; -} diff --git a/makefu/2configs/bureautomation/device_tracker/openwrt.nix b/makefu/2configs/bureautomation/device_tracker/openwrt.nix deleted file mode 100644 index b597548ef..000000000 --- a/makefu/2configs/bureautomation/device_tracker/openwrt.nix +++ /dev/null @@ -1,18 +0,0 @@ -# requires `opkg install luci-mod-rpc` on router -# see https://www.home-assistant.io/components/luci/ - -{ - services.home-assistant.config.device_tracker = - [ - { platform = "luci"; - host = "192.168.8.1"; - username = "root"; - password = import <secrets/hass/router.nix>; - interval_seconds = 30; # instead of 12seconds - consider_home = 300; # 5 minutes timeout - new_device_defaults = { - track_new_devices = true; - }; - } - ]; -} diff --git a/makefu/2configs/bureautomation/devices/users.nix b/makefu/2configs/bureautomation/devices/users.nix deleted file mode 100644 index 305c0ca86..000000000 --- a/makefu/2configs/bureautomation/devices/users.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - thorsten-phone = { - name = "Thorsten"; - mac = "8c:f5:a3:bc:83:a0"; - track = true; - hide_if_away = true; - }; - felix-laptop = { - name = "Felix"; - mac = "6c:88:14:b4:43:9c"; - track = true; - hide_if_away = true; - }; - # b0:e5:ed:52:ee:43 - honor8 - # 38:94:96:b0:13:c7 - android-4ef03e4f4a14b6b9 - # ac:5f:3e:cc:b8:5e - Galaxy S7 -} diff --git a/makefu/2configs/bureautomation/kalauerbot.nix b/makefu/2configs/bureautomation/kalauerbot.nix deleted file mode 100644 index aa66e30b4..000000000 --- a/makefu/2configs/bureautomation/kalauerbot.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ config, lib, pkgs, ... }: -let - oofdir = fetchTarball { - url = "https://o.euer.krebsco.de/s/AZn9QPLGFZeDfNq/download"; - sha256 = "1wa59rkgffql6hbiw9vv0zh35wx9x1cp4bnwicprbd0kdxj75miz"; - }; - -in -{ - systemd.services.kalauerbot = { - description = "Kalauerbot"; - after = [ "network-online.target" ]; - wantedBy = [ "multi-user.target" ]; - environment = import <secrets/bureautomation/citadel.nix> // { - "KALAUER_OOFDIR" = oofdir; - }; - serviceConfig = { - DynamicUser = true; - StateDirectory = "kalauerbot"; - WorkingDirectory = "/var/lib/kalauerbot"; - ExecStart = "${pkgs.kalauerbot}/bin/kalauerbot"; - PrivateTmp = true; - - Restart = "always"; - RuntimeMaxSec = "12h"; - }; - }; -} diff --git a/makefu/2configs/bureautomation/led-fader.nix b/makefu/2configs/bureautomation/led-fader.nix deleted file mode 100644 index d7f728534..000000000 --- a/makefu/2configs/bureautomation/led-fader.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, lib, pkgs, buildPythonPackage, ... }: - -let - mq = "192.168.8.11"; - pkg = pkgs.ampel; -in { - systemd.services.led-fader = { - description = "Send led change to message queue"; - environment = { - NIX_PATH = "/var/src"; - }; - after = [ "network-online.target" ] ++ (lib.optional config.services.mosquitto.enable "mosquitto.service"); - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - # User = "nobody"; # need a user with permissions to run nix-shell - ExecStartPre = pkgs.writeDash "sleep.sh" "sleep 2"; - ExecStart = "${pkg}/bin/ampel"; - Restart = "always"; - RestartSec = 10; - PrivateTmp = true; - }; - }; -} diff --git a/makefu/2configs/bureautomation/lib/scripts.nix b/makefu/2configs/bureautomation/lib/scripts.nix deleted file mode 100644 index d8665f94f..000000000 --- a/makefu/2configs/bureautomation/lib/scripts.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ lib, ... }: -{ - multi_flash = { entity, delays ? [ 500 ], alias ? "${entity}_multi_flash_${toString (lib.length delays)}" }: - { - inherit alias; - sequence = lib.flatten (builtins.map (delay: [ - { service = "homeassistant.turn_on"; - data.entity_id = entity; - } - { delay.milliseconds = delay; } - { service = "homeassistant.turn_off"; - data.entity_id = entity; - } - { delay.milliseconds = delay; } - ] - ) delays); - }; -} diff --git a/makefu/2configs/bureautomation/light/buzzer.nix b/makefu/2configs/bureautomation/light/buzzer.nix deleted file mode 100644 index 4851dbd9b..000000000 --- a/makefu/2configs/bureautomation/light/buzzer.nix +++ /dev/null @@ -1,30 +0,0 @@ -let - tasmota_pwm = name: topic: pwmid: max: - let - id = "PWM${toString pwmid}"; - in { platform = "mqtt"; - inherit name; - state_topic = "/bam/${topic}/stat/RESULT"; - state_value_template = ''{%- if value_json["PWM"]["${id}"]| int > 0 -%} ${toString max} {%- else -%} 0 {%- endif -%}''; - - command_topic = "/bam/${topic}/cmnd/${id}"; - on_command_type = "brightness"; - brightness_command_topic = "/bam/${topic}/cmnd/${id}"; - brightness_value_template = ''{{value_json["PWM"]["${id}"]}}''; - brightness_scale = max; - payload_on = "${toString max}"; - payload_off = "0"; - availability_topic = "/bam/${topic}/tele/LWT"; - payload_available= "Online"; - payload_not_available= "Offline"; - retain = true; - optimistic = false; - qos = 0; - }; -in { - services.home-assistant.config.light = - [ - # (tasmota_pwm "RedButton LED" "redbutton" 1 1023) #LED PWM1 - # (tasmota_pwm "RedButton Buzzer" "redbutton" 2 512) #buzzer PWM2 - ]; -} diff --git a/makefu/2configs/bureautomation/light/statuslight.nix b/makefu/2configs/bureautomation/light/statuslight.nix deleted file mode 100644 index de65a2379..000000000 --- a/makefu/2configs/bureautomation/light/statuslight.nix +++ /dev/null @@ -1,58 +0,0 @@ -let - tasmota_rgb = name: topic: -# LED WS2812b -# effect_state_topic: "stat/led/Scheme" -# effect_command_topic: "cmnd/led/Scheme" -# effect_value_template: "{{ value_json.Scheme }}" - { platform = "mqtt"; - inherit name; - retain = false; - qos = 1; - #optimistic = true; - # state - command_topic = "/bam/${topic}/cmnd/POWER"; - state_topic = "/bam/${topic}/tele/STATE"; - value_template = "{{ value_json.POWER }}"; - availability_topic = "/bam/${topic}/tele/LWT"; - payload_on = "ON"; - payload_off = "OFF"; - payload_available= "Online"; - payload_not_available= "Offline"; - # brightness - brightness_state_topic = "/bam/${topic}/tele/STATE"; - brightness_value_template = "{{value_json.Dimmer|default(100)}}"; - brightness_command_topic = "/bam/${topic}/cmnd/Dimmer"; - brightness_scale = 100; - # color - rgb_state_topic = "/bam/${topic}/stat/RESULT"; - rgb_command_topic = "/bam/${topic}/cmnd/Color2"; - rgb_value_template = "{{(value_json.Channel[0]*2.55)|int}},{{(value_json.Channel[1]*2.55)|int}},{{(value_json.Channel[2]*2.55)|int}}"; - - # effects - effect_state_topic = "/bam/${topic}/tele/STATE"; - effect_value_template = "{{value_json.Scheme|default(0)}}"; - effect_command_topic = "/bam/${topic}/cmnd/Scheme"; - effect_list = [ - 0 # single color for LED light - 1 # start wake up sequence (same as Wakeup) - 2 # cycle up through colors using Speed option - 3 # cycle down through colors using Speed option - 4 # random cycle through colors using Speed and Fade - 5 # clock mode (example) - 6 # candlelight pattern - 7 # RGB pattern - 8 # Christmas pattern - 9 # Hannukah pattern - 10 # Kwanzaa pattern - 11 # rainbow pattern - 12 # fire pattern - ]; - }; -in { - services.home-assistant.config.light = - [ - (tasmota_rgb "Status Felix" "status1") - (tasmota_rgb "Status Daniel" "status2") - (tasmota_rgb "Buslicht" "buslicht") - ]; -} diff --git a/makefu/2configs/bureautomation/mpd.nix b/makefu/2configs/bureautomation/mpd.nix deleted file mode 100644 index 1f5acb357..000000000 --- a/makefu/2configs/bureautomation/mpd.nix +++ /dev/null @@ -1,9 +0,0 @@ -{lib,pkgs, ... }: - -{ - systemd.services."ympd-wbob" = { - description = "mpd "; - wantedBy = [ "multi-user.target" ]; - serviceConfig.ExecStart = "${pkgs.ympd}/bin/ympd --host localhost --port 6600 --webport 8866 --user nobody"; - }; -} diff --git a/makefu/2configs/bureautomation/multi/10h_timers.nix b/makefu/2configs/bureautomation/multi/10h_timers.nix deleted file mode 100644 index 6edcde4b0..000000000 --- a/makefu/2configs/bureautomation/multi/10h_timers.nix +++ /dev/null @@ -1,210 +0,0 @@ -{lib, ... }: -let - persons = [ "frank" "daniel" "thorsten" "carsten" "ecki" "felix" - "thierry" # tjeri - "emeka" - "tancrede" - ]; - random_zu_lange = name: ''{{ [ - "Du musst jetzt endlich nach Hause gehen ${name}!", - "${name} - 10 Stunden sind rum, bald schenkst du den Franzosen deine Lebenszeit", - "Nur eine Minute über 10 Stunden kann zu einer Stunde Arbeit für Thorsten werden, ${name}.", - "In 10 Minuten kommt dich der Security Mann holen, ${name}", - "Das Sandmännchen ist schon vorbei, gleich fallen dir die Augen zu ${name}.", - "Wenn ${name} sofort los geht, dann ist er noch rechtzeitig für den Tatort zu Hause.", - "${name} muss jetzt gehen, sonst verpasst er die Tagesschau!", - "Es ist spät ${name}. Ausstempeln hilft zwar kurzfristig, kann aber zu langfristigen Problemen führen.", - "${name}, wenn du nach zehn Stunden nach Hause gehst, muss dir dein Vorgesetzter ein Taxi bestellen", - "${name}, wenn du nach zehn Stunden nach Hause gehst, bist du auf dem Rückweg nicht mehr versichert!", - "Zu lange, ${name}!" ] | random }}'' ; - - - random_announce = name: ''{{ [ - "${name} is in da House", - "Ahoi ${name}", - "Hallöchen Popöchen ${name}", - "Moinsen ${name}", - "Moin Moin ${name}", - "Palim, Palim ${name}", - "Vorwärts Genosse ${name}", - "Gemeinsame Grüße, Genosse ${name}", - "Sozialistische Grüße, Genosse ${name}", - "Konzentrierte Grüße, Genosse ${name}", - "Ach, der ${name} ist auch wieder da...", - "Nicht ${name} schon wieder", - "Tri tra tralala, der ${name} ist wieder da.", - "Na sieh mal einer an, ${name} hat es auch her geschafft", - "Wer ist im Büro eingetroffen? ${name} ist es!", - "Willkommen in deinem Lieblingsbüro, ${name}.", - "Klopf, Klopf, wer ist da? ${name} ist da!", - "Messer, Gabel, Schere, Licht sind für kleinen ${name} nicht.", - "Ich kenne ein Geheimnis, ${name} ist angekommen", - "Wir sind ${name}. Sie werden assimiliert werden", - "Achtung, es erfolgt eine Durchsage. ${name} ist eingetroffen", - "Die Scanner haben eine dem System bekannte Lebensform mit dem Namen ${name} detektiert", - "Das Büro sieht dich, ${name}", - "Das Büro riecht dich, ${name}", - "Im Kalender von ${name} sind heute acht Meetings eingeplant, von denen zwei bereits verpasst wurden", - "Das Postfach von ${name} beinhaltet einhundertachtundzwanzig ungelesene E-Mails.", - "Nachricht von Serge: ${name}, bitte melden Sie sich Umgehend bei mir im Büro!", - "Luftqualität hat sich durch das Eintreffen von ${name} um zweihundert Punkte verschlechtert, bitte alle Fenster öffnen.", - "Die Tür geht auf, wer mag das sein? Schon schreitet hier der ${name} ein. Das Volk, es jubelt, Dirnen schmachten. Fürs Festmahl beginnt man schon zu schlachten. Er wird nur nach dem besten streben! Der ${name}, er soll lange leben!", - "${name} arbeitet gern für seinen Konzern", - "${name} ist nur froh im Großraumbüro", - "Für ${name} ist die schönste Zeit ... die Arbeit", - "Ein Fleißbienchen für ${name} zum rechtzeitigen Erscheinen im Büro", - "${name} ist heute wohl doch nicht im Office Home", - "${name} ist bereit für einen Tag voller Meetings", - "Und es startet für ${name} wieder ein Tag im Paradies", - "Lieber ${name}, Markus Keck hat dich bereits drei mal Versucht anzurufen!", - "Trotz schwerer Männergrippe ist ${name} heute im Büro erschienen.", - "${name} kennt keine Parteien mehr, ${name} kennt nur noch Arbeitsplätze", - "${name}, Frage nicht, was dein Arbeitsplatz für dich tun kann. Frage, was du für deinen Arbeitsplatz tun kannst", - "${name} läuft bis in den Jemen - für sein Unternehmen. ${name} schwimmt bis nach Birma - für seine Firma", - "Der Cyberian ${name} ist gekommen um die Bahnwelt vor Cyber-Angriffen zu schützen", - "Alles paletto im Ghetto, ${name}?", - "Hach, ${name}, wenn du hier rein kommst fühlt es sich gleich wieder an wie Montag.", - "Oh nein, nicht schon wieder ${name}", - "Wer wohnt in der Ananas ganz tief im Meer? ${name} Schwammkopf!", - "Arbeit ist Freizeit! Wachstum ist Fortschritt! Sicherheit ist Freiheit! Eine kleine Erinnerung für ${name}"] | random }}'' ; - tmr_10h = name: { - "${name}_10h" = { - name = "${name} 10h Timer"; - duration = "10:00:00"; - }; - }; - - zu_lange_user = name: - { "zu_lange_${name}" = { - alias = "Random Zu Lange ${name}"; - - sequence = [ - { service = "media_player.play_media"; - data = { - entity_id = "media_player.mpd"; - media_content_type = "playlist"; - media_content_id = "ansage"; - }; - } - { delay.seconds = 5; } - { service = "tts.google_say"; - entity_id = "media_player.mpd"; - data_template = { - message = random_zu_lange name; - language = "de"; - }; - } - ]; - }; - }; - announce_user = name: - { "announce_${name}" = { - alias = "Random Announce ${name}"; - sequence = [ - { delay.seconds = 7; } - { service = "media_player.play_media"; - data = { - entity_id = "media_player.mpd"; - media_content_type = "playlist"; - media_content_id = "ansage"; - }; - } - { delay.seconds = 4; } - { service = "tts.google_say"; - entity_id = "media_player.mpd"; - data_template = { - message = random_announce name; - language = "de"; - }; - } - ]; - }; - }; - automation_10h = name: [ - { alias = "start ${name} 10h"; - trigger = { - platform = "state"; - entity_id = [ "person.${name}"]; - from = "not_home"; - to = "home"; - }; - condition = { - condition = "and"; - conditions = [ - { condition = "state"; - entity_id = "timer.${name}_10h"; - state = "idle"; - } - { condition = "time"; - after = "06:00:00"; - before = "12:00:00"; - } - ]; - }; - action = [ - { service = "timer.start"; - entity_id = [ "timer.${name}_10h" ] ; - } - { service = "homeassistant.turn_on"; - entity_id = - [ "switch.fernseher" - "script.blitz_10s" - "script.announce_${name}" - ]; - } - ]; - } - - { alias = "pommes announce ${name}"; - trigger = - { platform = "event"; - event_type = "timer.started"; - event_data.entity_id = "timer.${name}_10h"; - }; - - condition = - { condition = "state"; - entity_id = "binary_sensor.pommes"; - state = "on"; - }; - - action = - { service = "homeassistant.turn_on"; - entity_id = "script.blasen_10s" ; - }; - } - - { alias = "Zu lange ${name}!"; - trigger = - { platform = "event"; - event_type = "timer.finished"; - event_data.entity_id = "timer.${name}_10h"; - }; - - condition = - { condition = "state"; - entity_id = "person.${name}"; - state = "home"; - }; - - action = - { service = "homeassistant.turn_on"; - entity_id = [ - "script.blitz_10s" - "script.zu_lange_${name}" - ]; - }; - } - ]; -in -{ - services.home-assistant.config = { - timer =lib.fold lib.recursiveUpdate {} - (map tmr_10h persons); - automation = (lib.flatten (map automation_10h persons)); - script = lib.fold lib.recursiveUpdate {} ( - (map announce_user persons) ++ - (map zu_lange_user persons) - ); - }; -} diff --git a/makefu/2configs/bureautomation/multi/aramark.nix b/makefu/2configs/bureautomation/multi/aramark.nix deleted file mode 100644 index 45fadb082..000000000 --- a/makefu/2configs/bureautomation/multi/aramark.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ lib, ... }: -let - aramark = topic: name: - { platform = "mqtt"; - inherit name; - state_topic = "/aramark/thales-deutschland/${topic}"; - }; - aramark_menue = menue: - [ - (aramark "${menue}/title" menue) - (aramark "${menue}/description" "${menue} Text") - ((aramark "${menue}/price" "${menue} Preis") // { unit_of_measurement = "€"; }) - ]; -in - { - services.home-assistant.config = - { - sensor = (aramark_menue "Menü 1") - ++ (aramark_menue "Menü 2") - ++ (aramark_menue "Mercato") - ++ (aramark_menue "Aktion"); - binary_sensor = - [ - ((aramark "pommes" "Pommes" ) // { payload_on = "True"; payload_off = "False"; }) - ]; - }; -} diff --git a/makefu/2configs/bureautomation/multi/daily-standup.nix b/makefu/2configs/bureautomation/multi/daily-standup.nix deleted file mode 100644 index 063def1ef..000000000 --- a/makefu/2configs/bureautomation/multi/daily-standup.nix +++ /dev/null @@ -1,57 +0,0 @@ -{lib, ... }: -let - random_daily_text = ''{{ [ - "Es ist so weit, es ist Standup Zeit!", - "Zehn Uhr Fünfunddreissig ist genau die richtige Zeit für ein Standup!", - "Hat jeder seine zum Standup seine Hausaufgaben gemacht. Bitte einmal aufstehen und den Zettel nach rechts geben", - "Aufstehen zum Appell, es wird die Anwesenheit kontrolliert!", - "Hallo Kinder, wisst ihr welche Zeit es ist ... Genau ... Standup Zeit!", - "Morgens, halb elf in Deutschland - das Standupchen" ] | random }}''; - -in { - services.home-assistant.config = - { - script = - { "random_daily" = { - alias = "Random Daily Introduction"; - - sequence = [ - { service = "media_player.play_media"; - data = { - entity_id = "media_player.mpd"; - media_content_type = "playlist"; - media_content_id = "ansage"; - }; - } - { delay.seconds = 5; } - { service = "tts.google_say"; - entity_id = "media_player.mpd"; - data_template = { - message = random_daily_text; - language = "de"; - }; - } - ]; - }; - }; - automation = [ - { - alias = "Daily Standup"; - trigger = { - platform = "time"; - at = "10:35:00"; - }; - action = - [ - { service = "homeassistant.turn_on"; - entity_id = [ - "script.blitz_10s" - "script.random_daily" - ]; - } - ]; - - } - ]; - }; -} diff --git a/makefu/2configs/bureautomation/multi/frosch.nix b/makefu/2configs/bureautomation/multi/frosch.nix deleted file mode 100644 index 61606d4eb..000000000 --- a/makefu/2configs/bureautomation/multi/frosch.nix +++ /dev/null @@ -1,103 +0,0 @@ -{lib, ... }: -# needs: binary_sensor.pommes -# notify.matrix_notify -let - random_pommes = '' {{ [ - "Nur ein Pommes Tag ist ein guter Tag", - "Schaut wie schön sie fliegen, die Pommes Seifenblasen", - "zwo ... eins ... Pommes Zeit", - "I cannot believe it is not Pommes", - "Naja, wenn es sonst schon nichts anderes gibt, kann man jetzt auch pommes nehmen", - "Wenn Aramark was kann, dann ist es frittieren", - "Einmal das Hauptgericht mit Pommes, ohne Hauptgericht", - "Rieche ich da etwa Pommes? JA!", - "Pommes ist auch nur Gemüse,also keine Reue und schlag zu!", - "Mit nur fünf Portionen Pommes kann man schon satt werden.", - "Heute für Sie, 15 Pommes von hand abgezählt", - "Der Weltmarktpreis von Pommes ist durch verschiedene Weltkrisen leider so hoch, dass Aramark den Verkaufspreis verdoppeln musste.", - "Vorfreude, schönste Freude, Freude bei Aramark. Pommes in die Schale rein, alle Kunden werden glücklich sein.", - "In 15 Minuten ist es wieder so weit, es ist Pommes Zeit!"] | random }}''; -in -{ - services.home-assistant.config = - { - sensor = [ - { platform = "mqtt"; - name = "frosch brightness"; - device_class = "illuminance"; - state_topic = "/bam/frosch/sensor/brightness/state"; - availability_topic = "/bam/frosch/status"; - payload_available = "online"; - payload_not_available = "offline"; - } - ]; - binary_sensor = [ - { platform = "mqtt"; - name = "frosch auge"; - state_topic = "/bam/frosch/binary_sensor/froschauge/state"; - availability_topic = "/bam/frosch/status"; - payload_available = "online"; - payload_not_available = "offline"; - } - ]; - switch = [ - { platform = "mqtt"; - name = "frosch blasen"; - state_topic = "/bam/frosch/switch/blasen/state"; - command_topic = "/bam/frosch/switch/blasen/command"; - availability_topic = "/bam/frosch/status"; - payload_available = "online"; - payload_not_available = "offline"; - } - ]; - light = []; - automation = [ - { alias = "Pommeszeit"; - trigger = { - platform = "time"; - at = "11:00:00"; - }; - condition = { - condition = "state"; - entity_id = "binary_sensor.pommes"; # from multi/aramark.nix - state = "on"; - }; - action = [ - { service = "homeassistant.turn_on"; - entity_id = [ - "script.pommes_announce" - "script.seifenblasen_30s" # from script/multi_blink.nix - ]; - } - ]; - } - ]; - script = { - pommes_announce = { - alias = "Random Pommes announce"; - sequence = [ - { - service = "media_player.play_media"; - data = { - entity_id = "media_player.mpd"; - media_content_type = "playlist"; - media_content_id = "ansage"; - }; - } - { delay.seconds = 5; } - { - service = "tts.google_say"; - entity_id = "media_player.mpd"; - data_template = { - message = random_pommes; - language = "de"; - }; - } - { service = "notify.matrix_notify"; - data_template.message = random_pommes; - } - ]; - }; - }; - }; -} diff --git a/makefu/2configs/bureautomation/multi/matrix.nix b/makefu/2configs/bureautomation/multi/matrix.nix deleted file mode 100644 index b9b8fc4e8..000000000 --- a/makefu/2configs/bureautomation/multi/matrix.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ lib, ... }: -#matrix: -# password: supersecurepassword -# rooms: -# - "#hasstest:matrix.org" -# commands: -# - word: my_command -# name: my_command -let - mom_room = "!kTQjvTQvfVsvfEtmth:thales.citadel.team"; -in -{ - services.home-assistant.config = - { - matrix = - { - # secrets: - # homeserver, username, password - homeserver = "https://ext01.citadel.team"; - rooms = [ - mom_room - ]; - commands = [ - { - # alternative: expression for regexp - word = "version"; - name = "version"; - } - { - word = "luftqualität"; - name = "luftqualitaet"; - } - ]; - } // (builtins.fromJSON (builtins.readFile - <secrets/hass/citadel-bot.json>)); - automation = [ - { - alias = "React to !version"; - trigger = { - platform = "event"; - event_type = "matrix_command"; - event_data.command = "version"; - }; - action = { - service = "notify.matrix_notify"; - data_template.message = "Running home-assistant {{states.sensor.current_version.state}}"; - }; - } - { - alias = "React to !luftqualität"; - trigger = { - platform = "event"; - event_type = "matrix_command"; - event_data.command = "luftqualitaet"; - }; - action = { - service = "notify.matrix_notify"; - data_template.message = ''Temp: {{states.sensor.notizen_temperature.state_with_unit | replace (" ","")}}, Hum:{{states.sensor.notizen_humidity.state_with_unit | replace (" ","")}}, airquality:{{states.sensor.air_quality.state_with_unit}}''; - }; - } - - ]; - notify = [{ - name = "matrix_notify"; - platform = "matrix"; - default_room = mom_room; - }]; - }; -} diff --git a/makefu/2configs/bureautomation/multi/mittagessen.nix b/makefu/2configs/bureautomation/multi/mittagessen.nix deleted file mode 100644 index 52ec99a92..000000000 --- a/makefu/2configs/bureautomation/multi/mittagessen.nix +++ /dev/null @@ -1,92 +0,0 @@ -{ lib, ... }: -let - # TODO: remove redundant code (from multi_blink) via lib - flash_entity = { entity, delay ? 500, count ? 4, alias ? "${entity}_blink_${toString count}_${toString delay}" }: - { - inherit alias; - sequence = lib.flatten (builtins.genList (i: [ - { service = "homeassistant.turn_on"; - data.entity_id = entity; - } - { delay.milliseconds = delay; } - { service = "homeassistant.turn_off"; - data.entity_id = entity; - } - { delay.milliseconds = delay; } - ] - ) count); - }; - # TODO: use influxdb and check if pommes - random_mittagessen = '' {{ [ - "Es ist 12 uhr 30. Der Aramark Gourmettempel hat, wie jeden Tag, wieder die feinsten Köstlichkeiten für euch Vorbereitet", - "Heute bei Aramark: Rezepte aus Ländern, von denen Ihr noch nie gehört habt, Deutsch zubereitet", - "Heute bei Aramark im Angebot: Scheiss mit Reis oder Reste von Freitag", - "MHHHH es ist wieder mal so weit, lecker Bayerisch Kraut mit asiatischen Nudeln", - "Es ist 12 Uhr 30 und Heute gibt es nur Pommes, wenn der Pommesfrosch Blasen gespuckt hat.", - "Heute gibt es Pommes leider nicht einzeln zu verkaufen, da die Schälchen alle sind", - "Heute gibt es Pommes, verarscht! Natürlich gibt es nur salzlosen Reis, oder salzlose Nudeln.", - "Heute auf dem Speiseplan: Sushi vom Vortag", - "Aramark Kantinenessen: Der Hunger treibt es rein, der Geiz hält es drin.", - "Das Essen in der Snackeria sieht heute wie die bessere Alternative aus", - "Heute ist wohl wieder ein Beilagen-Tag", - "Lunch time! Good luck, you will need it!", - "Heute vielleicht lieber doch nur einen Salat?", - "Im Büro ist es eh gerade viel zu warm, also ab zur Kantine", - "Im Büro ist es eh gerade viel zu kalt, also ab zur Kantine", - "Heute scheint die Auswahl wieder sehr schwierig zu sein. Vielleicht doch lieber ein Brötchen mit Fleischkäse vom Bäcker beim Baumarkt?", - "Wer hat hier schon wieder ein Meeting auf 12 Uhr gelegt? Skandal!", - "Jetzt nur noch kurz die Mail fertig schreiben und schon kann es los gehen.", - "Es ist 13 Uhr und die Mittagspause ist bald vorbei .... Kleiner Scherz, es ist erst 12:30, aber Ihr hättet auch nicht wirklich etwas verpasst.", - "Hallo, es ist nun 12 Uhr 30! Dies entspricht der Essenszeit aller Büroinsassen. Bitte begebt euch zur Aramark Essensausgabe um euren menschlichen Bedürfnissen nachzukommen."] | random }}''; -in -{ - services.home-assistant.config = { - automation = [ - { alias = "Mittagessen"; - trigger = { - platform = "time"; - at = "12:30:00"; - }; - action = [ - { service = "homeassistant.turn_on"; - entity_id = [ - "script.mittagessen_announce" - "script.blitz_10s" - "script.mittagessenlicht" - ]; - } - ]; - } - ]; - script = { - mittagessenlicht = (flash_entity { - entity = "switch.bauarbeiterlampe"; - alias = "Bauarbeiterlampe Mittagessenlicht"; - delay = 1000; - count = 5; - }); - mittagessen_announce = { - alias = "Random Mittagessen announce"; - sequence = [ - { - service = "media_player.play_media"; - data = { - entity_id = "media_player.mpd"; - media_content_type = "playlist"; - media_content_id = "ansage"; - }; - } - { delay.seconds = 5; } - { - service = "tts.google_say"; - entity_id = "media_player.mpd"; - data_template = { - message = random_mittagessen; - language = "de"; - }; - } - ]; - }; - }; - }; -} diff --git a/makefu/2configs/bureautomation/office-radio/default.nix b/makefu/2configs/bureautomation/office-radio/default.nix deleted file mode 100644 index d1c0f4730..000000000 --- a/makefu/2configs/bureautomation/office-radio/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - imports = [ - ./mpd.nix - ./webserver.nix - ]; -} diff --git a/makefu/2configs/bureautomation/office-radio/mpd.nix b/makefu/2configs/bureautomation/office-radio/mpd.nix deleted file mode 100644 index 4fc31fff9..000000000 --- a/makefu/2configs/bureautomation/office-radio/mpd.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - mpds = import ./mpdconfig.nix; - systemd_mpd = name: value: let - path = "/var/lib/mpd-${name}"; - num = lib.strings.fixedWidthNumber 2 value; - mpdconf = pkgs.writeText "mpd-config-${name}" '' - music_directory "${path}/music" - playlist_directory "${path}/playlists" - db_file "${path}/tag_cache" - state_file "${path}/state" - sticker_file "${path}/sticker.sql" - - bind_to_address "127.0.0.1" - port "66${num}" - log_level "default" - auto_update "yes" - audio_output { - type "httpd" - name "Office Radio ${num} - ${name}" - encoder "vorbis" # optional - port "280${num}" - quality "5.0" # do not define if bitrate is defined - # bitrate "128" # do not define if quality is defined - format "44100:16:2" - always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped. - tags "yes" # httpd supports sending tags to listening streams. - } - ''; -in { - after = [ "network.target" ]; - description = "Office Radio MPD ${toString value} - ${name}"; - wantedBy = ["multi-user.target"]; - serviceConfig = { - #User = "mpd"; - DynamicUser = true; - ExecStart = "${pkgs.mpd}/bin/mpd --no-daemon ${mpdconf}"; - LimitRTPRIO = 50; - LimitRTTIME = "infinity"; - ProtectSystem = true; - NoNewPrivileges = true; - ProtectKernelTunables = true; - ProtectControlGroups = true; - ProtectKernelModules = true; - RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK"; - RestrictNamespaces = true; - Restart = "always"; - StateDirectory = [ "mpd-${name}" ]; - }; - }; -in - { - systemd.services = lib.attrsets.mapAttrs' (name: value: - lib.attrsets.nameValuePair - ("office-radio-" +name) (systemd_mpd name value)) - mpds; - } diff --git a/makefu/2configs/bureautomation/office-radio/mpdconfig.nix b/makefu/2configs/bureautomation/office-radio/mpdconfig.nix deleted file mode 100644 index b48ceb629..000000000 --- a/makefu/2configs/bureautomation/office-radio/mpdconfig.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - "cybertisch1" = 0; - "cybertisch2" = 1; - "cyberklo" = 2; - "baellebad" = 3; -} diff --git a/makefu/2configs/bureautomation/office-radio/webserver.nix b/makefu/2configs/bureautomation/office-radio/webserver.nix deleted file mode 100644 index e2fc6d9e8..000000000 --- a/makefu/2configs/bureautomation/office-radio/webserver.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ pkgs, ... }: -let - mpds = import ./mpdconfig.nix; - pkg = pkgs.office-radio; -in { - systemd.services.office-radio-appsrv = { - after = [ "network.target" ]; - description = "Office Radio Appserver"; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - ExecStart = "${pkg}/bin/office-radio"; - DynamicUser = true; - ProtectSystem = true; - NoNewPrivileges = true; - ProtectKernelTunables = true; - ProtectControlGroups = true; - ProtectKernelModules = true; - RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK"; - RestrictNamespaces = true; - Restart = "always"; - }; - }; - systemd.services.office-radio-stopper = { - after = [ "network.target" ]; - description = "Office Radio Script to stop idle streams"; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - ExecStart = "${pkg}/bin/stop-idle-streams"; - DynamicUser = true; - ProtectSystem = true; - NoNewPrivileges = true; - ProtectKernelTunables = true; - ProtectControlGroups = true; - ProtectKernelModules = true; - RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK"; - RestrictNamespaces = true; - Restart = "always"; - }; - }; -} diff --git a/makefu/2configs/bureautomation/ota.nix b/makefu/2configs/bureautomation/ota.nix deleted file mode 100644 index f2f931d21..000000000 --- a/makefu/2configs/bureautomation/ota.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - # mosquitto_pub -t /bam/sonoffs/cmnd/OtaUrl -m "http://192.168.8.11/sonoff.bin" - # mosquitto_pub -t /bam/sonoffs/cmnd/upgrade -m "6.5.0" - # wget https://github.com/arendst/Sonoff-Tasmota/releases/download/v6.5.0/sonoff.bin - # wget https://github.com/arendst/Sonoff-Tasmota/releases/download/v6.5.0/sonoff-minimal.bin - services.nginx = { - enable = true; - virtualHosts."192.168.8.11" = { - root = "/var/www/tasmota"; - extraConfig = '' - autoindex on; - ''; - }; - }; -} diff --git a/makefu/2configs/bureautomation/person/team.nix b/makefu/2configs/bureautomation/person/team.nix deleted file mode 100644 index d0d13dd98..000000000 --- a/makefu/2configs/bureautomation/person/team.nix +++ /dev/null @@ -1,87 +0,0 @@ -{config, ... }: -{ - # all configured persons become part of group "team" - services.home-assistant.config.group.team = { - name = "team"; - entities = map (x: "person.${x.name}" ) config.services.home-assistant.config.person; - }; - services.home-assistant.config.person = - [ - { name = "Thorsten"; - id = 1; - device_trackers = [ - "device_tracker.thorsten_phone" - #"device_tracker.thorsten_arbeitphone" - ]; - } - { name = "Felix"; - id = 2; - device_trackers = [ - "device_tracker.felix_phone" - "device_tracker.felix_laptop" - ]; - } - { name = "Ecki"; - id = 3; - device_trackers = [ - "device_tracker.ecki_phone" - "device_tracker.ecki_tablet" - ]; - } - { name = "Daniel"; - id = 4; - device_trackers = [ - "device_tracker.daniel_phone" - ]; - } - { name = "Thierry"; - id = 5; - device_trackers = [ - "device_tracker.thierry_phone" - ]; - } - { name = "Frank"; - id = 6; - device_trackers = [ - "device_tracker.frank_phone" - ]; - } - #{ name = "Carsten"; - # id = 7; - # device_trackers = [ - # "device_tracker.carsten_phone" - # ]; - #} - { name = "Emeka"; - id = 8; - device_trackers = [ - "device_tracker.emeka_phone" - ]; - } - { name = "Sabine"; - id = 9; - device_trackers = [ - "device_tracker.sabine_phone" - ]; - } - #{ name = "Tobias"; - # id = 10; - # device_trackers = [ - # "device_tracker.tobias_phone" - # ]; - #} - #{ name = "Tancrede"; - # id = 11; - # device_trackers = [ - # "device_tracker.tancrede_phone" - # "device_tracker.tancrede_laptop" - # ]; - #} - { name = "Chris"; - id = 12; - device_trackers = [ - "device_tracker.chris_phone" - ]; - } - ]; -} diff --git a/makefu/2configs/bureautomation/printer.nix b/makefu/2configs/bureautomation/printer.nix deleted file mode 100644 index 86d5a4069..000000000 --- a/makefu/2configs/bureautomation/printer.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ pkgs, config, ... }: -let - mainUser = config.krebs.build.user.name; -in { - imports = [ - ./brother-ql-web.nix - ]; - services.printing = { - enable = true; - drivers = with pkgs;[ - brlaser - cups-ptouch - ]; - }; - users.users.kiosk.extraGroups = [ "scanner" "lp" ]; - state = [ "/var/lib/cups"]; - users.users.kiosk.packages = with pkgs;[ - python3Packages.brother-ql - libreoffice - qrencode - imagemagick - ]; - - services.udev.extraRules = '' - SUBSYSTEMS=="usb", ATTRS{idVendor}=="04f9", ATTRS{idProduct}=="209b", ATTRS{serial}=="000F1Z401759", MODE="0664", GROUP="lp", SYMLINK+="usb/lp0" - ''; - -} diff --git a/makefu/2configs/bureautomation/puppy-proxy.nix b/makefu/2configs/bureautomation/puppy-proxy.nix deleted file mode 100644 index 9e3542509..000000000 --- a/makefu/2configs/bureautomation/puppy-proxy.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ pkgs, ... }: -# streamlink 'https://www.ustream.tv/channel/maximilian-schnauzers-cam4' worst --player-external-http --player-external-http-port 15321 --player-passthrough rtsp --retry-streams 60 -{ - environment.systemPackages = [ pkgs.liveproxy ]; -} diff --git a/makefu/2configs/bureautomation/rhasspy.nix b/makefu/2configs/bureautomation/rhasspy.nix deleted file mode 100644 index 8fbfd9312..000000000 --- a/makefu/2configs/bureautomation/rhasspy.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ config, ... }: -let - profiles = "/var/lib/rhasspy"; - kiosk_id = toString config.users.users.kiosk.uid; -in -{ - virtualisation.oci-containers.containers.rhasspy = { - image = "rhasspy/rhasspy:latest"; - - environment = { - TZ = "Europe/Berlin"; - #PULSE_SERVER = "unix:/run/user/0/pulse/native"; - PULSE_SERVER = "tcp:${ config.krebs.build.host.name }:4713"; - - }; - - ports = [ - "12101:12101" - # "12183:12183" - ]; - #user = kiosk_id; - - volumes = [ - "/etc/localtime:/etc/localtime:ro" - "${profiles}:/profiles" - # TODO pulseaudio - #"/run/user/${kiosk_id}/pulse/native:/run/user/0/pulse/native" - #"${config.users.users.kiosk.home}/.config/pulse/cookie:/root/.config/pulse/cookie:ro" - ]; - - cmd = [ "--user-profiles" "/profiles" "--profile" "de" ]; - extraOptions = [ - "--device=/dev/snd:/dev/snd" "--group-add=audio" - "--net=host" - ]; - }; - systemd.tmpfiles.rules = [ - "d ${profiles} 0770 root root - -" - ]; - systemd.services.docker-rhasspy.after = [ "desktop-manager.service" ]; -} diff --git a/makefu/2configs/bureautomation/script/multi_blink.nix b/makefu/2configs/bureautomation/script/multi_blink.nix deleted file mode 100644 index 753918f31..000000000 --- a/makefu/2configs/bureautomation/script/multi_blink.nix +++ /dev/null @@ -1,60 +0,0 @@ -{lib, ... }: -let - # TODO: flash with different delay - - # let an entity blink for X times with a delay of Y milliseconds - flash_entity = { entity, delay ? 500, count ? 4, alias ? "${entity}_blink_${toString count}_${toString delay}" }: - { - inherit alias; - sequence = lib.flatten (builtins.genList (i: [ - { service = "homeassistant.turn_on"; - data.entity_id = entity; - } - { delay.milliseconds = delay; } - { service = "homeassistant.turn_off"; - data.entity_id = entity; - } - { delay.milliseconds = delay; } - ] - ) count); - }; -in { - services.home-assistant.config.script = - { - buzz_red_led = (flash_entity { - entity = "light.redbutton_buzzer"; - alias = "Red Button Buzz"; - count = 4; - }); - buzz_red_led_fast = (flash_entity { - entity = "light.redbutton_buzzer"; - delay = 250; - count = 2; - alias = "Red Button Buzz fast"; - }); - blitz_10s = (flash_entity { - entity = "switch.blitzdings"; - delay = 10000; - count = 1; - alias = "blitz for 10 seconds"; - }); - blasen_10s = (flash_entity { - entity = "switch.frosch_blasen"; - delay = 10000; - count = 1; - alias = "blasen for 10 seconds"; - }); - blasen_30s = (flash_entity { - entity = "switch.frosch_blasen"; - delay = 30000; - count = 1; - alias = "blasen for 30 seconds"; - }); - schlechteluft = (flash_entity { - entity = "switch.bauarbeiterlampe"; - alias = "Schlechte Luft Lampe 5 secs"; - delay = 5000; - count = 1; - }); - }; -} diff --git a/makefu/2configs/bureautomation/sensor/airquality.nix b/makefu/2configs/bureautomation/sensor/airquality.nix deleted file mode 100644 index 7d95c3c15..000000000 --- a/makefu/2configs/bureautomation/sensor/airquality.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - services.home-assistant.config.sensor = - [ - # coming from 2configs/stats/telegraf/ - { platform = "mqtt"; - name = "Air Quality"; - state_topic = "/telegraf/wbob/airquality"; - value_template = "{{ value_json.fields.value }}"; - unit_of_measurement = "VOC"; - } - ]; -} diff --git a/makefu/2configs/bureautomation/sensor/espeasy.nix b/makefu/2configs/bureautomation/sensor/espeasy.nix deleted file mode 100644 index c68f39f1a..000000000 --- a/makefu/2configs/bureautomation/sensor/espeasy.nix +++ /dev/null @@ -1,33 +0,0 @@ -let - espeasy_dht22 = name: [ - { platform = "mqtt"; - name = "${name} DHT22 Temperature"; - device_class = "temperature"; - state_topic = "/bam/${name}/dht22/Temperature"; - availability_topic = "/bam/${name}/tele/LWT"; - payload_available = "Online"; - payload_not_available = "Offline"; - } - { platform = "mqtt"; - device_class = "humidity"; - name = "${name} DHT22 Humidity"; - state_topic = "/bam/${name}/dht22/Humidity"; - availability_topic = "/bam/${name}/tele/LWT"; - payload_available = "Online"; - payload_not_available = "Offline"; - }]; - espeasy_ds18 = name: - { platform = "mqtt"; - name = "${name} DS18 Temperature"; - state_topic = "/bam/${name}/ds18/Temperature"; - availability_topic = "/bam/${name}/tele/LWT"; - payload_available = "Online"; - payload_not_available = "Offline"; - }; -in { - services.home-assistant.config.sensor = - (espeasy_dht22 "easy1") ++ - (espeasy_dht22 "easy2") ++ [ - (espeasy_ds18 "easy3" ) - ]; -} diff --git a/makefu/2configs/bureautomation/sensor/outside.nix b/makefu/2configs/bureautomation/sensor/outside.nix deleted file mode 100644 index e7b4d9a7c..000000000 --- a/makefu/2configs/bureautomation/sensor/outside.nix +++ /dev/null @@ -1,32 +0,0 @@ -{lib,...}: -{ - services.home-assistant.config.sensor = - [ - { platform = "darksky"; - api_key = lib.removeSuffix "\n" - (builtins.readFile <secrets/hass/darksky.apikey>); - language = "de"; - monitored_conditions = [ - "summary" "icon" - "nearest_storm_distance" "precip_probability" - "precip_intensity" - "temperature" # "temperature_high" "temperature_low" - "apparent_temperature" - "hourly_summary" # next 24 hours text - "humidity" - "pressure" - "uv_index" - ]; - units = "si" ; - scan_interval = "00:30:00"; - } - ]; - services.home-assistant.config.luftdaten = { - sensor_id = "26237"; - show_on_map = true; - sensors.monitored_conditions = [ - "P1" - "P2" - ]; - }; -} diff --git a/makefu/2configs/bureautomation/sensor/pollen.nix b/makefu/2configs/bureautomation/sensor/pollen.nix deleted file mode 100644 index 8ddb49e58..000000000 --- a/makefu/2configs/bureautomation/sensor/pollen.nix +++ /dev/null @@ -1,7 +0,0 @@ -[ { - platform = "dwd_pollen"; - partregion_ids = [ - 112 - ]; -} -] diff --git a/makefu/2configs/bureautomation/sensor/tasmota_firmware.nix b/makefu/2configs/bureautomation/sensor/tasmota_firmware.nix deleted file mode 100644 index f5f063dbf..000000000 --- a/makefu/2configs/bureautomation/sensor/tasmota_firmware.nix +++ /dev/null @@ -1,19 +0,0 @@ -let - tasmota_firmware = topic: - { platform = "mqtt"; - name = "${topic} Firmware"; - state_topic = "/bam/${topic}/stat/STATUS2"; - availability_topic = "/bam/${topic}/tele/LWT"; - value_template = "v{{value_json.StatusFWR.Version}}"; - payload_available= "Online"; - payload_not_available= "Offline"; - }; -in -{ - services.home-assistant.config.sensor = - map tasmota_firmware [ - "plug" "plug2" "plug3" "plug4" "plug5" - "status1" "status2" "buslicht" - "rfbridge" - ]; -} diff --git a/makefu/2configs/bureautomation/stream/puppies.nix b/makefu/2configs/bureautomation/stream/puppies.nix deleted file mode 100644 index d22be9ea6..000000000 --- a/makefu/2configs/bureautomation/stream/puppies.nix +++ /dev/null @@ -1,4 +0,0 @@ -[ - { stream_source = "http://127.0.0.1:53422/base64/c3RyZWFtbGluayBodHRwczovL3d3dy51c3RyZWFtLnR2L2NoYW5uZWwvbWF4aW1pbGlhbi1zY2huYXV6ZXJzLWNhbTIgd29yc3Q=/"; - } -] diff --git a/makefu/2configs/bureautomation/switch/rfbridge.nix b/makefu/2configs/bureautomation/switch/rfbridge.nix deleted file mode 100644 index 9b9de7793..000000000 --- a/makefu/2configs/bureautomation/switch/rfbridge.nix +++ /dev/null @@ -1,19 +0,0 @@ -let - topic = "rfbridge"; - bridge = name: payload_on: payload_off: - { platform = "mqtt"; - inherit name payload_on payload_off; - command_topic = "/bam/${topic}/cmnd/rfcode"; - availability_topic = "/bam/${topic}/tele/LWT"; - payload_available= "Online"; - payload_not_available= "Offline"; - }; -in { - services.home-assistant.config.switch = - [ - (bridge "Nachtlicht A" "#414551" "#414554") - (bridge "Nachtlicht B" "#415151" "#415154") - (bridge "Nachtlicht C" "#415451" "#415454") - (bridge "Nachtlicht D" "#41551F" "#415514") - ]; -} diff --git a/makefu/2configs/bureautomation/switch/tasmota_switch.nix b/makefu/2configs/bureautomation/switch/tasmota_switch.nix deleted file mode 100644 index 6c5f6b8a6..000000000 --- a/makefu/2configs/bureautomation/switch/tasmota_switch.nix +++ /dev/null @@ -1,25 +0,0 @@ -let - tasmota_plug = name: topic: - { platform = "mqtt"; - inherit name; - state_topic = "/bam/${topic}/tele/STATE"; - value_template = "{{ value_json.POWER }}"; - command_topic = "/bam/${topic}/cmnd/POWER"; - availability_topic = "/bam/${topic}/tele/LWT"; - payload_on= "ON"; - payload_off= "OFF"; - payload_available= "Online"; - payload_not_available= "Offline"; - retain = false; - qos = 1; - }; -in { - services.home-assistant.config.switch = - [ - (tasmota_plug "Bauarbeiterlampe" "plug") - (tasmota_plug "Blitzdings" "plug2") - (tasmota_plug "Fernseher" "plug3") - (tasmota_plug "Feuer" "plug4") - (tasmota_plug "Blaulicht" "plug5") - ]; -} diff --git a/makefu/2configs/bureautomation/visitor-photostore.nix b/makefu/2configs/bureautomation/visitor-photostore.nix deleted file mode 100644 index 762226549..000000000 --- a/makefu/2configs/bureautomation/visitor-photostore.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ config, lib, pkgs, ... }: -# more than just nginx config but not enough to become a module -let - wsgi-sock = "${workdir}/uwsgi-photostore.sock"; - workdir = config.services.uwsgi.runDir; - wifi-itf = "wlp2s0"; - wifi-ip = "172.16.9.96"; -in { - - services.uwsgi = { - enable = true; - user = "nginx"; - runDir = "/var/lib/photostore"; - plugins = [ "python3" ]; - instance = { - type = "emperor"; - vassals = { - cameraupload-server = { - type = "normal"; - pythonPackages = self: with self; [ pkgs.cameraupload-server ]; - socket = wsgi-sock; - }; - }; - }; - }; - - services.nginx = { - enable = lib.mkDefault true; - virtualHosts.${wifi-ip} = { - locations = { - "/".extraConfig = '' - expires -1; - uwsgi_pass unix://${wsgi-sock}; - uwsgi_param UWSGI_CHDIR ${workdir}; - uwsgi_param UWSGI_MODULE cuserver.main; - uwsgi_param UWSGI_CALLABLE app; - include ${pkgs.nginx}/conf/uwsgi_params; - ''; - }; - }; - }; - - networking.firewall.allowedTCPPorts = [ 80 ]; -# networking.interfaces.${wifi-itf}.ipv4.addresses = [{ -# address = wifi-ip; -# prefixLength = 24; -# }]; - - networking.wireless = { - enable = true; - interfaces = [ wifi-itf ]; - networks.Mobility = { - priority = -999; - psk = null; - }; - }; -} diff --git a/makefu/2configs/bureautomation/zigbee2mqtt/default.nix b/makefu/2configs/bureautomation/zigbee2mqtt/default.nix deleted file mode 100644 index 9bf587d56..000000000 --- a/makefu/2configs/bureautomation/zigbee2mqtt/default.nix +++ /dev/null @@ -1,31 +0,0 @@ -{config, pkgs, lib, ...}: - -let - dataDir = "/var/lib/zigbee2mqtt"; -in - { - # symlink the zigbee controller - - services.zigbee2mqtt = { - enable = true; - inherit dataDir; - settings = { - permit_join = true; - serial.port = "/dev/zigbee"; - homeassistant = true; - frontend.port = 8521; - }; - }; - - state = [ "${dataDir}/devices.yaml" "${dataDir}/state.json" ]; - - systemd.services.zigbee2mqtt = { - # override automatic configuration.yaml deployment - environment.ZIGBEE2MQTT_DATA = dataDir; - after = [ - "home-assistant.service" - "mosquitto.service" - "network-online.target" - ]; - }; -} diff --git a/makefu/2configs/bureautomation/zigbee2mqtt/hass.nix b/makefu/2configs/bureautomation/zigbee2mqtt/hass.nix deleted file mode 100644 index faf864ba6..000000000 --- a/makefu/2configs/bureautomation/zigbee2mqtt/hass.nix +++ /dev/null @@ -1,130 +0,0 @@ -# provides: -# switch -# automation -# binary_sensor -# sensor -# input_select -# timer -let - inherit (import ../lib) zigbee; - prefix = zigbee.prefix; -in -{ - services.home-assistant.config = { - sensor = - - [ - # Sensor for monitoring the bridge state - { - platform = "mqtt"; - name = "Zigbee2mqtt Bridge state"; - state_topic = "${prefix}/bridge/state"; - icon = "mdi:router-wireless"; - } - # Sensor for Showing the Zigbee2mqtt Version - { - platform = "mqtt"; - name = "Zigbee2mqtt Version"; - state_topic = "${prefix}/bridge/config"; - value_template = "{{ value_json.version }}"; - icon = "mdi:zigbee"; - } - # Sensor for Showing the Coordinator Version - { - platform = "mqtt"; - name = "Coordinator Version"; - state_topic = "${prefix}/bridge/config"; - value_template = "{{ value_json.coordinator }}"; - icon = "mdi:chip"; - } - ]; - switch = [ - { - platform = "mqtt"; - name = "Zigbee2mqtt Main join"; - state_topic = "${prefix}/bridge/config/permit_join"; - command_topic = "${prefix}/bridge/config/permit_join"; - payload_on = "true"; - payload_off = "false"; - } - ]; - automation = [ - { - alias = "Zigbee2mqtt Log Level"; - initial_state = "on"; - trigger = { - platform = "state"; - entity_id = "input_select.zigbee2mqtt_log_level"; - }; - action = [ - { - service = "mqtt.publish"; - data = { - payload_template = "{{ states('input_select.zigbee2mqtt_log_level') }}"; - topic = "${prefix}/bridge/config/log_level"; - }; - } - ]; - } - # Automation to start timer when enable join is turned on - { - id = "zigbee_join_enabled"; - alias = "Zigbee Join Enabled"; - trigger = - { - platform = "state"; - entity_id = "switch.zigbee2mqtt_main_join"; - to = "on"; - }; - action = - { - service = "timer.start"; - entity_id = "timer.zigbee_permit_join"; - }; - } - # # Automation to stop timer when switch turned off and turn off switch when timer finished - { - id = "zigbee_join_disabled"; - alias = "Zigbee Join Disabled"; - trigger = [ - { - platform = "event"; - event_type = "timer.finished"; - event_data.entity_id = "timer.zigbee_permit_join"; - } - { - platform = "state"; - entity_id = "switch.zigbee2mqtt_main_join"; - to = "off"; - } - ]; - action = [ - { service = "timer.cancel"; - data.entity_id = "timer.zigbee_permit_join"; - } - { service = "switch.turn_off"; - entity_id = "switch.zigbee2mqtt_main_join"; - } - ]; - } - ]; - input_select.zigbee2mqtt_log_level = - { - name = "Zigbee2mqtt Log Level"; - options = [ - "debug" - "info" - "warn" - "error" - ]; - initial = "info"; - icon = "mdi:format-list-bulleted"; - }; - - timer.zigbee_permit_join = - { - name = "Zigbee Time remaining"; - duration = 120; - }; - }; -} diff --git a/makefu/2configs/collectd/collectd-base.nix b/makefu/2configs/collectd/collectd-base.nix deleted file mode 100644 index 9168d1fa9..000000000 --- a/makefu/2configs/collectd/collectd-base.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ config, lib, pkgs, ... }: - -# graphite-web on port 8080 -# carbon cache on port 2003 (tcp/udp) -with import <stockholm/lib>; -let - connect-time-cfg = with pkgs; writeText "collectd-connect-time.cfg" '' - LoadPlugin python - <Plugin python> - ModulePath "${collectd-connect-time}/lib/${python.libPrefix}/site-packages/" - Import "collectd_connect_time" - <Module collectd_connect_time> - target "wry.r" "localhost" "google.com" - interval 30 - </Module> - </Plugin> - ''; - graphite-cfg = pkgs.writeText "collectd-graphite-cfg" '' - LoadPlugin write_graphite - <Plugin "write_graphite"> - <Carbon> - Host "heidi.r" - Port "2003" - Prefix "retiolum." - EscapeCharacter "_" - StoreRates false - AlwaysAppendDS false - </Carbon> - </Plugin> - ''; -in { - imports = [ ]; - - nixpkgs.config.packageOverrides = pkgs: with pkgs; { - collectd = pkgs.collectd.override { python= pkgs.python; }; - }; - services.collectd = { - enable = true; - include = [ (toString connect-time-cfg) (toString graphite-cfg) ]; - }; - -} diff --git a/makefu/2configs/dcpp/airdcpp.nix b/makefu/2configs/dcpp/airdcpp.nix deleted file mode 100644 index 60ed6826d..000000000 --- a/makefu/2configs/dcpp/airdcpp.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ config, ... }: -{ - krebs.airdcpp = { - enable = true; - extraGroups = [ "download" ]; - web.port = 5600; - web.users.makefu.password = builtins.readFile <secrets/airdcpp-makefu.pw>; # watch out for newline! - hubs."krebshub" = - { Nick = "makefu-${config.krebs.build.host.name}"; - Password = builtins.readFile <secrets/krebshub.pw>; - Server = "adcs://hub.nsupdate.info:1511"; - AutoConnect = true; - }; - dcpp = { - shares = { - # Incoming must be writeable! - incoming = { path = config.makefu.dl-dir + "/finished/dcpp"; incoming = true; }; - audiobooks.path = config.makefu.dl-dir + "/finished/audiobooks"; - }; - Nick = "makefu"; - DownloadSpeed = "1000"; - UploadSpeed = "1000"; - }; - }; - networking.firewall.allowedTCPPorts = - [ config.krebs.airdcpp.dcpp.InPort - config.krebs.airdcpp.dcpp.TLSPort - ]; - networking.firewall.allowedUDPPorts = [ config.krebs.airdcpp.dcpp.UDPPort ]; - - services.nginx.virtualHosts."dcpp.${config.krebs.build.host.name}.r".locations."/" = - { proxyPass = "http://localhost:${toString config.krebs.airdcpp.web.port}/"; - - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - gzip_types text/plain application/javascript; - - # Proxy websockets - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - ''; - }; - state = map (f: "${config.krebs.airdcpp.stateDir}/${f}") - [ "Favorites.xml" "DCPlusPlus.xml" "WebServer.xml" "Recents.xml" "IgnoredUsers.xml" ]; -} diff --git a/makefu/2configs/dcpp/client.nix b/makefu/2configs/dcpp/client.nix deleted file mode 100644 index 3b27778e5..000000000 --- a/makefu/2configs/dcpp/client.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ pkgs, ... }: -{ # ncdc - environment.systemPackages = [ pkgs.ncdc ]; - networking.firewall = { - allowedUDPPorts = [ 51411 ]; - allowedTCPPorts = [ 51411 ]; - }; -} - diff --git a/makefu/2configs/dcpp/hub.nix b/makefu/2configs/dcpp/hub.nix deleted file mode 100644 index f0aac3f32..000000000 --- a/makefu/2configs/dcpp/hub.nix +++ /dev/null @@ -1,121 +0,0 @@ -{ config, lib, pkgs, ... }: - -# search also generates ddclient entries for all other logs - -with import <stockholm/lib>; -let - ddclientUser = "ddclient"; - sec = toString <secrets>; - nsupdate = import "${sec}/nsupdate-hub.nix"; - stateDir = "/var/spool/ddclient"; - cfg = "${stateDir}/cfg"; - ext-if = config.makefu.server.primary-itf; - ddclientPIDFile = "${stateDir}/ddclient.pid"; - - # TODO: correct cert generation requires a `real` internet ip address - - gen-cfg = dict: '' - ssl=yes - cache=${stateDir}/ddclient.cache - pid=${ddclientPIDFile} - ${concatStringsSep "\n" (mapAttrsToList (user: pass: '' - - protocol=dyndns2 - use=web, web=http://ipv4.nsupdate.info/myip - ssl=yes - server=ipv4.nsupdate.info - login=${user} - password='${pass}' - ${user} - - '') dict)} - ''; - uhubDir = "/var/lib/uhub"; - -in { - users.users."${ddclientUser}" = { - uid = genid "ddclient"; - description = "ddclient daemon user"; - home = stateDir; - isSystemUser = true; - createHome = true; - group = ddclientUser; - }; - users.groups.${ddclientUser} = {}; - - systemd.services = { - ddclient-nsupdate-uhub = { - wantedBy = [ "multi-user.target" ]; - after = [ "ip-up.target" ]; - serviceConfig = { - Type = "forking"; - User = ddclientUser; - PIDFile = ddclientPIDFile; - ExecStartPre = pkgs.writeDash "init-nsupdate" '' - cp -vf ${pkgs.writeText "ddclient-config" (gen-cfg nsupdate)} ${cfg} - chmod 700 ${cfg} - ''; - ExecStart = "${pkgs.ddclient}/bin/ddclient -verbose -daemon 1 -noquiet -file ${cfg}"; - }; - }; - }; - - networking.firewall.extraCommands = '' - iptables -A PREROUTING -t nat -i ${ext-if} -p tcp --dport 411 -j REDIRECT --to-port 1511 - ''; - systemd.services.uhub-home.serviceConfig = { - PrivateTmp = true; - DynamicUser = lib.mkForce false; - User = "uhub"; - WorkingDirectory = uhubDir; - PermissionsStartOnly = true; - ExecStartPre = pkgs.writeDash "uhub-pre" '' - cp -f ${toString <secrets/wildcard.krebsco.de.crt>} ${uhubDir}/uhub.crt - cp -f ${toString <secrets/wildcard.krebsco.de.key>} ${uhubDir}/uhub.key - if test -d ${uhubDir};then - echo "Directory ${uhubDir} already exists, skipping db init" - else - echo "Copying sql user db" - cp ${toString <secrets/uhub.sql>} ${uhubDir}/uhub.sql - fi - chown -R uhub ${uhubDir} - ''; - - }; - users.users.uhub = { - home = uhubDir; - createHome = true; - isSystemUser = true; - group = "uhub"; - }; - users.groups.uhub = {}; - - services.uhub.home = { - enable = true; - enableTLS = true; - settings = { - server_port = 1511; - server_bind_addr = "any"; - hub_name = "krebshub"; - tls_certificate = "${uhubDir}/uhub.crt"; - tls_private_key = "${uhubDir}/uhub.key"; - registered_users_only = true; - }; - plugins = [ - { - plugin = "${pkgs.uhub}/plugins/mod_auth_sqlite.so"; - settings.file = "${uhubDir}/uhub.sql"; - } - { - plugin = "${pkgs.uhub}/plugins/mod_welcome.so"; - settings.motd = toString (pkgs.writeText "motd" "shareit"); - settings.rules = toString (pkgs.writeText "rules" "1. Don't be an asshole"); - } - { - plugin = "${pkgs.uhub}/plugins/mod_chat_history.so"; - settings = {}; - } - ]; - }; - networking.firewall.allowedTCPPorts = [ 411 1511 ]; -} diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix deleted file mode 100644 index b54e32a82..000000000 --- a/makefu/2configs/default.nix +++ /dev/null @@ -1,96 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -{ - imports = [ - { - users.users = - mapAttrs (_: h: { hashedPassword = h; }) - (import <secrets/hashedPasswords.nix>); - } - ./editor/vim.nix - ./binary-cache/nixos.nix - ./minimal.nix - # ./security/hotfix.nix - ]; - - # users are super important - users.users = { - root = { - openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; - }; - makefu = { - uid = 9001; - group = "users"; - home = "/home/makefu"; - createHome = true; - isNormalUser = true; - useDefaultShell = true; - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; - }; - }; - nix.settings.trusted-users = [ config.krebs.build.user.name ]; - nix.settings.experimental-features = [ "flakes" "nix-command" ]; - - boot.kernelPackages = lib.mkDefault pkgs.linuxPackages; - - nixpkgs.config.allowUnfreePredicate = pkg: packageName pkg == "unrar"; - - krebs = { - enable = true; - - dns.providers.lan = "hosts"; - build.user = config.krebs.users.makefu; - }; - - - boot.tmpOnTmpfs = true; - - environment.systemPackages = with pkgs; [ - jq - git - gnumake - rxvt_unicode.terminfo - htop - nix-output-monitor - ]; - - programs.bash.enableCompletion = true; - - environment.shellAliases = { - # TODO: see .aliases - lsl = "ls -lAtr"; - ip = "ip -c -br"; - dmesg = "dmesg -L --reltime"; - psg = "ps -ef | grep"; - nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml"; - grep = "grep --color=auto"; - }; - - nixpkgs.config.packageOverrides = pkgs: { - #nano = pkgs.runCommand "empty" {} "mkdir -p $out"; - tinc = pkgs.tinc_pre; - }; - - - nix.extraOptions = '' - auto-optimise-store = true - ''; - - #security.wrappers.sendmail = { - # source = "${pkgs.exim}/bin/sendmail"; - # setuid = true; - #}; - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; - environment.pathsToLink = [ "/share" ]; - security.acme = { - defaults.email = "letsencrypt@syntax-fehler.de"; - acceptTerms = true; - }; - system.stateVersion = lib.mkDefault "20.03"; - services.postgresql.package = pkgs.postgresql_14; -} diff --git a/makefu/2configs/deployment/board.euer.krebsco.de.nix b/makefu/2configs/deployment/board.euer.krebsco.de.nix deleted file mode 100644 index ca617976d..000000000 --- a/makefu/2configs/deployment/board.euer.krebsco.de.nix +++ /dev/null @@ -1,15 +0,0 @@ -let - fqdn = "board.euer.krebsco.de"; - port = 13113; -in { - services.restya-board = { - enable = true; - virtualHost.listenPort = port; - }; - services.nginx.virtualHosts."${fqdn}" = { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "http://localhost:${toString port}"; - }; -} - diff --git a/makefu/2configs/deployment/boot-euer.nix b/makefu/2configs/deployment/boot-euer.nix deleted file mode 100644 index f890ea7ad..000000000 --- a/makefu/2configs/deployment/boot-euer.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, lib, pkgs, ... }: -# more than just nginx config but not enough to become a module -with import <stockholm/lib>; -let - hostname = config.krebs.build.host.name; - bootscript = pkgs.writeTextDir "runit" '' - set -euf - cd /root - mkdir -p .ssh - echo "${config.krebs.users.makefu.pubkey}" > .ssh/authorized_keys - chmod 700 -R .ssh - systemctl restart sshd - ''; -in { - - services.nginx = { - enable = mkDefault true; - virtualHosts."boot.euer.krebsco.de" = { - forceSSL = true; - enableACME = true; - locations."/" = { - root = bootscript; - index = "runit"; - }; - }; - }; -} diff --git a/makefu/2configs/deployment/dirctator.nix b/makefu/2configs/deployment/dirctator.nix deleted file mode 100644 index 7303bb414..000000000 --- a/makefu/2configs/deployment/dirctator.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ pkgs, lib, ... }: - -with lib; -let - port = 18872; - runit = pkgs.writeDash "runit" '' - set -xeuf - export PULSE_COOKIE=/var/run/pulse/.config/pulse/cookie - echo "$@" | sed 's/^dirctator://' | ${pkgs.espeak}/bin/espeak -v mb-de7 2>&1 | tee -a /tmp/speak - ''; -in { - services.logstash = { - package = pkgs.logstash5; - enable = true; - inputConfig = '' - irc { - channels => [ "#krebs", "#afra" ] - host => "irc.hackint.org" - nick => "dirctator" - } - ''; - filterConfig = '' - ''; - outputConfig = '' - stdout { codec => rubydebug } - exec { command => "${runit} '%{message}" } - ''; - extraSettings = '' - path.plugins: [ "${pkgs.logstash-output-exec}" ] - ''; - ## NameError: `@path.plugins' is not allowable as an instance variable name - # plugins = [ pkgs.logstash-output-exec ]; - }; -} diff --git a/makefu/2configs/deployment/docker/archiveteam-warrior.nix b/makefu/2configs/deployment/docker/archiveteam-warrior.nix deleted file mode 100644 index 0069e4530..000000000 --- a/makefu/2configs/deployment/docker/archiveteam-warrior.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ lib, ... }: -with lib; -let - port = ident: toString (28000 + ident); - instances = [ 1 2 3 4 5 6 7 8 9 ]; -in { - services.nginx.recommendedProxySettings = true; - services.nginx.virtualHosts."warrior.gum.r".locations = let - # TODO location "/" shows all warrior instances - proxy = ident: - { - "/warrior${toString ident}/" = { - proxyPass = "http://localhost:${port ident}/"; - # rewrite ^/info /warrior${toString ident}/info; - extraConfig = '' - sub_filter "http://warrior.gum.r/info" "http://warrior.gum.r/warrior${toString ident}/info"; - sub_filter_once off; - ''; - }; - - }; - in - foldl' mergeAttrs {} (map proxy instances); - virtualisation.oci-containers.containers = let - container = ident: - { "archiveteam-warrior${toString ident}" = { - image = "archiveteam/warrior-dockerfile"; - ports = [ "127.0.0.1:${port ident}:8001" ]; - environment = { - DOWNLOADER = "makefu"; - SELECTED_PROJECT = "auto"; - CONCURRENT_ITEMS = "6"; - WARRIOR_ID = toString ident; - }; - }; - }; - in - foldl' mergeAttrs {} (map container instances); -} diff --git a/makefu/2configs/deployment/feed.euer.krebsco.de/default.nix b/makefu/2configs/deployment/feed.euer.krebsco.de/default.nix deleted file mode 100644 index de072092b..000000000 --- a/makefu/2configs/deployment/feed.euer.krebsco.de/default.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ config, lib, pkgs, ... }: -let - filter-file = ./filter.yml; - pkg = with pkgs.python3Packages;buildPythonPackage rec { - version = "d16ce227dc68c9f60f6dd06e6835bab7cdfdf61b"; - pname = "ebk-notify"; - propagatedBuildInputs = [ - docopt - pyyaml - requests - beautifulsoup4 - dateutil - feedgen - ]; - src = pkgs.fetchgit { - url = "http://cgit.euer.krebsco.de/ebk-notify"; - rev = version; - sha256 = "15dlhp17alm01fw7mzdyh2z9zwz8psrs489lxs3hgg1p5wa0kzsp"; - }; - }; - domain = "feed.euer.krebsco.de"; - path = "/var/www/feed.euer.krebsco.de"; -in -{ - systemd.tmpfiles.rules = [ - "d ${path} nginx nogroup - -" - ]; - krebs.secret.files.ebknotify = { - path = "/etc/ebk-notify.yml"; - owner.name = "nginx"; - source-path = "${<secrets/ebk-notify.yml>}"; - }; - systemd.services.ebk-notify = { - startAt = "*:0/10"; - serviceConfig = { - User = "nginx"; # TODO better permission setting - # PrivateTmp = true; - ExecStart = "${pkg}/bin/ebk-notify --atom --outdir ${path} --config /etc/ebk-notify.yml --cache /tmp/ebk-cache.json --filter ${filter-file} --wait 30"; - }; - }; - systemd.timers.ebk-notify.timerConfig.RandomizedDelaySec = "120"; - services.nginx = { - virtualHosts."${domain}" = { - forceSSL = true; - enableACME = true; - locations."/" = { - root = path; - index = "root.atom"; - }; - }; - }; -} diff --git a/makefu/2configs/deployment/feed.euer.krebsco.de/filter.yml b/makefu/2configs/deployment/feed.euer.krebsco.de/filter.yml deleted file mode 100644 index 29e5e714a..000000000 --- a/makefu/2configs/deployment/feed.euer.krebsco.de/filter.yml +++ /dev/null @@ -1,32 +0,0 @@ -- name: Free Stuff by Category - zipcode: 70378 - distance: 2 - categoryId: 192 -- name: Kies - zipcode: 70378 - q: grobkies - distance: 2 -- name: pflanzkübel - zipcode: 70378 - q: Pflanzkübel - distance: 3 -- name: Ikea Samla - zipcode: 70378 - q: samla - distance: 5 -- name: Duplo - zipcode: 70378 - q: Duplo - distance: 10 -- name: Baby Gummistiefel - zipcode: 70378 - q: Gummistiefel - distance: 5 -- name: Werkbank - zipcode: 70378 - q: Werkbank - distance: 5 -- name: Einhell - zipcode: 70378 - q: Einhell - distance: 5 diff --git a/makefu/2configs/deployment/gecloudpad/default.nix b/makefu/2configs/deployment/gecloudpad/default.nix deleted file mode 100644 index 8b88626a3..000000000 --- a/makefu/2configs/deployment/gecloudpad/default.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ config, lib, pkgs, ... }: -# more than just nginx config but not enough to become a module -let - wsgi-sock = "${workdir}/uwsgi-gecloudpad.sock"; - workdir = config.services.uwsgi.runDir; - gecloudpad = pkgs.python3Packages.callPackage ./gecloudpad.nix {}; - gecloudpad_settings = pkgs.writeText "gecloudpad_settings" '' - BASEURL = "https://etherpad.euer.krebsco.de" - ''; -in { - - services.uwsgi = { - enable = true; - user = "nginx"; - plugins = [ "python3" ]; - instance = { - type = "emperor"; - vassals = { - gecloudpad = { - type = "normal"; - pythonPackages = self: with self; [ gecloudpad ]; - socket = wsgi-sock; - env = ["GECLOUDPAD_SETTINGS=${gecloudpad_settings}"]; - }; - }; - }; - }; - - services.nginx = { - enable = lib.mkDefault true; - virtualHosts."pad.binaergewitter.de" = { - enableACME = true; - forceSSL = true; - locations = { - "/".extraConfig = '' - expires -1; - uwsgi_pass unix://${wsgi-sock}; - uwsgi_param UWSGI_CHDIR ${gecloudpad}/${pkgs.python.sitePackages}; - uwsgi_param UWSGI_MODULE gecloudpad.main; - uwsgi_param UWSGI_CALLABLE app; - include ${pkgs.nginx}/conf/uwsgi_params; - ''; - }; - }; - }; -} diff --git a/makefu/2configs/deployment/gecloudpad/gecloudpad.nix b/makefu/2configs/deployment/gecloudpad/gecloudpad.nix deleted file mode 100644 index 6f20ff579..000000000 --- a/makefu/2configs/deployment/gecloudpad/gecloudpad.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ lib, pkgs, fetchFromGitHub, ... }: - -with pkgs.python3Packages;buildPythonPackage rec { - name = "gecloudpad-${version}"; - version = "0.2.3"; - - propagatedBuildInputs = [ - flask requests - ]; - - src = fetchFromGitHub { - owner = "binaergewitter"; - repo = "gecloudpad"; - rev = "1399ede4e609f63fbf1c4560979a6b22b924e0c5"; - sha256 = "1w74j5ks7naalzrib87r0adq20ik5x3x5l520apagb7baszn17lb"; - }; - - meta = { - homepage = https://github.com/binaergeiwtter/gecloudpad; - description = "server side for gecloudpad"; - license = lib.licenses.wtfpl; - }; -} - diff --git a/makefu/2configs/deployment/gitlab.nix b/makefu/2configs/deployment/gitlab.nix deleted file mode 100644 index d61f50c1d..000000000 --- a/makefu/2configs/deployment/gitlab.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ lib, config, ... }: -let - web-port = 19453; - hostn = "gitlab.makefu.r"; - internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; -in { - - services.gitlab = { - enable = true; - https = false; - port = web-port; - secrets = import <secrets/gitlab/secrets.nix>; - databasePassword = import <secrets/gitlab/dbpw.nix>; - initialRootEmail = "makefu@x.r"; - initialRootPassword = import <secrets/gitlab/rootpw.nix>; - host = hostn; - smtp = { - enable = true; - domain = "r"; - enableStartTLSAuto = false; - port = 25; - }; - }; - - services.nginx = { - enable = lib.mkDefault true; - virtualHosts."${hostn}".locations."/" = { - proxyPass = "http://localhost:${toString web-port}/"; - extraConfig = '' - if ( $server_addr != "${internal-ip}" ) { - return 403; - } - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - ''; - }; - }; -} diff --git a/makefu/2configs/deployment/graphs.nix b/makefu/2configs/deployment/graphs.nix deleted file mode 100644 index 1f6deb1bf..000000000 --- a/makefu/2configs/deployment/graphs.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let - external-ip = config.krebs.build.host.nets.internet.ip4.addr; - internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; - hn = config.krebs.build.host.name; -in { - krebs.tinc_graphs = { - enable = true; - nginx = { - enable = true; - # TODO: remove hard-coded hostname - complete = { - extraConfig = '' - if ( $server_addr = "${external-ip}" ) { - return 403; - } - ''; - serverAliases = [ - "graph.makefu.r" - "graph.${hn}" "graph.${hn}.r" - ]; - }; - anonymous = { - forceSSL = true; - enableACME = true; - }; - }; - }; -} diff --git a/makefu/2configs/deployment/hound/default.nix b/makefu/2configs/deployment/hound/default.nix deleted file mode 100644 index 0cfb5cdeb..000000000 --- a/makefu/2configs/deployment/hound/default.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ config, pkgs, ... }: -{ - services.nginx.virtualHosts."wikisearch.krebsco.de" = { - forceSSL = true; - enableACME = true; - locations."/".proxyPass = "http://localhost:6080"; - }; - services.hound = { - enable = true; - listen = "127.0.0.1:6080"; - # package = pkgs.hound.overrideDerivation(oldAttrs: { - # patches = [ ./keep-repo.patch ]; - # }); - config = ''{ - "max-concurrent-indexers" : 2, - "dbpath" : "${config.services.hound.home}/data", - "repos" : { - "nixos-users-wiki": { - "url" : "https://github.com/nixos-users/wiki.wiki.git", - "url-pattern" : { - "base-url" : "{url}/{path}" - } - } - } - }''; - }; - -} diff --git a/makefu/2configs/deployment/mediengewitter.de.nix b/makefu/2configs/deployment/mediengewitter.de.nix deleted file mode 100644 index 7c2073e8e..000000000 --- a/makefu/2configs/deployment/mediengewitter.de.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, lib, pkgs, ... }: -# more than just nginx config but not enough to become a module -let - domain = "over.voltage.nz"; -in { - - services.nginx = { - enable = lib.mkDefault true; - virtualHosts."mediengewitter.de" = { - enableACME = true; - forceSSL = true; - locations."/".return = "301 http://${domain}\$request_uri"; - #locations."/" = { - # proxyPass = "http://over.voltage.nz"; - #}; - #locations."/socket.io" = { - # proxyPass = "ws://over.voltage.nz"; - # proxyWebsockets = true; - #}; - }; - }; -} diff --git a/makefu/2configs/deployment/mycube.connector.one.nix b/makefu/2configs/deployment/mycube.connector.one.nix deleted file mode 100644 index aa9ff514c..000000000 --- a/makefu/2configs/deployment/mycube.connector.one.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ config, lib, pkgs, ... }: -# more than just nginx config but not enough to become a module -let - hostname = config.krebs.build.host.name; - external-ip = config.krebs.build.host.nets.internet.ip4.addr; - wsgi-sock = "${config.services.uwsgi.runDir}/uwsgi.sock"; -in { - services.redis = { enable = true; }; - systemd.services.redis.serviceConfig.LimitNOFILE=65536; - - services.uwsgi = { - enable = true; - user = "nginx"; - plugins = [ "python2" ]; - instance = { - type = "emperor"; - vassals = { - mycube-flask = { - type = "normal"; - pythonPackages = self: with self; [ pkgs.mycube-flask ]; - socket = wsgi-sock; - }; - }; - }; - }; - - services.nginx = { - enable = lib.mkDefault true; - virtualHosts."mybox.connector.one" = { - locations = { - "/".extraConfig = '' - uwsgi_pass unix://${wsgi-sock}; - uwsgi_param UWSGI_CHDIR ${pkgs.mycube-flask}/${pkgs.python.sitePackages}; - uwsgi_param UWSGI_MODULE mycube.websrv; - uwsgi_param UWSGI_CALLABLE app; - - include ${pkgs.nginx}/conf/uwsgi_params; - ''; - }; - }; - }; -} diff --git a/makefu/2configs/deployment/nixos.wiki/default.nix b/makefu/2configs/deployment/nixos.wiki/default.nix deleted file mode 100644 index cd738ea8b..000000000 --- a/makefu/2configs/deployment/nixos.wiki/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = - [ ./mediawiki.nix - ./network.nix - ]; - -} diff --git a/makefu/2configs/deployment/nixos.wiki/mediawiki.module.nix b/makefu/2configs/deployment/nixos.wiki/mediawiki.module.nix deleted file mode 100644 index 24715f81e..000000000 --- a/makefu/2configs/deployment/nixos.wiki/mediawiki.module.nix +++ /dev/null @@ -1,481 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - - inherit (lib) mkDefault mkEnableOption mkForce mkIf mkMerge mkOption; - inherit (lib) concatStringsSep literalExample mapAttrsToList optional optionals optionalString types; - - cfg = config.services.mediawiki; - fpm = config.services.phpfpm.pools.mediawiki; - user = "mediawiki"; - group = config.services.httpd.group; - cacheDir = "/var/cache/mediawiki"; - stateDir = "/var/lib/mediawiki"; - - pkg = pkgs.stdenv.mkDerivation rec { - pname = "mediawiki-full"; - version = src.version; - src = cfg.package; - - installPhase = '' - mkdir -p $out - cp -r * $out/ - - rm -rf $out/share/mediawiki/skins/* - rm -rf $out/share/mediawiki/extensions/* - - ${concatStringsSep "\n" (mapAttrsToList (k: v: '' - ln -s ${v} $out/share/mediawiki/skins/${k} - '') cfg.skins)} - - ${concatStringsSep "\n" (mapAttrsToList (k: v: '' - ln -s ${if v != null then v else "$src/share/mediawiki/extensions/${k}"} $out/share/mediawiki/extensions/${k} - '') cfg.extensions)} - ''; - }; - - mediawikiScripts = pkgs.runCommand "mediawiki-scripts" { - buildInputs = [ pkgs.makeWrapper ]; - preferLocalBuild = true; - } '' - mkdir -p $out/bin - for i in changePassword.php createAndPromote.php userOptions.php edit.php nukePage.php update.php; do - makeWrapper ${pkgs.php}/bin/php $out/bin/mediawiki-$(basename $i .php) \ - --set MEDIAWIKI_CONFIG ${mediawikiConfig} \ - --add-flags ${pkg}/share/mediawiki/maintenance/$i - done - ''; - - mediawikiConfig = pkgs.writeText "LocalSettings.php" '' - <?php - # Protect against web entry - if ( !defined( 'MEDIAWIKI' ) ) { - exit; - } - - $wgSitename = "${cfg.name}"; - $wgMetaNamespace = false; - - ## The URL base path to the directory containing the wiki; - ## defaults for all runtime URL paths are based off of this. - ## For more information on customizing the URLs - ## (like /w/index.php/Page_title to /wiki/Page_title) please see: - ## https://www.mediawiki.org/wiki/Manual:Short_URL - $wgScriptPath = "${cfg.basePath}"; - - ## The protocol and server name to use in fully-qualified URLs - #$wgServer = "${if cfg.virtualHost.addSSL || cfg.virtualHost.forceSSL || cfg.virtualHost.onlySSL then "https" else "http"}://${cfg.virtualHost.hostName}"; - #$wgServer = ""; - $wgServer = "http://localhost"; - - ## The URL path to static resources (images, scripts, etc.) - $wgResourceBasePath = $wgScriptPath; - - ## The URL path to the logo. Make sure you change this from the default, - ## or else you'll overwrite your logo when you upgrade! - $wgLogo = "$wgResourceBasePath/resources/assets/wiki.png"; - - ## UPO means: this is also a user preference option - - $wgEnableEmail = true; - $wgEnableUserEmail = true; # UPO - - $wgEmergencyContact = "${if cfg.virtualHost.adminAddr != null then cfg.virtualHost.adminAddr else config.services.httpd.adminAddr}"; - $wgPasswordSender = $wgEmergencyContact; - - $wgEnotifUserTalk = false; # UPO - $wgEnotifWatchlist = false; # UPO - $wgEmailAuthentication = true; - - ## Database settings - $wgDBtype = "${cfg.database.type}"; - $wgDBserver = "${cfg.database.host}:${if cfg.database.socket != null then cfg.database.socket else toString cfg.database.port}"; - $wgDBname = "${cfg.database.name}"; - $wgDBuser = "${cfg.database.user}"; - ${optionalString (cfg.database.passwordFile != null) "$wgDBpassword = file_get_contents(\"${cfg.database.passwordFile}\");"} - - ${optionalString (cfg.database.type == "mysql" && cfg.database.tablePrefix != null) '' - # MySQL specific settings - $wgDBprefix = "${cfg.database.tablePrefix}"; - ''} - - ${optionalString (cfg.database.type == "mysql") '' - # MySQL table options to use during installation or update - $wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary"; - ''} - - ## Shared memory settings - $wgMainCacheType = CACHE_NONE; - $wgMemCachedServers = []; - - ${optionalString (cfg.uploadsDir != null) '' - $wgEnableUploads = true; - $wgUploadDirectory = "${cfg.uploadsDir}"; - ''} - - $wgUseImageMagick = true; - $wgImageMagickConvertCommand = "${pkgs.imagemagick}/bin/convert"; - - # InstantCommons allows wiki to use images from https://commons.wikimedia.org - $wgUseInstantCommons = false; - - # Periodically send a pingback to https://www.mediawiki.org/ with basic data - # about this MediaWiki instance. The Wikimedia Foundation shares this data - # with MediaWiki developers to help guide future development efforts. - $wgPingback = true; - - ## If you use ImageMagick (or any other shell command) on a - ## Linux server, this will need to be set to the name of an - ## available UTF-8 locale - $wgShellLocale = "C.UTF-8"; - - ## Set $wgCacheDirectory to a writable directory on the web server - ## to make your wiki go slightly faster. The directory should not - ## be publically accessible from the web. - $wgCacheDirectory = "${cacheDir}"; - - # Site language code, should be one of the list in ./languages/data/Names.php - $wgLanguageCode = "en"; - - $wgSecretKey = file_get_contents("${stateDir}/secret.key"); - - # Changing this will log out all existing sessions. - $wgAuthenticationTokenVersion = ""; - - ## For attaching licensing metadata to pages, and displaying an - ## appropriate copyright notice / icon. GNU Free Documentation - ## License and Creative Commons licenses are supported so far. - $wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright - $wgRightsUrl = ""; - $wgRightsText = ""; - $wgRightsIcon = ""; - - # Path to the GNU diff3 utility. Used for conflict resolution. - $wgDiff = "${pkgs.diffutils}/bin/diff"; - $wgDiff3 = "${pkgs.diffutils}/bin/diff3"; - - # Enabled skins. - ${concatStringsSep "\n" (mapAttrsToList (k: v: "wfLoadSkin('${k}');") cfg.skins)} - - # Enabled extensions. - ${concatStringsSep "\n" (mapAttrsToList (k: v: "wfLoadExtension('${k}');") cfg.extensions)} - - - # End of automatically generated settings. - # Add more configuration options below. - - ${cfg.extraConfig} - ''; - -in -{ - # interface - options = { - services.mediawiki = { - - enable = mkEnableOption "MediaWiki"; - - package = mkOption { - type = types.package; - default = pkgs.mediawiki; - description = "Which MediaWiki package to use."; - }; - - basePath = mkOption { - type = types.str; - default = "/"; - description = "Base path to Wiki"; - }; - - name = mkOption { - default = "MediaWiki"; - example = "Foobar Wiki"; - description = "Name of the wiki."; - }; - - uploadsDir = mkOption { - type = types.nullOr types.path; - default = "${stateDir}/uploads"; - description = '' - This directory is used for uploads of pictures. The directory passed here is automatically - created and permissions adjusted as required. - ''; - }; - - passwordFile = mkOption { - type = types.path; - description = "A file containing the initial password for the admin user."; - example = "/run/keys/mediawiki-password"; - }; - - skins = mkOption { - default = {}; - type = types.attrsOf types.path; - description = '' - Attribute set of paths whose content is copied to the <filename>skins</filename> - subdirectory of the MediaWiki installation in addition to the default skins. - ''; - }; - - extensions = mkOption { - default = {}; - type = types.attrsOf (types.nullOr types.path); - description = '' - Attribute set of paths whose content is copied to the <filename>extensions</filename> - subdirectory of the MediaWiki installation and enabled in configuration. - - Use <literal>null</literal> instead of path to enable extensions that are part of MediaWiki. - ''; - example = literalExample '' - { - Matomo = pkgs.fetchzip { - url = "https://github.com/DaSchTour/matomo-mediawiki-extension/archive/v4.0.1.tar.gz"; - sha256 = "0g5rd3zp0avwlmqagc59cg9bbkn3r7wx7p6yr80s644mj6dlvs1b"; - }; - ParserFunctions = null; - } - ''; - }; - - database = { - type = mkOption { - type = types.enum [ "mysql" "postgres" "sqlite" "mssql" "oracle" ]; - default = "mysql"; - description = "Database engine to use. MySQL/MariaDB is the database of choice by MediaWiki developers."; - }; - - host = mkOption { - type = types.str; - default = "localhost"; - description = "Database host address."; - }; - - port = mkOption { - type = types.port; - default = 3306; - description = "Database host port."; - }; - - name = mkOption { - type = types.str; - default = "mediawiki"; - description = "Database name."; - }; - - user = mkOption { - type = types.str; - default = "mediawiki"; - description = "Database user."; - }; - - passwordFile = mkOption { - type = types.nullOr types.path; - default = null; - example = "/run/keys/mediawiki-dbpassword"; - description = '' - A file containing the password corresponding to - <option>database.user</option>. - ''; - }; - - tablePrefix = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - If you only have access to a single database and wish to install more than - one version of MediaWiki, or have other applications that also use the - database, you can give the table names a unique prefix to stop any naming - conflicts or confusion. - See <link xlink:href='https://www.mediawiki.org/wiki/Manual:$wgDBprefix'/>. - ''; - }; - - socket = mkOption { - type = types.nullOr types.path; - default = if cfg.database.createLocally then "/run/mysqld/mysqld.sock" else null; - defaultText = "/run/mysqld/mysqld.sock"; - description = "Path to the unix socket file to use for authentication."; - }; - - createLocally = mkOption { - type = types.bool; - default = cfg.database.type == "mysql"; - defaultText = "true"; - description = '' - Create the database and database user locally. - This currently only applies if database type "mysql" is selected. - ''; - }; - }; - - virtualHost = mkOption { - type = types.submodule (import <nixpkgs/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix>); - example = literalExample '' - { - hostName = "mediawiki.example.org"; - adminAddr = "webmaster@example.org"; - forceSSL = true; - enableACME = true; - } - ''; - description = '' - Apache configuration can be done by adapting <option>services.httpd.virtualHosts</option>. - See <xref linkend="opt-services.httpd.virtualHosts"/> for further information. - ''; - }; - - poolConfig = mkOption { - type = with types; attrsOf (oneOf [ str int bool ]); - default = { - "pm" = "dynamic"; - "pm.max_children" = 32; - "pm.start_servers" = 2; - "pm.min_spare_servers" = 2; - "pm.max_spare_servers" = 4; - "pm.max_requests" = 500; - }; - description = '' - Options for the MediaWiki PHP pool. See the documentation on <literal>php-fpm.conf</literal> - for details on configuration directives. - ''; - }; - - extraConfig = mkOption { - type = types.lines; - description = '' - Any additional text to be appended to MediaWiki's - LocalSettings.php configuration file. For configuration - settings, see <link xlink:href="https://www.mediawiki.org/wiki/Manual:Configuration_settings"/>. - ''; - default = ""; - example = '' - $wgEnableEmail = false; - ''; - }; - - }; - }; - - # implementation - config = mkIf cfg.enable { - - assertions = [ - { assertion = cfg.database.createLocally -> cfg.database.type == "mysql"; - message = "services.mediawiki.createLocally is currently only supported for database type 'mysql'"; - } - { assertion = cfg.database.createLocally -> cfg.database.user == user; - message = "services.mediawiki.database.user must be set to ${user} if services.mediawiki.database.createLocally is set true"; - } - { assertion = cfg.database.createLocally -> cfg.database.socket != null; - message = "services.mediawiki.database.socket must be set if services.mediawiki.database.createLocally is set to true"; - } - { assertion = cfg.database.createLocally -> cfg.database.passwordFile == null; - message = "a password cannot be specified if services.mediawiki.database.createLocally is set to true"; - } - ]; - - services.mediawiki.skins = { - MonoBook = "${cfg.package}/share/mediawiki/skins/MonoBook"; - Timeless = "${cfg.package}/share/mediawiki/skins/Timeless"; - Vector = "${cfg.package}/share/mediawiki/skins/Vector"; - }; - - services.mysql = mkIf cfg.database.createLocally { - enable = true; - package = mkDefault pkgs.mariadb; - ensureDatabases = [ cfg.database.name ]; - ensureUsers = [ - { name = cfg.database.user; - ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; }; - } - ]; - }; - - services.phpfpm.pools.mediawiki = { - inherit user group; - phpEnv.MEDIAWIKI_CONFIG = "${mediawikiConfig}"; - settings = { - "listen.owner" = config.services.httpd.user; - "listen.group" = config.services.httpd.group; - } // cfg.poolConfig; - }; - - services.httpd = { - enable = true; - extraModules = [ "proxy_fcgi" ]; - virtualHosts.${cfg.virtualHost.hostName} = mkMerge [ cfg.virtualHost { - documentRoot = mkForce "${pkg}/share/mediawiki"; - extraConfig = '' - <Directory "${pkg}/share/mediawiki"> - <FilesMatch "\.php$"> - <If "-f %{REQUEST_FILENAME}"> - SetHandler "proxy:unix:${fpm.socket}|fcgi://localhost/" - </If> - </FilesMatch> - - Require all granted - DirectoryIndex index.php - AllowOverride All - </Directory> - '' + optionalString (cfg.uploadsDir != null) '' - Alias "/images" "${cfg.uploadsDir}" - <Directory "${cfg.uploadsDir}"> - Require all granted - </Directory> - ''; - } ]; - }; - - systemd.tmpfiles.rules = [ - "d '${stateDir}' 0750 ${user} ${group} - -" - "d '${cacheDir}' 0750 ${user} ${group} - -" - ] ++ optionals (cfg.uploadsDir != null) [ - "d '${cfg.uploadsDir}' 0750 ${user} ${group} - -" - "Z '${cfg.uploadsDir}' 0750 ${user} ${group} - -" - ]; - - systemd.services.mediawiki-init = { - wantedBy = [ "multi-user.target" ]; - before = [ "phpfpm-mediawiki.service" ]; - after = optional cfg.database.createLocally "mysql.service"; - script = '' - if ! test -e "${stateDir}/secret.key"; then - tr -dc A-Za-z0-9 </dev/urandom 2>/dev/null | head -c 64 > ${stateDir}/secret.key - fi - - echo "exit( wfGetDB( DB_MASTER )->tableExists( 'user' ) ? 1 : 0 );" | \ - ${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/eval.php --conf ${mediawikiConfig} && \ - ${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/install.php \ - --confpath /tmp \ - --scriptpath ${cfg.basePath} \ - --dbserver ${cfg.database.host}${optionalString (cfg.database.socket != null) ":${cfg.database.socket}"} \ - --dbport ${toString cfg.database.port} \ - --dbname ${cfg.database.name} \ - ${optionalString (cfg.database.tablePrefix != null) "--dbprefix ${cfg.database.tablePrefix}"} \ - --dbuser ${cfg.database.user} \ - ${optionalString (cfg.database.passwordFile != null) "--dbpassfile ${cfg.database.passwordFile}"} \ - --passfile ${cfg.passwordFile} \ - "${cfg.name}" \ - admin - - ${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/update.php --conf ${mediawikiConfig} --quick - ''; - - serviceConfig = { - Type = "oneshot"; - User = user; - Group = group; - PrivateTmp = true; - }; - }; - - systemd.services.httpd.after = optional (cfg.database.createLocally && cfg.database.type == "mysql") "mysql.service"; - - users.users.${user} = { - group = group; - isSystemUser = true; - }; - - environment.systemPackages = [ mediawikiScripts ]; - }; -} diff --git a/makefu/2configs/deployment/nixos.wiki/mediawiki.nix b/makefu/2configs/deployment/nixos.wiki/mediawiki.nix deleted file mode 100644 index a346b82cb..000000000 --- a/makefu/2configs/deployment/nixos.wiki/mediawiki.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ config, pkgs, ... }: - -let - hostAddress = "192.168.48.1"; - localAddress = "192.168.48.3"; -in - -{ - containers.mediawiki = - { autoStart = true; - privateNetwork = true; - inherit hostAddress localAddress; - config = { config, pkgs, ... }: - { - # NOTE: This disabling and importing is so that the basePath can be altered - disabledModules = [ "services/web-apps/mediawiki.nix" ]; - imports = [ - ./mediawiki.module.nix - ]; - time.timeZone = "America/New_York"; - system.stateVersion = "20.09"; - networking.defaultGateway = hostAddress; - # NOTE: you might want to change this namserver address - networking.nameservers = [ "8.8.8.8" ]; - networking.firewall.allowedTCPPorts = [ 80 ]; - services.mediawiki = { - enable = true; - name = "Example Containerized Wiki"; - # NOTE: here is where the basePath is specified, which requires the imported mediawiki NixOS module - basePath = "/wiki"; - passwordFile = ./mediawiki.password.txt; - extraConfig = '' - $wgRCFeeds['euerkrebsco'] = array( - 'formatter' => 'JSONRCFeedFormatter', - 'uri' => 'udp://euer.krebsco.de:5005', - 'add_interwiki_prefix' => false, - 'omit_bots' => true, - ); - $wgRCFeeds['euerkrebscoIRC'] = array( - 'formatter' => 'IRCColourfulRCFeedFormatter', - 'uri' => 'udp://euer.krebsco.de:5006', - 'add_interwiki_prefix' => false, - 'omit_bots' => true, - ); - ''; - virtualHost = { - hostName = "localhost"; - adminAddr = "root@localhost"; - forceSSL = false; - addSSL = false; - onlySSL = false; - enableACME = false; - }; - }; - }; - }; - - # Put the MediaWiki web page behind an NGINX proxy - services.nginx = { - enable = true; - virtualHosts.localhost.locations."/wiki" = { - # NOTE: the slash at the end of the URI is important. It causes the location base path to be removed when passed onto the proxy - proxyPass = "http://${localAddress}:80/"; - }; - }; - -} diff --git a/makefu/2configs/deployment/nixos.wiki/mediawiki.password.txt b/makefu/2configs/deployment/nixos.wiki/mediawiki.password.txt deleted file mode 100644 index b11b15f08..000000000 --- a/makefu/2configs/deployment/nixos.wiki/mediawiki.password.txt +++ /dev/null @@ -1 +0,0 @@ -thisisthepassword diff --git a/makefu/2configs/deployment/nixos.wiki/network.nix b/makefu/2configs/deployment/nixos.wiki/network.nix deleted file mode 100644 index a7ffb28f1..000000000 --- a/makefu/2configs/deployment/nixos.wiki/network.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - networking.networkmanager.unmanaged = [ "interface-name:ve-*" ]; - networking.nat.enable = true; - networking.nat.internalInterfaces = ["ve-+"]; - networking.nat.externalInterface = "wlan0"; -} diff --git a/makefu/2configs/deployment/ntfysh.nix b/makefu/2configs/deployment/ntfysh.nix deleted file mode 100644 index 1a3311d9e..000000000 --- a/makefu/2configs/deployment/ntfysh.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ lib, config, ... }: -let - web-port = 19455; - hostn = "ntfy.euer.krebsco.de"; - internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; -in -{ - services.ntfy-sh = { - enable = true; - settings = { - listen-http = "127.0.0.1:${toString web-port}"; - auth-file = "/var/lib/ntfy-sh/user.db"; - auth-default-access = "deny-all"; - behind-proxy = true; - attachment-cache-dir = "/media/cloud/ntfy-sh/attachments"; - attachment-file-size-limit = "500m"; - attachment-total-size-limit = "100g"; - base-url = "https://ntfy.euer.krebsco.de"; - attachment-expiry-duration = "48h"; - }; - }; - - systemd.services.ntfy-sh.serviceConfig = { - StateDirectory = "ntfy-sh"; - SupplementaryGroups = [ "download" ]; - }; - - services.nginx = { - enable = lib.mkDefault true; - virtualHosts."${hostn}" = { - forceSSL = true; - enableACME = true; - - locations."/" = { - proxyPass = "http://localhost:${toString web-port}/"; - proxyWebsockets = true; - recommendedProxySettings = true; - }; - }; - }; -} diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix deleted file mode 100644 index 8e5e71f11..000000000 --- a/makefu/2configs/deployment/owncloud.nix +++ /dev/null @@ -1,107 +0,0 @@ -{ lib, pkgs, config, ... }: -with lib; - -# services.redis.enable = true; -# to enable caching with redis first start up everything, then run: -# nextcloud-occ config:system:set redis 'host' --value 'localhost' --type string -# nextcloud-occ config:system:set redis 'port' --value 6379 --type integer -# nextcloud-occ config:system:set memcache.local --value '\OC\Memcache\Redis' --type string -# nextcloud-occ config:system:set memcache.locking --value '\OC\Memcache\Redis' --type string - -# services.memcached.enable = true; -# to enable caching with memcached run: -# nextcloud-occ config:system:set memcached_servers 0 0 --value 127.0.0.1 --type string -# nextcloud-occ config:system:set memcached_servers 0 1 --value 11211 --type integer -# nextcloud-occ config:system:set memcache.local --value '\OC\Memcache\APCu' --type string -# nextcloud-occ config:system:set memcache.distributed --value '\OC\Memcache\Memcached' --type string - -let - adminpw = "/run/secret/nextcloud-admin-pw"; - dbpw = "/run/secret/nextcloud-db-pw"; -in { - - fileSystems."/var/lib/nextcloud/data" = { - device = "/media/cloud/nextcloud-data"; - options = [ "bind" ]; - depends = [ "/media/cloud" ]; - }; - - - - krebs.secret.files.nextcloud-db-pw = { - path = dbpw; - owner.name = "nextcloud"; - source-path = toString <secrets> + "/nextcloud-db-pw"; - }; - - krebs.secret.files.nextcloud-admin-pw = { - path = adminpw; - owner.name = "nextcloud"; - source-path = toString <secrets> + "/nextcloud-admin-pw"; - }; - - services.nginx.virtualHosts."o.euer.krebsco.de" = { - forceSSL = true; - enableACME = true; - }; - services.postgresqlBackup = { - enable = true; - databases = [ config.services.nextcloud.config.dbname ]; - }; -systemd.services.postgresqlBackup-nextcloud.serviceConfig.SupplementaryGroups = [ "download" ]; - - state = [ - # services.postgresql.dataDir - # "${config.services.nextcloud.home}/config" - config.services.postgresqlBackup.location - ]; - - users.users.nextcloud.extraGroups = [ "download" ]; - services.nextcloud = { - enable = true; - package = pkgs.nextcloud25; - hostName = "o.euer.krebsco.de"; - # Use HTTPS for links - https = true; - # Auto-update Nextcloud Apps - autoUpdateApps.enable = true; - # Set what time makes sense for you - autoUpdateApps.startAt = "05:00:00"; - - caching.redis = true; - caching.apcu = true; - config = { - # Further forces Nextcloud to use HTTPS - overwriteProtocol = "https"; - defaultPhoneRegion = "DE"; - - # Nextcloud PostegreSQL database configuration, recommended over using SQLite - dbtype = "pgsql"; - dbuser = "nextcloud"; - dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself - dbname = "nextcloud"; - dbpassFile = dbpw; - adminpassFile = adminpw; - adminuser = "root"; - }; - }; - services.redis.enable = true; - systemd.services.redis.serviceConfig.LimitNOFILE=mkForce "65536"; - services.postgresql = { - enable = true; - # Ensure the database, user, and permissions always exist - ensureDatabases = [ "nextcloud" ]; - ensureUsers = [ { name = "nextcloud"; ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; } ]; - }; - - systemd.services."nextcloud-setup" = { - requires = ["postgresql.service"]; - after = ["postgresql.service"]; - serviceConfig.RequiresMountFor = [ "/media/cloud" ]; - }; - systemd.services."phpfpm-nextcloud".serviceConfig.RequiresMountFor = [ - "/media/cloud" - "/var/lib/nextcloud/data" - ]; - systemd.services."phpfpm".serviceConfig.RequiresMountFor = [ "/media/cloud" ]; -} diff --git a/makefu/2configs/deployment/photostore.krebsco.de.nix b/makefu/2configs/deployment/photostore.krebsco.de.nix deleted file mode 100644 index 19a8df235..000000000 --- a/makefu/2configs/deployment/photostore.krebsco.de.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ config, lib, pkgs, ... }: -# more than just nginx config but not enough to become a module -with import <stockholm/lib>; -let - wsgi-sock = "${workdir}/uwsgi-photostore.sock"; - workdir = config.services.uwsgi.runDir; -in { - - services.uwsgi = { - enable = true; - user = "nginx"; - runDir = "/var/lib/photostore"; - plugins = [ "python3" ]; - instance = { - type = "emperor"; - vassals = { - cameraupload-server = { - type = "normal"; - pythonPackages = self: with self; [ pkgs.cameraupload-server ]; - socket = wsgi-sock; - }; - }; - }; - }; - - services.nginx = { - enable = mkDefault true; - virtualHosts."photostore.krebsco.de" = { - enableACME = true; - forceSSL = true; - locations = { - "/".extraConfig = '' - expires -1; - uwsgi_pass unix://${wsgi-sock}; - uwsgi_param UWSGI_CHDIR ${workdir}; - uwsgi_param UWSGI_MODULE cuserver.main; - uwsgi_param UWSGI_CALLABLE app; - include ${pkgs.nginx}/conf/uwsgi_params; - ''; - }; - }; - }; -} diff --git a/makefu/2configs/deployment/rss/ebk.yml b/makefu/2configs/deployment/rss/ebk.yml deleted file mode 100644 index 3248f5c4e..000000000 --- a/makefu/2configs/deployment/rss/ebk.yml +++ /dev/null @@ -1,59 +0,0 @@ -regex: https://www.ebay\-kleinanzeigen.de/s\-.* -selectors: - httpsettings: - cookie: {} - header: {} - useragent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) - Chrome/90.0.4430.72 Safari/537.36 - insecure: false - feed: - title: title - authorname: "" - authoremail: "" - item: - container: ul[id='srchrslt-adtable'] li[class='ad-listitem lazyload-item '] - title: | - title = sel:find("h2.text-module-begin"):first():text():gsub("^%s*(.-)%s*$", "%1") - print(title) - link: | - link = sel:find("a"):first():attr("href") - print("https://www.ebay-kleinanzeigen.de" .. link) - created: |- - created = "" - sel:find("div.aditem-main--top--right"):each(function(i, s) - created = s:text():gsub("^%s*(.-)%s*$", "%1") - end) - if created:match("Heute") then - time = created:gsub("^.*,", "") - print(os.date("%d.%m.%Y") .. time .. " CET") - return - end - if created:match("Gestern") then - time = created:gsub("^.*,", "") - print(os.date("%d.%m.%Y", os.time()-24*60*60) .. time .. " CET") - return - end - if created:match("\.") then - print(created .. " 00:00 CET") - return - end - createdformat: 02.01.2006 15:04 MST - description: |- - description = sel:find(".aditem-main--middle"):html() - place = sel:find(".aditem-main--top--left"):html() - print(description .. place) - content: "" - image: | - img = sel:find("div.imagebox"):first():attr("data-imgsrc") - if img ~= "" then - -- prepend host if needed - if not(img:match("https*:\/\/.*")) then - img = "https://www.ebay-kleinanzeigen.de" .. img - end - print(img) - end - nextpage: | - nextpage = sel:find("link[rel=next]"):attr("href") - print("https://www.ebay-kleinanzeigen.de" .. nextpage) - nextpagecount: 5 - sort: "" diff --git a/makefu/2configs/deployment/rss/ratt-hourly.sh b/makefu/2configs/deployment/rss/ratt-hourly.sh deleted file mode 100755 index 67f2529bd..000000000 --- a/makefu/2configs/deployment/rss/ratt-hourly.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh -set -eu -URLS=${1?must provide URLS file} -OUTFILE=${2:-all.xml} - -echo "init, writing to $OUTFILE" - -cat > "$OUTFILE" <<EOF -<?xml version="1.0" encoding="UTF-8"?> -<rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/"> - <channel> - <title>makefu Ebay Kleinanzeigen</title> - <link>https://www.ebay-kleinanzeigen.de/</link> - <description>Feed for all kleinanzeigen</description> - <pubDate>$(date '+%a, %d %b %Y %H:%M:%S %z')</pubDate> -EOF -echo "looping through $URLS" -cat "$URLS" | while read line;do - echo "fetching $line" - ratt auto "$line" | \ - xmlstarlet sel -t -c "//item" >> "$OUTFILE" || : -done - -echo "close" -cat >> "$OUTFILE" <<EOF - </channel> -</rss> -EOF diff --git a/makefu/2configs/deployment/rss/ratt.nix b/makefu/2configs/deployment/rss/ratt.nix deleted file mode 100644 index 2e7ecb45d..000000000 --- a/makefu/2configs/deployment/rss/ratt.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ pkgs, lib, config, ... }: -let - fqdn = "rss.euer.krebsco.de"; - ratt-path = "/var/lib/ratt/"; - out-path = "${ratt-path}/all.xml"; -in { - systemd.tmpfiles.rules = ["d ${ratt-path} 0750 nginx nginx - -" ]; - systemd.services.run-ratt = { - enable = true; - path = with pkgs; [ ratt xmlstarlet ]; - script = builtins.readFile ./ratt-hourly.sh; - scriptArgs = "${./urls} ${out-path}"; - - preStart = "install -v -m750 ${./ebk.yml} ${ratt-path}/ebk.yml"; # ratt requires the config file in the cwd - serviceConfig.User = "nginx"; - serviceConfig.WorkingDirectory= ratt-path; - startAt = "00/3:07"; # every 3 hours, fetch latest - }; - - services.nginx.virtualHosts."${fqdn}" = { - locations."=/ratt/all.xml" = { - alias = out-path; - }; - }; -} - diff --git a/makefu/2configs/deployment/rss/rss.euer.krebsco.de.nix b/makefu/2configs/deployment/rss/rss.euer.krebsco.de.nix deleted file mode 100644 index e204050b4..000000000 --- a/makefu/2configs/deployment/rss/rss.euer.krebsco.de.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ pkgs, lib, config, ... }: -let - fqdn = "rss.euer.krebsco.de"; - ratt-path = "/var/lib/ratt/"; -in { - systemd.tmpfiles.rules = ["d ${ratt-path} 0750 nginx nginx - -" ]; - services.tt-rss = { - enable = true; - virtualHost = fqdn; - selfUrlPath = "https://${fqdn}"; - }; - - state = [ config.services.postgresqlBackup.location ]; - - services.postgresqlBackup = { - enable = true; - databases = [ config.services.tt-rss.database.name ]; - }; - systemd.services.tt-rss.serviceConfig = { - Restart = lib.mkForce "always"; - }; - - systemd.services.postgresqlBackup-tt_rss.serviceConfig.SupplementaryGroups = [ "download" ]; - - services.nginx.virtualHosts."${fqdn}" = { - enableACME = true; - forceSSL = true; - locations."/ratt/" = { - alias = ratt-path; - extraConfig = "autoindex on;"; - }; - }; -} - diff --git a/makefu/2configs/deployment/rss/urls b/makefu/2configs/deployment/rss/urls deleted file mode 100644 index cbc68ccc7..000000000 --- a/makefu/2configs/deployment/rss/urls +++ /dev/null @@ -1,9 +0,0 @@ -https://www.ebay-kleinanzeigen.de/s-heimwerken/nein/muehlhausen/bohrmaschine/k0c84l9313r5+heimwerken.versand_s:nein -https://www.ebay-kleinanzeigen.de/s-stuttgart/zigbee/k0l9280 -https://www.ebay-kleinanzeigen.de/s-70378/d%C3%B6rrautomat/k0l9334r5 -https://www.ebay-kleinanzeigen.de/s-zu-verschenken/muehlhausen/c192l9313 -https://www.ebay-kleinanzeigen.de/s-spielzeug/muehlhausen/brettspiel/k0c23l9313 -https://www.ebay-kleinanzeigen.de/s-muehlhausen/dymo/k0l9313r5 -https://www.ebay-kleinanzeigen.de/s-zu-verschenken/muehlhausen/lautsprecher/k0c192l9313r5 -https://www.ebay-kleinanzeigen.de/s-muehlhausen/preis::40/winkelschleifer/k0l9313r5 -https://www.ebay-kleinanzeigen.de/s-muehlhausen/preis::40/kontaktgrill/k0l9313r5 diff --git a/makefu/2configs/deployment/scrape/default.nix b/makefu/2configs/deployment/scrape/default.nix deleted file mode 100644 index c7a5b5c14..000000000 --- a/makefu/2configs/deployment/scrape/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - imports = [ - ./elkstack.nix - ./selenium.nix - ]; -} diff --git a/makefu/2configs/deployment/scrape/elkstack.nix b/makefu/2configs/deployment/scrape/elkstack.nix deleted file mode 100644 index c6bf1c6d8..000000000 --- a/makefu/2configs/deployment/scrape/elkstack.nix +++ /dev/null @@ -1,5 +0,0 @@ -_: -{ - services.elasticsearch.enable = true; - services.kibana.enable = true; -} diff --git a/makefu/2configs/deployment/scrape/selenium.nix b/makefu/2configs/deployment/scrape/selenium.nix deleted file mode 100644 index d700259ba..000000000 --- a/makefu/2configs/deployment/scrape/selenium.nix +++ /dev/null @@ -1,65 +0,0 @@ -{config, pkgs, lib, ...}: -with <stockholm/lib>; -let - selenium-pw = <secrets/selenium-vncpasswd>; -in { - services.jenkinsSlave.enable = true; - users.users.selenium = { - uid = genid "selenium"; - extraGroups = [ "plugdev" ]; - }; - - fonts.enableFontDir = true; - - # networking.firewall.allowedTCPPorts = [ 5910 ]; - - systemd.services.selenium-X11 = - { - description = "X11 vnc for selenium"; - wantedBy = [ "multi-user.target" ]; - path = [ pkgs.xorg.xorgserver pkgs.tightvnc pkgs.dwm ]; - environment = - { - DISPLAY = ":10"; - }; - script = '' - set -ex - [ -e /tmp/.X10-lock ] && ( set +e ; chmod u+w /tmp/.X10-lock ; rm /tmp/.X10-lock ) - [ -e /tmp/.X11-unix/X10 ] && ( set +e ; chmod u+w /tmp/.X11-unix/X10 ; rm /tmp/.X11-unix/X10 ) - mkdir -p ~/.vnc - cp -f ${selenium-pw} ~/.vnc/passwd - chmod go-rwx ~/.vnc/passwd - echo > ~/.vnc/xstartup - chmod u+x ~/.vnc/xstartup - vncserver $DISPLAY -geometry 1280x1024 -depth 24 -name jenkins -ac - dwm - ''; - preStop = '' - vncserver -kill $DISPLAY - ''; - serviceConfig = { - User = "selenium"; - }; - }; - - systemd.services.selenium-server = - { - description = "selenium-server"; - wantedBy = [ "multi-user.target" ]; - requires = [ "selenium-X11.service" ]; - path = [ pkgs.chromium - pkgs.firefoxWrapper ]; - environment = - { - DISPLAY = ":10"; - }; - script = '' - ${pkgs.selenium-server-standalone}/bin/selenium-server -Dwebdriver.enable.native.events=1 - ''; - serviceConfig = { - User = "selenium"; - }; - }; - - -} diff --git a/makefu/2configs/dict.nix b/makefu/2configs/dict.nix deleted file mode 100644 index 08f1f8502..000000000 --- a/makefu/2configs/dict.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ pkgs, ... }: -{ - environment.shellAliases.dict = "dict -h 127.0.0.1"; - services.dictd.enable = true; - services.dictd.DBs = with pkgs.dictdDBs; [ wiktionary wordnet deu2eng eng2deu ]; -} diff --git a/makefu/2configs/disable_v6.nix b/makefu/2configs/disable_v6.nix deleted file mode 100644 index 0a8c8d53d..000000000 --- a/makefu/2configs/disable_v6.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - networking.enableIPv6 = false; -} diff --git a/makefu/2configs/dnscrypt/client.nix b/makefu/2configs/dnscrypt/client.nix deleted file mode 100644 index 988fb4a7d..000000000 --- a/makefu/2configs/dnscrypt/client.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, ... }: -let - customResolver = { - # TODO: put this somewhere else - address = config.krebs.hosts.gum.nets.internet.ip4.addr; - port = 15251; - name = "2.dnscrypt-cert.euer.krebsco.de"; - # dnscrypt-wrapper --show-provider-publickey --provider-publickey-file public.key - key = "1AFC:E58D:F242:0FBB:9EE9:4E51:47F4:5373:D9AE:C2AB:DD96:8448:333D:5D79:272C:A44C"; - }; -in { - services.dnscrypt-proxy = { - enable = true; - inherit customResolver; - }; - networking.extraResolvconfConf = '' - name_servers='127.0.0.1' - ''; -} diff --git a/makefu/2configs/dnscrypt/server.nix b/makefu/2configs/dnscrypt/server.nix deleted file mode 100644 index 79305e727..000000000 --- a/makefu/2configs/dnscrypt/server.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, ... }: -let - # TODO: dataDir is currently not provided by upstream - # data = config.services.dnscrypt-wrapper.dataDir; - data = "/var/lib/dnscrypt-wrapper"; - sec = toString <secrets>; - port = 15251; - user = "dnscrypt-wrapper"; -in { - services.dnscrypt-wrapper = { - enable = true; - address = "0.0.0.0"; - upstream.address = "8.8.8.8"; - providerName = "2.dnscrypt-cert.euer.krebsco.de"; - inherit port; - }; - networking.firewall.allowedUDPPorts = [ port ]; - systemd.services.prepare-dnscrypt-wrapper-keys = { - wantedBy = [ "dnscrypt-wrapper.service" ]; - before = [ "dnscrypt-wrapper.service" ]; - script = '' - install -m700 -o ${user} -v ${sec}/dnscrypt-public.key ${data}/public.key - install -m700 -o ${user} -v ${sec}/dnscrypt-secret.key ${data}/secret.key - ''; - }; -} diff --git a/makefu/2configs/editor/neovim/default.nix b/makefu/2configs/editor/neovim/default.nix deleted file mode 100644 index a6fc1abc1..000000000 --- a/makefu/2configs/editor/neovim/default.nix +++ /dev/null @@ -1,61 +0,0 @@ -{pkgs, config, ...}: -{ - fonts.fonts = [ pkgs.font-awesome_5 ]; - # Neovim dependencies - home-manager.users.makefu = { - home.packages = with pkgs; [ - ctags # dependencie - jq # For fixing json files - xxd # .bin files will be displayed with xxd - shellcheck # Shell linting - # ansible-lint # Ansible linting - unzip # To vim into unzipped files - # nodePackages.jsonlint # json linting - #ccls # C/C++ language server - #clang-tools # C++ fixer - cargo - - # Go support - #go - #gotools - #gocode - ]; - - home.file.".config/pycodestyle".text= '' - [pycodestyle] - max-line-length = 125 - ''; - programs.neovim = { - enable = true; - withPython3 = true; - # withNodeJs = true; - extraPython3Packages = (ps: with ps; [ - # python-language-server - # pyls-mypy - black libxml2 - ]); - extraConfig = builtins.readFile ./vimrc; - plugins = with pkgs.vimPlugins;[ - undotree - vim-addon-nix - - nerdtree # file manager - commentary # comment stuff out based on language - fugitive # full git integration - vim-airline-themes # lean & mean status/tabline - vim-airline # status bar - gitgutter # git diff in the gutter (sign column) - vim-trailing-whitespace # trailing whitspaces in red - tagbar # F3 function overview - ReplaceWithRegister # For better copying/replacing - polyglot # Language pack - vim-indent-guides # for displaying indent levels - deoplete-nvim # general autocompletion - deoplete-go - ale - molokai # color scheme - ]; - }; - }; -} - diff --git a/makefu/2configs/editor/neovim/vimrc b/makefu/2configs/editor/neovim/vimrc deleted file mode 100644 index 2a0a59f01..000000000 --- a/makefu/2configs/editor/neovim/vimrc +++ /dev/null @@ -1,469 +0,0 @@ -"***************************************************************************** -"" Functions -"***************************************************************************** - -function! GetBufferList() - redir =>buflist - silent! ls! - redir END - return buflist -endfunction - -function! ToggleList(bufname, pfx) - let buflist = GetBufferList() - for bufnum in map(filter(split(buflist, '\n'), 'v:val =~ "'.a:bufname.'"'), 'str2nr(matchstr(v:val, "\\d\\+"))') - if bufwinnr(bufnum) != -1 - exec(a:pfx.'close') - return - endif - endfor - if a:pfx == 'l' && len(getloclist(0)) == 0 - echohl ErrorMsg - echo "Location List is Empty." - return - endif - let winnr = winnr() - exec(a:pfx.'open') - if winnr() != winnr - wincmd p - endif -endfunction - - -"***************************************************************************** -"" Basic Setup -"*****************************************************************************" -" General -let no_buffers_menu=1 -syntax on -set ruler -set number -set mousemodel=popup -set t_Co=256 -set guioptions=egmrti -set gfn=Monospace\ 10 - -" TODO: Testing if this works against automatically setting paste mode -" Issue: https://github.com/neovim/neovim/issues/7994 -au InsertLeave * set nopaste - - -set undofile -"maximum number of changes that can be undone -set undolevels=1000000 -"maximum number lines to save for undo on a buffer reload -set undoreload=10000000 - -set backupdir=~/.vim/backup -set directory=~/.vim/tmp -set undodir =~/.vim/undo - -" create Backup/tmp/undo dirs -set backupdir=~/.vim/backup -set directory=~/.vim/tmp - -function! InitBackupDir() - let l:parent = $HOME . '/.vim/' - let l:backup = l:parent . 'backup/' - let l:tmpdir = l:parent . 'tmp/' - let l:undodir= l:parent . 'undo/' - - - if !isdirectory(l:parent) - call mkdir(l:parent) - endif - if !isdirectory(l:backup) - call mkdir(l:backup) - endif - if !isdirectory(l:tmpdir) - call mkdir(l:tmpdir) - endif - if !isdirectory(l:undodir) - call mkdir(l:undodir) - endif -endfunction -call InitBackupDir() - -augroup Binary - " edit binaries in xxd-output, xxd is part of vim - au! - au BufReadPre *.bin let &bin=1 - au BufReadPost *.bin if &bin | %!xxd - au BufReadPost *.bin set ft=xxd | endif - au BufWritePre *.bin if &bin | %!xxd -r - au BufWritePre *.bin endif - au BufWritePost *.bin if &bin | %!xxd - au BufWritePost *.bin set nomod | endif -augroup END - -" Encoding -set encoding=utf-8 -set fileencoding=utf-8 -set fileencodings=utf-8 -set bomb -set binary - -" Fix backspace indent -set backspace=indent,eol,start - -" Tabs. May be overriten by autocmd rules -set tabstop=4 -set softtabstop=0 -set shiftwidth=4 -set expandtab - -" Map leader to , -let mapleader=',' - -" Required for operations modifying multiple buffers like rename. -set hidden - -" Searching -set hlsearch -set incsearch -set ignorecase -set smartcase - -" Directories for swp files -set nobackup -set noswapfile - -set fileformats=unix,dos,mac - -" File overview -set wildmode=list:longest,list:full -set wildignore+=*.o,*.obj,.git,*.rbc,*.pyc,__pycache__ - -" Shell to emulate -if exists('$SHELL') - set shell=$SHELL -else - set shell=/bin/bash -endif - -" Set color scheme -colorscheme molokai - -"Show always Status bar -set laststatus=2 - -" Use modeline overrides -set modeline -set modelines=10 - -" Set terminal title -set title -set titleold="Terminal" -set titlestring=%F - -" search will center on the line it's found in. -nnoremap n nzzzv -nnoremap N Nzzzv - - - -"***************************************************************************** -"" Abbreviations -"***************************************************************************** -" no one is really happy until you have this shortcuts -cnoreabbrev W! w! -cnoreabbrev Q! q! -cnoreabbrev Qall! qall! -cnoreabbrev Wq wq -cnoreabbrev Wa wa -cnoreabbrev wQ wq -cnoreabbrev WQ wq -cnoreabbrev W w -cnoreabbrev Q q -cnoreabbrev Qall qall - -" NERDTree configuration -let g:NERDTreeChDirMode=2 -let g:NERDTreeIgnore=['\.rbc$', '\~$', '\.pyc$', '\.db$', '\.sqlite$', '__pycache__'] -let g:NERDTreeSortOrder=['^__\.py$', '\/$', '*', '\.swp$', '\.bak$', '\~$'] -let g:NERDTreeShowBookmarks=1 -let g:nerdtree_tabs_focus_on_files=1 -let g:NERDTreeMapOpenInTabSilent = '<RightMouse>' -let g:NERDTreeWinSize = 50 -set wildignore+=*/tmp/*,*.so,*.swp,*.zip,*.pyc,*.db,*.sqlite -nnoremap <silent> <F1> :NERDTreeFind<CR> -nnoremap <silent> <F2> :NERDTreeToggle<CR> - - -" open terminal emulation -nnoremap <silent> <leader>sh :terminal<CR>:startinsert<CR> - -"***************************************************************************** -"" Autocmd Rules -"***************************************************************************** -"" The PC is fast enough, do syntax highlight syncing from start unless 200 lines -augroup vimrc-sync-fromstart - autocmd! - autocmd BufEnter * :syntax sync maxlines=200 -augroup END - -" Nasm filetype -augroup nasm - autocmd! - autocmd BufRead,BufNewFile *.nasm set ft=nasm -augroup END - -" Binary filetype -augroup Binary - au! - au BufReadPre *.bin,*.exe,*.elf let &bin=1 - au BufReadPost *.bin,*.exe,*.elf if &bin | %!xxd - au BufReadPost *.bin,*.exe,*.elf set ft=xxd | endif - au BufWritePre *.bin,*.exe,*.elf if &bin | %!xxd -r - au BufWritePre *.bin,*.exe,*.elf endif - au BufWritePost *.bin,*.exe,*.elf if &bin | %!xxd - au BufWritePost *.bin,*.exe,*.elf set nomod | endif -augroup END - -" Binary filetype -augroup fasm - au! - au BufReadPost *.fasm set ft=fasm -augroup END - -augroup deoplete-update - autocmd! - autocmd VimEnter * UpdateRemotePlugin -augroup END - - - -"" Remember cursor position -augroup vimrc-remember-cursor-position - autocmd! - autocmd BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g`\"" | endif -augroup END - -"" txt -" augroup vimrc-wrapping -" autocmd! -" autocmd BufRead,BufNewFile *.txt call s:setupWrapping() -" augroup END - -"" make/cmake -augroup vimrc-make-cmake - autocmd! - autocmd FileType make setlocal noexpandtab - autocmd BufNewFile,BufRead CMakeLists.txt setlocal filetype=cmake -augroup END - -set autoread - -"***************************************************************************** -"" Mappings -"***************************************************************************** - -" Split -noremap <Leader>h :<C-u>split<CR> -noremap <Leader>v :<C-u>vsplit<CR> - -" Git -noremap <Leader>ga :Gwrite<CR> -noremap <Leader>gc :Gcommit<CR> -noremap <Leader>gsh :Gpush<CR> -noremap <Leader>gll :Gpull<CR> -noremap <Leader>gs :Gstatus<CR> -noremap <Leader>gb :Gblame<CR> -noremap <Leader>gd :Gvdiff<CR> -noremap <Leader>gr :Gremove<CR> - -" Tabs -nnoremap <Tab> gt -nnoremap <S-Tab> gT -nnoremap <silent> <S-t> :tabnew<CR> - -" Set working directory -nnoremap <leader>. :lcd %:p:h<CR> - -" Opens an edit command with the path of the currently edited file filled in -noremap <Leader>e :e <C-R>=expand("%:p:h") . "/" <CR> - -" Opens a tab edit command with the path of the currently edited file filled -noremap <Leader>te :tabe <C-R>=expand("%:p:h") . "/" <CR> - -" Tagbar -nmap <silent> <F3> :TagbarToggle<CR> -let g:tagbar_autofocus = 1 - -" Copy/Paste/Cut -set clipboard^=unnamed,unnamedplus - -noremap YY "+y<CR> -noremap <leader>p "+gP<CR> -noremap XX "+x<CR> - -" Enable mouse for vim -set mouse=a - -" Buffer nav -noremap <leader>z :bp<CR> -noremap <leader>q :bp<CR> -noremap <leader>x :bn<CR> -noremap <leader>w :bn<CR> - -" Close buffer -noremap <leader>c :bd<CR> - -" Clean search (highlight) -nnoremap <silent> <leader><space> :noh<cr> - -" Switching windows -noremap <C-j> <C-w>j -noremap <C-k> <C-w>k -noremap <C-l> <C-w>l -noremap <C-h> <C-w>h - -" Vmap for maintain Visual Mode after shifting > and < -vmap < <gv -vmap > >gv - -" Move visual block -vnoremap J :m '>+1<CR>gv=gv -vnoremap K :m '<-2<CR>gv=gv - -" Open current line on GitHub -nnoremap <Leader>o :.Gbrowse<CR> - - -" Save on strg+s if not in paste mode -nmap <c-s> :w<CR> -vmap <c-s> <Esc><c-s>gv -imap <c-s> <Esc><c-s> - -" Quit on strg+q in normal mode -nnoremap <c-q> :q<cr> - -" Strg+d to replace word under cursor -nnoremap <c-d> :%s/\<<C-r><C-w>\>//g<Left><Left> - -" Strg+f ro find word under cursor -nnoremap <c-f> :/<C-r><C-w><Left><Left> - -" Remove unneccessary spaces -nnoremap <silent> <F8> :let _s=@/ <Bar> :%s/\s\+$//e <Bar> :let @/=_s <Bar> :nohl <Bar> :unlet _s <CR> - -" undotree -nnoremap <F5> :UndotreeToggle<CR> - -" Reindent whole file with F6 -map <F6> mzgg=G`z - -nnoremap <F9> :set invpaste paste?<CR> -set pastetoggle=<F2> -set showmode - -" save on focus lost -au FocusLost * :wa - -" Toggle location list -nmap <silent> <F4> :call ToggleList("Quickfix List", 'c')<CR> - -" Replacing text in visual mode doesn't copy it anymore -xmap p <Plug>ReplaceWithRegisterVisual -xmap <MiddleMouse> <Plug>ReplaceWithRegisterVisual - -"" Opens an edit command with the path of the currently edited file filled in -noremap <Leader>e :e <C-R>=expand("%:p:h") . "/" <CR> - -" Use tab for navigatin in autocompletion window -inoremap <expr> <Tab> pumvisible() ? "\<C-n>" : "\<Tab>" -inoremap <expr> <S-Tab> pumvisible() ? "\<C-p>" : "\<S-Tab>" - -" ALE mappings -nmap <Leader>i <Plug>(ale_hover) -nmap <Leader>d <Plug>(ale_go_to_definition_in_tab) -nmap <Leader>rf <Plug>(ale_find_references) -nmap <silent><F7> <Plug>(ale_fix) - -"***************************************************************************** -"" Plugin settings -"***************************************************************************** - -" vim-airline -set statusline+=%{fugitive#statusline()} -let g:airline_theme = 'powerlineish' -let g:airline#extensions#syntastic#enabled = 1 -let g:airline#extensions#branch#enabled = 1 -let g:airline#extensions#tabline#enabled = 1 -let g:airline#extensions#tagbar#enabled = 1 -let g:airline_skip_empty_sections = 1 -let g:airline#extensions#ale#enabled = 1 - -" show indent lines -let g:indent_guides_enable_on_vim_startup = 1 -let g:indent_guides_auto_colors = 0 -hi IndentGuidesOdd ctermbg=235 -hi IndentGuidesEven ctermbg=235 -let g:indent_guides_guide_size = 1 -let g:indent_guides_start_level = 2 - -" Enable autocompletion -let g:deoplete#enable_at_startup = 1 -set completeopt=noinsert,menuone,noselect -let g:deoplete#sources = {} -let g:deoplete#sources._ = ['ale', 'file', 'omni', 'buffer'] - -" Ale no preview on hover -let g:ale_close_preview_on_insert = 0 -let g:ale_cursor_detail = 0 - -" Ale skip if file size over 2G -let g:ale_maximum_file_size = "2147483648" -let g:ale_set_quickfix = 1 - -" Ale language server -let g:ale_linters = { - \ 'python': ['pyls'], - \ 'cpp': ['ccls'], - \ 'c': ['gcc'], - \ 'xml': ['xmllint'], - \ 'rust': ['cargo'], - \ 'go': ['gofmt'], - \ } - -" ALE fixers -let g:ale_fixers = { '*': ['remove_trailing_lines', 'trim_whitespace'] } -let g:ale_fixers.python = ['black'] -let g:ale_fixers.go = ['gofmt'] -let g:ale_fixers.c = ['clang-format'] -let g:ale_fixers.cpp = ['clang-format'] -let g:ale_fixers.json = ['jq'] -let g:ale_fixers.xml = ['xmllint'] - -let g:ale_completion_enabled = 1 -let g:ale_sign_error = '⤫' -let g:ale_sign_warning = '⚠' -let g:ale_lint_on_insert_leave = 1 - -"***************************************************************************** -"" Shortcuts overview -"***************************************************************************** -" Shortcuts overview -" F1 --> Filetree find -" F2 --> Filetree toggle -" F3 --> Function overview -" F4 --> Toggle error bar - -" F5 --> undotree -" F6 --> Reindent whole file -" F7 --> Format and lint file -" F8 --> Remove trailing whitespaces -" F9 --> toggle paste -" ,i --> Information about function -" ,d --> Jump to definition -" ,r --> Rename in all occurences -" ,rf --> Find references of function/variable -" ,e --> Change current file -" ,te --> Open file in new tab -" u --> Undo -" strg+f --> Find current selected word -" strg+d --> Replace current selected word -" strg+s --> Save file -" strg+q --> Close current file -" space+, --> Stop highlighting words after search - diff --git a/makefu/2configs/editor/vim.nix b/makefu/2configs/editor/vim.nix deleted file mode 100644 index 305f26a04..000000000 --- a/makefu/2configs/editor/vim.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, pkgs, ... }: - -{ - - environment.systemPackages = [ - ((pkgs.vim_configurable).customize { - name = "vim"; - vimrcConfig.customRC = builtins.readFile ./vimrc; - vimrcConfig.packages.myVimPackage = with pkgs.vimPlugins; { start = [ - "undotree" - "YouCompleteMe" - #"UltiSnips" - # vim-nix handles indentation better but does not perform sanity - "vim-nix" - "vim-addon-nix" - "vim-better-whitespace" - ]; - }; - }) - ]; -} diff --git a/makefu/2configs/editor/vimrc b/makefu/2configs/editor/vimrc deleted file mode 100644 index d270effa2..000000000 --- a/makefu/2configs/editor/vimrc +++ /dev/null @@ -1,117 +0,0 @@ -set nocompatible -syntax on -set list -set listchars=tab:▸\ -"set list listchars=tab:>-,trail:.,extends:> - -filetype off -filetype plugin indent on - -colorscheme desert -set background=dark - -set number -set relativenumber -set mouse=a -set ignorecase -set incsearch -set wildignore=*.o,*.obj,*.bak,*.exe,*.os -set textwidth=79 -set shiftwidth=2 -set expandtab -set softtabstop=2 -set shiftround -set smarttab -set tabstop=2 -set et -set autoindent -set backspace=indent,eol,start - - -inoremap <F1> <ESC> -nnoremap <F1> <ESC> -vnoremap <F1> <ESC> - -nnoremap <F5> :UndotreeToggle<CR> -set undodir =~/.vim/undo -set undofile -"maximum number of changes that can be undone -set undolevels=1000000 -"maximum number lines to save for undo on a buffer reload -set undoreload=10000000 - -nnoremap <F2> :set invpaste paste?<CR> -set pastetoggle=<F2> -set showmode - -set showmatch -set matchtime=3 -set hlsearch - -autocmd ColorScheme * highlight ExtraWhitespace ctermbg=red guibg=red - -let g:better_whitespace_enabled=1 -let g:strip_whitespace_on_save=1 - - -" save on focus lost -au FocusLost * :wa - -autocmd BufRead *.json set filetype=json -au BufNewFile,BufRead *.mustache set syntax=mustache - -cnoremap SudoWrite w !sudo tee > /dev/null % - -" create Backup/tmp/undo dirs -set backupdir=~/.vim/backup -set directory=~/.vim/tmp - -function! InitBackupDir() - let l:parent = $HOME . '/.vim/' - let l:backup = l:parent . 'backup/' - let l:tmpdir = l:parent . 'tmp/' - let l:undodir= l:parent . 'undo/' - - - if !isdirectory(l:parent) - call mkdir(l:parent) - endif - if !isdirectory(l:backup) - call mkdir(l:backup) - endif - if !isdirectory(l:tmpdir) - call mkdir(l:tmpdir) - endif - if !isdirectory(l:undodir) - call mkdir(l:undodir) - endif -endfunction -call InitBackupDir() - -augroup Binary - " edit binaries in xxd-output, xxd is part of vim - au! - au BufReadPre *.bin let &bin=1 - au BufReadPost *.bin if &bin | %!xxd - au BufReadPost *.bin set ft=xxd | endif - au BufWritePre *.bin if &bin | %!xxd -r - au BufWritePre *.bin endif - au BufWritePost *.bin if &bin | %!xxd - au BufWritePost *.bin set nomod | endif -augroup END - - -" youcompleteme -let g:ycm_collect_identifiers_from_tags_files = 1 " Let YCM read tags from Ctags file -let g:ycm_use_ultisnips_completer = 1 " Default 1, just ensure -let g:ycm_seed_identifiers_with_syntax = 1 " Completion for programming language's keyword -let g:ycm_complete_in_comments = 1 " Completion in comments -let g:ycm_complete_in_strings = 1 " Completion in string - -" utilsnips -let g:UltiSnipsExpandTrigger = "<c-j>" -let g:UltiSnipsJumpForwardTrigger = "<c-j>" -let g:UltiSnipsJumpBackwardTrigger = "<c-p>" -let g:UltiSnipsListSnippets = "<c-k>" "List possible snippets based on current file - -hi MatchParen cterm=none ctermbg=green ctermfg=blue diff --git a/makefu/2configs/elchos/irc-token.nix b/makefu/2configs/elchos/irc-token.nix deleted file mode 100644 index 4844bf29f..000000000 --- a/makefu/2configs/elchos/irc-token.nix +++ /dev/null @@ -1,77 +0,0 @@ -{pkgs, ...}: -with import <stockholm/lib>; -let - secret = (import <secrets/elchos-token.nix>); -in { - systemd.services.elchos-irctoken2 = { - startAt = "*:0/5"; - serviceConfig = { - RuntimeMaxSec = "20"; - }; - script = '' - set -euf - now=$(date -u +%Y-%m-%dT%H:%M) - sleep 5 - sec=$(cat /tmp/irc-secret) - message="The current secret is $sec" - echo "$message" - LOGNAME=sec-announcer - HOSTNAME=$(${pkgs.systemd}/bin/hostnamectl --transient) - IRC_SERVER=irc.hackint.org - IRC_PORT=6667 - IRC_NICK=$HOSTNAME-$$ - IRC_CHANNEL='#eloop' - - export IRC_CHANNEL # for privmsg_cat - - echo2() { echo "$*"; echo "$*" >&2; } - - privmsg_cat() { ${pkgs.gawk}/bin/awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; } - - tmpdir="$(mktemp -d irc-announce_XXXXXXXX)" - cd "$tmpdir" - mkfifo ircin - trap " - rm ircin - cd '$OLDPWD' - rmdir '$tmpdir' - trap - EXIT INT QUIT - " EXIT INT QUIT - - { - echo2 "USER $LOGNAME 0 * :$LOGNAME@$HOSTNAME" - echo2 "NICK $IRC_NICK" - - # wait for MODE message - ${pkgs.gnused}/bin/sed -un '/^:[^ ]* MODE /q' - - echo2 "JOIN $IRC_CHANNEL" - - printf '%s' "$message" \ - | privmsg_cat - - echo2 "PART $IRC_CHANNEL" - - # wait for PART confirmation - sed -un '/:'"$IRC_NICK"'![^ ]* PART /q' - - echo2 'QUIT :Gone to have lunch' - } < ircin \ - | ${pkgs.netcat}/bin/netcat "$IRC_SERVER" "$IRC_PORT" |tee -a ircin - ''; - }; - systemd.services.elchos-create-token = { - startAt = "*:0/30"; - serviceConfig = { - RuntimeMaxSec = "20"; - }; - script = '' - set -euf - now=$(date -u +%Y-%m-%dT%H:%M) - sec=$(echo -n "${secret}$now" | md5sum | cut -d\ -f1) - message="The secret valid for 30 minutes is $sec" - echo -n "$sec" > /tmp/irc-secret - echo "token for $now (UTC) is $sec" - ''; - }; -} diff --git a/makefu/2configs/elchos/log.nix b/makefu/2configs/elchos/log.nix deleted file mode 100644 index 50b40816b..000000000 --- a/makefu/2configs/elchos/log.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ config, lib, pkgs, ... }: - -let -in { - networking.firewall.allowedTCPPorts = [ 80 443 514 ]; - networking.firewall.allowedUDPPorts = [ 80 443 514 ]; - services.logstash = { - enable = true; - enableWeb = true; - inputConfig = '' - syslog { - timezone => "Etc/UTC" - } - ''; - filterConfig = '' - if ( [program] == "proftpd") { - kv { - field_split => " " - } - } - ''; - outputConfig = '' - #stdout { - # codec => rubydebug - #} - elasticsearch { } - ''; - }; - services.elasticsearch = { - enable = true; - }; - services.kibana = { - enable = true; - port = 9332; - }; - services.nginx = { - virtualHosts = { - "log.nsupdate.info" = { - enableACME = true; - forceSSL = true; - basicAuth = import <secrets/kibana-auth.nix>; - locations = { - "/" = { - proxyPass = "http://localhost:9332"; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - ''; - }; - }; - }; - }; - }; -} diff --git a/makefu/2configs/elchos/search.nix b/makefu/2configs/elchos/search.nix deleted file mode 100644 index e7b91e6a8..000000000 --- a/makefu/2configs/elchos/search.nix +++ /dev/null @@ -1,121 +0,0 @@ -{ config, lib, pkgs, ... }: - -# search also generates ddclient entries for all other logs - -with import <stockholm/lib>; -let - #primary-itf = "eth0"; - #primary-itf = "wlp2s0"; - primary-itf = config.makefu.server.primary-itf; - elch-sock = "${config.services.uwsgi.runDir}/uwsgi-elch.sock"; - ddclientUser = "ddclient"; - sec = toString <secrets>; - nsupdate = import "${sec}/nsupdate-search.nix"; - stateDir = "/var/spool/ddclient"; - cfg = "${stateDir}/cfg"; - ddclientPIDFile = "${stateDir}/ddclient.pid"; - - # TODO: correct cert generation requires a `real` internet ip address - - gen-cfg = dict: '' - ssl=yes - cache=${stateDir}/ddclient.cache - pid=${ddclientPIDFile} - ${concatStringsSep "\n" (mapAttrsToList (user: pass: '' - - protocol=dyndns2 - use=if, if=${primary-itf} - ssl=yes - server=ipv4.nsupdate.info - login=${user} - password='${pass}' - ${user} - - protocol=dyndns2 - usev6=if, if=${primary-itf} - ssl=yes - server=ipv6.nsupdate.info - login=${user} - password='${pass}' - ${user} - '') dict)} - ''; - -in { - users.extraUsers = singleton { - name = ddclientUser; - uid = genid "ddclient"; - description = "ddclient daemon user"; - home = stateDir; - createHome = true; - }; - services.redis.enable = mkForce true; - services.redis.bind = "127.0.0.1"; - - services.uwsgi = { - enable = true; - user = "nginx"; - plugins = [ "python3" ]; - instance = { - type = "emperor"; - vassals = { - elchhub = { - type = "normal"; - pythonPackages = self: with self; [ pkgs.elchhub ]; - socket = elch-sock; - }; - }; - }; - }; - - services.nginx = { - enable = mkDefault true; - virtualHosts = { - "search.nsupdate.info" = { - enableACME = true; - forceSSL = true; - locations = { - "/".extraConfig = '' - uwsgi_pass unix://${elch-sock}; - uwsgi_param UWSGI_CHDIR ${pkgs.elchhub}/${pkgs.python3.sitePackages}; - uwsgi_param UWSGI_MODULE elchhub.wsgi; - uwsgi_param UWSGI_CALLABLE app; - - include ${pkgs.nginx}/conf/uwsgi_params; - ''; - }; - }; - }; - }; - - systemd.services = { - redis.serviceConfig.LimitNOFILE=10032; - elchos-ftp-scanner = { - wantedBy = [ "multi-user.target" ]; - after = [ "ip-up.target" ]; - serviceConfig = { - User = "nginx"; - ExecStart = "${pkgs.elchhub}/bin/elch-manager"; - }; - }; - ddclient-nsupdate-elchos = { - wantedBy = [ "multi-user.target" ]; - after = [ "ip-up.target" ]; - serviceConfig = { - Type = "forking"; - User = ddclientUser; - PIDFile = ddclientPIDFile; - ExecStartPre = pkgs.writeDash "init-nsupdate" '' - cp -vf ${pkgs.writeText "ddclient-config" (gen-cfg nsupdate)} ${cfg} - chmod 700 ${cfg} - ''; - ExecStart = "${pkgs.ddclient}/bin/ddclient -verbose -daemon 1 -noquiet -file ${cfg}"; - }; - }; - }; - - networking.firewall = { - allowedTCPPorts = [ 80 443 ]; - allowedUDPPorts = [ ]; - }; -} diff --git a/makefu/2configs/elchos/stats.nix b/makefu/2configs/elchos/stats.nix deleted file mode 100644 index 2036b391f..000000000 --- a/makefu/2configs/elchos/stats.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ config, lib, pkgs, ... }: - -# requires nsupdate to get correct hostname (from ./search.nix) -# graphite-web on port 8080 -# carbon cache on port 2003 (tcp/udp) - -with import <stockholm/lib>; -{ - - networking.firewall = { - allowedTCPPorts = [ 2003 80 443 18080 ]; - allowedUDPPorts = [ 2003 ]; - }; - - services.nginx = { - enable = mkDefault true; - virtualHosts = { - "stats.nsupdate.info" = { - enableACME = true; - forceSSL = true; - - locations = { - "/" = { - proxyPass = "http://localhost:3000/"; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - ''; - }; - }; - }; - }; - }; - - services.grafana = { - enable = true; - addr = "127.0.0.1"; - users.allowSignUp = false; - users.allowOrgCreate = false; - users.autoAssignOrg = false; - auth.anonymous.enable = true; - security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""} - }; - - services.graphite = { - api = { - enable = true; - # package = pkgs.graphiteApi; - #listenAddress = "127.0.0.1"; - listenAddress = "0.0.0.0"; - port = 18080; - }; - carbon = { - enableCache = true; - # save disk usage by restricting to 1 bulk update per second - config = '' - [cache] - MAX_CACHE_SIZE = inf - MAX_UPDATES_PER_SECOND = 3 - MAX_CREATES_PER_MINUTE = 5000 - LOG_UPDATES = False - LOG_CACHE_HITS = False - LOG_CACHE_QUEUE_SORTS = False - ''; - storageSchemas = '' - [carbon] - pattern = ^carbon\. - retentions = 60:90d - - [elchos] - patterhn = ^elchos\. - retentions = 10s:30d,60s:3y - - - [default] - pattern = ^krebs\. - retentions = 1s:30d,30s:3m,300s:1y - [default] - pattern = .* - retentions = 30s:30d,300s:1y - ''; - }; - }; - -} diff --git a/makefu/2configs/elchos/test/ftpservers.nix b/makefu/2configs/elchos/test/ftpservers.nix deleted file mode 100644 index bc7517209..000000000 --- a/makefu/2configs/elchos/test/ftpservers.nix +++ /dev/null @@ -1,7 +0,0 @@ -{...}: -{ - services.vsftpd.anonymousUser = true; - services.vsftpd.enable = true; - services.vsftpd.chrootlocalUser = true; - networking.firewall.allowedTCPPorts = [ 21 ]; -} diff --git a/makefu/2configs/exim-retiolum.nix b/makefu/2configs/exim-retiolum.nix deleted file mode 100644 index 1f433ab44..000000000 --- a/makefu/2configs/exim-retiolum.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -{ - networking.firewall.allowedTCPPorts = [ 25 ]; - - krebs.exim-retiolum.enable = true; - krebs.exim-retiolum.rspamd.enable = true; - environment.systemPackages = with pkgs; [ - msmtp - ]; -} diff --git a/makefu/2configs/extra-fonts.nix b/makefu/2configs/extra-fonts.nix deleted file mode 100644 index 25ca7a33a..000000000 --- a/makefu/2configs/extra-fonts.nix +++ /dev/null @@ -1,14 +0,0 @@ - { pkgs, ... }: - { - fonts = { - fontDir.enable = true; - enableGhostscriptFonts = true; - fonts = with pkgs; [ - inconsolata # monospaced - ubuntu_font_family # Ubuntu fonts - unifont # some international languages - dejavu_fonts - terminus_font - ]; - }; - } diff --git a/makefu/2configs/fetchWallpaper.nix b/makefu/2configs/fetchWallpaper.nix deleted file mode 100644 index f63417e8f..000000000 --- a/makefu/2configs/fetchWallpaper.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, pkgs, ... }: - -{ - krebs.fetchWallpaper = { - enable = true; - display = ":0.0"; - unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; - timerConfig = { - OnCalendar = "*:0/30"; - }; - url = "http://prism.r/realwallpaper-krebs.png"; - }; - -} - diff --git a/makefu/2configs/filepimp-share.nix b/makefu/2configs/filepimp-share.nix deleted file mode 100644 index 850d432f3..000000000 --- a/makefu/2configs/filepimp-share.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let - hostname = config.krebs.build.host.name; -in { - users.users.smbguest = { - name = "smbguest"; - uid = config.ids.uids.smbguest; # effectively systemUser - description = "smb guest user"; - home = "/var/empty"; - group = "share"; - }; - users.groups.share = {}; - services.samba = { - enable = true; - shares = { - media = { - path = "/media/"; - "read only" = "no"; - browseable = "yes"; - "guest ok" = "yes"; - }; - }; - extraConfig = '' - guest account = smbguest - map to guest = bad user - # disable printing - load printers = no - printing = bsd - printcap name = /dev/null - disable spoolss = yes - ''; - }; -} diff --git a/makefu/2configs/fs/CAC-CentOS-7-64bit.nix b/makefu/2configs/fs/CAC-CentOS-7-64bit.nix deleted file mode 100644 index c9eb97f44..000000000 --- a/makefu/2configs/fs/CAC-CentOS-7-64bit.nix +++ /dev/null @@ -1,20 +0,0 @@ -_: - -{ - boot.loader.grub = { - device = "/dev/sda"; - }; - fileSystems = { - "/" = { - device = "/dev/centos/root"; - fsType = "xfs"; - }; - "/boot" = { - device = "/dev/sda1"; - fsType = "xfs"; - }; - }; - swapDevices = [ - { device = "/dev/centos/swap"; } - ]; -} diff --git a/makefu/2configs/fs/cac-boot-partition.nix b/makefu/2configs/fs/cac-boot-partition.nix deleted file mode 100644 index 14480bc4a..000000000 --- a/makefu/2configs/fs/cac-boot-partition.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, lib, pkgs, ... }: - -# vda1 ext4 (label nixos) -> only root partition -{ - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/sda"; - - fileSystems."/" = { - device = "/dev/disk/by-label/nixos"; - fsType = "ext4"; - }; - fileSystems."/boot" = { - device = "/dev/disk/by-label/boot"; - fsType = "ext4"; - }; - - hardware.enableRedistributableFirmware = true; - nixpkgs.config.allowUnfree = true; -} diff --git a/makefu/2configs/fs/sda-crypto-root-home.nix b/makefu/2configs/fs/sda-crypto-root-home.nix deleted file mode 100644 index 4f0cf8c6b..000000000 --- a/makefu/2configs/fs/sda-crypto-root-home.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ config, lib, pkgs, ... }: - -# ssd # -# sda: bootloader grub2 -# sda1: boot ext4 (label nixboot) -# sda2: cryptoluks -> -# lvm: -# / (main-root) -# /home (main-home) - -# clean the boot sector: -# dd if=/dev/zero of=/dev/sda count=2048 -# Installation Instruction on ISO: -# fdisk /dev/sda - # boot 500M - # rest rest -# cryptsetup luksFormat /dev/sda2 -# mkfs.ext4 -L nixboot /dev/sda1 -# cryptsetup luksOpen /dev/sda2 cryptoluks -# pvcreate /dev/mapper/cryptoluks -# vgcreate main /dev/mapper/cryptoluks -# lvcreate -L 200Gib main -n root -# lvcreate -L 800Gib main -n home -# mkfs.ext4 /dev/main/root -# mkfs.ext4 /dev/main/home -# mount /dev/mapper/main-root /mnt -# mkdir -p /mnt/{boot,home,var/src} /var/src -# mount /dev/sda1 /mnt/boot -# mount /dev/mapper/main-home /mnt/home -# touch /mnt/var/src/.populate -# mount -o bind /mnt/var/src /var/src -# nix-channel --add https://nixos.org/channels/nixos-19.03 nixpkgs && # nix-channel --update -# nix-env -iA nixpkgs.gitMinimal -# (on deploy-host) $(nix-build ~/stockholm/makefu/krops.nix --no-out-link --argstr name x --argstr target 10.42.22.91 -A deploy --show-trace) -# NIXOS_CONFIG=/var/src/nixos-config nixos-install -I /var/src --no-root-passwd --no-channel-copy -{ - - imports = [ - ./sda-crypto-root.nix # configures crypto + boot - ]; - fileSystems = { - "/".device = lib.mkForce "/dev/mapper/main-root"; - "/home" = { - device = "/dev/mapper/main-home"; - fsType = "ext4"; - options = [ "defaults" "discard" ]; - }; - }; -} diff --git a/makefu/2configs/fs/sda-crypto-root.nix b/makefu/2configs/fs/sda-crypto-root.nix deleted file mode 100644 index 54ee9f9e5..000000000 --- a/makefu/2configs/fs/sda-crypto-root.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ config, lib, pkgs, ... }: - -# sda: bootloader grub2 -# sda1: boot ext4 (label nixboot) - must be unlocked on boot if required: - # boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; -# sda2: cryptoluks -> ext4 - -# fdisk /dev/sda - # boot 500M - # rest rest -# cryptsetup luksFormat /dev/sda2 -# mkfs.ext4 -L nixboot /dev/sda1 -{ - boot = { - loader.grub.enable = true; - loader.grub.version = 2; - loader.grub.device = lib.mkDefault "/dev/sda"; - - #initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = ["cbc" "hmac" "sha256" "rng" "aes" "encrypted_keys" "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - }; - fileSystems = { - "/" = { - device = "/dev/mapper/luksroot"; - fsType = "ext4"; - options = [ "defaults" "discard" ]; - }; - "/boot" = { - device = "/dev/disk/by-label/nixboot"; - fsType = "ext4"; - options = [ "defaults" "discard" ]; - }; - }; -} diff --git a/makefu/2configs/fs/simple-swap.nix b/makefu/2configs/fs/simple-swap.nix deleted file mode 100644 index 8c161b287..000000000 --- a/makefu/2configs/fs/simple-swap.nix +++ /dev/null @@ -1,11 +0,0 @@ -_: -{ - # do not swap that often - boot.kernel.sysctl = { - "vm.swappiness" = 25; - }; - - swapDevices = [ - { device = "/dev/disk/by-label/swap"; } - ]; -} diff --git a/makefu/2configs/fs/single-partition-ext4.nix b/makefu/2configs/fs/single-partition-ext4.nix deleted file mode 100644 index 1655556a5..000000000 --- a/makefu/2configs/fs/single-partition-ext4.nix +++ /dev/null @@ -1,12 +0,0 @@ -{config, ...}: -{ - # fdisk /dev/sda - # mkfs.ext4 -L nixos /dev/sda1 - boot.loader.grub.enable = assert config.boot.loader.grub.device != ""; true; - boot.loader.grub.version = 2; - - fileSystems."/" = { - device = "/dev/disk/by-label/nixos"; - fsType = "ext4"; - }; -} diff --git a/makefu/2configs/fs/vm-single-partition.nix b/makefu/2configs/fs/vm-single-partition.nix deleted file mode 100644 index 26908c357..000000000 --- a/makefu/2configs/fs/vm-single-partition.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, lib, pkgs, ... }: - -# vda1 ext4 (label nixos) -> only root partition -with import <stockholm/lib>; -{ - imports = [ - ./single-partition-ext4.nix - ]; - boot.loader.grub.device = "/dev/vda"; - -} diff --git a/makefu/2configs/git/brain-retiolum.nix b/makefu/2configs/git/brain-retiolum.nix deleted file mode 100644 index 3be3fccef..000000000 --- a/makefu/2configs/git/brain-retiolum.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ config, lib, pkgs, ... }: -# TODO: remove tv lib :) -with import <stockholm/lib>; -let - - repos = krebs-repos; - rules = concatMap krebs-rules (attrValues krebs-repos); - - krebs-repos = mapAttrs make-krebs-repo { - brain = { }; - krebs-secrets = { }; - }; - - - make-krebs-repo = with git; name: { cgit ? {}, ... }: { - inherit cgit name; - public = false; - hooks = { - post-receive = pkgs.git-hooks.irc-announce { - nick = config.networking.hostName; - verbose = true; - channel = "#xxx"; - # TODO remove the hardcoded hostname - server = "irc.r"; - }; - }; - }; - - - - # TODO: get the list of all krebsministers - krebsminister = with config.krebs.users; [ lass tv ]; - krebs-rules = repo: - set-owners repo [ config.krebs.users.makefu ] ++ set-ro-access repo krebsminister; - - set-ro-access = with git; repo: user: - singleton { - inherit user; - repo = [ repo ]; - perm = fetch; - }; - - set-owners = with git;repo: user: - singleton { - inherit user; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - }; - -in { - krebs.git = { - enable = true; - cgit = { - enable = false; - }; - inherit repos rules; - }; -} diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix deleted file mode 100644 index 114febe8b..000000000 --- a/makefu/2configs/git/cgit-retiolum.nix +++ /dev/null @@ -1,133 +0,0 @@ -{ config, lib, pkgs, ... }: -# TODO: remove tv lib :) -with import <stockholm/lib>; -let - - repos = pub-repos // priv-repos // krebs-repos // connector-repos // krebsroot-repos; - rules = concatMap krebs-rules (attrValues krebs-repos) - ++ concatMap priv-rules (attrValues pub-repos) - ++ concatMap priv-rules (attrValues priv-repos) - ++ concatMap connector-rules (attrValues connector-repos) - ++ concatMap krebsroot-rules (attrValues krebsroot-repos); - - krebsroot-repos = mapAttrs make-krebs-repo { - hydra-stockholm = { }; - }; - - pub-repos = mapAttrs make-pub-repo { - yacos-backend = { - cgit.desc = "Yet Another Check-Out System"; - }; - ebk-notify.cgit.desc = "Ebay Kleinanzeigen Notify"; - kalauerbot.cgit.desc = "Kalauer König"; - }; - - krebs-repos = mapAttrs make-krebs-repo { - stockholm = { - cgit.desc = "Make all the systems into 1systems!"; - }; - stockholm-issues = { - cgit.desc = "Issue tracker"; - }; - tinc_graphs = { - cgit.desc = "Tinc Advanced Graph Generation"; - }; - stockholm-init = { - cgit.desc = "Build new Stockholm hosts"; - }; - cac-api = { }; - oof = { }; - euer_blog = { }; - ampel = { }; - europastats = { }; - arafetch = { }; - disko = { }; - init-stockholm = { - cgit.desc = "Init stuff for stockholm"; - }; - }; - - priv-repos = mapAttrs make-priv-repo { - autosync = { }; - fenkins = { }; - pass = { }; - secrets = { }; - }; - - connector-repos = mapAttrs make-priv-repo { - connector = { }; - minikrebs = { }; - mattermost = { - cgit.desc = "Mattermost Docker files"; - }; - }; - - - # TODO move users to separate module - make-priv-repo = name: { ... }: { - inherit name; - public = false; - }; - - make-pub-repo = name: { ... }: { - inherit name; - public = true; - }; - - make-krebs-repo = with git; name: { cgit ? {}, ... }: { - inherit cgit name; - public = true; - hooks = { - post-receive = pkgs.git-hooks.irc-announce { - nick = config.networking.hostName; - verbose = config.krebs.build.host.name == "gum"; - channel = "#xxx"; - # TODO remove the hardcoded hostname - server = "irc.r"; - }; - }; - }; - - - - # TODO: get the list of all krebsministers - krebsminister = with config.krebs.users; [ lass tv ]; - all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp makefu-vbob makefu-tempx makefu-android ]; - all-exco = with config.krebs.users; [ exco ]; - - priv-rules = repo: set-owners repo all-makefu; - - connector-rules = repo: set-owners repo all-makefu ++ set-owners repo all-exco; - - krebs-rules = repo: - set-owners repo all-makefu ++ set-ro-access repo krebsminister; - - krebsroot-rules = repo: - set-owners repo (all-makefu ++ krebsminister); - - set-ro-access = with git; repo: user: - optional repo.public { - inherit user; - repo = [ repo ]; - perm = fetch; - }; - - set-owners = with git;repo: user: - singleton { - inherit user; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - }; - -in { - krebs.git = { - enable = true; - cgit = { - settings = { - root-title = "public repositories"; - root-desc = "keep on krebsing"; - }; - }; - inherit repos rules; - }; -} diff --git a/makefu/2configs/git/gitlab-runner-shackspace.nix b/makefu/2configs/git/gitlab-runner-shackspace.nix deleted file mode 100644 index a5a1247ba..000000000 --- a/makefu/2configs/git/gitlab-runner-shackspace.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ config, ... }: -let - url = "https://git.shackspace.de/"; - # generate token from CI-token via: - ## gitlab-runner register - token = import <secrets/shackspace-gitlab-ci-token.nix> ; -in { - virtualisation.docker.enable = true; - services.gitlab-runner = { - enable = true; - gracefulTimeout = "120min"; - # configFile = "/var/src/secrets/runner.toml"; - configOptions = { - concurrent = 2; - runners = [{ - name = "nix-krebs-1.11"; - inherit token url; - executor = "docker"; - builds_dir = ""; - docker = { - host = ""; - image = "nixos/nix:1.11"; - privileged = false; - disable_cache = false; - volumes = ["/cache"]; - shm_size = 0; - }; - cache = {}; - }]; - }; - }; -} diff --git a/makefu/2configs/graphite-standalone.nix b/makefu/2configs/graphite-standalone.nix deleted file mode 100644 index 51c4c9561..000000000 --- a/makefu/2configs/graphite-standalone.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ config, lib, pkgs, ... }: - -# graphite-web on port 8080 -# carbon cache on port 2003 (tcp/udp) -with import <stockholm/lib>; -{ - imports = [ ]; - - services.graphite = { - web = { - enable = true; - listenAddress = "0.0.0.0"; - }; - carbon = { - enableCache = true; - # save disk usage by restricting to 1 bulk update per second - config = '' - [cache] - MAX_CACHE_SIZE = inf - MAX_UPDATES_PER_SECOND = 1 - MAX_CREATES_PER_MINUTE = 50 - ''; - storageSchemas = '' - [carbon] - pattern = ^carbon\. - retentions = 60:90d - - [default] - pattern = .* - retentions = 60s:30d,300s:1y - ''; - }; - }; -} diff --git a/makefu/2configs/gui/automatic-diskmount.nix b/makefu/2configs/gui/automatic-diskmount.nix deleted file mode 100644 index ad3774be8..000000000 --- a/makefu/2configs/gui/automatic-diskmount.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ pkgs, ... }: -with import <stockholm/lib>; #genid -{ # auto-mounting via polkit - services.udisks2.enable = true; -## automount all disks: -# services.devmon.enable = true; -# services.gnome3.gvfs.enable = true; - users.groups.storage = { - gid = genid "storage"; - members = [ "makefu" ]; - }; - users.users.makefu.packages = with pkgs;[ - gvfs pcmanfm lxmenu-data - ]; - -## allow users in group "storage" to mount disk -# https://github.com/coldfix/udiskie/wiki/Permissions - security.polkit.extraConfig = - '' - polkit.addRule(function(action, subject) { - var YES = polkit.Result.YES; - var permission = { - "org.freedesktop.udisks.filesystem-mount": YES, - "org.freedesktop.udisks.luks-unlock": YES, - "org.freedesktop.udisks.drive-eject": YES, - "org.freedesktop.udisks.drive-detach": YES, - "org.freedesktop.udisks2.filesystem-mount": YES, - "org.freedesktop.udisks2.encrypted-unlock": YES, - "org.freedesktop.udisks2.eject-media": YES, - "org.freedesktop.udisks2.power-off-drive": YES, - "org.freedesktop.udisks2.filesystem-mount-other-seat": YES, - "org.freedesktop.udisks2.filesystem-unmount-others": YES, - "org.freedesktop.udisks2.encrypted-unlock-other-seat": YES, - "org.freedesktop.udisks2.eject-media-other-seat": YES, - "org.freedesktop.udisks2.power-off-drive-other-seat": YES - }; - if (subject.isInGroup("storage")) { - return permission[action.id]; - } - }); - ''; - -} diff --git a/makefu/2configs/gui/base.nix b/makefu/2configs/gui/base.nix deleted file mode 100644 index b1b7c9913..000000000 --- a/makefu/2configs/gui/base.nix +++ /dev/null @@ -1,95 +0,0 @@ -{ config, lib, pkgs, ... }: -## -# of course this name is a lie -# - it prepares a GUI environment close to my -# current configuration,specifically: -# -# * autologin with mainUser into awesome -# * audio -# * terminus font -# -# if this is not enough, check out main-laptop.nix - - -let - mainUser = config.krebs.build.user.name; -in -{ - imports = [ - ./urxvtd.nix - ./pipewire.nix - ./gnome.nix - ]; - - - # services.redshift.enable = true; - services.xserver = { - enable = true; - layout = "us"; - xkbVariant = "altgr-intl"; - xkbOptions = "ctrl:nocaps, eurosign:e"; - -# windowManager = { -# awesome.enable = true; -# awesome.noArgb = true; -# awesome.luaModules = [ pkgs.luaPackages.vicious ]; -# }; -# displayManager.defaultSession = lib.mkDefault "none+awesome"; - }; - environment.systemPackages = [ pkgs.gnome.adwaita-icon-theme ]; - # lid switch is handled via button presses - # services.logind.lidSwitch = lib.mkDefault "ignore"; - #makefu.awesome.enable = true; - console.font = "Lat2-Terminus16"; - - fonts = { - fontDir.enable = true; - enableGhostscriptFonts = true; - fonts = [ pkgs.terminus_font pkgs.corefonts ]; - }; - - users.users.${mainUser} = { - extraGroups = [ "pipewire" "audio" ]; - packages = with pkgs;[ - pavucontrol - xlockmore - rxvt_unicode-with-plugins - ]; - }; - - services.xserver.displayManager.sessionCommands = let - xdefaultsfile = pkgs.writeText "Xdefaults" '' - cat |derp <<EOF - XTerm*background: black - XTerm*foreground: white - XTerm*FaceName : xft:Terminus:pixelsize=12 - - URxvt*termName: rxvt - URxvt*saveLines: 10000 - URxvt*loginShell: false - URxvt.scrollBar : false - URxvt*scrollBar_right: false - URxvt*borderLess: false - URxvt.foreground: white - URxvt.background: black - URxvt.urgentOnBell: true - URxvt.visualBell: false - URxvt.font : xft:Terminus:size=12 - URxvt.perl-ext-common: default,-confirm-paste - - - ! blue - URxvt*color4: #268bd2 - - - URxvt.perl-ext: default,url-select - URxvt.keysym.M-u: perl:url-select:select_next - URxvt.url-select.launcher: firefox -new-tab - URxvt.url-select.underline: true - URxvt.searchable-scrollback: CM-s - ''; - in '' - cat ${xdefaultsfile} | xrdb -merge - ${pkgs.xorg.xhost}/bin/xhost +local: - ''; -} diff --git a/makefu/2configs/gui/gnome.nix b/makefu/2configs/gui/gnome.nix deleted file mode 100644 index 44ba2dd67..000000000 --- a/makefu/2configs/gui/gnome.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - mainUser = config.krebs.build.user.name; -in -{ - programs.gnome-terminal.enable = true; - services.xserver = { - desktopManager.gnome.enable = true; - displayManager.gdm.enable = true; - #displayManager.autoLogin = { - # enable = true; - # user = mainUser; - #}; - }; - programs.dconf.enable = true; - home-manager.users.${mainUser}.dconf = { - enable = true; - settings = { - "org/gnome/terminal/legacy" = { - mnemonics-enabled = false; - theme-variant = "dark"; - }; - "org/gnome/desktop/interface" = { - enable-animations = false; - enable-hot-corners = false; - show-battery-percentage = true; - }; - "org/gnome/desktop/peripherals/touchpad" = { - edge-scrolling-enabled = false; - natural-scroll = false; - send-events = "enabled"; - tap-to-click = true; - two-finger-scrolling-enabled = true; - }; - "org/gnome/desktop/session".idle-delay = 900; - "org/gnome/desktop/wm/keybindings" = { - close=["<Shift><Super>c"]; - minimize=["<Super>n"]; - move-to-workspace-1=["<Shift><Super>1"]; - move-to-workspace-2=["<Shift><Super>2"]; - move-to-workspace-3=["<Shift><Super>3"]; - move-to-workspace-4=["<Shift><Super>4"]; - panel-run-dialog=["<Super>r"]; - switch-to-workspace-1=["<Super>1"]; - switch-to-workspace-2=["<Super>2"]; - switch-to-workspace-3=["<Super>3"]; - switch-to-workspace-4=["<Super>4"]; - toggle-fullscreen=["<Super>f"]; - }; - "org/gnome/desktop/wm/preferences".num-workspaces = 4; - "org/gnome/settings-daemon/plugins/color".night-light-enabled = true; - "org/gnome/settings-daemon/plugins/media-keys" = { - custom-keybindings = [ "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"]; - }; - "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { - binding = "<Super>Return"; - command = "gnome-terminal"; - name = "terminal"; - }; - }; - }; -} diff --git a/makefu/2configs/gui/look-up.nix b/makefu/2configs/gui/look-up.nix deleted file mode 100644 index e04098cc2..000000000 --- a/makefu/2configs/gui/look-up.nix +++ /dev/null @@ -1,18 +0,0 @@ -{pkgs, config, ... }: -let - user = config.krebs.build.user.name; - window-manager = "awesome"; -in - { - systemd.services.look-up = { - startAt = "*:30"; - serviceConfig = { - ExecStart= pkgs.writeDash "look-up" '' - set -x - eval "export '$(egrep -z DBUS_SESSION_BUS_ADDRESS /proc/$(${pkgs.procps}/bin/pgrep -u ${user} ${window-manager})/environ)'" - ${pkgs.libnotify}/bin/notify-send -u critical -t 9999999 'look up once in a while' - ''; - User = user; - }; - }; -} diff --git a/makefu/2configs/gui/pipewire.nix b/makefu/2configs/gui/pipewire.nix deleted file mode 100644 index d52681551..000000000 --- a/makefu/2configs/gui/pipewire.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, lib, pkgs, ... }: -# TODO test `alsactl init` after suspend to reinit mic -{ - security.rtkit.enable = true; - hardware.pulseaudio.enable = lib.mkForce false; - - environment.systemPackages = with pkgs; [ - alsaUtils - pulseaudio - ponymix - ]; - - services.pipewire = { - enable = true; - # systemWide = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - }; -} diff --git a/makefu/2configs/gui/snake-kiosk.nix b/makefu/2configs/gui/snake-kiosk.nix deleted file mode 100644 index 838ac3a5c..000000000 --- a/makefu/2configs/gui/snake-kiosk.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ pkgs, lib, ... }: -{ - - imports = [ - ./base.nix - ]; - users.users.kiosk = { - # packages = [ pkgs.chromium pkgs.vscode ]; - group = "kiosk"; - isNormalUser = true; - uid = 1003; - extraGroups = [ "wheel" "audio" "pulse" "pipewire" ]; - }; - users.groups.kiosk.gid = 989 ; - services.xserver = { - enable = true; - - windowManager = lib.mkForce { awesome.enable = false; }; - displayManager.gdm.enable = true; - displayManager.gdm.autoSuspend = false; - displayManager.autoLogin = { - enable = true; - user = lib.mkForce "kiosk"; - }; - displayManager.defaultSession = "gnome"; - desktopManager.gnome.enable = true; - }; - - systemd.targets.sleep.enable = false; - systemd.targets.suspend.enable = false; - systemd.targets.hibernate.enable = false; - systemd.targets.hybrid-sleep.enable = false; - - - - environment.systemPackages = [ pkgs.gnomeExtensions.appindicator ]; - services.dbus.packages = with pkgs; [ gnome2.GConf gnome3.gnome-settings-daemon ]; - - services.pipewire.systemWide = lib.mkForce false; - services.pipewire.config.pipewire-pulse = { - "pulse.properties"."server.address" = [ "unix:native" "tcp:4713" ]; - }; - -} diff --git a/makefu/2configs/gui/studio-virtual.nix b/makefu/2configs/gui/studio-virtual.nix deleted file mode 100644 index 272060c2c..000000000 --- a/makefu/2configs/gui/studio-virtual.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, lib, ... }: -let - user = config.makefu.gui.user; -in -{ - imports = [ - <nixpkgs/nixos/modules/services/x11/terminal-server.nix> - ]; - services.xserver.displayManager.sddm.enable = lib.mkForce false; - services.xserver.desktopManager = { - default = "plasma5"; - plasma5.enable = true; - }; - - services.xserver.layout = "us"; - services.xserver.xkbVariant = "altgr-intl"; - services.xserver.xkbOptions = "ctrl:nocaps"; - -} diff --git a/makefu/2configs/gui/studio.nix b/makefu/2configs/gui/studio.nix deleted file mode 100644 index 08157fda4..000000000 --- a/makefu/2configs/gui/studio.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, lib, ... }: -let - user = config.makefu.gui.user; -in -{ - services.xserver.enable = true; - services.xserver.displayManager.sddm = { - enable = true; - autoLogin.enable = true; - autoLogin.user = user; - }; - # services.xserver.windowMananger.default = "plasma5"; - services.xserver.desktopManager = { - default = "plasma5"; - plasma5.enable = true; - }; - - services.xserver.layout = "us"; - services.xserver.xkbVariant = "altgr-intl"; - services.xserver.xkbOptions = "ctrl:nocaps"; - -} diff --git a/makefu/2configs/gui/urxvtd.nix b/makefu/2configs/gui/urxvtd.nix deleted file mode 100644 index cb6c25840..000000000 --- a/makefu/2configs/gui/urxvtd.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, pkgs, ... }: - -let - mainUser = config.krebs.build.user.name; -in { - systemd.services.urxvtd = { - wantedBy = [ "multi-user.target" ]; - before = [ "graphical.target" ]; - reloadIfChanged = true; - serviceConfig = { - SyslogIdentifier = "urxvtd"; - ExecReload = "${pkgs.coreutils}/bin/echo NOP"; - ExecStart = "${pkgs.rxvt_unicode-with-plugins}/bin/urxvtd"; - Restart = "always"; - RestartSec = "2s"; - StartLimitBurst = 0; - User = mainUser; - }; - }; - # TODO: sessionCommands from base-gui related to urxvt in this file -} diff --git a/makefu/2configs/gui/wbob-kiosk.nix b/makefu/2configs/gui/wbob-kiosk.nix deleted file mode 100644 index 3a21bf213..000000000 --- a/makefu/2configs/gui/wbob-kiosk.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ pkgs, lib, ... }: -{ - - imports = [ - ./base.nix - ]; - users.users.kiosk = { - packages = with pkgs;[ chromium vscode spotify tartube-yt-dlp ]; - group = "kiosk"; - isNormalUser = true; - uid = 1003; - extraGroups = [ "wheel" "audio" "pulse" "pipewire" ]; - }; - users.groups.kiosk.gid = 989 ; - services.xserver = { - - windowManager = lib.mkForce { awesome.enable = false; }; - displayManager.gdm.enable = true; - displayManager.autoLogin = { - enable = true; - user = lib.mkForce "kiosk"; - }; - displayManager.defaultSession = "gnome"; - desktopManager.gnome.enable = true; - displayManager.sessionCommands = '' - ${pkgs.xorg.xset}/bin/xset -display :0 s off -dpms - ${pkgs.xorg.xrandr}/bin/xrandr --output HDMI2 --right-of HDMI1 - ''; - # xrandrHeads = [ "HDMI1" "HDMI2" ]; - # prevent screen from turning off, disable dpms - }; - - - environment.systemPackages = [ - pkgs.gnomeExtensions.appindicator pkgs.pavucontrol pkgs.jellyfin-media-player pkgs.chromium pkgs.firefox pkgs.kodi - pkgs.pavucontrol -]; - services.dbus.packages = with pkgs; [ gnome2.GConf gnome3.gnome-settings-daemon ]; - - systemd.services.xset-off = { - after = [ "display-manager.service" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - ExecStart = "${pkgs.xorg.xset}/bin/xset -display :0 s off -dpms"; - RemainAfterExit = "yes"; - TimeoutSec = "5s"; - RestartSec="5s"; - Restart = "on-failure"; - }; - }; - services.pipewire.systemWide = lib.mkForce false; - services.pipewire.config.pipewire-pulse = { - "pulse.properties"."server.address" = [ "unix:native" "tcp:4713" ]; - }; - -} diff --git a/makefu/2configs/gui/xpra.nix b/makefu/2configs/gui/xpra.nix deleted file mode 100644 index 2384acbaa..000000000 --- a/makefu/2configs/gui/xpra.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - services.xserver.displayManager.xpra.enable = true; -} diff --git a/makefu/2configs/headless.nix b/makefu/2configs/headless.nix deleted file mode 100644 index 772ca3771..000000000 --- a/makefu/2configs/headless.nix +++ /dev/null @@ -1,4 +0,0 @@ -{lib,... }: -{ - sound.enable = lib.mkForce false; -} diff --git a/makefu/2configs/home-manager/cli.nix b/makefu/2configs/home-manager/cli.nix deleted file mode 100644 index 38d02424c..000000000 --- a/makefu/2configs/home-manager/cli.nix +++ /dev/null @@ -1,12 +0,0 @@ -{pkgs, ... }: { - imports = [ ./zsh.nix ]; - home-manager.users.makefu = { - programs.direnv = { - enableZshIntegration = true; - }; - }; - services.udev.packages = [ - pkgs.libu2f-host - pkgs.yubikey-personalization - ]; -} diff --git a/makefu/2configs/home-manager/default.nix b/makefu/2configs/home-manager/default.nix deleted file mode 100644 index be8861100..000000000 --- a/makefu/2configs/home-manager/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - imports = [ - <home-manager/nixos> - ]; - home-manager.useUserPackages = true; - home-manager.useGlobalPkgs = true; - home-manager.users.makefu = { - home.stateVersion = "19.03"; - }; - environment.variables = { - GTK_DATA_PREFIX = "/run/current-system/sw"; - }; -} diff --git a/makefu/2configs/home-manager/desktop.nix b/makefu/2configs/home-manager/desktop.nix deleted file mode 100644 index cca15468c..000000000 --- a/makefu/2configs/home-manager/desktop.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ pkgs, lib, config, ... }: - -{ - - users.users.makefu.packages = with pkgs;[ bat direnv clipit ]; - home-manager.users.makefu = { - systemd.user.services.flameshot.Service.Environment = lib.mkForce [ - "IMGUR_CREATE_URL=https://p.krebsco.de/image" - "IMGUR_DELETE_URL=https://p.krebsco.de/image/delete/%%1" - "PATH=${config.home-manager.users.makefu.home.profileDirectory}/bin" - ]; - systemd.user.services.network-manager-applet.Service.Environment = ''XDG_DATA_DIRS=/run/current-system/sw/share:${pkgs.networkmanagerapplet}/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache''; - programs.browserpass = { browsers = [ "firefox" ] ; enable = true; }; - programs.firefox = { - enable = true; - }; - programs.obs-studio.enable = true; - xdg.enable = true; - services.network-manager-applet.enable = true; - services.blueman-applet.enable = true; - services.pasystray.enable = true; - services.flameshot.enable = true; - home.file.".config/Dharkael/flameshot.ini".text = '' - [General] - disabledTrayIcon=false - drawColor=@Variant(\0\0\0\x43\x1\xff\xff\0\0\0\0\xff\xff\0\0) - drawThickness=0 - filenamePattern=%F_%T_shot - ''; - - programs.chromium = { - enable = true; - extensions = [ - "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin - "dbepggeogbaibhgnhhndojpepiihcmeb" # vimium - # "liloimnbhkghhdhlamdjipkmadhpcjmn" # krebsgold - "fpnmgdkabkmnadcjpehmlllkndpkmiak" # wayback machine - "gcknhkkoolaabfmlnjonogaaifnjlfnp" # foxyproxy - "abkfbakhjpmblaafnpgjppbmioombali" # memex - "kjacjjdnoddnpbbcjilcajfhhbdhkpgk" # forest - ]; - }; - - systemd.user.services.clipit = { - Unit = { - Description = "clipboard manager"; - After = [ "graphical-session-pre.target" ]; - PartOf = [ "graphical-session.target" ]; - }; - - Install = { - WantedBy = [ "graphical-session.target" ]; - }; - - Service = { - Environment = ''XDG_DATA_DIRS=/run/current-system/sw/share:${pkgs.clipit}/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache''; - ExecStart = "${pkgs.clipit}/bin/clipit"; - Restart = "on-abort"; - }; - }; - programs.beets.enable = true; - }; -} diff --git a/makefu/2configs/home-manager/mail.nix b/makefu/2configs/home-manager/mail.nix deleted file mode 100644 index 3aa1814ca..000000000 --- a/makefu/2configs/home-manager/mail.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ pkgs, ... }: -{ - home-manager.users.makefu = { - home.packages= with pkgs;[ (pkgs.writers.writeDashBin "mailsync"'' - ${imapfilter}/bin/imapfilter -t /etc/ssl/certs/ca-bundle.crt \ - && ${isync}/bin/mbsync -a \ - && ${libnotify}/bin/notify-send -t 1000000 -u critical 'Mail sync finished' - - '' - )]; - programs.mbsync.enable = true; - accounts.email.maildirBasePath = "/home/makefu/Mail"; - accounts.email.certificatesFile = "/etc/ssl/certs/ca-certificates.crt"; - accounts.email.accounts.syntaxfehler = { - address = "felix.richter@syntax-fehler.de"; - userName = "Felix.Richter@syntax-fehler.de"; - imap = { - host = "syntax-fehler.de"; - tls = { - enable = true; - }; - }; - mbsync = { - enable = true; - create = "both"; - remove = "both"; - expunge = "both"; - patterns = [ "*" "!INBOX.Sent*"]; - }; - smtp = { - host = "syntax-fehler.de"; - tls = { - enable = true; - }; - }; - folders = { - sent = "Sent"; - trash = "Trash"; - inbox = "INBOX"; - drafts = "Drafts"; - }; - msmtp.enable = true; - notmuch.enable = true; - offlineimap = { - enable = true; - postSyncHookCommand = "notmuch new"; - extraConfig.remote = { - auth_mechanisms = "LOGIN"; - tls_level = "tls_secure"; - ssl_version = "tls1_2"; - holdconnectionopen = true; - idlefolders = "['INBOX']"; - }; - }; - primary = true; - realName = "Felix Richter"; - passwordCommand = "gpg --use-agent --quiet --batch -d /home/makefu/.gnupg/mail/syntax-fehler.gpg"; - }; - programs.offlineimap.enable = true; - programs.offlineimap.extraConfig = { - mbnames = { - filename = "~/.mutt/muttrc.mailboxes"; - header = "'mailboxes '"; - peritem = "'+%(accountname)s/%(foldername)s'"; - sep = "' '"; - footer = "'\\n'"; - }; - general = { - ui = "TTY.TTYUI"; - }; - }; - }; -} diff --git a/makefu/2configs/home-manager/recording.nix b/makefu/2configs/home-manager/recording.nix deleted file mode 100644 index 31ca77b2b..000000000 --- a/makefu/2configs/home-manager/recording.nix +++ /dev/null @@ -1,4 +0,0 @@ -{pkgs, ... }: -{ - home-manager.users.makefu.programs.obs-studio.enable = true; -} diff --git a/makefu/2configs/home-manager/taskwarrior.nix b/makefu/2configs/home-manager/taskwarrior.nix deleted file mode 100644 index 57ba1a08d..000000000 --- a/makefu/2configs/home-manager/taskwarrior.nix +++ /dev/null @@ -1,31 +0,0 @@ -{pkgs, ... }: -let - loc = "/home/makefu/.task"; -in { - state = [ "${loc}/keys" ]; - environment.shellAliases = { - tshack = "task tags:shack"; - tkrebs = "task tags:krebs"; - thome = "task tags:home"; - t = "task project: "; - }; - home-manager.users.makefu.programs.taskwarrior = { - enable = true; - dataLocation = loc; - config = { - default.command = "list"; - taskd = { - server = "gum:53589"; - certificate = "${loc}/keys/public.crt"; - key = "${loc}/keys/private.key"; - ca = "${loc}/keys/ca.crt"; - credentials = "home/makefu/0e6c8146-1ddb-4906-9369-8f77e34cdf84"; - }; - context = { - work = "tags:work"; - shack = "tags:shack"; - home = "tags:home"; - }; - }; - }; -} diff --git a/makefu/2configs/home-manager/zsh.nix b/makefu/2configs/home-manager/zsh.nix deleted file mode 100644 index c875d52c8..000000000 --- a/makefu/2configs/home-manager/zsh.nix +++ /dev/null @@ -1,111 +0,0 @@ -{ pkgs, ... }: -{ - programs = { - ssh.startAgent = false; - gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - }; - imports = [ - { - home-manager.users.makefu.home.packages = [ - (pkgs.writers.writeDashBin "privatefox" "exec firefox -P Privatefox") - ]; - } - { # bat - home-manager.users.makefu.home.packages = [ pkgs.bat ]; - home-manager.users.makefu.programs.zsh.shellAliases = { - cat = "bat --style=header,snip"; - mirage = "sxiv"; # only available when tools/extra-gui is in use - catn = "${pkgs.coreutils}/bin/cat"; - ncat = "${pkgs.coreutils}/bin/cat"; - }; - } - ]; - environment.pathsToLink = [ - "/share/zsh" - ]; - - nix.extraOptions = '' - keep-outputs = true - keep-derivations = true - ''; - - home-manager.users.makefu = { - - programs.direnv.enable = true; - programs.direnv.nix-direnv.enable = true; - programs.direnv.enableZshIntegration = true; - home.packages = [ (pkgs.writeDashBin "nixify" '' -test ! -e shell.nix && cat > shell.nix <<EOF -{ pkgs ? import <nixpkgs> {}}: - -pkgs.mkShell { - nativeBuildInputs = [ pkgs.hello ]; -} -EOF -echo "use nix" >> .envrc -direnv allow -'') - ]; - #home.packages = [ pkgs.direnv pkgs.nix-direnv ]; - - programs.fzf.enable = false; # alt-c - programs.zsh = { - enable = true; - enableAutosuggestions = false; - enableCompletion = true; - oh-my-zsh.enable = false; - history = { - size = 900001; - save = 900001; - ignoreDups = true; - ignoreSpace = true; - - extended = true; - share = true; - }; - sessionVariables = { - # TERM = "rxvt-unicode-256color"; - TERM = "xterm"; - LANG = "en_US.UTF8"; - LS_COLORS = ":di=1;31:"; - EDITOR = "vim"; - }; - shellAliases = { - lsl = "ls -lAtr"; - t = "task"; - xo = "mimeopen"; - nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml"; - }; - #zplug = { - # enable = true; - # plugins = [ - # { name = "denisidoro/navi" ; } - # { name = "zsh-users/zsh-autosuggestions" ; } - # ]; - #}; - initExtra = '' - bindkey -e - zle -N edit-command-line - # ctrl-x ctrl-e - bindkey '^xe' edit-command-line - bindkey '^x^e' edit-command-line - # shift-tab - bindkey '^[[Z' reverse-menu-complete - bindkey "\e[3~" delete-char - zstyle ':completion:*' menu select - - setopt HIST_IGNORE_ALL_DUPS - setopt HIST_FIND_NO_DUPS - - compdef _pass brain - zstyle ':completion::complete:brain::' prefix "$HOME/brain" - - compdef _pass secrets - zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/" - ''; - }; - }; -} diff --git a/makefu/2configs/home/3dprint.nix b/makefu/2configs/home/3dprint.nix deleted file mode 100644 index aac962787..000000000 --- a/makefu/2configs/home/3dprint.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ pkgs, ... }: -let - #dev = "/dev/web_cam"; - dev = "/dev/video0"; -in -{ - services.mjpg-streamer = { - enable = true; - inputPlugin = "input_uvc.so -d ${dev} -r 1280x960"; - }; - users.users.octoprint.extraGroups = [ "video" ]; - # allow octoprint to access /dev/vchiq - # also ensure that the webcam always comes up under the same name - services.udev.extraRules = '' - SUBSYSTEM=="vchiq",GROUP="video",MODE="0660" - KERNEL=="video*",ATTRS{vendor}=="0x046d", ATTRS{device}=="0x0825", GROUP="video", SYMLINK+="web_cam" - ''; - systemd.services.octoprint = { - path = [ pkgs.libraspberrypi ]; - }; - services.octoprint = { - enable = true; - plugins = plugins: with plugins;[ - costestimation - displayprogress - mqtt - stlviewer - themeify - # octolapse - (buildPlugin rec { - pname = "OctoPrint-HomeAssistant"; - version = "3.6.2"; - src = pkgs.fetchFromGitHub { - owner = "cmroche"; - repo = pname; - rev = version; - hash = "sha256-oo9OBmHoJFNGK7u9cVouMuBuUcUxRUrY0ppRq0OS1ro="; - }; - }) - ]; - extraConfig.plugins.mqtt.broker = { - url = "omo.lan"; - # TODO TODO TODO - username = "hass"; - password = "lksue43jrf"; - # TODO TODO TODO - }; - }; -} diff --git a/makefu/2configs/home/ham/automation/buttonboard.nix b/makefu/2configs/home/ham/automation/buttonboard.nix deleted file mode 100644 index 533311fc5..000000000 --- a/makefu/2configs/home/ham/automation/buttonboard.nix +++ /dev/null @@ -1,4 +0,0 @@ -# good, bad radio -# stop -# start radio -# lauter, leister diff --git a/makefu/2configs/home/ham/automation/bye.txt.j2 b/makefu/2configs/home/ham/automation/bye.txt.j2 deleted file mode 100644 index 8a5ba7257..000000000 --- a/makefu/2configs/home/ham/automation/bye.txt.j2 +++ /dev/null @@ -1,2 +0,0 @@ -Endlich ist Pappa fertig mit arbeit! -Heute hast du {{ states("sensor.felix_at_work_today") |round(1) }} Stunden gearbeitet. diff --git a/makefu/2configs/home/ham/automation/check-in.nix b/makefu/2configs/home/ham/automation/check-in.nix deleted file mode 100644 index db051757e..000000000 --- a/makefu/2configs/home/ham/automation/check-in.nix +++ /dev/null @@ -1,133 +0,0 @@ -let - button = "binary_sensor.arbeitszimmer_onebutton_button"; - light = "light.arbeitszimmer_onebutton_led"; - at_work = "input_boolean.felix_at_work"; - lib = import ../lib; - say = lib.say.office; -in -{ - services.home-assistant.config.input_boolean.felix_at_work.name = "Felix auf Arbeit"; - services.home-assistant.config.timer.felix_at_work = { - name = "Felix auf Arbeit Timer"; - duration = "10:00:00"; - }; - services.home-assistant.config.sensor = [ - { - platform = "history_stats"; - name = "Felix at work today"; - entity_id = "input_boolean.felix_at_work"; - state = "on"; - type = "time"; - start = "{{ now().replace(hour=0, minute=0, second=0) }}"; - end = "{{ now() }}"; - } - ]; - services.home-assistant.config.script.start_office_radio.sequence = - [ - { service = "media_player.play_media"; - data = { - media_content_id = "http://radio.lassul.us:8000/radio.mp3"; - media_content_type = "music"; - }; - target.entity_id = "media_player.office"; - } - ]; - services.home-assistant.config.automation = - [ - { alias = "Zu lange Felix!"; - trigger = - { platform = "event"; - event_type = "timer.finished"; - event_data.entity_id = "timer.felix_at_work"; - }; - - condition = - { - condition = "state"; - entity_id = at_work; - state = "off"; - }; - - action = (say "Felix, die zehn Stunden sind um, aufhören jetzt"); - } - { alias = "Turn off at work sensor"; - trigger = [ - { platform = "time"; at = "00:00:00"; } - ]; - condition = - { - condition = "state"; - entity_id = at_work; - state = "off"; - }; - action = - [ - # felix forgot to stamp out ... - { - service = "homeassistant.turn_off"; - entity_id = [ at_work ]; - } - ]; - } - { alias = "Push Check-in Button Felix with button"; - trigger = [ - { - platform = "state"; - entity_id = button; - to = "on"; - for.seconds = 1; - } - ]; - condition = [ - ]; - action = - [ - { choose = [ - { - conditions = { - condition = "state"; - entity_id = at_work; - state = "off"; - }; - sequence = [ - { service = "light.turn_on"; - target.entity_id = light; - data.brightness = 200; - } - { service = "homeassistant.turn_on"; - entity_id = at_work; - } - { service = "timer.start"; - entity_id = [ "timer.felix_at_work" ] ; - } - ] ++ (say (builtins.readFile ./welcome.txt.j2)) ++ - [ - { service = "script.start_office_radio"; } - ]; - } - { - conditions = { - condition = "state"; - entity_id = at_work; - state = "on"; - }; - sequence = [ - { service = "light.turn_off"; - target.entity_id = light; - } - { service = "homeassistant.turn_off"; - entity_id = at_work; - } - ] ++ (say (builtins.readFile ./bye.txt.j2)) ++ - [ - { service = "timer.stop"; - entity_id = [ "timer.felix_at_work" ] ; - } - ]; - } - ]; - } - ]; - } - ]; -} diff --git a/makefu/2configs/home/ham/automation/daily_speedtext.nix b/makefu/2configs/home/ham/automation/daily_speedtext.nix deleted file mode 100644 index 70d59f6e1..000000000 --- a/makefu/2configs/home/ham/automation/daily_speedtext.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - services.home-assistant.config.automation = - [ - { - trigger = [ - { platform = "time"; at = "03:21"; } - ]; - action = - [ - { - service = "speedtestdotnet.speedtest"; - } - ]; - } - ]; - -} diff --git a/makefu/2configs/home/ham/automation/fenster_auf.nix b/makefu/2configs/home/ham/automation/fenster_auf.nix deleted file mode 100644 index 698327ff4..000000000 --- a/makefu/2configs/home/ham/automation/fenster_auf.nix +++ /dev/null @@ -1,138 +0,0 @@ -{ lib, ... }: -#uses: -# notify.signal -# binary_sensor.badezimmer_fenster_contact -# binary_sensor.dusche_fenster_contact -let - hlib = import ../lib; - say = hlib.say.office; - draussen = "sensor.wohnzimmer_temp_temperature"; - draussen_diff = "sensor.unterschied_draussen_drinnen"; - draussen_heiss = 23; - min = 20; - fenster_offen = name: entity: - { alias = "${name} seit ${toString min} Minuten offen"; - trigger = [ - { - platform = "state"; - entity_id = entity; - to = "on"; - for.minutes = min; - } - ]; - condition = [ - ]; - action = - [ - { - service = "notify.signal_home"; - data_template = { - message = "${name} seit ${toString min} Minuten offen und draussen ist es gerade {{states.sensor.dark_sky_temperature.state}}°C bei {{states.sensor.dark_sky_humidity.state}}% Luftfeuchte"; - }; - } - { - service = "input_boolean.turn_on"; - target.entity_id = "input_boolean.${lib.toLower name}_lang_offen"; - } - ]; - }; - fenster_geschlossen_lang = name: entity: - { alias = "${name} wieder geschlossen"; - trigger = [ - { - platform = "state"; - entity_id = entity; - to = "off"; - for.seconds = 10; - } - ]; - condition = [ - { condition = "state"; - entity_id = "input_boolean.${lib.toLower name}_lang_offen"; - state = "on"; - } - ]; - action = - [ - { - service = "notify.signal_home"; - data = { - message= "${name} ist wieder geschlossen, Danke!"; - }; - } - { - service = "input_boolean.turn_off"; - target.entity_id = "input_boolean.${lib.toLower name}_lang_offen"; - } - ]; - }; -in { - services.home-assistant.config = { - template = [ - { sensor = { - name = "Unterschied Draussen Drinnen"; - unit_of_measurement = "°C"; - state = '' - {% set inside = states("${draussen}") | float | round(2) -%} - {% set outside = states("sensor.dark_sky_temperature") | float | round(2) -%} - {{ ((outside - inside) | round(1) )}}''; - }; - } - ]; - sensor = [ - { platform = "season"; type = "meteorological";} - ]; - - input_boolean = { - badezimmerfenster_lang_offen.name = "Badezimmer lange offen"; - duschfenster_lang_offen.name = "Duschfenster lange offen"; - ist_sommer = { - name = "Es ist Sommer"; - initial = false; # TODO - }; - }; - - automation = [ - (fenster_geschlossen_lang "Badezimmerfenster" "binary_sensor.badezimmer_fenster_contact") - (fenster_geschlossen_lang "Duschfenster" "binary_sensor.dusche_fenster_contact") - - (fenster_offen "Badezimmerfenster" "binary_sensor.badezimmer_fenster_contact") - (fenster_offen "Duschfenster" "binary_sensor.dusche_fenster_contact") - - { alias = "Draussen ist wieder kaelter"; - trigger = [ - { - platform = "numeric_state"; - entity_id = draussen_diff; - below = 0; - for.minutes = 20; - } - ]; - condition = [ - { condition = "numeric_state"; - entity_id = draussen; - above = draussen_heiss; - } - ]; - action = (say "Draussen ist es endlich kühler, jetzt kann man die Fenster auf machen"); - } - { alias = "Draussen ist zu warm"; - trigger = [ - { - platform = "numeric_state"; - entity_id = draussen_diff; - above = 0; - for.minutes = 20; - } - ]; - condition = [ - { condition = "numeric_state"; - entity_id = draussen; - above = draussen_heiss; - } - ]; - action = (say "Draussen wird es jetzt zu warm, besser das fenster schliessen"); - } - ]; - }; -} diff --git a/makefu/2configs/home/ham/automation/find_phone.nix b/makefu/2configs/home/ham/automation/find_phone.nix deleted file mode 100644 index d94942c9f..000000000 --- a/makefu/2configs/home/ham/automation/find_phone.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - services.home-assistant.config.script = { - find_felix_phone.sequence = [ - { - service = "notify.mobile_app_pixel_3a"; - data = { - title= "Finde Mich!"; - message= "Such Such Such"; - data = { - ttl = 0; - priority = "high"; - channel = "alarm_stream"; - }; - }; - } - ]; - find_tablet.sequence = [ - { - service = "notify.mobile_app_nova3"; - data = { - title = "Finde Mich!"; - message = "Such Such Such"; - data = { - ttl = 0; - priority = "high"; - channel = "alarm_stream"; - }; - }; - } - ]; - }; -} diff --git a/makefu/2configs/home/ham/automation/firetv_restart.nix b/makefu/2configs/home/ham/automation/firetv_restart.nix deleted file mode 100644 index 01d1ba6e9..000000000 --- a/makefu/2configs/home/ham/automation/firetv_restart.nix +++ /dev/null @@ -1,37 +0,0 @@ -let - cmd = command: { - service = "androidtv.adb_command"; - data = { - entity_id = "media_player.firetv_stick"; - inherit command; - }; - }; - sec = seconds: { delay.seconds = seconds; }; -in -{ - services.home-assistant.config.automation = - [ - { - alias = "Nightly reboot of firetv"; - trigger = { - platform = "time"; - at = "03:00:00"; - }; - action = [ - (cmd "reboot") - (sec 90) # go to my music because apparently select_source does not seem to always work - #(cmd "HOME") - #(sec 2) - #(cmd "DOWN") - #(sec 2) - #(cmd "DOWN") - #(sec 2) - #(cmd "ENTER") - #(sec 4) - #(cmd "RIGHT") - #(sec 2) - #(cmd "RIGHT") - ]; - } - ]; -} diff --git a/makefu/2configs/home/ham/automation/flurlicht.nix b/makefu/2configs/home/ham/automation/flurlicht.nix deleted file mode 100644 index bb4877100..000000000 --- a/makefu/2configs/home/ham/automation/flurlicht.nix +++ /dev/null @@ -1,63 +0,0 @@ -let - nachtlicht = [ "light.flur_statuslight" "light.wohnzimmer_status_led" ]; - - # flurlicht an - lightcond = name: conditions: rgb_color: brightness: - { - inherit conditions; - sequence = { - service = "light.turn_on"; - target.entity_id = nachtlicht; - data = { - inherit rgb_color brightness; - }; - }; - }; -in -{ - services.home-assistant.config.automation = - [ - { alias = "Nachtlicht trigger"; - trigger = [ - { platform = "sun"; event = "sunset"; } - { platform = "sun"; event = "sunrise"; } - { platform = "state"; entity_id = [ - "calendar.kehrwoche_kehrwoche" - "binary_sensor.badezimmer_fenster_contact" - "binary_sensor.dusche_fenster_contact" - ]; - } - ]; - action = - [ - { choose = [ - (lightcond "Badezimmer Fenster Auf" - [ { condition = "state"; entity_id = "binary_sensor.badezimmer_fenster_contact"; state = "on"; } - { condition = "state"; entity_id = "input_boolean.ist_sommer"; state = "off"; } - - ] - [ 64 207 255 ] 128 # hellblau - ) - (lightcond "Duschenster auf" - [ { condition = "state"; entity_id = "binary_sensor.dusche_fenster_contact"; state = "on"; } - { condition = "state"; entity_id = "input_boolean.ist_sommer"; state = "off"; } ] - [ 64 207 255 ] 128 # hellblau - ) - (lightcond "Nachtlicht" - { condition = "state"; entity_id = "sun.sun"; state = "below_horizon"; } - [ 255 190 0 ] 90 # red - ) - (lightcond "Kehrwoche" - { condition = "state"; entity_id = "calendar.kehrwoche_kehrwoche"; state = "on"; } - [ 204 0 255 ] 128 # pink - ) - ]; - default = { - service = "light.turn_off"; - entity_id = nachtlicht; - }; - } - ]; - } - ]; -} diff --git a/makefu/2configs/home/ham/automation/giesskanne.nix b/makefu/2configs/home/ham/automation/giesskanne.nix deleted file mode 100644 index 400e553e8..000000000 --- a/makefu/2configs/home/ham/automation/giesskanne.nix +++ /dev/null @@ -1,99 +0,0 @@ -# uses: -# switch.crafting_giesskanne_relay -let - cam = { - name = "chilicam"; - camera = "camera.espcam_02"; - light = "light.espcam_02_light"; - seconds = 90; # default shutoff to protect the LED from burning out - }; - seconds = 60*5; # time for giesskanne - 5 minutes - pump = "switch.arbeitszimmer_giesskanne_relay"; - light = "switch.terrasse_plug_relay"; - - # sensor = "sensor.statistics_for_sensor_crafting_brotbox_soil_moisture"; -in -{ - services.home-assistant.config = - { - #sensor = map ( entity_id: { - # platform = "statistics"; - # name = "Statistics for ${entity_id}"; - # inherit entity_id; - # max_age.minutes = "60"; - # sampling_size = 1000; - # }) [ "sensor.crafting_brotbox_soil_moisture" ]; - - automation = - [ - - ##### brotbox - { alias = "Water the plant for ${toString seconds} seconds and turn on the light"; - trigger = [ - { # trigger at 23:15 no matter what - # TODO: retry or run only if switch.wasser is available - platform = "sun"; - event = "sunrise"; - } - ]; - action = - [ - - { # now turn on the pumping services - # i do not start hte pump and light before the snapshot because i do - # not know how long it takes (do not want to water the plants for too long) - service = "homeassistant.turn_on"; - entity_id = [ pump light ]; - } - { delay.seconds = seconds; } - { - service = "homeassistant.turn_off"; - entity_id = [ pump cam.light ]; - } - { # TODO: we could also create a recording with camera.record - service = "camera.snapshot"; - data = { - entity_id = cam.camera; - # TODO: create /var/lib/hass/cam/ - now being done manually - filename = "/var/lib/hass/cam/${cam.name}_{{ now().strftime('%Y%m%d-%H%M%S') }}.jpg"; - }; - } - ]; - } - { alias = "Turn off the light at sunset"; - trigger = [ - { - platform = "sun"; - event = "sunset"; - # offset = "+02:00:00"; - } - ]; - action = - [ - { - service = "homeassistant.turn_off"; - entity_id = [ light ]; - } - ]; - } - - { alias = "Always turn off water after ${toString (seconds * 2)}s"; - trigger = [ - { - platform = "state"; - entity_id = pump; - to = "on"; - for.seconds = seconds*2; - } - ]; - action = - [ - { - service = "homeassistant.turn_off"; - entity_id = [ pump ]; - } - ]; - } - ]; - }; -} diff --git a/makefu/2configs/home/ham/automation/ladestecker_timer.nix b/makefu/2configs/home/ham/automation/ladestecker_timer.nix deleted file mode 100644 index 8e877129c..000000000 --- a/makefu/2configs/home/ham/automation/ladestecker_timer.nix +++ /dev/null @@ -1,24 +0,0 @@ -let - relay = "switch.terrasse_plug_relay"; - timeout = "300"; -in { - services.home-assistant.config.automation = [ - { alias = "Always turn off Charging station after ${toString (timeout)}m"; - trigger = [ - { - platform = "state"; - entity_id = relay; - to = "on"; - for.minutes = timeout; - } - ]; - action = - [ - { - service = "homeassistant.turn_off"; - entity_id = [ relay ]; - } - ]; - } - ]; -} diff --git a/makefu/2configs/home/ham/automation/lichter_dimmen.nix b/makefu/2configs/home/ham/automation/lichter_dimmen.nix deleted file mode 100644 index 4303cdfa5..000000000 --- a/makefu/2configs/home/ham/automation/lichter_dimmen.nix +++ /dev/null @@ -1,135 +0,0 @@ -# This module maps the RF433 Remote Control to zigbee and wifi lights -let - rf_turn_off = code: light: - { - alias = "Turn off ${light} via rf code ${code}"; - trigger = { - platform = "event"; - event_type = "esphome.rf_code_received"; - event_data.code = code; - }; - action = { - service = "light.turn_off"; - data.entity_id = light; - }; - }; - rf_turn_on = code: light: - { - alias = "Turn on ${light} via rf code ${code}"; - trigger = { - platform = "event"; - event_type = "esphome.rf_code_received"; - event_data.code = code; - }; - action = { - service = "light.turn_on"; - data.entity_id = light; - }; - }; - rf_state = code: light: halfbright: - let - maxbright = 255; - transition = 0.2; # seconds - in - # this function implements a simple state machine based on the state and brightness of the light (light must support brightness - { - alias = "Cycle through states of ${light} via rf code ${code}"; - trigger = { - platform = "event"; - event_type = "esphome.rf_code_received"; - event_data.code = code; - }; - action = { - choose = [ - { - # state 0: off to half - conditions = { - condition = "template"; - value_template = ''{{ states("${light}") == "off" }}''; - }; - sequence = [ - { - service = "light.turn_on"; - data = { - entity_id = light; - brightness = halfbright; - }; - } - ]; - } - { - # state 1: half to full - conditions = { - condition = "template"; - value_template = ''{{ states('${light}') == 'on' and ( ${toString (halfbright - 1)} <= state_attr("${light}","brightness") <= ${toString (halfbright + 1)})}}''; - }; - sequence = [ - { - service = "light.turn_on"; - data = { - entity_id = light; - brightness = maxbright; - }; - } - ]; - } - { - # state 2: full to off - conditions = { - condition = "template"; - # TODO: it seems like the devices respond with brightness-1 , maybe off-by-one somewhere? - value_template = ''{{ states("${light}") == "on" and state_attr("${light}","brightness") >= ${toString (maxbright - 1)}}}''; - }; - sequence = [ - { - service = "light.turn_off"; - data = { - entity_id = light; - }; - } - ]; - } - ]; - # default: on to off - # this works because state 0 checks for "state == off" - default = [{ - service = "light.turn_off"; - data = { - entity_id = light; - }; - }]; - }; - } -; - rf_toggle = code: light: - { - alias = "Toggle ${light} via rf code ${code}"; - trigger = { - platform = "event"; - event_type = "esphome.rf_code_received"; - event_data.code = code; - }; - action = { - service = "light.toggle"; - data.entity_id = light; - }; - }; -in -{ - services.home-assistant.config.automation = [ - (rf_toggle "400551" "light.wohnzimmer_fernseher_led_strip") # A - (rf_state "401151" "light.wohnzimmer_stehlampe_osram" 128) # B - (rf_state "401451" "light.wohnzimmer_komode_osram" 128) # C - (rf_state "401511" "light.wohnzimmer_schrank_osram" 128) # D - - # OFF Lane - (rf_turn_off "400554" "all") # A - (rf_toggle "401154" "light.wohnzimmer_fenster_lichterkette_licht") # B - (rf_toggle "401454" "light.wohnzimmer_fernsehwand_led") # C - # (rf_toggle "401514" "") # D - ]; - # "400554" # A OFF - # "401154" # B OFF - # "401454" # C OFF - # "401514" # D OFF -} diff --git a/makefu/2configs/home/ham/automation/light_buttons.nix b/makefu/2configs/home/ham/automation/light_buttons.nix deleted file mode 100644 index 460d48bc4..000000000 --- a/makefu/2configs/home/ham/automation/light_buttons.nix +++ /dev/null @@ -1,69 +0,0 @@ - -let - inherit (import ../lib) btn_cycle_light; - schlafzimmer_komode = "light.schlafzimmer_komode_osram"; - schlafzimmer_button = "sensor.schlafzimmer_btn2_click"; -in { - services.home-assistant.config.automation = [ - # (btn_cycle_light "light.arbeitszimmerbeleuchtung" "arbeitszimmer_btn1") - - { - alias = "toggle keller"; - trigger = { - platform = "state"; - entity_id = "sensor.keller_btn1_click"; - to = "single"; - }; - action = { - service = "light.toggle"; - #entity_id = lights; - data = { - entity_id = "light.keller_osram"; - brightness = 255; - }; - }; - } - { - alias = "low brightness keller with doubleclick"; - trigger = { - platform = "state"; - entity_id = "sensor.keller_btn1_click"; - to = "double"; - }; - action = { - service = "light.toggle"; - data = { - entity_id = "light.keller_osram"; - brightness = 25; - }; - }; - } - # (btn_cycle_light "light.wohnzimmerbeleuchtung" "wohnzimmer_btn3") - { - alias = "Dim Toggle schlafzimmer komode"; - trigger = { - platform = "state"; - entity_id = schlafzimmer_button; - to = "single"; - }; - action = { - service = "light.toggle"; - entity_id = schlafzimmer_komode; - brightness = 1; - }; - } - { - alias = "Bright Toggle schlafzimmer komode"; - trigger = { - platform = "state"; - entity_id = schlafzimmer_button; - to = "double"; - }; - action = { - service = "light.toggle"; - entity_id = schlafzimmer_komode; - brightness = 255; - }; - } - ]; -} diff --git a/makefu/2configs/home/ham/automation/moodlight.nix b/makefu/2configs/home/ham/automation/moodlight.nix deleted file mode 100644 index d0e336851..000000000 --- a/makefu/2configs/home/ham/automation/moodlight.nix +++ /dev/null @@ -1,46 +0,0 @@ -# uses: - -let - wohnzimmer = "light.wohnzimmer_fenster_lichterkette_licht"; - arbeitszimmer = "light.box_led_status"; - final_off = "01:00"; - - turn_on = entity_id: at: extra: - { alias = "Turn on ${entity_id} at ${at}"; - trigger = [ - { platform = "time"; inherit at; } - ]; - action = - [ - ({ service = "light.turn_on"; - data = { - inherit entity_id; - - } // extra; - }) - ]; - }; -in -{ - services.home-assistant.config = - { - automation = - [ - # (turn_on wohnzimmer "17:30") - (turn_on arbeitszimmer "9:00" { effect = "Slow Random Twinkle";}) - - { alias = "Always turn off the lights at ${final_off}"; - trigger = [ - { platform = "time"; at = final_off; } - ]; - action = - [ - { - service = "light.turn_off"; - entity_id = [ wohnzimmer arbeitszimmer]; - } - ]; - } - ]; - }; -} diff --git a/makefu/2configs/home/ham/automation/pflanzen_giessen_erinnerung.nix b/makefu/2configs/home/ham/automation/pflanzen_giessen_erinnerung.nix deleted file mode 100644 index 32a373edc..000000000 --- a/makefu/2configs/home/ham/automation/pflanzen_giessen_erinnerung.nix +++ /dev/null @@ -1,43 +0,0 @@ -let - notify_felix = message: { - service = "notify.signal_felix"; - data.message = message; - }; - notify_home = message: { - service = "notify.signal_home"; - data_template.message = message; - }; -in -{ - services.home-assistant.config.automation = - [ - #{ - # alias = "Pflanzen Giessen Erinnerung Daily"; - # trigger = { - # platform = "time"; - # at = "12:15:00"; - # }; - # action = [ - # (notify_felix "Es ist Mittagszeit und du kannst ruhig einmal alle Blumen im Zimmer giessen") - # ]; - #} - { - alias = "Pflanzen Giessen Erinnerung Weekly"; - trigger = { - platform = "time"; - at = "12:15:00"; - }; - condition = { - condition = "time"; - weekday = [ "sat" ]; - }; - action = [ - (notify_home - ''Es ist Wochenende und die Pflanzen würden sich über ein bisschen Wasser freuen. - Die Wettervorhersage: {{states.sensor.dark_sky_summary.state}} mit einer Regenwahrscheinlichkeit von {{states.sensor.dark_sky_precip_probability.state}}%. - Aktuell sind es {{states.sensor.dark_sky_temperature.state}}°C bei {{states.sensor.dark_sky_humidity.state}}% Luftfeuchte. - Der UV Index liegt bei {{states.sensor.dark_sky_uv_index.state}}'') - ]; - } - ]; -} diff --git a/makefu/2configs/home/ham/automation/project_tracker.nix b/makefu/2configs/home/ham/automation/project_tracker.nix deleted file mode 100644 index cb279b2fe..000000000 --- a/makefu/2configs/home/ham/automation/project_tracker.nix +++ /dev/null @@ -1,68 +0,0 @@ -{ lib, ... }: -# uses: -# -let - at_work = "input_boolean.felix_at_work"; - dice_action = "sensor.arbeitszimmer_cube_action"; - project_sensor = "sensor.felix_project"; - hlib = import ../lib; - say = hlib.say.office; - sides = [ "BDK" "LBS6" "random" "BNO" "CyberShield" "ILBS" ]; - hist_stat = state: { - platform = "history_stats"; - name = "Felix Project ${state}"; - entity_id = project_sensor; - inherit state; - type = "time"; - start = "{{ now().replace(hour=0, minute=0, second=0) }}"; - end = "{{ now() }}"; - }; - -in - { - services.home-assistant.config.sensor = map hist_stat (sides ++ ["not at work" "unknown"]); - services.home-assistant.config.automation = [ - { alias = "Felix Project Change"; - trigger = - { - platform = "state"; - entity_id = project_sensor; - # ignore login and log out - not_from = [ "not at work" ]; - not_to = [ "not at work" ]; - }; - - action = (say "Wechsel auf Projekt {{ trigger.to_state.state }}"); - } - ]; - services.home-assistant.config.template = [ - { - trigger = [ - { - platform = "state"; - entity_id = at_work; - } - { - platform = "state"; - attribute = "side"; - entity_id = dice_action; - not_from = ""; - } - ]; - sensor = [ - { name = "Felix Project"; - state = '' - {% set at_work = states('${at_work}') == 'on' %} - {% set side = state_attr('${dice_action}','side') %} - {% if not at_work %}not at work - '' + (lib.concatImapStringsSep "\n" (i: project: - "{% elif side == ${toString (i - 1)} %}${project}") sides) + - '' - {% else %}unknown - {% endif %} - ''; - } - ]; - } - ]; - } diff --git a/makefu/2configs/home/ham/automation/shutdown_button.nix b/makefu/2configs/home/ham/automation/shutdown_button.nix deleted file mode 100644 index ec84bbe94..000000000 --- a/makefu/2configs/home/ham/automation/shutdown_button.nix +++ /dev/null @@ -1,56 +0,0 @@ -let - btn = "sensor.arbeitszimmer_btn1_action"; - lib = import ../lib; - say = lib.say.living_room; - - all_lights = [ - # Wohnzimmer - "light.wled" - "light.wled_2" - "light.wohnzimmer_komode_osram" - "light.wohnzimmer_schrank_osram" - "light.wohnzimmer_fenster_lichterkette_licht" - - # Arbeitszimmer - "light.wled_3" - "light.wled_4" - "light.arbeitszimmer_schrank_dimmer" - "light.arbeitszimmer_pflanzenlicht" - "light.wohnzimmer_stehlampe_osram" - - # Keller - "light.keller_osram" - ]; - all_media_player = [ - "media_player.living_room" - "media_player.office" - "media_player.bedroom" - - ]; -in { - services.home-assistant.config.automation = - [ - { alias = "Wohnung shutdown single click"; - trigger = [ - { - platform = "state"; - entity_id = btn; - to = "single"; - } - ]; - condition = [ ]; - action = (say "Alles Aus" )++ [ - { - service = "light.turn_off"; - target.entity_id = all_lights; - } - { service = "media_player.media_stop"; - target.entity_id = all_media_player; - } - { service = "script.turn_on"; - target.entity_id = "script.alle_heizungen_aus"; - } - ]; - } - ]; -} diff --git a/makefu/2configs/home/ham/automation/urlaub.nix b/makefu/2configs/home/ham/automation/urlaub.nix deleted file mode 100644 index abfe5031d..000000000 --- a/makefu/2configs/home/ham/automation/urlaub.nix +++ /dev/null @@ -1,51 +0,0 @@ -# uses: -# light.wohnzimmer_schrank_osram -# light.wohnzimmer_fernseher_led_strip -# "all" lights - -let - schranklicht = [ - "light.wohnzimmer_schrank_osram" - # "light.wohnzimmer_komode_osram" - ]; - weihnachtslicht = "light.wohnzimmer_fenster_lichterkette_licht"; - fernsehlicht = "light.wled"; - - final_off = "00:37"; - - turn_on = entity_id: offset: - # negative offset => before sunset - { alias = "Turn on ${toString entity_id} at sunset ${offset}"; - trigger = [ - { platform = "sun"; event = "sunset"; inherit offset; } - ]; - action = - [ - { service = "light.turn_on"; inherit entity_id; } - ]; - }; -in -{ - services.home-assistant.config = - { - automation = - [ - (turn_on schranklicht "-00:30:00") - (turn_on weihnachtslicht "-00:00:00") - #(turn_on fernsehlicht "-00:00:00") - - { alias = "Always turn off the urlaub lights at ${final_off}"; - trigger = [ - { platform = "time"; at = final_off; } - ]; - action = - [ - { - service = "light.turn_off"; - entity_id = [ schranklicht weihnachtslicht fernsehlicht ]; - } - ]; - } - ]; - }; -} diff --git a/makefu/2configs/home/ham/automation/welcome.txt.j2 b/makefu/2configs/home/ham/automation/welcome.txt.j2 deleted file mode 100644 index d2a2b573b..000000000 --- a/makefu/2configs/home/ham/automation/welcome.txt.j2 +++ /dev/null @@ -1,45 +0,0 @@ -{% set arbeit_heute = is_state("binary_sensor.arbeitstag","on") -%} -{% set weekday = ['Montag','Dienstag','Mittwoch','Donnerstag','Freitag','Samstag','Sonntag'][now().weekday()] -%} -{% set is_friday = now().weekday() == 4 %} - -{% if not arbeit_heute %} -Heute ist {{ weekday }}, du solltest gar nicht arbeiten! -{% else %} -Willkommen auf Arbeit Felix. -{% endif -%} -Dein Projekt ist {{ states("sensor.felix_project") }}. - -{% set inside = states("sensor.wohnzimmer_temp_temperature") | float | round(2) -%} -{% set outside = states("sensor.dark_sky_temperature") | float | round(2) -%} -{% set arbeit_morgen = is_state("binary_sensor.arbeitstag_morgen","on") -%} - -Die Wetteraussichten: {{ states("sensor.dark_sky_hourly_summary") | replace(".","")}} bei {{ states("sensor.dark_sky_temperature") }} Grad mit {{ states("sensor.dark_sky_humidity") | round(0) }}% Luftfeuchtigkeit. -{% if states("calendar.abfall_papiermuell") == "on" %} -Heute ist Papiermuell, bring noch schnell dein Papier raus -{% endif %} -{% if states("calendar.abfall_restmuell") == "on" %} -Ausserdem ist heute Restmuell. -{% endif -%} - -{% if ( outside < inside ) and ( outside > 18 ) %} -Draussen ist es gerade {{ ((inside - outside) | round(1) )}} gerade kühler -{% endif -%} - -{% set current_count = state_attr("sensor.dwd_weather_warnings_current_warning_level", "warning_count") %} -{% for i in range(current_count) %} -{% set idx = i + 1 %} - {% set headline = state_attr("sensor.dwd_weather_warnings_current_warning_level", "warning_" ~ idx ~ "_headline") %} - {% set description = state_attr("sensor.dwd_weather_warnings_current_warning_level", "warning_" ~ idx ~ "_description") %} - {% set level = state_attr("sensor.dwd_weather_warnings_current_warning_level", "warning_" ~ idx ~ "_level") %} - {% set time_start = state_attr("sensor.dwd_weather_warnings_current_warning_level", "warning_" ~ idx ~ "_start") %} - {% set time_end = state_attr("sensor.dwd_weather_warnings_current_warning_level", "warning_" ~ idx ~ "_end") %} -Wetterwarnung {{idx}}: {{ headline }} Stufe {{level}} von {{ time_start.strftime("%H:%M") ~ " bis " ~ time_end.strftime("%H:%M") }} Uhr - -{{ description }} -{% endfor %} - -{% if is_friday %} -Endlich ist Freitag! -{% elif not arbeit_morgen %} -Morgen ist Feiertag, also nicht versehentlich arbeiten -{% endif -%} diff --git a/makefu/2configs/home/ham/automation/wohnzimmer_rf_fernbedienung.nix b/makefu/2configs/home/ham/automation/wohnzimmer_rf_fernbedienung.nix deleted file mode 100644 index b67dacb14..000000000 --- a/makefu/2configs/home/ham/automation/wohnzimmer_rf_fernbedienung.nix +++ /dev/null @@ -1,151 +0,0 @@ -# This module maps the RF433 Remote Control to zigbee and wifi lights -let - rf_turn_off = code: light: - { - alias = "Turn off ${light} via rf code ${code}"; - trigger = { - platform = "event"; - event_type = "esphome.rf_code_received"; - event_data.code = code; - }; - action = { - service = "light.turn_off"; - data.entity_id = light; - }; - }; - rf_turn_on = code: light: - { - alias = "Turn on ${light} via rf code ${code}"; - trigger = { - platform = "event"; - event_type = "esphome.rf_code_received"; - event_data.code = code; - }; - action = { - service = "light.turn_on"; - data.entity_id = light; - }; - }; - rf_state = code: light: halfbright: - let - maxbright = 255; - transition = 0.2; # seconds - in - # this function implements a simple state machine based on the state and brightness of the light (light must support brightness - { - alias = "Cycle through states of ${light} via rf code ${code}"; - trigger = { - platform = "event"; - event_type = "esphome.rf_code_received"; - event_data.code = code; - }; - action = { - choose = [ - { - # state 0: off to half - conditions = { - condition = "template"; - value_template = ''{{ states("${light}") == "off" }}''; - }; - sequence = [ - { - service = "light.turn_on"; - data = { - entity_id = light; - brightness = halfbright; - }; - } - ]; - } - { - # state 1: half to full - conditions = { - condition = "template"; - value_template = ''{{ states('${light}') == 'on' and ( ${toString (halfbright - 1)} <= state_attr("${light}","brightness") <= ${toString (halfbright + 1)})}}''; - }; - sequence = [ - { - service = "light.turn_on"; - data = { - entity_id = light; - brightness = maxbright; - }; - } - ]; - } - { - # state 2: full to off - conditions = { - condition = "template"; - # TODO: it seems like the devices respond with brightness-1 , maybe off-by-one somewhere? - value_template = ''{{ states("${light}") == "on" and state_attr("${light}","brightness") >= ${toString (maxbright - 1)}}}''; - }; - sequence = [ - { - service = "light.turn_off"; - data = { - entity_id = light; - }; - } - ]; - } - ]; - # default: on to off - # this works because state 0 checks for "state == off" - default = [{ - service = "light.turn_off"; - data = { - entity_id = light; - }; - }]; - }; - } -; - rf_toggle = code: light: - { - alias = "Toggle ${light} via rf code ${code}"; - trigger = { - platform = "event"; - event_type = "esphome.rf_code_received"; - event_data.code = code; - }; - action = { - service = "light.toggle"; - data.entity_id = light; - }; - }; -in -{ - services.home-assistant.config.automation = [ - (rf_toggle "400551" "light.wohnzimmer_fernseher_led_strip") # A - (rf_state "401151" "light.wohnzimmer_stehlampe_osram" 128) # B - (rf_state "401451" "light.wohnzimmer_komode_osram" 128) # C - (rf_state "401511" "light.wohnzimmer_schrank_osram" 128) # D - - # OFF Lane - (let code = "400554"; in { - alias = "Turn off living room light via rf code ${code}"; # A - trigger = { - platform = "event"; - event_type = "esphome.rf_code_received"; - event_data.code = code; - }; - action = { - service = "light.turn_off"; - data.entity_id = [ - "light.wohnzimmer_fernseher_led_strip" "light.wohnzimmer_stehlampe_osram" - "light.wohnzimmer_komode_osram" "light.wohnzimmer_schrank_osram" - "light.wohnzimmer_fenster_lichterkette_licht" "light.wled" - ]; - }; - }) - - (rf_toggle "401154" "light.wohnzimmer_fenster_lichterkette_licht") # B - (rf_toggle "401454" "light.wohnzimmer_fernsehwand_led") # C - # (rf_toggle "401514" "") # D - ]; - # "400554" # A OFF - # "401154" # B OFF - # "401454" # C OFF - # "401514" # D OFF -} diff --git a/makefu/2configs/home/ham/calendar/nextcloud.nix b/makefu/2configs/home/ham/calendar/nextcloud.nix deleted file mode 100644 index 3eb68de7d..000000000 --- a/makefu/2configs/home/ham/calendar/nextcloud.nix +++ /dev/null @@ -1,41 +0,0 @@ -let - cred = import <secrets/ham/nextcloud-calendar>; -in -{ - services.home-assistant.config.calendar = - [ - { - platform = "caldav"; - inherit (cred) username password; - url = "https://o.euer.krebsco.de/remote.php/dav"; - custom_calendars = [ - { - name = "Gelbersack"; - calendar = "Abfall"; - search = "Gelber Sack.*"; - } - { - name = "Biomuell"; - calendar = "Abfall"; - search = "Bio.*"; - } - { - name = "Restmuell"; - calendar = "Abfall"; - search = "Rest.*"; - } - { - name = "Papiermuell"; - calendar = "Abfall"; - search = "Altpapier.*"; - } - { - name = "Kehrwoche"; - calendar = "Kehrwoche"; - search = ".*"; - } - ]; - } - - ]; -} diff --git a/makefu/2configs/home/ham/default.nix b/makefu/2configs/home/ham/default.nix deleted file mode 100644 index 98269959d..000000000 --- a/makefu/2configs/home/ham/default.nix +++ /dev/null @@ -1,205 +0,0 @@ -{ pkgs, lib, config, ... }: -# Ideas: -## wake-on-lan server -## -let - prefix = (import ./lib).prefix; - hassdir = "/var/lib/hass"; - - -in { - imports = [ - ./nginx.nix - ./mqtt.nix - ./signal-rest - - # hass config - ./zigbee2mqtt.nix - # ./multi/flurlicht.nix - ./multi/kurzzeitwecker.nix - ./intents - ./multi/the_playlist.nix - ./multi/heizung.nix - # ./multi/fliegen-couter.nix - - ./device_tracker/openwrt.nix - ./device_tracker/tile.nix - - ./sensor/outside.nix - ./sensor/pollen.nix - ./sensor/dwd.nix - - ./calendar/nextcloud.nix - - ./media/firetv.nix - ./media/sonos.nix - ./media/schlafzimmer_music_remote.nix - ./media/remote_sound_wohnzimmer.nix - ./media/remote_sound_arbeitszimmer.nix - ./media/arbeitszimmer_matrix.nix - - ./automation/check-in.nix - ./automation/fenster_auf.nix - ./automation/firetv_restart.nix - ./automation/light_buttons.nix - ./automation/wohnzimmer_rf_fernbedienung.nix - # ./automation/ladestecker_timer.nix - ./automation/flurlicht.nix - # ./automation/giesskanne.nix - # ./automation/pflanzen_giessen_erinnerung.nix - ./automation/find_phone.nix - ./automation/urlaub.nix - ./automation/moodlight.nix - ./automation/shutdown_button.nix - ./automation/project_tracker.nix - ./automation/daily_speedtext.nix - - - ./light/arbeitszimmer.nix - ./light/schlafzimmer.nix - ./light/wohnzimmer.nix - - ./tts/google.nix - ]; - - services.home-assistant = { - extraComponents = [ "mobile_app" ]; - extraPackages = python3Packages: with python3Packages; [ pytz ]; - - config = { - default_config = {}; # for sonos aiodiscover - - influxdb = { - api_version = 1; - database = "ham"; - host = "localhost"; - tags = { - instance = "omo"; - source = "hass"; - }; - }; - - config = {}; - homeassistant = { - name = "Home"; time_zone = "Europe/Berlin"; - latitude = "48.7687"; - longitude = "9.2478"; - elevation = 247; - auth_providers = [ - { type = "trusted_networks"; - trusted_networks = [ "192.168.1.0/24" ]; - allow_bypass_login = true; - } - { type = "homeassistant"; } - ]; - }; - tasmota = {}; - binary_sensor = [ - { platform = "workday"; - name = "Arbeitstag"; - country = "DE"; - province = "BW"; - } - { platform = "workday"; - name = "Arbeitstag Morgen"; - country = "DE"; - province = "BW"; - days_offset = 1; - } - { platform = "workday"; - name = "Arbeitstag Gestern"; - country = "DE"; - province = "BW"; - days_offset = 1; - } - ]; - discovery = {}; - conversation = {}; - history = {}; - logbook = {}; - logger = { - default = "info"; - }; - rest_command = {}; - api = {}; - esphome = {}; # fails - camera = []; - #telegram_bot = [ - # # secrets file: { - # # "platform": "broadcast", - # # "api_key": "", # talk to Botfather /newbot - # # "allowed_chat_ids": [ ID ] # curl -X GET # https://api.telegram.org/bot<YOUR_API_TOKEN>/getUpdates - # # } - # (builtins.fromJSON - # (builtins.readFile <secrets/hass/telegram-bot.json>)) - #]; - notify = [ - #{ - # platform = "telegram"; - # name = "telegrambot"; - # chat_id = builtins.elemAt - # (builtins.fromJSON (builtins.readFile - # <secrets/hass/telegram-bot.json>)).allowed_chat_ids 0; - #} - ]; - sun.elevation = 247; - recorder = {}; - mqtt = { - broker = "localhost"; - discovery = true; #enable esphome discovery - discovery_prefix = "homeassistant"; - port = 1883; - client_id = "home-assistant"; - username = "hass"; - password = lib.removeSuffix "\n" (builtins.readFile <secrets/mqtt/hass>); - keepalive = 60; - protocol = 3.1; - birth_message = { - topic = "${prefix}/hass/tele/LWT"; - payload = "Online"; - qos = 1; - retain = true; - }; - will_message = { - topic = "${prefix}/hass/tele/LWT"; - payload = "Offline"; - qos = 1; - retain = true; - }; - }; - luftdaten = { - # show_on_map = true; - sensor_id = 72935; - # sensors.monitored_conditions = [ "P1" "P2" ]; - }; - #binary_sensor = - # flurlicht.binary_sensor; - - sensor = [ - # https://www.home-assistant.io/cookbook/automation_for_rainy_days/ - ]; - frontend = { }; - speedtestdotnet = { }; - http = { - use_x_forwarded_for = true; - #server_host = "127.0.0.1"; - server_host = "0.0.0.0"; - trusted_proxies = [ "127.0.0.1" ]; - #trusted_proxies = [ "192.168.1.0/24" ]; - }; - switch = []; - automation = []; - script = { }; - media_source = {}; - }; - enable = true; - configDir = hassdir; - }; - - krebs.secret.files."hass-secrets" = { - source-path = toString <secrets> + "/hass/secrets.yaml"; - path = "/var/lib/hass/secrets.yaml"; - owner.name = "hass"; - }; - state = [ "/var/lib/hass/known_devices.yaml" ]; -} diff --git a/makefu/2configs/home/ham/deps/dwdwfsapi.nix b/makefu/2configs/home/ham/deps/dwdwfsapi.nix deleted file mode 100644 index d59dfa9e8..000000000 --- a/makefu/2configs/home/ham/deps/dwdwfsapi.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ lib -, buildPythonPackage -, fetchPypi -, requests -, ciso8601 -, urllib3 -}: - -buildPythonPackage rec { - pname = "dwdwfsapi"; - version = "1.0.3"; - - disabled = false; # requires python version >=3.6 - - src = fetchPypi { - inherit pname version; - sha256 = "3d7d5bd66b1a647f07295068dc653b4ceafc2e8ec834b8e32419031c7b3a9b39"; - }; - - # # Package conditions to handle - # # might have to sed setup.py and egg.info in patchPhase - # # sed -i "s/<package>.../<package>/" - # requests>=2.23.0,<3 - # ciso8601>=2.1.3,<3 - # urllib3>=1.25.8,<2 - propagatedBuildInputs = [ - requests - ciso8601 - urllib3 - ]; - - meta = with lib; { - description = "Python client to retrieve data provided by DWD via their geoserver WFS API"; - homepage = https://github.com/stephan192/dwdwfsapi; - license = licenses.mit; - # maintainers = [ maintainers. ]; - }; -} diff --git a/makefu/2configs/home/ham/deps/pykodi.nix b/makefu/2configs/home/ham/deps/pykodi.nix deleted file mode 100644 index 85a541f8a..000000000 --- a/makefu/2configs/home/ham/deps/pykodi.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ lib -, buildPythonPackage -, fetchPypi -, jsonrpc-async -, jsonrpc-websocket -, aiohttp -}: - -buildPythonPackage rec { - pname = "pykodi"; - version = "0.2.2"; - - disabled = false; # requires python version >=3.7.0 - - src = fetchPypi { - inherit pname version; - sha256 = "43e7036a00a76f65c34dc5e7f1065a3ef071eea7619c2e6228e521b638e640bc"; - }; - - # # Package conditions to handle - # # might have to sed setup.py and egg.info in patchPhase - # # sed -i "s/<package>.../<package>/" - # jsonrpc-async>=1.1.0 - # jsonrpc-websocket>=1.2.1 - propagatedBuildInputs = [ - jsonrpc-async - jsonrpc-websocket - aiohttp - ]; - - meta = with lib; { - description = "An async python interface for Kodi over JSON-RPC"; - homepage = https://github.com/OnFreund/PyKodi; - license = licenses.mit; - # maintainers = [ maintainers. ]; - }; -} diff --git a/makefu/2configs/home/ham/device_tracker/openwrt.nix b/makefu/2configs/home/ham/device_tracker/openwrt.nix deleted file mode 100644 index c2b0353c6..000000000 --- a/makefu/2configs/home/ham/device_tracker/openwrt.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - services.home-assistant.config.device_tracker = - [ - { platform = "luci"; - host = "192.168.111.5"; - username = "root"; - password = import <secrets/hass/router.nix>; - interval_seconds = 30; # instead of 12seconds - consider_home = 300; # 5 minutes timeout - new_device_defaults.track_new_devices = true; - } - ]; -} diff --git a/makefu/2configs/home/ham/device_tracker/tile.nix b/makefu/2configs/home/ham/device_tracker/tile.nix deleted file mode 100644 index ad1e6c15d..000000000 --- a/makefu/2configs/home/ham/device_tracker/tile.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - - services.home-assistant.config.device_tracker = - [ - { inherit (import <secrets/hass/tile.nix>) username password; - platform = "tile"; - show_inactive = true; - } - ]; -} diff --git a/makefu/2configs/home/ham/docker.nix b/makefu/2configs/home/ham/docker.nix deleted file mode 100644 index e8a47dbbb..000000000 --- a/makefu/2configs/home/ham/docker.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, pkgs, lib, ... }: -let - confdir = "/var/lib/homeassistant-docker"; -in { - imports = [ - ./nginx.nix - ./mqtt.nix - ./signal-rest - ./signal-rest/service.nix - ]; - - networking.firewall.allowedTCPPorts = [ 8123 ]; - state = [ "/var/lib/hass/known_devices.yaml" ]; - virtualisation.oci-containers.containers.hass = { - image = "homeassistant/home-assistant:latest"; - environment = { - TZ = "Europe/Berlin"; - UMASK = "007"; - }; - extraOptions = ["--net=host" ]; - volumes = [ - "${confdir}:/config" - #"/data/music:/config/media" - ]; - }; - systemd.tmpfiles.rules = [ - #"f ${confdir}/docker-run 0770 kiosk kiosk - -" - "d ${confdir} 0770 kiosk kiosk - -" - ]; -} diff --git a/makefu/2configs/home/ham/intents/default.nix b/makefu/2configs/home/ham/intents/default.nix deleted file mode 100644 index 24594b4a2..000000000 --- a/makefu/2configs/home/ham/intents/default.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - services.home-assistant.config = { - intent_script = { - GetTime.speech.text = '' - Es ist {{ now().hour }} Uhr {{ now().minute }} - ''; - GutenMorgen.speech.text = '' - Einen wunderschönen Guten Morgen wünsche ich dir - ''; - WieGehtEsDir.speech.text = '' - Mir geht es sehr gut, und dir? - ''; - Statusreport.speech.text = builtins.readFile ./statusbericht.txt.j2; - StartMusic = { - speech.text = "Spiele {{ music }} musik"; - action_async = [ - { - service = "media_player.play_media"; - data_template = { - entity_id = "media_player.{{ _intent.siteId }}"; - media_content_id = builtins.readFile ./music_chooser.txt.j2; - media_content_type = "music"; - }; - } - ]; - }; - GetWeather = { - #speech.text = '' - # {{ states('sensor.openweathermap_weather') }} bei {{ states('sensor.openweathermap_temperature') }} Grad - #''; - speech.text = "{{ states('sensor.swr_prognose') }}"; - }; - }; - }; -} diff --git a/makefu/2configs/home/ham/intents/music_chooser.txt.j2 b/makefu/2configs/home/ham/intents/music_chooser.txt.j2 deleted file mode 100644 index b66ed2721..000000000 --- a/makefu/2configs/home/ham/intents/music_chooser.txt.j2 +++ /dev/null @@ -1,13 +0,0 @@ -{% if music == "lounge" -%} -https://cast1.asurahosting.com/proxy/julien/stream.mp3 -{% elif music == "lassulus" -%} -http://radio.lassul.us:8000/radio.mp3 -{% elif music == "groove" -%} -http://ice2.somafm.com/groovesalad-128.mp3 -{% elif music == "swr3" -%} -https://liveradio.swr.de/sw282p3/swr3/play.mp3 -{% elif music == "swr1" -%} -https://liveradio.swr.de/sw282p3/swr1bw/play.mp3 -{% elif music == "radio" -%} -https://liveradio.swr.de/sw282p3/swr1bw/play.mp3 -{% endif %} diff --git a/makefu/2configs/home/ham/intents/statusbericht.txt.j2 b/makefu/2configs/home/ham/intents/statusbericht.txt.j2 deleted file mode 100644 index c17ad455c..000000000 --- a/makefu/2configs/home/ham/intents/statusbericht.txt.j2 +++ /dev/null @@ -1,37 +0,0 @@ -{% set arbeit_heute = is_state("binary_sensor.arbeitstag","on") -%} -{% set weekday = ['Montag','Dienstag','Mittwoch','Donnerstag','Freitag','Samstag','Sonntag'][now().weekday()] -%} -{% set is_friday = now().weekday() == 4 %} - -Dies ist deine Persönliche Zusammenfassung -{% set inside = states("sensor.wohnzimmer_temp_temperature") | float | round(2) -%} -{% set outside = states("sensor.dark_sky_temperature") | float | round(2) -%} -{% set arbeit_morgen = is_state("binary_sensor.arbeitstag_morgen","on") -%} - -Die Wetteraussichten: {{ states("sensor.dark_sky_hourly_summary") | replace(".","")}} bei {{ states("sensor.dark_sky_temperature") }} Grad mit {{ states("sensor.dark_sky_humidity") | round(0) }}% Luftfeuchtigkeit. -{% if states("calendar.abfall_papiermuell") == "on" %} -Heute ist Papiermuell, bring noch schnell dein Papier raus -{% endif %} -{% if states("calendar.abfall_restmuell") == "on" %} -Ausserdem ist heute Restmuell. -{% endif -%} - -{% if ( outside < inside ) and ( outside > 18 ) %} -Draussen ist es gerade {{ ((inside - outside) | round(1) )}} gerade kühler -{% endif -%} - -{% set current_count = state_attr("sensor.dwd_weather_warnings_current_warning_level", "warning_count") %} -{% for i in range(current_count) %} -{% set idx = i + 1 %} - {% set headline = state_attr("sensor.dwd_weather_warnings_current_warning_level", "warning_" ~ idx ~ "_headline") %} - {% set description = state_attr("sensor.dwd_weather_warnings_current_warning_level", "warning_" ~ idx ~ "_description") %} - {% set level = state_attr("sensor.dwd_weather_warnings_current_warning_level", "warning_" ~ idx ~ "_level") %} - {% set time_start = state_attr("sensor.dwd_weather_warnings_current_warning_level", "warning_" ~ idx ~ "_start") %} - {% set time_end = state_attr("sensor.dwd_weather_warnings_current_warning_level", "warning_" ~ idx ~ "_end") %} -Wetterwarnung {{idx}}: {{ headline }} Stufe {{level}} von {{ time_start.strftime("%H:%M") ~ " bis " ~ time_end.strftime("%H:%M") }} Uhr - -{{ description }} -{% endfor %} - -{% if is_friday %} -Endlich ist Freitag! -{% endif -%} diff --git a/makefu/2configs/home/ham/lib/cheat-sheet.nix b/makefu/2configs/home/ham/lib/cheat-sheet.nix deleted file mode 100644 index f593ef4ec..000000000 --- a/makefu/2configs/home/ham/lib/cheat-sheet.nix +++ /dev/null @@ -1,42 +0,0 @@ -# Begin -let -in { - services.home-assistant.config.automation = - [ - ]; -} - -# example automation - { alias = ""; - trigger = [ - { - platform = "state"; - entity_id = ""; - to = "on"; - for.seconds = 0; - } - ]; - condition = [ - { condition = "state"; - entity_id = ""; - state = "off"; - } - ]; - action = - [ - { choose = [ - { - conditions = { - condition = "state"; - entity_id = ""; - state = "on"; - }; - sequence = [{ - service = "home_assistant.turn_on"; - target.entity_id = ""; - }]; - }]; - default = { }; - } - ]; - } diff --git a/makefu/2configs/home/ham/lib/default.nix b/makefu/2configs/home/ham/lib/default.nix deleted file mode 100644 index 0d89d1e9e..000000000 --- a/makefu/2configs/home/ham/lib/default.nix +++ /dev/null @@ -1,134 +0,0 @@ -let - prefix = "/ham"; -in -{ - inherit prefix; - say = let - # returns a list of actions to be performed on an mpd to say something - tts = { message, entity }: - [ - { - service = "sonos.snapshot"; - target.entity_id = entity; - } - { - service = "tts.google_say"; - data = { - entity_id = entity; - inherit message; - language = "de"; - }; - } - #{ wait_template = "{{ is_state('${entity}' , 'playing') }}"; - # timeout = "00:00:02"; - #} - #{ wait_template = "{{ not is_state('${entity}' , 'playing') }}"; - # timeout = "00:01:00"; - #} - { delay.seconds = 1; } - { delay = '' - {% set duration = state_attr("${entity}","media_duration") or 0 %} - {% set seconds = (duration % 60 ) %} - {% set minutes = (duration / 60)|int % 60 %} - {% set hours = (duration / 3600)|int %} - {{ "%02i:%02i:%02i"|format(hours, minutes, seconds)}} - ''; - } - { - service = "sonos.restore"; - target.entity_id = entity; - } - ]; - in - { - living_room = message: tts { - inherit message; - entity = "media_player.living_room"; - }; - office = message: tts { - inherit message; - entity = "media_player.office"; - }; - bedroom = message: tts { - inherit message; - entity = "media_player.bedroom"; - }; - }; - - zigbee.prefix = "/ham/zigbee"; - - btn_cycle_light = light: btn: halfbright: - let - maxbright = 255; - transition = 0.2; # seconds - in - # this function implements a simple state machine based on the state and brightness of the light (light must support brightness - { - alias = "Cycle through states of ${light} via button ${btn}"; - trigger = { - platform = "state"; - entity_id = "sensor.${btn}_click"; - to = "single"; - }; - action = { - choose = [ - { - # state 0: off to half - conditions = { - condition = "template"; - value_template = ''{{ states("${light}") == "off" }}''; - }; - sequence = [ - { - service = "light.turn_on"; - data = { - entity_id = light; - brightness = halfbright; - }; - } - ]; - } - { - # state 1: half to full - conditions = { - condition = "template"; - value_template = ''{{ states('${light}') == 'on' and ( ${toString (halfbright - 1)} <= state_attr("${light}","brightness") <= ${toString (halfbright + 1)})}}''; - }; - sequence = [ - { - service = "light.turn_on"; - data = { - entity_id = light; - brightness = maxbright; - }; - } - ]; - } - { - # state 2: full to off - conditions = { - condition = "template"; - # TODO: it seems like the devices respond with brightness-1 , maybe off-by-one somewhere? - value_template = ''{{ states("${light}") == "on" and state_attr("${light}","brightness") >= ${toString (maxbright - 1)}}}''; - }; - sequence = [ - { - service = "light.turn_off"; - data = { - entity_id = light; - }; - } - ]; - } - ]; - # default: on to off - # this works because state 0 checks for "state == off" - default = [{ - service = "light.turn_off"; - data = { - entity_id = light; - }; - }]; - }; - }; -} diff --git a/makefu/2configs/home/ham/light/arbeitszimmer.nix b/makefu/2configs/home/ham/light/arbeitszimmer.nix deleted file mode 100644 index 6e572c763..000000000 --- a/makefu/2configs/home/ham/light/arbeitszimmer.nix +++ /dev/null @@ -1,33 +0,0 @@ -let - arbeitszimmer_deko = [ - "light.led_wand" - "light.box_led_status" - "light.arbeitszimmer_led1_led_strip" # LED-Kreis in cube - ]; - arbeitszimmerbeleuchtung = [ - "light.arbeitszimmer_schrank_dimmer" - "light.arbeitszimmer_kerze" - "light.arbeitszimmer_pflanzenlicht" - ]; -in { - imports = [ ./tint_arbeitszimmer.nix ]; - - services.home-assistant.config.light = [ - { - platform = "group"; - name = "Arbeitszimmerbeleuchtung"; - entities = arbeitszimmerbeleuchtung; - } - { - platform = "group"; - name = "Arbeitszimmer Deko"; - entities = arbeitszimmer_deko; - } - { platform = "switch"; - name = "Arbeitszimmer Pflanzenlicht"; - entity_id = "switch.arbeitszimmer_stecker1"; - } - ]; - services.home-assistant.config.automation = [ - ]; -} diff --git a/makefu/2configs/home/ham/light/schlafzimmer.nix b/makefu/2configs/home/ham/light/schlafzimmer.nix deleted file mode 100644 index e5370e3f8..000000000 --- a/makefu/2configs/home/ham/light/schlafzimmer.nix +++ /dev/null @@ -1,14 +0,0 @@ -let - schlafzimmer_licht = [ - "light.schlafzimmer_komode_osram" - # "light.schlafzimmer_schrank_osram" - ]; -in { - services.home-assistant.config.light = [ - { - platform = "group"; - name = "Schlafzimmerbeleuchtung"; - entities = schlafzimmer_licht; - } - ]; -} diff --git a/makefu/2configs/home/ham/light/tint_arbeitszimmer.nix b/makefu/2configs/home/ham/light/tint_arbeitszimmer.nix deleted file mode 100644 index 4ae91ac54..000000000 --- a/makefu/2configs/home/ham/light/tint_arbeitszimmer.nix +++ /dev/null @@ -1,281 +0,0 @@ -{ lib, ...}: - -let - # effect - color - # Solid Pattern - Hult - group_id_1 = 16388; - group_id_2 = 16389; - group_id_3 = 16390; - remote = "sensor.arbeitszimmer_remote1_action"; - main_light_1 = "light.wled_4"; - default_scene_1 = "Solid"; - default_color_1 = "Default"; - main_color_select_1 = "select.wled_color_palette_4"; - light_group_1.entity_id = [ - main_light_1 - ]; - - # contains only the actually changeable lights - light_group_2.entity_id = [ - "light.arbeitszimmer_schrank_dimmer" - ]; - light_group_3.entity_id = [ - "light.arbeitszimmer_pflanzenlicht" - ]; - - statecond = cond: { # cond must be a list - condition = "template"; - value_template = "{{ trigger.to_state.attributes.action in ( " + - (lib.concatMapStringsSep "," (x: "'${x}'") cond) + ") }}"; - }; -in { - services.home-assistant.config.automation = [ - { - alias = "Perform Actions with ${remote}"; - mode = "queued"; - max = 5; - max_exceeded = "silent"; - trigger = { - platform = "state"; - entity_id = remote; - }; - condition = { - condition = "and"; - conditions = [ - { - condition = "template"; - value_template = "{{ trigger.from_state.state != trigger.to_state.state }}"; - } - ( statecond [ "off" "on" "color_wheel" - "brightness_up_click" "brightness_down_click" - "color_temp" "color_temperature_move" - "brightness_step_down" "brightness_step_up" "brightness_down_hold" "brightness_down_release" "brightness_up_hold" "brightness_up_release" - "scene_3" "scene_1" "scene_2" # working sunset party - "scene_6" "scene_4" "scene_5" # night campfire romantic - ]) - ]; - }; - action = [ - { service = "system_log.write"; - data = { - level = "info"; - message = "Tint Button pressed: {{ trigger.to_state.state }} Group: {{ trigger.to_state.attributes.action_group }} Length {{ input_working_scene_1 | length }}"; - }; - } - { - choose = [ - { # light group 1 - conditions = { - condition = "template"; - value_template = "{{ trigger.to_state.attributes.action_group == ${toString group_id_1} }}"; - }; - sequence = [ - { - choose = [ - { - conditions = statecond [ "on" "off" ]; - sequence = { - service = "light.turn_{{ trigger.to_state.state }}"; - target = light_group_1; - }; - } - { - conditions = statecond [ "color_wheel" ]; - sequence = { - data.xy_color = [ - "{{ trigger.to_state.attributes.action_color.x | float }}" - "{{ trigger.to_state.attributes.action_color.y | float }}" - ]; - service = "light.turn_on"; - target = light_group_1; - }; - } - { - conditions = statecond [ "color_temp" ]; - sequence = { - data.color_temp = "{{ trigger.to_state.attributes.action_color_temperature | float }}"; - service = "light.turn_on"; - target = light_group_1; - }; - } - { - conditions = statecond [ "brightness_up_click" "brightness_down_click" ]; - sequence = [ - { - variables.factor = ''{% if trigger.to_state.state in ( "brightness_down_click") %} -12 {% else %} 12 {% endif %}''; - } - { - data.brightness_step_pct = "{{ factor | int }}"; - service = "light.turn_on"; - target = light_group_1; - } - ]; - } - { - conditions = statecond [ - "scene_3" # working => previous scene - "scene_1" # sunset => default scene (solid) - "scene_2" # party => next scene - - ]; - sequence = [ - { - data.effect = '' - {% set options = state_attr("${main_light_1}","effect_list") -%} - {% set selection = options.index(state_attr("${main_light_1}","effect")) -%} - {% if trigger.to_state.attributes.action == "scene_2" -%} - {% if (selection + 1) >= options | length -%} - {{ options[0] }} - {% else -%} - {{ options[selection + 1] }} - {% endif %} - {% elif trigger.to_state.attributes.action == "scene_1" -%} - ${default_scene_1} - {% elif trigger.to_state.attributes.action == "scene_3" -%} - {{ options[selection - 1] }} - {% endif -%} - ''; - service = "light.turn_on"; - target.entity_id = main_light_1; - } - ]; - } - { - conditions = statecond [ - "scene_6" # night => previous color - "scene_4" # campfire => default Color (Default) - "scene_5" # romance => next color - - ]; - sequence = [ - { - data.option = '' - {% set options = state_attr("${main_color_select_1}","options") -%} - {% set selection = options.index(states("${main_color_select_1}")) -%} - {% if trigger.to_state.attributes.action == "scene_5" -%} - {% if (selection + 1) >= options | length -%} - {{ options[0] }} - {% else -%} - {{ options[selection + 1] }} - {% endif %} - {% elif trigger.to_state.attributes.action == "scene_4" -%} - ${default_color_1} - {% elif trigger.to_state.attributes.action == "scene_6" -%} - {{ options[selection - 1] }} - {% endif -%} - ''; - service = "select.select_option"; - target.entity_id = main_color_select_1; - } - ]; - } - ]; - } - ]; - } - { # light group 2 - conditions = { - condition = "template"; - value_template = "{{ trigger.to_state.attributes.action_group == ${toString group_id_2} }}"; - }; - sequence = [ - { - choose = [ - { conditions = statecond [ "on" "off" ]; - sequence = { - service = "light.turn_{{ trigger.to_state.state }}"; - target = light_group_2; - }; - } - { - conditions = statecond [ "color_wheel" ]; - sequence = { - data.xy_color = [ - "{{ trigger.to_state.attributes.action_color.x | float }}" - "{{ trigger.to_state.attributes.action_color.y | float }}" - ]; - service = "light.turn_on"; - target = light_group_2; - }; - } - { - conditions = statecond [ "color_temp" ]; - sequence = { - data.color_temp = "{{ trigger.to_state.attributes.action_color_temperature | float }}"; - service = "light.turn_on"; - target = light_group_2; - }; - } - { - conditions = statecond [ "brightness_up_click" "brightness_down_click" ]; - sequence = [ - { - variables.factor = ''{% if trigger.to_state.state in ( "brightness_down_click") %} -12 {% else %} 12 {% endif %}''; - } - { - data.brightness_step_pct = "{{ factor | int }}"; - service = "light.turn_on"; - target = light_group_2; - } - ]; - } - ]; - } - ]; - } - { # light group 3 - conditions = { - condition = "template"; - value_template = "{{ trigger.to_state.attributes.action_group == ${toString group_id_3} }}"; - }; - sequence = [ - { - choose = [ - { conditions = statecond [ "on" "off" ]; - sequence = { - service = "light.turn_{{ trigger.to_state.state }}"; - target = light_group_3; - }; - } - { - conditions = statecond [ "color_wheel" ]; - sequence = { - data.xy_color = [ - "{{ trigger.to_state.attributes.action_color.x | float }}" - "{{ trigger.to_state.attributes.action_color.y | float }}" - ]; - service = "light.turn_on"; - target = light_group_3; - }; - } - { - conditions = statecond [ "color_temperature_move" ]; - sequence = { - data.color_temp = "{{ trigger.to_state.attributes.action_color_temperature | float }}"; - service = "light.turn_on"; - target = light_group_3; - }; - } - { - conditions = statecond [ "brightness_up_click" "brightness_down_click" ]; - sequence = [ - { - variables.factor = ''{% if trigger.to_state.state in ( "brightness_down_click") %} -12 {% else %} 12 {% endif %}''; - } - { - data.brightness_step_pct = "{{ factor | int }}"; - service = "light.turn_on"; - target = light_group_3; - } - ]; - } - ]; - } - ]; - } - ]; - } - ]; - } - ]; -} diff --git a/makefu/2configs/home/ham/light/tint_wohnzimmer.nix b/makefu/2configs/home/ham/light/tint_wohnzimmer.nix deleted file mode 100644 index 243243816..000000000 --- a/makefu/2configs/home/ham/light/tint_wohnzimmer.nix +++ /dev/null @@ -1,300 +0,0 @@ -{ lib, ...}: -# cycle through scenes - -# cycle through color palettes -# {% set options = state_attr('select.wled_color_palette','options') -%} -# {% set selection = options.index(states('select.wled_color_palette')) -%} -# {% if false -%} -# {% if (selection + 1) >= options | length -%} -# {{ options[0] }} -# {% else -%} -# {{ options[selection + 1] }} -# {% endif %} -# {% elif true -%} -# {{ options[selection -1] }} -# {% endif -%} - -let - # Solid Pattern - # Hult - group_id_1 = 16388; - group_id_2 = 16389; - group_id_3 = 16390; - remote = "sensor.schlafzimmer_remote1_action"; - main_light_1 = "light.wled"; # fernseher - main_light_2 = "light.wled_2"; #fernsehwand - - default_scene_1 = "Solid"; - default_color_1 = "Default"; - main_color_select_1 = "select.wled_color_palette"; - light_group_1.entity_id = [ - main_light_1 - main_light_2 - ]; - - # contains only the actually changeable lights - light_group_2.entity_id = [ - "light.wohnzimmer_komode_osram" - "light.wohnzimmer_schrank_osram" - "light.wohnzimmer_fenster_lichterkette_licht" - ]; - light_group_3.entity_id = [ - "light.wohnzimmer_stehlampe_osram" - ]; - - statecond = cond: { # cond must be a list - condition = "template"; - value_template = "{{ trigger.to_state.attributes.action in ( " + - (lib.concatMapStringsSep "," (x: "'${x}'") cond) + ") }}"; - }; -in { - services.home-assistant.config.automation = [ - { - alias = "Perform Actions with ${remote}"; - mode = "queued"; - max = 5; - max_exceeded = "silent"; - trigger = { - platform = "state"; - entity_id = remote; - }; - condition = { - condition = "and"; - conditions = [ - { - condition = "template"; - value_template = "{{ trigger.from_state.state != trigger.to_state.state }}"; - } - ( statecond [ "off" "on" "color_wheel" - "brightness_up_click" "brightness_down_click" - "color_temp" "color_temperature_move" - "brightness_step_down" "brightness_step_up" "brightness_down_hold" "brightness_down_release" "brightness_up_hold" "brightness_up_release" - "scene_3" "scene_1" "scene_2" # working sunset party - "scene_6" "scene_4" "scene_5" # night campfire romantic - ]) - ]; - }; - action = [ - { service = "system_log.write"; - data = { - level = "info"; - message = "Tint Button pressed: {{ trigger.to_state.state }} Group: {{ trigger.to_state.attributes.action_group }} Length {{ input_working_scene_1 | length }}"; - }; - } - { - choose = [ - { # light group 1 - conditions = { - condition = "template"; - value_template = "{{ trigger.to_state.attributes.action_group == ${toString group_id_1} }}"; - }; - sequence = [ - { - choose = [ - { - conditions = statecond [ "on" "off" ]; - sequence = { - service = "light.turn_{{ trigger.to_state.state }}"; - target = light_group_1; - }; - } - { - conditions = statecond [ "color_wheel" ]; - sequence = { - data.xy_color = [ - "{{ trigger.to_state.attributes.action_color.x | float }}" - "{{ trigger.to_state.attributes.action_color.y | float }}" - ]; - service = "light.turn_on"; - target = light_group_1; - }; - } - { - conditions = statecond [ "color_temp" ]; - sequence = { - data.color_temp = "{{ trigger.to_state.attributes.action_color_temperature | float }}"; - service = "light.turn_on"; - target = light_group_1; - }; - } - { - conditions = statecond [ "brightness_up_click" "brightness_down_click" ]; - sequence = [ - { - variables.factor = ''{% if trigger.to_state.state in ( "brightness_down_click") %} -12 {% else %} 12 {% endif %}''; - } - { - data.brightness_step_pct = "{{ factor | int }}"; - service = "light.turn_on"; - target = light_group_1; - } - ]; - } - { - conditions = statecond [ - "scene_3" # working => previous scene - "scene_1" # sunset => default scene (solid) - "scene_2" # party => next scene - - ]; - sequence = [ - { - data.effect = '' - {% set options = state_attr("${main_light_1}","effect_list") -%} - {% set selection = options.index(state_attr("${main_light_1}","effect")) -%} - {% if trigger.to_state.attributes.action == "scene_2" -%} - {% if (selection + 1) >= options | length -%} - {{ options[0] }} - {% else -%} - {{ options[selection + 1] }} - {% endif %} - {% elif trigger.to_state.attributes.action == "scene_1" -%} - ${default_scene_1} - {% elif trigger.to_state.attributes.action == "scene_3" -%} - {{ options[selection - 1] }} - {% endif -%} - ''; - service = "light.turn_on"; - target.entity_id = main_light_1; - } - ]; - } - { - conditions = statecond [ - "scene_6" # night => previous color - "scene_4" # campfire => default Color (Default) - "scene_5" # romance => next color - - ]; - sequence = [ - { - data.option = '' - {% set options = state_attr("${main_color_select_1}","options") -%} - {% set selection = options.index(states("${main_color_select_1}")) -%} - {% if trigger.to_state.attributes.action == "scene_5" -%} - {% if (selection + 1) >= options | length -%} - {{ options[0] }} - {% else -%} - {{ options[selection + 1] }} - {% endif %} - {% elif trigger.to_state.attributes.action == "scene_4" -%} - ${default_color_1} - {% elif trigger.to_state.attributes.action == "scene_6" -%} - {{ options[selection - 1] }} - {% endif -%} - ''; - service = "select.select_option"; - target.entity_id = main_color_select_1; - } - ]; - } - ]; - } - ]; - } - { # light group 2 - conditions = { - condition = "template"; - value_template = "{{ trigger.to_state.attributes.action_group == ${toString group_id_2} }}"; - }; - sequence = [ - { - choose = [ - { conditions = statecond [ "on" "off" ]; - sequence = { - service = "light.turn_{{ trigger.to_state.state }}"; - target = light_group_2; - }; - } - { - conditions = statecond [ "color_wheel" ]; - sequence = { - data.xy_color = [ - "{{ trigger.to_state.attributes.action_color.x | float }}" - "{{ trigger.to_state.attributes.action_color.y | float }}" - ]; - service = "light.turn_on"; - target = light_group_2; - }; - } - { - conditions = statecond [ "color_temp" ]; - sequence = { - data.color_temp = "{{ trigger.to_state.attributes.action_color_temperature | float }}"; - service = "light.turn_on"; - target = light_group_2; - }; - } - { - conditions = statecond [ "brightness_up_click" "brightness_down_click" ]; - sequence = [ - { - variables.factor = ''{% if trigger.to_state.state in ( "brightness_down_click") %} -12 {% else %} 12 {% endif %}''; - } - { - data.brightness_step_pct = "{{ factor | int }}"; - service = "light.turn_on"; - target = light_group_2; - } - ]; - } - ]; - } - ]; - } - { # light group 3 - conditions = { - condition = "template"; - value_template = "{{ trigger.to_state.attributes.action_group == ${toString group_id_3} }}"; - }; - sequence = [ - { - choose = [ - { conditions = statecond [ "on" "off" ]; - sequence = { - service = "light.turn_{{ trigger.to_state.state }}"; - target = light_group_3; - }; - } - { - conditions = statecond [ "color_wheel" ]; - sequence = { - data.xy_color = [ - "{{ trigger.to_state.attributes.action_color.x | float }}" - "{{ trigger.to_state.attributes.action_color.y | float }}" - ]; - service = "light.turn_on"; - target = light_group_3; - }; - } - { - conditions = statecond [ "color_temperature_move" ]; - sequence = { - data.color_temp = "{{ trigger.to_state.attributes.action_color_temperature | float }}"; - service = "light.turn_on"; - target = light_group_3; - }; - } - { - conditions = statecond [ "brightness_up_click" "brightness_down_click" ]; - sequence = [ - { - variables.factor = ''{% if trigger.to_state.state in ( "brightness_down_click") %} -12 {% else %} 12 {% endif %}''; - } - { - data.brightness_step_pct = "{{ factor | int }}"; - service = "light.turn_on"; - target = light_group_3; - } - ]; - } - ]; - } - ]; - } - ]; - } - ]; - } - ]; -} diff --git a/makefu/2configs/home/ham/light/wohnzimmer.nix b/makefu/2configs/home/ham/light/wohnzimmer.nix deleted file mode 100644 index 7fc7af038..000000000 --- a/makefu/2configs/home/ham/light/wohnzimmer.nix +++ /dev/null @@ -1,56 +0,0 @@ -let - wohnzimmerbeleuchtung = [ - "light.wohnzimmer_komode_osram_light" - "light.wohnzimmer_schrank_osram_light" - ]; - wohnzimmer_deko = [ - "light.wohnzimmer_fernseher_led_strip" # led um fernseher - "light.wohnzimmer_lichterkette_led_strip" # led um fernsehwand - "light.wohnzimmer_fenster_lichterkette_licht" # led um fenster - ]; -in { - imports = [ ./tint_wohnzimmer.nix ]; - services.home-assistant.config.scene = [ - { name = "Wohnzimmer Abendlicht"; - id = "living_room_evening"; - entities = { - "light.wohnzimmer_komode_osram_light" = { - state = "on"; - brightness = 128; - }; - "light.wohnzimmer_schrank_osram_light" = { - state = "on"; - brightness = 128; - }; - "light.wohnzimmer_fenster_lichterkette_licht" = "on"; - "light.wohnzimmer_fernseher_led_strip" = { - state = "on"; - }; - }; - - } - ]; - services.home-assistant.config.wled = {}; - services.home-assistant.config.light = [ - { - platform = "group"; - name = "Wohnzimmerbeleuchtung"; - entities = wohnzimmerbeleuchtung; - } - { - platform = "group"; - name = "Wohnzimmer Deko"; - entities = wohnzimmer_deko; - } - { - platform = "group"; - name = "living_room_lights"; - entities = wohnzimmerbeleuchtung ++ wohnzimmer_deko; - } - ]; -} - -# trigger.to_state.attributes.action_group: -# 1: 18388 -# 2: 18389 -# 3: 18390 diff --git a/makefu/2configs/home/ham/media/arbeitszimmer_matrix.nix b/makefu/2configs/home/ham/media/arbeitszimmer_matrix.nix deleted file mode 100644 index 11d13886e..000000000 --- a/makefu/2configs/home/ham/media/arbeitszimmer_matrix.nix +++ /dev/null @@ -1,110 +0,0 @@ -{ lib, ... }: -let - remote = "sensor.schlafzimmer_music_remote_action"; - hlib = import ../lib; - step = 0.02; - #room = "bedroom"; - room = "office"; - - player = "media_player.${room}"; - say = hlib.say."${room}"; - - remote_action = key: actions: { - conditions = ''{{ trigger.entity_id == 'binary_sensor.matrix_button_${toString key}' }}''; - sequence = actions; - }; - all_buttons = map (key: "binary_sensor.matrix_button_${toString key}") [ - 0 1 2 3 4 5 6 7 8 9 - "b9" "b10" "b11" "b12" "b13" "b14" - ]; -in - { - services.home-assistant.config.rest_command = { - good_song = { - url = "http://prism.r:8001/good"; - method = "POST"; - }; - bad_song = { - url = "http://prism.r:8001/skip"; - method = "POST"; - }; - }; - services.home-assistant.config.automation = - [ - { alias = "Arbeitszimmer Matrix music action"; - mode = "queued"; - trigger = [ - { - platform = "state"; - entity_id = all_buttons; - to = "on"; # ignore 'unavailable' - } - ]; - action = - [ - { choose = [ - (remote_action "9" { - service = "media_player.media_play"; - target.entity_id = player; - }) - (remote_action "7" - { - service = "media_player.media_mute"; - target.entity_id = player; - data.is_volume_muted = ''{{ not state_attr('${player}' , 'is_volume_muted') }}''; - } - ) - (remote_action "2" - { - service = "media_player.media_stop"; - target.entity_id = player; - } - ) - - (remote_action "b9" [ { service = "rest_command.good_song"; } ]) - (remote_action "b10" [ { service = "rest_command.bad_song"; } ]) - (remote_action "b11" [ - { - service = "script.turn_on"; - target.entity_id = "script.find_felix_phone"; - } - ]) - - (remote_action "3" - ((say "Starte Lass") ++ [ - { service = "media_player.play_media"; - data = { - media_content_id = "http://radio.lassul.us:8000/radio.mp3"; - media_content_type = "music"; - }; - target.entity_id = player; - } - ])) - (remote_action "1" - ((say "Starte Groovesalad") ++ [ - { service = "media_player.play_media"; - data = { - media_content_id = "http://ice2.somafm.com/groovesalad-128.mp3"; - media_content_type = "music"; - }; - target.entity_id = player; - } - ])) - (remote_action "8" { - service = "media_player.volume_set"; - target.entity_id = player; - data.volume_level = ''{{ state_attr("${player}","volume_level") + (${toString step}|float) }}''; - }) - (remote_action "5"{ - service = "media_player.volume_set"; - target.entity_id = player; - data.volume_level = ''{{ state_attr("${player}","volume_level") - (${toString step}|float) }}''; - }) - ]; - #default = { }; - } - ]; - } - ]; - -} diff --git a/makefu/2configs/home/ham/media/firetv.nix b/makefu/2configs/home/ham/media/firetv.nix deleted file mode 100644 index e2ac1ef76..000000000 --- a/makefu/2configs/home/ham/media/firetv.nix +++ /dev/null @@ -1,27 +0,0 @@ -let - firetv_stick = "192.168.111.24"; -in { - services.home-assistant.config = { - notify = [ - #{ - #platform = "nfandroidtv"; - #name = "FireTV Wohnzimmer Notification"; - #host = firetv_stick; - #} - ]; - media_player = [ - #{ - # platform = "kodi"; - # name = "FireTV Stick kodi"; - # host = firetv_stick; - #} - # Configuration needs to be done by hand via web interface "integration" - #{ platform = "androidtv"; - # name = "FireTV Stick Android"; - # device_class = "firetv"; - # host = firetv_stick; - # port = 5555; - #} - ]; - }; - } diff --git a/makefu/2configs/home/ham/media/remote_sound_arbeitszimmer.nix b/makefu/2configs/home/ham/media/remote_sound_arbeitszimmer.nix deleted file mode 100644 index cfa1da44e..000000000 --- a/makefu/2configs/home/ham/media/remote_sound_arbeitszimmer.nix +++ /dev/null @@ -1,112 +0,0 @@ -{ lib, ...}: -let - # https://www.radiotheque.de/stream/4744806739035994/ABC-Lounge-Music-Radio/pls/ - # http://listen.radionomy.com/ABC-Lounge - # https://str1.openstream.co/589 - # https://listen.openstream.co/3139/audio - # https://str1.openstream.co/589?aw_0_1st.collectionid%3D3139%26stationId%3D3139%26publisherId%3D613%26k%3D1659381767%26aw_0_azn.pcountry%3D%5B%22FR%22%2C%22IT%22%2C%22DE%22%2C%22ES%22%2C%22GB%22%2C%22CH%22%2C%22CA%22%2C%22AT%22%2C%22US%22%5D%26aw_0_azn.planguage%3D%5B%22en%22%2C%22fr%22%2C%22de%22%5D%26aw_0_azn.pgenre%3D%5B%22Jazz%22%2C%22Easy+Listening%22%2C%22Music%22%5D - statecond = cond: { # cond must be a list - condition = "template"; - value_template = "{{ trigger.to_state.state in ( " + - (lib.concatMapStringsSep "," (x: "'${x}'") cond) + ") }}"; - }; - vol_change = 0.030; - - max_repeat = "30"; # max loops to repeat before bailing out - remote = "sensor.arbeitszimmer_sound1_action"; - player = "media_player.office"; - last_state_sensor_name = "last_rotation_action_arbeitszimmer"; - last_state_sensor = "input_text.${last_state_sensor_name}"; - # - service: media_player.volume_set - # target: - # entity_id: media_player.kitchen - # data: - # volume_level: {{ state_attr('media_player.kitchen', 'volume_level') + 0.02 }} - rotate_stop = "brightness_stop"; - rotate_right = "brightness_move_up"; - rotate_left = "brightness_move_down" ; - - single_click = "toggle"; - double_click = "brightness_step_up"; - triple_click = "brightness_step_down"; -in { - services.home-assistant.config.input_text."${last_state_sensor_name}".name = "Last action of the arbeitszimmer"; - services.home-assistant.config.automation = [ - { - trigger = { - platform = "state"; - entity_id = remote; - to = [ rotate_stop ]; - }; - action = [ - { service = "input_text.set_value"; - target.entity_id = last_state_sensor; - data.value = "stop"; - } - ]; - } - { - alias = "Perform Actions with ${remote}"; - trigger = { - platform = "state"; - entity_id = remote; - to = [ single_click double_click triple_click rotate_left rotate_right ]; - }; - #mode = "queued"; - #max = 5; - mode = "single"; - #max_exceeded = "silent"; - action = [ - { - choose = [ - { - conditions = statecond [ single_click ]; - sequence = [ - { service = "media_player.media_play_pause"; - target.entity_id = player; - } - ]; - } - { - conditions = statecond [ rotate_left rotate_right ]; - sequence = let - vol_up = toString vol_change; - vol_down = toString (-1 * vol_change); - in [ - { - variables.nextvol = ''{% if trigger.to_state.state in ( "${rotate_left}" ) -%} ${vol_down} {% else -%} ${vol_up} {% endif -%}''; - variables.state = ''{% if trigger.to_state.state in ( "${rotate_left}" ) -%} left {% else -%} right {% endif -%}''; - } - { service = "input_text.set_value"; - target.entity_id = last_state_sensor; - data.value = ''{{ state }}''; - } - { - repeat = { - sequence = [ - { service = "media_player.volume_set"; - target.entity_id = player; - data.volume_level = ''{{ state_attr("${player}","volume_level") + (nextvol|float) }}''; - } - { delay.milliseconds = "150"; } - ]; - while = [ - { - condition = "template"; - value_template = ''{{ states("${last_state_sensor}") == state }}''; - } - { - condition = "template"; - value_template = "{{ repeat.index <= ${max_repeat}}}"; - } - ]; - }; - } - ]; - } - ]; - } - ]; - } - ]; -} diff --git a/makefu/2configs/home/ham/media/remote_sound_wohnzimmer.nix b/makefu/2configs/home/ham/media/remote_sound_wohnzimmer.nix deleted file mode 100644 index 2091ca946..000000000 --- a/makefu/2configs/home/ham/media/remote_sound_wohnzimmer.nix +++ /dev/null @@ -1,107 +0,0 @@ -{ lib, ...}: -let - statecond = cond: { # cond must be a list - condition = "template"; - value_template = "{{ trigger.to_state.state in ( " + - (lib.concatMapStringsSep "," (x: "'${x}'") cond) + ") }}"; - }; - vol_change = 0.030; - - max_repeat = "30"; # max loops to repeat before bailing out - remote = "sensor.wohnzimmer_sound1_action"; - player = "media_player.living_room"; - last_state_sensor_name = "last_rotation_action"; - last_state_sensor = "input_text.last_rotation_action"; - # - service: media_player.volume_set - # target: - # entity_id: media_player.kitchen - # data: - # volume_level: {{ state_attr('media_player.kitchen', 'volume_level') + 0.02 }} - rotate_stop = "brightness_stop"; - rotate_right = "brightness_move_up"; - rotate_left = "brightness_move_down" ; - - single_click = "toggle"; - double_click = "brightness_step_up"; - triple_click = "brightness_step_down"; -in { - services.home-assistant.config.input_text."${last_state_sensor_name}".name = "Last action of the wohnzimmer"; - services.home-assistant.config.automation = [ - { - trigger = { - platform = "state"; - entity_id = remote; - to = [ rotate_stop ]; - }; - action = [ - { service = "input_text.set_value"; - target.entity_id = last_state_sensor; - data.value = "stop"; - } - ]; - } - { - alias = "Perform Actions with ${remote}"; - trigger = { - platform = "state"; - entity_id = remote; - to = [ single_click double_click triple_click rotate_left rotate_right ]; - }; - #mode = "queued"; - #max = 5; - mode = "single"; - #max_exceeded = "silent"; - action = [ - { - choose = [ - { - conditions = statecond [ single_click ]; - sequence = [ - { service = "media_player.media_play_pause"; - target.entity_id = player; - } - ]; - } - { - conditions = statecond [ rotate_left rotate_right ]; - sequence = let - vol_up = toString vol_change; - vol_down = toString (-1 * vol_change); - in [ - { - variables.nextvol = ''{% if trigger.to_state.state in ( "${rotate_left}" ) -%} ${vol_down} {% else -%} ${vol_up} {% endif -%}''; - variables.state = ''{% if trigger.to_state.state in ( "${rotate_left}" ) -%} left {% else -%} right {% endif -%}''; - } - { service = "input_text.set_value"; - target.entity_id = last_state_sensor; - data.value = ''{{ state }}''; - } - { - repeat = { - sequence = [ - { service = "media_player.volume_set"; - target.entity_id = player; - data.volume_level = ''{{ state_attr("${player}","volume_level") + (nextvol|float) }}''; - } - { delay.milliseconds = "150"; } - ]; - while = [ - { - condition = "template"; - value_template = ''{{ states("${last_state_sensor}") == state }}''; - } - { - condition = "template"; - value_template = "{{ repeat.index <= ${max_repeat}}}"; - } - ]; - }; - } - ]; - } - ]; - } - ]; - } - ]; -} diff --git a/makefu/2configs/home/ham/media/schlafzimmer_music_remote.nix b/makefu/2configs/home/ham/media/schlafzimmer_music_remote.nix deleted file mode 100644 index 438ce6bda..000000000 --- a/makefu/2configs/home/ham/media/schlafzimmer_music_remote.nix +++ /dev/null @@ -1,158 +0,0 @@ -{ lib, ... }: -let - remote = "sensor.schlafzimmer_music_remote_action"; - hlib = import ../lib; - step = 0.03; - #room = "bedroom"; - room = "living_room"; - #room = "office"; - - player = "media_player.${room}"; - say = hlib.say."${room}"; - - remote_action = state: actions: { - conditions = ''{{ trigger.to_state.attributes.action == '${state}' }}''; - sequence = actions; - }; - album_list = [ -# Wieso Weshalb Warum Junior -"Doris%20R%c3%bcbel,%20JUMBO%20Neue%20Medien%20%26%20Verlag%20GmbH/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Helfen,%20teilen,%20sich%20vertragen" -"Wieso%3f%20Weshalb%3f%20Warum%3f%20junior/Mein%20Kindergarten" -"Wieso%3f%20Weshalb%3f%20Warum%3f%20junior/Unser%20Werkzeug" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Am%20Meer" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Ampel,%20Stra%c3%9fe%20und%20Verkehr" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Autos%20und%20Laster" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Der%20Bagger" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Der%20Bauernhof" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Der%20Flughafen" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Der%20Pinguin" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Der%20Traktor" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Die%20Baustelle" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Die%20Eisenbahn" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Die%20Feuerwehr" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Die%20Jahreszeiten" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Die%20M%c3%bcllabfuhr" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Die%20Polizei" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Die%20Rettungsfahrzeuge" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Die%20Ritterburg" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Heute,%20morgen,%20jetzt%20und%20gleich" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Im%20Streichelzoo" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20In%20den%20Bergen" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Mama,%20Papa,%20Oma,%20Opa" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Mein%20Hund" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Tanken,%20waschen,%20reparieren" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Tiere%20in%20Afrika" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Unsere%20Tierkinder" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Unterwegs%20mit%20Bus%20und%20Bahn" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Was%20ich%20alles%20kann" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Was%20kriecht%20und%20krabbelt%20da%3f" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Was%20machen%20wir%20an%20Weihnachten%3f" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Was%20machen%20wir%20im%20Fr%c3%bchling%3f" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Was%20machen%20wir%20im%20Herbst%3f" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Was%20machen%20wir%20im%20Sommer%3f" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Was%20machen%20wir%20im%20Winter%3f" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Was%20macht%20der%20Fu%c3%9fballer%3f" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Was%20macht%20der%20Polizist" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Was%20macht%20die%20Prinzessin%3f" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Was%20w%c3%a4chst%20da%3f" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Wenn%20es%20dunkel%20wird" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Wer%20arbeitet%20auf%20der%20Baustelle%3f" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Wir%20feiern%20Geburtstag" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Wir%20gehen%20in%20den%20Zoo" -"Wieso%3f%20Weshalb%3f%20Warum%3f/Wieso%3f%20Weshalb%3f%20Warum%3f%20junior.%20Z%c3%a4hne%20putzen,%20Pipi%20machen" - - ]; - albums = lib.concatMapStringsSep ", " (x: ''"A:ALBUMARTIST/${x}"'') - album_list; -in -{ - services.home-assistant.config.automation = - [ - { alias = "Schlafzimmer music action"; - mode = "queued"; - trigger = [ - { - platform = "state"; - entity_id = remote; - attribute = "action"; - not_to = ""; - } - ]; - action = - [ - { choose = [ - (remote_action "on" - ((say "Starte Essensmusik") ++ [ - { service = "media_player.play_media"; - data = { - media_content_id = "https://listen.openstream.co/4457/audio.mp3"; - media_content_type = "music"; - }; - target.entity_id = player; - } - ])) - (remote_action "off" - [ - { - service = "media_player.media_stop"; - target.entity_id = player; - } - ] - ) - - (remote_action "arrow_right_hold" - ((say "Starte Lass") ++ [ - { service = "media_player.play_media"; - data = { - media_content_id = "http://radio.lassul.us:8000/radio.mp3"; - media_content_type = "music"; - }; - target.entity_id = player; - } - ])) - (remote_action "arrow_left_hold" - ((say "Starte Deep House Music") ++ [ - { service = "media_player.play_media"; - data = { - media_content_id = "http://live.dancemusic.ro:7000/stream.mp3"; - media_content_type = "music"; - }; - target.entity_id = player; - } - ])) - - # TODO: choose random kindermusik? - (remote_action "brightness_move_up" - ((say "Starte Liam Album") ++ [ - { - service = "media_player.play_media"; - target.entity_id = player; - data = { - media_content_id = "{{ [${albums}]|random }}"; - media_content_type = "album"; - }; - } - ]) - ) - #(remote_action "brightness_move_down" - #) - (remote_action "arrow_right_click" { - - service = "media_player.volume_set"; - target.entity_id = player; - data.volume_level = ''{{ state_attr("${player}","volume_level") + (${toString step}|float) }}''; - }) - #(remote_action "brightness_move_down" { - (remote_action "arrow_left_click"{ - service = "media_player.volume_set"; - target.entity_id = player; - data.volume_level = ''{{ state_attr("${player}","volume_level") - (${toString step}|float) }}''; - }) - ]; - #default = { }; - } - ]; - } - ]; - -} diff --git a/makefu/2configs/home/ham/media/sonos.nix b/makefu/2configs/home/ham/media/sonos.nix deleted file mode 100644 index c9cf1a510..000000000 --- a/makefu/2configs/home/ham/media/sonos.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - services.home-assistant.config.sonos.media_player.hosts = [ - "192.168.111.30" - "192.168.111.31" - "192.168.111.32" - ]; -} diff --git a/makefu/2configs/home/ham/mqtt.nix b/makefu/2configs/home/ham/mqtt.nix deleted file mode 100644 index 9c4b4147e..000000000 --- a/makefu/2configs/home/ham/mqtt.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ pkgs, config, ... }: -{ - environment.systemPackages = [ pkgs.mosquitto ]; - # port open via trusted interface - services.mosquitto = { - enable = true; - persistence = false; - settings.max_keepalive = 1060; - listeners = [ - { - port = 1883; - omitPasswordAuth = false; - users.sensor = { - hashedPassword = "$6$2DXU7W1bvqXPqxkF$vtdz5KTd/T09hmoc9LjgEGFjvpwQbQth6vlVcr5hJNLgcBHv4U03YCKC8TKXbmQAa8xiJ76xJIg25kcL+KI3tg=="; - acl = [ "readwrite #" ]; - }; - users.hass = { - hashedPassword = "$6$SHuYGrE5kPSUc/hu$EomZ0KBy+vkxLt/6eJkrSBjYblCCeMjhDfUd2mwqXYJ4XsP8hGmZ59mMlmBCd3AvlFYQxb4DT/j3TYlrqo7cDA=="; - acl = [ "readwrite #" ]; - }; - users.stats = { - hashedPassword = "$6$j4H7KXD/YZgvgNmL$8e9sUKRXowDqJLOVgzCdDrvDE3+4dGgU6AngfAeN/rleGOgaMhee2Mbg2KS5TC1TOW3tYbk9NhjLYtjBgfRkoA=="; - acl = [ "read #" ]; - }; - settings = { - allow_anonymous = false; - }; - } - ]; - }; -} diff --git a/makefu/2configs/home/ham/multi/fliegen-couter.nix b/makefu/2configs/home/ham/multi/fliegen-couter.nix deleted file mode 100644 index 5b8abb2ff..000000000 --- a/makefu/2configs/home/ham/multi/fliegen-couter.nix +++ /dev/null @@ -1,71 +0,0 @@ -# uses: -# sensor.btn1_click -# sensor.btn2_click -let - hlib = import ../lib; - fly_swat = for: btn: method: incr: { - alias = "Increment ${method} for ${for}"; - trigger = { - platform = "state"; - entity_id = "sensor.${btn}_click"; - to = method; - }; - action = builtins.genList (cnt: { - service = "counter.increment"; - data.entity_id = "counter.${for}_fliegen"; - }) incr; - }; -in -{ - services.home-assistant.config = - { - counter = { - felix_fliegen = {}; - misa_fliegen = {}; - }; - automation = [ - (fly_swat "misa" "btn1" "single" 1) - (fly_swat "misa" "btn1" "double" 2) - (fly_swat "misa" "btn1" "triple" 3) - (fly_swat "felix" "btn2" "single" 1) - (fly_swat "felix" "btn2" "double" 2) - (fly_swat "felix" "btn2" "triple" 3) - { - alias = "Send Fly Counter Update"; - trigger = [ - { - platform = "state"; - entity_id = "counter.felix_fliegen"; - } - { - platform = "state"; - entity_id = "counter.misa_fliegen"; - #above = -1; - } - ]; - action = { - service = "mqtt.publish"; - data_template = { # gauge-style - payload = "{{ trigger.to_state.state }}"; - topic = "${hlib.prefix}/flycounter/{{ trigger.to_state.object_id }}"; - }; - }; - } - { - alias = "Reset Fly counters on midnight"; - trigger = { - platform = "time"; - at = "01:00:00"; - }; - action = [ - { service = "counter.reset"; - data.entity_id = "counter.misa_fliegen"; - } - { service = "counter.reset"; - data.entity_id = "counter.felix_fliegen"; - } - ]; - } - ]; - }; -} diff --git a/makefu/2configs/home/ham/multi/flurlicht.nix b/makefu/2configs/home/ham/multi/flurlicht.nix deleted file mode 100644 index 25eb78b7f..000000000 --- a/makefu/2configs/home/ham/multi/flurlicht.nix +++ /dev/null @@ -1,57 +0,0 @@ -# provides: -# light -# automation -# binary_sensor -let - hlib = (import ../lib); - tasmota = hlib.tasmota; -in -{ - binary_sensor = [ - (tasmota.motion { name = "Flur Bewegung"; host = "flurlicht";}) - ]; - light = [ (tasmota.rgb { name = "Flurlicht"; host = "flurlicht";} ) ]; - automation = [ - { alias = "Dunkel bei Sonnenuntergang"; - trigger = { - platform = "sun"; - event = "sunset"; - # offset: "-00:45:00" - }; - action = [ - { - service= "light.turn_on"; - data = { - entity_id= "light.flurlicht"; - # rgb_color = [ 0,0,0 ]; <-- TODO default color - brightness_pct = 15; - }; - } - { - service= "light.turn_off"; - entity_id= "light.flurlicht"; - } - ]; - } - { alias = "Hell bei Sonnenaufgang"; - trigger = { - platform = "sun"; - event = "sunrise"; - # offset: "-00:00:00" - }; - action = [ - { - service= "light.turn_on"; - data = { - entity_id= "light.flurlicht"; - brightness_pct = 85; - }; - } - { - service= "light.turn_off"; - entity_id= "light.flurlicht"; - } - ]; - } - ]; -} diff --git a/makefu/2configs/home/ham/multi/heizung.nix b/makefu/2configs/home/ham/multi/heizung.nix deleted file mode 100644 index 73f90dfe0..000000000 --- a/makefu/2configs/home/ham/multi/heizung.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - services.home-assistant.config = - { - # 18 Grad - script.alle_heizungen_aus.sequence = [{ - service = "climate.set_temperature"; - target.entity_id = [ "climate.wohnzimmer_heizung" ]; - data.temperature = "18.0"; - }]; - }; -} diff --git a/makefu/2configs/home/ham/multi/kurzzeitwecker.nix b/makefu/2configs/home/ham/multi/kurzzeitwecker.nix deleted file mode 100644 index 1e6fae90c..000000000 --- a/makefu/2configs/home/ham/multi/kurzzeitwecker.nix +++ /dev/null @@ -1,88 +0,0 @@ -# Provides: -# timer -# automation -# script - -# Needs: -# sensor.zigbee_btn1_click -# notify.signal_home -let - button = "sensor.zigbee_btn2_click"; - notify = "notify.signal_home"; - # für {{ _intent.siteId }} - name of the rhasspy instance: arbeitszimmer -in -{ - services.home-assistant.config = { - automation = []; - timer.kurzzeitwecker = { - name = "Wecker Wohnung"; - }; - timer.wecker_arbeitszimmer = { - name = "Wecker Arbeitszimmer"; - }; - timer.wecker_wohnzimmer = { - name = "Wecker Wohnzimmer"; - }; - intent = {}; - intent_script = { - TimerjobStart = { - speech.text = '' - {% set h = hours|default('0')|string %} - {% set m = minutes|default('0')|string %} - {% if h == "0" %} - Wecker gestellt {{ m }} Minuten - {% elif m == "0" %} - Wecker gestellt {{ h }} Stunden - {% else %} - Wecker gestellt {{ h }} Stunden und {{ m }} Minuten - {% endif %} - ''; - action = [ - { - service = "timer.start"; - - data.entity_id = "timer.kurzzeitwecker"; - data.duration = '' - {% set h = hours|default("0")|int %} - {% set m = minutes|default("0")|int %} - {{ "%02d" | format(h) }}:{{ "%02d" | format(m) }}:00 - ''; - - } - ]; - }; - TimerjobRemaining = { - speech.text = '' - {% set timer = states('timer.kurzzeitwecker') %} - {% if timer == 'idle' %} - Wecker läuft nicht - {% elif timer == 'active' %} - {% set remaining = as_timestamp( state_attr('timer.kurzzeitwecker','finishes_at') )-( as_timestamp(now())) %} - {% set s = ((remaining % 60)) | int %} - {% set m = ((remaining % 3600) / 60) | int %} - {% set h = ((remaining % 86400) / 3600) | int %} - {% if h == 0 %} - Es verbleiben {{ m }} Minuten und {{ s }} Sekunden - {% elif m == 0 %} - Es verbleiben {{ h }} Stunden - {% elif m == 0 and h == 0 %} - Es verbleiben {{ s }} Sekunden - {% else %} - Es verbleiben {{ h }} Stunden {{ m }} Minuten - {% endif %} - {% endif %} - ''; - }; - TimerjobStop = { - speech.text = '' - Wecker gestoppt - ''; - action = [ - { service = "timer.cancel"; - data.entity_id = "timer.kurzzeitwecker"; - } - ]; - }; - }; - }; -} diff --git a/makefu/2configs/home/ham/multi/the_playlist.nix b/makefu/2configs/home/ham/multi/the_playlist.nix deleted file mode 100644 index 0d714ea44..000000000 --- a/makefu/2configs/home/ham/multi/the_playlist.nix +++ /dev/null @@ -1,86 +0,0 @@ -# Inputs: -# binary_sensor.playlist_button_good -# binary_sensor.playlist_button_bad - -# outputs -# rest_command -# automation -# sensor -{ - services.home-assistant.config = - { - rest_command = { - good_song = { - url = "http://prism.r:8001/good"; - method = "POST"; - }; - bad_song = { - url = "http://prism.r:8001/skip"; - method = "POST"; - }; - }; - automation = [ - { - alias = "playlist song publish"; - trigger = { - #platform = "event"; - #event_data.entity_id = "sensor.the_playlist_song"; - platform = "state"; - entity_id = "sensor.the_playlist_song"; - }; - action = { - service = "mqtt.publish"; - data = { - topic = "/ham/the_playlist/song"; - payload_template = "{{ states.sensor.the_playlist_song.state }}"; - }; - }; - } - { - alias = "playlist upvote on button"; - trigger = { - platform = "state"; - entity_id = "binary_sensor.playlist_button_good"; - from = "off"; - to = "on"; - }; - action.service = "rest_command.good_song"; - } - { - alias = "playlist downvote on button"; - trigger = { - platform = "state"; - entity_id = "binary_sensor.playlist_button_bad"; - from = "off"; - to = "on"; - }; - action.service = "rest_command.bad_song"; - } - ]; - sensor = [ - { platform = "rest"; - name = "pl"; - resource = "http://prism.r:8001/current"; - scan_interval = 30; - value_template = "1"; - json_attributes = [ "name" "filename" "youtube" ]; - } - { platform = "template"; - sensors = { - the_playlist_song = { - friendly_name = "Current Song"; - value_template = ''{{ states.sensor.pl.attributes['name'] }}''; - }; - the_playlist_url = { - friendly_name = "Song Youtube URL"; - value_template = ''{{ states.sensor.pl.attributes['youtube'] }}''; - }; - the_playlist_filename = { - friendly_name = "Song Filename"; - value_template = ''{{ states.sensor.pl.attributes['filename'] }}''; - }; - }; - } - ]; - }; -} diff --git a/makefu/2configs/home/ham/nginx.nix b/makefu/2configs/home/ham/nginx.nix deleted file mode 100644 index cd99c0739..000000000 --- a/makefu/2configs/home/ham/nginx.nix +++ /dev/null @@ -1,15 +0,0 @@ -let - internal-ip = "192.168.111.11"; -in { - services.nginx.recommendedProxySettings = true; - services.nginx.virtualHosts."hass" = { - serverAliases = [ "hass.lan" "ha" "ha.lan" ]; - locations."/".proxyPass = "http://localhost:8123"; - locations."/".proxyWebsockets = true; - extraConfig = '' - if ( $server_addr != "${internal-ip}" ) { - return 403; - } - ''; - }; -} diff --git a/makefu/2configs/home/ham/person/default.nix b/makefu/2configs/home/ham/person/default.nix deleted file mode 100644 index a72f610e8..000000000 --- a/makefu/2configs/home/ham/person/default.nix +++ /dev/null @@ -1,20 +0,0 @@ -{config, ... }: -{ - services.home-assistant.config.person = [ - { - name = "Felix"; - id = 1; - device_trackers = [ - "device_tracker.felix_phone" - "device_tracker.x" - ]; - } - { - name = "Misa"; - id = 2; - device_trackers = [ - "device_tracker.misa_phone" - ]; - } - ]; -} diff --git a/makefu/2configs/home/ham/sensor/dwd.nix b/makefu/2configs/home/ham/sensor/dwd.nix deleted file mode 100644 index 623f099a3..000000000 --- a/makefu/2configs/home/ham/sensor/dwd.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - services.home-assistant.config.sensor = - [ - { platform = "dwd_weather_warnings"; - region_name = "Stadt Stuttgart"; - } - { platform = "nina"; - } - ]; -} diff --git a/makefu/2configs/home/ham/sensor/outside.nix b/makefu/2configs/home/ham/sensor/outside.nix deleted file mode 100644 index 061c4e981..000000000 --- a/makefu/2configs/home/ham/sensor/outside.nix +++ /dev/null @@ -1,55 +0,0 @@ -{lib,...}: - -{ - services.home-assistant.config.sensor = - [ - { platform = "darksky"; - api_key = "!secret darksky"; - language = "de"; - monitored_conditions = [ - "summary" "icon" - "nearest_storm_distance" "precip_probability" - "precip_intensity" - "temperature" # "temperature_high" "temperature_low" - "apparent_temperature" - "hourly_summary" # next 24 hours text - "humidity" - "pressure" - "uv_index" - ]; - units = "si" ; - scan_interval = "00:30:00"; - } - { - platform = "open_meteo"; - } - { - platform = "met"; - } - { - platform = "openweathermap"; - api_key = "!secret openweathermap"; - language = "de"; - mode = "hourly"; - } - { - platform = "tomorrowio"; - api_key = "!secret tomorrowio"; - } - { platform = "octoprint"; } - { platform = "accuweather"; - api_key = "!secret accuweather"; - } - { platform = "scrape"; - resource = "https://www.swr.de/wetter/wetter-liste-swr-100.html"; - name = "SWR Prognose"; - select = "p[data-refresh=\"weather-headline\"]"; - } - { platform = "scrape"; - resource = "https://www.swr.de/wetter/wetter-liste-swr-100.html"; - name = "SWR Prognose Langtext"; - select = "p[data-refresh=\"weather-text\"]"; - } - - ]; -} diff --git a/makefu/2configs/home/ham/sensor/pollen.nix b/makefu/2configs/home/ham/sensor/pollen.nix deleted file mode 100644 index d95c199bf..000000000 --- a/makefu/2configs/home/ham/sensor/pollen.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ pkgs, lib, ... }: -with lib; -let - region = "112"; - types = [ - "Erle" - "Beifuss" - "Ambrosia" - "Birke" - "Esche" - "Hasel" - "Graeser" - "Roggen" - ]; - gen_tomorrow_sensor = type: { - name = "dwd_pollenbelastung_${toLower type}_tomorrow"; - value = { - icon_template = "mdi:grass"; - friendly_name = "${type} Morgen"; - value_template = "{{ state_attr('sensor.dwd_pollenbelastung_${toLower type}', 'tomorrow') }}"; - }; - }; - gen_sensor = type: { - name = "dwd_pollenbelastung_${toLower type}"; - value = { - icon_template = "mdi:tree-outline"; - friendly_name = type; - value_template = '' - {% set dwd_state = state_attr('sensor.dwd_pollenbelastung_stuttgart', '${type}')['today'] %} - {% if dwd_state == "3" %}6{% elif dwd_state == "2-3"%}5{% elif dwd_state == "2"%}4{% elif dwd_state == "1-2"%}3{% elif dwd_state == "1"%}2{% elif dwd_state == "0-1"%}1{% else %}0{% endif %} - ''; - attribute_templates.today = '' - {% set dwd_state = state_attr('sensor.dwd_pollenbelastung_stuttgart', '${type}')['today'] %} - {% if dwd_state == "3" %}6{% elif dwd_state == "2-3"%}5{% elif dwd_state == "2"%}4{% elif dwd_state == "1-2"%}3{% elif dwd_state == "1"%}2{% elif dwd_state == "0-1"%}1{% else %}0{% endif %} - ''; - attribute_templates.tomorrow = '' - {% set dwd_state = state_attr('sensor.dwd_pollenbelastung_stuttgart', '${type}')['tomorrow'] %} - {% if dwd_state == "3" %}6{% elif dwd_state == "2-3"%}5{% elif dwd_state == "2"%}4{% elif dwd_state == "1-2"%}3{% elif dwd_state == "1"%}2{% elif dwd_state == "0-1"%}1{% else %}0{% endif %} - ''; - # -1 == unknown - #attribute_templates.dayafter = '' - # {% set dwd_state = state_attr('sensor.dwd_pollenbelastung', '${type}')['dayafter_to'] %} - # {% if dwd_state == "3" %}6{% elif dwd_state == "2-3"%}5{% elif dwd_state == "2"%}4{% elif dwd_state == "1-2"%}3{% elif dwd_state == "1"%}2{% elif dwd_state == "0-1"%}1{% elif dwd_state == "-1"%}-1{% else %}0{% endif %} - #''; - }; - }; -in - { - services.home-assistant.config.sensor = [ - { - platform = "rest"; - scan_interval = 3600; - name = "DWD Pollenbelastung Stuttgart"; - resource = "https://opendata.dwd.de/climate_environment/health/alerts/s31fg.json"; - json_attributes_path = "$..content[?(@.partregion_id==${region})].Pollen"; - json_attributes = types; - value_template = "{{ value_json.last_update }}"; - } - { - platform = "template"; - sensors = (listToAttrs (map gen_sensor types)) // - (listToAttrs (map gen_tomorrow_sensor types)) ; - } - ]; -} diff --git a/makefu/2configs/home/ham/signal-rest/default.nix b/makefu/2configs/home/ham/signal-rest/default.nix deleted file mode 100644 index 4eac41ba8..000000000 --- a/makefu/2configs/home/ham/signal-rest/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - imports = [ - ./service.nix - ./hass.nix - ]; -} diff --git a/makefu/2configs/home/ham/signal-rest/hass.nix b/makefu/2configs/home/ham/signal-rest/hass.nix deleted file mode 100644 index 284be3320..000000000 --- a/makefu/2configs/home/ham/signal-rest/hass.nix +++ /dev/null @@ -1,20 +0,0 @@ -let - inherit (import <secrets/signal/messenger.nix>) number home felix; -in { - services.home-assistant.config.notify = [ - { - name = "signal_home"; - platform = "signal_messenger"; - url = "http://127.0.0.1:8631"; - inherit number ; - recipients = [ home ]; - } - { - name = "signal_felix"; - platform = "signal_messenger"; - url = "http://127.0.0.1:8631"; - inherit number; - recipients = [ felix ]; - } - ]; -} diff --git a/makefu/2configs/home/ham/signal-rest/pkg.nix b/makefu/2configs/home/ham/signal-rest/pkg.nix deleted file mode 100644 index 165d642af..000000000 --- a/makefu/2configs/home/ham/signal-rest/pkg.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ lib -, buildPythonPackage -, fetchPypi -}: - -buildPythonPackage rec { - pname = "pysignalclirestapi"; - version = "0.3.14"; - - # disabled = ; # requires python version >=2.7 - - src = fetchPypi { - inherit pname version; - sha256 = "6f3626b594a53c4161dfc67ea7a3b23d62c8fe8cb404a909496118aeefa79cd0"; - }; - - doCheck = false; - - meta = with lib; { - description = "Small python library for the Signal Cli REST API"; - homepage = https://github.com/bbernhard/pysignalclirestapi; - #license = licenses.; - # maintainers = [ maintainers. ]; - }; -} diff --git a/makefu/2configs/home/ham/signal-rest/service.nix b/makefu/2configs/home/ham/signal-rest/service.nix deleted file mode 100644 index 1f718efa5..000000000 --- a/makefu/2configs/home/ham/signal-rest/service.nix +++ /dev/null @@ -1,20 +0,0 @@ - -let - port = 8631; - image = "bbernhard/signal-cli-rest-api:latest"; - config = "/var/lib/signal-cli-config"; -in { - systemd.tmpfiles.rules = [ - "d ${config} docker docker - -" - ]; - state = [ config ]; - virtualisation.oci-containers.containers.signal-rest = { - image = image; - ports = [ "127.0.0.1:${toString port}:8080" ]; - volumes = [ - "${config}:/home/.local/share/signal-cli" - ]; - environment.MODE ="json-rpc"; - #environment.MODE ="native"; # only required for reigstration - }; -} diff --git a/makefu/2configs/home/ham/tts/google.nix b/makefu/2configs/home/ham/tts/google.nix deleted file mode 100644 index d2f7a55cc..000000000 --- a/makefu/2configs/home/ham/tts/google.nix +++ /dev/null @@ -1,18 +0,0 @@ - -let -in { - services.home-assistant.config.tts = [ - { platform = "google_translate"; - language = "de"; - time_memory = 57600; - service_name = "google_say"; - } - #{ platform = "google_cloud"; - # key_file = toString <secrets/googlecloud.json>; - # service_name = "cloud_say"; - # language = "de-DE"; - # voice = "de-DE-Wavenet-B"; - # profiles = [ "medium-bluetooth-speaker-class-device" ]; - #} - ]; -} diff --git a/makefu/2configs/home/ham/zigbee2mqtt.nix b/makefu/2configs/home/ham/zigbee2mqtt.nix deleted file mode 100644 index efcbb0d00..000000000 --- a/makefu/2configs/home/ham/zigbee2mqtt.nix +++ /dev/null @@ -1,43 +0,0 @@ -# provides: -# switch -# automation -# binary_sensor -# sensor -# input_select -# timer -let - inherit (import ./lib) zigbee; - prefix = zigbee.prefix; -in -{ - services.home-assistant.config = { - sensor = - - [ - # Sensor for monitoring the bridge state - { - platform = "mqtt"; - name = "Zigbee2mqtt Bridge state"; - state_topic = "${prefix}/bridge/state"; - icon = "mdi:router-wireless"; - } - # Sensor for Showing the Zigbee2mqtt Version - { - platform = "mqtt"; - name = "Zigbee2mqtt Version"; - state_topic = "${prefix}/bridge/config"; - value_template = "{{ value_json.version }}"; - icon = "mdi:zigbee"; - } - # Sensor for Showing the Coordinator Version - { - platform = "mqtt"; - name = "Coordinator Version"; - state_topic = "${prefix}/bridge/config"; - value_template = "{{ value_json.coordinator }}"; - icon = "mdi:chip"; - } - ]; - - }; -} diff --git a/makefu/2configs/home/jellyfin.nix b/makefu/2configs/home/jellyfin.nix deleted file mode 100644 index e613a05fc..000000000 --- a/makefu/2configs/home/jellyfin.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ lib, config, ... }: -let - port = 8096; -in -{ - services.jellyfin.enable = true; - # services.jellyfin.openFirewall = true; - networking.firewall.interfaces.wiregrill = { - allowedTCPPorts = [ 80 port 8920 ]; - allowedUDPPorts = [ 1900 7359 ]; - }; - state = [ "/var/lib/jellyfin" ]; - users.users.${config.services.jellyfin.user}.extraGroups = [ "download" "video" "render" ]; - - systemd.services.jellyfin = { - after = [ "media-cloud.mount" ]; - serviceConfig = rec { - RequiresMountFor = [ "/media/cloud" ]; - SupplementaryGroups = lib.mkForce [ "video" "render" "download" ]; - UMask = lib.mkForce "0077"; - }; - }; - services.nginx.virtualHosts."jelly" = { - serverAliases = [ - "jelly.lan" "movies.lan" - "jelly.makefu.w" "makefu.omo.w" - ]; - - locations."/" = { - proxyPass = "http://localhost:${toString port}"; - proxyWebsockets = true; - }; - }; -} diff --git a/makefu/2configs/home/metube.nix b/makefu/2configs/home/metube.nix deleted file mode 100644 index e6008d475..000000000 --- a/makefu/2configs/home/metube.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ pkgs, lib, ...}: -# docker run -d -p 8081:8081 -v /path/to/downloads:/downloads --user 1001:1001 alexta69/metube -with import <stockholm/lib>; -let - port = "2348"; - dl-dir = "/media/cryptX/youtube/music"; - uid = 20421; - internal-ip = "192.168.111.11"; -in - { - systemd.tmpfiles.rules = [ - "d ${dl-dir} metube nogroup - -" - ]; - virtualisation.oci-containers.backend = "docker"; - - services.nginx.virtualHosts."tube" = { - serverAliases = [ "tube.lan" ]; - locations."/".proxyPass = "http://localhost:${port}"; - }; - - virtualisation.oci-containers.containers.metube = { - image = "alexta69/metube:latest"; - ports = [ "${port}:8081" ]; - volumes = [ - "${dl-dir}:/downloads" - ]; - user = "metube"; - }; - users.users.metube = { - uid = uid; - isSystemUser = true; - }; - - systemd.services.docker-metube.serviceConfig = { - StandardOutput = lib.mkForce "journal"; - StandardError = lib.mkForce "journal"; - }; -} diff --git a/makefu/2configs/home/music.nix b/makefu/2configs/home/music.nix deleted file mode 100644 index b32af6207..000000000 --- a/makefu/2configs/home/music.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, ... }: -let - internal-ip = "192.168.111.11"; - port = 4533; -in -{ - services.navidrome.enable = true; - services.navidrome.settings = { - MusicFolder = "/media/cryptX/music/kinder"; - Address = "0.0.0.0"; - }; - systemd.services.navidrome.serviceConfig.RequiresMountFor = [ "/media/cryptX" ]; - - state = [ "/var/lib/navidrome" ]; - # networking.firewall.allowedTCPPorts = [ 4040 ]; - # state = [ config.services.airsonic.home ]; - services.nginx.virtualHosts."navidrome" = { - serverAliases = [ - "navidrome.lan" - "music" "music.lan" - "musik" "musik.lan" - "music.omo.r" - "music.makefu.r" "music.makefu" - ]; - - locations."/".proxyPass = "http://localhost:${toString port}"; - locations."/".proxyWebsockets = true; - }; - networking.firewall.allowedTCPPorts = [ port ]; - # also configure dlna - services.minidlna.enable = true; - services.minidlna.settings = { - inotify = "yes"; - friendly_name = "omo"; - media_dir = [ "A,/media/cryptX/music" ]; - }; -} diff --git a/makefu/2configs/home/photoprism.nix b/makefu/2configs/home/photoprism.nix deleted file mode 100644 index 2f8a86430..000000000 --- a/makefu/2configs/home/photoprism.nix +++ /dev/null @@ -1,150 +0,0 @@ -{ pkgs, lib, ...}: -# Start | docker-compose up -d -# Stop | docker-compose stop -# Update | docker-compose pull -# Logs | docker-compose logs --tail=25 -f -# Terminal | docker-compose exec photoprism bash -# Help | docker-compose exec photoprism photoprism help -# Config | docker-compose exec photoprism photoprism config -# Reset | docker-compose exec photoprism photoprism reset -# Backup | docker-compose exec photoprism photoprism backup -a -i -# Restore | docker-compose exec photoprism photoprism restore -a -i -# Index | docker-compose exec photoprism photoprism index -# Reindex | docker-compose exec photoprism photoprism index -a -# Import | docker-compose exec photoprism photoprism import -# ------------------------------------------------------------------- -let - port = "2347"; - photodir = "/media/cryptX/photos"; - statedir = "/media/cryptX/lib/photoprism/appsrv"; - db-dir = "/media/cryptX/lib/photoprism/mysql"; - internal-ip = "192.168.111.11"; - sec = import <secrets/photoprism.nix>; -in -{ - virtualisation.oci-containers.backend = "docker"; - - services.nginx.virtualHosts."photos" = { - serverAliases = [ - "photos.lan" - "foto" "foto.lan" - "fotos" "fotos.lan" - ]; - - locations."/".proxyPass = "http://localhost:${port}"; - locations."/".proxyWebsockets = true; - extraConfig = '' - if ( $server_addr != "${internal-ip}" ) { - return 403; - } - ''; - }; - - systemd.services.workadventure-network = { - enable = true; - wantedBy = [ "multi-user.target" ]; - script = '' - ${pkgs.docker}/bin/docker network create --driver bridge photoprism ||: - ''; - after = [ "docker.service" ]; - before = [ - "docker-photoprism.service" - "docker-mysql-photoprism.service" - ]; - }; - - - virtualisation.oci-containers.containers.photoprism = { - image = "photoprism/photoprism:preview"; - ports = ["${port}:${port}" ]; - volumes = [ - "${photodir}:/photoprism/originals" - "${statedir}:/photoprism/storage" - ]; - extraOptions = [ - "--security-opt" "seccomp=unconfined" - "--security-opt" "apparmor=unconfined" - "--network=photoprism" - ]; - environment = { - PHOTOPRISM_HTTP_PORT = port; # Built-in Web server port - PHOTOPRISM_HTTP_COMPRESSION = "gzip"; # Improves transfer speed and bandwidth utilization (none or gzip) - PHOTOPRISM_DEBUG = "false"; # Run in debug mode (shows additional log messages) - # PHOTOPRISM_PUBLIC = "true"; # No authentication required (disables password protection) - PHOTOPRISM_READONLY = "false"; # Don't modify originals directory (reduced functionality) - PHOTOPRISM_EXPERIMENTAL = "true"; # Enables experimental features - # PHOTOPRISM_DISABLE_WEBDAV = "false"; # Disables built-in WebDAV server - PHOTOPRISM_DISABLE_SETTINGS = "false"; # Disables Settings in Web UI - PHOTOPRISM_DISABLE_TENSORFLOW = "false"; # Disables using TensorFlow for image classification - PHOTOPRISM_DARKTABLE_PRESETS = "false"; # Enables Darktable presets and disables concurrent RAW conversion - PHOTOPRISM_DETECT_NSFW = "false"; # Flag photos as private that MAY be offensive (requires TensorFlow) - PHOTOPRISM_UPLOAD_NSFW = "true"; # Allow uploads that MAY be offensive - PHOTOPRISM_AUTH_MODE = "password"; - PHOTOPRISM_ADMIN_USER = "admin"; - PHOTOPRISM_ADMIN_PASSWORD = "admin"; - - #PHOTOPRISM_DATABASE_DRIVER = "postgres"; - #PHOTOPRISM_DATABASE_SERVER = "postgres-prism:5432"; - #PHOTOPRISM_DATABASE_NAME = "photoprism"; - #PHOTOPRISM_DATABASE_USER = "photoprism"; - #PHOTOPRISM_DATABASE_PASSWORD = "photoprism"; - - PHOTOPRISM_DATABASE_DRIVER= "mysql"; # Use MariaDB (or MySQL) instead of SQLite for improved performance - PHOTOPRISM_DATABASE_SERVER= "mysql-photoprism:3306" ; # MariaDB database server (hostname:port) - PHOTOPRISM_DATABASE_NAME= "photoprism"; # MariaDB database schema name - PHOTOPRISM_DATABASE_USER= sec.db.username; # MariaDB database user name - PHOTOPRISM_DATABASE_PASSWORD= sec.db.password; # MariaDB database user password - - PHOTOPRISM_SITE_URL = "http://localhost:2342/"; # Public PhotoPrism URL - PHOTOPRISM_SITE_TITLE = "PhotoPrism"; - PHOTOPRISM_SITE_CAPTION = "FeMi Fotos"; - PHOTOPRISM_SITE_DESCRIPTION = "Unsere Fotos"; - PHOTOPRISM_SITE_AUTHOR = "FeMi"; - PHOTOPRISM_SPONSOR = "true"; - - }; - }; - - virtualisation.oci-containers.containers.mysql-photoprism = { - image = "mariadb:10.5"; - extraOptions = [ - "--security-opt" "seccomp=unconfined" - "--security-opt" "apparmor=unconfined" - "--network=photoprism" - ]; - ports = [ "3306:3306" ]; # no need to expose the database - #cmd = [ "mysqld" - # "--transaction-isolation=READ-COMMITTED" - # "--character-set-server=utf8mb4" - # "--collation-server=utf8mb4_unicode_ci" - # "--max-connections=512" - # "--innodb-rollback-on-timeout=OFF" - # "--innodb-lock-wait-timeout=50" - #]; - volumes= [ "${db-dir}:/var/lib/mysql" ]; - environment = { - MYSQL_ROOT_PASSWORD = "dickidibutt"; - MYSQL_DATABASE= "photoprism"; - MYSQL_USER = sec.db.username; - MYSQL_PASSWORD = sec.db.password; - }; - }; - #virtualisation.oci-containers.containers.postgres-prism = { - # image = "postgres:12-alpine"; - # ports = [ "5432" ]; # no need to expose the database - # environment = { - # POSTGRES_DB = "photoprism"; - # POSTGRES_USER = "photoprism"; - # POSTGRES_PASSWORD = "photoprism"; - # }; - #}; - - systemd.services.docker-photoprism.serviceConfig = { - StandardOutput = lib.mkForce "journal"; - StandardError = lib.mkForce "journal"; - }; - systemd.services.docker-mysql-photoprism.serviceConfig = { - StandardOutput = lib.mkForce "journal"; - StandardError = lib.mkForce "journal"; - }; -} diff --git a/makefu/2configs/home/ps4srv.nix b/makefu/2configs/home/ps4srv.nix deleted file mode 100644 index cb1864fae..000000000 --- a/makefu/2configs/home/ps4srv.nix +++ /dev/null @@ -1,17 +0,0 @@ -let - internal-ip = "192.168.111.11"; -in -{ - services.nginx.virtualHosts."ps4srv" = { - serverAliases = [ - "ps4srv.lan" - ]; - - locations."/".root = "/media/cryptX/emu/ps4"; - extraConfig = '' - if ( $server_addr != "${internal-ip}" ) { - return 403; - } - ''; - }; -} diff --git a/makefu/2configs/home/rhasspy/default.nix b/makefu/2configs/home/rhasspy/default.nix deleted file mode 100644 index e3a0bcd28..000000000 --- a/makefu/2configs/home/rhasspy/default.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ lib,config, ... }: -# uses alsa instead of pulseaduio server -let - profiles = "/var/lib/rhasspy"; -in -{ - systemd.services.docker-rhasspy.after = [ "network-online.target" ]; - - virtualisation.oci-containers.containers.rhasspy = { - image = "rhasspy/rhasspy:latest"; - - environment = { - TZ = "Europe/Berlin"; - PULSE_SERVER = "tcp:${ config.krebs.build.host.name }:4713"; - }; - - ports = [ - "12101:12101" - ]; - - volumes = [ - "/etc/localtime:/etc/localtime:ro" - "${profiles}:/profiles" - ]; - - cmd = [ "--user-profiles" "/profiles" "--profile" "de" ]; - extraOptions = [ - "--device=/dev/snd:/dev/snd" - "--group-add=audio" - ]; - }; - systemd.tmpfiles.rules = [ - "d ${profiles} 0770 root root - -" - ]; - - # required to allow rhasspy to connect to pulse server - # hardware.pulseaudio.enable = lib.mkForce false; - networking.firewall.allowedTCPPorts = [ 4713 ]; - -} diff --git a/makefu/2configs/home/rhasspy/led-control.nix b/makefu/2configs/home/rhasspy/led-control.nix deleted file mode 100644 index b4efe028a..000000000 --- a/makefu/2configs/home/rhasspy/led-control.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ pkgs, ... }: -let - cfg = pkgs.writeText "hcl-config.json" (builtins.toJSON { - engine = "rhasspy"; - pathToConfig = "/var/lib/rhasspy/de/profile.json"; - hardware = "respeaker4MicArray"; - pattern = "fake-name"; - enableDoA = false; - }); -in { - systemd.services.HermesLedControl = { - description = "Led Server for ReSpeaker 4-array"; - after = [ "network-online.target" "docker-rhasspy.service" ] ; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - # User = "nobody"; # need a user with permissions to run nix-shell - ExecStart = "${pkgs.HermesLedControl}/bin/HermesLedControl --hermesLedControlConfig=${toString cfg}"; - Restart = "always"; - RestartSec = 10; - PrivateTmp = true; - }; - }; -} diff --git a/makefu/2configs/home/tonie.nix b/makefu/2configs/home/tonie.nix deleted file mode 100644 index bc3633a88..000000000 --- a/makefu/2configs/home/tonie.nix +++ /dev/null @@ -1,68 +0,0 @@ -{ config, pkgs, lib, ... }: -let - backend_port = 30005; - #host = config.networking.hostName; - ident = 998; - user = "${toString ident}:${toString ident}"; - backend_host = "tonie.lan"; - #backend_host = "tonie.omo.r"; - frontend_port = 30006; - homedir = "/var/lib/tonies"; - albumdir = "${homedir}/albumart/"; - vueconfig = pkgs.writeText "vueconfig" '' - module.exports = { - devServer: { - disableHostCheck: true - }, - } - ''; - audiobookdir = "/media/cryptX/music/kinder_hoerspiele"; - # TONIE_AUDIO_MATCH_USER = username; - # TONIE_AUDIO_MATCH_PASS = password; - tonie-env = toString <secrets/tonie.env>; -in - { - systemd.tmpfiles.rules = [ - "d ${albumdir} 1750 toniebox toniebox -" - ]; - networking.firewall.allowedTCPPorts = [ frontend_port backend_port ]; - virtualisation.oci-containers.containers.toniebox-front = { - image = "makefoo/toniebox-audio-match_front:1.0.1"; - inherit user; - environment = { - VUE_APP_BACKEND_IS_LOCAL = "true"; - }; - ports = [ "${toString frontend_port}:8080" ]; - volumes = [ - "${albumdir}:/frontend/public/assets/covers" - "${vueconfig}:/frontend/vue.config.js" - ]; - }; - - users.users.toniebox = { - isSystemUser = true; - uid = ident; - home = homedir; - createHome = true; - group = "toniebox"; - }; - users.groups.toniebox.gid = ident; - - virtualisation.oci-containers.containers.toniebox-back = { - image = "makefoo/toniebox-audio-match_back:1.0.0"; - inherit user; - environmentFiles = [ tonie-env ]; - ports = [ "${toString backend_port}:5000" ]; - volumes = [ - "${albumdir}:/backend/assets/covers" - "${audiobookdir}:/backend/assets/audiobooks" - ]; - }; - services.nginx.virtualHosts."tonie" = { - serverAliases = [ "tonie.lan" "tonie.omo.r" backend_host ]; - locations."/".proxyPass = "http://localhost:${toString frontend_port}"; - locations."/upload".proxyPass = "http://localhost:${toString backend_port}"; - locations."/creativetonies".proxyPass = "http://localhost:${toString backend_port}"; - locations."/audiobooks".proxyPass = "http://localhost:${toString backend_port}"; - }; -} diff --git a/makefu/2configs/home/zigbee2mqtt/default.nix b/makefu/2configs/home/zigbee2mqtt/default.nix deleted file mode 100644 index 8bb8a929b..000000000 --- a/makefu/2configs/home/zigbee2mqtt/default.nix +++ /dev/null @@ -1,94 +0,0 @@ -{config, pkgs, lib, ...}: - -let - dataDir = "/var/lib/zigbee2mqtt"; - sec = import <secrets/zigbee2mqtt.nix>; - internal-ip = "192.168.111.11"; - webport = 8521; -in - { - # symlink the zigbee controller - #services.udev.extraRules = '' - # SUBSYSTEM=="tty", ATTRS{idVendor}=="0451", ATTRS{idProduct}=="16a8", SYMLINK+="cc2531", MODE="0660", GROUP="dialout" - #''; - - # /dev/serial/by-id/usb-Silicon_Labs_slae.sh_cc2652rb_stick_-_slaesh_s_iot_stuff_00_12_4B_00_21_CC_45_BD-if00-port0 - services.udev.extraRules = '' - SUBSYSTEM=="tty", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", SYMLINK+="cc2531", MODE="0660", GROUP="dialout" - ''; - - services.zigbee2mqtt = { - enable = true; - inherit dataDir; - settings = { - permit_join = true; - serial.port = "/dev/cc2531"; - homeassistant = true; - mqtt = { - server = "mqtt://omo.lan:1883"; - base_topic = "/ham/zigbee"; - user = sec.mqtt.username; - password = sec.mqtt.password; - include_device_information = true; - client_id = "zigbee2mqtt"; - }; - availability = { - active.timeout = 10; - passive.timeout = 1500; - }; - frontend = { - port = webport; - }; - advanced = { - log_level = "debug"; - log_output = [ "console" ]; - last_seen = "ISO_8601"; - elapsed = true; - pan_id = 6755; - inherit (sec.zigbee) network_key; - }; - map_options.graphviz.colors = { - fill = { - enddevice = "#fff8ce" ; - coordinator = "#e04e5d"; - router = "#4ea3e0"; - }; - font = { - coordinator= "#ffffff"; - router = "#ffffff"; - enddevice = "#000000"; - }; - line = { - active = "#009900"; - inactive = "#994444"; - }; - }; - }; - }; - - services.nginx.recommendedProxySettings = true; - services.nginx.virtualHosts."zigbee" = { - serverAliases = [ "zigbee.lan" ]; - locations."/".proxyPass = "http://localhost:${toString webport}"; - locations."/api".proxyPass = "http://localhost:${toString webport}"; - locations."/api".proxyWebsockets = true; - extraConfig = '' - if ( $server_addr != "${internal-ip}" ) { - return 403; - } - ''; - }; - - state = [ "${dataDir}/devices.yaml" "${dataDir}/state.json" ]; - - systemd.services.zigbee2mqtt = { - # override automatic configuration.yaml deployment - environment.ZIGBEE2MQTT_DATA = dataDir; - #serviceConfig.ExecStartPre = lib.mkForce "${pkgs.coreutils}/bin/true"; - after = [ - "home-assistant.service" - "mosquitto.service" - "network-online.target" - ]; - }; -} diff --git a/makefu/2configs/home/zigbee2mqtt/osram.nix b/makefu/2configs/home/zigbee2mqtt/osram.nix deleted file mode 100644 index d1bf2b296..000000000 --- a/makefu/2configs/home/zigbee2mqtt/osram.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - - -availability_topic: /ham/zigbee/bridge/state -command_topic: /ham/zigbee/flur_arbeitszimmer_osram2/set - - - platform: "mqtt" - state_topic: "zigbee2mqtt/<FRIENDLY_NAME>" - availability_topic: "zigbee2mqtt/bridge/state" - payload_on: true - payload_off: false - value_template: "{{ value_json.battery_low}}" - device_class: "battery" -} diff --git a/makefu/2configs/hw/CAC.nix b/makefu/2configs/hw/CAC.nix deleted file mode 100644 index 9ed18344a..000000000 --- a/makefu/2configs/hw/CAC.nix +++ /dev/null @@ -1,13 +0,0 @@ -_: -{ - boot.initrd.availableKernelModules = [ - "ata_piix" - "vmw_pvscsi" - ]; - boot.loader.grub.splashImage = null; - nix = { - daemonIONiceLevel = 1; - daemonNiceLevel = 1; - }; - sound.enable = false; -} diff --git a/makefu/2configs/hw/bcm4352.nix b/makefu/2configs/hw/bcm4352.nix deleted file mode 100644 index 5dc8a1449..000000000 --- a/makefu/2configs/hw/bcm4352.nix +++ /dev/null @@ -1,7 +0,0 @@ -{config, ...}: -{ - networking.enableB43Firmware = true; - boot.kernelModules = [ "wl" ]; - boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; -} - diff --git a/makefu/2configs/hw/bluetooth.nix b/makefu/2configs/hw/bluetooth.nix deleted file mode 100644 index 9eda6069b..000000000 --- a/makefu/2configs/hw/bluetooth.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ pkgs, ... }: -{ # bluetooth+pulse config -# for blueman-applet - users.users.makefu.packages = [ pkgs.blueman ]; - #hardware.pulseaudio = { - # enable = true; - # package = pkgs.pulseaudioFull; -# #systemWide = true; - # support32Bit = true; - # configFile = pkgs.writeText "default.pa" '' - # load-module module-udev-detect - # load-module module-bluetooth-policy - # load-module module-bluetooth-discover - # load-module module-native-protocol-unix - # load-module module-always-sink - # load-module module-console-kit - # load-module module-systemd-login - # load-module module-intended-roles - # load-module module-position-event-sounds - # load-module module-filter-heuristics - # load-module module-filter-apply - # load-module module-switch-on-connect - # load-module module-switch-on-port-available - # ''; - #}; - services.blueman.enable = true; -# presumably a2dp Sink -# Enable profile: -## pacmd set-card-profile "$(pactl list cards short | egrep -o bluez_card[[:alnum:]._]+)" a2dp_sink - -# connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio - hardware.bluetooth = { - enable = true; - powerOnBoot = false; - settings.general.Enable = "Source,Sink,Media,Socket"; - }; - services.dbus.packages = [ pkgs.blueman ]; -} diff --git a/makefu/2configs/hw/cc2531.nix b/makefu/2configs/hw/cc2531.nix deleted file mode 100644 index 3bc2c6834..000000000 --- a/makefu/2configs/hw/cc2531.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - - users.users.${config.krebs.build.user.name}.extraGroups = [ "dialout" ]; - - services.udev.extraRules = '' - SUBSYSTEM=="tty", ATTRS{idVendor}=="0451", ATTRS{idProduct}=="16a8", SYMLINK+="cc2531", MODE="0660", GROUP="dailout" - ''; -} diff --git a/makefu/2configs/hw/cdrip.nix b/makefu/2configs/hw/cdrip.nix deleted file mode 100644 index 1c0bf9c17..000000000 --- a/makefu/2configs/hw/cdrip.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ pkgs, ... }: -{ - users.users.makefu = { - extraGroups = [ "cdrom" ]; - packages = [ pkgs.glyr pkgs.abcde ]; - }; -} diff --git a/makefu/2configs/hw/droidcam.nix b/makefu/2configs/hw/droidcam.nix deleted file mode 100644 index adc0aa379..000000000 --- a/makefu/2configs/hw/droidcam.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ pkgs, config, ... }: -{ - boot.extraModprobeConfig = "options v4l2loopback_dc width=640 height=480"; - boot.extraModulePackages = [ - (pkgs.callPackage ../../5pkgs/v4l2loopback-dc { kernel = config.boot.kernelPackages.kernel; }) - ]; - boot.initrd.availableKernelModules = [ "v4l2loopback-dc" ]; - users.users.makefu.packages = [ pkgs.droidcam ]; -} diff --git a/makefu/2configs/hw/fingerprint-reader.nix b/makefu/2configs/hw/fingerprint-reader.nix deleted file mode 100644 index 1f2f00b03..000000000 --- a/makefu/2configs/hw/fingerprint-reader.nix +++ /dev/null @@ -1,6 +0,0 @@ -_: { - # add fingerprint with fprintd-enroll - services.fprintd.enable = true; - security.pam.services.login.fprintAuth = true; - security.pam.services.xscreensaver.fprintAuth = true; -} diff --git a/makefu/2configs/hw/irtoy.nix b/makefu/2configs/hw/irtoy.nix deleted file mode 100644 index 688f1b2b9..000000000 --- a/makefu/2configs/hw/irtoy.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - - users.users.makefu.packages = with pkgs; [ - lirc - ]; - - users.extraUsers.${config.krebs.build.user.name}.extraGroups = [ "dialout" ]; - - services.udev.extraRules = '' - SUBSYSTEMS=="usb", ATTRS{idProduct}=="fd08", ATTRS{idVendor}=="04d8", SYMLINK+="irtoy", MODE="0666", GROUP="dialout" - ''; -} - diff --git a/makefu/2configs/hw/lte.sh b/makefu/2configs/hw/lte.sh deleted file mode 100755 index a8ae31586..000000000 --- a/makefu/2configs/hw/lte.sh +++ /dev/null @@ -1,26 +0,0 @@ -#/bin/sh - -if [[ "$EUID" -ne 0 ]]; then - echo "This script must be run as root, elevating!" - exec sudo $0 $1 - exit 0 -fi - -if [[ "$1" = "down" ]]; then - echo "taking wwan0 down!" - ip link set wwan0 down - rmmod xmm7360 - exit -fi - -if [[ "$1" = "up" ]]; then - echo "running modprobe" - modprobe xmm7360 - echo "bringing wwan0 up!" - until open_xdatachannel -a web.vodafone.de;do - modprobe -r xmm7360 - modprobe xmm7360 - done - ip link set wwan0 up - echo "nameserver 1.1.1.1" | tee -a /etc/resolv.conf -fi diff --git a/makefu/2configs/hw/malduino_elite.nix b/makefu/2configs/hw/malduino_elite.nix deleted file mode 100644 index 1af85493f..000000000 --- a/makefu/2configs/hw/malduino_elite.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - - services.udev.extraRules = '' - ACTION!="add|change", GOTO="mm_usb_device_blacklist_local_end" - SUBSYSTEM!="usb", GOTO="mm_usb_device_blacklist_local_end" - ENV{DEVTYPE}!="usb_device", GOTO="mm_usb_device_blacklist_local_end" - - ATTRS{idVendor}=="1b4f" ATTRS{idProduct}=="9204", ENV{ID_MM_DEVICE_IGNORE}="1" - ATTRS{idVendor}=="1b4f" ATTRS{idProduct}=="9203", ENV{ID_MM_DEVICE_IGNORE}="1" - - LABEL="mm_usb_device_blacklist_local_end" - ''; -} diff --git a/makefu/2configs/hw/mceusb.nix b/makefu/2configs/hw/mceusb.nix deleted file mode 100644 index 069e6e7eb..000000000 --- a/makefu/2configs/hw/mceusb.nix +++ /dev/null @@ -1,17 +0,0 @@ -{pkgs, lib, ...}:{ - # Disable the MCE remote from acting like a keyboard. (We use lirc instead.) - services.xserver.inputClassSections = ['' - Identifier "MCE USB Keyboard mimic blacklist" - Driver "mceusb" - MatchProduct "Media Center Ed. eHome Infrared Remote Transceiver (1934:5168)" - Option "Ignore" "on" - '']; - boot.kernelPatches = lib.singleton { - name = "enable-lirc"; - patch = null; - extraConfig = '' - LIRC y - ''; - }; - -} diff --git a/makefu/2configs/hw/network-manager.nix b/makefu/2configs/hw/network-manager.nix deleted file mode 100644 index 5a1018df0..000000000 --- a/makefu/2configs/hw/network-manager.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ pkgs, lib, ... }: -{ - users.users.makefu = { - extraGroups = [ "networkmanager" ]; - packages = with pkgs;[ - networkmanagerapplet - gnome3.gnome-keyring dconf - ]; - }; - networking.wireless.enable = lib.mkForce false; - - systemd.services.modemmanager = { - description = "ModemManager"; - bindsTo = [ "NetworkManager.service" ]; - wantedBy = [ "NetworkManager.service" "multi-user.target" ]; - serviceConfig = { - ExecStart = "${pkgs.modemmanager}/bin/ModemManager"; - PrivateTmp = true; - Restart = "always"; - RestartSec = "5"; - }; - }; - -# nixOSUnstable - networking.networkmanager.enable = true; - networking.networkmanager.wifi = { - powersave = true; - scanRandMacAddress = true; - backend = "iwd"; - }; - services.gnome.gnome-keyring.enable = true; - networking.wireless.iwd.enable = true; - - state = [ - "/etc/NetworkManager/system-connections" #NM stateful config files - ]; - networking.networkmanager.dispatcherScripts = [ - { source = "${pkgs.prison-break}/bin/prison-break"; } - ]; - - # TODO: not sure if this actually works - systemd.services.NetworkManager-dispatcher.environment = { - DISPLAY= ":0"; - DBUS_SESSION_BUS_ADDRESS = "unix:path=/run/user/9001/bus"; - }; - -} diff --git a/makefu/2configs/hw/nswitch.nix b/makefu/2configs/hw/nswitch.nix deleted file mode 100644 index 56e122cbf..000000000 --- a/makefu/2configs/hw/nswitch.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - - users.extraUsers.${config.krebs.build.user.name}.extraGroups = [ "dialout" ]; - - # 1: USB - # 2: RCM - services.udev.extraRules = '' - SUBSYSTEM=="usb", ATTRS{idVendor}=="057e", ATTRS{idProduct}=="3000", MODE="0660" ,GROUP="dialout" - SUBSYSTEM=="usb", ATTRS{idVendor}=="0955", ATTRS{idProduct}=="7321", MODE="0660", GROUP="dialout" - ''; -} - diff --git a/makefu/2configs/hw/pseyecam.nix b/makefu/2configs/hw/pseyecam.nix deleted file mode 100644 index 029ee7c9c..000000000 --- a/makefu/2configs/hw/pseyecam.nix +++ /dev/null @@ -1,6 +0,0 @@ -# https://bugzilla.kernel.org/show_bug.cgi?id=198129 -{ - boot.extraModprobeConfig = '' - options snd_usb_audio ignore_ctl_error=1 - ''; -} diff --git a/makefu/2configs/hw/rad1o.nix b/makefu/2configs/hw/rad1o.nix deleted file mode 100644 index 6eca69e0c..000000000 --- a/makefu/2configs/hw/rad1o.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - - environment.systemPackages = with pkgs; [ - gnuradio-with-packages - gnuradio-osmosdr - gqrx - ]; - - users.extraUsers.${config.krebs.build.user.name}.extraGroups = [ "dialout" ]; - - services.udev.extraRules = '' - ATTR{idVendor}=="1d50", ATTR{idProduct}=="604b", SYMLINK+="hackrf-jawbreaker-%k", MODE="0666", GROUP="dialout" - ATTR{idVendor}=="1d50", ATTR{idProduct}=="6089", SYMLINK+="hackrf-one-%k", MODE="0666", GROUP="dialout" - ATTR{idVendor}=="1d50", ATTR{idProduct}=="cc15", SYMLINK+="rad1o-%k", MODE="0666", GROUP="dialout" - ATTR{idVendor}=="1fc9", ATTR{idProduct}=="000c", SYMLINK+="nxp-dfu-%k", MODE="0666", GROUP="dialout" - ''; -} diff --git a/makefu/2configs/hw/rtl8812au.nix b/makefu/2configs/hw/rtl8812au.nix deleted file mode 100644 index 0c10f2555..000000000 --- a/makefu/2configs/hw/rtl8812au.nix +++ /dev/null @@ -1,5 +0,0 @@ -{pkgs, config, ... }: -{ - boot.extraModulePackages = [ config.boot.kernelPackages.rtl8812au ]; - boot.kernelModules = [ "rtl8812au" ]; -} diff --git a/makefu/2configs/hw/slaesh.nix b/makefu/2configs/hw/slaesh.nix deleted file mode 100644 index 1a7d053b9..000000000 --- a/makefu/2configs/hw/slaesh.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - - users.users.${config.krebs.build.user.name}.extraGroups = [ "dialout" ]; - services.udev.extraRules = '' - SUBSYSTEM=="tty", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", SYMLINK+="zigbee", MODE="0660", GROUP="dailout" - ''; -} diff --git a/makefu/2configs/hw/smartcard.nix b/makefu/2configs/hw/smartcard.nix deleted file mode 100644 index b66b70098..000000000 --- a/makefu/2configs/hw/smartcard.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ pkgs, ... }: -{ - services.pcscd = { - enable = true; - plugins = with pkgs; - [ #ifdnfc - ccid - ]; - - }; - environment.systemPackages = with pkgs; [ - # need to run ifdnfc-activate before usage - # ifdnfc - # pcsc_scan - pcsctools - ]; - boot.blacklistedKernelModules = [ - "pn533" "pn533_usb" - "nfc" - ]; -} diff --git a/makefu/2configs/hw/ssd.nix b/makefu/2configs/hw/ssd.nix deleted file mode 100644 index 9615b34d8..000000000 --- a/makefu/2configs/hw/ssd.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ - # ssd trimming - services.fstrim.enable = true; -} diff --git a/makefu/2configs/hw/stk1160.nix b/makefu/2configs/hw/stk1160.nix deleted file mode 100644 index 735cb4c17..000000000 --- a/makefu/2configs/hw/stk1160.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ pkgs, lib, ... }: -{ - boot.kernelPatches = lib.singleton { - name = "enable-stk1160"; - patch = null; - extraConfig = '' - MEDIA_ANALOG_TV_SUPPORT y - VIDEO_STK1160_COMMON m - VIDEO_STK1160 m - ''; - }; -} diff --git a/makefu/2configs/hw/switch.nix b/makefu/2configs/hw/switch.nix deleted file mode 100644 index 79de7ffb1..000000000 --- a/makefu/2configs/hw/switch.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - - users.users.makefu.extraGroups = [ "plugdev" ]; - users.groups.plugdev = {}; - services.udev.extraRules = '' - SUBSYSTEM=="usb", ATTR{idVendor}=="0955", MODE="0664", GROUP="plugdev" - SUBSYSTEM=="usb", ATTR{idVendor}=="16c0", ATTR{idProduct}=="27e2", SYMLINK+="switch-%k", MODE="0664", GROUP="plugdev" - SUBSYSTEM=="usb", ATTR{idVendor}=="057e", ATTR{idProduct}=="3000", SYMLINK+="switch-%k", MODE="0664", GROUP="plugdev" - ''; -} diff --git a/makefu/2configs/hw/tp-x200.nix b/makefu/2configs/hw/tp-x200.nix deleted file mode 100644 index f06425aec..000000000 --- a/makefu/2configs/hw/tp-x200.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -{ - - imports = [ ./tp-x2x0.nix ]; - - boot = { - kernelModules = [ "tp_smapi" "msr" ]; - extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; - - }; - services.thinkfan.enable = true; - - # only works on tp-x200 , not x220 - services.xserver.displayManager.sessionCommands = '' - xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 1 - xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 2 - xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Timeout" 200 - ''; -} diff --git a/makefu/2configs/hw/tp-x230.nix b/makefu/2configs/hw/tp-x230.nix deleted file mode 100644 index 69fe7adce..000000000 --- a/makefu/2configs/hw/tp-x230.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - - imports = [ ./tp-x2x0.nix <nixos-hardware/lenovo/thinkpad/x230> ]; - - # configured media keys inside awesomerc - # sound.mediaKeys.enable = true; - - # possible i915 powersave options: - # options i915 enable_rc6=1 enable_fbc=1 semaphores=1 - - boot.extraModprobeConfig = '' - options thinkpad_acpi fan_control=1 - options i915 enable_rc6=1 enable_fbc=1 semaphores=1 - ''; - - boot.initrd.availableKernelModules = [ "thinkpad_acpi" ]; - - services.xserver.displayManager.sessionCommands ='' - xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1 - xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 8 2 - xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Axes" 6 7 4 5 - # xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Timeout" 8 200 - ''; - - # enable HDMI output switching with pulseaudio - hardware.pulseaudio.extraConfig = '' - load-module module-alsa-sink device=hw:0,3 sink_properties=device.description="HDMIOutput" sink_name="HDMI" - ''; - # load graphical equalizer module - # load-module module-equalizer-sink - - # combine multiple sinks to one: - # list all sinks: pactl list short sinks - # pacmd load-module module-combine-sink sink_name=combined sink_properties=device.description=CombinedSink slaves=sink1,sink2 channels=2 - -} diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix deleted file mode 100644 index bbed3f430..000000000 --- a/makefu/2configs/hw/tp-x2x0.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - ./tpm.nix - ./ssd.nix - ./bluetooth.nix - ]; - - boot.kernelModules = [ - "kvm-intel" - ]; - - # hardware.opengl.extraPackages = [ pkgs.intel-media-driver ]; - - networking.wireless.enable = lib.mkDefault true; - - hardware.enableRedistributableFirmware = true; - nixpkgs.config.allowUnfree = true; - - hardware.cpu.intel.updateMicrocode = true; - - zramSwap.enable = true; - - # enable synaptics so we can easily disable the touchpad - # enable the touchpad with `synclient TouchpadOff=0` - - services.xserver.libinput.enable = false; - services.xserver.synaptics = { - enable = true; - additionalOptions = ''Option "TouchpadOff" "1"''; - }; - hardware.trackpoint = { - enable = true; - sensitivity = 220; - speed = 220; - emulateWheel = true; - }; - - services.tlp.enable = ! config.services.power-profiles-daemon.enable; - services.tlp.settings = { - # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery - START_CHARGE_THRESH_BAT0 = 95; - STOP_CHARGE_THRESH_BAT0 = 100; - CPU_SCALING_GOVERNOR_ON_AC = "performance"; - CPU_SCALING_GOVERNOR_ON_BAT = "ondemand"; - CPU_MIN_PERF_ON_AC = 0; - CPU_MAX_PERF_ON_AC = 100; - CPU_MIN_PERF_ON_BAT = 0; - CPU_MAX_PERF_ON_BAT = 30; - }; - - powerManagement.resumeCommands = '' - ${pkgs.utillinux}/bin/rfkill unblock all - ''; -} diff --git a/makefu/2configs/hw/tpm.nix b/makefu/2configs/hw/tpm.nix deleted file mode 100644 index 29e19e916..000000000 --- a/makefu/2configs/hw/tpm.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ pkgs, ... }: -{ - services.tcsd.enable = true; - # see https://wiki.archlinux.org/index.php/Trusted_Platform_Module - environment.systemPackages = with pkgs; [ opencryptoki tpm-tools ]; -} diff --git a/makefu/2configs/hw/upower.nix b/makefu/2configs/hw/upower.nix deleted file mode 100644 index a3932fed3..000000000 --- a/makefu/2configs/hw/upower.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ pkgs, ... }: -{ - services.upower.enable = true; - users.users.makefu.packages = [ pkgs.gnome3.gnome-power-manager ]; -} - diff --git a/makefu/2configs/hw/vbox-guest.nix b/makefu/2configs/hw/vbox-guest.nix deleted file mode 100644 index 65f915a2f..000000000 --- a/makefu/2configs/hw/vbox-guest.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ lib, ...}: -{ - ## Guest Extensions are currently broken - imports = [ - (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>) - ]; - virtualisation.virtualbox.guest.enable = true; - services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ]; - - fileSystems."/media/share" = { - fsType = "vboxsf"; - device = "share"; - options = [ "rw" "uid=9001" "gid=9001" "nofail" ]; - }; - # virtualbox.baseImageSize = 35 * 1024; -} diff --git a/makefu/2configs/hw/xmm7360.nix b/makefu/2configs/hw/xmm7360.nix deleted file mode 100644 index 8facab8b5..000000000 --- a/makefu/2configs/hw/xmm7360.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ pkgs, config, ... }: -let - helper = pkgs.writeScriptBin "lte" (builtins.readFile ./lte.sh); - - pkg = (pkgs.callPackage ../../5pkgs/xmm7360 { kernel = config.boot.kernelPackages.kernel; }); -in -{ - boot.extraModulePackages = [ - pkg - ]; - boot.initrd.availableKernelModules = [ "xmm7360" ]; - users.users.makefu.packages = [ pkg helper ]; -} diff --git a/makefu/2configs/hydra/stockholm.nix b/makefu/2configs/hydra/stockholm.nix deleted file mode 100644 index 35999ae57..000000000 --- a/makefu/2configs/hydra/stockholm.nix +++ /dev/null @@ -1,33 +0,0 @@ -# iterative: -# $ hydra-create-user krebs --password derp --role admin -# curl 'http://hydra.wbob.r/project/.new' -X PUT -H 'Host: hydra.wbob.r' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H 'X-Requested-With: XMLHttpRequest' -H 'Cookie: redirect_to=%252F; hydra_session=abcdefghijklmnopqrstuvwxyz' -H 'Connection: keep-alive' --data 'enabled=on&visible=on&name=stockholm&displayname=Stockholm&description=make+all+systems+into+1systems&homepage=https%3A%2F%2Fkrebsco.de&owner=krebs&declfile=spec.json&decltype=git&declvalue=http%3A%2F%2Fcgit.euer.krebsco.de%2Fhydra-stockholm' - -{ - - # TODO postgres backup - - services.hydra = { - enable = true; - hydraURL = "http://hydra.wbob.r"; # externally visible URL - notificationSender = "hydra@wbob.r"; - # you will probably also want, otherwise *everything* will be built from scratch - useSubstitutes = true; - port = 3030; - buildMachinesFiles = []; - }; - - networking.firewall.allowedTCPPorts = [ 80 ]; - services.nginx = { - enable = true; - virtualHosts."hydra.wbob.r" = { - locations."/" = { - proxyPass = "http://localhost:3030/"; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - ''; - }; - }; - }; -} diff --git a/makefu/2configs/iodined.nix b/makefu/2configs/iodined.nix deleted file mode 100644 index a2d43e567..000000000 --- a/makefu/2configs/iodined.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ pkgs, config, ... }: - -let - # TODO: make this a parameter - domain = "io.krebsco.de"; - pw = import <secrets/iodinepw.nix>; -in { - networking.firewall.allowedUDPPorts = [ 53 ]; - - services.iodine = { - server = { - enable = true; - domain = domain; - ip = "172.16.10.1/24"; - extraConfig = "-c -P ${pw} -l ${config.krebs.build.host.nets.internet.ip4.addr}"; - }; - }; - -} diff --git a/makefu/2configs/ipfs.nix b/makefu/2configs/ipfs.nix deleted file mode 100644 index cc07e063d..000000000 --- a/makefu/2configs/ipfs.nix +++ /dev/null @@ -1,5 +0,0 @@ -{...}: -{ - services.ipfs.enable = true; - networking.firewall.allowedTCPPorts = [ 4001 ]; -} diff --git a/makefu/2configs/kdeconnect.nix b/makefu/2configs/kdeconnect.nix deleted file mode 100644 index b9110dee8..000000000 --- a/makefu/2configs/kdeconnect.nix +++ /dev/null @@ -1,6 +0,0 @@ -{pkgs, ... }: -{ - environment.systemPackages = with pkgs; [ kdeconnect ]; - networking.firewall.allowedUDPPortRanges = [ { from = 1714; to = 1764; } ]; - networking.firewall.allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; -} diff --git a/makefu/2configs/lanparty/lancache-dns.nix b/makefu/2configs/lanparty/lancache-dns.nix deleted file mode 100644 index c9da7c4c4..000000000 --- a/makefu/2configs/lanparty/lancache-dns.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ pkgs, lib, config, ... }: -with import <stockholm/lib>; -let - upstream-server = "8.8.8.8"; - # make sure the router pins the ip address to the deployed host - # and set it as dns server ( dhcp option 6,192.168.10.10 ) - local_ip = "192.168.10.10"; - - extra-config = pkgs.writeText "local.conf" '' - server: - local-data: "piratebox. A ${local_ip}" - local-data: "store. A ${local_ip}" - local-data: "share. A ${local_ip}" - ''; - - - # see https://github.com/zeropingheroes/lancache for full docs - lancache-dns = pkgs.stdenv.mkDerivation rec { - name = "lancache-dns-2017-06-28"; - src = pkgs.fetchFromGitHub { - # forked: https://github.com/zeropingheroes/lancache-dns - repo = "lancache-dns"; - owner = "zeropingheroes"; - rev = "420aa62"; - sha256 = "0ik7by7ripdv2avyy5kk9jp1i7rz9ksc8xmg7n9iik365q9pv94m"; - }; - - phases = [ "unpackPhase" "installPhase" ]; - # here we have the chance to edit `includes/proxy-cache-paths.conf` - installPhase = '' - mkdir -p $out - cp -r * $out/ - ''; - }; - stateDir = "/var/lib/unbound"; - user = "unbound"; -in { - services.unbound = { - enable = true; - allowedAccess = [ "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" ]; - interfaces = ["0.0.0.0" "::" ]; - forwardAddresses = [ upstream-server ]; - extraConfig = '' - include: "${stateDir}/lancache/*.conf" - include: "${extra-config}" - ''; - }; - services.dnscrypt-proxy.enable = lib.mkForce false; - virtualisation.libvirtd.enable = lib.mkForce false; - systemd.services.dns-lancache-prepare = { - wantedBy = [ "unbound.service" ]; - before = [ "unbound.service" ]; - after = [ "network-online.target" ]; - partOf= [ "unbound.service" ]; - - path = [ pkgs.gawk pkgs.iproute pkgs.gnused ]; - script = '' - set -xeu - # current_ip=$(ip route get 8.8.8.8 | awk '/8.8.8.8/ {print $NF}') - current_ip=${local_ip} - old_ip=10.1.1.250 - mkdir -p ${stateDir} - rm -rvf ${stateDir}/lancache - cp -r ${lancache-dns}/upstreams-available ${stateDir}/lancache - sed -i "s/$old_ip/$current_ip/g" ${stateDir}/lancache/*.conf - chown -R unbound ${stateDir} - ''; - }; - networking.firewall.allowedUDPPorts = [ 53 ]; -} diff --git a/makefu/2configs/lanparty/lancache.nix b/makefu/2configs/lanparty/lancache.nix deleted file mode 100644 index bcacf2e15..000000000 --- a/makefu/2configs/lanparty/lancache.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ pkgs, lib, config, ... }: -with import <stockholm/lib>; -let - # see https://github.com/zeropingheroes/lancache for full docs - lancache= pkgs.stdenv.mkDerivation rec { - name = "lancache-2017-06-26"; - src = pkgs.fetchFromGitHub { - # origin: https://github.com/multiplay/lancache - # forked: https://github.com/zeropingheroes/lancache - repo = "lancache"; - owner = "zeropingheroes"; - rev = "143f7bb"; - sha256 = "1ra4l7qz3k231j5wabr89s5hh80n1kk8vgd3dsh0xx5mdpjhvdl6"; - }; - phases = [ "unpackPhase" "installPhase" ]; - # here we can chance to edit `includes/proxy-cache-paths.conf` - installPhase = '' - mkdir -p $out - cp -r * $out/ - rm $out/caches-enabled/* - sed -i -e 's/^\(user\).*/\1 ${cfg.user} ${cfg.group};/' \ - -e '1 idaemon off;' \ - -e 's#/var/lancache#${cfg.statedir}#g' \ - $out/nginx.conf - sed -i -e 's#/var/lancache#${cfg.statedir}#g' \ - $out/*/*.conf - ln -s $out/caches-available/* $out/caches-enabled/ - ''; - }; - cfg = { - statedir = "/data/cache"; - - group = "nginx-lancache"; - user = "nginx-lancache"; - package = pkgs.stdenv.lib.overrideDerivation pkgs.nginx (old:{ - configureFlags = old.configureFlags ++ [ - "--with-http_slice_module" - "--with-stream" - "--with-pcre" - ]; - }); - }; -in { - systemd.services.nginx-lancache = { - description = "Nginx lancache Server"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - restartIfChanged = true; - - preStart = '' - mkdir -p ${cfg.statedir} && cd ${cfg.statedir} - chmod 700 ${cfg.statedir} - PATH_CACHE=$PATH_BASE/cache - PATH_LOGS=$PATH_BASE/logs - - mkdir -p cache/{installers,tmp} logs - rm -f conf; ln -s ${lancache} conf - chown -R ${cfg.user}:${cfg.group} . - ''; - serviceConfig = { - ExecStart = "${cfg.package}/bin/nginx -p ${cfg.statedir}"; - ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; - Restart = "always"; - RestartSec = "10s"; - StartLimitInterval = "1min"; - }; - }; - - environment.etc.nginx.source = lancache; - users.extraUsers = (singleton - { name = cfg.user; - group = cfg.group; - uid = genid cfg.group; - }); - - users.extraGroups = (singleton - { name = "${cfg.group}"; - gid = genid cfg.group; - }); - networking.firewall.allowedTCPPorts = [ 80 443 ]; -} diff --git a/makefu/2configs/lanparty/mumble-server.nix b/makefu/2configs/lanparty/mumble-server.nix deleted file mode 100644 index 5b9631cd1..000000000 --- a/makefu/2configs/lanparty/mumble-server.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, ... }: -{ - networking.firewall.allowedTCPPorts = [ 64738 ]; - networking.firewall.allowedUDPPorts = [ 64738 ]; - services.murmur = { - enable = true; - welcometext = "Welcome to the LANest Party mumble server"; - bonjour = true; - hostName = "0.0.0.0"; - sendVersion = true; - }; -} diff --git a/makefu/2configs/lanparty/samba.nix b/makefu/2configs/lanparty/samba.nix deleted file mode 100644 index e2fa58c4b..000000000 --- a/makefu/2configs/lanparty/samba.nix +++ /dev/null @@ -1,40 +0,0 @@ -{config, ... }:{ - networking.firewall.allowedUDPPorts = [ 137 138 ]; - networking.firewall.allowedTCPPorts = [ 139 445 ]; - users.users.smbguest = { - name = "smbguest"; - uid = config.ids.uids.smbguest; #effectively systemUser - description = "smb guest user"; - home = "/data/lanparty"; - createHome = true; - group = "share"; - }; - users.groups.share = {}; - services.samba = { - enable = true; - enableNmbd = true; - shares = { - lanparty = { - path = "/data/lanparty/"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - share = { - path = "/data/incoming"; - "read only" = "no"; - browseable = "yes"; - "guest ok" = "yes"; - }; - }; - extraConfig = '' - guest account = smbguest - map to guest = bad user - # disable printing - load printers = no - printing = bsd - printcap name = /dev/null - disable spoolss = yes - ''; - }; -} diff --git a/makefu/2configs/legacy_only.nix b/makefu/2configs/legacy_only.nix deleted file mode 100644 index 3d40471ba..000000000 --- a/makefu/2configs/legacy_only.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ networking.enableIPv6 = false; - boot.kernel.sysctl = { - "net.ipv6.conf.all.disable_ipv6" = 1; - "net.ipv6.conf.default.disable_ipv6" = 1; - "net.ipv6.conf.lo.disable_ipv6" = 1; - }; - boot.kernelParams = [ "ipv6.disable=1" ]; -} diff --git a/makefu/2configs/logging/client.nix b/makefu/2configs/logging/client.nix deleted file mode 100644 index 04d2de0d0..000000000 --- a/makefu/2configs/logging/client.nix +++ /dev/null @@ -1,32 +0,0 @@ -{pkgs, buil, config, ...}: -let - log-server = config.makefu.log-server; - log-port = 9200; -in { - services.journalbeat = { - enable = true; - # TODO: filter for certain journal fields, not all - extraConfig = '' - journalbeat: - name: logs-${config.krebs.build.host.name} - seek_position: cursor - cursor_seek_fallback: tail - write_cursor_state: true - cursor_flush_period: 5s - clean_field_names: true - convert_to_numbers: false - move_metadata_to_field: journal - default_type: journal - output.elasticsearch: - enabled: true - hosts: ["${log-server}:${builtins.toString log-port}"] - template.enabled: false - #output.console: - # enabled: true - logging.level: info - logging.to_syslog: true - logging.selectors: ["*"] - - ''; - }; -} diff --git a/makefu/2configs/logging/filter/dnsmasq.conf b/makefu/2configs/logging/filter/dnsmasq.conf deleted file mode 100644 index 1570b1c60..000000000 --- a/makefu/2configs/logging/filter/dnsmasq.conf +++ /dev/null @@ -1,19 +0,0 @@ - -if ( [program] == "dnsmasq") { - grok { - patterns_dir => ["${./patterns}"] - match => { - "message" => [ - "^%{logdate:LOGDATE} dnsmasq\[[\d]+\]\: query\[[\w]+\] %{domain:DOMAIN} from %{clientip:CLIENTIP}" - , "^%{logdate:LOGDATE} dnsmasq\[[\d]+\]\: reply %{domain:DOMAIN} is %{ip:IP}" - , "^%{logdate:LOGDATE} dnsmasq\[[\d]+\]\: %{blocklist:BLOCKLIST} %{domain:DOMAIN} is %{ip:IP}" - ] - } - } - date { - match => [ "LOGDATE", "MMM dd HH:mm:ss", "MMM d HH:mm:ss", "ISO8601" ] - } - geoip { - source => "IP" - } -} diff --git a/makefu/2configs/logging/patterns/dnsmasq b/makefu/2configs/logging/patterns/dnsmasq deleted file mode 100644 index c1e700d5e..000000000 --- a/makefu/2configs/logging/patterns/dnsmasq +++ /dev/null @@ -1,15 +0,0 @@ -BLOCKLIST [\/\w\.]+ -DOMAIN [\w\.\-]+ -DNSID \d+ -PORT \d+ -DNSRESPONSE cached|reply|forwarded|query -# TODO: there are some strange responses for certain queries like <CNAME> or ... -IPORWORD %{IP}|[<>\.\/\w>]+ - -# TODO use public suffix list by mozilla -TLD [a-z]{2,63} -# matches CCSLD and TLD together (e.g. co.uk ) -CCSLD_TLD [a-z]+\.uk -# actually after a CCTLD this would be the third level domain ... -PUBLIC_SUFFIX (xn--)?%{FUNCTIONAL_SLD}\.(%{CCSLD_TLD}|%{TLD}) -FUNCTIONAL_SLD [a-z0-9-]{1,63} diff --git a/makefu/2configs/logging/server.nix b/makefu/2configs/logging/server.nix deleted file mode 100644 index f2fccec25..000000000 --- a/makefu/2configs/logging/server.nix +++ /dev/null @@ -1,140 +0,0 @@ -{pkgs, config, ...}: - -let - es-port = 9200; - kibana-port = 5601; - primaryName = "log.${config.krebs.build.host.name}"; - serverAliases = [ "${primaryName}.r" "${primaryName}.lan" ]; -in { - - services.nginx.virtualHosts.${primaryName} = { - inherit serverAliases; - locations."/" = { - proxyPass = "http://localhost:5601/"; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - ''; - }; - }; - services.elasticsearch = { - enable = true; - port = es-port; - }; - services.kibana = { - enable = true; - port = kibana-port; - }; - - networking.firewall.extraCommands = '' - iptables -A INPUT -i retiolum -p tcp --dport ${toString es-port} -j ACCEPT - iptables -A INPUT -i retiolum -p tcp --dport ${toString kibana-port} -j ACCEPT - ''; - - # send logs directly to elasticsearch - services.journalbeat = { - enable = true; - package = pkgs.journalbeat7; - extraConfig = '' - logging: - to_syslog: true - level: info - metrics.enabled: false - template.enabled: false - output.logstash: - hosts: [ "127.0.0.1:5044" ] - template.enabled: false - index: journalbeat - journalbeat.inputs: - - paths: [] - seek: cursor - ''; - }; - - services.logstash = { - enable = true; - # package = pkgs.logstash5; - # plugins = [ pkgs.logstash-contrib ]; - inputConfig = - '' - syslog { - timezone => "Etc/UTC" - } - beats { - port => 5044 - } - ''; - filterConfig = - '' - # Assume Beats - if [syslog] { - mutate { - add_field => { "program" => "%{[syslog][identifier]}" } - } - } - '' + - '' - if ![program] { - mutate { - add_field => { "program" => "unknown" } - } - } - '' + - '' - if ([program] == "logstash") { - drop {} - } - '' + - '' - if ( [program] == "dnsmasq") { - grok { - patterns_dir => ["${./patterns}"] - match => { - "message" => [ - "^%{DNSID:dnsid} %{IP:client}/%{PORT} %{DNSRESPONSE:dnstype}\[[\w]+\] %{DOMAIN:domain} from %{IP}" - , "^%{DNSID:dnsid} %{IP:client}/%{PORT} %{DNSRESPONSE:dnstype} %{DOMAIN:domain} is %{IPORWORD:resolved_ip}" - , "^%{DNSID:dnsid} %{IP:client}/%{PORT} %{DNSRESPONSE:dnstype} %{DOMAIN:domain} to %{IP:upstream_dns}" - ] - } - } - if [resolved_ip] { - geoip { - source => "resolved_ip" - } - } - mutate { - rename => { "host" => "syslog_host" } - } - # Target is to parse the the first and second significant part of the domain - grok { - patterns_dir => ["${./patterns}"] - match => { "domain" => [ "%{PUBLIC_SUFFIX:dns_suffix}$" ] } - } - if [client] { - mutate { copy => { "client" => "clientip" } } - dns { - reverse => [ "client"] - action => "replace" - hostsfile => [ "/etc/hosts" ] - hit_cache_ttl => 1600 - failed_cache_ttl => 60 - } - } - } - '' + '' - if ( [program] == "proftpd") { - kv { - field_split => " " - } - } - ''; - outputConfig = - '' - #stdout { - # codec => rubydebug - #} - elasticsearch { } - ''; - }; -} diff --git a/makefu/2configs/mail-client.nix b/makefu/2configs/mail-client.nix deleted file mode 100644 index e08aadc5e..000000000 --- a/makefu/2configs/mail-client.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -{ - environment.systemPackages = with pkgs; [ - abook - gnupg - imapfilter - msmtp - notmuch - neomutt - offlineimap - openssl - w3m - ]; - -} diff --git a/makefu/2configs/mail/mail.euer.nix b/makefu/2configs/mail/mail.euer.nix deleted file mode 100644 index f51e54b80..000000000 --- a/makefu/2configs/mail/mail.euer.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ config, pkgs, ... }: -{ - imports = [ - (builtins.fetchTarball { - url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.1/nixos-mailserver-v2.2.1.tar.gz"; - sha256 = "03d49v8qnid9g9rha0wg2z6vic06mhp0b049s3whccn1axvs2zzx"; - } - ) - ]; - - mailserver = { - enable = true; - fqdn = "euer.eloop.org"; - domains = [ "euer.eloop.org" ]; - loginAccounts = { - "makefu@euer.eloop.org" = { - hashedPassword = "$6$5gFFAPnI/c/EHIx$3aHj64p5SX./C.MPb.eBmyLDRdWS1yaoV0s9r3Yexw4UO9URdUkBDgqT7F0Mjgt6.gyYaJ5E50h0Yg7iHtLWI/"; - aliases = [ "root@euer.eloop.org" ]; - catchAll = [ "euer.eloop.org" ]; - - }; - }; - certificateScheme = 3; - - # Enable IMAP and POP3 - enableImap = true; - enablePop3 = false; - enableImapSsl = true; - enablePop3Ssl = false; - - # Enable the ManageSieve protocol - enableManageSieve = true; - - virusScanning = false; - - }; - - services.dovecot2.extraConfig = '' - ssl_dh = </var/lib/dhparams/dovecot2.pem - ''; - state = [ # https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/wikis/A-Complete-Backup-Guide - config.mailserver.mailDirectory - config.mailserver.dkimKeyDirectory - ]; - # workaround for DH creation - # security.dhparams = { - # enable = true; - # params = { - # dovecot = 2048; - # }; - # }; - # systemd.services.dovecot2.requires = [ "dhparams-gen-dovecot.service" ]; - # systemd.services.dovecot2.after = [ "dhparams-gen-dovecot.service" ]; -} - diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix deleted file mode 100644 index 296201808..000000000 --- a/makefu/2configs/main-laptop.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, lib, pkgs, ... }: - -# stuff for the main laptop -# this is pretty much nice-to-have and does -# not fit into base-gui -# TODO split generic desktop stuff and laptop-specifics like lidswitching - -with import <stockholm/lib>; -let - window-manager = "awesome"; - user = config.krebs.build.user.name; -in { - imports = [ - ./gui/base.nix - # ./gui/look-up.nix - ./fetchWallpaper.nix - ./zsh-user.nix - ./tools/core.nix - ./tools/core-gui.nix - ./gui/automatic-diskmount.nix - ]; - - users.users.${config.krebs.build.user.name}.extraGroups = [ "dialout" ]; - - security.sudo.extraConfig = "${config.krebs.power-action.user} ALL= (root) NOPASSWD: ${pkgs.systemd}/bin/systemctl suspend"; - - location.latitude = 48.7; - location.longitude = 9.1; - -} diff --git a/makefu/2configs/mattermost-docker.nix b/makefu/2configs/mattermost-docker.nix deleted file mode 100644 index a887a6a8f..000000000 --- a/makefu/2configs/mattermost-docker.nix +++ /dev/null @@ -1,47 +0,0 @@ -{config, lib, ...}: - -with import <stockholm/lib>; -let - sec = toString <secrets>; - ssl_cert = "${sec}/wildcard.krebsco.de.crt"; - ssl_key = "${sec}/wildcard.krebsco.de.key"; -in { - # mattermost docker config and deployment guide: git.euer.krebsco.de - virtualisation.docker.enable = true; - users.extraUsers.${config.krebs.build.user.name}.extraGroups = [ "docker" ]; - krebs.nginx = { - enable = true; - servers.mattermost = { - listen = [ "80" "443 ssl" ]; - server-names = [ "mattermost.euer.krebsco.de" ]; - extraConfig = '' - gzip on; - gzip_buffers 4 32k; - gzip_types text/plain application/x-javascript text/css; - ssl_certificate ${ssl_cert}; - ssl_certificate_key ${ssl_key}; - default_type text/plain; - - if ($scheme = http){ - return 301 https://$server_name$request_uri; - } - - client_max_body_size 4G; - keepalive_timeout 10; - - ''; - locations = [ - (nameValuePair "/" '' - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_redirect off; - proxy_pass http://localhost:8065/; - '') - ]; - }; - }; -} diff --git a/makefu/2configs/minimal.nix b/makefu/2configs/minimal.nix deleted file mode 100644 index 0334422c8..000000000 --- a/makefu/2configs/minimal.nix +++ /dev/null @@ -1,85 +0,0 @@ -{ lib, pkgs, config, ... }: -# minimal subset of sane configuration for stockholm -{ - # nobody needs this - programs.command-not-found.enable = false; - - # the only true timezone (even after the the removal of DST) - time.timeZone = "Europe/Berlin"; - - networking.hostName = lib.mkIf (lib.hasAttr "host" config.krebs.build) config.krebs.build.host.name; - - # we use gpg if necessary (or nothing at all) - programs.ssh.startAgent = false; - - # all boxes look the same - nix.settings.sandbox = true; - nix.settings.cores = 0; # until https://github.com/NixOS/nixpkgs/pull/50440 is in stable - # we configure users via nix - users.mutableUsers = false; - - # sane firewalling - networking.firewall.rejectPackets = true; - networking.firewall.allowPing = true; - - # openssh all the way down - services.openssh.enable = true; - - # we use stockholm via populate - nix.nixPath = [ "/var/src" ]; - - environment.variables = let - ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - in { - NIX_PATH = lib.mkForce "/var/src"; - EDITOR = lib.mkForce "vim"; - CURL_CA_BUNDLE = ca-bundle; - GIT_SSL_CAINFO = ca-bundle; - SSL_CERT_FILE = ca-bundle; - }; - - programs.bash = { - interactiveShellInit = '' - HISTCONTROL='erasedups:ignorespace' - HISTSIZE=900001 - HISTFILESIZE=$HISTSIZE - - shopt -s checkhash - shopt -s histappend histreedit histverify - shopt -s no_empty_cmd_completion - ''; - - promptInit = '' - case $UID in - 0) PS1='\[\e[1;31m\]\w\[\e[0m\] ' ;; - 9001) PS1='\[\e[1;32m\]\w\[\e[0m\] ' ;; - *) PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] ' ;; - esac - if test -n "$SSH_CLIENT"; then - PS1='\[\033[35m\]\h'" $PS1" - fi - ''; - }; - - # trust the cool guys - networking.timeServers = [ - "pool.ntp.org" - "time.nist.gov" - ]; - - # the only locale you will ever need - i18n = { - defaultLocale = "en_US.UTF-8"; - }; - console.keyMap = "us"; - - # suppress chrome autit event messages - security.audit.rules = [ "-a task,never" ]; - - # Enable IPv6 Privacy Extensions - boot.kernel.sysctl = { - "net.ipv6.conf.all.use_tempaddr" = lib.mkDefault "2"; - "net.ipv6.conf.default.use_tempaddr" = lib.mkDefault "2"; - }; - -} diff --git a/makefu/2configs/mosh.nix b/makefu/2configs/mosh.nix deleted file mode 100644 index 1c2e34e0b..000000000 --- a/makefu/2configs/mosh.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - programs.mosh.enable = true; -} diff --git a/makefu/2configs/mqtt.nix b/makefu/2configs/mqtt.nix deleted file mode 100644 index cba43e22d..000000000 --- a/makefu/2configs/mqtt.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ ... }: -{ - services.mosquitto = { - enable = true; - persistence = false; - settings.max_keepalive = 60; - listeners = [ - { - port = 1883; - omitPasswordAuth = true; - users = {}; - settings = { - allow_anonymous = true; - }; - acl = [ "topic readwrite #" "pattern readwrite #" ]; - } - ]; - }; -} diff --git a/makefu/2configs/nginx/dl.euer.krebsco.de.nix b/makefu/2configs/nginx/dl.euer.krebsco.de.nix deleted file mode 100644 index e31d355a7..000000000 --- a/makefu/2configs/nginx/dl.euer.krebsco.de.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - users.groups.download.members = [ "nginx" ]; - services.nginx = { - enable = lib.mkDefault true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - virtualHosts."dl.euer.krebsco.de" = { - root = config.makefu.dl-dir; - extraConfig = "autoindex on;"; - forceSSL = true; - enableACME = true; - basicAuth = import <secrets/dl.euer.krebsco.de-auth.nix>; - }; - virtualHosts."dl.gum.r" = { - serverAliases = [ "dl.gum" "dl.makefu.r" "dl.makefu" ]; - root = config.makefu.dl-dir; - extraConfig = "autoindex on;"; - basicAuth = import <secrets/dl.gum-auth.nix>; - }; - }; -} diff --git a/makefu/2configs/nginx/euer.blog.nix b/makefu/2configs/nginx/euer.blog.nix deleted file mode 100644 index 24696adf2..000000000 --- a/makefu/2configs/nginx/euer.blog.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let - sec = toString <secrets>; - hostname = config.krebs.build.host.name; - user = config.services.nginx.user; - group = config.services.nginx.group; - base-dir = "/var/www/blog.euer"; -in { - # Prepare Blog directory - systemd.services.prepare-euer-blog = { - wantedBy = [ "local-fs.target" ]; - before = [ "nginx.service" ]; - serviceConfig = { - # do nothing if the base dir already exists - ExecStart = pkgs.writeScript "prepare-euer-blog-service" '' - #!/bin/sh - if ! test -d "${base-dir}" ;then - mkdir -p "${base-dir}" - chown ${user}:${group} "${base-dir}" - chmod 700 "${base-dir}" - fi - ''; - Type = "oneshot"; - RemainAfterExit = "yes"; - TimeoutSec = "0"; - }; - }; - - services.nginx = { - enable = mkDefault true; - virtualHosts = { - "euer.krebsco.de" = { - #serverAliases = [ "blog.euer.krebsco.de" "blog.${hostname}" ]; - enableACME = true; - forceSSL = true; - default = true; - root = base-dir; - }; - }; - }; - state = [ base-dir ]; -} diff --git a/makefu/2configs/nginx/euer.mon.nix b/makefu/2configs/nginx/euer.mon.nix deleted file mode 100644 index c9db15b73..000000000 --- a/makefu/2configs/nginx/euer.mon.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let - hostname = config.krebs.build.host.name; - user = config.services.nginx.user; - group = config.services.nginx.group; - external-ip = config.krebs.build.host.nets.internet.ip4.addr; - internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; -in { - services.nginx = { - enable = mkDefault true; - virtualHosts."mon.euer.krebsco.de" = let - # flesh_wrap - authFile = pkgs.writeText "influx.conf" '' - user:$apr1$ZG9oQCum$FhtIe/cl3jf8Sa4zq/BWd1 - ''; - in { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://wbob.r:3000/"; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - ''; - }; - locations."/influxdb/" = { - proxyPass = "http://wbob.r:8086/"; - extraConfig = '' - auth_basic "Needs Autherization to visit"; - auth_basic_user_file ${authFile}; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_redirect off; - ''; - }; - }; - }; -} diff --git a/makefu/2configs/nginx/euer.test.nix b/makefu/2configs/nginx/euer.test.nix deleted file mode 100644 index 40c376130..000000000 --- a/makefu/2configs/nginx/euer.test.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let - hostname = config.krebs.build.host.name; - user = config.services.nginx.user; - group = config.services.nginx.group; - external-ip = config.krebs.build.host.nets.internet.ip4.addr; - internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; -in { - services.nginx = { - enable = mkDefault true; - virtualHosts."share.euer.krebsco.de" = { - locations."/" = { - proxyPass = "http://localhost:8000/"; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - ''; - }; - }; - }; -} diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix deleted file mode 100644 index a925b9f78..000000000 --- a/makefu/2configs/nginx/euer.wiki.nix +++ /dev/null @@ -1,110 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let - sec = toString <secrets>; - ext-dom = "wiki.euer.krebsco.de"; - - user = config.services.nginx.user; - group = config.services.nginx.group; - fpm-socket = "/var/run/php5-fpm.sock"; - hostname = config.krebs.build.host.name; - tw-upload = pkgs.tw-upload-plugin; - base-dir = "/var/www/wiki.euer"; - base-cfg = "${base-dir}/twconf.ini"; - wiki-dir = "${base-dir}/store/"; - backup-dir = "${base-dir}/backup/"; - # contains: - # user1 = pass1 - # userN = passN - # afterwards put /var/www/<ext-dom>/user1.html as tiddlywiki - tw-pass-file = "${sec}/tw-pass.ini"; - -in { - state = [ base-dir ]; - # hotfix for broken wiki after reboot - systemd.services."phpfpm-euer-wiki".serviceConfig.RequiresMountFor = [ "/media/cloud" ]; - services.phpfpm = { - pools.euer-wiki = { - inherit user group; - listen = fpm-socket; - settings = { - "listen.owner" = user; - "pm" = "dynamic"; - "pm.max_children" = 5; - "pm.start_servers" = 2; - "pm.min_spare_servers" = 1; - "pm.max_spare_servers" = 3; - "chdir" = "/"; - "php_admin_value[error_log]" = "stderr"; - "php_admin_flag[log_errors]" = "on"; - "catch_workers_output" = "yes"; - - }; - phpEnv.twconf = base-cfg; - }; - }; - - systemd.services.prepare-tw = { - wantedBy = [ "local-fs.target" ]; - before = [ "phpfpm.service" "nginx.service" ]; - serviceConfig = { - ExecStart = pkgs.writeScript "prepare-tw-service" '' - #!/bin/sh - if ! test -d "${base-dir}" ;then - mkdir -p "${wiki-dir}" "${backup-dir}" - - # write the base configuration - cat > "${base-cfg}" <<EOF - [users] - $(cat "${tw-pass-file}") - [directories] - backupdir = ${backup-dir} - savedir = ${wiki-dir} - EOF - - chown -R ${user}:${group} "${base-dir}" - chmod 700 -R "${base-dir}" - fi - ''; - Type = "oneshot"; - RemainAfterExit = "yes"; - TimeoutSec = "0"; - }; - }; - - services.nginx = { - enable = mkDefault true; - recommendedGzipSettings = true; - virtualHosts = { - "${ext-dom}" = { - #serverAliases = [ - # "wiki.makefu.r" - # "wiki.makefu" - #]; - forceSSL = true; - enableACME = true; - locations = { - "/" = { - root = wiki-dir; - index = "makefu.html"; - extraConfig = '' - expires -1; - autoindex on; - ''; - }; - "/store.php" = { - root = tw-upload; - extraConfig = '' - client_max_body_size 200M; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass unix:${fpm-socket}; - include ${pkgs.nginx}/conf/fastcgi_params; - include ${pkgs.nginx}/conf/fastcgi.conf; - ''; - }; - }; - }; - }; - }; -} diff --git a/makefu/2configs/nginx/gold.krebsco.de.nix b/makefu/2configs/nginx/gold.krebsco.de.nix deleted file mode 100644 index 083c0f8d7..000000000 --- a/makefu/2configs/nginx/gold.krebsco.de.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let - gold = pkgs.fetchFromGitHub { - owner = "krebs"; - repo = "krebsgold"; - rev = "15f7a74"; - sha256= "1ya9xgg640k3hbl63022sfm44c1si2mxch8jkxindmwg4pa1y4ly"; - }; -in { - - services.nginx = { - enable = mkDefault true; - virtualHosts = { - "gold.krebsco.de" = { - enableACME = true; - forceSSL = true; - root = toString gold + "/html"; - }; - }; - }; -} - diff --git a/makefu/2configs/nginx/gum.krebsco.de.nix b/makefu/2configs/nginx/gum.krebsco.de.nix deleted file mode 100644 index 3e96e6826..000000000 --- a/makefu/2configs/nginx/gum.krebsco.de.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let -in { - services.nginx = { - enable = mkDefault true; - virtualHosts."gum.krebsco.de" = { - forceSSL = true; - enableACME = true; - locations."/" = { - # proxyPass = "http://localhost:8000/"; - # extraConfig = '' - # proxy_set_header Host $host; - # proxy_set_header X-Real-IP $remote_addr; - # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - # ''; - }; - }; - }; -} diff --git a/makefu/2configs/nginx/icecult.nix b/makefu/2configs/nginx/icecult.nix deleted file mode 100644 index e817e55d8..000000000 --- a/makefu/2configs/nginx/icecult.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, pkgs, lib, ... }: - -with import <stockholm/lib>; - -let - icecult = pkgs.fetchFromGitHub { - owner = "kraiz"; - repo = "icecult"; - rev = "1942d43381a97f30111a48725f7532c343a6f4d7"; - sha256 = "0l8q7kw3w1kpvmy8hza9vr5liiycivbljkmwpacaifbay5y98z58"; - }; -in{ - services.nginx = { - enable = true; - virtualHosts.default = { - root = "${icecult}/app"; - locations = { - "/rpc".proxyPass = "http://10.42.22.163:3121"; - "/rpc".extraConfig = '' - rewrite /rpc/(.*) /$1 break; - proxy_http_version 1.1; - ''; - }; - }; - }; -} diff --git a/makefu/2configs/nginx/iso.euer.nix b/makefu/2configs/nginx/iso.euer.nix deleted file mode 100644 index 701609d4b..000000000 --- a/makefu/2configs/nginx/iso.euer.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ config, pkgs, ... }: -let - system = builtins.currentSystem; #we can also build for other platforms - iso = (import <nixpkgs/nixos/lib/eval-config.nix> - { inherit system; - modules = [ ../../1systems/iso/config.nix ]; } - - ); - image = iso.config.system.build.isoImage; - name = iso.config.isoImage.isoName; - - drivedroid-cfg = builtins.toJSON [{ - id = "stockholm"; - imageUrl = http://krebsco.de/krebs-v2.png; - name = "stockholm"; - tags = [ "hybrid" ]; - url = http://krebsco.de; - releases = [ - { version = iso.config.system.nixos.label; - url = "/stockholm.iso"; - arch = system; } - ]; - # size = TODO; - }]; - web = pkgs.linkFarm "web" [{ - name = "drivedroid.json"; - path = pkgs.writeText "drivedroid.json" drivedroid-cfg; } - { name = "stockholm.iso"; - path = "${image}/iso/${name}"; } - ]; -in -{ - services.nginx = { - virtualHosts = { - "iso.euer.krebsco.de" = { - enableACME = true; - forceSSL = true; - root = web; - locations."/".index = "drivedroid.json"; - }; - }; - }; -} diff --git a/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix b/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix deleted file mode 100644 index c8a5ae704..000000000 --- a/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - services.nginx = { - enable = lib.mkDefault true; - virtualHosts."misa-felix.ml" = { - #forceSSL = true; - #enableACME = true; - locations = { - "/" = { - index = "index.html"; - root = "/var/www/misa-felix-hochzeit.ml"; - }; - }; - }; - }; -} diff --git a/makefu/2configs/nginx/music.euer.nix b/makefu/2configs/nginx/music.euer.nix deleted file mode 100644 index e866f1b0d..000000000 --- a/makefu/2configs/nginx/music.euer.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - hostname = config.krebs.build.host.name; - user = config.services.nginx.user; - group = config.services.nginx.group; - external-ip = config.krebs.build.host.nets.internet.ip4.addr; - internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; -in { - services.nginx = { - enable = lib.mkDefault true; - virtualHosts."music.euer.krebsco.de" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://omo:4533/"; - proxyWebsockets = true; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - ''; - }; - }; - }; -} diff --git a/makefu/2configs/nginx/public_html.nix b/makefu/2configs/nginx/public_html.nix deleted file mode 100644 index 676d1f110..000000000 --- a/makefu/2configs/nginx/public_html.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, lib, ... }: - -with import <stockholm/lib>; - -{ - services.nginx = { - enable = true; - virtualHosts.default = { - default = true; - locations = { - "~ ^/~(.+?)(/.*)?\$".extraConfig = '' - alias /home/$1/public_html$2; - autoindex on; - ''; - }; - }; - }; -} diff --git a/makefu/2configs/nginx/rompr.nix b/makefu/2configs/nginx/rompr.nix deleted file mode 100644 index c7dc3ff17..000000000 --- a/makefu/2configs/nginx/rompr.nix +++ /dev/null @@ -1,75 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let - user = config.services.nginx.user; - group = config.services.nginx.group; - src = pkgs.fetchFromGitHub { - owner = "fatg3erman"; - repo = "RompR"; - rev = "1.21"; - sha256 = "00gk2c610qgpsb6y296h9pz2aaa6gfq4cqhn15l7fdrk3lkvh01q"; - }; - fpm-socket = "/var/run/php5-rompr-fpm.sock"; - mpd-src = "/var/lib/rompr"; - -in { - services.phpfpm = { - poolConfigs = { - mpd = '' - user = ${user} - group = ${group} - listen = ${fpm-socket} - listen.owner = ${user} - listen.group = ${group} - pm = dynamic - pm.max_children = 5 - pm.start_servers = 2 - pm.min_spare_servers = 1 - pm.max_spare_servers = 3 - chdir = / - php_admin_value[error_log] = 'stderr' - php_admin_flag[log_errors] = on - catch_workers_output = yes - ''; - }; - }; - # TODO: Pre-job - # TODO: prefs.var could be templated (serialized php ...) then we would not - # need to have a state dir at all - system.activationScripts.rompr = '' - mkdir -p ${mpd-src} - cp -r ${src}/. ${mpd-src} - chown -R ${user}:${group} ${mpd-src} - chmod 770 ${mpd-src} - ''; - services.nginx = { - enable = mkDefault true; - virtualHosts = { - "localhost" = { - root = mpd-src; - locations."/".index = "index.php"; - locations."~ \.php$" = { - root = mpd-src; - extraConfig = '' - client_max_body_size 200M; - fastcgi_pass unix:${fpm-socket}; - include ${pkgs.nginx}/conf/fastcgi_params; - include ${pkgs.nginx}/conf/fastcgi.conf; - fastcgi_index index.php; - try_files $uri =404; - ''; - }; - }; - }; - }; - services.mysql = { - enable = true; - package = pkgs.mariadb; - ensureDatabases = [ "romprdb" ]; - ensureUsers = [ - { ensurePermissions = { "romprdb.*" = "ALL PRIVILEGES"; }; - name = user; } - ]; - }; -} diff --git a/makefu/2configs/nginx/update.connector.one.nix b/makefu/2configs/nginx/update.connector.one.nix deleted file mode 100644 index 44345dcd8..000000000 --- a/makefu/2configs/nginx/update.connector.one.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -{ - services.nginx = { - enable = mkDefault true; - virtualHosts."update.connector.one" = { - locations = { - "/" = { - root = "/var/www/update.connector.one"; - extraConfig = '' - autoindex on; - sendfile on; - gzip on; - ''; - }; - }; - }; - }; -} diff --git a/makefu/2configs/nix-community/mediawiki-matrix-bot.nix b/makefu/2configs/nix-community/mediawiki-matrix-bot.nix deleted file mode 100644 index 6dff64121..000000000 --- a/makefu/2configs/nix-community/mediawiki-matrix-bot.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ pkgs, ... }: -let - seccfg = toString <secrets/mediawikibot-config.json>; - statecfg = "/var/lib/mediawiki-matrix-bot/config.json"; -in { - systemd.services.mediawiki-matrix-bot = { - description = "Mediawiki Matrix Bot"; - after = [ "network-online.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Restart = "always"; - RestartSec = "60s"; - DynamicUser = true; - StateDirectory = "mediawiki-matrix-bot"; - PermissionsStartOnly = true; - ExecStartPre = pkgs.writeDash "mediawikibot-copy-config" '' - install -D -m644 ${seccfg} ${statecfg} - ''; - ExecStart = "${pkgs.mediawiki-matrix-bot}/bin/mediawiki-matrix-bot ${statecfg}"; - PrivateTmp = true; - }; - }; -} diff --git a/makefu/2configs/nix-community/supervision.nix b/makefu/2configs/nix-community/supervision.nix deleted file mode 100644 index cd4b6567b..000000000 --- a/makefu/2configs/nix-community/supervision.nix +++ /dev/null @@ -1,83 +0,0 @@ -{ config, lib, pkgs, ... }: -let - isVM = lib.any (mod: mod == "xen-blkfront" || mod == "virtio_console") config.boot.initrd.kernelModules; - port = "9273"; -in { - - networking.firewall.extraCommands = '' - iptables -A INPUT -i retiolum -p tcp --dport ${port} -j ACCEPT - ip6tables -A INPUT -i retiolum -p tcp --dport ${port} -j ACCEPT - ''; - - services.telegraf = { - enable = true; - extraConfig = { - agent.interval = "60s"; - inputs = { - prometheus.metric_version = 2; - kernel_vmstat = { }; - smart = lib.mkIf (!isVM) { - path = pkgs.writeShellScript "smartctl" '' - exec /run/wrappers/bin/sudo ${pkgs.smartmontools}/bin/smartctl "$@" - ''; - }; - system = { }; - mem = { }; - file = [{ - data_format = "influx"; - file_tag = "name"; - files = [ "/var/log/telegraf/*" ]; - }] ++ lib.optional (lib.any (fs: fs == "ext4") config.boot.supportedFilesystems) { - name_override = "ext4_errors"; - files = [ "/sys/fs/ext4/*/errors_count" ]; - data_format = "value"; - }; - exec = lib.optionalAttrs (lib.any (fs: fs == "zfs") config.boot.supportedFilesystems) { - ## Commands array - commands = [ - (pkgs.writeScript "zpool-health" '' - #!${pkgs.gawk}/bin/awk -f - BEGIN { - while ("${pkgs.zfs}/bin/zpool status" | getline) { - if ($1 ~ /pool:/) { printf "zpool_status,name=%s ", $2 } - if ($1 ~ /state:/) { printf " state=\"%s\",", $2 } - if ($1 ~ /errors:/) { - if (index($2, "No")) printf "errors=0i\n"; else printf "errors=%di\n", $2 - } - } - } - '') - ]; - data_format = "influx"; - }; - systemd_units = { }; - swap = { }; - disk.tagdrop = { - fstype = [ "tmpfs" "ramfs" "devtmpfs" "devfs" "iso9660" "overlay" "aufs" "squashfs" ]; - device = [ "rpc_pipefs" "lxcfs" "nsfs" "borgfs" ]; - }; - diskio = { }; - }; - outputs.prometheus_client = { - listen = ":${port}"; - metric_version = 2; - }; - }; - }; - - security.sudo.extraRules = lib.mkIf (!isVM) [{ - users = [ "telegraf" ]; - commands = [{ - command = "${pkgs.smartmontools}/bin/smartctl"; - options = [ "NOPASSWD" ]; - }]; - }]; - # avoid logging sudo use - security.sudo.configFile = '' - Defaults:telegraf !syslog,!pam_session - ''; - # create dummy file to avoid telegraf errors - systemd.tmpfiles.rules = [ - "f /var/log/telegraf/dummy 0444 root root - -" - ]; -} diff --git a/makefu/2configs/nsupdate-data.nix b/makefu/2configs/nsupdate-data.nix deleted file mode 100644 index 3b6518f60..000000000 --- a/makefu/2configs/nsupdate-data.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ config, lib, pkgs, ... }: - -# search also generates ddclient entries for all other logs - -with import <stockholm/lib>; -let - #primary-itf = "eth0"; - #primary-itf = "wlp2s0"; - primary-itf = config.makefu.server.primary-itf; - ddclientUser = "ddclient"; - sec = toString <secrets>; - nsupdate = import "${sec}/nsupdate-data.nix"; - stateDir = "/var/spool/ddclient"; - cfg = "${stateDir}/cfg"; - ddclientPIDFile = "${stateDir}/ddclient.pid"; - - # TODO: correct cert generation requires a `real` internet ip address - - gen-cfg = dict: '' - ssl=yes - cache=${stateDir}/ddclient.cache - pid=${ddclientPIDFile} - ${concatStringsSep "\n" (mapAttrsToList (user: pass: '' - - use=if, if=${primary-itf} protocol=dyndns2, server=ipv4.nsupdate.info, login=${user}, password='${pass}' ${user} - usev6=if, if=${primary-itf} protocol=dyndns2, server=ipv6.nsupdate.info, login=${user}, password='${pass}' ${user} - '') dict)} - ''; - -in { - users.users.${ddclientUser} = { - name = ddclientUser; - uid = genid ddclientUser; - description = "ddclient daemon user"; - home = stateDir; - createHome = true; - isSystemUser = true; - group = ddclientUser; - }; - users.groups.${ddclientUser} = {}; - - systemd.services = { - ddclient-nsupdate-elchos = { - wantedBy = [ "multi-user.target" ]; - after = [ "ip-up.target" ]; - serviceConfig = { - Type = "forking"; - User = ddclientUser; - PIDFile = ddclientPIDFile; - ExecStartPre = pkgs.writeDash "init-nsupdate" '' - cp -vf ${pkgs.writeText "ddclient-config" (gen-cfg nsupdate)} ${cfg} - chmod 700 ${cfg} - ''; - ExecStart = "${pkgs.ddclient}/bin/ddclient -verbose -daemon 1 -noquiet -file ${cfg}"; - }; - }; - }; -} diff --git a/makefu/2configs/nur.nix b/makefu/2configs/nur.nix deleted file mode 100644 index 6132168ad..000000000 --- a/makefu/2configs/nur.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ pkgs, ... }:{ - nixpkgs.config.packageOverrides = pkgs: { - nur = import (builtins.fetchTarball { - url = "https://github.com/nix-community/NUR/archive/28e5326ecbaef8b961bec7d18dbfe35f522fb2b1.tar.gz"; - sha256 = "1yni27g71r8n9bgsck7lz5dzx2fciljnba249yqhr9k3mzlkr7yb"; - } - ){ - inherit pkgs; - }; - }; -} diff --git a/makefu/2configs/opentracker.nix b/makefu/2configs/opentracker.nix deleted file mode 100644 index f98105625..000000000 --- a/makefu/2configs/opentracker.nix +++ /dev/null @@ -1,16 +0,0 @@ -{pkgs, ...}: - -let - daemon-port = 16969; - cfgfile = pkgs.writeText "opentracker-cfg" '' - ''; -in { - # Opentracker does not support local IPs (10.0.0.0/8 ) - makefu.opentracker = { - enable = true; - args = "-p ${toString daemon-port} -P ${toString daemon-port}"; - }; - networking.firewall.allowedTCPPorts = [ daemon-port ]; - networking.firewall.allowedUDPPorts = [ daemon-port ]; - -} diff --git a/makefu/2configs/overlays/prefer-remote-fetch.nix b/makefu/2configs/overlays/prefer-remote-fetch.nix deleted file mode 100644 index d332e6723..000000000 --- a/makefu/2configs/overlays/prefer-remote-fetch.nix +++ /dev/null @@ -1,4 +0,0 @@ -self: super: - if super ? prefer-remote-fetch then - (super.prefer-remote-fetch self super) -else super diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix deleted file mode 100644 index 210a9df33..000000000 --- a/makefu/2configs/printer.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ config, pkgs, ... }: - -let - mainUser = config.krebs.build.user.name; -in { - services.printing = { - enable = true; - drivers = with pkgs; [ - # samsungUnifiedLinuxDriver - splix # scx 3200 - cups-dymo # dymo labelwriter - foo2zjs # magicolor 1690mf - cups-zj-58 - cups-ptouch - ]; - }; - - users.users."${mainUser}".extraGroups = [ "scanner" "lp" ]; - - # scanners are printers just in reverse anyway - services.saned.enable = true; - hardware.sane = { - enable = true; - extraBackends = [ ]; - extraConfig.xerox_mfp = '' - usb 0x04e8 0x3441 - ''; - #netConf = - # # drucker.lan SCX-3205W - # '' - # 192.168.111.16'' - # # uhrenkind.shack magicolor 1690mf - #+ '' - # 10.42.20.30''; - - ## $ scanimage -p --format=jpg --mode=Gray --source="Automatic Document Feeder" -v --batch="lol%d.jpg" --resolution=150 - - ## requires 'sane-extra', scan via: - #extraConfig."magicolor" = '' - # net 10.42.20.30 0x2098 - #''; # 10.42.20.30: uhrenkind.shack magicolor 1690mf - }; - state = [ "/var/lib/cups" ]; - services.udev.extraRules = '' - ATTRS{idVendor}=="04e8", ATTRS{idProduct}=="3441", ENV{libsane_matched}="yes" - ''; -} diff --git a/makefu/2configs/pyload.nix b/makefu/2configs/pyload.nix deleted file mode 100644 index 3aa5048a4..000000000 --- a/makefu/2configs/pyload.nix +++ /dev/null @@ -1,10 +0,0 @@ -{pkgs, ... }: -{ - nixpkgs.config.unfreeRedistributable = true; - users.users.makefu.packages = with pkgs;[ - pyload - spidermonkey - tesseract - ]; - -} diff --git a/makefu/2configs/qemu-guest.nix b/makefu/2configs/qemu-guest.nix deleted file mode 100644 index 43ec84ed5..000000000 --- a/makefu/2configs/qemu-guest.nix +++ /dev/null @@ -1,4 +0,0 @@ -{...}: -{ - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" "virtio_net" "virtio_scsi" ]; -} diff --git a/makefu/2configs/remote-build/aarch64-community.nix b/makefu/2configs/remote-build/aarch64-community.nix deleted file mode 100644 index d57eacd68..000000000 --- a/makefu/2configs/remote-build/aarch64-community.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - nix = { - distributedBuilds = true; - buildMachines = [ - { - hostName = "aarch64.nixos.community"; - maxJobs = 64; - sshKey = toString <secrets/nixos-community>; - sshUser = "makefu"; - system = "aarch64-linux"; - supportedFeatures = [ "big-parallel" ]; - } - ]; - }; -} diff --git a/makefu/2configs/remote-build/arm-emulation.nix b/makefu/2configs/remote-build/arm-emulation.nix deleted file mode 100644 index dbef25222..000000000 --- a/makefu/2configs/remote-build/arm-emulation.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ pkgs, ... }: -let qemu-arm-static = pkgs.stdenv.mkDerivation { - name = "qemu-arm-static"; - src = builtins.fetchurl { - url = "https://github.com/multiarch/qemu-user-static/releases/download/v6.1.0-8/qemu-arm-static"; - sha256 = "06344d77d4f08b3e1b26ff440cb115179c63ca8047afb978602d7922a51231e3"; - }; - dontUnpack = true; - installPhase = "install -D -m 0755 $src $out/bin/qemu-arm-static"; -}; -in { - # Enable binfmt emulation of extra binary formats (armv7l-linux, for exmaple). - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; - boot.binfmt.registrations.arm = { - interpreter = "${qemu-arm-static}/bin/qemu-arm-static"; - magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00''; - mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff''; - }; - - # Define additional settings for nix. - nix.extraOptions = '' - extra-platforms = armv7l-linux - ''; - nix.sandboxPaths = [ "/run/binfmt/arm=${qemu-arm-static}/bin/qemu-arm-static" ]; -} diff --git a/makefu/2configs/remote-build/gum.nix b/makefu/2configs/remote-build/gum.nix deleted file mode 100644 index 39e90f1b8..000000000 --- a/makefu/2configs/remote-build/gum.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - nix = { - distributedBuilds = true; - buildMachines = [ - { - hostName = "gum.krebsco.de"; - maxJobs = 8; - sshKey = toString <secrets/id_nixBuild>; - sshUser = "nixBuild"; - system = "x86_64-linux"; - supportedFeatures = [ ]; - } - { - hostName = "gum.krebsco.de"; - maxJobs = 8; - sshKey = toString <secrets/id_nixBuild>; - sshUser = "nixBuild"; - system = "armv6l-linux"; - supportedFeatures = [ ]; - } - ]; - }; -} diff --git a/makefu/2configs/remote-build/slave.nix b/makefu/2configs/remote-build/slave.nix deleted file mode 100644 index 039698f1d..000000000 --- a/makefu/2configs/remote-build/slave.nix +++ /dev/null @@ -1,12 +0,0 @@ -{config,...}:{ - nix.trustedUsers = [ "nixBuild" ]; - users.users.nixBuild = { - name = "nixBuild"; - isNormalUser = true; - useDefaultShell = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.buildbotSlave.pubkey - config.krebs.users.makefu-remote-builder.pubkey - ]; - }; -} diff --git a/makefu/2configs/retroshare.nix b/makefu/2configs/retroshare.nix deleted file mode 100644 index 4d2fc6af9..000000000 --- a/makefu/2configs/retroshare.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ pkgs, ... }: -let - port = 9024; -in { - users.users.makefu.packages = [ - pkgs.retroshare - ]; - networking.firewall.allowedTCPPorts = [ port ]; - networking.firewall.allowedUDPPorts = [ port ]; -} diff --git a/makefu/2configs/sabnzbd.nix b/makefu/2configs/sabnzbd.nix deleted file mode 100644 index 90a9f284f..000000000 --- a/makefu/2configs/sabnzbd.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ pkgs, config, ... }: - -with import <stockholm/lib>; -let - web-port = 8080; -in { - services.sabnzbd.enable = true; - services.sabnzbd.group = "download"; - systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - - users.users.sabnzbd.group = mkForce "download"; - - networking.firewall.extraCommands = '' - iptables -A INPUT -i retiolum -p tcp --dport ${toString web-port} -j ACCEPT - ''; -} diff --git a/makefu/2configs/save-diskspace.nix b/makefu/2configs/save-diskspace.nix deleted file mode 100644 index b6725e730..000000000 --- a/makefu/2configs/save-diskspace.nix +++ /dev/null @@ -1,11 +0,0 @@ -_: -# TODO: do not check out nixpkgs master but fetch revision from github -{ - environment.noXlibs = true; - nix.gc.automatic = true; - nix.gc.dates = "03:10"; - documentation.info.enable = false; - documentation.man.enable = false; - services.journald.extraConfig = "SystemMaxUse=50M"; - services.nixosManual.enable = false; -} diff --git a/makefu/2configs/shack/events-publisher/default.nix b/makefu/2configs/shack/events-publisher/default.nix deleted file mode 100644 index 964e5ccbb..000000000 --- a/makefu/2configs/shack/events-publisher/default.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ pkgs, ... }: -with import <stockholm/lib>; -let - shack-announce = pkgs.callPackage (builtins.fetchTarball { - url = "https://github.com/makefu/events-publisher/archive/419afdfe16ebf7f2360d2ba64b67ca88948832bd.tar.gz"; - sha256 = "0rn1ykgjbd79zg03maa49kzi6hpzn4xzf4j93qgx5wax7h12qjx0"; - }) {} ; - home = "/var/lib/shackannounce"; - user = "shackannounce"; - creds = (toString <secrets>) + "/shack-announce.json"; - LOL = "DEBUG"; -in -{ - users.users.${user}= { - uid = genid user; - inherit home; - createHome = true; - }; - systemd.services.shack-announce = { - description = "Announce shack events"; - startAt = "*:0/30"; - path = [ shack-announce ]; - serviceConfig = { - WorkingDirectory = home; - User = user; - PermissionsStartOnly = true; - ExecStartPre = pkgs.writeDash "shack-announce-pre" '' - set -eu - cp ${creds} creds.json - chown ${user} creds.json - ''; - ExecStart = pkgs.writeDash "shack-announce" '' - if test ! -e announce.state; then - echo "initializing state" - announce-daemon \ - --lol ${LOL} \ - --creds creds.json \ - --state announce.state \ - --clean --init - fi - echo "Running announce" - announce-daemon \ - --lol ${LOL} \ - --creds creds.json \ - --state announce.state - ''; - }; - }; -} diff --git a/makefu/2configs/shack/gitlab-runner/default.nix b/makefu/2configs/shack/gitlab-runner/default.nix deleted file mode 100644 index 55dc50fa8..000000000 --- a/makefu/2configs/shack/gitlab-runner/default.nix +++ /dev/null @@ -1,31 +0,0 @@ - -{ - systemd.services.gitlab-runner.path = [ - "/run/wrappers" # /run/wrappers/bin/su - "/" # /bin/sh - ]; - services.gitlab-runner = { - enable = true; - configOptions = - { concurrent = 1; - runners = [ - { builds_dir = ""; - #docker = - #{ cache_dir = ""; - # disable_cache = true; - # host = ""; image = "nixos/nix:2.1.3"; - # privileged = true; - #}; - #executor = "docker"; - # name = "docker-nix"; - name = "gum-shell"; - executor = "shell"; - environment = [ "PATH=/bin:/run/wrappers/bin:/etc/per-user/gitlab-runner/bin:/etc/per-user-pkgs/gitlab-runner/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin" ]; - # generate via `gitlab-runner register` - token = import <secrets/shackspace-gitlab-ci-token.nix>; - url = "https://git.shackspace.de/"; - } - ]; - }; - }; -} diff --git a/makefu/2configs/share-user-sftp.nix b/makefu/2configs/share-user-sftp.nix deleted file mode 100644 index 26f1d3ba3..000000000 --- a/makefu/2configs/share-user-sftp.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, ... }: - -{ - users.users = { - share = { - uid = 9002; - home = "/var/empty"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; - }; - }; - # we will use internal-sftp to make uncomplicated Chroot work - services.openssh.extraConfig = '' - Match User share - ChrootDirectory /media - ForceCommand internal-sftp - AllowTcpForwarding no - PermitTunnel no - X11Forwarding no - Match All - ''; -} diff --git a/makefu/2configs/share/anon-ftp.nix b/makefu/2configs/share/anon-ftp.nix deleted file mode 100644 index d2a535f97..000000000 --- a/makefu/2configs/share/anon-ftp.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ config, lib, ... }: -let - ftpdir = "/data"; -in { - networking.firewall = { - allowedTCPPorts = [ 20 21 ]; - autoLoadConntrackHelpers = true; - connectionTrackingModules = [ "ftp" ]; - extraCommands = '' - iptables -A PREROUTING -t raw -p tcp --dport 21 -j CT --helper ftp - ''; - }; - systemd.services.vsftpd.preStart = lib.mkForce '' - mkdir -p -m755 ${ftpdir}/incoming - chown root:root ${ftpdir} - chown ftp ${ftpdir}/incoming - ''; - services.vsftpd = { - enable = true; - extraConfig = '' - ftpd_banner=Welcome to the krebs share, use the incoming dir for new and old leaks. Join freenode#krebs - ''; - anonymousUser = true; - anonymousUserNoPassword = true; - anonymousUploadEnable = true; - anonymousMkdirEnable = true; - writeEnable = true; - chrootlocalUser = true; - anonymousUserHome = ftpdir; - }; -} diff --git a/makefu/2configs/share/anon-sftp.nix b/makefu/2configs/share/anon-sftp.nix deleted file mode 100644 index 7cde9317a..000000000 --- a/makefu/2configs/share/anon-sftp.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -{ - services.openssh = { - allowSFTP = true; - sftpFlags = [ "-l VERBOSE" ]; - extraConfig = '' - Match User anonymous - ForceCommand internal-sftp - AllowTcpForwarding no - X11Forwarding no - PasswordAuthentication no - ''; - }; - - users.users.anonymous = { - uid = genid "anonymous"; - useDefaultShell = false; - password = "anonymous"; - home = "/media/anon"; - createHome = true; - }; - -} diff --git a/makefu/2configs/share/default.nix b/makefu/2configs/share/default.nix deleted file mode 100644 index a1ad349b9..000000000 --- a/makefu/2configs/share/default.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ config, lib, ... }: -with import <stockholm/lib>; -let - base-dir = config.services.rtorrent.downloadDir; -in { - users.users = { - download = { - name = "download"; - home = base-dir; - isNormalUser = true; - uid = mkDefault (genid "download"); - createHome = false; - useDefaultShell = true; - group = "download"; - openssh.authorizedKeys.keys = [ ]; - }; - }; - - users.groups = { - download = { - gid = lib.mkDefault (genid "download"); - members = [ - config.krebs.build.user.name - "download" - ]; - }; - }; - -} diff --git a/makefu/2configs/share/gum-client.nix b/makefu/2configs/share/gum-client.nix deleted file mode 100644 index 09a3dd733..000000000 --- a/makefu/2configs/share/gum-client.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - automount_opts = - [ "x-systemd.automount" "noauto" - "x-systemd.idle-timeout=300" - "x-systemd.mount-timeout=60s" - ]; - host = "gum.w"; #TODO -in { - boot.extraModprobeConfig = '' - options cifs CIFSMaxBufSize=130048 - ''; - fileSystems."/media/cloud" = { - device = "//${host}/cloud-proxy"; - fsType = "cifs"; - options = automount_opts ++ - [ "credentials=/var/src/secrets/download.smb" - "file_mode=0775" - "dir_mode=0775" - "bsize=8388608" - "fsc" - "rsize=130048" - "cache=loose" - "uid=${toString config.users.users.download.uid}" - "gid=${toString config.users.groups.download.gid}" - "vers=3" - ]; - }; - -} diff --git a/makefu/2configs/share/gum.nix b/makefu/2configs/share/gum.nix deleted file mode 100644 index 9647e0a6c..000000000 --- a/makefu/2configs/share/gum.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - hostname = config.krebs.build.host.name; -in { - # users.users.smbguest = { - # name = "smbguest"; - # uid = config.ids.uids.smbguest; - # description = "smb guest user"; - # home = "/var/empty"; - # }; - environment.systemPackages = [ pkgs.samba ]; - services.samba = { - enable = true; - shares = { - cloud-proxy = { - path = "/media/cloud"; - "read only" = "no"; - browseable = "yes"; - "guest ok" = "no"; - "valid users" = "download"; - }; - }; - extraConfig = '' - # guest account = smbguest - # map to guest = bad user - # disable printing - load printers = no - printing = bsd - printcap name = /dev/null - disable spoolss = yes - ''; - }; - networking.firewall.interfaces.retiolum.allowedTCPPorts = [ 445 ]; - networking.firewall.interfaces.wiregrill.allowedTCPPorts = [ 445 ]; -} diff --git a/makefu/2configs/share/hetzner-client.nix b/makefu/2configs/share/hetzner-client.nix deleted file mode 100644 index 9713b776a..000000000 --- a/makefu/2configs/share/hetzner-client.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ config, lib, pkgs, ... }: - -with <stockholm/lib>; -let - automount_opts = - ["nofail" - ]; - host = "u288834.your-storagebox.de"; -in { - boot.kernel.sysctl."net.ipv6.route.max_size" = 2147483647; - - fileSystems."/media/cloud" = { - device = "//${host}/backup"; - fsType = "cifs"; - options = automount_opts ++ - [ "credentials=${toString <secrets/hetzner.smb>}" - "file_mode=0770" - "dir_mode=0770" - "uid=${toString config.users.users.download.uid}" - "gid=${toString config.users.groups.download.gid}" - "vers=3" - #"vers=2.1" - "rsize=65536" - "wsize=130048" - "iocharset=utf8" - "cache=loose" - ]; - }; -} diff --git a/makefu/2configs/share/omo-client.nix b/makefu/2configs/share/omo-client.nix deleted file mode 100644 index 4ad32bdd6..000000000 --- a/makefu/2configs/share/omo-client.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - automount_opts = - [ "x-systemd.automount" - "noauto" "x-systemd.idle-timeout=600" - "x-systemd.device-timeout=5s" - "x-systemd.mount-timeout=5s" - ]; - host = "omo.lan"; #TODO - path = "/media/omo/photos"; -in { - systemd.tmpfiles.rules = [ - "d ${path} root root - -" - ]; - fileSystems."${path}" = { - device = "//${host}/photos"; - fsType = "cifs"; - options = automount_opts ++ - [ "credentials=/var/src/secrets/omo-client.smb" - "file_mode=0775" - "dir_mode=0775" - "uid=9001" - "vers=3" - ]; - }; - -} diff --git a/makefu/2configs/share/omo-timemachine.nix b/makefu/2configs/share/omo-timemachine.nix deleted file mode 100644 index 18cf0328e..000000000 --- a/makefu/2configs/share/omo-timemachine.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ pkgs, ... }: -{ - services.samba = { - # support for timemachine in git - package = pkgs.sambaFull; - shares = { - time_machine = { - path = "/media/crypt3/backup/time_machine"; - "valid users" = "misa"; - public = "no"; - writeable = "yes"; - "force user" = "misa"; - "fruit:aapl" = "yes"; - "fruit:time machine" = "yes"; - "vfs objects" = "catia fruit streams_xattr"; - }; - }; - }; -} diff --git a/makefu/2configs/share/omo.nix b/makefu/2configs/share/omo.nix deleted file mode 100644 index 16959bc90..000000000 --- a/makefu/2configs/share/omo.nix +++ /dev/null @@ -1,111 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let - hostname = config.krebs.build.host.name; - # TODO local-ip from the nets config - internal-ip = "192.168.111.11"; - # local-ip = config.krebs.build.host.nets.retiolum.ip4.addr; -in { - - # samba share /media/crypt1/share - systemd.services.samba-smbd.serviceConfig.RequiresMountFor = [ "/media/cryptX" ]; - users.users.smbguest = { - name = "smbguest"; - uid = config.ids.uids.smbguest; - description = "smb guest user"; - home = "/var/empty"; - group = "share"; - }; - users.groups.share = {}; - services.samba = { - enable = true; - shares = { - winshare = { - path = "/media/crypt1/share"; - "read only" = "no"; - browseable = "yes"; - "guest ok" = "yes"; - }; - emu = { - path = "/media/crypt1/emu"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - movies = { - path = "/media/cryptX/movies"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - audiobook = { - path = "/media/crypt1/audiobooks"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - crypt0 = { - path = "/media/crypt0"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - anime = { - path = "/media/cryptX/anime"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - serien = { - path = "/media/cryptX/series"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - youtube = { - path = "/media/cryptX/youtube"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - photos = { - path = "/media/cryptX/photos"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - crypX-games = { - path = "/media/cryptX/games"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - media-rw = { - path = "/media/"; - "read only" = "no"; - browseable = "yes"; - "guest ok" = "no"; - "valid users" = "makefu"; - }; - #cloud = { - # path = "/media/cloud/download/finished"; - # "read only" = "no"; - # browseable = "yes"; - # "guest ok" = "yes"; - #}; - }; - extraConfig = '' - guest account = smbguest - map to guest = bad user - # disable printing - load printers = no - printing = bsd - printcap name = /dev/null - disable spoolss = yes - workgroup = WORKGROUP - server string = ${config.networking.hostName} - netbios name = ${config.networking.hostName} - ''; - }; -} diff --git a/makefu/2configs/share/temp-share-samba.nix b/makefu/2configs/share/temp-share-samba.nix deleted file mode 100644 index bcfddc112..000000000 --- a/makefu/2configs/share/temp-share-samba.nix +++ /dev/null @@ -1,45 +0,0 @@ -{config, ... }:{ - services.avahi = { - enable = true; - interfaces = [ config.makefu.server.primary-itf ]; - publish.enable = true; - publish.userServices = true; - }; - networking.firewall.allowedUDPPorts = [ 137 138 ]; - networking.firewall.allowedTCPPorts = [ 139 445 ]; - users.users.smbguest = { - name = "smbguest"; - uid = config.ids.uids.smbguest; # effectively systemUser - description = "smb guest user"; - home = "/home/share"; - createHome = true; - group = "smbguest"; - }; - users.groups.smbguest = {}; - services.samba = { - enable = true; - shares = { - share-home = { - path = "/home/share/"; - "read only" = "no"; - browseable = "yes"; - "guest ok" = "yes"; - }; - movies = { - path = "/home/makefu/movies"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - }; - extraConfig = '' - guest account = smbguest - map to guest = bad user - # disable printing - load printers = no - printing = bsd - printcap name = /dev/null - disable spoolss = yes - ''; - }; -} diff --git a/makefu/2configs/share/wbob.nix b/makefu/2configs/share/wbob.nix deleted file mode 100644 index 9e5f8ddf5..000000000 --- a/makefu/2configs/share/wbob.nix +++ /dev/null @@ -1,47 +0,0 @@ -{config, ... }:{ - networking.firewall.allowedUDPPorts = [ 137 138 ]; - networking.firewall.allowedTCPPorts = [ 139 445 ]; - users.users.smbguest = { - name = "smbguest"; - uid = config.ids.uids.smbguest; # effectively systemUser - description = "smb guest user"; - home = "/home/share"; - createHome = true; - group = "smbguest"; - }; - users.groups.smbguest = {}; - users.groups.mpd.members = [ "makefu" ]; - services.samba = { - enable = true; - enableNmbd = true; - shares = { - incoming = { - path = "/data/incoming"; - "read only" = "no"; - browseable = "yes"; - "guest ok" = "yes"; - }; - data = { - path = "/data/"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - music-rw = { - path = "/data/music"; - "read only" = "no"; - browseable = "yes"; - "guest ok" = "no"; - }; - }; - extraConfig = '' - guest account = smbguest - map to guest = bad user - # disable printing - load printers = no - printing = bsd - printcap name = /dev/null - disable spoolss = yes - ''; - }; -} diff --git a/makefu/2configs/shiori.nix b/makefu/2configs/shiori.nix deleted file mode 100644 index 94a5e9dc8..000000000 --- a/makefu/2configs/shiori.nix +++ /dev/null @@ -1,20 +0,0 @@ -{config, lib, pkgs, ...}: -let - web_port = 9011; - statedir = "/var/lib/shiori"; -in { - state = [ "/var/lib/private/shiori" ]; # when using dynamicUser - services.shiori = { - enable = true; - port = web_port; - address = "127.0.0.1"; - }; - services.nginx.virtualHosts."bookmark.euer.krebsco.de" = { - forceSSL = true; - enableACME = true; - - locations."/" = { - proxyPass = "http://127.0.0.1:${toString web_port}/"; - }; - }; -} diff --git a/makefu/2configs/sickbeard/cheetah3.nix b/makefu/2configs/sickbeard/cheetah3.nix deleted file mode 100644 index df928edd6..000000000 --- a/makefu/2configs/sickbeard/cheetah3.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ lib -, buildPythonPackage -, fetchPypi -}: - -buildPythonPackage rec { - pname = "cheetah3"; - version = "3.2.4"; - - - src = fetchPypi { - pname = "Cheetah3"; - inherit version; - sha256 = "caabb9c22961a3413ac85cd1e5525ec9ca80daeba6555f4f60802b6c256e252b"; - }; - - doCheck = false; - - meta = with lib; { - description = "Cheetah is a template engine and code generation tool"; - homepage = https://cheetahtemplate.org/; - license = licenses.mit; - # maintainers = [ maintainers. ]; - }; -} diff --git a/makefu/2configs/sickbeard/debug.patch b/makefu/2configs/sickbeard/debug.patch deleted file mode 100644 index aa22142c8..000000000 --- a/makefu/2configs/sickbeard/debug.patch +++ /dev/null @@ -1,91 +0,0 @@ -diff --git a/SickBeard.py b/SickBeard.py -index 31cfd1e1..10a4ef5e 100755 ---- a/SickBeard.py -+++ b/SickBeard.py -@@ -1,4 +1,4 @@ --#!/usr/bin/env python2 -+#!/usr/bin/env python3 - # - # This file is part of SickGear. - # -diff --git a/sickbeard/providers/generic.py b/sickbeard/providers/generic.py -index 5c1f7bfe..8999b468 100644 ---- a/sickbeard/providers/generic.py -+++ b/sickbeard/providers/generic.py -@@ -1203,6 +1203,7 @@ class GenericProvider(object): - ep_num = None - if 1 == len(ep_obj_results): - ep_num = ep_obj_results[0].episode -+ logger.log(f'{ep_obj_results[0]}',logger.DEBUG) - logger.log(u'Single episode result.', logger.DEBUG) - elif 1 < len(ep_obj_results): - ep_num = MULTI_EP_RESULT -diff --git a/sickbeard/providers/horriblesubs.py b/sickbeard/providers/horriblesubs.py -index 870e8461..dbdeacc8 100644 ---- a/sickbeard/providers/horriblesubs.py -+++ b/sickbeard/providers/horriblesubs.py -@@ -98,6 +98,7 @@ class HorribleSubsProvider(generic.TorrentProvider): - - results = self._sort_seeding(mode, results + items[mode]) - -+ logger.log(f"{results}",logger.DEBUG) - return results - - def _season_strings(self, *args, **kwargs): -@@ -131,6 +132,7 @@ class HorribleSubsProvider(generic.TorrentProvider): - .find_all('a', href=re.compile('(?i)(torrent$|^magnet:)'))))[0] - except (BaseException, Exception): - pass -+ logger.log(f"{result}",logger.DEBUG) - return result - - -diff --git a/sickbeard/search.py b/sickbeard/search.py -index f4957c3a..dd3a352d 100644 ---- a/sickbeard/search.py -+++ b/sickbeard/search.py -@@ -986,22 +986,26 @@ def search_providers( - - best_result = pick_best_result(found_results[provider_id][cur_search_result], show_obj, quality_list, - filter_rls=orig_thread_name) -- -+ logger.log(f"Best result: {best_result}",logger.DEBUG) - # if all results were rejected move on to the next episode - if not best_result: - continue -- -+ - # filter out possible bad torrents from providers - if 'torrent' == best_result.resultType: -+ logger.log(f"Best result is torrent {best_result.url}",logger.DEBUG) - if not best_result.url.startswith('magnet') and None is not best_result.get_data_func: - best_result.url = best_result.get_data_func(best_result.url) - best_result.get_data_func = None # consume only once - if not best_result.url: - continue - if best_result.url.startswith('magnet'): -+ logger.log("url is magnet link",logger.DEBUG) - if 'blackhole' != sickbeard.TORRENT_METHOD: -+ logger.log(f"Setting content to None because TORRENT_METHODD is not blackhole ({sickbeard.TORRENT_METHOD} instead)",logger.DEBUG) - best_result.content = None - else: -+ logger.log("url is torrent link",logger.DEBUG) - cache_file = ek.ek(os.path.join, sickbeard.CACHE_DIR or helpers.get_system_temp_dir(), - '%s.torrent' % (helpers.sanitize_filename(best_result.name))) - if not helpers.download_file(best_result.url, cache_file, session=best_result.provider.session): -@@ -1044,6 +1048,7 @@ def search_providers( - best_result.after_get_data_func(best_result) - best_result.after_get_data_func = None # consume only once - -+ logger.log(f"After torrent detection",logger.DEBUG) - # add result if its not a duplicate - found = False - for i, result in enumerate(final_results): -@@ -1054,6 +1059,7 @@ def search_providers( - else: - found = True - if not found: -+ logger.log(f"Not already found, adding to best_result to final_results",logger.DEBUG) - final_results += [best_result] - - # check that we got all the episodes we wanted first before doing a match and snatch diff --git a/makefu/2configs/sickbeard/default.nix b/makefu/2configs/sickbeard/default.nix deleted file mode 100644 index 49e65f091..000000000 --- a/makefu/2configs/sickbeard/default.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ pkgs, config, ... }: -let - pkg = pkgs.callPackage ./sickgear.nix {}; - external-ip = config.krebs.build.host.nets.internet.ip4.addr; -in { - services.sickbeard = - { - enable = true; - package = pkg; - user = "sickbeard"; - group = "download"; - port = 8280; - }; - services.nginx.virtualHosts."sick.makefu.r" = { - locations."/".proxyPass = http://localhost:8280; - extraConfig = '' - if ( $server_addr = "${external-ip}" ) { - return 403; - } - ''; - }; - users.users.sickbeard.extraGroups = [ "nginx" ]; - } diff --git a/makefu/2configs/sickbeard/sickgear.nix b/makefu/2configs/sickbeard/sickgear.nix deleted file mode 100644 index da984358c..000000000 --- a/makefu/2configs/sickbeard/sickgear.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ stdenv, fetchFromGitHub, python37, makeWrapper }: - -let - pythonEnv = python37.withPackages(ps: with ps; [ - (ps.callPackage ./cheetah3.nix {}) - ]); -in stdenv.mkDerivation rec { - pname = "sickgear"; - #version = "0.21.6"; - version = "0.21.21"; - - src = fetchFromGitHub { - owner = "SickGear"; - repo = "SickGear"; - rev = "release_${version}"; - sha256 = "15nlxg2867l846qqxklmfyqmn5nc01ksd4lpwbrbjdzpk4y3xi78"; - }; - - dontBuild = true; - doCheck = false; - - nativeBuildInputs = [ makeWrapper ]; - buildInputs = [ pythonEnv ]; - patches = [ ./debug.patch ]; - - installPhase = '' - mkdir -p $out/bin - cp -R {autoProcessTV,gui,lib,sickbeard,sickgear.py,SickBeard.py} $out/ - - makeWrapper $out/sickgear.py $out/bin/sickgear - ''; - - meta = with stdenv.lib; { - description = "The most reliable stable TV fork of the great Sick-Beard to fully automate TV enjoyment with innovation"; - license = licenses.gpl3; - homepage = "https://github.com/SickGear/SickGear"; - maintainers = with stdenv.lib.maintainers; [ rembo10 ]; - }; -} diff --git a/makefu/2configs/smart-monitor.nix b/makefu/2configs/smart-monitor.nix deleted file mode 100644 index daf3aad01..000000000 --- a/makefu/2configs/smart-monitor.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, lib, ... }: -{ - krebs.exim-retiolum.enable = lib.mkDefault true; - services.smartd = { - enable = true; - autodetect = false; - notifications = { - mail = { - enable = true; - recipient = config.krebs.users.makefu.mail; - }; - }; - # short daily, long weekly, check on boot - defaults.monitored = "-a -o on -s (S/../.././02|L/../../7/04)"; - - devices = lib.mkDefault [ ]; - }; -} diff --git a/makefu/2configs/solr.nix b/makefu/2configs/solr.nix deleted file mode 100644 index 6fc02df1f..000000000 --- a/makefu/2configs/solr.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ config, lib, pkgs, ... }: - -# graphite-web on port 8080 -# carbon cache on port 2003 (tcp/udp) -with import <stockholm/lib>; -let - solrHome = "/var/db/solr"; -in { - imports = [ ]; - users.users.solr = { - home = solrHome; - uid = genid "solr"; - createHome = true; - group = "solr"; - }; - users.groups.solr.gid = genid "solr"; - - services.solr = { - enable = true; - inherit solrHome; - user = "solr"; - group = "solr"; - }; -} diff --git a/makefu/2configs/sshd-totp.nix b/makefu/2configs/sshd-totp.nix deleted file mode 100644 index f9984e245..000000000 --- a/makefu/2configs/sshd-totp.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ pkgs, ... }: -# Enables second factor for ssh password login - -## Usage: -# gen-oath-safe <username> totp -## scan the qrcode with google authenticator (or FreeOTP) -## copy last line into secrets/<host>/users.oath (chmod 700) -{ - security.pam.oath = { - # enabling it will make it a requisite of `all` services - # enable = true; - digits = 6; - # TODO assert existing - usersFile = (toString <secrets>) + "/users.oath"; - }; - # I want TFA only active for sshd with password-auth - security.pam.services.sshd.oathAuth = true; -} diff --git a/makefu/2configs/stats/arafetch.nix b/makefu/2configs/stats/arafetch.nix deleted file mode 100644 index 0ea05e779..000000000 --- a/makefu/2configs/stats/arafetch.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ pkgs, lib, ...}: -with import <stockholm/lib>; -let - pkg = with pkgs.python3Packages;buildPythonPackage rec { - rev = "56d41de8219adc"; - name = "arafetch-${rev}"; - propagatedBuildInputs = [ - requests - docopt - influxdb - beautifulsoup4 - paho-mqtt - ]; - src = pkgs.fetchgit { - url = "http://cgit.euer.krebsco.de/arafetch"; - inherit rev; - sha256 = "0hnwbmj0plynhv3h2idhrzf2zcqx3qnw6lq8zzyn9am74pmvza39"; - }; - }; - home = "/var/lib/arafetch"; -in { - users.users.arafetch = { - uid = genid "arafetch"; - inherit home; - createHome = true; - isSystemUser = true; - group = "arafetch"; - }; - users.groups.arafetch = {}; - - systemd.services.ara2mqtt = { - startAt = "05:00:00"; - after = [ "network-online.target" ]; - path = [ pkg ]; - serviceConfig = { - User = "arafetch"; - # Restart = "always"; - WorkingDirectory = home; - PrivateTmp = true; - ExecStart = pkgs.writeDash "daily-mqtt" '' - ara2mqtt db/thales-deutschland.json --cantine thales-deutschland --host localhost - ''; - }; - }; - systemd.services.arafetch = { - startAt = "Mon,Wed,Fri 09:15:00"; - wantedBy = [ "multi-user.target" ]; - after = [ "network-online.target" ]; - environment.OUTDIR = home; - path = [ pkg pkgs.git pkgs.wget ]; - serviceConfig = { - User = "arafetch"; - # Restart = "always"; - WorkingDirectory = home; - PrivateTmp = true; - ExecStart = pkgs.writeDash "start-weekrun" '' - weekrun || echo "weekrun failed!" - find $OUTDIR/db -name \*.json | while read path;do - file=''${path##*/} - cantine=''${file%%.json} - ara2influx $path --cantine $cantine --host wbob.r - done - ''; - }; - }; -} diff --git a/makefu/2configs/stats/client.nix b/makefu/2configs/stats/client.nix deleted file mode 100644 index b88515a35..000000000 --- a/makefu/2configs/stats/client.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - makefu.netdata = { - enable = true; - stream.role = "slave"; - # stream.destination = "netdata.makefu.r"; - }; -} diff --git a/makefu/2configs/stats/collectd-client.nix b/makefu/2configs/stats/collectd-client.nix deleted file mode 100644 index cfb5e3fd2..000000000 --- a/makefu/2configs/stats/collectd-client.nix +++ /dev/null @@ -1,61 +0,0 @@ -{pkgs, config, ...}: -{ - services.collectd = { - enable = true; - autoLoadPlugin = true; - extraConfig = '' - Hostname ${config.krebs.build.host.name} - LoadPlugin load - LoadPlugin disk - LoadPlugin memory - LoadPlugin df - Interval 30.0 - - LoadPlugin interface - <Plugin "interface"> - Interface "*Link" - Interface "lo" - Interface "vboxnet*" - Interface "virbr*" - IgnoreSelected true - </Plugin> - - LoadPlugin df - <Plugin "df"> - MountPoint "/nix/store" - # MountPoint "/run*" - # MountPoint "/sys*" - # MountPoint "/dev" - # MountPoint "/dev/shm" - # MountPoint "/tmp" - FSType "tmpfs" - FSType "binfmt_misc" - FSType "debugfs" - FSType "tracefs" - FSType "mqueue" - FSType "hugetlbfs" - FSType "systemd-1" - FSType "cgroup" - FSType "securityfs" - FSType "ramfs" - FSType "proc" - FSType "devpts" - FSType "devtmpfs" - MountPoint "/var/lib/docker/devicemapper" - IgnoreSelected true - </Plugin> - - LoadPlugin cpu - <Plugin cpu> - ReportByCpu true - ReportByState true - ValuesPercentage true - </Plugin> - - LoadPlugin network - <Plugin "network"> - Server "${config.makefu.stats-server}" "25826" - </Plugin> - ''; - }; -} diff --git a/makefu/2configs/stats/external/aralast.nix b/makefu/2configs/stats/external/aralast.nix deleted file mode 100644 index 19c7327af..000000000 --- a/makefu/2configs/stats/external/aralast.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - pkg = pkgs.stdenv.mkDerivation { - name = "aralast-master"; - src = pkgs.fetchFromGitHub { - owner = "makefu"; - repo = "aralast"; - rev = "a0d3aeaa109e219fb6fc57170e59020c23413718"; - sha256 = "0bi0nc51z5wk72lnjhg1gfzr5yvvsshyzq924yjbbqpqw08v7i4p"; - }; - installPhase = '' - install -m755 -D aralast.sh $out/bin/aralast - ''; - }; -in { - systemd.services.aralast = { - description = "periodically fetch aramark"; - path = [ - pkgs.curl - pkgs.gnugrep - pkgs.gnused - ]; - wantedBy = [ "multi-user.target" ]; - environment = { - INFLUX_HOST = "localhost"; - INFLUX_PORT = "8086"; - }; - # every 10 seconds when the cantina is open - startAt = "Mon,Tue,Wed,Thu,Fri *-*-* 6,7,8,9,10,11,12,13,14,15:*:0,15,30,45"; - serviceConfig = { - User = "nobody"; - ExecStart = "${pkg}/bin/aralast"; - PrivateTmp = true; - }; - }; -} diff --git a/makefu/2configs/stats/external/weather2stats.nix b/makefu/2configs/stats/external/weather2stats.nix deleted file mode 100644 index 870db99a8..000000000 --- a/makefu/2configs/stats/external/weather2stats.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let - pkg = pkgs.stdenv.mkDerivation { - name = "aralast-master"; - src = pkgs.fetchFromGitHub { - owner = "makefu"; - repo = "aralast"; - rev = "7121598"; - sha256 = "0vw027c698h9b69ksid5p3pji9960hd7n9xi4arrax0vfkwryb4m"; - }; - installPhase = '' - install -m755 -D aralast.sh $out/bin/aralast - ''; - }; -in { - systemd.services.aralast = { - description = "periodically fetch aramark"; - path = [ - pkgs.curl - pkgs.gnugrep - pkgs.gnused - ]; - wantedBy = [ "multi-user.target" ]; - environment = { - INFLUX_HOST = "localhost"; - INFLUX_PORT = "8086"; - }; - # every 10 seconds when the cantina is open - startAt = "Mon,Tue,Wed,Thu,Fri *-*-* 6,7,8,9,10,11,12,13,14,15:*:0,15,30,45"; - serviceConfig = { - User = "nobody"; - ExecStart = "${pkg}/bin/aralast"; - PrivateTmp = true; - }; - }; -} diff --git a/makefu/2configs/stats/netdata-server.nix b/makefu/2configs/stats/netdata-server.nix deleted file mode 100644 index 5fec3583c..000000000 --- a/makefu/2configs/stats/netdata-server.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - makefu.netdata = { - enable = true; - stream.role = "master"; - }; - - services.nginx = { - virtualHosts."netdata.euer.krebsco.de" = { - addSSL = true; - enableACME = true; - locations."/".proxyPass = "http://localhost:19999"; - }; - virtualHosts."netdata.makefu.r" = { - locations."/".proxyPass = "http://localhost:19999"; - }; - }; -} diff --git a/makefu/2configs/stats/nodisk-client.nix b/makefu/2configs/stats/nodisk-client.nix deleted file mode 100644 index fc8a268ce..000000000 --- a/makefu/2configs/stats/nodisk-client.nix +++ /dev/null @@ -1,60 +0,0 @@ -{pkgs, config, ...}: -{ - # disk module wakes up parked disks - services.collectd = { - enable = true; - autoLoadPlugin = true; - extraConfig = '' - Hostname ${config.krebs.build.host.name} - LoadPlugin load - LoadPlugin disk - LoadPlugin memory - Interval 30.0 - - LoadPlugin interface - <Plugin "interface"> - Interface "*Link" - Interface "lo" - Interface "vboxnet*" - Interface "virbr*" - IgnoreSelected true - </Plugin> - - # LoadPlugin df - #<Plugin "df"> - # MountPoint "/nix/store" - # # MountPoint "/run*" - # # MountPoint "/sys*" - # # MountPoint "/dev" - # # MountPoint "/dev/shm" - # # MountPoint "/tmp" - # FSType "tmpfs" - # FSType "binfmt_misc" - # FSType "debugfs" - # FSType "mqueue" - # FSType "hugetlbfs" - # FSType "systemd-1" - # FSType "cgroup" - # FSType "securityfs" - # FSType "ramfs" - # FSType "proc" - # FSType "devpts" - # FSType "devtmpfs" - # MountPoint "/var/lib/docker/devicemapper" - # IgnoreSelected true - #</Plugin> - - LoadPlugin cpu - <Plugin cpu> - ReportByCpu true - ReportByState true - ValuesPercentage true - </Plugin> - - LoadPlugin network - <Plugin "network"> - Server "${config.makefu.stats-server}" "25826" - </Plugin> - ''; - }; -} diff --git a/makefu/2configs/stats/server.nix b/makefu/2configs/stats/server.nix deleted file mode 100644 index 82ce31a62..000000000 --- a/makefu/2configs/stats/server.nix +++ /dev/null @@ -1,65 +0,0 @@ -{pkgs, config, ...}: - -with import <stockholm/lib>; -let - irc-server = "irc.r"; - irc-nick = "m-alarm"; - collectd-port = 25826; - influx-port = 8086; - grafana-port = 3000; - db = "collectd_db"; - logging-interface = config.makefu.server.primary-itf; -in { - services.grafana.enable = true; - services.grafana.addr = "0.0.0.0"; - - services.influxdb.enable = true; - systemd.services.influxdb.serviceConfig.LimitNOFILE = 8192; - - # redirect grafana to stats.makefu.r - services.nginx.enable = true; - services.nginx.virtualHosts."stats.makefu.r".locations."/".proxyPass = "http://localhost:3000"; - # forward these via nginx - services.influxdb.extraConfig = { - meta.hostname = config.krebs.build.host.name; - # meta.logging-enabled = true; - logging.level = "info"; - http.log-enabled = true; - http.flux-enabled = true; - http.write-tracing = false; - http.suppress-write-log = true; - data.trace-logging-enabled = false; - data.query-log-enabled = false; - reporting-disabled = true; - - http.bind-address = ":${toString influx-port}"; - admin.bind-address = ":8083"; - monitoring = { - enabled = false; - # write-interval = "24h"; - }; - collectd = [{ - enabled = true; - typesdb = "${pkgs.collectd}/share/collectd/types.db"; - database = db; - bind-address = ":${toString collectd-port}"; - }]; - }; - - networking.firewall.extraCommands = '' - iptables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT - iptables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT - iptables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT - #iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT - #iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT - #iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT - - ip6tables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT - ip6tables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT - ip6tables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT - #ip6tables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT - #ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT - #ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT - ''; - state = [ "/var/lib/grafana/data/grafana.db" ]; -} diff --git a/makefu/2configs/stats/telegraf/airsensor.nix b/makefu/2configs/stats/telegraf/airsensor.nix deleted file mode 100644 index 9d481000f..000000000 --- a/makefu/2configs/stats/telegraf/airsensor.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ pkgs, ...}: -let - genTopic = name: topic: tags: { - servers = [ "tcp://localhost:1883" ]; - qos = 0; - connection_timeout = "30s"; - topics = [ topic ]; - tags = tags; - persistent_session = false; - name_override = name; - data_format = "value"; - data_type = "float"; - }; - bamStat = stat: # Temperature or Humidity - host: # easy{1-4} - sensor: # dht11, dht22, ds18 - (genTopic stat - "/bam/${host}/${sensor}/${stat}" - {"host" = host; - "scope" = "bam"; - "sensor" = sensor; - } ); - dht22 = host: [(bamStat "Temperature" host "dht22") - (bamStat "Humidity" host "dht22")]; - dht11 = host: [(bamStat "Temperature" host "dht11") - (bamStat "Humidity" host "dht11")]; - ds18 = host: [(bamStat "Temperature" host "ds18")]; -in { - services.udev.extraRules = '' - SUBSYSTEMS=="usb", ATTRS{product}=="iAQ Stick", GROUP="input" - ''; - users.users.telegraf.extraGroups = [ "input" ]; - services.telegraf.extraConfig.inputs.exec = [ - { - commands = [ "${pkgs.airsensor-py}/bin/airsensor-py"]; - timeout = "10s"; - data_format = "value"; - data_type = "integer"; - name_override = "airquality"; - interval = "10s"; - tags.unit="VOC"; - } - ]; - services.telegraf.extraConfig.inputs.mqtt_consumer = - (dht22 "easy1") - ++ (dht22 "easy2") - ++ (dht11 "easy3") - ++ (ds18 "easy3"); -} diff --git a/makefu/2configs/stats/telegraf/bamstats.nix b/makefu/2configs/stats/telegraf/bamstats.nix deleted file mode 100644 index ae5301204..000000000 --- a/makefu/2configs/stats/telegraf/bamstats.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ pkgs, ...}: - -let - genTopic = name: topic: tags: { - servers = [ "tcp://localhost:1883" ]; - qos = 0; - connection_timeout = "30s"; - topics = [ topic ]; - tags = tags; - persistent_session = false; - name_override = name; - data_format = "value"; - data_type = "float"; - }; - bamStat = stat: # Temperature or Humidity - host: # easy{1-4} - sensor: # dht11, dht22, ds18 - (genTopic stat - "/bam/${host}/${sensor}/${stat}" - {"host" = host; - "scope" = "bam"; - "sensor" = sensor; - } ); - dht22 = host: [(bamStat "Temperature" host "dht22") - (bamStat "Humidity" host "dht22")]; - dht11 = host: [(bamStat "Temperature" host "dht11") - (bamStat "Humidity" host "dht11")]; - ds18 = host: [(bamStat "Temperature" host "ds18")]; -in { - services.telegraf.extraConfig.inputs.mqtt_consumer = - (dht22 "easy1") - ++ (dht22 "easy2") - ++ (dht11 "easy3") - ++ (ds18 "easy3"); -} diff --git a/makefu/2configs/stats/telegraf/default.nix b/makefu/2configs/stats/telegraf/default.nix deleted file mode 100644 index 941685695..000000000 --- a/makefu/2configs/stats/telegraf/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{...}: -let - url = "http://localhost:8086"; - mqtt_server = "localhost:1883"; -in { - services.telegraf = { - enable = true; - extraConfig = { - agent.debug = false; - outputs = { - influxdb = [{ - urls = [ url ]; - database = "telegraf"; - }]; - #file = [{ # debugging - # files = [ "stdout" ]; - # data_format = "influx"; - #}]; - - mqtt = [{ - servers = [ mqtt_server ]; - topic_prefix = "/telegraf"; - data_format = "json"; - qos = 0; - batch = false; - }]; - }; - }; - }; -} diff --git a/makefu/2configs/stats/telegraf/europastats.nix b/makefu/2configs/stats/telegraf/europastats.nix deleted file mode 100644 index 2ab62766a..000000000 --- a/makefu/2configs/stats/telegraf/europastats.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ pkgs, ...}: -let - pkg = with pkgs.python3Packages;buildPythonPackage rec { - rev = "be31da7"; - name = "europastats-${rev}"; - propagatedBuildInputs = [ - requests - docopt - ]; - src = pkgs.fetchgit { - url = "http://cgit.euer.krebsco.de/europastats"; - inherit rev; - sha256 = "0qj18vgj9nm6aisyqhk3iz3rf8xp7mn5jc6sfylcaw588a9sjfvc"; - }; - }; -in { - services.telegraf.extraConfig.inputs.exec = [ - { - commands = [ "${pkg}/bin/europa-attractions"]; - timeout = "1m"; - data_format = "json"; - name_override = "europawaiting"; - interval = "1m"; - tag_keys = [ - "status" - "type" - "name" - ]; - } - { - commands = [ "${pkg}/bin/europa-weather"]; - timeout = "20s"; - data_format = "json"; - name_override = "europaweather"; - interval = "10m"; - tag_keys = [ - "type" - "name" - "offset" - ]; - } - ]; -} diff --git a/makefu/2configs/stats/telegraf/hamstats.nix b/makefu/2configs/stats/telegraf/hamstats.nix deleted file mode 100644 index 99cb0cd04..000000000 --- a/makefu/2configs/stats/telegraf/hamstats.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ pkgs, lib, ...}: - -let - genTopic_zigbee = name: tags: { - servers = [ "tcp://localhost:1883" ]; - username = "stats"; - password = lib.removeSuffix "\n" (builtins.readFile <secrets/mqtt/stats>); - qos = 0; - connection_timeout = "30s"; - topics = [ "/ham/zigbee/${name}" ]; - inherit tags; - persistent_session = false; - name_override = "zigbee ${tags.room} ${name}"; - data_format = "json"; - json_string_fields = [ "linkquality" "temperature" "humidity" "pressure" "battery" "contact" ]; - # json_name_key = <filed which defines the name> - - }; - genTopic_plain = name: topic: tags: { - servers = [ "tcp://localhost:1883" ]; - username = "stats"; - password = lib.removeSuffix "\n" (builtins.readFile <secrets/mqtt/stats>); - qos = 0; - connection_timeout = "30s"; - topics = [ topic ]; - inherit tags; - persistent_session = false; - name_override = tags.sensor; - data_type = "float"; - data_format = "value"; - # json_query = tags.sensor; #TODO? - }; - flycounter = name: - (genTopic_plain name ''/ham/flycounter/${name}'' - { inherit name; - "sensor" = name; - "type" = "gauge"; - "scope" = "ham"; - } ); - esensor = room: name: sensor: - (genTopic_plain sensor ''/ham/${room}/${name}/sensor/${sensor}/state'' - { inherit room sensor name; - "scope" = "ham"; - } ); - zsensor = room: name: - (genTopic_zigbee name - { inherit room name; - "scope" = "ham"; - } ); - zigbee_temphum = room: name: [ - (zsensor room name) - ]; - esphome_temphum = room: name: [ - (esensor room name ''${room}_${name}_temperature'') - (esensor room name ''${room}_${name}_humidity'') - (esensor room name ''${room}_${name}_pressure'') - ]; -in { - services.telegraf.extraConfig.inputs.mqtt_consumer = - (zigbee_temphum "Wohnzimmer" "temp1") - ++ (zigbee_temphum "Badezimmer" "temp2") - ++ (zigbee_temphum "Kinderzimmer" "temp3") - ++ (esphome_temphum "arbeitszimmer" "box") - ++ (esphome_temphum "schlafzimmer" "plug") - ++ (esphome_temphum "wohnzimmer" "plug") - ++ (esphome_temphum "terrasse" "plug") - ++ [ (flycounter "misa_fliegen") (flycounter "felix_fliegen") ] - ; -} diff --git a/makefu/2configs/storj/client.nix b/makefu/2configs/storj/client.nix deleted file mode 100644 index d48319838..000000000 --- a/makefu/2configs/storj/client.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ lib, ... }: -let - port = "14002"; - internal-ip = "192.168.111.11"; -in -{ - networking.firewall.allowedTCPPorts = [ 28967 ]; - virtualisation.oci-containers.containers.storj-storagenode = { - image = "storjlabs/storagenode:latest"; - ports = [ - # TODO: omo ip - "0.0.0.0:28967:28967" - "127.0.0.1:${port}:${port}" - ]; - environment = { - # SETUP = "true"; # must be run only once ... - WALLET = "0xeD0d2a2B33F6812b45d2D9FF7a139A3fF65a24C0"; - EMAIL = "storj.io@syntax-fehler.de"; - ADDRESS = "euer.krebsco.de:28967"; - STORAGE = "3TB"; - }; - volumes = [ - "/media/cryptX/lib/storj/identity:/app/identity" - "/media/cryptX/lib/storj/storage:/app/config" - ]; - }; - systemd.services.docker-storj-storagenode.serviceConfig = { - StandardOutput = lib.mkForce "journal"; - StandardError = lib.mkForce "journal"; - }; - - services.nginx.virtualHosts."storj" = { - serverAliases = [ - "storj.lan" - ]; - - locations."/".proxyPass = "http://localhost:${port}"; - locations."/".proxyWebsockets = true; - extraConfig = '' - if ( $server_addr != "${internal-ip}" ) { - return 403; - } - ''; - }; -} diff --git a/makefu/2configs/storj/forward-port.nix b/makefu/2configs/storj/forward-port.nix deleted file mode 100644 index 213f77470..000000000 --- a/makefu/2configs/storj/forward-port.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - networking.firewall.allowedTCPPorts = [ 28967 ]; - #networking.nat.forwardPorts = [ - # { # storj - # destination = "10.243.0.89:28967"; - # proto = "tcp"; - # sourcePort = 28967; - # } - #]; - services.nginx.appendConfig = '' - stream { - upstream storj { - server omo.r:28967; - } - - server { - listen 28967; - proxy_pass storj; - } - } - ''; -} diff --git a/makefu/2configs/support-nixos.nix b/makefu/2configs/support-nixos.nix deleted file mode 100644 index d4e5556ff..000000000 --- a/makefu/2configs/support-nixos.nix +++ /dev/null @@ -1 +0,0 @@ -{ makefu.distrobump.enable = true; } diff --git a/makefu/2configs/sync/default.nix b/makefu/2configs/sync/default.nix deleted file mode 100644 index 6928daf87..000000000 --- a/makefu/2configs/sync/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, pkgs, ... }: with import <stockholm/lib>; let - mk_peers = mapAttrs (n: v: { id = v.syncthing.id; }); - - all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts; - used_peer_names = unique (flatten (mapAttrsToList (n: v: v.devices) config.services.syncthing.folders)); - used_peers = filterAttrs (n: v: elem n used_peer_names) all_peers; -in { - services.syncthing = { - enable = true; - configDir = "/var/lib/syncthing"; - devices = mk_peers used_peers; - key = toString <secrets/syncthing.key>; - cert = toString <secrets/syncthing.cert>; - }; - services.syncthing.folders.the_playlist = { - path = "/home/lass/tmp/the_playlist"; - devices = [ "mors" "prism" ]; - }; - - - boot.kernel.sysctl."fs.inotify.max_user_watches" = 524288; -} diff --git a/makefu/2configs/syncthing.nix b/makefu/2configs/syncthing.nix deleted file mode 100644 index bc7413a0a..000000000 --- a/makefu/2configs/syncthing.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, ... }: - -with import <stockholm/lib>; { - services.syncthing = { - enable = true; - openDefaultPorts = true; - group = "download"; - }; - users.extraGroups.download.gid = genid "download"; - state = map (x: config.services.syncthing.dataDir + "/" + x) [ - "key.pem" - "cert.pem" - "config.xml" - "https-cert.pem" - "https-key.pem" - ]; -} diff --git a/makefu/2configs/systemdultras/ircbot.nix b/makefu/2configs/systemdultras/ircbot.nix deleted file mode 100644 index 9ec7a27a4..000000000 --- a/makefu/2configs/systemdultras/ircbot.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ pkgs, ... }: { - systemd.services.brockman.environment."BROCKMAN_LOG_LEVEL" = "DEBUG"; - - services.rss-bridge = { - enable = true; - whitelist = [ "*" ]; - virtualHost = "rss.makefu.r"; - }; - - krebs.brockman = { - enable = true; - config = { - channel = "#systemdultras"; - irc = { - host = "irc.hackint.org"; - port = 6697; - tls = true; - }; - notifyErrors = false; - bots = { - r-systemdultras-rss = { - feed = "https://www.reddit.com/r/systemdultras/.rss"; - delay = 236; - }; - r-systemd-rss = { - feed = "https://www.reddit.com/r/systemd/.rss"; - delay = 272; - }; - r-pid_eins-mastodon = { - feed = "https://mastodon.social/users/pid_eins.rss"; - delay = 621; - }; - }; - }; - - }; -} diff --git a/makefu/2configs/task-client.nix b/makefu/2configs/task-client.nix deleted file mode 100644 index 1fdddb9b1..000000000 --- a/makefu/2configs/task-client.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ pkgs, ... }: -{ - users.users.makefu.packages = [ - pkgs.taskwarrior - ]; - -} diff --git a/makefu/2configs/taskd.nix b/makefu/2configs/taskd.nix deleted file mode 100644 index 122ad66a7..000000000 --- a/makefu/2configs/taskd.nix +++ /dev/null @@ -1,12 +0,0 @@ -{config, ... }: -{ - state = [ config.services.taskserver.dataDir ]; - services.taskserver.enable = true; - services.taskserver.fqdn = config.krebs.build.host.name; - services.taskserver.listenHost = "::"; - services.taskserver.organisations.home.users = [ "makefu" ]; - networking.firewall.extraCommands = '' - iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT - ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT - ''; -} diff --git a/makefu/2configs/temp/8812au.nix b/makefu/2configs/temp/8812au.nix deleted file mode 100644 index 9587171b3..000000000 --- a/makefu/2configs/temp/8812au.nix +++ /dev/null @@ -1,6 +0,0 @@ -{config, pkgs, ...}: -{ - #boot.extraModulePackages = [ pkgs.rtl8812au ]; - boot.extraModulePackages = [config.boot.kernelPackages.rtl8812au ]; - boot.kernelModules = [ "rtl8812au" ]; -} diff --git a/makefu/2configs/temp/rst-issue.nix b/makefu/2configs/temp/rst-issue.nix deleted file mode 100644 index 648831a98..000000000 --- a/makefu/2configs/temp/rst-issue.nix +++ /dev/null @@ -1,21 +0,0 @@ -{pkgs, ...}: -let - itf = "enp0s25"; -in { - systemd.services.rst-issue = { - wantedBy = [ "multi-user.target" ]; - script = '' - d=/var/cache/rst-issue - mkdir -p $d - cd $d - ITF=${itf} - now=$(date --rfc-3339=s | sed 's/ /T/') - ${pkgs.tcpdump}/bin/tcpdump -i $ITF -w run-$now.pcap & - echo "timestamp,$now" >> mtr.log - ${pkgs.mtr}/bin/mtr -4 --tcp bsi.bund.de www.thalesgroup.com nokia.com -C --show-ips -z >> mtr.log - kill %1 - ''; - startAt = "*:0/15"; # every 15 minutes - - }; -} diff --git a/makefu/2configs/temp/sabnzbd.nix b/makefu/2configs/temp/sabnzbd.nix deleted file mode 100644 index d8eab2732..000000000 --- a/makefu/2configs/temp/sabnzbd.nix +++ /dev/null @@ -1,5 +0,0 @@ -{pkgs, ...}: -{ - services.sabnzbd.enable = true; - systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; -} diff --git a/makefu/2configs/temp/share-samba.nix b/makefu/2configs/temp/share-samba.nix deleted file mode 100644 index 106f8fac6..000000000 --- a/makefu/2configs/temp/share-samba.nix +++ /dev/null @@ -1,38 +0,0 @@ -{config, ... }:{ - users.users.smbguest = { - name = "smbguest"; - uid = config.ids.uids.smbguest; # effectively systemUser - group = "share"; - description = "smb guest user"; - home = "/var/empty"; - }; - users.groups.share.members = [ "makefu" ]; - - networking.firewall.allowedTCPPorts = [ - 139 445 # samba - ]; - - networking.firewall.allowedUDPPorts = [ - 137 138 - ]; - services.samba = { - enable = true; - shares = { - share-home = { - path = "/home/share/"; - "read only" = "no"; - browseable = "yes"; - "guest ok" = "yes"; - }; - }; - extraConfig = '' - guest account = smbguest - map to guest = bad user - # disable printing - load printers = no - printing = bsd - printcap name = /dev/null - disable spoolss = yes - ''; - }; -} diff --git a/makefu/2configs/time-machine.nix b/makefu/2configs/time-machine.nix deleted file mode 100644 index 90d44e540..000000000 --- a/makefu/2configs/time-machine.nix +++ /dev/null @@ -1,31 +0,0 @@ -let - time-machine-path = "/media/crypt2/backup/time-machine/misa"; -in { - networking.firewall.allowedTCPPorts = [ - 548 # netatalk - ]; - - services = { - netatalk = { - enable = true; - - volumes = { - "misa-time-machine" = { - "time machine" = "yes"; - path = time-machine-path; - "valid users" = "misa"; - }; - }; - }; - - avahi = { - enable = true; - nssmdns = true; - - publish = { - enable = true; - userServices = true; - }; - }; - }; -} diff --git a/makefu/2configs/tinc/retiolum.nix b/makefu/2configs/tinc/retiolum.nix deleted file mode 100644 index d1cfc2f88..000000000 --- a/makefu/2configs/tinc/retiolum.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ pkgs, lib, config, ... }: -{ - imports = [ - ../binary-cache/lass.nix - ]; - krebs.tinc.retiolum.enable = true; - krebs.tinc.retiolum.extraConfig = '' - StrictSubnets = yes - ${lib.optionalString (config.krebs.build.host.nets.retiolum.via != null) '' - LocalDiscovery = no - ''} - ''; - environment.systemPackages = [ pkgs.tinc ]; - networking.firewall.allowedTCPPorts = [ config.krebs.build.host.nets.retiolum.tinc.port ]; - networking.firewall.allowedUDPPorts = [ config.krebs.build.host.nets.retiolum.tinc.port ]; - -} diff --git a/makefu/2configs/tinc/siem.nix b/makefu/2configs/tinc/siem.nix deleted file mode 100644 index 8f17f1a0a..000000000 --- a/makefu/2configs/tinc/siem.nix +++ /dev/null @@ -1,12 +0,0 @@ -{lib, config, ... }: -{ - # TODO do not know why we need to force it, port is only set via default to 655 - krebs.build.host.nets.siem.tinc.port = lib.mkForce 1655; - krebs.dns.providers.siem = "hosts"; - networking.firewall.allowedUDPPorts = [ 1665 ]; - networking.firewall.allowedTCPPorts = [ 1655 ]; - krebs.tinc.siem = { - enable = true; - connectTo = [ "shoney" ]; - }; -} diff --git a/makefu/2configs/tools/all.nix b/makefu/2configs/tools/all.nix deleted file mode 100644 index 3086a0bb2..000000000 --- a/makefu/2configs/tools/all.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - imports = [ - # ./android-pentest.nix - ./consoles.nix - ./core-gui.nix - ./core.nix - ./desktop.nix - ./dev.nix - ./extra-gui.nix - ./games.nix - ./maker.nix - ./media.nix - ./mobility.nix - ./pcmanfm-extra.nix - ./scanner-tools.nix - ./sec-gui.nix - ./sec.nix - ./studio.nix - ]; -} diff --git a/makefu/2configs/tools/android-pentest.nix b/makefu/2configs/tools/android-pentest.nix deleted file mode 100644 index cb4ca24a8..000000000 --- a/makefu/2configs/tools/android-pentest.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ pkgs, ... }: - -{ - nixpkgs.config.android_sdk.accept_license = true; - users.users.makefu.packages = with pkgs; [ - # mitmproxy - nmap - metasploit - #drozer - #dex2jar - apktool - jd-gui - # android-studio - jdk - jre - openssl - ]; -} diff --git a/makefu/2configs/tools/consoles.nix b/makefu/2configs/tools/consoles.nix deleted file mode 100644 index 427ea38a9..000000000 --- a/makefu/2configs/tools/consoles.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ pkgs, ... }: -{ - users.users.makefu.packages = with pkgs; [ - # PS2 - opl-utils - #opl-pc-tools - hdl-dump - bin2iso - cue2pops - - # PS4 - pkgrename - - # switch - nx_game_info - hactool - nsrenamer - ns-usbloader - sfo - exfatprogs exfat - ]; -} diff --git a/makefu/2configs/tools/core-gui.nix b/makefu/2configs/tools/core-gui.nix deleted file mode 100644 index bcd3022e8..000000000 --- a/makefu/2configs/tools/core-gui.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ pkgs, ... }: - -{ - users.users.makefu.packages = with pkgs; [ - at-spi2-core - chromium - feh - clipit - # firefox - keepassx - pcmanfm - evince - # replacement for mirage: - sxiv - dconf - xdotool - xorg.xbacklight - scrot - libnotify - thunderbird - ]; -} diff --git a/makefu/2configs/tools/core.nix b/makefu/2configs/tools/core.nix deleted file mode 100644 index aea2e560e..000000000 --- a/makefu/2configs/tools/core.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ pkgs, ... }: - -# tools i use when actually working with the host. -# package version will now be maintained by nix-rebuild -# -{ - environment.systemPackages = with pkgs; [ - ( pkgs.writeScriptBin "unknow" ''#!/bin/sh -${gnused}/bin/sed -i "''${1}d" ~/.ssh/known_hosts - '') - acpi - bc - rsync - exif - file - lsof - which - binutils - screen - rename # rename 's/^/hello/' *.txt - - # fs - cifs-utils - dosfstools - ntfs3g - smartmontools - lm_sensors - iotop - - # io - pv - usbutils - p7zip - hdparm - - # net - wget - curl - inetutils - ncftp - tcpdump - sysstat - wol - iftop - - # stockholm - git - gnumake - jq - parallel - proot - populate - - rxvt_unicode.terminfo - kpaste - - ]; -} diff --git a/makefu/2configs/tools/desktop.nix b/makefu/2configs/tools/desktop.nix deleted file mode 100644 index 924668803..000000000 --- a/makefu/2configs/tools/desktop.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ pkgs, ... }: - -{ - users.users.makefu.packages = with pkgs; [ - taskwarrior - (pass.withExtensions (ext: [ ext.pass-otp ])) - gopass - mutt - weechat - tmux - ]; - -} diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix deleted file mode 100644 index 0747934b8..000000000 --- a/makefu/2configs/tools/dev.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ pkgs, ... }: - -{ - users.users.makefu.packages = with pkgs;[ - (python3.withPackages(ps: [ - #ps.python-language-server - # the following plugins are optional, they provide type checking, import sorting and code formatting - # ps.pyls-mypy ps.pyls-isort ps.pyls-black - - ps.virtualenv ps.pyserial ps.virtualenv - ])) - # embedded - picocom - gi - flashrom - mosquitto - pwqgen-ger - # esphome # broken - - # nix related - nix-index - nix-review - brain - whatsupnix - nixpkgs-pytools - nixpkgs-fmt - hydra-check - # git-related - git-preview - tig - (pkgs.callPackage ./init-host {}) - # used more than once - imagemagick - qrencode - exiftool - cac-api - cac-panel - krebszones - cyberlocker-tools - ovh-zone - gen-oath-safe - cdrtools - unrar - ffmpeg - dnsutils - - # network related - sshuttle - pciutils - navi - platformio - ]; - services.udev.packages = [ pkgs.platformio ]; - -} diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix deleted file mode 100644 index 4bd0c25f4..000000000 --- a/makefu/2configs/tools/extra-gui.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ pkgs, ... }: - -{ - users.users.makefu.packages = with pkgs;[ - # media - gimp - # mirage - last time available in 19.09 - inkscape - libreoffice - # skype - teams - synergy - tdesktop - virtmanager - # Dev - saleae-logic - gitAndTools.gitFull - signal-desktop - element-desktop - # rambox - - vscode - - # 3d Modelling - chitubox - freecad - ]; -} diff --git a/makefu/2configs/tools/games.nix b/makefu/2configs/tools/games.nix deleted file mode 100644 index 57a1dba1e..000000000 --- a/makefu/2configs/tools/games.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ pkgs, ... }: - -{ - imports = [ - # ./steam.nix - ]; - users.users.makefu.packages = with pkgs; [ - games-user-env - wine - pkg2zip - steam - steam-run - ]; -} diff --git a/makefu/2configs/tools/init-host/default.nix b/makefu/2configs/tools/init-host/default.nix deleted file mode 100644 index 84f8e7730..000000000 --- a/makefu/2configs/tools/init-host/default.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ pkgs }: -pkgs.writeDashBin "generate-secrets" '' - set -euf - HOSTNAME="''${1?must provide hostname}" - TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) - PASSWORD=$(${pkgs.pwgen}/bin/pwgen 25 1) - HASHED_PASSWORD=$(echo $PASSWORD | ${pkgs.hashPassword}/bin/hashPassword -s) > /dev/null - - ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null - ${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null - ${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null - cat <<EOF > $TMPDIR/hashedPasswords.nix - { - root = "$HASHED_PASSWORD"; - } - EOF - - cd $TMPDIR - for x in *; do - ${pkgs.coreutils}/bin/cat $x | secrets insert -m $HOSTNAME/$x > /dev/null - done - echo $PASSWORD | secrets insert -m $HOSTNAME/root > /dev/null - - cat <<EOF - $HOSTNAME = { - owner = config.krebs.users.makefu; - nets = { - retiolum = { - ip4.addr = "10.243.0.changeme"; - ip6.addr = "42:0:0:0:0:0:0:changeme"; - aliases = [ - "$HOSTNAME.r" - ]; - tinc.pubkey = ${"''"} - $(cat $TMPDIR/retiolum.rsa_key.pub) - ${"''"}; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)"; - }; - EOF - - rm -rf $TMPDIR -'' - diff --git a/makefu/2configs/tools/maker.nix b/makefu/2configs/tools/maker.nix deleted file mode 100644 index 8388db583..000000000 --- a/makefu/2configs/tools/maker.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ pkgs, ... }: -{ - users.users.makefu.packages = with pkgs; [ - # media - picard - asunder - #darkice - lame - # creation - blender - openscad - # slicing - cura - chitubox - ]; -} diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix deleted file mode 100644 index 255d1c51a..000000000 --- a/makefu/2configs/tools/media.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, ... }: - -{ - users.users.makefu.packages = with pkgs; [ - kodi - calibre - vlc - mumble - mplayer - mpv - # quodlibet # exfalso - tinymediamanager - - plowshare - streamripper - yt-dlp - - pulseeffects-legacy # for pulse - ]; -} diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix deleted file mode 100644 index fd7ce6ab8..000000000 --- a/makefu/2configs/tools/mobility.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, pkgs, ... }: -{ - users.users.makefu.packages = with pkgs;[ - go-mtpfs - mosh - sshfs - rclone - (pkgs.callPackage ./secrets.nix {}) - - opensc pcsctools libu2f-host - ]; - boot.supportedFilesystems = [ "exfat" ]; -} diff --git a/makefu/2configs/tools/pcmanfm-extra.nix b/makefu/2configs/tools/pcmanfm-extra.nix deleted file mode 100644 index 4e8246a42..000000000 --- a/makefu/2configs/tools/pcmanfm-extra.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ pkgs, ... }: -{ - users.users.makefu.packages = with pkgs; [ - pcmanfm - lxqt.lxqt-policykit - shared-mime-info - lxmenu-data - ]; - services.gvfs.enable = true; -} diff --git a/makefu/2configs/tools/scanner-tools.nix b/makefu/2configs/tools/scanner-tools.nix deleted file mode 100644 index ef2e913e4..000000000 --- a/makefu/2configs/tools/scanner-tools.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - # ln -s /run/current-system/sw/bin/xsane ~/.gimp-2.8/plug-ins/xsane - nixpkgs.config.packageOverrides = pkgs: { - xsaneGimp = pkgs.xsane.override { gimpSupport = true; }; - }; -} - diff --git a/makefu/2configs/tools/sec-gui.nix b/makefu/2configs/tools/sec-gui.nix deleted file mode 100644 index 95f130ae8..000000000 --- a/makefu/2configs/tools/sec-gui.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ pkgs, ... }: - -{ - users.users.makefu = { - extraGroups = [ "wireshark" ]; - packages = with pkgs; [ - tpmmanager - ]; - }; - - programs.wireshark = { - enable = true; - package = pkgs.wireshark; - }; -} diff --git a/makefu/2configs/tools/sec.nix b/makefu/2configs/tools/sec.nix deleted file mode 100644 index 6b7aa4fec..000000000 --- a/makefu/2configs/tools/sec.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ pkgs, ... }: - -{ - users.users.makefu.packages = with pkgs; [ - aria2 - # mitmproxy - python3Packages.binwalk-full - dnsmasq - iodine - mtr - nmap - metasploit - thc-hydra - borgbackup - ledger - u3-tool - ]; -} diff --git a/makefu/2configs/tools/secrets.nix b/makefu/2configs/tools/secrets.nix deleted file mode 100644 index 7d10983c7..000000000 --- a/makefu/2configs/tools/secrets.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ pass, write, writeDash, ... }: - -write "secrets" { - "/bin/secrets".link = writeDash "secrets" '' - PASSWORD_STORE_DIR=$HOME/.secrets-pass/ \ - exec ${pass}/bin/pass $@ - ''; - "/bin/secretsmenu".link = writeDash "secretsmenu" '' - PASSWORD_STORE_DIR=$HOME/.secrets-pass/ \ - exec ${pass}/bin/passmenu $@ - ''; -} diff --git a/makefu/2configs/tools/steam.nix b/makefu/2configs/tools/steam.nix deleted file mode 100644 index 1817e5b7c..000000000 --- a/makefu/2configs/tools/steam.nix +++ /dev/null @@ -1,7 +0,0 @@ -{pkgs, ...}: -{ - users.users.makefu.packages = [ - pkgs.steam - ]; - hardware.opengl.driSupport32Bit = true; -} diff --git a/makefu/2configs/tools/studio.nix b/makefu/2configs/tools/studio.nix deleted file mode 100644 index 2786be408..000000000 --- a/makefu/2configs/tools/studio.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, ... }: - -{ - nixpkgs.config.permittedInsecurePackages = [ - "openssl-1.0.2u" # required for studio-link - ]; - users.users.makefu.packages = with pkgs; [ - obs-studio - studio-link - audacity - #darkice - # owncloudclient - (pkgs.writeScriptBin "prepare-pulseaudio" '' - pactl load-module module-null-sink sink_name=stream sink_properties=device.description="Streaming" - pactl load-module module-loopback source=alsa_output.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo.monitor sink=stream - pactl load-module module-loopback source=alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo sink=stream - darkice -c ./lol.conf - '') - ]; -} diff --git a/makefu/2configs/tor.nix b/makefu/2configs/tor.nix deleted file mode 100644 index e466a1839..000000000 --- a/makefu/2configs/tor.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - services.tor.enable = true; - services.tor.client.enable = true; - # also enables services.tor.client.privoxy -} diff --git a/makefu/2configs/torrent/deluge.nix b/makefu/2configs/torrent/deluge.nix deleted file mode 100644 index af965fbe9..000000000 --- a/makefu/2configs/torrent/deluge.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ config, pkgs, ... }: -let - base = config.makefu.dl-dir; - daemon-port = 58846; - peer-port = 51412; - web-port = 8112; - secfile = toString <torrent-secrets> + "/deluge-auth"; - authfile = config.services.deluge.dataDir + "/myauth"; -in { - services.deluge = { - enable = true; - package = pkgs.deluge-2_x; - openFilesLimit = 65355; - declarative = true; - config = { - download_location = base + "/finished"; - allow_remote = true; - inherit daemon-port; - listen_ports = [ peer-port ]; - copy_torrent_file = true; - torrentfiles_location = base + "/torrents"; - max_active_seeding = 50; - max_connections_global = 1000; - max_half_open_connections = 200; - enabled_plugins = [ "AutoAdd" ]; - }; - openFirewall = true; - group = "download"; - authFile = authfile; - web = { - enable = true; - port = web-port; - }; - }; - - #systemd.services.deluged.serviceConfig.ExecStartPre = pkgs.writeDash "install-auth" '' - # install -odeluge "$secfile" "$authfile" - #''; - services.nginx.enable = true; - services.nginx.virtualHosts."torrent.${config.krebs.build.host.name}.r".locations."/" = { proxyPass = "http://localhost:${toString web-port}/"; }; - state = [ "/var/lib/deluge/.config/deluge" ]; -} diff --git a/makefu/2configs/torrent/rtorrent.nix b/makefu/2configs/torrent/rtorrent.nix deleted file mode 100644 index 87ecc1e19..000000000 --- a/makefu/2configs/torrent/rtorrent.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - basicAuth = import <torrent-secrets/auth.nix>; - peer-port = 51412; - web-port = 8112; - daemon-port = 58846; - dldir = config.makefu.dl-dir; -in { - services.rtorrent = { - enable = true; - user = "rtorrent"; - port = peer-port; - openFirewall = true; - group = "download"; - downloadDir = dldir; - configText = '' - schedule2 = watch_start, 10, 10, ((load.start, (cat, (cfg.watch), "/media/cloud/watch/*.torrent"))) - ''; - }; - - systemd.services.flood = { - wantedBy = [ "multi-user.target" ]; - wants = [ "rtorrent.service" ]; - after = [ "rtorrent.service" ]; - serviceConfig = { - User = "rtorrent"; - ExecStart = "${pkgs.nodePackages.flood}/bin/flood --auth none --port ${toString web-port} --rtsocket ${config.services.rtorrent.rpcSocket}"; - }; - }; - - #security.acme.certs."torrent.${config.krebs.build.host.name}.r".server = config.krebs.ssl.acmeURL; - - services.nginx = { - enable = true; - virtualHosts."torrent.${config.krebs.build.host.name}.r" = { - # TODO - inherit basicAuth; - #enableACME = true; - #addSSL = true; - root = "${pkgs.nodePackages.flood}/lib/node_modules/flood/dist/assets"; - locations."/api".extraConfig = '' - proxy_pass http://localhost:${toString web-port}; - ''; - locations."/".extraConfig = '' - try_files $uri /index.html; - ''; - }; - }; -} diff --git a/makefu/2configs/udpt.nix b/makefu/2configs/udpt.nix deleted file mode 100644 index 922743bf1..000000000 --- a/makefu/2configs/udpt.nix +++ /dev/null @@ -1,37 +0,0 @@ -{pkgs, ...}: - -let - daemon-port = 6969; - cfgfile = pkgs.writeText "udpt-config" '' - [db] - driver=sqlite3 - param=:memory: - - [tracker] - is_dynamic=yes - port=6969 - threads=5 - allow_remotes=yes - - # allow retiolum: - allow_iana_ips=yes - announce_interval=1800 - cleanup_interval=120 - - [apiserver] - enable=yes - - [logging] - filename=/tmp/udpt.log - level=warning - ''; -in { - makefu.udpt = { - enable = true; - inherit cfgfile; - }; - networking.firewall.extraCommands = '' - iptables -A INPUT -i retiolum -p udp --dport ${toString daemon-port} -j ACCEPT - ''; - -} diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix deleted file mode 100644 index e6952fdbc..000000000 --- a/makefu/2configs/urlwatch/default.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ config, lib, ... }: - -let - grss = name: { #github rss feed - url = "https://github.com/${name}/releases.atom"; - filter = "grepi:(<updated|<media.thumbnail|Continuous build|Travis CI build log:)"; - }; - lidl = url: { - inherit url; - filter = "element-by-id:articledetail,html2text"; - }; -in { - krebs.urlwatch = { - enable = true; - mailto = config.krebs.users.makefu.mail; - onCalendar = "*-*-* 03,15:13:37"; - hooksFile = ./hook.py; - urls = [ - ## nixpkgs maintenance - # github - ## No rate limit - - ## rate limited - # https://api.github.com/repos/mcepl/gen-oath-safe/commits - https://api.github.com/repos/naim94a/udpt/commits - https://api.github.com/repos/dirkvdb/ps3netsrv--/commits - - # pypi - https://pypi.python.org/simple/bepasty/ - https://pypi.python.org/simple/devpi-client/ - https://pypi.python.org/simple/sqlalchemy_migrate/ - https://pypi.python.org/simple/xstatic/ - https://pypi.python.org/simple/pyserial/ - https://pypi.python.org/simple/semantic_version/ - # weird shit - #{ url = "https://www.zigbee2mqtt.io/guide/adapters/"; - # filter = "html2text"; - #} - http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/ - https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack - - http://www.iozone.org/src/current/ - - #{ - # url = https://newellrubbermaid.secure.force.com/dymopkb/articles/en_US/FAQ/Dymo-Drivers-and-Downloads/?l=en_US&c=Segment:Dymo&fs=Search&pn=1 ; - # filter = "grep:Software/Linux/dymo-cups-drivers"; - #} - - # shopping - - # TODO: dymo cups - - ] ++ map grss [ - "amadvance/snapraid" - "radare/radare2" - "ovh/python-ovh" - "embray/d2to1" - "vicious-widgets/vicious" - "embray/d2to1" - "rapid7/metasploit-framework" - "GothenburgBitFactory/taskserver" - "GothenburgBitFactory/taskwarrior" - "mhagger/cvs2svn" - ]; - }; -} - diff --git a/makefu/2configs/urlwatch/hook.py b/makefu/2configs/urlwatch/hook.py deleted file mode 100644 index 7d9282c7e..000000000 --- a/makefu/2configs/urlwatch/hook.py +++ /dev/null @@ -1,16 +0,0 @@ -import logging -logging.basicConfig(level=logging.INFO) -log = logging.getLogger() -log.setLevel(level=logging.INFO) - -import re -import json - -from urlwatch import filters - - -class JsonFilter(filters.RegexMatchFilter): - MATCH = {'url': re.compile('https?://api.github.com/.*')} - - def filter(self, data): - return json.dumps(json.loads(data),indent=2,sort_keys=True) diff --git a/makefu/2configs/virtualisation/docker.nix b/makefu/2configs/virtualisation/docker.nix deleted file mode 100644 index 1c204db85..000000000 --- a/makefu/2configs/virtualisation/docker.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ pkgs, config, ... }: -{ - virtualisation.docker.enable = true; - environment.systemPackages = with pkgs;[ - docker - docker-compose - ]; - users.users.${config.krebs.build.user.name}.extraGroups = [ "docker" ]; -} diff --git a/makefu/2configs/virtualisation/libvirt.nix b/makefu/2configs/virtualisation/libvirt.nix deleted file mode 100644 index b90467ab8..000000000 --- a/makefu/2configs/virtualisation/libvirt.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - mainUser = config.krebs.build.user; -in { - virtualisation.libvirtd.enable = true; - users.extraUsers.${mainUser.name}.extraGroups = [ "libvirtd" ]; - networking.firewall.checkReversePath = false; # TODO: unsolved issue in nixpkgs:#9067 [bug] -} diff --git a/makefu/2configs/virtualisation/virtualbox.nix b/makefu/2configs/virtualisation/virtualbox.nix deleted file mode 100644 index a8a50939f..000000000 --- a/makefu/2configs/virtualisation/virtualbox.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - virtualisation.virtualbox.host.enable = true; - virtualisation.virtualbox.host.enableExtensionPack = true; - # virtualisation.virtualbox.host.enableHardening = false; - users.extraGroups.vboxusers.members = [ config.krebs.build.user.name ]; -} diff --git a/makefu/2configs/vncserver.nix b/makefu/2configs/vncserver.nix deleted file mode 100644 index e62a3f748..000000000 --- a/makefu/2configs/vncserver.nix +++ /dev/null @@ -1,61 +0,0 @@ -{config,lib,pkgs, ...}: -with lib; -let - pwfile = (toString <secrets>)+ "/vnc-password"; # create with `vncpasswd` - pwtmp = "/tmp/vnc-password"; - user = config.makefu.gui.user; - vnc_port = 5900; - web_port = 6080; -in { - networking.firewall.allowedTCPPorts = [ 80 vnc_port web_port ]; - systemd.services = { - # TODO: terminal-server without a real gui and virtual display manager - terminal-server = { - description = "VNC Terminal Server"; - after = [ "display-manager.service" "graphical.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - User = user; - Restart = "always"; - ExecStartPre = pkgs.writeDash "terminal-pre" '' - sleep 5 - install -m0700 -o ${user} ${pwfile} ${pwtmp} - ''; - ExecStart = "${pkgs.tigervnc}/bin/x0vncserver -display :0 -rfbport ${toString vnc_port} -passwordfile ${pwtmp}"; - PermissionsStartOnly = true; - PrivateTmp = true; - }; - }; - terminal-web = { - description = "noVNC Web Server"; - after = [ "terminal-server.service" "graphical.target" "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - User = "nobody"; - ExecStart = "${pkgs.novnc}/bin/launch-novnc.sh --listen ${toString web_port} --vnc localhost:${toString vnc_port}"; - PrivateTmp = true; - }; - }; - }; - services.nginx.enable = true; - services.nginx.virtualHosts._.locations = { - "/" = { - root = "${pkgs.novnc}"; - index = "vnc_auto.html"; - }; - "/websockify" = { - proxyPass = "http://127.0.0.1:6080/"; - extraConfig = '' - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - # VNC connection timeout - proxy_read_timeout 61s; - - # Disable cache - proxy_buffering off; - ''; - }; - }; -} diff --git a/makefu/2configs/vpn/openvpn-server.nix b/makefu/2configs/vpn/openvpn-server.nix deleted file mode 100644 index 79754264f..000000000 --- a/makefu/2configs/vpn/openvpn-server.nix +++ /dev/null @@ -1,111 +0,0 @@ -{ config, pkgs, ... }: -let - out-itf = config.makefu.server.primary-itf; - # generate via openvpn --genkey --secret static.key - client-key = (toString <secrets>) + "/openvpn-laptop.key"; - # domain = "vpn.euer.krebsco.de"; - domain = "gum.krebsco.de"; - dev = "tun0"; - port = 1194; - tcp-port = 3306; -in { - boot.kernel.sysctl."net.ipv4.ip_forward" = 1; - networking.nat = { - enable = true; - externalInterface = out-itf; - internalInterfaces = [ dev ]; - }; - networking.firewall.trustedInterfaces = [ dev ]; - networking.firewall.allowedUDPPorts = [ port ]; - environment.systemPackages = [ pkgs.openvpn ]; - services.openvpn.servers.smartphone.config = '' - #user nobody - #group nobody - - dev ${dev} - proto udp - ifconfig 10.8.0.1 10.8.0.2 - secret ${client-key} - port ${toString port} - cipher AES-256-CBC - comp-lzo - - keepalive 10 60 - ping-timer-rem - persist-tun - persist-key - ''; - - environment.etc."openvpn/smartphone-client.ovpn" = { - text = '' - client - dev tun - remote "${domain}" - ifconfig 10.8.0.1 10.8.0.2 - port ${toString port} - - cipher AES-256-CBC - comp-lzo - keepalive 10 60 - resolv-retry infinite - nobind - persist-key - persist-tun - - secret [inline] - - ''; - mode = "700"; - }; - system.activationScripts.openvpn-addkey = '' - f="/etc/openvpn/smartphone-client.ovpn" - if ! grep -q '<secret>' $f; then - echo "appending secret key" - echo "<secret>" >> $f - cat ${client-key} >> $f - echo "</secret>" >> $f - fi - ''; - #smartphone-tcp.config = '' - # user nobody - # group nobody - - # dev ${dev} - # proto tcp - # ifconfig 10.8.0.1 10.8.0.3 - # secret ${client-key} - # port tcp-port - # comp-lzo - - # keepalive 10 60 - # ping-timer-rem - # persist-tun - # persist-key - #''; - # TODO: forward via 443 - # stream { - # - # map $ssl_preread_server_name $name { - # vpn1.app.com vpn1_backend; - # vpn2.app.com vpn2_backend; - # https.app.com https_backend; - # } - # - # upstream vpn1_backend { - # server 10.0.0.3:443; - # } - # - # upstream vpn2_backend { - # server 10.0.0.4:443; - # } - # - # upstream https_backend { - # server 10.0.0.5:443; - # - # server { - # listen 10.0.0.1:443; - # proxy_pass $name; - # ssl_preread on; - # } - # } -} diff --git a/makefu/2configs/vpn/vpngate.nix b/makefu/2configs/vpn/vpngate.nix deleted file mode 100644 index acf9e9cfe..000000000 --- a/makefu/2configs/vpn/vpngate.nix +++ /dev/null @@ -1,388 +0,0 @@ -{ pkgs, ... }: -{ - services.openvpn.servers.vpngate-france = { - config = '' - dev tun - proto udp - remote coreeu1.opengw.net 1194 - cipher AES-128-CBC - auth SHA1 - resolv-retry infinite - nobind - persist-key - persist-tun - client - verb 3 - - <ca> - -----BEGIN CERTIFICATE----- - MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB - hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G - A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV - BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5 - MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT - EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR - Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh - dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR - 6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8X - pz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC - 9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu/Nio5JIk2kNrYrhV - /erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEf - Zd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z - +pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7w - qP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZah - SL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVIC - u9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma/RMhnEw6abf - Fobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq/yapiq - crxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E - FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB - /wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvl - wFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM - 4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV - 2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSgtZx8jb8uk2Intzna - FxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwWsRqZ - CuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiK - boHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmcke - jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL - S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb - QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl - 0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB - NVOFBkpdn627G190 - -----END CERTIFICATE----- - - </ca> - - - <cert> - -----BEGIN CERTIFICATE----- - MIICxjCCAa4CAQAwDQYJKoZIhvcNAQEFBQAwKTEaMBgGA1UEAxMRVlBOR2F0ZUNs - aWVudENlcnQxCzAJBgNVBAYTAkpQMB4XDTEzMDIxMTAzNDk0OVoXDTM3MDExOTAz - MTQwN1owKTEaMBgGA1UEAxMRVlBOR2F0ZUNsaWVudENlcnQxCzAJBgNVBAYTAkpQ - MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5h2lgQQYUjwoKYJbzVZA - 5VcIGd5otPc/qZRMt0KItCFA0s9RwReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD - 4W8GmJe8zapJnLsD39OSMRCzZJnczW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQ - CjntLIWk5OLLVkFt9/tScc1GDtci55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67 - XCKJnGB5nlQ+HsMYPV/O49Ld91ZN/2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6h - p/0yXnTB//mWutBGpdUlIbwiITbAmrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGD - ywIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQChO5hgcw/4oWfoEFLu9kBa1B//kxH8 - hQkChVNn8BRC7Y0URQitPl3DKEed9URBDdg2KOAz77bb6ENPiliD+a38UJHIRMqe - UBHhllOHIzvDhHFbaovALBQceeBzdkQxsKQESKmQmR832950UCovoyRB61UyAV7h - +mZhYPGRKXKSJI6s0Egg/Cri+Cwk4bjJfrb5hVse11yh4D9MHhwSfCOH+0z4hPUT - Fku7dGavURO5SVxMn/sL6En5D+oSeXkadHpDs+Airym2YHh15h0+jPSOoR6yiVp/ - 6zZeZkrN43kuS73KpKDFjfFPh8t4r1gOIjttkNcQqBccusnplQ7HJpsk - -----END CERTIFICATE----- - - </cert> - - <key> - -----BEGIN RSA PRIVATE KEY----- - MIIEpAIBAAKCAQEA5h2lgQQYUjwoKYJbzVZA5VcIGd5otPc/qZRMt0KItCFA0s9R - wReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD4W8GmJe8zapJnLsD39OSMRCzZJnc - zW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQCjntLIWk5OLLVkFt9/tScc1GDtci - 55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67XCKJnGB5nlQ+HsMYPV/O49Ld91ZN - /2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6hp/0yXnTB//mWutBGpdUlIbwiITbA - mrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGDywIDAQABAoIBAERV7X5AvxA8uRiK - k8SIpsD0dX1pJOMIwakUVyvc4EfN0DhKRNb4rYoSiEGTLyzLpyBc/A28Dlkm5eOY - fjzXfYkGtYi/Ftxkg3O9vcrMQ4+6i+uGHaIL2rL+s4MrfO8v1xv6+Wky33EEGCou - QiwVGRFQXnRoQ62NBCFbUNLhmXwdj1akZzLU4p5R4zA3QhdxwEIatVLt0+7owLQ3 - lP8sfXhppPOXjTqMD4QkYwzPAa8/zF7acn4kryrUP7Q6PAfd0zEVqNy9ZCZ9ffho - zXedFj486IFoc5gnTp2N6jsnVj4LCGIhlVHlYGozKKFqJcQVGsHCqq1oz2zjW6LS - oRYIHgECgYEA8zZrkCwNYSXJuODJ3m/hOLVxcxgJuwXoiErWd0E42vPanjjVMhnt - KY5l8qGMJ6FhK9LYx2qCrf/E0XtUAZ2wVq3ORTyGnsMWre9tLYs55X+ZN10Tc75z - 4hacbU0hqKN1HiDmsMRY3/2NaZHoy7MKnwJJBaG48l9CCTlVwMHocIECgYEA8jby - dGjxTH+6XHWNizb5SRbZxAnyEeJeRwTMh0gGzwGPpH/sZYGzyu0SySXWCnZh3Rgq - 5uLlNxtrXrljZlyi2nQdQgsq2YrWUs0+zgU+22uQsZpSAftmhVrtvet6MjVjbByY - DADciEVUdJYIXk+qnFUJyeroLIkTj7WYKZ6RjksCgYBoCFIwRDeg42oK89RFmnOr - LymNAq4+2oMhsWlVb4ejWIWeAk9nc+GXUfrXszRhS01mUnU5r5ygUvRcarV/T3U7 - TnMZ+I7Y4DgWRIDd51znhxIBtYV5j/C/t85HjqOkH+8b6RTkbchaX3mau7fpUfds - Fq0nhIq42fhEO8srfYYwgQKBgQCyhi1N/8taRwpk+3/IDEzQwjbfdzUkWWSDk9Xs - H/pkuRHWfTMP3flWqEYgW/LW40peW2HDq5imdV8+AgZxe/XMbaji9Lgwf1RY005n - KxaZQz7yqHupWlLGF68DPHxkZVVSagDnV/sztWX6SFsCqFVnxIXifXGC4cW5Nm9g - va8q4QKBgQCEhLVeUfdwKvkZ94g/GFz731Z2hrdVhgMZaU/u6t0V95+YezPNCQZB - wmE9Mmlbq1emDeROivjCfoGhR3kZXW1pTKlLh6ZMUQUOpptdXva8XxfoqQwa3enA - M7muBbF0XN7VO80iJPv+PmIZdEIAkpwKfi201YB+BafCIuGxIF50Vg== - -----END RSA PRIVATE KEY----- - - </key> - ''; - autoStart = false; - updateResolvConf = false; - }; - services.openvpn.servers.vpngate-japan = { - config = '' - dev tun - proto udp - remote vpn311786078.opengw.net 1573 - cipher AES-128-CBC - auth SHA1 - resolv-retry infinite - nobind - persist-key - persist-tun - client - verb 3 - #auth-user-pass - - <ca> - -----BEGIN CERTIFICATE----- - MIIDHDCCAgSgAwIBAgIFAIRyJXcwDQYJKoZIhvcNAQELBQAwRTEYMBYGA1UEAwwP - a3JqejV3YXE1YXliLmpwMRwwGgYDVQQKDBNlcnp6eTBxZnhwaiAxNHQzZGJnMQsw - CQYDVQQGEwJVUzAeFw0xNzAxMDMwMjE3MDNaFw0yNDA1MDEwMjE3MDNaMEUxGDAW - BgNVBAMMD2tyano1d2FxNWF5Yi5qcDEcMBoGA1UECgwTZXJ6enkwcWZ4cGogMTR0 - M2RiZzELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB - AQDBRSiY0DMxjUZWRtpq892vPdk+TQ4Pgxnscfzsw3MMJBGaNhIzLvNSzUdFWJq1 - p6SpCD8pJsxQifDzM5t7KGqWUmY2vgucAaGCZtbrqijm74rJOEfyF3D8stYBkTmb - AOBkRXtxoi62M+d3xgNox1VaDXndgOqQhnj4INChWf4b8lc33I/2NmwVa2d9jh+e - Qx1OsnbYGi9EM/RfTKfGcPxtusN8IEzwo2q0s7PLxgiIbCZs3aAMZIvOdi9CkFkQ - +T9wQlC1BJwbWFXqUPR2r4ugE0iYepjhEd19KuaGqW0PYivHGM9lRU2JjfJujBeF - vaOjMExvi+Mwl78Qmm7wbH1BAgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJ - KoZIhvcNAQELBQADggEBABoJhTO8WHB6MEWbsTXUVYG/Ino1TQTkha/0BtJ02Mdi - AV0QLOjZM0Q5F2Tg2puRK92nDp7VLA8VUqlrvLqBh6ljMEEhEwaVkV/ZigqUmGlV - nOE8NABj1mmsJSeh8DQjNclPkkOrKC6sudk9NsU4I51kDPr3M6jCd+/vBoZ6/lVR - oOLVnHOhWVsOdw/I792j4DEpVB8U8g2LhYdAJZNoKvfc6F32TEZphFxU3yDA4Kb5 - BqC8IU3O5eL7vrkVpvHdzaO+Q6wJ148/PbWXpsxm8mI39I6sQ820mGw/PGrmBAgh - WgJ52Kr48Vq0TVmdew0mz+xzU7SnpndmhVyFk9nN3c8= - -----END CERTIFICATE----- - </ca> - - <cert> - -----BEGIN CERTIFICATE----- - MIICxjCCAa4CAQAwDQYJKoZIhvcNAQEFBQAwKTEaMBgGA1UEAxMRVlBOR2F0ZUNs - aWVudENlcnQxCzAJBgNVBAYTAkpQMB4XDTEzMDIxMTAzNDk0OVoXDTM3MDExOTAz - MTQwN1owKTEaMBgGA1UEAxMRVlBOR2F0ZUNsaWVudENlcnQxCzAJBgNVBAYTAkpQ - MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5h2lgQQYUjwoKYJbzVZA - 5VcIGd5otPc/qZRMt0KItCFA0s9RwReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD - 4W8GmJe8zapJnLsD39OSMRCzZJnczW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQ - CjntLIWk5OLLVkFt9/tScc1GDtci55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67 - XCKJnGB5nlQ+HsMYPV/O49Ld91ZN/2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6h - p/0yXnTB//mWutBGpdUlIbwiITbAmrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGD - ywIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQChO5hgcw/4oWfoEFLu9kBa1B//kxH8 - hQkChVNn8BRC7Y0URQitPl3DKEed9URBDdg2KOAz77bb6ENPiliD+a38UJHIRMqe - UBHhllOHIzvDhHFbaovALBQceeBzdkQxsKQESKmQmR832950UCovoyRB61UyAV7h - +mZhYPGRKXKSJI6s0Egg/Cri+Cwk4bjJfrb5hVse11yh4D9MHhwSfCOH+0z4hPUT - Fku7dGavURO5SVxMn/sL6En5D+oSeXkadHpDs+Airym2YHh15h0+jPSOoR6yiVp/ - 6zZeZkrN43kuS73KpKDFjfFPh8t4r1gOIjttkNcQqBccusnplQ7HJpsk - -----END CERTIFICATE----- - </cert> - - <key> - -----BEGIN RSA PRIVATE KEY----- - MIIEpAIBAAKCAQEA5h2lgQQYUjwoKYJbzVZA5VcIGd5otPc/qZRMt0KItCFA0s9R - wReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD4W8GmJe8zapJnLsD39OSMRCzZJnc - zW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQCjntLIWk5OLLVkFt9/tScc1GDtci - 55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67XCKJnGB5nlQ+HsMYPV/O49Ld91ZN - /2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6hp/0yXnTB//mWutBGpdUlIbwiITbA - mrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGDywIDAQABAoIBAERV7X5AvxA8uRiK - k8SIpsD0dX1pJOMIwakUVyvc4EfN0DhKRNb4rYoSiEGTLyzLpyBc/A28Dlkm5eOY - fjzXfYkGtYi/Ftxkg3O9vcrMQ4+6i+uGHaIL2rL+s4MrfO8v1xv6+Wky33EEGCou - QiwVGRFQXnRoQ62NBCFbUNLhmXwdj1akZzLU4p5R4zA3QhdxwEIatVLt0+7owLQ3 - lP8sfXhppPOXjTqMD4QkYwzPAa8/zF7acn4kryrUP7Q6PAfd0zEVqNy9ZCZ9ffho - zXedFj486IFoc5gnTp2N6jsnVj4LCGIhlVHlYGozKKFqJcQVGsHCqq1oz2zjW6LS - oRYIHgECgYEA8zZrkCwNYSXJuODJ3m/hOLVxcxgJuwXoiErWd0E42vPanjjVMhnt - KY5l8qGMJ6FhK9LYx2qCrf/E0XtUAZ2wVq3ORTyGnsMWre9tLYs55X+ZN10Tc75z - 4hacbU0hqKN1HiDmsMRY3/2NaZHoy7MKnwJJBaG48l9CCTlVwMHocIECgYEA8jby - dGjxTH+6XHWNizb5SRbZxAnyEeJeRwTMh0gGzwGPpH/sZYGzyu0SySXWCnZh3Rgq - 5uLlNxtrXrljZlyi2nQdQgsq2YrWUs0+zgU+22uQsZpSAftmhVrtvet6MjVjbByY - DADciEVUdJYIXk+qnFUJyeroLIkTj7WYKZ6RjksCgYBoCFIwRDeg42oK89RFmnOr - LymNAq4+2oMhsWlVb4ejWIWeAk9nc+GXUfrXszRhS01mUnU5r5ygUvRcarV/T3U7 - TnMZ+I7Y4DgWRIDd51znhxIBtYV5j/C/t85HjqOkH+8b6RTkbchaX3mau7fpUfds - Fq0nhIq42fhEO8srfYYwgQKBgQCyhi1N/8taRwpk+3/IDEzQwjbfdzUkWWSDk9Xs - H/pkuRHWfTMP3flWqEYgW/LW40peW2HDq5imdV8+AgZxe/XMbaji9Lgwf1RY005n - KxaZQz7yqHupWlLGF68DPHxkZVVSagDnV/sztWX6SFsCqFVnxIXifXGC4cW5Nm9g - va8q4QKBgQCEhLVeUfdwKvkZ94g/GFz731Z2hrdVhgMZaU/u6t0V95+YezPNCQZB - wmE9Mmlbq1emDeROivjCfoGhR3kZXW1pTKlLh6ZMUQUOpptdXva8XxfoqQwa3enA - M7muBbF0XN7VO80iJPv+PmIZdEIAkpwKfi201YB+BafCIuGxIF50Vg== - -----END RSA PRIVATE KEY----- - </key> - - ''; - autoStart = false; - updateResolvConf = false; - }; - services.openvpn.servers.vpngate-usa1 = { - config = '' - dev tun - proto udp - remote vpn854005480.opengw.net 1434 - cipher AES-128-CBC - auth SHA1 - resolv-retry infinite - nobind - persist-key - persist-tun - client - verb 3 - - <ca> - -----BEGIN CERTIFICATE----- - MIIDEDCCAfigAwIBAgIFFzQRkTQwDQYJKoZIhvcNAQELBQAwPzEUMBIGA1UEAwwL - MWh6NWFzMWYuanAxGjAYBgNVBAoMEXYyMjZvdmdjIHJ0YTc3NXR6MQswCQYDVQQG - EwJVUzAeFw0xNjEwMjIxODE4MjRaFw0yNDAxMTkxODE4MjRaMD8xFDASBgNVBAMM - CzFoejVhczFmLmpwMRowGAYDVQQKDBF2MjI2b3ZnYyBydGE3NzV0ejELMAkGA1UE - BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDX6yJXCpA95oPU - /vO1wD6UiJnZfDB1fjJOa8gwgK6qbLHo5Cx2gEmUzYOGTlT2Fbser2kHA3xTRxDu - L+1dufGp8zEi116I5SkLDKRQqO/8h1bWQO7MB4k6K0YlYrWJGTLCanZB3zIS3F7P - 2qCALdZ40Y1QUQlMEqzg1exeaMDdgOPXDKe1f2L06RpZKQ3ozzHlFgMKamWlLk+/ - N+Flo0s5Z2cfgUBqoBmuXVGBX4ZFxozSojcpREp+sLstdJ56vsW3KztTYTjj6y9Q - MXNadwsTI6sB/kmex3R0phFlw/ucloXQTecbqWDvJrumQHjiI1HqP95c3Z/y4PoD - lZvUb15HAgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD - ggEBAJKHl41QHHuCBC8c3/0PNed3Y0+qRCnB7JB6SraYT5VRSA1dcpvmCESZE3WC - Sn7OaIBpIm6dBKFkCJgS7lEoMYzmazlfv/RpeRj8fmzcaOcoZdWHk/e1Mkzt5UAz - 2rsBxDgWmVJfmUR2gnEltvSWQKLdM/F+GB7LNckg58n4yBViCF3pp1HTq1Q59laV - QQNG8dSqy9EY8WI7oj/I60G6Gcd2dOt9+RXCCA3RZ/9zSGEi4AmDV7oRNfGEdmcy - YN2K13NlMO+Sdh4S90KVxGOXo2Q0G9HDWJ60f/I+3bxQFb+n85WAM38ZqX/9D72S - YD3YtJG14xlsO1BDPUgm1t6H8gc= - -----END CERTIFICATE----- - </ca> - - <cert> - -----BEGIN CERTIFICATE----- - MIICxjCCAa4CAQAwDQYJKoZIhvcNAQEFBQAwKTEaMBgGA1UEAxMRVlBOR2F0ZUNs - aWVudENlcnQxCzAJBgNVBAYTAkpQMB4XDTEzMDIxMTAzNDk0OVoXDTM3MDExOTAz - MTQwN1owKTEaMBgGA1UEAxMRVlBOR2F0ZUNsaWVudENlcnQxCzAJBgNVBAYTAkpQ - MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5h2lgQQYUjwoKYJbzVZA - 5VcIGd5otPc/qZRMt0KItCFA0s9RwReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD - 4W8GmJe8zapJnLsD39OSMRCzZJnczW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQ - CjntLIWk5OLLVkFt9/tScc1GDtci55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67 - XCKJnGB5nlQ+HsMYPV/O49Ld91ZN/2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6h - p/0yXnTB//mWutBGpdUlIbwiITbAmrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGD - ywIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQChO5hgcw/4oWfoEFLu9kBa1B//kxH8 - hQkChVNn8BRC7Y0URQitPl3DKEed9URBDdg2KOAz77bb6ENPiliD+a38UJHIRMqe - UBHhllOHIzvDhHFbaovALBQceeBzdkQxsKQESKmQmR832950UCovoyRB61UyAV7h - +mZhYPGRKXKSJI6s0Egg/Cri+Cwk4bjJfrb5hVse11yh4D9MHhwSfCOH+0z4hPUT - Fku7dGavURO5SVxMn/sL6En5D+oSeXkadHpDs+Airym2YHh15h0+jPSOoR6yiVp/ - 6zZeZkrN43kuS73KpKDFjfFPh8t4r1gOIjttkNcQqBccusnplQ7HJpsk - -----END CERTIFICATE----- - </cert> - - <key> - -----BEGIN RSA PRIVATE KEY----- - MIIEpAIBAAKCAQEA5h2lgQQYUjwoKYJbzVZA5VcIGd5otPc/qZRMt0KItCFA0s9R - wReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD4W8GmJe8zapJnLsD39OSMRCzZJnc - zW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQCjntLIWk5OLLVkFt9/tScc1GDtci - 55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67XCKJnGB5nlQ+HsMYPV/O49Ld91ZN - /2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6hp/0yXnTB//mWutBGpdUlIbwiITbA - mrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGDywIDAQABAoIBAERV7X5AvxA8uRiK - k8SIpsD0dX1pJOMIwakUVyvc4EfN0DhKRNb4rYoSiEGTLyzLpyBc/A28Dlkm5eOY - fjzXfYkGtYi/Ftxkg3O9vcrMQ4+6i+uGHaIL2rL+s4MrfO8v1xv6+Wky33EEGCou - QiwVGRFQXnRoQ62NBCFbUNLhmXwdj1akZzLU4p5R4zA3QhdxwEIatVLt0+7owLQ3 - lP8sfXhppPOXjTqMD4QkYwzPAa8/zF7acn4kryrUP7Q6PAfd0zEVqNy9ZCZ9ffho - zXedFj486IFoc5gnTp2N6jsnVj4LCGIhlVHlYGozKKFqJcQVGsHCqq1oz2zjW6LS - oRYIHgECgYEA8zZrkCwNYSXJuODJ3m/hOLVxcxgJuwXoiErWd0E42vPanjjVMhnt - KY5l8qGMJ6FhK9LYx2qCrf/E0XtUAZ2wVq3ORTyGnsMWre9tLYs55X+ZN10Tc75z - 4hacbU0hqKN1HiDmsMRY3/2NaZHoy7MKnwJJBaG48l9CCTlVwMHocIECgYEA8jby - dGjxTH+6XHWNizb5SRbZxAnyEeJeRwTMh0gGzwGPpH/sZYGzyu0SySXWCnZh3Rgq - 5uLlNxtrXrljZlyi2nQdQgsq2YrWUs0+zgU+22uQsZpSAftmhVrtvet6MjVjbByY - DADciEVUdJYIXk+qnFUJyeroLIkTj7WYKZ6RjksCgYBoCFIwRDeg42oK89RFmnOr - LymNAq4+2oMhsWlVb4ejWIWeAk9nc+GXUfrXszRhS01mUnU5r5ygUvRcarV/T3U7 - TnMZ+I7Y4DgWRIDd51znhxIBtYV5j/C/t85HjqOkH+8b6RTkbchaX3mau7fpUfds - Fq0nhIq42fhEO8srfYYwgQKBgQCyhi1N/8taRwpk+3/IDEzQwjbfdzUkWWSDk9Xs - H/pkuRHWfTMP3flWqEYgW/LW40peW2HDq5imdV8+AgZxe/XMbaji9Lgwf1RY005n - KxaZQz7yqHupWlLGF68DPHxkZVVSagDnV/sztWX6SFsCqFVnxIXifXGC4cW5Nm9g - va8q4QKBgQCEhLVeUfdwKvkZ94g/GFz731Z2hrdVhgMZaU/u6t0V95+YezPNCQZB - wmE9Mmlbq1emDeROivjCfoGhR3kZXW1pTKlLh6ZMUQUOpptdXva8XxfoqQwa3enA - M7muBbF0XN7VO80iJPv+PmIZdEIAkpwKfi201YB+BafCIuGxIF50Vg== - -----END RSA PRIVATE KEY----- - </key> - ''; - autoStart = false; - updateResolvConf = false; - }; - services.openvpn.servers.vpngate-usa2 = { - config = '' - dev tun - - proto udp - - remote vpn444417710.opengw.net 1195 - - cipher AES-128-CBC - auth SHA1 - - resolv-retry infinite - nobind - persist-key - persist-tun - client - verb 3 - #auth-user-pass - - <ca> - -----BEGIN CERTIFICATE----- - MIIDIzCCAgugAwIBAgIEMERikDANBgkqhkiG9w0BAQsFADBJMR8wHQYDVQQDDBZz - cmlnbGh6dWwxamtraDdtY2UubmV0MRkwFwYDVQQKDBBkY2c3MTQ4bnQgb3Rmdjd0 - MQswCQYDVQQGEwJVUzAeFw0xNjEyMDUyMzMzNTdaFw0yMTA4MjkyMzMzNTdaMEkx - HzAdBgNVBAMMFnNyaWdsaHp1bDFqa2toN21jZS5uZXQxGTAXBgNVBAoMEGRjZzcx - NDhudCBvdGZ2N3QxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A - MIIBCgKCAQEA8ASCMZyeVeTkRELTVJKzWFufi9LFq6N1euhOK9KNLeCn5OJXxeJ6 - FoRD2QtDHwHscEPrJ2uIVqqxvm/uuZ7aWKXVuRzCbYeQih6tUK4M/Q55iKeynPMt - vCBH28IasH33fGbw95S82nXEwWK6tR3+WdIcHFJ7RZz1QkmsWOzI/vn2pNeyZCIG - QjuFJEfiSTNorqhR29vJhWR3pRLWgorAQav7ukgAdQqKIldX0LQr4BoN5HLDe7AC - 9jO3Xs6dQieyxnF183XVigZZ+cfaD9kK1m/+4JKWNphIGi9bsGRumjJwQgrv35CA - 6+FCMXRUM7PQljjlgDhdW4VeYtX0tg46uwIDAQABoxMwETAPBgNVHRMBAf8EBTAD - AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQDUjycraBUWrVvtQ4touYR1T9+msLhFc3RO - clHnyw+2PEyNdTy8ra13dUXkWqIgWnyxj8CSFJmfLCdxuQrNEQ8jF7rJNGqujVI1 - +xjao5fIt33EAwg2CFDs5DETEcwb7/lJIs1uwwiDPIZrmXyoL9My9ZZ8DKkRy4LS - 1+GZx4Y9v/G1AFKfQ4n//v8s+SYQS3JZxspEONj8M9VkKjuYonFR6eegKWo37QaY - hy9+4qTRGbviET1si+fZ0LVweyfG3t0Fg8BJn+1YP9kpLJdjOtzKCFbdIrjY3XSS - 3ehfN8C5mGWk0pQMWJs+xYIfB0OvDRgehICw0PIvps8Sv8gu4Bve - -----END CERTIFICATE----- - - </ca> - - <cert> - -----BEGIN CERTIFICATE----- - MIICxjCCAa4CAQAwDQYJKoZIhvcNAQEFBQAwKTEaMBgGA1UEAxMRVlBOR2F0ZUNs - aWVudENlcnQxCzAJBgNVBAYTAkpQMB4XDTEzMDIxMTAzNDk0OVoXDTM3MDExOTAz - MTQwN1owKTEaMBgGA1UEAxMRVlBOR2F0ZUNsaWVudENlcnQxCzAJBgNVBAYTAkpQ - MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5h2lgQQYUjwoKYJbzVZA - 5VcIGd5otPc/qZRMt0KItCFA0s9RwReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD - 4W8GmJe8zapJnLsD39OSMRCzZJnczW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQ - CjntLIWk5OLLVkFt9/tScc1GDtci55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67 - XCKJnGB5nlQ+HsMYPV/O49Ld91ZN/2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6h - p/0yXnTB//mWutBGpdUlIbwiITbAmrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGD - ywIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQChO5hgcw/4oWfoEFLu9kBa1B//kxH8 - hQkChVNn8BRC7Y0URQitPl3DKEed9URBDdg2KOAz77bb6ENPiliD+a38UJHIRMqe - UBHhllOHIzvDhHFbaovALBQceeBzdkQxsKQESKmQmR832950UCovoyRB61UyAV7h - +mZhYPGRKXKSJI6s0Egg/Cri+Cwk4bjJfrb5hVse11yh4D9MHhwSfCOH+0z4hPUT - Fku7dGavURO5SVxMn/sL6En5D+oSeXkadHpDs+Airym2YHh15h0+jPSOoR6yiVp/ - 6zZeZkrN43kuS73KpKDFjfFPh8t4r1gOIjttkNcQqBccusnplQ7HJpsk - -----END CERTIFICATE----- - - </cert> - - <key> - -----BEGIN RSA PRIVATE KEY----- - MIIEpAIBAAKCAQEA5h2lgQQYUjwoKYJbzVZA5VcIGd5otPc/qZRMt0KItCFA0s9R - wReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD4W8GmJe8zapJnLsD39OSMRCzZJnc - zW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQCjntLIWk5OLLVkFt9/tScc1GDtci - 55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67XCKJnGB5nlQ+HsMYPV/O49Ld91ZN - /2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6hp/0yXnTB//mWutBGpdUlIbwiITbA - mrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGDywIDAQABAoIBAERV7X5AvxA8uRiK - k8SIpsD0dX1pJOMIwakUVyvc4EfN0DhKRNb4rYoSiEGTLyzLpyBc/A28Dlkm5eOY - fjzXfYkGtYi/Ftxkg3O9vcrMQ4+6i+uGHaIL2rL+s4MrfO8v1xv6+Wky33EEGCou - QiwVGRFQXnRoQ62NBCFbUNLhmXwdj1akZzLU4p5R4zA3QhdxwEIatVLt0+7owLQ3 - lP8sfXhppPOXjTqMD4QkYwzPAa8/zF7acn4kryrUP7Q6PAfd0zEVqNy9ZCZ9ffho - zXedFj486IFoc5gnTp2N6jsnVj4LCGIhlVHlYGozKKFqJcQVGsHCqq1oz2zjW6LS - oRYIHgECgYEA8zZrkCwNYSXJuODJ3m/hOLVxcxgJuwXoiErWd0E42vPanjjVMhnt - KY5l8qGMJ6FhK9LYx2qCrf/E0XtUAZ2wVq3ORTyGnsMWre9tLYs55X+ZN10Tc75z - 4hacbU0hqKN1HiDmsMRY3/2NaZHoy7MKnwJJBaG48l9CCTlVwMHocIECgYEA8jby - dGjxTH+6XHWNizb5SRbZxAnyEeJeRwTMh0gGzwGPpH/sZYGzyu0SySXWCnZh3Rgq - 5uLlNxtrXrljZlyi2nQdQgsq2YrWUs0+zgU+22uQsZpSAftmhVrtvet6MjVjbByY - DADciEVUdJYIXk+qnFUJyeroLIkTj7WYKZ6RjksCgYBoCFIwRDeg42oK89RFmnOr - LymNAq4+2oMhsWlVb4ejWIWeAk9nc+GXUfrXszRhS01mUnU5r5ygUvRcarV/T3U7 - TnMZ+I7Y4DgWRIDd51znhxIBtYV5j/C/t85HjqOkH+8b6RTkbchaX3mau7fpUfds - Fq0nhIq42fhEO8srfYYwgQKBgQCyhi1N/8taRwpk+3/IDEzQwjbfdzUkWWSDk9Xs - H/pkuRHWfTMP3flWqEYgW/LW40peW2HDq5imdV8+AgZxe/XMbaji9Lgwf1RY005n - KxaZQz7yqHupWlLGF68DPHxkZVVSagDnV/sztWX6SFsCqFVnxIXifXGC4cW5Nm9g - va8q4QKBgQCEhLVeUfdwKvkZ94g/GFz731Z2hrdVhgMZaU/u6t0V95+YezPNCQZB - wmE9Mmlbq1emDeROivjCfoGhR3kZXW1pTKlLh6ZMUQUOpptdXva8XxfoqQwa3enA - M7muBbF0XN7VO80iJPv+PmIZdEIAkpwKfi201YB+BafCIuGxIF50Vg== - -----END RSA PRIVATE KEY----- - - </key> - ''; - autoStart = false; - updateResolvConf = false; - }; -} diff --git a/makefu/2configs/vpn/vpnws/client.nix b/makefu/2configs/vpn/vpnws/client.nix deleted file mode 100644 index d06bc27db..000000000 --- a/makefu/2configs/vpn/vpnws/client.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ pkgs, ... }: -{ - users.users.makefu.packages = with pkgs; [ iproute vpn-ws ]; - # vpn-ws-client vpnws wss://localhost/vpn --no-verify --exec "ip link set vpnws up;ip addr add 10.244.1.2/24 dev vpnws" - networking.interfaces.vpnws = { - virtual = true; - virtualType = "tap"; - }; -} diff --git a/makefu/2configs/vpn/vpnws/server.nix b/makefu/2configs/vpn/vpnws/server.nix deleted file mode 100644 index 6baa5ff11..000000000 --- a/makefu/2configs/vpn/vpnws/server.nix +++ /dev/null @@ -1,42 +0,0 @@ -{pkgs, options, ... }: -let - pkg = pkgs.vpn-ws; - uid = "nginx"; - gid = "nginx"; - ip = "${pkgs.iproute}/bin/ip"; - socket = "/run/vpn.sock"; - htpasswd = (toString <secrets>) + "/vpn-ws-auth"; - nginx-prepared-secrets = "/var/spool/nginx/vpn-ws-auth"; -in { - systemd.services.vpn-ws-auth-prepare = { - wantedBy = [ "multi-user.target" ]; - before = [ "nginx.service" ]; - script = "install -m700 -o${uid} -g${gid} ${htpasswd} ${nginx-prepared-secrets}"; - }; - services.nginx.virtualHosts."euer.krebsco.de".locations."/vpn" = { - extraConfig = '' - auth_basic "please stand by..."; - auth_basic_user_file ${nginx-prepared-secrets}; - uwsgi_pass unix:${socket}; - include ${pkgs.nginx}/conf/uwsgi_params; - ''; - }; - - networking.interfaces.vpnws = { - virtual = true; - virtualType = "tap"; - }; - systemd.services.vpnws = { - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - serviceConfig = { - Restart = "always"; - PrivateTmp = true; - ExecStartPre = pkgs.writeDash "vpnws-pre" '' - ${ip} link set vpnws up - ${ip} addr add 10.244.1.1/24 dev vpnws || : - ''; - ExecStart = "${pkg}/bin/vpn-ws --uid ${uid} --gid ${gid} --tuntap vpnws ${socket}"; - }; - }; -} diff --git a/makefu/2configs/wireguard/server.nix b/makefu/2configs/wireguard/server.nix deleted file mode 100644 index bb3198178..000000000 --- a/makefu/2configs/wireguard/server.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ config,pkgs, ... }: -let - ext-if = config.makefu.server.primary-itf; -in { # wireguard server - - # opkg install wireguard luci-proto-wireguard - - # boot.kernel.sysctl."net.ipv4.ip_forward" = 1; - # conf.all.proxy_arp =1 - networking.firewall = { - allowedUDPPorts = [ 51820 ]; - }; - networking.nat = { - enable = true; - #externalIP = "144.76.26.247"; - #internalIPs = [ "10.244.0.0/24" ]; - externalInterface = ext-if; - internalInterfaces = [ "wg0" ]; - }; - networking.wireguard.interfaces.wg0 = { - ips = [ "10.244.0.1/24" ]; - listenPort = 51820; - privateKeyFile = (toString <secrets>) + "/wireguard.key"; - # allowedIPsAsRoutes = true; - postSetup = '' - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE - ''; - - # This undoes the above command - postShutdown = '' - ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE - ''; - peers = [ - { - # x - allowedIPs = [ "10.244.0.2/32" ]; - publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; - } - { - # vbob - allowedIPs = [ "10.244.0.3/32" ]; - publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; - } - { - # x-test - allowedIPs = [ "10.244.0.4/32" ]; - publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY="; - } - { - # work-router - persistentKeepalive = 25; - allowedIPs = [ "10.244.0.5/32" ]; - publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw="; - } - { - # workr - persistentKeepalive = 25; - allowedIPs = [ "10.244.0.6/32" ]; - publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA="; - } - { - # mobile - allowedIPs = [ "10.244.0.7/32" ]; - publicKey = "Y6fOW2QDt0SsHT7hSVzzJYQVB3JI/txO4/FDB54Z52A="; - } - ]; - }; - # TODO: this issue is related to the router which connects to the host but is - # unable to re-connect once restarted -} diff --git a/makefu/2configs/wireguard/thierry.nix b/makefu/2configs/wireguard/thierry.nix deleted file mode 100644 index f1dfef192..000000000 --- a/makefu/2configs/wireguard/thierry.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ lib, ... }: -{ - networking.wireguard.interfaces.thierry-wg = { - ips = [ "172.27.66.10/24" ]; # TODO: not dnyamic - privateKeyFile = (toString <secrets>) + "/wg-thierry.key"; - allowedIPsAsRoutes = true; - # explicit route via eth0 to gum - peers = [ - { - endpoint = "thierryhome.duckdns.org:51820"; - allowedIPs = [ "172.27.66.0/24" ]; - publicKey = "filYuG/xbb2YW8WT0xT26rzeZ/ZiM6NLnbxbsCR9rS0="; - persistentKeepalive = 25; - } - #{ - # allowedIPs = [ "172.27.66.3/32" ]; - # publicKey = "cDIf14LH4qleXNo889lS2ATIqDx9r//JNCkhHlHgc1Q="; - #} - ]; - }; -} diff --git a/makefu/2configs/wireguard/wiregrill.nix b/makefu/2configs/wireguard/wiregrill.nix deleted file mode 100644 index 922dc8c0f..000000000 --- a/makefu/2configs/wireguard/wiregrill.nix +++ /dev/null @@ -1,105 +0,0 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: let - - self = config.krebs.build.host.nets.wiregrill; - isRouter = !isNull self.via; # via "internet" is not set - ext-if = config.makefu.server.primary-itf; - -in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) { - #hack for modprobe inside containers - systemd.services."wireguard-wiregrill".path = mkIf config.boot.isContainer (mkBefore [ - (pkgs.writeDashBin "modprobe" ":") - ]); - - boot.kernel.sysctl = mkIf isRouter { - "net.ipv6.conf.all.forwarding" = 1; - "net.ipv4.conf.all.forwarding" = 1; - }; - #networking.nat = mkIf isRouter { - # enable = true; - # enableIPv6 = true; - # externalInterface = ext-if; - # internalInterfaces = [ "wiregrill" ]; - #}; - - networking.firewall = { - allowedUDPPorts = [ self.wireguard.port ]; - interfaces.wiregrill = mkIf isRouter { - allowedUDPPorts = [ 53 ]; - allowedTCPPorts = [ 53 ]; - }; - }; - - services.dnsmasq = mkIf isRouter { - enable = true; - resolveLocalQueries = false; - extraConfig = /* dnsmasq */ '' - bind-interfaces - interface=retiolum,wiregrill - ''; - servers = [ "1.1.1.1" ]; - }; - - networking.wireguard.interfaces.wiregrill = let - ipt = "${pkgs.iptables}/bin/iptables"; - ip6 = "${pkgs.iptables}/bin/ip6tables"; - in { - postSetup = '' - ${ipt} -A FORWARD -i wiregrill -o retiolum -j ACCEPT - ${ipt} -A FORWARD -i wiregrill -o wiregrill -j ACCEPT - ${ipt} -A FORWARD -o wiregrill -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - ${ip6} -A FORWARD -i wiregrill -o retiolum -j ACCEPT - ${ip6} -A FORWARD -i retiolum -o wiregrill -j ACCEPT - ${ip6} -A FORWARD -i wiregrill -o wiregrill -j ACCEPT - ${ip6} -A FORWARD -o wiregrill -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - - '' + (optionalString isRouter '' - #${ipt} -t nat -A PREROUTING -s 10.244.245.0/24 -j ACCEPT - #${ipt} -t nat -A POSTROUTING -s 10.244.245.0/24 ! -d 10.244.245.0/24 -j MASQUERADE - - #${ip6} -t nat -A PREROUTING -s 42:1::/32 -j ACCEPT - #${ip6} -t nat -A POSTROUTING -s 42:1::/32 ! -d 42:1::/48 -j MASQUERADE - ''); - - # This undoes the above command - postShutdown = '' - ${ipt} -D FORWARD -i wiregrill -o retiolum -j ACCEPT - ${ipt} -D FORWARD -i retiolum -o wiregrill -j ACCEPT - ${ipt} -D FORWARD -i wiregrill -o wiregrill -j ACCEPT - ${ipt} -D FORWARD -i wiregrill -o wiregrill -j ACCEPT - ${ipt} -D FORWARD -o wiregrill -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - - ${ip6} -D FORWARD -i wiregrill -o retiolum -j ACCEPT - ${ip6} -D FORWARD -i retiolum -o wiregrill -j ACCEPT - ${ip6} -D FORWARD -i wiregrill -o wiregrill -j ACCEPT - ${ip6} -D FORWARD -o wiregrill -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - - '' + (optionalString isRouter '' - - ${ipt} -t nat -D PREROUTING -s 10.244.245.0/24 -j ACCEPT - ${ipt} -t nat -D POSTROUTING -s 10.244.245.0/24 -j MASQUERADE - - #${ip6} -t nat -D PREROUTING -s 42:1::/32 -j ACCEPT - #${ip6} -t nat -D POSTROUTING -s 42:1::/32 ! -d 42:1::/48 -j MASQUERADE - '' ); - ips = - (optional (!isNull self.ip4) self.ip4.addr) ++ - (optional (!isNull self.ip6) self.ip6.addr); - listenPort = self.wireguard.port; - privateKeyFile = (toString <secrets>) + "/wiregrill.key"; - allowedIPsAsRoutes = true; - peers = mapAttrsToList - (_: host: { - allowedIPs = if isRouter then - (optional (!isNull host.nets.wiregrill.ip4) host.nets.wiregrill.ip4.addr) ++ - (optional (!isNull host.nets.wiregrill.ip6) host.nets.wiregrill.ip6.addr) - else - host.nets.wiregrill.wireguard.subnets - ; - endpoint = mkIf (!isNull host.nets.wiregrill.via) (host.nets.wiregrill.via.ip4.addr + ":${toString host.nets.wiregrill.wireguard.port}"); - persistentKeepalive = mkIf (!isNull host.nets.wiregrill.via) 61; - publicKey = (replaceStrings ["\n"] [""] host.nets.wiregrill.wireguard.pubkey); - }) - (filterAttrs (_: h: hasAttr "wiregrill" h.nets) config.krebs.hosts); - }; -} diff --git a/makefu/2configs/workadventure/default.nix b/makefu/2configs/workadventure/default.nix deleted file mode 100644 index 3c68fca8d..000000000 --- a/makefu/2configs/workadventure/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - imports = [ - ./jitsi.nix - ./workadventure.nix - ]; -} diff --git a/makefu/2configs/workadventure/jitsi.nix b/makefu/2configs/workadventure/jitsi.nix deleted file mode 100644 index d5c590746..000000000 --- a/makefu/2configs/workadventure/jitsi.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ - # + + - # | | - # | | - # v v - # 80, 443 TCP 443 TCP, 10000 UDP - # +--------------+ +---------------------+ - # | nginx | 5222, 5347 TCP | | - # | jitsi-meet |<-------------------+| jitsi-videobridge | - # | prosody | | | | - # | jicofo | | +---------------------+ - # +--------------+ | - # | +---------------------+ - # | | | - # +----------+| jitsi-videobridge | - # | | | - # | +---------------------+ - # | - # | +---------------------+ - # | | | - # +----------+| jitsi-videobridge | - # | | - # +---------------------+ - - # This is a one server setup - services.jitsi-meet = { - enable = true; - hostName = "meet.euer.krebsco.de"; - - # JItsi COnference FOcus is a server side focus component used in Jitsi Meet conferences. - # https://github.com/jitsi/jicofo - jicofo.enable = true; - - # Whether to enable nginx virtual host that will serve the javascript application and act as a proxy for the XMPP server. - # Further nginx configuration can be done by adapting services.nginx.virtualHosts.<hostName>. When this is enabled, ACME - # will be used to retrieve a TLS certificate by default. To disable this, set the - # services.nginx.virtualHosts.<hostName>.enableACME to false and if appropriate do the same for - # services.nginx.virtualHosts.<hostName>.forceSSL. - nginx.enable = true; - - # https://github.com/jitsi/jitsi-meet/blob/master/config.js - config = { - enableWelcomePage = true; - defaultLang = "en"; - }; - - # https://github.com/jitsi/jitsi-meet/blob/master/interface_config.js - interfaceConfig = { - SHOW_JITSI_WATERMARK = false; - SHOW_WATERMARK_FOR_GUESTS = false; - }; - }; - - networking.firewall = { - allowedTCPPorts = [ 80 443 ]; - allowedUDPPorts = [ 10000 ]; - }; - -} diff --git a/makefu/2configs/workadventure/workadventure.nix b/makefu/2configs/workadventure/workadventure.nix deleted file mode 100644 index 02680aa77..000000000 --- a/makefu/2configs/workadventure/workadventure.nix +++ /dev/null @@ -1,161 +0,0 @@ -{ config, pkgs, lib, ... }: -let - # If your Jitsi environment has authentication set up, - # you MUST set JITSI_PRIVATE_MODE to "true" and - # you MUST pass a SECRET_JITSI_KEY to generate the JWT secret - jitsiPrivateMode = "false"; - - secretJitsiKey = ""; - - jitsiISS = ""; - - workadventureSecretKey = ""; - - jitsiURL = "meet.euer.krebsco.de"; - - domain = "work.euer.krebsco.de"; - # domain will redirect to this map. (not play.${domain}) - defaultMap = "npeguin.github.io/office-map/map.json"; - - apiURL = "api.${domain}"; - apiPort = 9002; - - frontURL = "play.${domain}"; - frontPort = 9004; - - pusherURL = "push.${domain}"; - pusherPort = 9005; - - uploaderURL = "ul.${domain}"; - uploaderPort = 9006; - - frontImage = "thecodingmachine/workadventure-front:develop"; - pusherImage = "thecodingmachine/workadventure-pusher:develop"; - apiImage = "thecodingmachine/workadventure-back:develop"; - uploaderImage = "thecodingmachine/workadventure-uploader:develop"; - -in { - - networking.firewall = { - allowedTCPPorts = [ 80 443 ]; - allowedUDPPorts = [ 80 443 ]; - }; - - services.nginx.enable = true; - services.nginx.recommendedProxySettings = true; - - systemd.services.workadventure-network = { - enable = true; - wantedBy = [ "multi-user.target" ]; - script = '' - ${pkgs.docker}/bin/docker network create --driver bridge workadventure ||: - ''; - after = [ "docker" ]; - before = [ - "docker-workadventure-back.service" - "docker-workadventure-pusher.service" - "docker-workadventure-uploader.service" - "docker-workadventure-website.service" - ]; - }; - - virtualisation.oci-containers.backend = "docker"; - security.acme.certs."${domain}".extraDomainNames = [ apiURL frontURL pusherURL uploaderURL ]; - services.nginx.virtualHosts."${domain}" = { - enableACME = true; - forceSSL = true; - locations."/" = { - return = "301 $scheme://play.${domain}/_/global/${defaultMap}"; - }; - }; - - virtualisation.oci-containers.containers.workadventure-front = { - image = frontImage; - environment = { - API_URL = pusherURL; - JITSI_PRIVATE_MODE = jitsiPrivateMode; - JITSI_URL = jitsiURL; - SECRET_JITSI_KEY = secretJitsiKey; - UPLOADER_URL = uploaderURL; - }; - ports = [ "127.0.0.1:${toString frontPort}:80" ]; - extraOptions = [ "--network=workadventure" ]; - }; - services.nginx.virtualHosts."${frontURL}" = { - useACMEHost = domain; - forceSSL = true; - locations."/" = { proxyPass = "http://127.0.0.1:${toString frontPort}"; }; - }; - - virtualisation.oci-containers.containers.workadventure-pusher = { - image = pusherImage; - environment = { - API_URL = "workadventure-back:50051"; - JITSI_ISS = jitsiISS; - JITSI_URL = jitsiURL; - SECRET_KEY = workadventureSecretKey; - }; - ports = [ "127.0.0.1:${toString pusherPort}:8080" ]; - extraOptions = [ "--network=workadventure" ]; - }; - services.nginx.virtualHosts."${pusherURL}" = { - useACMEHost = domain; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString pusherPort}"; - proxyWebsockets = true; - }; - locations."/room" = { - proxyPass = "http://127.0.0.1:${toString pusherPort}"; - proxyWebsockets = true; - }; - }; - - virtualisation.oci-containers.containers.workadventure-back = { - image = apiImage; - environment = { - #DEBUG = "*"; - JITSI_ISS = jitsiISS; - JITSI_URL = jitsiURL; - SECRET_KEY = workadventureSecretKey; - }; - ports = [ "127.0.0.1:${toString apiPort}:8080" "50051" ]; - extraOptions = [ "--network=workadventure" ]; - }; - services.nginx.virtualHosts."${apiURL}" = { - useACMEHost = domain; - forceSSL = true; - locations."/" = { proxyPass = "http://127.0.0.1:${toString apiPort}"; }; - }; - - virtualisation.oci-containers.containers.workadventure-uploader = { - image = uploaderImage; - ports = [ "127.0.0.1:${toString uploaderPort}:8080" ]; - extraOptions = [ "--network=workadventure" ]; - }; - services.nginx.virtualHosts."${uploaderURL}" = { - useACMEHost = domain; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString uploaderPort}"; - proxyWebsockets = true; - }; - }; - - systemd.services.docker-workadventure-front.serviceConfig = { - StandardOutput = lib.mkForce "journal"; - StandardError = lib.mkForce "journal"; - }; - systemd.services.docker-workadventure-uploader.serviceConfig = { - StandardOutput = lib.mkForce "journal"; - StandardError = lib.mkForce "journal"; - }; - systemd.services.docker-workadventure-pusher.serviceConfig = { - StandardOutput = lib.mkForce "journal"; - StandardError = lib.mkForce "journal"; - }; - systemd.services.docker-workadventure-back.serviceConfig = { - StandardOutput = lib.mkForce "journal"; - StandardError = lib.mkForce "journal"; - }; -} diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix deleted file mode 100644 index e0ea046cf..000000000 --- a/makefu/2configs/zsh-user.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ config, lib, pkgs, ... }: -let - mainUser = config.krebs.build.user.name; -in -{ - programs.zsh= { - enable = true; - enableCompletion = false; #manually at the end - - promptInit = '' - RPROMPT="" - autoload colors && colors - case $UID in - 0) PROMPT="%{$fg[red]%}%~%{$reset_color%} " ;; - 9001) PROMPT="%{$fg[green]%}%~%{$reset_color%} " ;; - *) PROMPT="%{$fg[yellow]%}%n %{$fg[green]%}%~%{$reset_color%} " ;; - esac - if test -n "$SSH_CLIENT"; then - PROMPT="%{$fg[magenta]%}%m $PROMPT" - fi - ''; - }; - - users.users.${mainUser} = { - shell = "/run/current-system/sw/bin/zsh"; - packages = [ pkgs.nix-zsh-completions ]; - }; -} |