diff options
author | lassulus <git@lassul.us> | 2023-06-19 03:25:39 +0200 |
---|---|---|
committer | lassulus <git@lassul.us> | 2023-06-19 03:25:39 +0200 |
commit | 139799c53cdaf55c362109e01be9dd96cc8700ed (patch) | |
tree | b1ce719ec8f62458bce2d9fe2191b8d004630f2a /makefu/2configs | |
parent | cb8fbb09127392a17d698d91f78ede7ae46accb8 (diff) | |
parent | a766e88e7c8d87aa6bdbde796d3a454f7b5e546e (diff) |
Merge remote-tracking branch 'gum/master'
Diffstat (limited to 'makefu/2configs')
63 files changed, 1392 insertions, 362 deletions
diff --git a/makefu/2configs/audio/jack-on-pulse.nix b/makefu/2configs/audio/jack-on-pulse.nix deleted file mode 100644 index e18b2192a..000000000 --- a/makefu/2configs/audio/jack-on-pulse.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ config, pkgs, ... }: -let - pulse = pkgs.pulseaudioFull; - user = config.makefu.gui.user; - wait_time = 30; -in -{ - sound.enable = true; - hardware.pulseaudio = { - enable = true; - package = pulse; - }; - - environment.systemPackages = with pkgs; [ - jack2Full - jack_capture - ]; - # from http://anderspapitto.com/posts/2015-11-26-overtone-on-nixos-with-jack-and-pulseaudio.html - - systemd.user.services = { - jackdbus = { - description = "Runs jack, and points pulseaudio at it"; - serviceConfig = { - Type = "oneshot"; - ExecStart = pkgs.writeScript "start_jack.sh" '' - #! ${pkgs.bash}/bin/bash - . ${config.system.build.setEnvironment} - - # TODO: correctly wait for pulseaudio, cannot use pulseaudio.service - sleep ${toString wait_time} # wait for the gui to load - - ${pkgs.jack2Full}/bin/jack_control start - sleep 3 # give some time for sources/sinks to be created - - ${pulse}/bin/pacmd set-default-sink jack_out - ${pulse}/bin/pacmd set-default-source jack_in - ''; - ExecStop = pkgs.writeScript "stop_jack.sh" '' - #! ${pkgs.bash}/bin/bash - . ${config.system.build.setEnvironment} - - ${pkgs.jack2Full}/bin/jack_control stop - ''; - RemainAfterExit = true; - Restart = "always"; - RestartSec = "5"; - }; - after = [ "display-manager.service" "sound.target" ]; - wantedBy = [ "default.target" ]; - }; - }; -} diff --git a/makefu/2configs/audio/respeaker.nix b/makefu/2configs/audio/respeaker.nix new file mode 100644 index 000000000..0aaef5dac --- /dev/null +++ b/makefu/2configs/audio/respeaker.nix @@ -0,0 +1,122 @@ +{ config, lib, pkgs, ... }: +let + seeed-voicecard = (pkgs.callPackage ../../5pkgs/seeed-voicecard { kernel = config.boot.kernelPackages.kernel; }); +in +{ + hardware.raspberry-pi."4".i2c1.enable = true; + hardware.raspberry-pi."4".audio.enable = true; + hardware.raspberry-pi."4".apply-overlays-dtmerge.enable = true; + hardware.deviceTree.filter = lib.mkForce "bcm2711-rpi-4-b.dtb"; + + security.rtkit.enable = true; + + environment.systemPackages = with pkgs; [ + alsaUtils + i2c-tools + ponymix + ]; + + sound.enable = true; + hardware.pulseaudio.enable = lib.mkForce false; + services.pipewire = { + enable = true; + systemWide = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + services.pipewire.config.pipewire-pulse = { + "pulse.properties"."server.address" = [ "unix:native" "tcp:4713" ]; + }; + + sound.extraConfig = '' + pcm.!default { + type asym + playback.pcm "playback" + capture.pcm "ac108" + } + + pcm.ac108 { + type plug + slave.pcm "hw:seeed4micvoicec" + } + '' ; + + + boot.extraModulePackages = [ + seeed-voicecard + ]; + boot.initrd.kernelModules = [ + "snd-soc-seeed-voicecard" + "snd-soc-ac108" + "i2c-dev" + #"i2c-bcm2708" + #"snd-soc-wm8960" + ]; + + boot.loader.raspberryPi.firmwareConfig = [ + "dtparam=i2c_arm=on" + "dtparam=i2s=on" + "dtparam=spi=on" + "dtparam=i2c1=on" + # dtoverlay=seeeed-8mic-voicecard not required because we use hardware.deviceTree + ]; + hardware.deviceTree = { + enable = true; + overlays = [ + { name = "respeaker-4mic"; dtsFile = "${seeed-voicecard}/lib/dts/seeed-4mic-voicecard-overlay.dts";} + { name = "spi"; dtsText = '' + /dts-v1/; + /plugin/; + + / { + compatible = "raspberrypi"; + fragment@0 { + target = <&spi>; + __overlay__ { + cs-gpios = <&gpio 8 1>, <&gpio 7 1>; + status = "okay"; + pinctrl-names = "default"; + pinctrl-0 = <&spi0_pins &spi0_cs_pins>; + #address-cells = <1>; + #size-cells = <0>; + spidev@0 { + reg = <0>; // CE0 + spi-max-frequency = <500000>; + compatible = "spidev"; + }; + + spidev@1 { + reg = <1>; // CE1 + spi-max-frequency = <500000>; + compatible = "spidev"; + }; + }; + }; + fragment@1 { + target = <&alt0>; + __overlay__ { + // Drop GPIO 7, SPI 8-11 + brcm,pins = <4 5>; + }; + }; + + fragment@2 { + target = <&gpio>; + __overlay__ { + spi0_pins: spi0_pins { + brcm,pins = <9 10 11>; + brcm,function = <4>; // alt0 + }; + spi0_cs_pins: spi0_cs_pins { + brcm,pins = <8 7>; + brcm,function = <1>; // out + }; + }; + }; + }; + '';} + ]; + }; +} diff --git a/makefu/2configs/bgt/template.md b/makefu/2configs/bgt/template.md index 1dfb0b42f..be21d7c0c 100644 --- a/makefu/2configs/bgt/template.md +++ b/makefu/2configs/bgt/template.md @@ -2,7 +2,7 @@ 0. Sendung twittern und mastodieren (eine Woche + eine Stunde vorher) von Ingo/l33tname (wichtig) 1. `eine` Person anrufen (den Host): - - markus 162dcbf89f@studio.link + - markus madmas@studio.link - Felix1 makefu@studio.link - L33tFelix l33tname@studio.link - Ingo ingo@studio.link diff --git a/makefu/2configs/bitlbee.nix b/makefu/2configs/bitlbee.nix index 21626d406..ede6225ea 100644 --- a/makefu/2configs/bitlbee.nix +++ b/makefu/2configs/bitlbee.nix @@ -3,6 +3,7 @@ services.bitlbee = { enable = true; # libpurple_plugins = [ pkgs.telegram-purple pkgs.pidgin-skypeweb]; + plugins = [ pkgs.bitlbee-mastodon ]; }; users.users.makefu.packages = with pkgs; [ weechat tmux ]; state = [ "/var/lib/bitlbee" ]; diff --git a/makefu/2configs/bureautomation/brother-ql-web.nix b/makefu/2configs/bureautomation/brother-ql-web.nix new file mode 100644 index 000000000..26887db03 --- /dev/null +++ b/makefu/2configs/bureautomation/brother-ql-web.nix @@ -0,0 +1,23 @@ + {pkgs, ... }: + let + pkg = pkgs.brother_ql_web; + in { + systemd.services.brother-ql-web = { + after = [ "network.target" ]; + description = "Brother QL Web Interface"; + wantedBy = [ "multi-user.target" ]; + environment = { + FLASK_PRINTER = "usb://0x04f9:0x209b/000F1Z401759"; + FLASK_MODEL = "QL-800"; + #FLASK_SERVER_PORT = "8013"; + #FLASK_LABEL_DEFAULT_SIZE = "d24"; + #FLASK_LABEL_DEFAULT_QR_SIZE = "7"; + }; + serviceConfig = { + ExecStart = "${pkg}/bin/brother_ql_web"; + DynamicUser = true; + SupplementaryGroups = "lp"; + Restart = "always"; + }; + }; +} diff --git a/makefu/2configs/bureautomation/printer.nix b/makefu/2configs/bureautomation/printer.nix new file mode 100644 index 000000000..86d5a4069 --- /dev/null +++ b/makefu/2configs/bureautomation/printer.nix @@ -0,0 +1,28 @@ +{ pkgs, config, ... }: +let + mainUser = config.krebs.build.user.name; +in { + imports = [ + ./brother-ql-web.nix + ]; + services.printing = { + enable = true; + drivers = with pkgs;[ + brlaser + cups-ptouch + ]; + }; + users.users.kiosk.extraGroups = [ "scanner" "lp" ]; + state = [ "/var/lib/cups"]; + users.users.kiosk.packages = with pkgs;[ + python3Packages.brother-ql + libreoffice + qrencode + imagemagick + ]; + + services.udev.extraRules = '' + SUBSYSTEMS=="usb", ATTRS{idVendor}=="04f9", ATTRS{idProduct}=="209b", ATTRS{serial}=="000F1Z401759", MODE="0664", GROUP="lp", SYMLINK+="usb/lp0" + ''; + +} diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 2bfb42732..b54e32a82 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -31,6 +31,7 @@ with import <stockholm/lib>; }; }; nix.settings.trusted-users = [ config.krebs.build.user.name ]; + nix.settings.experimental-features = [ "flakes" "nix-command" ]; boot.kernelPackages = lib.mkDefault pkgs.linuxPackages; diff --git a/makefu/2configs/deployment/feed.euer.krebsco.de/filter.yml b/makefu/2configs/deployment/feed.euer.krebsco.de/filter.yml index 50058f32b..29e5e714a 100644 --- a/makefu/2configs/deployment/feed.euer.krebsco.de/filter.yml +++ b/makefu/2configs/deployment/feed.euer.krebsco.de/filter.yml @@ -26,18 +26,6 @@ zipcode: 70378 q: Werkbank distance: 5 -- name: Stirnthermometer - zipcode: 70378 - q: Stirnthermometer - distance: 5 -- name: Ohrthermometer - zipcode: 70378 - q: Ohrthermometer - distance: 5 -- name: Fieberthermometer - zipcode: 70378 - q: Fieberthermometer - distance: 5 - name: Einhell zipcode: 70378 q: Einhell diff --git a/makefu/2configs/deployment/nixos.wiki/default.nix b/makefu/2configs/deployment/nixos.wiki/default.nix new file mode 100644 index 000000000..cd738ea8b --- /dev/null +++ b/makefu/2configs/deployment/nixos.wiki/default.nix @@ -0,0 +1,9 @@ +{ config, pkgs, ... }: + +{ + imports = + [ ./mediawiki.nix + ./network.nix + ]; + +} diff --git a/makefu/2configs/deployment/nixos.wiki/mediawiki.module.nix b/makefu/2configs/deployment/nixos.wiki/mediawiki.module.nix new file mode 100644 index 000000000..24715f81e --- /dev/null +++ b/makefu/2configs/deployment/nixos.wiki/mediawiki.module.nix @@ -0,0 +1,481 @@ +{ config, pkgs, lib, ... }: + +let + + inherit (lib) mkDefault mkEnableOption mkForce mkIf mkMerge mkOption; + inherit (lib) concatStringsSep literalExample mapAttrsToList optional optionals optionalString types; + + cfg = config.services.mediawiki; + fpm = config.services.phpfpm.pools.mediawiki; + user = "mediawiki"; + group = config.services.httpd.group; + cacheDir = "/var/cache/mediawiki"; + stateDir = "/var/lib/mediawiki"; + + pkg = pkgs.stdenv.mkDerivation rec { + pname = "mediawiki-full"; + version = src.version; + src = cfg.package; + + installPhase = '' + mkdir -p $out + cp -r * $out/ + + rm -rf $out/share/mediawiki/skins/* + rm -rf $out/share/mediawiki/extensions/* + + ${concatStringsSep "\n" (mapAttrsToList (k: v: '' + ln -s ${v} $out/share/mediawiki/skins/${k} + '') cfg.skins)} + + ${concatStringsSep "\n" (mapAttrsToList (k: v: '' + ln -s ${if v != null then v else "$src/share/mediawiki/extensions/${k}"} $out/share/mediawiki/extensions/${k} + '') cfg.extensions)} + ''; + }; + + mediawikiScripts = pkgs.runCommand "mediawiki-scripts" { + buildInputs = [ pkgs.makeWrapper ]; + preferLocalBuild = true; + } '' + mkdir -p $out/bin + for i in changePassword.php createAndPromote.php userOptions.php edit.php nukePage.php update.php; do + makeWrapper ${pkgs.php}/bin/php $out/bin/mediawiki-$(basename $i .php) \ + --set MEDIAWIKI_CONFIG ${mediawikiConfig} \ + --add-flags ${pkg}/share/mediawiki/maintenance/$i + done + ''; + + mediawikiConfig = pkgs.writeText "LocalSettings.php" '' + <?php + # Protect against web entry + if ( !defined( 'MEDIAWIKI' ) ) { + exit; + } + + $wgSitename = "${cfg.name}"; + $wgMetaNamespace = false; + + ## The URL base path to the directory containing the wiki; + ## defaults for all runtime URL paths are based off of this. + ## For more information on customizing the URLs + ## (like /w/index.php/Page_title to /wiki/Page_title) please see: + ## https://www.mediawiki.org/wiki/Manual:Short_URL + $wgScriptPath = "${cfg.basePath}"; + + ## The protocol and server name to use in fully-qualified URLs + #$wgServer = "${if cfg.virtualHost.addSSL || cfg.virtualHost.forceSSL || cfg.virtualHost.onlySSL then "https" else "http"}://${cfg.virtualHost.hostName}"; + #$wgServer = ""; + $wgServer = "http://localhost"; + + ## The URL path to static resources (images, scripts, etc.) + $wgResourceBasePath = $wgScriptPath; + + ## The URL path to the logo. Make sure you change this from the default, + ## or else you'll overwrite your logo when you upgrade! + $wgLogo = "$wgResourceBasePath/resources/assets/wiki.png"; + + ## UPO means: this is also a user preference option + + $wgEnableEmail = true; + $wgEnableUserEmail = true; # UPO + + $wgEmergencyContact = "${if cfg.virtualHost.adminAddr != null then cfg.virtualHost.adminAddr else config.services.httpd.adminAddr}"; + $wgPasswordSender = $wgEmergencyContact; + + $wgEnotifUserTalk = false; # UPO + $wgEnotifWatchlist = false; # UPO + $wgEmailAuthentication = true; + + ## Database settings + $wgDBtype = "${cfg.database.type}"; + $wgDBserver = "${cfg.database.host}:${if cfg.database.socket != null then cfg.database.socket else toString cfg.database.port}"; + $wgDBname = "${cfg.database.name}"; + $wgDBuser = "${cfg.database.user}"; + ${optionalString (cfg.database.passwordFile != null) "$wgDBpassword = file_get_contents(\"${cfg.database.passwordFile}\");"} + + ${optionalString (cfg.database.type == "mysql" && cfg.database.tablePrefix != null) '' + # MySQL specific settings + $wgDBprefix = "${cfg.database.tablePrefix}"; + ''} + + ${optionalString (cfg.database.type == "mysql") '' + # MySQL table options to use during installation or update + $wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary"; + ''} + + ## Shared memory settings + $wgMainCacheType = CACHE_NONE; + $wgMemCachedServers = []; + + ${optionalString (cfg.uploadsDir != null) '' + $wgEnableUploads = true; + $wgUploadDirectory = "${cfg.uploadsDir}"; + ''} + + $wgUseImageMagick = true; + $wgImageMagickConvertCommand = "${pkgs.imagemagick}/bin/convert"; + + # InstantCommons allows wiki to use images from https://commons.wikimedia.org + $wgUseInstantCommons = false; + + # Periodically send a pingback to https://www.mediawiki.org/ with basic data + # about this MediaWiki instance. The Wikimedia Foundation shares this data + # with MediaWiki developers to help guide future development efforts. + $wgPingback = true; + + ## If you use ImageMagick (or any other shell command) on a + ## Linux server, this will need to be set to the name of an + ## available UTF-8 locale + $wgShellLocale = "C.UTF-8"; + + ## Set $wgCacheDirectory to a writable directory on the web server + ## to make your wiki go slightly faster. The directory should not + ## be publically accessible from the web. + $wgCacheDirectory = "${cacheDir}"; + + # Site language code, should be one of the list in ./languages/data/Names.php + $wgLanguageCode = "en"; + + $wgSecretKey = file_get_contents("${stateDir}/secret.key"); + + # Changing this will log out all existing sessions. + $wgAuthenticationTokenVersion = ""; + + ## For attaching licensing metadata to pages, and displaying an + ## appropriate copyright notice / icon. GNU Free Documentation + ## License and Creative Commons licenses are supported so far. + $wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright + $wgRightsUrl = ""; + $wgRightsText = ""; + $wgRightsIcon = ""; + + # Path to the GNU diff3 utility. Used for conflict resolution. + $wgDiff = "${pkgs.diffutils}/bin/diff"; + $wgDiff3 = "${pkgs.diffutils}/bin/diff3"; + + # Enabled skins. + ${concatStringsSep "\n" (mapAttrsToList (k: v: "wfLoadSkin('${k}');") cfg.skins)} + + # Enabled extensions. + ${concatStringsSep "\n" (mapAttrsToList (k: v: "wfLoadExtension('${k}');") cfg.extensions)} + + + # End of automatically generated settings. + # Add more configuration options below. + + ${cfg.extraConfig} + ''; + +in +{ + # interface + options = { + services.mediawiki = { + + enable = mkEnableOption "MediaWiki"; + + package = mkOption { + type = types.package; + default = pkgs.mediawiki; + description = "Which MediaWiki package to use."; + }; + + basePath = mkOption { + type = types.str; + default = "/"; + description = "Base path to Wiki"; + }; + + name = mkOption { + default = "MediaWiki"; + example = "Foobar Wiki"; + description = "Name of the wiki."; + }; + + uploadsDir = mkOption { + type = types.nullOr types.path; + default = "${stateDir}/uploads"; + description = '' + This directory is used for uploads of pictures. The directory passed here is automatically + created and permissions adjusted as required. + ''; + }; + + passwordFile = mkOption { + type = types.path; + description = "A file containing the initial password for the admin user."; + example = "/run/keys/mediawiki-password"; + }; + + skins = mkOption { + default = {}; + type = types.attrsOf types.path; + description = '' + Attribute set of paths whose content is copied to the <filename>skins</filename> + subdirectory of the MediaWiki installation in addition to the default skins. + ''; + }; + + extensions = mkOption { + default = {}; + type = types.attrsOf (types.nullOr types.path); + description = '' + Attribute set of paths whose content is copied to the <filename>extensions</filename> + subdirectory of the MediaWiki installation and enabled in configuration. + + Use <literal>null</literal> instead of path to enable extensions that are part of MediaWiki. + ''; + example = literalExample '' + { + Matomo = pkgs.fetchzip { + url = "https://github.com/DaSchTour/matomo-mediawiki-extension/archive/v4.0.1.tar.gz"; + sha256 = "0g5rd3zp0avwlmqagc59cg9bbkn3r7wx7p6yr80s644mj6dlvs1b"; + }; + ParserFunctions = null; + } + ''; + }; + + database = { + type = mkOption { + type = types.enum [ "mysql" "postgres" "sqlite" "mssql" "oracle" ]; + default = "mysql"; + description = "Database engine to use. MySQL/MariaDB is the database of choice by MediaWiki developers."; + }; + + host = mkOption { + type = types.str; + default = "localhost"; + description = "Database host address."; + }; + + port = mkOption { + type = types.port; + default = 3306; + description = "Database host port."; + }; + + name = mkOption { + type = types.str; + default = "mediawiki"; + description = "Database name."; + }; + + user = mkOption { + type = types.str; + default = "mediawiki"; + description = "Database user."; + }; + + passwordFile = mkOption { + type = types.nullOr types.path; + default = null; + example = "/run/keys/mediawiki-dbpassword"; + description = '' + A file containing the password corresponding to + <option>database.user</option>. + ''; + }; + + tablePrefix = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + If you only have access to a single database and wish to install more than + one version of MediaWiki, or have other applications that also use the + database, you can give the table names a unique prefix to stop any naming + conflicts or confusion. + See <link xlink:href='https://www.mediawiki.org/wiki/Manual:$wgDBprefix'/>. + ''; + }; + + socket = mkOption { + type = types.nullOr types.path; + default = if cfg.database.createLocally then "/run/mysqld/mysqld.sock" else null; + defaultText = "/run/mysqld/mysqld.sock"; + description = "Path to the unix socket file to use for authentication."; + }; + + createLocally = mkOption { + type = types.bool; + default = cfg.database.type == "mysql"; + defaultText = "true"; + description = '' + Create the database and database user locally. + This currently only applies if database type "mysql" is selected. + ''; + }; + }; + + virtualHost = mkOption { + type = types.submodule (import <nixpkgs/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix>); + example = literalExample '' + { + hostName = "mediawiki.example.org"; + adminAddr = "webmaster@example.org"; + forceSSL = true; + enableACME = true; + } + ''; + description = '' + Apache configuration can be done by adapting <option>services.httpd.virtualHosts</option>. + See <xref linkend="opt-services.httpd.virtualHosts"/> for further information. + ''; + }; + + poolConfig = mkOption { + type = with types; attrsOf (oneOf [ str int bool ]); + default = { + "pm" = "dynamic"; + "pm.max_children" = 32; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 2; + "pm.max_spare_servers" = 4; + "pm.max_requests" = 500; + }; + description = '' + Options for the MediaWiki PHP pool. See the documentation on <literal>php-fpm.conf</literal> + for details on configuration directives. + ''; + }; + + extraConfig = mkOption { + type = types.lines; + description = '' + Any additional text to be appended to MediaWiki's + LocalSettings.php configuration file. For configuration + settings, see <link xlink:href="https://www.mediawiki.org/wiki/Manual:Configuration_settings"/>. + ''; + default = ""; + example = '' + $wgEnableEmail = false; + ''; + }; + + }; + }; + + # implementation + config = mkIf cfg.enable { + + assertions = [ + { assertion = cfg.database.createLocally -> cfg.database.type == "mysql"; + message = "services.mediawiki.createLocally is currently only supported for database type 'mysql'"; + } + { assertion = cfg.database.createLocally -> cfg.database.user == user; + message = "services.mediawiki.database.user must be set to ${user} if services.mediawiki.database.createLocally is set true"; + } + { assertion = cfg.database.createLocally -> cfg.database.socket != null; + message = "services.mediawiki.database.socket must be set if services.mediawiki.database.createLocally is set to true"; + } + { assertion = cfg.database.createLocally -> cfg.database.passwordFile == null; + message = "a password cannot be specified if services.mediawiki.database.createLocally is set to true"; + } + ]; + + services.mediawiki.skins = { + MonoBook = "${cfg.package}/share/mediawiki/skins/MonoBook"; + Timeless = "${cfg.package}/share/mediawiki/skins/Timeless"; + Vector = "${cfg.package}/share/mediawiki/skins/Vector"; + }; + + services.mysql = mkIf cfg.database.createLocally { + enable = true; + package = mkDefault pkgs.mariadb; + ensureDatabases = [ cfg.database.name ]; + ensureUsers = [ + { name = cfg.database.user; + ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; }; + } + ]; + }; + + services.phpfpm.pools.mediawiki = { + inherit user group; + phpEnv.MEDIAWIKI_CONFIG = "${mediawikiConfig}"; + settings = { + "listen.owner" = config.services.httpd.user; + "listen.group" = config.services.httpd.group; + } // cfg.poolConfig; + }; + + services.httpd = { + enable = true; + extraModules = [ "proxy_fcgi" ]; + virtualHosts.${cfg.virtualHost.hostName} = mkMerge [ cfg.virtualHost { + documentRoot = mkForce "${pkg}/share/mediawiki"; + extraConfig = '' + <Directory "${pkg}/share/mediawiki"> + <FilesMatch "\.php$"> + <If "-f %{REQUEST_FILENAME}"> + SetHandler "proxy:unix:${fpm.socket}|fcgi://localhost/" + </If> + </FilesMatch> + + Require all granted + DirectoryIndex index.php + AllowOverride All + </Directory> + '' + optionalString (cfg.uploadsDir != null) '' + Alias "/images" "${cfg.uploadsDir}" + <Directory "${cfg.uploadsDir}"> + Require all granted + </Directory> + ''; + } ]; + }; + + systemd.tmpfiles.rules = [ + "d '${stateDir}' 0750 ${user} ${group} - -" + "d '${cacheDir}' 0750 ${user} ${group} - -" + ] ++ optionals (cfg.uploadsDir != null) [ + "d '${cfg.uploadsDir}' 0750 ${user} ${group} - -" + "Z '${cfg.uploadsDir}' 0750 ${user} ${group} - -" + ]; + + systemd.services.mediawiki-init = { + wantedBy = [ "multi-user.target" ]; + before = [ "phpfpm-mediawiki.service" ]; + after = optional cfg.database.createLocally "mysql.service"; + script = '' + if ! test -e "${stateDir}/secret.key"; then + tr -dc A-Za-z0-9 </dev/urandom 2>/dev/null | head -c 64 > ${stateDir}/secret.key + fi + + echo "exit( wfGetDB( DB_MASTER )->tableExists( 'user' ) ? 1 : 0 );" | \ + ${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/eval.php --conf ${mediawikiConfig} && \ + ${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/install.php \ + --confpath /tmp \ + --scriptpath ${cfg.basePath} \ + --dbserver ${cfg.database.host}${optionalString (cfg.database.socket != null) ":${cfg.database.socket}"} \ + --dbport ${toString cfg.database.port} \ + --dbname ${cfg.database.name} \ + ${optionalString (cfg.database.tablePrefix != null) "--dbprefix ${cfg.database.tablePrefix}"} \ + --dbuser ${cfg.database.user} \ + ${optionalString (cfg.database.passwordFile != null) "--dbpassfile ${cfg.database.passwordFile}"} \ + --passfile ${cfg.passwordFile} \ + "${cfg.name}" \ + admin + + ${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/update.php --conf ${mediawikiConfig} --quick + ''; + + serviceConfig = { + Type = "oneshot"; + User = user; + Group = group; + PrivateTmp = true; + }; + }; + + systemd.services.httpd.after = optional (cfg.database.createLocally && cfg.database.type == "mysql") "mysql.service"; + + users.users.${user} = { + group = group; + isSystemUser = true; + }; + + environment.systemPackages = [ mediawikiScripts ]; + }; +} diff --git a/makefu/2configs/deployment/nixos.wiki/mediawiki.nix b/makefu/2configs/deployment/nixos.wiki/mediawiki.nix new file mode 100644 index 000000000..a346b82cb --- /dev/null +++ b/makefu/2configs/deployment/nixos.wiki/mediawiki.nix @@ -0,0 +1,67 @@ +{ config, pkgs, ... }: + +let + hostAddress = "192.168.48.1"; + localAddress = "192.168.48.3"; +in + +{ + containers.mediawiki = + { autoStart = true; + privateNetwork = true; + inherit hostAddress localAddress; + config = { config, pkgs, ... }: + { + # NOTE: This disabling and importing is so that the basePath can be altered + disabledModules = [ "services/web-apps/mediawiki.nix" ]; + imports = [ + ./mediawiki.module.nix + ]; + time.timeZone = "America/New_York"; + system.stateVersion = "20.09"; + networking.defaultGateway = hostAddress; + # NOTE: you might want to change this namserver address + networking.nameservers = [ "8.8.8.8" ]; + networking.firewall.allowedTCPPorts = [ 80 ]; + services.mediawiki = { + enable = true; + name = "Example Containerized Wiki"; + # NOTE: here is where the basePath is specified, which requires the imported mediawiki NixOS module + basePath = "/wiki"; + passwordFile = ./mediawiki.password.txt; + extraConfig = '' + $wgRCFeeds['euerkrebsco'] = array( + 'formatter' => 'JSONRCFeedFormatter', + 'uri' => 'udp://euer.krebsco.de:5005', + 'add_interwiki_prefix' => false, + 'omit_bots' => true, + ); + $wgRCFeeds['euerkrebscoIRC'] = array( + 'formatter' => 'IRCColourfulRCFeedFormatter', + 'uri' => 'udp://euer.krebsco.de:5006', + 'add_interwiki_prefix' => false, + 'omit_bots' => true, + ); + ''; + virtualHost = { + hostName = "localhost"; + adminAddr = "root@localhost"; + forceSSL = false; + addSSL = false; + onlySSL = false; + enableACME = false; + }; + }; + }; + }; + + # Put the MediaWiki web page behind an NGINX proxy + services.nginx = { + enable = true; + virtualHosts.localhost.locations."/wiki" = { + # NOTE: the slash at the end of the URI is important. It causes the location base path to be removed when passed onto the proxy + proxyPass = "http://${localAddress}:80/"; + }; + }; + +} diff --git a/makefu/2configs/deployment/nixos.wiki/mediawiki.password.txt b/makefu/2configs/deployment/nixos.wiki/mediawiki.password.txt new file mode 100644 index 000000000..b11b15f08 --- /dev/null +++ b/makefu/2configs/deployment/nixos.wiki/mediawiki.password.txt @@ -0,0 +1 @@ +thisisthepassword diff --git a/makefu/2configs/deployment/nixos.wiki/network.nix b/makefu/2configs/deployment/nixos.wiki/network.nix new file mode 100644 index 000000000..a7ffb28f1 --- /dev/null +++ b/makefu/2configs/deployment/nixos.wiki/network.nix @@ -0,0 +1,6 @@ +{ + networking.networkmanager.unmanaged = [ "interface-name:ve-*" ]; + networking.nat.enable = true; + networking.nat.internalInterfaces = ["ve-+"]; + networking.nat.externalInterface = "wlan0"; +} diff --git a/makefu/2configs/deployment/ntfysh.nix b/makefu/2configs/deployment/ntfysh.nix new file mode 100644 index 000000000..1a3311d9e --- /dev/null +++ b/makefu/2configs/deployment/ntfysh.nix @@ -0,0 +1,41 @@ +{ lib, config, ... }: +let + web-port = 19455; + hostn = "ntfy.euer.krebsco.de"; + internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; +in +{ + services.ntfy-sh = { + enable = true; + settings = { + listen-http = "127.0.0.1:${toString web-port}"; + auth-file = "/var/lib/ntfy-sh/user.db"; + auth-default-access = "deny-all"; + behind-proxy = true; + attachment-cache-dir = "/media/cloud/ntfy-sh/attachments"; + attachment-file-size-limit = "500m"; + attachment-total-size-limit = "100g"; + base-url = "https://ntfy.euer.krebsco.de"; + attachment-expiry-duration = "48h"; + }; + }; + + systemd.services.ntfy-sh.serviceConfig = { + StateDirectory = "ntfy-sh"; + SupplementaryGroups = [ "download" ]; + }; + + services.nginx = { + enable = lib.mkDefault true; + virtualHosts."${hostn}" = { + forceSSL = true; + enableACME = true; + + locations."/" = { + proxyPass = "http://localhost:${toString web-port}/"; + proxyWebsockets = true; + recommendedProxySettings = true; + }; + }; + }; +} diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index 36c67c7f0..8e5e71f11 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -59,7 +59,7 @@ systemd.services.postgresqlBackup-nextcloud.serviceConfig.SupplementaryGroups = users.users.nextcloud.extraGroups = [ "download" ]; services.nextcloud = { enable = true; - package = pkgs.nextcloud24; + package = pkgs.nextcloud25; hostName = "o.euer.krebsco.de"; # Use HTTPS for links https = true; @@ -97,5 +97,11 @@ systemd.services.postgresqlBackup-nextcloud.serviceConfig.SupplementaryGroups = systemd.services."nextcloud-setup" = { requires = ["postgresql.service"]; after = ["postgresql.service"]; + serviceConfig.RequiresMountFor = [ "/media/cloud" ]; }; + systemd.services."phpfpm-nextcloud".serviceConfig.RequiresMountFor = [ + "/media/cloud" + "/var/lib/nextcloud/data" + ]; + systemd.services."phpfpm".serviceConfig.RequiresMountFor = [ "/media/cloud" ]; } diff --git a/makefu/2configs/deployment/rss/rss.euer.krebsco.de.nix b/makefu/2configs/deployment/rss/rss.euer.krebsco.de.nix index 7e077d7e4..e204050b4 100644 --- a/makefu/2configs/deployment/rss/rss.euer.krebsco.de.nix +++ b/makefu/2configs/deployment/rss/rss.euer.krebsco.de.nix @@ -16,6 +16,10 @@ in { enable = true; databases = [ config.services.tt-rss.database.name ]; }; + systemd.services.tt-rss.serviceConfig = { + Restart = lib.mkForce "always"; + }; + systemd.services.postgresqlBackup-tt_rss.serviceConfig.SupplementaryGroups = [ "download" ]; services.nginx.virtualHosts."${fqdn}" = { diff --git a/makefu/2configs/deployment/rss/urls b/makefu/2configs/deployment/rss/urls index 3ab2538a1..cbc68ccc7 100644 --- a/makefu/2configs/deployment/rss/urls +++ b/makefu/2configs/deployment/rss/urls @@ -3,5 +3,7 @@ https://www.ebay-kleinanzeigen.de/s-stuttgart/zigbee/k0l9280 https://www.ebay-kleinanzeigen.de/s-70378/d%C3%B6rrautomat/k0l9334r5 https://www.ebay-kleinanzeigen.de/s-zu-verschenken/muehlhausen/c192l9313 https://www.ebay-kleinanzeigen.de/s-spielzeug/muehlhausen/brettspiel/k0c23l9313 -https://www.ebay-kleinanzeigen.de/s-muehlhausen/labeldrucker/k0l9313r5 https://www.ebay-kleinanzeigen.de/s-muehlhausen/dymo/k0l9313r5 +https://www.ebay-kleinanzeigen.de/s-zu-verschenken/muehlhausen/lautsprecher/k0c192l9313r5 +https://www.ebay-kleinanzeigen.de/s-muehlhausen/preis::40/winkelschleifer/k0l9313r5 +https://www.ebay-kleinanzeigen.de/s-muehlhausen/preis::40/kontaktgrill/k0l9313r5 diff --git a/makefu/2configs/editor/vim.nix b/makefu/2configs/editor/vim.nix index f53be58ff..305f26a04 100644 --- a/makefu/2configs/editor/vim.nix +++ b/makefu/2configs/editor/vim.nix @@ -12,7 +12,7 @@ #"UltiSnips" # vim-nix handles indentation better but does not perform sanity "vim-nix" - # "vim-addon-nix" + "vim-addon-nix" "vim-better-whitespace" ]; }; diff --git a/makefu/2configs/editor/vimrc b/makefu/2configs/editor/vimrc index e24d29974..d270effa2 100644 --- a/makefu/2configs/editor/vimrc +++ b/makefu/2configs/editor/vimrc @@ -49,7 +49,6 @@ set matchtime=3 set hlsearch autocmd ColorScheme * highlight ExtraWhitespace ctermbg=red guibg=red -hi MatchParen cterm=none ctermbg=green ctermfg=blue let g:better_whitespace_enabled=1 let g:strip_whitespace_on_save=1 @@ -114,3 +113,5 @@ let g:UltiSnipsExpandTrigger = "<c-j>" let g:UltiSnipsJumpForwardTrigger = "<c-j>" let g:UltiSnipsJumpBackwardTrigger = "<c-p>" let g:UltiSnipsListSnippets = "<c-k>" "List possible snippets based on current file + +hi MatchParen cterm=none ctermbg=green ctermfg=blue diff --git a/makefu/2configs/gui/base.nix b/makefu/2configs/gui/base.nix index b2192c7f9..b1b7c9913 100644 --- a/makefu/2configs/gui/base.nix +++ b/makefu/2configs/gui/base.nix @@ -18,30 +18,28 @@ in imports = [ ./urxvtd.nix ./pipewire.nix + ./gnome.nix ]; + # services.redshift.enable = true; services.xserver = { enable = true; layout = "us"; xkbVariant = "altgr-intl"; xkbOptions = "ctrl:nocaps, eurosign:e"; - windowManager = { - awesome.enable = true; - awesome.noArgb = true; - awesome.luaModules = [ pkgs.luaPackages.vicious ]; - }; - displayManager.defaultSession = lib.mkDefault "none+awesome"; - displayManager.autoLogin = { - enable = true; - user = mainUser; - }; +# windowManager = { +# awesome.enable = true; +# awesome.noArgb = true; +# awesome.luaModules = [ pkgs.luaPackages.vicious ]; +# }; +# displayManager.defaultSession = lib.mkDefault "none+awesome"; }; environment.systemPackages = [ pkgs.gnome.adwaita-icon-theme ]; # lid switch is handled via button presses - services.logind.lidSwitch = lib.mkDefault "ignore"; - makefu.awesome.enable = true; + # services.logind.lidSwitch = lib.mkDefault "ignore"; + #makefu.awesome.enable = true; console.font = "Lat2-Terminus16"; fonts = { diff --git a/makefu/2configs/gui/gnome.nix b/makefu/2configs/gui/gnome.nix new file mode 100644 index 000000000..44ba2dd67 --- /dev/null +++ b/makefu/2configs/gui/gnome.nix @@ -0,0 +1,63 @@ +{ config, lib, pkgs, ... }: + +let + mainUser = config.krebs.build.user.name; +in +{ + programs.gnome-terminal.enable = true; + services.xserver = { + desktopManager.gnome.enable = true; + displayManager.gdm.enable = true; + #displayManager.autoLogin = { + # enable = true; + # user = mainUser; + #}; + }; + programs.dconf.enable = true; + home-manager.users.${mainUser}.dconf = { + enable = true; + settings = { + "org/gnome/terminal/legacy" = { + mnemonics-enabled = false; + theme-variant = "dark"; + }; + "org/gnome/desktop/interface" = { + enable-animations = false; + enable-hot-corners = false; + show-battery-percentage = true; + }; + "org/gnome/desktop/peripherals/touchpad" = { + edge-scrolling-enabled = false; + natural-scroll = false; + send-events = "enabled"; + tap-to-click = true; + two-finger-scrolling-enabled = true; + }; + "org/gnome/desktop/session".idle-delay = 900; + "org/gnome/desktop/wm/keybindings" = { + close=["<Shift><Super>c"]; + minimize=["<Super>n"]; + move-to-workspace-1=["<Shift><Super>1"]; + move-to-workspace-2=["<Shift><Super>2"]; + move-to-workspace-3=["<Shift><Super>3"]; + move-to-workspace-4=["<Shift><Super>4"]; + panel-run-dialog=["<Super>r"]; + switch-to-workspace-1=["<Super>1"]; + switch-to-workspace-2=["<Super>2"]; + switch-to-workspace-3=["<Super>3"]; + switch-to-workspace-4=["<Super>4"]; + toggle-fullscreen=["<Super>f"]; + }; + "org/gnome/desktop/wm/preferences".num-workspaces = 4; + "org/gnome/settings-daemon/plugins/color".night-light-enabled = true; + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = [ "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"]; + }; + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + binding = "<Super>Return"; + command = "gnome-terminal"; + name = "terminal"; + }; + }; + }; +} diff --git a/makefu/2configs/gui/pipewire.nix b/makefu/2configs/gui/pipewire.nix index eb94f75b7..d52681551 100644 --- a/makefu/2configs/gui/pipewire.nix +++ b/makefu/2configs/gui/pipewire.nix @@ -12,10 +12,9 @@ services.pipewire = { enable = true; - systemWide = true; + # systemWide = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; - jack.enable = true; }; } diff --git a/makefu/2configs/gui/snake-kiosk.nix b/makefu/2configs/gui/snake-kiosk.nix new file mode 100644 index 000000000..838ac3a5c --- /dev/null +++ b/makefu/2configs/gui/snake-kiosk.nix @@ -0,0 +1,44 @@ +{ pkgs, lib, ... }: +{ + + imports = [ + ./base.nix + ]; + users.users.kiosk = { + # packages = [ pkgs.chromium pkgs.vscode ]; + group = "kiosk"; + isNormalUser = true; + uid = 1003; + extraGroups = [ "wheel" "audio" "pulse" "pipewire" ]; + }; + users.groups.kiosk.gid = 989 ; + services.xserver = { + enable = true; + + windowManager = lib.mkForce { awesome.enable = false; }; + displayManager.gdm.enable = true; + displayManager.gdm.autoSuspend = false; + displayManager.autoLogin = { + enable = true; + user = lib.mkForce "kiosk"; + }; + displayManager.defaultSession = "gnome"; + desktopManager.gnome.enable = true; + }; + + systemd.targets.sleep.enable = false; + systemd.targets.suspend.enable = false; + systemd.targets.hibernate.enable = false; + systemd.targets.hybrid-sleep.enable = false; + + + + environment.systemPackages = [ pkgs.gnomeExtensions.appindicator ]; + services.dbus.packages = with pkgs; [ gnome2.GConf gnome3.gnome-settings-daemon ]; + + services.pipewire.systemWide = lib.mkForce false; + services.pipewire.config.pipewire-pulse = { + "pulse.properties"."server.address" = [ "unix:native" "tcp:4713" ]; + }; + +} diff --git a/makefu/2configs/gui/wbob-kiosk.nix b/makefu/2configs/gui/wbob-kiosk.nix index c67aa7cfb..3a21bf213 100644 --- a/makefu/2configs/gui/wbob-kiosk.nix +++ b/makefu/2configs/gui/wbob-kiosk.nix @@ -5,11 +5,11 @@ ./base.nix ]; users.users.kiosk = { - packages = [ pkgs.chromium pkgs.vscode ]; + packages = with pkgs;[ chromium vscode spotify tartube-yt-dlp ]; group = "kiosk"; isNormalUser = true; uid = 1003; - extraGroups = [ "wheel" "audio" "pulse" ]; + extraGroups = [ "wheel" "audio" "pulse" "pipewire" ]; }; users.groups.kiosk.gid = 989 ; services.xserver = { @@ -31,7 +31,10 @@ }; - environment.systemPackages = [ pkgs.gnomeExtensions.appindicator ]; + environment.systemPackages = [ + pkgs.gnomeExtensions.appindicator pkgs.pavucontrol pkgs.jellyfin-media-player pkgs.chromium pkgs.firefox pkgs.kodi + pkgs.pavucontrol +]; services.dbus.packages = with pkgs; [ gnome2.GConf gnome3.gnome-settings-daemon ]; systemd.services.xset-off = { @@ -45,5 +48,9 @@ Restart = "on-failure"; }; }; + services.pipewire.systemWide = lib.mkForce false; + services.pipewire.config.pipewire-pulse = { + "pulse.properties"."server.address" = [ "unix:native" "tcp:4713" ]; + }; } diff --git a/makefu/2configs/home-manager/zsh.nix b/makefu/2configs/home-manager/zsh.nix index 13755de27..c875d52c8 100644 --- a/makefu/2configs/home-manager/zsh.nix +++ b/makefu/2configs/home-manager/zsh.nix @@ -61,6 +61,8 @@ direnv allow size = 900001; save = 900001; ignoreDups = true; + ignoreSpace = true; + extended = true; share = true; }; @@ -77,31 +79,32 @@ direnv allow xo = "mimeopen"; nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml"; }; - # navi package does not come with the navi.plugin.zsh anymore so we use .src + #zplug = { + # enable = true; + # plugins = [ + # { name = "denisidoro/navi" ; } + # { name = "zsh-users/zsh-autosuggestions" ; } + # ]; + #}; initExtra = '' bindkey -e + zle -N edit-command-line + # ctrl-x ctrl-e + bindkey '^xe' edit-command-line + bindkey '^x^e' edit-command-line # shift-tab bindkey '^[[Z' reverse-menu-complete bindkey "\e[3~" delete-char zstyle ':completion:*' menu select setopt HIST_IGNORE_ALL_DUPS - setopt HIST_IGNORE_SPACE setopt HIST_FIND_NO_DUPS compdef _pass brain zstyle ':completion::complete:brain::' prefix "$HOME/brain" + compdef _pass secrets zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/" - - # navi - . ${pkgs.navi.src}/shell/navi.plugin.zsh - # ctrl-x ctrl-e - autoload -U compinit && compinit - autoload -U edit-command-line - zle -N edit-command-line - bindkey '^xe' edit-command-line - bindkey '^x^e' edit-command-line ''; }; }; diff --git a/makefu/2configs/home/3dprint.nix b/makefu/2configs/home/3dprint.nix index 09f2ce6fd..aac962787 100644 --- a/makefu/2configs/home/3dprint.nix +++ b/makefu/2configs/home/3dprint.nix @@ -1,8 +1,12 @@ { pkgs, ... }: +let + #dev = "/dev/web_cam"; + dev = "/dev/video0"; +in { services.mjpg-streamer = { enable = true; - inputPlugin = "input_uvc.so -d /dev/web_cam -r 1280x960"; + inputPlugin = "input_uvc.so -d ${dev} -r 1280x960"; }; users.users.octoprint.extraGroups = [ "video" ]; # allow octoprint to access /dev/vchiq diff --git a/makefu/2configs/home/ham/automation/light_buttons.nix b/makefu/2configs/home/ham/automation/light_buttons.nix index 1892917c4..460d48bc4 100644 --- a/makefu/2configs/home/ham/automation/light_buttons.nix +++ b/makefu/2configs/home/ham/automation/light_buttons.nix @@ -1,10 +1,12 @@ let inherit (import ../lib) btn_cycle_light; + schlafzimmer_komode = "light.schlafzimmer_komode_osram"; + schlafzimmer_button = "sensor.schlafzimmer_btn2_click"; in { services.home-assistant.config.automation = [ # (btn_cycle_light "light.arbeitszimmerbeleuchtung" "arbeitszimmer_btn1") - (btn_cycle_light "light.schlafzimmer_komode_osram" "schlafzimmer_btn2" 128) + { alias = "toggle keller"; trigger = { @@ -32,21 +34,35 @@ in { service = "light.toggle"; data = { entity_id = "light.keller_osram"; - brightness = 50; + brightness = 25; }; }; } # (btn_cycle_light "light.wohnzimmerbeleuchtung" "wohnzimmer_btn3") { - alias = "Turn of all lights via schlafzimmer_btn2 double click"; + alias = "Dim Toggle schlafzimmer komode"; trigger = { platform = "state"; - entity_id = "sensor.schlafzimmer_btn2_click"; + entity_id = schlafzimmer_button; + to = "single"; + }; + action = { + service = "light.toggle"; + entity_id = schlafzimmer_komode; + brightness = 1; + }; + } + { + alias = "Bright Toggle schlafzimmer komode"; + trigger = { + platform = "state"; + entity_id = schlafzimmer_button; to = "double"; }; action = { - service = "light.turn_off"; - entity_id = "all"; + service = "light.toggle"; + entity_id = schlafzimmer_komode; + brightness = 255; }; } ]; diff --git a/makefu/2configs/home/ham/automation/urlaub.nix b/makefu/2configs/home/ham/automation/urlaub.nix index 019e65d25..abfe5031d 100644 --- a/makefu/2configs/home/ham/automation/urlaub.nix +++ b/makefu/2configs/home/ham/automation/urlaub.nix @@ -6,7 +6,7 @@ let schranklicht = [ "light.wohnzimmer_schrank_osram" - "light.wohnzimmer_komode_osram" + # "light.wohnzimmer_komode_osram" ]; weihnachtslicht = "light.wohnzimmer_fenster_lichterkette_licht"; fernsehlicht = "light.wled"; @@ -31,8 +31,8 @@ in automation = [ (turn_on schranklicht "-00:30:00") - #(turn_on weihnachtslicht "-00:30:00") - (turn_on fernsehlicht "-00:00:00") + (turn_on weihnachtslicht "-00:00:00") + #(turn_on fernsehlicht "-00:00:00") { alias = "Always turn off the urlaub lights at ${final_off}"; trigger = [ diff --git a/makefu/2configs/home/ham/automation/welcome.txt.j2 b/makefu/2configs/home/ham/automation/welcome.txt.j2 index 76091b868..d2a2b573b 100644 --- a/makefu/2configs/home/ham/automation/welcome.txt.j2 +++ b/makefu/2configs/home/ham/automation/welcome.txt.j2 @@ -7,7 +7,7 @@ Heute ist {{ weekday }}, du solltest gar nicht arbeiten! {% else %} Willkommen auf Arbeit Felix. {% endif -%} -Das aktuell gewählte Projekt ist {{ states("sensor.felix_project") }}. +Dein Projekt ist {{ states("sensor.felix_project") }}. {% set inside = states("sensor.wohnzimmer_temp_temperature") | float | round(2) -%} {% set outside = states("sensor.dark_sky_temperature") | float | round(2) -%} diff --git a/makefu/2configs/home/ham/default.nix b/makefu/2configs/home/ham/default.nix index ca5fcd17c..98269959d 100644 --- a/makefu/2configs/home/ham/default.nix +++ b/makefu/2configs/home/ham/default.nix @@ -17,6 +17,7 @@ in { ./zigbee2mqtt.nix # ./multi/flurlicht.nix ./multi/kurzzeitwecker.nix + ./intents ./multi/the_playlist.nix ./multi/heizung.nix # ./multi/fliegen-couter.nix @@ -92,6 +93,7 @@ in { { type = "homeassistant"; } ]; }; + tasmota = {}; binary_sensor = [ { platform = "workday"; name = "Arbeitstag"; diff --git a/makefu/2configs/home/ham/docker.nix b/makefu/2configs/home/ham/docker.nix new file mode 100644 index 000000000..e8a47dbbb --- /dev/null +++ b/makefu/2configs/home/ham/docker.nix @@ -0,0 +1,30 @@ +{ config, pkgs, lib, ... }: +let + confdir = "/var/lib/homeassistant-docker"; +in { + imports = [ + ./nginx.nix + ./mqtt.nix + ./signal-rest + ./signal-rest/service.nix + ]; + + networking.firewall.allowedTCPPorts = [ 8123 ]; + state = [ "/var/lib/hass/known_devices.yaml" ]; + virtualisation.oci-containers.containers.hass = { + image = "homeassistant/home-assistant:latest"; + environment = { + TZ = "Europe/Berlin"; + UMASK = "007"; + }; + extraOptions = ["--net=host" ]; + volumes = [ + "${confdir}:/config" + #"/data/music:/config/media" + ]; + }; + systemd.tmpfiles.rules = [ + #"f ${confdir}/docker-run 0770 kiosk kiosk - -" + "d ${confdir} 0770 kiosk kiosk - -" + ]; +} diff --git a/makefu/2configs/home/ham/intents/default.nix b/makefu/2configs/home/ham/intents/default.nix new file mode 100644 index 000000000..24594b4a2 --- /dev/null +++ b/makefu/2configs/home/ham/intents/default.nix @@ -0,0 +1,35 @@ +{ + services.home-assistant.config = { + intent_script = { + GetTime.speech.text = '' + Es ist {{ now().hour }} Uhr {{ now().minute }} + ''; + GutenMorgen.speech.text = '' + Einen wunderschönen Guten Morgen wünsche ich dir + ''; + WieGehtEsDir.speech.text = '' + Mir geht es sehr gut, und dir? + ''; + Statusreport.speech.text = builtins.readFile ./statusbericht.txt.j2; + StartMusic = { + speech.text = "Spiele {{ music }} musik"; + action_async = [ + { + service = "media_player.play_media"; + data_template = { + entity_id = "media_player.{{ _intent.siteId }}"; + media_content_id = builtins.readFile ./music_chooser.txt.j2; + media_content_type = "music"; + }; + } + ]; + }; + GetWeather = { + #speech.text = '' + # {{ states('sensor.openweathermap_weather') }} bei {{ states('sensor.openweathermap_temperature') }} Grad + #''; + speech.text = "{{ states('sensor.swr_prognose') }}"; + }; + }; + }; +} diff --git a/makefu/2configs/home/ham/intents/music_chooser.txt.j2 b/makefu/2configs/home/ham/intents/music_chooser.txt.j2 new file mode 100644 index 000000000..b66ed2721 --- /dev/null +++ b/makefu/2configs/home/ham/intents/music_chooser.txt.j2 @@ -0,0 +1,13 @@ +{% if music == "lounge" -%} +https://cast1.asurahosting.com/proxy/julien/stream.mp3 +{% elif music == "lassulus" -%} +http://radio.lassul.us:8000/radio.mp3 +{% elif music == "groove" -%} +http://ice2.somafm.com/groovesalad-128.mp3 +{% elif music == "swr3" -%} +https://liveradio.swr.de/sw282p3/swr3/play.mp3 +{% elif music == "swr1" -%} +https://liveradio.swr.de/sw282p3/swr1bw/play.mp3 +{% elif music == "radio" -%} +https://liveradio.swr.de/sw282p3/swr1bw/play.mp3 +{% endif %} diff --git a/makefu/2configs/home/ham/intents/statusbericht.txt.j2 b/makefu/2configs/home/ham/intents/statusbericht.txt.j2 new file mode 100644 index 000000000..c17ad455c --- /dev/null +++ b/makefu/2configs/home/ham/intents/statusbericht.txt.j2 @@ -0,0 +1,37 @@ +{% set arbeit_heute = is_state("binary_sensor.arbeitstag","on") -%} +{% set weekday = ['Montag','Dienstag','Mittwoch','Donnerstag','Freitag','Samstag','Sonntag'][now().weekday()] -%} +{% set is_friday = now().weekday() == 4 %} + +Dies ist deine Persönliche Zusammenfassung +{% set inside = states("sensor.wohnzimmer_temp_temperature") | float | round(2) -%} +{% set outside = states("sensor.dark_sky_temperature") | float | round(2) -%} +{% set arbeit_morgen = is_state("binary_sensor.arbeitstag_morgen","on") -%} + +Die Wetteraussichten: {{ states("sensor.dark_sky_hourly_summary") | replace(".","")}} bei {{ states("sensor.dark_sky_temperature") }} Grad mit {{ states("sensor.dark_sky_humidity") | round(0) }}% Luftfeuchtigkeit. +{% if states("calendar.abfall_papiermuell") == "on" %} +Heute ist Papiermuell, bring noch schnell dein Papier raus +{% endif %} +{% if states("calendar.abfall_restmuell") == "on" %} +Ausserdem ist heute Restmuell. +{% endif -%} + +{% if ( outside < inside ) and ( outside > 18 ) %} +Draussen ist es gerade {{ ((inside - outside) | round(1) )}} gerade kühler +{% endif -%} + +{% set current_count = state_attr("sensor.dwd_weather_warnings_current_warning_level", "warning_count") %} +{% for i in range(current_count) %} +{% set idx = i + 1 %} + {% set headline = state_attr("sensor.dwd_weather_warnings_current_warning_level", "warning_" ~ idx ~ "_headline") %} + {% set description = state_attr("sensor.dwd_weather_warnings_current_warning_level", "warning_" ~ idx ~ "_description") %} + {% set level = state_attr("sensor.dwd_weather_warnings_current_warning_level", "warning_" ~ idx ~ "_level") %} + {% set time_start = state_attr("sensor.dwd_weather_warnings_current_warning_level", "warning_" ~ idx ~ "_start") %} + {% set time_end = state_attr("sensor.dwd_weather_warnings_current_warning_level", "warning_" ~ idx ~ "_end") %} +Wetterwarnung {{idx}}: {{ headline }} Stufe {{level}} von {{ time_start.strftime("%H:%M") ~ " bis " ~ time_end.strftime("%H:%M") }} Uhr + +{{ description }} +{% endfor %} + +{% if is_friday %} +Endlich ist Freitag! +{% endif -%} diff --git a/makefu/2configs/home/ham/lib/default.nix b/makefu/2configs/home/ham/lib/default.nix index cf1c32abd..0d89d1e9e 100644 --- a/makefu/2configs/home/ham/lib/default.nix +++ b/makefu/2configs/home/ham/lib/default.nix @@ -27,12 +27,11 @@ in #} { delay.seconds = 1; } { delay = '' - {% set duration = state_attr("${entity}","media_duration") %} - {% set seconds = duration % 60 %} + {% set duration = state_attr("${entity}","media_duration") or 0 %} + {% set seconds = (duration % 60 ) %} {% set minutes = (duration / 60)|int % 60 %} {% set hours = (duration / 3600)|int %} {{ "%02i:%02i:%02i"|format(hours, minutes, seconds)}} - ''; } { diff --git a/makefu/2configs/home/ham/light/wohnzimmer.nix b/makefu/2configs/home/ham/light/wohnzimmer.nix index 554d1f8ce..7fc7af038 100644 --- a/makefu/2configs/home/ham/light/wohnzimmer.nix +++ b/makefu/2configs/home/ham/light/wohnzimmer.nix @@ -6,10 +6,30 @@ let wohnzimmer_deko = [ "light.wohnzimmer_fernseher_led_strip" # led um fernseher "light.wohnzimmer_lichterkette_led_strip" # led um fernsehwand - "light.kinderzimmer_lichterkette_licht" # led um fenster + "light.wohnzimmer_fenster_lichterkette_licht" # led um fenster ]; in { imports = [ ./tint_wohnzimmer.nix ]; + services.home-assistant.config.scene = [ + { name = "Wohnzimmer Abendlicht"; + id = "living_room_evening"; + entities = { + "light.wohnzimmer_komode_osram_light" = { + state = "on"; + brightness = 128; + }; + "light.wohnzimmer_schrank_osram_light" = { + state = "on"; + brightness = 128; + }; + "light.wohnzimmer_fenster_lichterkette_licht" = "on"; + "light.wohnzimmer_fernseher_led_strip" = { + state = "on"; + }; + }; + + } + ]; services.home-assistant.config.wled = {}; services.home-assistant.config.light = [ { @@ -22,6 +42,11 @@ in { name = "Wohnzimmer Deko"; entities = wohnzimmer_deko; } + { + platform = "group"; + name = "living_room_lights"; + entities = wohnzimmerbeleuchtung ++ wohnzimmer_deko; + } ]; } diff --git a/makefu/2configs/home/ham/media/firetv.nix b/makefu/2configs/home/ham/media/firetv.nix index fc33346cd..e2ac1ef76 100644 --- a/makefu/2configs/home/ham/media/firetv.nix +++ b/makefu/2configs/home/ham/media/firetv.nix @@ -3,11 +3,11 @@ let in { services.home-assistant.config = { notify = [ - { - platform = "nfandroidtv"; - name = "FireTV Wohnzimmer Notification"; - host = firetv_stick; - } + #{ + #platform = "nfandroidtv"; + #name = "FireTV Wohnzimmer Notification"; + #host = firetv_stick; + #} ]; media_player = [ #{ @@ -16,12 +16,12 @@ in { # host = firetv_stick; #} # Configuration needs to be done by hand via web interface "integration" - { platform = "androidtv"; - name = "FireTV Stick Android"; - device_class = "firetv"; - host = firetv_stick; - port = 5555; - } + #{ platform = "androidtv"; + # name = "FireTV Stick Android"; + # device_class = "firetv"; + # host = firetv_stick; + # port = 5555; + #} ]; }; } diff --git a/makefu/2configs/home/ham/mqtt.nix b/makefu/2configs/home/ham/mqtt.nix index 5e668e7a0..9c4b4147e 100644 --- a/makefu/2configs/home/ham/mqtt.nix +++ b/makefu/2configs/home/ham/mqtt.nix @@ -5,7 +5,7 @@ services.mosquitto = { enable = true; persistence = false; - settings.max_keepalive = 60; + settings.max_keepalive = 1060; listeners = [ { port = 1883; diff --git a/makefu/2configs/home/ham/multi/kurzzeitwecker.nix b/makefu/2configs/home/ham/multi/kurzzeitwecker.nix index a0748e205..1e6fae90c 100644 --- a/makefu/2configs/home/ham/multi/kurzzeitwecker.nix +++ b/makefu/2configs/home/ham/multi/kurzzeitwecker.nix @@ -9,128 +9,80 @@ let button = "sensor.zigbee_btn2_click"; notify = "notify.signal_home"; + # für {{ _intent.siteId }} - name of the rhasspy instance: arbeitszimmer in { services.home-assistant.config = { - timer.kurzzeitwecker = - { - name = "Zigbee Kurzzeitwecker"; - duration = 300; + automation = []; + timer.kurzzeitwecker = { + name = "Wecker Wohnung"; }; - script.add_5_minutes_to_kurzzeitwecker = - { - alias = "Add 5 minutes to kurzzeitwecker"; - sequence = [ - { service = "timer.pause"; - entity_id = "timer.kurzzeitwecker"; - } - { service = "timer.start"; - data_template = { - entity_id = "timer.kurzzeitwecker"; - duration = '' - {% set r = state_attr('timer.kurzzeitwecker', 'remaining') ~ '-0000' %} - {% set t = strptime(r, '%H:%M:%S.%f%z') %} - {{ (as_timestamp(t) + 300) | timestamp_custom('%H:%M:%S', false) }} - ''; - }; - } - ]; + timer.wecker_arbeitszimmer = { + name = "Wecker Arbeitszimmer"; }; - automation = - [ - { - alias = "Start Timer 5min"; - trigger = { - platform = "state"; - entity_id = button; - to = "single"; - }; - condition = - { condition = "state"; - entity_id = "timer.kurzzeitwecker"; - state = "idle"; - }; - + timer.wecker_wohnzimmer = { + name = "Wecker Wohnzimmer"; + }; + intent = {}; + intent_script = { + TimerjobStart = { + speech.text = '' + {% set h = hours|default('0')|string %} + {% set m = minutes|default('0')|string %} + {% if h == "0" %} + Wecker gestellt {{ m }} Minuten + {% elif m == "0" %} + Wecker gestellt {{ h }} Stunden + {% else %} + Wecker gestellt {{ h }} Stunden und {{ m }} Minuten + {% endif %} + ''; action = [ - { service = "timer.start"; - entity_id = "timer.kurzzeitwecker"; - data.duration = "00:05:00"; - } { - service = notify; - data.message = "Timer gestartet {{state_attr('timer.kurzzeitwecker', 'remaining') }}, verbleibend "; - } - ]; - } - { - alias = "Add Timer 5min"; - trigger = { - platform = "state"; - entity_id = button; - to = "single"; - }; - condition = - { condition = "state"; - entity_id = "timer.kurzzeitwecker"; - state = "active"; - }; + service = "timer.start"; + + data.entity_id = "timer.kurzzeitwecker"; + data.duration = '' + {% set h = hours|default("0")|int %} + {% set m = minutes|default("0")|int %} + {{ "%02d" | format(h) }}:{{ "%02d" | format(m) }}:00 + ''; - action = [ - { service = "homeassistant.turn_on"; - entity_id = "script.add_5_minutes_to_kurzzeitwecker"; - } - { - service = notify; - data.message = ''Timer um 5 minuten verlängert, {{ state_attr('timer.kurzzeitwecker', 'remaining') | truncate(9,True," ") }} verbleibend ''; } ]; - } - { - alias = "Stop timer on double click"; - trigger = [ - { - platform = "state"; - entity_id = button; - to = "double"; - } - { - platform = "state"; - entity_id = button; - to = "triple"; - } - ]; - condition = - { - condition = "state"; - entity_id = "timer.kurzzeitwecker"; - state = "active"; - }; - + }; + TimerjobRemaining = { + speech.text = '' + {% set timer = states('timer.kurzzeitwecker') %} + {% if timer == 'idle' %} + Wecker läuft nicht + {% elif timer == 'active' %} + {% set remaining = as_timestamp( state_attr('timer.kurzzeitwecker','finishes_at') )-( as_timestamp(now())) %} + {% set s = ((remaining % 60)) | int %} + {% set m = ((remaining % 3600) / 60) | int %} + {% set h = ((remaining % 86400) / 3600) | int %} + {% if h == 0 %} + Es verbleiben {{ m }} Minuten und {{ s }} Sekunden + {% elif m == 0 %} + Es verbleiben {{ h }} Stunden + {% elif m == 0 and h == 0 %} + Es verbleiben {{ s }} Sekunden + {% else %} + Es verbleiben {{ h }} Stunden {{ m }} Minuten + {% endif %} + {% endif %} + ''; + }; + TimerjobStop = { + speech.text = '' + Wecker gestoppt + ''; action = [ - { - service = "timer.cancel"; - entity_id = "timer.kurzzeitwecker"; - } - { - service = notify; - data.message = "Timer gestoppt, abgebrochen"; + { service = "timer.cancel"; + data.entity_id = "timer.kurzzeitwecker"; } ]; - } - { - alias = "Timer Finished"; - trigger = { - platform = "event"; - event_type = "timer.finished"; - event_data.entity_id = "timer.kurzzeitwecker"; - }; - action = [ - { - service = notify; - data.message = "Timer beendet"; - } - ]; - } - ]; + }; + }; }; } diff --git a/makefu/2configs/home/ham/sensor/outside.nix b/makefu/2configs/home/ham/sensor/outside.nix index e7467617b..061c4e981 100644 --- a/makefu/2configs/home/ham/sensor/outside.nix +++ b/makefu/2configs/home/ham/sensor/outside.nix @@ -40,5 +40,16 @@ { platform = "accuweather"; api_key = "!secret accuweather"; } + { platform = "scrape"; + resource = "https://www.swr.de/wetter/wetter-liste-swr-100.html"; + name = "SWR Prognose"; + select = "p[data-refresh=\"weather-headline\"]"; + } + { platform = "scrape"; + resource = "https://www.swr.de/wetter/wetter-liste-swr-100.html"; + name = "SWR Prognose Langtext"; + select = "p[data-refresh=\"weather-text\"]"; + } + ]; } diff --git a/makefu/2configs/home/jellyfin.nix b/makefu/2configs/home/jellyfin.nix index acfdb2599..e613a05fc 100644 --- a/makefu/2configs/home/jellyfin.nix +++ b/makefu/2configs/home/jellyfin.nix @@ -1,66 +1,34 @@ { lib, config, ... }: +let + port = 8096; +in { services.jellyfin.enable = true; - services.jellyfin.openFirewall = true; + # services.jellyfin.openFirewall = true; + networking.firewall.interfaces.wiregrill = { + allowedTCPPorts = [ 80 port 8920 ]; + allowedUDPPorts = [ 1900 7359 ]; + }; state = [ "/var/lib/jellyfin" ]; users.users.${config.services.jellyfin.user}.extraGroups = [ "download" "video" "render" ]; systemd.services.jellyfin = { - after = [ "media-cloud.mount" ]; serviceConfig = rec { + RequiresMountFor = [ "/media/cloud" ]; SupplementaryGroups = lib.mkForce [ "video" "render" "download" ]; UMask = lib.mkForce "0077"; - - - Type = lib.mkForce "simple"; - StateDirectory = lib.mkForce "jellyfin"; - StateDirectoryMode = lib.mkForce "0700"; - CacheDirectory = lib.mkForce "jellyfin"; - CacheDirectoryMode = lib.mkForce "0700"; - WorkingDirectory = lib.mkForce "/var/lib/jellyfin"; - Restart = lib.mkForce "on-failure"; - TimeoutSec = lib.mkForce 15; - SuccessExitStatus = lib.mkForce ["0" "143"]; - - # Security options: - NoNewPrivileges = lib.mkForce true; - SystemCallArchitectures = lib.mkForce "native"; - # AF_NETLINK needed because Jellyfin monitors the network connection - RestrictAddressFamilies = lib.mkForce [ "AF_UNIX" "AF_INET" "AF_INET6" "AF_NETLINK" ]; - RestrictNamespaces = lib.mkForce false; - RestrictRealtime = lib.mkForce true; - RestrictSUIDSGID = lib.mkForce true; - ProtectControlGroups = lib.mkForce false; - ProtectHostname = lib.mkForce true; - ProtectKernelLogs = lib.mkForce false; - ProtectKernelModules = lib.mkForce false; - ProtectKernelTunables = lib.mkForce false; - LockPersonality = lib.mkForce true; - PrivateTmp = lib.mkForce false; - # needed for hardware accelaration - PrivateDevices = lib.mkForce false; - PrivateUsers = lib.mkForce true; - RemoveIPC = lib.mkForce true; - - SystemCallFilter = lib.mkForce [ - "~@clock" - "~@aio" - "~@chown" - "~@cpu-emulation" - "~@debug" - "~@keyring" - "~@memlock" - "~@module" - "~@mount" - "~@obsolete" - "~@privileged" - "~@raw-io" - "~@reboot" - "~@setuid" - "~@swap" - ]; - SystemCallErrorNumber = lib.mkForce "EPERM"; }; }; + services.nginx.virtualHosts."jelly" = { + serverAliases = [ + "jelly.lan" "movies.lan" + "jelly.makefu.w" "makefu.omo.w" + ]; + + locations."/" = { + proxyPass = "http://localhost:${toString port}"; + proxyWebsockets = true; + }; + }; } diff --git a/makefu/2configs/home/music.nix b/makefu/2configs/home/music.nix index f3b9f50f1..b32af6207 100644 --- a/makefu/2configs/home/music.nix +++ b/makefu/2configs/home/music.nix @@ -9,8 +9,7 @@ in MusicFolder = "/media/cryptX/music/kinder"; Address = "0.0.0.0"; }; - systemd.services.navidrome.after = [ "media-cryptX.mount" "cryptsetup.target" -"local-fs.target" "remote-fs.target" ]; + systemd.services.navidrome.serviceConfig.RequiresMountFor = [ "/media/cryptX" ]; state = [ "/var/lib/navidrome" ]; # networking.firewall.allowedTCPPorts = [ 4040 ]; diff --git a/makefu/2configs/home/photoprism.nix b/makefu/2configs/home/photoprism.nix index 1cd04fd9a..2f8a86430 100644 --- a/makefu/2configs/home/photoprism.nix +++ b/makefu/2configs/home/photoprism.nix @@ -70,15 +70,18 @@ in PHOTOPRISM_HTTP_PORT = port; # Built-in Web server port PHOTOPRISM_HTTP_COMPRESSION = "gzip"; # Improves transfer speed and bandwidth utilization (none or gzip) PHOTOPRISM_DEBUG = "false"; # Run in debug mode (shows additional log messages) - PHOTOPRISM_PUBLIC = "true"; # No authentication required (disables password protection) + # PHOTOPRISM_PUBLIC = "true"; # No authentication required (disables password protection) PHOTOPRISM_READONLY = "false"; # Don't modify originals directory (reduced functionality) PHOTOPRISM_EXPERIMENTAL = "true"; # Enables experimental features - PHOTOPRISM_DISABLE_WEBDAV = "false"; # Disables built-in WebDAV server + # PHOTOPRISM_DISABLE_WEBDAV = "false"; # Disables built-in WebDAV server PHOTOPRISM_DISABLE_SETTINGS = "false"; # Disables Settings in Web UI PHOTOPRISM_DISABLE_TENSORFLOW = "false"; # Disables using TensorFlow for image classification PHOTOPRISM_DARKTABLE_PRESETS = "false"; # Enables Darktable presets and disables concurrent RAW conversion PHOTOPRISM_DETECT_NSFW = "false"; # Flag photos as private that MAY be offensive (requires TensorFlow) PHOTOPRISM_UPLOAD_NSFW = "true"; # Allow uploads that MAY be offensive + PHOTOPRISM_AUTH_MODE = "password"; + PHOTOPRISM_ADMIN_USER = "admin"; + PHOTOPRISM_ADMIN_PASSWORD = "admin"; #PHOTOPRISM_DATABASE_DRIVER = "postgres"; #PHOTOPRISM_DATABASE_SERVER = "postgres-prism:5432"; diff --git a/makefu/2configs/home/rhasspy/default.nix b/makefu/2configs/home/rhasspy/default.nix new file mode 100644 index 000000000..e3a0bcd28 --- /dev/null +++ b/makefu/2configs/home/rhasspy/default.nix @@ -0,0 +1,40 @@ +{ lib,config, ... }: +# uses alsa instead of pulseaduio server +let + profiles = "/var/lib/rhasspy"; +in +{ + systemd.services.docker-rhasspy.after = [ "network-online.target" ]; + + virtualisation.oci-containers.containers.rhasspy = { + image = "rhasspy/rhasspy:latest"; + + environment = { + TZ = "Europe/Berlin"; + PULSE_SERVER = "tcp:${ config.krebs.build.host.name }:4713"; + }; + + ports = [ + "12101:12101" + ]; + + volumes = [ + "/etc/localtime:/etc/localtime:ro" + "${profiles}:/profiles" + ]; + + cmd = [ "--user-profiles" "/profiles" "--profile" "de" ]; + extraOptions = [ + "--device=/dev/snd:/dev/snd" + "--group-add=audio" + ]; + }; + systemd.tmpfiles.rules = [ + "d ${profiles} 0770 root root - -" + ]; + + # required to allow rhasspy to connect to pulse server + # hardware.pulseaudio.enable = lib.mkForce false; + networking.firewall.allowedTCPPorts = [ 4713 ]; + +} diff --git a/makefu/2configs/home/rhasspy/led-control.nix b/makefu/2configs/home/rhasspy/led-control.nix new file mode 100644 index 000000000..b4efe028a --- /dev/null +++ b/makefu/2configs/home/rhasspy/led-control.nix @@ -0,0 +1,23 @@ +{ pkgs, ... }: +let + cfg = pkgs.writeText "hcl-config.json" (builtins.toJSON { + engine = "rhasspy"; + pathToConfig = "/var/lib/rhasspy/de/profile.json"; + hardware = "respeaker4MicArray"; + pattern = "fake-name"; + enableDoA = false; + }); +in { + systemd.services.HermesLedControl = { + description = "Led Server for ReSpeaker 4-array"; + after = [ "network-online.target" "docker-rhasspy.service" ] ; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + # User = "nobody"; # need a user with permissions to run nix-shell + ExecStart = "${pkgs.HermesLedControl}/bin/HermesLedControl --hermesLedControlConfig=${toString cfg}"; + Restart = "always"; + RestartSec = 10; + PrivateTmp = true; + }; + }; +} diff --git a/makefu/2configs/home/zigbee2mqtt/default.nix b/makefu/2configs/home/zigbee2mqtt/default.nix index 1c4582ed5..8bb8a929b 100644 --- a/makefu/2configs/home/zigbee2mqtt/default.nix +++ b/makefu/2configs/home/zigbee2mqtt/default.nix @@ -32,6 +32,10 @@ in include_device_information = true; client_id = "zigbee2mqtt"; }; + availability = { + active.timeout = 10; + passive.timeout = 1500; + }; frontend = { port = webport; }; diff --git a/makefu/2configs/hw/cdrip.nix b/makefu/2configs/hw/cdrip.nix new file mode 100644 index 000000000..1c0bf9c17 --- /dev/null +++ b/makefu/2configs/hw/cdrip.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: +{ + users.users.makefu = { + extraGroups = [ "cdrom" ]; + packages = [ pkgs.glyr pkgs.abcde ]; + }; +} diff --git a/makefu/2configs/hw/pseyecam.nix b/makefu/2configs/hw/pseyecam.nix new file mode 100644 index 000000000..029ee7c9c --- /dev/null +++ b/makefu/2configs/hw/pseyecam.nix @@ -0,0 +1,6 @@ +# https://bugzilla.kernel.org/show_bug.cgi?id=198129 +{ + boot.extraModprobeConfig = '' + options snd_usb_audio ignore_ctl_error=1 + ''; +} diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index 8d3e17c7f..bbed3f430 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -37,7 +37,7 @@ emulateWheel = true; }; - services.tlp.enable = true; + services.tlp.enable = ! config.services.power-profiles-daemon.enable; services.tlp.settings = { # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery START_CHARGE_THRESH_BAT0 = 95; diff --git a/makefu/2configs/kdeconnect.nix b/makefu/2configs/kdeconnect.nix index ca025ee43..b9110dee8 100644 --- a/makefu/2configs/kdeconnect.nix +++ b/makefu/2configs/kdeconnect.nix @@ -1,6 +1,6 @@ {pkgs, ... }: { - environment.systemPackages = with pkgs; [ kdeconnect ]; - networking.firewall.allowedUDPPortRanges = [ { from = 1714; to = 1764; } ]; - networking.firewall.allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; + environment.systemPackages = with pkgs; [ kdeconnect ]; + networking.firewall.allowedUDPPortRanges = [ { from = 1714; to = 1764; } ]; + networking.firewall.allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; } diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix index a7181cfe9..296201808 100644 --- a/makefu/2configs/main-laptop.nix +++ b/makefu/2configs/main-laptop.nix @@ -12,7 +12,7 @@ let in { imports = [ ./gui/base.nix - ./gui/look-up.nix + # ./gui/look-up.nix ./fetchWallpaper.nix ./zsh-user.nix ./tools/core.nix @@ -22,54 +22,8 @@ in { users.users.${config.krebs.build.user.name}.extraGroups = [ "dialout" ]; - krebs.power-action = let - #speak = "XDG_RUNTIME_DIR=/run/user/$(id -u) ${pkgs.espeak}/bin/espeak"; # when run as user - speak = "${pkgs.espeak}/bin/espeak"; # systemwide pulse - whisper = text: ''${speak} -v +whisper -s 110 "${text}"''; - - note = pkgs.writeDash "note-as-user" '' - eval "export $(egrep -z DBUS_SESSION_BUS_ADDRESS /proc/$(${pkgs.procps}/bin/pgrep -u ${user} ${window-manager})/environ)" - ${pkgs.libnotify}/bin/notify-send "$@"; - ''; - in { - enable = true; - inherit user; - plans.low-battery = { - upperLimit = 25; - lowerLimit = 15; - charging = false; - action = pkgs.writeDash "low-speak" '' - ${whisper "power level low, please plug me in"} - ''; - }; - plans.nag-harder = { - upperLimit = 15; - lowerLimit = 5; - charging = false; - action = pkgs.writeDash "crit-speak" '' - ${note} Battery -u critical -t 60000 "Power level critical, do something!" - ${whisper "Power level critical, do something"} - ''; - }; - plans.last-chance = { - upperLimit = 5; - lowerLimit = 3; - charging = false; - action = pkgs.writeDash "suspend-wrapper" '' - ${note} Battery -u crit "You've had your chance, suspend in 5 seconds" - ${concatMapStringsSep "\n" (i: '' - ${note} -u critical -t 1000 ${toString i} - ${speak} ${toString i} & - sleep 1 - '') - [ 5 4 3 2 1 ]} - /var/run/wrappers/bin/sudo ${pkgs.systemd}/bin/systemctl suspend - ''; - }; - }; security.sudo.extraConfig = "${config.krebs.power-action.user} ALL= (root) NOPASSWD: ${pkgs.systemd}/bin/systemctl suspend"; - services.redshift.enable = true; location.latitude = 48.7; location.longitude = 9.1; diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix index 2f44d8cc1..a925b9f78 100644 --- a/makefu/2configs/nginx/euer.wiki.nix +++ b/makefu/2configs/nginx/euer.wiki.nix @@ -22,6 +22,8 @@ let in { state = [ base-dir ]; + # hotfix for broken wiki after reboot + systemd.services."phpfpm-euer-wiki".serviceConfig.RequiresMountFor = [ "/media/cloud" ]; services.phpfpm = { pools.euer-wiki = { inherit user group; diff --git a/makefu/2configs/overlays/prefer-remote-fetch.nix b/makefu/2configs/overlays/prefer-remote-fetch.nix new file mode 100644 index 000000000..d332e6723 --- /dev/null +++ b/makefu/2configs/overlays/prefer-remote-fetch.nix @@ -0,0 +1,4 @@ +self: super: + if super ? prefer-remote-fetch then + (super.prefer-remote-fetch self super) +else super diff --git a/makefu/2configs/share/gum-client.nix b/makefu/2configs/share/gum-client.nix index 5192ef515..09a3dd733 100644 --- a/makefu/2configs/share/gum-client.nix +++ b/makefu/2configs/share/gum-client.nix @@ -6,7 +6,7 @@ let "x-systemd.idle-timeout=300" "x-systemd.mount-timeout=60s" ]; - host = "gum"; #TODO + host = "gum.w"; #TODO in { boot.extraModprobeConfig = '' options cifs CIFSMaxBufSize=130048 diff --git a/makefu/2configs/share/hetzner-client.nix b/makefu/2configs/share/hetzner-client.nix index f7afc6d57..9713b776a 100644 --- a/makefu/2configs/share/hetzner-client.nix +++ b/makefu/2configs/share/hetzner-client.nix @@ -3,7 +3,7 @@ with <stockholm/lib>; let automount_opts = - ["nofail" "noempty" + ["nofail" ]; host = "u288834.your-storagebox.de"; in { diff --git a/makefu/2configs/share/omo.nix b/makefu/2configs/share/omo.nix index 4756ccf81..16959bc90 100644 --- a/makefu/2configs/share/omo.nix +++ b/makefu/2configs/share/omo.nix @@ -9,6 +9,7 @@ let in { # samba share /media/crypt1/share + systemd.services.samba-smbd.serviceConfig.RequiresMountFor = [ "/media/cryptX" ]; users.users.smbguest = { name = "smbguest"; uid = config.ids.uids.smbguest; diff --git a/makefu/2configs/shiori.nix b/makefu/2configs/shiori.nix index cbccdc1f5..94a5e9dc8 100644 --- a/makefu/2configs/shiori.nix +++ b/makefu/2configs/shiori.nix @@ -4,19 +4,10 @@ let statedir = "/var/lib/shiori"; in { state = [ "/var/lib/private/shiori" ]; # when using dynamicUser - systemd.services.shiori = { - description = "Shiori Server"; - after = [ "network-online.target" ]; - environment = { - SHIORI_DIR = statedir; - }; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - DynamicUser = true; - StateDirectory = "shiori"; - ExecStart = "${pkgs.shiori}/bin/shiori serve -a 127.0.0.1 -p ${toString web_port}"; - PrivateTmp = true; - }; + services.shiori = { + enable = true; + port = web_port; + address = "127.0.0.1"; }; services.nginx.virtualHosts."bookmark.euer.krebsco.de" = { forceSSL = true; diff --git a/makefu/2configs/systemdultras/ircbot.nix b/makefu/2configs/systemdultras/ircbot.nix index df9741d9c..9ec7a27a4 100644 --- a/makefu/2configs/systemdultras/ircbot.nix +++ b/makefu/2configs/systemdultras/ircbot.nix @@ -26,8 +26,8 @@ feed = "https://www.reddit.com/r/systemd/.rss"; delay = 272; }; - r-pid_eins-twitter = { - feed = "http://rss.makefu.r/?action=display&bridge=Twitter&context=By+username&u=pid_eins&format=Atom"; + r-pid_eins-mastodon = { + feed = "https://mastodon.social/users/pid_eins.rss"; delay = 621; }; }; diff --git a/makefu/2configs/tools/core-gui.nix b/makefu/2configs/tools/core-gui.nix index 57c8c96f1..bcd3022e8 100644 --- a/makefu/2configs/tools/core-gui.nix +++ b/makefu/2configs/tools/core-gui.nix @@ -17,5 +17,6 @@ xorg.xbacklight scrot libnotify + thunderbird ]; } diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index 2b9baa9c5..0747934b8 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -14,6 +14,7 @@ gi flashrom mosquitto + pwqgen-ger # esphome # broken # nix related diff --git a/makefu/2configs/tools/games.nix b/makefu/2configs/tools/games.nix index 507887cff..57a1dba1e 100644 --- a/makefu/2configs/tools/games.nix +++ b/makefu/2configs/tools/games.nix @@ -9,5 +9,6 @@ wine pkg2zip steam + steam-run ]; } diff --git a/makefu/2configs/wireguard/server.nix b/makefu/2configs/wireguard/server.nix index bda250702..bb3198178 100644 --- a/makefu/2configs/wireguard/server.nix +++ b/makefu/2configs/wireguard/server.nix @@ -17,7 +17,6 @@ in { # wireguard server externalInterface = ext-if; internalInterfaces = [ "wg0" ]; }; - networking.wireguard.interfaces.wg0 = { ips = [ "10.244.0.1/24" ]; listenPort = 51820; diff --git a/makefu/2configs/wireguard/wiregrill.nix b/makefu/2configs/wireguard/wiregrill.nix index 082090755..922dc8c0f 100644 --- a/makefu/2configs/wireguard/wiregrill.nix +++ b/makefu/2configs/wireguard/wiregrill.nix @@ -13,16 +13,75 @@ in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) { boot.kernel.sysctl = mkIf isRouter { "net.ipv6.conf.all.forwarding" = 1; + "net.ipv4.conf.all.forwarding" = 1; }; + #networking.nat = mkIf isRouter { + # enable = true; + # enableIPv6 = true; + # externalInterface = ext-if; + # internalInterfaces = [ "wiregrill" ]; + #}; networking.firewall = { allowedUDPPorts = [ self.wireguard.port ]; - extraCommands = '' - iptables -A FORWARD -i wiregrill -o wiregrill -j ACCEPT + interfaces.wiregrill = mkIf isRouter { + allowedUDPPorts = [ 53 ]; + allowedTCPPorts = [ 53 ]; + }; + }; + + services.dnsmasq = mkIf isRouter { + enable = true; + resolveLocalQueries = false; + extraConfig = /* dnsmasq */ '' + bind-interfaces + interface=retiolum,wiregrill ''; + servers = [ "1.1.1.1" ]; }; - networking.wireguard.interfaces.wiregrill = { + networking.wireguard.interfaces.wiregrill = let + ipt = "${pkgs.iptables}/bin/iptables"; + ip6 = "${pkgs.iptables}/bin/ip6tables"; + in { + postSetup = '' + ${ipt} -A FORWARD -i wiregrill -o retiolum -j ACCEPT + ${ipt} -A FORWARD -i wiregrill -o wiregrill -j ACCEPT + ${ipt} -A FORWARD -o wiregrill -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT + ${ip6} -A FORWARD -i wiregrill -o retiolum -j ACCEPT + ${ip6} -A FORWARD -i retiolum -o wiregrill -j ACCEPT + ${ip6} -A FORWARD -i wiregrill -o wiregrill -j ACCEPT + ${ip6} -A FORWARD -o wiregrill -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT + + '' + (optionalString isRouter '' + #${ipt} -t nat -A PREROUTING -s 10.244.245.0/24 -j ACCEPT + #${ipt} -t nat -A POSTROUTING -s 10.244.245.0/24 ! -d 10.244.245.0/24 -j MASQUERADE + + #${ip6} -t nat -A PREROUTING -s 42:1::/32 -j ACCEPT + #${ip6} -t nat -A POSTROUTING -s 42:1::/32 ! -d 42:1::/48 -j MASQUERADE + ''); + + # This undoes the above command + postShutdown = '' + ${ipt} -D FORWARD -i wiregrill -o retiolum -j ACCEPT + ${ipt} -D FORWARD -i retiolum -o wiregrill -j ACCEPT + ${ipt} -D FORWARD -i wiregrill -o wiregrill -j ACCEPT + ${ipt} -D FORWARD -i wiregrill -o wiregrill -j ACCEPT + ${ipt} -D FORWARD -o wiregrill -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT + + ${ip6} -D FORWARD -i wiregrill -o retiolum -j ACCEPT + ${ip6} -D FORWARD -i retiolum -o wiregrill -j ACCEPT + ${ip6} -D FORWARD -i wiregrill -o wiregrill -j ACCEPT + ${ip6} -D FORWARD -o wiregrill -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT + + '' + (optionalString isRouter '' + + ${ipt} -t nat -D PREROUTING -s 10.244.245.0/24 -j ACCEPT + ${ipt} -t nat -D POSTROUTING -s 10.244.245.0/24 -j MASQUERADE + + #${ip6} -t nat -D PREROUTING -s 42:1::/32 -j ACCEPT + #${ip6} -t nat -D POSTROUTING -s 42:1::/32 ! -d 42:1::/48 -j MASQUERADE + '' ); ips = (optional (!isNull self.ip4) self.ip4.addr) ++ (optional (!isNull self.ip6) self.ip6.addr); |