diff options
247 files changed, 3258 insertions, 2954 deletions
diff --git a/flake.lock b/flake.lock new file mode 100644 index 000000000..937db8871 --- /dev/null +++ b/flake.lock @@ -0,0 +1,44 @@ +{ + "nodes": { + "nix-writers": { + "flake": false, + "locked": { + "lastModified": 1677612737, + "narHash": "sha256-UaCKZ4PbMZU6UZH7XNFcjRtd5jheswl66rjZDBfQgp8=", + "ref": "refs/heads/master", + "rev": "66a1f6833464bbb121b6d94247ad769f277351f8", + "revCount": 39, + "type": "git", + "url": "https://cgit.krebsco.de/nix-writers" + }, + "original": { + "type": "git", + "url": "https://cgit.krebsco.de/nix-writers" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1686135559, + "narHash": "sha256-pY8waAV8K/sbHBdLn5diPFnQKpNg0YS9w03MrD2lUGE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "381e92a35e2d196fdd6077680dca0cd0197e75cb", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nix-writers": "nix-writers", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 000000000..6c094b6a9 --- /dev/null +++ b/flake.nix @@ -0,0 +1,41 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + nix-writers = { + url = "git+https://cgit.krebsco.de/nix-writers"; + flake = false; + }; + # disko.url = "github:nix-community/disko"; + # disko.inputs.nixpkgs.follows = "nixpkgs"; + }; + + description = "stockholm"; + + outputs = { self, nixpkgs, nix-writers }: { + nixosConfigurations.hotdog = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs.stockholm = self; + specialArgs.nix-writers = nix-writers; + specialArgs.secrets = toString ./krebs/0tests/data/secrets; + modules = [ + ./krebs/1systems/hotdog/config.nix + ]; + }; + + nixosModules = + let + inherit (nixpkgs) lib; + in builtins.listToAttrs + (map + (name: {name = lib.removeSuffix ".nix" name; value = import (./krebs/3modules + "/${name}");}) + (lib.filter + (name: name != "default.nix" && !lib.hasPrefix "." name) + (lib.attrNames (builtins.readDir ./krebs/3modules)))); + + kartei = { + hosts = self.nixosConfigurations.hotdog.config.krebs.hosts; + users = self.nixosConfigurations.hotdog.config.krebs.users; + }; + lib = import (self.outPath + "/lib/pure.nix") { lib = nixpkgs.lib; }; + }; +} diff --git a/kartei/0x4A6F/default.nix b/kartei/0x4A6F/default.nix index 8939f267d..eb3d08e8d 100644 --- a/kartei/0x4A6F/default.nix +++ b/kartei/0x4A6F/default.nix @@ -1,12 +1,13 @@ -with import ../../lib; -{ config, ... }: let +{ config, lib, ... }: let + inherit (lib) flip mapAttrs optionalAttrs recursiveUpdate; + slib = import ../../lib/pure.nix { inherit lib; }; hostDefaults = hostName: host: flip recursiveUpdate host ({ ci = false; external = true; monitoring = false; } // optionalAttrs (host.nets?retiolum) { nets.retiolum.ip6.addr = - (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + (slib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; }); in { users = { diff --git a/kartei/dave/default.nix b/kartei/dave/default.nix index 053ec412b..04f226cc1 100644 --- a/kartei/dave/default.nix +++ b/kartei/dave/default.nix @@ -1,5 +1,5 @@ -{ config, ... }: let - lib = import ../../lib; +{ config, lib, ... }: let + slib = import ../../lib/pure.nix { inherit lib; }; in { users.dave = { mail = "hsngrmpf@gmail.com"; @@ -8,7 +8,7 @@ in { owner = config.krebs.users.dave; nets.retiolum = { aliases = [ "dave.r" ]; - ip6.addr = (lib.krebs.genipv6 "retiolum" "dave" { hostName = "dave"; }).address; + ip6.addr = (slib.krebs.genipv6 "retiolum" "dave" { hostName = "dave"; }).address; ip4.addr = "10.243.0.6"; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/kartei/dbalan/default.nix b/kartei/dbalan/default.nix index fadf187db..6bf10b921 100644 --- a/kartei/dbalan/default.nix +++ b/kartei/dbalan/default.nix @@ -1,6 +1,7 @@ -with import ../../lib; -{ config, ... }: +{ config, lib, ... }: let + inherit (lib) flip mapAttrs optionalAttrs recursiveUpdate; + slib = import ../../lib/pure.nix { inherit lib; }; hostDefaults = hostName: host: flip recursiveUpdate host ({ ci = false; external = true; @@ -8,11 +9,11 @@ let owner = config.krebs.users.dbalan; } // optionalAttrs (host.nets?retiolum) { nets.retiolum = { - ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + ip6.addr = (slib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; }; } // optionalAttrs (host.nets?wiregrill) { nets.wiregrill = { - ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; + ip6.addr = (slib.krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; }; }); in diff --git a/kartei/default.nix b/kartei/default.nix index 6024e2351..046efdd7b 100644 --- a/kartei/default.nix +++ b/kartei/default.nix @@ -9,7 +9,7 @@ in { (name: _type: let path = ./. + "/${name}"; in { - krebs = import path { inherit config; }; + krebs = import path { inherit config lib; }; }) (removeTemplate (lib.filterAttrs diff --git a/kartei/feliks/default.nix b/kartei/feliks/default.nix index e98da7bc6..96c20f602 100644 --- a/kartei/feliks/default.nix +++ b/kartei/feliks/default.nix @@ -1,5 +1,6 @@ -with import ../../lib; -{ config, ... }: let +{ config, lib, ... }: let + inherit (lib) flip mapAttrs optionalAttrs recursiveUpdate; + slib = import ../../lib/pure.nix { inherit lib; }; hostDefaults = hostName: host: flip recursiveUpdate host ({ owner = config.krebs.users.feliks; ci = false; @@ -7,10 +8,10 @@ with import ../../lib; monitoring = false; } // optionalAttrs (host.nets?retiolum) { nets.retiolum.ip6.addr = - (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + (slib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; } // optionalAttrs (host.nets?wiregrill) { nets.wiregrill.ip6.addr = - (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; + (slib.krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; }); in { users.feliks = { diff --git a/kartei/jan/default.nix b/kartei/jan/default.nix index 72b5cb331..9a2bf3ba7 100644 --- a/kartei/jan/default.nix +++ b/kartei/jan/default.nix @@ -1,5 +1,5 @@ -{ config, ... }: let - lib = import ../../lib; +{ config, lib, ... }: let + slib = import ../../lib/pure.nix { inherit lib; }; in { users.jan = { @@ -39,6 +39,7 @@ in { nets = { retiolum = { ip4.addr = "10.243.143.11"; + ip6.addr = (slib.krebs.genipv6 "retiolum" "jan" { hostName = "petrosilia"; }).address; aliases = [ "petrosilia.r" ]; @@ -67,7 +68,7 @@ in { nets.retiolum = { aliases = [ "grill.r" ]; ip4.addr = "10.243.217.217"; - ip6.addr = (lib.krebs.genipv6 "retiolum" "jan" { hostName = "grill"; }).address; + ip6.addr = (slib.krebs.genipv6 "retiolum" "jan" { hostName = "grill"; }).address; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEAs4P6CfRcwFGCqkfv1tyTbbk2eHh08kEqxPNQ655sMKWxMhgRnRII diff --git a/kartei/jeschli/default.nix b/kartei/jeschli/default.nix index fe12c16a4..a53ff7a22 100644 --- a/kartei/jeschli/default.nix +++ b/kartei/jeschli/default.nix @@ -1,12 +1,12 @@ -with import ../../lib; -{ config, ... }: let - +{ config, lib, ... }: let + inherit (lib) flip mapAttrs optionalAttrs recursiveUpdate; + slib = import ../../lib/pure.nix { inherit lib; }; hostDefaults = hostName: host: flip recursiveUpdate host ({ ci = true; owner = config.krebs.users.jeschli; } // optionalAttrs (host.nets?retiolum) { nets.retiolum.ip6.addr = - (krebs.genipv6 "retiolum" "jeschli" { inherit hostName; }).address; + (slib.krebs.genipv6 "retiolum" "jeschli" { inherit hostName; }).address; }); in { diff --git a/kartei/kmein/default.nix b/kartei/kmein/default.nix index 1a5a57d1a..b096e2843 100644 --- a/kartei/kmein/default.nix +++ b/kartei/kmein/default.nix @@ -1,6 +1,7 @@ -with import ../../lib; -{ config, ... }: +{ config, lib, ... }: let + inherit (lib) flip mapAttrs optionalAttrs recursiveUpdate; + slib = import ../../lib/pure.nix { inherit lib; }; maybeEmpty = attrset: key: if (attrset?key) then attrset.${key} else []; hostDefaults = hostName: host: flip recursiveUpdate host ({ ci = false; @@ -9,11 +10,11 @@ let owner = config.krebs.users.kmein; } // optionalAttrs (host.nets?retiolum) { nets.retiolum = { - ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + ip6.addr = (slib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; }; } // optionalAttrs (host.nets?wiregrill) { nets.wiregrill = { - ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; + ip6.addr = (slib.krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; }; }); ssh-for = name: builtins.readFile (./ssh + "/${name}.pub"); diff --git a/kartei/krebs/default.nix b/kartei/krebs/default.nix index 414b66e9f..8a12d6f24 100644 --- a/kartei/krebs/default.nix +++ b/kartei/krebs/default.nix @@ -1,11 +1,12 @@ -with import ../../lib; -{ config, ... }: let +{ config, lib, ... }: let + inherit (lib) flip genAttrs mapAttrs optionalAttrs recursiveUpdate; + slib = import ../../lib/pure.nix { inherit lib; }; hostDefaults = hostName: host: flip recursiveUpdate host ({ owner = config.krebs.users.krebs; } // optionalAttrs (host.nets?retiolum) { nets.retiolum.ip6.addr = - (krebs.genipv6 "retiolum" "krebs" { inherit hostName; }).address; + (slib.krebs.genipv6 "retiolum" "krebs" { inherit hostName; }).address; }); testHosts = genAttrs [ @@ -66,7 +67,6 @@ in { tinc.pubkey_ed25519 = "D5TYSZW9OAkdnvQ/NL98UgheRC2Zg4SMNZ8M4/KwdeL"; }; }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKRpjW68lSlTL8jBQcXKOTdGa+olQw5ghaU5df2yAE64"; }; hotdog = { @@ -100,7 +100,6 @@ in { tinc.pubkey_ed25519 = "ugy/sGReVro3YzjDuroV/5hdeBdqD18no9dMhTy9DYL"; }; }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICxFkBln23wUxt4RhIHE3GvdKeBpJbjn++6maupHqUHp"; }; news = { @@ -133,7 +132,6 @@ in { ''; }; }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHl5cDF9QheXyMlNYIX17ILbgd94K50fZy7w0fDLvZlo "; }; onebutton = { @@ -161,7 +159,6 @@ in { ''; }; }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcZg+iLaPZ0SpLM+nANxIjZC/RIsansjyutK0+gPhIe "; }; ponte = { @@ -208,7 +205,6 @@ in { }; }; }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEw9fo8Qtb/DTLacdrJP7Ti7c4UXTm6wUUX+iRFweEo "; }; puyak = { @@ -234,7 +230,6 @@ in { ''; }; }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpVwKv9mQGfcn5oFwuitq+b6Dz4jBG9sGhVoCYFw5RY"; syncthing.id = "DK5CEE2-PNUXYCE-Q42H2HP-623GART-B7KS4VK-HU2RBGQ-EK6QPUP-HUL3PAR"; }; @@ -259,7 +254,6 @@ in { ''; }; }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOu6EVN3928qWiWszqBUzOjeQJRvFozTBl4xAhBP/Ymc"; }; wolf = { @@ -296,7 +290,6 @@ in { ''; }; }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYMXMWZIK0jjnZDM9INiYAKcwjXs2241vew54K8veCR"; }; } // testHosts); diff --git a/kartei/lass/default.nix b/kartei/lass/default.nix index de776fca0..e5b12f1cb 100644 --- a/kartei/lass/default.nix +++ b/kartei/lass/default.nix @@ -1,8 +1,8 @@ -with import ../../lib; -{ config, ... }: let +{ config, lib, ... }: let + slib = import ../../lib/pure.nix { inherit lib; }; - r6 = ip: (krebs.genipv6 "retiolum" "lass" ip).address; - w6 = ip: (krebs.genipv6 "wiregrill" "lass" ip).address; + r6 = ip: (slib.krebs.genipv6 "retiolum" "lass" ip).address; + w6 = ip: (slib.krebs.genipv6 "wiregrill" "lass" ip).address; hostFiles = builtins.map (lib.removeSuffix ".nix") ( builtins.filter @@ -14,14 +14,17 @@ in { dns.providers = { "lassul.us" = "zones"; }; - hosts = mapAttrs (_: recursiveUpdate { + hosts = lib.mapAttrs (_: lib.recursiveUpdate { owner = config.krebs.users.lass; consul = true; ci = true; monitoring = true; ssh.privkey.path = <secrets/ssh.id_ed25519>; }) ( - lib.genAttrs hostFiles (host: import (./. + "/${host}.nix") { inherit config krebs lib r6 w6; }) + lib.genAttrs hostFiles (host: import (./. + "/${host}.nix") { + inherit config lib r6 w6; + inherit (slib) krebs; + }) ); users = rec { lass = lass-yubikey; diff --git a/kartei/makefu/default.nix b/kartei/makefu/default.nix index 5e236d574..bad2311e6 100644 --- a/kartei/makefu/default.nix +++ b/kartei/makefu/default.nix @@ -2,8 +2,10 @@ # tinc generate-keys # ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host -with import ../../lib; -{ config, ... }: let +{ config, lib, ... }: let + inherit (builtins) foldl' mapAttrs pathExists readFile; + inherit (lib) optionalAttrs recursiveUpdate; + slib = import ../../lib/pure.nix { inherit lib; }; hostDefaults = hostName: host: foldl' recursiveUpdate {} [ { @@ -19,7 +21,7 @@ with import ../../lib; "${hostName}.r" ]; ip6.addr = - (krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address; + (slib.krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address; }; }) # Retiolum ed25519 keys @@ -37,7 +39,7 @@ with import ../../lib; "${hostName}.w" ]; ip6.addr = - (krebs.genipv6 "wiregrill" "makefu" { inherit hostName; }).address; + (slib.krebs.genipv6 "wiregrill" "makefu" { inherit hostName; }).address; wireguard.pubkey = readFile pubkey-path; }; }) @@ -54,7 +56,7 @@ with import ../../lib; ]; pub-for = name: builtins.readFile (./ssh + "/${name}.pub"); - w6 = ip: (krebs.genipv6 "wiregrill" "makefu" ip).address; + w6 = ip: (slib.krebs.genipv6 "wiregrill" "makefu" ip).address; in { hosts = mapAttrs hostDefaults { cake = rec { @@ -104,7 +106,8 @@ in { nets = { retiolum.ip4.addr = "10.243.0.91"; wiregrill = { - # defaults + ip4.addr = "10.243.245.6"; + aliases = [ "x.w" ]; }; }; @@ -120,6 +123,12 @@ in { ci = true; syncthing.id = "Y5OTK3S-JOJLAUU-KTBXKUW-M7S5UEQ-MMQPUK2-7CXO5V6-NOUDLKP-PRGAFAK"; nets = { + wiregrill = { + aliases = ["omo.w" "hass.omo.w" "jelly.omo.w" "jelly.makefu.w" ]; + ip6.addr = (slib.krebs.genipv6 "wiregrill" "makefu" { hostName = "omo"; }).address; + ip4.addr = "10.244.245.5"; + + }; retiolum = { ip4.addr = "10.243.0.89"; aliases = [ @@ -149,7 +158,7 @@ in { # pixel3a telex.nets.wiregrill = { aliases = ["telex.w"]; - ip6.addr = (krebs.genipv6 "wiregrill" "makefu" { hostName = "telex"; }).address; + ip6.addr = (slib.krebs.genipv6 "wiregrill" "makefu" { hostName = "telex"; }).address; ip4.addr = "10.244.245.4"; }; @@ -239,6 +248,7 @@ in { play.work.euer IN A ${nets.internet.ip4.addr} ul.work.euer IN A ${nets.internet.ip4.addr} music.euer IN A ${nets.internet.ip4.addr} + ntfy.euer IN A ${nets.internet.ip4.addr} ''; }; nets = rec { @@ -255,7 +265,7 @@ in { ip6.addr = w6 "1"; wireguard.port = 51821; wireguard.subnets = [ - (krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR + (slib.krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR "10.244.245.0/24" # required for routing directly to gum via rockit ]; }; diff --git a/kartei/makefu/retiolum/snake_ed25519.pub b/kartei/makefu/retiolum/snake_ed25519.pub index a7f9f749b..43e9d2c49 100644 --- a/kartei/makefu/retiolum/snake_ed25519.pub +++ b/kartei/makefu/retiolum/snake_ed25519.pub @@ -1 +1 @@ -Ed25519PublicKey = lKMWnuEVjcSoSEUWrj+51pwDQrQj2TqloL3aBKVWBbO +lKMWnuEVjcSoSEUWrj+51pwDQrQj2TqloL3aBKVWBbO diff --git a/kartei/makefu/wiregrill/omo.pub b/kartei/makefu/wiregrill/omo.pub new file mode 100644 index 000000000..bb6b8811b --- /dev/null +++ b/kartei/makefu/wiregrill/omo.pub @@ -0,0 +1 @@ +JmcpzkwgKymVecZqaV0ODQactoVwGGlEHcfYIOCkx3A= diff --git a/kartei/mic92/default.nix b/kartei/mic92/default.nix index 003c66c66..5b9d41413 100644 --- a/kartei/mic92/default.nix +++ b/kartei/mic92/default.nix @@ -1,12 +1,13 @@ -with import ../../lib; -{ config, ... }: let +{ config, lib, ... }: let + inherit (lib) flip mapAttrs optionalAttrs recursiveUpdate; + slib = import ../../lib/pure.nix { inherit lib; }; hostDefaults = hostName: host: flip recursiveUpdate host ({ ci = false; external = true; monitoring = false; } // optionalAttrs (host.nets?retiolum) { nets.retiolum.ip6.addr = - (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + (slib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; }); in { hosts = mapAttrs hostDefaults { diff --git a/kartei/others/default.nix b/kartei/others/default.nix index 68097cdf8..fc4f8644d 100644 --- a/kartei/others/default.nix +++ b/kartei/others/default.nix @@ -1,5 +1,6 @@ -with import ../../lib; -{ config, ... }: let +{ config, lib, ... }: let + inherit (lib) flip mapAttrs optionalAttrs recursiveUpdate; + slib = import ../../lib/pure.nix { inherit lib; }; hostDefaults = hostName: host: flip recursiveUpdate host ({ ci = false; @@ -7,10 +8,10 @@ with import ../../lib; monitoring = false; } // optionalAttrs (host.nets?retiolum) { nets.retiolum.ip6.addr = - (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + (slib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; } // optionalAttrs (host.nets?wiregrill) { nets.wiregrill.ip6.addr = - (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; + (slib.krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; }); ssh-for = name: builtins.readFile (./ssh + "/${name}.pub"); tinc-for = name: builtins.readFile (./tinc + "/${name}.pub"); diff --git a/kartei/oxzi/default.nix b/kartei/oxzi/default.nix index a4d23b01a..a1b5a766d 100644 --- a/kartei/oxzi/default.nix +++ b/kartei/oxzi/default.nix @@ -1,5 +1,5 @@ -{ config, ... }: let - lib = import ../../lib; +{ config, lib, ... }: let + slib = import ../../lib/pure.nix { inherit lib; }; in { users.oxzi = { mail = "post@0x21.biz"; @@ -13,7 +13,7 @@ in { "gosh.r" ]; ip4.addr = "10.243.32.1"; - ip6.addr = (lib.krebs.genipv6 "retiolum" "oxzi" { hostName = "ancha"; }).address; + ip6.addr = (slib.krebs.genipv6 "retiolum" "oxzi" { hostName = "ancha"; }).address; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEA5RSP7nWZ1c04kvQBxoHqcdRKpJuRDzD3f0Nl2KhS7QsAqHJGdK7T @@ -39,7 +39,7 @@ in { "marohu.oxzi.r" ]; ip4.addr = "10.243.32.2"; - ip6.addr = (lib.krebs.genipv6 "retiolum" "oxzi" { hostName = "marohu"; }).address; + ip6.addr = (slib.krebs.genipv6 "retiolum" "oxzi" { hostName = "marohu"; }).address; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEAxHLkvuH9JMXay/fEmoWTEqLHg9A50EzkxPVBn4nyezgp5vxsUqJz diff --git a/kartei/palo/default.nix b/kartei/palo/default.nix index d57b15923..6004c42ce 100644 --- a/kartei/palo/default.nix +++ b/kartei/palo/default.nix @@ -1,6 +1,7 @@ -with import ../../lib; -{ config, ... }: +{ config, lib, ... }: let + inherit (lib) flip mapAttrs optionalAttrs recursiveUpdate; + slib = import ../../lib/pure.nix { inherit lib; }; hostDefaults = hostName: host: flip recursiveUpdate host ({ ci = false; @@ -8,10 +9,10 @@ let monitoring = false; } // optionalAttrs (host.nets?retiolum) { nets.retiolum.ip6.addr = - (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + (slib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; } // optionalAttrs (host.nets?wiregrill) { nets.wiregrill.ip6.addr = - (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; + (slib.krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; }); in diff --git a/kartei/rtunreal/default.nix b/kartei/rtunreal/default.nix index 9d57c0fce..de6c528fa 100644 --- a/kartei/rtunreal/default.nix +++ b/kartei/rtunreal/default.nix @@ -1,6 +1,8 @@ -with import ../../lib; -{ config, ... }: +{ config, lib, ... }: let + inherit (lib) flip mapAttrs optionalAttrs recursiveUpdate; + slib = import ../../lib/pure.nix { inherit lib; }; + hostDefaults = hostName: host: flip recursiveUpdate host ({ ci = false; external = true; @@ -8,11 +10,11 @@ let owner = config.krebs.users.rtunreal; } // optionalAttrs (host.nets?retiolum) { nets.retiolum = { - ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + ip6.addr = (slib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; }; } // optionalAttrs (host.nets?wiregrill) { nets.wiregrill = { - ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; + ip6.addr = (slib.krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; }; }); ssh-for = name: builtins.readFile (./ssh + "/${name}.pub"); diff --git a/kartei/srounce/default.nix b/kartei/srounce/default.nix index ef37cbcd1..e0c1be963 100644 --- a/kartei/srounce/default.nix +++ b/kartei/srounce/default.nix @@ -1,13 +1,12 @@ -{ config, ... }: let - lib = import ../../lib; - +{ config, lib, ... }: let + slib = import ../../lib/pure.nix { inherit lib; }; hostDefaults = hostName: host: lib.flip lib.recursiveUpdate host ({ ci = false; external = true; monitoring = false; } // lib.optionalAttrs (host.nets?retiolum) { nets.retiolum.ip6.addr = - (lib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + (slib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; }); in { diff --git a/kartei/template/default.nix b/kartei/template/default.nix index 2acf78d38..2d595f9b4 100644 --- a/kartei/template/default.nix +++ b/kartei/template/default.nix @@ -1,5 +1,5 @@ -{ config, ... }: let - lib = import ../../lib; +{ config, lib, ... }: let + slib = import ../../lib/pure.nix { inherit lib; }; in { users.DUMMYUSER = { mail = "DUMMYUSER@example.ork"; @@ -8,7 +8,7 @@ in { owner = config.krebs.users.DUMMYUSER; nets.retiolum = { aliases = [ "DUMMYHOST.DUMMYUSER.r" ]; - ip6.addr = (lib.krebs.genipv6 "retiolum" "DUMMYUSER" { hostName = "DUMMYHOST"; }).address; + ip6.addr = (slib.krebs.genipv6 "retiolum" "DUMMYUSER" { hostName = "DUMMYHOST"; }).address; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- DUMMYTINCPUBKEYRSA diff --git a/kartei/tv/default.nix b/kartei/tv/default.nix index eacb40af3..2f23324cc 100644 --- a/kartei/tv/default.nix +++ b/kartei/tv/default.nix @@ -1,5 +1,11 @@ -with import ../../lib; -{ config, ... }: { +{ config, lib, ... }@attrs: let + inherit (builtins) + getAttr head mapAttrs match pathExists readDir readFile typeOf; + inherit (lib) + const hasAttrByPath mapAttrs' mkDefault mkIf optionalAttrs removeSuffix + toList; + slib = import ../../lib/pure.nix { inherit lib; }; +in { dns.providers = { "viljetic.de" = "regfish"; }; @@ -8,10 +14,10 @@ with import ../../lib; (hostName: hostFile: let hostSource = import hostFile; hostConfig = getAttr (typeOf hostSource) { - lambda = hostSource { inherit config lib; }; + lambda = hostSource attrs; set = hostSource; }; - in evalSubmodule types.host [ + in slib.evalSubmodule slib.types.host [ hostConfig { name = hostName; @@ -20,7 +26,7 @@ with import ../../lib; (optionalAttrs (hasAttrByPath ["nets" "retiolum"] hostConfig) { nets.retiolum = { ip6.addr = - (krebs.genipv6 "retiolum" "tv" { inherit hostName; }).address; + (slib.krebs.genipv6 "retiolum" "tv" { inherit hostName; }).address; }; }) (let @@ -31,14 +37,14 @@ with import ../../lib; "${hostName}.w" ]; ip6.addr = - (krebs.genipv6 "wiregrill" "tv" { inherit hostName; }).address; + (slib.krebs.genipv6 "wiregrill" "tv" { inherit hostName; }).address; wireguard.pubkey = readFile pubkey-path; }; }) (host: mkIf (host.config.ssh.pubkey != null) { ssh.privkey = mapAttrs (const mkDefault) { path = config.krebs.secret.file "ssh.id_${host.config.ssh.privkey.type}"; - type = head (toList (match "ssh-([^ ]+) .*" host.config.ssh.pubkey)); + type = head (toList (builtins.match "ssh-([^ ]+) .*" host.config.ssh.pubkey)); }; }) ]) diff --git a/kartei/tv/hosts/ni.nix b/kartei/tv/hosts/ni.nix index aae5c5cd4..d64874d9c 100644 --- a/kartei/tv/hosts/ni.nix +++ b/kartei/tv/hosts/ni.nix @@ -1,4 +1,6 @@ -{ config, lib, ... }: { +{ config, lib, ... }: let + slib = import ../../../lib/pure.nix { inherit lib; }; +in { extraZones = { "krebsco.de" = '' ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} @@ -60,7 +62,7 @@ via = config.krebs.hosts.ni.nets.internet; ip4.addr = "10.244.3.1"; wireguard.subnets = [ - (lib.krebs.genipv6 "wiregrill" "tv" 0).subnetCIDR + (slib.krebs.genipv6 "wiregrill" "tv" 0).subnetCIDR ]; }; }; diff --git a/kartei/xkey/default.nix b/kartei/xkey/default.nix index 939e04c7b..9f80288f6 100644 --- a/kartei/xkey/default.nix +++ b/kartei/xkey/default.nix @@ -1,6 +1,7 @@ -with import ../../lib; -{ config, ... }: +{ config, lib, ... }: let + inherit (lib) flip mapAttrs optionalAttrs recursiveUpdate; + slib = import ../../lib/pure.nix { inherit lib; }; maybeEmpty = attrset: key: if (attrset?key) then attrset.${key} else []; hostDefaults = hostName: host: flip recursiveUpdate host ({ ci = false; @@ -9,11 +10,11 @@ let owner = config.krebs.users.xkey; } // optionalAttrs (host.nets?retiolum) { nets.retiolum = { - ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + ip6.addr = (slib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; }; } // optionalAttrs (host.nets?wiregrill) { nets.wiregrill = { - ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; + ip6.addr = (slib.krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; }; }); ssh-for = name: builtins.readFile (./ssh + "/${name}.pub"); diff --git a/kartei/ynnel/default.nix b/kartei/ynnel/default.nix index e7d985278..9d8b80a2f 100644 --- a/kartei/ynnel/default.nix +++ b/kartei/ynnel/default.nix @@ -1,6 +1,6 @@ -{ config, ... }: +{ config, lib, ... }: let - lib = import ../../lib; + slib = import ../../lib/pure.nix { inherit lib; }; in { users.ynnel = { @@ -10,7 +10,7 @@ in owner = config.krebs.users.ynnel; nets.retiolum = { aliases = [ "mokemoke.ynnel.r" ]; - ip6.addr = (lib.krebs.genipv6 "retiolum" "ynnel" { hostName = "mokemoke"; }).address; + ip6.addr = (slib.krebs.genipv6 "retiolum" "ynnel" { hostName = "mokemoke"; }).address; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEA7rS560SZEPcSekW30dRF6ZTHOnb8WvuVgt3BFLRWhTgV5DqLqFa8 diff --git a/krebs/0tests/data/secrets/radicale.id_ed25519 b/krebs/0tests/data/secrets/radicale.id_ed25519 new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/krebs/0tests/data/secrets/radicale.id_ed25519 diff --git a/krebs/1systems/arcadeomat/config.nix b/krebs/1systems/arcadeomat/config.nix index cdeaae180..7439e687e 100644 --- a/krebs/1systems/arcadeomat/config.nix +++ b/krebs/1systems/arcadeomat/config.nix @@ -9,15 +9,15 @@ in { imports = [ ./hw.nix - <stockholm/krebs> - <stockholm/krebs/2configs> + ../../../krebs + ../../../krebs/2configs - #<stockholm/krebs/2configs/binary-cache/nixos.nix> - #<stockholm/krebs/2configs/binary-cache/prism.nix> + #../../../krebs/2configs/binary-cache/nixos.nix + #../../../krebs/2configs/binary-cache/prism.nix - <stockholm/krebs/2configs/shack/ssh-keys.nix> - <stockholm/krebs/2configs/save-diskspace.nix> - <stockholm/krebs/2configs/shack/prometheus/node.nix> + ../../../krebs/2configs/shack/ssh-keys.nix + ../../../krebs/2configs/save-diskspace.nix + ../../../krebs/2configs/shack/prometheus/node.nix ]; # use your own binary cache, fallback use cache.nixos.org (which is used by diff --git a/krebs/1systems/filebitch/config.nix b/krebs/1systems/filebitch/config.nix index e27d036c8..254306ecb 100644 --- a/krebs/1systems/filebitch/config.nix +++ b/krebs/1systems/filebitch/config.nix @@ -5,16 +5,16 @@ in { imports = [ ./hardware-configuration.nix - <stockholm/krebs> - <stockholm/krebs/2configs> - # <stockholm/krebs/2configs/secret-passwords.nix> + ../../../krebs + ../../../krebs/2configs + # ../../../krebs/2configs/secret-passwords.nix - # <stockholm/krebs/2configs/binary-cache/nixos.nix> - # <stockholm/krebs/2configs/binary-cache/prism.nix> - <stockholm/krebs/2configs/shack/ssh-keys.nix> - <stockholm/krebs/2configs/shack/prometheus/node.nix> + # ../../../krebs/2configs/binary-cache/nixos.nix + # ../../../krebs/2configs/binary-cache/prism.nix + ../../../krebs/2configs/shack/ssh-keys.nix + ../../../krebs/2configs/shack/prometheus/node.nix # provides access to /home/share for smbuser via smb - <stockholm/krebs/2configs/shack/share.nix> + ../../../krebs/2configs/shack/share.nix { fileSystems."/home/share" = { device = "/serve"; @@ -23,8 +23,8 @@ in } ## Collect local statistics via collectd and send to collectd - # <stockholm/krebs/2configs/stats/shack-client.nix> - # <stockholm/krebs/2configs/stats/shack-debugging.nix> + # ../../../krebs/2configs/stats/shack-client.nix + # ../../../krebs/2configs/stats/shack-debugging.nix ]; krebs.build.host = config.krebs.hosts.filebitch; @@ -35,12 +35,13 @@ in ''; networking = { firewall.enable = true; - interfaces.et0.ipv4.addresses = [ - { - address = shack-ip; - prefixLength = 20; - } - ]; + interfaces.et0.useDHCP = true; + #interfaces.et0.ipv4.addresses = [ + # { + # address = shack-ip; + # prefixLength = 20; + # } + #]; defaultGateway = "10.42.0.1"; nameservers = [ "10.42.0.100" "10.42.0.200" ]; diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 683556081..e5cfad564 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -2,23 +2,23 @@ { imports = [ - <stockholm/krebs> - <stockholm/krebs/2configs> + ../../../krebs + ../../../krebs/2configs - <stockholm/krebs/2configs/buildbot-stockholm.nix> - <stockholm/krebs/2configs/binary-cache/nixos.nix> - <stockholm/krebs/2configs/ircd.nix> - <stockholm/krebs/2configs/reaktor2.nix> - <stockholm/krebs/2configs/wiki.nix> - <stockholm/krebs/2configs/acme.nix> - <stockholm/krebs/2configs/mud.nix> - <stockholm/krebs/2configs/repo-sync.nix> + ../../../krebs/2configs/buildbot-stockholm.nix + ../../../krebs/2configs/binary-cache/nixos.nix + ../../../krebs/2configs/ircd.nix + ../../../krebs/2configs/reaktor2.nix + ../../../krebs/2configs/wiki.nix + ../../../krebs/2configs/acme.nix + ../../../krebs/2configs/mud.nix + ../../../krebs/2configs/repo-sync.nix - <stockholm/krebs/2configs/cal.nix> - <stockholm/krebs/2configs/mastodon.nix> + ../../../krebs/2configs/cal.nix + ../../../krebs/2configs/mastodon.nix - ## shackie irc bot - <stockholm/krebs/2configs/shack/reaktor.nix> + ## (shackie irc bot + ../../../krebs/2configs/shack/reaktor.nix ]; krebs.build.host = config.krebs.hosts.hotdog; diff --git a/krebs/1systems/news/config.nix b/krebs/1systems/news/config.nix index b27fc3737..b5a2b21ba 100644 --- a/krebs/1systems/news/config.nix +++ b/krebs/1systems/news/config.nix @@ -2,15 +2,15 @@ { imports = [ - <stockholm/krebs> - <stockholm/krebs/2configs> + ../../../krebs + ../../../krebs/2configs - <stockholm/krebs/2configs/ircd.nix> - <stockholm/krebs/2configs/go.nix> + ../../../krebs/2configs/ircd.nix + ../../../krebs/2configs/go.nix #### NEWS #### - <stockholm/krebs/2configs/ircd.nix> - <stockholm/krebs/2configs/news.nix> + ../../../krebs/2configs/ircd.nix + ../../../krebs/2configs/news.nix ]; krebs.build.host = config.krebs.hosts.news; diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 033cb94d1..931ebe70b 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -46,10 +46,8 @@ # light.shack web-ui <stockholm/krebs/2configs/shack/light.shack.nix> #light.shack - # powerraw usb serial to mqtt and raw socket - <stockholm/krebs/2configs/shack/powerraw.nix> # powerraw.shack standby.shack - # send power stats to s3 - <stockholm/krebs/2configs/shack/s3-power.nix> # powerraw.shack must be available + # fetch the u300 power stats + <stockholm/krebs/2configs/shack/power/u300-power.nix> { # do not log to /var/spool/log diff --git a/krebs/1systems/puyak/net.nix b/krebs/1systems/puyak/net.nix index a46a24952..59b22b380 100644 --- a/krebs/1systems/puyak/net.nix +++ b/krebs/1systems/puyak/net.nix @@ -7,6 +7,7 @@ in { SUBSYSTEM=="net", ATTR{address}=="8c:70:5a:b2:84:58", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:07:b9:14", NAME="${ext-if}" ''; + networking.wireless.enable = true; networking = { firewall.enable = true; firewall.allowedTCPPorts = [ 80 443 8088 8086 8083 5901 ]; diff --git a/krebs/2configs/backup.nix b/krebs/2configs/backup.nix index 7ee438784..83dbf66fb 100644 --- a/krebs/2configs/backup.nix +++ b/krebs/2configs/backup.nix @@ -1,5 +1,5 @@ { config, lib, ... }: -with import <stockholm/lib>; +with lib; { krebs.backup.plans = { } // mapAttrs (_: recursiveUpdate { diff --git a/krebs/2configs/buildbot-stockholm.nix b/krebs/2configs/buildbot-stockholm.nix index f0b6c324d..32452e010 100644 --- a/krebs/2configs/buildbot-stockholm.nix +++ b/krebs/2configs/buildbot-stockholm.nix @@ -1,5 +1,5 @@ -{ config, ... }: with import <stockholm/lib>; - +{ config, lib, ... }: +with import ../../lib/pure.nix { inherit lib; }; { networking.firewall.allowedTCPPorts = [ 80 ]; services.nginx = { diff --git a/krebs/2configs/cal.nix b/krebs/2configs/cal.nix index 15f0027b3..a1fe47b5d 100644 --- a/krebs/2configs/cal.nix +++ b/krebs/2configs/cal.nix @@ -1,4 +1,5 @@ { config, lib, pkgs, ... }: let + slib = import ../../lib/pure.nix { inherit lib; }; setupGit = '' export PATH=${lib.makeBinPath [ @@ -23,13 +24,13 @@ git add .gitignore ''; - pushCal = pkgs.writeDash "push_cal" '' + pushCal = pkgs.writers.writeDash "push_cal" '' ${setupGit} git fetch origin git merge --ff-only origin/master || : ''; - pushCgit = pkgs.writeDash "push_cgit" '' + pushCgit = pkgs.writers.writeDash "push_cgit" '' ${setupGit} git push origin master ''; @@ -73,7 +74,7 @@ in { cgit.settings = { root-title = "krebs repos"; }; - rules = with pkgs.stockholm.lib.git; [ + rules = with slib.git; [ { user = [ { diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix index eda03cc10..bd4f36cbe 100644 --- a/krebs/2configs/default.nix +++ b/krebs/2configs/default.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; { imports = [ ./backup.nix diff --git a/krebs/2configs/exim-smarthost.nix b/krebs/2configs/exim-smarthost.nix index 01597f49f..c2f6b4dc0 100644 --- a/krebs/2configs/exim-smarthost.nix +++ b/krebs/2configs/exim-smarthost.nix @@ -1,5 +1,6 @@ -with import <stockholm/lib>; -{ config, ... }: let +{ config, lib, ... }: +with import ../../lib/pure.nix { inherit lib; }; +let format = from: to: { inherit from; diff --git a/krebs/2configs/go.nix b/krebs/2configs/go.nix index ce5db62d4..ea3258b9c 100644 --- a/krebs/2configs/go.nix +++ b/krebs/2configs/go.nix @@ -1,6 +1,5 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; { krebs.go = { enable = true; diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix index bb273652d..980c2c9aa 100644 --- a/krebs/2configs/hw/x220.nix +++ b/krebs/2configs/hw/x220.nix @@ -1,6 +1,5 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; { networking.wireless.enable = lib.mkDefault true; diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index 67c2dd4cd..231c3d46c 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -1,5 +1,5 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: +with import ../../lib/pure.nix { inherit lib; }; let #for shared state directory @@ -22,7 +22,7 @@ let # TODO; get state as argument state_file = "${stateDir}/ledger"; }; - filename = pkgs.writeDash "bedger-add" '' + filename = pkgs.writers.writeDash "bedger-add" '' set -x tonick=$1 amt=$2 @@ -42,7 +42,7 @@ let env = { state_file = "${stateDir}/ledger"; }; - filename = pkgs.writeDash "bedger-balance" '' + filename = pkgs.writers.writeDash "bedger-balance" '' ${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \ | ${pkgs.coreutils}/bin/tail +2 \ | ${pkgs.miller}/bin/mlr --icsv --opprint cat \ @@ -57,7 +57,7 @@ let arguments = [1]; timeoutSec = 1337; command = { - filename = pkgs.writeDash "bing" '' + filename = pkgs.writers.writeDash "bing" '' set -efu report_error() { printf '%s' "$*" | @@ -77,7 +77,7 @@ let if [ "$?" -ne 0 ]; then report_error "$response" else - if ! text=$(printf '%s' "$response" | jq -er '.item.messages[1].text'); then + if ! text=$(printf '%s' "$response" | jq -er '.item.messages[-1].text'); then echo "$_from: $(report_error "$response")" exit 0 fi @@ -85,7 +85,7 @@ let echo "$_from: $text" | fold -s -w 426 printf '%s' "$response" | - jq -r '[.item.messages[1].sourceAttributions[].seeMoreUrl] | to_entries[] | "[\(.key + 1)]: \(.value)"' + jq -r '[.item.messages[-1].sourceAttributions[].seeMoreUrl] | to_entries[] | "[\(.key + 1)]: \(.value)"' fi ''; }; @@ -97,7 +97,7 @@ let arguments = [1]; timeoutSec = 1337; command = { - filename = pkgs.writeDash "bing-img" '' + filename = pkgs.writers.writeDash "bing-img" '' set -efu report_error() { printf '%s' "$*" | @@ -142,7 +142,7 @@ let activate = "match"; arguments = [1]; command = { - filename = pkgs.writeDash "confuse" '' + filename = pkgs.writers.writeDash "confuse" '' set -efux export PATH=${makeBinPath [ @@ -158,12 +158,13 @@ let ''; }; }; + interrogate = { pattern = "^!interrogate (.*)$"; activate = "match"; arguments = [1]; command = { - filename = pkgs.writeDash "interrogate" '' + filename = pkgs.writers.writeDash "interrogate" '' set -efux export PATH=${makeBinPath [ @@ -180,7 +181,7 @@ let activate = "match"; arguments = [1]; command = { - filename = pkgs.writeDash "confuse" '' + filename = pkgs.writers.writeDash "confuse" '' set -efu export PATH=${makeBinPath [ pkgs.coreutils @@ -203,7 +204,7 @@ let activate = "match"; arguments = [1]; command = { - filename = pkgs.writeDash "say" '' + filename = pkgs.writers.writeDash "say" '' set -efu export PATH=${makeBinPath [ @@ -233,20 +234,20 @@ let arguments = [2]; env.TASKDATA = "${stateDir}/${name}"; commands = rec { - add.filename = pkgs.writeDash "${name}-task-add" '' + add.filename = pkgs.writers.writeDash "${name}-task-add" '' ${pkgs.taskwarrior}/bin/task rc:${taskRcFile} add "$1" ''; - list.filename = pkgs.writeDash "${name}-task-list" '' + list.filename = pkgs.writers.writeDash "${name}-task-list" '' ${pkgs.taskwarrior}/bin/task rc:${taskRcFile} export \ | ${pkgs.jq}/bin/jq -r ' .[] | select(.id != 0) | "\(.id) \(.description)" ' ''; - delete.filename = pkgs.writeDash "${name}-task-delete" '' + delete.filename = pkgs.writers.writeDash "${name}-task-delete" '' ${pkgs.taskwarrior}/bin/task rc:${taskRcFile} delete "$1" ''; del = delete; - done.filename = pkgs.writeDash "${name}-task-done" '' + done.filename = pkgs.writers.writeDash "${name}-task-done" '' ${pkgs.taskwarrior}/bin/task rc:${taskRcFile} done "$1" ''; }; @@ -292,8 +293,7 @@ let { activate = "always"; command = { - filename = - <stockholm/krebs/5pkgs/simple/Reaktor/scripts/tell-on_join.sh>; + filename = ../5pkgs/simple/Reaktor/scripts/tell-on_join.sh; env = { PATH = makeBinPath [ pkgs.coreutils # XXX env, touch @@ -310,7 +310,7 @@ let pattern = "^list-locations"; activate = "match"; command = { - filename = pkgs.writeDash "list-locations" '' + filename = pkgs.writers.writeDash "list-locations" '' export PATH=${makeBinPath [ pkgs.curl pkgs.jq @@ -327,7 +327,7 @@ let activate = "match"; arguments = [1 2 3]; command = { - filename = pkgs.writeDash "add-location" '' + filename = pkgs.writers.writeDash "add-location" '' export PATH=${makeBinPath [ pkgs.curl pkgs.jq @@ -344,7 +344,7 @@ let activate = "match"; arguments = [1]; command = { - filename = pkgs.writeDash "add-location" '' + filename = pkgs.writers.writeDash "add-location" '' export PATH=${makeBinPath [ pkgs.curl pkgs.jq @@ -373,7 +373,7 @@ let sha256 = "sha256-J7jGWZeAULDA1EkO50qx+hjl+5IsUj389pUUMreKeNE="; }; osm-restaurants = pkgs.callPackage "${osm-restaurants-src}/osm-restaurants" {}; - in pkgs.writeDash "krebsfood" '' + in pkgs.writers.writeDash "krebsfood" '' set -efu export PATH=${makeBinPath [ osm-restaurants @@ -416,8 +416,7 @@ let (generators.command_hook { inherit (commands) dance random-emoji nixos-version; tell = { - filename = - <stockholm/krebs/5pkgs/simple/Reaktor/scripts/tell-on_privmsg.sh>; + filename = ../5pkgs/simple/Reaktor/scripts/tell-on_privmsg.sh; env = { PATH = makeBinPath [ pkgs.coreutils # XXX date, env @@ -451,7 +450,7 @@ in { name = "reaktor2"; home = stateDir; }; - script = ''. ${pkgs.writeDash "agenda" '' + script = ''. ${pkgs.writers.writeDash "agenda" '' echo "$Method $Request_URI" >&2 case "$Method" in "GET") diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix index 9f129d81c..1b72924a6 100644 --- a/krebs/2configs/repo-sync.nix +++ b/krebs/2configs/repo-sync.nix @@ -1,6 +1,5 @@ { config, lib, pkgs, ... }: - -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; let konsens-user = { diff --git a/krebs/2configs/secret-passwords.nix b/krebs/2configs/secret-passwords.nix index 5d265eba6..0f0d068aa 100644 --- a/krebs/2configs/secret-passwords.nix +++ b/krebs/2configs/secret-passwords.nix @@ -1,4 +1,5 @@ -{ ... }: with import <stockholm/lib>; +{ lib, ... }: +with lib; { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) diff --git a/krebs/2configs/shack/drivedroid.nix b/krebs/2configs/shack/drivedroid.nix index 12e4a39c3..e00db8b8d 100644 --- a/krebs/2configs/shack/drivedroid.nix +++ b/krebs/2configs/shack/drivedroid.nix @@ -1,5 +1,5 @@ -{ config, pkgs, ... }: -with import <stockholm/lib>; +{ config, lib, pkgs, ... }: +with import ../../../lib/pure.nix { inherit lib; }; let root = "/var/srv/drivedroid"; in diff --git a/krebs/2configs/shack/glados/automation/ampel.nix b/krebs/2configs/shack/glados/automation/ampel.nix deleted file mode 100644 index 4be92a328..000000000 --- a/krebs/2configs/shack/glados/automation/ampel.nix +++ /dev/null @@ -1,23 +0,0 @@ -# needs: -# binary_sensor.lounge_ampel_status -# light.lounge_ampel_licht_rot - -let - glados = import ../lib; -in -{ - services.home-assistant.config.automation = - [ - { - alias = "Ampel Rotes Licht"; - initial_state = true; - trigger = { - platform = "state"; - entity_id = "binary_sensor.lounge_ampel_status"; - }; - action = { service = "light.turn_on"; - data.entity_id = "light.lounge_ampel_licht_rot"; - }; - } - ]; -} diff --git a/krebs/2configs/shack/glados/automation/announcement.j2 b/krebs/2configs/shack/glados/automation/announcement.j2 deleted file mode 100644 index 2ae5f1a46..000000000 --- a/krebs/2configs/shack/glados/automation/announcement.j2 +++ /dev/null @@ -1,28 +0,0 @@ -Willkommen werter Keyholder {{ states("sensor.keyholder") }} in deinem Lieblingshackerspace. - -Es ist {{states("sensor.fablab_feinstaub_temperature") | round(1) | replace('.',' Komma ')}} Grad {% if states("sensor.fablab_feinstaub_temperature")|float > 25 %}heiss{%elif states("sensor.fablab_feinstaub_temperature")|float > 15%}warm{%else%}kalt{%endif%} bei {% if states(" sensor.rz_feinstaub_humidity") | int <45 %}trockenen{% elif states(" sensor.rz_feinstaub_humidity") | int <65 %}angenehmen{%else%}feuchten{%endif%} {{states(" sensor.rz_feinstaub_humidity") | int }} Prozent Luftfeuchtigkeit. - -{% if (states("sensor.fullstand_mate_1")|int == 0) and - states("sensor.fullstand_mate_2")|int == 0 %}ES IST MAHTECALYPSE, BEIDE MAHTESCHÄCHTE SIND LEER! {%if states("sensor.fullstand_mate_cola")| int == 0%} UND SOGAR DIE COLA IST ALLE. Ihr seid sowas von am Arsch!{%else%}Zum Glück gibt es noch Cola, Phew!{%endif%} -{% elif (states("sensor.fullstand_mate_1")|int + states("sensor.fullstand_mate_2")|int) < 5 %} -Der Mahtestand im Automaten ist mit {{states("sensor.fullstand_mate_1")|int + states("sensor.fullstand_mate_2")|int }} verbleibenden Flaschen kritisch! -{% else %} -Im Automaten sind noch {{states("sensor.fullstand_mate_1")|int + states("sensor.fullstand_mate_2")|int }} Flaschen Mahte und {{states("sensor.fullstand_mate_cola")}} Flaschen Cola. -{%endif%} - -Die Wettervorhersage: {{states("sensor.dark_sky_hourly_summary")}} Aktuell {{states("sensor.dark_sky_summary")}} bei {{states("sensor.dark_sky_temperature") | round(1) | replace('.',' Komma ')}} Grad. -Der Stromverbrauch liegt bei {{ (( states("sensor.l1_power")|int + states("sensor.l2_power")|int + states("sensor.l3_power")|int ) / 1000 )| round(1) | replace('.',' Komma ')}} Kilowatt. - -Im Fablab ist die Feinstaubbelastung {% if states("sensor.fablab_particulate_matter_2_5um_concentration") | float > 50 %}hoch!{%elif states("sensor.fablab_particulate_matter_2_5um_concentration") | float > 25 %}mäßig.{% else %}gering.{%endif%} - -{% if is_state("binary_sensor.door_rzl",'on') and is_state("binary_sensor.door_entropia",'on') %} -Das Raumzeitlabor und Entropia haben geöffnet. -{% elif is_state("binary_sensor.door_rzl",'off') and is_state("binary_sensor.door_entropia",'off') %} -Das Raumzeitlabor und Entropia haben geschlossen. -{% elif is_state("binary_sensor.door_rzl",'on') and is_state("binary_sensor.door_entropia",'off') %} -Das Raumzeitlabor hat geöffnet und Entropia hat geschlossen. -{% elif is_state("binary_sensor.door_rzl",'off') and is_state("binary_sensor.door_entropia",'on') %} -Das Raumzeitlabor hat geschlossen und Entropia hat geöffnet. -{%endif%} - -Die Glados Hackerspace Automation wünscht dir und allen Anwesenden einen produktiven und angenehmen Aufenthalt! diff --git a/krebs/2configs/shack/glados/automation/hass-restart.nix b/krebs/2configs/shack/glados/automation/hass-restart.nix deleted file mode 100644 index 5f61e19f1..000000000 --- a/krebs/2configs/shack/glados/automation/hass-restart.nix +++ /dev/null @@ -1,24 +0,0 @@ -# needs: -# light.fablab_led -{ - services.home-assistant.config.automation = - [ - { alias = "State on HA start-up"; - trigger = { - platform = "homeassistant"; - event = "start"; - }; - # trigger good/bad air - action = [ - { service = "light.turn_on"; - data = { - entity_id = "light.fablab_led"; - effect = "Rainbow"; - color_name = "purple"; - }; - } - ]; - } - ]; -} - diff --git a/krebs/2configs/shack/glados/automation/party-time.nix b/krebs/2configs/shack/glados/automation/party-time.nix deleted file mode 100644 index 9e7fe24cd..000000000 --- a/krebs/2configs/shack/glados/automation/party-time.nix +++ /dev/null @@ -1,32 +0,0 @@ -# Needs: -# sun.sunset -# switch.lounge_diskoschalter_relay -let - glados = import ../lib; - disko_schalter = "switch.lounge_diskoschalter_relay"; - player = "media_player.lounge"; -in -{ - services.home-assistant.config.automation = - [ - { alias = "Party um 21 Uhr"; - trigger = { - platform = "sun"; - event = "sunset"; - }; - action = - ( glados.say.kiosk "Die Sonne geht unter. Und jetzt geht die Party im shack erst richtig los. Partybeleuchtung, aktiviert!" ) - ++ - [ - { - service = "homeassistant.turn_on"; - entity_id = disko_schalter; - } - { - service = "media_player.turn_on"; - data.entity_id = player; - } # TODO: also start playlist if nothing is running? - ]; - } - ]; -} diff --git a/krebs/2configs/shack/glados/automation/shack-startup.nix b/krebs/2configs/shack/glados/automation/shack-startup.nix deleted file mode 100644 index 471d817a2..000000000 --- a/krebs/2configs/shack/glados/automation/shack-startup.nix +++ /dev/null @@ -1,100 +0,0 @@ -# needs: -# binary_sensor.portal_lock -# sensor.keyholder -# media_player.lounge - -# additional state required on: -# mpd.shack: -# playlist "ansage" -# playlist "lassulus" -# lounge.kiosk.shack: -# playlist "ansage" - -let - glados = import ../lib; -in -{ - services.home-assistant.config.automation = - [ - { - alias = "Bedanken bei Übernahme von Key"; - initial_state = true; - trigger = { - platform = "state"; - entity_id = "sensor.keyholder"; - }; - condition = { - condition = "template"; - value_template = "{{ (trigger.from_state.state != 'No Keyholder') and (trigger.from_state.state != 'No Keyholder') }}"; - }; - action = glados.say.kiosk "Danke {{ trigger.to_state.state }} für das Übernehmen des Keys von {{ trigger.from_state.state }}"; - } - { - alias = "Keyholder Begrüßen wenn MPD hoch fährt"; - initial_state = true; - trigger = { - platform = "state"; - from = "unavailable"; - entity_id = "media_player.kiosk"; - }; - action = glados.say.kiosk (builtins.readFile ./announcement.j2); - } - { - alias = "Start Music on portal lock on"; - trigger = { - platform = "state"; - entity_id = "binary_sensor.portal_lock"; - to = "on"; - for.seconds = 30; - }; - condition = { - condition = "and"; - conditions = - [ - { # only start if a keyholder opened the door and if the lounge mpd is currently not playing anything - condition = "template"; - value_template = "{{ state('sensor.keyholder') != 'No Keyholder' }}"; - } - { - condition = "state"; - entity_id = "media_player.lounge"; - state = "idle"; - } - ]; - }; - action = [ - { - service = "media_player.volume_set"; - data = { - entity_id = "media_player.lounge"; - volume_level = 1.0; - }; - } - { - service = "media_player.play_media"; - data = { - entity_id = "media_player.lounge"; - media_content_type = "playlist"; - media_content_id = "ansage"; - }; - } - { delay.seconds = 8.5; } - { - service = "media_player.volume_set"; - data = { - entity_id = "media_player.lounge"; - volume_level = 0.6; - }; - } - { - service = "media_player.play_media"; - data = { - entity_id = "media_player.lounge"; - media_content_type = "playlist"; - media_content_id = "lassulus"; - }; - } - ]; - } - ]; -} diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix index 7c941a66a..236b5000d 100644 --- a/krebs/2configs/shack/glados/default.nix +++ b/krebs/2configs/shack/glados/default.nix @@ -1,12 +1,33 @@ { config, pkgs, lib, ... }: let - unstable = import (pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs"; - rev = (lib.importJSON ../../../nixpkgs-unstable.json).rev; - sha256 = (lib.importJSON ../../../nixpkgs-unstable.json).sha256; - }) {}; + kodi-host = "192.168.8.11"; + confdir = "/var/lib/homeassistant-docker"; in { + imports = [ + ]; + + # networking.firewall.allowedTCPPorts = [ 8123 ]; + virtualisation.oci-containers.containers.hass = { + image = "homeassistant/home-assistant:latest"; + environment = { + TZ = "Europe/Berlin"; + # TODO create unique users + PUID = toString config.users.users.news_container.uid; + PGID = toString config.users.groups.news_container.gid; + UMASK = "007"; + }; + extraOptions = ["--net=host" ]; + volumes = [ + "${confdir}:/config" + #"${confdir}/docker-run:/etc/services.d/home-assistant/run:" + ]; + }; + systemd.tmpfiles.rules = [ + #"f ${confdir}/docker-run 0770 kiosk kiosk - -" + # TODO: + "d ${confdir} 0770 news_container news_container - -" + ]; + services.nginx.virtualHosts."hass.shack" = { serverAliases = [ "glados.shack" ]; locations."/" = { @@ -23,127 +44,4 @@ in { ''; }; }; - imports = [ - ./multi/shackopen.nix - ./multi/wasser.nix - ./multi/schlechte_luft.nix - ./multi/rollos.nix - - ./switch/power.nix - - ./sensors/power.nix - ./sensors/mate.nix - ./sensors/darksky.nix - ./sensors/spaceapi.nix - ./sensors/sensemap.nix - - ./automation/shack-startup.nix - ./automation/party-time.nix - ./automation/hass-restart.nix - ./automation/ampel.nix - - ]; - services.home-assistant = - { - enable = true; - package = unstable.home-assistant.overrideAttrs (old: { - doInstallCheck = false; - }); - config = { - homeassistant = { - name = "Glados"; - time_zone = "Europe/Berlin"; - latitude = "48.8265"; - longitude = "9.0676"; - elevation = 303; - auth_providers = [ - { type = "homeassistant";} - { type = "trusted_networks"; - trusted_networks = [ - "127.0.0.1/32" - "10.42.0.0/16" - "::1/128" - "fd00::/8" - ]; - } - ]; - }; - # https://www.home-assistant.io/components/influxdb/ - influxdb = { - database = "glados"; - host = "influx.shack"; - component_config_glob = { - "sensor.*particulate_matter_2_5um_concentration".override_measurement = "2_5um particles"; - "sensor.*particulate_matter_10_0um_concentration".override_measurement ="10um particles"; - }; - tags = { - instance = "wolf"; - source = "glados"; - }; - }; - esphome = {}; - api = {}; - mqtt = { - broker = "localhost"; - port = 1883; - client_id = "home-assistant"; - keepalive = 60; - protocol = 3.1; - discovery = true; #enable esphome discovery - discovery_prefix = "homeassistant"; - birth_message = { - topic = "glados/hass/status/LWT"; - payload = "Online"; - qos = 1; - retain = true; - }; - will_message = { - topic = "glados/hass/status/LWT"; - payload = "Offline"; - qos = 1; - retain = true; - }; - }; - light = []; - media_player = [ - { platform = "mpd"; - name = "lounge"; - host = "lounge.mpd.shack"; - } - { platform = "mpd"; - name = "kiosk"; - #host = "lounge.kiosk.shack"; - host = "kiosk.shack"; - } - ]; - - camera = []; - frontend = { }; - config = { }; - sun = {}; - http = { - base_url = "http://hass.shack"; - use_x_forwarded_for = true; - trusted_proxies = [ "127.0.0.1" "::1" ]; - }; - #conversation = {}; - - history = {}; - logbook = {}; - #recorder = {}; - - logger.default = "info"; - - tts = [ - { platform = "google_translate"; - service_name = "say"; - language = "de"; - cache = true; - time_memory = 57600; - base_url = "http://hass.shack"; - } - ]; - device_tracker = []; - }; - }; } diff --git a/krebs/2configs/shack/glados/deps/gtts-token.nix b/krebs/2configs/shack/glados/deps/gtts-token.nix deleted file mode 100644 index 69640f03d..000000000 --- a/krebs/2configs/shack/glados/deps/gtts-token.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ lib -, buildPythonPackage -, fetchPypi -, requests -}: - -buildPythonPackage rec { - pname = "gtts-token"; - version = "1.1.3"; - - src = fetchPypi { - pname = "gTTS-token"; - inherit version; - sha256 = "9d6819a85b813f235397ef931ad4b680f03d843c9b2a9e74dd95175a4bc012c5"; - }; - - propagatedBuildInputs = [ - requests - ]; - - meta = with lib; { - description = "Calculates a token to run the Google Translate text to speech"; - homepage = https://github.com/boudewijn26/gTTS-token; - license = licenses.mit; - # maintainers = [ maintainers. ]; - }; -} diff --git a/krebs/2configs/shack/glados/deps/pyhaversion.nix b/krebs/2configs/shack/glados/deps/pyhaversion.nix deleted file mode 100644 index a75c6a976..000000000 --- a/krebs/2configs/shack/glados/deps/pyhaversion.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ lib -, buildPythonPackage -, fetchpatch -, fetchPypi -, aiohttp -, async-timeout -}: - -buildPythonPackage rec { - pname = "pyhaversion"; - version = "2.2.1"; - - src = fetchPypi { - inherit pname version; - sha256 = "72b65aa25d7b2dbb839a4d0218df2005c2335e93526035904d365bb668030b9f"; - }; - patches = [ - (fetchpatch { url = "https://github.com/makefu/pyhaversion/commit/f3bdc38970272cd345c2cfbde3037ea492ca27c4.patch"; - sha256 = - "1rhq4z7mdgnwhwpf5fmarnbc1ba3qysk1wqjdr0hvbzi8vmvbfcc";}) - ]; - doCheck = false; - propagatedBuildInputs = [ - aiohttp - async-timeout - ]; - - meta = with lib; { - description = ""; - homepage = https://github.com/ludeeus/pyhaversion; - # maintainers = [ maintainers. ]; - }; -} diff --git a/krebs/2configs/shack/glados/lib/default.nix b/krebs/2configs/shack/glados/lib/default.nix deleted file mode 100644 index 2cfac3daf..000000000 --- a/krebs/2configs/shack/glados/lib/default.nix +++ /dev/null @@ -1,66 +0,0 @@ -let - prefix = "glados"; -in -{ - - say = let - # returns a list of actions to be performed on an mpd to say something - tts = { message, entity }: - [ - { - service = "media_player.turn_on"; - data.entity_id = "media_player.${entity}"; - } - { service = "media_player.play_media"; - data = { - entity_id = "media_player.${entity}"; - media_content_type = "playlist"; - media_content_id = "ansage"; - }; - } - { - service = "media_player.turn_on"; - data.entity_id = "media_player.${entity}"; - } - { delay.seconds = 4.5; } - { service = "tts.say"; - entity_id = "media_player.${entity}"; - data_template = { - inherit message; - language = "de"; - }; - } - ]; - in - { - lounge = message: tts { - inherit message; - entity = "lounge"; - }; - herrenklo = message: tts { - inherit message; - entity = "herrenklo"; - }; - kiosk = message: tts { - inherit message; - entity = "kiosk"; - }; - }; - tasmota = - { - plug = {host, name ? host, topic ? host}: - { - platform = "mqtt"; - inherit name; - state_topic = "sonoff/stat/${topic}/POWER1"; - command_topic = "sonoff/cmnd/${topic}/POWER1"; - availability_topic = "sonoff/tele/${topic}/LWT"; - payload_on= "ON"; - payload_off= "OFF"; - payload_available= "Online"; - payload_not_available= "Offline"; - retain = false; - qos = 1; - }; - }; -} diff --git a/krebs/2configs/shack/glados/multi/rollos.nix b/krebs/2configs/shack/glados/multi/rollos.nix deleted file mode 100644 index 29525ad82..000000000 --- a/krebs/2configs/shack/glados/multi/rollos.nix +++ /dev/null @@ -1,59 +0,0 @@ -# - -let - glados = import ../lib; - tempsensor = "sensor.dark_sky_temperature"; - all_covers = [ - "cover.crafting_rollo" - "cover.elab_rollo" - "cover.or2_rollo" - "cover.retroraum_rollo" - ]; -in -{ - services.home-assistant.config = - { - automation = - [ - { alias = "Rollos fahren Runter"; - trigger = [ - { - platform = "numeric_state"; - entity_id = tempsensor; - above = 25; - for = "00:30:00"; - } - ]; - condition = - [ - { - condition = "state"; - entity_id = "sun.sun"; - state = "above_horizon"; - } - ]; - action = - [ - { service = "cover.close_cover"; - entity_id = all_covers; - } - ]; - } - { alias = "Rollos fahren Hoch"; - trigger = [ - { - platform = "sun"; - event = "sunset"; - } - ]; - condition = [ ]; - action = - [ - { service = "cover.open_cover"; - entity_id = all_covers; - } - ]; - } - ]; - }; -} diff --git a/krebs/2configs/shack/glados/multi/schlechte_luft.nix b/krebs/2configs/shack/glados/multi/schlechte_luft.nix deleted file mode 100644 index c1890361b..000000000 --- a/krebs/2configs/shack/glados/multi/schlechte_luft.nix +++ /dev/null @@ -1,109 +0,0 @@ -let - glados = import ../lib; - feinstaub_sensor = "sensor.fablab_particulate_matter_2_5um_concentration"; - ledring = "light.fablab_led_ring"; -in -{ - services.home-assistant.config = - { - automation = - [ - { alias = "Gute Luft Fablab"; - trigger = [ - { - platform = "numeric_state"; - entity_id = feinstaub_sensor; - below = 3; - } - ]; - action = - [ - { service = "light.turn_on"; - data = { - entity_id = ledring; - effect = "Twinkle"; - color_name = "green"; - }; - } - ]; - } - { alias = "mäßige Luft Fablab"; - trigger = [ - { - platform = "numeric_state"; - above = 3; - below = 10; - entity_id = feinstaub_sensor; - } - ]; - action = - [ - { service = "light.turn_on"; - data = { - entity_id = ledring; - effect = "Twinkle"; - color_name = "yellow"; - }; - } - ]; - } - { alias = "schlechte Luft Fablab"; - trigger = [ - { - platform = "numeric_state"; - above = 10; - entity_id = feinstaub_sensor; - } - ]; - action = - [ - { service = "light.turn_on"; - data = { - entity_id = ledring; - effect = "Fireworks"; - color_name = "red"; - }; - } - ]; - } - { alias = "Luft Sensor nicht verfügbar"; - trigger = [ - { - platform = "state"; - to = "unavailable"; - entity_id = feinstaub_sensor; - } - ]; - action = - [ - { service = "light.turn_on"; - data = { - entity_id = ledring; - effect = "Rainbow"; - color_name = "blue"; - }; - } - ]; - } - { alias = "Fablab Licht Reboot"; - trigger = [ - { - platform = "state"; - from = "unavailable"; - entity_id = ledring; - } - ]; - action = - [ - { service = "light.turn_on"; - data = { - entity_id = ledring; - effect = "Rainbow"; - color_name = "orange"; - }; - } - ]; - } - ]; - }; -} diff --git a/krebs/2configs/shack/glados/multi/shackopen.nix b/krebs/2configs/shack/glados/multi/shackopen.nix deleted file mode 100644 index d9be9adfa..000000000 --- a/krebs/2configs/shack/glados/multi/shackopen.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - services.home-assistant.config = - { - binary_sensor = [ - { platform = "mqtt"; - name = "Portal Lock"; - device_class = "door"; - state_topic = "portal/gateway/status"; - availability_topic = "portal/gateway/lwt"; - payload_on = "open"; - payload_off = "closed"; - payload_available = "online"; - payload_not_available = "offline"; - } - ]; - sensor = [ - { platform = "mqtt"; - name = "Keyholder"; - state_topic = "portal/gateway/keyholder"; - availability_topic = "portal/gateway/lwt"; - payload_available = "online"; - payload_not_available = "offline"; - } - ]; - }; -} diff --git a/krebs/2configs/shack/glados/multi/wasser.nix b/krebs/2configs/shack/glados/multi/wasser.nix deleted file mode 100644 index 9ca5e4500..000000000 --- a/krebs/2configs/shack/glados/multi/wasser.nix +++ /dev/null @@ -1,113 +0,0 @@ -# uses: -# switch.crafting_giesskanne_relay -let - glados = import ../lib; - seconds = 20; - wasser = "switch.crafting_giesskanne_relay"; - brotbox = { - minutes = 10; - pump = "switch.crafting_brotbox_pumpe"; - sensor = "sensor.statistics_for_sensor_crafting_brotbox_soil_moisture"; - }; -in -{ - services.home-assistant.config = - { - sensor = map ( entity_id: { - platform = "statistics"; - name = "Statistics for ${entity_id}"; - inherit entity_id; - max_age.minutes = "60"; - sampling_size = 1000; - }) ["sensor.crafting_brotbox_soil_moisture"]; - - - automation = - [ - ### Brotbox ##### - #{ alias = "Brotbox: water for ${toString brotbox.minutes} minutes every hour"; - # trigger = - # { # Trigger once every hour at :42 - # platform = "time_pattern"; - # minutes = 42; - # }; - # condition = { - # condition = "numeric_state"; - # entity_id = brotbox.sensor; - # value_template = "{{ state_attr('${brotbox.sensor}', 'median') }}"; - # below = 75; - # }; - # action = - # [ - # { - # service = "homeassistant.turn_on"; - # entity_id = brotbox.pump; - # } - # { delay.minutes = brotbox.minutes; } - # { - # service = "homeassistant.turn_off"; - # entity_id = brotbox.pump ; - # } - # ]; - #} - { alias = "Brotbox: Always turn off water after ${toString (brotbox.minutes * 2)} minutes"; - trigger = - { - platform = "state"; - entity_id = brotbox.pump; - to = "on"; - for.minutes = brotbox.minutes*2; - }; - action = - { - service = "homeassistant.turn_off"; - entity_id = brotbox.pump; - }; - } - - ##### Kaffeemaschine - { alias = "Water the plant for ${toString seconds} seconds"; - trigger = [ - { # trigger at 20:00 no matter what - # TODO: retry or run only if switch.wasser is available - platform = "time"; - at = "20:00:00"; - } - ]; - action = - [ - { - service = "homeassistant.turn_on"; - entity_id = [ - wasser - ]; - } - { delay.seconds = seconds; } - { - service = "homeassistant.turn_off"; - entity_id = [ - wasser - ]; - } - ]; - } - { alias = "Always turn off water after ${toString (seconds * 2)}seconds"; - trigger = [ - { - platform = "state"; - entity_id = wasser; - to = "on"; - for.seconds = seconds*2; - } - ]; - action = - [ - { - service = "homeassistant.turn_off"; - entity_id = [ wasser ]; - } - ]; - } - ]; - }; -} diff --git a/krebs/2configs/shack/glados/sensors/darksky.nix b/krebs/2configs/shack/glados/sensors/darksky.nix deleted file mode 100644 index 12b33804c..000000000 --- a/krebs/2configs/shack/glados/sensors/darksky.nix +++ /dev/null @@ -1,24 +0,0 @@ -{lib,...}: -{ - services.home-assistant.config.sensor = - [ - { platform = "darksky"; - api_key = lib.removeSuffix "\n" - (builtins.readFile <secrets/hass/darksky.apikey>); - language = "de"; - monitored_conditions = [ - "summary" "icon" - "nearest_storm_distance" "precip_probability" - "precip_intensity" - "temperature" # "temperature_high" "temperature_low" - "apparent_temperature" - "hourly_summary" # next 24 hours text - "humidity" - "pressure" - "uv_index" - ]; - units = "si" ; - scan_interval = "00:15:00"; - } - ]; -} diff --git a/krebs/2configs/shack/glados/sensors/mate.nix b/krebs/2configs/shack/glados/sensors/mate.nix deleted file mode 100644 index 751856668..000000000 --- a/krebs/2configs/shack/glados/sensors/mate.nix +++ /dev/null @@ -1,20 +0,0 @@ -let - fuellstand = name: id: { - platform = "rest"; - resource = "https://ora5.tutschonwieder.net/ords/lick_prod/v1/get/fuellstand/1/${toString id}"; - method = "GET"; - name = "Füllstand ${name}"; - value_template = "{{ value_json.fuellstand }}"; - }; -in -{ - services.home-assistant.config.sensor = - [ - (fuellstand "Wasser" 1) - (fuellstand "Mate Cola" 2) - (fuellstand "Apfelschorle" 3) - (fuellstand "Zitronensprudel" 4) - (fuellstand "Mate 1" 26) - (fuellstand "Mate 2" 27) - ]; -} diff --git a/krebs/2configs/shack/glados/sensors/power.nix b/krebs/2configs/shack/glados/sensors/power.nix deleted file mode 100644 index d9b5c7c65..000000000 --- a/krebs/2configs/shack/glados/sensors/power.nix +++ /dev/null @@ -1,29 +0,0 @@ -let - power_x = name: phase: - { platform = "mqtt"; - name = "${phase} ${name}"; - state_topic = "/power/total/${phase}/${name}"; - availability_topic = "/power/lwt"; - payload_available = "Online"; - payload_not_available = "Offline"; - }; - power_consumed = - { platform = "mqtt"; - name = "Power Consumed"; - device_class = "power"; - state_topic = "/power/total/consumed"; - availability_topic = "/power/lwt"; - payload_available = "Online"; - payload_not_available = "Offline"; - }; - power_volt = power_x "Voltage"; - power_watt = (power_x "Power") ; - power_curr = power_x "Current"; -in -{ - services.home-assistant.config.sensor = - (map power_volt [ "L1" "L2" "L3" ]) -++ (map (x: ((power_watt x) // { device_class = "power"; })) [ "L1" "L2" "L3" ]) -++ (map power_curr [ "L1" "L2" "L3" ]) -++ [ power_consumed ]; -} diff --git a/krebs/2configs/shack/glados/sensors/sensemap.nix b/krebs/2configs/shack/glados/sensors/sensemap.nix deleted file mode 100644 index c261a28e1..000000000 --- a/krebs/2configs/shack/glados/sensors/sensemap.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - services.home-assistant.config.air_quality = - [ - { - platform = "opensensemap"; - station_id = "56a0de932cb6e1e41040a68b"; - } - ]; -} diff --git a/krebs/2configs/shack/glados/sensors/spaceapi.nix b/krebs/2configs/shack/glados/sensors/spaceapi.nix deleted file mode 100644 index ea20ad29d..000000000 --- a/krebs/2configs/shack/glados/sensors/spaceapi.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ - services.home-assistant.config.binary_sensor = - [ - { - platform = "rest"; - resource = "https://spaceapi.afra-berlin.de/v1/status.json"; - method = "GET"; - name = "Door AFRA Berlin"; - device_class = "door"; - value_template = "{{ value_json.open }}"; - } - { - platform = "rest"; - resource = "http://club.entropia.de/spaceapi"; - method = "GET"; - name = "Door Entropia"; - device_class = "door"; - value_template = "{{ value_json.open }}"; - } - { - platform = "rest"; - resource = "http://www.c-base.org/status.json"; - method = "GET"; - name = "Door C-Base Berlin"; - device_class = "door"; - value_template = "{{ value_json.open }}"; - } - { - platform = "rest"; - resource = "https://status.raumzeitlabor.de/api/full.json"; - method = "GET"; - name = "Door RZL"; - device_class = "door"; - value_template = "{{ value_json.status }}"; - } - { - platform = "rest"; - resource = "https://datenobservatorium.de/"; - method = "GET"; - name = "Door Datenobservatorium"; - device_class = "door"; - value_template = "false"; - scan_interval = 2592000; - } - { - platform = "rest"; - resource = "https://infuanfu.de/"; - method = "GET"; - name = "Door Infuanfu"; - device_class = "door"; - value_template = "false"; - scan_interval = 2592000; - } - ]; -} diff --git a/krebs/2configs/shack/glados/sensors/unifi.nix b/krebs/2configs/shack/glados/sensors/unifi.nix deleted file mode 100644 index f64e3feb6..000000000 --- a/krebs/2configs/shack/glados/sensors/unifi.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - controllers = { - host = "unifi.shack"; - site = "shackspace"; - }; -} diff --git a/krebs/2configs/shack/glados/switch/power.nix b/krebs/2configs/shack/glados/switch/power.nix deleted file mode 100644 index 9ec115faa..000000000 --- a/krebs/2configs/shack/glados/switch/power.nix +++ /dev/null @@ -1,44 +0,0 @@ -# 1 - haupt -# 2 - dusche -# 3 - warmwasser -# 4 - or -# 5 - kueche -let - nodelight = type: ident: name: { - platform = "mqtt"; - name = "${type} ${name}"; - command_topic = "${type}/${toString ident}/command"; - state_topic = "${type}/${toString ident}/state"; - payload_on = "on"; - payload_off = "off"; - }; - power = nodelight "power"; - light = ident: name: { icon = "mdi:lightbulb";} // nodelight "light" ident name; -in -{ - services.home-assistant.config.switch = - [ - # These commands we see with a shutdown: - # power/143/state on - # power/142/state on - # power/141/state on - # power/142/state off - # power/141/state off - # power/10/state off - # power/main/state off - - (power "10" "Hauptschalter") - (power 1 "Dusche") # ??? - (power 2 "Warmwasser") # ??? - (power 3 "Optionsräume") # ??? - (power 4 "Küche") # ??? - (light 1 "Decke Lounge 1") - (light 2 "Decke Lounge 2") - (light 3 "Decke Lounge 3") - (light 4 "Decke Lounge 4") - (light 5 "Decke Lounge 5") - (light 6 "Decke Lounge 6") - (light 7 "Decke Lounge 7") - (light 8 "Decke Lounge 8") - ]; -} diff --git a/krebs/2configs/shack/grafana.nix b/krebs/2configs/shack/grafana.nix index adf0a4bc3..f42f1c4af 100644 --- a/krebs/2configs/shack/grafana.nix +++ b/krebs/2configs/shack/grafana.nix @@ -4,7 +4,18 @@ in { networking.firewall.allowedTCPPorts = [ port ]; # legacy services.nginx.virtualHosts."grafana.shack" = { - locations."/".proxyPass = "http://localhost:${toString port}"; + locations."/" = { + proxyPass = "http://localhost:${toString port}"; + extraConfig ='' + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + ''; + + }; }; services.grafana = { enable = true; diff --git a/krebs/2configs/shack/influx.nix b/krebs/2configs/shack/influx.nix index 6d090323d..efc88f51d 100644 --- a/krebs/2configs/shack/influx.nix +++ b/krebs/2configs/shack/influx.nix @@ -15,6 +15,16 @@ in ''; locations."/" = { proxyPass = "http://localhost:${toString port}/"; + extraConfig = '' + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + proxy_buffering off; + ''; }; }; nixpkgs.overlays = [ diff --git a/krebs/2configs/shack/mqtt_sub.nix b/krebs/2configs/shack/mqtt_sub.nix index af2bc1e66..45065cfc8 100644 --- a/krebs/2configs/shack/mqtt_sub.nix +++ b/krebs/2configs/shack/mqtt_sub.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with import ../../../lib/pure.nix { inherit lib; }; let pkg = pkgs.stdenv.mkDerivation { name = "mqtt2graphite-2017-05-29"; diff --git a/krebs/2configs/shack/muell_caller.nix b/krebs/2configs/shack/muell_caller.nix index 33f6b8c89..f3007dd1d 100644 --- a/krebs/2configs/shack/muell_caller.nix +++ b/krebs/2configs/shack/muell_caller.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with import ../../../lib/pure.nix { inherit lib; }; let pkg = pkgs.stdenv.mkDerivation { name = "muell_caller-2017-06-01"; diff --git a/krebs/2configs/shack/nix-cacher.nix b/krebs/2configs/shack/nix-cacher.nix index 8feeca9af..131525a3e 100644 --- a/krebs/2configs/shack/nix-cacher.nix +++ b/krebs/2configs/shack/nix-cacher.nix @@ -1,5 +1,5 @@ { config, pkgs, ... }: -with import <stockholm/lib>; +with import ../../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.apt-cacher-ng; in diff --git a/krebs/2configs/shack/power/u300-power.nix b/krebs/2configs/shack/power/u300-power.nix new file mode 100644 index 000000000..66e54169a --- /dev/null +++ b/krebs/2configs/shack/power/u300-power.nix @@ -0,0 +1,29 @@ +{ pkgs, ... }: +let + src = pkgs.fetchFromGitHub { + repo = "shackstrom"; + owner = "samularity"; + rev = "adfbdc7d12000fbc9fd9367c8ef0a53b7d0a9fad"; + hash = "sha256-77vSX2+1XXaBVgLka+tSEK/XYZASEk9iq+uEuO1aOUQ="; + }; + pkg = pkgs.writers.writePython3 "test_python3" { + libraries = [ pkgs.python3Packages.requests pkgs.python3Packages.paho-mqtt ]; + } (builtins.readFile "${src}/shackstrom.py"); +in +{ + systemd.services = { + u300-power = { + enable = true; + environment = { + DATA_URL = "http://10.42.20.255/csv.html"; + BROKER = "mqtt.shack"; + }; + serviceConfig = { + Restart = "always"; + ExecStart = pkg; + RestartSec = "15s"; + }; + wantedBy = [ "multi-user.target" ]; + }; + }; +} diff --git a/krebs/2configs/shack/prometheus/alert-rules.nix b/krebs/2configs/shack/prometheus/alert-rules.nix index 5ba49ede6..4cefdc3e5 100644 --- a/krebs/2configs/shack/prometheus/alert-rules.nix +++ b/krebs/2configs/shack/prometheus/alert-rules.nix @@ -1,6 +1,6 @@ { lib,... }: let - disk_free_threshold = "10"; # at least this much free disk percentage + disk_free_threshold = "5"; # at least this much free disk percentage in { services.prometheus.rules = [(builtins.toJSON { @@ -8,22 +8,6 @@ in { { name = "shack-env"; rules = [ { - alert = "Wolf RootPartitionFull"; - for = "30m"; - expr = ''(node_filesystem_avail_bytes{alias="wolf.shack",mountpoint="/"} * 100) / node_filesystem_size_bytes{alias="wolf.shack",mountpoint="/"} < ${disk_free_threshold}''; - labels.severity = "warning"; - annotations.summary = "{{ $labels.alias }} root disk full"; - annotations.url = "http://grafana.shack/d/hb7fSE0Zz/shack-system-dashboard?orgId=1&var-job=node&var-hostname=All&var-node=wolf.shack:9100&var-device=All&var-maxmount=%2F&var-show_hostname=wolf"; - annotations.description = ''The root disk of {{ $labels.alias }} has {{ $value | printf "%.2f" }}% free disk space (Threshold at ${disk_free_threshold}%). CI for deploying new configuration will seize working. Log in to the system and try to clean up the obsolete files on the machine. There are a couple of things you can do: -1. `nix-collect-garbage -d` -2. clean up the shack share folder in `/home/share` -3. check `du -hs /var/ | sort -h`. -4. run `docker system prune` -5. `find /var/lib/containers/news/var/lib/htgen-go/items -mtime +7 -delete;` to clean up the link shortener data -5. If you are really desperate run `du -hs / | sort -h` and go through the folders recursively until you've found something to delete -6. as a last resort the root disk can be expanded via `lvresize -L +10G /dev/pool/root && btrfs filesystem resize max /` ''; - } - { alert = "Puyak RootPartitionFull"; for = "30m"; expr = ''(node_filesystem_avail_bytes{alias="puyak.shack",mountpoint="/"} * 100) / node_filesystem_size_bytes{alias="puyak.shack",mountpoint="/"} < ${disk_free_threshold}''; @@ -32,9 +16,8 @@ in { annotations.url = "http://grafana.shack/d/hb7fSE0Zz/shack-system-dashboard?orgId=1&var-job=node&var-hostname=All&var-node=wolf.shack:9100&var-device=All&var-maxmount=%2F&var-show_hostname=puyak"; annotations.description = ''The root disk of {{ $labels.alias }} has {{ $value | printf "%.2f" }}% free disk space (Threshold at ${disk_free_threshold}%).Prometheus will not be able to create new alerts and CI for deploying new configuration will also seize working. Log in to the system and run `nix-collect-garbage -d` and if this does not help you can check `du -hs /var/ | sort -h`, run `docker system prune` or if you are really desperate run `du -hs / | sort -h` and go through the folders recursively until you've found something to delete''; } - # wolf.shack is not worth supervising anymore { - alert = "HostDown"; + alert = "Infra01 down"; expr = ''up{alias="infra01.shack"} == 0''; for = "5m"; labels.severity = "page"; diff --git a/krebs/2configs/shack/prometheus/irc-alerts.py b/krebs/2configs/shack/prometheus/irc-alerts.py new file mode 100644 index 000000000..005a2013b --- /dev/null +++ b/krebs/2configs/shack/prometheus/irc-alerts.py @@ -0,0 +1,207 @@ +import base64 +import cgi +import json +import os +import re +import socket +import ssl +import sys +from http.server import BaseHTTPRequestHandler +from typing import List, Optional, Tuple +from urllib.parse import urlparse + +DEBUG = os.environ.get("DEBUG") is not None + + +def _irc_send( + server: str, + nick: str, + channel: str, + sasl_password: Optional[str] = None, + server_password: Optional[str] = None, + tls: bool = True, + port: int = 6697, + messages: List[str] = [], +) -> None: + if not messages: + return + + sock = socket.socket() + if tls: + sock = ssl.wrap_socket( + sock, cert_reqs=ssl.CERT_NONE, ssl_version=ssl.PROTOCOL_TLSv1_2 + ) + + def _send(command: str) -> int: + if DEBUG: + print(command) + return sock.send((f"{command}\r\n").encode()) + + def _pong(ping: str): + if ping.startswith("PING"): + sock.send(ping.replace("PING", "PONG").encode("ascii")) + + recv_file = sock.makefile(mode="r") + + print(f"connect {server}:{port}") + sock.connect((server, port)) + if server_password: + _send(f"PASS {server_password}") + _send(f"USER {nick} 0 * :{nick}") + _send(f"NICK {nick}") + for line in recv_file.readline(): + if re.match(r"^:[^ ]* (MODE|221|376|422) ", line): + break + else: + _pong(line) + + if sasl_password: + _send("CAP REQ :sasl") + _send("AUTHENTICATE PLAIN") + auth = base64.encodebytes(f"{nick}\0{nick}\0{sasl_password}".encode("utf-8")) + _send(f"AUTHENTICATE {auth.decode('ascii')}") + _send("CAP END") + _send(f"JOIN :{channel}") + + for m in messages: + _send(f"PRIVMSG {channel} :{m}") + + _send("INFO") + for line in recv_file: + if DEBUG: + print(line, end="") + # Assume INFO reply means we are done + if "End of /INFO" in line: + break + else: + _pong(line) + + sock.send(b"QUIT") + print("disconnect") + sock.close() + + +def irc_send( + url: str, notifications: List[str], password: Optional[str] = None +) -> None: + parsed = urlparse(f"{url}") + username = parsed.username or "prometheus" + server = parsed.hostname or "chat.freenode.net" + if parsed.fragment != "": + channel = f"#{parsed.fragment}" + else: + channel = "#krebs-announce" + port = parsed.port or 6697 + if not password: + password = parsed.password + if len(notifications) == 0: + return + _irc_send( + server=server, + nick=username, + sasl_password=password, + channel=channel, + port=port, + messages=notifications, + tls=parsed.scheme == "irc+tls", + ) + + +class PrometheusWebHook(BaseHTTPRequestHandler): + def __init__( + self, + irc_url: str, + conn: socket.socket, + addr: Tuple[str, int], + password: Optional[str] = None, + ) -> None: + self.irc_url = irc_url + self.password = password + self.rfile = conn.makefile("rb") + self.wfile = conn.makefile("wb") + self.client_address = addr + self.handle() + + # for testing + def do_GET(self) -> None: + if DEBUG: + print("GET: Request Received") + self.send_response(200) + self.send_header("Content-type", "text/plain") + self.end_headers() + self.wfile.write(b"ok") + + def do_POST(self) -> None: + if DEBUG: + print("POST: Request Received") + content_type, _ = cgi.parse_header(self.headers.get("content-type")) + + # refuse to receive non-json content + if content_type != "application/json": + if DEBUG: + print(f"POST: wrong content type {content_type}") + self.send_response(400) + self.end_headers() + return + + length = int(self.headers.get("content-length")) + payload = json.loads(self.rfile.read(length)) + messages = [] + for alert in payload["alerts"]: + description = alert["annotations"]["description"] + messages.append(f"{alert['status']}: {description}") + irc_send(self.irc_url, messages, password=self.password) + + self.do_GET() + + +def systemd_socket_response() -> None: + irc_url = os.environ.get("IRC_URL", None) + if irc_url is None: + print( + "IRC_URL environment variable not set: i.e. IRC_URL=irc+tls://mic92-prometheus@chat.freenode.net/#krebs-announce", + file=sys.stderr, + ) + sys.exit(1) + + password = None + irc_password_file = os.environ.get("IRC_PASSWORD_FILE", None) + if irc_password_file: + with open(irc_password_file) as f: + password = f.read() + + msgs = sys.argv[1:] + + if msgs != []: + irc_send(irc_url, msgs, password=password) + return + + nfds = os.environ.get("LISTEN_FDS", None) + if nfds is None: + print( + "LISTEN_FDS not set. Run me with systemd(TM) socket activation?", + file=sys.stderr, + ) + sys.exit(1) + fds = range(3, 3 + int(nfds)) + + for fd in fds: + sock = socket.fromfd(fd, socket.AF_INET, socket.SOCK_STREAM) + sock.settimeout(0) + + try: + while True: + PrometheusWebHook(irc_url, *sock.accept(), password=password) + except BlockingIOError: + # no more connections + pass + + +if __name__ == "__main__": + if DEBUG: + print("Starting in DEBUG mode") + if len(sys.argv) == 3: + print(f"{sys.argv[1]} {sys.argv[2]}") + irc_send(sys.argv[1], [sys.argv[2]]) + else: + systemd_socket_response() diff --git a/krebs/2configs/shack/prometheus/irc-hooks.nix b/krebs/2configs/shack/prometheus/irc-hooks.nix new file mode 100644 index 000000000..07bb2423b --- /dev/null +++ b/krebs/2configs/shack/prometheus/irc-hooks.nix @@ -0,0 +1,59 @@ +{ config +, lib +, pkgs +, ... +}: +let + irc-alerts = pkgs.writers.writePython3 "irc-alerts" { + flakeIgnore = [ "E501" ]; + } (builtins.readFile ./irc-alerts.py); + endpoints = { + binaergewitter = { + url = "irc+tls://puyak-alerts@irc.libera.chat:6697/#binaergewitter-alerts"; + port = 9223; + }; + }; +in +{ + systemd.sockets = + lib.mapAttrs' + (name: opts: + lib.nameValuePair "irc-alerts-${name}" { + description = "Receive http hook and send irc message for ${name}"; + wantedBy = [ "sockets.target" ]; + listenStreams = [ "[::]:${builtins.toString opts.port}" ]; + }) endpoints; + + systemd.services = + lib.mapAttrs' + (name: opts: + let + serviceName = "irc-alerts-${name}"; + hasPassword = opts.passwordFile or null != null; + in + lib.nameValuePair serviceName { + description = "Receive http hook and send irc message for ${name}"; + requires = [ "irc-alerts-${name}.socket" ]; + serviceConfig = + { + Environment = + [ + "IRC_URL=${opts.url}" + "DEBUG=y" + ] + ++ lib.optional hasPassword "IRC_PASSWORD_FILE=/run/${serviceName}/password"; + DynamicUser = true; + User = serviceName; + ExecStart = irc-alerts; + } + // lib.optionalAttrs hasPassword { + PermissionsStartOnly = true; + ExecStartPre = + "${pkgs.coreutils}/bin/install -m400 " + + "-o ${serviceName} -g ${serviceName} " + + "${config.sops.secrets.prometheus-irc-password.path} " + + "/run/${serviceName}/password"; + RuntimeDirectory = serviceName; + }; + }) endpoints; +} diff --git a/krebs/2configs/shack/prometheus/server.nix b/krebs/2configs/shack/prometheus/server.nix index 9e4b4d1a7..7a5532027 100644 --- a/krebs/2configs/shack/prometheus/server.nix +++ b/krebs/2configs/shack/prometheus/server.nix @@ -3,6 +3,7 @@ { imports = [ ./alert-rules.nix + ./irc-hooks.nix ]; networking = { firewall.allowedTCPPorts = [ @@ -129,11 +130,11 @@ "group_wait" = "30s"; "group_interval" = "2m"; "repeat_interval" = "4h"; - "receiver" = "team-admins"; + "receiver" = "shack-admins"; }; "receivers" = [ { - "name" = "team-admins"; + "name" = "shack-admins"; "email_configs" = [ ]; "webhook_configs" = [ { diff --git a/krebs/2configs/shack/radioactive.nix b/krebs/2configs/shack/radioactive.nix index 286a73aae..e24121038 100644 --- a/krebs/2configs/shack/radioactive.nix +++ b/krebs/2configs/shack/radioactive.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with import ../../../lib/pure.nix { inherit lib; }; let pkg = pkgs.stdenv.mkDerivation { name = "radioactive-2017-06-01"; diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix index e339d3174..b7a8f18df 100644 --- a/krebs/2configs/shack/worlddomination.nix +++ b/krebs/2configs/shack/worlddomination.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with import ../../../lib/pure.nix { inherit lib; }; let pkg = pkgs.stdenv.mkDerivation { name = "worlddomination-2020-12-01"; diff --git a/krebs/2configs/stats/shack-debugging.nix b/krebs/2configs/stats/shack-debugging.nix index b5a0cf05e..79730adad 100644 --- a/krebs/2configs/stats/shack-debugging.nix +++ b/krebs/2configs/stats/shack-debugging.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: # TODO: krebs.collectd.plugins -with import <stockholm/lib>; +with import ../../../lib/pure.nix { inherit lib; }; let connect-time-cfg = with pkgs; writeText "collectd-connect-time.conf" '' LoadPlugin python diff --git a/krebs/2configs/syncthing.nix b/krebs/2configs/syncthing.nix index d6d42ca11..59178516c 100644 --- a/krebs/2configs/syncthing.nix +++ b/krebs/2configs/syncthing.nix @@ -1,4 +1,6 @@ -{ options, config, pkgs, ... }: with import <stockholm/lib>; let +{ config, lib, options, pkgs, ... }: +with import ../../lib/pure.nix { inherit lib; }; +let mk_peers = mapAttrs (n: v: { id = v.syncthing.id; }); all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts; diff --git a/krebs/2configs/wiki.nix b/krebs/2configs/wiki.nix index 40d946f7d..a227ceb4a 100644 --- a/krebs/2configs/wiki.nix +++ b/krebs/2configs/wiki.nix @@ -1,5 +1,5 @@ -{ config, pkgs, ... }: -with import <stockholm/lib>; +{ config, lib, pkgs, ... }: +with import ../../lib/pure.nix { inherit lib; }; let setupGit = '' @@ -14,13 +14,13 @@ let fi ''; - pushGollum = pkgs.writeDash "push_gollum" '' + pushGollum = pkgs.writers.writeDash "push_gollum" '' ${setupGit} git fetch origin git merge --ff-only origin/master ''; - pushCgit = pkgs.writeDash "push_cgit" '' + pushCgit = pkgs.writers.writeDash "push_cgit" '' ${setupGit} git push origin master ''; diff --git a/krebs/3modules/airdcpp.nix b/krebs/3modules/airdcpp.nix index 259f613cc..acd007cb8 100644 --- a/krebs/3modules/airdcpp.nix +++ b/krebs/3modules/airdcpp.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; #genid +with lib; let + slib = import ../../lib/pure.nix { inherit lib; }; cfg = config.krebs.airdcpp; out = { @@ -265,14 +266,14 @@ let }; users = lib.mkIf (cfg.user == "airdcpp") { users.airdcpp = { - uid = genid "airdcpp"; + uid = slib.genid "airdcpp"; home = cfg.stateDir; createHome = true; isSystemUser = true; group = "airdcpp"; inherit (cfg) extraGroups; }; - groups.airdcpp.gid = genid "airdcpp"; + groups.airdcpp.gid = slib.genid "airdcpp"; }; }; in diff --git a/krebs/3modules/announce-activation.nix b/krebs/3modules/announce-activation.nix index a40ae8cef..fa0f1530c 100644 --- a/krebs/3modules/announce-activation.nix +++ b/krebs/3modules/announce-activation.nix @@ -1,20 +1,21 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: let +{ config, pkgs, lib, ... }: +let + slib = import ../../lib/pure.nix { inherit lib; }; cfg = config.krebs.announce-activation; announce-activation = pkgs.writeDash "announce-activation" '' set -efu message=$(${cfg.get-message}) exec ${pkgs.irc-announce}/bin/irc-announce \ - ${shell.escape cfg.irc.server} \ - ${shell.escape (toString cfg.irc.port)} \ - ${shell.escape cfg.irc.nick} \ - ${shell.escape cfg.irc.channel} \ - ${escapeShellArg cfg.irc.tls} \ + ${slib.shell.escape cfg.irc.server} \ + ${slib.shell.escape (toString cfg.irc.port)} \ + ${slib.shell.escape cfg.irc.nick} \ + ${slib.shell.escape cfg.irc.channel} \ + ${lib.escapeShellArg cfg.irc.tls} \ "$message" ''; default-get-message = pkgs.writeDash "announce-activation-get-message" '' set -efu - PATH=${makeBinPath [ + PATH=${lib.makeBinPath [ pkgs.coreutils pkgs.gawk pkgs.gnused @@ -28,37 +29,37 @@ with import <stockholm/lib>; ''; in { options.krebs.announce-activation = { - enable = mkEnableOption "announce-activation"; - get-message = mkOption { + enable = lib.mkEnableOption "announce-activation"; + get-message = lib.mkOption { default = default-get-message; - type = types.package; + type = lib.types.package; }; irc = { # TODO rename channel to target? - channel = mkOption { + channel = lib.mkOption { default = "#xxx"; - type = types.str; # TODO types.irc-channel + type = lib.types.str; # TODO types.irc-channel }; - nick = mkOption { + nick = lib.mkOption { default = config.krebs.build.host.name; - type = types.label; + type = slib.types.label; }; - port = mkOption { + port = lib.mkOption { default = 6667; - type = types.int; + type = lib.types.int; }; - server = mkOption { + server = lib.mkOption { default = "irc.r"; - type = types.hostname; + type = slib.types.hostname; }; - tls = mkOption { + tls = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; }; }; }; - config = mkIf cfg.enable { - system.activationScripts.announce-activation = stringAfter [ "etc" ] '' + config = lib.mkIf cfg.enable { + system.activationScripts.announce-activation = lib.stringAfter [ "etc" ] '' ${announce-activation} ''; }; diff --git a/krebs/3modules/apt-cacher-ng.nix b/krebs/3modules/apt-cacher-ng.nix index f3c8ff0cd..0efe9ed43 100644 --- a/krebs/3modules/apt-cacher-ng.nix +++ b/krebs/3modules/apt-cacher-ng.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: -with import <stockholm/lib>; +with lib; let acng-config = pkgs.writeTextFile { name = "acng-configuration"; diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index c1d4d7211..900be5139 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -1,5 +1,5 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; let out = { options.krebs.backup = api; diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index c374aa9af..33c825a80 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with lib; let gunicorn = pkgs.python3Packages.gunicorn; bepasty = pkgs.bepasty; diff --git a/krebs/3modules/bindfs.nix b/krebs/3modules/bindfs.nix index 7e3730e86..60736710f 100644 --- a/krebs/3modules/bindfs.nix +++ b/krebs/3modules/bindfs.nix @@ -1,5 +1,5 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: +with lib; let cfg = config.krebs.bindfs; in { diff --git a/krebs/3modules/brockman.nix b/krebs/3modules/brockman.nix index 8427ca50b..3f0dd0861 100644 --- a/krebs/3modules/brockman.nix +++ b/krebs/3modules/brockman.nix @@ -1,6 +1,7 @@ -{ pkgs, config, ... }: -with import <stockholm/lib>; +{ pkgs, config, lib, ... }: +with lib; let + slib = import ../../lib/pure.nix { inherit lib; }; cfg = config.krebs.brockman; in { options.krebs.brockman = { @@ -14,7 +15,7 @@ in { group = "brockman"; createHome = true; isSystemUser = true; - uid = genid_uint31 "brockman"; + uid = slib.genid_uint31 "brockman"; }; users.groups.brockman = {}; diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix index 5f961617f..bf20cb099 100644 --- a/krebs/3modules/build.nix +++ b/krebs/3modules/build.nix @@ -1,6 +1,6 @@ -{ config, ... }: +{ config, lib, pkgs, ... }: -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; { options.krebs.build = { diff --git a/krebs/3modules/ci/default.nix b/krebs/3modules/ci/default.nix index 022da5884..5035a11a8 100644 --- a/krebs/3modules/ci/default.nix +++ b/krebs/3modules/ci/default.nix @@ -1,6 +1,5 @@ { config, lib, pkgs, ... }: - -with import <stockholm/lib>; +with import ../../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.ci; @@ -25,7 +24,7 @@ let }; hostname = config.networking.hostName; - getJobs = pkgs.writeDash "get_jobs" '' + getJobs = pkgs.writers.writeDash "get_jobs" '' set -efu ${pkgs.nix}/bin/nix-build --no-out-link --quiet --show-trace -Q ./ci.nix >&2 json="$(${pkgs.nix}/bin/nix-instantiate --quiet -Q --eval --strict --json ./ci.nix)" @@ -116,7 +115,7 @@ let build_script = stages[stage], ), timeout = 3600, - command="${pkgs.writeDash "build.sh" '' + command="${pkgs.writers.writeDash "build.sh" '' set -xefu profile=${shell.escape profileRoot}/$build_name result=$("$build_script") diff --git a/krebs/3modules/current.nix b/krebs/3modules/current.nix index e97e53479..5c32203fd 100644 --- a/krebs/3modules/current.nix +++ b/krebs/3modules/current.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: -with import <stockholm/lib>; +with lib; let cfg = config.krebs.current; diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 6d763afed..28ce09941 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -1,170 +1,62 @@ { config, lib, ... }: - -with import <stockholm/lib>; -let - cfg = config.krebs; - - out = { - imports = [ - ../../kartei - ../../submodules/disko/module.nix - ./acl.nix - ./airdcpp.nix - ./announce-activation.nix - ./apt-cacher-ng.nix - ./backup.nix - ./bepasty-server.nix - ./bindfs.nix - ./brockman.nix - ./build.nix - ./cachecache.nix - ./ci - ./current.nix - ./dns.nix - ./exim-retiolum.nix - ./exim-smarthost.nix - ./exim.nix - ./fetchWallpaper.nix - ./git.nix - ./github - ./go.nix - ./hidden-ssh.nix - ./hosts.nix - ./htgen.nix - ./iana-etc.nix - ./iptables.nix - ./kapacitor.nix - ./konsens.nix - ./krebs-pages.nix - ./monit.nix - ./nixpkgs.nix - ./on-failure.nix - ./os-release.nix - ./per-user.nix - ./permown.nix - ./power-action.nix - ./reaktor2.nix - ./realwallpaper.nix - ./repo-sync.nix - ./retiolum-bootstrap.nix - ./secret.nix - ./setuid.nix - ./shadow.nix - ./sitemap.nix - ./ssl.nix - ./sync-containers.nix - ./sync-containers3.nix - ./systemd.nix - ./tinc.nix - ./tinc_graphs.nix - ./upstream - ./urlwatch.nix - ./users.nix - ./xresources.nix - ./zones.nix - ]; - options.krebs = api; - config = lib.mkIf cfg.enable imp; - }; - - api = { - enable = mkEnableOption "krebs"; - - zone-head-config = mkOption { - type = with types; attrsOf str; - description = '' - The zone configuration head which is being used to create the - zone files. The string for each key is pre-pended to the zone file. - ''; - # TODO: configure the default somewhere else, - # maybe use krebs.dns.providers - default = { - - # github.io -> 192.30.252.154 - "krebsco.de" = '' - $TTL 86400 - @ IN SOA dns19.ovh.net. tech.ovh.net. (2015052000 86400 3600 3600000 86400) - IN NS ns19.ovh.net. - IN NS dns19.ovh.net. - ''; - }; - }; - }; - - imp = lib.mkMerge [ - { - services.openssh.hostKeys = - let inherit (config.krebs.build.host.ssh) privkey; in - mkIf (privkey != null) [privkey]; - - services.openssh.knownHosts = - filterAttrs - (knownHostName: knownHost: - knownHost.publicKey != null && - knownHost.hostNames != [] - ) - (mapAttrs - (hostName: host: { - hostNames = - concatLists - (mapAttrsToList - (netName: net: - let - aliases = - concatLists [ - shortAliases - net.aliases - net.addrs - ]; - shortAliases = - optionals - (cfg.dns.search-domain != null) - (map (removeSuffix ".${cfg.dns.search-domain}") - (filter (hasSuffix ".${cfg.dns.search-domain}") - net.aliases)); - addPort = alias: - if net.ssh.port != 22 - then "[${alias}]:${toString net.ssh.port}" - else alias; - in - map addPort aliases - ) - host.nets); - publicKey = host.ssh.pubkey; - }) - (foldl' mergeAttrs {} [ - cfg.hosts - { - localhost = { - nets.local = { - addrs = [ "127.0.0.1" "::1" ]; - aliases = [ "localhost" ]; - ssh.port = 22; - }; - ssh.pubkey = config.krebs.build.host.ssh.pubkey; - }; - } - ])); - - programs.ssh.extraConfig = concatMapStrings - (net: '' - Host ${toString (net.aliases ++ net.addrs)} - Port ${toString net.ssh.port} - '') - (filter - (net: net.ssh.port != 22) - (concatMap (host: attrValues host.nets) - (mapAttrsToList - (_: host: recursiveUpdate host - (optionalAttrs (cfg.dns.search-domain != null && - hasAttr cfg.dns.search-domain host.nets) { - nets."" = host.nets.${cfg.dns.search-domain} // { - aliases = [host.name]; - addrs = []; - }; - })) - config.krebs.hosts))); - } +{ + imports = [ + ../../kartei + ./acl.nix + ./airdcpp.nix + ./announce-activation.nix + ./apt-cacher-ng.nix + ./backup.nix + ./bepasty-server.nix + ./bindfs.nix + ./brockman.nix + ./build.nix + ./cachecache.nix + ./ci + ./current.nix + ./dns.nix + ./exim-retiolum.nix + ./exim-smarthost.nix + ./exim.nix + ./fetchWallpaper.nix + ./git.nix + ./github + ./go.nix + ./hidden-ssh.nix + ./hosts.nix + ./htgen.nix + ./iana-etc.nix + ./iptables.nix + ./kapacitor.nix + ./konsens.nix + ./krebs.nix + ./krebs-pages.nix + ./monit.nix + ./nixpkgs.nix + ./on-failure.nix + ./os-release.nix + ./per-user.nix + ./permown.nix + ./power-action.nix + ./reaktor2.nix + ./realwallpaper.nix + ./repo-sync.nix + ./retiolum-bootstrap.nix + ./secret.nix + ./setuid.nix + ./shadow.nix + ./ssh.nix + ./sitemap.nix + ./ssl.nix + ./sync-containers.nix + ./sync-containers3.nix + ./systemd.nix + ./tinc.nix + ./tinc_graphs.nix + ./upstream + ./urlwatch.nix + ./users.nix + ./xresources.nix + ./zones.nix ]; - -in out +} diff --git a/krebs/3modules/dns.nix b/krebs/3modules/dns.nix index 8a74d3067..a268b931c 100644 --- a/krebs/3modules/dns.nix +++ b/krebs/3modules/dns.nix @@ -1,5 +1,5 @@ -with import <stockholm/lib>; -{ config, ... }: { +{ config, lib, pkgs, ... }: +with import ../../lib/pure.nix { inherit lib; }; { options = { krebs.dns.providers = mkOption { type = types.attrsOf types.str; @@ -8,7 +8,7 @@ with import <stockholm/lib>; type = types.nullOr types.hostname; }; }; - config = mkIf config.krebs.enable { + config = lib.mkIf config.krebs.enable { krebs.dns.providers = { "krebsco.de" = "zones"; shack = "hosts"; diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix index a16661c9f..f78f1746c 100644 --- a/krebs/3modules/exim-retiolum.nix +++ b/krebs/3modules/exim-retiolum.nix @@ -1,5 +1,5 @@ -with import <stockholm/lib>; -{ config, pkgs, lib, ... }: let +{ config, pkgs, lib, ... }: +with import ../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.exim-retiolum; # Due to improvements to the JSON notation, braces around top-level objects diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index 62f15027a..7b3dace6a 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.exim-smarthost; diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix index 0f0aa67f0..917a8e5a4 100644 --- a/krebs/3modules/exim.nix +++ b/krebs/3modules/exim.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: with import <stockholm/lib>; let +{ config, lib, pkgs, ... }: with import ../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.exim; in { options.krebs.exim = { diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index dc0133a63..79187adfa 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.fetchWallpaper; diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 02c673e43..1ec216f62 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -6,14 +6,14 @@ # TODO when authorized_keys changes, then restart ssh # (or kill already connected users somehow) -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.git; out = { options.krebs.git = api; - config = with lib; mkIf cfg.enable (mkMerge [ - (mkIf cfg.cgit.enable cgit-imp) + config = with lib; lib.mkIf cfg.enable (mkMerge [ + (lib.mkIf cfg.cgit.enable cgit-imp) git-imp ]); }; @@ -446,7 +446,7 @@ let ]; locations."/".extraConfig = '' include ${pkgs.nginx}/conf/fastcgi_params; - fastcgi_param SCRIPT_FILENAME ${pkgs.writeDash "cgit-wrapper" '' + fastcgi_param SCRIPT_FILENAME ${pkgs.writers.writeDash "cgit-wrapper" '' set -efu exec 3>&1 ${pkgs.cgit}/cgit/cgit.cgi "$@" 2>&1 >&3 3>&- \ diff --git a/krebs/3modules/github/hosts-sync.nix b/krebs/3modules/github/hosts-sync.nix index 71eed6c69..6f9aee0ce 100644 --- a/krebs/3modules/github/hosts-sync.nix +++ b/krebs/3modules/github/hosts-sync.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with lib; let cfg = config.krebs.github-hosts-sync; diff --git a/krebs/3modules/go.nix b/krebs/3modules/go.nix index 80cd90e27..9dc8fe6d2 100644 --- a/krebs/3modules/go.nix +++ b/krebs/3modules/go.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with lib; let cfg = config.krebs.go; diff --git a/krebs/3modules/hidden-ssh.nix b/krebs/3modules/hidden-ssh.nix index acbe717d9..9ee4409e6 100644 --- a/krebs/3modules/hidden-ssh.nix +++ b/krebs/3modules/hidden-ssh.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with lib; let cfg = config.krebs.hidden-ssh; diff --git a/krebs/3modules/hosts.nix b/krebs/3modules/hosts.nix index bd1bb1652..2333d0a8d 100644 --- a/krebs/3modules/hosts.nix +++ b/krebs/3modules/hosts.nix @@ -1,17 +1,19 @@ -with import <stockholm/lib>; -{ config, ... }: let +{ config, lib, pkgs, ... }: +with lib; let check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains; - domains = attrNames (filterAttrs (_: eq "hosts") config.krebs.dns.providers); + domains = attrNames (filterAttrs (_: slib.eq "hosts") config.krebs.dns.providers); + # we need this import because we have infinite recursion otherwise + slib = import ../../lib/pure.nix { inherit lib; }; in { options = { krebs.hosts = mkOption { default = {}; - type = types.attrsOf types.host; + type = types.attrsOf slib.types.host; }; }; - config = mkIf config.krebs.enable { + config = lib.mkIf config.krebs.enable { networking.hosts = filterAttrs (_name: value: value != []) @@ -91,7 +93,7 @@ in { (concatLists (attrValues netAliases)); } // - genAttrs' (attrNames netAliases) (netname: rec { + slib.genAttrs' (attrNames netAliases) (netname: rec { name = "krebs-hosts-${netname}"; value = writeHosts name netAliases.${netname}; }); diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix index b760ea671..334a83cb3 100644 --- a/krebs/3modules/htgen.nix +++ b/krebs/3modules/htgen.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; let optionalAttr = name: value: if name != null then diff --git a/krebs/3modules/iana-etc.nix b/krebs/3modules/iana-etc.nix index 9ed5f29c5..3195f71d9 100644 --- a/krebs/3modules/iana-etc.nix +++ b/krebs/3modules/iana-etc.nix @@ -1,5 +1,5 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: { +{ config, pkgs, lib, ... }: +with lib; { options.krebs.iana-etc.services = mkOption { default = {}; diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix index 052dad9c6..c1c5b68c8 100644 --- a/krebs/3modules/iptables.nix +++ b/krebs/3modules/iptables.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with lib; let inherit (pkgs) writeText; diff --git a/krebs/3modules/kapacitor.nix b/krebs/3modules/kapacitor.nix index 2ec67c73d..89d2e2c14 100644 --- a/krebs/3modules/kapacitor.nix +++ b/krebs/3modules/kapacitor.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: with builtins; -with import <stockholm/lib>; +with lib; let cfg = config.krebs.kapacitor; diff --git a/krebs/3modules/konsens.nix b/krebs/3modules/konsens.nix index 81dbb33e1..0463de53f 100644 --- a/krebs/3modules/konsens.nix +++ b/krebs/3modules/konsens.nix @@ -1,6 +1,5 @@ { config, lib, pkgs, ... }: - -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.konsens; @@ -68,7 +67,7 @@ let serviceConfig = { Type = "simple"; PermissionsStartOnly = true; - ExecStart = pkgs.writeDash "konsens-${name}" '' + ExecStart = pkgs.writers.writeDash "konsens-${name}" '' set -efu git config --global --replace-all safe.directory * if ! test -e ${name}; then diff --git a/krebs/3modules/krebs-pages.nix b/krebs/3modules/krebs-pages.nix index 6dd046a8b..face9e3a0 100644 --- a/krebs/3modules/krebs-pages.nix +++ b/krebs/3modules/krebs-pages.nix @@ -1,6 +1,5 @@ -{ config, modulesPath, pkgs, ... }: let +{ config, modulesPath, pkgs, lib, ... }: let cfg = config.krebs.pages; - lib = import ../../lib; extraTypes.nginx-vhost = lib.types.submodule ( lib.recursiveUpdate (import (modulesPath + "/services/web-servers/nginx/vhost-options.nix") @@ -11,7 +10,7 @@ in { options.krebs.pages = { enable = lib.mkEnableOption "krebs-pages"; domain = lib.mkOption { - type = lib.types.hostname; + type = pkgs.stockholm.lib.types.hostname; default = "krebsco.de"; }; nginx = lib.mkOption { diff --git a/krebs/3modules/krebs.nix b/krebs/3modules/krebs.nix new file mode 100644 index 000000000..ce63135ec --- /dev/null +++ b/krebs/3modules/krebs.nix @@ -0,0 +1,8 @@ +{ config, lib, ... }: +with lib; +let + cfg = config.krebs; +in { + options.krebs.enable = mkEnableOption "krebs"; + config = lib.mkIf config.krebs.enable {}; +} diff --git a/krebs/3modules/monit.nix b/krebs/3modules/monit.nix index cc4a1b208..717316224 100644 --- a/krebs/3modules/monit.nix +++ b/krebs/3modules/monit.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: with builtins; -with import <stockholm/lib>; +with lib; let cfg = config.krebs.monit; diff --git a/krebs/3modules/nixpkgs.nix b/krebs/3modules/nixpkgs.nix index 796ee537e..e560df51d 100644 --- a/krebs/3modules/nixpkgs.nix +++ b/krebs/3modules/nixpkgs.nix @@ -1,5 +1,5 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with lib; let cfg = config.krebs.nixpkgs; diff --git a/krebs/3modules/on-failure.nix b/krebs/3modules/on-failure.nix index 4da303dec..11d2b4194 100644 --- a/krebs/3modules/on-failure.nix +++ b/krebs/3modules/on-failure.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: with import <stockholm/lib>; let +{ config, lib, pkgs, ... }: with import ../../lib/pure.nix { inherit lib; }; let out = { options.krebs.on-failure = api; config = lib.mkIf cfg.enable imp; diff --git a/krebs/3modules/os-release.nix b/krebs/3modules/os-release.nix index 5fbfe6614..bfd352825 100644 --- a/krebs/3modules/os-release.nix +++ b/krebs/3modules/os-release.nix @@ -1,5 +1,5 @@ -{ config, ... }: -with import <stockholm/lib>; +{ config, lib, ... }: +with lib; let nixos-version-id = if (hasAttr "nixos" config.system) then "${config.system.nixos.version}" else "${config.system.nixosVersion}"; @@ -9,7 +9,7 @@ let nixos-pretty-name = "NixOS ${nixos-version}"; stockholm-version-id = let - eval = tryEval (removeSuffix "\n" (readFile <stockholm-version>)); + eval = builtins.tryEval (removeSuffix "\n" (readFile <stockholm-version>)); in if eval.success then eval.value else "unknown"; diff --git a/krebs/3modules/per-user.nix b/krebs/3modules/per-user.nix index 5beb859aa..c0368ee85 100644 --- a/krebs/3modules/per-user.nix +++ b/krebs/3modules/per-user.nix @@ -1,5 +1,5 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: let +{ config, pkgs, lib, ... }: +with lib; let cfg = config.krebs.per-user; in { options.krebs.per-user = mkOption { diff --git a/krebs/3modules/permown.nix b/krebs/3modules/permown.nix index a4dd40386..3ebbc44fe 100644 --- a/krebs/3modules/permown.nix +++ b/krebs/3modules/permown.nix @@ -1,5 +1,5 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: { +{ config, pkgs, lib, ... }: +with lib; { options.krebs.permown = mkOption { default = {}; diff --git a/krebs/3modules/reaktor2.nix b/krebs/3modules/reaktor2.nix index 26aac5d5a..978e0c9c0 100644 --- a/krebs/3modules/reaktor2.nix +++ b/krebs/3modules/reaktor2.nix @@ -1,5 +1,5 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: { +{ config, pkgs, lib, ... }: +with import ../../lib/pure.nix { inherit lib; }; { options.krebs.reaktor2 = mkOption { default = {}; diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index f2b34e8c4..a65a22b29 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.realwallpaper; diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix index 5b8a53be8..a6de3f3f6 100644 --- a/krebs/3modules/repo-sync.nix +++ b/krebs/3modules/repo-sync.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.repo-sync; diff --git a/krebs/3modules/retiolum-bootstrap.nix b/krebs/3modules/retiolum-bootstrap.nix index faa3dd714..c9ea8a619 100644 --- a/krebs/3modules/retiolum-bootstrap.nix +++ b/krebs/3modules/retiolum-bootstrap.nix @@ -1,5 +1,5 @@ -{ config, pkgs, ... }: -with import <stockholm/lib>; +{ config, pkgs, lib, ... }: +with lib; let cfg = config.krebs.retiolum-bootstrap; in diff --git a/krebs/3modules/secret.nix b/krebs/3modules/secret.nix index 0c5e1cdcd..90c2f6a6d 100644 --- a/krebs/3modules/secret.nix +++ b/krebs/3modules/secret.nix @@ -1,5 +1,5 @@ -with import <stockholm/lib>; -{ config, lib, pkgs, ... }: let +{ config, lib, pkgs, ... }: +with import ../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.secret; in { options.krebs.secret = { @@ -12,7 +12,7 @@ in { readOnly = true; }; files = mkOption { - type = with types; attrsOf secret-file; + type = with pkgs.stockholm.lib.types; attrsOf secret-file; default = {}; }; }; diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix index e186478eb..53fed0e36 100644 --- a/krebs/3modules/setuid.nix +++ b/krebs/3modules/setuid.nix @@ -1,5 +1,6 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: let +{ config, pkgs, lib, ... }: +with import ../../lib/pure.nix { inherit lib; }; +let out = { options.krebs.setuid = api; diff --git a/krebs/3modules/shadow.nix b/krebs/3modules/shadow.nix index f056cfd8e..281b446bb 100644 --- a/krebs/3modules/shadow.nix +++ b/krebs/3modules/shadow.nix @@ -1,5 +1,6 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: let +{ config, pkgs, lib, ... }: +with lib; +let cfg = config.krebs.shadow; @@ -47,7 +48,7 @@ in { default = cfg.overridesFile != null; }; overridesFile = mkOption { - apply = x: if typeOf x == "path" then toString x else x; + apply = x: if builtins.typeOf x == "path" then toString x else x; default = null; description = '' Path to a file containing additional shadow entries, used for adding diff --git a/krebs/3modules/sitemap.nix b/krebs/3modules/sitemap.nix index ec2179db1..906d556be 100644 --- a/krebs/3modules/sitemap.nix +++ b/krebs/3modules/sitemap.nix @@ -1,6 +1,5 @@ -let - lib = import ../../lib; -in { +{ lib, ... }: +{ options.krebs.sitemap = lib.mkOption { type = with lib.types; attrsOf sitemap.entry; default = {}; diff --git a/krebs/3modules/ssh.nix b/krebs/3modules/ssh.nix new file mode 100644 index 000000000..58f3a3c10 --- /dev/null +++ b/krebs/3modules/ssh.nix @@ -0,0 +1,109 @@ +{ config, lib, ... }: +with lib; +let + cfg = config.krebs; + + out = { + options.krebs = api; + config = lib.mkIf cfg.enable imp; + }; + + api = { + zone-head-config = mkOption { + type = with types; attrsOf str; + description = '' + The zone configuration head which is being used to create the + zone files. The string for each key is pre-pended to the zone file. + ''; + # TODO: configure the default somewhere else, + # maybe use krebs.dns.providers + default = { + + # github.io -> 192.30.252.154 + "krebsco.de" = '' + $TTL 86400 + @ IN SOA dns19.ovh.net. tech.ovh.net. (2015052000 86400 3600 3600000 86400) + IN NS ns19.ovh.net. + IN NS dns19.ovh.net. + ''; + }; + }; + }; + + imp = lib.mkMerge [ + { + services.openssh.hostKeys = + let inherit (config.krebs.build.host.ssh) privkey; in + mkIf (privkey != null) [privkey]; + + services.openssh.knownHosts = + filterAttrs + (knownHostName: knownHost: + knownHost.publicKey != null && + knownHost.hostNames != [] + ) + (mapAttrs + (hostName: host: { + hostNames = + concatLists + (mapAttrsToList + (netName: net: + let + aliases = + concatLists [ + shortAliases + net.aliases + net.addrs + ]; + shortAliases = + optionals + (cfg.dns.search-domain != null) + (map (removeSuffix ".${cfg.dns.search-domain}") + (filter (hasSuffix ".${cfg.dns.search-domain}") + net.aliases)); + addPort = alias: + if net.ssh.port != 22 + then "[${alias}]:${toString net.ssh.port}" + else alias; + in + map addPort aliases + ) + host.nets); + publicKey = host.ssh.pubkey; + }) + (foldl' mergeAttrs {} [ + cfg.hosts + { + localhost = { + nets.local = { + addrs = [ "127.0.0.1" "::1" ]; + aliases = [ "localhost" ]; + ssh.port = 22; + }; + ssh.pubkey = config.krebs.build.host.ssh.pubkey; + }; + } + ])); + + programs.ssh.extraConfig = concatMapStrings + (net: '' + Host ${toString (net.aliases ++ net.addrs)} + Port ${toString net.ssh.port} + '') + (filter + (net: net.ssh.port != 22) + (concatMap (host: attrValues host.nets) + (mapAttrsToList + (_: host: recursiveUpdate host + (optionalAttrs (cfg.dns.search-domain != null && + hasAttr cfg.dns.search-domain host.nets) { + nets."" = host.nets.${cfg.dns.search-domain} // { + aliases = [host.name]; + addrs = []; + }; + })) + config.krebs.hosts))); + } + ]; + +in out diff --git a/krebs/3modules/sync-containers.nix b/krebs/3modules/sync-containers.nix index 60ca993e6..fe64657dc 100644 --- a/krebs/3modules/sync-containers.nix +++ b/krebs/3modules/sync-containers.nix @@ -1,5 +1,6 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: let +{ config, pkgs, lib, ... }: +with lib; +let cfg = config.krebs.sync-containers; paths = cname: { plain = "/var/lib/containers/${cname}/var/state"; diff --git a/krebs/3modules/sync-containers3.nix b/krebs/3modules/sync-containers3.nix index ed147b30e..c88dd5919 100644 --- a/krebs/3modules/sync-containers3.nix +++ b/krebs/3modules/sync-containers3.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: let cfg = config.krebs.sync-containers3; - slib = pkgs.stockholm.lib; + slib = import ../../lib/pure.nix { inherit lib; }; in { options.krebs.sync-containers3 = { inContainer = { diff --git a/krebs/3modules/systemd.nix b/krebs/3modules/systemd.nix index 3e524d3b5..754b25675 100644 --- a/krebs/3modules/systemd.nix +++ b/krebs/3modules/systemd.nix @@ -1,5 +1,6 @@ -{ config, pkgs, ... }: let { - lib = import ../../lib; +{ config, pkgs, lib, ... }: let { + + slib = import ../../lib/pure.nix { inherit lib; }; body.options.krebs.systemd.services = lib.mkOption { default = {}; @@ -13,14 +14,14 @@ lib.sort lib.lessThan (lib.filter - lib.types.absolute-pathname.check + slib.types.absolute-pathname.check (map - (lib.compose [ lib.maybeHead (lib.match "[^:]*:(.*)") ]) + (slib.compose [ slib.maybeHead (builtins.match "[^:]*:(.*)") ]) (lib.toList cfg.serviceConfig.LoadCredential))); readOnly = true; }; credentialUnitName = lib.mkOption { - default = "trigger-${lib.systemd.encodeName serviceName}"; + default = "trigger-${slib.systemd.encodeName serviceName}"; readOnly = true; }; restartIfCredentialsChange = lib.mkOption { @@ -54,7 +55,7 @@ pkgs.systemd ]} - cache=/var/lib/credentials/${lib.shell.escape serviceName}.sha1sum + cache=/var/lib/credentials/${slib.shell.escape serviceName}.sha1sum tmpfile=$(mktemp -t "$(basename "$cache")".XXXXXXXX) trap 'rm -f "$tmpfile"' EXIT @@ -64,7 +65,7 @@ fi mv "$tmpfile" "$cache" - systemctl restart ${lib.shell.escape serviceName} + systemctl restart ${slib.shell.escape serviceName} ''; }; }; diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 437f3b633..2f9efad46 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -1,5 +1,5 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: { +{ config, pkgs, lib, ... }: +with import ../../lib/pure.nix { inherit lib; }; { options.krebs.tinc = mkOption { default = {}; description = '' diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index 733db69ca..dd132a2de 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.tinc_graphs; internal_dir = "${cfg.workingDir}/internal"; diff --git a/krebs/3modules/upstream/default.nix b/krebs/3modules/upstream/default.nix index ce7bd1644..91de6beeb 100644 --- a/krebs/3modules/upstream/default.nix +++ b/krebs/3modules/upstream/default.nix @@ -1,4 +1,5 @@ -with import <stockholm/lib>; +{ pkgs, lib, ... }: +with lib; { imports = @@ -6,5 +7,5 @@ with import <stockholm/lib>; (name: ./. + "/${name}") (filter (name: name != "default.nix" && !hasPrefix "." name) - (attrNames (readDir ./.))); + (attrNames (builtins.readDir ./.))); } diff --git a/krebs/3modules/upstream/desktop-managers/coma.nix b/krebs/3modules/upstream/desktop-managers/coma.nix index 95db7fb5c..e12f4b981 100644 --- a/krebs/3modules/upstream/desktop-managers/coma.nix +++ b/krebs/3modules/upstream/desktop-managers/coma.nix @@ -1,5 +1,6 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: { +{ config, pkgs, lib, ... }: +with lib; +{ options = { services.xserver.desktopManager.coma = { enable = mkEnableOption "sleep as a desktop manager"; diff --git a/krebs/3modules/upstream/desktop-managers/none.nix b/krebs/3modules/upstream/desktop-managers/none.nix index 892def985..77f7ad513 100644 --- a/krebs/3modules/upstream/desktop-managers/none.nix +++ b/krebs/3modules/upstream/desktop-managers/none.nix @@ -1,9 +1,9 @@ +{ lib, ... }: # Replace upstream none desktop-manager by a real none, that doesn't pull in # any dependencies. -with import <stockholm/lib>; { - disabledModules = singleton "services/x11/desktop-managers/none.nix"; - config.services.xserver.desktopManager.session = singleton { + disabledModules = lib.singleton "services/x11/desktop-managers/none.nix"; + config.services.xserver.desktopManager.session = lib.singleton { name = "none"; bgSupport = true; start = ""; diff --git a/krebs/3modules/upstream/window-managers/default.nix b/krebs/3modules/upstream/window-managers/default.nix index eecadca7e..cdd82076d 100644 --- a/krebs/3modules/upstream/window-managers/default.nix +++ b/krebs/3modules/upstream/window-managers/default.nix @@ -13,8 +13,8 @@ imports = [ ./xmonad.nix ]; nixpkgs.overlays = [(self: super: { writers = super.writers // { - writeHaskellBin = name: spec: with import <stockholm/lib>; - super.writers.writeHaskellBin name (removeAttrs spec ["ghcArgs"]); + writeHaskellBin = name: spec: + super.writers.writeHaskellBin name (builtins.removeAttrs spec ["ghcArgs"]); }; })]; } diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix index 113f6e65d..b811b6fa6 100644 --- a/krebs/3modules/urlwatch.nix +++ b/krebs/3modules/urlwatch.nix @@ -4,7 +4,7 @@ # TODO inform about unused caches # cache = url: "${cfg.dataDir}/.urlwatch/cache/${hashString "sha1" url}" -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.urlwatch; diff --git a/krebs/3modules/users.nix b/krebs/3modules/users.nix index c1ad4b44b..614e6ab42 100644 --- a/krebs/3modules/users.nix +++ b/krebs/3modules/users.nix @@ -1,8 +1,8 @@ -{ config, ... }: let - lib = import ../../lib; +{ config, lib, pkgs, ... }: let + slib = import ../../lib/pure.nix { inherit lib; }; in { options.krebs.users = lib.mkOption { - type = with lib.types; attrsOf user; + type = lib.types.attrsOf slib.types.user; }; config = lib.mkIf config.krebs.enable { krebs.users = { diff --git a/krebs/3modules/zones.nix b/krebs/3modules/zones.nix index 51ced6f95..7771d3b51 100644 --- a/krebs/3modules/zones.nix +++ b/krebs/3modules/zones.nix @@ -1,5 +1,5 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: { +{ config, pkgs, lib, ... }: +with lib; { config = { environment.etc = diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index f9ed6439c..866796a4e 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -1,8 +1,11 @@ -let - stockholm.lib = import ../../lib; +self: super: let + stockholm = { + lib = import ../../lib/pure.nix { lib = super.lib; }; + outPath = toString ../.; + }; in with stockholm.lib; -self: super: + fix (foldl' (flip extends) (self: super) ( [ (self: super: { inherit stockholm; }) diff --git a/krebs/5pkgs/simple/reaktor2-plugins.nix b/krebs/5pkgs/simple/reaktor2-plugins.nix index 052e389a6..651062b0a 100644 --- a/krebs/5pkgs/simple/reaktor2-plugins.nix +++ b/krebs/5pkgs/simple/reaktor2-plugins.nix @@ -1,5 +1,5 @@ { lib, pkgs, stockholm, ... }: -with stockholm.lib; +with (builtins.trace (lib.attrNames stockholm) stockholm).lib; rec { generators = { @@ -15,27 +15,27 @@ rec { commands = { random-emoji = { - filename = <stockholm/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh>; + filename = stockholm.outPath + "/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh"; env = { PATH = makeBinPath (with pkgs; [ coreutils gnused gnugrep xmlstarlet wget ]); }; }; dance = { - filename = pkgs.writeDash "dance" '' + filename = pkgs.writers.writeDash "dance" '' ${pkgs.krebsdance}/bin/krebsdance --dance "$@"; ''; }; nixos-version = { - filename = pkgs.writeDash "nixos-version" '' + filename = pkgs.writers.writeDash "nixos-version" '' . /etc/os-release echo "$PRETTY_NAME" ''; }; stockholm-issue = { - filename = <stockholm/krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh>; + filename = stockholm.outPath + "/krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh"; env = { PATH = makeBinPath (with pkgs; [ coreutils git gnused haskellPackages.lentil ]); origin = "http://cgit.gum/stockholm"; @@ -56,10 +56,10 @@ rec { PATH = makeBinPath (with pkgs; [ gnused ]); state_dir = "/tmp"; }; - filename = pkgs.writeDash "sed-plugin" '' + filename = pkgs.writers.writeDash "sed-plugin" '' set -efu exec ${pkgs.python3}/bin/python \ - ${<stockholm/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py>} "$@" + ${stockholm.outPath + "/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py"} "$@" ''; }; }; @@ -68,7 +68,7 @@ rec { activate = "match"; pattern = "^(.*Shack.*)$"; arguments = [1]; - command.filename = <stockholm/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh>; + command.filename = stockholm.outPath + "/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh"; }; diff --git a/krebs/default.nix b/krebs/default.nix index 577cc269e..8cfdae484 100644 --- a/krebs/default.nix +++ b/krebs/default.nix @@ -1,4 +1,4 @@ -{ +args: { imports = [ ./3modules @@ -6,7 +6,7 @@ nixpkgs = { overlays = [ - (import ../submodules/nix-writers/pkgs) + (import ((args.nix-writers or ../submodules/nix-writers) + "/pkgs")) (import ./5pkgs) ]; }; diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 6decb1fd3..83131c2b8 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "7409480d5c8584a1a83c422530419efe4afb0d19", - "date": "2023-06-04T22:13:39-04:00", - "path": "/nix/store/ljhvmls6vxsg7x93zvaa087y77wh2nzc-nixpkgs", - "sha256": "14rv5zjrq5rpqlzc1wzh30yhn8aivwkm2zrh0bh0facbkqwrwigh", + "rev": "645ff62e09d294a30de823cb568e9c6d68e92606", + "date": "2023-07-01T19:09:17+02:00", + "path": "/nix/store/s5zy1prlscbr2iz6h9fj5la3973isaxw-nixpkgs", + "sha256": "02hpby5ln7p5kix9518hn0ady4q3i41z5ycamvwsarv3gvlzbsb4", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 795b07fa7..aed82e9f3 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "d4a9ff82fc18723219b60c66fb2ccb0734c460eb", - "date": "2023-06-04T14:52:07+02:00", - "path": "/nix/store/hnnbh80g4jx19h0ac76qrirai16ld2px-nixpkgs", - "sha256": "0ly23mqjzlygsnr0avji6ylyrl90rcqsmkcavg71kd60v8ydmw6c", + "rev": "0de86059128947b2438995450f2c2ca08cc783d5", + "date": "2023-07-01T05:19:59+03:00", + "path": "/nix/store/fwazy7k5nlavyj4637jnsqabdzdiad90-nixpkgs", + "sha256": "0m3aqg2xx5705v4yglal1ksknqnj3cbdyzcyw1dvz6qqvn9ng7i5", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/krebs/update-nixpkgs.sh b/krebs/update-nixpkgs.sh index 97c069d86..465548f44 100755 --- a/krebs/update-nixpkgs.sh +++ b/krebs/update-nixpkgs.sh @@ -3,7 +3,7 @@ dir=$(dirname $0) oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ --url https://github.com/NixOS/nixpkgs \ - --rev refs/heads/nixos-22.11' \ + --rev refs/heads/nixos-23.05' \ > $dir/nixpkgs.json newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev" diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index e1f92c51e..1faa23ec3 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -138,6 +138,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/services/coms/jitsi.nix> <stockholm/lass/2configs/fysiirc.nix> <stockholm/lass/2configs/bgt-bot> + <stockholm/lass/2configs/matrix.nix> <stockholm/krebs/2configs/mastodon-proxy.nix> { services.tor = { diff --git a/lass/1systems/ubik/config.nix b/lass/1systems/ubik/config.nix index 1d836d4ec..b153c0d3b 100644 --- a/lass/1systems/ubik/config.nix +++ b/lass/1systems/ubik/config.nix @@ -14,13 +14,25 @@ with import <stockholm/lib>; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPBFGMjH0+Dco6DVFZbByENMci8CFTLXCL7j53yctPnM"; }; - networking.firewall.allowedTCPPorts = [ 80 ]; + security.acme = { + acceptTerms = true; + defaults.email = "acme@lassul.us"; + }; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + # nextcloud + services.nginx.virtualHosts."c.apanowicz.de" = { + enableACME = true; + forceSSL = true; + }; services.nextcloud = { enable = true; + enableBrokenCiphersForSSE = false; hostName = "c.apanowicz.de"; package = pkgs.nextcloud25; config.adminpassFile = "/run/nextcloud.pw"; https = true; + maxUploadSize = "9001M"; }; systemd.services.nextcloud-setup.serviceConfig.ExecStartPre = [ "+${pkgs.writeDash "copy-pw" '' diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 79777429a..654247728 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -14,6 +14,7 @@ in { ./tmux.nix ./xmonad.nix ./themes.nix + ./fonts.nix { users.users.mainUser.packages = [ pkgs.sshuttle @@ -26,15 +27,15 @@ in { options.lass.fonts = { regular = mkOption { type = types.str; - default = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1"; + default = "xft:Iosevka Term SS15:style=regular"; }; bold = mkOption { type = types.str; - default = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1"; + default = "xft:Iosevka Term SS15:style=bold"; }; italic = mkOption { type = types.str; - default = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1"; + default = "xft:Iosevka Term SS15:style=italic"; }; }; config.krebs.xresources.resources.X = '' @@ -100,63 +101,6 @@ in { '') ]; - fonts = { - fontDir.enable = true; - enableGhostscriptFonts = true; - - fonts = with pkgs; [ - xorg.fontschumachermisc - inconsolata - noto-fonts - (iosevka.override { - # https://typeof.net/Iosevka/customizer - privateBuildPlan = { - family = "Iosevka"; - spacing = "term"; - serifs = "slab"; - no-ligation = true; - - variants.design = { - capital-j = "serifless"; - a = "double-storey-tailed"; - b = "toothless-corner"; - d = "toothless-corner-serifless"; - f = "flat-hook-tailed"; - g = "earless-corner"; - i = "hooky"; - j = "serifless"; - l = "tailed"; - - m = "earless-corner-double-arch"; - n = "earless-corner-straight"; - p = "earless-corner"; - q = "earless-corner"; - r = "earless-corner"; - u = "toothless-rounded"; - y = "cursive-flat-hook"; - - one = "no-base-long-top-serif"; - two = "straight-neck"; - three = "flat-top"; - four = "open"; - six = "open-contour"; - seven = "straight-serifless"; - eight = "two-circles"; - nine = "open-contour"; - tilde = "low"; - asterisk = "hex-low"; - number-sign = "upright"; - at = "short"; - dollar = "open"; - percent = "dots"; - question = "corner-flat-hooked"; - }; - }; - set = "kookiefonts"; - }) - ]; - }; - services.udev.extraRules = '' SUBSYSTEM=="backlight", ACTION=="add", \ RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness", \ diff --git a/lass/2configs/fonts.nix b/lass/2configs/fonts.nix new file mode 100644 index 000000000..3d047e513 --- /dev/null +++ b/lass/2configs/fonts.nix @@ -0,0 +1,14 @@ +{ config, lib, pkgs, ... }: +{ + fonts = { + fontDir.enable = true; + enableGhostscriptFonts = true; + + fonts = with pkgs; [ + xorg.fontschumachermisc + inconsolata + noto-fonts + (iosevka-bin.override { variant = "ss15"; }) + ]; + }; +} diff --git a/lass/2configs/matrix.nix b/lass/2configs/matrix.nix new file mode 100644 index 000000000..cdcbe7ab0 --- /dev/null +++ b/lass/2configs/matrix.nix @@ -0,0 +1,80 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; +{ + services.matrix-synapse = { + # synapse 1.60.0 errors during startup with: + # https://github.com/matrix-org/synapse/issues/15809 + package = pkgs.matrix-synapse.overrideAttrs (oldAttrs: rec { + version = "1.85.2"; + name = "matrix-synapse-${version}"; + src = pkgs.fetchFromGitHub { + owner = "matrix-org"; + repo = "synapse"; + rev = "v${version}"; + hash = "sha256-pFafBsisBPfpDnFYWcimUuBgfFVPZzLna3yHeqIBAAE="; + }; + cargoDeps = pkgs.rustPlatform.fetchCargoTarball { + inherit src; + name = "matrix-synapse-${version}"; + hash = "sha256-dnno+5Ma0YNYpmj3oZ5UG22uAanKwVT67BwQW+mHoFc="; + }; + doCheck = false; + }); + enable = true; + settings = { + server_name = "lassul.us"; + # registration_shared_secret = "yolo"; + database.name = "sqlite3"; + turn_uris = [ + "turn:turn.matrix.org?transport=udp" + "turn:turn.matrix.org?transport=tcp" + ]; + listeners = [ + { + port = 8008; + bind_addresses = [ "::1" ]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ + { + names = [ "client" ]; + compress = true; + } + { + names = [ "federation" ]; + compress = false; + } + ]; + } + ]; + }; + }; + services.nginx = { + virtualHosts = { + "lassul.us" = { + locations."= /.well-known/matrix/server".extraConfig = '' + add_header Content-Type application/json; + return 200 '${builtins.toJSON { + "m.server" = "matrix.lassul.us:443"; + }}'; + ''; + locations."= /.well-known/matrix/client".extraConfig = '' + add_header Content-Type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '${builtins.toJSON { + "m.homeserver" = { "base_url" = "https://matrix.lassul.us"; }; + "m.identity_server" = { "base_url" = "https://vector.im"; }; + }}'; + ''; + }; + "matrix.lassul.us" = { + forceSSL = true; + enableACME = true; + locations."/_matrix" = { + proxyPass = "http://[::1]:8008"; + }; + }; + }; + }; +} diff --git a/lass/2configs/mpv.nix b/lass/2configs/mpv.nix index f88d0d91d..b11e54c2c 100644 --- a/lass/2configs/mpv.nix +++ b/lass/2configs/mpv.nix @@ -1,28 +1,10 @@ { pkgs, lib, ... }: let - - download_subs = pkgs.writers.writePython3 "download_sub" { - libraries = [ pkgs.python3Packages.subliminal ]; - } '' - from subliminal import download_best_subtitles, scan_video - from babelfish import Language - import sys - - video_filename = sys.argv[1] - - vid = scan_video(video_filename) - try: - sub = download_best_subtitles([vid], {Language('eng')})[vid][0] - - filename = '/tmp/' + vid.title + '.srt' - - with open(filename, 'wb+') as file: - file.write(sub.content) - - print(filename) - except: # noqa - print("/dev/null") + dl_subs = pkgs.writers.writeDashBin "dl_subs" '' + filename=$1 + ${pkgs.subdl}/bin/subdl --output='/tmp/{m}.{M}.sub' "$filename" 1>&2 + echo "/tmp/$(basename "$filename").sub" ''; autosub = pkgs.writeText "autosub.lua" '' @@ -39,10 +21,9 @@ let function download() log('Searching subtitles ...', 10) - table = { args = {"${download_subs}", mp.get_property('path')} } - result = utils.subprocess(table) + path = mp.get_property('path') + result = utils.subprocess({ args = {"${dl_subs}/bin/dl_subs", path} }) if result.error == nil then - -- remove trailing newline from subtitle filename filename = string.gsub(result.stdout, "\n", "") log(filename) mp.commandv('sub_add', filename) @@ -78,6 +59,8 @@ let mpvInput = pkgs.writeText "mpv.input" '' : script-binding console/enable + x add audio-delay -0.050 + X add audio-delay 0.050 ''; mpvConfig = pkgs.writeText "mpv.conf" '' @@ -89,14 +72,7 @@ let paths = [ (pkgs.writeDashBin "mpv" '' set -efu - if [ -n "''${DISPLAY+x}" ]; then - Y_RES=$(${pkgs.xorg.xrandr}/bin/xrandr | - ${pkgs.jc}/bin/jc --xrandr | - ${pkgs.jq}/bin/jq '.screens[0].current_width' - ) - else - Y_RES=1000 - fi + Y_RES=1081 # we need to disable sponsorblock local database because of # https://github.com/po5/mpv_sponsorblock/issues/31 exec ${pkgs.mpv.override { @@ -105,7 +81,6 @@ let youtube-quality ]; }}/bin/mpv \ - -vo=gpu \ --no-config \ --input-conf=${mpvInput} \ --include=${mpvConfig} \ @@ -113,6 +88,7 @@ let --ytdl-format="best[height<$Y_RES]" \ --script-opts=ytdl_hook-ytdl_path=${pkgs.yt-dlp}/bin/yt-dlp \ --script-opts-append=sponsorblock-local_database=no \ + --audio-channels=2 \ "$@" '') pkgs.mpv @@ -122,5 +98,6 @@ let in { environment.systemPackages = [ mpv + dl_subs ]; } diff --git a/lass/2configs/themes.nix b/lass/2configs/themes.nix index e9f83deea..60e2f7aec 100644 --- a/lass/2configs/themes.nix +++ b/lass/2configs/themes.nix @@ -15,7 +15,7 @@ ${pkgs.coreutils}/bin/chown lass:users /var/theme/current_theme ${pkgs.xorg.xrdb}/bin/xrdb -merge /var/theme/config/xresources ${pkgs.procps}/bin/pkill -HUP xsettingsd - ${pkgs.glib}/bin/gsettings set org.gnome.desktop.interface gtk-theme "$(cat /var/theme/config/gtk-theme)" + ${pkgs.glib}/bin/gsettings set org.gnome.desktop.interface gtk-theme "$(cat /var/theme/config/gtk-theme)" || : else echo "theme $1 not found" fi diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 90a0a5a72..c57fb5907 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -29,8 +29,10 @@ in { (servePage [ "apanowicz.de" "www.apanowicz.de" ]) (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) (servePage [ "illustra.de" "www.illustra.de" ]) - (servePage [ "nirwanabluete.de" "www.nirwanabluete.de" ]) + (servePage [ "event-extra.de" "www.event-extra.de" ]) + # (servePage [ "nirwanabluete.de" "www.nirwanabluete.de" ]) (servePage [ "familienrat-hamburg.de" "www.familienrat-hamburg.de" ]) + (servePage [ "karlaskop.de" ]) (servePage [ "freemonkey.art" "www.freemonkey.art" @@ -58,7 +60,6 @@ in { "factscloud.ubikmedia.de" "illucloud.ubikmedia.de" "joemisch.ubikmedia.de" - "karlaskop.ubikmedia.de" "nb.ubikmedia.de" "youthtube.ubikmedia.de" "weirdwednesday.ubikmedia.de" @@ -103,8 +104,9 @@ in { }; services.nextcloud = { enable = true; + enableBrokenCiphersForSSE = false; hostName = "o.xanf.org"; - package = pkgs.nextcloud24; + package = pkgs.nextcloud25; config = { adminpassFile = "/run/nextcloud.pw"; overwriteProtocol = "https"; diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix index 845a7e3b8..10ca013f8 100644 --- a/lass/2configs/weechat.nix +++ b/lass/2configs/weechat.nix @@ -3,7 +3,7 @@ weechat-configured = pkgs.weechat-declarative.override { config = { scripts = [ - pkgs.weechat-matrix + pkgs.weechatScripts.weechat-matrix pkgs.weechatScripts.wee-slack ]; settings = { diff --git a/lass/2configs/xmonad.nix b/lass/2configs/xmonad.nix index 1789725d1..e2d9cff5d 100644 --- a/lass/2configs/xmonad.nix +++ b/lass/2configs/xmonad.nix @@ -68,7 +68,7 @@ myTerm :: FilePath myTerm = "/run/current-system/sw/bin/alacritty" myFont :: String -myFont = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1" +myFont = "${config.lass.fonts.regular}" main :: IO () main = do diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 0e1a794ca..4082c8bd2 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -1,6 +1,7 @@ _: { imports = [ + ../../submodules/disko/module.nix ./dnsmasq.nix ./drbd.nix ./folderPerms.nix diff --git a/lass/5pkgs/weechat-matrix/default.nix b/lass/5pkgs/weechat-matrix/default.nix deleted file mode 100644 index 40848caaa..000000000 --- a/lass/5pkgs/weechat-matrix/default.nix +++ /dev/null @@ -1,80 +0,0 @@ -{ python3Packages -, lib -, fetchFromGitHub -}: - -with python3Packages; - -let - scriptPython = python.withPackages (ps: with ps; [ - aiohttp - requests - python_magic - ]); - - version = "lassulus-fork"; -in python3Packages.buildPythonPackage { - pname = "weechat-matrix"; - inherit version; - - src = fetchFromGitHub { - owner = "poljar"; - repo = "weechat-matrix"; - rev = version; - hash = "sha256-o4kgneszVLENG167nWnk2FxM+PsMzi+PSyMUMIktZcc="; - }; - # src = ./weechat-matrix; - - propagatedBuildInputs = [ - pyopenssl - webcolors - future - atomicwrites - attrs - Logbook - pygments - matrix-nio - aiohttp - requests - ]; - - passthru.scripts = [ "matrix.py" ]; - - dontBuild = true; - doCheck = false; - - format = "other"; - - installPhase = '' - mkdir -p $out/share $out/bin - cp main.py $out/share/matrix.py - - cp contrib/matrix_upload.py $out/bin/matrix_upload - cp contrib/matrix_decrypt.py $out/bin/matrix_decrypt - cp contrib/matrix_sso_helper.py $out/bin/matrix_sso_helper - substituteInPlace $out/bin/matrix_upload \ - --replace '/usr/bin/env -S python3' '${scriptPython}/bin/python' - substituteInPlace $out/bin/matrix_sso_helper \ - --replace '/usr/bin/env -S python3' '${scriptPython}/bin/python' - substituteInPlace $out/bin/matrix_decrypt \ - --replace '/usr/bin/env python3' '${scriptPython}/bin/python' - - mkdir -p $out/${python.sitePackages} - cp -r matrix $out/${python.sitePackages}/matrix - ''; - - dontPatchShebangs = true; - postFixup = '' - addToSearchPath program_PYTHONPATH $out/${python.sitePackages} - patchPythonScript $out/share/matrix.py - substituteInPlace $out/${python.sitePackages}/matrix/server.py --replace \"matrix_sso_helper\" \"$out/bin/matrix_sso_helper\" - ''; - - meta = with lib; { - description = "A Python plugin for Weechat that lets Weechat communicate over the Matrix protocol"; - homepage = "https://github.com/poljar/weechat-matrix"; - license = licenses.isc; - platforms = platforms.unix; - maintainers = with maintainers; [ tilpner emily ]; - }; -} diff --git a/lass/krops.nix b/lass/krops.nix index c8a5b94b7..81c679c5e 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -5,16 +5,33 @@ pkgs ; - source = { test }: lib.evalSource ([ (krebs-source { test = test; }) { nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix"; - nixpkgs-unstable.git = { - url = "https://github.com/nixos/nixpkgs"; - ref = (lib.importJSON ../krebs/nixpkgs-unstable.json).rev; - shallow = true; - }; + nixpkgs = lib.mkForce (if test then { + derivation = let + rev = (lib.importJSON ../krebs/nixpkgs-unstable.json).rev; + sha256 = (lib.importJSON ../krebs/nixpkgs-unstable.json).sha256; + in '' + with import (builtins.fetchTarball { + url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz"; + sha256 = "${sha256}"; + }) {}; + pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; + rev = "${rev}"; + sha256 = "${sha256}"; + } + ''; + } else { + git = { + ref = (lib.importJSON ../krebs/nixpkgs.json).rev; + url = https://github.com/NixOS/nixpkgs; + shallow = true; + }; + }); secrets = if test then { file = toString ./2configs/tests/dummy-secrets; } else { diff --git a/lib/default.nix b/lib/default.nix index 187514a30..f9f2f1579 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,225 +1 @@ -let - nixpkgs-lib = import <nixpkgs/lib>; - lib = with lib; nixpkgs-lib // builtins // { - - evalModulesConfig = modules: let - eval = evalModules { - inherit modules; - }; - in filterAttrsRecursive (name: _: !hasPrefix "_" name) eval.config; - - evalSource = import ./eval-source.nix; - - evalSubmodule = submodule: modules: let - prefix = ["evalSubmodule"]; - in evalModulesConfig [ - { - options = removeAttrs (submodule.getSubOptions prefix) ["_module"]; - imports = modules; - } - ]; - - git = import ./git.nix { inherit lib; }; - haskell = import ./haskell.nix { inherit lib; }; - krebs = import ./krebs lib; - krops = import ../submodules/krops/lib; - shell = import ./shell.nix { inherit lib; }; - systemd = { - encodeName = replaceChars ["/"] ["\\x2f"]; - }; - types = nixpkgs-lib.types // import ./types.nix { inherit lib; }; - uri = import ./uri.nix { inherit lib; }; - xml = import ./xml.nix { inherit lib; }; - - # compose a list of functions to be applied from left to right, i.e. - # compose :: [ (xm -> xn) ... (x1 -> x2) (x0 -> x1) ] -> x0 -> xn - compose = foldl' (f: g: x: f (g x)) id; - - eq = x: y: x == y; - ne = x: y: x != y; - mod = x: y: x - y * (x / y); - - on = b: u: x: y: b (u x) (u y); - - genid = lib.genid_uint32; # TODO remove - genid_uint31 = x: ((lib.genid_uint32 x) + 16777216) / 2; - genid_uint32 = import ./genid.nix { inherit lib; }; - - hexchars = stringToCharacters "0123456789abcdef"; - - lpad = n: c: s: - if lib.stringLength s < n - then lib.lpad n c (c + s) - else s; - - genAttrs' = names: f: listToAttrs (map f names); - - getAttrs = names: set: - listToAttrs (map (name: nameValuePair name set.${name}) - (filter (flip hasAttr set) names)); - - maybeHead = x: if isList x && length x > 0 then head x else null; - - packageName = pkg: - pkg.pname or (parseDrvName pkg.name).name; - - test = re: x: isString x && testString re x; - - testString = re: x: match re x != null; - - toC = x: let - type = typeOf x; - reject = throw "cannot convert ${type}"; - in { - int = toJSON x; # close enough - list = "{ ${concatStringsSep ", " (map toC x)} }"; - null = "NULL"; - set = if isDerivation x then toJSON x else reject; - string = toJSON x; # close enough - }.${type} or reject; - - indent = replaceChars ["\n"] ["\n "]; - - stripAttr = converge (filterAttrsRecursive (n: v: v != {} && v != null)); - - mapNixDir = f: x: { - list = foldl' mergeAttrs {} (map (mapNixDir1 f) x); - path = mapNixDir1 f x; - }.${typeOf x}; - - mapNixDir1 = f: dirPath: - let - toPackageName = name: - if test "^[0-9].*" name then "_${name}" else name; - in - listToAttrs - (map - (relPath: let - name = removeSuffix ".nix" relPath; - path = dirPath + "/${relPath}"; - in - nameValuePair (toPackageName name) (f path)) - (attrNames - (filterAttrs isNixDirEntry (readDir dirPath)))); - - isNixDirEntry = name: type: - (type == "regular" && hasSuffix ".nix" name && name != "default.nix") || - (type == "directory" && !hasPrefix "." name); - - # https://tools.ietf.org/html/rfc5952 - normalize-ip6-addr = - let - max-run-0 = - let - both = v: { off = v; pos = v; }; - gt = a: b: a.pos - a.off > b.pos - b.off; - - chkmax = ctx: { - cur = both (ctx.cur.pos + 1); - max = if gt ctx.cur ctx.max then ctx.cur else ctx.max; - }; - - incpos = ctx: recursiveUpdate ctx { - cur.pos = ctx.cur.pos + 1; - }; - - f = ctx: blk: (if blk == "0" then incpos else chkmax) ctx; - z = { cur = both 0; max = both 0; }; - in - blks: (chkmax (foldl' f z blks)).max; - - group-zeros = a: - let - blks = splitString ":" a; - max = max-run-0 blks; - lhs = take max.off blks; - rhs = drop max.pos blks; - in - if max.pos == 0 - then a - else let - sep = - if 8 - (length lhs + length rhs) == 1 - then ":0:" - else "::"; - in - "${concatStringsSep ":" lhs}${sep}${concatStringsSep ":" rhs}"; - - drop-leading-zeros = - let - f = block: - let - res = match "0*(.+)" block; - in - if res == null - then block # empty block - else elemAt res 0; - in - a: concatStringsSep ":" (map f (splitString ":" a)); - in - a: - toLower - (if test ".*::.*" a - then a - else group-zeros (drop-leading-zeros a)); - - hashToLength = n: s: substring 0 n (hashString "sha256" s); - - dropLast = n: xs: reverseList (drop n (reverseList xs)); - takeLast = n: xs: reverseList (take n (reverseList xs)); - - # Split string into list of chunks where each chunk is at most n chars long. - # The leftmost chunk might shorter. - # Example: stringToGroupsOf "123456" -> ["12" "3456"] - stringToGroupsOf = n: s: let - acc = - foldl' - (acc: c: if stringLength acc.chunk < n then { - chunk = acc.chunk + c; - chunks = acc.chunks; - } else { - chunk = c; - chunks = acc.chunks ++ [acc.chunk]; - }) - { - chunk = ""; - chunks = []; - } - (stringToCharacters s); - in - filter (x: x != []) ([acc.chunk] ++ acc.chunks); - - # Filter adjacent duplicate elements. - uniq = uniqBy eq; - - # Filter adjacent duplicate elements determined via the given function. - uniqBy = cmp: let - f = a: s: - if length s == 0 then - [] - else let - b = head s; - in - if cmp a b then - f b (tail s) - else - [b] ++ f b (tail s); - in - s: - if length s == 0 then - [] - else let - b = head s; - in - [b] ++ f b (tail s); - - warnOldVersion = oldName: newName: - if compareVersions oldName newName != -1 then - trace "Upstream `${oldName}' gets overridden by `${newName}'." newName - else - newName; - }; -in - -lib -// { inherit lib; } +import ./impure.nix diff --git a/lib/impure.nix b/lib/impure.nix new file mode 100644 index 000000000..3f95c375f --- /dev/null +++ b/lib/impure.nix @@ -0,0 +1,3 @@ +import ./pure.nix { + lib = import <nixpkgs/lib>; +} diff --git a/lib/pure.nix b/lib/pure.nix new file mode 100644 index 000000000..bb2d586f6 --- /dev/null +++ b/lib/pure.nix @@ -0,0 +1,227 @@ +{ lib, ... }: +let + nixpkgs-lib = lib; + stockholm.lib = with stockholm.lib; nixpkgs-lib // builtins // { + + evalModulesConfig = modules: let + eval = evalModules { + inherit modules; + }; + in filterAttrsRecursive (name: _: !hasPrefix "_" name) eval.config; + + evalSource = import ./eval-source.nix; + + evalSubmodule = submodule: modules: let + prefix = ["evalSubmodule"]; + in evalModulesConfig [ + { + options = removeAttrs (submodule.getSubOptions prefix) ["_module"]; + imports = modules; + } + ]; + + git = import ./git.nix { inherit (stockholm) lib; }; + haskell = import ./haskell.nix { inherit (stockholm) lib; }; + krebs = import ./krebs stockholm.lib; + krops = import ../submodules/krops/lib; + shell = import ./shell.nix { inherit (stockholm) lib; }; + systemd = { + encodeName = replaceChars ["/"] ["\\x2f"]; + }; + types = nixpkgs-lib.types // import ./types.nix { lib = stockholm.lib; }; + uri = import ./uri.nix { inherit (stockholm) lib; }; + xml = import ./xml.nix { inherit (stockholm) lib; }; + + # compose a list of functions to be applied from left to right, i.e. + # compose :: [ (xm -> xn) ... (x1 -> x2) (x0 -> x1) ] -> x0 -> xn + compose = foldl' (f: g: x: f (g x)) id; + + eq = x: y: x == y; + ne = x: y: x != y; + mod = x: y: x - y * (x / y); + + on = b: u: x: y: b (u x) (u y); + + genid = stockholm.lib.genid_uint32; # TODO remove + genid_uint31 = x: ((stockholm.lib.genid_uint32 x) + 16777216) / 2; + genid_uint32 = import ./genid.nix { lib = stockholm.lib; }; + + hexchars = stringToCharacters "0123456789abcdef"; + + lpad = n: c: s: + if lib.stringLength s < n + then stockholm.lib.lpad n c (c + s) + else s; + + genAttrs' = names: f: listToAttrs (map f names); + + getAttrs = names: set: + listToAttrs (map (name: nameValuePair name set.${name}) + (filter (flip hasAttr set) names)); + + maybeHead = x: if isList x && length x > 0 then head x else null; + + packageName = pkg: + pkg.pname or (parseDrvName pkg.name).name; + + test = re: x: isString x && testString re x; + + testString = re: x: match re x != null; + + toC = x: let + type = typeOf x; + reject = throw "cannot convert ${type}"; + in { + int = toJSON x; # close enough + list = "{ ${concatStringsSep ", " (map toC x)} }"; + null = "NULL"; + set = if isDerivation x then toJSON x else reject; + string = toJSON x; # close enough + }.${type} or reject; + + indent = replaceChars ["\n"] ["\n "]; + + stripAttr = converge (filterAttrsRecursive (n: v: v != {} && v != null)); + + mapNixDir = f: x: { + list = foldl' mergeAttrs {} (map (mapNixDir1 f) x); + path = mapNixDir1 f x; + }.${typeOf x}; + + mapNixDir1 = f: dirPath: + let + toPackageName = name: + if test "^[0-9].*" name then "_${name}" else name; + in + listToAttrs + (map + (relPath: let + name = removeSuffix ".nix" relPath; + path = dirPath + "/${relPath}"; + in + nameValuePair (toPackageName name) (f path)) + (attrNames + (filterAttrs isNixDirEntry (readDir dirPath)))); + + isNixDirEntry = name: type: + (type == "regular" && hasSuffix ".nix" name && name != "default.nix") || + (type == "directory" && !hasPrefix "." name); + + # https://tools.ietf.org/html/rfc5952 + normalize-ip6-addr = + let + max-run-0 = + let + both = v: { off = v; pos = v; }; + gt = a: b: a.pos - a.off > b.pos - b.off; + + chkmax = ctx: { + cur = both (ctx.cur.pos + 1); + max = if gt ctx.cur ctx.max then ctx.cur else ctx.max; + }; + + incpos = ctx: recursiveUpdate ctx { + cur.pos = ctx.cur.pos + 1; + }; + + f = ctx: blk: (if blk == "0" then incpos else chkmax) ctx; + z = { cur = both 0; max = both 0; }; + in + blks: (chkmax (foldl' f z blks)).max; + + group-zeros = a: + let + blks = splitString ":" a; + max = max-run-0 blks; + lhs = take max.off blks; + rhs = drop max.pos blks; + in + if max.pos == 0 + then a + else let + sep = + if 8 - (length lhs + length rhs) == 1 + then ":0:" + else "::"; + in + "${concatStringsSep ":" lhs}${sep}${concatStringsSep ":" rhs}"; + + drop-leading-zeros = + let + f = block: + let + res = match "0*(.+)" block; + in + if res == null + then block # empty block + else elemAt res 0; + in + a: concatStringsSep ":" (map f (splitString ":" a)); + in + a: + toLower + (if test ".*::.*" a + then a + else group-zeros (drop-leading-zeros a)); + + hashToLength = n: s: substring 0 n (hashString "sha256" s); + + dropLast = n: xs: reverseList (drop n (reverseList xs)); + takeLast = n: xs: reverseList (take n (reverseList xs)); + + # Split string into list of chunks where each chunk is at most n chars long. + # The leftmost chunk might shorter. + # Example: stringToGroupsOf "123456" -> ["12" "3456"] + stringToGroupsOf = n: s: let + acc = + foldl' + (acc: c: if stringLength acc.chunk < n then { + chunk = acc.chunk + c; + chunks = acc.chunks; + } else { + chunk = c; + chunks = acc.chunks ++ [acc.chunk]; + }) + { + chunk = ""; + chunks = []; + } + (stringToCharacters s); + in + filter (x: x != []) ([acc.chunk] ++ acc.chunks); + + # Filter adjacent duplicate elements. + uniq = uniqBy eq; + + # Filter adjacent duplicate elements determined via the given function. + uniqBy = cmp: let + f = a: s: + if length s == 0 then + [] + else let + b = head s; + in + if cmp a b then + f b (tail s) + else + [b] ++ f b (tail s); + in + s: + if length s == 0 then + [] + else let + b = head s; + in + [b] ++ f b (tail s); + + warnOldVersion = oldName: newName: + if compareVersions oldName newName != -1 then + trace "Upstream `${oldName}' gets overridden by `${newName}'." newName + else + newName; + }; +in + +stockholm.lib +// { lib = stockholm.lib; } + diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix index 8b9812cf4..b9550cb2e 100644 --- a/makefu/1systems/cake/config.nix +++ b/makefu/1systems/cake/config.nix @@ -14,8 +14,15 @@ in { #<stockholm/makefu/2configs/support-nixos.nix> # <stockholm/makefu/2configs/homeautomation/default.nix> # <stockholm/makefu/2configs/homeautomation/google-muell.nix> + # <stockholm/makefu/2configs/hw/pseyecam.nix> # configure your hw: # <stockholm/makefu/2configs/save-diskspace.nix> + + # directly use the alsa device instead of attaching to pulse + + <stockholm/makefu/2configs/audio/respeaker.nix> + <stockholm/makefu/2configs/home/rhasspy/default.nix> + <stockholm/makefu/2configs/home/rhasspy/led-control.nix> ]; krebs = { enable = true; @@ -28,5 +35,4 @@ in { documentation.info.enable = false; documentation.man.enable = false; documentation.nixos.enable = false; - sound.enable = false; } diff --git a/makefu/1systems/cake/hardware-config.nix b/makefu/1systems/cake/hardware-config.nix index a0cd4fac1..932aa1929 100644 --- a/makefu/1systems/cake/hardware-config.nix +++ b/makefu/1systems/cake/hardware-config.nix @@ -10,5 +10,6 @@ options = [ "noatime" ]; }; }; - #hardware.raspberry-pi."4".fkms-3d.enable = true; + hardware.raspberry-pi."4".fkms-3d.enable = true; + hardware.raspberry-pi."4".audio.enable = true; } diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 26bfd0731..f40f113bb 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -10,6 +10,12 @@ in { <stockholm/makefu> ./hetznercloud { + # wait for mount + systemd.services.rtorrent.wantedBy = lib.mkForce []; + systemd.services.phpfpm-nextcloud.wantedBy = lib.mkForce []; + systemd.services.samba-smbd.wantedBy = lib.mkForce []; + } + { users.users.lass = { uid = 19002; isNormalUser = true; @@ -103,6 +109,7 @@ in { # <stockholm/makefu/2configs/sabnzbd.nix> # <stockholm/makefu/2configs/mail/mail.euer.nix> { krebs.exim.enable = mkDefault true; } + <stockholm/makefu/2configs/nix-community/mediawiki-matrix-bot.nix> # sharing <stockholm/makefu/2configs/share/gum.nix> # samba sahre @@ -125,7 +132,7 @@ in { <stockholm/makefu/2configs/backup/server.nix> <stockholm/makefu/2configs/backup/state.nix> <stockholm/makefu/2configs/wireguard/server.nix> - # <stockholm/makefu/2configs/wireguard/wiregrill.nix> + <stockholm/makefu/2configs/wireguard/wiregrill.nix> { # recent changes mediawiki bot networking.firewall.allowedUDPPorts = [ 5005 5006 ]; @@ -139,6 +146,7 @@ in { <stockholm/makefu/2configs/deployment/rss/rss.euer.krebsco.de.nix> # postgres backend <stockholm/makefu/2configs/deployment/rss/ratt.nix> + <stockholm/makefu/2configs/deployment/ntfysh.nix> <stockholm/makefu/2configs/deployment/owncloud.nix> #postgres backend ### Moving owncloud data dir to /media/cloud/nextcloud-data { @@ -173,7 +181,7 @@ in { # <stockholm/makefu/2configs/nginx/iso.euer.nix> # <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix> - <stockholm/makefu/2configs/deployment/graphs.nix> + # <stockholm/makefu/2configs/deployment/graphs.nix> #<stockholm/makefu/2configs/deployment/owncloud.nix> # <stockholm/makefu/2configs/deployment/board.euer.krebsco.de.nix> #<stockholm/makefu/2configs/deployment/feed.euer.krebsco.de> @@ -184,7 +192,7 @@ in { <stockholm/makefu/2configs/bgt/etherpad.euer.krebsco.de.nix> # <stockholm/makefu/2configs/deployment/systemdultras-rss.nix> - # <stockholm/makefu/2configs/shiori.nix> + <stockholm/makefu/2configs/shiori.nix> #<stockholm/makefu/2configs/workadventure> <stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix> diff --git a/makefu/1systems/gum/hetznercloud/network.nix b/makefu/1systems/gum/hetznercloud/network.nix index 24fe3842f..5159cf570 100644 --- a/makefu/1systems/gum/hetznercloud/network.nix +++ b/makefu/1systems/gum/hetznercloud/network.nix @@ -3,7 +3,7 @@ let external-mac = "96:00:01:24:33:f4"; external-gw = "172.31.1.1"; external-ip = "142.132.189.140"; - external-ip6 = "2a01:4f8:1c17:5cdf::2/64"; + external-ip6 = "2a01:4f8:1c17:5cdf::2"; external-gw6 = "fe80::1"; external-netmask = 32; external-netmask6 = 64; @@ -16,19 +16,20 @@ in SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" ''; networking = { + enableIPv6 = true; + nat.enableIPv6 = true; interfaces."${ext-if}" = { useDHCP = true; + ipv6.addresses = [{ + address = external-ip6; + prefixLength = external-netmask6; + }]; }; #ipv4.addresses = [{ # address = external-ip; # prefixLength = external-netmask; #}]; - #ipv6.addresses = [{ - # address = external-ip6; - # prefixLength = external-netmask6; - # }]; - #}; - #defaultGateway6 = { address = external-gw6; interface = ext-if; }; + defaultGateway6 = { address = external-gw6; interface = ext-if; }; #defaultGateway = external-gw; nameservers = [ "1.1.1.1" ]; }; diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix index 44fa14812..9a242a41b 100644 --- a/makefu/1systems/latte/config.nix +++ b/makefu/1systems/latte/config.nix @@ -32,8 +32,6 @@ in { <stockholm/makefu/2configs/share> # <stockholm/makefu/2configs/share/hetzner-client.nix> - # Services: - <stockholm/makefu/2configs/nix-community/mediawiki-matrix-bot.nix> # torrent is managed by gum # <stockholm/makefu/2configs/torrent/rtorrent.nix> diff --git a/makefu/1systems/minicake/config.nix b/makefu/1systems/minicake/config.nix new file mode 100644 index 000000000..fe66679ad --- /dev/null +++ b/makefu/1systems/minicake/config.nix @@ -0,0 +1,27 @@ +{ config,nixpkgsPath, pkgs, lib, ... }: +{ + krebs = { + enable = true; + + dns.providers.lan = "hosts"; + build.user = config.krebs.users.makefu; + }; + imports = [ + (nixpkgsPath + "/nixos/modules/profiles/minimal.nix") + (nixpkgsPath + "/nixos/modules/profiles/installation-device.nix") + ]; + + # cifs-utils fails to cross-compile + # Let's simplify this by removing all unneeded filesystems from the image. + boot.supportedFilesystems = lib.mkForce [ "vfat" ]; + + boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; + + + users.users = { + root = { + openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; + }; + }; + services.openssh.enable = true; +} diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 3ff1d0238..224e170dd 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -54,17 +54,19 @@ in { <stockholm/makefu/2configs/share/omo.nix> <stockholm/makefu/2configs/share/gum-client.nix> <stockholm/makefu/2configs/sync> - <stockholm/makefu/2configs/dcpp/airdcpp.nix> - { krebs.airdcpp.dcpp.shares = let - d = path: "/media/cryptX/${path}"; - in { - emu.path = d "emu"; - audiobooks.path = lib.mkForce (d "audiobooks"); - incoming.path = lib.mkForce (d "torrent"); - anime.path = d "anime"; - }; - krebs.airdcpp.dcpp.DownloadDirectory = "/media/cryptX/torrent/dcpp"; - } + + <stockholm/makefu/2configs/wireguard/wiregrill.nix> + #<stockholm/makefu/2configs/dcpp/airdcpp.nix> + #{ krebs.airdcpp.dcpp.shares = let + # d = path: "/media/cryptX/${path}"; + # in { + # emu.path = d "emu"; + # audiobooks.path = lib.mkForce (d "audiobooks"); + # incoming.path = lib.mkForce (d "torrent"); + # anime.path = d "anime"; + # }; + # krebs.airdcpp.dcpp.DownloadDirectory = "/media/cryptX/torrent/dcpp"; + #} { # copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/ #services.sabnzbd.enable = true; @@ -84,12 +86,12 @@ in { <stockholm/makefu/2configs/stats/telegraf> # <stockholm/makefu/2configs/stats/telegraf/europastats.nix> <stockholm/makefu/2configs/stats/telegraf/hamstats.nix> - # <stockholm/makefu/2configs/stats/arafetch.nix> + <stockholm/makefu/2configs/hw/cdrip.nix> # services { services.nginx.enable = true; - networking.firewall.allowedTCPPorts = [ 80 ]; + networking.firewall.allowedTCPPorts = [ 80 8123 ]; } # <stockholm/makefu/2configs/syncthing.nix> <stockholm/makefu/2configs/remote-build/slave.nix> @@ -100,10 +102,11 @@ in { <stockholm/makefu/2configs/home/jellyfin.nix> <stockholm/makefu/2configs/home/music.nix> <stockholm/makefu/2configs/home/photoprism.nix> - <stockholm/makefu/2configs/home/tonie.nix> + # <stockholm/makefu/2configs/home/tonie.nix> <stockholm/makefu/2configs/home/ps4srv.nix> # <stockholm/makefu/2configs/home/metube.nix> - <stockholm/makefu/2configs/home/ham> + # <stockholm/makefu/2configs/home/ham> + <stockholm/makefu/2configs/home/ham/docker.nix> <stockholm/makefu/2configs/home/zigbee2mqtt> { makefu.ps3netsrv = { diff --git a/makefu/1systems/snake/config.nix b/makefu/1systems/snake/config.nix index 1c6068e98..69e347d71 100644 --- a/makefu/1systems/snake/config.nix +++ b/makefu/1systems/snake/config.nix @@ -10,7 +10,7 @@ in { <stockholm/makefu/2configs/binary-cache/nixos.nix> <stockholm/makefu/2configs/home/rhasspy> - <stockholm/makefu/2configs/home/rhasspy/led-control.nix> + # <stockholm/makefu/2configs/hw/pseyecam.nix> ]; krebs = { enable = true; diff --git a/makefu/1systems/snake/hardware-config.nix b/makefu/1systems/snake/hardware-config.nix index 827c1d3eb..88124f659 100644 --- a/makefu/1systems/snake/hardware-config.nix +++ b/makefu/1systems/snake/hardware-config.nix @@ -2,6 +2,8 @@ { imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + ./wifi.nix + ./sound.nix ]; boot.loader.grub.enable = true; boot.loader.grub.version = 2; @@ -18,4 +20,5 @@ boot.kernelParams = [ "net.ifnames=0" ]; networking.hostId = "0123AABB"; + } diff --git a/makefu/1systems/snake/sound.nix b/makefu/1systems/snake/sound.nix new file mode 100644 index 000000000..452f4b4b1 --- /dev/null +++ b/makefu/1systems/snake/sound.nix @@ -0,0 +1,51 @@ +{ lib, ... }: { + imports = [ + <stockholm/makefu/2configs/gui/snake-kiosk.nix> + ]; + nixpkgs.config.allowUnfree = true; + networking.networkmanager.enable = lib.mkForce false; + # sound.enable = true; + #hardware.pulseaudio = { + # enable = true; + # systemWide = true; + # tcp = { + # enable = true; + # anonymousClients.allowAll = true; + # }; + #}; + + #users.users.makefu = { + # extraGroups = [ "pipewire" "audio" ]; + #}; + + + #services.xserver = { + # enable = true; + # # desktopManager.xterm.enable = true; + # desktopManager.xfce = { + # enable = true; + # noDesktop = true; + # }; + + # displayManager.autoLogin = { + # enable = true; + # user = "makefu"; + # }; + #}; + hardware.pulseaudio.enable = lib.mkForce false; + security.rtkit.enable = true; + #services.pipewire = { + # enable = true; + # systemWide = true; + # socketActivation = false; + # alsa.enable = true; + # alsa.support32Bit = true; + # pulse.enable = true; + # config.pipewire-pulse = { + # "pulse.properties"."server.address" = [ "unix:native" "tcp:4713" ]; + # }; + + #}; + + +} diff --git a/makefu/1systems/snake/source.nix b/makefu/1systems/snake/source.nix index b9a32a2c4..8fc2fff2d 100644 --- a/makefu/1systems/snake/source.nix +++ b/makefu/1systems/snake/source.nix @@ -3,5 +3,4 @@ full = true; home-manager = true; hw = true; - disko = true; } diff --git a/makefu/1systems/snake/wifi.nix b/makefu/1systems/snake/wifi.nix new file mode 100644 index 000000000..7e1569010 --- /dev/null +++ b/makefu/1systems/snake/wifi.nix @@ -0,0 +1,6 @@ +{ + networking.wireless = { + enable = true; + networks = import <secrets/wifi.nix>; + }; +} diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index b12a6397d..77f0f0337 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -22,7 +22,7 @@ in { # <stockholm/makefu/2configs/virtualisation/virtualbox.nix> <stockholm/makefu/2configs/tinc/retiolum.nix> <stockholm/makefu/2configs/gui/wbob-kiosk.nix> - { environment.systemPackages = [ pkgs.nano ]; } + { environment.systemPackages = [ pkgs.brother_ql_web pkgs.nano ]; } # <stockholm/makefu/2configs/gui/studio-virtual.nix> # <stockholm/makefu/2configs/audio/jack-on-pulse.nix> @@ -53,6 +53,7 @@ in { <stockholm/makefu/2configs/bureautomation> # new hass entry point <stockholm/makefu/2configs/bureautomation/led-fader.nix> + <stockholm/makefu/2configs/bureautomation/printer.nix> # <stockholm/makefu/2configs/bureautomation/kalauerbot.nix> now runs in thales # <stockholm/makefu/2configs/bureautomation/visitor-photostore.nix> # <stockholm/makefu/2configs/bureautomation/mpd.nix> #mpd is only used for TTS, this is the web interface @@ -100,7 +101,9 @@ in { <stockholm/makefu/2configs/backup/state.nix> # temporary # <stockholm/makefu/2configs/temp/rst-issue.nix> - { services.jellyfin.enable = true; } + { + services.jellyfin.enable = true; + } ]; krebs = { diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 3f9e071e6..784f9148f 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -48,6 +48,16 @@ { bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa";} ]; } + #{ + # imports = [ + # <stockholm/makefu/2configs/bureautomation/rhasspy.nix> + # ]; + # services.pipewire.config.pipewire-pulse = { + # "pulse.properties"."server.address" = [ "unix:native" "tcp:4713" ]; + # }; + # networking.firewall.allowedTCPPorts = [ 4713 ]; + + #} #{ # users.users.makefu.packages = with pkgs;[ mpc_cli ncmpcpp ]; @@ -130,7 +140,7 @@ # <stockholm/makefu/2configs/deployment/hound> # <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix> # <stockholm/makefu/2configs/deployment/bureautomation/hass.nix> - <stockholm/makefu/2configs/bureautomation/office-radio> + # <stockholm/makefu/2configs/bureautomation/office-radio> # Krebs <stockholm/makefu/2configs/tinc/retiolum.nix> @@ -146,7 +156,7 @@ <stockholm/makefu/2configs/mail-client.nix> <stockholm/makefu/2configs/printer.nix> # <stockholm/makefu/2configs/syncthing.nix> - <stockholm/makefu/2configs/sync> + # <stockholm/makefu/2configs/sync> # Virtualization # <stockholm/makefu/2configs/virtualisation/libvirt.nix> @@ -179,6 +189,7 @@ # temporary # { services.redis.enable = true; } + # citadel exporter # { services.mongodb.enable = true; } # { services.elasticsearch.enable = true; } # <stockholm/makefu/2configs/deployment/nixos.wiki> @@ -189,27 +200,28 @@ # <stockholm/makefu/2configs/lanparty/lancache-dns.nix> # <stockholm/makefu/2configs/lanparty/samba.nix> # <stockholm/makefu/2configs/lanparty/mumble-server.nix> - - { - networking.wireguard.interfaces.wg0 = { - ips = [ "10.244.0.2/24" ]; - privateKeyFile = (toString <secrets>) + "/wireguard.key"; - allowedIPsAsRoutes = true; - peers = [ - { - # gum - endpoint = "${config.krebs.hosts.gum.nets.internet.ip4.addr}:51820"; - allowedIPs = [ "10.244.0.0/24" ]; - publicKey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo="; - } - #{ - # # vbob - # allowedIPs = [ "10.244.0.3/32" ]; - # publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; - #} - ]; - }; - } + <stockholm/makefu/2configs/wireguard/wiregrill.nix> + +# { +# networking.wireguard.interfaces.wg0 = { +# ips = [ "10.244.0.2/24" ]; +# privateKeyFile = (toString <secrets>) + "/wireguard.key"; +# allowedIPsAsRoutes = true; +# peers = [ +# { +# # gum +# endpoint = "${config.krebs.hosts.gum.nets.internet.ip4.addr}:51820"; +# allowedIPs = [ "10.244.0.0/24" ]; +# publicKey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo="; +# } +# #{ +# # # vbob +# # allowedIPs = [ "10.244.0.3/32" ]; +# # publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; +# #} +# ]; +# }; +# } ]; diff --git a/makefu/1systems/x/x13/battery.nix b/makefu/1systems/x/x13/battery.nix new file mode 100644 index 000000000..3e28292e3 --- /dev/null +++ b/makefu/1systems/x/x13/battery.nix @@ -0,0 +1,6 @@ +{ pkgs, ... }: +{ + powerManagement.powertop.enable = true; + services.power-profiles-daemon.enable = true; + users.users.makefu.packages = [ pkgs.gnome.gnome-power-manager ]; +} diff --git a/makefu/1systems/x/x13/default.nix b/makefu/1systems/x/x13/default.nix index d652229f9..27ea0c99c 100644 --- a/makefu/1systems/x/x13/default.nix +++ b/makefu/1systems/x/x13/default.nix @@ -4,6 +4,7 @@ imports = [ ./zfs.nix ./input.nix + ./battery.nix <stockholm/makefu/2configs/hw/bluetooth.nix> <nixos-hardware/lenovo/thinkpad/l14/amd> # close enough # <stockholm/makefu/2configs/hw/tpm.nix> @@ -17,23 +18,26 @@ # services.xserver.enable = lib.mkForce false; - services.xserver.videoDrivers = [ - "amdgpu" + services.xserver.videoDrivers = [ "amdgpu" ]; + boot.initrd.kernelModules = [ "amdgpu" ]; + hardware.opengl.driSupport = true; + hardware.opengl.extraPackages = [ pkgs.amdvlk pkgs.rocm-opencl-icd pkgs.rocm-opencl-runtime ]; + # For 32 bit applications + hardware.opengl.driSupport32Bit = true; + hardware.opengl.extraPackages32 = with pkgs; [ + driversi686Linux.amdvlk ]; - hardware.opengl.extraPackages = [ pkgs.amdvlk pkgs.rocm-opencl-icd ]; # is required for amd graphics support ( xorg wont boot otherwise ) #boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelPackages = lib.mkForce pkgs.linuxPackages; - environment.variables.VK_ICD_FILENAMES = - "/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json"; - services.fwupd.enable = true; programs.light.enable = true; users.groups.video = {}; - users.users.makefu.extraGroups = [ "video" ]; + users.groups.render = {}; + users.users.makefu.extraGroups = [ "video" "render" ]; boot.extraModprobeConfig = '' options thinkpad_acpi fan_control=1 diff --git a/makefu/1systems/x/x13/disk.nix b/makefu/1systems/x/x13/disk.nix new file mode 100644 index 000000000..7ce77bdf5 --- /dev/null +++ b/makefu/1systems/x/x13/disk.nix @@ -0,0 +1,67 @@ +{ disk ? "/dev/sda", ... }: { + disko.devices = { + disk = { + nvme = { + type = "disk"; + device = disk; + content = { + type = "table"; + format = "gpt"; + partitions = [ + { + name = "ESP"; + start = "0"; + end = "512MiB"; + fs-type = "fat32"; + bootable = true; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + } + { + name = "zfs"; + start = "512MiB"; + end = "100%"; + content = { + type = "zfs"; + pool = "tank"; + }; + } + ]; + }; + }; + }; + zpool = { + tank = { + type = "zpool"; + rootFsOptions = { + compression = "lz4"; + #reservation = "5G"; + "com.sun:auto-snapshot" = "false"; + }; + mountpoint = null; + postCreateHook = "zfs snapshot tank@blank"; + + datasets = { + + root = { + type = "zfs_fs"; + mountpoint = "/"; + options = { + encryption = "aes-256-gcm"; + keyformat = "passphrase"; + "com.sun:auto-snapshot" = "true"; + }; + #keylocation = "file:///tmp/secret.key"; + }; + "root/home" = { + type = "zfs_fs"; + mountpoint = "/home"; + }; + }; + }; + }; + }; +} diff --git a/makefu/1systems/x/x13/input.nix b/makefu/1systems/x/x13/input.nix index 775e19303..93816ce84 100644 --- a/makefu/1systems/x/x13/input.nix +++ b/makefu/1systems/x/x13/input.nix @@ -4,14 +4,16 @@ # 1. for pressing insert hold shift+fn+Fin # scroll by holding middle mouse - services.xserver.displayManager.sessionCommands ='' - xinput set-int-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation" 8 1 - xinput set-int-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation Button" 8 2 - xinput set-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation Axes" 6 7 4 5 - # configure timeout of pressing and holding middle button - # xinput set-int-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation Timeout" 8 200 - xinput disable 'ETPS/2 Elantech Touchpad' - ''; + #services.xserver.displayManager.sessionCommands ='' + # xinput set-int-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation" 8 1 + # xinput set-int-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation Button" 8 2 + # xinput set-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation Axes" 6 7 4 5 + # # configure timeout of pressing and holding middle button + # # xinput set-int-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation Timeout" 8 200 + # xinput disable 'ETPS/2 Elantech Touchpad' + #''; + + services.xserver.libinput.enable = true; boot.kernelParams = [ #"psmouse.proto=imps" #"psmouse.proto=bare" @@ -27,20 +29,20 @@ { keys = [ 224 ]; events = [ "key" ]; command = "${pkgs.light}/bin/light -U 10"; } # fn - F6 # fn - 4 => suspend # fn - d => lcdshadow - { keys = [ 227 ]; events = [ "key" ]; command = builtins.toString ( # fn - F7 - pkgs.writers.writeDash "toggle_touchpad" '' - PATH=${lib.makeBinPath [ pkgs.xorg.xinput pkgs.gnugrep ]} - DISPLAY=:0 - export DISPLAY PATH + #{ keys = [ 227 ]; events = [ "key" ]; command = builtins.toString ( # fn - F7 + # pkgs.writers.writeDash "toggle_touchpad" '' + # PATH=${lib.makeBinPath [ pkgs.xorg.xinput pkgs.gnugrep ]} + # DISPLAY=:0 + # export DISPLAY PATH - device=$(xinput list --name-only | grep Touchpad) - if [ "$(xinput list-props "$device" | grep -P ".*Device Enabled.*\K.(?=$)" -o)" -eq 1 ];then - xinput disable "$device" - else - xinput enable "$device" - fi - ''); - } + # device=$(xinput list --name-only | grep Touchpad) + # if [ "$(xinput list-props "$device" | grep -P ".*Device Enabled.*\K.(?=$)" -o)" -eq 1 ];then + # xinput disable "$device" + # else + # xinput enable "$device" + # fi + # ''); + #} ]; }; } diff --git a/makefu/2configs/audio/jack-on-pulse.nix b/makefu/2configs/audio/jack-on-pulse.nix deleted file mode 100644 index e18b2192a..000000000 --- a/makefu/2configs/audio/jack-on-pulse.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ config, pkgs, ... }: -let - pulse = pkgs.pulseaudioFull; - user = config.makefu.gui.user; - wait_time = 30; -in -{ - sound.enable = true; - hardware.pulseaudio = { - enable = true; - package = pulse; - }; - - environment.systemPackages = with pkgs; [ - jack2Full - jack_capture - ]; - # from http://anderspapitto.com/posts/2015-11-26-overtone-on-nixos-with-jack-and-pulseaudio.html - - systemd.user.services = { - jackdbus = { - description = "Runs jack, and points pulseaudio at it"; - serviceConfig = { - Type = "oneshot"; - ExecStart = pkgs.writeScript "start_jack.sh" '' - #! ${pkgs.bash}/bin/bash - . ${config.system.build.setEnvironment} - - # TODO: correctly wait for pulseaudio, cannot use pulseaudio.service - sleep ${toString wait_time} # wait for the gui to load - - ${pkgs.jack2Full}/bin/jack_control start - sleep 3 # give some time for sources/sinks to be created - - ${pulse}/bin/pacmd set-default-sink jack_out - ${pulse}/bin/pacmd set-default-source jack_in - ''; - ExecStop = pkgs.writeScript "stop_jack.sh" '' - #! ${pkgs.bash}/bin/bash - . ${config.system.build.setEnvironment} - - ${pkgs.jack2Full}/bin/jack_control stop - ''; - RemainAfterExit = true; - Restart = "always"; - RestartSec = "5"; - }; - after = [ "display-manager.service" "sound.target" ]; - wantedBy = [ "default.target" ]; - }; - }; -} diff --git a/makefu/2configs/audio/respeaker.nix b/makefu/2configs/audio/respeaker.nix new file mode 100644 index 000000000..0aaef5dac --- /dev/null +++ b/makefu/2configs/audio/respeaker.nix @@ -0,0 +1,122 @@ +{ config, lib, pkgs, ... }: +let + seeed-voicecard = (pkgs.callPackage ../../5pkgs/seeed-voicecard { kernel = config.boot.kernelPackages.kernel; }); +in +{ + hardware.raspberry-pi."4".i2c1.enable = true; + hardware.raspberry-pi."4".audio.enable = true; + hardware.raspberry-pi."4".apply-overlays-dtmerge.enable = true; + hardware.deviceTree.filter = lib.mkForce "bcm2711-rpi-4-b.dtb"; + + security.rtkit.enable = true; + + environment.systemPackages = with pkgs; [ + alsaUtils + i2c-tools + ponymix + ]; + + sound.enable = true; + hardware.pulseaudio.enable = lib.mkForce false; + services.pipewire = { + enable = true; + systemWide = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + services.pipewire.config.pipewire-pulse = { + "pulse.properties"."server.address" = [ "unix:native" "tcp:4713" ]; + }; + + sound.extraConfig = '' + pcm.!default { + type asym + playback.pcm "playback" + capture.pcm "ac108" + } + + pcm.ac108 { + type plug + slave.pcm "hw:seeed4micvoicec" + } + '' ; + + + boot.extraModulePackages = [ + seeed-voicecard + ]; + boot.initrd.kernelModules = [ + "snd-soc-seeed-voicecard" + "snd-soc-ac108" + "i2c-dev" + #"i2c-bcm2708" + #"snd-soc-wm8960" + ]; + + boot.loader.raspberryPi.firmwareConfig = [ + "dtparam=i2c_arm=on" + "dtparam=i2s=on" + "dtparam=spi=on" + "dtparam=i2c1=on" + # dtoverlay=seeeed-8mic-voicecard not required because we use hardware.deviceTree + ]; + hardware.deviceTree = { + enable = true; + overlays = [ + { name = "respeaker-4mic"; dtsFile = "${seeed-voicecard}/lib/dts/seeed-4mic-voicecard-overlay.dts";} + { name = "spi"; dtsText = '' + /dts-v1/; + /plugin/; + + / { + compatible = "raspberrypi"; + fragment@0 { + target = <&spi>; + __overlay__ { + cs-gpios = <&gpio 8 1>, <&gpio 7 1>; + status = "okay"; + pinctrl-names = "default"; + pinctrl-0 = <&spi0_pins &spi0_cs_pins>; + #address-cells = <1>; + #size-cells = <0>; + spidev@0 { + reg = <0>; // CE0 + spi-max-frequency = <500000>; + compatible = "spidev"; + }; + + spidev@1 { + reg = <1>; // CE1 + spi-max-frequency = <500000>; + compatible = "spidev"; + }; + }; + }; + fragment@1 { + target = <&alt0>; + __overlay__ { + // Drop GPIO 7, SPI 8-11 + brcm,pins = <4 5>; + }; + }; + + fragment@2 { + target = <&gpio>; + __overlay__ { + spi0_pins: spi0_pins { + brcm,pins = <9 10 11>; + brcm,function = <4>; // alt0 + }; + spi0_cs_pins: spi0_cs_pins { + brcm,pins = <8 7>; + brcm,function = <1>; // out + }; + }; + }; + }; + '';} + ]; + }; +} diff --git a/makefu/2configs/bgt/template.md b/makefu/2configs/bgt/template.md index 1dfb0b42f..be21d7c0c 100644 --- a/makefu/2configs/bgt/template.md +++ b/makefu/2configs/bgt/template.md @@ -2,7 +2,7 @@ 0. Sendung twittern und mastodieren (eine Woche + eine Stunde vorher) von Ingo/l33tname (wichtig) 1. `eine` Person anrufen (den Host): - - markus 162dcbf89f@studio.link + - markus madmas@studio.link - Felix1 makefu@studio.link - L33tFelix l33tname@studio.link - Ingo ingo@studio.link diff --git a/makefu/2configs/bitlbee.nix b/makefu/2configs/bitlbee.nix index 21626d406..ede6225ea 100644 --- a/makefu/2configs/bitlbee.nix +++ b/makefu/2configs/bitlbee.nix @@ -3,6 +3,7 @@ services.bitlbee = { enable = true; # libpurple_plugins = [ pkgs.telegram-purple pkgs.pidgin-skypeweb]; + plugins = [ pkgs.bitlbee-mastodon ]; }; users.users.makefu.packages = with pkgs; [ weechat tmux ]; state = [ "/var/lib/bitlbee" ]; diff --git a/makefu/2configs/bureautomation/brother-ql-web.nix b/makefu/2configs/bureautomation/brother-ql-web.nix new file mode 100644 index 000000000..26887db03 --- /dev/null +++ b/makefu/2configs/bureautomation/brother-ql-web.nix @@ -0,0 +1,23 @@ + {pkgs, ... }: + let + pkg = pkgs.brother_ql_web; + in { + systemd.services.brother-ql-web = { + after = [ "network.target" ]; + description = "Brother QL Web Interface"; + wantedBy = [ "multi-user.target" ]; + environment = { + FLASK_PRINTER = "usb://0x04f9:0x209b/000F1Z401759"; + FLASK_MODEL = "QL-800"; + #FLASK_SERVER_PORT = "8013"; + #FLASK_LABEL_DEFAULT_SIZE = "d24"; + #FLASK_LABEL_DEFAULT_QR_SIZE = "7"; + }; + serviceConfig = { + ExecStart = "${pkg}/bin/brother_ql_web"; + DynamicUser = true; + SupplementaryGroups = "lp"; + Restart = "always"; + }; + }; +} diff --git a/makefu/2configs/bureautomation/printer.nix b/makefu/2configs/bureautomation/printer.nix new file mode 100644 index 000000000..86d5a4069 --- /dev/null +++ b/makefu/2configs/bureautomation/printer.nix @@ -0,0 +1,28 @@ +{ pkgs, config, ... }: +let + mainUser = config.krebs.build.user.name; +in { + imports = [ + ./brother-ql-web.nix + ]; + services.printing = { + enable = true; + drivers = with pkgs;[ + brlaser + cups-ptouch + ]; + }; + users.users.kiosk.extraGroups = [ "scanner" "lp" ]; + state = [ "/var/lib/cups"]; + users.users.kiosk.packages = with pkgs;[ + python3Packages.brother-ql + libreoffice + qrencode + imagemagick + ]; + + services.udev.extraRules = '' + SUBSYSTEMS=="usb", ATTRS{idVendor}=="04f9", ATTRS{idProduct}=="209b", ATTRS{serial}=="000F1Z401759", MODE="0664", GROUP="lp", SYMLINK+="usb/lp0" + ''; + +} diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 2bfb42732..b54e32a82 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -31,6 +31,7 @@ with import <stockholm/lib>; }; }; nix.settings.trusted-users = [ config.krebs.build.user.name ]; + nix.settings.experimental-features = [ "flakes" "nix-command" ]; boot.kernelPackages = lib.mkDefault pkgs.linuxPackages; diff --git a/makefu/2configs/deployment/feed.euer.krebsco.de/filter.yml b/makefu/2configs/deployment/feed.euer.krebsco.de/filter.yml index 50058f32b..29e5e714a 100644 --- a/makefu/2configs/deployment/feed.euer.krebsco.de/filter.yml +++ b/makefu/2configs/deployment/feed.euer.krebsco.de/filter.yml @@ -26,18 +26,6 @@ zipcode: 70378 q: Werkbank distance: 5 -- name: Stirnthermometer - zipcode: 70378 - q: Stirnthermometer - distance: 5 -- name: Ohrthermometer - zipcode: 70378 - q: Ohrthermometer - distance: 5 -- name: Fieberthermometer - zipcode: 70378 - q: Fieberthermometer - distance: 5 - name: Einhell zipcode: 70378 q: Einhell diff --git a/makefu/2configs/deployment/nixos.wiki/default.nix b/makefu/2configs/deployment/nixos.wiki/default.nix new file mode 100644 index 000000000..cd738ea8b --- /dev/null +++ b/makefu/2configs/deployment/nixos.wiki/default.nix @@ -0,0 +1,9 @@ +{ config, pkgs, ... }: + +{ + imports = + [ ./mediawiki.nix + ./network.nix + ]; + +} diff --git a/makefu/2configs/deployment/nixos.wiki/mediawiki.module.nix b/makefu/2configs/deployment/nixos.wiki/mediawiki.module.nix new file mode 100644 index 000000000..24715f81e --- /dev/null +++ b/makefu/2configs/deployment/nixos.wiki/mediawiki.module.nix @@ -0,0 +1,481 @@ +{ config, pkgs, lib, ... }: + +let + + inherit (lib) mkDefault mkEnableOption mkForce mkIf mkMerge mkOption; + inherit (lib) concatStringsSep literalExample mapAttrsToList optional optionals optionalString types; + + cfg = config.services.mediawiki; + fpm = config.services.phpfpm.pools.mediawiki; + user = "mediawiki"; + group = config.services.httpd.group; + cacheDir = "/var/cache/mediawiki"; + stateDir = "/var/lib/mediawiki"; + + pkg = pkgs.stdenv.mkDerivation rec { + pname = "mediawiki-full"; + version = src.version; + src = cfg.package; + + installPhase = '' + mkdir -p $out + cp -r * $out/ + + rm -rf $out/share/mediawiki/skins/* + rm -rf $out/share/mediawiki/extensions/* + + ${concatStringsSep "\n" (mapAttrsToList (k: v: '' + ln -s ${v} $out/share/mediawiki/skins/${k} + '') cfg.skins)} + + ${concatStringsSep "\n" (mapAttrsToList (k: v: '' + ln -s ${if v != null then v else "$src/share/mediawiki/extensions/${k}"} $out/share/mediawiki/extensions/${k} + '') cfg.extensions)} + ''; + }; + + mediawikiScripts = pkgs.runCommand "mediawiki-scripts" { + buildInputs = [ pkgs.makeWrapper ]; + preferLocalBuild = true; + } '' + mkdir -p $out/bin + for i in changePassword.php createAndPromote.php userOptions.php edit.php nukePage.php update.php; do + makeWrapper ${pkgs.php}/bin/php $out/bin/mediawiki-$(basename $i .php) \ + --set MEDIAWIKI_CONFIG ${mediawikiConfig} \ + --add-flags ${pkg}/share/mediawiki/maintenance/$i + done + ''; + + mediawikiConfig = pkgs.writeText "LocalSettings.php" '' + <?php + # Protect against web entry + if ( !defined( 'MEDIAWIKI' ) ) { + exit; + } + + $wgSitename = "${cfg.name}"; + $wgMetaNamespace = false; + + ## The URL base path to the directory containing the wiki; + ## defaults for all runtime URL paths are based off of this. + ## For more information on customizing the URLs + ## (like /w/index.php/Page_title to /wiki/Page_title) please see: + ## https://www.mediawiki.org/wiki/Manual:Short_URL + $wgScriptPath = "${cfg.basePath}"; + + ## The protocol and server name to use in fully-qualified URLs + #$wgServer = "${if cfg.virtualHost.addSSL || cfg.virtualHost.forceSSL || cfg.virtualHost.onlySSL then "https" else "http"}://${cfg.virtualHost.hostName}"; + #$wgServer = ""; + $wgServer = "http://localhost"; + + ## The URL path to static resources (images, scripts, etc.) + $wgResourceBasePath = $wgScriptPath; + + ## The URL path to the logo. Make sure you change this from the default, + ## or else you'll overwrite your logo when you upgrade! + $wgLogo = "$wgResourceBasePath/resources/assets/wiki.png"; + + ## UPO means: this is also a user preference option + + $wgEnableEmail = true; + $wgEnableUserEmail = true; # UPO + + $wgEmergencyContact = "${if cfg.virtualHost.adminAddr != null then cfg.virtualHost.adminAddr else config.services.httpd.adminAddr}"; + $wgPasswordSender = $wgEmergencyContact; + + $wgEnotifUserTalk = false; # UPO + $wgEnotifWatchlist = false; # UPO + $wgEmailAuthentication = true; + + ## Database settings + $wgDBtype = "${cfg.database.type}"; + $wgDBserver = "${cfg.database.host}:${if cfg.database.socket != null then cfg.database.socket else toString cfg.database.port}"; + $wgDBname = "${cfg.database.name}"; + $wgDBuser = "${cfg.database.user}"; + ${optionalString (cfg.database.passwordFile != null) "$wgDBpassword = file_get_contents(\"${cfg.database.passwordFile}\");"} + + ${optionalString (cfg.database.type == "mysql" && cfg.database.tablePrefix != null) '' + # MySQL specific settings + $wgDBprefix = "${cfg.database.tablePrefix}"; + ''} + + ${optionalString (cfg.database.type == "mysql") '' + # MySQL table options to use during installation or update + $wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary"; + ''} + + ## Shared memory settings + $wgMainCacheType = CACHE_NONE; + $wgMemCachedServers = []; + + ${optionalString (cfg.uploadsDir != null) '' + $wgEnableUploads = true; + $wgUploadDirectory = "${cfg.uploadsDir}"; + ''} + + $wgUseImageMagick = true; + $wgImageMagickConvertCommand = "${pkgs.imagemagick}/bin/convert"; + + # InstantCommons allows wiki to use images from https://commons.wikimedia.org + $wgUseInstantCommons = false; + + # Periodically send a pingback to https://www.mediawiki.org/ with basic data + # about this MediaWiki instance. The Wikimedia Foundation shares this data + # with MediaWiki developers to help guide future development efforts. + $wgPingback = true; + + ## If you use ImageMagick (or any other shell command) on a + ## Linux server, this will need to be set to the name of an + ## available UTF-8 locale + $wgShellLocale = "C.UTF-8"; + + ## Set $wgCacheDirectory to a writable directory on the web server + ## to make your wiki go slightly faster. The directory should not + ## be publically accessible from the web. + $wgCacheDirectory = "${cacheDir}"; + + # Site language code, should be one of the list in ./languages/data/Names.php + $wgLanguageCode = "en"; + + $wgSecretKey = file_get_contents("${stateDir}/secret.key"); + + # Changing this will log out all existing sessions. + $wgAuthenticationTokenVersion = ""; + + ## For attaching licensing metadata to pages, and displaying an + ## appropriate copyright notice / icon. GNU Free Documentation + ## License and Creative Commons licenses are supported so far. + $wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright + $wgRightsUrl = ""; + $wgRightsText = ""; + $wgRightsIcon = ""; + + # Path to the GNU diff3 utility. Used for conflict resolution. + $wgDiff = "${pkgs.diffutils}/bin/diff"; + $wgDiff3 = "${pkgs.diffutils}/bin/diff3"; + + # Enabled skins. + ${concatStringsSep "\n" (mapAttrsToList (k: v: "wfLoadSkin('${k}');") cfg.skins)} + + # Enabled extensions. + ${concatStringsSep "\n" (mapAttrsToList (k: v: "wfLoadExtension('${k}');") cfg.extensions)} + + + # End of automatically generated settings. + # Add more configuration options below. + + ${cfg.extraConfig} + ''; + +in +{ + # interface + options = { + services.mediawiki = { + + enable = mkEnableOption "MediaWiki"; + + package = mkOption { + type = types.package; + default = pkgs.mediawiki; + description = "Which MediaWiki package to use."; + }; + + basePath = mkOption { + type = types.str; + default = "/"; + description = "Base path to Wiki"; + }; + + name = mkOption { + default = "MediaWiki"; + example = "Foobar Wiki"; + description = "Name of the wiki."; + }; + + uploadsDir = mkOption { + type = types.nullOr types.path; + default = "${stateDir}/uploads"; + description = '' + This directory is used for uploads of pictures. The directory passed here is automatically + created and permissions adjusted as required. + ''; + }; + + passwordFile = mkOption { + type = types.path; + description = "A file containing the initial password for the admin user."; + example = "/run/keys/mediawiki-password"; + }; + + skins = mkOption { + default = {}; + type = types.attrsOf types.path; + description = '' + Attribute set of paths whose content is copied to the <filename>skins</filename> + subdirectory of the MediaWiki installation in addition to the default skins. + ''; + }; + + extensions = mkOption { + default = {}; + type = types.attrsOf (types.nullOr types.path); + description = '' + Attribute set of paths whose content is copied to the <filename>extensions</filename> + subdirectory of the MediaWiki installation and enabled in configuration. + + Use <literal>null</literal> instead of path to enable extensions that are part of MediaWiki. + ''; + example = literalExample '' + { + Matomo = pkgs.fetchzip { + url = "https://github.com/DaSchTour/matomo-mediawiki-extension/archive/v4.0.1.tar.gz"; + sha256 = "0g5rd3zp0avwlmqagc59cg9bbkn3r7wx7p6yr80s644mj6dlvs1b"; + }; + ParserFunctions = null; + } + ''; + }; + + database = { + type = mkOption { + type = types.enum [ "mysql" "postgres" "sqlite" "mssql" "oracle" ]; + default = "mysql"; + description = "Database engine to use. MySQL/MariaDB is the database of choice by MediaWiki developers."; + }; + + host = mkOption { + type = types.str; + default = "localhost"; + description = "Database host address."; + }; + + port = mkOption { + type = types.port; + default = 3306; + description = "Database host port."; + }; + + name = mkOption { + type = types.str; + default = "mediawiki"; + description = "Database name."; + }; + + user = mkOption { + type = types.str; + default = "mediawiki"; + description = "Database user."; + }; + + passwordFile = mkOption { + type = types.nullOr types.path; + default = null; + example = "/run/keys/mediawiki-dbpassword"; + description = '' + A file containing the password corresponding to + <option>database.user</option>. + ''; + }; + + tablePrefix = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + If you only have access to a single database and wish to install more than + one version of MediaWiki, or have other applications that also use the + database, you can give the table names a unique prefix to stop any naming + conflicts or confusion. + See <link xlink:href='https://www.mediawiki.org/wiki/Manual:$wgDBprefix'/>. + ''; + }; + + socket = mkOption { + type = types.nullOr types.path; + default = if cfg.database.createLocally then "/run/mysqld/mysqld.sock" else null; + defaultText = "/run/mysqld/mysqld.sock"; + description = "Path to the unix socket file to use for authentication."; + }; + + createLocally = mkOption { + type = types.bool; + default = cfg.database.type == "mysql"; + defaultText = "true"; + description = '' + Create the database and database user locally. + This currently only applies if database type "mysql" is selected. + ''; + }; + }; + + virtualHost = mkOption { + type = types.submodule (import <nixpkgs/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix>); + example = literalExample '' + { + hostName = "mediawiki.example.org"; + adminAddr = "webmaster@example.org"; + forceSSL = true; + enableACME = true; + } + ''; + description = '' + Apache configuration can be done by adapting <option>services.httpd.virtualHosts</option>. + See <xref linkend="opt-services.httpd.virtualHosts"/> for further information. + ''; + }; + + poolConfig = mkOption { + type = with types; attrsOf (oneOf [ str int bool ]); + default = { + "pm" = "dynamic"; + "pm.max_children" = 32; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 2; + "pm.max_spare_servers" = 4; + "pm.max_requests" = 500; + }; + description = '' + Options for the MediaWiki PHP pool. See the documentation on <literal>php-fpm.conf</literal> + for details on configuration directives. + ''; + }; + + extraConfig = mkOption { + type = types.lines; + description = '' + Any additional text to be appended to MediaWiki's + LocalSettings.php configuration file. For configuration + settings, see <link xlink:href="https://www.mediawiki.org/wiki/Manual:Configuration_settings"/>. + ''; + default = ""; + example = '' + $wgEnableEmail = false; + ''; + }; + + }; + }; + + # implementation + config = mkIf cfg.enable { + + assertions = [ + { assertion = cfg.database.createLocally -> cfg.database.type == "mysql"; + message = "services.mediawiki.createLocally is currently only supported for database type 'mysql'"; + } + { assertion = cfg.database.createLocally -> cfg.database.user == user; + message = "services.mediawiki.database.user must be set to ${user} if services.mediawiki.database.createLocally is set true"; + } + { assertion = cfg.database.createLocally -> cfg.database.socket != null; + message = "services.mediawiki.database.socket must be set if services.mediawiki.database.createLocally is set to true"; + } + { assertion = cfg.database.createLocally -> cfg.database.passwordFile == null; + message = "a password cannot be specified if services.mediawiki.database.createLocally is set to true"; + } + ]; + + services.mediawiki.skins = { + MonoBook = "${cfg.package}/share/mediawiki/skins/MonoBook"; + Timeless = "${cfg.package}/share/mediawiki/skins/Timeless"; + Vector = "${cfg.package}/share/mediawiki/skins/Vector"; + }; + + services.mysql = mkIf cfg.database.createLocally { + enable = true; + package = mkDefault pkgs.mariadb; + ensureDatabases = [ cfg.database.name ]; + ensureUsers = [ + { name = cfg.database.user; + ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; }; + } + ]; + }; + + services.phpfpm.pools.mediawiki = { + inherit user group; + phpEnv.MEDIAWIKI_CONFIG = "${mediawikiConfig}"; + settings = { + "listen.owner" = config.services.httpd.user; + "listen.group" = config.services.httpd.group; + } // cfg.poolConfig; + }; + + services.httpd = { + enable = true; + extraModules = [ "proxy_fcgi" ]; + virtualHosts.${cfg.virtualHost.hostName} = mkMerge [ cfg.virtualHost { + documentRoot = mkForce "${pkg}/share/mediawiki"; + extraConfig = '' + <Directory "${pkg}/share/mediawiki"> + <FilesMatch "\.php$"> + <If "-f %{REQUEST_FILENAME}"> + SetHandler "proxy:unix:${fpm.socket}|fcgi://localhost/" + </If> + </FilesMatch> + + Require all granted + DirectoryIndex index.php + AllowOverride All + </Directory> + '' + optionalString (cfg.uploadsDir != null) '' + Alias "/images" "${cfg.uploadsDir}" + <Directory "${cfg.uploadsDir}"> + Require all granted + </Directory> + ''; + } ]; + }; + + systemd.tmpfiles.rules = [ + "d '${stateDir}' 0750 ${user} ${group} - -" + "d '${cacheDir}' 0750 ${user} ${group} - -" + ] ++ optionals (cfg.uploadsDir != null) [ + "d '${cfg.uploadsDir}' 0750 ${user} ${group} - -" + "Z '${cfg.uploadsDir}' 0750 ${user} ${group} - -" + ]; + + systemd.services.mediawiki-init = { + wantedBy = [ "multi-user.target" ]; + before = [ "phpfpm-mediawiki.service" ]; + after = optional cfg.database.createLocally "mysql.service"; + script = '' + if ! test -e "${stateDir}/secret.key"; then + tr -dc A-Za-z0-9 </dev/urandom 2>/dev/null | head -c 64 > ${stateDir}/secret.key + fi + + echo "exit( wfGetDB( DB_MASTER )->tableExists( 'user' ) ? 1 : 0 );" | \ + ${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/eval.php --conf ${mediawikiConfig} && \ + ${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/install.php \ + --confpath /tmp \ + --scriptpath ${cfg.basePath} \ + --dbserver ${cfg.database.host}${optionalString (cfg.database.socket != null) ":${cfg.database.socket}"} \ + --dbport ${toString cfg.database.port} \ + --dbname ${cfg.database.name} \ + ${optionalString (cfg.database.tablePrefix != null) "--dbprefix ${cfg.database.tablePrefix}"} \ + --dbuser ${cfg.database.user} \ + ${optionalString (cfg.database.passwordFile != null) "--dbpassfile ${cfg.database.passwordFile}"} \ + --passfile ${cfg.passwordFile} \ + "${cfg.name}" \ + admin + + ${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/update.php --conf ${mediawikiConfig} --quick + ''; + + serviceConfig = { + Type = "oneshot"; + User = user; + Group = group; + PrivateTmp = true; + }; + }; + + systemd.services.httpd.after = optional (cfg.database.createLocally && cfg.database.type == "mysql") "mysql.service"; + + users.users.${user} = { + group = group; + isSystemUser = true; + }; + + environment.systemPackages = [ mediawikiScripts ]; + }; +} diff --git a/makefu/2configs/deployment/nixos.wiki/mediawiki.nix b/makefu/2configs/deployment/nixos.wiki/mediawiki.nix new file mode 100644 index 000000000..a346b82cb --- /dev/null +++ b/makefu/2configs/deployment/nixos.wiki/mediawiki.nix @@ -0,0 +1,67 @@ +{ config, pkgs, ... }: + +let + hostAddress = "192.168.48.1"; + localAddress = "192.168.48.3"; +in + +{ + containers.mediawiki = + { autoStart = true; + privateNetwork = true; + inherit hostAddress localAddress; + config = { config, pkgs, ... }: + { + # NOTE: This disabling and importing is so that the basePath can be altered + disabledModules = [ "services/web-apps/mediawiki.nix" ]; + imports = [ + ./mediawiki.module.nix + ]; + time.timeZone = "America/New_York"; + system.stateVersion = "20.09"; + networking.defaultGateway = hostAddress; + # NOTE: you might want to change this namserver address + networking.nameservers = [ "8.8.8.8" ]; + networking.firewall.allowedTCPPorts = [ 80 ]; + services.mediawiki = { + enable = true; + name = "Example Containerized Wiki"; + # NOTE: here is where the basePath is specified, which requires the imported mediawiki NixOS module + basePath = "/wiki"; + passwordFile = ./mediawiki.password.txt; + extraConfig = '' + $wgRCFeeds['euerkrebsco'] = array( + 'formatter' => 'JSONRCFeedFormatter', + 'uri' => 'udp://euer.krebsco.de:5005', + 'add_interwiki_prefix' => false, + 'omit_bots' => true, + ); + $wgRCFeeds['euerkrebscoIRC'] = array( + 'formatter' => 'IRCColourfulRCFeedFormatter', + 'uri' => 'udp://euer.krebsco.de:5006', + 'add_interwiki_prefix' => false, + 'omit_bots' => true, + ); + ''; + virtualHost = { + hostName = "localhost"; + adminAddr = "root@localhost"; + forceSSL = false; + addSSL = false; + onlySSL = false; + enableACME = false; + }; + }; + }; + }; + + # Put the MediaWiki web page behind an NGINX proxy + services.nginx = { + enable = true; + virtualHosts.localhost.locations."/wiki" = { + # NOTE: the slash at the end of the URI is important. It causes the location base path to be removed when passed onto the proxy + proxyPass = "http://${localAddress}:80/"; + }; + }; + +} diff --git a/makefu/2configs/deployment/nixos.wiki/mediawiki.password.txt b/makefu/2configs/deployment/nixos.wiki/mediawiki.password.txt new file mode 100644 index 000000000..b11b15f08 --- /dev/null +++ b/makefu/2configs/deployment/nixos.wiki/mediawiki.password.txt @@ -0,0 +1 @@ +thisisthepassword diff --git a/makefu/2configs/deployment/nixos.wiki/network.nix b/makefu/2configs/deployment/nixos.wiki/network.nix new file mode 100644 index 000000000..a7ffb28f1 --- /dev/null +++ b/makefu/2configs/deployment/nixos.wiki/network.nix @@ -0,0 +1,6 @@ +{ + networking.networkmanager.unmanaged = [ "interface-name:ve-*" ]; + networking.nat.enable = true; + networking.nat.internalInterfaces = ["ve-+"]; + networking.nat.externalInterface = "wlan0"; +} diff --git a/makefu/2configs/deployment/ntfysh.nix b/makefu/2configs/deployment/ntfysh.nix new file mode 100644 index 000000000..1a3311d9e --- /dev/null +++ b/makefu/2configs/deployment/ntfysh.nix @@ -0,0 +1,41 @@ +{ lib, config, ... }: +let + web-port = 19455; + hostn = "ntfy.euer.krebsco.de"; + internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; +in +{ + services.ntfy-sh = { + enable = true; + settings = { + listen-http = "127.0.0.1:${toString web-port}"; + auth-file = "/var/lib/ntfy-sh/user.db"; + auth-default-access = "deny-all"; + behind-proxy = true; + attachment-cache-dir = "/media/cloud/ntfy-sh/attachments"; + attachment-file-size-limit = "500m"; + attachment-total-size-limit = "100g"; + base-url = "https://ntfy.euer.krebsco.de"; + attachment-expiry-duration = "48h"; + }; + }; + + systemd.services.ntfy-sh.serviceConfig = { + StateDirectory = "ntfy-sh"; + SupplementaryGroups = [ "download" ]; + }; + + services.nginx = { + enable = lib.mkDefault true; + virtualHosts."${hostn}" = { + forceSSL = true; + enableACME = true; + + locations."/" = { + proxyPass = "http://localhost:${toString web-port}/"; + proxyWebsockets = true; + recommendedProxySettings = true; + }; + }; + }; +} diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index 36c67c7f0..8e5e71f11 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -59,7 +59,7 @@ systemd.services.postgresqlBackup-nextcloud.serviceConfig.SupplementaryGroups = users.users.nextcloud.extraGroups = [ "download" ]; services.nextcloud = { enable = true; - package = pkgs.nextcloud24; + package = pkgs.nextcloud25; hostName = "o.euer.krebsco.de"; # Use HTTPS for links https = true; @@ -97,5 +97,11 @@ systemd.services.postgresqlBackup-nextcloud.serviceConfig.SupplementaryGroups = systemd.services."nextcloud-setup" = { requires = ["postgresql.service"]; after = ["postgresql.service"]; + serviceConfig.RequiresMountFor = [ "/media/cloud" ]; }; + systemd.services."phpfpm-nextcloud".serviceConfig.RequiresMountFor = [ + "/media/cloud" + "/var/lib/nextcloud/data" + ]; + systemd.services."phpfpm".serviceConfig.RequiresMountFor = [ "/media/cloud" ]; } diff --git a/makefu/2configs/deployment/rss/rss.euer.krebsco.de.nix b/makefu/2configs/deployment/rss/rss.euer.krebsco.de.nix index 7e077d7e4..e204050b4 100644 --- a/makefu/2configs/deployment/rss/rss.euer.krebsco.de.nix +++ b/makefu/2configs/deployment/rss/rss.euer.krebsco.de.nix @@ -16,6 +16,10 @@ in { enable = true; databases = [ config.services.tt-rss.database.name ]; }; + systemd.services.tt-rss.serviceConfig = { + Restart = lib.mkForce "always"; + }; + systemd.services.postgresqlBackup-tt_rss.serviceConfig.SupplementaryGroups = [ "download" ]; services.nginx.virtualHosts."${fqdn}" = { diff --git a/makefu/2configs/deployment/rss/urls b/makefu/2configs/deployment/rss/urls index 3ab2538a1..cbc68ccc7 100644 --- a/makefu/2configs/deployment/rss/urls +++ b/makefu/2configs/deployment/rss/urls @@ -3,5 +3,7 @@ https://www.ebay-kleinanzeigen.de/s-stuttgart/zigbee/k0l9280 https://www.ebay-kleinanzeigen.de/s-70378/d%C3%B6rrautomat/k0l9334r5 https://www.ebay-kleinanzeigen.de/s-zu-verschenken/muehlhausen/c192l9313 https://www.ebay-kleinanzeigen.de/s-spielzeug/muehlhausen/brettspiel/k0c23l9313 -https://www.ebay-kleinanzeigen.de/s-muehlhausen/labeldrucker/k0l9313r5 https://www.ebay-kleinanzeigen.de/s-muehlhausen/dymo/k0l9313r5 +https://www.ebay-kleinanzeigen.de/s-zu-verschenken/muehlhausen/lautsprecher/k0c192l9313r5 +https://www.ebay-kleinanzeigen.de/s-muehlhausen/preis::40/winkelschleifer/k0l9313r5 +https://www.ebay-kleinanzeigen.de/s-muehlhausen/preis::40/kontaktgrill/k0l9313r5 diff --git a/makefu/2configs/editor/vim.nix b/makefu/2configs/editor/vim.nix index f53be58ff..305f26a04 100644 --- a/makefu/2configs/editor/vim.nix +++ b/makefu/2configs/editor/vim.nix @@ -12,7 +12,7 @@ #"UltiSnips" # vim-nix handles indentation better but does not perform sanity "vim-nix" - # "vim-addon-nix" + "vim-addon-nix" "vim-better-whitespace" ]; }; diff --git a/makefu/2configs/editor/vimrc b/makefu/2configs/editor/vimrc index e24d29974..d270effa2 100644 --- a/makefu/2configs/editor/vimrc +++ b/makefu/2configs/editor/vimrc @@ -49,7 +49,6 @@ set matchtime=3 set hlsearch autocmd ColorScheme * highlight ExtraWhitespace ctermbg=red guibg=red -hi MatchParen cterm=none ctermbg=green ctermfg=blue let g:better_whitespace_enabled=1 let g:strip_whitespace_on_save=1 @@ -114,3 +113,5 @@ let g:UltiSnipsExpandTrigger = "<c-j>" let g:UltiSnipsJumpForwardTrigger = "<c-j>" let g:UltiSnipsJumpBackwardTrigger = "<c-p>" let g:UltiSnipsListSnippets = "<c-k>" "List possible snippets based on current file + +hi MatchParen cterm=none ctermbg=green ctermfg=blue diff --git a/makefu/2configs/gui/base.nix b/makefu/2configs/gui/base.nix index b2192c7f9..b1b7c9913 100644 --- a/makefu/2configs/gui/base.nix +++ b/makefu/2configs/gui/base.nix @@ -18,30 +18,28 @@ in imports = [ ./urxvtd.nix ./pipewire.nix + ./gnome.nix ]; + # services.redshift.enable = true; services.xserver = { enable = true; layout = "us"; xkbVariant = "altgr-intl"; xkbOptions = "ctrl:nocaps, eurosign:e"; - windowManager = { - awesome.enable = true; - awesome.noArgb = true; - awesome.luaModules = [ pkgs.luaPackages.vicious ]; - }; - displayManager.defaultSession = lib.mkDefault "none+awesome"; - displayManager.autoLogin = { - enable = true; - user = mainUser; - }; +# windowManager = { +# awesome.enable = true; +# awesome.noArgb = true; +# awesome.luaModules = [ pkgs.luaPackages.vicious ]; +# }; +# displayManager.defaultSession = lib.mkDefault "none+awesome"; }; environment.systemPackages = [ pkgs.gnome.adwaita-icon-theme ]; # lid switch is handled via button presses - services.logind.lidSwitch = lib.mkDefault "ignore"; - makefu.awesome.enable = true; + # services.logind.lidSwitch = lib.mkDefault "ignore"; + #makefu.awesome.enable = true; console.font = "Lat2-Terminus16"; fonts = { diff --git a/makefu/2configs/gui/gnome.nix b/makefu/2configs/gui/gnome.nix new file mode 100644 index 000000000..44ba2dd67 --- /dev/null +++ b/makefu/2configs/gui/gnome.nix @@ -0,0 +1,63 @@ +{ config, lib, pkgs, ... }: + +let + mainUser = config.krebs.build.user.name; +in +{ + programs.gnome-terminal.enable = true; + services.xserver = { + desktopManager.gnome.enable = true; + displayManager.gdm.enable = true; + #displayManager.autoLogin = { + # enable = true; + # user = mainUser; + #}; + }; + programs.dconf.enable = true; + home-manager.users.${mainUser}.dconf = { + enable = true; + settings = { + "org/gnome/terminal/legacy" = { + mnemonics-enabled = false; + theme-variant = "dark"; + }; + "org/gnome/desktop/interface" = { + enable-animations = false; + enable-hot-corners = false; + show-battery-percentage = true; + }; + "org/gnome/desktop/peripherals/touchpad" = { + edge-scrolling-enabled = false; + natural-scroll = false; + send-events = "enabled"; + tap-to-click = true; + two-finger-scrolling-enabled = true; + }; + "org/gnome/desktop/session".idle-delay = 900; + "org/gnome/desktop/wm/keybindings" = { + close=["<Shift><Super>c"]; + minimize=["<Super>n"]; + move-to-workspace-1=["<Shift><Super>1"]; + move-to-workspace-2=["<Shift><Super>2"]; + move-to-workspace-3=["<Shift><Super>3"]; + move-to-workspace-4=["<Shift><Super>4"]; + panel-run-dialog=["<Super>r"]; + switch-to-workspace-1=["<Super>1"]; + switch-to-workspace-2=["<Super>2"]; + switch-to-workspace-3=["<Super>3"]; + switch-to-workspace-4=["<Super>4"]; + toggle-fullscreen=["<Super>f"]; + }; + "org/gnome/desktop/wm/preferences".num-workspaces = 4; + "org/gnome/settings-daemon/plugins/color".night-light-enabled = true; + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = [ "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"]; + }; + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + binding = "<Super>Return"; + command = "gnome-terminal"; + name = "terminal"; + }; + }; + }; +} diff --git a/makefu/2configs/gui/pipewire.nix b/makefu/2configs/gui/pipewire.nix index eb94f75b7..d52681551 100644 --- a/makefu/2configs/gui/pipewire.nix +++ b/makefu/2configs/gui/pipewire.nix @@ -12,10 +12,9 @@ services.pipewire = { enable = true; - systemWide = true; + # systemWide = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; - jack.enable = true; }; } diff --git a/makefu/2configs/gui/snake-kiosk.nix b/makefu/2configs/gui/snake-kiosk.nix new file mode 100644 index 000000000..838ac3a5c --- /dev/null +++ b/makefu/2configs/gui/snake-kiosk.nix @@ -0,0 +1,44 @@ +{ pkgs, lib, ... }: +{ + + imports = [ + ./base.nix + ]; + users.users.kiosk = { + # packages = [ pkgs.chromium pkgs.vscode ]; + group = "kiosk"; + isNormalUser = true; + uid = 1003; + extraGroups = [ "wheel" "audio" "pulse" "pipewire" ]; + }; + users.groups.kiosk.gid = 989 ; + services.xserver = { + enable = true; + + windowManager = lib.mkForce { awesome.enable = false; }; + displayManager.gdm.enable = true; + displayManager.gdm.autoSuspend = false; + displayManager.autoLogin = { + enable = true; + user = lib.mkForce "kiosk"; + }; + displayManager.defaultSession = "gnome"; + desktopManager.gnome.enable = true; + }; + + systemd.targets.sleep.enable = false; + systemd.targets.suspend.enable = false; + systemd.targets.hibernate.enable = false; + systemd.targets.hybrid-sleep.enable = false; + + + + environment.systemPackages = [ pkgs.gnomeExtensions.appindicator ]; + services.dbus.packages = with pkgs; [ gnome2.GConf gnome3.gnome-settings-daemon ]; + + services.pipewire.systemWide = lib.mkForce false; + services.pipewire.config.pipewire-pulse = { + "pulse.properties"."server.address" = [ "unix:native" "tcp:4713" ]; + }; + +} diff --git a/makefu/2configs/gui/wbob-kiosk.nix b/makefu/2configs/gui/wbob-kiosk.nix index c67aa7cfb..3a21bf213 100644 --- a/makefu/2configs/gui/wbob-kiosk.nix +++ b/makefu/2configs/gui/wbob-kiosk.nix @@ -5,11 +5,11 @@ ./base.nix ]; users.users.kiosk = { - packages = [ pkgs.chromium pkgs.vscode ]; + packages = with pkgs;[ chromium vscode spotify tartube-yt-dlp ]; group = "kiosk"; isNormalUser = true; uid = 1003; - extraGroups = [ "wheel" "audio" "pulse" ]; + extraGroups = [ "wheel" "audio" "pulse" "pipewire" ]; }; users.groups.kiosk.gid = 989 ; services.xserver = { @@ -31,7 +31,10 @@ }; - environment.systemPackages = [ pkgs.gnomeExtensions.appindicator ]; + environment.systemPackages = [ + pkgs.gnomeExtensions.appindicator pkgs.pavucontrol pkgs.jellyfin-media-player pkgs.chromium pkgs.firefox pkgs.kodi + pkgs.pavucontrol +]; services.dbus.packages = with pkgs; [ gnome2.GConf gnome3.gnome-settings-daemon ]; systemd.services.xset-off = { @@ -45,5 +48,9 @@ Restart = "on-failure"; }; }; + services.pipewire.systemWide = lib.mkForce false; + services.pipewire.config.pipewire-pulse = { + "pulse.properties"."server.address" = [ "unix:native" "tcp:4713" ]; + }; } diff --git a/makefu/2configs/home-manager/zsh.nix b/makefu/2configs/home-manager/zsh.nix index 13755de27..c875d52c8 100644 --- a/makefu/2configs/home-manager/zsh.nix +++ b/makefu/2configs/home-manager/zsh.nix @@ -61,6 +61,8 @@ direnv allow size = 900001; save = 900001; ignoreDups = true; + ignoreSpace = true; + extended = true; share = true; }; @@ -77,31 +79,32 @@ direnv allow xo = "mimeopen"; nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml"; }; - # navi package does not come with the navi.plugin.zsh anymore so we use .src + #zplug = { + # enable = true; + # plugins = [ + # { name = "denisidoro/navi" ; } + # { name = "zsh-users/zsh-autosuggestions" ; } + # ]; + #}; initExtra = '' bindkey -e + zle -N edit-command-line + # ctrl-x ctrl-e + bindkey '^xe' edit-command-line + bindkey '^x^e' edit-command-line # shift-tab bindkey '^[[Z' reverse-menu-complete bindkey "\e[3~" delete-char zstyle ':completion:*' menu select setopt HIST_IGNORE_ALL_DUPS - setopt HIST_IGNORE_SPACE setopt HIST_FIND_NO_DUPS compdef _pass brain zstyle ':completion::complete:brain::' prefix "$HOME/brain" + compdef _pass secrets zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/" - - # navi - . ${pkgs.navi.src}/shell/navi.plugin.zsh - # ctrl-x ctrl-e - autoload -U compinit && compinit - autoload -U edit-command-line - zle -N edit-command-line - bindkey '^xe' edit-command-line - bindkey '^x^e' edit-command-line ''; }; }; diff --git a/makefu/2configs/home/3dprint.nix b/makefu/2configs/home/3dprint.nix index 09f2ce6fd..aac962787 100644 --- a/makefu/2configs/home/3dprint.nix +++ b/makefu/2configs/home/3dprint.nix @@ -1,8 +1,12 @@ { pkgs, ... }: +let + #dev = "/dev/web_cam"; + dev = "/dev/video0"; +in { services.mjpg-streamer = { enable = true; - inputPlugin = "input_uvc.so -d /dev/web_cam -r 1280x960"; + inputPlugin = "input_uvc.so -d ${dev} -r 1280x960"; }; users.users.octoprint.extraGroups = [ "video" ]; # allow octoprint to access /dev/vchiq diff --git a/makefu/2configs/home/ham/automation/light_buttons.nix b/makefu/2configs/home/ham/automation/light_buttons.nix index 1892917c4..460d48bc4 100644 --- a/makefu/2configs/home/ham/automation/light_buttons.nix +++ b/makefu/2configs/home/ham/automation/light_buttons.nix @@ -1,10 +1,12 @@ let inherit (import ../lib) btn_cycle_light; + schlafzimmer_komode = "light.schlafzimmer_komode_osram"; + schlafzimmer_button = "sensor.schlafzimmer_btn2_click"; in { services.home-assistant.config.automation = [ # (btn_cycle_light "light.arbeitszimmerbeleuchtung" "arbeitszimmer_btn1") - (btn_cycle_light "light.schlafzimmer_komode_osram" "schlafzimmer_btn2" 128) + { alias = "toggle keller"; trigger = { @@ -32,21 +34,35 @@ in { service = "light.toggle"; data = { entity_id = "light.keller_osram"; - brightness = 50; + brightness = 25; }; }; } # (btn_cycle_light "light.wohnzimmerbeleuchtung" "wohnzimmer_btn3") { - alias = "Turn of all lights via schlafzimmer_btn2 double click"; + alias = "Dim Toggle schlafzimmer komode"; trigger = { platform = "state"; - entity_id = "sensor.schlafzimmer_btn2_click"; + entity_id = schlafzimmer_button; + to = "single"; + }; + action = { + service = "light.toggle"; + entity_id = schlafzimmer_komode; + brightness = 1; + }; + } + { + alias = "Bright Toggle schlafzimmer komode"; + trigger = { + platform = "state"; + entity_id = schlafzimmer_button; to = "double"; }; action = { - service = "light.turn_off"; - entity_id = "all"; + service = "light.toggle"; + entity_id = schlafzimmer_komode; + brightness = 255; }; } ]; diff --git a/makefu/2configs/home/ham/automation/urlaub.nix b/makefu/2configs/home/ham/automation/urlaub.nix index 019e65d25..abfe5031d 100644 --- a/makefu/2configs/home/ham/automation/urlaub.nix +++ b/makefu/2configs/home/ham/automation/urlaub.nix @@ -6,7 +6,7 @@ let schranklicht = [ "light.wohnzimmer_schrank_osram" - "light.wohnzimmer_komode_osram" + # "light.wohnzimmer_komode_osram" ]; weihnachtslicht = "light.wohnzimmer_fenster_lichterkette_licht"; fernsehlicht = "light.wled"; @@ -31,8 +31,8 @@ in automation = [ (turn_on schranklicht "-00:30:00") - #(turn_on weihnachtslicht "-00:30:00") - (turn_on fernsehlicht "-00:00:00") + (turn_on weihnachtslicht "-00:00:00") + #(turn_on fernsehlicht "-00:00:00") { alias = "Always turn off the urlaub lights at ${final_off}"; trigger = [ diff --git a/makefu/2configs/home/ham/automation/welcome.txt.j2 b/makefu/2configs/home/ham/automation/welcome.txt.j2 index 76091b868..d2a2b573b 100644 --- a/makefu/2configs/home/ham/automation/welcome.txt.j2 +++ b/makefu/2configs/home/ham/automation/welcome.txt.j2 @@ -7,7 +7,7 @@ Heute ist {{ weekday }}, du solltest gar nicht arbeiten! {% else %} Willkommen auf Arbeit Felix. {% endif -%} -Das aktuell gewählte Projekt ist {{ states("sensor.felix_project") }}. +Dein Projekt ist {{ states("sensor.felix_project") }}. {% set inside = states("sensor.wohnzimmer_temp_temperature") | float | round(2) -%} {% set outside = states("sensor.dark_sky_temperature") | float | round(2) -%} diff --git a/makefu/2configs/home/ham/default.nix b/makefu/2configs/home/ham/default.nix index ca5fcd17c..98269959d 100644 --- a/makefu/2configs/home/ham/default.nix +++ b/makefu/2configs/home/ham/default.nix @@ -17,6 +17,7 @@ in { ./zigbee2mqtt.nix # ./multi/flurlicht.nix ./multi/kurzzeitwecker.nix + ./intents ./multi/the_playlist.nix ./multi/heizung.nix # ./multi/fliegen-couter.nix @@ -92,6 +93,7 @@ in { { type = "homeassistant"; } ]; }; + tasmota = {}; binary_sensor = [ { platform = "workday"; name = "Arbeitstag"; diff --git a/makefu/2configs/home/ham/docker.nix b/makefu/2configs/home/ham/docker.nix new file mode 100644 index 000000000..e8a47dbbb --- /dev/null +++ b/makefu/2configs/home/ham/docker.nix @@ -0,0 +1,30 @@ +{ config, pkgs, lib, ... }: +let + confdir = "/var/lib/homeassistant-docker"; +in { + imports = [ + ./nginx.nix + ./mqtt.nix + ./signal-rest + ./signal-rest/service.nix + ]; + + networking.firewall.allowedTCPPorts = [ 8123 ]; + state = [ "/var/lib/hass/known_devices.yaml" ]; + virtualisation.oci-containers.containers.hass = { + image = "homeassistant/home-assistant:latest"; + environment = { + TZ = "Europe/Berlin"; + UMASK = "007"; + }; + extraOptions = ["--net=host" ]; + volumes = [ + "${confdir}:/config" + #"/data/music:/config/media" + ]; + }; + systemd.tmpfiles.rules = [ + #"f ${confdir}/docker-run 0770 kiosk kiosk - -" + "d ${confdir} 0770 kiosk kiosk - -" + ]; +} diff --git a/makefu/2configs/home/ham/intents/default.nix b/makefu/2configs/home/ham/intents/default.nix new file mode 100644 index 000000000..24594b4a2 --- /dev/null +++ b/makefu/2configs/home/ham/intents/default.nix @@ -0,0 +1,35 @@ +{ + services.home-assistant.config = { + intent_script = { + GetTime.speech.text = '' + Es ist {{ now().hour }} Uhr {{ now().minute }} + ''; + GutenMorgen.speech.text = '' + Einen wunderschönen Guten Morgen wünsche ich dir + ''; + WieGehtEsDir.speech.text = '' + Mir geht es sehr gut, und dir? + ''; + Statusreport.speech.text = builtins.readFile ./statusbericht.txt.j2; + StartMusic = { + speech.text = "Spiele {{ music }} musik"; + action_async = [ + { + service = "media_player.play_media"; + data_template = { + entity_id = "media_player.{{ _intent.siteId }}"; + media_content_id = builtins.readFile ./music_chooser.txt.j2; + media_content_type = "music"; + }; + } + ]; + }; + GetWeather = { + #speech.text = '' + # {{ states('sensor.openweathermap_weather') }} bei {{ states('sensor.openweathermap_temperature') }} Grad + #''; + speech.text = "{{ states('sensor.swr_prognose') }}"; + }; + }; + }; +} diff --git a/makefu/2configs/home/ham/intents/music_chooser.txt.j2 b/makefu/2configs/home/ham/intents/music_chooser.txt.j2 new file mode 100644 index 000000000..b66ed2721 --- /dev/null +++ b/makefu/2configs/home/ham/intents/music_chooser.txt.j2 @@ -0,0 +1,13 @@ +{% if music == "lounge" -%} +https://cast1.asurahosting.com/proxy/julien/stream.mp3 +{% elif music == "lassulus" -%} +http://radio.lassul.us:8000/radio.mp3 +{% elif music == "groove" -%} +http://ice2.somafm.com/groovesalad-128.mp3 +{% elif music == "swr3" -%} +https://liveradio.swr.de/sw282p3/swr3/play.mp3 +{% elif music == "swr1" -%} +https://liveradio.swr.de/sw282p3/swr1bw/play.mp3 +{% elif music == "radio" -%} +https://liveradio.swr.de/sw282p3/swr1bw/play.mp3 +{% endif %} diff --git a/makefu/2configs/home/ham/intents/statusbericht.txt.j2 b/makefu/2configs/home/ham/intents/statusbericht.txt.j2 new file mode 100644 index 000000000..c17ad455c --- /dev/null +++ b/makefu/2configs/home/ham/intents/statusbericht.txt.j2 @@ -0,0 +1,37 @@ +{% set arbeit_heute = is_state("binary_sensor.arbeitstag","on") -%} +{% set weekday = ['Montag','Dienstag','Mittwoch','Donnerstag','Freitag','Samstag','Sonntag'][now().weekday()] -%} +{% set is_friday = now().weekday() == 4 %} + +Dies ist deine Persönliche Zusammenfassung +{% set inside = states("sensor.wohnzimmer_temp_temperature") | float | round(2) -%} +{% set outside = states("sensor.dark_sky_temperature") | float | round(2) -%} +{% set arbeit_morgen = is_state("binary_sensor.arbeitstag_morgen","on") -%} + +Die Wetteraussichten: {{ states("sensor.dark_sky_hourly_summary") | replace(".","")}} bei {{ states("sensor.dark_sky_temperature") }} Grad mit {{ states("sensor.dark_sky_humidity") | round(0) }}% Luftfeuchtigkeit. +{% if states("calendar.abfall_papiermuell") == "on" %} +Heute ist Papiermuell, bring noch schnell dein Papier raus +{% endif %} +{% if states("calendar.abfall_restmuell") == "on" %} +Ausserdem ist heute Restmuell. +{% endif -%} + +{% if ( outside < inside ) and ( outside > 18 ) %} +Draussen ist es gerade {{ ((inside - outside) | round(1) )}} gerade kühler +{% endif -%} + +{% set current_count = state_attr("sensor.dwd_weather_warnings_current_warning_level", "warning_count") %} +{% for i in range(current_count) %} +{% set idx = i + 1 %} + {% set headline = state_attr("sensor.dwd_weather_warnings_current_warning_level", "warning_" ~ idx ~ "_headline") %} + {% set description = state_attr("sensor.dwd_weather_warnings_current_warning_level", "warning_" ~ idx ~ "_description") %} + {% set level = state_attr("sensor.dwd_weather_warnings_current_warning_level", "warning_" ~ idx ~ "_level") %} + {% set time_start = state_attr("sensor.dwd_weather_warnings_current_warning_level", "warning_" ~ idx ~ "_start") %} + {% set time_end = state_attr("sensor.dwd_weather_warnings_current_warning_level", "warning_" ~ idx ~ "_end") %} +Wetterwarnung {{idx}}: {{ headline }} Stufe {{level}} von {{ time_start.strftime("%H:%M") ~ " bis " ~ time_end.strftime("%H:%M") }} Uhr + +{{ description }} +{% endfor %} + +{% if is_friday %} +Endlich ist Freitag! +{% endif -%} diff --git a/makefu/2configs/home/ham/lib/default.nix b/makefu/2configs/home/ham/lib/default.nix index cf1c32abd..0d89d1e9e 100644 --- a/makefu/2configs/home/ham/lib/default.nix +++ b/makefu/2configs/home/ham/lib/default.nix @@ -27,12 +27,11 @@ in #} { delay.seconds = 1; } { delay = '' - {% set duration = state_attr("${entity}","media_duration") %} - {% set seconds = duration % 60 %} + {% set duration = state_attr("${entity}","media_duration") or 0 %} + {% set seconds = (duration % 60 ) %} {% set minutes = (duration / 60)|int % 60 %} {% set hours = (duration / 3600)|int %} {{ "%02i:%02i:%02i"|format(hours, minutes, seconds)}} - ''; } { diff --git a/makefu/2configs/home/ham/light/wohnzimmer.nix b/makefu/2configs/home/ham/light/wohnzimmer.nix index 554d1f8ce..7fc7af038 100644 --- a/makefu/2configs/home/ham/light/wohnzimmer.nix +++ b/makefu/2configs/home/ham/light/wohnzimmer.nix @@ -6,10 +6,30 @@ let wohnzimmer_deko = [ "light.wohnzimmer_fernseher_led_strip" # led um fernseher "light.wohnzimmer_lichterkette_led_strip" # led um fernsehwand - "light.kinderzimmer_lichterkette_licht" # led um fenster + "light.wohnzimmer_fenster_lichterkette_licht" # led um fenster ]; in { imports = [ ./tint_wohnzimmer.nix ]; + services.home-assistant.config.scene = [ + { name = "Wohnzimmer Abendlicht"; + id = "living_room_evening"; + entities = { + "light.wohnzimmer_komode_osram_light" = { + state = "on"; + brightness = 128; + }; + "light.wohnzimmer_schrank_osram_light" = { + state = "on"; + brightness = 128; + }; + "light.wohnzimmer_fenster_lichterkette_licht" = "on"; + "light.wohnzimmer_fernseher_led_strip" = { + state = "on"; + }; + }; + + } + ]; services.home-assistant.config.wled = {}; services.home-assistant.config.light = [ { @@ -22,6 +42,11 @@ in { name = "Wohnzimmer Deko"; entities = wohnzimmer_deko; } + { + platform = "group"; + name = "living_room_lights"; + entities = wohnzimmerbeleuchtung ++ wohnzimmer_deko; + } ]; } diff --git a/makefu/2configs/home/ham/media/firetv.nix b/makefu/2configs/home/ham/media/firetv.nix index fc33346cd..e2ac1ef76 100644 --- a/makefu/2configs/home/ham/media/firetv.nix +++ b/makefu/2configs/home/ham/media/firetv.nix @@ -3,11 +3,11 @@ let in { services.home-assistant.config = { notify = [ - { - platform = "nfandroidtv"; - name = "FireTV Wohnzimmer Notification"; - host = firetv_stick; - } + #{ + #platform = "nfandroidtv"; + #name = "FireTV Wohnzimmer Notification"; + #host = firetv_stick; + #} ]; media_player = [ #{ @@ -16,12 +16,12 @@ in { # host = firetv_stick; #} # Configuration needs to be done by hand via web interface "integration" - { platform = "androidtv"; - name = "FireTV Stick Android"; - device_class = "firetv"; - host = firetv_stick; - port = 5555; - } + #{ platform = "androidtv"; + # name = "FireTV Stick Android"; + # device_class = "firetv"; + # host = firetv_stick; + # port = 5555; + #} ]; }; } diff --git a/makefu/2configs/home/ham/mqtt.nix b/makefu/2configs/home/ham/mqtt.nix index 5e668e7a0..9c4b4147e 100644 --- a/makefu/2configs/home/ham/mqtt.nix +++ b/makefu/2configs/home/ham/mqtt.nix @@ -5,7 +5,7 @@ services.mosquitto = { enable = true; persistence = false; - settings.max_keepalive = 60; + settings.max_keepalive = 1060; listeners = [ { port = 1883; diff --git a/makefu/2configs/home/ham/multi/kurzzeitwecker.nix b/makefu/2configs/home/ham/multi/kurzzeitwecker.nix index a0748e205..1e6fae90c 100644 --- a/makefu/2configs/home/ham/multi/kurzzeitwecker.nix +++ b/makefu/2configs/home/ham/multi/kurzzeitwecker.nix @@ -9,128 +9,80 @@ let button = "sensor.zigbee_btn2_click"; notify = "notify.signal_home"; + # für {{ _intent.siteId }} - name of the rhasspy instance: arbeitszimmer in { services.home-assistant.config = { - timer.kurzzeitwecker = - { - name = "Zigbee Kurzzeitwecker"; - duration = 300; + automation = []; + timer.kurzzeitwecker = { + name = "Wecker Wohnung"; }; - script.add_5_minutes_to_kurzzeitwecker = - { - alias = "Add 5 minutes to kurzzeitwecker"; - sequence = [ - { service = "timer.pause"; - entity_id = "timer.kurzzeitwecker"; - } - { service = "timer.start"; - data_template = { - entity_id = "timer.kurzzeitwecker"; - duration = '' - {% set r = state_attr('timer.kurzzeitwecker', 'remaining') ~ '-0000' %} - {% set t = strptime(r, '%H:%M:%S.%f%z') %} - {{ (as_timestamp(t) + 300) | timestamp_custom('%H:%M:%S', false) }} - ''; - }; - } - ]; + timer.wecker_arbeitszimmer = { + name = "Wecker Arbeitszimmer"; }; - automation = - [ - { - alias = "Start Timer 5min"; - trigger = { - platform = "state"; - entity_id = button; - to = "single"; - }; - condition = - { condition = "state"; - entity_id = "timer.kurzzeitwecker"; - state = "idle"; - }; - + timer.wecker_wohnzimmer = { + name = "Wecker Wohnzimmer"; + }; + intent = {}; + intent_script = { + TimerjobStart = { + speech.text = '' + {% set h = hours|default('0')|string %} + {% set m = minutes|default('0')|string %} + {% if h == "0" %} + Wecker gestellt {{ m }} Minuten + {% elif m == "0" %} + Wecker gestellt {{ h }} Stunden + {% else %} + Wecker gestellt {{ h }} Stunden und {{ m }} Minuten + {% endif %} + ''; action = [ - { service = "timer.start"; - entity_id = "timer.kurzzeitwecker"; - data.duration = "00:05:00"; - } { - service = notify; - data.message = "Timer gestartet {{state_attr('timer.kurzzeitwecker', 'remaining') }}, verbleibend "; - } - ]; - } - { - alias = "Add Timer 5min"; - trigger = { - platform = "state"; - entity_id = button; - to = "single"; - }; - condition = - { condition = "state"; - entity_id = "timer.kurzzeitwecker"; - state = "active"; - }; + service = "timer.start"; + + data.entity_id = "timer.kurzzeitwecker"; + data.duration = '' + {% set h = hours|default("0")|int %} + {% set m = minutes|default("0")|int %} + {{ "%02d" | format(h) }}:{{ "%02d" | format(m) }}:00 + ''; - action = [ - { service = "homeassistant.turn_on"; - entity_id = "script.add_5_minutes_to_kurzzeitwecker"; - } - { - service = notify; - data.message = ''Timer um 5 minuten verlängert, {{ state_attr('timer.kurzzeitwecker', 'remaining') | truncate(9,True," ") }} verbleibend ''; } ]; - } - { - alias = "Stop timer on double click"; - trigger = [ - { - platform = "state"; - entity_id = button; - to = "double"; - } - { - platform = "state"; - entity_id = button; - to = "triple"; - } - ]; - condition = - { - condition = "state"; - entity_id = "timer.kurzzeitwecker"; - state = "active"; - }; - + }; + TimerjobRemaining = { + speech.text = '' + {% set timer = states('timer.kurzzeitwecker') %} + {% if timer == 'idle' %} + Wecker läuft nicht + {% elif timer == 'active' %} + {% set remaining = as_timestamp( state_attr('timer.kurzzeitwecker','finishes_at') )-( as_timestamp(now())) %} + {% set s = ((remaining % 60)) | int %} + {% set m = ((remaining % 3600) / 60) | int %} + {% set h = ((remaining % 86400) / 3600) | int %} + {% if h == 0 %} + Es verbleiben {{ m }} Minuten und {{ s }} Sekunden + {% elif m == 0 %} + Es verbleiben {{ h }} Stunden + {% elif m == 0 and h == 0 %} + Es verbleiben {{ s }} Sekunden + {% else %} + Es verbleiben {{ h }} Stunden {{ m }} Minuten + {% endif %} + {% endif %} + ''; + }; + TimerjobStop = { + speech.text = '' + Wecker gestoppt + ''; action = [ - { - service = "timer.cancel"; - entity_id = "timer.kurzzeitwecker"; - } - { - service = notify; - data.message = "Timer gestoppt, abgebrochen"; + { service = "timer.cancel"; + data.entity_id = "timer.kurzzeitwecker"; } ]; - } - { - alias = "Timer Finished"; - trigger = { - platform = "event"; - event_type = "timer.finished"; - event_data.entity_id = "timer.kurzzeitwecker"; - }; - action = [ - { - service = notify; - data.message = "Timer beendet"; - } - ]; - } - ]; + }; + }; }; } diff --git a/makefu/2configs/home/ham/sensor/outside.nix b/makefu/2configs/home/ham/sensor/outside.nix index e7467617b..061c4e981 100644 --- a/makefu/2configs/home/ham/sensor/outside.nix +++ b/makefu/2configs/home/ham/sensor/outside.nix @@ -40,5 +40,16 @@ { platform = "accuweather"; api_key = "!secret accuweather"; } + { platform = "scrape"; + resource = "https://www.swr.de/wetter/wetter-liste-swr-100.html"; + name = "SWR Prognose"; + select = "p[data-refresh=\"weather-headline\"]"; + } + { platform = "scrape"; + resource = "https://www.swr.de/wetter/wetter-liste-swr-100.html"; + name = "SWR Prognose Langtext"; + select = "p[data-refresh=\"weather-text\"]"; + } + ]; } diff --git a/makefu/2configs/home/jellyfin.nix b/makefu/2configs/home/jellyfin.nix index acfdb2599..e613a05fc 100644 --- a/makefu/2configs/home/jellyfin.nix +++ b/makefu/2configs/home/jellyfin.nix @@ -1,66 +1,34 @@ { lib, config, ... }: +let + port = 8096; +in { services.jellyfin.enable = true; - services.jellyfin.openFirewall = true; + # services.jellyfin.openFirewall = true; + networking.firewall.interfaces.wiregrill = { + allowedTCPPorts = [ 80 port 8920 ]; + allowedUDPPorts = [ 1900 7359 ]; + }; state = [ "/var/lib/jellyfin" ]; users.users.${config.services.jellyfin.user}.extraGroups = [ "download" "video" "render" ]; systemd.services.jellyfin = { - after = [ "media-cloud.mount" ]; serviceConfig = rec { + RequiresMountFor = [ "/media/cloud" ]; SupplementaryGroups = lib.mkForce [ "video" "render" "download" ]; UMask = lib.mkForce "0077"; - - - Type = lib.mkForce "simple"; - StateDirectory = lib.mkForce "jellyfin"; - StateDirectoryMode = lib.mkForce "0700"; - CacheDirectory = lib.mkForce "jellyfin"; - CacheDirectoryMode = lib.mkForce "0700"; - WorkingDirectory = lib.mkForce "/var/lib/jellyfin"; - Restart = lib.mkForce "on-failure"; - TimeoutSec = lib.mkForce 15; - SuccessExitStatus = lib.mkForce ["0" "143"]; - - # Security options: - NoNewPrivileges = lib.mkForce true; - SystemCallArchitectures = lib.mkForce "native"; - # AF_NETLINK needed because Jellyfin monitors the network connection - RestrictAddressFamilies = lib.mkForce [ "AF_UNIX" "AF_INET" "AF_INET6" "AF_NETLINK" ]; - RestrictNamespaces = lib.mkForce false; - RestrictRealtime = lib.mkForce true; - RestrictSUIDSGID = lib.mkForce true; - ProtectControlGroups = lib.mkForce false; - ProtectHostname = lib.mkForce true; - ProtectKernelLogs = lib.mkForce false; - ProtectKernelModules = lib.mkForce false; - ProtectKernelTunables = lib.mkForce false; - LockPersonality = lib.mkForce true; - PrivateTmp = lib.mkForce false; - # needed for hardware accelaration - PrivateDevices = lib.mkForce false; - PrivateUsers = lib.mkForce true; - RemoveIPC = lib.mkForce true; - - SystemCallFilter = lib.mkForce [ - "~@clock" - "~@aio" - "~@chown" - "~@cpu-emulation" - "~@debug" - "~@keyring" - "~@memlock" - "~@module" - "~@mount" - "~@obsolete" - "~@privileged" - "~@raw-io" - "~@reboot" - "~@setuid" - "~@swap" - ]; - SystemCallErrorNumber = lib.mkForce "EPERM"; }; }; + services.nginx.virtualHosts."jelly" = { + serverAliases = [ + "jelly.lan" "movies.lan" + "jelly.makefu.w" "makefu.omo.w" + ]; + + locations."/" = { + proxyPass = "http://localhost:${toString port}"; + proxyWebsockets = true; + }; + }; } diff --git a/makefu/2configs/home/music.nix b/makefu/2configs/home/music.nix index f3b9f50f1..b32af6207 100644 --- a/makefu/2configs/home/music.nix +++ b/makefu/2configs/home/music.nix @@ -9,8 +9,7 @@ in MusicFolder = "/media/cryptX/music/kinder"; Address = "0.0.0.0"; }; - systemd.services.navidrome.after = [ "media-cryptX.mount" "cryptsetup.target" -"local-fs.target" "remote-fs.target" ]; + systemd.services.navidrome.serviceConfig.RequiresMountFor = [ "/media/cryptX" ]; state = [ "/var/lib/navidrome" ]; # networking.firewall.allowedTCPPorts = [ 4040 ]; diff --git a/makefu/2configs/home/photoprism.nix b/makefu/2configs/home/photoprism.nix index 1cd04fd9a..2f8a86430 100644 --- a/makefu/2configs/home/photoprism.nix +++ b/makefu/2configs/home/photoprism.nix @@ -70,15 +70,18 @@ in PHOTOPRISM_HTTP_PORT = port; # Built-in Web server port PHOTOPRISM_HTTP_COMPRESSION = "gzip"; # Improves transfer speed and bandwidth utilization (none or gzip) PHOTOPRISM_DEBUG = "false"; # Run in debug mode (shows additional log messages) - PHOTOPRISM_PUBLIC = "true"; # No authentication required (disables password protection) + # PHOTOPRISM_PUBLIC = "true"; # No authentication required (disables password protection) PHOTOPRISM_READONLY = "false"; # Don't modify originals directory (reduced functionality) PHOTOPRISM_EXPERIMENTAL = "true"; # Enables experimental features - PHOTOPRISM_DISABLE_WEBDAV = "false"; # Disables built-in WebDAV server + # PHOTOPRISM_DISABLE_WEBDAV = "false"; # Disables built-in WebDAV server PHOTOPRISM_DISABLE_SETTINGS = "false"; # Disables Settings in Web UI PHOTOPRISM_DISABLE_TENSORFLOW = "false"; # Disables using TensorFlow for image classification PHOTOPRISM_DARKTABLE_PRESETS = "false"; # Enables Darktable presets and disables concurrent RAW conversion PHOTOPRISM_DETECT_NSFW = "false"; # Flag photos as private that MAY be offensive (requires TensorFlow) PHOTOPRISM_UPLOAD_NSFW = "true"; # Allow uploads that MAY be offensive + PHOTOPRISM_AUTH_MODE = "password"; + PHOTOPRISM_ADMIN_USER = "admin"; + PHOTOPRISM_ADMIN_PASSWORD = "admin"; #PHOTOPRISM_DATABASE_DRIVER = "postgres"; #PHOTOPRISM_DATABASE_SERVER = "postgres-prism:5432"; diff --git a/makefu/2configs/home/rhasspy/default.nix b/makefu/2configs/home/rhasspy/default.nix new file mode 100644 index 000000000..e3a0bcd28 --- /dev/null +++ b/makefu/2configs/home/rhasspy/default.nix @@ -0,0 +1,40 @@ +{ lib,config, ... }: +# uses alsa instead of pulseaduio server +let + profiles = "/var/lib/rhasspy"; +in +{ + systemd.services.docker-rhasspy.after = [ "network-online.target" ]; + + virtualisation.oci-containers.containers.rhasspy = { + image = "rhasspy/rhasspy:latest"; + + environment = { + TZ = "Europe/Berlin"; + PULSE_SERVER = "tcp:${ config.krebs.build.host.name }:4713"; + }; + + ports = [ + "12101:12101" + ]; + + volumes = [ + "/etc/localtime:/etc/localtime:ro" + "${profiles}:/profiles" + ]; + + cmd = [ "--user-profiles" "/profiles" "--profile" "de" ]; + extraOptions = [ + "--device=/dev/snd:/dev/snd" + "--group-add=audio" + ]; + }; + systemd.tmpfiles.rules = [ + "d ${profiles} 0770 root root - -" + ]; + + # required to allow rhasspy to connect to pulse server + # hardware.pulseaudio.enable = lib.mkForce false; + networking.firewall.allowedTCPPorts = [ 4713 ]; + +} diff --git a/makefu/2configs/home/rhasspy/led-control.nix b/makefu/2configs/home/rhasspy/led-control.nix new file mode 100644 index 000000000..b4efe028a --- /dev/null +++ b/makefu/2configs/home/rhasspy/led-control.nix @@ -0,0 +1,23 @@ +{ pkgs, ... }: +let + cfg = pkgs.writeText "hcl-config.json" (builtins.toJSON { + engine = "rhasspy"; + pathToConfig = "/var/lib/rhasspy/de/profile.json"; + hardware = "respeaker4MicArray"; + pattern = "fake-name"; + enableDoA = false; + }); +in { + systemd.services.HermesLedControl = { + description = "Led Server for ReSpeaker 4-array"; + after = [ "network-online.target" "docker-rhasspy.service" ] ; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + # User = "nobody"; # need a user with permissions to run nix-shell + ExecStart = "${pkgs.HermesLedControl}/bin/HermesLedControl --hermesLedControlConfig=${toString cfg}"; + Restart = "always"; + RestartSec = 10; + PrivateTmp = true; + }; + }; +} diff --git a/makefu/2configs/home/zigbee2mqtt/default.nix b/makefu/2configs/home/zigbee2mqtt/default.nix index 1c4582ed5..8bb8a929b 100644 --- a/makefu/2configs/home/zigbee2mqtt/default.nix +++ b/makefu/2configs/home/zigbee2mqtt/default.nix @@ -32,6 +32,10 @@ in include_device_information = true; client_id = "zigbee2mqtt"; }; + availability = { + active.timeout = 10; + passive.timeout = 1500; + }; frontend = { port = webport; }; diff --git a/makefu/2configs/hw/cdrip.nix b/makefu/2configs/hw/cdrip.nix new file mode 100644 index 000000000..1c0bf9c17 --- /dev/null +++ b/makefu/2configs/hw/cdrip.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: +{ + users.users.makefu = { + extraGroups = [ "cdrom" ]; + packages = [ pkgs.glyr pkgs.abcde ]; + }; +} diff --git a/makefu/2configs/hw/pseyecam.nix b/makefu/2configs/hw/pseyecam.nix new file mode 100644 index 000000000..029ee7c9c --- /dev/null +++ b/makefu/2configs/hw/pseyecam.nix @@ -0,0 +1,6 @@ +# https://bugzilla.kernel.org/show_bug.cgi?id=198129 +{ + boot.extraModprobeConfig = '' + options snd_usb_audio ignore_ctl_error=1 + ''; +} diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index 8d3e17c7f..bbed3f430 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -37,7 +37,7 @@ emulateWheel = true; }; - services.tlp.enable = true; + services.tlp.enable = ! config.services.power-profiles-daemon.enable; services.tlp.settings = { # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery START_CHARGE_THRESH_BAT0 = 95; diff --git a/makefu/2configs/kdeconnect.nix b/makefu/2configs/kdeconnect.nix index ca025ee43..b9110dee8 100644 --- a/makefu/2configs/kdeconnect.nix +++ b/makefu/2configs/kdeconnect.nix @@ -1,6 +1,6 @@ {pkgs, ... }: { - environment.systemPackages = with pkgs; [ kdeconnect ]; - networking.firewall.allowedUDPPortRanges = [ { from = 1714; to = 1764; } ]; - networking.firewall.allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; + environment.systemPackages = with pkgs; [ kdeconnect ]; + networking.firewall.allowedUDPPortRanges = [ { from = 1714; to = 1764; } ]; + networking.firewall.allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; } diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix index a7181cfe9..296201808 100644 --- a/makefu/2configs/main-laptop.nix +++ b/makefu/2configs/main-laptop.nix @@ -12,7 +12,7 @@ let in { imports = [ ./gui/base.nix - ./gui/look-up.nix + # ./gui/look-up.nix ./fetchWallpaper.nix ./zsh-user.nix ./tools/core.nix @@ -22,54 +22,8 @@ in { users.users.${config.krebs.build.user.name}.extraGroups = [ "dialout" ]; - krebs.power-action = let - #speak = "XDG_RUNTIME_DIR=/run/user/$(id -u) ${pkgs.espeak}/bin/espeak"; # when run as user - speak = "${pkgs.espeak}/bin/espeak"; # systemwide pulse - whisper = text: ''${speak} -v +whisper -s 110 "${text}"''; - - note = pkgs.writeDash "note-as-user" '' - eval "export $(egrep -z DBUS_SESSION_BUS_ADDRESS /proc/$(${pkgs.procps}/bin/pgrep -u ${user} ${window-manager})/environ)" - ${pkgs.libnotify}/bin/notify-send "$@"; - ''; - in { - enable = true; - inherit user; - plans.low-battery = { - upperLimit = 25; - lowerLimit = 15; - charging = false; - action = pkgs.writeDash "low-speak" '' - ${whisper "power level low, please plug me in"} - ''; - }; - plans.nag-harder = { - upperLimit = 15; - lowerLimit = 5; - charging = false; - action = pkgs.writeDash "crit-speak" '' - ${note} Battery -u critical -t 60000 "Power level critical, do something!" - ${whisper "Power level critical, do something"} - ''; - }; - plans.last-chance = { - upperLimit = 5; - lowerLimit = 3; - charging = false; - action = pkgs.writeDash "suspend-wrapper" '' - ${note} Battery -u crit "You've had your chance, suspend in 5 seconds" - ${concatMapStringsSep "\n" (i: '' - ${note} -u critical -t 1000 ${toString i} - ${speak} ${toString i} & - sleep 1 - '') - [ 5 4 3 2 1 ]} - /var/run/wrappers/bin/sudo ${pkgs.systemd}/bin/systemctl suspend - ''; - }; - }; security.sudo.extraConfig = "${config.krebs.power-action.user} ALL= (root) NOPASSWD: ${pkgs.systemd}/bin/systemctl suspend"; - services.redshift.enable = true; location.latitude = 48.7; location.longitude = 9.1; diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix index 2f44d8cc1..a925b9f78 100644 --- a/makefu/2configs/nginx/euer.wiki.nix +++ b/makefu/2configs/nginx/euer.wiki.nix @@ -22,6 +22,8 @@ let in { state = [ base-dir ]; + # hotfix for broken wiki after reboot + systemd.services."phpfpm-euer-wiki".serviceConfig.RequiresMountFor = [ "/media/cloud" ]; services.phpfpm = { pools.euer-wiki = { inherit user group; diff --git a/makefu/2configs/overlays/prefer-remote-fetch.nix b/makefu/2configs/overlays/prefer-remote-fetch.nix new file mode 100644 index 000000000..d332e6723 --- /dev/null +++ b/makefu/2configs/overlays/prefer-remote-fetch.nix @@ -0,0 +1,4 @@ +self: super: + if super ? prefer-remote-fetch then + (super.prefer-remote-fetch self super) +else super diff --git a/makefu/2configs/share/gum-client.nix b/makefu/2configs/share/gum-client.nix index 5192ef515..09a3dd733 100644 --- a/makefu/2configs/share/gum-client.nix +++ b/makefu/2configs/share/gum-client.nix @@ -6,7 +6,7 @@ let "x-systemd.idle-timeout=300" "x-systemd.mount-timeout=60s" ]; - host = "gum"; #TODO + host = "gum.w"; #TODO in { boot.extraModprobeConfig = '' options cifs CIFSMaxBufSize=130048 diff --git a/makefu/2configs/share/hetzner-client.nix b/makefu/2configs/share/hetzner-client.nix index f7afc6d57..9713b776a 100644 --- a/makefu/2configs/share/hetzner-client.nix +++ b/makefu/2configs/share/hetzner-client.nix @@ -3,7 +3,7 @@ with <stockholm/lib>; let automount_opts = - ["nofail" "noempty" + ["nofail" ]; host = "u288834.your-storagebox.de"; in { diff --git a/makefu/2configs/share/omo.nix b/makefu/2configs/share/omo.nix index 4756ccf81..16959bc90 100644 --- a/makefu/2configs/share/omo.nix +++ b/makefu/2configs/share/omo.nix @@ -9,6 +9,7 @@ let in { # samba share /media/crypt1/share + systemd.services.samba-smbd.serviceConfig.RequiresMountFor = [ "/media/cryptX" ]; users.users.smbguest = { name = "smbguest"; uid = config.ids.uids.smbguest; diff --git a/makefu/2configs/shiori.nix b/makefu/2configs/shiori.nix index cbccdc1f5..94a5e9dc8 100644 --- a/makefu/2configs/shiori.nix +++ b/makefu/2configs/shiori.nix @@ -4,19 +4,10 @@ let statedir = "/var/lib/shiori"; in { state = [ "/var/lib/private/shiori" ]; # when using dynamicUser - systemd.services.shiori = { - description = "Shiori Server"; - after = [ "network-online.target" ]; - environment = { - SHIORI_DIR = statedir; - }; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - DynamicUser = true; - StateDirectory = "shiori"; - ExecStart = "${pkgs.shiori}/bin/shiori serve -a 127.0.0.1 -p ${toString web_port}"; - PrivateTmp = true; - }; + services.shiori = { + enable = true; + port = web_port; + address = "127.0.0.1"; }; services.nginx.virtualHosts."bookmark.euer.krebsco.de" = { forceSSL = true; diff --git a/makefu/2configs/systemdultras/ircbot.nix b/makefu/2configs/systemdultras/ircbot.nix index df9741d9c..9ec7a27a4 100644 --- a/makefu/2configs/systemdultras/ircbot.nix +++ b/makefu/2configs/systemdultras/ircbot.nix @@ -26,8 +26,8 @@ feed = "https://www.reddit.com/r/systemd/.rss"; delay = 272; }; - r-pid_eins-twitter = { - feed = "http://rss.makefu.r/?action=display&bridge=Twitter&context=By+username&u=pid_eins&format=Atom"; + r-pid_eins-mastodon = { + feed = "https://mastodon.social/users/pid_eins.rss"; delay = 621; }; }; diff --git a/makefu/2configs/tools/core-gui.nix b/makefu/2configs/tools/core-gui.nix index 57c8c96f1..bcd3022e8 100644 --- a/makefu/2configs/tools/core-gui.nix +++ b/makefu/2configs/tools/core-gui.nix @@ -17,5 +17,6 @@ xorg.xbacklight scrot libnotify + thunderbird ]; } diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index 2b9baa9c5..0747934b8 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -14,6 +14,7 @@ gi flashrom mosquitto + pwqgen-ger # esphome # broken # nix related diff --git a/makefu/2configs/tools/games.nix b/makefu/2configs/tools/games.nix index 507887cff..57a1dba1e 100644 --- a/makefu/2configs/tools/games.nix +++ b/makefu/2configs/tools/games.nix @@ -9,5 +9,6 @@ wine pkg2zip steam + steam-run ]; } diff --git a/makefu/2configs/wireguard/server.nix b/makefu/2configs/wireguard/server.nix index bda250702..bb3198178 100644 --- a/makefu/2configs/wireguard/server.nix +++ b/makefu/2configs/wireguard/server.nix @@ -17,7 +17,6 @@ in { # wireguard server externalInterface = ext-if; internalInterfaces = [ "wg0" ]; }; - networking.wireguard.interfaces.wg0 = { ips = [ "10.244.0.1/24" ]; listenPort = 51820; diff --git a/makefu/2configs/wireguard/wiregrill.nix b/makefu/2configs/wireguard/wiregrill.nix index 082090755..922dc8c0f 100644 --- a/makefu/2configs/wireguard/wiregrill.nix +++ b/makefu/2configs/wireguard/wiregrill.nix @@ -13,16 +13,75 @@ in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) { boot.kernel.sysctl = mkIf isRouter { "net.ipv6.conf.all.forwarding" = 1; + "net.ipv4.conf.all.forwarding" = 1; }; + #networking.nat = mkIf isRouter { + # enable = true; + # enableIPv6 = true; + # externalInterface = ext-if; + # internalInterfaces = [ "wiregrill" ]; + #}; networking.firewall = { allowedUDPPorts = [ self.wireguard.port ]; - extraCommands = '' - iptables -A FORWARD -i wiregrill -o wiregrill -j ACCEPT + interfaces.wiregrill = mkIf isRouter { + allowedUDPPorts = [ 53 ]; + allowedTCPPorts = [ 53 ]; + }; + }; + + services.dnsmasq = mkIf isRouter { + enable = true; + resolveLocalQueries = false; + extraConfig = /* dnsmasq */ '' + bind-interfaces + interface=retiolum,wiregrill ''; + servers = [ "1.1.1.1" ]; }; - networking.wireguard.interfaces.wiregrill = { + networking.wireguard.interfaces.wiregrill = let + ipt = "${pkgs.iptables}/bin/iptables"; + ip6 = "${pkgs.iptables}/bin/ip6tables"; + in { + postSetup = '' + ${ipt} -A FORWARD -i wiregrill -o retiolum -j ACCEPT + ${ipt} -A FORWARD -i wiregrill -o wiregrill -j ACCEPT + ${ipt} -A FORWARD -o wiregrill -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT + ${ip6} -A FORWARD -i wiregrill -o retiolum -j ACCEPT + ${ip6} -A FORWARD -i retiolum -o wiregrill -j ACCEPT + ${ip6} -A FORWARD -i wiregrill -o wiregrill -j ACCEPT + ${ip6} -A FORWARD -o wiregrill -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT + + '' + (optionalString isRouter '' + #${ipt} -t nat -A PREROUTING -s 10.244.245.0/24 -j ACCEPT + #${ipt} -t nat -A POSTROUTING -s 10.244.245.0/24 ! -d 10.244.245.0/24 -j MASQUERADE + + #${ip6} -t nat -A PREROUTING -s 42:1::/32 -j ACCEPT + #${ip6} -t nat -A POSTROUTING -s 42:1::/32 ! -d 42:1::/48 -j MASQUERADE + ''); + + # This undoes the above command + postShutdown = '' + ${ipt} -D FORWARD -i wiregrill -o retiolum -j ACCEPT + ${ipt} -D FORWARD -i retiolum -o wiregrill -j ACCEPT + ${ipt} -D FORWARD -i wiregrill -o wiregrill -j ACCEPT + ${ipt} -D FORWARD -i wiregrill -o wiregrill -j ACCEPT + ${ipt} -D FORWARD -o wiregrill -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT + + ${ip6} -D FORWARD -i wiregrill -o retiolum -j ACCEPT + ${ip6} -D FORWARD -i retiolum -o wiregrill -j ACCEPT + ${ip6} -D FORWARD -i wiregrill -o wiregrill -j ACCEPT + ${ip6} -D FORWARD -o wiregrill -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT + + '' + (optionalString isRouter '' + + ${ipt} -t nat -D PREROUTING -s 10.244.245.0/24 -j ACCEPT + ${ipt} -t nat -D POSTROUTING -s 10.244.245.0/24 -j MASQUERADE + + #${ip6} -t nat -D PREROUTING -s 42:1::/32 -j ACCEPT + #${ip6} -t nat -D POSTROUTING -s 42:1::/32 ! -d 42:1::/48 -j MASQUERADE + '' ); ips = (optional (!isNull self.ip4) self.ip4.addr) ++ (optional (!isNull self.ip6) self.ip6.addr); diff --git a/makefu/5pkgs/HermesLedControl/default.nix b/makefu/5pkgs/HermesLedControl/default.nix index 88aed898d..77164f568 100644 --- a/makefu/5pkgs/HermesLedControl/default.nix +++ b/makefu/5pkgs/HermesLedControl/default.nix @@ -1,12 +1,16 @@ { lib, pkgs, python3Packages, makeWrapper, ... }: # How to use: -# create configuration .config/HermesLedControl/configuration.yml: +# create configuration configuration.yml: # engine: "rhasspy" # pathToConfig: "/var/lib/rhasspy/de/profile.json" # hardware: "respeaker4MicArray" # pattern: "fake-name" # enableDoA: false +# and run HermesLedControl --hermesLedControlConfig path-to-config.yml + +# all available config options can be see in: +# result/result/lib/HermesLedControl/models/Configuration.py with python3Packages; buildPythonApplication rec { diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 66a8d99d1..c057d1470 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -44,6 +44,7 @@ in { alsa-hdspconf = callPackage ./custom/alsa-tools { alsaToolTarget="hdspconf";}; alsa-hdspmixer = callPackage ./custom/alsa-tools { alsaToolTarget="hdspmixer";}; alsa-hdsploader = callPackage ./custom/alsa-tools { alsaToolTarget="hdsploader";}; + brother_ql_web = (builtins.getFlake "github:makefu/brother_ql_web?rev=a3f8625f48111da8cd6f8e562c966cdca445b82d").packages.x86_64-linux.default; qcma = super.pkgs.libsForQt5.callPackage ./custom/qcma { }; inherit (callPackage ./devpi {}) devpi-web ; jellyfin = unstable.jellyfin; diff --git a/makefu/5pkgs/seeed-voicecard/default.nix b/makefu/5pkgs/seeed-voicecard/default.nix new file mode 100644 index 000000000..85038ffc1 --- /dev/null +++ b/makefu/5pkgs/seeed-voicecard/default.nix @@ -0,0 +1,46 @@ +{ pkgs, lib, fetchFromGitHub, fetchpatch, kernel, ... }: + +pkgs.stdenv.mkDerivation rec { + name = "seeed-voicecard-${version}-module-${kernel.modDirVersion}"; + version = "v4.1-post"; + + src = fetchFromGitHub { + owner = "respeaker"; + repo = "seeed-voicecard"; + rev = "c52606626de050bdad85803d7e427a64cb0cf05c"; + hash = "sha256-sFReX9Nz9TDRvheKfPijRw1wQ++jJUk5+lOwVmfx3wA="; + }; + + #preConfigure = '' + # substituteInPlace Makefile --replace "snd-soc-wm8960-objs := wm8960.o" "" + # substituteInPlace Makefile --replace "obj-m += snd-soc-wm8960.o" "" + #''; + + KERNELDIR = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"; + + NIX_CFLAGS = ["-Wno-error=cpp"]; + + patches = [ + (fetchpatch { url = "https://patch-diff.githubusercontent.com/raw/respeaker/seeed-voicecard/pull/323.patch"; hash = "sha256-coa0ZXDAGYxxi4ShL1HpOebfwOSmIpfdbEIYZtBWlYI="; }) + ]; + + nativeBuildInputs = [ pkgs.perl ] ++ kernel.moduleBuildDependencies; + buildInputs = [ pkgs.alsa-lib ]; + + buildPhase = '' + make -C $KERNELDIR M=$(pwd) modules + make -C ac108_plugin libasound_module_pcm_ac108.so + sed -i "s/brcm,bcm2708/raspberrypi/" *.dts + ''; + installPhase = '' + mkdir -p $out/lib/modules/${kernel.modDirVersion}/sound/soc/codecs + mkdir -p $out/lib/modules/${kernel.modDirVersion}/sound/soc/bcm + cp snd-soc-wm8960.ko $out/lib/modules/${kernel.modDirVersion}/sound/soc/codecs + cp snd-soc-ac108.ko $out/lib/modules/${kernel.modDirVersion}/sound/soc/codecs + cp snd-soc-seeed-voicecard.ko $out/lib/modules/${kernel.modDirVersion}/sound/soc/bcm + mkdir $out/lib/dts $out/lib/alsa-lib + cp *.dts $out/lib/dts + cp ac108_plugin/libasound_module_pcm_ac108.so $out/lib/alsa-lib + + ''; +} diff --git a/makefu/5pkgs/shiori/default.nix b/makefu/5pkgs/shiori/default.nix deleted file mode 100644 index 7de1e5ae1..000000000 --- a/makefu/5pkgs/shiori/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ buildGoPackage, fetchFromGitHub }: -let - builder = buildGoPackage; -in -builder rec { - name = "shiori-${version}"; - version = "1.6.0-warc"; - goPackagePath = "github.com/go-shiori/shiori"; - src = fetchFromGitHub { - owner = "go-shiori"; - repo = "shiori"; - rev = "83f133dd07bf661d3c4cf03043392100da489559"; - sha256 = "02b17hjbh4w0ip0snd8hmdjmbc2w1pv9sws9cf9r8w09c225nw2i"; - }; - goDeps = ./deps.nix; -} diff --git a/makefu/5pkgs/shiori/deps.nix b/makefu/5pkgs/shiori/deps.nix deleted file mode 100644 index 67d237fa9..000000000 --- a/makefu/5pkgs/shiori/deps.nix +++ /dev/null @@ -1,570 +0,0 @@ -# file generated from go.mod using vgo2nix (https://github.com/adisbladis/vgo2nix) -[ - { - goPackagePath = "github.com/BurntSushi/toml"; - fetch = { - type = "git"; - url = "https://github.com/BurntSushi/toml"; - rev = "v0.3.1"; - sha256 = "1fjdwwfzyzllgiwydknf1pwjvy49qxfsczqx5gz3y0izs7as99j6"; - }; - } - { - goPackagePath = "github.com/PuerkitoBio/goquery"; - fetch = { - type = "git"; - url = "https://github.com/PuerkitoBio/goquery"; - rev = "v1.5.0"; - sha256 = "1fqf4rs66wy02nxz6w4mvs2qawf2j8srz17i294v64y8gvxisp56"; - }; - } - { - goPackagePath = "github.com/andybalholm/cascadia"; - fetch = { - type = "git"; - url = "https://github.com/andybalholm/cascadia"; - rev = "v1.0.0"; - sha256 = "09j8cavbhqqdxjqrkwbc40g8p0i49zf3184rpjm5p2rjbprcghcc"; - }; - } - { - goPackagePath = "github.com/armon/consul-api"; - fetch = { - type = "git"; - url = "https://github.com/armon/consul-api"; - rev = "eb2c6b5be1b6"; - sha256 = "1j6fdr1sg36qy4n4xjl7brq739fpm5npq98cmvklzjc9qrx98nk9"; - }; - } - { - goPackagePath = "github.com/coreos/etcd"; - fetch = { - type = "git"; - url = "https://github.com/coreos/etcd"; - rev = "v3.3.10"; - sha256 = "1x2ii1hj8jraba8rbxz6dmc03y3sjxdnzipdvg6fywnlq1f3l3wl"; - }; - } - { - goPackagePath = "github.com/coreos/go-etcd"; - fetch = { - type = "git"; - url = "https://github.com/coreos/go-etcd"; - rev = "v2.0.0"; - sha256 = "1xb34hzaa1lkbq5vkzy9vcz6gqwj7hp6cdbvyack2bf28dwn33jj"; - }; - } - { - goPackagePath = "github.com/coreos/go-semver"; - fetch = { - type = "git"; - url = "https://github.com/coreos/go-semver"; - rev = "v0.2.0"; - sha256 = "1gghi5bnqj50hfxhqc1cxmynqmh2yk9ii7ab9gsm75y5cp94ymk0"; - }; - } - { - goPackagePath = "github.com/cpuguy83/go-md2man"; - fetch = { - type = "git"; - url = "https://github.com/cpuguy83/go-md2man"; - rev = "v1.0.10"; - sha256 = "1bqkf2bvy1dns9zd24k81mh2p1zxsx2nhq5cj8dz2vgkv1xkh60i"; - }; - } - { - goPackagePath = "github.com/davecgh/go-spew"; - fetch = { - type = "git"; - url = "https://github.com/davecgh/go-spew"; - rev = "v1.1.1"; - sha256 = "0hka6hmyvp701adzag2g26cxdj47g21x6jz4sc6jjz1mn59d474y"; - }; - } - { - goPackagePath = "github.com/disintegration/imaging"; - fetch = { - type = "git"; - url = "https://github.com/disintegration/imaging"; - rev = "v1.6.0"; - sha256 = "1as2r4z6303s528fhcfm6ybm1an8xhly9vr0fqk40y05x3x4h92x"; - }; - } - { - goPackagePath = "github.com/fatih/color"; - fetch = { - type = "git"; - url = "https://github.com/fatih/color"; - rev = "v1.7.0"; - sha256 = "0v8msvg38r8d1iiq2i5r4xyfx0invhc941kjrsg5gzwvagv55inv"; - }; - } - { - goPackagePath = "github.com/fsnotify/fsnotify"; - fetch = { - type = "git"; - url = "https://github.com/fsnotify/fsnotify"; - rev = "v1.4.7"; - sha256 = "07va9crci0ijlivbb7q57d2rz9h27zgn2fsm60spjsqpdbvyrx4g"; - }; - } - { - goPackagePath = "github.com/go-shiori/dom"; - fetch = { - type = "git"; - url = "https://github.com/go-shiori/dom"; - rev = "6867c1fcf154"; - sha256 = "10lhp58qy798vs5mazkhpxq4s5g42j2hps61y7c1npabp17k7zfm"; - }; - } - { - goPackagePath = "github.com/go-shiori/go-readability"; - fetch = { - type = "git"; - url = "https://github.com/go-shiori/go-readability"; - rev = "5413e9c4ec86"; - sha256 = "1bhr5chria90v0iwr4rwgvid7cr6aj5r458cmv9f6idpylx5dxl3"; - }; - } - { - goPackagePath = "github.com/go-shiori/warc"; - fetch = { - type = "git"; - url = "https://github.com/go-shiori/warc"; - rev = "7b3c5582fd83"; - sha256 = "0cgwfbiv83mswl1sxqrycn9fsrc3z8ms2q5rm6mvr7rsp3v1m6g4"; - }; - } - { - goPackagePath = "github.com/go-sql-driver/mysql"; - fetch = { - type = "git"; - url = "https://github.com/go-sql-driver/mysql"; - rev = "v1.4.1"; - sha256 = "1fvsvwc1v2i0gqn01mynvi1shp5xm0xaym6xng09fcbqb56lbjx1"; - }; - } - { - goPackagePath = "github.com/gofrs/uuid"; - fetch = { - type = "git"; - url = "https://github.com/gofrs/uuid"; - rev = "v3.2.0"; - sha256 = "1q63mp7bznhfgyw133c0wc0hpcj1cq9bcf7w1f8r6inkcrils1fz"; - }; - } - { - goPackagePath = "github.com/golang/protobuf"; - fetch = { - type = "git"; - url = "https://github.com/golang/protobuf"; - rev = "v1.3.1"; - sha256 = "15am4s4646qy6iv0g3kkqq52rzykqjhm4bf08dk0fy2r58knpsyl"; - }; - } - { - goPackagePath = "github.com/hashicorp/hcl"; - fetch = { - type = "git"; - url = "https://github.com/hashicorp/hcl"; - rev = "v1.0.0"; - sha256 = "0q6ml0qqs0yil76mpn4mdx4lp94id8vbv575qm60jzl1ijcl5i66"; - }; - } - { - goPackagePath = "github.com/inconshreveable/mousetrap"; - fetch = { - type = "git"; - url = "https://github.com/inconshreveable/mousetrap"; - rev = "v1.0.0"; - sha256 = "1mn0kg48xkd74brf48qf5hzp0bc6g8cf5a77w895rl3qnlpfw152"; - }; - } - { - goPackagePath = "github.com/jmoiron/sqlx"; - fetch = { - type = "git"; - url = "https://github.com/jmoiron/sqlx"; - rev = "v1.2.0"; - sha256 = "0pmi2asx157f5738g19fzyxb9g8yyfbpjyh2a2ykr9mafvp60rfd"; - }; - } - { - goPackagePath = "github.com/julienschmidt/httprouter"; - fetch = { - type = "git"; - url = "https://github.com/julienschmidt/httprouter"; - rev = "v1.2.0"; - sha256 = "1k8bylc9s4vpvf5xhqh9h246dl1snxrzzz0614zz88cdh8yzs666"; - }; - } - { - goPackagePath = "github.com/konsorten/go-windows-terminal-sequences"; - fetch = { - type = "git"; - url = "https://github.com/konsorten/go-windows-terminal-sequences"; - rev = "v1.0.2"; - sha256 = "09mn209ika7ciy87xf2x31dq5fnqw39jidgaljvmqxwk7ff1hnx7"; - }; - } - { - goPackagePath = "github.com/lib/pq"; - fetch = { - type = "git"; - url = "https://github.com/lib/pq"; - rev = "v1.1.1"; - sha256 = "0g64wlg1l1ybq4x44idksl4pgm055s58jxc6r6x4qhqm5q76h0km"; - }; - } - { - goPackagePath = "github.com/magiconair/properties"; - fetch = { - type = "git"; - url = "https://github.com/magiconair/properties"; - rev = "v1.8.0"; - sha256 = "1a10362wv8a8qwb818wygn2z48lgzch940hvpv81hv8gc747ajxn"; - }; - } - { - goPackagePath = "github.com/mattn/go-colorable"; - fetch = { - type = "git"; - url = "https://github.com/mattn/go-colorable"; - rev = "v0.1.1"; - sha256 = "0l640974j804c1yyjfgyxqlsivz0yrzmbql4mhcw2azryigkp08p"; - }; - } - { - goPackagePath = "github.com/mattn/go-isatty"; - fetch = { - type = "git"; - url = "https://github.com/mattn/go-isatty"; - rev = "v0.0.7"; - sha256 = "1i77aq4gf9as03m8fpfh8fq49n4z9j7548blrcsidm1xhslzk5xd"; - }; - } - { - goPackagePath = "github.com/mattn/go-sqlite3"; - fetch = { - type = "git"; - url = "https://github.com/mattn/go-sqlite3"; - rev = "v1.10.0"; - sha256 = "1zmz6asplixfihxhj11spgfs0v3xzb3nv0hlq6n6zsg781ni31xx"; - }; - } - { - goPackagePath = "github.com/mitchellh/go-homedir"; - fetch = { - type = "git"; - url = "https://github.com/mitchellh/go-homedir"; - rev = "v1.1.0"; - sha256 = "0ydzkipf28hwj2bfxqmwlww47khyk6d152xax4bnyh60f4lq3nx1"; - }; - } - { - goPackagePath = "github.com/mitchellh/mapstructure"; - fetch = { - type = "git"; - url = "https://github.com/mitchellh/mapstructure"; - rev = "v1.1.2"; - sha256 = "03bpv28jz9zhn4947saqwi328ydj7f6g6pf1m2d4m5zdh5jlfkrr"; - }; - } - { - goPackagePath = "github.com/muesli/go-app-paths"; - fetch = { - type = "git"; - url = "https://github.com/muesli/go-app-paths"; - rev = "913f7f7ac60f"; - sha256 = "0fwg2l5ypw7bm9fmgc4asb7hj5bhqq0lgw68nadm6xljh2vw594m"; - }; - } - { - goPackagePath = "github.com/patrickmn/go-cache"; - fetch = { - type = "git"; - url = "https://github.com/patrickmn/go-cache"; - rev = "v2.1.0"; - sha256 = "10020inkzrm931r4bixf8wqr9n39wcrb78vfyxmbvjavvw4zybgs"; - }; - } - { - goPackagePath = "github.com/pelletier/go-toml"; - fetch = { - type = "git"; - url = "https://github.com/pelletier/go-toml"; - rev = "v1.2.0"; - sha256 = "1fjzpcjng60mc3a4b2ql5a00d5gah84wj740dabv9kq67mpg8fxy"; - }; - } - { - goPackagePath = "github.com/pmezard/go-difflib"; - fetch = { - type = "git"; - url = "https://github.com/pmezard/go-difflib"; - rev = "v1.0.0"; - sha256 = "0c1cn55m4rypmscgf0rrb88pn58j3ysvc2d0432dp3c6fqg6cnzw"; - }; - } - { - goPackagePath = "github.com/russross/blackfriday"; - fetch = { - type = "git"; - url = "https://github.com/russross/blackfriday"; - rev = "v1.5.2"; - sha256 = "0jzbfzcywqcrnym4gxlz6nphmm1grg6wsl4f0r9x384rn83wkj7c"; - }; - } - { - goPackagePath = "github.com/sergi/go-diff"; - fetch = { - type = "git"; - url = "https://github.com/sergi/go-diff"; - rev = "v1.0.0"; - sha256 = "0swiazj8wphs2zmk1qgq75xza6m19snif94h2m6fi8dqkwqdl7c7"; - }; - } - { - goPackagePath = "github.com/shurcooL/httpfs"; - fetch = { - type = "git"; - url = "https://github.com/shurcooL/httpfs"; - rev = "74dc9339e414"; - sha256 = "19iyk75yfl83mlnvrr92s59n9j6968mpdrdg5cj78a81nfd08rv5"; - }; - } - { - goPackagePath = "github.com/shurcooL/vfsgen"; - fetch = { - type = "git"; - url = "https://github.com/shurcooL/vfsgen"; - rev = "6a9ea43bcacd"; - sha256 = "13i8wz234qr0fggsx71yhc76q0ka5lbslvira1xb71fpx2g97a50"; - }; - } - { - goPackagePath = "github.com/sirupsen/logrus"; - fetch = { - type = "git"; - url = "https://github.com/sirupsen/logrus"; - rev = "v1.4.2"; - sha256 = "087k2lxrr9p9dh68yw71d05h5g9p5v26zbwd6j7lghinjfaw334x"; - }; - } - { - goPackagePath = "github.com/spf13/afero"; - fetch = { - type = "git"; - url = "https://github.com/spf13/afero"; - rev = "v1.1.2"; - sha256 = "0miv4faf5ihjfifb1zv6aia6f6ik7h1s4954kcb8n6ixzhx9ck6k"; - }; - } - { - goPackagePath = "github.com/spf13/cast"; - fetch = { - type = "git"; - url = "https://github.com/spf13/cast"; - rev = "v1.3.0"; - sha256 = "0xq1ffqj8y8h7dcnm0m9lfrh0ga7pssnn2c1dnr09chqbpn4bdc5"; - }; - } - { - goPackagePath = "github.com/spf13/cobra"; - fetch = { - type = "git"; - url = "https://github.com/spf13/cobra"; - rev = "v0.0.5"; - sha256 = "0z4x8js65mhwg1gf6sa865pdxfgn45c3av9xlcc1l3xjvcnx32v2"; - }; - } - { - goPackagePath = "github.com/spf13/jwalterweatherman"; - fetch = { - type = "git"; - url = "https://github.com/spf13/jwalterweatherman"; - rev = "v1.0.0"; - sha256 = "093fmmvavv84pv4q84hav7ph3fmrq87bvspjj899q0qsx37yvdr8"; - }; - } - { - goPackagePath = "github.com/spf13/pflag"; - fetch = { - type = "git"; - url = "https://github.com/spf13/pflag"; - rev = "v1.0.3"; - sha256 = "1cj3cjm7d3zk0mf1xdybh0jywkbbw7a6yr3y22x9sis31scprswd"; - }; - } - { - goPackagePath = "github.com/spf13/viper"; - fetch = { - type = "git"; - url = "https://github.com/spf13/viper"; - rev = "v1.3.2"; - sha256 = "1829hvf805kda65l59r17wvid7y0vr390s23zfhf4w7vdb4wp3zh"; - }; - } - { - goPackagePath = "github.com/stretchr/objx"; - fetch = { - type = "git"; - url = "https://github.com/stretchr/objx"; - rev = "v0.1.1"; - sha256 = "0iph0qmpyqg4kwv8jsx6a56a7hhqq8swrazv40ycxk9rzr0s8yls"; - }; - } - { - goPackagePath = "github.com/stretchr/testify"; - fetch = { - type = "git"; - url = "https://github.com/stretchr/testify"; - rev = "v1.4.0"; - sha256 = "187i5g88sxfy4vxpm7dw1gwv29pa2qaq475lxrdh5livh69wqfjb"; - }; - } - { - goPackagePath = "github.com/tdewolff/parse"; - fetch = { - type = "git"; - url = "https://github.com/tdewolff/parse"; - rev = "v2.3.4"; - sha256 = "00hclphbjgc5vjrqgnclp72v8c45k35vmj84d2a0f7bw8cc88zcd"; - }; - } - { - goPackagePath = "github.com/tdewolff/test"; - fetch = { - type = "git"; - url = "https://github.com/tdewolff/test"; - rev = "v1.0.5"; - sha256 = "1f53nzfbs5gmn5bvqj3rzi15r9mxn8vq3f850rq3amwlfz927v9a"; - }; - } - { - goPackagePath = "github.com/ugorji/go"; - fetch = { - type = "git"; - url = "https://github.com/ugorji/go"; - rev = "d75b2dcb6bc8"; - sha256 = "0di1k35gpq9bp958ywranpbskx2vdwlb38s22vl9rybm3wa5g3ps"; - }; - } - { - goPackagePath = "github.com/xordataexchange/crypt"; - fetch = { - type = "git"; - url = "https://github.com/xordataexchange/crypt"; - rev = "b2862e3d0a77"; - sha256 = "04q3856anpzl4gdfgmg7pbp9cx231nkz3ymq2xp27rnmmwhfxr8y"; - }; - } - { - goPackagePath = "go.etcd.io/bbolt"; - fetch = { - type = "git"; - url = "https://github.com/etcd-io/bbolt"; - rev = "v1.3.3"; - sha256 = "0dn0zngks9xiz0rrrb3911f73ghl64z84jsmzai2yfmzqr7cdkqc"; - }; - } - { - goPackagePath = "golang.org/x/crypto"; - fetch = { - type = "git"; - url = "https://go.googlesource.com/crypto"; - rev = "f99c8df09eb5"; - sha256 = "0jwi6c6366999mnpzwx3a2kr7hzvdx97qfwiphx0r7cy0mpf28hf"; - }; - } - { - goPackagePath = "golang.org/x/image"; - fetch = { - type = "git"; - url = "https://go.googlesource.com/image"; - rev = "cff245a6509b"; - sha256 = "0hiznlkiaay30acwvvyq8g6bm32r7bc6gv47pygrcxqpapasbz84"; - }; - } - { - goPackagePath = "golang.org/x/net"; - fetch = { - type = "git"; - url = "https://go.googlesource.com/net"; - rev = "d98b1b443823"; - sha256 = "1vzwpy56g056dsq304xga3d55jg2cxx89bijpfwjlhwyqyskybsz"; - }; - } - { - goPackagePath = "golang.org/x/sync"; - fetch = { - type = "git"; - url = "https://go.googlesource.com/sync"; - rev = "112230192c58"; - sha256 = "05i2k43j2d0llq768hg5pf3hb2yhfzp9la1w5wp0rsnnzblr0lfn"; - }; - } - { - goPackagePath = "golang.org/x/sys"; - fetch = { - type = "git"; - url = "https://go.googlesource.com/sys"; - rev = "c178f38b412c"; - sha256 = "1r6v8xnvb4z5vdckbj6vd08kn6h4ivr9hvdpgq4drj6l1mp79rf7"; - }; - } - { - goPackagePath = "golang.org/x/text"; - fetch = { - type = "git"; - url = "https://go.googlesource.com/text"; - rev = "v0.3.2"; - sha256 = "0flv9idw0jm5nm8lx25xqanbkqgfiym6619w575p7nrdh0riqwqh"; - }; - } - { - goPackagePath = "golang.org/x/tools"; - fetch = { - type = "git"; - url = "https://go.googlesource.com/tools"; - rev = "72853e10c5a3"; - sha256 = "06v42k857lcivcar3fq8yjc782hny0m5yf20sb7ij5jva0gab026"; - }; - } - { - goPackagePath = "golang.org/x/xerrors"; - fetch = { - type = "git"; - url = "https://go.googlesource.com/xerrors"; - rev = "a985d3407aa7"; - sha256 = "00wzr5w8aadipgc3rkk8f11i41znskfj9ix5nhhaxyg7isrslgcj"; - }; - } - { - goPackagePath = "google.golang.org/appengine"; - fetch = { - type = "git"; - url = "https://github.com/golang/appengine"; - rev = "v1.6.4"; - sha256 = "07r8zj9wk5w33bpmi808xgindqnfpvi4hf7glgcpimlg6n66lsrp"; - }; - } - { - goPackagePath = "gopkg.in/check.v1"; - fetch = { - type = "git"; - url = "https://gopkg.in/check.v1"; - rev = "20d25e280405"; - sha256 = "0k1m83ji9l1a7ng8a7v40psbymxasmssbrrhpdv2wl4rhs0nc3np"; - }; - } - { - goPackagePath = "gopkg.in/yaml.v2"; - fetch = { - type = "git"; - url = "https://gopkg.in/yaml.v2"; - rev = "v2.2.2"; - sha256 = "01wj12jzsdqlnidpyjssmj0r4yavlqy7dwrg7adqd8dicjc4ncsa"; - }; - } -] diff --git a/makefu/5pkgs/stockholm-new-host/default.nix b/makefu/5pkgs/stockholm-new-host/default.nix new file mode 100644 index 000000000..39e08808b --- /dev/null +++ b/makefu/5pkgs/stockholm-new-host/default.nix @@ -0,0 +1,50 @@ +{ pkgs }: +pkgs.writers.writeDashBin "sthockholm-new-host" '' + set -eu + PATH=${lib.makePathBin with pkgs;[ mkpasswd pwqgen sshd coreutils openssh tinc_pre pass ]}:$PATH + HOSTNAME=$1 + STOCKHOLM=~/stockholm + KARTEI=$STOCKHOLM/kartei/makefu + export PASSWORD_STORE_DIR=$HOME/.secrets-pass + TMPDIR=$(mktemp -d) + + PASSWORD=$(pwqgen) + HASHED_PASSWORD=$(echo $PASSWORD | mkpasswd -m sha-512 -s) + + cd "$TMPDIR" + cat <<EOF > hashedPasswords.nix + { + root = "$HASHED_PASSWORD"; + } + EOF + + tinc --config "$PWD" generate-keys 4096 + mv ed25519_key.priv retiolum.ed25519_key.priv + mv rsa_key.priv retiolum.rsa_key.priv + mv ed25519_key.pub retiolum.ed25519_key.pub + mv rsa_key.pub retiolum.rsa_key.pub + + ssh-keygen -t ed25519 -f ssh_host_ed25519_key -P "" + ssh-keygen -t rsa -f ssh_host_rsa_key -P "" + + wg genkey > wireguard.key + wg pubkey < wireguard.key > wireguard.pub + + for i in *;do + cat "$i" | pass insert -m "$HOSTNAME/$i" + done + + cp retiolum.ed25519_key.pub "$KARTEI/retiolum/$HOSTNAME_ed25519.pub" + cp retiolum.rsa_key.pub "$KARTEI/retiolum/$HOSTNAME.pub" + cp ssh_host_ed25519_key.pub "$KARTEI/sshd/$HOSTNAME.pub" + echo "$PASSWORD" | pass insert -m "$HOSTNAME/root" + + + cat <<EOF + # add to $KARTEI/default.nix + # then git add $KARTEI && git commit -m "ma $HOSTNAME.r: add to kartei" + $HOSTNAME = { + nets.retiolum.ipv4.addr = "10.243.12.XXX"; + }; + EOF +'' diff --git a/tv/2configs/hw/winmax2.nix b/tv/2configs/hw/winmax2.nix index 49af7611c..7b284668d 100644 --- a/tv/2configs/hw/winmax2.nix +++ b/tv/2configs/hw/winmax2.nix @@ -27,8 +27,6 @@ pkgs.rocm-opencl-runtime ]; - hardware.video.hidpi.enable = true; - networking.wireless.enable = true; networking.wireless.interfaces = [ "wlp1s0" diff --git a/tv/2configs/sshd.nix b/tv/2configs/sshd.nix index 33856ac12..59c95ccba 100644 --- a/tv/2configs/sshd.nix +++ b/tv/2configs/sshd.nix @@ -1,6 +1,9 @@ with import ./lib; { config, ... }: let cfg.host = config.krebs.build.host; + nets = + optional (cfg.host.nets?retiolum) cfg.host.nets.retiolum ++ + optional (cfg.host.nets?wiregrill) cfg.host.nets.wiregrill; in { services.openssh = { enable = true; @@ -9,14 +12,14 @@ in { tv.iptables.extra.nat.OUTPUT = [ "-o lo -p tcp --dport 11423 -j REDIRECT --to-ports 22" ]; - tv.iptables.extra4.nat.PREROUTING = [ - "-d ${cfg.host.nets.retiolum.ip4.addr} -p tcp --dport 22 -j ACCEPT" - "-d ${cfg.host.nets.wiregrill.ip4.addr} -p tcp --dport 22 -j ACCEPT" - ]; - tv.iptables.extra6.nat.PREROUTING = [ - "-d ${cfg.host.nets.retiolum.ip6.addr} -p tcp --dport 22 -j ACCEPT" - "-d ${cfg.host.nets.wiregrill.ip6.addr} -p tcp --dport 22 -j ACCEPT" - ]; + tv.iptables.extra4.nat.PREROUTING = + map + (net: "-d ${net.ip4.addr} -p tcp --dport 22 -j ACCEPT") + (filter (net: net.ip4 != null) nets); + tv.iptables.extra6.nat.PREROUTING = + map + (net: "-d ${net.ip6.addr} -p tcp --dport 22 -j ACCEPT") + (filter (net: net.ip6 != null) nets); tv.iptables.extra.nat.PREROUTING = [ "-p tcp --dport 22 -j REDIRECT --to-ports 0" "-p tcp --dport 11423 -j REDIRECT --to-ports 22" diff --git a/tv/3modules/unbound.nix b/tv/3modules/unbound.nix new file mode 100644 index 000000000..6a5102753 --- /dev/null +++ b/tv/3modules/unbound.nix @@ -0,0 +1,84 @@ +{ config, lib, pkgs, ... }: { + options.tv.unbound = { + enable = lib.mkEnableOption "tv.unbound"; + DoH.enable = lib.mkEnableOption "tv.unbound.DoH"; + DoT.enable = lib.mkEnableOption "tv.unbound.DoT"; + host = lib.mkOption { + type = lib.types.str; + }; + useACMEHost = lib.mkOption { + type = lib.types.str; + }; + }; + imports = let + cfg = config.tv.unbound; + in [ + (lib.mkIf cfg.enable { + services.unbound = { + enable = true; + settings.server = { + access-control = [ + "::/0 allow" + "0.0.0.0/0 allow" + ]; + interface = [ + "127.0.0.1@53" + "retiolum@53" + "wiregrill@53" + ]; + prefetch = true; + prefetch-key = true; + }; + }; + # Since we use this for local dns resolving, we don't want to stop/start + # but just restart, so we quickly get it back. + systemd.services.unbound.stopIfChanged = false; + + tv.iptables.input-retiolum-accept-udp = [ "domain" ]; + tv.iptables.input-wiregrill-accept-udp = [ "domain" ]; + }) + (lib.mkIf cfg.DoH.enable (let + http-port = 8053; + http-endpoint = "/query"; + in { + services.unbound.package = pkgs.unbound-with-systemd.override { + withDoH = true; + }; + services.unbound.settings.server.interface = [ + "127.0.0.1@${toString http-port}" + ]; + services.unbound.settings.server = { + https-port = http-port; + http-endpoint = http-endpoint; + http-notls-downstream = true; + }; + services.nginx.virtualHosts.${cfg.host} = { + useACMEHost = cfg.useACMEHost; + forceSSL = true; + http2 = true; + locations."/".return = ''404 "Not Found\n"''; + locations.${http-endpoint}.extraConfig = '' + grpc_pass grpc://127.0.0.1:${toString http-port}; + ''; + }; + + tv.iptables.input-internet-accept-tcp = [ "https" ]; + })) + (lib.mkIf cfg.DoT.enable { + services.unbound.settings.server = { + interface = [ + "::@853" + "0.0.0.0@853" + ]; + tls-service-key = "/run/credentials/unbound.service/tls-service-key"; + tls-service-pem = "/run/credentials/unbound.service/tls-service-pem"; + }; + krebs.systemd.services.unbound.restartIfCredentialsChange = true; + systemd.services.unbound.serviceConfig.LoadCredential = [ + "tls-service-key:/var/lib/acme/${cfg.useACMEHost}/key.pem" + "tls-service-pem:/var/lib/acme/${cfg.useACMEHost}/fullchain.pem" + ]; + tv.iptables.input-internet-accept-tcp = [ "domain-s" ]; + }) + ]; +} diff --git a/tv/5pkgs/override/alacritty.nix b/tv/5pkgs/override/alacritty.nix index 17baa048f..f864fff63 100644 --- a/tv/5pkgs/override/alacritty.nix +++ b/tv/5pkgs/override/alacritty.nix @@ -1,14 +1,16 @@ self: super: super.alacritty.overrideAttrs (old: - assert self.lib.versions.majorMinor old.version == "0.11"; - { - version = "${old.version}-tv"; - src = self.fetchFromGitHub { - owner = "4z3"; - repo = "alacritty"; - rev = "touchscreen-support-0.11"; - hash = "sha256-oA4earrJ7lPVSBm9vRccWatAQ49hfDKsa7M72B5uQpY="; - }; - } + if self.lib.versions.majorMinor old.version == "0.12" then + { + version = "${old.version}-tv"; + src = self.fetchFromGitHub { + owner = "4z3"; + repo = "alacritty"; + rev = "touchscreen-support-0.12"; + hash = "sha256-yDG7IeQUmJhKMJebhMDzHLb3UHGLcO1FVZnmGe5Xr9w="; + }; + } + else + builtins.trace "not overriding alacritty because unsupported version" {} ) |